Author

Terrance DeJesus

Senior Security Research Engineer, Elastic


Articles

Exploring AWS STS AssumeRoot

Exploring AWS STS AssumeRoot

Explore AWS STS AssumeRoot, its risks, detection strategies, and practical scenarios to secure against privilege escalation and account compromise using Elastic's SIEM and CloudTrail data.

Elevate Your Threat Hunting with Elastic

Elevate Your Threat Hunting with Elastic

Elastic is releasing a threat hunting package designed to aid defenders with proactive detection queries to identify actor-agnostic intrusions.

Cups Overflow: When your printer spills more than Ink

Cups Overflow: When your printer spills more than Ink

Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and Solaris.

Elastic releases the Detection Engineering Behavior Maturity Model

Elastic releases the Detection Engineering Behavior Maturity Model

Using this maturity model, security teams can make structured, measurable, and iteritive improvements to their detection engineering teams..

Globally distributed stealers

Globally distributed stealers

This article describes our analysis of the top malware stealer families, unveiling their operation methodologies, recent updates, and configurations. By understanding the modus operandi of each family, we better comprehend the magnitude of their impact and can fortify our defences accordingly.

Invisible miners: unveiling GHOSTENGINE’s crypto mining operations

Invisible miners: unveiling GHOSTENGINE’s crypto mining operations

Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.

Monitoring Okta threats with Elastic Security

Monitoring Okta threats with Elastic Security

This article guides readers through establishing an Okta threat detection lab, emphasizing the importance of securing SaaS platforms like Okta. It details creating a lab environment with the Elastic Stack, integrating SIEM solutions, and Okta.

Starter guide to understanding Okta

Starter guide to understanding Okta

This article delves into Okta's architecture and services, laying a solid foundation for threat research and detection engineering. Essential reading for those aiming to master threat hunting and detection in Okta environments.

Google Cloud for Cyber Data Analytics

Google Cloud for Cyber Data Analytics

This article explains how we conduct comprehensive cyber threat data analysis using Google Cloud, from data extraction and preprocessing to trend analysis and presentation. It emphasizes the value of BigQuery, Python, and Google Sheets - showcasing how to refine and visualize data for insightful cybersecurity analysis.

Google Workspace Attack Surface

Google Workspace Attack Surface

During this multipart series, we’ll help you understand what GW is and some of the common risks to be aware of, while encouraging you to take control of your enterprise resources.

Google Workspace Attack Surface

Google Workspace Attack Surface

During part two of this multipart series, we’ll help you understand how to setup a GW lab for threat detection and research.