Author
Colson Wilhoit
Elastic
Articles
![Sinking macOS Pirate Ships with Elastic Behavior Detections](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fsinking-macos-pirate-ships%2Fphoto-edited-01%402x.jpg&w=828&q=75)
Sinking macOS Pirate Ships with Elastic Behavior Detections
This research looks at a recently found macOS malware campaign using the macOS Endpoint Security Framework paired with the Elastic Agent to hunt and detect the behaviors this malware exhibits.
![Elastic catches DPRK passing out KANDYKORN](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Felastic-catches-dprk-passing-out-kandykorn%2Fphoto-edited-01%402x.jpg&w=828&q=75)
Elastic catches DPRK passing out KANDYKORN
Elastic Security Labs exposes an attempt by the DPRK to infect blockchain engineers with novel macOS malware.
![The DPRK strikes using a new variant of RUSTBUCKET](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2FDPRK-strikes-using-a-new-variant-of-rustbucket%2Fphoto-edited-12%402x.jpg&w=828&q=75)
The DPRK strikes using a new variant of RUSTBUCKET
Watch out! We’ve recently discovered a variant of RUSTBUCKET. Read this article to understand the new capabilities we’ve observed, as well as how to identify it in your own network.
![Initial research exposing JOKERSPY](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Finital-research-of-jokerspy%2Fphoto-edited-04%402x.jpg&w=828&q=75)
Initial research exposing JOKERSPY
Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.
![The Elastic Container Project for Security Research](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fthe-elastic-container-project%2Fblog-thumb-container-barge.jpg&w=828&q=75)
The Elastic Container Project for Security Research
The Elastic Container Project provides a single shell script that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.
![Detecting and responding to Dirty Pipe with Elastic](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fdetecting-and-responding-to-dirty-pipe-with-elastic%2Fphoto-edited-01%402x.jpg&w=828&q=75)
Detecting and responding to Dirty Pipe with Elastic
Elastic Security is releasing detection logic for the Dirty Pipe exploit.
![A peek behind the BPFDoor](/security-labs/_next/image?url=%2Fsecurity-labs%2Fassets%2Fimages%2Fa-peek-behind-the-bpfdoor%2Fblog-security-detection-720x420.png&w=828&q=75)
A peek behind the BPFDoor
In this research piece, we explore BPFDoor — a backdoor payload specifically crafted for Linux in order to gain re-entry into a previously or actively compromised target environment.