@HuntressLabs Huntress
Huntress posts on X about azure, microsoft, infrastructure, token the most. They currently have [------] followers and [---] posts still getting attention that total [---] engagements in the last [--] hours.
Engagements: [---] #
- [--] Week [------] +875%
- [--] Month [-------] +193%
- [--] Months [-------] +250%
- [--] Year [-------] -100%
Mentions: [--] #
- [--] Week [--] +17%
- [--] Month [--] +158%
- [--] Months [--] +113%
- [--] Year [--] +79%
Followers: [------] #
- [--] Week [------] +0.43%
- [--] Month [------] +0.81%
- [--] Months [------] +5.40%
- [--] Year [------] +12%
CreatorRank: [---------] #
Social Influence
Social category influence technology brands 12.17% finance 6.09% stocks 3.48% social networks 1.74% countries 0.87%
Social topic influence azure 6.09%, microsoft 4.35%, infrastructure 3.48%, token 2.61%, make a 2.61%, this is 1.74%, if you 1.74%, ceo 1.74%, how to 1.74%, insurance 1.74%
Top accounts mentioned or mentioned by @kylehanslovan @russianpanda9xx @johnhammond @huskyhacksmk @purp1ew0lf @halopsa @thehackersnews @123 @jonnyjohnson @totalcareit @jimbrowning11 @sudorem @antonlovesdnb @rapid7 @splunks @jfslowik @patrickwardle @stuartjash @trustvanta @maxrogers5
Top assets mentioned Microsoft Corp. (MSFT) CyberConnect (CYBER) BlackBerry Limited (BB) OpSec (OPSEC) Fortinet Inc (FTNT) DOSE (DOSE) FilesCoins Power Cu (FILECOIN)
Top Social Posts
Top posts by engagements in the last [--] hours
"If you run SolarWinds Web Help Desk stop scrolling. This is being actively exploited. The wildest part about it These cybercriminals stood up their own stack. @RussianPanda9xx breaks it down. This write-up is only part of what we uncovered: https://okt.to/0q29Hh https://okt.to/0q29Hh"
X Link 2026-02-11T01:42Z 38.4K followers, 14.2K engagements
"Meet Mohammad Red Bull Muzahir. He risked his life to expose how organized cybercriminal enterprises operate. And on February [--] hes sharing what he saw. This is the human cost of cybercrime as told by the man who survived it. Save your spot: https://okt.to/EubCNm https://okt.to/EubCNm"
X Link 2026-02-11T22:48Z 38.4K followers, [----] engagements
"Some logins show up where you'd least expect them. Heres what we saw at a healthcare facility. π§΅π"
X Link 2026-01-28T01:00Z 38.4K followers, [----] engagements
"This is a real conversation. In this industry we talk a lot about recovery." But for many small businesses there's no recovery if the doors don't reopen. Thats why we show up for 224K+ businesses. Build your defenses before the chat window opens: https://okt.to/2o9EaF https://okt.to/2o9EaF"
X Link 2026-01-28T16:20Z 38.4K followers, [----] engagements
"Ransomware tried a manufacturing facility. Windows Defender fired. Signals pointed to Akira. Correlation rules escalated the threat. The Huntress SOC isolated the network traced the intrusion and identified impacted accounts. π Thats 24/7 response"
X Link 2026-01-30T03:06Z 38.4K followers, [----] engagements
"Heading to #RightofBoom next week Don't miss Huntress CEO @KyleHanslovan on the main stage. π Thu Feb [--] 8:309:15 AM PT π Chairmans Ballroom Come for the unfiltered takes. Stay for the lessons thatll help you sleep at night"
X Link 2026-01-30T13:00Z 38.4K followers, [----] engagements
"Coming up on #TradecraftTuesday we're breaking down AppDomainManager Injection a technique cybercriminals are using to turn legit .NET binaries into "living-off-the-land" weapons. π Join us live next week to see exactly how it works: https://okt.to/rhWcDs https://okt.to/rhWcDs"
X Link 2026-02-04T00:56Z 38.4K followers, [----] engagements
"The Phantom File System Windows ProjFS lets you project files that dont exist on disk until theyre accessed. Think: virtual files hydrated on demand. @JonnyJohnson_ walks through how it works & how defenders can use it for stealthy canary file alerts. https://www.huntress.com/blog/windows-projected-file-system-mechanics https://www.huntress.com/blog/windows-projected-file-system-mechanics"
X Link 2026-02-05T17:00Z 38.4K followers, 11.5K engagements
"Live demos are a gamble. When CEO @KyleHanslovan hit a tech snag at #RightofBoom Charles from @totalcareit jumped in from the crowd to save the day. π Reminder: cybersecurity isnt a solo sport. It takes a village and sometimes the community saves our π too"
X Link 2026-02-05T17:56Z 38.4K followers, [----] engagements
"BYOB Nah BYOVD: Bring Your Own Vulnerable Driver Instead of dropping malware cybercriminals are abusing legit drivers to shut down security toolsfrom the inside. @RussianPanda9xx and @Purp1eW0lf share how to spot this technique in your environment: https://okt.to/RlTqiv https://okt.to/RlTqiv"
X Link 2026-02-05T22:05Z 38.4K followers, [----] engagements
"Huntress took Gold at the [----] #StevieAwards for Customer Service Department of the Year (Computer Software 100+ employees). π The judges described our submission as near-flawless. We call it doing the job the right way. Congrats to our support teams. π #StevieWinner2026"
X Link 2026-02-06T14:00Z 38.4K followers, [----] engagements
"defendnot disables Windows Defender by creating a fake AV product using undocumented WSC APIsno reg tweaks no policies. We break down how to detect it from a blue team perspective + share Sigma rules to catch it in action. https://www.huntress.com/blog/defendnot-detecting-malicious-security-product-bypass-techniquesutm_source=twitter&utm_medium=social https://www.huntress.com/blog/defendnot-detecting-malicious-security-product-bypass-techniquesutm_source=twitter&utm_medium=social"
X Link 2025-06-12T16:22Z 38.4K followers, 21.2K engagements
"Cybercrime is the worlds third-largest economy. That should piss you off. On March [--] join @_JohnHammond and special guest @JimBrowning11 for declassified intel on how this dark enterprise runs: Expose their system. Break their business. https://okt.to/uBQkpj https://okt.to/uBQkpj"
X Link 2026-02-09T13:00Z 38.4K followers, 38K engagements
"We investigated threat actors actively exploiting SolarWinds Web Help Desk (CVE-2025-26399).and the tradecraft is unhinged. π If you run SolarWinds WHD patch to [------]. Now. This write-up is only part of what we uncovered: More to come. π https://okt.to/9MzvtP https://okt.to/9MzvtP"
X Link 2026-02-08T22:42Z 38.4K followers, 10.6K engagements
"TL;DR π Cybercriminals turned employee monitoring software into a RAT paired it with SimpleHelp hunted crypto and tried to drop Crazy ransomware. The ethical badasses behind this write-up: @RussianPanda9xx @sudo_Rem @Purp1eW0lf + @Antonlovesdnb https://okt.to/JifKsu https://okt.to/JifKsu"
X Link 2026-02-13T06:37Z 38.4K followers, [----] engagements
"Walking your customers through an established framework will not only educate them on the #security risks but also show them the value of your services. Join us for this month's Fireside Chat to learn more:"
X Link 2023-10-12T19:12Z 29.6K followers, [----] engagements
"We are so stoked for Huntress and MDR for Microsoft [---] we added a bunch of new #M365 challenges to our #HuntressCTF #DFIR #CybersecurityAwarenessMonth"
X Link 2023-10-16T16:00Z 29.6K followers, [----] engagements
"The Blackcat ransomware group is at it again -- but this time in the sandbox of the #HuntressCTF Recover your files with today's latest challenge: #DFIR #CybersecurityAwarenessMonth"
X Link 2023-10-26T16:00Z 28.4K followers, 11.1K engagements
"On October [--] [----] a partner deployed @HuntressLabs agents after experiencing a HelloKitty #ransomware attack on October [--]. This ransomware attack followed closely with what was described by @rapid7 as exploitation of Apache ActiveMQ CVE-2023-46604"
X Link 2023-11-02T22:15Z 29.6K followers, 15.1K engagements
"On November [--] [----] SysAid published an advisory that their on-premise server software had a previously undisclosed vulnerability. @HuntressLabs team has recreated a proof-of-concept for the SysAid CVE-2023-47246 remote code execution and compromise"
X Link 2023-11-13T16:11Z 28.6K followers, [----] engagements
"Wanna see what #cybercriminals are up to in the SMB world Download @HuntressLabs SMB Threat Report to unlock the latest #hacker trends that are targeting SMBs"
X Link 2023-11-21T01:22Z 28.8K followers, [----] engagements
"Want to build a successful business Marcos Torres of @HuntressLabs stresses the need for plan A B and even plan D Learn why seeking partners and raising equity early on can make all the difference. #Startup #Investment"
X Link 2023-11-21T15:23Z 29.6K followers, [----] engagements
"Each JWT will have a corresponding scope and permission set. Some are useless to attackers but some are quite useful"
X Link 2023-11-29T19:46Z 28.9K followers, [---] engagements
"For example a token may be scoped to access the Graph API and read a user's emails. A simple GET request that uses the stolen JWT as the authorization header can dump the messages for that user's Outlook inbox"
X Link 2023-11-29T19:46Z 28.9K followers, [---] engagements
"Tune in to Episode [--] of @splunk's The Security Detail #podcast to hear @jfslowik from @HuntressLabs share insight on the #cybersecurity threats facing the energy sector"
X Link 2023-12-01T20:52Z 29K followers, [----] engagements
""Mac's don't get #malware" is a phrase from the past. Tune in as @patrickwardle gives us a deep dive into how #macOS malware has evolved over the years with increased sophistication and the number of new variants rising year over year"
X Link 2023-12-06T18:58Z 28.9K followers, [----] engagements
"The @HuntressLabs team has put together an analysis of the threat posed by CVE-2023-43117 in #CrushFTP as well as a broader exploration of the ongoing challenges in managing the security of #MFT applications. Learn more here"
X Link 2023-12-07T15:55Z 28.9K followers, [----] engagements
"Apple is keeping #TheMacGuy @stuartjash busy Apple has pushed an update to XProtect (v2176) and XProtectRemediator (v120). Updates to XProtect include expanding detections on: MACOS.SOMA.C: (Atomic) MacStealer aka AMOS"
X Link 2023-12-08T15:17Z 29K followers, [----] engagements
"Protect Your Endpoints Email and Employees. #cyberSecurity #MSP #infoSec"
X Link 2023-12-12T21:35Z 29.9K followers, 1.9M engagements
"Discover whats driving modern cybercriminals the evolving techniques they employ and the ever-changing landscape of #cyberThreats. #cyberSecurity #infoSec #SMBs"
X Link 2023-12-12T21:49Z 33.1K followers, 99.5M engagements
".@KyleHanslovan joins Front Lines #podcast Category Visionaries as they dig into Kyles background in offensive #cyber operations common misconceptions about government #intelligence work the importance of having one or two co-founders and more"
X Link 2023-12-15T18:01Z 29K followers, [---] engagements
"At Huntress we wake up every morning pour our caffeinated beverage of choice and ask the same question: How can we turn #cybercriminals into examples today Let's talk about some of the new tech weve implemented in our fight against #Microsoft365 initial access"
X Link 2024-01-03T19:14Z 34.8K followers, [----] engagements
"According to reports from our #SOC about 75% of observed account takeovers and originate from #VPNs and #proxies. But saying "VPN = bad" is out of the question. Most #hackers use VPNs. But not everyone who uses a VPN is a hacker. So how do we sort the evil from the benign"
X Link 2024-01-03T19:14Z 34.8K followers, [---] engagements
"#Azure/#M365 Shady Tradecraft Item of the Day: Persistence by Backdooring Service Principal Accountsπ§΅"
X Link 2024-01-08T18:00Z 29.6K followers, [----] engagements
"Assume that I shady hackerman evil dude have access to your #Azure tenant. I've dodged dipped ducked bobbed weaved and weaseled my way to Global Admin permissions. I own the place π€ Question: how do I stick around"
X Link 2024-01-08T18:00Z 29.6K followers, [--] engagements
"π‘Solution: backdoor a service principal account for persistence π€Service Principal accounts are the identity account given to applications services and other tools in #Azure. Simply put it's an account for an application"
X Link 2024-01-08T18:00Z [--] followers, [--] engagements
"Step [--] - make a new app (1 2) and add a secret to it (3 4)"
X Link 2024-01-08T18:00Z 29.6K followers, [--] engagements
"Step [--] - modify the app's permissions. If you're backdooring an existing app the permissions may already be good enough to wreak havoc. For this example we'll request powerful permissions for the Microsoft Graph API (pay attention to Application: User.ReadWrite.All)"
X Link 2024-01-08T18:00Z 29.6K followers, [--] engagements
"Step [--] - with a new application and enough permissions to cause mayhem we can use the Azure command line to gain a session as the serv principal identity. Notice that we only need a single factor to do this No #MFA for serv principal accounts remember"
X Link 2024-01-08T18:00Z 29.6K followers, [--] engagements
"Persistence achieved What next Step [--] - with our new session as this service principal account we make a request to the Graph API and retrieve a Graph access token for the account"
X Link 2024-01-08T18:00Z 29.6K followers, [--] engagements
"(Step [---] - reformat this Graph API token as a secure string and use the Graph module to connect to the Graph API as this service principal)"
X Link 2024-01-08T18:00Z 29.6K followers, [--] engagements
"Now that we're authenticated as this service principal we are now the application in the eyes of the Graph API We can check our context"
X Link 2024-01-08T18:00Z [--] followers, [--] engagements
"Looks good We have User.ReadWrite.All permissions in our current context. So let's make a new user for this tenant Note that we've already proven persistence at this point so this is just one example. If the app has permissions the sky is the limit"
X Link 2024-01-08T18:00Z [--] followers, [--] engagements
"Recap: - We created a new app within the tenant - We outfitted the app with powerful permissions - We added a new password to the app - We authenticated to Azure as this application using the new password that we set"
X Link 2024-01-08T18:00Z [--] followers, [--] engagements
"In the #cyber battleground of [----] you need more than just defenseyou need strategic offense. Join us as we survey the #SMB threat landscape and the opportunities it creates for service providers to grow with @HaloPSA_"
X Link 2024-01-24T19:40Z 29.6K followers, [---] engagements
"In todays evolving #threat landscape compliance is only the first stepresilience is the ultimate goal. Thats why @TrustVanta and @HuntressLabs have teamed up to equip you with the knowledge and tools needed to achieve true #cybersecurity resilience"
X Link 2024-01-29T16:05Z 29.6K followers, [---] engagements
"Dive into the minds of threat actors with @HuntressLabs @MaxRogers5 in the latest #TradecraftTuesday episode as he dissects the advantages and drawbacks of a C2 framework versus #RMM software"
X Link 2024-02-05T15:48Z 29.7K followers, [----] engagements
"Our very own Jordan Redd has been named one of @CRN's Channel Chiefs for [----] π Congratulations on this well-deserved recognition Jordan We're so proud to recognize your dedication hard work and amazing #leadership. #CRNChannelChief"
X Link 2024-02-06T19:21Z 29.8K followers, [---] engagements
"Join @HuntressLabs for an AMA-style discussion on #ScreenConnect's recent critical vulnerabilities featuring @KyleHanslovan @_JohnHammond and @HuskyHacksMK with guests @wes_spencer and Jason Slagle"
X Link 2024-02-21T20:27Z 30.7K followers, [----] engagements
"Adversaries have been VERY busy exploiting the #SlashAndGrab ScreenConnect vulnerabilities (CVE-2024-1709 & CVE-2024-1708). Heres just a small taste of some of the tradecraft weve seen so far. For more juicy details check out our blog"
X Link 2024-02-24T16:55Z 31.2K followers, [----] engagements
"Hackers have targeted water systems across the U.S. prompting The White House to warn governors to ensure they conduct comprehensive #cybersecurity assessments. Roger Koehler CISO at @HuntressLabs joined @CBSNews Detroit to speak on the attacks"
X Link 2024-03-22T02:54Z 31.3K followers, [----] engagements
"Our friends from @FifthWall_Cyber will join us for this month's Community Fireside Chat for an interactive session where you can seek expert advice on specific #cyber insurance challenges your organization may be facing. https://bit.ly/3Jf2fM1 https://bit.ly/3Jf2fM1"
X Link 2024-04-09T19:55Z 31.5K followers, [----] engagements
"This is incorrect as the sample #BlackBerry analyzed will only run on Intel #macOS devices or Apple Silicon devices with Rosetta [--] enabled"
X Link 2024-05-01T18:06Z 31.7K followers, [--] engagements
"Its also important to note that while we were able to find the Android version of this #malware on the same C2 as the #macOS version it doesn't appear the iOS version is also present"
X Link 2024-05-01T18:06Z 31.7K followers, [---] engagements
".@_JohnHammond live and in action as he digs into the underground #cyber market specifically talking bargains & bandits on the #darkweb. Only a few opportunities left to hear from @HuntressLabs experts during our theater sessions at booth S-1843 #RSAC24 https://bit.ly/3wgAcc3 https://bit.ly/3wgAcc3"
X Link 2024-05-08T21:06Z 31.8K followers, [----] engagements
"By examining the VirusTotal relations dashboard for this domain we identified an HTML payload file (sha265: 18470571777CA2628747C4F39C8DA39CA81D1686820B3927160560455A603E49) that contacted several domains upon detonation including rnsnno.szyby.pro"
X Link 2024-05-23T15:48Z 32K followers, [---] engagements
"This HTML #payload uses HTML smuggling to render an iframe of the Outlook login portal as shown in the original message of this thread π"
X Link 2024-05-23T15:48Z 32K followers, [---] engagements
"The @HuntressLabs research team was able to extract the requested infrastructure domains and coerce one of the domains to render an arbitrary user by injecting the user's email into the qrc= parameter of the URL strongly indicating that this is a transparent proxy"
X Link 2024-05-23T15:48Z 32K followers, [--] engagements
"π£Because the login portal is decorated with the actual CSS and company branding of a targeted company our hypothesis is that this is not a simple site clone. Instead we hypothesize that this infrastructure is presenting an iframe that transparently #proxies login requests"
X Link 2024-05-23T15:48Z 32K followers, [--] engagements
"Therefore the entire attack chain looks like this: βThe attacker phishes the victim with an #HTML file payload π€The victim opens it on their own host π΅The HTML smuggling payload renders #JavaScript into the client browser which fetches and embeds an iframe"
X Link 2024-05-23T15:48Z 32K followers, [--] engagements
"β‘ It's a @HuntressLabs takeover Our CEO @KyleHanslovan headed over to @NYSE this morning to tape a special segment of Taking Stock with @trinitychavez where they talked all about how Huntress is staying one step ahead of bad actors. Stay tuned for the full episode"
X Link 2024-05-29T19:46Z 32.1K followers, [----] engagements
"Truman Kain Sr. Product Researcher at @HuntressLabs shows how quickly #AI allows an adversary to clone a voice for a #vishing attack in the newest #TradecraftTuesday. https://bit.ly/45Hs9m2 https://bit.ly/45Hs9m2"
X Link 2024-06-28T20:19Z 33.8K followers, [----] engagements
"Want to take a peek into #macOS APT spyware @birchb0y broke down the #LightSpy malware and took a look at some hilarious OPSEC fails at #BHUSA"
X Link 2024-08-08T18:46Z 34.1K followers, [----] engagements
"Account compromises are rising and defending your organization is crucial. Join us for a webinar as we debut Huntress MDR for Microsoft 365s newest capability thats purpose-built to shut down session hijacking and credential theft: Unwanted Access. https://bit.ly/4dlTH3j https://bit.ly/4dlTH3j"
X Link 2024-08-20T18:22Z 34.1K followers, [---] engagements
"We are thrilled that @HuntressLabs Co-founder @chrisbisnett was asked to speak at the upcoming @ClickHouseDB NY meetup We are going to be delving into: -#SIEM -Real-time analytics -Reporting threats as they occur. You dont want to miss it https://www.meetup.com/clickhouse-new-york-user-group/events/302575342/ https://www.meetup.com/clickhouse-new-york-user-group/events/302575342/"
X Link 2024-09-06T21:03Z 34.1K followers, [----] engagements
"We knew session hijacking & credential theft were big issues but its surprising just how common they are. So if youre looking to foil #hackers favorite unwanted access tactics see how our MDR for Microsoft [---] can help block hackers favorite ways: https://www.huntress.com/platform/managed-detection-and-response-for-microsoft365utm_campaign=CY24-Q3-Unwanted+Access&utm_source=twitter&utm_medium=social&utm_content=derivative"
X Link 2024-09-12T22:00Z 34.1K followers, [---] engagements
"On September [--] @HuntressLabs discovered an emerging threat involving FOUNDATION Accounting Software commonly used by contractors in the construction industry"
X Link 2024-09-17T13:09Z 34.1K followers, [----] engagements
"Attackers have been observed brute-forcing the software at scale and gaining access simply by using the products default credentials. We're seeing active intrusions among plumbing HVAC concrete and similar sub-industries. Here is what we know so far: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software"
X Link 2024-09-17T13:09Z 34.1K followers, [----] engagements
"Haunted by howling false alerts and creeped out by the ghosts of queries past Join us on Tuesday October [--] for a special episode of #TradecraftTuesday. Register now for Spooky Stories from the SOC: Cringe-worthy #Cybersecurity Moments. https://bit.ly/3TIr2O1 https://bit.ly/3TIr2O1"
X Link 2024-09-24T21:08Z 34.1K followers, [---] engagements
"And dont forget to share your own cringe-worthy story for the chance to be featured. https://docs.google.com/forms/d/17DqgnQUuWsUMX_3epKLGH6uZtX0R7036h8kQF41YZCk/viewformedit_requested=true&pli=1 https://docs.google.com/forms/d/17DqgnQUuWsUMX_3epKLGH6uZtX0R7036h8kQF41YZCk/viewformedit_requested=true&pli=1"
X Link 2024-09-24T21:08Z 34.1K followers, [---] engagements
"Are you ready for something truly terrifying In this months #TradecraftTuesday were sharing YOUR spooky stories from the SOC. Pull up a tree stump & gather round the virtual fire as we laugh wince and share tales of terror. https://bit.ly/4gBPfiW https://bit.ly/4gBPfiW"
X Link 2024-10-01T21:28Z 34.1K followers, [----] engagements
"Huntress ConTalk π¨ Not all apps play nice. Discover how attackers leverage Azure applications to persist and bypass MFA. @huskyhacksMK and @CyberCorg break down the threats and show you how to hunt them down. Register now: @bsidesnyc https://bsidesnyc.org/ https://bsidesnyc.org/"
X Link 2024-10-04T19:00Z 34.1K followers, [---] engagements
"Ten-hut Welcome to the Go Dojo Go #malware is on the rise so we've devised a set of Go reverse engineering challenges for you to solve. First up is GoCrackMe1 an easy Go RE challenge. Go get 'em https://huntress.ctf.games https://huntress.ctf.games"
X Link 2024-10-09T19:00Z 34.1K followers, [----] engagements
"@vRobSmith @halopsa @McLarenF1 What was the coolest car you saw Or should we say "the most cherry ride""
X Link 2024-10-11T21:02Z 34K followers, [--] engagements
"yawn why am I so eeeeeeeeepy Don't sleep on the next @HuntressLabs #CTF challenge "eepy" as you dig into some #malware analysis to uncover the next flag. https://huntress.ctf.games/ https://huntress.ctf.games/"
X Link 2024-10-18T19:00Z 37K followers, [----] engagements
"Congratulations to the #CVE Program on its 25th anniversary Dig through their comprehensive anniversary report for an insightful journey through #vulnerability identification and management. Thanks for letting us be a part of your mission CVE Program Celebrates [--] Years of Impact in Cybersecurity Read the CVE Program [--] Years Anniversary Report on https://t.co/QDKWGwDWam #CVE #Vulnerability #VulnerabilityManagement #InformationSecurity #Cybersecurity @CVEnew https://t.co/6PVy4VRfqo https://t.co/3L0PO1QMWq CVE Program Celebrates [--] Years of Impact in Cybersecurity Read the CVE Program [--] Years"
X Link 2024-10-28T18:25Z 37K followers, [----] engagements
"π¨ We are [--] hour away from @_JohnHammond @HuskyHacksMK and Adam Rice going live for the Finale of the @HuntressLabs #CTF giving a behind-the-scenes look at how the challenges came together. YouTube: LinkedIn: https://bit.ly/4fxpzmo https://www.youtube.com/live/qDYfyjv45Ogsi=_vuOR7wPBeZ5p-eh https://bit.ly/4fxpzmo https://www.youtube.com/live/qDYfyjv45Ogsi=_vuOR7wPBeZ5p-eh"
X Link 2024-11-04T16:10Z 34.1K followers, [---] engagements
"π The threat actor exploited a vulnerable Fortigate VPN edge device π Obtained credentials to a generic boardroom account π» Authenticated into the Windows [--] Pro host named DESKTOP-redacted"
X Link 2024-11-08T21:15Z 34.2K followers, [----] engagements
"Excited to see where experimental features like these go as we continue to integrate our products more closely. [--] + [--] = [--] baby"
X Link 2024-11-08T21:15Z 34.2K followers, [---] engagements
"π§΅Don't sleep on the importance of a security-aware user Here is a hands-on threat actor who's root entry into the Manufacturer's network was a commodity malware - Gootloader"
X Link 2024-11-09T23:10Z 34.1K followers, [----] engagements
"A sobering dose of Dark Web π Over the weekend a threat actor was selling access to a German IT company with over [--] million dollars in revenue-- but only a $800 price tagπ΅π« They offer access via Fortinet likely from any number of the recent CVEs"
X Link 2024-11-27T15:43Z 34K followers, [---] engagements
"How easy is it for threat actors to grab your sensitive data π This dose of dark web shows a threat actor posting new logs and records from infostealer #malware -- publishing sensitive data either in their Telegram channels or on temporary file hosting websites"
X Link 2024-12-09T17:14Z 34.1K followers, [----] engagements
"Stealer logs like these make cybercrime too easy -- they include: β
Leaked usernames β
Passwords β
Website session cookies β
Access tokens β
Browser auto-fill data like credit cards addresses and so much more"
X Link 2024-12-09T17:14Z 34.1K followers, [---] engagements
"They enable identity attacks and account takeover (ATO) threats. π‘ Knowing how easy this data is to access can help organizations focus on building IR plans and defense in depth. πͺ"
X Link 2024-12-09T17:14Z 34K followers, [---] engagements
"Threat Advisory: Huntress identified an emerging threat involving Cleos LexiCom VLTransfer and Harmony software. We strongly recommend you move any internet-exposed Cleo systems behind a firewall until a new patch is released. https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wildutm_source=twitter&utm_medium=social https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wildutm_source=twitter&utm_medium=social"
X Link 2024-12-10T03:19Z 36.9K followers, 10.3K engagements
"Looking into Azure identity attacks a few things stood outπ β‘10% of tenants had rogue appsmore common than you'd think β‘Some identities were tied to multiple malicious apps hiding in plain sight π β‘Tracking permissions & persistence A needle-in-a-haystack challengeπ"
X Link 2024-12-18T20:18Z 34.1K followers, [---] engagements
"A commercial real estate company was compromised via an #RMM tool π’ The threat actor used their initial access to drop ANOTHER remote access tool π€―"
X Link 2025-01-17T15:52Z 34.2K followers, [----] engagements
"π In late [----] we spotted some suspicious activity across multiple Canadian organizations pointing to #RedCurl an APT group with a history of cyber espionage. π΅β This wasnt newRedCurls been active since at least November 2023:"
X Link 2025-01-21T15:44Z 34.2K followers, [----] engagements
"π» They dont encrypt systems steal money or demand ransoms. Instead they hide for months quietly stealing emails corporate docs and confidential files. π΄ They target industries like wholesale retail finance tourism insurance construction and consulting"
X Link 2025-01-21T15:44Z 34.2K followers, [---] engagements
"Another day another supply chain attack: found vulnerabilities in #SimpleHelp a popular Remote Support Software. http://Horizon3.ai http://Horizon3.ai"
X Link 2025-01-24T17:46Z 34.2K followers, [----] engagements
"Heres an example of VPN compromise π β
Its a super common technique we see all the time β
Effects businesses of every size β
Usually caused by a simple configuration mistake like an account without MFA enabled Yet it can often lead to network-wide compromise π"
X Link 2025-03-10T18:43Z 34.6K followers, [----] engagements
"CVE-2025-31161 is the latest example of a critical severity authentication bypass vulnerability in CrushFTP a growing trend were seeing from attackers targeting managed file transfer (MFT) platforms"
X Link 2025-04-04T21:54Z 34.6K followers, [----] engagements
"Huntress researchers recently analyzed attacks involving CVE-2025-31161 a critical authentication bypass flaw in CrushFTP. π‘ We observed specific post-exploitation activity used by threat actors leveraging the flaw in the wild"
X Link 2025-04-07T18:11Z 34.6K followers, [----] engagements
"β
cmd.exe /c "C:windowstempmsiinstall.exe --install "C:windowstempAnydesk" --silent" β
cmd.exe /c "echo licence_key123 "C:windowstempAnydeskAnyDesk.exe" --register-licence" β
cmd.exe /c "echo Anydesk@123 "C:windowstempAnydeskAnyDesk.exe" --set-password""
X Link 2025-04-07T18:11Z 34.6K followers, [---] engagements
"π©Ή CVE-2025-31161 is fixed in CrushFTP versions 11.3.1+ and 10.8.4+ β‘ We recommend organizations patch immediately. Read more about the CrushFTP CVE-2025-31161 Auth Bypass and Post-Exploitation π https://bit.ly/4jk4VYO https://bit.ly/4jk4VYO"
X Link 2025-04-07T18:11Z 34.6K followers, [---] engagements
"Threat actors are craftythis trick helps them stay persistent while evading detection. π‘ Key Recommendations: β‘ Monitor EDR for tools like net.exe and WMI β‘ Watch Event Logs (look for Event ID [----] with Guest mentioned) β‘ Hunt for active Guest accounts in your environment"
X Link 2025-04-08T17:19Z 34.7K followers, [---] engagements
"π¨If a Gladinet CentreStack server is exposed to the Internet with these hardcoded keys it is in immediate danger and needs to be patched or have the machineKey values changed ASAP"
X Link 2025-04-14T00:53Z 34.7K followers, [----] engagements
"Our new blog details in-the-wild exploitation and post-exploitation activity observed for CVE-2025-30406. This critical vulnerability impacts both Gladinet CentreStack and Triofoxorgs running vulnerable versions should patch ASAP: https://bit.ly/3E9knIl https://bit.ly/3E9knIl"
X Link 2025-04-14T16:00Z 34.7K followers, [----] engagements
"Huntress continues to observe in-the-wild exploitation of CVE-2025-30406 a critical vulnerability in Gladinet CentreStack and Triofox"
X Link 2025-04-22T02:45Z 34.8K followers, [----] engagements
"β
PSExec tweaked registry & firewall settings for RDP access β
Mimikatz.exe hid in C:PerfLogs dumping credentials β
Legit tools (TNIWINAGEN) were abused to scan the network then a malicious Atera agent was deployed β
A scheduled task ("MSTR tsk") beaconed to a malicious IP"
X Link 2025-05-19T16:14Z 35.8K followers, [----] engagements
"Europol & Microsoft just disrupted Lumma Stealer π 2300+ malicious domains seized π Command & control infrastructure taken down πΈ Marketplaces disrupted Lumma was our 2nd most-seen stealer last year. Disruptions help but the threats not gone. @LindseyOD123"
X Link 2025-05-22T20:40Z 35.2K followers, [----] engagements
"A four-minute race against time. Heres what happened π A threat actor brute-forced into an exposed RDP server quickly launching into reconnaissance with nltest.exe. Within moments they dropped a Cobalt Strike beacon using Rundll32 to call back to a suspicious domain"
X Link 2025-06-16T14:10Z 35.4K followers, [----] engagements
"@shotgunner101 Totally fair point love this breakdown. Theres definitely still a role for traditional AV in catching those non-binary threats that can sneak past NGAV/EDR. Layered defense for the win"
X Link 2025-06-18T15:05Z 35.4K followers, [--] engagements
"Super proud to represent our Canadian partners customers & teammates this weekend w/the addition of Scott Hargrove to our roster Tune in to 6hrs of high-stakes endurance racing on & Peacock on Sunday Jun [--] @ 12pm ET πΊ https://hubs.ly/Q03sMWbH0 http://IMSA.TV https://hubs.ly/Q03sMWbH0 http://IMSA.TV"
X Link 2025-06-18T19:45Z 35.7K followers, [----] engagements
"They even delayed execution until the screen went dark to avoid detection. If the user display is asleep execute now. If not queue for later. πΊ system_profiler SPDisplaysDataType used as a sleep detector"
X Link 2025-06-20T17:16Z 35.7K followers, [---] engagements
"IOCs worth watching π Domains: - support.us05web-zoom.biz - productnews.online - metamask.awaitingfor.site - firstfromsep.online Binaries: -zoom_sdk_support.scpt - remoted - keyboardd Full list: Scroll to the bottom https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysisutm_source=twitter&utm_medium=social&utm_campaign=cy25-06-rr-edr-global-broad-all-rapid_response_bluenoroff&utm_content=06202025-thread"
X Link 2025-06-20T17:16Z 35.7K followers, [---] engagements
"π₯ Deepfakes. Credential dumps. Multiple ransomware variants. Just dropped a new In the Wild newsletter featuring the latest from our Adversary Tactics Team. Heres what were seeing across the Huntress platformand what defenders need to know https://www.linkedin.com/pulse/wild-latest-signals-from-real-life-threat-actors-huntress-labs-xlafc https://www.linkedin.com/pulse/wild-latest-signals-from-real-life-threat-actors-huntress-labs-xlafc"
X Link 2025-06-26T22:17Z 35.8K followers, [----] engagements
"β
Malicious inbox rules: Hackers use these to hide warning emails or automatically forward sensitive information to themselves. β
Logins from unauthorized VPNs: Users logging in through unknown VPNs Thats an indicator someone might be bypassing your usual network controls"
X Link 2025-06-30T15:21Z 35.8K followers, [----] engagements
"β
Users authenticating from malicious infrastructure: If an IP ties to known attacker hubs we flag and shut down that activity fast. Hackers relentlessly target identities to launch BEC attacks. With Managed ITDR our SOC keeps SMBs safe and losses out of your bank accounts"
X Link 2025-06-30T15:21Z 35.8K followers, [---] engagements
"β‘ The flaw centers around the ability for an adversary to craft a specific input in Lua and can lead to root/SYSTEM-level RCE if exploited. β‘ We first observed exploitation of a customer on July 1"
X Link 2025-07-10T15:29Z 36K followers, [----] engagements
"π¨ Two hours 'til Product Lab LIVE π¨ Chris. Kyle. All 500+ Huntress employees from Summer Summit. You & other VIPs. Were talking spicy AI opinions roadmap reveals product sneak peeks and a live Q&A with the builders. Join in the fun: https://www.huntress.com/product-lab-channelutm_campaign=cy25-07-camp-multi-global-broad-all-x-programmatic-product_lab&utm_source=twitter&utm_medium=social&utm_content=071525-image https://www.huntress.com/product-lab-channelutm_campaign=cy25-07-camp-multi-global-broad-all-x-programmatic-product_lab&utm_source=twitter&utm_medium=social&utm_content=071525-image"
X Link 2025-07-23T13:25Z 36.1K followers, [----] engagements
"Were celebrating [--] years the only way we know how: Oversharing on Reddit. Join the Huntress founders for a Reddit AMA on Aug [--]. Bring your questions were an open book. https://okt.to/20Si7v https://okt.to/20Si7v"
X Link 2025-08-21T18:15Z 36.4K followers, [----] engagements
"Stoked to be hanging w/our investors at @HighlandCapital for @CyberSecFactory this summer"
X Link 2017-06-12T14:30Z 34.1K followers, [--] engagements
"FileTour adware installs a Scheduled Task to launch an obfuscated batch script every 3hrs. This persistent #foothold abuses a renamed Bitsadmin EXE to fetch remote .ZIP archives and install additional #malware. https://www.bleepingcomputer.com/news/security/adware-bundle-adds-persistence-to-download-more-malware-at-later-time/ https://www.bleepingcomputer.com/news/security/adware-bundle-adds-persistence-to-download-more-malware-at-later-time/"
X Link 2018-01-08T14:45Z 34.1K followers, [--] engagements
"Bundled calculator app (PUP) performs anti-sandbox/debugger checks then drops/installs a randomly named kernel mode #foothold. Driver is digitally signed features download/execute self-protection functionality. C2 configs are hidden within GIFs on blogs. https://blog.talosintelligence.com/2018/04/cryptomining-campaign-returns-coal-not-diamond.html https://blog.talosintelligence.com/2018/04/cryptomining-campaign-returns-coal-not-diamond.html"
X Link 2018-05-02T18:04Z 34.1K followers, [--] engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing