Huntress

@[email protected]
610 Followers
5 Following
62 Posts
Managed endpoint protection, detection and response designed to help the 99% fight back against today’s cybercriminals.
Websitehttps://huntress.com
Twitterhttps://twitter.com/huntresslabs
LinkedInhttps://www.linkedin.com/company/huntress-labs/
Show threadHuntressFeb 9

Hat tip to @JohnHammond @gleeda @russianpanda9xx et al

https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399

HuntressFeb 9
Weekend work, but we've seen compromises of SolarWinds WHD -- one especially gnarly case where threat actor set up:
1. Zoho Assist RMM
2. QEMU & Cloudflared
3. Velociraptor for C2
and a wild story (to tell more about soon 😎): an attacker controlled Elastic stack for exfil πŸ”—πŸ‘‡
HuntressJan 27
GreyNoiseJan 13

Check out @hrbrmstr today on @huntress's Tradecraft Tuesday at 1pm ET to chat about all things #React2Shell. 🀘

πŸ”— https://www.huntress.com/upcoming-webinars/tradecraft-tuesday-jan-2026?utm_source=webinar&utm_medium=social&utm_campaign=cy26-q1-0113-web-brand-na-broad-all-x-programmatic-tradecraft&hnt=x62ng2jijcd1

HuntressNov 6
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²Oct 16
The technical detail in this PureRAT analysis by Heejae Hwang (ν™©ν¬μž¬) is fantastic! The analyzed #PureRAT sample looks very similar to the one James Northey recently blogged about for @huntress. It even uses the same C2 server 157.66.26.209:56001.
HuntressNov 6
Show threadhubertfNov 1
@huntress Now that the CTF is over, here's how to solve it using the kernel rootkit - this is HuntressCTF 2025 Day 31's "Root Canal" challenge which features the Diamorphine rootkit:
HuntressSep 19
bsidesnovaSep 12, 2025

America's sweetheart, @JohnHammond of @huntress , is our confirmed keynote speaker.

(You didn't hear it from us, but our *unconfirmed* keynote speaker is Ed Sheeran. πŸ‘€ This guy is part of our BCP.)

Conference and Workshop tickets on sale now! Enroll at BSides NoVA's Hacker U: Where Curiosity Becomes Capability.

Fri, Oct 10 | Sat, Oct 11 | GMU - Mason Square | Arlington, VA

https://www.eventbrite.com/e/bsidesnova-2025-hacker-u-october-10-11-arlington-va-tickets-1663744457459

Show threadHuntressAug 4, 2025

πŸ‘€ Help the Huntress SOC! If you're a SonicWall user you can help us gather more intelligence on this exploit and the surrounding activity by spinning up a free trial of SIEM:

https://www.huntress.com/siem-free-trial?utm_source=twitter&utm_medium=social&utm_campaign=cy25-08-rr-multi-global-broad-all-sonicwall_vpn

SIEM Free Trial | Huntress

Take the Huntress Cybersecurity Platform for a test drive today! Experience the Huntress platform powered with human threat huntersβ€”includes Managed EDR, MDR for Microsoft 365, Managed Security Awareness Training, and Managed SIEM.

Huntress
Show threadHuntressAug 4, 2025
What should you do?
Show threadHuntressAug 4, 2025
- We’ve seen around 20 different attacks, starting on 7/25
- Some of the attackers in these incidents have at least part of the same playbook
- Threat actors using tools like Advanced_IP_Scanner, WinRAR, and FileZilla, and installing new accounts or RMMs for persistence
HuntressAug 4, 2025

⚠️ Huntress has been responding to an ongoing wave of high-severity Akira ransomware incidents originating from SonicWall devices.

Learn more about this active exploit and get an up-to-date list of indicators of compromise:

https://www.huntress.com/blog/exploitation-of-sonicwall-vpn?utm_source=twitter&utm_medium=social&utm_campaign=cy25-08-rr-multi-global-broad-all-sonicwall_vpn

Active Exploitation of SonicWall VPNs | Huntress

A likely zero-day vulnerability in SonicWall VPNs is being actively exploited to bypass MFA and deploy ransomware. Huntress advises disabling the VPN service immediately or severely restricting access via IP allow-listing. We're seeing threat actors pivot directly to domain controllers within hours of the initial breach.

Huntress