Out of the Woods: The Threat Hunting Podcast

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Early registration closes on May 24, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 22 May 2024 1. Kandji | Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware https://blog.kandji.io/malware-cuckoo-infostealer-spyware 2. Rapid7 | Ongoing Malvertising Campaign Leads to Ransomware https://www.rapid7.com/blog/post/2024/05/13/ongoing-malvertising-campaign-leads-to-ransomware/ 3. Unit 42 | Payload Trends in Malicious OneNote Samples https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/ 4. Check Point Research | Bad Karma, No Justice: Void Manticore Destructive Activities in Isreal https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/ 5. Aqua Nautilus | Kinsing Demystified - A comprehensive Technical Guide https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Top 5 Threat Hunting Headlines - 13 May 2024 1. Infosecurity Magazine | AI-Powered Russian Network Pushes Fake Political News https://www.infosecurity-magazine.com/news/aipowered-russian-network-fake-news/?&web_view=true 2. Elastic Security Labs | Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Two https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two 3. The Record | Cyberthreat Landscape Permanently Altered by Chinese Operations, US Officials Say https://therecord.media/cyberthreat-landscape-altered-chinese-operations?&web_view=true 4. Elastic Security Labs | Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Four https://www.elastic.co/security-labs/dissecting-remcos-rat-part-four 5. Help Net Security | How Secure is the "Password Protection" on Your Files and Drives? https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Top 5 Threat Hunting Headlines - 22 April 2024 1. The Record | NATO to launch new cyber center to contest cyberspace 'at all times' https://therecord.media/nato-new-military-civilian-cyber-center-mons-belgium?&web_view=true 2. Securonix | Securonix Threat Research Knowledge Sharing Series: Detecting DLL Sideloading Techniques Found In Recent Real-world Malware Attack Chains https://www.securonix.com/blog/detecting-dll-sideloading-techniques-in-malware-attack-chains/ 3.  Darkreading | Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware?&web_view=true 4. HackTricks https://book.hacktricks.xyz 5. CSA | Deploying AI Systems Securely https://media.defense.gov/2024/Apr/15/2003439257/-1/-1/0/CSI-DEPLOYING-AI-SYSTEMS-SECURELY.PDF ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Top 5 Threat Hunting Headlines - 15 April 2024 1. Volexity | Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ 2. Trend Micro | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear https://www.trendmicro.com/en_no/research/24/d/earth-hundun-waterbear-deuterbear.html 3.  The Cyber Express | FatalRAT Targets Cryptocurrency Users With DLL Side-loading Techniques https://thecyberexpress.com/fatalrat-phishing-campaign/?&web_view=true 4. Elastic Security Labs | Linux detection engineering with Auditd https://www.elastic.co/security-labs/linux-detection-engineering-with-auditd 5. NIST Special Publication | Incident Response Recommendations and Considerations for Cybersecurity Risk Management https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r3.ipd.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

To be fully interactive by asking questions and giving feedback and opinions in real-time, join our Discord Server! Be sure to join the live recording of our next episode to be a part of the fun! --> https://discord.gg/sHw5c3qwRh Looking to have your cyber security questions or insights featured on our next episode? Tag #OutOfTheWoodsPodcast on your socials when you share your thoughts. No question is too specific, no insight too niche—we're here for it all!  ------------ Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity TikTok: https://www.tiktok.com/@cyborgsecinc

**[LIVE] Out of the Woods Podcast Episode April 4, 2024 | 7:00 - 8:30 PM ET More Details/Registration 👇 https://info.cyborgsecurity.com/en-us/threathuntingpodcast-e15 Get your FREE HUNTER Community Account today! 👇 https://www.cyborgsecurity.com/user-account-creation/ ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

**[LIVE] Out of the Woods Podcast Episode April 4, 2024 | 7:00 - 8:30 PM ET More Details/Registration 👇 https://info.cyborgsecurity.com/en-us/threathuntingpodcast-e15 ---- Top 5 Threat Hunting Headlines - 20 March 2024 1. IBM X-Force Threat Intelligence Index 2024 https://www.ibm.com/reports/threat-intelligence?utm_content=SRCWW&p1=Search&p4=43700079592066619&p5=e&gad_source=1&gclsrc=ds 2. Almond | UAC Bypass via Elevated .NET Applications https://offsec.almond.consulting/UAC-bypass-dotnet.html 3. Help Net Security | Only 13% of Medical Devices Support Endpoint Protection Agents https://www.helpnetsecurity.com/2024/03/14/medical-devices-cybersecurity-concerns/?web_view=true 4.  Sonicwall - By Security News | Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/ 5. Bleeping Computer | Hackers Exploit Aiohttp Bug to Find Vulnerable Networks https://www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-to-find-vulnerable-networks/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

**Threat Hunting Workshop: Hunting for Initial Access March 20, 2024 | 12:00 - 1:00 PM ET More Details/ Registration 👇 https://info.cyborgsecurity.com/en-us/threat-hunting-workshop-10 **[LIVE] Out of the Woods Podcast Episode April 4, 2024 | 7:00 - 8:30 PM ET More Details/Registration 👇 https://info.cyborgsecurity.com/en-us/threathuntingpodcast-e15 ---- Top 5 Threat Hunting Headlines - 11 March 2024 1. The Hacker News | Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html?m=1 https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/ 2. Almond | UAC Bypass via Elevated .NET Applications  https://offsec.almond.consulting/UAC-bypass-dotnet.html 3. Check Point Research | Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities  https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/?web_view=true 4. https://www.nieuwsblad.be/cnt/dmf20240306_93861112 5. Infosecurity Magazine | Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Campaign https://www.infosecurity-magazine.com/news/dropbox-credentials-bypass-mfa/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

**Threat Hunting Workshop: Hunting for Initial Access March 20, 2024 | 12:00 - 1:00 PM ET More Details/ Registration 👇 https://info.cyborgsecurity.com/en-us/threat-hunting-workshop-10 Top 5 Threat Hunting Headlines - 04 March 2024 1. TrendMicro - Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html?&web_view=true 2. Help Net Security - Cybercriminals harness AI for new era of malware development https://www.helpnetsecurity.com/2024/03/01/hi-tech-crime-trends-2023-2024/?web_view=true 3. Malware Bytes - Malicious meeting invite fix targets Mac users https://www.malwarebytes.com/blog/news/2024/03/malicious-meeting-invite-fix-targets-mac-users?&web_view=true 4.  Security Affairs - A U.S. Court ordered surveillance firm NSO Group to hand over the source code for its Pegasus spyware and other products to Meta https://securityaffairs.com/159847/security/nso-group-vs-meta-pegasus-hand-over.html?web_view=true 5. Security Affairs - U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/159796/security/cisa-adds-microsoft-streaming-service-bug-known-exploited-vulnerabilities-catalog.html?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

To be fully interactive by asking questions and giving feedback and opinions in real-time, join our Discord Server! Be sure to join the live recording of our next episode to be a part of the fun! --> https://discord.gg/sHw5c3qwRh ------------ Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity TikTok: https://www.tiktok.com/@cyborgsecinc

Top 5 Threat Hunting Headlines - 26 February 2024 1. The DFIR Report: SEO Poisoning to Domain Control: The Gootloader Saga Continues https://thedfirreport.com/2024/02/26/seo-poisoning-to-domain-control-the-gootloader-saga-continues/ 2. Cybersecurity & Infrastructure Security Agency: Updated: Top Cyber Actions for Securing Water Systems https://www.cisa.gov/news-events/alerts/2024/02/23/updated-top-cyber-actions-securing-water-systems https://www.cisa.gov/sites/default/files/2024-02/fact-sheet-top-cyber-actions-for-securing-water-systems.pdf 3. The Hacker News: LockBit Ransomware Group Resurfaces After Law Enforcement Takedown https://thehackernews.com/2024/02/lockbit-ransomware-group-resurfaces.html 4. Group-IB: Extra Credit: VietCredCare Information Stealer Takes Aim at Vietnamese Businesses https://www.group-ib.com/blog/vietcredcare-stealer/ 5. Help Net Security: Cybersecurity Fears Drive a Return to On-Premise Infrastructure From Cloud Computing https://www.helpnetsecurity.com/2024/02/22/cloud-repatriation-projects-reasons/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Top 5 Threat Hunting Headlines - 05 February 2024 1. Exploring the Latest Mispadu Stealer Variant https://unit42.paloaltonetworks.com/mispadu-infostealer-variant/?web_view=true 2. Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/ 3. DDoS Attack Power Skyrockets to 1.6 Tbps https://www.helpnetsecurity.com/2024/02/02/ddos-attacks-h2-2023/?web_view=true 4. Evolution of UNC4990: Uncovering USB Malware https://www.mandiant.com/resources/blog/unc4990-evolution-usb-malware 5. Detecting and Mitigating a Phishing Threat: "Greatness" https://blog.sucuri.net/2024/02/detecting-and-mitigating-a-phishing-threat-greatness.html?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity

Top 5 Threat Hunting Headlines - 22 January 2024 1. MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries https://thehackernews.com/2024/01/hackers-hijack-popular-java-and-android.html https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/#maven-philosophy 2. North Korea's ScarCruft Attackers Gear Up to Target Cybersecurity Pros https://www.darkreading.com/threat-intelligence/north-koreasc-arcruft-attackers-target-cybersecurity-pros https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/ 3. The Fake Fix: New Chae$ 4.1 Malware Hides in Driver Downloads https://www.hackread.com/fake-fix-chaes-4-1-malware-hides-driver-downloads/?web_view=true 4. Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes 5. Bulletproof Hosting: A Critical Cybercriminal Service https://intel471.com/blog/bulletproof-hosting-a-critical-cybercriminal-service?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity

Top 5 Threat Hunting Headlines - 08 January 2024 1. The Hacker News | Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies https://thehackernews.com/2024/01/sea-turtle-cyber-espionage-campaign.html?&web_view=true https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/tortoise-and-malwahare.html 2. TRM | North Korean Hackers Stole $600 Million in Crypto in 2023 https://www.trmlabs.com/post/north-korean-hackers-stole-600-million-in-crypto-in-2023 3. ClearSky Cyber Securfity | No-Justice Wiper https://www.clearskysec.com/wp-content/uploads/2024/01/No-Justice-Wiper.pdf 4. Uptycs | Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion https://www.uptycs.com/blog/remcos-rat-uac-0500-pipe-method 5. The Register | Ransomware payment ban: Wrong idea at the wrong time https://www.theregister.com/2024/01/06/ransomware_payment_ban_wrong_idea/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc

Top 5 TTPs & Behaviors - 11 Dec 2023 Get your FREE HUNTER Community Account to hunt for these TTPs and Behaviors 👇 https://hunter.cyborgsecurity.io/login ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc

To be fully interactive by asking questions and giving feedback and opinions in real-time, join our Discord Server! Be sure to join the live recording of our next episode to be a part of the fun! --> https://discord.gg/sHw5c3qwRh ------------ Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc

Bonus Episode - November 30, 2023 Embark on an exploratory journey through the domain of cybersecurity with our host, Scott Poley, in this enlightening podcast episode. Our distinguished guest, Major Pierce, currently serving as the Director of Cyber Operations for the PA National Guard, unfolds her unique narrative within the digital defense realm – from her initial draw to the cyber sector to the pivotal decisions guiding her to a leading role. Major Pierce's tenure at the PA National Guard is far from typical. In her pivotal position, she directs a nuanced strategy of cyber operations, tackling the complexities of digital warfare within the U.S. Army. The operations she oversees are characterized by a sophisticated blend of tactical foresight and the raw talent of her team, crafting bespoke solutions that address the multifaceted challenges of national security. In this episode, Major Pierce offers a rare glimpse behind the scenes of military cybersecurity, discussing the trials and triumphs that shape the sector's landscape. As she narrates her professional trajectory and operational insights, listeners are invited to discover the synergy between individual expertise and collective operational success in the dynamic arena of cyber operations. Tune in for an episode rich in anecdotes and wisdom from the forefront of cybersecurity innovation. *Connect with Major Pierce: https://www.linkedin.com/in/christine-pierce-mps-cissp-3a128080/ ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc

Top 5 Threat Hunting Headlines - 27 Nov 2023 Secure List: HrServ – Previously Unknown Web Shell Used in APT Attack https://securelist.com/hrserv-apt-web-shell/111119/ Group-IB: Hunting Rituals #2.2: Threat Hunting for Abuse of Windows Services https://www.group-ib.com/blog/hunting-rituals-windows-services-part-2/ Red Canary: Threat Hunting for PsExec, Open-Source Clones, and Other Lateral Movement Tools https://redcanary.com/blog/threat-hunting-psexec-lateral-movement/ Talos: A Deep Dive into Phobos Ransomware, Recently Deployed by 8Base Group https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/ Cyware: Lazarus Group Exploit MagicLine2NX Flaw to Launch Supply Chain Attacks https://cyware.com/news/lazarus-group-exploit-magicline4nx-flaw-to-launch-supply-chain-attacks-11b98153 ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc

Join our host, Scott Poley, in this insightful bonus episode where he sits down with Tony Pietrocola, the driving force behind AgileBlue. Tony shares his personal expedition into the realm of cybersecurity, detailing the journey that shaped his expertise. He also unfolds his forward-thinking perspective on the future of cybersecurity in our rapidly evolving digital age. AgileBlue offers a synergy of AI-driven cybersecurity fortified with the reliability of human expertise. Their sophisticated SOC|SOAR platform stands guard over your digital and cloud infrastructure. It provides comprehensive 24/7 oversight, adept at swiftly pinpointing and mitigating cyber threats, ensuring peace of mind through vigilant monitoring, detection, and responsive action. *Learn more about AgileBlue – https://www.linkedin.com/in/tonypietrocola/ *Connect with Tony - https://agileblue.com/ ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc

Bonus Episode - November 17, 2023 Dive into the world of cybersecurity with Sam Paredes on our latest podcast episode. As the Founder and Security Researcher at BugNode, Samuel shares his personal odyssey within the tech industry, from a burgeoning passion to the helm of a trailblazing security enterprise. BugNode isn't just another web application testing service. Under Samuel's leadership, the company champions a meticulous, hands-on approach to safeguarding applications. By tackling security challenges with human ingenuity, BugNode's expert team crafts a tailored defense strategy for each client, ensuring robust protection that empowers businesses to thrive without the overhead of digital threats. Throughout the episode, Samuel provides an insider's look at the hurdles faced by security professionals and how BugNode strategically overcomes them. Tune in to gain valuable insights into the intersection of personal growth and professional excellence in the fast-evolving landscape of application security. *Learn more about BugNode - https://www.bugnode.io/ *Connect with Sam - https://www.linkedin.com/in/sam-par/ ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc