Speakers:
- Derek Ditch (GitHub: @dcode)
- Jessica David (GitHub: @jeska)
Malware can be 'fowl'
But we can 'quack' its secrets
With our friend malduck
Repos:
- https://github.com/elastic/mwise-2022
- https://github.com/elastic/malware-exquacker
- https://github.com/elastic/malware-exquacker-modules
Slides:
Blog:
- Collecting Cobalt Strike Beacons with the Elastic Stack: This blog details instructions for configuring your Elastic Security Endpoint policies to capture up to 4MB of process memory when malware is detected.