Articles By Joe Desimone


PHOREAL Malware Targets the Southeast Asian Financial Sector

Elastic Security discovered PHOREAL malware, which is targeting Southeast Asia financial organizations, particularly those in the Vietnamese financial sector.


Operation Bleeding Bear

Elastic Security verifies new destructive malware targeting Ukraine: Operation Bleeding Bear


Elastic Security uncovers BLISTER malware campaign

Elastic Security has identified active intrusions leveraging the newly identified BLISTER malware loader utilizing valid code-signing certificates to evade detection. We are providing detection guidance for security teams to protect themselves.


使用内存签名检测 Cobalt Strike

基于签名的检测 — 尤其是内存中扫描 — 是一种极其重要的检测策略。在这篇博文中,了解如何在有效误报率为零的情况下检测 Cobalt Strike,而不管它的配置或隐蔽功能如何。


Hunting In Memory

Threat Hunters are charged with the difficult task of sifting through vast sources of diverse data to pinpoint adversarial activity at any stage in the attack.


Hunting For In-Memory .NET Attacks

As a follow up to my DerbyCon presentation, this post will investigate an emerging trend of adversaries using .NET-based in-memory techniques to evade detection