Out of the Woods: The Threat Hunting Podcast

*[LIVE] Out of the Woods: The Threat Hunting Podcast The Intersection of AI and Threat Hunting: What Problems Emerge, What Problems Get Solved July 10, 2025 | 12:00 - 1:30 PM ET Sign up: https://intel471.com/resources/podcasts/the-intersection-of-ai-and-threat-hunting-what-problems-emerge-what-problems-get-solved *Threat Hunting Management Workshop: Structuring Collaboration Across Teams On-Demand: https://intel471.com/resources/webinars/threat-hunting-management-workshop-structuring-collaboration-across-teams ---------- Top Headlines: Check Point Research | The Discord Invite Loop Hole Hijacked for Attacks SecurityWeek | New ‘SmartAttack' Steals Air-Gapped Data Using Smartwatches Aim Labs | Echoleak M365 SecurityWeek | Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Threat Hunting Management Workshop: Structuring Collaboration Across Teams June 18, 2025 | 12:00 - 12:45 PM ET Sign up: https://intel471.com/resources/webinars/threat-hunting-management-workshop-structuring-collaboration-across-teams ---------- Top Headlines: Trend Micro | TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead Seqrite | Operation Sindoor: Anatomy of a High-Stakes Cyber Siege | Seqrite DTI | Inside a VenomRAT Malware Campaign - DomainTools Investigations Seqrite | Umbrella of Pakistani Threats: Converging Tactics of Cyber-operations Targeting India ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: Qualys | Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT WIRED | How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes WeLiveSecurity | ESET APT Activity Report Q4 2024–Q1 2025 BleepingComputer | New 'Defendnot' tool tricks Windows into disabling Microsoft Defender ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: Proofpoint | TA406 Pivots to the Front hunt.io | APT36-Linked ClickFix Campaign Spoofs Indian Ministry of Defence, Targets Windows & Linux Users Google Cloud Blog | COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs genians.co.kr | Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story) ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Clue by Clue: Can You Name the Threat Actor? Out of the Woods: The Threat Hunting Podcast returns with a special edition live episode built to sharpen how threat hunters think about adversary behavior. Our hosts will walk through a real-world threat actor's activity one phase at a time, revealing tradecraft clues as the investigation unfolds. Listeners will have the chance to analyze the behavior and submit their best guess before the final reveal. This live, interactive session is grounded in real tradecraft and practical threat hunting techniques. You'll see how MITRE ATT&CK techniques map to observed activity, how vertical-specific targeting shapes decisions, and how behavioral patterns can point to attribution faster. What We'll Cover: Real adversary behavior – A phase-by-phase walkthrough of a known threat actor's campaign MITRE ATT&CK in context – How techniques are applied in real incidents Recognizing tradecraft patterns – What links certain behaviors across threat actors Sector-specific targeting – How industry focus shapes attacker decisions Interactive analysis – Submit your guess before the threat actor is revealed live Engage with the Community! Join our Discord server during the episode to follow the clues, connect with other hunters, and share your thoughts in real time. Don't miss this chance to train your instincts and challenge your threat hunting perspective. Join the discussion here: https://discord.gg/DR4mcW4zBr ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Out of the Woods: The Threat Hunting Podcast - "Guess Who: The Adversary Edition" May 8, 2025 | 12:00 - 1:30 PM ET Sign Up: https://intel471.com/resources/podcasts/ootw-guess-who-the-adversary-edition Threat Hunting Workshop: Hunting for Execution - Level 2 May 14, 2025 | 12:00 - 1:00 PM ET Sign Up: https://intel471.com/resources/webinars/threat-hunting-workshop-15-hunting-for-execution-level-2 ---------- Top Headlines: Netcraft | Darcula-Suite Adds AI: Phishing Kits Now More Accessible CYFIRMA | Technical Malware Analysis Report: Python-based RAT Malware Google Cloud Blog | Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Cloud Blog The Cloudflare Blog | Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare's 2025 Q1 DDoS Threat Report ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Out of the Woods: The Threat Hunting Podcast - "Guess Who: The Adversary Edition" May 8, 2025 | 12:00 - 1:30 PM ET Sign Up: https://intel471.com/resources/podcasts/ootw-guess-who-the-adversary-edition Threat Hunting Workshop: Hunting for Execution - Level 2 May 14, 2025 | 12:00 - 1:00 PM ET Sign Up: https://intel471.com/resources/webinars/threat-hunting-workshop-15-hunting-for-execution-level-2 ---------- Top Headlines: Check Point Research | Renewed APT29 Phishing Campaign Against European Diplomats: https://research.checkpoint.com/2025/apt29-phishing-campaign/ JPCERT/CC EYES | DslogdRAT Malware Installed in Ivanti Connect Secure: https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html?&web_view=true Tenable | ConfusedComposer: A Privilege Escalation Vulnerability Impacting GCP Composer: https://www.tenable.com/blog/confusedcomposer-a-privilege-escalation-vulnerability-impacting-gcp-composer Confense | Decoding Fake US ESTA Emails: Scam or Real Deal?: https://cofense.com/blog/decoding-fake-us-esta-emails-scam-or-real-deal?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Out of the Woods: The Threat Hunting Podcast - "Guess Who: The Adversary Edition" May 8, 2025 | 12:00 - 1:30 PM ET Sign Up: https://intel471.com/resources/podcasts/ootw-guess-who-the-adversary-edition Top Headlines: Symantec | Shuckworm Targets Foreign Military Mission Based in Ukraine: https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel BI.ZONE | Sapphire Werewolf Refines Amethyst Stealer to Attack Energy Companies: https://bi.zone/eng/expertise/blog/kamen-ogranennyy-sapphire-werewolf-ispolzuet-novuyu-versiyu-amethyst-stealer-dlya-atak-na-tek/ SentinelOne | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale: https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/ SecureList | GOFFEE Continues to Attack Organizations in Russia: https://securelist.com/goffee-apt-new-attacks/116139/?web_view=true ----------   Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: Elastic | Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective: https://www.elastic.co/security-labs/outlaw-linux-malware G Data | Smoked out - Emmenhtal spreads SmokeLoader malware: https://www.gdatasoftware.com/blog/2025/03/38160-emmenhtal-smokeloader-malware CISA | #StopRansomware: Medusa Ransomware: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a Esentire | The Long and Short(cut) of It: KoiLoader Analysis: https://www.esentire.com/blog/the-long-and-shortcut-of-it-koiloader-analysis ----------   Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode of Out of the Woods: The Threat Hunting Podcast, this live discussion focuses on where threat hunters should focus their time to drive real security impact.  How experienced hunters prioritize their time - What matters most in real-world threat hunting. The biggest mistakes that slow hunters down - Common distractions and how to avoid them. How to refine your investigative approach - Strategies to ensure your hunts lead to real findings. Interesting Artifacts:  https://cybersources.site/ https://github.com/FalconForceTeam/FalconHound https://medium.com/falconforce/falconhound-attack-path-management-for-blue-teams-42adedc9cae5 https://github.com/SpecterOps/BloodHound?tab=readme-ov-file https://github.com/SpecterOps/BloodHound-Legacy https://www.youtube.com/watch?v=Pn7GWRXfgeI https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/cloud-threat-hunting-tactics-for-enhanced-azure-security/

*Top Cover 4 – Threat Hunting Management Workshop: Hiring Effective Threat Hunters March 5, 2025 | 12:00 – 12:45 PM ET Sign Up: https://intel471.com/resources/webinars/top-cover-4-threat-hunting-management-workshop-hiring-effective-threat-hunters *Out of the Woods: The Threat Hunting Podcast [LIVE] March 13, 2025 | 12:00 – 1:30 PM ET Sign Up: https://intel471.com/resources/podcasts/from-skilled-to-tactical-threat-hunting-where-to-focus-for-maximum-impact Threat Hunting Foundations Workshop: Moving Beyond IOCs to Behaviors and TTPs March 27, 2025 | 9:30 am – 1:30 PM ET Sign Up: https://intel471.com/resources/webinars/threat-hunting-foundations-workshop-moving-beyond-iocs-to-behaviors-and-ttps ---------- Top Headlines: Truffle Security Co | Research Finds 12,000 ‘Live' API Keys and Passwords in DeepSeek's Training Data: https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data Trend Micro | Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal: https://www.trendmicro.com/en_us/research/25/b/black-basta-cactus-ransomware-backconnect.html?&web_view=true Intel 471 | Android Trojan TgToxic Updates Its Capabilities: https://intel471.com/blog/android-trojan-tgtoxic-updates-its-capabilities BleepingComputer | Over 49,000 Misconfigured Building Access Systems Exposed Online: https://www.bleepingcomputer.com/news/security/over-49-000-misconfigured-building-access-systems-exposed-online/?&web_view=true ----------   Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*Top Cover 4 – Threat Hunting Management Workshop: Hiring Effective Threat Hunters March 5, 2025 | 12:00 – 12:45 PM ET Sign Up: https://intel471.com/resources/webinars/top-cover-4-threat-hunting-management-workshop-hiring-effective-threat-hunters *Out of the Woods: The Threat Hunting Podcast [LIVE] March 13, 2025 | 12:00 – 1:30 PM ET Sign Up: https://intel471.com/resources/podcasts/from-skilled-to-tactical-threat-hunting-where-to-focus-for-maximum-impact Threat Hunting Foundations Workshop: Moving Beyond IOCs to Behaviors and TTPs March 27, 2025 | 9:30 am – 1:30 PM ET Sign Up: https://intel471.com/resources/webinars/threat-hunting-foundations-workshop-moving-beyond-iocs-to-behaviors-and-ttps ---------- Top Headlines: Netcraft | The Bleeding Edge of Phishing: Dracula-suite 3.0 Enables DIY Phishing of Any Brand: https://www.netcraft.com/blog/darcula-v3-phishing-kits-targeting-any-brand/ The Cyber Express | Ghost in the Shell: Null-AMSI Bypasses Security to Deploy AsyncRAT: https://thecyberexpress.com/asyncrat-attack/?&web_view=true Cisco Talos Blog | Weathering the Storm: In the Midst of a Typhoon: https://blog.talosintelligence.com/salt-typhoon-analysis/ ANY.RUN's Cybersecurity Blog | Zhong Stealer: Technical Analysis of a Threat Targeting FIntech: https://any.run/cybersecurity-blog/zhong-stealer-malware-analysis/?utm_source=csn&utm_medium=article&utm_campaign=webinar&utm_content=landing&utm_term=200225 ----------    Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Top Cover 4 – Threat Hunting Management Workshop: Hiring Effective Threat Hunters March 5, 2025 | 12:00 – 12:45 PM EST Sign Up: https://intel471.com/resources/webinars/top-cover-4-threat-hunting-management-workshop-hiring-effective-threat-hunters [LIVE] OOTW Live Podcast – From Skilled to Tactical Threat Hunting: Where to Focus for Maximum Impact March 13, 2025 | 12:00 – 1:30 PM EST Sign Up: https://intel471.com/resources/podcasts/from-skilled-to-tactical-threat-hunting-where-to-focus-for-maximum-impact ----------    Top Headlines: Netskope | Telegram Abused as C2 Channel for New Golang Backdoor: https://www.netskope.com/blog/telegram-abused-as-c2-channel-for-new-golang-backdoor Sygnia | Abyss Locker Ransomware: Attack Flow & Defense Strategies: https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis/?web_view=true Security Labs | whoAMI: A Cloud Image Name Confusion Attack: https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/ Trend Micro | Lumma Stealer's GitHub-Based Delivery Explored via Managed Detection and Response: https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html ----------    Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode of Out of the Woods, Scott Poley sits down with Matt Scheurer at the Information Security Summit in Cleveland to discuss his journey into cybersecurity, from early tech fascination to leading incident response teams. Matt shares insights on breaking into the field, the challenges of asset management and alert fatigue, and the importance of mentorship and professional networking. He also highlights key lessons from incident response, the value of cross-team collaboration, and how security teams can stay ahead of evolving threats. Whether you're new to cybersecurity or a seasoned professional, this conversation offers valuable takeaways on building a successful career in security. Connect with Matt: https://www.linkedin.com/in/mattscheurer/ ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Threat Hunting Workshop: Hunting for Initial Access – Level 2 February 12, 2025 | 12:00 – 1:00 PM ET Sign Up --> https://intel471.com/resources/webinars/threat-hunting-workshop-14-hunting-for-initial-access-level-2 ---------- Top Headlines: Wiz Blog | Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak Google | Adversarial Misuse of Generative AI: https://services.google.com/fh/files/misc/adversarial-misuse-generative-ai.pdf Cisco Talos Blog | New TorNet Backdoor Seen in Widespread Campaign: https://blog.talosintelligence.com/new-tornet-backdoor-campaign/ BleepingComputer | Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics: https://www.bleepingcomputer.com/news/security/time-bandit-chatgpt-jailbreak-bypasses-safeguards-on-sensitive-topics/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode, "The Art of the Hunt: Turning Intel into Action," our expert team explores the nuances of threat intelligence, including behavioral and indicator-based approaches, and how to effectively leverage them for superior outcomes. Here's what to expect: Understanding Intelligence: Learn the key differences between raw data and operationalized threat intelligence, and why context and relevance are crucial. Behavioral vs. Indicator-Based Intel: Explore why focusing on attacker goals, techniques, and patterns offers lasting value over short-lived indicators. Maximizing MITRE ATT&CK: Discover how to navigate its strengths and challenges to align threat intelligence with real-world scenarios. What Defines Good Threat Intel: Delve into attributes like timeliness, behavior tracking, and tailored context for better hunting. Practical Strategies: Gain insights into transforming collected data into meaningful hypotheses that align with your unique environment. Interesting Artifacts:  https://www.mcafee.com/blogs/other-blogs/mcafee-labs/githubs-dark-side-unveiling-malware-disguised-as-cracks-hacks-and-crypto-tools/ https://www.focustodo.cn/#features https://github.com/center-for-threat-informed-defense/cti-blueprints/wiki

In this episode of Intel 471's Out of the Woods: Threat Hunting Podcast, Arun DeSouza shares insights from his journey as a cybersecurity leader, including the importance of zero trust, identity management, and data sovereignty. Arun emphasizes the value of strong relationships, mentorship, and continuous learning in overcoming challenges like IoT risks and responsible AI adoption. Packed with practical advice, this conversation offers valuable takeaways for cybersecurity professionals at any stage of their career. Connect with Arun: https://www.linkedin.com/in/arundesouza/ ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Out of the Woods Podcast January 30, 2025 | 12:00 - 1:30 PM ET Sign Up --> https://intel471.com/resources/podcasts/the-art-of-the-hunt-turning-intel-into-action [LIVE] Threat Hunting Workshop: Hunting for Initial Access – Level 2 February 12, 2025 | 12:00 – 1:00 PM ET Sign Up --> https://intel471.com/resources/webinars/threat-hunting-workshop-14-hunting-for-initial-access-level-2 ---------- Top Headlines: Sekoia.ai Blog | Sneaky 2FA: Exposing a New AiTM Phishing-as-a-Service: https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/ Netcraft | The Truth of the Matter: Scammers Targeting Truth Social Users: https://www.netcraft.com/blog/truth-social-scam-threat-review/ Silverfort | Think You Blocked NTLMv1? Bypassing NTLM Authentication is Still Possible: https://www.silverfort.com/blog/ntlmv1-bypass-in-active-directory-technical-deep-dive/ Cybersecurity News | CVE-2025-0411: 7-Zip Security Vulnerability Enables Code Execution – Update Now: https://securityonline.info/cve-2025-0411-7-zip-security-vulnerability-enables-code-execution-update-now/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Out of the Woods Podcast January 30, 2025 | 12:00 - 1:30 PM ET Sign Up --> https://intel471.com/resources/podcasts/the-art-of-the-hunt-turning-intel-into-action Top Headlines: Truffle Security | Millions of Accounts Vulnerable due to Google's OAuth Flaw: https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw Halcyon | Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C: https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c Horizon3 | Critical Vulnerabilities in SimpleHelp Remote Support Software: https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/ Sekoia | Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations: https://blog.sekoia.io/double-tap-campaign-russia-nexus-apt-possibly-related-to-apt28-conducts-cyber-espionage-on-central-asia-and-kazakhstan-diplomatic-relations/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Out of the Woods Podcast January 30, 2025 | 12:00 - 1:30 PM ET Sign Up --> https://intel471.com/resources/podcasts/the-art-of-the-hunt-turning-intel-into-action Top Headlines: Socket | Quesar RAT Disguised as an npm Package for Detecting Vulnerabilities in Etherium Smart Contract: https://socket.dev/blog/quasar-rat-disguised-as-an-npm-package BleepingComputer | Windows 10 Users Urged to Upgrade to Avoid “Security Fiasco: https://www.bleepingcomputer.com/news/microsoft/windows-10-users-urged-to-upgrade-to-avoid-security-fiasco/?&web_view=true The Hacker News | When Good Extensions Go Bad: Takeways from the Campaign Targeting Browser Extensions: https://thehackernews.com/2024/12/when-good-extensions-go-bad-takeaways.html?m=1 The Python Package Index Blog | Project Quarantine – The Python Package Index Blog: https://blog.pypi.org/posts/2024-12-30-quarantine/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: Elastic Security Labs | Declawing PUMAKIT: https://www.elastic.co/security-labs/declawing-pumakit XLab | Glutton: a New Zero-Day Detection PHP Backdoor from Winnti Targets Cybercriminals: https://blog.xlab.qianxin.com/glutton_stealthily_targets_mainstream_php_frameworks-en/ Claroty | Inside a New OT/IoT Cyberweapon: IOCONTROL - https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol SecureList | Careto is Back: What's New After 10 Years of Silence?: https://securelist.com/careto-is-back/114942/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: Embrace The Red | DeepSeek AI: From Prompt Injection to Account Takeover: https://embracethered.com/blog/posts/2024/deepseek-ai-prompt-injection-to-xss-and-account-takeover/ Huntress | Cleo Software Actively Being Exploited in the Wild: https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild Zscaler | Unveiling RevC2 and Venom Loader: https://www.zscaler.com/blogs/security-research/unveiling-revc2-and-venom-loader Cyble | Threat Actor Targets Manufacturing Industry with Malware: https://cyble.com/blog/threat-actor-targets-manufacturing-industry-with-malware/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Welcome to Out of the Woods: The Threat Hunting Podcast! In this episode, "The Ideal Outcome: The Gift of a Well-Crafted Threat Hunt," our expert team dives into what it means to reach the “ideal outcome” as a threat hunter, offering actionable insights to help you build an effective and enduring approach. This episode discussed:  Long-Term Impact: Discover how a structured threat hunt can benefit both hunters and their organizations, reinforcing stronger security measures and insights that last. Security Stack Essentials: Learn about the ideal tools and technologies that make up a robust security stack, empowering you to align hunting efforts with broader security goals. Integration and Team Synergy: Find out how to integrate threat hunting with security operations teams, fostering collaboration to create a well-rounded defense approach. Skills for the Future: We'll also discuss the critical skills and techniques that help threat hunters stay effective in an evolving threat landscape. Interesting Artifacts:  https://gptzero.me/ https://atomicgen.io/ https://securitydatasets.com/introduction.html

**Out of the Woods: The Threat Hunting Podcast [LIVE EPISODE] December 5, 2024 | 12:00 - 1:30 PM EST Sign Up Here: https://intel471.com/resources/podcasts/the-ideal-outcome-the-gift-of-a-well-crafted-threat-hunt ---------- In this episode of Out of the Woods: The Threat Hunting Podcast, host Scott Poley speaks with Dr Joshua Scarpino, VP of Information Security at TrustEngine and CEO of Assessed.Intelligence, during the Information Security Summit in Cleveland. Josh shares insights from his extensive career in IT and security, diving into responsible technology deployment and the challenges of managing AI systems. Learn how organizations can implement guardrails to mitigate risks, tackle scope creep, and build foundational frameworks like the NIST AI Risk Management Framework (RMF). Josh also emphasizes the importance of addressing unknown risks and the need for diverse perspectives in AI system development to ensure fairness and accountability. Tune in to gain practical strategies for assessing risks, establishing governance, and driving secure innovation in today's evolving tech landscape. *Connect with Dr. Joshua Scarpino: https://www.linkedin.com/in/joshuascarpino/ ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

**Out of the Woods: The Threat Hunting Podcast [LIVE EPISODE] December 5, 2024 | 12:00 - 1:30 PM EST Sign Up Here: https://intel471.com/resources/podcasts/the-ideal-outcome-the-gift-of-a-well-crafted-threat-hunt ---------- Top Headlines: We Live Security | Unveiling WolfsBane: Gelsemium's Linux counterpart to Gelsevirine: https://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/ Phylum Research | Python Crypto Library Updated to Steal Private Keys: https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys/?&web_view=true Censys | The 2024 State of the Internet Report: Internet-Connected Industrial Control System: https://go.censys.com/rs/120-HWT-117/images/2024SOTIR.pdf Hunters Security | Unmasking VEILDrive: Threat Actors Exploit Microsoft Services for C2: https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode of Out of the Woods: The Threat Hunting Podcast, Scott Poley sits down with Brian Hill, a cybersecurity leader with a rich background in law enforcement, military service, and corporate security. Brian shares his journey from major crimes detective and forensics expert to building and managing Security Operations Centers (SOCs) at organizations like Arctic Wolf and Black Cloak. The discussion highlights challenges in scaling SOCs, the importance of balancing specialized expertise with cross-functional training, and unique threats faced by high-profile individuals, such as SIM swapping and personal device vulnerabilities. Brian also explores broader trends like artificial intelligence and deepfake technology, emphasizing the need for education and proactive measures to stay ahead of evolving cyber threats. *Connect with Brian Hill: https://www.linkedin.com/in/brian-hill-776b50100/ ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode of Out of the Woods: The Threat Hunting Podcast, Scott Poley catches up with Violet Sullivan, cyber services lead for insurance carrier Crum and Forester, at the Information Security Summit in Cleveland. Violet dives into the evolving world of cyber insurance, shedding light on the often-overlooked layers of coverage that go beyond cyber events, including system outages and privacy litigation. She explains the shifting focus from ransomware to privacy issues, and how the rising importance of privacy is impacting both insurance policies and legal frameworks. They discuss the nuanced world of privacy litigation and emerging technologies like privacy scans, which scrutinize website data collection practices. Violet also addresses the current debate on AI training data, ownership, and privacy, offering insights into the challenges and implications for companies and individuals alike. If you're interested in the intersection of cyber insurance, privacy, and AI, this episode offers a compelling look at how these fields are rapidly converging. *Connect with Violet Sullivan: https://www.linkedin.com/in/txcyberlawyer/ ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

**Threat Hunting Workshop: Hunting for Discovery November 20, 2024 | 12:00 – 1:00 PM EST Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery **Out of the Woods: The Threat Hunting Podcast [LIVE EPISODE] December 5, 2024 | 12:00 - 1:30 PM EST Sign Up Here: https://intel471.com/resources/podcasts/the-ideal-outcome-the-gift-of-a-well-crafted-threat-hunt ---------- Top Headlines: Sophos News | Bengal cat lovers in Australia get psspsspss'd in Google-driven Gootloader campaign: https://news.sophos.com/en-us/2024/11/06/bengal-cat-lovers-in-australia-get-psspsspssd-in-google-driven-gootloader-campaign/?amp=1 Wiz Blog | Investigating 0ktapus: Phishing Analysis & Detection: https://www.wiz.io/blog/unmasking-phishing-strategies-for-identifying-0ktapus-domains?&web_view=true FortiGuard Labs | New Campaign Uses Remcos RAT to Exploit Victims: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims Cado Security Labs | GuLoader: Evolving Tactics in Latest Campaign Targeting European Industry: https://www.cadosecurity.com/blog/guloader-targeting-european-industrial-companies ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this bonus episode of Out of the Woods, Scott Poley sits down with John DiMaria, Director of Operations Excellence at the Cloud Security Alliance (CSA), live from the Information Security Summit in Cleveland. DiMaria discusses his pivotal role in developing CSA's STAR (Security, Trust, Assurance, and Risk) program and shares insights on cloud security, the evolution of the STAR program, and its alignment with CSA's Cloud Controls Matrix (CCM). They also explore the future of STAR in the AI landscape, the crucial role of shared responsibility models in cloud security, and the importance of continuous monitoring and compliance in securing cloud infrastructure. DiMaria highlights his experience and CSA's ongoing efforts to provide businesses with practical resources and tools to manage cloud and AI security risks. Perfect for anyone looking to understand the landscape of cloud security and CSA's impact on the field, this episode offers a deep dive into the essential frameworks guiding secure cloud practices today. Tune in for this engaging and informative conversation! *Connect with John DiMaria: https://www.linkedin.com/in/johndimaria/ ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc

**Threat Hunting Workshop: Hunting for Discovery November 20, 2024 | 12:00 – 1:00 PM ET Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery ---------- Top Headlines: Unit 42 | Jumpy Pisces Engages in Play Ransomware: https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/ Help Net Security | Sophos Mounted Counter-Offensive Operation to Foil Chinese Attackers: https://www.helpnetsecurity.com/2024/10/31/sophos-china-defensive-operation/?web_view=true Project Zero | From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code: https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html?m=1 The Cyber Express | HeptaX: Uncovering Cyberespionage Operations Through Unauthorized RDP Connections: https://thecyberexpress.com/heptax-cyberattack/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*Join our Threat Hunting Workshop: Hunting for Discovery* November 20, 2024 | 12:00 - 1:00 PM ET Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery ---- In this live episode of Out of the Woods: The Threat Hunting Podcast, we dive into essential threat hunting techniques and the journey to mastering the craft.  Join us as we discuss: Building resilience through community insights and shared resources Practical threat hunting tips with the latest from GitHub repositories and threat actor techniques Managing the grind and balancing detection with proactive hunting strategies Enhancing skill sets by embracing the unknowns in the journey Interesting Artifacts: https://github.com/BushidoUK https://github.com/salesforce/logai?tab=readme-ov-file#documentation https://opensource.salesforce.com/logai/latest/intro.html https://detect.fyi/have-you-been-keeping-up-with-your-low-confidence-detections-494c742202e4

**[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter ---------- Top Headlines: Aqua | perfctl: A Stealthy Malware Targeting Millions of Linux Servers: https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/  Cisco Talos Blog | Threat Actor Believed to be Spreading New MedusaLocker Variant in Europe and South America: https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/?&web_view=true Proofpoint US | Security Brief: Royal Mail Lures Deliver Open Source Prince Ransomware: https://www.proofpoint.com/us/blog/threat-insight/security-brief-royal-mail-lures-deliver-open-source-prince-ransomware Security Affairs | Kyiv's Hackers Launched an Unprecedented Cyber Attack on Russian State Media VGTRK on Putin's Birthday: https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html?web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection **[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter ---------- Top Headlines: The Hacker News | Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution: https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1 The DFIR Report | Nitrogen Campaign Drops Silver and Ends With BlackCat Ransomware: https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/ Netskope | DCRat Targets Users with HTML Smuggling: https://www.netskope.com/blog/dcrat-targets-users-with-html-smuggling CISA Analysis: Fiscal Year 2023 Risk and Vulnerability Assessments: https://www.cisa.gov/sites/default/files/2024-09/FY23_RVA_Analysis_508.pdf ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection **[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter ---------- In this episode of Out of the Woods: The Threat Hunting Podcast, Scott Poley and Tom Kastura explore the latest threat-hunting insights, starting with UNC 2970, a North Korean-linked group using trojanized PDF readers to target industries like energy and finance. They discuss how the group's phishing tactics exploit job openings and the use of telemetry to detect malicious activity. The episode also covers a campaign leveraging CAPTCHA pages to deliver the Luma Stealer malware and dives into the risk of poisoned Python packages compromising supply chains. Tune in for strategies to stay proactive against advanced threats and enhance your hunting techniques. Top Headlines: Unit 42 | Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors: https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/?web_view=true CloudSEK | Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages: https://www.cloudsek.com/blog/unmasking-the-danger-lumma-stealer-malware-exploits-fake-captcha-pages?&web_view=true Google Cloud | An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader: https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader DarkReading | For $20, Researchers Seize Part of Net Infrastructure: https://www.darkreading.com/cyber-risk/researchers-seize-internet-infrastructure-for-20?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection In this episode of Out of the Woods: The Threat Hunting Podcast, Scott and Lee discuss four key topics: North Korea's social engineering attacks on the crypto industry, the rise of the malicious Chrome extension Luma C2 Stealer, a phishing and doxxing campaign by Russian threat actors targeting NGOs, and hacktivist attacks on Russian and Belarusian institutions using ransomware and common tools. They highlight the growing sophistication of these tactics and stress the importance of vigilance and proactive threat hunting to defend against these increasingly complex threats. Top Headlines: 1. FBI | Public Service Announcement - North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks: https://www.ic3.gov/Media/Y2024/PSA240903 2. Cybersecurity News | Beware the Drive-By Download: LummaC2 Stealer and Malicious Chrome Extension Wreak Havoc: https://securityonline.info/beware-the-drive-by-download-lummac2-stealer-and-malicious-chrome-extension-wreak-havoc/?&web_view=true 3. The Hacker News | North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams: https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html 4. SecureList | Head Mare: Adventures of a Unicorn in Russia and Belarus: https://securelist.com/head-mare-hacktivists/113555/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode of "Out of the Woods: The Threat Hunting Podcast," Scott and Tom dive into the latest threat hunting headlines for the week of September 2nd, 2024. They explore how basic techniques are being repurposed in advanced ways, such as using Google Sheets for command and control in a suspected espionage campaign and employing web dev to enhance phishing attacks. The discussion also covers a new wave of skimming attacks targeting e-commerce sites and a deep dive into APT32's advanced persistence tactics in a long-term intrusion. Scott and Tom offer insights and strategies for threat hunters to detect and counter these evolving threats. Top Headlines: 1. Huntress | Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders: https://www.huntress.com/blog/advanced-persistent-threat-targeting-vietnamese-human-rights-defenders?&web_view=true 2. Objective-See | A Surreptitious Cryptocurrency Miner in the Mac App Store?: https://objective-see.org/blog/blog_0x2B.html 3. Malwarebytes | Hundreds of Online Stores Hacked in New Campaign: https://www.malwarebytes.com/blog/news/2024/08/hundreds-of-online-stores-hacked-in-new-campaign?web_view=true 4. Proofpoint US | The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers "Voldemort": https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode of the "Out of the Woods Threat Hunting Podcast," Scott and Tom break down the top threat hunting stories for the week of August 26, 2024. They dive into SetXP, a stealthy Linux malware that manipulates UDEV rules to evade detection, and explore why it's not yet on the MITRE ATT&CK radar. The duo also covers PeakLight, a new memory-only dropper, and Stick Stealer, a malware targeting browser data and crypto wallets. Wrapping up with insights from a BlackSuit ransomware breach, they discuss how attackers often reuse old techniques in new ways. This episode challenges the notion of what truly makes an execution unique, offering practical tips for staying ahead of evolving threats. 1. AON | Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules: https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp 2. The DFIR Report | BlackSuit Ransomware: https://thedfirreport.com/2024/08/26/blacksuit-ransomware/ 3. Check Point Research | Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove: https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/ 4. Google Cloud Blog | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?&web_view=true Stay in Touch! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

In this week's Top 5 Threat Hunting Headlines, Scott and Tom discuss top cybersecurity threats, including Kaspersky's Tusk InfoStealer campaign, a cloud extortion campaign exploiting AWS environments, APT41's advanced tactics against a Taiwanese research institute, and the Banshee InfoStealer targeting macOS. They also explore the impact of AI on cybersecurity, emphasizing the need for SOCs to evolve with new talent and strategies to address emerging threats. The episode underscores the importance of staying vigilant and adapting to the rapidly changing threat landscape. Top 5 Threat Hunting Headlines - 19 Aug 2024 1. Secure List | Tusk Campaign Uses Infostealers and Clippers for Financial Gain https://securelist.com/tusk-infostealers-campaign/113367/ 2. Unit 42 | Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/ 3. Cisco Talos Blog | APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute with ShadowPad and Cobalt Strike https://blog.talosintelligence.com/chinese-hacking-group-apt41-compromised-taiwanese-government-affiliated-research-institute-with-shadowpad-and-cobaltstrike-2/?&web_view=true 4. Elastic Security Labs | Beyond the Wail: Deconstructing the BANSHEE Infostealer https://www.elastic.co/security-labs/beyond-the-wail 5. Help Net Security | 74% of IT Professionals Worry That AI Tools Will Replace Them https://www.helpnetsecurity.com/2024/08/15/it-professionals-ai-worry/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Top 5 Threat Hunting Headlines - 12 Aug 2024 1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackers https://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true 2. ReasonLabs | Enterprise Grade Security to All of Your Personal Devices https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign 3. DFIR | Threat Actors' Toolkit: Leveraging Silver, PoshC2 & Batch Scripts https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/ 4. SafeBreach | Downgrade Attacks Using Windows Updates https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/ 5. Cyble | Double Trouble: Latrodectus and ACR Stealer Observed Spreading Via Google Authenticator Phishing Site https://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 29 July 2024 1. Bleeping Computer | Acronis Warns of Cyber Infrastructure Default Password Abused in Attacks https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/?&web_view=true 2. Guardio Labs | “EchoSpoofing” – A Massive Phishing Campaigns Exploiting Proofpoint's Email Protevtion to Dispatch Millions of Perfectly Spoofed Emails https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=b32e776ffab3 3. Esentire | Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT https://www.esentire.com/blog/a-dropper-for-deploying-gh0st-rat?&web_view=true 4. Check Point Research | Stargazers Ghost Network https://research.checkpoint.com/2024/stargazers-ghost-network/ 5. Help Net Security | Most CISO's Feel Unprepared for New Compliance Regulations https://www.helpnetsecurity.com/2024/07/26/cisos-compliance-regulations-preparedness/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 22 July 2024 1. Popular Ukrainian Telegram Channels Hacked to Spread Russian Propaganda https://therecord.media/ukrainian-news-telegram-channels-hacked-russian-propaganda?&web_view=true 2. New Play Ransomware Linux Variant Targets ESXI Shows Ties with Prolific Puma https://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html 3. Dragos Frostygoop Report https://regmedia.co.uk/2024/07/23/dragos_frostygoop-report.pdf 4. Likely Ecrome Actor Capitalizing on Falcon Sensor Issues https://www.crowdstrike.com/blog/likely-ecrime-actor-capitalizing-on-falcon-sensor-issues/ 5. Internet Organised Crime Threat Assessment 2024 https://www.europol.europa.eu/cms/sites/default/files/documents/Internet%20Organised%20Crime%20Threat%20Assessment%20IOCTA%202024.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 15 July 2024 1. Infosecurity Magazine | CISA Urges Software Makers to Eliminate OS Command Injection Flaws https://www.infosecurity-magazine.com/news/cisa-software-eliminate-command/?&web_view=true 2. Wazuh | Detecting Living Off the Land Attacks with Wazuh https://wazuh.com/blog/detecting-living-off-the-land-attacks-with-wazuh/ 3. ClickFIx Deception: A Social Engineering Tactic to Deploy Malware https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/ 4. The Hacker News | 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit https://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html?m=1 5. Blackberry | Coyote Banking Trojan Targets LATAM with a Focus on Brazillian Financial Institutions  https://blogs.blackberry.com/en/2024/07/coyote-banking-trojan-targets-latam-with-a-focus-on-brazilian-financial-institutions?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 1 July 2024 1. Qualys Security Blog | Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server?web_view=true 2. ZScaler | Kimsuky Deploys TRANSLATEXT to Target South Korean Academia https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia 3. The Register | Police Allege 'Evil Twin' In-Flight WiFi Used to Steal Info & Australian Federal Police | Man Charged Over Creation of 'Evil Twin' Free WiFi Networks to Access Personal Data https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/?&web_view=true https://www.afp.gov.au/news-centre/media-release/man-charged-over-creation-evil-twin-free-wifi-networks-access-personal 4. GitHub | JPCERTCC/LogonTracer https://github.com/JPCERTCC/LogonTracer 5. Help Net Security | 75% of New Vulnerabilities Exploited Within 19 Days  https://www.helpnetsecurity.com/2024/06/27/nvd-vulnerabilities/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 25 June 2024 1. Positive Technologies | ExCobalt: GORed, the hidden-tunnel technique https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/excobalt-gored-the-hidden-tunnel-technique/ 2. Cisco Talos | SneakyChef espionage group targets government agencies with SugarCh0st and more infection techniques https://blog.talosintelligence.com/sneakychef-sugarghost-rat/ 3. Help Net Security | 1 out of 3 breaches go undetected  https://www.helpnetsecurity.com/2024/06/24/detecting-breaches-struggle-in-organizations/?web_view=true 4. Ars Technica | Dell said return to office or else - nearly half of the workers chose "or else" https://arstechnica.com/gadgets/2024/06/nearly-half-of-dells-workforce-refused-to-return-to-the-office/ 5. Infosecurity Magazine | Cybersecurity Burnout Costing Firms $700m+ Annually https://www.infosecurity-magazine.com/news/cybersecurity-burnout-costing-700m/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 10 June 2024 1. Google Cloud | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion 2. Morphisec | Howling at the Inxos: Sticky Werewolf's Latest Malicious Aviation Attacks https://blog.morphisec.com/sticky-werewolfs-aviation-attacks 3. Vonahi Security | Automated Penetration Testing & Cyber Security Services - Top 10 Crticial Pentest Findings Report https://www.vonahi.io/pentest-report-2024?utm=source=701Rp00000B6bue 4. The DFIR Report | IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/ 5. Zscaler | Technical Analysis of the Latest Variant of ValleyRAT https://www.zscaler.com/blogs/security-research/technical-analysis-latest-variant-valleyrat ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Early registration closes on May 24, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 22 May 2024 1. Kandji | Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware https://blog.kandji.io/malware-cuckoo-infostealer-spyware 2. Rapid7 | Ongoing Malvertising Campaign Leads to Ransomware https://www.rapid7.com/blog/post/2024/05/13/ongoing-malvertising-campaign-leads-to-ransomware/ 3. Unit 42 | Payload Trends in Malicious OneNote Samples https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/ 4. Check Point Research | Bad Karma, No Justice: Void Manticore Destructive Activities in Isreal https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/ 5. Aqua Nautilus | Kinsing Demystified - A comprehensive Technical Guide https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Top 5 Threat Hunting Headlines - 13 May 2024 1. Infosecurity Magazine | AI-Powered Russian Network Pushes Fake Political News https://www.infosecurity-magazine.com/news/aipowered-russian-network-fake-news/?&web_view=true 2. Elastic Security Labs | Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Two https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two 3. The Record | Cyberthreat Landscape Permanently Altered by Chinese Operations, US Officials Say https://therecord.media/cyberthreat-landscape-altered-chinese-operations?&web_view=true 4. Elastic Security Labs | Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Four https://www.elastic.co/security-labs/dissecting-remcos-rat-part-four 5. Help Net Security | How Secure is the "Password Protection" on Your Files and Drives? https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Top 5 Threat Hunting Headlines - 22 April 2024 1. The Record | NATO to launch new cyber center to contest cyberspace 'at all times' https://therecord.media/nato-new-military-civilian-cyber-center-mons-belgium?&web_view=true 2. Securonix | Securonix Threat Research Knowledge Sharing Series: Detecting DLL Sideloading Techniques Found In Recent Real-world Malware Attack Chains https://www.securonix.com/blog/detecting-dll-sideloading-techniques-in-malware-attack-chains/ 3.  Darkreading | Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware?&web_view=true 4. HackTricks https://book.hacktricks.xyz 5. CSA | Deploying AI Systems Securely https://media.defense.gov/2024/Apr/15/2003439257/-1/-1/0/CSI-DEPLOYING-AI-SYSTEMS-SECURELY.PDF ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Top 5 Threat Hunting Headlines - 15 April 2024 1. Volexity | Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ 2. Trend Micro | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear https://www.trendmicro.com/en_no/research/24/d/earth-hundun-waterbear-deuterbear.html 3.  The Cyber Express | FatalRAT Targets Cryptocurrency Users With DLL Side-loading Techniques https://thecyberexpress.com/fatalrat-phishing-campaign/?&web_view=true 4. Elastic Security Labs | Linux detection engineering with Auditd https://www.elastic.co/security-labs/linux-detection-engineering-with-auditd 5. NIST Special Publication | Incident Response Recommendations and Considerations for Cybersecurity Risk Management https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r3.ipd.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

To be fully interactive by asking questions and giving feedback and opinions in real-time, join our Discord Server! Be sure to join the live recording of our next episode to be a part of the fun! --> https://discord.gg/sHw5c3qwRh Looking to have your cyber security questions or insights featured on our next episode? Tag #OutOfTheWoodsPodcast on your socials when you share your thoughts. No question is too specific, no insight too niche—we're here for it all!  ------------ Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity TikTok: https://www.tiktok.com/@cyborgsecinc

**[LIVE] Out of the Woods Podcast Episode April 4, 2024 | 7:00 - 8:30 PM ET More Details/Registration