Customer Reviews and Testimonials
Customer Reviews and Testimonials
Discover insights from top cybersecurity experts, researchers, and developers about their experience with Hunt.io.
Discover insights from top cybersecurity experts, researchers, and developers about their experience with Hunt.io.
Michael R
Threat (Adversary Infrastructure) Researcher
Michael R
Threat (Adversary Infrastructure) Researcher
Michael R
Threat (Adversary Infrastructure) Researcher
Michael R
Threat (Adversary Infrastructure) Researcher
Hear more from people
Hear more from people
PSA: I have been spending a lot of time this year hunting open directories with @Huntio On four separate occasions, I had to contact pentesters/pentesting companies to take down a shared home folder via python HTTP.server that were directly attributable to them. It wasn't CTF people or hobbyists. It was people doing their day jobs. Couple fun facts changing the port doesn't matter and only doing it for a couple hours doesn't matter the internet is a hostile place that is constantly scanned and scraped.
Using @Huntio to hunt for Lazarus/APT38 clusters is an effective way to understand which crypto-related companies are targeted by this threat actor. For example, we've observed a DPRK threat actor using the host 104.168.165.165 to create fake Hack VC subdomains, such as. /hack-vc.online-meets.xyz /hack-vc.video-meets.pro /xyzhack-vc.video-meets.xyz /video-meets.xyzhack-vc.video-meets.xyz /hack-vc.video-meets.xyzhack-vc.video-meets.xyz /hack-vc.video-meets.xyz /hack-vc.video-meets.site to impersonate/target the company.
New macOS malware targeting The Unarchiver! Stay safe, Mac users. Full report by @Moonlock_Lab with insights from @HuntIO https://moonlock.com/macos-malware-the-unarchiver… #Cybersecurity #MacOS #TheUnarchiver #Malware
PSA: I have been spending a lot of time this year hunting open directories with @Huntio On four separate occasions, I had to contact pentesters/pentesting companies to take down a shared home folder via python HTTP.server that were directly attributable to them. It wasn't CTF people or hobbyists. It was people doing their day jobs. Couple fun facts changing the port doesn't matter and only doing it for a couple hours doesn't matter the internet is a hostile place that is constantly scanned and scraped.
Using @Huntio to hunt for Lazarus/APT38 clusters is an effective way to understand which crypto-related companies are targeted by this threat actor. For example, we've observed a DPRK threat actor using the host 104.168.165.165 to create fake Hack VC subdomains, such as. /hack-vc.online-meets.xyz /hack-vc.video-meets.pro /xyzhack-vc.video-meets.xyz /video-meets.xyzhack-vc.video-meets.xyz /hack-vc.video-meets.xyzhack-vc.video-meets.xyz /hack-vc.video-meets.xyz /hack-vc.video-meets.site to impersonate/target the company.
New macOS malware targeting The Unarchiver! Stay safe, Mac users. Full report by @Moonlock_Lab with insights from @HuntIO https://moonlock.com/macos-malware-the-unarchiver… #Cybersecurity #MacOS #TheUnarchiver #Malware
http://7.2.6.finish.py and http://exp.7.2.6.py look to be variants of a POC for CVE-2024-21762 (based on Assetsnote's writeup). The IP also hosted some likely Rekoobe backdoor variants, among other things. Thanks @Huntio https://github.com/h4x0r-dz/CVE-2024-21762… https://assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762
Code search feature from @Huntio is excellent for monitoring threat actor OPSEC activities. For instance, it's well-known that Havoc C2 contains the specific header string "X-Havoc: true" making it relatively easy to detect. However what if the threat actor removes the "X-Havoc: true" header and sets up/adds a Cloudflare infrastructure/certificate to make detection harder to detect like an example here: /finances-news.com (0/94 VT) In that case, you can check the bash history, "havoc.yaotl," and "http_smb.yaotl" files to see how it's set up. From there, you can create a hunting rule to detect Havoc C2 even when the header string "X-Havoc: true," is removed, custom certificates are used and infra is behind CloudFlare. Happy hunting!
I broke into OSQuery's house to steal their TV and I couldn't because Hunt already stole it. Nice work @Huntio :) great feature.
Always enjoy this kind of research.. just pull the thread and see where it takes you.. :).. nice Chris Ueland and the Hunt Intelligence, Inc. team.. #security #research
Great read regarding SuperShell from the Hunt Intelligence, Inc. team. https://lnkd.in/drPSyuqa
Using Hunt Intelligence, Inc. to hunt for 🇰🇵 Lazarus/APT38 clusters is an effective way to understand which crypto-related companies are targeted by this threat actor.
PSA: I have been spending a lot of time this year hunting open directories with @Huntio On four separate occasions, I had to contact pentesters/pentesting companies to take down a shared home folder via python HTTP.server that were directly attributable to them. It wasn't CTF people or hobbyists. It was people doing their day jobs. Couple fun facts changing the port doesn't matter and only doing it for a couple hours doesn't matter the internet is a hostile place that is constantly scanned and scraped.
Using @Huntio to hunt for Lazarus/APT38 clusters is an effective way to understand which crypto-related companies are targeted by this threat actor. For example, we've observed a DPRK threat actor using the host 104.168.165.165 to create fake Hack VC subdomains, such as. /hack-vc.online-meets.xyz /hack-vc.video-meets.pro /xyzhack-vc.video-meets.xyz /video-meets.xyzhack-vc.video-meets.xyz /hack-vc.video-meets.xyzhack-vc.video-meets.xyz /hack-vc.video-meets.xyz /hack-vc.video-meets.site to impersonate/target the company.
New macOS malware targeting The Unarchiver! Stay safe, Mac users. Full report by @Moonlock_Lab with insights from @HuntIO https://moonlock.com/macos-malware-the-unarchiver… #Cybersecurity #MacOS #TheUnarchiver #Malware
http://7.2.6.finish.py and http://exp.7.2.6.py look to be variants of a POC for CVE-2024-21762 (based on Assetsnote's writeup). The IP also hosted some likely Rekoobe backdoor variants, among other things. Thanks @Huntio https://github.com/h4x0r-dz/CVE-2024-21762… https://assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762
http://7.2.6.finish.py and http://exp.7.2.6.py look to be variants of a POC for CVE-2024-21762 (based on Assetsnote's writeup). The IP also hosted some likely Rekoobe backdoor variants, among other things. Thanks @Huntio https://github.com/h4x0r-dz/CVE-2024-21762… https://assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762
Code search feature from @Huntio is excellent for monitoring threat actor OPSEC activities. For instance, it's well-known that Havoc C2 contains the specific header string "X-Havoc: true" making it relatively easy to detect. However what if the threat actor removes the "X-Havoc: true" header and sets up/adds a Cloudflare infrastructure/certificate to make detection harder to detect like an example here: /finances-news.com (0/94 VT) In that case, you can check the bash history, "havoc.yaotl," and "http_smb.yaotl" files to see how it's set up. From there, you can create a hunting rule to detect Havoc C2 even when the header string "X-Havoc: true," is removed, custom certificates are used and infra is behind CloudFlare. Happy hunting!
I broke into OSQuery's house to steal their TV and I couldn't because Hunt already stole it. Nice work @Huntio :) great feature.
Code search feature from @Huntio is excellent for monitoring threat actor OPSEC activities. For instance, it's well-known that Havoc C2 contains the specific header string "X-Havoc: true" making it relatively easy to detect. However what if the threat actor removes the "X-Havoc: true" header and sets up/adds a Cloudflare infrastructure/certificate to make detection harder to detect like an example here: /finances-news.com (0/94 VT) In that case, you can check the bash history, "havoc.yaotl," and "http_smb.yaotl" files to see how it's set up. From there, you can create a hunting rule to detect Havoc C2 even when the header string "X-Havoc: true," is removed, custom certificates are used and infra is behind CloudFlare. Happy hunting!
I broke into OSQuery's house to steal their TV and I couldn't because Hunt already stole it. Nice work @Huntio :) great feature.
Always enjoy this kind of research.. just pull the thread and see where it takes you.. :).. nice Chris Ueland and the Hunt Intelligence, Inc. team.. #security #research
Great read regarding SuperShell from the Hunt Intelligence, Inc. team. https://lnkd.in/drPSyuqa
Using Hunt Intelligence, Inc. to hunt for 🇰🇵 Lazarus/APT38 clusters is an effective way to understand which crypto-related companies are targeted by this threat actor.
Always enjoy this kind of research.. just pull the thread and see where it takes you.. :).. nice Chris Ueland and the Hunt Intelligence, Inc. team.. #security #research
Great read regarding SuperShell from the Hunt Intelligence, Inc. team. https://lnkd.in/drPSyuqa
Using Hunt Intelligence, Inc. to hunt for 🇰🇵 Lazarus/APT38 clusters is an effective way to understand which crypto-related companies are targeted by this threat actor.
Products
Hunt Intelligence, Inc.
Products
Hunt Intelligence, Inc.
Products
Hunt Intelligence, Inc.