← Back to context

Comment by cbisnett

8 months ago

Actually we just thought it was interesting that an attacker installed our EDR agent on the machine they use to attack their victims. That’s really bad operational security and we were able to learn a lot from that access.

8 comments

cbisnett

Reply
ctoth  8 months ago

What is weird to me is that you have access to this information at all? It would make sense for the people who use your software ... the IT departments or whatever to have access but why on earth do your engineers need access? What gates access to your customers' machines? What triggers a write-up like this? Hostnames, "machine names" are ... not unique by nature.

  • cybergreg  8 months ago

    Huntress is a cybersecurity company. They’re specifically hired for this purpose, to protect the company and its assets.

    As far as unique identifiers go, advertisers use a unique fingerprint of your browser to target you individually. Cookies, JavaScript, screen size, etc, are all used.

    • ctoth  8 months ago

      The article states that the "attacker" downloaded the software via a Google ad, not deployed by their corporate IT.

      I'm also slightly curious as to if you might be associated with an EDR vendor? I notice that you only have three comments ever, and they all seem to be defending how EDR software and Huntress works without engaging with this specific instance.

      4 replies →