エピソード

  • S4 Ep8: We’re Going Threat Hunting Through the Quad Into the Gymnasium
    2026/07/17
    Top Headlines:
    • JFrog | Miasma Worm Returns to npm: https://research.jfrog.com/post/miasma-worm-returns-to-npm/
    • Mind Gard | Cursor 0day: When Full Disclosure Becomes the Only Protection Left: https://mindgard.ai/blog/cursor-0day-when-full-disclosure-becomes-the-only-protection-left
    • Level Blue | QuimaRAT: A Java RAT with burning ambitions: https://www.levelblue.com/hubfs/Web/Library/Documents_pdf/Threat_Spotlight_An_In_Depth_Analysis_of_QuimaRAT.pdf
    • Blackpoint Cyber | LabubaRAT: A Rust Based Remote Access Tool Masquerading as NVIDIA Software: https://blackpointcyber.com/blog/labubarat-a-rust-based-remote-access-tool-masquerading-as-nvidia-software/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/

    続きを読む 一部表示
    43 分
  • S4 Ep7: Threat Report - Q2 2026
    2026/07/09

    In this episode of Out of the Woods, Scott Poley and Tom Kostura review key findings from the Q2 2026 Threat Hunt Report and discuss what stood out across the quarter. They cover supply chain compromises, growing abuse of Node.js and Bun runtimes, a surge in credential harvesting following the Florida Bleed campaign, and a shrinking window between vulnerability disclosure and exploitation tied to the MS Nightmare vulnerabilities.

    The episode also touches on recent threat profiles, including the Iranian-linked actor Cavern Manticore and a fast-moving intrusion that went from an SEO-poisoned download to full ransomware encryption in under 48 hours, with a focus on what these patterns mean for threat hunters and defenders.

    Download the full Q2 2026 Threat Hunt Report: https://www.intel471.com/resources/whitepapers/threat-hunt-report-q2-2026
    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/

    続きを読む 一部表示
    39 分
  • S4 Ep6: Built to Blend In
    2026/07/01
    Top Headlines:
    • welivesecurity | Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances: https://www.welivesecurity.com/en/eset-research/gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances/
    • Adversa AI | AI coding agents vulnerability: GuardFall shell injeciton: https://adversa.ai/blog/opensource-ai-coding-agents-shell-injection-vulnerability/
    • JFrog Security Research | Hijacked npm Packages Use Novel VSCode Autorun and Blockchain Dead Drops to Deploy a Credential/Crypto Stealer: https://research.jfrog.com/post/hijacked-npm-vscode-tasks-blockchain/
    • Blackpoint Cyber | A Djinn in the Machine: TaskWeaver’s Node.js Intrusion Chain: https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/

    続きを読む 一部表示
    48 分
  • S4 Ep5: Forti Shades of Breach
    2026/06/25
    Top Headlines:
    • JFrog | From PostCSS Masquerading to Windows RAT: https://research.jfrog.com/post/from-postcss-typosquat-to-windows-rat/
    • Elastic | Lost in relocation: analysis of a new loader distributing CASTLESTEALER: https://www.elastic.co/security-labs/oxloader-malware-loader-infostealer
    • SOCRadar | Dismantling-FortiBleed: https://socradar.io/wp-content/uploads/2026/06/Dismantling-FortiBleed.pdf
    • SANS | Own AI Securely: The SANS Secure AI Blueprint: https://www.sans.org/white-papers/own-ai-securely-sans-secure-ai-blueprint

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/

    続きを読む 一部表示
    53 分
  • S4 Ep4: Old Flaws, New Attacks
    2026/06/16
    Top Headlines:
    • Trend Micro | Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open: https://www.trendmicro.com/en_us/research/26/f/old-winrar-flaw-fuels-attacks-on-ukraine.html
    • The Hacker News | Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models: https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html
    • Huntress | Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix | Huntress: https://www.huntress.com/blog/unpatched-ntlm-leak-windows-search-uri-handler
    • aikido.dev | Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm: https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm?_gl=1*8wn4a9*_up*MQ..*_gs*MQ..&gclid=Cj0KCQjw_vnQBhCxARIsADcZyxL-SVitznmoZxhQ5DpjJdXLfpMZyybysJ0YaiJmipzBYpqtqpTk2GUaAtsMEALw_wcB&gbraid=0AAAAApQ3BFhNDUDPZ7DnB3pGVCSCcmPoZ


    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/

    続きを読む 一部表示
    46 分
  • S4 Ep3: [LIVE] Know Thy Environment: Building Context for Effective Threat Hunting
    2026/05/29

    Understanding your environment is one of the most overlooked parts of threat hunting, and one of the most important. This live episode focuses on how to profile your environment, work through both existing and newly onboarded datasets, and build a clear picture of what normal actually looks like across your telemetry.

    The conversation centers on practical approaches. How to think about your data. How to ask better questions. How to work through common challenges like incomplete visibility, noisy datasets, and inconsistent logging across tools. The session will include real examples, lessons learned, and the methods used to turn raw data into meaningful hunting insight.

    This episode is built for practitioners who want to move beyond reactive detection and make decisions grounded in a deep understanding of their own systems, data, and gaps.

    What We’ll Cover:

    • How to profile your environment and baseline normal activity across datasets
    • Approaches for working with new and unfamiliar telemetry sources
    • Techniques for handling noisy data and inconsistent logging
    • Ways to identify and account for visibility gaps
    • Practical examples from real-world threat hunting workflows

    Watch the episode here: https://youtu.be/Uv46waZVAC0
    続きを読む 一部表示
    1 時間 31 分
  • S4 Ep2: Ptrace Yourself Before Your Agent Wrecks Yourself
    2026/05/21
    Top Headlines:
    • Qualys | CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path: https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-lo[…]ion-and-credential-disclosure-in-the-linux-kernel-ptrace-path
    • Microsoft Security Blog | Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow: https://www.microsoft.com/en-us/security/blog/2026/05/20/introducing-rampart-and-clar[…]ource-tools-to-bring-safety-into-agent-development-workflow/
    • Socket | Mini Shai-Hulud Hits @antv Ecosystem, 639 Compromised npm Package Verssions: https://socket.dev/blog/antv-packages-compromised
    • WeLiveSecurity | Webworm: New Burrowing Techniques: https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/


    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/

    続きを読む 一部表示
    36 分
  • S4 Ep1: When the Chain Bites Back
    2026/05/18
    Top Headlines:
    • The Hacker News | Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages: https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html
    • Checkmarx | Update: Ongoing Checkmarx Supply Chain Security Incident: https://checkmarx.com/blog/ongoing-security-updates/
    • Google Cloud Blog | Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access
    • Bitdefender | FamousSparrow APT Targets Azerbaijani Oil and Gas Industry: https://businessinsights.bitdefender.com/famoussparrow-apt-targets-azerbaijani-oil-gas-industry


    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/

    続きを読む 一部表示
    57 分