Articles by Devon Kerr

Elastic Security Labs Lead, Elastic


AI on offense: Can ChatGPT be used for cyberattacks?

Elastic Security Labs researchers Apoorva and Devon experiment with ChatGPT to understand if it really can be used by threats to conduct sophisticated attacks. Spoiler alert: don’t believe the hype.


Elastic publishes 2023 Global Threat Report Spring Edition

This week, we’re publishing a new version of this report that’s online and interactive, which includes additional data covering the remainder of 2022, written using Elastic technologies.


Elastic Global Threat Report Multipart Series Overview

Each month, the Elastic Security Labs team dissects a different trend or correlation from the Elastic Global Threat Report. This post provides an overview of those individual publications.


Elastic Global Threat Report Breakdown: Credential Access

In the second part of our breaking down the Elastic Global Threat Report series, we’re focusing on the credential access tactic, which was the third-most common category of behavior we observed.


Elastic users protected from SUDDENICON’s supply chain attack

Elastic Security Labs is releasing a triage analysis to assist 3CX customers in the initial detection of SUDDENICON, a potential supply-chain compromise affecting 3CX VOIP softphone users.


Elastic Global Threat Report Breakdown: Defense Evasion

Devon Kerr breaks down the Defense Evasion statistics from this year's Elastic Global Threat Report, offering additional details from behind the keyboard.


Elastic Security Labs is providing an update to the REF2924 research published in December of 2022. This update includes malware analysis of the implants, additional findings, and associations with other intrusions.


SiestaGraph: New implant uncovered in ASEAN member foreign ministry

Elastic Security Labs is tracking likely multiple on-net threat actors leveraging Exchange exploits, web shells, and the newly discovered SiestaGraph implant to achieve and maintain access, escalate privilege, and exfiltrate targeted data.


Elastic + Tidal making MITRE ATT&CK easier

Elastic is partnering with Tidal Cyber to improve transparency even further, and helping Tidal and Elastic users understand the capabilities we’re providing in the language of ATT&CK.