"s because not every partner deploys huntress to all their customers or all their endpoints. so, unfortunately, some were left unprotected. additionally, we took on many new customers and partners who took advantage of our free trial to get outside help after they realized they ma…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
88%
"slashandgrab connectwise screenconnect vulnerability the “ exploit ” is trivial and embarrassingly easy. these are words you never want to hear when talking about vulnerabilities in a widely used product, but that ’ s exactly how john hammond, principal security researcher at hun…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
70%
"relating to this hack include “ authentication bypass ” and “ path traversal. ” an authentication bypass is a flaw that allows attackers to go around security checks and access restricted areas without the proper permissions. path traversal enables attackers to access files or di…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
62%
"from our partners that, “ huntress, saved my ass! ” full analysis once the poc and other exploit details were unfortunately shared by multiple parties and were widely available to the public, we released our full detailed analysis of slashandgrab. this would help the community be…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
43%
"guidance so they could start looking into any potentially related malicious activity. this quickly became the go - to resource for anyone looking to conduct defense - in - depth detections. huntress then published detection rules to sigmahq, which would help speed up the hunt for…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
40%
", huntress had successfully built a poc. the poc confirmed what connectwise was indicating, that, as our ceo kyle hanslovan said in a techcrunch headline, “ this shit is bad. ” once we understood the details and gravity of the situation, we immediately sounded the alarm to every …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
36%
"urged their users to patch immediately. normally, this would not be a cause for alarm. however, one of the vulnerabilities was given a cvss score of 10 out of 10, meaning it was the highest level of severity. as in, “ stop whatever you ’ re doing and patch now ” level of seriousn…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Huntress gives you a non-technical breakdown of the SlashAndGab ConnectWise ScreenConnect Vulnerability; dig into the insights on how we discovered it and supported the community along the way.