Insights: RMM Tools | Huntress
Huntress lives in the small- to medium-sized business (SMB) space, partnering with managed service providers (MSPs), and as a result, sees a wide spectrum of…
Category: ThreatIntelligence-IncidentResponse
Time Travelers Busted: How to Detect Impossible Travel
In this month’s Tradecraft Tuesday, our Developer Tech Lead Jamin Becker and Product Researcher Dave Kleinatland dove deep into the problem of Impossible Travel. Going…
Full Transparency: Controlling Apple’s TCC (Part 2)
In my last article, I gave an introduction to Apple’s Transparency, Consent, and Control (TCC) framework. The primary goal of TCC is to empower users…
Using Backup Utilities for Data Exfiltration
Background As an MDR provider supporting over 2.7 million endpoints across an extremely diverse customer base, Huntress sees a great deal of both legitimate and…
Managing Attack Surface | Huntress
Background Given a diverse customer base, Huntress sees a wide range of activity even when it comes to persistent threat actors. When such a threat…
7 Don’ts of Security Awareness Training
Security awareness training (SAT) is needed now more than ever. Just look at the barrage of ransomware attacks debilitating healthcare. And it’s no longer just…
How Huntress Managed EDR Stands Against the Competition
Cybercrimes are no longer reserved for the Fortune 500. It’s more than just major banks, national retailers, and hospital networks at risk. Hackers are now…
MSSQL to ScreenConnect | Huntress
Background Huntress SOC analysts continue to see alerts indicating malicious activity on endpoints running MSSQL Server or MSSQL Express, either as stand-alone installations, or as…
Analyzing a Malicious Advanced IP Scanner Google Ad Redirection
So you found yourself responding to an alert about one of your employees downloading a malicious version of Advanced IP Scanner? This has become fairly…
The 60ms Window: How Event 5156 Solves the ADWS Attribution Problem
The BloodHound Slack challenge Coincidentally, as I was drafting my post on the ADWS blind spot (originally scoped to be part 6, but now Part…
What a Fake Claude Download Says About Security Today
Most people expect scams and hacks to show up in their inbox or DMs, not in a place they’ve been conditioned to trust, like the…
Your Staging Site Is More Important than You Think
A third-party security researcher recently found a vulnerability in our staging environment. That’s not a fun sentence to write, even when the person finding it…