Security Operations Center

Huntress 24/7
Security Operations Center

If an incident goes down at 3:00pm or 3:00am, this elite AI-assisted SOC team has your back.

Picture of Huntress SOC employees working around computer screens

Threats Our SOC’s Been Wrecking

The Huntress SOC is always looking for the most advanced threats targeting businesses like yours. Here's how they responded to some of them.

SlashAndGrab

CVE-2024-1709, CVE-2024-1708

Quickly reverse-engineered the ScreenConnect vulnerability delivering a universal hotfix
Issued first public detection guidance (with ongoing updates)
Collaborated directly with ConnectWise to facilitate their response

Read more about this exploit

SlashAndGrab
CVE-2024-1709, CVE-2024-1708
Quickly reverse-engineered the ScreenConnect vulnerability delivering a universal hotfix
Issued first public detection guidance (with ongoing updates)
Collaborated directly with ConnectWise to facilitate their response
Read more about this exploit
FOUNDATION Accounting Software
Uncovered an emerging threat affecting the construction industry
Confirmed 33 publicly exposed hosts with unchanged default
Shared findings with FOUNDATION to support their response plan
Read more about this exploit
Cleo
CVE-2024-55956
Stopped active threats to endpoints with Managed EDR IP Blocking feature
Created custom detections for compromised Cleo Lexicom, VLTransfer, and Harmony products
Launched investigation guide to triage in a scalable and consistent way
Read more about this exploit
CrushFTP
CVE-2025-31161
Found additional post-exploitation threat actvity abusing RMM tooling
Notified 70+ customer companies running unpatched versions of CrushFTP
Released two public Sigma rules to help improve detection for the broader community
Read more about this exploit
Qakbot
Delivered 10,000+ incident reports to customer and partners
Created internal vaccine to shutdown Qakbot on endpoints
Cut new Qakbot infections to nearly zero in two weeks post-vaccine
Read more about this exploit
Kaseya
CVE-2021-30116
Hosted a community webinar for MSPs and resellers during the recovery phase
Pushed internal vaccine to all Huntress agents within hours of initial attack
Partnered with law enforcement, cloud service providers, and Kaseya security team on recovery efforts
Read more about this exploit

SlashAndGrab
CVE-2024-1709, CVE-2024-1708
Quickly reverse-engineered the ScreenConnect vulnerability delivering a universal hotfix
Issued first public detection guidance (with ongoing updates)
Collaborated directly with ConnectWise to facilitate their response
Read more about this exploit
FOUNDATION Accounting Software
Uncovered an emerging threat affecting the construction industry
Confirmed 33 publicly exposed hosts with unchanged default
Shared findings with FOUNDATION to support their response plan
Read more about this exploit
Cleo
CVE-2024-55956
Stopped active threats to endpoints with Managed EDR IP Blocking feature
Created custom detections for compromised Cleo Lexicom, VLTransfer, and Harmony products
Launched investigation guide to triage in a scalable and consistent way
Read more about this exploit
CrushFTP
CVE-2025-31161
Found additional post-exploitation threat actvity abusing RMM tooling
Notified 70+ customer companies running unpatched versions of CrushFTP
Released two public Sigma rules to help improve detection for the broader community
Read more about this exploit
Qakbot
Delivered 10,000+ incident reports to customer and partners
Created internal vaccine to shutdown Qakbot on endpoints
Cut new Qakbot infections to nearly zero in two weeks post-vaccine
Read more about this exploit
Kaseya
CVE-2021-30116
Hosted a community webinar for MSPs and resellers during the recovery phase
Pushed internal vaccine to all Huntress agents within hours of initial attack
Partnered with law enforcement, cloud service providers, and Kaseya security team on recovery efforts
Read more about this exploit

Prominently featured in

The Ethical Badasses Behind The SOC

When we say “people-powered cybersecurity,” we aren’t just talking about the people who keep our platform running. We’re talking about the people working around the globe 24/7, 365 days a year, who make what we do possible, and here are a few of them.