Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-27ElasticElastic Security Intelligence & Analytics Team
@online{team:20210727:collecting:fb21718, author = {Elastic Security Intelligence & Analytics Team}, title = {{Collecting and operationalizing threat data from the Mozi botnet}}, date = {2021-07-27}, organization = {Elastic}, url = {https://www.elastic.co/blog/collecting-and-operationalizing-threat-data-from-the-mozi-botnet}, language = {English}, urldate = {2021-07-29} } Collecting and operationalizing threat data from the Mozi botnet
Mozi
2021-07-07ElasticJamie Butler
@online{butler:20210707:elastic:8a709bf, author = {Jamie Butler}, title = {{Elastic Security prevents 100% of REvil ransomware samples}}, date = {2021-07-07}, organization = {Elastic}, url = {https://www.elastic.co/blog/elastic-security-prevents-100-percent-of-revil-ransomware-samples?utm_content=&utm_medium=social&utm_source=twitter}, language = {English}, urldate = {2021-07-12} } Elastic Security prevents 100% of REvil ransomware samples
REvil
2021-06-15ElasticGabriel Landau
@online{landau:20210615:what:78dc82d, author = {Gabriel Landau}, title = {{What you need to know about Process Ghosting, a new executable image tampering attack}}, date = {2021-06-15}, organization = {Elastic}, url = {https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack}, language = {English}, urldate = {2021-06-21} } What you need to know about Process Ghosting, a new executable image tampering attack
2021-05-18ElasticApoorva Joshi, Disha Dasgupta, Craig Chamberlain
@online{joshi:20210518:problemchild:8a7d615, author = {Apoorva Joshi and Disha Dasgupta and Craig Chamberlain}, title = {{ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack}}, date = {2021-05-18}, organization = {Elastic}, url = {https://www.elastic.co/blog/problemchild-detecting-living-off-the-land-attacks}, language = {English}, urldate = {2021-05-19} } ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack
2021-04-20ElasticWill Burgess
@online{burgess:20210420:how:53fecfc, author = {Will Burgess}, title = {{How attackers abuse Access Token Manipulation (ATT&CK T1134)}}, date = {2021-04-20}, organization = {Elastic}, url = {https://www.elastic.co/blog/how-attackers-abuse-access-token-manipulation}, language = {English}, urldate = {2021-04-28} } How attackers abuse Access Token Manipulation (ATT&CK T1134)
2021-03-27InfoSec Handlers Diary BlogGuy Bruneau
@online{bruneau:20210327:malware:91319b0, author = {Guy Bruneau}, title = {{Malware Analysis with elastic-agent and Microsoft Sandbox}}, date = {2021-03-27}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Malware+Analysis+with+elasticagent+and+Microsoft+Sandbox/27248/}, language = {English}, urldate = {2021-03-31} } Malware Analysis with elastic-agent and Microsoft Sandbox
2021-03-18ElasticSamir Bousseaden
@online{bousseaden:20210318:hunting:3c36ea4, author = {Samir Bousseaden}, title = {{Hunting for Lateral Movement using Event Query Language}}, date = {2021-03-18}, organization = {Elastic}, url = {https://www.elastic.co/blog/hunting-for-lateral-movement-using-event-query-language}, language = {English}, urldate = {2021-03-19} } Hunting for Lateral Movement using Event Query Language
2021-03-16ElasticJoe Desimone
@online{desimone:20210316:detecting:4091130, author = {Joe Desimone}, title = {{Detecting Cobalt Strike with memory signatures}}, date = {2021-03-16}, organization = {Elastic}, url = {https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures}, language = {English}, urldate = {2021-03-22} } Detecting Cobalt Strike with memory signatures
Cobalt Strike
2021-03-11ElasticDaniel Stepanic
@online{stepanic:20210311:update:ef4f676, author = {Daniel Stepanic}, title = {{Update - Detection and Response for HAFNIUM Activity}}, date = {2021-03-11}, organization = {Elastic}, url = {https://discuss.elastic.co/t/detection-and-response-for-hafnium-activity/266289/3?u=dstepanic}, language = {English}, urldate = {2021-03-12} } Update - Detection and Response for HAFNIUM Activity
2021-03-09360 netlabJiaYu
@online{jiayu:20210309:threat:fa2a2a3, author = {JiaYu}, title = {{Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities}}, date = {2021-03-09}, organization = {360 netlab}, url = {https://blog.netlab.360.com/threat-alert-z0miner-is-spreading-quickly-by-exploiting-elasticsearch-and-jenkins-vulnerabilities/}, language = {English}, urldate = {2021-03-11} } Threat Alert: z0Miner Is Spreading quickly by Exploiting ElasticSearch and Jenkins Vulnerabilities
2021-03-04ElasticDevon Kerr
@online{kerr:20210304:detection:eb05792, author = {Devon Kerr}, title = {{Detection and Response for HAFNIUM Activity}}, date = {2021-03-04}, organization = {Elastic}, url = {https://discuss.elastic.co/t/detection-and-response-for-hafnium-activity/266289}, language = {English}, urldate = {2021-03-10} } Detection and Response for HAFNIUM Activity
HAFNIUM
2020-12-18ElasticCamilla Montonen, Justin Ibarra
@online{montonen:20201218:combining:13fef73, author = {Camilla Montonen and Justin Ibarra}, title = {{Combining supervised and unsupervised machine learning for DGA detection}}, date = {2020-12-18}, organization = {Elastic}, url = {https://www.elastic.co/blog/supervised-and-unsupervised-machine-learning-for-dga-detection}, language = {English}, urldate = {2020-12-18} } Combining supervised and unsupervised machine learning for DGA detection
SUNBURST
2020-06-30Github (elastic)Elastic
@online{elastic:20200630:detection:79c8fbe, author = {Elastic}, title = {{Detection Rules by Elastic}}, date = {2020-06-30}, organization = {Github (elastic)}, url = {https://github.com/elastic/detection-rules}, language = {English}, urldate = {2020-07-02} } Detection Rules by Elastic
2020-06-25ElasticSamir Bousseaden, Daniel Stepanic
@online{bousseaden:20200625:close:be8a8b2, author = {Samir Bousseaden and Daniel Stepanic}, title = {{A close look at the advanced techniques used in a Malaysian-focused APT campaign}}, date = {2020-06-25}, organization = {Elastic}, url = {https://www.elastic.co/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign}, language = {English}, urldate = {2020-06-25} } A close look at the advanced techniques used in a Malaysian-focused APT campaign
DADSTACHE Leviathan
2020-05-25ElasticBrent Murphy, David French, Jamie Butler
@online{murphy:20200525:elastic:a743893, author = {Brent Murphy and David French and Jamie Butler}, title = {{The Elastic Guide to Threat Hunting}}, date = {2020-05-25}, organization = {Elastic}, url = {https://www.elastic.co/pdf/elastic-guide-to-threat-hunting}, language = {English}, urldate = {2020-06-08} } The Elastic Guide to Threat Hunting
2020-02-13ElasticDaniel Stepanic, Andrew Pease, Seth Goodwin
@online{stepanic:20200213:playing:ae77be6, author = {Daniel Stepanic and Andrew Pease and Seth Goodwin}, title = {{Playing defense against Gamaredon Group}}, date = {2020-02-13}, organization = {Elastic}, url = {https://www.elastic.co/blog/playing-defense-against-gamaredon-group}, language = {English}, urldate = {2020-06-26} } Playing defense against Gamaredon Group
Pteranodon
2019-12-04ElasticDavid French
@online{french:20191204:ransomware:92a6fae, author = {David French}, title = {{Ransomware, interrupted: Sodinokibi and the supply chain}}, date = {2019-12-04}, organization = {Elastic}, url = {https://www.elastic.co/blog/ransomware-interrupted-sodinokibi-and-the-supply-chain}, language = {English}, urldate = {2020-06-30} } Ransomware, interrupted: Sodinokibi and the supply chain
REvil
2017-07-18ElasticAshkan Hosseini
@online{hosseini:20170718:ten:600fd92, author = {Ashkan Hosseini}, title = {{Ten process injection techniques: A technical survey of common and trending process injection techniques}}, date = {2017-07-18}, organization = {Elastic}, url = {https://www.elastic.co/de/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process}, language = {English}, urldate = {2020-07-15} } Ten process injection techniques: A technical survey of common and trending process injection techniques
Almanahe Diztakun Ginwui
2017-07-18ElasticAshkan Hosseini
@online{hosseini:20170718:ten:af036b3, author = {Ashkan Hosseini}, title = {{Ten process injection techniques: A technical survey of common and trending process injection techniques}}, date = {2017-07-18}, organization = {Elastic}, url = {https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process}, language = {English}, urldate = {2020-07-15} } Ten process injection techniques: A technical survey of common and trending process injection techniques
Cryakl CyberGate Dridex FinFisher RAT Locky