类别

Security operations

Elastic is releasing a threat hunting package designed to aid defenders with proactive detection queries to identify actor-agnostic intrusions.

占位符图像
Elastic releases the Detection Engineering Behavior Maturity Model

Elastic releases the Detection Engineering Behavior Maturity Model

Using this maturity model, security teams can make structured, measurable, and iteritive improvements to their detection engineering teams..

情報窃取から端末を守る

情報窃取から端末を守る

本記事ではElastic Securityにおいて、エンドポイント保護を担っているElastic Defendに今年(バージョン8.12より)新たに追加された、キーロガーおよびキーロギング検出機能について紹介します。

保护你的设备免遭信息盗窃

保护你的设备免遭信息盗窃

在本文中,我们将介绍今年在 Elastic Defend(从 8.12 版本开始)中添加的键盘记录器和键盘记录检测功能,它负责 Elastic Security 中的端点保护。

In-the-Wild Windows LPE 0-days: Insights & Detection Strategies

In-the-Wild Windows LPE 0-days: Insights & Detection Strategies

This article will evaluate detection methods for Windows local privilege escalation techniques based on dynamic behaviors analysis using Elastic Defend features.

Unlocking Power Safely: Privilege Escalation via Linux Process Capabilities

Unlocking Power Safely: Privilege Escalation via Linux Process Capabilities

Organizations need to understand how Linux features contribute to their attack surface via privilege escalation and how to effectively monitor intrusion attempts using free and open detection capabilities.

揭开调用堆栈的面纱

揭开调用堆栈的面纱

在本文中,我们将向您展示如何将规则和事件情境化,以及如何利用调用堆栈来更好地理解您在环境中遇到的任何警报。

Exploring Windows UAC Bypasses: Techniques and Detection Strategies

Exploring Windows UAC Bypasses: Techniques and Detection Strategies

In this research article, we will take a look at a collection of UAC bypasses, investigate some of the key primitives they depend on, and explore detection opportunities.

利用 ChatGPT 探索安全性的未来

利用 ChatGPT 探索安全性的未来

最近,OpenAI 发布了供工程师集成 ChatGPT 和 Whisper 模型到他们的应用程序和产品中的 API。 一段时间以来,工程师可以使用 REST API 调用旧模型,或者通过他们的网站使用 ChatGPT 界面。

寻找可疑的 Windows 库以执行和逃避防御

寻找可疑的 Windows 库以执行和逃避防御

了解更多有关通过搜索 DLL 加载事件来发现威胁的信息,这是一种在嘈杂的进程事件数据中揭示已知和未知恶意软件的存在的一种方法。

Detect Credential Access with Elastic Security

Detect Credential Access with Elastic Security

Elastic Endpoint Security provides events that enable defenders with visibility on techniques and procedures which are commonly leveraged to access sensitive files and registry objects.

Hunting for Lateral Movement using Event Query Language

Hunting for Lateral Movement using Event Query Language

Elastic Event Query Language (EQL) correlation capabilities enable practitioners to capture complex behavior for adversary Lateral Movement techniques. Learn how to detect a variety of such techniques in this blog post.

Ingesting threat data with the Threat Intel Filebeat module

Ingesting threat data with the Threat Intel Filebeat module

Tutorial that walks through setting up Filebeat to push threat intelligence feeds into your Elastic Stack.

Stopping Vulnerable Driver Attacks

Stopping Vulnerable Driver Attacks

This post includes a primer on kernel mode attacks, along with Elastic’s recommendations for securing users from kernel attacks leveraging vulnerable drivers.

The Elastic Container Project for Security Research

The Elastic Container Project for Security Research

The Elastic Container Project provides a single shell script that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.