"disparate data sets. the data and keys remain the same. huntress capabilities we want our customers to feel protected equally ( where possible ), whether you ’ re on macos, linux, or windows. a good example of this is our ransomware canaries capability. ransomware and canaries on…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
98%
"the widest impact with the smallest footprint. we focus on where we get the biggest value for the investment. that means ransomware canaries, right now, may not provide the threat detection return we expect, but as our team of badass threat experts monitors the threat landscape, …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
97%
"confirmed ransomware behavior. by having our canaries on disk, we can also control a lot more. outside of the advanced logging of our driver, we can also increase the security of those canaries to allow or deny the ability to modify or delete these canaries. at huntress, we belie…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
96%
"has, and continues to, invest a significant amount of resources in tackling these problems. stay tuned for some new ransomware capabilities in 2026! but one technology we ’ ve used, and that ’ s been a pillar for detecting ransomware, is our canaries. as mentioned above, knowing …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
96%
"2025 ( “ up from just 3 % in the first half of the year to 25 % so far in the second half ” ), reported ransomware attacks against actual linux hosts remain rare. ransomware operators haven ’ t historically targeted linux systems in the same numbers as windows hosts. despite this…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1548.006TCC Manipulation
94%
"’ t dive into the intricacies of tcc other than to say that if a script is being executed from the context of the terminal, the terminal itself will need to be ( or have previously been ) granted access to files and folders such as the desktop, documents, or other user - sensitiv…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1548.006TCC Manipulation
85%
"strains of evilquest ( also called thiefquest ) almost daily. however, the new version of this ransomware triggered a loop in the virustotal sandbox, causing virustotal to reflect well over half a million samples. this leads to false reporting of threat landscape numbers across t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.002AppleScript
73%
"a design to do just that. what that did, though, was very much hamper the ease of deployment of software to mac devices. administrators are now required to onboard mobile device management ( mdm ) software, or, if not, manually approve system extensions, grant full disk access, a…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1014Rootkit
55%
"this for each product. windows as mentioned previously, huntress ’ windows edr has been around for about five years. this means that over time, we ’ ve had to evolve how we collect telemetry in order to identify malicious behavior. luckily, on windows, there isn ’ t a shortage of…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1080Taint Shared Content
51%
"confirmed ransomware behavior. by having our canaries on disk, we can also control a lot more. outside of the advanced logging of our driver, we can also increase the security of those canaries to allow or deny the ability to modify or delete these canaries. at huntress, we belie…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1679Selective Exclusion
37%
"confirmed ransomware behavior. by having our canaries on disk, we can also control a lot more. outside of the advanced logging of our driver, we can also increase the security of those canaries to allow or deny the ability to modify or delete these canaries. at huntress, we belie…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1679Selective Exclusion
33%
"has, and continues to, invest a significant amount of resources in tackling these problems. stay tuned for some new ransomware capabilities in 2026! but one technology we ’ ve used, and that ’ s been a pillar for detecting ransomware, is our canaries. as mentioned above, knowing …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1056.004Credential API Hooking
31%
"this for each product. windows as mentioned previously, huntress ’ windows edr has been around for about five years. this means that over time, we ’ ve had to evolve how we collect telemetry in order to identify malicious behavior. luckily, on windows, there isn ’ t a shortage of…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Huntress researchers weigh in on the challenge of getting feature parity across Windows, macOS, and Linux. And learn how unique security models and platform maturity shape the way products are built.