Anchor Links to Featured Videos:

  1. RDP Compromise
  2. Ransomware Infection
  3. Office 365 Phishing

About Videos 1 & 2:
Huntress originally shared the first two videos in a joint webinar featuring Huntress, Datto, Connectwise, and ID Agent: Channel Security Experts Deep Dive: The Anatomy of an MSP Breach. We recommend downloading these videos and scripts and using them to help prospects better understand hacker techniques. Note that there is no audio in these videos, as they are intended for you to use them in your own presentations and conversations with prospects.  

You can view these videos with live narration from Kyle Hanslovan, Huntress Co-Founder & CEO, at the following timestamps in the webinar recording:

  1. RDP Compromise (12:40 - 18:40)
  2. Ransomware Infection (27:10 - 30:00)

 

RDP Compromise

As engineers, we all know multi-factor authentication and VPN access into networks are best practices. However, convincing stakeholders to invest in these technologies is easier said than done. This video was designed to show how attackers discover RDP exposed to the internet, brute force into networks, bypass security hurdles, capture user passwords, and spread into other user systems. 

RDP and Dump Password


Download Video: RDP Compromise Download Script: RDP Compromise

 

Ransomware Infection

To a non-technical audience, ransomware incidents are confusing and raise questions as to why they can't be easily prevented. This video shows how hackers abuse multiple legitimate Windows applications (cmd.exe, start, powershell.exe) and encode commands to bypass behavior-based antivirus. It also illustrates how the attacker leveraged trusted websites like Pastebin to evade domain reputation analysis to deliver ransomware payloads.

Anatomy of an MSP Breach - Ransomware Infection


Download Video: Ransomware Infection  Download Script: Ransomware Infection

 

Office 365 Phishing

Hackers are abusing the legitimate sway.office.com product to phish users out of their Office 365 credentials:

  • Users receive an email/link telling them they have a voicemail in Microsoft Teams
  • Users follow the link because the page is hosted on a legitimate Microsoft webpage (as demonstrated by the valid certificate)
  • Users click the listen button and it takes them to a fake Office 365 login page to collect their email and password
sway_phishing


Download Video: Office 365 Phishing