Advanced Threat Hunting with New SSL Features: Unlocking HuntSQL™ Anomaly Flags for Deeper Detection

Hunt.io improved its SSL certificate parsing using Google’s Certificate Transparency library and added a set of HuntSQL flags to detect certificate anomalies and TLS misconfigurations; the report demonstrates how these flags help identify C2 infrastructure for malware such as PupyRAT (malformed X.509 versions), AsyncRAT (missing ephemeral RSA signatures), and the Coyote banking trojan (unknown authorities), and includes example query results and filtering strategies to reduce noise and isolate likely malicious servers.