Publications and posts on threat research, detection engineering, and generative AI security — from applied R&D to open-source tooling.
Introduces AESOP (Agent-driven Exploration for Security Operations Proficiency), a conceptual framework for self-directed LLM agents that autonomously discover data sources, learn tool relationships, and propose executable skills for SOC operations.
Using LLM-powered ES|QL COMPLETION to classify and detect threats beyond traditional behavioral rules, bridging the gap between rule-based detection and AI-driven analysis.
An academic paper exploring the application of agentic AI systems to detection engineering, presenting frameworks for building autonomous security systems that can reason, adapt, and improve over time.
A comprehensive guide exploring how agentic frameworks can transform detection engineering workflows through autonomous AI agents that dynamically gather evidence, reason, and adapt their behavior.
An in-depth look at the current state of detection engineering at Elastic Security Labs, covering advancements in threat detection, rule development, and the integration of AI-driven approaches.
Exploring an innovative approach to identifying detection gaps by detonating C2 beacons in controlled environments to validate and improve security detection capabilities.
Elastic Security Labs discusses detection and mitigation strategies for vulnerabilities in the CUPS printing system, which allow unauthenticated attackers to exploit the system via IPP and mDNS, resulting in remote code execution (RCE) on UNIX-based systems such as Linux, macOS, BSDs, ChromeOS, and Solaris.
Improving detection engineering with Elastic`s DEBMM.
At Elastic, we`ve built enablers from soup to nuts for you to begin rolling your own Detections as Code with Elastic Security. These features are now in Beta!
Explore How Elastic`s New LLM Security Strategies Enhance Detection, Standardization, and Protection Across the LLM Ecosystem.
Exploring Elastic`s innovative approach for integrating security into the lifecycle of LLMs to safeguard against vulnerabilities featuring Elastic`s AI Assistant.
Elastic Security Labs is releasing an initial analysis of the XZ Utility backdoor, including YARA rules, osquery, and KQL searches to identify potential compromises.
ES|QL is Elastic`s new piped query language. Taking full advantage of this new feature, Elastic Security Labs walks through how to run validation of ES|QL rules for the Detection Engine.
Learn more about how Elastic Security Labs has been focused on accelerating our detection engineering workflows by tapping into more generative AI capabilities.
Now that chatGPT is here, how will it shape the security industry? Here are ideas to illustrate ambitious applications of ChatGPT to improve detection, response, and understanding pulling together the new LLM provided by OpenAI and Elastics detection engine.
Detection engineering is one of the most fun threat-centric opportunities at Elastic. Here is a sneak peek of some tools we use for all you enthusiastic detection engineers and cybersecurity researchers eager to get in the game!
Evaluation of a cyber maneuver framework designed to shape attacker behavior through deception and adaptive defensive strategies.
After almost a month away, I’m excited to start a new chapter as an Elastician! I haven’t traditionally been one to openly share, but time over the pandemic became a catalyst to grow and understand what the most important things in life were to me.
Back in 2021, I played around with GPT-3. For historical purposes, here are the type of responses, just in case something better comes along in the future (cough cough chatgpt).
Recognized at the 2021 BEYA STEM Conference for contributions to engineering and technology at Johns Hopkins Applied Physics Laboratory.
An examination of behavioral advertising practices, user tracking techniques, and the privacy implications of targeted ad ecosystems.
WPI Major Qualifying Project (MQP) assessing security vulnerabilities in cloud computing environments.
Research on advanced tracking mechanisms including Flash cookies, HTML5 storage, and ETag respawning used to circumvent user privacy controls.
