Episodes

  • S3 Ep40: Named Pipes and Usual Suspects

    S3 Ep40: Named Pipes and Usual Suspects
    Aug 20 2025
    *[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control
    September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌
    Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ ----------

    Top Headlines:
    • Morphisec | Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints: https://www.morphisec.com/blog/noodlophile-stealer-evolves-targeted-copyright-phishing-hits-enterprises-with-social-media-footprints/
    • Securelist by Kaspersky | PipeMagic in 2025: How the backdoor operators’ tactics have changed: https://securelist.com/pipemagic/117270/?web_view=true
    • Cisco Talos Blog | UAT-7237 targets Taiwanese web hosting infrastructure: https://blog.talosintelligence.com/uat-7237-targets-web-hosting-infra/
    • Resucurity | 'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan: https://www.resecurity.com/blog/article/blue-locker-analysis-ransomware-targeting-oil-gas-sector-in-pakistan

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    38 mins
  • S3 Ep39: Think Behavior, Attribute Later

    S3 Ep39: Think Behavior, Attribute Later
    Aug 14 2025
    *[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control
    September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌
    Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ ----------

    Top Headlines:
    • Silent Push | Unmasking SocGholish: Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569: https://www.silentpush.com/blog/socgholish/
    • welivesecurity.com | Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability: https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/
    • ReliaQuest | ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration: https://reliaquest.com/blog/threat-spotlight-shinyhunters-data-breach-targets-salesforce-amid-scattered-spider-collaboration/
    • Talos Intelligence | Malvertising campaign leads to PS1Bot, a multi-stage malware framework: https://blog.talosintelligence.com/ps1bot-malvertising-campaign/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    36 mins
  • S3 Ep38: Testimonial from the Trenches

    S3 Ep38: Testimonial from the Trenches
    Jul 31 2025
    Scott Poley and Tom Kostura are joined by Ben McGavin, Threat Hunting Team Lead at RSM Defense, and Justin Dolgos, Senior Threat Hunter at RSM Defense, for a conversation on what it takes to build and run a threat hunting program inside an MSSP.

    They walk through how their team prioritizes hunts, manages detection logic across multi-tenant environments, and scales their approach through SoC collaboration and hypothesis-driven routines. Ben shares how the program was built from scratch, and Justin breaks down the lessons learned moving from alert triage into full-time threat hunting. They also cover tooling gaps, visibility challenges, and how custom detections have become a key success metric for their team.

    This episode offers practical insight from two hunters operating at the heart of a fast-moving MSSP environment.

    Watch this podcast on YouTube here: https://youtu.be/YQtmMomoUbU

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    47 mins
  • S3 Ep37: Be Effective, Not Just Subjective

    S3 Ep37: Be Effective, Not Just Subjective
    Jul 23 2025
    *Intel-Driven Threat Hunting Workshop: Analyzing Malware Behaviors
    July 31, 2025 | 11:00 AM - 1:00 PM ET
    Sign Up: https://intel471.com/resources/webinars/intelligence-driven-threat-hunting-workshop-analyzing-malware-behaviors

    *Meet with Intel 471 at Black Hat 2025 at Booth #5742
    More info & events: https://intel471.com/lp/black-hat-usa-2025

    ----------

    Top Headlines:
    • Microsoft Security Blog | Disrupting active exploitation of on-premises SharePoint vulnerabilities
    • HackMag | Malware LameHug Utilizes LLM to Generate Commands on Infected Machines
    • Catalyst | LARVA-208’s New Campaign Targets Web3 Developers
    • TechCrunch | A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    54 mins
  • S3 Ep36: Paste and Persist

    S3 Ep36: Paste and Persist
    Jul 16 2025
    *Intel-Driven Threat Hunting Workshop: Analyzing Malware Behaviors
    July 31, 2025 | 11:00 AM - 1:00 PM ET
    Sign Up: https://intel471.com/resources/webinars/intelligence-driven-threat-hunting-workshop-analyzing-malware-behaviors

    *Meet with Intel 471 at Black Hat 2025 at Booth #5742
    More info & events: https://intel471.com/lp/black-hat-usa-2025

    ----------

    Top Headlines:
    • The DFIR Report | KongTuke FileFix Leads to New Interlock RAT Variant
    • BleepingComputer | Google Gemini flaw hijacks email summaries for phishing
    • CISA | CISA Adds One Known Exploited Vulnerability to Catalog
    • Unit 42 | Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    40 mins
  • S3 Ep35: [LIVE] The Intersection of AI and Threat Hunting: What Problems Emerge, What Problems Get Solved

    S3 Ep35: [LIVE] The Intersection of AI and Threat Hunting: What Problems Emerge, What Problems Get Solved
    Jul 15 2025
    In this episode of Out of the Woods: The Threat Hunting Podcast, we explored how AI is being used in threat hunting, from generating hypotheses to enriching data and shaping detection logic. We talked through some of the challenges teams are facing, including false positives and tool limitations, and discussed where human expertise is still essential. The conversation included practical examples and audience input on how AI is being tested and adopted in real-world environments.

    ----

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    1 hr and 31 mins
  • S3 Ep33: Old Tricks, New Plays

    S3 Ep33: Old Tricks, New Plays
    Jun 30 2025
    *[LIVE] Out of the Woods: The Threat Hunting Podcast
    The Intersection of AI and Threat Hunting: What Problems Emerge, What Problems Get Solved
    July 10, 2025 | 12:00 - 1:30 PM ET
    Sign up: https://intel471.com/resources/podcasts/the-intersection-of-ai-and-threat-hunting-what-problems-emerge-what-problems-get-solved

    *Intel-Driven Threat Hunting Workshop: Analyzing Malware Behaviors
    July 31, 2025 | 11:00 AM - 1:00 PM ET
    Sign Up: https://intel471.com/resources/webinars/intelligence-driven-threat-hunting-workshop-analyzing-malware-behaviors

    ----------

    Top Headlines:
    • HarfangLab | SadFuture: Mapping XDSpy latest evolution
    • BleepingComputer | New FileFix attack weaponizes Windows File Explorer for stealthy commands
    • Huntresss | Inside the BlueNoroff Web3 macOS Intrusion Analysis
    • GBHackers Security | Notepad++ Vulnerability Allows Full System Takeover — PoC Released

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show More Show Less
    44 mins