Search cyberveille.decio.ch

Found 3 bookmarks

Custom sorting

Managing Attack Surface | Huntress Blog

Huntress recently detected interesting activity on an endpoint; a threat actor was attempting to establish a foothold on an endpoint by using commands issued via MSSQL to upload a reverse shell accessible from the web server. All attempts were obviated by MAV and process detections, but boy-howdy, did they try!

#huntress #EN #2024 #attack #IoCs #MSSQL #reverse-shell

·huntress.com·Mar 21, 2024

Managing Attack Surface | Huntress Blog

BlackCat Ransomware Affiliate TTPs

This blog post provides a detailed look at the TTPs of a ransomware affiliate operator. In this case, the endpoint had been moved to another infrastructure (as illustrated by various command lines, and confirmed by the partner), so while Huntress SOC analysts reported the activity to the partner, no Huntress customer was impacted by the ransomware deployment.

#huntress #EN #2024 #BlackCat #Ransomware #TTPs #ScreenConnect

·huntress.com·Feb 29, 2024

BlackCat Ransomware Affiliate TTPs

Threat Intel Accelerates Detection & Response

Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.

#huntress #EN #2024 #analysis #endpoint #finger.exe #IoC

·huntress.com·Feb 15, 2024

Threat Intel Accelerates Detection & Response