Episodes

  • S3 Ep60: Honey, I sideloaded Havoc...

    S3 Ep60: Honey, I sideloaded Havoc...
    Mar 5 2026

    *[LIVE] Out of the Woods Podcast: Guess Who: The Malware Edition
    March 25, 2026 | 12:00 - 1:30 PM ET
    Sign Up: https://www.intel471.com/resources/podcasts/guess-who-the-malware-edition-1

    *Threat Hunting Management Workshop: Rethinking Priority
    March 18, 2026 | 12:00 - 12:30 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-rethinking-priority

    ----------

    Top Headlines:
    • Arctic Wolf | SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh: https://arcticwolf.com/resources/blog/sloppylemming-deploys-burrowshell-and-rust-based-rat-to-target-pakistan-and-bangladesh/
    • Huntress | Fake Tech Support Delivers Havoc Command & Control: https://www.huntress.com/blog/fake-tech-support-havoc-command-control
    • Socket | StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer: https://socket.dev/blog/stegabin-26-malicious-npm-packages-use-pastebin-steganography
    • ThreatLabz | APT37 Adds New Tools For Air-Gapped Networks: https://www.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks?&web_view=true#technical-analysis


    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show more Show less
    48 mins
  • S3 Ep59: Raiders of the Lost Macro

    S3 Ep59: Raiders of the Lost Macro
    Feb 27 2026
    Top Headlines:
    • Group-IB | Operation Olalampo: Inside MuddyWater’s Latest Campaign: https://www.group-ib.com/blog/muddywater-operation-olalampo/
    • Point Wild | Remcos Revisited: Inside the RAT’s Evolving Command-and-Control Techniques: https://www.pointwild.com/threat-intelligence/remcos-revisited-inside-the-rats-evolving-command-and-control-techniques/
    • Lab 52 | Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure: https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/
    • therecord.media | Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found: https://therecord.media/researchers-warn-volt-typhoon-still-active-critical-infrastructure?&web_view=true


    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show more Show less
    1 hr and 2 mins
  • S3 Ep58: Keep the Classics, Cue the Chaos

    S3 Ep58: Keep the Classics, Cue the Chaos
    Feb 19 2026
    Top Headlines:

    • The Hacker News | Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging: https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html?m=1
    • Straiker | SmartLoader Clones Oura Ring MCP to Deploy Supply Chain Attack: https://www.straiker.ai/blog/smartloader-clones-oura-ring-mcp-to-deploy-supply-chain-attack
    • InfoStealers | Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations: https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations/
    • Forcepoint | ScreenConnect Under Attack: SmartScreen Evasion and RMM Abuse: https://www.forcepoint.com/blog/x-labs/screenconnect-attack


    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show more Show less
    46 mins
  • S3 Ep57: If you speak it, they will come...

    S3 Ep57: If you speak it, they will come...
    Feb 12 2026

    *On-Demand - Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2
    Watch Now: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2

    ----------

    Top Headlines:

    • Socket | Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise: https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi
    • Help Net Security | State-backed phishing attacks targeting military officials and journalists on Signal: https://www.helpnetsecurity.com/2026/02/06/state-linked-phishing-europe-journalists-signal/?web_view=true
    • Cisco Talos | Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework: https://blog.talosintelligence.com/knife-cutting
    • Huntress | They Got In Through SonicWall. Then They Tried to Kill Every Security Tool: https://www.huntress.com/blog/encase-byovd-edr-killer


    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show more Show less
    49 mins
  • S3 Ep56: Hunt the Whole Story, Follow the Rabbit

    S3 Ep56: Hunt the Whole Story, Follow the Rabbit
    Feb 5 2026
    *Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2
    February 11, 2026 | 12:00 - 1:00 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2

    Top Headlines:

    • VulnCheck | Metro4Shell: Exploitation of React Native’s Metro Server in the Wild: https://www.vulncheck.com/blog/metro4shell_eitw
    • Notepad | Notepad++ Hijacked by State-Sponsored Hackers: https://notepad-plus-plus.org/news/hijacked-incident-info-update/
    • ThreatLabz | Operation Neusploit: APT28 Uses CVE-2026-21509: https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit
    • CERT-UA | "Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542): https://cert.gov.ua/article/6287250

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show more Show less
    38 mins
  • S3 Ep55: Threat Hunting Year in Review: 2025 Trends and What’s Next

    S3 Ep55: Threat Hunting Year in Review: 2025 Trends and What’s Next
    Feb 4 2026

    *Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2
    February 11, 2026 | 12:00 - 1:00 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2

    ----------

    Out of the Woods: The Threat Hunting Podcast returned with a live episode focused on the trends threat hunters saw repeatedly throughout 2025 and what those patterns point to next.

    This episode serves as a threat hunter’s year in review. The discussion walks through the actors, malware, behaviors, tactics, and techniques that consistently surfaced over the year, ties those findings back to MITRE ATT&CK, and connects themes across recent episodes. The focus is on what stayed consistent, what mattered most during hunts, and what those signals reveal about where attention should remain.

    The conversation also looks ahead. Based on what emerged in 2025 and how hunts played out across environments, the panel shares perspectives on what is likely to continue, where focus is expected to remain in 2026, and what threat hunters should keep in mind going forward.

    Topics covered include:

    • Threat actors, malware, and behaviors that appeared most often in 2025
    • Tactics and techniques that consistently surfaced across hunts, mapped to MITRE ATT&CK
    • Common hunt themes observed across environments throughout the year
    • What 2025 trends suggest about threat hunting focus in 2026
    • Behaviors and techniques likely to remain relevant moving forward

    Watch the episode here: https://youtu.be/GyYTTMNyjCE?si=WynwmHS1psGN9KqO

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show more Show less
    1 hr and 31 mins
  • S3 Ep54: Stop, Collaborate and Secure

    S3 Ep54: Stop, Collaborate and Secure
    Jan 23 2026

    *[LIVE] Out of the Woods: The Threat Hunting Podcast – Threat Hunting Year in Review: 2025 Trends and What’s Next
    January 29, 2026 | 12:00 - 1:30 PM ET
    Sign Up: https://www.intel471.com/resources/podcasts/threat-hunting-year-in-review-2025-trends-and-whats-next

    *Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2
    February 11, 2026 | 12:00 - 1:00 PM ET
    Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2

    Top Headlines:

    • Google Cloud Blog | Releasing Rainbow Tables to Accelerate Protocol Deprecation: https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables
    • BleepingComputer | Hackers exploit security testing apps to breach Fortune 500 firms: https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/?&web_view=true
    • CyberArk | UNO reverse card: stealing cookies from cookie stealers: https://www.cyberark.com/resources/all-blog-posts/uno-reverse-card-stealing-cookies-from-cookie-stealers
    • Malwarebytes | Can you use too many LOLBins to drop some RATs?: https://www.malwarebytes.com/blog/news/2026/01/can-you-use-too-many-lolbins-to-drop-some-rats?web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show more Show less
    53 mins
  • S3 Ep53: New Year, Old Tricks

    S3 Ep53: New Year, Old Tricks
    Jan 8 2026

    *[LIVE] Out of the Woods: The Threat Hunting Podcast – Threat Hunting Year in Review: 2025 Trends and What’s Next
    January 29, 2026 | 12:00 - 1:30 PM ET
    Sign Up: https://www.intel471.com/resources/podcasts/threat-hunting-year-in-review-2025-trends-and-whats-next

    Top Headlines:

    • Securonix | Analyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection: https://www.securonix.com/blog/analyzing-phaltblyx-how-fake-bsods-and-trusted-build-tools-are-used-to-construct-a-malware-infection/
    • https://mp.weixin.qq.com/mp/wappoc_appmsgcaptcha?poc_token=HM4cYGmjT2nsqEAFwWn2Sj9R90gqZmI2tEvjWdak&target_url=https%3A%2F%2Fmp.weixin.qq.com%2Fs%3F__biz%3DMzUyMjk4NzExMA%3D%3D%26mid%3D2247507757%26idx%3D1%26sn%3Dcf6b118e88395af45a000aae80811264
    • CYFIRMA | APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities: https://www.cyfirma.com/research/apt36-multi-stage-lnk-malware-campaign-targeting-indian-government-entities/
    • BleepingComputer | VSCode IDE forks expose users to "recommended extension" attacks: https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension-attacks/?&web_view=true

    ----------

    Stay in Touch!
    Twitter: https://twitter.com/Intel471Inc
    LinkedIn: https://www.linkedin.com/company/intel-471/
    YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
    Discord: https://discord.gg/DR4mcW4zBr
    Facebook: https://www.facebook.com/Intel471Inc/
    Show more Show less
    41 mins