Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

Elastic Security Labs

20 articles

Elastic Security Labs Campaigns 2d ago

ClickFix to Cash-Out: Anatomy of a Mexican Banking-Fraud Toolkit

Elastic Security Labs tracks REF6045, an active operator-assisted banking fraud operation targeting customers of Mexican banks, fintech, payment processors, ...

Elastic Security Labs →

Elastic Security Labs General 4d ago

Inside Elastic InfoSec's agentic SOC: Choosing the right agent architecture for a 5x cost reduction

We ran two agentic SOC architectures head to head across 36,822 real Agent Builder conversations. One won by 5.

Elastic Security Labs →

Elastic Security Labs General Jul 2

Inside Elastic InfoSec's agentic SOC: cutting alert triage from 30 minutes to under 3

Elastic's InfoSec team built AI agents on Elastic Workflows that investigate every alert and assemble the case before an analyst ever opens it.

Elastic Security Labs →

Elastic Security Labs Vulnerability Disclosure Jun 23

From vulnerability report to CVE draft in minutes: how Elastic automated security advisories with AI

How Elastic's security team built an AI agent with RAG against MITRE's CWE and CAPEC catalogues to draft CVE advisories from raw vulnerability reports, inclu...

Elastic Security Labs →

Elastic Security Labs Malware Google Jun 19

Lost in relocation: analysis of a new loader distributing CASTLESTEALER

Find out how a new obfuscated loader evades static detection using .reloc section abuse, five anti-VM/language checks and MBA obfuscation to deliver infostea...

T1027

Elastic Security Labs →

Elastic Security Labs General Microsoft Jun 19

Azure AD Graph Activity Logs: Ingestion and threat detection to close the visibility gap

Azure AD Graph Activity Logs land in Elastic with full ECS parsing. Detect ROADrecon and AADInternals enumeration with ready-to-use detection rules.

T1592

Elastic Security Labs →

Elastic Security Labs General Google Intel Jun 2

From API key to live threat detections in minutes: how Elastic Security ingests Google Threat Intelligence

Find out how Elastic Security ingests Google Threat Intelligence for continuous detection and uses AI-driven workflows to enrich alerts in real time, from AP...

Elastic Security Labs →

Elastic Security Labs General Google May 26

Detecting Tycoon 2FA AiTM attacks across Entra ID and Google Workspace

Tycoon 2FA bypasses MFA on Entra ID and Google Workspace. We map telemetry fingerprints across both platforms, ship detection rules for both tiers, and conta...

T1557

Elastic Security Labs →

Elastic Security Labs TTPs May 22

PHANTOMPULSE: anatomy of a hijackable blockchain-C2 RAT

Elastic Security Labs presents a detailed reverse-engineering analysis of PHANTOMPULSE, the long-lived RAT delivered to crypto-sector victims through the REF...

Elastic Security Labs →

Elastic Security Labs General May 12

Elastic Security MCP App: Interactive security operations inside your AI Tools

Elastic Security is the first security vendor to ship an interactive UI in AI tools. Triage alerts, hunt threats, correlate attack chains, and open cases, al...

Elastic Security Labs →

Elastic Security Labs Vulnerability Disclosure Linux May 9

Copy Fail and DirtyFrag: Linux Page Cache Bugs in the Wild

This research analyzes the Linux kernel privilege escalation vulnerabilities Copy Fail and DirtyFrag, which exploit subtle page cache corruption bugs to crea...

T1548

Elastic Security Labs →

Elastic Security Labs General Cloudflare May 8

Detecting Web Server Probing & Fuzzing in Traefik with Automated Cloudflare Response

This article shows how a customized Elastic Security ES|QL detection rule can identify web server probing and fuzzing activity in Traefik logs and automatica...

Elastic Security Labs →

Elastic Security Labs Malware Microsoft SAP May 7

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

REF3076 uses a trojanized Logitech installer to deploy TCLBANKER, a Brazilian banking trojan with environment-gated payloads, WPF fraud overlays, and self-pr...

Elastic Security Labs →

Elastic Security Labs General May 5

Elastic Workflows GA: automation where your security data already lives

Elastic Workflows is generally available in 9.4, bringing production-ready security automation with deeper case management integration, human-in-the-loop sup...

Elastic Security Labs →

Elastic Security Labs General May 5

Know who to watch before the incident finds you

Elastic Security v9.

Elastic Security Labs →

Elastic Security Labs General May 5

AI-generated hunting leads: The hunt starts before you ask the question

Introducing AI-generated hunting leads, proactive, environment-aware threat hypotheses powered by Elastic Entity analytics and integrated AI reasoning.

Elastic Security Labs →

Elastic Security Labs General May 5

Your UEBA is lying to you: Why entity record quality decides everything

Most entity analytics systems are confidently wrong. They track users who do not exist, generate risk scores built on noise, and call it behavioral analytics.

Elastic Security Labs →

Elastic Security Labs General May 4

From plain English to production rule: AI-native Elasticsearch ES|QL detection in Elastic Security

Elastic Security now lets analysts describe a threat behavior in plain language and receive a complete, validated Elasticsearch ES|QL detection rule in retur...

Elastic Security Labs →

Elastic Security Labs General May 4

Elastic Conversational Entity Analytics: threat hunting in a single conversation

Conversational Entity Analytics delivers Entity Analytics features as rich inline attachments and Canvas previews into Agent Builder, so you don’t have to le...

Elastic Security Labs →

Elastic Security Labs General May 4

One agent, the right skills: Elastic Security 9.4 brings domain expertise on demand to every SOC workflow

Elastic Security 9.4 introduces skills, modular AI capabilities that teach the Elastic AI Agent how to detect, investigate, and hunt like a specialist.

Elastic Security Labs →

1 2 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA