AUTHOR

Articles by Devon Kerr

Videos

Update to the REF2924 intrusion set and related campaigns

Elastic Security Labs is providing an update to the REF2924 research published in December of 2022. This update includes malware analysis of the implants, additional findings, and associations with other intrusions.

Videos

SiestaGraph: New implant uncovered in ASEAN member foreign ministry

Elastic Security Labs is tracking likely multiple on-net threat actors leveraging Exchange exploits, web shells, and the newly discovered SiestaGraph implant to achieve and maintain access, escalate privilege, and exfiltrate targeted data.

Videos

Elastic + Tidal making MITRE ATT&CK easier

Elastic is partnering with Tidal Cyber to improve transparency even further, and helping Tidal and Elastic users understand the capabilities we’re providing in the language of ATT&CK.

Videos

2022 Elastic Global Threat Report Announcement

Discover our latest findings & strategic recommendations to better stay informed of potential directions threat actors may focus on.

Videos

Elastic Security Labs: Follow us for breaking news on security threat research

Elastic Security Labs is now the official, one-stop domain for threat research, making it easier to find and share security threat research that will lead to a more secure workplace and a more protected industry overall.

Videos

Vulnerability summary: Follina, CVE-2022-30190

Elastic is deploying a new malware signature to identify the use of the Follina vulnerability. Learn more in this post.

Videos

Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)

Provide executive-level details about CVE-2022-22965, a recently-disclosed remote code execution (RCE) vulnerability also known as “Spring4Shell”.

Videos

Detection and Response for HAFNIUM activity

In response to the Microsoft HAFNIUM 0-day exploit, Elastic Security has identified IoCs for highly damaging adversary objectives. Users with on-premise Exchange servers are advised to patch as soon as possible. View full details of identified IoCs.

Videos

Elastic Security provides free and open protections for SUNBURST

Elastic Security has been updated and our users are not affected by SolarWinds’ recent security advisory regarding a supply-chain attack on the Orion management platform. Identify potential attacks using new and existing rules in this post.