In July and August, #ElasticSecurityLabs published 113 new rules! Take a look at the overview and learn how we manage these rulesets.

nice technique! #Elastic EDR (Elastic Defend) is not affected + we do have an existing behavior protection rule that will terminate WerFaultSecure.exe (to protect other processes) github.com/elastic/protec…

Elastic Security Labs MCP tool research shows how tool-poisoning, orchestration injection, and rug-pulls lead to data exfil & RCE. Includes actionable detections + hardening. Read it if you run agents: go.es.io/3VofX5m

Linux syscall hooks were forever changed with kernel 6.9, check out this article from #ElasticSecurityLabs describing #FlipSwitch– the latest in Linux hooking: go.es.io/4nSrCW3

#ElasticSecurityLabs has kept tabs on #WARMCOOKIE, a backdoor we disclosed in June 2024 that used employment-related phishing lures to infect victims. Learn how this threat’s evolving: go.es.io/46O8pOo

Predictive indicator for WARMCOOKIE 🍪🍪🍪 infrastructure. Validin Mikhail Kasimov

i'm gonna keep on dancing at the WARMCOOKIE string_bank

Elastic Security Labs is currently researching a new family of IIS malware impacting a large number of organizations globally. With a US university-based MDR provider, we’ve observed a novel attack chain, RMMs, a Godzilla-forked framework, and a malicious driver. Details coming soon.

Heading to my 3rd #OBTS 🌴☀️🌊today! Best conference out there. Honored to be speaking again this year alongside so many other incredible #Apple 🍎 security researchers. It’s gonna be a blast, can’t wait to see everyone! Pumped to get to share my research into using and abusing

In September, #ElasticSecurityLabs published 78 new rules! Take a look at the overview and learn how we manage these rulesets.

Elastic Security Labs Love some IIS modules on a Tuesday. Thank you all for sharing

The Haag™ Elastic Security Labs Thank y'all for reading it, Michael!

#ElasticSecurityLabs joins forces with Texas A&M System and discloses TOLLBOOTH, an IIS module used for SEO abuse that relies on publicly exposed ASP. NET machine keys: go.es.io/3L68p57

Thanks for being generous with your time and expertise on this Sreekar Madabushi! Good stuff! Validin

This was a cool project for a few reasons. First, some of us have been working with Texas A&M since Endgame and it’s a partnership with a ton of history! Also it is a blast for us to work with other experts to achieve successes!

Amazing experience to work the great folks Elastic Security Labs on this write up to showcase some interesting activity we discovered together! Excited to keep our collaboration going to give back what we can to the security community!

Braxton Williams Elastic Security Labs Your team and the customer squashing it from the get go was great! Love talking about good folks doin' the good work!

Seth Validin Really great research from Seth and the team at Elastic Security Labs! Worth a read and if you're running IIS, should definitely check if you're impacted.

#ElasticSecurityLabs releases nightMARE, a Python-based library for malware analysts that we use to build tools for acquiring intelligence. Read more about it here: go.es.io/46Zt8Ac

Fantastic work by the HarfangLab team describing and documenting indicators and detection logic for "RudePanda," described with complementary analysis by the Elastic Security Labs team as "TOLLBOOTH." harfanglab.io/insidethelab/r…