Episodes

  • S3 Ep5: Be the Bengal, Dig Into the Process

    S3 Ep5: Be the Bengal, Dig Into the Process
    Nov 12 2024
    **Threat Hunting Workshop: Hunting for Discovery
    November 20, 2024 | 12:00 – 1:00 PM EST
    Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery

    **Out of the Woods: The Threat Hunting Podcast [LIVE EPISODE]
    December 5, 2024 | 12:00 - 1:30 PM EST
    Sign Up Here:     https://intel471.com/resources/podcasts/the-ideal-outcome-the-gift-of-a-well-crafted-threat-hunt

    ----------

    Top Headlines:

    1. Sophos News | Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign: https://news.sophos.com/en-us/2024/11/06/bengal-cat-lovers-in-australia-get-psspsspssd-in-google-driven-gootloader-campaign/?amp=1
    2. Wiz Blog | Investigating 0ktapus: Phishing Analysis & Detection: https://www.wiz.io/blog/unmasking-phishing-strategies-for-identifying-0ktapus-domains?&web_view=true
    3. FortiGuard Labs | New Campaign Uses Remcos RAT to Exploit Victims: https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims
    4. Cado Security Labs | GuLoader: Evolving Tactics in Latest Campaign Targeting European Industry: https://www.cadosecurity.com/blog/guloader-targeting-european-industrial-companies

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    34 mins
  • S3 Ep3: [Bonus Episode] Inside Cloud Security with CSA’s John DiMaria

    S3 Ep3: [Bonus Episode] Inside Cloud Security with CSA’s John DiMaria
    Nov 7 2024
    In this bonus episode of Out of the Woods, Scott Poley sits down with John DiMaria, Director of Operations Excellence at the Cloud Security Alliance (CSA), live from the Information Security Summit in Cleveland. DiMaria discusses his pivotal role in developing CSA’s STAR (Security, Trust, Assurance, and Risk) program and shares insights on cloud security, the evolution of the STAR program, and its alignment with CSA's Cloud Controls Matrix (CCM).

    They also explore the future of STAR in the AI landscape, the crucial role of shared responsibility models in cloud security, and the importance of continuous monitoring and compliance in securing cloud infrastructure. DiMaria highlights his experience and CSA's ongoing efforts to provide businesses with practical resources and tools to manage cloud and AI security risks.

    Perfect for anyone looking to understand the landscape of cloud security and CSA’s impact on the field, this episode offers a deep dive into the essential frameworks guiding secure cloud practices today. Tune in for this engaging and informative conversation!

    *Connect with John DiMaria: https://www.linkedin.com/in/johndimaria/

    -----

    Follow Us! Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Instagram: https://www.instagram.com/cyborgsecinc/
    Facebook: https://www.facebook.com/CyborgSecInc
    Show More Show Less
    23 mins
  • S3 Ep4: Security Beyond the Box

    S3 Ep4: Security Beyond the Box
    Nov 5 2024
    **Threat Hunting Workshop: Hunting for Discovery
    November 20, 2024 | 12:00 – 1:00 PM ET
    Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery

    ----------

    Top Headlines:

    1. Unit 42 | Jumpy Pisces Engages in Play Ransomware: https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/
    2. Help Net Security | Sophos Mounted Counter-Offensive Operation to Foil Chinese Attackers: https://www.helpnetsecurity.com/2024/10/31/sophos-china-defensive-operation/?web_view=true
    3. Project Zero | From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code: https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html?m=1
    4. The Cyber Express | HeptaX: Uncovering Cyberespionage Operations Through Unauthorized RDP Connections: https://thecyberexpress.com/heptax-cyberattack/?&web_view=true

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    40 mins
  • S3 Ep1: [LIVE] Blood, Sweat, and Threats: Carving the Perfect Threat Hunter

    S3 Ep1: [LIVE] Blood, Sweat, and Threats: Carving the Perfect Threat Hunter
    Oct 30 2024
    *Join our Threat Hunting Workshop: Hunting for Discovery*
    November 20, 2024 | 12:00 - 1:00 PM ET
    Sign Up Here:     https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery

    ----

    In this live episode of Out of the Woods: The Threat Hunting Podcast, we dive into essential threat hunting techniques and the journey to mastering the craft.

    Join us as we discuss:

    • Building resilience through community insights and shared resources
    • Practical threat hunting tips with the latest from GitHub repositories and threat actor techniques
    • Managing the grind and balancing detection with proactive hunting strategies
    • Enhancing skill sets by embracing the unknowns in the journey

    Interesting Artifacts:

    • https://github.com/BushidoUK
    • https://github.com/salesforce/logai?tab=readme-ov-file#documentation
    • https://opensource.salesforce.com/logai/latest/intro.html
    • https://detect.fyi/have-you-been-keeping-up-with-your-low-confidence-detections-494c742202e4

    🔗 Join our Discord to interact with us at our next live session: https://discord.gg/Ka6tsEc3

    #ThreatHunting #CyberSecurity #OutOfTheWoods #Podcast
    Show More Show Less
    1 hr and 30 mins
  • S2 Ep28: Date Your Data… Swipe Right

    S2 Ep28: Date Your Data… Swipe Right
    Oct 9 2024
    **[LIVE] Out of the Woods: The Threat Hunting Podcast
    October 24, 2024 | 7:00 – 8:30 PM ET
    Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter

    ----------

    Top Headlines:

    1. Aqua | perfctl: A Stealthy Malware Targeting Millions of Linux Servers: https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
    2. Cisco Talos Blog | Threat Actor Believed to be Spreading New MedusaLocker Variant in Europe and South America: https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/?&web_view=true
    3. Proofpoint US | Security Brief: Royal Mail Lures Deliver Open Source Prince Ransomware: https://www.proofpoint.com/us/blog/threat-insight/security-brief-royal-mail-lures-deliver-open-source-prince-ransomware
    4. Security Affairs | Kyiv's Hackers Launched an Unprecedented Cyber Attack on Russian State Media VGTRK on Putin's Birthday: https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html?web_view=true

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    34 mins
  • S2 Ep27: iCUP… Let's Talk Hygiene

    S2 Ep27: iCUP… Let's Talk Hygiene
    Oct 1 2024
    **Threat Hunting Workshop: Hunting for Collection
    October 2, 2024 | 12:00 - 1:00 PM ET
    Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection

    **[LIVE] Out of the Woods: The Threat Hunting Podcast
    October 24, 2024 | 7:00 – 8:30 PM ET
    Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter

    ----------

    Top Headlines:

    1. The Hacker News | Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution: https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1
    2. The DFIR Report | Nitrogen Campaign Drops Silver and Ends With BlackCat Ransomware: https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/
    3. Netskope | DCRat Targets Users with HTML Smuggling: https://www.netskope.com/blog/dcrat-targets-users-with-html-smuggling
    4. CISA Analysis: Fiscal Year 2023 Risk and Vulnerability Assessments: https://www.cisa.gov/sites/default/files/2024-09/FY23_RVA_Analysis_508.pdf

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    41 mins
  • S2 Ep26: WHOIS, or Not WHOIS…

    S2 Ep26: WHOIS, or Not WHOIS…
    Sep 24 2024
    **Threat Hunting Workshop: Hunting for Collection
    October 2, 2024 | 12:00 - 1:00 PM ET
    Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection

    **[LIVE] Out of the Woods: The Threat Hunting Podcast
    October 24, 2024 | 7:00 – 8:30 PM ET
    Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter

    ----------

    In this episode of Out of the Woods: The Threat Hunting Podcast, Scott Poley and Tom Kastura explore the latest threat-hunting insights, starting with UNC 2970, a North Korean-linked group using trojanized PDF readers to target industries like energy and finance. They discuss how the group's phishing tactics exploit job openings and the use of telemetry to detect malicious activity. The episode also covers a campaign leveraging CAPTCHA pages to deliver the Luma Stealer malware and dives into the risk of poisoned Python packages compromising supply chains. Tune in for strategies to stay proactive against advanced threats and enhance your hunting techniques.

    Top Headlines:

    1. Unit 42 | Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors: https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/?web_view=true
    2. CloudSEK | Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages: https://www.cloudsek.com/blog/unmasking-the-danger-lumma-stealer-malware-exploits-fake-captcha-pages?&web_view=true
    3. Google Cloud | An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader: https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader
    4. DarkReading | For $20, Researchers Seize Part of Net Infrastructure: https://www.darkreading.com/cyber-risk/researchers-seize-internet-infrastructure-for-20?&web_view=true

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    39 mins
  • S2 Ep25: Bad Extensions Level Up, Social Engineering Gets Social

    S2 Ep25: Bad Extensions Level Up, Social Engineering Gets Social
    Sep 9 2024
    **Threat Hunting Workshop: Hunting for Collection
    October 2, 2024 | 12:00 - 1:00 PM ET
    Sign Up >     https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection

    In this episode of Out of the Woods: The Threat Hunting Podcast, Scott and Lee discuss four key topics: North Korea’s social engineering attacks on the crypto industry, the rise of the malicious Chrome extension Luma C2 Stealer, a phishing and doxxing campaign by Russian threat actors targeting NGOs, and hacktivist attacks on Russian and Belarusian institutions using ransomware and common tools. They highlight the growing sophistication of these tactics and stress the importance of vigilance and proactive threat hunting to defend against these increasingly complex threats.

    Top Headlines:

    1. FBI | Public Service Announcement - North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks: https://www.ic3.gov/Media/Y2024/PSA240903
    2. Cybersecurity News | Beware the Drive-By Download: LummaC2 Stealer and Malicious Chrome Extension Wreak Havoc: https://securityonline.info/beware-the-drive-by-download-lummac2-stealer-and-malicious-chrome-extension-wreak-havoc/?&web_view=true
    3. The Hacker News | North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams: https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html
    4. SecureList | Head Mare: Adventures of a Unicorn in Russia and Belarus: https://securelist.com/head-mare-hacktivists/113555/

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    35 mins