A good explanation is a simple explanation. We've put together a complete and "human-friendly" guide for #Azure incident response and threat hunting, as Azure Cloud has become a popular target for cyber attacks.  Check Part 1 here👇 hunters.security/en/blog/human-…

POC's been surfacing for CVE-2024-38077 aka MadLicense, Detect the presence of servers with RDS License service activated by searching for svchost instances running the command line "svchost -k TSLicensing" stay tuned for further updates #DFIR #infosec #RDS #RCE #MadLicense

1 / 2 We've researched how EDRs audit plist files in macOS LaunchAgents. Detection issues can allow persistence mechanisms to slip through, impacting visibility and security posture. #Cybersecurity #macOS #EDR #ThreatHunting #Infosec

Hunters’ team AXON has observed a concerning rise in Microsoft services abuse over the past few months. A notable trend is the increase in targeted attacks initiated through social engineering via Microsoft Teams, specifically through OneOnOne messages that exploit the default

Ongoing Microsoft 365 AiTM Attacks Leveraging Axios A few months ago, we saw multiple reports about how attackers were exploiting Axios (Node.js) to intercept traffic and facilitate M365 phishing attacks. This threat continues to evolve, so it's important not to treat it as a