Huntress Labs
Follow Huntress Labs on their other social channels!
About Us
Company Size:
Company Type:
Ellicott City, MD
Huntress minimizes the time hackers lurk undetected on computers, laptops, and servers. To accomplish this, Huntress detects and reports malicious applications which are set to automatically run when the system boots up. Although viruses are constantly evolving, the techniques used by hackers to mai ...
Read more
Promoted Content
Huntress Labs is not promoting any content right now
Fuzzing for Vulnerabilities
In today’s episode, you’ll learn how hackers, security researchers, and software developers use a technique called fuzzing to find coding errors and security loopholes in software. Fuzzing works by inputting large amounts of random data to the targeted system in an attempt to make it crash. With these crashes, it’s possible to identify vulnerabilities which can enable attackers to degrade system performance, escalate privileges, bypass authentication, or even provide remote code execution.
Mobile Exploitation
In today’s episode, we’re exposing the techniques hackers leverage to gain remote access to mobile devices. We’ll cover how they’re gaining initial access, common collection capabilities, and what users can do to prevent this. To best illustrate this hacker tradecraft, we invited Georgia Weidman to join us!
Hijacking AWS Accounts
Amazon AWS provides a service for users to quickly and easily spin up servers and other cloud-based infrastructure. This is great for developers but attackers have also realized that it provides similar benefits to their malicious activities. In this episode, we dive into the techniques used by attackers to find and compromise AWS accounts and even discuss some methods attackers can use to maintain access. If you run devops or are interested in AWS, this show is for you!
Mastering Cyber Attribution
When it comes to incident response, attribution is a category often mishandled. Learn how to apply the right amount of scrutiny and leverage the data gathered in this episode. We’ll discuss attribution using email indicators, malware metadata, developer toolmarks, network techniques, and actor tradecraft. Additionally, we’ll walk through false flag operations and several case studies of recent breaches.
$60M Heist – The DAO Hack
We’re exposing how a hacker exploited a flaw to steal over $60M USD of digital currency called Ethereum. We’ll start with an overview on Ethereum, it’s use of “smart contracts”, and The DAO (the compromised organization). Next we’ll dive deep into the actual code used by the attacker to carry out the heist. Lastly, we’ll discuss the non-technical tradecraft the hacker is leveraging to prevent the Ethereum community from blacklisting his stolen currency from the ever hitting the mar ...
HDRoot Bootkit Analysis
On this week’s episode, we’re reviewing how hackers covertly loaded a malicious payload into Windows using a Master Boot Record based bootkit commonly called “HDRoot”. We’ll expose how their dropper installs the bootkit to the hard drive and how it transfers execution from pre-operating system boot code to backdoor-ed service executables running in Windows. Additionally, we’ll discuss the role of stolen certificates in the attack, how the dropper masqueraded as a legitimate Microsoft ...
RUAG Breach Breakdown
On this week’s episode, we’re reviewing the techniques hackers used to compromise the Swiss technology company RUAG. During this discussion, we’ll dissect the breach report published by the Swiss Governmental Computer Emergency Response Team (GovCERT). We’ll highlight how the actors used peer-to-peer style communication to reduce their network footprint and leveraged Active Directory to control devices. Lastly, we’ll provide some recommendations and countermeasures which could have bee ...
IoT Worm Casestudy
On this week's episode, we're sharing how an exploit for Ubiquiti AirMax devices was converted into a self-spreading worm. Although the patch to address this vulnerability was released nearly a year ago, at least two Wireless Internet Service Providers' (WISP) have confirmed mass infections as the result of running outdated/vulnerable software. During this discussion, we'll walk through the timeline of the vulnerability disclosure, the published proof of concept (PoC) exploit, and tactics and te ...
Verizon Breach Report Overview
On this week’s episode, we’re reviewing Verizon’s 2016 Data Breach Investigations Report (DBIR). The purpose of the report is to “lift the lid on what’€™s really happening in cybersecurity”. We’ll examine their dataset of over 100,000 incidents which include 2,260 confirmed data breaches which was provided by 67 contributors including security service providers, law enforcement and government agencies. This should be an exciting episode which will compare and contrast Verizon’s ...
Squiblydoo Attack with COM Scriptlets
On this week’s episode, we’re diving into how hackers can use COM Scriplets and Regsvr32.exe for fileless persistence, bypassing application whitelisting, and evading detection by endpoint security products. This tradecraft has been coined the “Squiblydoo” attack by Casey Smith @subTee who originally exposed the technique in early April. In a nutshell, Casey illustrated how Windows can natively run JScript/VBScript embedded into an XML file called a scriptlet with the help of Microsoft ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?