# ![@HuntressLabs Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::3330464153.png) @HuntressLabs Huntress

Huntress posts on X about microsoft, azure, if you, ai the most. They currently have [------] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours.

### Engagements: [-----] [#](/creator/twitter::3330464153/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::3330464153/c:line/m:interactions.svg)

- [--] Week [------] +2,256%
- [--] Month [------] +96%
- [--] Months [-------] +166%
- [--] Year [-------] -100%

### Mentions: [--] [#](/creator/twitter::3330464153/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::3330464153/c:line/m:posts_active.svg)

- [--] Months [--] -50%
- [--] Year [--] -12%

### Followers: [------] [#](/creator/twitter::3330464153/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::3330464153/c:line/m:followers.svg)

- [--] Week [------] +0.40%
- [--] Month [------] +0.84%
- [--] Months [------] +5.40%
- [--] Year [------] +12%

### CreatorRank: [-------] [#](/creator/twitter::3330464153/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::3330464153/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  [finance](/list/finance)  [stocks](/list/stocks)  [social networks](/list/social-networks)  [countries](/list/countries)  [cryptocurrencies](/list/cryptocurrencies)  [nba](/list/nba)  [exchanges](/list/exchanges)  [travel destinations](/list/travel-destinations) 

**Social topic influence**
[microsoft](/topic/microsoft), [azure](/topic/azure), [if you](/topic/if-you), [ai](/topic/ai), [infrastructure](/topic/infrastructure), [crypto](/topic/crypto), [ip](/topic/ip), [environment](/topic/environment), [ceo](/topic/ceo), [software](/topic/software)

**Top accounts mentioned or mentioned by**
[@russianpanda9xx](/creator/undefined) [@johnhammond](/creator/undefined) [@kylehanslovan](/creator/undefined) [@purp1ew0lf](/creator/undefined) [@huskyhacksmk](/creator/undefined) [@stuartjash](/creator/undefined) [@cyberraiju](/creator/undefined) [@jimbrowning11](/creator/undefined) [@sudorem](/creator/undefined) [@antonlovesdnb](/creator/undefined) [@blackhatevents](/creator/undefined) [@fifthwallcyber](/creator/undefined) [@gleeda](/creator/undefined) [@halopsa](/creator/undefined) [@thehackersnews](/creator/undefined) [@123](/creator/undefined) [@home](/creator/undefined) [@theitnation](/creator/undefined) [@deloitte](/creator/undefined) [@trumankain](/creator/undefined)

**Top assets mentioned**
[Microsoft Corp. (MSFT)](/topic/microsoft) [YETI Holdings, Inc. Common Stock (YETI)](/topic/$yeti) [CyberConnect (CYBER)](/topic/cyber) [BlackBerry Limited (BB)](/topic/blackberry) [OpSec (OPSEC)](/topic/opsec) [Fortinet Inc (FTNT)](/topic/fortinet) [DOSE (DOSE)](/topic/dose) [Crown (CRW)](/topic/crown) [FilesCoins Power Cu (FILECOIN)](/topic/files)
### Top Social Posts
Top posts by engagements in the last [--] hours

"BOINC is a software platform for volunteer computing facilitating connection to a remote server that can collect information and send tasks to the host for execution. The intended use is contributing to legitimate science projects through donated computer resources"  
[X Link](https://x.com/HuntressLabs/status/1819425791530168794)  2024-08-02T17:31Z 37.6K followers, [--] engagements


"Typical use of BOINC includes selecting legit projects from official servers (like Rosetta@home) & receiving & completing these tasks along w/ the GridCoin rewards (offered only for completing legit official tasks for real BOINC projects according to an admin post on forums)"  
[X Link](https://x.com/HuntressLabs/status/1819425793560207408)  2024-08-02T17:31Z 37.6K followers, [--] engagements


"If you administer at least one Microsoft [---] tenant you might find some surprising results if you audit your #OAuth applications 👀 Statistically speaking theres a good chance your tenant is infected with a rogue app that could be malicious 😱"  
[X Link](https://x.com/HuntressLabs/status/1889704973941793109)  2025-02-12T15:55Z 34.4K followers, [----] engagements


"Our SOC was alerted to a user account running the popular hacking tool #Mimikatzbut we quickly noticed signs of an even bigger intrusion 👇 ✅ Authentication patterns consistent with VPN compromise"  
[X Link](https://x.com/HuntressLabs/status/1892993019298693270)  2025-02-21T17:41Z 34.5K followers, 13.7K engagements


"✅ Additional compromised accounts and lateral movement via RDP within the network ✅ Multiple privileged users in the environment were sharing the same password We got to work with the partner to reduce recovery time and stop the threat actor in their environment 💪"  
[X Link](https://x.com/HuntressLabs/status/1892993020888334520)  2025-02-21T17:41Z 34.5K followers, [----] engagements


"defendnot disables Windows Defender by creating a fake AV product using undocumented WSC APIsno reg tweaks no policies. We break down how to detect it from a blue team perspective + share Sigma rules to catch it in action. https://www.huntress.com/blog/defendnot-detecting-malicious-security-product-bypass-techniquesutm_source=twitter&utm_medium=social https://www.huntress.com/blog/defendnot-detecting-malicious-security-product-bypass-techniquesutm_source=twitter&utm_medium=social"  
[X Link](https://x.com/HuntressLabs/status/1933198344177778875)  2025-06-12T16:22Z 38.1K followers, 21.2K engagements


"🚨 Weve observed in-the-wild exploitation of a flaw (CVE-2025-11371) in Gladinet CentreStack and Triofox. Get the details here: https://okt.to/lmEuSZ https://okt.to/lmEuSZ"  
[X Link](https://x.com/HuntressLabs/status/1976395755536420944)  2025-10-09T21:14Z 37.2K followers, 17K engagements


"Hackers tried pulling some dark Magick.exe. 🪄 Too bad for them we dont scare easily. It started when our SOC spotted a renamed SimpleHelp executable quietly firing on a host"  
[X Link](https://x.com/HuntressLabs/status/1977736179811332387)  2025-10-13T14:00Z 37.2K followers, [----] engagements


"What does "ransomware deployment" actually mean Search engines love tidy summaries but most explainers stop at initial access. 🧵"  
[X Link](https://x.com/HuntressLabs/status/1980388828150985150)  2025-10-20T21:41Z 37.3K followers, [----] engagements


"⚠ Threat actors exploiting a recent Microsoft WSUS vulnerability (CVE-2025-59287) - Microsoft released an out-of-band update for the flaw on 10/24 ✅ Apply the update as soon as possible IOCs examples of adversary tradecraft and remediations: https://okt.to/0eJ3zw https://okt.to/0eJ3zw"  
[X Link](https://x.com/HuntressLabs/status/1981781758640099672)  2025-10-24T17:56Z 37.4K followers, 14.5K engagements


"A haunted house but its just: RDP ports wide open Well enable MFAeventually A FortiGate login from Uzbekistan at [--] AM Passwords stored in a spreadsheet called credentials-final-final.xlsx Terrifying. 👻"  
[X Link](https://x.com/HuntressLabs/status/1984236452784325008)  2025-10-31T12:30Z 37.4K followers, [----] engagements


"Tonight's @TheITNation Connect Global giveaway A Yeti Cooler. 🧊 👉 Book a Huntress demo. 👉 Get scanned at Booth [---]. 👉 Cross your fingers for the 8:30 PM reveal. Two more drops coming this week.👀 #ITN25"  
[X Link](https://x.com/HuntressLabs/status/1986183267528114393)  2025-11-05T21:26Z 37.5K followers, [----] engagements


"No Steph no Draymond vs the Kings tonight. Looks like the Warriors but something is not quite right👀 Kinda like this billboard in downtown SF. #ShadyHacks #DubNation"  
[X Link](https://x.com/HuntressLabs/status/1986278005493407795)  2025-11-06T03:42Z 37.5K followers, [----] engagements


"When hackers play checkers @RussianPanda9xx plays chess. ♟ She studies their every move emulates their malware and turns their own tactics against them. Because the best cybersecurity defense isnt defense at all. Its offense"  
[X Link](https://x.com/HuntressLabs/status/1988366237001257283)  2025-11-11T22:00Z 37.5K followers, 27.8K engagements


"A hacker popped an exposed RDP server and went to work enumerating AD and lining up a credential grab. Then came ruadmin.exe ➡ password spray ➡ go-time. But the instant that binary hit the disk Huntress EDR alerted our SOC who shut the operation down mid-swing"  
[X Link](https://x.com/HuntressLabs/status/1991202330717442481)  2025-11-19T17:50Z 37.6K followers, [----] engagements


"They exploited WSUS installed Velociraptor for C2 and slipped in base64-encoded PowerShell for discovery. Legit tools shady hacks. We're seeing an uptick in threat actors abusing Velociraptor in ways that would make Muldoon say "Clever girl." 🦖: https://okt.to/hlCE74 https://okt.to/hlCE74"  
[X Link](https://x.com/HuntressLabs/status/1991560726909989278)  2025-11-20T17:34Z 37.6K followers, 18.2K engagements


"We made the [----] @Deloitte Technology #Fast500 Huge thanks to our partners and customers: youre the reason we get to do this work at full throttle. And a special shoutout to the hackers. Without you who would we have to wreck 😇 Cruise the list: https://okt.to/O8WdNj https://okt.to/O8WdNj"  
[X Link](https://x.com/HuntressLabs/status/1992956482648687006)  2025-11-24T14:00Z 37.6K followers, [----] engagements


"SIEM threat hunting stopped an intrusion just seven days after enablement. Here's how: A Texas-based manufacturer enabled Huntress SIEM on October 21st. 🤠 One week later SIEM earned its keep when a threat actor decided to take a swing:"  
[X Link](https://x.com/HuntressLabs/status/1993318790314983795)  2025-11-25T14:00Z 37.6K followers, [----] engagements


"ClickFix just got a shady upgrade. Our analysts uncovered a campaign hiding infostealers inside PNG pixel data delivered through fake CAPTCHA and Windows Update screens. 👀 Get the full breakdown so you can shut it down: https://okt.to/jkr2JW https://okt.to/jkr2JW"  
[X Link](https://x.com/HuntressLabs/status/1993818603469119999)  2025-11-26T23:06Z 37.7K followers, [----] engagements


"Did you peep the Easter egg we dropped in Aprils Product Lab 👀 Nothing like a good hint at Inside Agent months before we *officially* announced the acquisition in November. 👋 In tomorrows session were coming full circle. You don't want to miss it: https://okt.to/wB0rYm https://okt.to/wB0rYm"  
[X Link](https://x.com/HuntressLabs/status/1996392810946220211)  2025-12-04T01:35Z 37.7K followers, [----] engagements


"Velociraptor abuse is officially becoming Muldoons clever girllevel clever. 🦖 Beyond last weeks case we uncovered three more intrusions where hackers used the same legit DFIR tool for C2. If Part I was the jump scare Part II is the plot twist: https://okt.to/bCrKGW https://okt.to/bCrKGW"  
[X Link](https://x.com/HuntressLabs/status/1996665081749242079)  2025-12-04T19:37Z 37.7K followers, [----] engagements


"Identity threats arent slowing down. But your risk doesnt have to scale with them. @trumankain shares how to stop these #ShadyHacks from snowballing into compliance chaos.👇"  
[X Link](https://x.com/HuntressLabs/status/1998060219553735130)  2025-12-08T16:00Z 37.7K followers, [----] engagements


"React2Shell is being exploited in the wild. Newsworthy post-exploit activity: We observed four Linux threats deployed post-exploitation: PeerBlight CowTunnel ZinFoq and a Kaiji botnet variant. Each one is built for persistence control or disruption. https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shellutm_source=linkedin&utm_medium=social&utm_campaign=cy25-12-rr-edr-global-broad-all-peerblight&hnt=exmzdvhbokhr"  
[X Link](https://x.com/HuntressLabs/status/1998524237502623824)  2025-12-09T22:44Z 37.7K followers, [----] engagements


"A single hypervisor breach can put hundreds of virtual machines at risk. Weve seen Akira and others shift to ESXi/Hyper-V for mass impact. ✅ They use legit tools (like openssl) ✅ Bypass EDR ✅ Encrypt VMDKs directly 📃 @RussianPanda9xx @Purp1eW0lf https://www.huntress.com/blog/hypervisor-defenses-against-ransomware-targeting-esxiutm_source=linkedin&utm_medium=social&utm_campaign=cy25-12-camp-edr-global-broad-iis-hypervisor&hnt=p4suin0shwly"  
[X Link](https://x.com/HuntressLabs/status/1998890311154807211)  2025-12-10T22:59Z 37.8K followers, 25K engagements


"Search: clear disk space on macOS Click: legit ChatGPT convo Paste: safe Terminal command Boom: AMOS infostealer installed @stuartjash & @JSemonSecurity break down how Attackers are hijacking ChatGPT + Grok to deliver malware. https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trustutm_source=twitter&utm_medium=social&utm_campaign=cy25-12-camp-multi-global-broad-all-aeo_poison&hnt=ii6tpzfbfhzv https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trustutm_source=twitter&utm_medium=social&utm_campaign=cy25-12-camp-multi-global-broad-all-aeo_poison&hnt=ii6tpzfbfhzv"  
[X Link](https://x.com/HuntressLabs/status/1999262830793752972)  2025-12-11T23:39Z 37.9K followers, 10.9K engagements


"Writing LDAP detections off docs can burn you. Andrew Schwartz shows why: what attackers send isnt what Domain Controllers log. The OID-to-bitwise shift happens in logsand missing it means dead rules. Detect from log reality not theory. https://okt.to/yQEkWH https://okt.to/yQEkWH"  
[X Link](https://x.com/HuntressLabs/status/2001066574820651410)  2025-12-16T23:07Z 37.9K followers, 12.5K engagements


"I shipped detection rules with confidence. Then a 2am Slack message: We saw Impacket activity but your rules didnt fire. Thats when I learned: understanding tradecraft production detection"  
[X Link](https://x.com/HuntressLabs/status/2006100317814071584)  2025-12-30T20:29Z 38K followers, [----] engagements


"One last shady hack before years end: PeerBlight Join @hrbrmstr from @GreyNoiseIO + our analysts @RussianPanda9xx Michael Tigges & Craig Sweeney to break it all down: 🧠 RCE mechanics 📷 BitTorrent-based C2 🔍 Detection tips 📺 https://www.huntress.com/upcoming-webinars/tradecraft-tuesday-jan-2026utm_source=twitter&utm_medium=social&utm_campaign=cy26-q1-0113-web-brand-na-broad-all-x-programmatic-tradecraft&hnt=x62ng2jijcd1&utm_content=Image"  
[X Link](https://x.com/HuntressLabs/status/2006483014369554448)  2025-12-31T21:50Z 38K followers, 12.9K engagements


"ESXi intrusion was stopped but the lesson is uncomfortable: Initial access via VPN VM isolation failed Hypervisor C2 hid in VSOCK Network tools saw nothing Patch ESXi. Lock down VPNs. Monitor the host itself. @RussianPanda9xx @nosecurething http://huntress.com/blog/esxi-vm-escape-exploit http://huntress.com/blog/esxi-vm-escape-exploit"  
[X Link](https://x.com/HuntressLabs/status/2009063809282118014)  2026-01-08T00:45Z 38K followers, [----] engagements


"Cybercrime. Its a dark enterprise. While youre focusing on new markets and AI workflows so are the bad guys. 👀 A $10T industry with R&D channel partners and even customer support. Call it #CybercrimeInc. Call it #HiddenCompetition. Either way it's time to call it out"  
[X Link](https://x.com/HuntressLabs/status/2009280513400332659)  2026-01-08T15:06Z 38.1K followers, [----] engagements


"DPRK. Crypto theft. Deepfakes. Not a Hollywood plotline. Its a well-funded operation. TA444 (aka BlueNoroff) didnt spray phishing emails and hope. 👇"  
[X Link](https://x.com/HuntressLabs/status/2009363510988325333)  2026-01-08T20:36Z 38K followers, [----] engagements


"They built: - Convincing social engineering workflows - A fake Zoom plugin to establish trust - Deepfake executives to close the deal - macOS-native malware with advanced process injection"  
[X Link](https://x.com/HuntressLabs/status/2009363528805765246)  2026-01-08T20:36Z 38K followers, [---] engagements


"Cybercriminals arent just innovating theyre investing Testing techniques refining delivery and scaling what works. Heres the full breakdown of how this operation worked and how Huntress EDR caught it in the wild 👉 https://okt.to/qAxhXr https://okt.to/qAxhXr"  
[X Link](https://x.com/HuntressLabs/status/2009363550171525499)  2026-01-08T20:36Z 38K followers, [---] engagements


"Cybercriminals are innovating. This time: virtual machines. Our team stopped an intrusion where attackers escaped a guest VM and took control of the ESXi hypervisor without triggering network alerts or endpoint defenses.🚩 Get the https://okt.to/fDNe3v https://okt.to/fDNe3v"  
[X Link](https://x.com/HuntressLabs/status/2011357131761479897)  2026-01-14T08:38Z 38.1K followers, 16.7K engagements


"Attackers dont need zero-days to scale. They just need one human-managed setting that slipped through the cracks. This time: exposed VNC. 🧵👇"  
[X Link](https://x.com/HuntressLabs/status/2011423116585542064)  2026-01-14T13:00Z 38.1K followers, [----] engagements


"The playbook: - Drop C:UsersredactedMusicsetup.msi to install Atera and Splashtop - Let Splashtop beacon out to a malicious public IP - Use that trusted remote access to move credential-dumping tools around the network"  
[X Link](https://x.com/HuntressLabs/status/2011423135510217005)  2026-01-14T13:00Z 38.1K followers, [---] engagements


"@RussianPanda9xx On rizz:"  
[X Link](https://x.com/HuntressLabs/status/2012197936566821234)  2026-01-16T16:19Z 38.1K followers, [---] engagements


"Fake browser crash fake extension real RAT. KongTuke's CrashFix tricks users into installing a malicious Chrome extension. Domain-joined victims hit with ModeloRATa Python backdoor with persistence and C2. @RussianPanda9xx @wbmmfq @Curity4201 - https://okt.to/lXj0zP https://okt.to/lXj0zP"  
[X Link](https://x.com/HuntressLabs/status/2012316957832290802)  2026-01-17T00:12Z 38.2K followers, [----] engagements


"Everyone needs another highly scripted product demo in their life said no one. Ever. That's why Product Lab is unfiltered and allergic to buzzwords. Join our cofounders this week for hot takes real product intel and a spicy Q&A. 🌶 Save your seat: https://okt.to/ZwQ9zA https://okt.to/ZwQ9zA"  
[X Link](https://x.com/HuntressLabs/status/2013644462996537639)  2026-01-20T16:07Z 38.1K followers, [----] engagements


"We uncovered a KongTuke campaign using a malicious browser extension a ClickFix variant we're dubbing CrashFix and a previously undocumented Python RAT. Get the full technical breakdown IOCs and defensive guidance here: https://okt.to/391MeN https://okt.to/391MeN"  
[X Link](https://x.com/HuntressLabs/status/2014404496764346780)  2026-01-22T18:27Z 38.2K followers, [----] engagements


"Huntress SIEM and EDR delivered a one-two punch to this cybercriminal. Here's what happened. 🧵👇"  
[X Link](https://x.com/HuntressLabs/status/2014841836011954434)  2026-01-23T23:25Z 38.2K followers, [----] engagements


"- SIEM detected a threat actor as they authenticated to the environment using a sus workstation - EDR detected the enumeration activity that followed soon after - Our 24/7 SOC moved fast isolating the network and evicting the adversary"  
[X Link](https://x.com/HuntressLabs/status/2014841849052053633)  2026-01-23T23:25Z 38.2K followers, [----] engagements


"This wasnt slick tradecraft. It was outsourced thinking. AI isnt turning cybercriminals into masterminds. Its lowering the bar and compressing time helping average operators move faster reuse playbooks and see what sticks"  
[X Link](https://x.com/anyuser/status/2015832184255377683)  2026-01-26T17:00Z 38.4K followers, [----] engagements


"Despite the AI assist the ending was predictable: - Credential dumping attempts and noisy execution triggered high-signal detections. - Huntress EDR contained the session and evicted the attacker before escalation"  
[X Link](https://x.com/anyuser/status/2015832189812830688)  2026-01-26T17:00Z 38.4K followers, [---] engagements


"@CRN @AWNetworks @beyondidentity @Cybersixgill @Fortinet @island_io @PaloAltoNtwks @SentinelOne @SophosXOps @TenableSecurity 🔥🌶🔥"  
[X Link](https://x.com/HuntressLabs/status/1611411448399556610)  2023-01-06T17:16Z 38.2K followers, [---] engagements


"This is what a low-skill high-speed intrusion looks like in the wild: [--]. Access gained [--]. Immediate pivot to credential access with shallow Windows knowledge [--]. PowerShell history showed AI-generated copy-paste scripts [--]. Trial-and-error execution"  
[X Link](https://x.com/anyuser/status/2015832173664780447)  2026-01-26T17:00Z 38.4K followers, [----] engagements


"Legit construction software quietly exposed backend MSSQL. Attackers took advantage via blind SQL injection (CVE-2025-51683). No malware required. Just xp_cmdshell and permissions doing their job. Inventory your dependencies not just your apps. https://okt.to/uWZKQT https://okt.to/uWZKQT"  
[X Link](https://x.com/HuntressLabs/status/2015077195840999542)  2026-01-24T15:00Z 38.2K followers, 12K engagements


"We've observed in-the-wild exploitation of a privileged account takeover vulnerability (CVE-2026-23760) in SmarterTools SmarterMail application resulting in remote code execution. If you're running SmarterMail update to at least Build [----] @CyberRaiju https://okt.to/kAuwt5 https://okt.to/kAuwt5"  
[X Link](https://x.com/anyuser/status/2015590584598077689)  2026-01-26T01:00Z 38.4K followers, 12.6K engagements


"Ransomware tried a manufacturing facility. Windows Defender fired. Signals pointed to Akira. Correlation rules escalated the threat. The Huntress SOC isolated the network traced the intrusion and identified impacted accounts. 👆 Thats 24/7 response"  
[X Link](https://x.com/anyuser/status/2017071792267907361)  2026-01-30T03:06Z 38.4K followers, [----] engagements


"Heading to #RightofBoom next week Don't miss Huntress CEO @KyleHanslovan on the main stage. 🗓 Thu Feb [--] 8:309:15 AM PT 📍 Chairmans Ballroom Come for the unfiltered takes. Stay for the lessons thatll help you sleep at night"  
[X Link](https://x.com/anyuser/status/2017221407881507063)  2026-01-30T13:00Z 38.4K followers, [----] engagements


"Cybercrime is the worlds third-largest economy. That should piss you off. On March [--] join @_JohnHammond and special guest @JimBrowning11 for declassified intel on how this dark enterprise runs: Expose their system. Break their business. https://okt.to/uBQkpj https://okt.to/uBQkpj"  
[X Link](https://x.com/HuntressLabs/status/2020845162751021392)  2026-02-09T13:00Z 38.4K followers, 37.8K engagements


"The Windows Registry is useful.for threat actors An EDR alert for a Midwest construction company notified the SOC that a threat actor had manipulated the Windows Registry - a repository of settings for a Windows computer. On further inspection the adversary:"  
[X Link](https://x.com/HuntressLabs/status/1868723082753720580)  2024-12-16T18:21Z 38.3K followers, 21.5K engagements


"If you run SolarWinds Web Help Desk stop scrolling. This is being actively exploited. The wildest part about it These cybercriminals stood up their own stack. @RussianPanda9xx breaks it down. This write-up is only part of what we uncovered: https://okt.to/0q29Hh https://okt.to/0q29Hh"  
[X Link](https://x.com/anyuser/status/2021399327478837645)  2026-02-11T01:42Z 38.4K followers, 14K engagements


"We investigated threat actors actively exploiting SolarWinds Web Help Desk (CVE-2025-26399).and the tradecraft is unhinged. 🔎 If you run SolarWinds WHD patch to [------]. Now. This write-up is only part of what we uncovered: More to come. 👀 https://okt.to/9MzvtP https://okt.to/9MzvtP"  
[X Link](https://x.com/anyuser/status/2020629224760004761)  2026-02-08T22:42Z 38.4K followers, 10.5K engagements


"TL;DR 📌 Cybercriminals turned employee monitoring software into a RAT paired it with SimpleHelp hunted crypto and tried to drop Crazy ransomware. The ethical badasses behind this write-up: @RussianPanda9xx @sudo_Rem @Purp1eW0lf + @Antonlovesdnb https://okt.to/JifKsu https://okt.to/JifKsu"  
[X Link](https://x.com/anyuser/status/2022198314607780289)  2026-02-13T06:37Z 38.4K followers, [----] engagements


"Hey #ConnectIT22 dont forget to swing by our booth in the back to grab some cool swag and hear how were investing $5M into the MSP community #backcornerparty"  
[X Link](https://x.com/HuntressLabs/status/1539624269231144960)  2022-06-22T15:00Z 34.1K followers, [--] engagements


"Were thrilled to announce a $60M in Series C funding Led by @SapphireVC with participation from existing investors @forgepointcap and JMI Equity Huntress will use this additional capital to fuel enhancements to the Huntress Managed Security Platform. https://hubs.ly/Q01Q0vXM0 https://hubs.ly/Q01Q0vXM0"  
[X Link](https://x.com/HuntressLabs/status/1658464910580367361)  2023-05-16T13:30Z 33.3K followers, 10.5K engagements


".@Nasdaq congratulated Huntress on our recent Series C funding--with recognition in Times Square This round will enable us to fuel enhancements to the Huntress Managed Security Platform to meet the evolving and complex needs of our partners. http://hubs.ly/Q01Q1L4d0 http://hubs.ly/Q01Q1L4d0"  
[X Link](https://x.com/HuntressLabs/status/1658835302243352583)  2023-05-17T14:02Z 33.7K followers, 13.3K engagements


"We are thrilled to announce a major step forward in accomplishing our mission to help protect small and mid-sized businesses by securing $60M in Series C funding Hear more from our CFO Marcos Torres on this next step forward: https://hubs.ly/Q01Q5Lnf0 https://hubs.ly/Q01Q5Lnf0"  
[X Link](https://x.com/HuntressLabs/status/1659212252606771208)  2023-05-18T15:00Z 33.7K followers, [----] engagements


"Join us for this month's episode of #TradecraftTuesday as @_JohnHammond and Caleb Stewart cover the #MOVEit Transfer Exploitation and pull back the curtain on our investigative analysis reverse engineering and exploit development to detonate ransomware https://hubs.ly/Q01StxpT0 https://hubs.ly/Q01StxpT0"  
[X Link](https://x.com/HuntressLabs/status/1666079986707759104)  2023-06-06T13:49Z 34.6K followers, [----] engagements


"You won't want to miss this month's #TradecraftTuesday presentation as @_JohnHammond and Caleb Stewart dig deep into the #MOVEit Transfer Exploitation and pull back the curtain on our investigative analysis https://hubs.ly/Q01Sx_sS0 https://hubs.ly/Q01Sx_sS0"  
[X Link](https://x.com/HuntressLabs/status/1668256847617302529)  2023-06-12T14:00Z 34.6K followers, [----] engagements


"We discovered [--] business email compromises of Office [---] accounts within [--] hours Check out this blog post to learn what data we are looking at and how we detected these attacks"  
[X Link](https://x.com/HuntressLabs/status/1674156968137859072)  2023-06-28T20:45Z 28.5K followers, 62.5M engagements


"We discovered [--] business email compromises of Office [---] accounts within [--] hours BEC attacks are on the rise and SMB is a target. Check out this blog post to learn what data we are looking at and how we detected these attacks"  
[X Link](https://x.com/HuntressLabs/status/1674183394425446402)  2023-06-28T22:30Z 28.5K followers, 52.2M engagements


"Join @Purp1eW0lf and Harlan Carvey for this month's episode of #TradecraftTuesday where they'll explain what attack surface reductions are and how they can significantly inhibit a wide range of attacks against your endpoints"  
[X Link](https://x.com/HuntressLabs/status/1678449006165336083)  2023-07-10T17:29Z 29.6K followers, [----] engagements


"Our very own @Tracie_Orisko has been named one of CRN's Inclusive Channel Leaders for [----] 🎉 Congratulations on this well-deserved recognition Tracie We're so proud to recognize your dedication hard work and amazing leadership. #CRNInclusiveLeaders"  
[X Link](https://x.com/HuntressLabs/status/1679133960368975881)  2023-07-12T14:29Z 29.6K followers, [---] engagements


"What a group getting to learn from @vishUwell at @BlackHatEvents for an Arsenal session sharing all about #Vovk a #Debugging module for Advanced Dynamic Yara Rule Generation. What has been your favorite session so far at Black Hat #blackhat2023 #BHUSA"  
[X Link](https://x.com/HuntressLabs/status/1689371644114894848)  2023-08-09T20:22Z 29.6K followers, [----] engagements


"Celebrity sighting We loved to see such a great turn out for the Huntress Meet and Greet with @_JohnHammond today at our booth @BlackHatEvents. Who have you gotten to meet at Black Hat so far #BlackHat2023 #BHUSA"  
[X Link](https://x.com/HuntressLabs/status/1689411276479352832)  2023-08-09T23:00Z 29.6K followers, 29.9K engagements


"Weve partnered with the experts at @FifthWall_Cyber for this months @HuntressLabs Community Fireside Chat on August [--] at [--] pm ET as we answer your burning questions about carrier requirements #cyber controls and more. Register here:"  
[X Link](https://x.com/HuntressLabs/status/1689676869421998082)  2023-08-10T16:35Z 29.6K followers, [---] engagements


"Tactical malware #analysis involves analyzing a system to discover malware using built-in system tools and capabilities. Learning what to look for and determining unusual behavior takes repetition a keen eye and an appropriate toolset"  
[X Link](https://x.com/HuntressLabs/status/1696590365753499690)  2023-08-29T18:27Z 34.1K followers, [--] engagements


"Keep *OS and Applications Up to Date It is very common for users not to update their operating system. Apple continually pushes updates whether #security updates or general updates to their #endpoints designed to provide further protection to end users"  
[X Link](https://x.com/HuntressLabs/status/1699471639891611762)  2023-09-06T17:16Z 29.6K followers, [--] engagements


"Raise your hand if you hate #MultiFactorAuthentication. @KyleHanslovan sits down with @CNBCMakeIt to share why people's most hated piece of advice is the single biggest protection from #scams and what the data has to say about it"  
[X Link](https://x.com/HuntressLabs/status/1700209649687937340)  2023-09-08T18:09Z 29.6K followers, [----] engagements


"On September [--] [----] MGM Resorts and gambling operations in Las Vegas faced widespread disruption and loss of IT functionality. Getting tangled up in a web spun by the elusive "#ScatteredSpider" we're unraveling the IT intrigue. #DFIR"  
[X Link](https://x.com/HuntressLabs/status/1702417438212567434)  2023-09-14T20:22Z 29.6K followers, [----] engagements


"Recently we held our first ANZ-focused fireside chat with innovative #MSP operators in the industry from @ALLITAustralia and DJC Systems where the conversation shed light on the #challenges and opportunities for MSPs in Australia and New Zealand"  
[X Link](https://x.com/HuntressLabs/status/1704601398644441528)  2023-09-20T21:00Z 29.6K followers, [--] engagements


"We're exploring the ongoing battle between human intelligence and #artificialintelligence emphasizing why human-powered #cybersecurity like @HuntressLabs remains indispensable in the fight against evolving #cyberthreats"  
[X Link](https://x.com/HuntressLabs/status/1707473253906665516)  2023-09-28T19:12Z 28.9K followers, [---] engagements


"The @HuntressLabs team is currently investigating CVE-2023-4863 a heap buffer overflow in the WebP image encoding/decoding (codec) library (libwebp)"  
[X Link](https://x.com/HuntressLabs/status/1707492369665290496)  2023-09-28T20:27Z 34.1K followers, [----] engagements


"We are kicking off the @HuntressLabs CTF for the whole month of October to celebrate #CybersecurityAwarenessMonth Try your hand at some malware analysis with our first "Zerion" challenge #DFIR #cybersecurity"  
[X Link](https://x.com/HuntressLabs/status/1708877194896748915)  2023-10-02T16:10Z 29.6K followers, [----] engagements


"You won't want to miss this month's #TradecraftTuesday presentation as @gleeda shows how to use Memory Forensics to Bring Your Investigations Back from the Dead #DFIR #cybersecurity"  
[X Link](https://x.com/HuntressLabs/status/1709227332018323648)  2023-10-03T15:22Z 29.6K followers, [---] engagements


"Perhaps you've used Splunk for good but have you ever seen #threat actors use it for evil Examine a "Backdoored Splunk" instance with our Huntress Labs #CTF and track down the flag #DFIR #CybersecurityAwarenessMonth #HuntressCTF"  
[X Link](https://x.com/HuntressLabs/status/1710686501074264505)  2023-10-07T16:00Z 29K followers, [----] engagements


"Walking your customers through an established framework will not only educate them on the #security risks but also show them the value of your services. Join us for this month's Fireside Chat to learn more:"  
[X Link](https://x.com/HuntressLabs/status/1712546773472858280)  2023-10-12T19:12Z 29.6K followers, [----] engagements


"We are so stoked for Huntress and MDR for Microsoft [---] we added a bunch of new #M365 challenges to our #HuntressCTF #DFIR #CybersecurityAwarenessMonth"  
[X Link](https://x.com/HuntressLabs/status/1713948087473910249)  2023-10-16T16:00Z 29.6K followers, [----] engagements


"The Blackcat ransomware group is at it again -- but this time in the sandbox of the #HuntressCTF Recover your files with today's latest challenge: #DFIR #CybersecurityAwarenessMonth"  
[X Link](https://x.com/HuntressLabs/status/1717571958974411157)  2023-10-26T16:00Z 28.4K followers, 11.1K engagements


"On October [--] [----] a partner deployed @HuntressLabs agents after experiencing a HelloKitty #ransomware attack on October [--]. This ransomware attack followed closely with what was described by @rapid7 as exploitation of Apache ActiveMQ CVE-2023-46604"  
[X Link](https://x.com/HuntressLabs/status/1720202888285237717)  2023-11-02T22:15Z 29.6K followers, 15.1K engagements


"On November [--] [----] SysAid published an advisory that their on-premise server software had a previously undisclosed vulnerability. @HuntressLabs team has recreated a proof-of-concept for the SysAid CVE-2023-47246 remote code execution and compromise"  
[X Link](https://x.com/HuntressLabs/status/1724097574183813448)  2023-11-13T16:11Z 28.6K followers, [----] engagements


"Wanna see what #cybercriminals are up to in the SMB world Download @HuntressLabs SMB Threat Report to unlock the latest #hacker trends that are targeting SMBs"  
[X Link](https://x.com/HuntressLabs/status/1726772940824350872)  2023-11-21T01:22Z 28.8K followers, [----] engagements


"Want to build a successful business Marcos Torres of @HuntressLabs stresses the need for plan A B and even plan D Learn why seeking partners and raising equity early on can make all the difference. #Startup #Investment"  
[X Link](https://x.com/HuntressLabs/status/1726984588000436264)  2023-11-21T15:23Z 29.6K followers, [----] engagements


"Each JWT will have a corresponding scope and permission set. Some are useless to attackers but some are quite useful"  
[X Link](https://x.com/HuntressLabs/status/1729950094789636390)  2023-11-29T19:46Z 28.9K followers, [---] engagements


"For example a token may be scoped to access the Graph API and read a user's emails. A simple GET request that uses the stolen JWT as the authorization header can dump the messages for that user's Outlook inbox"  
[X Link](https://x.com/HuntressLabs/status/1729950095876018481)  2023-11-29T19:46Z 28.9K followers, [---] engagements


"Tune in to Episode [--] of @splunk's The Security Detail #podcast to hear @jfslowik from @HuntressLabs share insight on the #cybersecurity threats facing the energy sector"  
[X Link](https://x.com/HuntressLabs/status/1730691239828132171)  2023-12-01T20:52Z 29K followers, [----] engagements


""Mac's don't get #malware" is a phrase from the past. Tune in as @patrickwardle gives us a deep dive into how #macOS malware has evolved over the years with increased sophistication and the number of new variants rising year over year"  
[X Link](https://x.com/HuntressLabs/status/1732474578822111710)  2023-12-06T18:58Z 28.9K followers, [----] engagements


"The @HuntressLabs team has put together an analysis of the threat posed by CVE-2023-43117 in #CrushFTP as well as a broader exploration of the ongoing challenges in managing the security of #MFT applications. Learn more here"  
[X Link](https://x.com/HuntressLabs/status/1732790866505314381)  2023-12-07T15:55Z 28.9K followers, [----] engagements


"Apple is keeping #TheMacGuy @stuartjash busy Apple has pushed an update to XProtect (v2176) and XProtectRemediator (v120). Updates to XProtect include expanding detections on: MACOS.SOMA.C: (Atomic) MacStealer aka AMOS"  
[X Link](https://x.com/HuntressLabs/status/1733143748270272771)  2023-12-08T15:17Z 29K followers, [----] engagements


"Protect Your Endpoints Email and Employees. #cyberSecurity #MSP #infoSec"  
[X Link](https://x.com/HuntressLabs/status/1734688447649267823)  2023-12-12T21:35Z 29.9K followers, 1.9M engagements


"Discover whats driving modern cybercriminals the evolving techniques they employ and the ever-changing landscape of #cyberThreats. #cyberSecurity #infoSec #SMBs"  
[X Link](https://x.com/HuntressLabs/status/1734691847962849469)  2023-12-12T21:49Z 33.1K followers, 99.5M engagements


".@KyleHanslovan joins Front Lines #podcast Category Visionaries as they dig into Kyles background in offensive #cyber operations common misconceptions about government #intelligence work the importance of having one or two co-founders and more"  
[X Link](https://x.com/HuntressLabs/status/1735721834161619070)  2023-12-15T18:01Z 29K followers, [---] engagements


"At Huntress we wake up every morning pour our caffeinated beverage of choice and ask the same question: How can we turn #cybercriminals into examples today Let's talk about some of the new tech weve implemented in our fight against #Microsoft365 initial access"  
[X Link](https://x.com/HuntressLabs/status/1742625429494624268)  2024-01-03T19:14Z 34.8K followers, [----] engagements


"According to reports from our #SOC about 75% of observed account takeovers and originate from #VPNs and #proxies. But saying "VPN = bad" is out of the question. Most #hackers use VPNs. But not everyone who uses a VPN is a hacker. So how do we sort the evil from the benign"  
[X Link](https://x.com/HuntressLabs/status/1742625430530564566)  2024-01-03T19:14Z 34.8K followers, [---] engagements


"#Azure/#M365 Shady Tradecraft Item of the Day: Persistence by Backdooring Service Principal Accounts🧵"  
[X Link](https://x.com/HuntressLabs/status/1744418745521525162)  2024-01-08T18:00Z 29.6K followers, [----] engagements


"Assume that I shady hackerman evil dude have access to your #Azure tenant. I've dodged dipped ducked bobbed weaved and weaseled my way to Global Admin permissions. I own the place 🤔 Question: how do I stick around"  
[X Link](https://x.com/HuntressLabs/status/1744418746490392606)  2024-01-08T18:00Z 29.6K followers, [--] engagements


"💡Solution: backdoor a service principal account for persistence 🤖Service Principal accounts are the identity account given to applications services and other tools in #Azure. Simply put it's an account for an application"  
[X Link](https://x.com/anyuser/status/1744418747497001094)  2024-01-08T18:00Z [--] followers, [--] engagements


"Step [--] - make a new app (1 2) and add a secret to it (3 4)"  
[X Link](https://x.com/HuntressLabs/status/1744418749824872938)  2024-01-08T18:00Z 29.6K followers, [--] engagements


"Step [--] - modify the app's permissions. If you're backdooring an existing app the permissions may already be good enough to wreak havoc. For this example we'll request powerful permissions for the Microsoft Graph API (pay attention to Application: User.ReadWrite.All)"  
[X Link](https://x.com/HuntressLabs/status/1744418751313842231)  2024-01-08T18:00Z 29.6K followers, [--] engagements


"Step [--] - with a new application and enough permissions to cause mayhem we can use the Azure command line to gain a session as the serv principal identity. Notice that we only need a single factor to do this No #MFA for serv principal accounts remember"  
[X Link](https://x.com/HuntressLabs/status/1744418752819568977)  2024-01-08T18:00Z 29.6K followers, [--] engagements


"Persistence achieved What next Step [--] - with our new session as this service principal account we make a request to the Graph API and retrieve a Graph access token for the account"  
[X Link](https://x.com/HuntressLabs/status/1744418754455384356)  2024-01-08T18:00Z 29.6K followers, [--] engagements


"(Step [---] - reformat this Graph API token as a secure string and use the Graph module to connect to the Graph API as this service principal)"  
[X Link](https://x.com/HuntressLabs/status/1744418756221136973)  2024-01-08T18:00Z 29.6K followers, [--] engagements


"Now that we're authenticated as this service principal we are now the application in the eyes of the Graph API We can check our context"  
[X Link](https://x.com/anyuser/status/1744418757798240516)  2024-01-08T18:00Z [--] followers, [--] engagements


"Looks good We have User.ReadWrite.All permissions in our current context. So let's make a new user for this tenant Note that we've already proven persistence at this point so this is just one example. If the app has permissions the sky is the limit"  
[X Link](https://x.com/anyuser/status/1744418759509455002)  2024-01-08T18:00Z [--] followers, [--] engagements


"Recap: - We created a new app within the tenant - We outfitted the app with powerful permissions - We added a new password to the app - We authenticated to Azure as this application using the new password that we set"  
[X Link](https://x.com/anyuser/status/1744418761082376519)  2024-01-08T18:00Z [--] followers, [--] engagements


"In the #cyber battleground of [----] you need more than just defenseyou need strategic offense. Join us as we survey the #SMB threat landscape and the opportunities it creates for service providers to grow with @HaloPSA_"  
[X Link](https://x.com/HuntressLabs/status/1750242088711528793)  2024-01-24T19:40Z 29.6K followers, [---] engagements


"In todays evolving #threat landscape compliance is only the first stepresilience is the ultimate goal. Thats why @TrustVanta and @HuntressLabs have teamed up to equip you with the knowledge and tools needed to achieve true #cybersecurity resilience"  
[X Link](https://x.com/HuntressLabs/status/1751999948671840676)  2024-01-29T16:05Z 29.6K followers, [---] engagements


"Dive into the minds of threat actors with @HuntressLabs @MaxRogers5 in the latest #TradecraftTuesday episode as he dissects the advantages and drawbacks of a C2 framework versus #RMM software"  
[X Link](https://x.com/HuntressLabs/status/1754532348861813075)  2024-02-05T15:48Z 29.7K followers, [----] engagements


"Our very own Jordan Redd has been named one of @CRN's Channel Chiefs for [----] 🎉 Congratulations on this well-deserved recognition Jordan We're so proud to recognize your dedication hard work and amazing #leadership. #CRNChannelChief"  
[X Link](https://x.com/HuntressLabs/status/1754948350401483126)  2024-02-06T19:21Z 29.8K followers, [---] engagements


"Join @HuntressLabs for an AMA-style discussion on #ScreenConnect's recent critical vulnerabilities featuring @KyleHanslovan @_JohnHammond and @HuskyHacksMK with guests @wes_spencer and Jason Slagle"  
[X Link](https://x.com/HuntressLabs/status/1760400882133242087)  2024-02-21T20:27Z 30.7K followers, [----] engagements


"Adversaries have been VERY busy exploiting the #SlashAndGrab ScreenConnect vulnerabilities (CVE-2024-1709 & CVE-2024-1708). Heres just a small taste of some of the tradecraft weve seen so far. For more juicy details check out our blog"  
[X Link](https://x.com/HuntressLabs/status/1761434569822060890)  2024-02-24T16:55Z 31.2K followers, [----] engagements


"Hackers have targeted water systems across the U.S. prompting The White House to warn governors to ensure they conduct comprehensive #cybersecurity assessments. Roger Koehler CISO at @HuntressLabs joined @CBSNews Detroit to speak on the attacks"  
[X Link](https://x.com/HuntressLabs/status/1771007390973894928)  2024-03-22T02:54Z 31.3K followers, [----] engagements


"Our friends from @FifthWall_Cyber will join us for this month's Community Fireside Chat for an interactive session where you can seek expert advice on specific #cyber insurance challenges your organization may be facing. https://bit.ly/3Jf2fM1 https://bit.ly/3Jf2fM1"  
[X Link](https://x.com/HuntressLabs/status/1777787341303685242)  2024-04-09T19:55Z 31.5K followers, [----] engagements


"This is incorrect as the sample #BlackBerry analyzed will only run on Intel #macOS devices or Apple Silicon devices with Rosetta [--] enabled"  
[X Link](https://x.com/HuntressLabs/status/1785732596686590367)  2024-05-01T18:06Z 31.7K followers, [--] engagements


"Its also important to note that while we were able to find the Android version of this #malware on the same C2 as the #macOS version it doesn't appear the iOS version is also present"  
[X Link](https://x.com/HuntressLabs/status/1785732597768667301)  2024-05-01T18:06Z 31.7K followers, [---] engagements


".@_JohnHammond live and in action as he digs into the underground #cyber market specifically talking bargains & bandits on the #darkweb. Only a few opportunities left to hear from @HuntressLabs experts during our theater sessions at booth S-1843 #RSAC24 https://bit.ly/3wgAcc3 https://bit.ly/3wgAcc3"  
[X Link](https://x.com/HuntressLabs/status/1788314559016534499)  2024-05-08T21:06Z 31.8K followers, [----] engagements


"By examining the VirusTotal relations dashboard for this domain we identified an HTML payload file (sha265: 18470571777CA2628747C4F39C8DA39CA81D1686820B3927160560455A603E49) that contacted several domains upon detonation including rnsnno.szyby.pro"  
[X Link](https://x.com/HuntressLabs/status/1793670331300749370)  2024-05-23T15:48Z 32K followers, [---] engagements


"This HTML #payload uses HTML smuggling to render an iframe of the Outlook login portal as shown in the original message of this thread 👆"  
[X Link](https://x.com/HuntressLabs/status/1793670332865491262)  2024-05-23T15:48Z 32K followers, [---] engagements


"The @HuntressLabs research team was able to extract the requested infrastructure domains and coerce one of the domains to render an arbitrary user by injecting the user's email into the qrc= parameter of the URL strongly indicating that this is a transparent proxy"  
[X Link](https://x.com/HuntressLabs/status/1793670334992040221)  2024-05-23T15:48Z 32K followers, [--] engagements


"🎣Because the login portal is decorated with the actual CSS and company branding of a targeted company our hypothesis is that this is not a simple site clone. Instead we hypothesize that this infrastructure is presenting an iframe that transparently #proxies login requests"  
[X Link](https://x.com/HuntressLabs/status/1793670339165294917)  2024-05-23T15:48Z 32K followers, [--] engagements


"Therefore the entire attack chain looks like this: ✉The attacker phishes the victim with an #HTML file payload 🤔The victim opens it on their own host 🕵The HTML smuggling payload renders #JavaScript into the client browser which fetches and embeds an iframe"  
[X Link](https://x.com/HuntressLabs/status/1793670340847235420)  2024-05-23T15:48Z 32K followers, [--] engagements


"⚡ It's a @HuntressLabs takeover Our CEO @KyleHanslovan headed over to @NYSE this morning to tape a special segment of Taking Stock with @trinitychavez where they talked all about how Huntress is staying one step ahead of bad actors. Stay tuned for the full episode"  
[X Link](https://x.com/HuntressLabs/status/1795904508553241023)  2024-05-29T19:46Z 32.1K followers, [----] engagements


"Truman Kain Sr. Product Researcher at @HuntressLabs shows how quickly #AI allows an adversary to clone a voice for a #vishing attack in the newest #TradecraftTuesday. https://bit.ly/45Hs9m2 https://bit.ly/45Hs9m2"  
[X Link](https://x.com/HuntressLabs/status/1806784431006298562)  2024-06-28T20:19Z 33.8K followers, [----] engagements


"Want to take a peek into #macOS APT spyware @birchb0y broke down the #LightSpy malware and took a look at some hilarious OPSEC fails at #BHUSA"  
[X Link](https://x.com/HuntressLabs/status/1821618934505992302)  2024-08-08T18:46Z 34.1K followers, [----] engagements


"Account compromises are rising and defending your organization is crucial. Join us for a webinar as we debut Huntress MDR for Microsoft 365s newest capability thats purpose-built to shut down session hijacking and credential theft: Unwanted Access. https://bit.ly/4dlTH3j https://bit.ly/4dlTH3j"  
[X Link](https://x.com/HuntressLabs/status/1825961523115602181)  2024-08-20T18:22Z 34.1K followers, [---] engagements


"We are thrilled that @HuntressLabs Co-founder @chrisbisnett was asked to speak at the upcoming @ClickHouseDB NY meetup We are going to be delving into: -#SIEM -Real-time analytics -Reporting threats as they occur. You dont want to miss it https://www.meetup.com/clickhouse-new-york-user-group/events/302575342/ https://www.meetup.com/clickhouse-new-york-user-group/events/302575342/"  
[X Link](https://x.com/HuntressLabs/status/1832162619911766283)  2024-09-06T21:03Z 34.1K followers, [----] engagements


"We knew session hijacking & credential theft were big issues but its surprising just how common they are. So if youre looking to foil #hackers favorite unwanted access tactics see how our MDR for Microsoft [---] can help block hackers favorite ways: https://www.huntress.com/platform/managed-detection-and-response-for-microsoft365utm_campaign=CY24-Q3-Unwanted+Access&utm_source=twitter&utm_medium=social&utm_content=derivative"  
[X Link](https://x.com/HuntressLabs/status/1834351352266313924)  2024-09-12T22:00Z 34.1K followers, [---] engagements


"On September [--] @HuntressLabs discovered an emerging threat involving FOUNDATION Accounting Software commonly used by contractors in the construction industry"  
[X Link](https://x.com/HuntressLabs/status/1836029654085320813)  2024-09-17T13:09Z 34.1K followers, [----] engagements


"Attackers have been observed brute-forcing the software at scale and gaining access simply by using the products default credentials. We're seeing active intrusions among plumbing HVAC concrete and similar sub-industries. Here is what we know so far: https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software"  
[X Link](https://x.com/HuntressLabs/status/1836029655263973689)  2024-09-17T13:09Z 34.1K followers, [----] engagements


"Haunted by howling false alerts and creeped out by the ghosts of queries past Join us on Tuesday October [--] for a special episode of #TradecraftTuesday. Register now for Spooky Stories from the SOC: Cringe-worthy #Cybersecurity Moments. https://bit.ly/3TIr2O1 https://bit.ly/3TIr2O1"  
[X Link](https://x.com/HuntressLabs/status/1838687022669537697)  2024-09-24T21:08Z 34.1K followers, [---] engagements


"And dont forget to share your own cringe-worthy story for the chance to be featured. https://docs.google.com/forms/d/17DqgnQUuWsUMX_3epKLGH6uZtX0R7036h8kQF41YZCk/viewformedit_requested=true&pli=1 https://docs.google.com/forms/d/17DqgnQUuWsUMX_3epKLGH6uZtX0R7036h8kQF41YZCk/viewformedit_requested=true&pli=1"  
[X Link](https://x.com/HuntressLabs/status/1838687024305574128)  2024-09-24T21:08Z 34.1K followers, [---] engagements


"Are you ready for something truly terrifying In this months #TradecraftTuesday were sharing YOUR spooky stories from the SOC. Pull up a tree stump & gather round the virtual fire as we laugh wince and share tales of terror. https://bit.ly/4gBPfiW https://bit.ly/4gBPfiW"  
[X Link](https://x.com/HuntressLabs/status/1841228623132467234)  2024-10-01T21:28Z 34.1K followers, [----] engagements


"Huntress ConTalk 🚨 Not all apps play nice. Discover how attackers leverage Azure applications to persist and bypass MFA. @huskyhacksMK and @CyberCorg break down the threats and show you how to hunt them down. Register now: @bsidesnyc https://bsidesnyc.org/ https://bsidesnyc.org/"  
[X Link](https://x.com/HuntressLabs/status/1842278563493335082)  2024-10-04T19:00Z 34.1K followers, [---] engagements


"Ten-hut Welcome to the Go Dojo Go #malware is on the rise so we've devised a set of Go reverse engineering challenges for you to solve. First up is GoCrackMe1 an easy Go RE challenge. Go get 'em https://huntress.ctf.games https://huntress.ctf.games"  
[X Link](https://x.com/HuntressLabs/status/1844090527219651030)  2024-10-09T19:00Z 34.1K followers, [----] engagements


"@vRobSmith @halopsa @McLarenF1 What was the coolest car you saw Or should we say "the most cherry ride""  
[X Link](https://x.com/HuntressLabs/status/1844845976453837018)  2024-10-11T21:02Z 34K followers, [--] engagements


"*yawn* why am I so eeeeeeeeepy Don't sleep on the next @HuntressLabs #CTF challenge "eepy" as you dig into some #malware analysis to uncover the next flag. https://huntress.ctf.games/ https://huntress.ctf.games/"  
[X Link](https://x.com/HuntressLabs/status/1847352048112587146)  2024-10-18T19:00Z 37K followers, [----] engagements


"Congratulations to the #CVE Program on its 25th anniversary Dig through their comprehensive anniversary report for an insightful journey through #vulnerability identification and management. Thanks for letting us be a part of your mission CVE Program Celebrates [--] Years of Impact in Cybersecurity Read the CVE Program [--] Years Anniversary Report on https://t.co/QDKWGwDWam #CVE #Vulnerability #VulnerabilityManagement #InformationSecurity #Cybersecurity @CVEnew https://t.co/6PVy4VRfqo https://t.co/3L0PO1QMWq CVE Program Celebrates [--] Years of Impact in Cybersecurity Read the CVE Program [--] Years"  
[X Link](https://x.com/HuntressLabs/status/1850967154318802991)  2024-10-28T18:25Z 37K followers, [----] engagements


"🚨 We are [--] hour away from @_JohnHammond @HuskyHacksMK and Adam Rice going live for the Finale of the @HuntressLabs #CTF giving a behind-the-scenes look at how the challenges came together. YouTube: LinkedIn: https://bit.ly/4fxpzmo https://www.youtube.com/live/qDYfyjv45Ogsi=_vuOR7wPBeZ5p-eh https://bit.ly/4fxpzmo https://www.youtube.com/live/qDYfyjv45Ogsi=_vuOR7wPBeZ5p-eh"  
[X Link](https://x.com/HuntressLabs/status/1853469821968785800)  2024-11-04T16:10Z 34.1K followers, [---] engagements


"🔓 The threat actor exploited a vulnerable Fortigate VPN edge device 🔑 Obtained credentials to a generic boardroom account 💻 Authenticated into the Windows [--] Pro host named DESKTOP-redacted"  
[X Link](https://x.com/HuntressLabs/status/1854996062685347874)  2024-11-08T21:15Z 34.2K followers, [----] engagements


"Excited to see where experimental features like these go as we continue to integrate our products more closely. [--] + [--] = [--] baby"  
[X Link](https://x.com/HuntressLabs/status/1854996065692664243)  2024-11-08T21:15Z 34.2K followers, [---] engagements


"🧵Don't sleep on the importance of a security-aware user Here is a hands-on threat actor who's root entry into the Manufacturer's network was a commodity malware - Gootloader"  
[X Link](https://x.com/HuntressLabs/status/1855387549620936867)  2024-11-09T23:10Z 34.1K followers, [----] engagements


"A sobering dose of Dark Web 💊 Over the weekend a threat actor was selling access to a German IT company with over [--] million dollars in revenue-- but only a $800 price tag😵💫 They offer access via Fortinet likely from any number of the recent CVEs"  
[X Link](https://x.com/HuntressLabs/status/1861798058763173988)  2024-11-27T15:43Z 34K followers, [---] engagements


"How easy is it for threat actors to grab your sensitive data 💊 This dose of dark web shows a threat actor posting new logs and records from infostealer #malware -- publishing sensitive data either in their Telegram channels or on temporary file hosting websites"  
[X Link](https://x.com/HuntressLabs/status/1866169478934864366)  2024-12-09T17:14Z 34.1K followers, [----] engagements


"Stealer logs like these make cybercrime too easy -- they include: ✅ Leaked usernames ✅ Passwords ✅ Website session cookies ✅ Access tokens ✅ Browser auto-fill data like credit cards addresses and so much more"  
[X Link](https://x.com/HuntressLabs/status/1866169480469983295)  2024-12-09T17:14Z 34.1K followers, [---] engagements


"They enable identity attacks and account takeover (ATO) threats. 🛡 Knowing how easy this data is to access can help organizations focus on building IR plans and defense in depth. 💪"  
[X Link](https://x.com/HuntressLabs/status/1866169481745027532)  2024-12-09T17:14Z 34K followers, [---] engagements


"Threat Advisory: Huntress identified an emerging threat involving Cleos LexiCom VLTransfer and Harmony software. We strongly recommend you move any internet-exposed Cleo systems behind a firewall until a new patch is released. https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wildutm_source=twitter&utm_medium=social https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wildutm_source=twitter&utm_medium=social"  
[X Link](https://x.com/HuntressLabs/status/1866321857277747223)  2024-12-10T03:19Z 36.9K followers, 10.3K engagements


"Looking into Azure identity attacks a few things stood out👇 ➡10% of tenants had rogue appsmore common than you'd think ➡Some identities were tied to multiple malicious apps hiding in plain sight 👀 ➡Tracking permissions & persistence A needle-in-a-haystack challenge🔍"  
[X Link](https://x.com/HuntressLabs/status/1869477368576049528)  2024-12-18T20:18Z 34.1K followers, [---] engagements


"Our SOC recently detected highly sus activity on a telecom companys network. These guys had their sights set on the crown jewel: Domain Administrator creds"  
[X Link](https://x.com/HuntressLabs/status/1871582654828802483)  2024-12-24T15:44Z 34.1K followers, [----] engagements


"A commercial real estate company was compromised via an #RMM tool 🏢 The threat actor used their initial access to drop ANOTHER remote access tool 🤯"  
[X Link](https://x.com/HuntressLabs/status/1880282023706898559)  2025-01-17T15:52Z 34.2K followers, [----] engagements


"🔍 In late [----] we spotted some suspicious activity across multiple Canadian organizations pointing to #RedCurl an APT group with a history of cyber espionage. 🕵♀ This wasnt newRedCurls been active since at least November 2023:"  
[X Link](https://x.com/HuntressLabs/status/1881729714580324382)  2025-01-21T15:44Z 34.2K followers, [----] engagements


"👻 They dont encrypt systems steal money or demand ransoms. Instead they hide for months quietly stealing emails corporate docs and confidential files. 🌴 They target industries like wholesale retail finance tourism insurance construction and consulting"  
[X Link](https://x.com/HuntressLabs/status/1881729715905626162)  2025-01-21T15:44Z 34.2K followers, [---] engagements


"Another day another supply chain attack: found vulnerabilities in #SimpleHelp a popular Remote Support Software. http://Horizon3.ai http://Horizon3.ai"  
[X Link](https://x.com/HuntressLabs/status/1882847539533390096)  2025-01-24T17:46Z 34.2K followers, [----] engagements


"Heres an example of VPN compromise 👇 ✅ Its a super common technique we see all the time ✅ Effects businesses of every size ✅ Usually caused by a simple configuration mistake like an account without MFA enabled Yet it can often lead to network-wide compromise 😟"  
[X Link](https://x.com/HuntressLabs/status/1899169249907679660)  2025-03-10T18:43Z 34.6K followers, [----] engagements


"CVE-2025-31161 is the latest example of a critical severity authentication bypass vulnerability in CrushFTP a growing trend were seeing from attackers targeting managed file transfer (MFT) platforms"  
[X Link](https://x.com/HuntressLabs/status/1908276969810133437)  2025-04-04T21:54Z 34.6K followers, [----] engagements


"Huntress researchers recently analyzed attacks involving CVE-2025-31161 a critical authentication bypass flaw in CrushFTP. 💡 We observed specific post-exploitation activity used by threat actors leveraging the flaw in the wild"  
[X Link](https://x.com/HuntressLabs/status/1909307980236931286)  2025-04-07T18:11Z 34.6K followers, [----] engagements


"✅ cmd.exe /c "C:windowstempmsiinstall.exe --install "C:windowstempAnydesk" --silent" ✅ cmd.exe /c "echo licence_key123 "C:windowstempAnydeskAnyDesk.exe" --register-licence" ✅ cmd.exe /c "echo Anydesk@123 "C:windowstempAnydeskAnyDesk.exe" --set-password""  
[X Link](https://x.com/HuntressLabs/status/1909307983248368019)  2025-04-07T18:11Z 34.6K followers, [---] engagements


"🩹 CVE-2025-31161 is fixed in CrushFTP versions 11.3.1+ and 10.8.4+ ➡ We recommend organizations patch immediately. Read more about the CrushFTP CVE-2025-31161 Auth Bypass and Post-Exploitation 🔗 https://bit.ly/4jk4VYO https://bit.ly/4jk4VYO"  
[X Link](https://x.com/HuntressLabs/status/1909307984527622506)  2025-04-07T18:11Z 34.6K followers, [---] engagements


"Threat actors are craftythis trick helps them stay persistent while evading detection. 💡 Key Recommendations: ➡ Monitor EDR for tools like net.exe and WMI ➡ Watch Event Logs (look for Event ID [----] with Guest mentioned) ➡ Hunt for active Guest accounts in your environment"  
[X Link](https://x.com/HuntressLabs/status/1909657449293857055)  2025-04-08T17:19Z 34.7K followers, [---] engagements


"🚨If a Gladinet CentreStack server is exposed to the Internet with these hardcoded keys it is in immediate danger and needs to be patched or have the machineKey values changed ASAP"  
[X Link](https://x.com/HuntressLabs/status/1911583532914196969)  2025-04-14T00:53Z 34.7K followers, [----] engagements


"Our new blog details in-the-wild exploitation and post-exploitation activity observed for CVE-2025-30406. This critical vulnerability impacts both Gladinet CentreStack and Triofoxorgs running vulnerable versions should patch ASAP: https://bit.ly/3E9knIl https://bit.ly/3E9knIl"  
[X Link](https://x.com/HuntressLabs/status/1911811736874737732)  2025-04-14T16:00Z 34.7K followers, [----] engagements


"Huntress continues to observe in-the-wild exploitation of CVE-2025-30406 a critical vulnerability in Gladinet CentreStack and Triofox"  
[X Link](https://x.com/HuntressLabs/status/1914510958862434740)  2025-04-22T02:45Z 34.8K followers, [----] engagements


"Deploying Managed EDR during an active intrusion Thats the hard way to find out what its capable of. A metals manufacturer deployed the Huntress agent during an active intrusion. Heres what our SOC uncovered 👇"  
[X Link](https://x.com/HuntressLabs/status/1924498785691963601)  2025-05-19T16:14Z 35.8K followers, 14.3K engagements


"✅ PSExec tweaked registry & firewall settings for RDP access ✅ Mimikatz.exe hid in C:PerfLogs dumping credentials ✅ Legit tools (TNIWINAGEN) were abused to scan the network then a malicious Atera agent was deployed ✅ A scheduled task ("MSTR tsk") beaconed to a malicious IP"  
[X Link](https://x.com/HuntressLabs/status/1924498787466154018)  2025-05-19T16:14Z 35.8K followers, [----] engagements


"Europol & Microsoft just disrupted Lumma Stealer 🔒 2300+ malicious domains seized 🛑 Command & control infrastructure taken down 💸 Marketplaces disrupted Lumma was our 2nd most-seen stealer last year. Disruptions help but the threats not gone. @LindseyOD123"  
[X Link](https://x.com/HuntressLabs/status/1925652894910460141)  2025-05-22T20:40Z 35.2K followers, [----] engagements


"A suspected state-aligned threat actor targeted a global market research firm using LOTL techniques to evade AV/EDR. Our SOC caught the activity mid-intrusion. Blog has full TTPs + Sigma rules. https://www.huntress.com/blog/advanced-intrusion-targeting-executive-at-critical-marketing-research-company https://www.huntress.com/blog/advanced-intrusion-targeting-executive-at-critical-marketing-research-company"  
[X Link](https://x.com/HuntressLabs/status/1927496874027823350)  2025-05-27T22:47Z 35.2K followers, 10.9K engagements


"A four-minute race against time. Heres what happened 👇 A threat actor brute-forced into an exposed RDP server quickly launching into reconnaissance with nltest.exe. Within moments they dropped a Cobalt Strike beacon using Rundll32 to call back to a suspicious domain"  
[X Link](https://x.com/HuntressLabs/status/1934614600093475257)  2025-06-16T14:10Z 35.4K followers, [----] engagements


"@shotgunner101 Totally fair point love this breakdown. Theres definitely still a role for traditional AV in catching those non-binary threats that can sneak past NGAV/EDR. Layered defense for the win"  
[X Link](https://x.com/HuntressLabs/status/1935353174958727246)  2025-06-18T15:05Z 35.4K followers, [--] engagements


"Super proud to represent our Canadian partners customers & teammates this weekend w/the addition of Scott Hargrove to our roster Tune in to 6hrs of high-stakes endurance racing on & Peacock on Sunday Jun [--] @ 12pm ET 📺 https://hubs.ly/Q03sMWbH0 http://IMSA.TV https://hubs.ly/Q03sMWbH0 http://IMSA.TV"  
[X Link](https://x.com/HuntressLabs/status/1935423665895546893)  2025-06-18T19:45Z 35.7K followers, [----] engagements


"BlueNoroff (TA444) just dropped one of the most sophisticated macOS intrusions weve seendeepfakes fake Zoom links and custom implants written in Nim Go Swift and Obj-C. Heres what our team uncovered 🧵👇 https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysisutm_source=twitter&utm_medium=social&utm_campaign=cy25-06-rr-edr-global-broad-all-rapid_response_bluenoroff&utm_content=06202025-thread"  
[X Link](https://x.com/HuntressLabs/status/1936110834196857023)  2025-06-20T17:16Z 35.7K followers, [----] engagements


"They even delayed execution until the screen went dark to avoid detection. If the user display is asleep execute now. If not queue for later. 📺 system_profiler SPDisplaysDataType used as a sleep detector"  
[X Link](https://x.com/HuntressLabs/status/1936110846456852804)  2025-06-20T17:16Z 35.7K followers, [---] engagements


"IOCs worth watching 👇 Domains: - support.us05web-zoom.biz - productnews.online - metamask.awaitingfor.site - firstfromsep.online Binaries: -zoom_sdk_support.scpt - remoted - keyboardd Full list: Scroll to the bottom https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysisutm_source=twitter&utm_medium=social&utm_campaign=cy25-06-rr-edr-global-broad-all-rapid_response_bluenoroff&utm_content=06202025-thread"  
[X Link](https://x.com/HuntressLabs/status/1936110848717537783)  2025-06-20T17:16Z 35.7K followers, [---] engagements


"💥 Deepfakes. Credential dumps. Multiple ransomware variants. Just dropped a new In the Wild newsletter featuring the latest from our Adversary Tactics Team. Heres what were seeing across the Huntress platformand what defenders need to know https://www.linkedin.com/pulse/wild-latest-signals-from-real-life-threat-actors-huntress-labs-xlafc https://www.linkedin.com/pulse/wild-latest-signals-from-real-life-threat-actors-huntress-labs-xlafc"  
[X Link](https://x.com/HuntressLabs/status/1938360895161438312)  2025-06-26T22:17Z 35.8K followers, [----] engagements


"✅ Malicious inbox rules: Hackers use these to hide warning emails or automatically forward sensitive information to themselves. ✅ Logins from unauthorized VPNs: Users logging in through unknown VPNs Thats an indicator someone might be bypassing your usual network controls"  
[X Link](https://x.com/HuntressLabs/status/1939705952367689926)  2025-06-30T15:21Z 35.8K followers, [----] engagements


"✅ Users authenticating from malicious infrastructure: If an IP ties to known attacker hubs we flag and shut down that activity fast. Hackers relentlessly target identities to launch BEC attacks. With Managed ITDR our SOC keeps SMBs safe and losses out of your bank accounts"  
[X Link](https://x.com/HuntressLabs/status/1939705954422993191)  2025-06-30T15:21Z 35.8K followers, [---] engagements


"Were seeing limited exploitation of a remote code execution Wing FTP Server bug (CVE-2025-47812). Organizations running Wing FTP Server should update to the fixed version version 7.4.4. Heres what to know:"  
[X Link](https://x.com/HuntressLabs/status/1943331836081434832)  2025-07-10T15:29Z 36K followers, 10.2K engagements


"➡ The flaw centers around the ability for an adversary to craft a specific input in Lua and can lead to root/SYSTEM-level RCE if exploited. ➡ We first observed exploitation of a customer on July 1"  
[X Link](https://x.com/HuntressLabs/status/1943331837545206075)  2025-07-10T15:29Z 36K followers, [----] engagements


"🚨 Two hours 'til Product Lab LIVE 🚨 Chris. Kyle. All 500+ Huntress employees from Summer Summit. You & other VIPs. Were talking spicy AI opinions roadmap reveals product sneak peeks and a live Q&A with the builders. Join in the fun: https://www.huntress.com/product-lab-channelutm_campaign=cy25-07-camp-multi-global-broad-all-x-programmatic-product_lab&utm_source=twitter&utm_medium=social&utm_content=071525-image https://www.huntress.com/product-lab-channelutm_campaign=cy25-07-camp-multi-global-broad-all-x-programmatic-product_lab&utm_source=twitter&utm_medium=social&utm_content=071525-image"  
[X Link](https://x.com/HuntressLabs/status/1948011647999807866)  2025-07-23T13:25Z 36.1K followers, [----] engagements


"The attacker only accessed the VPN client and never made it into the network. We recently stopped a threat actor targeting multiple partner environments racking up nearly [-----] failed login attempts before finally landing a single hit"  
[X Link](https://x.com/HuntressLabs/status/1954995760011022500)  2025-08-11T19:58Z 36.4K followers, 12.1K engagements


"Were celebrating [--] years the only way we know how: Oversharing on Reddit. Join the Huntress founders for a Reddit AMA on Aug [--]. Bring your questions were an open book. https://okt.to/20Si7v https://okt.to/20Si7v"  
[X Link](https://x.com/HuntressLabs/status/1958593735198998675)  2025-08-21T18:15Z 36.4K followers, [----] engagements


"Persistence = hackers biding their time for the right moment. This recent case started had a rogue RMM disguised as VMware had been lurking for years (before we were even deployed). Even verified VMware was in use before deploying. We can end the long game in real-time"  
[X Link](https://x.com/HuntressLabs/status/1960706892801433970)  2025-08-27T14:12Z 36.9K followers, 13.8K engagements


"We published a wild blog yesterday about a threat actor who installed Huntress. Some folks had questions. Was it a privacy violation Was it ethical to investigate @_JohnHammond + @Laughing_Mantis dig into the story on #tradecrafttuesday Blog: https://okt.to/qPYDfH https://okt.to/qPYDfH"  
[X Link](https://x.com/HuntressLabs/status/1965887246373982464)  2025-09-10T21:16Z 36.9K followers, 24.9K engagements


"Theyre not phishing you. Theyre interviewing for a job on your IT team. 🫣 Hackers are using deepfakes fake resumes and spoofed LinkedIn profiles to get hired as insiderswith admin access. How they do it whats at stake and how to stop it 👉 https://okt.to/3ODPNm https://okt.to/3ODPNm"  
[X Link](https://x.com/HuntressLabs/status/1969159070075568326)  2025-09-19T21:58Z 37K followers, 22.1K engagements


"A threat actor walks into an orthopaedic network. 🩺 Spoiler: they didnt leave with much. Heres what went down: - Bypassed MFA - Pivoted w/ RDP - Recon w/ ipconfig /all - Dropped Cobalt Strike Coolest part Our SOC caught it live and shut it down before damage was done"  
[X Link](https://x.com/HuntressLabs/status/1973152896549114152)  2025-09-30T22:28Z 37K followers, 17.7K engagements


"Stoked to be hanging w/our investors at @HighlandCapital for @CyberSecFactory this summer"  
[X Link](https://x.com/HuntressLabs/status/874272576859762688)  2017-06-12T14:30Z 34.1K followers, [--] engagements


"FileTour adware installs a Scheduled Task to launch an obfuscated batch script every 3hrs. This persistent #foothold abuses a renamed Bitsadmin EXE to fetch remote .ZIP archives and install additional #malware. https://www.bleepingcomputer.com/news/security/adware-bundle-adds-persistence-to-download-more-malware-at-later-time/ https://www.bleepingcomputer.com/news/security/adware-bundle-adds-persistence-to-download-more-malware-at-later-time/"  
[X Link](https://x.com/HuntressLabs/status/950377943771033600)  2018-01-08T14:45Z 34.1K followers, [--] engagements


"Bundled calculator app (PUP) performs anti-sandbox/debugger checks then drops/installs a randomly named kernel mode #foothold. Driver is digitally signed features download/execute self-protection functionality. C2 configs are hidden within GIFs on blogs. https://blog.talosintelligence.com/2018/04/cryptomining-campaign-returns-coal-not-diamond.html https://blog.talosintelligence.com/2018/04/cryptomining-campaign-returns-coal-not-diamond.html"  
[X Link](https://x.com/HuntressLabs/status/991740181513416706)  2018-05-02T18:04Z 34.1K followers, [--] engagements


"TL;DR 📌 Cybercriminals turned employee monitoring software into a RAT paired it with SimpleHelp hunted crypto and tried to drop Crazy ransomware. The ethical badasses behind this write-up: @RussianPanda9xx @sudo_Rem @Purp1eW0lf + @Antonlovesdnb https://okt.to/JifKsu https://okt.to/JifKsu"  
[X Link](https://x.com/anyuser/status/2022198314607780289)  2026-02-13T06:37Z 38.4K followers, [----] engagements


"Meet Mohammad Red Bull Muzahir. He risked his life to expose how organized cybercriminal enterprises operate. And on February [--] hes sharing what he saw. This is the human cost of cybercrime as told by the man who survived it. Save your spot: https://okt.to/EubCNm https://okt.to/EubCNm"  
[X Link](https://x.com/anyuser/status/2021717904656368030)  2026-02-11T22:48Z 38.4K followers, [----] engagements


"If you run SolarWinds Web Help Desk stop scrolling. This is being actively exploited. The wildest part about it These cybercriminals stood up their own stack. @RussianPanda9xx breaks it down. This write-up is only part of what we uncovered: https://okt.to/0q29Hh https://okt.to/0q29Hh"  
[X Link](https://x.com/anyuser/status/2021399327478837645)  2026-02-11T01:42Z 38.4K followers, 14K engagements


"Cybercrime is the worlds third-largest economy. That should piss you off. On March [--] join @_JohnHammond and special guest @JimBrowning11 for declassified intel on how this dark enterprise runs: Expose their system. Break their business. https://okt.to/uBQkpj https://okt.to/uBQkpj"  
[X Link](https://x.com/HuntressLabs/status/2020845162751021392)  2026-02-09T13:00Z 38.4K followers, 37.8K engagements


"We investigated threat actors actively exploiting SolarWinds Web Help Desk (CVE-2025-26399).and the tradecraft is unhinged. 🔎 If you run SolarWinds WHD patch to [------]. Now. This write-up is only part of what we uncovered: More to come. 👀 https://okt.to/9MzvtP https://okt.to/9MzvtP"  
[X Link](https://x.com/anyuser/status/2020629224760004761)  2026-02-08T22:42Z 38.4K followers, 10.5K engagements


"Huntress took Gold at the [----] #StevieAwards for Customer Service Department of the Year (Computer Software 100+ employees). 🏆 The judges described our submission as near-flawless. We call it doing the job the right way. Congrats to our support teams. 👏 #StevieWinner2026"  
[X Link](https://x.com/anyuser/status/2019773112456233386)  2026-02-06T14:00Z 38.4K followers, [----] engagements


"BYOB Nah BYOVD: Bring Your Own Vulnerable Driver Instead of dropping malware cybercriminals are abusing legit drivers to shut down security toolsfrom the inside. @RussianPanda9xx and @Purp1eW0lf share how to spot this technique in your environment: https://okt.to/RlTqiv https://okt.to/RlTqiv"  
[X Link](https://x.com/anyuser/status/2019532757945254325)  2026-02-05T22:05Z 38.4K followers, [----] engagements


"Live demos are a gamble. When CEO @KyleHanslovan hit a tech snag at #RightofBoom Charles from @totalcareit jumped in from the crowd to save the day. 👏 Reminder: cybersecurity isnt a solo sport. It takes a village and sometimes the community saves our 🍑 too"  
[X Link](https://x.com/anyuser/status/2019470101657854095)  2026-02-05T17:56Z 38.4K followers, [----] engagements


"The Phantom File System Windows ProjFS lets you project files that dont exist on disk until theyre accessed. Think: virtual files hydrated on demand. @JonnyJohnson_ walks through how it works & how defenders can use it for stealthy canary file alerts. https://www.huntress.com/blog/windows-projected-file-system-mechanics https://www.huntress.com/blog/windows-projected-file-system-mechanics"  
[X Link](https://x.com/anyuser/status/2019456036562776149)  2026-02-05T17:00Z 38.4K followers, 11.5K engagements


"Coming up on #TradecraftTuesday we're breaking down AppDomainManager Injection a technique cybercriminals are using to turn legit .NET binaries into "living-off-the-land" weapons. 👀 Join us live next week to see exactly how it works: https://okt.to/rhWcDs https://okt.to/rhWcDs"  
[X Link](https://x.com/anyuser/status/2018851013864640748)  2026-02-04T00:56Z 38.4K followers, [----] engagements


"Heading to #RightofBoom next week Don't miss Huntress CEO @KyleHanslovan on the main stage. 🗓 Thu Feb [--] 8:309:15 AM PT 📍 Chairmans Ballroom Come for the unfiltered takes. Stay for the lessons thatll help you sleep at night"  
[X Link](https://x.com/anyuser/status/2017221407881507063)  2026-01-30T13:00Z 38.4K followers, [----] engagements


"Ransomware tried a manufacturing facility. Windows Defender fired. Signals pointed to Akira. Correlation rules escalated the threat. The Huntress SOC isolated the network traced the intrusion and identified impacted accounts. 👆 Thats 24/7 response"  
[X Link](https://x.com/anyuser/status/2017071792267907361)  2026-01-30T03:06Z 38.4K followers, [----] engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing