Author: James Haughom

SentinelLabs Blogs

I’ve been so busy at work that I haven’t had time to make a post in a while! Luckily I have been able to a contribute to a couple posts since joining SentinelOne. I also created a Sunburst assessment tool, which can be found here. Hope you enjoy!

Read more

Evolution of Excel 4.0 Macro Weaponization

Here is a blogpost covering the findings of research I performed at work related to how Excel 4.0 Macros have evolved this year.

Read more

IQY + Paradise Ransomware

Here is a blogpost I created at work regarding a campaign leveraging IQY attachments for the delivery of Paradise Ransomware.

Read more

XLS -> VBS -> .NET

I found a pretty cool sample while reviewing recent trends in XLS malware. The XLS contains a small piece of macro code that starts an interesting chain of events. The VBA macros can be extracted from the XLS with Didier Steven’s oledump, or Decalage’s olevba. Here is the entirety of the VBA code. The code […]

Read more

Radare2 Demo – 20 tips

Here is a quick demo to get REs/Malware Analysts started with what I think is the most underrated disassembler out right now. Get it here: https://rada.re/n/radare2.html Let’s dig into some code. 1 – Start Radare2 and point it at the sample you are analyzing. 2 – Have Radare2 analyze the sample. The more ‘a’s, the […]

Read more