ContactLogin
Try freeicon-magnifying-glass-24-blue.svg
icon-magnifying-glass-24-blue.svgicon-magnifying-glass-24-blue.svg
Security Labs

Topics

Security Research

avatar

Exploring the Future of Security with ChatGPT

Recently, OpenAI announced APIs for engineers to integrate ChatGPT and Whisper models into their apps and products. For some time, engineers could use the REST API calls for older models and otherwise use the ChatGPT interface through their website.

By
Mika Ayenson

Hunting for Suspicious Windows Libraries for Execution and Defense Evasion

Learn more about discovering threats by hunting through DLL load events, one way to reveal the presence of known and unknown malware in noisy process event data.

By
Samir Bousseaden

NETWIRE Dynamic Configuration Extraction

Elastic Security Labs discusses the NETWIRE trojan and is releasing a tool to dynamically extract configuration files.

By
Seth Goodwin
Salim Bitam

Finding Truth in the Shadows

Let's discuss three benefits that Hardware Stack Protections brings beyond the intended exploit mitigation capability, and explain some limitations.

By
Gabriel Landau

More on Security Research

Videos

Get-InjectedThreadEx – Detecting Thread Creation Trampolines

In this blog, we will demonstrate how to detect each of four classes of process trampolining and release an updated PowerShell detection script – Get-InjectedThreadEx

By
John Uhlmann
Videos

EMOTET Dynamic Configuration Extraction

Elastic Security Labs discusses the EMOTET trojan and is releasing a tool to dynamically extract configuration files using code emulators.

By
Remco Sprooten
Videos

Deep dive into the TTD ecosystem

This is the first in a series focused on the Time Travel Debugging (TTD) technology developed by Microsoft that was explored in detail during a recent independent research period.

By
Christophe Alladoum
Videos

Getting the Most Out of Transformers in Elastic

In this blog, we will briefly talk about how we fine-tuned a transformer model meant for a masked language modeling (MLM) task, to make it suitable for a classification task.

By
Apoorva Joshi
Thomas Veasey
...
Videos

KNOTWEED Assessment Summary

KNOTWEED deploys the Subzero spyware through the use of 0-day exploits for Adobe Reader and the Windows operating system. Once initial access is gained, it uses different sections of Subzero to maintain persistence and perform actions on the host.

By
Andrew Pease
Videos

Vulnerability summary: Follina, CVE-2022-30190

Elastic is deploying a new malware signature to identify the use of the Follina vulnerability. Learn more in this post.

By
Devon Kerr
Videos

Nimbuspwn: Leveraging vulnerabilities to exploit Linux via Privilege Escalation

Microsoft 365 Defender team released a post detailing several identified vulnerabilities. These vulnerabilities allow adversarial groups to escalate privileges on Linux systems, allowing for deployment of payloads, ransomware, or other attacks.

By
Jake King
Videos

Elastic's response to the Spring4Shell vulnerability (CVE-2022-22965)

Provide executive-level details about CVE-2022-22965, a recently-disclosed remote code execution (RCE) vulnerability also known as “Spring4Shell”.

By
Devon Kerr
Videos

Detecting and responding to Dirty Pipe with Elastic

Elastic Security is releasing detection logic for the Dirty Pipe exploit.

By
Colson Wilhoit
Samir Bousseaden
...
View more posts