In a recent investigation Huntress we uncovered how attackers used LFI for log-poisoning with an AntSword Shell to drop Nezha and then Ghost RAT. Big shoutout to Jai Minton and alden learnt heaps from them while working this one.

My first Huntress blog is live: we break down some funky ClickFix lures that lead to a loader which uses steganography to extract shellcode and ultimately deliver LummaC2/Rhadamanyths stealers. Big thanks to RussianPanda 🐼 🇺🇦 for the help! 😇 huntress.com/blog/clickfix-…

Investigated a very interesting attack at Huntress . Where the threat actors weaponised a slew of legitimate tools (Velociraptor, VS Code, and Cloudflared) to establish persistent access, culminating in Warlock ransomware. Check out the full technical breakdown!

Great peek behind the curtain for how we do what we do, if your looking at getting into SOC work or just curious how we investigate this is well worth a read.