Beyond the Alerts: PuTTY, Hunting, Detections, and Prevention

Episode Summary: 

In this episode of Beyond the Alerts, Blackpoint Cyber’s APG (Adversary Pursuit Group) and BROC (Blackpoint Response Operations Center) team up to share front-line insights into emerging threats. The discussion highlights how legitimate tools like PuTTY are being Trojanized and abused by threat actors, what the team is seeing across industries in Q2, and how proactive hunting and managed application control can help partners stay ahead of adversaries.

What You’ll Learn:

• Practical advice for MSPs: balancing usability and security, leveraging monitoring mode, and moving to blocking mode for full protection.
• How APG and BROC collaborate to turn real-time threat intelligence into actionable detections.
• Q2 threat trends: fake CAPTCHA campaigns, rogue ScreenConnect installations, and widespread use of NetSupport RAT.
• Why MSPs, industrials, and healthcare remain top targets for cybercriminals.
• How attackers Trojanize PuTTY and use malvertising/SEO poisoning to trick users into installing backdoored versions.
• Common persistence techniques, including scheduled tasks and DLL execution.
• Why detection isn’t enough—persistence artifacts often remain even after AV/EDR quarantine.
• How Blackpoint threat hunters identify malicious PuTTY activity through tradecraft and process relationships.
• The role of managed application control (MAC) in blocking rogue tools, enforcing curated blocklists, and triggering SOC investigations.