And getting paid to turn @_JohnHammond into a meme? Priceless. 😏 Happy Friday! #CybersecurityAwarenessMonth
Huntress
4,254 posts
Huntress
@HuntressLabs
Managed #cybersecurity without the complexity. EDR, ITDR, SIEM & SAT crafted for under-resourced IT and Security teams.
- Yes, there's a class for pretty much everything these days, but...choose wisely, folks. 😅 #CybersecurityAwarenessMonth #FightThePhish #phishing @_JohnHammond
- Our SOC tackled an attempted ransomware intrusion tied to Makop ransomware tactics. Here’s what went down 👇
- DLL injection, persistence, and bypassing UAC w/Windows environment variables. Fun read w/some source code. breakingmalware.com/vulnerabilitie… #DFIR
- More attackers are using WMI EventConsumer's to execute PowerShell payloads that retrieve obfuscated payloads from Google Docs (google.com domain). Great example of how a firewall or DNS filter could allow hackers to slip by.
- defendnot disables Windows Defender by creating a fake AV product using undocumented WSC APIs—no reg tweaks, no policies. We break down how to detect it from a blue team perspective + share Sigma rules to catch it in action. huntress.com/blog/defendnot…
- We’ve created a tool to help you detect applications that are vulnerable to CVE-2021-44228. (h/t @calebjstewart, @jslagle & @_JohnHammond) This is intended for testing purposes only and should be used on systems you’re authorized to test. hubs.ly/Q010G3ZG0
- A threat actor compromised a healthcare company’s VPN appliance 👇 Once inside the network, they:
- Hacker tool automatically steals KeePass' credentials 4min after the software launches. Uses a permanent WMI event. kitploit.com/2016/10/powerl…
- A threat actor broke into a Wisconsin food factory’s network Our SOC saw every move they made 👇
- Our team is tracking a critical #ransomware incident affecting MSPs and their customers, which appears to be a #KaseyaVSA supply chain attack. Follow our latest updates and threat intel on Reddit: hubs.ly/H0Rx6-P0
