Utilizing ASNs for Hunting & Response
Whether responding to incidents or hunting through large and complex data sets, IP addresses usually feature fairly heavily as a key analysis data point. When…
Category: ThreatIntelligence-IncidentResponse
Post-Exploitation Activities Observed from the Samsung MagicINFO 9 Server Flaw
This week, Huntress observed limited exploitation activity involving the Samsung MagicINFO 9 Server, a content management system used for digital signage displays. As we outlined…
Time to Ransom is Money
Ransomware actors have one primary goal—bringing in money. But the way that they do it varies from attack to attack. Before they actually trigger the…
Simplify Agent Management with Automated Health Checks
At Huntress, we’re obsessed with giving businesses the tools to outsmart hackers. Our Managed Endpoint Detection and Response (EDR) platform combines cutting-edge technology with 24/7…
Simplify Agent Management with Automated Health Checks
At Huntress, we’re obsessed with giving businesses the tools to outsmart hackers. Our Managed Endpoint Detection and Response (EDR) platform combines cutting-edge technology with 24/7…
Breaking Down Ransomware Attacks | Learn How To Stay Protected
No endpoints are immune from the threat of ransomware anymore, from businesses on shoestring security budgets to behemoth government agencies wrapped in layers of security…
2025 Managed ITDR Report: The Rise of Identity Threats in Cybersecurity
Cybersecurity has hit a turning point—and it’s centered on identity. The Huntress 2025 Managed ITDR Report makes one thing painfully clear: identity isn’t just an…
Building an Incident Response Plan That Works
It’s a usual Tuesday morning, maybe you’re sipping some coffee or tea, when you get lit up with alerts. Systems go down. Your internal comms…
Most Common Passwords 2026: Is Yours on the List?
Are you using the same password you came up with on your very first login, however many years ago? You’re not alone. About 23% of…
Detecting Malicious Security Product Bypass Techniques
Figure 11: Sysmon Event ID 10 – Process Access defendnot-loader Figure 12: Sysmon Event ID 10 – Process Access Taskmgr AV evasion registration Register fake…
Reduce Alert Fatigue Like a Huntress Cybersecurity Pro
Every beep, ding, and red flag screams, “You’ve been compromised!” If you’re a security professional drowning in an endless sea of alerts, this probably sounds…
Infostealers Crash Course: A Tradecraft Tuesday Recap
If a threat actor launches a ransomware, extortion, or identity theft attack, the odds are that infostealers—and the credentials they’ve compromised—are behind it. Infostealers have…