RT @bluish_red_: Didn't make the (already long) blog, but there is a pile of infrastructure with the same cert characteristics. At least o….

RT @_devonkerr_: Should anyone need to get ahold of me about @elasticseclabs research, DMs are open and I just had lunch so I’m feeling hos….

New research from our #ElasticSecurityLabs team: we dive into how infostealers are leveraging a stolen Shellter evasion tool to deploy data-stealing malware. Learn more & get our unpacker: . #malware #rhadamanthys #ghostpulse.

Deep dive into Azure OAuth phishing & detection! This article from @_xDeJesus shows how rich telemetry is crucial for spotting identity-based attacks. Stop relying on static indicators & start: #CloudSecurity #ThreatDetection #Azure.

New research from #ElasticSecurityLabs uncovers a new ClickFix campaign! Learn how attackers are using GHOSTPULSE and ARECHCLIENT2 (SECTOPRAT) in multi-stage attacks to deploy RATs and steal data. Stay informed:

Dive deep into malware detection with the latest article by John Uhlmann: "Call Stacks: No More Free Passes for Malware." Discover how call stacks provide vital insights into malware behavior. Read more:

Refresh your knowledge of the detection and mitigation strategies for vulnerabilities in the CUPS printing system, which runs on UNIX-based systems like #Linux and #macOS:

In May, #ElasticSecurityLabs published 52 new rules! Take a look at the overview and learn how we manage these rulesets: #detectionengineering #SIEM #EDR

RT @SCMagazine: A new Rust-based infostealer dubbed EDDIESTEALER is being spread via the popular ClickFix social engineering technique, whi….

Do you want a quick recap on what #ElasticSecurityLabs has been up to? Under the Microscope is the #newsletter for our favorite article highlights. Sign up here:

#ElasticSecurityLabs has uncovered EDDIESTEALER, a novel Rust-based info stealer distributed via fake CAPTCHA campaigns. This malware targets credentials, browser info, & crypto wallets. Read our full analysis here: . #Cybersecurity #MalwareAnalysis.

REF6138 was a #Linux #cryptomining attack campaign focused on BitCoin/XMR. Threat actors used a mixture of tools and malware including C2, cron jobs, GSOCKET, KAIJI, RUDEDEVIL, and more. Check out the details:

RT @keowu: @DanielStepanic @birdrockrock @elasticseclabs I really appreciate your response. Don’t worry, there’s no connection between our….

Analyzing DOUBLELOADER malware & its use of Alcatraz, an open-source obfuscator! 🚨 Learn how Alcatraz employs control flow flattening, anti-disassembly tricks, and more to evade detection. Dive into our research on de-obfuscating these techniques:

Back at @nullcon, @AsuNa_jp explored hotkey-based #keyloggers. You can watch her talk on detection techniques here:

RT @jdu2600: ATT&CK never felt quite right to me. I originally thought it was just that the taxonomy was incomplete. Then @jaredcatkinson….

Join @jdu2600 to explore the concept of Execution Modality within #detections — specifically, how modality-focused detections can complement behavior-focused ones: #ElasticSecurityLabs #detectionengineering.

In April, #ElasticSecurityLabs published 62 new rules! Take a look at the overview and learn how we manage these rulesets: #detectionengineering #SIEM #EDR

RT @DefSecSentinel: This @elasticseclabs blog was the result of a really fun 4 day exercise my colleague @_xDeJesus….

RT @_xDeJesus: I joined forces with @DefSecSentinel and did additional analysis on #DPRK's 2025 ETH heist of ~$1.4b from ByBit following ap….