著者

記事執筆者 Gabriel Landau

Videos

Upping the Ante: Detecting In-Memory Threats with Kernel Call Stacks

We aim to out-innovate adversaries and maintain protections against the cutting edge of attacker tradecraft. With Elastic Security 8.8, we added new kernel call stack based detections which provide us with improved efficacy against in-memory threats.

Videos

Finding Truth in the Shadows

Let's discuss three benefits that Hardware Stack Protections brings beyond the intended exploit mitigation capability, and explain some limitations.

Videos

Sandboxing Antimalware Products for Fun and Profit

This article demonstrates a flaw that allows attackers to bypass a Windows security mechanism which protects anti-malware products from various forms of attack.

Videos

Detecting and blocking unknown KnownDlls

This is the second in a two-part series discussing a still-unpatched userland Windows privilege escalation. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver.

Videos

What you need to know about Process Ghosting, a new executable image tampering attack

Several common process tampering attacks exploit the gap between process creation and when security products are notified. Elastic Security detects a variety of such techniques, including Doppelgänging, Herpaderping, and a new technique: Ghosting

Videos

Protecting Windows protected processes

This blog is the first in a two-part series discussing a userland Windows exploit that enables attackers to perform highly privileged actions that typically require a kernel driver.