AUTHOR

Articles by Derek Ditch

Videos

The Elastic Container Project for Security Research

The Elastic Container Project provides a single shell script that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.

Videos

CUBA Ransomware Campaign Analysis

Elastic Security observed a ransomware and extortion campaign leveraging a combination of offensive security tools, LOLBAS, and exploits to deliver the CUBA ransomware malware.

Videos

PHOREAL Malware Targets the Southeast Asian Financial Sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.

Videos

Bringing home the beacon (from Cobalt Strike)

We explore using Elastic to extract Cobalt Strike beacon payloads from memory and use open source tools to analyze and group threat activity clusters.

Videos

Extracting Cobalt Strike Beacon Configurations

Part 2 - Extracting configurations from Cobalt Strike implant beacons.

Videos

Collecting Cobalt Strike Beacons with the Elastic Stack

Part 1 - Processes and technology needed to extract Cobalt Strike implant beacons

Videos

FORMBOOK Adopts CAB-less Approach

Campaign research and analysis of an observed FORMBOOK intrusion attempt.

Videos

Going Coast to Coast - Climbing the Pyramid with the Deimos Implant

The Deimos implant was first reported in 2020 and has been in active development; employing advanced analysis countermeasures to frustrate analysis. This post details the campaign TTPs through the malware indicators.

Videos

Collecting and operationalizing threat data from the Mozi botnet

The Mozi botnet is an ongoing malware campaign targeting unsecured and vulnerable networking devices. This post will showcase the analyst journey of collecting, analyzing, and operationalizing threat data from the Mozi botnet.