Mark Dufresne retweetledi
Mark Dufresne
620 posts

Mark Dufresne
@mark_dufresne
Detection and Intel @sublime_sec
Katılım Mart 2009
557 Takip Edilen1.1K Takipçiler
Mark Dufresne retweetledi

Excited to share my latest research about FIN7 🔥
The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise.
Enjoy the read 👇
sentinelone.com/labs/fin7-rebo…
English
Mark Dufresne retweetledi

Yesterday I learned that @SentinelOne blocks the Windows application white listing and digital signature bypass that I’ve been using for 10 years. Now I’ll need to find a new way to digitally sign any binary as Microsoft (on S1 customers).
Well done @SentinelOne.
English
Mark Dufresne retweetledi

Our analysis on the intriguing #liblzma supply chain case 🔥
By following all the interactions we provided an interesting angle on the TA's motivations and plan to Inject Further Vulnerabilities. It was a pleasure to work with @vx__notduck1e on this!!
sentinelone.com/blog/xz-utils-…
English
Mark Dufresne retweetledi

⚔️ Here are the top threats our WatchTower team observed and investigated in 2023—and a look ahead to the 2024 threat landscape. From the top bad actors, to the top vulnerabilities exploited, to the top threats by OS, and more.
Read the report: sentinelone.com/resources/watc…

English
Mark Dufresne retweetledi

Back in 2021, the Babuk source code leaks fascinated me. At the time, it was unprecedented ransomware drama. 🍿 Like any self-respecting malware archivist, I grabbed the zip file and threw away the key for a few years. 1/?
SentinelOne@SentinelOne
🔐 @LabsSentinel researcher @spiderspiders_ unpacks the growing trend of ESXi locker use among ransomware groups. The report exposes how groups like @Conti and @REvil are exploiting ESXi lockers. sentinelone.com/labs/hyperviso… #infosec #ranosmware #Sentinellabs
English
Mark Dufresne retweetledi

We’ve been working at breakneck pace to release IOCs for ongoing software supply chain campaign that we call SmoothOperator. Attackers trojanized installers for #3CX PBX software. We’ve blocked thousands of attempted infections as of March 22nd. Details 👇🏻
s1.ai/smoothoperator

English
Mark Dufresne retweetledi

New SentinelLabs Research on WIP26 - s1.ai/WIP26
🟣 New actor targeting telco in the Middle East
🟣 Abuses Microsoft 365 Mail, Google Firebase, and Dropbox for C2
🟣 Targeted WhatsApp msgs -> Dropbox -> loader -> backdoors
@milenkowski @CollinFarr @joeychen @QTrust

English
Mark Dufresne retweetledi

Our team has been observing an intrusion in Southeast Asia over the last few weeks. We have seen bunch of TTP's including:
- Malicious IIS Modules (#DoorMe update)
- Webshell usage
- Exfiltrating mailboxes
- New .NET malware #SiestaGraph
- Dropping vulnerable drivers
Elastic@elastic
#ElasticSecurityLabs is tracking an active intrusion by multiple threat actors into the Foreign Affairs office of an Association of Southeast Asian Nations (ASEAN) member. Find out more in this post: go.es.io/3FXCb7j
English
Mark Dufresne retweetledi

#ElasticSecurityLabs is tracking an active intrusion by multiple threat actors into the Foreign Affairs office of an Association of Southeast Asian Nations (ASEAN) member. Find out more in this post: go.es.io/3FXCb7j
English
Mark Dufresne retweetledi

We’re proud of the #ElasticSecurityLabs team and the incredible amount of work that went into creating the 2022 Elastic Global Threat Report. @mark_dufresne shares a behind-the-scenes look into how the report was built. Read more here: go.es.io/3OxutUd
English

If you haven't checked it out, go get it here: elastic.co/explore/securi…
English

We released 2022's @elastic Global Threat Report this week. I wrote a blog that talks about how and why we did it here: elastic.co/blog/behind-th…
English
Mark Dufresne retweetledi

Our team had tons of fun participating in this year’s #FlareOn9 Challenge. Check out our write-up on how we solved them! Thanks @Mandiant for all your effort putting it together.
elastic.co/flare-on-9-sol…
English
Mark Dufresne retweetledi

Happy Friday, Twitter! If you don't know @_xDeJesus let me correct that-- Terrance is a member of the Threat Research and Detection Engineering team @elastic.
His most recent publication to Elastic Security Labs is part one of three on Google Workspaces: elastic.co/google-workspa…
English
Mark Dufresne retweetledi

We have just pushed #Elastic lab to our #CertifiedCyberDefender course 👉cyberdefenders.org/blueteam-train…
Real dataset, fiddle around with #Kibana queries/dashboards, enroll elastic #EDR into endpoints (formally known as Endgame) & write #MITRE-mapped #SIEM use cases.
#DFIR #BlueTeam

English
Mark Dufresne retweetledi

Amazing write-up on a dynamic emotet config extractor by @rsprooten. He uses a combination of YARA, the SMDA decompiler, @unicorn_engine, @LIEF_project and more to get the job done. Read it! And then read it again. And maybe again. elastic.co/security-labs/….
English
Mark Dufresne retweetledi

Check out REF2731 research - a 1, 2, 3...4...5 stage(!) intrusion set for two PARALLAX + NETWIRE campaigns. Malware & campaign analysis and an open-source payload extractor. Collab w/@DanielStepanic @soolidsnakee @bluish_red_ Enjoy, it's a journey. elastic.co/security-labs/…

English
Mark Dufresne retweetledi

Had some fun with this - exploiting the Process Explorer driver for kernel code execution. Will msft ever add to their own blocklist? 🤔
elastic.co/security-labs/…

English
Mark Dufresne retweetledi

Let me be the first to welcome Mika Ayenson to Elastic Security Labs, the most enthusiastic detection engineer I know: elastic.co/security-labs/…
Which tools do detection engineers use? Now ya know!
English
