How do I make the shooting guy memes stop - in the age of AI why can’t we mute an image??

In need of a little mood uplift? I got you.. . youtube.com/watch?v=vZFu-7…

Huntress is hiring a Director of Security Operations to lead our global SOC 🥳 Location: Full Remote, US Based job-boards.greenhouse.io/huntress/jobs/…

I want to highlight Huntress SOC Analyst Tanner for going above and beyond here. In a SOC it's common to take the alert in front of you, do your analysis/response, and then move on. You've revoked the attackers access and can grab the next alert. However, I've noticed a

I was there!

An interesting malware loader here which is almost fully undetected on VT. virustotal.com/gui/file/4be1f… Masquerading as Blue Iris installer. Downloaded from: christmasxdecor[.]com Deploys binaries to %LocalAppData%\Programs\Syslog Center Pro\ End result is NetSupport Manager\RAT

Hey #KQL folks, can someone help me out with some JSON parsing - I'm looking to do something like this (screenshot) it feels like a combo of operators should get me there, but I can't seem to figure it out - thank you!

These queries by Mehmet Ergene are straight 🔥 github.com/Cyb3r-Monk/Thr… Can be adapted as long as your telemetry has decent process info, super powerful for hunting and looking at huge amounts of process-related telemetry.

Fun little IOC in impacket-smbserver's Negotiate Protocol Response 🙃

Light work with Dipo and Anton this morning Threat actor brute forced and compromised `scans` user via exposed RDP Ran enum via PwSh ISE - to try and be slick (they ain't slick 🤣) Huntress neutralised this threat asap, reported to our Partner and VT 🫡

Publishing some of the notes I've amassed over my years in #macOS security. There's lots, so I'm publishing them as I collate them into something structured and readable. My first few are available, and the rest will be as I finish them. notes.crashsecurity.io/notes

My guest blog as an intern at the SANS.edu Internet Storm Center has gone live :) Hunting for malicious phishing domains using DNSTwist & the ISC's Newly Registered Domains API. isc.sans.edu/diary/31188

ICYMI:🚀BadZure automates Azure AD/Entra ID tenant setups, introducing misconfigurations for realistic attack paths. Perfect for red, blue, or purple teams to sharpen your #Azure adversary simulation and detection development skills! 📺 youtube.com/watch?v=IzurUr… #EntraID

This should happen IMHO

Today’s the day! Very proud of the immense work Huntress analysts Jai Minton and Craig put into this lengthy walk through of an intrusion with strong overlap of OceanLotus TTPs. Thank you to Greg Linares (Laughing Mantis) for supporting this investigation as well!

Today we shine light on a long-standing intrusion which aligns with #OceanLotus / #APT32 🌺 intelligence gathering. 👇 Multiple backdoors, custom malware, steganography, and stealthy persistence. Thanks to Craig and Greg Linares (Laughing Mantis) CC: Huntress huntress.com/blog/advanced-…

Random thought - myself, the broader team at Huntress and the InfoSec community generally is lucky to have Dray Agha in our constellation. Aside from the technical chops, Dray is tireless, endlessly kind, patient and overall someone that you just love being around. I consider

Nice day for a walk 😎

We're hiring a Principal level SOC Analyst to join our US West Coast team at Huntress! This role gets a ton of action investigating hands on intrusions, mentoring junior analysts, and working with our Product teams! [Must be US Based] job-boards.greenhouse.io/huntress/jobs/…

First blog! Reversing a VPN client to hijack sessions. rotarydrone.medium.com/decrypting-and…