Announcing AttackCapture™
Published on
Published on
Published on
Aug 23, 2024
Aug 23, 2024
Aug 23, 2024
Welcome to a New Kind of Sandbox
Welcome to a New Kind of Sandbox
We originally launched our "Open Directory" feature in Hunt a year ago. The premise behind it was to get into the mind of the attacker by get a backstage view into their attacks. What we learned was that there was a ton of information that could be correlated and indexed. Today, we're reaffirming our commitment to getting into the tooling of attackers by launching AttackCapture™ by Hunt.io.
AttackCapture finds attacker burner instances, indexes and categorizes the attack tooling. Depending on the methods of the attacker, we're able to see: Lores, Targets, Recon tools, Remote Exploits, Malware, and Exfil. We're working very hard to organize this information and extract value for defenders.
Think of it as a new kind of sandbox that's a meta sandbox with an unprecedented living repo into attacker tools and techniques.
AttackCapture allows you to get into the mind of the attacker, see TTPs, and better attribute and defend against them.
We originally launched our "Open Directory" feature in Hunt a year ago. The premise behind it was to get into the mind of the attacker by get a backstage view into their attacks. What we learned was that there was a ton of information that could be correlated and indexed. Today, we're reaffirming our commitment to getting into the tooling of attackers by launching AttackCapture™ by Hunt.io.
AttackCapture finds attacker burner instances, indexes and categorizes the attack tooling. Depending on the methods of the attacker, we're able to see: Lores, Targets, Recon tools, Remote Exploits, Malware, and Exfil. We're working very hard to organize this information and extract value for defenders.
Think of it as a new kind of sandbox that's a meta sandbox with an unprecedented living repo into attacker tools and techniques.
AttackCapture allows you to get into the mind of the attacker, see TTPs, and better attribute and defend against them.
Stats from Year One
Stats from Year One
Top Improvements in AttackCapture™
Top Improvements in AttackCapture™
MITRE ATT&CK® Techniques
We now list MITRE ATT&CK® Techniques on each open directory and sandboxed item. MITRE Enterprise, ICS and Mobile tags are used. Files are sandboxed and tagged to allow overview and searching to understand the attack TTPs. You can see them on the listing page as well as find other open directories that have the same settings.
We now list MITRE ATT&CK® Techniques on each open directory and sandboxed item. MITRE Enterprise, ICS and Mobile tags are used. Files are sandboxed and tagged to allow overview and searching to understand the attack TTPs. You can see them on the listing page as well as find other open directories that have the same settings.
Full Text Code Searching
Search all the code and text files across our entire archive for patterns to find unique exploits, reverse shells and more. Also, search by many more fields to narrow down what you're looking for.
Search all the code and text files across our entire archive for patterns to find unique exploits, reverse shells and more. Also, search by many more fields to narrow down what you're looking for.
Flagging of Credentials
Credentials are now automatically located inside of attacker content to help you correlate directories and narrow the unique attributes of the attacker. It’s also helpful for sussing out if it’s a criminal, bug bounty hunter or red team.
Credentials are now automatically located inside of attacker content to help you correlate directories and narrow the unique attributes of the attacker. It’s also helpful for sussing out if it’s a criminal, bug bounty hunter or red team.
Malicious Tags now on the Search Page
When doing file name searches, you can see tags that come off of the sandboxes.
When doing file name searches, you can see tags that come off of the sandboxes.
Code Syntax Highlighter
Instantly view any code from the open directories with a syntax highlighted version. Works with most languages making easy previews.
Instantly view any code from the open directories with a syntax highlighted version. Works with most languages making easy previews.
Download a Password Protected Zip
Receive any file from an open directory as a password protected zip to make it easier to transfer the files to protected environments without getting blocked.
Receive any file from an open directory as a password protected zip to make it easier to transfer the files to protected environments without getting blocked.
Open Directories for Attributed IOCs
Automatically chain together public research with our to see the full attack for a certain threat actor to understand their full TTPs.
Automatically chain together public research with our to see the full attack for a certain threat actor to understand their full TTPs.
Attack files by Scan Signature
You can get a view of open directories for Scanned C2s. These are fully identified servers behaving like C2s to allow you to explore the actual files on the server.
You can get a view of open directories for Scanned C2s. These are fully identified servers behaving like C2s to allow you to explore the actual files on the server.
Attack files by File Signature
Search the open directories that contain executables of an identified malware.
Search the open directories that contain executables of an identified malware.
More Files Sandboxed - automatically
You've asked for it and we've added it - we are now automatically sandboxing many more file types and will continue to add coverage.
You've asked for it and we've added it - we are now automatically sandboxing many more file types and will continue to add coverage.
Editorial Observations
Our team now puts hand written descriptions analyzing novel and important directories to save you time and narrow down things you're interested in.
Our team now puts hand written descriptions analyzing novel and important directories to save you time and narrow down things you're interested in.
Conclusion
Conclusion
We are committed to giving defenders access to the tools they need to understand how attackers attack. Our roadmap includes lots of additions to correlate activity as well as get access to data that will help you move the needle of defending and hunting. Please feel free to reach out to us for a demo or inquire about feeds or commercial access pricing.
We are committed to giving defenders access to the tools they need to understand how attackers attack. Our roadmap includes lots of additions to correlate activity as well as get access to data that will help you move the needle of defending and hunting. Please feel free to reach out to us for a demo or inquire about feeds or commercial access pricing.
Table of Contents
Open Directory Feature
Stats from Year 1
Usability Improvements
Table of Contents
Open Directory Feature
Stats from Year 1
Usability Improvements
Table of Contents
Open Directory Feature
Stats from Year 1
Usability Improvements
Threat Hunting Platform - Hunt.io
Products
Hunt Intelligence, Inc.
Threat Hunting Platform - Hunt.io
Products
Hunt Intelligence, Inc.
Threat Hunting Platform - Hunt.io
Products
Hunt Intelligence, Inc.