WingNews logo WingNews
top | item 45185367

(no title)

cbisnett | 5 months ago

Thanks for the feedback on not understanding what we sell from the homepage. We sell an Endpoint Detection and Response (EDR) product that we manage with our 24/7 SOC. To perform the investigations on potentially malicious activity, we can fetch files from the endpoint and review them. We log all of this activity and make it available to our customers. We are an extension of their security team, which means they trust us with this access. We’ve been doing this for more than 10 years and have built up a pretty good reputation, but I can see how that would freak some folks out. We also sell to businesses, so this is something that would be installed on a work computer.

discuss

order

viccis|5 months ago

>We are an extension of their security team, which means they trust us with this access

So if <bad actor> in this writeup read your pitch and decided to install your agent to secure their attack machine, it sounds like they "trusted you with this access". You used that access to surveil them, decide that you didn't approve of their illegal activity, and publish it to the internet.

Why should any company "trust you with this access"? If one of your customers is doing what looks to one of your analysts to be cooking their books, do you surveil all of that activity and then make a blog post about them? "Hey everyone here, it's Huntress showing how <company> made the blunder of giving us access to their systems, so we did a little surprise finance audit of them!"

poemxo|5 months ago

Is it clear to users that their system is monitored and that they have consented to screengrabbing? Unless those screenshots were merely simulated from the Chrome history.

spogbiper|5 months ago

This would generally be covered in your corporate acceptable use policy or employee handbook, where ever your employer describes what is allowable on corporate devices and what is monitored when you use them. Some companies also display a notification when you log in along the lines of "This is an XYZ Corp system, all activity is logged and monitored for malicious behavior"

in general, if you're using a company owned device (the target for this product and many others like it) you should always assume everything is logged

isatsam|5 months ago

How was an individual user (in this article's case, a phishing sites developer) able to install your software and seemingly not notice the level of access they gave you to their computer?

cbisnett|5 months ago

Windows doesn’t have application permissions like Mac, iOS, and Android. An app doesn’t specify what it need to be able to do, it inherits the permissions of the user that launched it. Not a great permissions model, but it’s legacy all the way back to the earliest versions of Windows.

pcthrowaway|5 months ago

Poor english skills if I had to guess; the article mentions they had to translate things, and they didn't read the ToS.