DefSecSentinel
@DefSecSentinel
Followers
2K
Following
14K
Media
124
Statuses
554
Senior Security Research Engineer, Threat Research and Detection Development @Elastic, 179CPT Cyber Operations Technician 170A @MOARNG
Joined April 2017
RT @cloudvillage_dc: 🚨 Join @_xDeJesus at Cloud Village Investigation Labs @defcon 33!.🔍 “pAWS: The Breach Has Happened. Can You Catch It?”….
0
5
0
I am honored and could not be more excited to present again this year at #OBTS 🌴☀️. So many incredible talks and amazing researchers. It's gonna be awesome! Shoutout to @patrickwardle and @objective_see who work hard to put on the best conference out there. Can't wait to see.
📢 Just dropped: the full #OBTS v8 talk lineup! And for the first time we'll have 3 full days of presentations! 🤩. Congrats to the selected speakers and mahalo to all who submitted. With ~100 submissions, selecting the final talks was a daunting task! 😫.
1
5
29
RT @_xDeJesus: Excited to host a hands-on investigation lab at #DEFCON33 in the #CloudVillage!. Built from the perspective of an opportunis….
0
5
0
RT @elasticseclabs: New research from our #ElasticSecurityLabs team: we dive into how infostealers are leveraging a stolen Shellter evasion….
elastic.co
Elastic Security Labs detected the recent emergence of infostealers using an illicitly acquired version of the commercial evasion framework, SHELLTER, to deploy post-exploitation payloads.
0
50
0
RT @_xDeJesus: Did a write-up on OAuth phishing (offense and defense). It's based on phishing campaign's reported by @Volexity earlier this….
0
18
0
RT @elasticseclabs: Deep dive into Azure OAuth phishing & detection! This article from @_xDeJesus shows how rich telemetry is crucial for s….
elastic.co
This article explores OAuth phishing and token-based abuse in Microsoft Entra ID. Through emulation and analysis of tokens, scope, and device behavior during sign-in activity, we surface high-fidel...
0
16
0
RT @patrickwardle: ⏳ Just one week left to submit your talk to #OBTS v8 .(CFP closes June 30th). We’ve expanded to….
objectivebythesea.org
Submit a talk for #OBTS today!
0
15
0
RT @birchb0y: excited bc today @HuntressLabs is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!!….
huntress.com
Learn how DPRK's BlueNoroff group executed a Web3 macOS intrusion. Explore the attack chain, malware, and techniques in our detailed technical report.
0
97
0
RT @elasticseclabs: New research from #ElasticSecurityLabs uncovers a new ClickFix campaign! Learn how attackers are using GHOSTPULSE and A….
elastic.co
Elastic Security Labs detected a surge in ClickFix campaigns, using GHOSTPULSE to deploy Remote Access Trojans and data-stealing malware.
0
32
0
RT @elastic: We couldn't have said it better ourselves! 🙌. #ICYMI, Elastic Security scored a 100% on the recent @AV_Comparatives Business S….
elastic.co
Elastic Security achieved a perfect 100% protection rate in the AV-Comparatives Business Security Test, highlighting its ability to protect business environments from advanced threats and reinforcing...
0
4
0
RT @elasticseclabs: #ElasticSecurityLabs has uncovered EDDIESTEALER, a novel Rust-based info stealer distributed via fake CAPTCHA campaigns….
elastic.co
Elastic Security Labs walks through EDDIESTEALER, a lightweight commodity infostealer used in emerging CAPTCHA-based campaigns.
0
21
0
RT @SBousseaden: nice research & high likely this will be abused ITW, new detections out using new term rule type to alert on first time se….
0
36
0
RT @JamfSoftware: Attackers are using PyInstaller to deploy infostealers on macOS. Jamf Threat Labs investigates this newly discovered tech….
jamf.com
Jamf Threat Labs discovers malware: learn how attackers are using PyInstallers to deploy infostealers.
0
6
0
RT @elasticseclabs: #ElasticSecurityLabs is dissecting and emulating a famous #DPRK attack. Join @DefSecSentinel and @_xDeJesus to break do….
elastic.co
A high-fidelity emulation of the DPRK's largest cryptocurrency heist via a compromised macOS developer and AWS pivots.
0
8
0
This @elasticseclabs blog was the result of a really fun 4 day exercise my colleague @_xDeJesus and I decided to undertake a few weeks ago. After the @SlowMist_Team initial access writeup, @Mandiant IR Findings and @Unit42_Intel payload analysis we wanted.
elastic.co
A high-fidelity emulation of the DPRK's largest cryptocurrency heist via a compromised macOS developer and AWS pivots.
0
24
88
RT @patrickwardle: Chatted with Lily Hay Newman of @WIRED, about the bugs (found by @OligoSecurity) in Apple's AirPlay SDK that could allow….
wired.com
Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.
0
19
0