1/ 🛡️ The Customer Isn't Always Right 🛡️
We reported several suspicious SSH processes originating from a DICOM (medical images) viewer installer. The viewer itself was legitimate, but the SSH activity seemed suspicious. Our partner initially rejected the report, insisting it was
Earlier someone asked if @HuntressLabs hires associate/junior levels:
We love to hire folks who climb the leaderboards of hack the box and blue team labs online.
A lot of our interview focuses on basic DFIR so I recommend consuming @13CubedDFIR content fanatically.
Read and
We can confirm, we're seeing the following deployed via the SlashAndGrab (ScreenConnect Vuln)
- Ransomware (Lockbit)
- Cobalt Strike
- SSH Tunnels
- CoinMiners
- Additional RMMs
Victims include Vets Offices, Health Clinics, and local governments (including attacks against
Welcome to the first Huntress Threat Report 🚨🦸♀️
An in-depth review of real world intrusions @ small & mid-sized businesses. Follow @HuntressLabs for more.
huntress.com/hubfs/SMB-Thre…
I’ve been absolutely shocked by the volume of M365 session theft attacks. We recently deployed some new detection tech to a subset of customers and these campaigns are hitting everyone from very large orgs to your local vet office 😿
Seeing threat actors blast their campaigns
I want to highlight @HuntressLabs SOC Analyst @wbmmfq for going above and beyond here.
In a SOC it's common to take the alert in front of you, do your analysis/response, and then move on. You've revoked the attackers access and can grab the next alert.
However, I've noticed a
Interesting data from @HuntressLabs EDR here 🧵
Let's explore how frequently RMM/remote tools are "rare" in an organization, where "rare" is less than 10% of hosts use the tool.