Category: Deobfuscation

SentinelLabs Blogs

I’ve been so busy at work that I haven’t had time to make a post in a while! Luckily I have been able to a contribute to a couple posts since joining SentinelOne. I also created a Sunburst assessment tool, which can be found here. Hope you enjoy!

Read more

Evolution of Excel 4.0 Macro Weaponization

Here is a blogpost covering the findings of research I performed at work related to how Excel 4.0 Macros have evolved this year.

Read more

XLS -> VBS -> .NET

I found a pretty cool sample while reviewing recent trends in XLS malware. The XLS contains a small piece of macro code that starts an interesting chain of events. The VBA macros can be extracted from the XLS with Didier Steven’s oledump, or Decalage’s olevba. Here is the entirety of the VBA code. The code […]

Read more