Author

Colson Wilhoit

Elastic


Articles

Code of Conduct: DPRK’s Python-fueled intrusions into secured networks

Code of Conduct: DPRK’s Python-fueled intrusions into secured networks

Investigating the DPRK’s strategic use of Python and carefully crafted social engineering, this publication sheds light on how they breach highly secure networks with evolving and effective cyber attacks.

Sinking macOS Pirate Ships with Elastic Behavior Detections

Sinking macOS Pirate Ships with Elastic Behavior Detections

This research looks at a recently found macOS malware campaign using the macOS Endpoint Security Framework paired with the Elastic Agent to hunt and detect the behaviors this malware exhibits.

Elastic catches DPRK passing out KANDYKORN

Elastic catches DPRK passing out KANDYKORN

Elastic Security Labs exposes an attempt by the DPRK to infect blockchain engineers with novel macOS malware.

The DPRK strikes using a new variant of RUSTBUCKET

The DPRK strikes using a new variant of RUSTBUCKET

Watch out! We’ve recently discovered a variant of RUSTBUCKET. Read this article to understand the new capabilities we’ve observed, as well as how to identify it in your own network.

Initial research exposing JOKERSPY

Initial research exposing JOKERSPY

Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.

The Elastic Container Project for Security Research

The Elastic Container Project for Security Research

The Elastic Container Project provides a single shell script that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.

Detecting and responding to Dirty Pipe with Elastic

Detecting and responding to Dirty Pipe with Elastic

Elastic Security is releasing detection logic for the Dirty Pipe exploit.

A peek behind the BPFDoor

A peek behind the BPFDoor

In this research piece, we explore BPFDoor — a backdoor payload specifically crafted for Linux in order to gain re-entry into a previously or actively compromised target environment.