This is my new BlueSky account: bsky.app/profile/maxr0g…

I've seen a program called "Let's Compress" being used on some hosts lately. It looks like a wrapper for 7zip with ads, nbd, but the updater is what's got me concerned. 🧵

Today we observed a threat actor use an executable that was built with Graal to run enumeration and deploy NetSupport to a host. I have not personally seen this before - I'll post a thread later, hopefully, because it was a lot more interesting than I expected.

Hi Everyone I have created a website for anyone who is interested in cyber security. This has information on courses I have completed and found informative, information on tools that we use and other helpful information. Url - stephaniefairless.com Huntress Max Rogers

WOOOOOO!!!! Come hang on Jan 24th! Super excited to hang at AtomicsonaFriday to talk about JonMon2.0.

New @huntress blog where alden Greg Linares (Laughing Mantis) and I tell the story of 🕵️and 🤜 ➡️🗑️ some cyber espionage activity in 2024. Always feels good to learn something interesting and then use it to stop real threats with our team at Huntress! 💪huntress.com/blog/the-hunt-…

👀 A threat actor has cloned the California Freights website, modified it, is gathering information, and trying to make it feel legitimate. At the end the user runs an exe currently clean on VT virustotal.com/gui/file/19b88… Leads to NetSupport RAT C2: ukuhost[.]net yogupay[.]net

🚨 The RMM threat landscape is evolving! 🚨 Recent attacks, like those highlighted by Huntress 🛡️ & CERT-UA 🇺🇦, show how adversaries 🎭 weaponize RMM tools 🛠️ for persistence 🔒 & lateral movement ↔️. 🔍 Enter LOLRMM: your 🧙‍♂️ ally in detecting 👀 & preventing 🚫 RMM abuse.

Yeah 😓, this is done through a tracking template. They set the final URL to be a legitimate website, but then with the tracking template have it go through a different domain first that then redirects you wherever they like. support.google.com/google-ads/ans… It's shit for security

This is really big at the moment and you should absolutely be looking at your M365 logs to identify this activity. speartip.com/fasthttp-used-… We're observing a large number of IPs involved after successful authentication, but a common IP is 113.23.43[.]76 CC:Huntress

Big news! I've joined Rapid7 as VP of Threat Detection and Response. Energized to lead our #MDR into its next phase of growth. My focus: revolutionizing the #SOC by reimagining the analyst experience and pushing the boundaries of threat detection to deliver industry-leading

Just updated our documentation on using Timesketch to analyze Hayabusa results: github.com/Yamato-Securit… It includes an overview of the main features you want to use in your investigations.

youtu.be/lJ7coXjS8wk?si…

ATT&CK 📢 Shout-out to #HijackLibs's many contributors, including recent additions from @cyberraiju, @xorjosh, Faraday (all of Huntress), swachchhanda Poudel, 安坂星海 Azaka || VTuber, ice-wzl - thanks for sharing your findings with the cyber security community 🔥

As more companies deploy the Huntress SIEM, we've enjoyed finding the "Door Rattlers"🚪 We see an attacker failing to log in across a number of environments and then eventually succeeding in 1 organization. PhotoCred: Dray Agha Stopping attacks at initial access ❤️

excited bc today Huntress is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🤠 we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)! huntress.com/blog/inside-bl…

Mac's don't get viruses, right? 🍏 Deepfake Zoom calls. AppleScript lures. Rosetta 2 abuse. Plenty of custom malware: Nim backdoor, Go infostealer, Obj-C keylogger, and more! Amazing write-up by alden, Stuart Ashenbrenner 🇺🇸 🇨🇦, and Jonathan Semon 🔥 🔗 huntress.com/blog/inside-bl…

Not only is Huntress a generous supporter of our Foundation, they also consistently publish top-notch research on emerging macOS threats 🤩 Their latest (by alden & Stuart Ashenbrenner 🇺🇸 🇨🇦): "Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion": huntress.com/blog/inside-bl…

Coming up on my 1 year anniversary with Huntress ! Taking this opportunity to go over some things myself and the team have seen in intrusions and drop some tips on basic things you can do to make your network more immune to compromise. Let's start with initial access -