エピソード

  • S2 Ep28: Date Your Data… Swipe Right

    S2 Ep28: Date Your Data… Swipe Right
    2024/10/09
    **[LIVE] Out of the Woods: The Threat Hunting Podcast
    October 24, 2024 | 7:00 – 8:30 PM ET
    Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter

    ----------

    Top Headlines:

    1. Aqua | perfctl: A Stealthy Malware Targeting Millions of Linux Servers: https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
    2. Cisco Talos Blog | Threat Actor Believed to be Spreading New MedusaLocker Variant in Europe and South America: https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/?&web_view=true
    3. Proofpoint US | Security Brief: Royal Mail Lures Deliver Open Source Prince Ransomware: https://www.proofpoint.com/us/blog/threat-insight/security-brief-royal-mail-lures-deliver-open-source-prince-ransomware
    4. Security Affairs | Kyiv's Hackers Launched an Unprecedented Cyber Attack on Russian State Media VGTRK on Putin's Birthday: https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html?web_view=true

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    34 分
  • S2 Ep27: iCUP… Let's Talk Hygiene

    S2 Ep27: iCUP… Let's Talk Hygiene
    2024/10/01
    **Threat Hunting Workshop: Hunting for Collection
    October 2, 2024 | 12:00 - 1:00 PM ET
    Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection

    **[LIVE] Out of the Woods: The Threat Hunting Podcast
    October 24, 2024 | 7:00 – 8:30 PM ET
    Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter

    ----------

    Top Headlines:

    1. The Hacker News | Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution: https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1
    2. The DFIR Report | Nitrogen Campaign Drops Silver and Ends With BlackCat Ransomware: https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/
    3. Netskope | DCRat Targets Users with HTML Smuggling: https://www.netskope.com/blog/dcrat-targets-users-with-html-smuggling
    4. CISA Analysis: Fiscal Year 2023 Risk and Vulnerability Assessments: https://www.cisa.gov/sites/default/files/2024-09/FY23_RVA_Analysis_508.pdf

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    41 分
  • S2 Ep26: WHOIS, or Not WHOIS…

    S2 Ep26: WHOIS, or Not WHOIS…
    2024/09/24
    **Threat Hunting Workshop: Hunting for Collection
    October 2, 2024 | 12:00 - 1:00 PM ET
    Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection

    **[LIVE] Out of the Woods: The Threat Hunting Podcast
    October 24, 2024 | 7:00 – 8:30 PM ET
    Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter

    ----------

    In this episode of Out of the Woods: The Threat Hunting Podcast, Scott Poley and Tom Kastura explore the latest threat-hunting insights, starting with UNC 2970, a North Korean-linked group using trojanized PDF readers to target industries like energy and finance. They discuss how the group's phishing tactics exploit job openings and the use of telemetry to detect malicious activity. The episode also covers a campaign leveraging CAPTCHA pages to deliver the Luma Stealer malware and dives into the risk of poisoned Python packages compromising supply chains. Tune in for strategies to stay proactive against advanced threats and enhance your hunting techniques.

    Top Headlines:

    1. Unit 42 | Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors: https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/?web_view=true
    2. CloudSEK | Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages: https://www.cloudsek.com/blog/unmasking-the-danger-lumma-stealer-malware-exploits-fake-captcha-pages?&web_view=true
    3. Google Cloud | An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader: https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader
    4. DarkReading | For $20, Researchers Seize Part of Net Infrastructure: https://www.darkreading.com/cyber-risk/researchers-seize-internet-infrastructure-for-20?&web_view=true

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    39 分
  • S2 Ep25: Bad Extensions Level Up, Social Engineering Gets Social

    S2 Ep25: Bad Extensions Level Up, Social Engineering Gets Social
    2024/09/09
    **Threat Hunting Workshop: Hunting for Collection
    October 2, 2024 | 12:00 - 1:00 PM ET
    Sign Up >     https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection

    In this episode of Out of the Woods: The Threat Hunting Podcast, Scott and Lee discuss four key topics: North Korea’s social engineering attacks on the crypto industry, the rise of the malicious Chrome extension Luma C2 Stealer, a phishing and doxxing campaign by Russian threat actors targeting NGOs, and hacktivist attacks on Russian and Belarusian institutions using ransomware and common tools. They highlight the growing sophistication of these tactics and stress the importance of vigilance and proactive threat hunting to defend against these increasingly complex threats.

    Top Headlines:

    1. FBI | Public Service Announcement - North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks: https://www.ic3.gov/Media/Y2024/PSA240903
    2. Cybersecurity News | Beware the Drive-By Download: LummaC2 Stealer and Malicious Chrome Extension Wreak Havoc: https://securityonline.info/beware-the-drive-by-download-lummac2-stealer-and-malicious-chrome-extension-wreak-havoc/?&web_view=true
    3. The Hacker News | North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams: https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html
    4. SecureList | Head Mare: Adventures of a Unicorn in Russia and Belarus: https://securelist.com/head-mare-hacktivists/113555/

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    35 分
  • S2 Ep24: Basic Techniques Used in Advanced Ways

    S2 Ep24: Basic Techniques Used in Advanced Ways
    2024/09/03
    In this episode of "Out of the Woods: The Threat Hunting Podcast," Scott and Tom dive into the latest threat hunting headlines for the week of September 2nd, 2024. They explore how basic techniques are being repurposed in advanced ways, such as using Google Sheets for command and control in a suspected espionage campaign and employing web dev to enhance phishing attacks. The discussion also covers a new wave of skimming attacks targeting e-commerce sites and a deep dive into APT32’s advanced persistence tactics in a long-term intrusion. Scott and Tom offer insights and strategies for threat hunters to detect and counter these evolving threats.

    Top Headlines:

    1. Huntress | Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders: https://www.huntress.com/blog/advanced-persistent-threat-targeting-vietnamese-human-rights-defenders?&web_view=true
    2. Objective-See | A Surreptitious Cryptocurrency Miner in the Mac App Store?: https://objective-see.org/blog/blog_0x2B.html
    3. Malwarebytes | Hundreds of Online Stores Hacked in New Campaign: https://www.malwarebytes.com/blog/news/2024/08/hundreds-of-online-stores-hacked-in-new-campaign?web_view=true
    4. Proofpoint US | The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers "Voldemort": https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort

    ----------

    Stay in Touch! Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    続きを読む 一部表示
    37 分
  • S2 Ep23: Unique Executions... How Unique Are They?

    S2 Ep23: Unique Executions... How Unique Are They?
    2024/08/27
    In this episode of the "Out of the Woods Threat Hunting Podcast," Scott and Tom break down the top threat hunting stories for the week of August 26, 2024. They dive into SetXP, a stealthy Linux malware that manipulates UDEV rules to evade detection, and explore why it’s not yet on the MITRE ATT&CK radar. The duo also covers PeakLight, a new memory-only dropper, and Stick Stealer, a malware targeting browser data and crypto wallets. Wrapping up with insights from a BlackSuit ransomware breach, they discuss how attackers often reuse old techniques in new ways. This episode challenges the notion of what truly makes an execution unique, offering practical tips for staying ahead of evolving threats.

    1. AON | Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules: https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
    2. The DFIR Report | BlackSuit Ransomware: https://thedfirreport.com/2024/08/26/blacksuit-ransomware/
    3. Check Point Research | Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove: https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/
    4. Google Cloud Blog | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?&web_view=true


    Stay in Touch! Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    続きを読む 一部表示
    40 分
  • S2 Ep22: Top 5 Threat Hunting Headlines - 19 Aug 2024

    S2 Ep22: Top 5 Threat Hunting Headlines - 19 Aug 2024
    2024/08/19
    In this week's Top 5 Threat Hunting Headlines, Scott and Tom discuss top cybersecurity threats, including Kaspersky's Tusk InfoStealer campaign, a cloud extortion campaign exploiting AWS environments, APT41's advanced tactics against a Taiwanese research institute, and the Banshee InfoStealer targeting macOS. They also explore the impact of AI on cybersecurity, emphasizing the need for SOCs to evolve with new talent and strategies to address emerging threats. The episode underscores the importance of staying vigilant and adapting to the rapidly changing threat landscape.


    Top 5 Threat Hunting Headlines - 19 Aug 2024
    1. Secure List | Tusk Campaign Uses Infostealers and Clippers for Financial Gain
    • https://securelist.com/tusk-infostealers-campaign/113367/
    2. Unit 42 | Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
    • https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
    3. Cisco Talos Blog | APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute with ShadowPad and Cobalt Strike
    • https://blog.talosintelligence.com/chinese-hacking-group-apt41-compromised-taiwanese-government-affiliated-research-institute-with-shadowpad-and-cobaltstrike-2/?&web_view=true
    4. Elastic Security Labs | Beyond the Wail: Deconstructing the BANSHEE Infostealer
    • https://www.elastic.co/security-labs/beyond-the-wail
    5. Help Net Security | 74% of IT Professionals Worry That AI Tools Will Replace Them
    • https://www.helpnetsecurity.com/2024/08/15/it-professionals-ai-worry/?web_view=true

    -----

    Follow Us!

    Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    続きを読む 一部表示
    54 分
  • S2 Ep21: Top 5 Threat Hunting Headlines - 12 Aug 2024

    S2 Ep21: Top 5 Threat Hunting Headlines - 12 Aug 2024
    2024/08/15
    Top 5 Threat Hunting Headlines - 12 Aug 2024
    1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackers
    • https://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true
    2. ReasonLabs | Enterprise Grade Security to All of Your Personal Devices
    • https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
    3. DFIR | Threat Actors' Toolkit: Leveraging Silver, PoshC2 & Batch Scripts
    • https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/
    4. SafeBreach | Downgrade Attacks Using Windows Updates
    • https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/
    5. Cyble | Double Trouble: Latrodectus and ACR Stealer Observed Spreading Via Google Authenticator Phishing Site
    • https://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/?&web_view=true

    -----

    Follow Us!

    Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    続きを読む 一部表示
    55 分