Security Incident Using Huntress & SentinelOne: What Was Found & What Was Missed

This page summarizes the projects mentioned and recommended in the original post on /r/msp
Proxy reverse-proxy Tunnel Nat Go

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • frp

    A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.

    So FRP is a legit tool (https://github.com/fatedier/frp) and so is in fact "riskware" unless dropped by some other payload as part of a nefarious stack, and so I understand their stance. Was this an initial scan? Sounds like it. What should have been triggered by both is how it got there in the first place and honestly, this should have been found in your initial assessment of the infrastructure before your automated protection started, long before you deployed your AI-based tools. Was it installed or was it through a dropper/exploit? If it was a dropper/exploit why didn't that get triggered? If it was a user then you have other issues. This seems pretty cut and dry to me and I see no fault in the AI or the tools.

  • wtfbins

    WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.

    Sounds similar to some other strange PwSh-based S1 behaviour we’ve documented before

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts