You may only see the fun things publicly, but we still need to take our medicine and do the stuff we find less fun. We can't take just the good without the bad, and if someone is doing this then someone else is picking up their slack.

excited bc today Huntress is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🤠 we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)! huntress.com/blog/inside-bl…

🚨 SonicWall Exploitation (Zero Day?) 🚨 Huntress is tracking active intrusions via SonicWall devices. Threat actors are bypassing MFA, pivoting to domain controllers, deploying ransomware (likely Akira), and creating users for persistence. Pace suggests possible zero-day

We've seen quite a lot of intrusions involving SonicWall devices here at Huntress . We decided to write a bit about what attacker tradecraft we've seen on the other end of these intrusions: 🔎huntress.com/blog/exploitat…

Threat actors would be so mad if they knew how many of their operations were burnt by some regex or glob which was created by someone who is in no way proficient in regex or glob syntax.

It's been almost 2 years since this. It still makes me smile when I think about it. They never paid the fee.