Category

Tools

WinVisor is a hypervisor-based emulator for Windows x64 user-mode executables that leverages the Windows Hypervisor Platform API to provide a virtualized environment for logging syscalls and enabling memory introspection.

placeholder image
STIXy Situations: ECSaping your threat data

STIXy Situations: ECSaping your threat data

Structured threat data is commonly formatted using STIX. To help get this data into Elasticsearch, we’re releasing a Python script that converts STIX to an ECS format to be ingested into your stack.

Dancing the night away with named pipes - PIPEDANCE client release

Dancing the night away with named pipes - PIPEDANCE client release

In this publication, we will walk through this client application’s functionality and how to get started with the tool.

Click, Click… Boom! Automating Protections Testing with Detonate

Click, Click… Boom! Automating Protections Testing with Detonate

To automate this process and test our protections at scale, we built Detonate, a system that is used by security research engineers to measure the efficacy of our Elastic Security solution in an automated fashion.

Unpacking ICEDID

Unpacking ICEDID

ICEDID is known to pack its payloads using custom file formats and a custom encryption scheme. We are releasing a set of tools to automate the unpacking process and help analysts and the community respond to ICEDID.

The Elastic Container Project for Security Research

The Elastic Container Project for Security Research

The Elastic Container Project provides a single shell script that will allow you to stand up and manage an entire Elastic Stack using Docker. This open source project enables rapid deployment for testing use cases.

NETWIRE Dynamic Configuration Extraction

NETWIRE Dynamic Configuration Extraction

Elastic Security Labs discusses the NETWIRE trojan and is releasing a tool to dynamically extract configuration files.

NETWIRE Configuration Extractor

NETWIRE Configuration Extractor

Python script to extract the configuration from NETWIRE samples.

BLISTER Configuration Extractor

BLISTER Configuration Extractor

Python script to extract the configuration and payload from BLISTER samples.

BPFDoor Configuration Extractor

BPFDoor Configuration Extractor

Configuration extractor to dump out hardcoded passwords with BPFDoor.

BPFDoor Scanner

BPFDoor Scanner

Python script to identify hosts infected with the BPFDoor malware.

Cobalt Strike Beacon Extractor

Cobalt Strike Beacon Extractor

Python script that collects Cobalt Strike memory data generated by security events from an Elasticsearch cluster, extracts the configuration from the CS beacon, and writes the data back to Elasticsearch.

EMOTET Configuration Extractor

EMOTET Configuration Extractor

Python script to extract the configuration from EMOTET samples.

ICEDID Configuration Extractor

ICEDID Configuration Extractor

Python script to extract the configuration from ICEDID samples.

PARALLAX Payload Extractor

PARALLAX Payload Extractor

Python script to extract the payload from PARALLAX samples.

QBOT Configuration Extractor

QBOT Configuration Extractor

Python script to extract the configuration from QBOT samples.

EMOTET Dynamic Configuration Extraction

EMOTET Dynamic Configuration Extraction

Elastic Security Labs discusses the EMOTET trojan and is releasing a tool to dynamically extract configuration files using code emulators.

Extracting Cobalt Strike Beacon Configurations

Extracting Cobalt Strike Beacon Configurations

Part 2 - Extracting configurations from Cobalt Strike implant beacons.