Zander Work is a security researcher, hacker, and SOC analyst, having run the gauntlet on both offense and defense with 5 years of experience. His main research interests lie in malware and threat intelligence, but often works on vulnerability research. On the weekends, you can often find him playing CTF with OSUSEC.
In June 2020, Elastic launched the first experimental release of the Elastic Agent, an endpoint agent that can collect logs from a system and ship them to Elasticsearch for processing and analysis. The Elastic Agent also provides Endpoint Detection and Response capabilities, making it a powerful addition to a defender’s toolkit.
In this talk, we will explore the architecture of the Elastic Stack, and show how the Elastic Agent was introduced into the system to provide Endpoint Detection & Response capabilities. Then, we’ll do a deep dive on a vulnerability that allowed for sensitive data to be deleted, and how a motivated attacker could exploit this vulnerability in a stealthy manner, along with a demo/explanation of an exploit running on Windows Server 2016.