Author

Mika Ayenson, PhD


Articles

Elevate Your Threat Hunting with Elastic

Elevate Your Threat Hunting with Elastic

Elastic is releasing a threat hunting package designed to aid defenders with proactive detection queries to identify actor-agnostic intrusions.

Cups Overflow: When your printer spills more than Ink

Cups Overflow: When your printer spills more than Ink

Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and Solaris.

Elastic releases the Detection Engineering Behavior Maturity Model

Elastic releases the Detection Engineering Behavior Maturity Model

Using this maturity model, security teams can make structured, measurable, and iteritive improvements to their detection engineering teams..

Now in beta: New Detection as Code capabilities

Now in beta: New Detection as Code capabilities

Elastic Advances LLM Security with Standardized Fields and Integrations

Elastic Advances LLM Security with Standardized Fields and Integrations

Discover Elastic’s latest advancements in LLM security, focusing on standardized field integrations and enhanced detection capabilities. Learn how adopting these standards can safeguard your systems.

Embedding Security in LLM Workflows: Elastic's Proactive Approach

Embedding Security in LLM Workflows: Elastic's Proactive Approach

Dive into Elastic's exploration of embedding security directly within Large Language Models (LLMs). Discover our strategies for detecting and mitigating several of the top OWASP vulnerabilities in LLM applications, ensuring safer and more secure AI-driven applications.

500ms to midnight: XZ / liblzma backdoor

500ms to midnight: XZ / liblzma backdoor

Elastic Security Labs is releasing an initial analysis of the XZ Utility backdoor, including YARA rules, osquery, and KQL searches to identify potential compromises.

Streamlining ES|QL Query and Rule Validation: Integrating with GitHub CI

Streamlining ES|QL Query and Rule Validation: Integrating with GitHub CI

ES|QL is Elastic's new piped query language. Taking full advantage of this new feature, Elastic Security Labs walks through how to run validation of ES|QL rules for the Detection Engine.

Accelerating Elastic detection tradecraft with LLMs

Accelerating Elastic detection tradecraft with LLMs

Learn more about how Elastic Security Labs has been focused on accelerating our detection engineering workflows by tapping into more generative AI capabilities.

Exploring the Future of Security with ChatGPT

Exploring the Future of Security with ChatGPT

Recently, OpenAI announced APIs for engineers to integrate ChatGPT and Whisper models into their apps and products. For some time, engineers could use the REST API calls for older models and otherwise use the ChatGPT interface through their website.

Handy Elastic Tools for the Enthusiastic Detection Engineer

Handy Elastic Tools for the Enthusiastic Detection Engineer

Tools like the EQLPlaygound, RTAs, and detection-rules CLI are great resources for getting started with EQL, threat hunting, and detection engineering respectively.