エピソード

  • S3 Ep24: ShortCut to the Fast and the Obfuscated

    S3 Ep24: ShortCut to the Fast and the Obfuscated
    2025/04/03
    Top Headlines:

    • Elastic | Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective: https://www.elastic.co/security-labs/outlaw-linux-malware
    • G Data | Smoked out - Emmenhtal spreads SmokeLoader malware: https://www.gdatasoftware.com/blog/2025/03/38160-emmenhtal-smokeloader-malware
    • CISA | #StopRansomware: Medusa Ransomware: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a
    • Esentire | The Long and Short(cut) of It: KoiLoader Analysis: https://www.esentire.com/blog/the-long-and-shortcut-of-it-koiloader-analysis

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    34 分
  • S3 Ep23: [LIVE] From Skilled to Tactical Threat Hunting: Where to Focus for Maximum Impact

    S3 Ep23: [LIVE] From Skilled to Tactical Threat Hunting: Where to Focus for Maximum Impact
    2025/03/17
    In this episode of Out of the Woods: The Threat Hunting Podcast, this live discussion focuses on where threat hunters should focus their time to drive real security impact.

    • How experienced hunters prioritize their time - What matters most in real-world threat hunting.
    • The biggest mistakes that slow hunters down - Common distractions and how to avoid them.
    • How to refine your investigative approach - Strategies to ensure your hunts lead to real findings.

    Interesting Artifacts:
    • https://cybersources.site/
    • https://github.com/FalconForceTeam/FalconHound
    • https://medium.com/falconforce/falconhound-attack-path-management-for-blue-teams-42adedc9cae5
    • https://github.com/SpecterOps/BloodHound?tab=readme-ov-file
    • https://github.com/SpecterOps/BloodHound-Legacy
    • https://www.youtube.com/watch?v=Pn7GWRXfgeI
    • https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/cloud-threat-hunting-tactics-for-enhanced-azure-security/

    🔗 Join us on Discord: https://discord.gg/DR4mcW4zBr

    ----

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    1 時間 29 分
  • S3 Ep22: What You Don't Know, Can Hurt You

    S3 Ep22: What You Don't Know, Can Hurt You
    2025/03/04
    *Top Cover 4 – Threat Hunting Management Workshop: Hiring Effective Threat Hunters
    March 5, 2025 | 12:00 – 12:45 PM ET
    Sign Up: https://intel471.com/resources/webinars/top-cover-4-threat-hunting-management-workshop-hiring-effective-threat-hunters

    *Out of the Woods: The Threat Hunting Podcast [LIVE]
    March 13, 2025 | 12:00 – 1:30 PM ET
    Sign Up: https://intel471.com/resources/podcasts/from-skilled-to-tactical-threat-hunting-where-to-focus-for-maximum-impact

    Threat Hunting Foundations Workshop: Moving Beyond IOCs to Behaviors and TTPs
    March 27, 2025 | 9:30 am – 1:30 PM ET
    Sign Up: https://intel471.com/resources/webinars/threat-hunting-foundations-workshop-moving-beyond-iocs-to-behaviors-and-ttps

    ----------

    Top Headlines:

    • Truffle Security Co | Research Finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek’s Training Data: https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data
    • Trend Micro | Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal: https://www.trendmicro.com/en_us/research/25/b/black-basta-cactus-ransomware-backconnect.html?&web_view=true
    • Intel 471 | Android Trojan TgToxic Updates Its Capabilities: https://intel471.com/blog/android-trojan-tgtoxic-updates-its-capabilities
    • BleepingComputer | Over 49,000 Misconfigured Building Access Systems Exposed Online: https://www.bleepingcomputer.com/news/security/over-49-000-misconfigured-building-access-systems-exposed-online/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    51 分
  • S3 Ep21: Sight Your Sources, Look for the Obvious

    S3 Ep21: Sight Your Sources, Look for the Obvious
    2025/02/26
    *Top Cover 4 – Threat Hunting Management Workshop: Hiring Effective Threat Hunters
    March 5, 2025 | 12:00 – 12:45 PM ET
    Sign Up: https://intel471.com/resources/webinars/top-cover-4-threat-hunting-management-workshop-hiring-effective-threat-hunters

    *Out of the Woods: The Threat Hunting Podcast [LIVE]
    March 13, 2025 | 12:00 – 1:30 PM ET
    Sign Up: https://intel471.com/resources/podcasts/from-skilled-to-tactical-threat-hunting-where-to-focus-for-maximum-impact

    Threat Hunting Foundations Workshop: Moving Beyond IOCs to Behaviors and TTPs
    March 27, 2025 | 9:30 am – 1:30 PM ET
    Sign Up: https://intel471.com/resources/webinars/threat-hunting-foundations-workshop-moving-beyond-iocs-to-behaviors-and-ttps

    ----------

    Top Headlines:

    • Netcraft | The Bleeding Edge of Phishing: Dracula-suite 3.0 Enables DIY Phishing of Any Brand: https://www.netcraft.com/blog/darcula-v3-phishing-kits-targeting-any-brand/
    • The Cyber Express | Ghost in the Shell: Null-AMSI Bypasses Security to Deploy AsyncRAT: https://thecyberexpress.com/asyncrat-attack/?&web_view=true
    • Cisco Talos Blog | Weathering the Storm: In the Midst of a Typhoon: https://blog.talosintelligence.com/salt-typhoon-analysis/
    • ANY.RUN’s Cybersecurity Blog | Zhong Stealer: Technical Analysis of a Threat Targeting FIntech: https://any.run/cybersecurity-blog/zhong-stealer-malware-analysis/?utm_source=csn&utm_medium=article&utm_campaign=webinar&utm_content=landing&utm_term=200225

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    40 分
  • S3 Ep20: Adjust, Protect, Improve - API Your Posture

    S3 Ep20: Adjust, Protect, Improve - API Your Posture
    2025/02/19
    [LIVE] Top Cover 4 – Threat Hunting Management Workshop: Hiring Effective Threat Hunters
    March 5, 2025 | 12:00 – 12:45 PM EST
    Sign Up: https://intel471.com/resources/webinars/top-cover-4-threat-hunting-management-workshop-hiring-effective-threat-hunters


    [LIVE] OOTW Live Podcast – From Skilled to Tactical Threat Hunting: Where to Focus for Maximum Impact
    March 13, 2025 | 12:00 – 1:30 PM EST
    Sign Up: https://intel471.com/resources/podcasts/from-skilled-to-tactical-threat-hunting-where-to-focus-for-maximum-impact

    ----------

    Top Headlines:

    • Netskope | Telegram Abused as C2 Channel for New Golang Backdoor: https://www.netskope.com/blog/telegram-abused-as-c2-channel-for-new-golang-backdoor
    • Sygnia | Abyss Locker Ransomware: Attack Flow & Defense Strategies: https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis/?web_view=true
    • Security Labs | whoAMI: A Cloud Image Name Confusion Attack: https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/
    • Trend Micro | Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response: https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    43 分
  • S3 Ep19: [Bonus Episode] From Curiosity to Cybersecurity: Matt Scheurer on Incident Response, Mentorship, and Career Growth

    S3 Ep19: [Bonus Episode] From Curiosity to Cybersecurity: Matt Scheurer on Incident Response, Mentorship, and Career Growth
    2025/02/11
    In this episode of Out of the Woods, Scott Poley sits down with Matt Scheurer at the Information Security Summit in Cleveland to discuss his journey into cybersecurity, from early tech fascination to leading incident response teams.

    Matt shares insights on breaking into the field, the challenges of asset management and alert fatigue, and the importance of mentorship and professional networking. He also highlights key lessons from incident response, the value of cross-team collaboration, and how security teams can stay ahead of evolving threats. Whether you're new to cybersecurity or a seasoned professional, this conversation offers valuable takeaways on building a successful career in security.

    Connect with Matt: https://www.linkedin.com/in/mattscheurer/

    ----

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    30 分
  • S3 Ep18: 99 Problems but AI (Maybe) Ain't 1

    S3 Ep18: 99 Problems but AI (Maybe) Ain't 1
    2025/02/04
    [LIVE] Threat Hunting Workshop: Hunting for Initial Access – Level 2
    February 12, 2025 | 12:00 – 1:00 PM ET
    Sign Up --> https://intel471.com/resources/webinars/threat-hunting-workshop-14-hunting-for-initial-access-level-2

    ----------

    Top Headlines:
    • Wiz Blog | Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
    • Google | Adversarial Misuse of Generative AI: https://services.google.com/fh/files/misc/adversarial-misuse-generative-ai.pdf
    • Cisco Talos Blog | New TorNet Backdoor Seen in Widespread Campaign: https://blog.talosintelligence.com/new-tornet-backdoor-campaign/
    • BleepingComputer | Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics: https://www.bleepingcomputer.com/news/security/time-bandit-chatgpt-jailbreak-bypasses-safeguards-on-sensitive-topics/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    40 分
  • S3 Ep17: [LIVE] The Art of the Hunt: Turning Intel into Action

    S3 Ep17: [LIVE] The Art of the Hunt: Turning Intel into Action
    2025/02/03
    In this episode, "The Art of the Hunt: Turning Intel into Action," our expert team explores the nuances of threat intelligence, including behavioral and indicator-based approaches, and how to effectively leverage them for superior outcomes.

    Here’s what to expect:

    • Understanding Intelligence: Learn the key differences between raw data and operationalized threat intelligence, and why context and relevance are crucial.
    • Behavioral vs. Indicator-Based Intel: Explore why focusing on attacker goals, techniques, and patterns offers lasting value over short-lived indicators.
    • Maximizing MITRE ATT&CK: Discover how to navigate its strengths and challenges to align threat intelligence with real-world scenarios.
    • What Defines Good Threat Intel: Delve into attributes like timeliness, behavior tracking, and tailored context for better hunting.
    • Practical Strategies: Gain insights into transforming collected data into meaningful hypotheses that align with your unique environment.

    Interesting Artifacts:
    • https://www.mcafee.com/blogs/other-blogs/mcafee-labs/githubs-dark-side-unveiling-malware-disguised-as-cracks-hacks-and-crypto-tools/
    • https://www.focustodo.cn/#features
    • https://github.com/center-for-threat-informed-defense/cti-blueprints/wiki


    🔗 Join us on Discord: https://discord.gg/Ka6tsEc3

    ----

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    1 時間 29 分