🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

🛡️ In this blog post, Clément Labro and Romain extend the work of 🤷‍♂️ and demonstrate how Server Silos can be leveraged to exploit the #KsecDD #Windows driver, and achieve #admin-to-kernel even when LSA Protection is enabled. 👉 Discover more about it: ow.ly/438L50U4mAG

nice!

I’m humbled and privileged to work with brilliant people like x86matthew.

We’re adding a new section to Elastic’s HackerOne Bounty Program! Today, we’re opening our SIEM and EDR rules for testing. We’re excited to have another way to thank our community for their efforts on our #detectionengineering. Get more details here: go.es.io/4hdKQCI

Two James Forshaw blogs in one day AND he cited me? My birthday came early this year!

> Hint: this is foreshadowing. 🤣

in a year period we had 50% increase in Elastic Defend endpoint behavior rules (coverage as well - 1000+) 💪 for all the 3 supported platforms Windows, macOS and Linux H/T DefSecSentinel Ruben Groenewoud Mika Ayenson Shashank and all the team ofc github.com/elastic/protec…

Multi-Platform FINALDRAFT malware targeting government orgs. Outlook drafts for C2. We published a deep dive on the malware and another on the campaign. Great research by the team! elastic.co/security-labs/… elastic.co/security-labs/…

Atlas of Surveillance schneier.com/blog/archives/…

A lot of fun techniques coming out of the mdsec crew! Fortunately, this one is fairly easy to spot github.com/elastic/protec…

with #Elastic process events enriched with call stack info we can detect processes started via Windows+Run and with more than 1 argument (pretty rare especially when coupled with lolbins/cmd/ps)

If you are passionate about Windows OS internals; detection, software, and reverse engineering; debugging; and solving interesting problems, come join us Prelude Research jobs.ashbyhq.com/preludesecurit…

The team at Prelude Research is looking for Windows internals researchers, reverse engineers, and people passionate about rethinking how we combat modern adversaries. Join us! jobs.ashbyhq.com/preludesecurit…

new #elastic defend rules out : - PPL bypass via ComDotNetExploit - Execution via Windows-Run (trending delivery method ITW) github.com/elastic/protec…

techcommunity.microsoft.com/blog/windows-i… Finally! I personally worked on Hotpatch, together with my team 3 years ago... and now is finally approaching client versions of Windows... Yuuuyuuu!

It’s interesting to see vulnerable drivers discussed outside the Infosec community. GamersNexus did a piece on WinRing0. youtu.be/H_O5JtBqODA

Zero Trust and EDR Tier list rated by nation-state funded AI catgirls. ranked by amount of snake oil in product

This modexp.wordpress.com/2025/04/27/bea… is an interesting post by modexp ... highly recommend checking it out.

Join John U to explore the concept of Execution Modality within #detections — specifically, how modality-focused detections can complement behavior-focused ones: go.es.io/4mgb5ve #ElasticSecurityLabs #detectionengineering

nice research & high likely this will be abused ITW, new detections out using new term rule type to alert on first time seen SubjectUserName in last 10 days creating a new dMSA account or modifying the msDS-ManagedAccountPrecededByLink attribute. github.com/elastic/detect…