エピソード

  • S3 Ep52: The Threat Hunting Soapbox

    S3 Ep52: The Threat Hunting Soapbox
    2025/12/24
    Top Headlines:

    • welivesecurity.com | LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan: https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/
    • Resecurity | DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists: https://www.resecurity.com/blog/article/dig-ai-uncensored-darknet-ai-assistant-at-the-service-of-criminals-and-terrorists?&web_view=true
    • koi.ai | NPM Package With 56K Downloads Caught Stealing WhatsApp Messages: https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages
    • zscaler.com | Zscaler Threat Hunting Catches Evasive SideWinder APT Campaign: https://www.zscaler.com/blogs/security-research/zscaler-threat-hunting-catches-evasive-sidewinder-apt-campaign?&web_view=true
    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    50 分
  • S3 Ep51: Same Break-In, New Front Door

    S3 Ep51: Same Break-In, New Front Door
    2025/12/17
    Top Headlines:

    • Unit 42 | Exploitation of Critical Vulnerability in React Server Components (Updated December 12): https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/
    • hackread.com | New PyStoreRAT Malware Targets OSINT Researchers Through GitHub: https://hackread.com/pystorerat-rat-malware-github-osint-researchers/?web_view=true
    • Check Point Research | Ink Dragon's Relay Network and Stealthy Offensive Operation: https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/
    • KOI.ai | Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users: https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users
    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    53 分
  • S3 Ep50: Game of Nodes: Persistence Is Coming

    S3 Ep50: Game of Nodes: Persistence Is Coming
    2025/12/05
    Top Headlines:

    • securelist.com | The Tsundere botnet uses the Ethereum blockchain to infect its targets: https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/
    • Group-IB | Bloody Wolf: A Blunt Crowbar Threat To Justice: https://www.group-ib.com/blog/bloody-wolf/
    • welivesecurity.com | MuddyWater: Snakes by the riverbank: https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/
    • Fortinet Blog | ShadowV2 Casts a Shadow Over IoT Devices: https://www.fortinet.com/blog/threat-research/shadowv2-casts-a-shadow-over-iot-devices?&web_view=true
    • darktrace.com | ShadowV2: An emerging DDoS for hire botnet: https://www.darktrace.com/blog/shadowv2-an-emerging-ddos-for-hire-botnet

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    42 分
  • S3 Ep49: Guess Who: The Adversary Edition - 2

    S3 Ep49: Guess Who: The Adversary Edition - 2
    2025/11/25
    Can You Identify the Nation-State Actor?​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍​ ‍​‌‍‌‍​ ​‌​ ‌​‌‍​‍​ ‍‌‌‍​‌​‍ ‌‌‍‌‍​ ​‍‌‍​‌​ ‌‌​‍ ‌​ ‌​‌‍‌​​ ​​​ ‍‌​‍ ‌​ ‍‌​ Out of the Woods: The Threat Hunting Podcast returns for another special edition episode that challenges how you think about adversary behavior. This live, interactive session will focus on a nation-state actor, revealing one phase of their campaign at a time as our hosts provide tradecraft clues and analysis.​​​​‌ Participants will examine how observed techniques align to MITRE ATT&CK, how vertical-specific targeting shapes operational decisions, and how behavioral patterns emerge across campaigns. Before the final reveal, attendees will have the chance to submit their best guess on which nation-state threat actor is behind the activity.​​​​‌ What You’ll Learn:​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍​ ‍​‌‍‌‍​ ​‌​ ‌​‌‍​‍​ ‍‌‌‍​‌​‍ ‌‌‍‌‍​ ​‍‌‍​‌​ ‌‌​‍ ‌​ ‌​‌‍‌​​ ​​​ ‍‌​‍ ‌​ ‍‌​ ​‍‌‍‌‍​ ‌ ​‍ ‌​ ​‍​ ‍‌​ ‌‌‌‍​‍‌‍​‍‌‍‌‍‌‍‌‌​ ‍‌‌‍‌‍​ ‌​​ ​‍​ ‍‌​ ‍ ‌ ‌​‌ ‍‌‌ ​​‌‍‌‌​ ‌‌ ​​‌‍ ‌‍‌​‌‍​ ‌‍​‌‌ ​ ‌ ‌​​ ‍ ‌ ​​‌‍​‌‌ ‌​‌‍‍​​ ‌‌ ​​‌‍​‌‌‍‌ ‌‍‌‌‌​​‍‌ ‌‌‌‍‍‌‌‍ ​‌‍‌​‌‍‌‌‌ ​‍​‍‌‌​ ‌‌‌​​‍‌‌ ‌‍‍ ‌‍‌‌‌ ‍‌​‍‌‌​ ​ ‌​‌​​‍‌‌​ ​ ‌​‌​​‍‌‌​ ​‍​ ​‍‌‍‌​‌‍​‌‌‍‌‌​ ​​‌‍‌‍​ ​‍‌‍​ Real adversary behavior – A phase-by-phase look at a real nation-state campaignMITRE ATT&CK in context – How techniques appear in real incidents​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​Recognizing tradecraft patterns – What links behaviors across operations​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍Sector-specific targeting – How industries influence attacker decisions​​​​‌...
    続きを読む 一部表示
    1 時間 32 分
  • S3 Ep48: Familiar Moves, Novel Grooves

    S3 Ep48: Familiar Moves, Novel Grooves
    2025/11/05
    *[LIVE] Out of the Woods: The Threat Hunting Podcast – Guess Who Edition
    November 19, 2025 | 12:00 - 1:30 PM ET
    Sign Up: https://www.intel471.com/resources/podcasts/guess-who-the-adversary-edition-2

    ----------

    Top Headlines:
    • Secure Annex | SleepyDuck malware invades Cursor through Open VSX: https://secureannex.com/blog/sleepyduck-malware/
    • Arctic Wolf | UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities: https://arcticwolf.com/resources/blog/unc6384-weaponizes-zdi-can-25373-vulnerability-to-deploy-plugx/
    • Unit 42 | Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild: https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/
    • Unit 42 | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack: https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    41 分
  • S3 Ep47: Common, but Deadly

    S3 Ep47: Common, but Deadly
    2025/10/22
    *Threat Hunting Management Workshop: The Business Value of Threat Hunting
    October 29, 2025 | 12:00 - 12:30 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting

    *[LIVE] Out of the Woods: The Threat Hunting Podcast – Guess Who Edition
    November 19, 2025 | 12:00 - 1:30 PM ET
    Sign Up: https://www.intel471.com/resources/podcasts/guess-who-the-adversary-edition-2

    ----------

    Top Headlines:
    • Koi | GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace: https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace
    • Cisco Talos Blog | BeaverTail and OtterCookie Evolve with a New Javascript Module: https://blog.talosintelligence.com/beavertail-and-ottercookie/
    • Synacktiv | LinkPro: eBPF Rootkit Analysis: https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis
    • BleepingComputer | American Airlines Subsidiary Envoy Confirms Oracle Data Theft Attack: https://www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    1 時間 2 分
  • S3 Ep46: Here We Go Again...

    S3 Ep46: Here We Go Again...
    2025/10/14
    *Threat Hunting Management Workshop: The Business Value of Threat Hunting
    October 29, 2025 | 12:00 - 12:30 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting

    ----------

    Top Headlines:
    • Cisco Talos | Velociraptor Leveraged in Ransomware Attacks: https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/
    • GBHackers Security | Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware: https://gbhackers.com/info-stealer-malware/?web_view=true
    • FortiGuard Labs | New Stealit Campaign Abuses Node.js Single Executable Application: https://www.fortinet.com/blog/threat-research/stealit-campaign-abuses-nodejs-single-executable-application
    • eSecurity Planet | AI Chatbots Used as Backdoors in New Cyberattacks: https://www.esecurityplanet.com/news/ai-exploited-prompt-injection/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    41 分
  • S3 Ep45: Think, McFly, Think

    S3 Ep45: Think, McFly, Think
    2025/10/03
    *Threat Hunting Management Workshop: The Business Value of Threat Hunting
    October 29, 2025 | 12:00 - 12:30 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting

    ----------

    Top Headlines:
    • LastPass | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
    • Cisco Talos BlogCisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true
    • Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true
    • SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    42 分