AUTHOR

Articles by Elastic Security Intelligence & Analytics Team

Videos

Vulnerability summary: Follina, CVE-2022-30190

Elastic is deploying a new malware signature to identify the use of the Follina vulnerability. Learn more in this post.

Videos

A peek behind the BPFDoor

In this research piece, we explore BPFDoor — a backdoor payload specifically crafted for Linux in order to gain re-entry into a previously or actively compromised target environment, with insights on how evasion occurs within impacted systems.

Videos

Deep dive on the BLISTER loader

The Elastic Security Research Team released a detailed report outlining technical details regarding the BLISTER launcher, a sophisticated malware campaign.

Videos

Detect Credential Access with Elastic Security

In this post, we detail a series of tactics for hunting with new data types and fields within Elastic and how to leverage Elastic Security to its fullest potential.

Videos

PHOREAL malware targets the Southeast Asian financial sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector. Learn more.

Videos

Elastic protects against data wiper malware targeting Ukraine: HERMETICWIPER

Elastic Security verified a data wiper malware campaign that is targeting Ukrainian systems. As this malware campaign is new, with more information being uncovered hourly, it is being referred to as HERMETICWIPER.

Videos

Elastic захищає від зловмисного програмного забезпечення для стирання даних, спрямованого на Україну: HERMETICWIPER

Elastic Security перевірила зловмисне програмне забезпечення для стирання даних, яке спрямоване на українські системи. Оскільки ця кампанія є новим явищем і ми щогодини дізнаємося щось нове, її називають HERMETICWIPER.

Videos

Exploring Windows UAC bypasses: Techniques and detection strategies

The Elastic Security Research team has identified new detection strategies to overcome the bypass methodologies used by adversaries to silently deploy malware onto an endpoint and elevate privileges without the end-user knowing.

Videos

Identifying exploits and adversary tradecraft of FORMBOOK information-stealing campaign

Explore the MSHTML exploitation chain from phishing through the loading of a popular information stealer, FORMBOOK. Additionally, we’ll uncover campaign testing infrastructure through a tradecraft oversight.