Beware of Traitorware: Using Splunk for Persistence
In a previous blog post, I covered how Splunk, and by extension, other security tools, can be used for malicious purposes. In that specific example,…
Category: ThreatIntelligence-IncidentResponse
Understanding GDAP and Its Operational Impact
You’ve likely heard that Microsoft has changed its Delegated Admin Privileges (DAP) authentication control to Granular Delegated Admin Privileges (GDAP). The transition is well underway,…
One MSP, Three Microsoft 365 Compromises, 72 Hours
Huntress has been hunting malicious actors across 50,000+ user accounts for 1,500+ small businesses enrolled in our Managed Identity Threat Detection and Response (ITDR) product.…
Detecting Web Server Probing & Fuzzing in Traefik with Automated Cloudflare Response — Elastic Security Labs
Introduction Self-hosted services exposed through a reverse proxy inevitably attract automated scanners probing for misconfigurations, admin panels, and vulnerable endpoints. In this article, I show…
Spring cleaning your browser | Red Canary
There’s something so satisfying about a good spring cleaning: the kind where you open the windows, clear the clutter, and finally deal with the things…
dmXProtect: Stop, Drop, Shut Malware Down
Note from the author: I’d be remiss not to mention the strangeness of the blog title, a simple but albeit ludicrous spin-off of a DMX…
Before the Breach: Why Test Environments Are a Major Cloud Risk
Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it…
BEC Threat Hunting: How to Detect Microsoft 365 Compromises
We all have thoughts that keep us up at night. Will the ticking noise the car made end up being an expensive repair? When will…
Thwarting Financial Fraud | Huntress
Huntress has been hunting malicious actors across 60,000+ user accounts for almost 2,000 small businesses enrolled in our Managed Detection and Response (MDR) for Microsoft…
Celebrating One Year of Security Awareness Training
Today marks one year since Huntress announced the acquisition of Curricula, which is now Huntress Security Awareness Training. This acquisition was especially exciting for all…
Business Email Compromise via Azure Administrative Privileges
Most of the time when you hear about business email compromise (BEC), you hear a single user account was compromised, leading to large amounts of…
ES|QL detection rules, generated from plain English by Elastic Security’s AI Agent — Elastic Security Labs
Elastic Security now includes AI-powered detection rule creation, built into the rule creation workflow. Analysts describe a threat behavior in plain English and receive a…