ContactConnexion
Essai gratuiticon-magnifying-glass-24-blue.svg
icon-magnifying-glass-24-blue.svgicon-magnifying-glass-24-blue.svg
Security Labs

Topics

Security Operations

avatar

Hunting for Suspicious Windows Libraries for Execution and Defense Evasion

Learn more about discovering threats by hunting through DLL load events, one way to reveal the presence of known and unknown malware in noisy process event data.

Par
Samir Bousseaden

Stopping Vulnerable Driver Attacks

This post includes a primer on kernel mode attacks, along with Elastic’s recommendations for securing users from kernel attacks leveraging vulnerable drivers.

By
Joe Desimone

The Elastic Container Project for Security Research

The Elastic Container Project provides a single shell script that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.

By
Andrew Pease
Colson Wilhoit
...

Detect Credential Access with Elastic Security

Elastic Endpoint Security provides events that enable defenders with visibility on techniques and procedures which are commonly leveraged to access sensitive files and registry objects.

By
Samir Bousseaden

More on Security Operations

Videos

Exploring Windows UAC Bypasses: Techniques and Detection Strategies

In this research article, we will take a look at a collection of UAC bypasses, investigate some of the key primitives they depend on, and explore detection opportunities.

Par
Samir Bousseaden
Videos

Ingesting threat data with the Threat Intel Filebeat module

Tutorial that walks through setting up Filebeat to push threat intelligence feeds into your Elastic Stack.

Par
Andrew Pease
Marius Iversen
Videos

Hunting for Lateral Movement using Event Query Language

Elastic Event Query Language (EQL) correlation capabilities enable practitioners to capture complex behavior for adversary Lateral Movement techniques. Learn how to detect a variety of such techniques in this blog post.

Par
Samir Bousseaden