Episodios

  • S2 Ep23: Unique Executions... How Unique Are They?

    S2 Ep23: Unique Executions... How Unique Are They?
    Aug 27 2024
    In this episode of the "Out of the Woods Threat Hunting Podcast," Scott and Tom break down the top threat hunting stories for the week of August 26, 2024. They dive into SetXP, a stealthy Linux malware that manipulates UDEV rules to evade detection, and explore why it’s not yet on the MITRE ATT&CK radar. The duo also covers PeakLight, a new memory-only dropper, and Stick Stealer, a malware targeting browser data and crypto wallets. Wrapping up with insights from a BlackSuit ransomware breach, they discuss how attackers often reuse old techniques in new ways. This episode challenges the notion of what truly makes an execution unique, offering practical tips for staying ahead of evolving threats.

    1. AON | Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules: https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
    2. The DFIR Report | BlackSuit Ransomware: https://thedfirreport.com/2024/08/26/blacksuit-ransomware/
    3. Check Point Research | Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove: https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/
    4. Google Cloud Blog | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?&web_view=true


    Stay in Touch! Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    Más Menos
    40 m
  • S2 Ep22: Top 5 Threat Hunting Headlines - 19 Aug 2024

    S2 Ep22: Top 5 Threat Hunting Headlines - 19 Aug 2024
    Aug 19 2024
    In this week's Top 5 Threat Hunting Headlines, Scott and Tom discuss top cybersecurity threats, including Kaspersky's Tusk InfoStealer campaign, a cloud extortion campaign exploiting AWS environments, APT41's advanced tactics against a Taiwanese research institute, and the Banshee InfoStealer targeting macOS. They also explore the impact of AI on cybersecurity, emphasizing the need for SOCs to evolve with new talent and strategies to address emerging threats. The episode underscores the importance of staying vigilant and adapting to the rapidly changing threat landscape.


    Top 5 Threat Hunting Headlines - 19 Aug 2024
    1. Secure List | Tusk Campaign Uses Infostealers and Clippers for Financial Gain
    • https://securelist.com/tusk-infostealers-campaign/113367/
    2. Unit 42 | Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
    • https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
    3. Cisco Talos Blog | APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute with ShadowPad and Cobalt Strike
    • https://blog.talosintelligence.com/chinese-hacking-group-apt41-compromised-taiwanese-government-affiliated-research-institute-with-shadowpad-and-cobaltstrike-2/?&web_view=true
    4. Elastic Security Labs | Beyond the Wail: Deconstructing the BANSHEE Infostealer
    • https://www.elastic.co/security-labs/beyond-the-wail
    5. Help Net Security | 74% of IT Professionals Worry That AI Tools Will Replace Them
    • https://www.helpnetsecurity.com/2024/08/15/it-professionals-ai-worry/?web_view=true

    -----

    Follow Us!

    Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    Más Menos
    54 m
  • S2 Ep21: Top 5 Threat Hunting Headlines - 12 Aug 2024

    S2 Ep21: Top 5 Threat Hunting Headlines - 12 Aug 2024
    Aug 15 2024
    Top 5 Threat Hunting Headlines - 12 Aug 2024
    1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackers
    • https://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true
    2. ReasonLabs | Enterprise Grade Security to All of Your Personal Devices
    • https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
    3. DFIR | Threat Actors' Toolkit: Leveraging Silver, PoshC2 & Batch Scripts
    • https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/
    4. SafeBreach | Downgrade Attacks Using Windows Updates
    • https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/
    5. Cyble | Double Trouble: Latrodectus and ACR Stealer Observed Spreading Via Google Authenticator Phishing Site
    • https://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/?&web_view=true

    -----

    Follow Us!

    Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    Más Menos
    55 m
  • S2 Ep20: Top 5 Threat Hunting Headlines - 29 July 2024

    S2 Ep20: Top 5 Threat Hunting Headlines - 29 July 2024
    Jul 30 2024
    Threat Hunting Workshop: Hunting for Command and Control
    31 July 2024 | 12:00 - 1:00 pm ET
    • Register Here!
    Black Hat 2024 Training with Lee Archinal
    "    A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate:
    • 3-4 Aug 2024: Sign Up Here!
    • 5-6 Aug 2024: Sign Up Here!
    -----

    Top 5 Threat Hunting Headlines - 29 July 2024
    1. Bleeping Computer | Acronis Warns of Cyber Infrastructure Default Password Abused in Attacks
    • https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/?&web_view=true
    2. Guardio Labs | “EchoSpoofing” – A Massive Phishing Campaigns Exploiting Proofpoint’s Email Protevtion to Dispatch Millions of Perfectly Spoofed Emails
    • https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=b32e776ffab3
    3. Esentire | Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT
    • https://www.esentire.com/blog/a-dropper-for-deploying-gh0st-rat?&web_view=true
    4. Check Point Research | Stargazers Ghost Network
    • https://research.checkpoint.com/2024/stargazers-ghost-network/
    5. Help Net Security | Most CISO’s Feel Unprepared for New Compliance Regulations
    • https://www.helpnetsecurity.com/2024/07/26/cisos-compliance-regulations-preparedness/?web_view=true
    -----

    Follow Us!

    Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    Más Menos
    1 h y 9 m
  • S2 Ep19: Top 5 Threat Hunting Headlines - 22 July 2024

    S2 Ep19: Top 5 Threat Hunting Headlines - 22 July 2024
    Jul 25 2024
    Threat Hunting Workshop: Hunting for Command and Control
    31 July 2024 | 12:00 - 1:00 pm ET
    • Register Here!
    Black Hat 2024 Training with Lee Archinal
    "    A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate:
    • 3-4 Aug 2024: Sign Up Here!
    • 5-6 Aug 2024: Sign Up Here!
    -----

    Top 5 Threat Hunting Headlines - 22 July 2024
    1. Popular Ukrainian Telegram Channels Hacked to Spread Russian Propaganda
    • https://therecord.media/ukrainian-news-telegram-channels-hacked-russian-propaganda?&web_view=true
    2. New Play Ransomware Linux Variant Targets ESXI Shows Ties with Prolific Puma
    • https://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html
    3. Dragos Frostygoop Report
    • https://regmedia.co.uk/2024/07/23/dragos_frostygoop-report.pdf
    4. Likely Ecrome Actor Capitalizing on Falcon Sensor Issues
    • https://www.crowdstrike.com/blog/likely-ecrime-actor-capitalizing-on-falcon-sensor-issues/
    5. Internet Organised Crime Threat Assessment 2024
    • https://www.europol.europa.eu/cms/sites/default/files/documents/Internet%20Organised%20Crime%20Threat%20Assessment%20IOCTA%202024.pdf

    -----

    Follow Us!

    Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    Más Menos
    1 h y 1 m
  • S2 Ep18: Top 5 Threat Hunting Headlines - 15 July 2024

    S2 Ep18: Top 5 Threat Hunting Headlines - 15 July 2024
    Jul 17 2024
    Threat Hunting Workshop: Hunting for Command and Control
    31 July 2024 | 12:00 - 1:00 pm ET
    • Register Here!
    Black Hat 2024 Training with Lee Archinal
    "    A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs"
    Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate:
    • 3-4 Aug 2024: Sign Up Here!
    • 5-6 Aug 2024: Sign Up Here!
    -----

    Top 5 Threat Hunting Headlines - 15 July 2024
    1. Infosecurity Magazine | CISA Urges Software Makers to Eliminate OS Command Injection Flaws
    • https://www.infosecurity-magazine.com/news/cisa-software-eliminate-command/?&web_view=true
    2. Wazuh | Detecting Living Off the Land Attacks with Wazuh
    • https://wazuh.com/blog/detecting-living-off-the-land-attacks-with-wazuh/
    3. ClickFIx Deception: A Social Engineering Tactic to Deploy Malware
    • https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/
    4. The Hacker News | 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit
    • https://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html?m=1
    5. Blackberry | Coyote Banking Trojan Targets LATAM with a Focus on Brazillian Financial Institutions
    • https://blogs.blackberry.com/en/2024/07/coyote-banking-trojan-targets-latam-with-a-focus-on-brazilian-financial-institutions?&web_view=true

    -----

    Follow Us!

    Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    Más Menos
    40 m
  • S2 Ep17: Top 5 Threat Hunting Headlines - 1 July 2024

    S2 Ep17: Top 5 Threat Hunting Headlines - 1 July 2024
    Jul 2 2024
    Threat Hunting Workshop: Hunting for Command and Control
    31 July 2024 | 12:00 - 1:00 pm ET
    • Register Here!
    Black Hat 2024 Training with Lee Archinal
    "    A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs"
    Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate:
    • 3-4 Aug 2024: Sign Up Here!
    • 5-6 Aug 2024: Sign Up Here!
    -----

    Top 5 Threat Hunting Headlines - 1 July 2024
    1. Qualys Security Blog | Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server
    • https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server?web_view=true
    2. ZScaler | Kimsuky Deploys TRANSLATEXT to Target South Korean Academia
    • https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia
    3. The Register | Police Allege 'Evil Twin' In-Flight WiFi Used to Steal Info & Australian Federal Police | Man Charged Over Creation of 'Evil Twin' Free WiFi Networks to Access Personal Data
    • https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/?&web_view=true
    • https://www.afp.gov.au/news-centre/media-release/man-charged-over-creation-evil-twin-free-wifi-networks-access-personal
    4. GitHub | JPCERTCC/LogonTracer
    • https://github.com/JPCERTCC/LogonTracer
    5. Help Net Security | 75% of New Vulnerabilities Exploited Within 19 Days
    • https://www.helpnetsecurity.com/2024/06/27/nvd-vulnerabilities/?web_view=true
    -----

    Follow Us!

    Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    Más Menos
    55 m
  • S2 Ep16: Top 5 Threat Hunting Headlines - 24 June 2024

    S2 Ep16: Top 5 Threat Hunting Headlines - 24 June 2024
    Jun 25 2024
    Black Hat 2024 Training with Lee Archinal
    "    A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs"
    Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate:
    *3-4 Aug 2024: Sign Up Here!
    *5-6 Aug 2024:     Sign Up Here!

    -----

    Top 5 Threat Hunting Headlines - 25 June 2024
    1. Positive Technologies | ExCobalt: GORed, the hidden-tunnel technique
    • https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/excobalt-gored-the-hidden-tunnel-technique/
    2. Cisco Talos | SneakyChef espionage group targets government agencies with SugarCh0st and more infection techniques
    • https://blog.talosintelligence.com/sneakychef-sugarghost-rat/
    3. Help Net Security | 1 out of 3 breaches go undetected
    • https://www.helpnetsecurity.com/2024/06/24/detecting-breaches-struggle-in-organizations/?web_view=true
    4. Ars Technica | Dell said return to office or else - nearly half of the workers chose "or else"
    • https://arstechnica.com/gadgets/2024/06/nearly-half-of-dells-workforce-refused-to-return-to-the-office/
    5. Infosecurity Magazine | Cybersecurity Burnout Costing Firms $700m+ Annually
    • https://www.infosecurity-magazine.com/news/cybersecurity-burnout-costing-700m/?&web_view=true
    -----

    Follow Us!

    Twitter: https://twitter.com/CyborgSecInc
    LinkedIn: https://www.linkedin.com/company/cyborg-security/
    YouTube: https://www.youtube.com/cyborgsecurity
    Discord: https://discord.gg/DR4mcW4zBr
    TikTok: https://www.tiktok.com/@cyborgsecinc
    Más Menos
    57 m