Episodes

  • S3 Ep46: Here We Go Again...

    S3 Ep46: Here We Go Again...
    Oct 14 2025
    *Threat Hunting Management Workshop: The Business Value of Threat Hunting
    October 29, 2025 | 12:00 - 12:30 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting

    ----------

    Top Headlines:
    • Cisco Talos | Velociraptor Leveraged in Ransomware Attacks: https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/
    • GBHackers Security | Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware: https://gbhackers.com/info-stealer-malware/?web_view=true
    • FortiGuard Labs | New Stealit Campaign Abuses Node.js Single Executable Application: https://www.fortinet.com/blog/threat-research/stealit-campaign-abuses-nodejs-single-executable-application
    • eSecurity Planet | AI Chatbots Used as Backdoors in New Cyberattacks: https://www.esecurityplanet.com/news/ai-exploited-prompt-injection/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    41 mins
  • S3 Ep45: Think, McFly, Think

    S3 Ep45: Think, McFly, Think
    Oct 3 2025
    *Threat Hunting Management Workshop: The Business Value of Threat Hunting
    October 29, 2025 | 12:00 - 12:30 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting

    ----------

    Top Headlines:
    • LastPass | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
    • Cisco Talos BlogCisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true
    • Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true
    • SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    42 mins
  • S3 Ep44: If You Build It... Backdoors Will Open

    S3 Ep44: If You Build It... Backdoors Will Open
    Sep 25 2025
    Top Headlines:
    • LastPass Labs | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
    • Cisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true
    • SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/
    • Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    58 mins
  • S3 Ep43: Invasion of the Modular Malware

    S3 Ep43: Invasion of the Modular Malware
    Sep 18 2025
    *Threat Hunting Workshop: Hunting for Persistence - Level 2
    September 24, 2025 | 12:00 - 1:00 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-16-hunting-for-persistence-level-2

    ----------

    Top Headlines:
    • Jamf Threat Labs | Learn about ChillyHell, a modular Mac backdoor: https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/
    • SecureList | Malicious MCP servers used in supply chain attacks: https://securelist.com/model-context-protocol-for-ai-integration-abused-in-supply-chain-attacks/117473/?web_view=true
    • Bitdefender Blog | EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company: https://www.bitdefender.com/en-us/blog/businessinsights/eggstreme-fileless-malware-cyberattack-apac
    • welivesecurity | Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass: https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    57 mins
  • S3 Ep42: [LIVE] AI for Security Teams: Scaling Impact Without Losing Control

    S3 Ep42: [LIVE] AI for Security Teams: Scaling Impact Without Losing Control
    Sep 15 2025
    In this episode of Out of the Woods, we explored how AI is reshaping security operations beyond threat hunting. We highlighted real progress in insider threat detection, faster triage, and incident response while underscoring the ongoing need for human judgment. We also addressed integration challenges, tool sprawl, skill gaps, and risks such as hallucinations, bias, and deepfakes, before closing with what to expect as regulations tighten and attackers continue to weaponize AI.

    ----

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    1 hr and 31 mins
  • S3 Ep41: The Silence of the Carves

    S3 Ep41: The Silence of the Carves
    Sep 3 2025
    *[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control
    September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌
    Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌
    *Threat Hunting Workshop: Hunting for Persistence - Level 2
    September 24, 2025 | 12:00 - 1:00 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-16-hunting-for-persistence-level-2

    ----------

    Top Headlines:
    • Microsoft Security Blog | Storm-0501’s evolving techniques lead to cloud-based ransomware: https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/
    • Seqrite | Blogs on Information Technology, Network & Cybersecurity: https://www.seqrite.com/blog/operation-hankook-phantom-north-korean-apt37-targeting-south-korea/
    • Group-IB | ShadowSilk: A Cross-Border Binary Union for Data Exfiltration: https://www.group-ib.com/blog/shadowsilk/
    • Check Point Research | ZipLine Phishing Campaign Targets U.S. Manufacturing: https://research.checkpoint.com/2025/zipline-phishing-campaign/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    43 mins
  • S3 Ep40: Named Pipes and Usual Suspects

    S3 Ep40: Named Pipes and Usual Suspects
    Aug 20 2025
    *[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control
    September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌
    Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ ----------

    Top Headlines:
    • Morphisec | Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints: https://www.morphisec.com/blog/noodlophile-stealer-evolves-targeted-copyright-phishing-hits-enterprises-with-social-media-footprints/
    • Securelist by Kaspersky | PipeMagic in 2025: How the backdoor operators’ tactics have changed: https://securelist.com/pipemagic/117270/?web_view=true
    • Cisco Talos Blog | UAT-7237 targets Taiwanese web hosting infrastructure: https://blog.talosintelligence.com/uat-7237-targets-web-hosting-infra/
    • Resucurity | 'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan: https://www.resecurity.com/blog/article/blue-locker-analysis-ransomware-targeting-oil-gas-sector-in-pakistan

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    38 mins
  • S3 Ep39: Think Behavior, Attribute Later

    S3 Ep39: Think Behavior, Attribute Later
    Aug 14 2025
    *[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control
    September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌
    Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ ----------

    Top Headlines:
    • Silent Push | Unmasking SocGholish: Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569: https://www.silentpush.com/blog/socgholish/
    • welivesecurity.com | Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability: https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/
    • ReliaQuest | ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration: https://reliaquest.com/blog/threat-spotlight-shinyhunters-data-breach-targets-salesforce-amid-scattered-spider-collaboration/
    • Talos Intelligence | Malvertising campaign leads to PS1Bot, a multi-stage malware framework: https://blog.talosintelligence.com/ps1bot-malvertising-campaign/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    36 mins