Daniel Stepanic
@DanielStepanic
Followers
1K
Following
1K
Media
38
Statuses
293
Malwarez at @elasticseclabs | Macrodata Refinement
Joined March 2011
Our team revisited #BLISTER, a stealthy loader recently tied to #LockBit and #SocGholish. We go through it's different capabilities, and released config extractor. Blog🔗: Config extractor 🧰:
1
38
74
RT @elasticseclabs: New research from our #ElasticSecurityLabs team: we dive into how infostealers are leveraging a stolen Shellter evasion….
0
48
0
RT @soolidsnakee: ClickFix is everywhere, checkout our newest research. #malware #ghostpulse #reverseengineer #clickfix.
0
7
0
RT @_devonkerr_: This is a great opportunity to highlight the researcher behind this article (and the most recent member of my operation) @….
0
2
0
RT @elasticseclabs: #ElasticSecurityLabs has uncovered EDDIESTEALER, a novel Rust-based info stealer distributed via fake CAPTCHA campaigns….
0
21
0
This was a fun write-up! I go through open-source obfuscator, Alcatraz and walk through its obfuscation techniques and how to approach de-obfuscation. Hopefully it can help some people!.
Analyzing DOUBLELOADER malware & its use of Alcatraz, an open-source obfuscator! 🚨 Learn how Alcatraz employs control flow flattening, anti-disassembly tricks, and more to evade detection. Dive into our research on de-obfuscating these techniques:
2
10
32
RT @elasticseclabs: You can access our #detectionengineering repos, but how about a closer look?. The 2025 State of Detection Engineering a….
0
22
0
RT @elasticseclabs: Huh? That’s weird… what is that?. It kind of looks like it’s a… new #cybersecurity report? 🤔 . We’re excited about this….
0
5
0
RT @elasticseclabs: Check out this new #Linux research from @rsprooten and @RFGroenewoud! The article from #ElasticSecurityLabs details the….
0
23
0
RT @elasticseclabs: We’re exposing a newly discovered #malware family that has made its home on #GitHub. SHELBY targeted a middle east tele….
0
32
0
RT @elasticseclabs: Join @cyril_t_f and #ElasticSecurityLabs in exposing ABYSSWORKER, a malicious driver that silences #EDR tools and is di….
0
34
0
RT @elasticseclabs: There are several different #keyloggers, but today @AsuNa_jp dives into the hotkey-based ones! Recapping her recent @nu….
0
22
0
RT @dez_: Multi-Platform FINALDRAFT malware targeting government orgs. Outlook drafts for C2. We published a deep dive on the malware and….
0
46
0
RT @elasticseclabs: We're starting 2025 strong. Join us on January 14th for Detection Engineering with the Elastic Global Threat Report, a….
0
7
0
RT @elasticseclabs: Ready, set, GOSAR is a QUASAR variant written in Go and exposed today by #ElasticSecurityLabs. This article breaks down….
0
13
0
RT @elasticseclabs: #ElasticSecurityLabs has discovered PUMAKIT, a new #linux #malware with advanced stealth mechanisms. The kernel rootkit….
0
26
0
RT @elasticseclabs: The #ElasticSecurityLabs team breaks down a recent Chrome update that introduced App-Bound Encryption and how the most….
0
52
0
RT @virusbtn: Elastic Security Labs researchers show the evolution of the GHOSTPULSE (aka HIJACKLOADER or IDATLOADER) malware. GHOSTPULSE h….
0
13
0
Had fun presenting #WARMCOOKIE research at #VB2024. The malware was recently updated with new handlers. Our team wrote some tooling to simulate the C2 server to help organizations build better detections. Tooling:
1
10
52