How Huntress' Product Lab Shares News, Trends and Improvements with Partners - Tubblog: The Hub for MSPs

How Huntress’ Product Lab Shares News, Trends and Improvements with Partners

How Huntress’ Product Lab Shares News, Trends and Improvements with Partners image

One of the ways cybersecurity experts Huntress continue to innovate and meet the needs of their customers is by holding regular webinars like the Product Lab.

Both educational and interactive, these online presentations encourage engagement from their community audiences in how to better align their managed security platform. And they’re a great way for partners to see how the product is developing to address growing security threat landscape.

Attending September 2023’s Product Lab, we saw some of Huntress’ recent developments as well as a couple of deep-dives into session/cookie hijacking.

Divider

 

The Product Lab Product Lab Speakers

The two main speakers were:

Kyle Hanslovan, CEO of Huntress

Chris Bisnett, CTO of Huntress

with a guest presentation from:

John Hammond, Principal Security Researcher for Huntress

The hour-long webinar set out to provide updates, and to educate partners on some of the current developments, as well as the important security trends that we all need to be aware of.

Divider

Straight Outta the Lab

To kick off the Product Lab agenda, Kyle went through some of the new developments from the Huntress team. Here are a few examples:

1. Halo PSA Integration Beta

A new integration for Halo’s professional services automation has been added to the Incident Reporting section of the Huntress platform.

2. Call and Text Notifications

You can now opt-in for text and call notifications to be sent to key contacts in an attempt to accelerate outreach during critical incidents.

Currently available in the US and Canada only at the moment, but should be rolled out internationally in the future.

3. New HIPAA Episode Released

A new animated security training video has been released on the subject of Health Insurance Portability and Accountability Act (HIPAA). The protection of patients’ health data is similar to that of GDPR in the UK, and requires the custodians of such information to meet a particular standard.

4. Awareness Training Pipeline

Some updates listed as headlines, which included:

  • Huntress SOC Curates Your Training Plan
  • Improved TOTP/Authenticator Support
  • Knee-Deep Managed Phishing
  • Building Co-branded Reports for End Users How Huntress' Product Lab Shares News, Trends and Improvements with Partners

Divider

If not Logins, Then What?

Chris took over lead of the presentation to talk about the differences between events and sessions in Microsoft365.

M365 events show the actions a user makes. An event log can tell you who’s logged in, when permissions are changed and what is accessed. However not all events are logged.

M365 sessions are unique IDs that connect the events that occurred during a particular session. This is useful because it can reveal activity across multiple devices and can be used to see how a potential threat actor has altered items across your system.

Challenges

There are some issues or challenges that make identifying events and where they’ve occurred difficult to track and stop.

  1. Without establishing conditional access rules, sessions can last forever.
  2. Not all events have a session ID attached. This could be because the event has been generated by an application, or if multiple events are created at the same time, it may only attach the session ID to the first one created.

Hijacking Sessions, Why Do It?

A threat actor will look to hijack a session because logins are already authenticated and multi-factor authentication confirmed.

A hijacked session doesn’t look suspicious at first glance because it’s not a session ID. Traditional SIEM (Security Incident Event Management) software finds it difficult to identify and isolate. Furthermore, phishing is a good way to steal a session.

Stealing Browser Cookies

Browser cookies are how a website identifies you and your preferences on it, which includes web-based email. They pre-verify you, and so are of value to hackers. Malicious browser plugins are an ideal way to steal your cookie data, as well as malware on open, shared devices.

Cookies are a way to make it easier for you to access what you need to without being continually asked for your credentials. Cookie data is something that is bought and sold on Darkweb marketplaces, such as the Genesis Market.

See what's brewing... in this monthly, community-led product development webinar series with the team @Huntress Click to Tweet

Divider

Product Lab Hacker Demonstrations

John Hammond took over the presentation to show us a couple of demonstrations from the point of view of the victim and the threat actor.

First Demonstration

The first demonstration was a basic look at how easy it is for a threat actor to gain access to a victim’s email, using a session cookie obtained via the darkweb.

It demonstrated how browser cookies can bypass logins and passwords, allowing the cookie-bearer to assume the identity of the user and access their private spaces on the internet.

Second Demonstration

The second demonstration was a little bit more sophisticated and had the threat actor obtain a session token by first phishing the victim with a simple Microsoft-branded email giving them a link and a ‘secure code’ to enter.

The link returned a prompt for the user to input their login and password details.

Then, using a PowerShell script called Token Tactics, there were able to obtain all the session token details to access whatever they want to.

With just a few clicks, the threat actor could replace authentication fields with the stolen session token data.

Although I didn’t fully comprehend how the attack worked, it was clear that it was something that was quick and easy for professional hackers to do.

Detecting the Hacks

Due to the nature of session and browser hijacks, they can be quite difficult to detect. Therefore, multiple methods need to be employed to detect them.

Things that can reveal suspicious activity:

  1. Session ID shows a change in location
  2. The device type changes
  3. Other types of malicious activity such as permissions changing, etc. How Huntress' Product Lab Shares News, Trends and Improvements with Partners


Divider

Audience Q+A

To round off the Product Lab agenda, some time was set aside to give the community a chance to field questions to the speakers.

Here are a few examples of the questions that were asked, along with the answers the panel gave:

Q. Would conditional access prevent or mitigate the problem of session hijacking in Microsoft 365?

A. Conditional access requires a successful login first, so it wouldn’t prevent a hijack attempt on the first login.

Q. How can we capture endpoint logs for compliance and insurance purposes?

A. It’s not something available at the moment, but it’s in the development pipeline for the future.

Q. Is there a way to turn off email notification for unresponsive agents?

A. Yes, this is something you can turn off and on yourself.

Divider

Conclusion

A monthly, interactive webinar such as the Product Lab is a great way to deliver value to your partners. By educating them about security trends, informing them of product updates and listening to what they want to see developed further, Huntress are demonstrating an investment in working to make their partners’ businesses more secure.

I’d highly recommend that MSPs interested in cyber security sign up to attend the monthly Huntress Product Lab sessions.

This is definitely the way forward for vendors, particularly those that are security-conscious, where technology needs to remain at the cutting edge.

Taking on board the input from partners and proving you’re listening to them shows great commitment.

What do you think of these kinds of product improvement webinars? Do they provide value and are they worth your time?

We’d love to hear about it in the comments!

And if you’d like to know more about the Breaches and Brews, the informal get-together roadtrip to introduce UK MSPs to Huntress, read our blog here.

How Huntress' Product Lab Shares News, Trends and Improvements with Partners Divider
You Might Also Be Interested In

STEPHEN MCCORMICK

I'm the MSP Community Manager for Tubblog. A small business owner, technical writer and blogger, with 15 years experience in corporate IT. I frequently attend MSP peer groups and create content relevant to IT service providers and business owners.

All Posts

You might like:

Key Importance of Privacy for MSPs and Clients image

Key Importance of Privacy for MSPs and Clients

Article | By Guest Author
Championing the Cybersecurity Right of Boom and the MSP Revolution image

Championing the Cybersecurity Right of Boom and the MSP Revolution

Article | By Graham Pierrepoint
Spotlight on 2024 Cyber Trends And AI-Powered Email Threats image

Spotlight on 2024 Cyber Trends And AI-Powered Email Threats

Article | By Stephen McCormick
Tubbservatory Round-Up #25 – January 2024 image

Tubbservatory Round-Up #25 – January 2024

Article | By Stephen McCormick
Breakthrough Ways Of Selling Cybersecurity Solutions To SMBs image

Breakthrough Ways Of Selling Cybersecurity Solutions To SMBs

Article | By Stephen McCormick
The MSP Opportunity in Up-Serving and Cross-Selling image

The MSP Opportunity in Up-Serving and Cross-Selling

Article | By Richard Tubb
Untold Cyber Attack Stories: A Shocking Perspective For MSPs image

Untold Cyber Attack Stories: A Shocking Perspective For MSPs

Article | By Stephen McCormick
The Two Top Most Powerful Trends for MSPs in 2024 image

The Two Top Most Powerful Trends for MSPs in 2024

Article | By Richard Tubb
Tubbservatory Round-Up #24 – December 2023 image

Tubbservatory Round-Up #24 – December 2023

Article | By Stephen McCormick
My 3 Words for Unleashing a Powerful 2024 image

My 3 Words for Unleashing a Powerful 2024

Article | By Richard Tubb
Five Powerful Security Tips for Keeping Data Secure This Christmas image

Five Powerful Security Tips for Keeping Data Secure This Christmas

Article | By Stephen McCormick
Revealing Event Takes From The On The Road Round-Up 2023 image

Revealing Event Takes From The On The Road Round-Up 2023

Article | By Stephen McCormick

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Send this to a friend