❌

Normal view

The (!FALSE) Pattern | Huntress

29 January 2026 at 16:00
SOAPHound's LDAP query (!soaphound=*) never appears in Event 1644 logs, but it transforms into (! (FALSE)) through LDAP optimization. Understanding this transformation reveals a unique detection signature that most defenders have never seen.

SDFlags | Huntress

15 January 2026 at 16:00
While investigating LDAP filters and attributes, I completely missed "SDFlags" in my Event 1644 logs. When I finally noticed it, the investigation led to nTSecurityDescriptor, attack path discovery, and a high-confidence detection signature.

Cross-Platform Unity in EDR

13 January 2026 at 07:00
Huntress researchers weigh in on the challenge of getting feature parity across Windows, macOS, and Linux. And learn how unique security models and platform maturity shape the way products are built.

ESXi Exploitation in the Wild

7 January 2026 at 15:00
Huntress outlines a complex, multi-step attack designed to break out of guest VMs and target the ESXi hypervisor, using potential zero-day vulnerabilities and sneaky VSOCK communication.

❌