❌

Reading view

SDFlags | Huntress

While investigating LDAP filters and attributes, I completely missed "SDFlags" in my Event 1644 logs. When I finally noticed it, the investigation led to nTSecurityDescriptor, attack path discovery, and a high-confidence detection signature.

  •  

Cross-Platform Unity in EDR

Huntress researchers weigh in on the challenge of getting feature parity across Windows, macOS, and Linux. And learn how unique security models and platform maturity shape the way products are built.

  •  

ESXi Exploitation in the Wild

Huntress outlines a complex, multi-step attack designed to break out of guest VMs and target the ESXi hypervisor, using potential zero-day vulnerabilities and sneaky VSOCK communication.

  •  

The LDAP Whitespace Problem | Huntress

Your LDAP detection rules work in the lab but fail in production. Here's why Event 1644 whitespace variations break your Sigma rules and how to fix them.

  •  

Tradecraft Tuesday Recap | Huntress

From "React2Shell" exploitation to sophisticated "Living off Trusted Sites" phishing, Huntress experts break down the threats targeting both enterprises and families today.

  •  

A Series of Unfortunate (RMM) Events

Recently, the Huntress SOC has observed threat actors increasingly use PDQ and GoTo Resolve to deploy further remote monitoring and management (RMM) tools in attacks.

  •  

Hardening the Hypervisor | Huntress

Hypervisors are a major target for ransomware attacks. Get expert guidance from Huntress on how to protect your virtualized infrastructure. Learn how to secure access, put runtime controls in place, simplify patching, and improve your recovery plans.

  •  
❌