My On Detection series is back! In this edition I explore how the same behavior (operation chain) can be implemented using several different execution modalities and the implications of this for detection engineers.
posts.specterops.io/behavior-vs-ex…

XSS in PDF.js! I think this is going to cause some chaos both client-side and server-side... really nice finding by Codean
codeanlabs.com/blog/research/…

LoFP by Justin Ibarra: Autogenerated collection of false positives from popular rule sets, categorized with ATT&CK techniques, rule & data sources. Aids red teams to blend in & blue teams in identifying detection weak spots.
br0k3nlab.com/LoFP/

#infosec #redteam #blueteam

some related detection for this dwm exploit:

unusual dwm.exe childproc github.com/elastic/protec…

unsigned dll loaded by MS system process (e.g. winlogon.exe) github.com/elastic/protec…

Ebury is some fascinating and sophisticated malware! Props to ESET Research for their extensive threat research report. Happy to see our coverage at Elastic is on point. 🔍👏

#ebury #ElasticSecurityLabs #elastic

🎉Good news!🎉
🎉Amazon Updates S3 Billing🎉
Yesterday, AWS started deploying new billing changes for S3. Now you won't get charged for requests or bandwidth due to requests that return the following error codes -- as long as they were initiated outside of your AWS account or AWS

Too true! Or pretending that some feature is not critically dependent on the upkeep of detection rules upstream.

You know what they say: never waste a good meme opportunity!

🛡 New Blog: Investigating Microsoft Graph Activity Logs
In April Microsoft announced GA of the Graph activity logs, this new log source opens opportunities for defenders. The blog explains how the data can be effectively analyzed and enriched with #KQL .
kqlquery.com/posts/graphact…

🔒 Gear up, hackers! 🔒

#CloudVillage CTF BSidesSF is just an hour away⏰

Join the cyber showdown and prove your skills!

Register now at ctf.cloud-village.org and prep your tools for battle! 💻🛡️

#BSidesSF2023 #cloudsecurity #CTFChallenge #CaptureTheFlag #InfoSec

/preach

I want to see more Security Architect, Security Engineer, and Security Analyst panels.

People are pretty tired of hearing from CISO’s only. Especially when many of them are just people leaders. It also puts one role on a pedestal. All are valuable.

Please, submit them!

I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024/04/detect… #DFIR Hope it's useful!

Prompt injection basically serves as a proxy (on steroids) for any web injection style attacks for all web app or web-based services running LLMs to serve up information.

PiEEG: BCI for EEG, EMG, EKG

code[.]microsoft[.]com became pretty interesting to the community over the weekend.

Blog post about what we use it for and what we’ve been seeing. Crucially why it had to say goodbye.

techcommunity.microsoft.com/t5/microsoft-s…

Interested in securing the lifecycle of your LLM? The newest article from Mika Ayenson details his research into native protections against the OWASP® Foundation Top Ten with ES|QL. Check it out: go.es.io/3Qht7i9

#ElasticSecurityLabs #GenerativeAI #LLM #securityresearch

Our experts have released part two of our analysis on the #XZbackdoor .

The findings reveal a dual-layered strategy used by the attackers, combining social engineering with sophisticated technical exploitation to breach XZ Utils' integrity.

More ⇒ kas.pr/w27p