Category
Tools
9 February 2024
STIXy Situations: ECSaping your threat data
Structured threat data is commonly formatted using STIX. To help get this data into Elasticsearch, we’re releasing a Python script that converts STIX to an ECS format to be ingested into your stack.
Into The Weeds: How We Run Detonate
Explore the technical implementation of the Detonate system, including sandbox creation, the supporting technology, telemetry collection, and how to blow stuff up.
Click, Click… Boom! Automating Protections Testing with Detonate
To automate this process and test our protections at scale, we built Detonate, a system that is used by security research engineers to measure the efficacy of our Elastic Security solution in an automated fashion.
Unpacking ICEDID
ICEDID is known to pack its payloads using custom file formats and a custom encryption scheme. We are releasing a set of tools to automate the unpacking process and help analysts and the community respond to ICEDID.
NETWIRE Configuration Extractor
Python script to extract the configuration from NETWIRE samples.
BLISTER Configuration Extractor
Python script to extract the configuration and payload from BLISTER samples.
BPFDoor Configuration Extractor
Configuration extractor to dump out hardcoded passwords with BPFDoor.
BPFDoor Scanner
Python script to identify hosts infected with the BPFDoor malware.
Cobalt Strike Beacon Extractor
Python script that collects Cobalt Strike memory data generated by security events from an Elasticsearch cluster, extracts the configuration from the CS beacon, and writes the data back to Elasticsearch.
EMOTET Configuration Extractor
Python script to extract the configuration from EMOTET samples.
ICEDID Configuration Extractor
Python script to extract the configuration from ICEDID samples.
PARALLAX Payload Extractor
Python script to extract the payload from PARALLAX samples.
QBOT Configuration Extractor
Python script to extract the configuration from QBOT samples.