How Huntress' Product Lab Shares News, Trends and Improvements with Partners - Tubblog: The Hub for MSPs

How Huntress’ Product Lab Shares News, Trends and Improvements with Partners

How Huntress’ Product Lab Shares News, Trends and Improvements with Partners image

One of the ways cybersecurity experts Huntress continue to innovate and meet the needs of their customers is by holding regular webinars like the Product Lab.

Both educational and interactive, these online presentations encourage engagement from their community audiences in how to better align their managed security platform. And they’re a great way for partners to see how the product is developing to address growing security threat landscape.

Attending September 2023’s Product Lab, we saw some of Huntress’ recent developments as well as a couple of deep-dives into session/cookie hijacking.

Divider

 

The Product LabProduct Lab Speakers

The two main speakers were:

Kyle Hanslovan, CEO of Huntress

Chris Bisnett, CTO of Huntress

with a guest presentation from:

John Hammond, Principal Security Researcher for Huntress

The hour-long webinar set out to provide updates, and to educate partners on some of the current developments, as well as the important security trends that we all need to be aware of.

Divider

Straight Outta the Lab

To kick off the Product Lab agenda, Kyle went through some of the new developments from the Huntress team. Here are a few examples:

1. Halo PSA Integration Beta

A new integration for Halo’s professional services automation has been added to the Incident Reporting section of the Huntress platform.

2. Call and Text Notifications

You can now opt-in for text and call notifications to be sent to key contacts in an attempt to accelerate outreach during critical incidents.

Currently available in the US and Canada only at the moment, but should be rolled out internationally in the future.

3. New HIPAA Episode Released

A new animated security training video has been released on the subject of Health Insurance Portability and Accountability Act (HIPAA). The protection of patients’ health data is similar to that of GDPR in the UK, and requires the custodians of such information to meet a particular standard.

4. Awareness Training Pipeline

Some updates listed as headlines, which included:

  • Huntress SOC Curates Your Training Plan
  • Improved TOTP/Authenticator Support
  • Knee-Deep Managed Phishing
  • Building Co-branded Reports for End UsersHow Huntress' Product Lab Shares News, Trends and Improvements with Partners

Divider

If not Logins, Then What?

Chris took over lead of the presentation to talk about the differences between events and sessions in Microsoft365.

M365 events show the actions a user makes. An event log can tell you who’s logged in, when permissions are changed and what is accessed. However not all events are logged.

M365 sessions are unique IDs that connect the events that occurred during a particular session. This is useful because it can reveal activity across multiple devices and can be used to see how a potential threat actor has altered items across your system.

Challenges

There are some issues or challenges that make identifying events and where they’ve occurred difficult to track and stop.

  1. Without establishing conditional access rules, sessions can last forever.
  2. Not all events have a session ID attached. This could be because the event has been generated by an application, or if multiple events are created at the same time, it may only attach the session ID to the first one created.

Hijacking Sessions, Why Do It?

A threat actor will look to hijack a session because logins are already authenticated and multi-factor authentication confirmed.

A hijacked session doesn’t look suspicious at first glance because it’s not a session ID. Traditional SIEM (Security Incident Event Management) software finds it difficult to identify and isolate. Furthermore, phishing is a good way to steal a session.

Stealing Browser Cookies

Browser cookies are how a website identifies you and your preferences on it, which includes web-based email. They pre-verify you, and so are of value to hackers. Malicious browser plugins are an ideal way to steal your cookie data, as well as malware on open, shared devices.

Cookies are a way to make it easier for you to access what you need to without being continually asked for your credentials. Cookie data is something that is bought and sold on Darkweb marketplaces, such as the Genesis Market.

See what's brewing... in this monthly, community-led product development webinar series with the team @Huntress Click to Tweet

Divider

Product Lab Hacker Demonstrations

John Hammond took over the presentation to show us a couple of demonstrations from the point of view of the victim and the threat actor.

First Demonstration

The first demonstration was a basic look at how easy it is for a threat actor to gain access to a victim’s email, using a session cookie obtained via the darkweb.

It demonstrated how browser cookies can bypass logins and passwords, allowing the cookie-bearer to assume the identity of the user and access their private spaces on the internet.

Second Demonstration

The second demonstration was a little bit more sophisticated and had the threat actor obtain a session token by first phishing the victim with a simple Microsoft-branded email giving them a link and a ‘secure code’ to enter.

The link returned a prompt for the user to input their login and password details.

Then, using a PowerShell script called Token Tactics, there were able to obtain all the session token details to access whatever they want to.

With just a few clicks, the threat actor could replace authentication fields with the stolen session token data.

Although I didn’t fully comprehend how the attack worked, it was clear that it was something that was quick and easy for professional hackers to do.

Detecting the Hacks

Due to the nature of session and browser hijacks, they can be quite difficult to detect. Therefore, multiple methods need to be employed to detect them.

Things that can reveal suspicious activity:

  1. Session ID shows a change in location
  2. The device type changes
  3. Other types of malicious activity such as permissions changing, etc.How Huntress' Product Lab Shares News, Trends and Improvements with Partners


Divider

Audience Q+A

To round off the Product Lab agenda, some time was set aside to give the community a chance to field questions to the speakers.

Here are a few examples of the questions that were asked, along with the answers the panel gave:

Q. Would conditional access prevent or mitigate the problem of session hijacking in Microsoft 365?

A. Conditional access requires a successful login first, so it wouldn’t prevent a hijack attempt on the first login.

Q. How can we capture endpoint logs for compliance and insurance purposes?

A. It’s not something available at the moment, but it’s in the development pipeline for the future.

Q. Is there a way to turn off email notification for unresponsive agents?

A. Yes, this is something you can turn off and on yourself.

Divider

Conclusion

A monthly, interactive webinar such as the Product Lab is a great way to deliver value to your partners. By educating them about security trends, informing them of product updates and listening to what they want to see developed further, Huntress are demonstrating an investment in working to make their partners’ businesses more secure.

I’d highly recommend that MSPs interested in cyber security sign up to attend the monthly Huntress Product Lab sessions.

This is definitely the way forward for vendors, particularly those that are security-conscious, where technology needs to remain at the cutting edge.

Taking on board the input from partners and proving you’re listening to them shows great commitment.

What do you think of these kinds of product improvement webinars? Do they provide value and are they worth your time?

We’d love to hear about it in the comments!

And if you’d like to know more about the Breaches and Brews, the informal get-together roadtrip to introduce UK MSPs to Huntress, read our blog here.

How Huntress' Product Lab Shares News, Trends and Improvements with PartnersDivider
You Might Also Be Interested In

STEPHEN MCCORMICK

I'm a small business owner, technical writer and blogger, with 15 years experience in corporate IT. I frequently attend MSP peer groups and create content relevant to IT service providers and business owners.

All Posts

You might like:

Team Tubb Takeover – Christmas 2024 image

Team Tubb Takeover – Christmas 2024

Article | By jak_admin
Networking Tips for MSPs: How to Build Relationships That Convert image

Networking Tips for MSPs: How to Build Relationships That Convert

Article | By Graham Pierrepoint
The Best Apps and Resources for Winter Wellbeing image

The Best Apps and Resources for Winter Wellbeing

Article | By Gudrun Lauret
Beat the Winter Blues: Top Tips for Better MSP Wellbeing image

Beat the Winter Blues: Top Tips for Better MSP Wellbeing

Article | By Gudrun Lauret
CompTIA EMEA 2024: Member and Partner Update and More! image

CompTIA EMEA 2024: Member and Partner Update and More!

Article | By Richard Tubb
How to Introduce a Mental Health Programme into Your MSP image

How to Introduce a Mental Health Programme into Your MSP

Article | By Graham Pierrepoint
Invest In Mental Health For a Happy MSP Team image

Invest In Mental Health For a Happy MSP Team

Article | By Graham Pierrepoint
The Lowdown: Women In Tech Meetup: Pax8 Beyond EMEA image

The Lowdown: Women In Tech Meetup: Pax8 Beyond EMEA

Article | By Richard Tubb
The Easy Way to Transition Your MSP to an MSSP image

The Easy Way to Transition Your MSP to an MSSP

Article | By Richard Tubb
Pax8 Beyond EMEA 24: Growing Community Beyond the Cloud image

Pax8 Beyond EMEA 24: Growing Community Beyond the Cloud

Article | By Richard Tubb
Partnering with Vendors: A Strategic Approach to Enhance Your MSP’s Offerings image

Partnering with Vendors: A Strategic Approach to Enhance Your MSP’s Offerings

Article | By Graham Pierrepoint
How to Scale Your MSP Without Losing the Personal Touch image

How to Scale Your MSP Without Losing the Personal Touch

Article | By Graham Pierrepoint

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore.

Share via
Send this to a friend