Josh Allman
@xorJosh
Followers
1K
Following
1K
Media
48
Statuses
310
RT @polygonben: Interesting hands-on-keyboard case today @HuntressLabs . -> Suspected VPN initial access.-> TA used this to RDP to DC & RDS….
0
25
0
RT @Antonlovesdnb: Coming up on my 1 year anniversary with @HuntressLabs ! . Taking this opportunity to go over some things myself and the….
0
47
0
RT @MaxRogers5: Mac's don't get viruses, right? 🍏. Deepfake Zoom calls. AppleScript lures. Rosetta 2 abuse. Plenty of custom malware: Nim….
0
11
0
RT @4ndr3w6S: Late Friday blog drop!. @HuntressLabs had some fun with #DefendNot by @es3n1n 😈. This tool shows that defense evasion isn’t j….
0
38
0
RT @HuntressLabs: They racked up nearly 11,000 failed login attempts before landing a single hit. As seen below, this brute-force attack w….
0
4
0
RT @HuntressLabs: ✅ PSExec tweaked registry & firewall settings for RDP access.✅ Mimikatz.exe hid in C:\PerfLogs dumping credentials.✅ Legi….
0
5
0
RT @HuntressLabs: A threat actor infiltrated a medical facility and threw everything they had at the network. Here’s a breakdown of what we….
0
8
0
RT @pe4Chscreeching: Post MSSQL Compromise @HuntressLabs .✏️ w.bat - new user 'testing' password 'UPD@GhAdmin'. ✏️ Win8.exe, Win10.exe, TQ….
0
7
0
RT @HuntressLabs: Exposed RDP can lead to anything—even attempted ransomware attacks. Here’s what went down at this manufacturing business👇.
0
6
0
RT @HuntressLabs: A threat actor brute forced a manufacturer's VPN appliance 🏭 Here’s what happened👇.
0
6
0
RT @HuntressLabs: 🐶 A vulnerability left an animal care facility wide open, and an attacker didn’t hesitate to pounce. Here’s how it unfold….
0
2
0
RT @HuntressLabs: We’ve shared many stories about exposed RDP without MFA because it’s a common AF; threat actors waste no time exploiting….
0
13
0
RT @HuntressLabs: A construction company recently suffered a VPN brute-force attack, but didn't have SIEM monitoring!. The absence of a SIE….
0
14
0
RT @HuntressLabs: 🚨 IOC DROP – Suspected Ransomware Infrastructure:. IPs:.• 64.190.113[.]159.• 147.135.36[.]162.Domains:.• specialsseason[.….
0
30
0
RT @HuntressLabs: 🎯 Initial Entry Point: Brute-forced an exposed RDP service (don’t skip reviewing your external perimeters!). 🗺️ Enumerati….
0
3
0
RT @HuntressLabs: Our SOC tackled an attempted ransomware intrusion tied to Makop ransomware tactics. Here’s what went down 👇.
0
59
0
RT @Antonlovesdnb: Got a new blog out today with my colleagues @xorJosh & @Purp1eW0lf looking at how we utilize ASNs during hunts & investi….
0
25
0
RT @Wietze: @MITREattack 📢 Shout-out to #HijackLibs's many contributors, including recent additions from @cyberraiju, @xorjosh, @0xffaraday….
0
7
0