Check out this new article from @SBousseaden that explores call stacks. Understand what they are and how they can be used for detections. Learn more:
Elastic Security Labs
605 posts
Elastic Security Labs
@elasticseclabs
Elastic Security Labs is democratizing security by sharing knowledge and capabilities necessary to prepare for threats. Spiritually serving humanity since 2019.
- We’re adding a new section to @elastic’s HackerOne Bounty Program! Today, we’re opening our SIEM and EDR rules for testing. We’re excited to have another way to thank our community for their efforts on our #detectionengineering. Get more details here:
- This new article from @dez_ reveals 4 attack techniques linked to SmartScreen and SmartAppControl. Check it out: go.es.io/4d5L2BR Will you be at #BHUSA? Stop by @elastic booth #2350 to chat with Joe or catch his lightning talk! #ElasticSecurityLabs #threattechnique
- #ElasticSecurityLabs is introducing HexForge, our tool that enhances #IDAPro with manipulation capabilities built into the hex and disassembly views. HexForge makes it easy to copy and patch binary data and currently supports RC4, AES, ChaCha20, and XOR:
- Threat hunting just got easier! This new repo of detection rules is crafted by our veteran detection engineers and powered by different Elastic query languages. Get the details of what’s included and see the future of this repo here: go.es.io/4h2JsTX #ElasticSecurityLabs
- New research from our #ElasticSecurityLabs team: we dive into how infostealers are leveraging a stolen Shellter evasion tool to deploy data-stealing malware. Learn more & get our unpacker: go.es.io/4ldCM72 #malware #rhadamanthys #ghostpulse
- Detection engineering is complicated, but this new 5 tier maturity model from @stryker0x, @_xDeJesus, and @SBousseaden provides guidance for security teams: go.es.io/3MySV7l #ElasticSecurityLabs #detectionengineering #maturitymodel
- Dive deep into malware detection with the latest article by John Uhlmann: "Call Stacks: No More Free Passes for Malware." Discover how call stacks provide vital insights into malware behavior. Read more:
- Check out the latest #ElasticSecurityLabs research from @SBousseaden, a deep-dive into hunting for malicious DLLs for #threatdetection: go.es.io/3jMg8rL
- Kernel-level callstack visibility is essential for in-memory #ThreatDetection of #Malware and defense evasions, #ElasticSecurityLabs researchers @dez_, @GabrielLandau, and @SBousseaden explain the research behind this capability: go.es.io/42d0Mge
- #ElasticSecurityLabs is exposing a new threat technique — a fresh application of MMC abuse. GRIMRESOURCE utilizes specially crafted MSC files for full code execution. Read through the breakdown from @dez_ and @SBousseaden : go.es.io/45AO0eG #threattechnique #cybersecurity
- #ElasticSecurityLabs continues to observe phishing campaigns leveraging Cloudflare tunnels distributing multiple malware families (#VenomRAT, #DCRat, #XWorm) simultaneously. These threat actors are abusing LLMs to produce simple Python shellcode loaders for injection
- The #ElasticSecurityLabs team breaks down a recent Chrome update that introduced App-Bound Encryption and how the most common #infostealers have adapted:
- New research from #ElasticSecurityLabs uncovers a new ClickFix campaign! Learn how attackers are using GHOSTPULSE and ARECHCLIENT2 (SECTOPRAT) in multi-stage attacks to deploy RATs and steal data. Stay informed:
