Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-17ElasticColson Wilhoit, Alex Bell, Rhys Rustad-Elliott, Jake King
@online{wilhoit:20220517:peek:fea1eeb, author = {Colson Wilhoit and Alex Bell and Rhys Rustad-Elliott and Jake King}, title = {{A peek behind the BPFDoor}}, date = {2022-05-17}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/05/04.bpfdoor/article/#}, language = {English}, urldate = {2022-05-25} } A peek behind the BPFDoor
BPFDoor
2022-05-05ElasticCyril François, Daniel Stepanic, Salim Bitam
@online{franois:20220505:blister:9404a29, author = {Cyril François and Daniel Stepanic and Salim Bitam}, title = {{BLISTER Loader}}, date = {2022-05-05}, organization = {Elastic}, url = {https://elastic.github.io/security-research/malware/2022/05/02.blister/article/}, language = {English}, urldate = {2022-05-09} } BLISTER Loader
Blister
2022-03-07ElasticDaniel Stepanic, Derek Ditch, Joe Desimone, Cyril François, Github (@1337-42), Samir Bousseaden, Andrew Pease
@online{stepanic:20220307:phoreal:f982397, author = {Daniel Stepanic and Derek Ditch and Joe Desimone and Cyril François and Github (@1337-42) and Samir Bousseaden and Andrew Pease}, title = {{PHOREAL Malware Targets the Southeast Asian Financial Sector}}, date = {2022-03-07}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/02.phoreal-targets-southeast-asia-financial-sector/article/}, language = {English}, urldate = {2022-03-08} } PHOREAL Malware Targets the Southeast Asian Financial Sector
PHOREAL
2022-03-01ElasticDaniel Stepanic, Mark Mager, Cyril François, Andrew Pease, Samir Bousseaden, Github (@ayfaouzi), Github (@1337-42), Github (@jtnk)
@online{stepanic:20220301:elastic:85313fa, author = {Daniel Stepanic and Mark Mager and Cyril François and Andrew Pease and Samir Bousseaden and Github (@ayfaouzi) and Github (@1337-42) and Github (@jtnk)}, title = {{Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER}}, date = {2022-03-01}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/03/01.hermeticwiper-targets-ukraine/article/}, language = {English}, urldate = {2022-03-07} } Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER
HermeticWiper
2022-02-07ElasticSamir Bousseaden
@online{bousseaden:20220207:exploring:c0df09d, author = {Samir Bousseaden}, title = {{Exploring Windows UAC Bypasses: Techniques and Detection Strategies}}, date = {2022-02-07}, organization = {Elastic}, url = {https://elastic.github.io/security-research/whitepapers/2022/02/03.exploring-windows-uac-bypass-techniques-detection-strategies/article/}, language = {English}, urldate = {2022-03-07} } Exploring Windows UAC Bypasses: Techniques and Detection Strategies
2022-02-02ElasticGabriel Landau
@online{landau:20220202:sandboxing:31d023c, author = {Gabriel Landau}, title = {{Sandboxing Antimalware Products for Fun and Profit}}, date = {2022-02-02}, organization = {Elastic}, url = {https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article/}, language = {English}, urldate = {2022-03-07} } Sandboxing Antimalware Products for Fun and Profit
2022-01-19ElasticDaniel Stepanic, Samir Bousseaden, James Spiteri, Joe Desimone, Mark Mager, Andrew Pease
@online{stepanic:20220119:operation:c81f473, author = {Daniel Stepanic and Samir Bousseaden and James Spiteri and Joe Desimone and Mark Mager and Andrew Pease}, title = {{Operation Bleeding Bear}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/}, language = {English}, urldate = {2022-01-24} } Operation Bleeding Bear
WhisperGate
2022-01-19ElasticDerek Ditch, Daniel Stepanic, Andrew Pease, Seth Goodwin
@online{ditch:20220119:collecting:696e5d0, author = {Derek Ditch and Daniel Stepanic and Andrew Pease and Seth Goodwin}, title = {{Collecting Cobalt Strike Beacons with the Elastic Stack}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/01/02.collecting-cobalt-strike-beacons/article/}, language = {English}, urldate = {2022-01-25} } Collecting Cobalt Strike Beacons with the Elastic Stack
Cobalt Strike
2022-01-19ElasticDerek Ditch, Daniel Stepanic, Andrew Pease, Seth Goodwin
@online{ditch:20220119:extracting:39bd5e5, author = {Derek Ditch and Daniel Stepanic and Andrew Pease and Seth Goodwin}, title = {{Extracting Cobalt Strike Beacon Configurations}}, date = {2022-01-19}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/01/03.extracting-cobalt-strike-beacon/article/}, language = {English}, urldate = {2022-01-25} } Extracting Cobalt Strike Beacon Configurations
Cobalt Strike
2022-01-18ElasticDerek Ditch, Daniel Stepanic, Andrew Pease, Seth Goodwin
@online{ditch:20220118:formbook:3f03c56, author = {Derek Ditch and Daniel Stepanic and Andrew Pease and Seth Goodwin}, title = {{FORMBOOK Adopts CAB-less Approach}}, date = {2022-01-18}, organization = {Elastic}, url = {https://elastic.github.io/security-research/intelligence/2022/01/01.formbook-adopts-cabless-approach/article/}, language = {English}, urldate = {2022-01-25} } FORMBOOK Adopts CAB-less Approach
Formbook
2021-12-23ElasticJoe Desimone, Samir Bousseaden
@online{desimone:20211223:elastic:0e1caf7, author = {Joe Desimone and Samir Bousseaden}, title = {{Elastic Security uncovers BLISTER malware campaign}}, date = {2021-12-23}, organization = {Elastic}, url = {https://www.elastic.co/blog/elastic-security-uncovers-blister-malware-campaign}, language = {English}, urldate = {2021-12-23} } Elastic Security uncovers BLISTER malware campaign
Blister
2021-10-12ElasticElastic Security Intelligence & Analytics Team
@online{team:20211012:going:5ac7c9d, author = {Elastic Security Intelligence & Analytics Team}, title = {{Going Coast to Coast - Climbing the Pyramid with the Deimos Implant}}, date = {2021-10-12}, organization = {Elastic}, url = {https://www.elastic.co/blog/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant}, language = {English}, urldate = {2021-10-26} } Going Coast to Coast - Climbing the Pyramid with the Deimos Implant
Deimos
2021-07-27ElasticElastic Security Intelligence & Analytics Team
@online{team:20210727:collecting:fb21718, author = {Elastic Security Intelligence & Analytics Team}, title = {{Collecting and operationalizing threat data from the Mozi botnet}}, date = {2021-07-27}, organization = {Elastic}, url = {https://www.elastic.co/blog/collecting-and-operationalizing-threat-data-from-the-mozi-botnet}, language = {English}, urldate = {2021-07-29} } Collecting and operationalizing threat data from the Mozi botnet
Mozi
2021-07-07ElasticJamie Butler
@online{butler:20210707:elastic:8a709bf, author = {Jamie Butler}, title = {{Elastic Security prevents 100% of REvil ransomware samples}}, date = {2021-07-07}, organization = {Elastic}, url = {https://www.elastic.co/blog/elastic-security-prevents-100-percent-of-revil-ransomware-samples?utm_content=&utm_medium=social&utm_source=twitter}, language = {English}, urldate = {2021-07-12} } Elastic Security prevents 100% of REvil ransomware samples
REvil
2021-06-15ElasticGabriel Landau
@online{landau:20210615:what:78dc82d, author = {Gabriel Landau}, title = {{What you need to know about Process Ghosting, a new executable image tampering attack}}, date = {2021-06-15}, organization = {Elastic}, url = {https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack}, language = {English}, urldate = {2021-06-21} } What you need to know about Process Ghosting, a new executable image tampering attack
2021-05-18ElasticApoorva Joshi, Disha Dasgupta, Craig Chamberlain
@online{joshi:20210518:problemchild:8a7d615, author = {Apoorva Joshi and Disha Dasgupta and Craig Chamberlain}, title = {{ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack}}, date = {2021-05-18}, organization = {Elastic}, url = {https://www.elastic.co/blog/problemchild-detecting-living-off-the-land-attacks}, language = {English}, urldate = {2021-05-19} } ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack
2021-04-20ElasticWill Burgess
@online{burgess:20210420:how:53fecfc, author = {Will Burgess}, title = {{How attackers abuse Access Token Manipulation (ATT&CK T1134)}}, date = {2021-04-20}, organization = {Elastic}, url = {https://www.elastic.co/blog/how-attackers-abuse-access-token-manipulation}, language = {English}, urldate = {2021-04-28} } How attackers abuse Access Token Manipulation (ATT&CK T1134)
2021-03-27InfoSec Handlers Diary BlogGuy Bruneau
@online{bruneau:20210327:malware:91319b0, author = {Guy Bruneau}, title = {{Malware Analysis with elastic-agent and Microsoft Sandbox}}, date = {2021-03-27}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Malware+Analysis+with+elasticagent+and+Microsoft+Sandbox/27248/}, language = {English}, urldate = {2021-03-31} } Malware Analysis with elastic-agent and Microsoft Sandbox
2021-03-18ElasticSamir Bousseaden
@online{bousseaden:20210318:hunting:3c36ea4, author = {Samir Bousseaden}, title = {{Hunting for Lateral Movement using Event Query Language}}, date = {2021-03-18}, organization = {Elastic}, url = {https://www.elastic.co/blog/hunting-for-lateral-movement-using-event-query-language}, language = {English}, urldate = {2021-03-19} } Hunting for Lateral Movement using Event Query Language
2021-03-16ElasticJoe Desimone
@online{desimone:20210316:detecting:4091130, author = {Joe Desimone}, title = {{Detecting Cobalt Strike with memory signatures}}, date = {2021-03-16}, organization = {Elastic}, url = {https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures}, language = {English}, urldate = {2021-03-22} } Detecting Cobalt Strike with memory signatures
Cobalt Strike