And one more in this series. This time we go into the tools and techniques they used for maintaining persistence. We've seen a shift from custom #malware to #opensource tools and code.

Check out the latest research from John U, a technical analysis that explains LRPC and the limitations of defender visibility that can lead to misunderstood activity and overlooked threats. Learn more: go.es.io/3TUGENo

There have been several incorrect reports that FFmpeg has been involved in the distribution of malware. FFmpeg only provides source code and the source code has not been compromised. Any "ffmpeg.dll" that has been compromised is the responsibility of the vendor.

This is the second time I have the pleasure of working together with Ruben Groenewoud and thrilled to have co-authored his first blog post for Elastic Security Labs. elastic.co/security-labs/…

Looking for a deeper dive on the Global Threat Report? Join our webinar next Thursday at 9am PT with Devon Kerr and Jake! Register here → go.es.io/48YJzeS #ElasticSecurityLabs #threatresearch

What to do on a "shut it down"-Friday? Exactly, update some system config scripts 😂 #kali #ansible github.com/1337-42/kali-s…

Yesterday was the launch day for my first #HTB box. Hop you all like it. #HackTheBox

Just encountered a case in the #BeaverTail/#InvisibleFerret malware campaign, previously identified by Unit 42. Our findings: campaign ID NVRlYW05 and C2 server 144[.]172.74.108. It's a reminder of the evolving nature of cyber threats. Stay alert! #CyberSecurity #InfoSec

Not sure what this is but a lot of vt uploads recently with EV cert "REMAX PLUS LLC". PDF icon. Embedded obfuscated string "I am Black Delivery"

Excited to have presented on code similarity detection using Vector Search at #FirstCTI24 in Berlin! Yesterday, teamed up with Ruben Groenewoud for a workshop on Malware Analysis & Event Collection. Amazing audience, incredible insights! #Cybersecurity

RemcoS showing us another way to look at malware code similarly with vector search! #bsides #bsidesbelfast #bsidesbelfast24

Today, Ruben Groenewoud and RemcoS are revealing the details to REF6138 — a Linux campaign for mining BitCoin/XMR. Read the breakdown to see how GSOCKET, KAIJI, and RUDEDEVIL are involved: go.es.io/3XKOU53 #ElasticSecurityLabs #cryptomining #cryptocurrency

Yesterday the CUPS vulnerabilities were disclosed — today, we’re showcasing our analysis of the POC and how Elastic Security can protect against it. Check it out: go.es.io/4dsL1Y2 #ElasticSecurityLabs #vulnerability #cybersecurity

I had a little fun writing Go Assembly to supercharge the speed of my code. It's not every day I get to play with ARM assembly, let alone Go Assembly—challenging! But the speedup blew my mind. 1337-42.github.io/posts/dev/gola… #go #simd #neon #benchmark

Check out my new blog post on declawing PUMAKIT, a sneaky #LKM #rootkit targeting Linux systems. Find out how it hides, escalates privileges, and stays under the radar. Don’t miss the deep-dive! elastic.co/security-labs/… #cybersecurity #malwareanalysis #linux

Check out this new #Linux research from RemcoS and Ruben Groenewoud! The article from #ElasticSecurityLabs details the latest updates in OUTLAW, a Linux based #botnet whose most recent version includes brute force and cryptomining capabilities: go.es.io/4iTkh6J