Live from #BlackHatUSA, Devon Kerr shares insights from today’s talk from Mike Nichols and James Spiteri on the power of AI to automate SOC tasks like migration and analysis.

#ElasticSecurityLabs is exposing Banshee Stealer — a brand new macOS infostealer with ties to browsers and cryptocurrency. This MaaS collects an immense amount of data, but you can get the details and protections here: go.es.io/3YNQeWY #malware #cryptocurrency #macos

#ElasticSecurityLabs is introducing HexForge, our tool that enhances #IDAPro with manipulation capabilities built into the hex and disassembly views. HexForge makes it easy to copy and patch binary data and currently supports RC4, AES, ChaCha20, and XOR: go.es.io/4cTCME2

Another #macos #dropper #loader sample similar to a previous one I analyzed that downloads and executes an #infostealer which then collects and exfiltrates sensitive data. Lets take a look in detail at the entire execution chain with Elastic's 'Process Analyzer View' and

Microsoft fixes Windows Smart App Control zero-day exploited since 2018 - Sergiu Gatlan bleepingcomputer.com/news/microsoft… bleepingcomputer.com/news/microsoft…

Check out this awesome write up on an active Linux campaign uncovered by Ruben Groenewoud and RemcoS

Yesterday the CUPS vulnerabilities were disclosed — today, we’re showcasing our analysis of the POC and how Elastic Security can protect against it. Check it out: go.es.io/4dsL1Y2 #ElasticSecurityLabs #vulnerability #cybersecurity

Posted a lil article to detect.fyi about using Elastic's new maturity model for measuring success in your deteng team. Give it a read if you like 🧵 detect.fyi/from-zero-to-e…

Multi-Platform FINALDRAFT malware targeting government orgs. Outlook drafts for C2. We published a deep dive on the malware and another on the campaign. Great research by the team! elastic.co/security-labs/… elastic.co/security-labs/…

#ElasticSecurityLabs is exposing REF7707, an attack campaign in Asia that brought 2 brand new #malware: PATHLOADER and FINALDRAFT. The #Windows executable pairs with a C++ malware focused on data exfiltration and process injection. Learn more: go.es.io/4aZuL0Y

Silicon Valley’s Favorite Mattress Might Pose Privacy Risk trib.al/Ri3QBes

Thank you Ellen Huet for covering the research Jake and I did: removing the AWS from eight sleep by running it off an aquarium chiller. Here's our full blog: trufflesecurity.com/blog/removing-…

Thanks for covering my research Linus Tech Tips m.youtube.com/watch?v=FX9QFt… Cc Jake

You can access our #detectionengineering repos, but how about a closer look? The 2025 State of Detection Engineering at Elastic is a new #report from #ElasticSecurityLabs detailing how we create and assess our prebuilt rules. Check it out: go.es.io/4jnrXhA

It’s crunch time! #RSAC kicks off tomorrow. Be sure to stop by the Elastic booth, hang out for one of our lightening talks, and would love to see you at my speaking session on Wednesday at 2:25pm!

What an incredible first day of #RSAC! I ran into my friend Jake and I was able to ask him some critical questions and get his thoughts on the show so far... I'll be back tomorrow with more updates! -- AVN

It's been an eventful day so far at the Elastic booth! I was able to catch up with my friend Jessica David for our last day of #RSAC. There's still some time to stop by booth 5778, do it while you can! -- AVN

I joined forces with DefSecSentinel and did additional analysis on #DPRK's 2025 ETH heist of ~$1.4b from ByBit following app tampering of Safe{Wallet}'s frontend. - Put on the adversary hat to understand macOS and AWS attack chain - Dove into the specifics of macOS dockerized

Do you want a quick recap on what #ElasticSecurityLabs has been up to? Under the Microscope is the #newsletter for our favorite article highlights. Sign up here: go.es.io/3T21ECa

New research on NOVABLIGHT, a NodeJS infostealer sold as MaaS! Discover its tactics, from credential theft & cryptowallet compromise to advanced obfuscation & anti-analysis techniques: go.es.io/459JGDA #ElasticSecurityLabs #infostealer