u/bscottrosen21

SentinelLABS researcher Alex Delamotte just published analysis on PCPJack, a modular cloud credential harvesting framework we located on April 28 through a Kubernetes-focused VirusTotal hunting rule.

The script's first action is to evict and delete tools associated with TeamPCP (the group tied to the Feb 2026 Trivy supply chain compromise), then report a PCP replaced field back to its C2.

Technical highlights:

• Two distinct toolsets on the staging server: a Python credential harvester and a second toolset that deploys Sliver C2 beacons (compiled with garble obfuscation)
• Targets exposed Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web apps for propagation and lateral movement
• Harvests credentials across AWS, GitHub, Slack, Stripe, and 30+ services
• Uses Common Crawl parquet data to build target lists (up to 15M entries) X25519 + ChaCha20 for credential encryption — but Telegram bot tokens left in the clear
• No cryptominers in either toolset. A stark departure from typical multi-disciplinary cloud campaigns; targeting suggests monetization through fraud, spam, extortion, or credential resale

Mitigations: Enterprise secret vaults, MFA on service accounts, enforce IMDSv2, authenticate Docker/K8s management interfaces, least-privilege on K8s service accounts.

Full write-up + IOCs: https://s1.ai/pcpjack

Happy to answer questions in the comments.

Big launch today we wanted to bring straight to this community. We’re introducing SentinelOne's Wayfinder Frontier AI Services, starting with Anthropic’s Claude Security. 

In the era of frontier AI models, the question isn't what vulnerabilities exist. It's what an adversary can actually chain together to exploit today. That's the question this service is built to solve for.

What it is

A new offering in the Wayfinder portfolio (alongside Threat Hunting, MDR Essentials, MDR Elite, and IR&R). It pairs Claude Security with our most seasoned offensive and defensive experts, working continuously across your full attack surface.

What it actually does

• AI-accelerated discovery. Frontier models + our offensive security team finding previously undisclosed vulns and exposures in code. Built specifically for complex paths — supply chain, code injection, non-linear chains, OWASP Top 10, zero-days.
• Exploitability-grounded prioritization. Findings evaluated against your actual environmental context. Not "here's a CVE list sorted by CVSS" — here's what's actually exploitable in your environment, prioritized.
• Exploitation-chain disruption. Maps how exposures connect into end-to-end attack paths, then recommends where to break the chain — architectural changes, config hardening, identity controls, Singularity Platform enforcement. The point is to break it where it costs the adversary the most, not where it's easiest to patch.
• Continuous coverage. Endpoint, cloud, identity, data, AI surfaces. Posture stays current as your environment and the threat landscape evolve.
• Wired into the rest of Wayfinder. Findings and mitigations add context toThreat Hunting, MDR, and IR&R so exposure intel becomes operational defense, not a doc that sits in a SharePoint or Confluence.

Why we built it this way

Frontier AI on the adversary side is shrinking the time between "vuln disclosed" and "vuln weaponized" — and the defender side has to stay ahead of that with both better discovery and better judgment about what matters.

We wanted to deliver decisions, not longer lists. That's why this is humans + frontier model in the same loop, not a model that hands a report to a human.

Multi-model, on purpose

Worth saying out loud: the service runs on Claude today, and the architecture is built to incorporate frontier models from our lab partners and the research models our applied security teams use. The advantage belongs to defenders who can orchestrate the right intelligence for each task and validate every output with human judgment.

Receipts

For folks who want the operational track record this is built on — over the past quarter the SentinelOne Singularity Platform autonomously blocked zero-day and supply-chain attacks against LiteLLM, Axios, and CPU-Z. Wayfinder Frontier AI Services pushes that same operating model further left in the lifecycle.

Frontier model. Frontier operators. Real threats, stopped before they become attacks.

Full announcement: s1.ai/Claude-WF

LABScon is back for year five and the Call for Papers just opened. Figured I'd post here directly rather than let it get buried in a press release somewhere.

Quick context if you haven't come across it before: LABScon is an invite-only research conference hosted by SentinelLABS. It's vendor-neutral in spirit—the program committee pulls from Google, Netflix, Dartmouth, JHU, and our team—and the bar for talks is original research disclosed publicly for the first time. APT work, novel malware, new attack techniques, the geopolitics-of-cyber stuff that usually only happens in hallway conversations. Some sessions are off-the-record on purpose — the geopolitics and spyware discussions especially.

The details:

• When: September 16-19, 2026
• Where: Omni Scottsdale Resort & Spa at Montelucia, Scottsdale AZ
• CFP closes: June 19, 2026
• Submit / request invite: labscon.io

Two asks:

1. If you have original research you've been sitting on — especially anything in the AI-meets-offense-or-defense space, which JAGS has flagged as a priority area this year — submit. The committee reviews everything that comes in.
2. If you want to attend, it's invite-only but not gate-kept for the sake of it. Request one through the site. Researchers, government folks, and independents all welcome — the room is intentionally mixed.

Happy to answer questions in the comments about the format, what kinds of submissions tend to do well, or what last year's program looked like.

In 2017, the ShadowBrokers leaked a trove of NSA tools. Buried in the deconfliction notes — the agency's internal guide for handling malware they encountered in the wild — was a single entry for something called Fast16. The guidance for NSA operators: "NOTHING TO SEE HERE - CARRY ON."

It took until 2019 for JAGS (Juan Andrés Guerrero-Saade) to find the actual binary on VirusTotal — compiled in 2005, five years before Stuxnet. Then seven more years for SentinelLABS to figure out what it actually does.

Here's what he and Vitaly Kamluk determined: fast16 isn't espionage. It's not ransomware. It's a precision instrument designed to make scientists trust math that's been quietly broken. It spreads across a facility's network and silently corrupts high-precision calculations in specialized domains such as civil engineering, physics and physical process simulations. Every machine on the network returning the same wrong answer, consistently, invisibly.

That's the implication that makes this different from every other nation-state malware discovery. Stuxnet broke centrifuges. Fast16 broke what people believed about their own data.

Full SentinelLABS report: https://s1.ai/fast16

Andy Greenberg's WIRED piece (excellent companion read): https://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/