RGROSEC
open-menu closeme
Home
About
github linkedin

  • Declawing PUMAKIT

    calendar Dec 12, 2024 · 1 min read · Malware Analysis Linux Elastic  ·
    Share on: twitter facebook linkedin copy
    Declawing PUMAKIT

    At Elastic Security Labs, we uncovered PUMAKIT, a sophisticated multi-stage Linux malware with advanced rootkit capabilities. Initially identified through routine threat hunting on VirusTotal, PUMAKIT consists of a dropper (cron), two memory-resident executables, an LKM rootkit module, and a userland shared object (SO) …


    Read More

  • Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse

    calendar Sep 27, 2024 · 1 min read · Malware Analysis Linux Elastic  ·
    Share on: twitter facebook linkedin copy
    Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse

    At Elastic Security Labs, we uncovered a sophisticated Linux malware campaign exploiting Apache2 servers since March 2024. Attackers used multiple malware families, including KAIJI (DDoS) and RUDEDEVIL (crypto miner), along with custom tools for persistence and control. They leveraged C2 channels disguised as kernel …


    Read More

  • An Elastic approach to large-scale dynamic malware analysis

    calendar Jul 31, 2023 · 1 min read · Malware Analysis Linux Elastic  ·
    Share on: twitter facebook linkedin copy
    An Elastic approach to large-scale dynamic malware analysis

    This research delves into large-scale malware analysis conducted by Elastic Security Labs, highlighting how Elastic ingest pipelines were used to filter out benign and duplicate data during dynamic malware analysis. By leveraging these pipelines, we efficiently managed vast datasets, enabling us to focus on identifying …


    Read More

Featured Posts

  • Linux Detection Engineering - The Grand Finale on Linux Persistence Mechanisms
  • Linux Detection Engineering - Approaching the Summit on Persistence Mechanisms
  • Linux Detection Engineering - A Continuation on Persistence Mechanisms
  • Declawing PUMAKIT
  • Securing the edge: Harnessing Falco's power with Elastic Security for cloud workload protection
  • Cups Overflow: When your printer spills more than Ink
  • Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse
  • Linux Detection Engineering - A sequel on persistence mechanisms

Recent Posts

  • Linux Detection Engineering - The Grand Finale on Linux Persistence Mechanisms
  • Linux Detection Engineering - Approaching the Summit on Persistence Mechanisms
  • Linux Detection Engineering - A Continuation on Persistence Mechanisms
  • Declawing PUMAKIT
  • Securing the edge: Harnessing Falco's power with Elastic Security for cloud workload protection
  • Cups Overflow: When your printer spills more than Ink
  • Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse
  • Linux Detection Engineering - A sequel on persistence mechanisms

Categories

ELASTIC 11 DETECTION-ENGINEERING 8 WALKTHROUGHS 7 LINUX 5 PERSISTENCE 5 WEB-APPLICATION-HACKING 4 MALWARE-ANALYSIS 3 BINARY-EXPLOITATION 2 PRIVILEGE-ESCALATION 2 CVE 1

Tags

LINUX 18 ELASTIC 11 DETECTION-ENGINEERING 8 HACK-THE-BOX 7 HUNTING 5 PERSISTENCE 5 OWASP 4 WEBAPP 4 WINDOWS 4 MALWARE-ANALYSIS 3 BUFFER-OVERFLOW 2 PRIVILEGE-ESCALATION 2 AUDITD 1 CVE 1
RGROSEC

Copyright  RGROSEC. All Rights Reserved

to-top