Articles by Joe Desimone
Upping the Ante: Detecting In-Memory Threats with Kernel Call Stacks
We aim to out-innovate adversaries and maintain protections against the cutting edge of attacker tradecraft. With Elastic Security 8.8, we added new kernel call stack based detections which provide us with improved efficacy against in-memory threats.
Stopping Vulnerable Driver Attacks
This post includes a primer on kernel mode attacks, along with Elastic’s recommendations for securing users from kernel attacks leveraging vulnerable drivers.
Elastic Security uncovers BLISTER malware campaign
Elastic Security has identified active intrusions leveraging the newly identified BLISTER malware loader utilizing valid code-signing certificates to evade detection. We are providing detection guidance for security teams to protect themselves.
Detecting Cobalt Strike with memory signatures
Signature-based detection — especially in-memory scanning — can be a valuable detection strategy. In this blog, learn how to detect Cobalt Strike regardless of configuration or stealth features enabled with an effective false positive rate of zero.
Hunting In Memory
Threat Hunters are charged with the difficult task of sifting through vast sources of diverse data to pinpoint adversarial activity at any stage in the attack.
Hunting For In-Memory .NET Attacks
As a follow up to my DerbyCon presentation, this post will investigate an emerging trend of adversaries using .NET-based in-memory techniques to evade detection