Out of the Woods: The Threat Hunting Podcast

Top Headlines: LastPass Labs | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages Cisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/ Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*Threat Hunting Workshop: Hunting for Persistence - Level 2 September 24, 2025 | 12:00 - 1:00 PM ET Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-16-hunting-for-persistence-level-2 ---------- Top Headlines: Jamf Threat Labs | Learn about ChillyHell, a modular Mac backdoor: https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/ SecureList | Malicious MCP servers used in supply chain attacks: https://securelist.com/model-context-protocol-for-ai-integration-abused-in-supply-chain-attacks/117473/?web_view=true Bitdefender Blog | EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company: https://www.bitdefender.com/en-us/blog/businessinsights/eggstreme-fileless-malware-cyberattack-apac welivesecurity | Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass: https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode of Out of the Woods, we explored how AI is reshaping security operations beyond threat hunting. We highlighted real progress in insider threat detection, faster triage, and incident response while underscoring the ongoing need for human judgment. We also addressed integration challenges, tool sprawl, skill gaps, and risks such as hallucinations, bias, and deepfakes, before closing with what to expect as regulations tighten and attackers continue to weaponize AI. ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌ Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ *Threat Hunting Workshop: Hunting for Persistence - Level 2 September 24, 2025 | 12:00 - 1:00 PM ET Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-16-hunting-for-persistence-level-2 ---------- Top Headlines: Microsoft Security Blog | Storm-0501’s evolving techniques lead to cloud-based ransomware: https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/ Seqrite | Blogs on Information Technology, Network & Cybersecurity: https://www.seqrite.com/blog/operation-hankook-phantom-north-korean-apt37-targeting-south-korea/ Group-IB | ShadowSilk: A Cross-Border Binary Union for Data Exfiltration: https://www.group-ib.com/blog/shadowsilk/ Check Point Research | ZipLine Phishing Campaign Targets U.S. Manufacturing: https://research.checkpoint.com/2025/zipline-phishing-campaign/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌ Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ ---------- Top Headlines: Morphisec | Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints: https://www.morphisec.com/blog/noodlophile-stealer-evolves-targeted-copyright-phishing-hits-enterprises-with-social-media-footprints/ Securelist by Kaspersky | PipeMagic in 2025: How the backdoor operators’ tactics have changed: https://securelist.com/pipemagic/117270/?web_view=true Cisco Talos Blog | UAT-7237 targets Taiwanese web hosting infrastructure: https://blog.talosintelligence.com/uat-7237-targets-web-hosting-infra/ Resucurity | 'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan: https://www.resecurity.com/blog/article/blue-locker-analysis-ransomware-targeting-oil-gas-sector-in-pakistan ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌ Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ ---------- Top Headlines: Silent Push | Unmasking SocGholish: Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569: https://www.silentpush.com/blog/socgholish/ welivesecurity.com | Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability: https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/ ReliaQuest | ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration: https://reliaquest.com/blog/threat-spotlight-shinyhunters-data-breach-targets-salesforce-amid-scattered-spider-collaboration/ Talos Intelligence | Malvertising campaign leads to PS1Bot, a multi-stage malware framework: https://blog.talosintelligence.com/ps1bot-malvertising-campaign/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Scott Poley and Tom Kostura are joined by Ben McGavin, Threat Hunting Team Lead at RSM Defense, and Justin Dolgos, Senior Threat Hunter at RSM Defense, for a conversation on what it takes to build and run a threat hunting program inside an MSSP. They walk through how their team prioritizes hunts, manages detection logic across multi-tenant environments, and scales their approach through SoC collaboration and hypothesis-driven routines. Ben shares how the program was built from scratch, and Justin breaks down the lessons learned moving from alert triage into full-time threat hunting. They also cover tooling gaps, visibility challenges, and how custom detections have become a key success metric for their team. This episode offers practical insight from two hunters operating at the heart of a fast-moving MSSP environment. Watch this podcast on YouTube here: https://youtu.be/YQtmMomoUbU ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*Intel-Driven Threat Hunting Workshop: Analyzing Malware Behaviors July 31, 2025 | 11:00 AM - 1:00 PM ET Sign Up: https://intel471.com/resources/webinars/intelligence-driven-threat-hunting-workshop-analyzing-malware-behaviors *Meet with Intel 471 at Black Hat 2025 at Booth #5742 More info & events: https://intel471.com/lp/black-hat-usa-2025 ---------- Top Headlines: Microsoft Security Blog | Disrupting active exploitation of on-premises SharePoint vulnerabilities HackMag | Malware LameHug Utilizes LLM to Generate Commands on Infected Machines Catalyst | LARVA-208’s New Campaign Targets Web3 Developers TechCrunch | A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*Intel-Driven Threat Hunting Workshop: Analyzing Malware Behaviors July 31, 2025 | 11:00 AM - 1:00 PM ET Sign Up: https://intel471.com/resources/webinars/intelligence-driven-threat-hunting-workshop-analyzing-malware-behaviors *Meet with Intel 471 at Black Hat 2025 at Booth #5742 More info & events: https://intel471.com/lp/black-hat-usa-2025 ---------- Top Headlines: The DFIR Report | KongTuke FileFix Leads to New Interlock RAT Variant BleepingComputer | Google Gemini flaw hijacks email summaries for phishing CISA | CISA Adds One Known Exploited Vulnerability to Catalog Unit 42 | Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode of Out of the Woods: The Threat Hunting Podcast, we explored how AI is being used in threat hunting, from generating hypotheses to enriching data and shaping detection logic. We talked through some of the challenges teams are facing, including false positives and tool limitations, and discussed where human expertise is still essential. The conversation included practical examples and audience input on how AI is being tested and adopted in real-world environments. ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast The Intersection of AI and Threat Hunting: What Problems Emerge, What Problems Get Solved July 10, 2025 | 12:00 - 1:30 PM ET Sign up: https://intel471.com/resources/podcasts/the-intersection-of-ai-and-threat-hunting-what-problems-emerge-what-problems-get-solved *Intel-Driven Threat Hunting Workshop: Analyzing Malware Behaviors July 31, 2025 | 11:00 AM - 1:00 PM ET Sign Up: https://intel471.com/resources/webinars/intelligence-driven-threat-hunting-workshop-analyzing-malware-behaviors ---------- Top Headlines: Arctic Wolf | GIFTEDCROOK's Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations The DFIR Report | Hide Your RDP: Password Spray Leads to RansomHub Deployment Unit 42 | Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector Sucuri Blog | Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast The Intersection of AI and Threat Hunting: What Problems Emerge, What Problems Get Solved July 10, 2025 | 12:00 - 1:30 PM ET Sign up: https://intel471.com/resources/podcasts/the-intersection-of-ai-and-threat-hunting-what-problems-emerge-what-problems-get-solved *Intel-Driven Threat Hunting Workshop: Analyzing Malware Behaviors July 31, 2025 | 11:00 AM - 1:00 PM ET Sign Up: https://intel471.com/resources/webinars/intelligence-driven-threat-hunting-workshop-analyzing-malware-behaviors ---------- Top Headlines: HarfangLab | SadFuture: Mapping XDSpy latest evolution BleepingComputer | New FileFix attack weaponizes Windows File Explorer for stealthy commands Huntresss | Inside the BlueNoroff Web3 macOS Intrusion Analysis GBHackers Security | Notepad++ Vulnerability Allows Full System Takeover — PoC Released ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast The Intersection of AI and Threat Hunting: What Problems Emerge, What Problems Get Solved July 10, 2025 | 12:00 - 1:30 PM ET Sign up: https://intel471.com/resources/podcasts/the-intersection-of-ai-and-threat-hunting-what-problems-emerge-what-problems-get-solved *Threat Hunting Management Workshop: Structuring Collaboration Across Teams On-Demand: https://intel471.com/resources/webinars/threat-hunting-management-workshop-structuring-collaboration-across-teams ---------- Top Headlines: Check Point Research | The Discord Invite Loop Hole Hijacked for Attacks SecurityWeek | New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches Aim Labs | Echoleak M365 SecurityWeek | Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Threat Hunting Management Workshop: Structuring Collaboration Across Teams June 18, 2025 | 12:00 - 12:45 PM ET Sign up: https://intel471.com/resources/webinars/threat-hunting-management-workshop-structuring-collaboration-across-teams ---------- Top Headlines: Trend Micro | TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead Seqrite | Operation Sindoor: Anatomy of a High-Stakes Cyber Siege | Seqrite DTI | Inside a VenomRAT Malware Campaign - DomainTools Investigations Seqrite | Umbrella of Pakistani Threats: Converging Tactics of Cyber-operations Targeting India ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: Qualys | Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT WIRED | How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes WeLiveSecurity | ESET APT Activity Report Q4 2024–Q1 2025 BleepingComputer | New 'Defendnot' tool tricks Windows into disabling Microsoft Defender ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: Proofpoint | TA406 Pivots to the Front hunt.io | APT36-Linked ClickFix Campaign Spoofs Indian Ministry of Defence, Targets Windows & Linux Users Google Cloud Blog | COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs genians.co.kr | Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story) ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Clue by Clue: Can You Name the Threat Actor? Out of the Woods: The Threat Hunting Podcast returns with a special edition live episode built to sharpen how threat hunters think about adversary behavior. Our hosts will walk through a real-world threat actor’s activity one phase at a time, revealing tradecraft clues as the investigation unfolds. Listeners will have the chance to analyze the behavior and submit their best guess before the final reveal. This live, interactive session is grounded in real tradecraft and practical threat hunting techniques. You’ll see how MITRE ATT&CK techniques map to observed activity, how vertical-specific targeting shapes decisions, and how behavioral patterns can point to attribution faster. What We’ll Cover: Real adversary behavior – A phase-by-phase walkthrough of a known threat actor’s campaign MITRE ATT&CK in context – How techniques are applied in real incidents Recognizing tradecraft patterns – What links certain behaviors across threat actors Sector-specific targeting – How industry focus shapes attacker decisions Interactive analysis – Submit your guess before the threat actor is revealed live Engage with the Community! Join our Discord server during the episode to follow the clues, connect with other hunters, and share your thoughts in real time. Don't miss this chance to train your instincts and challenge your threat hunting perspective. Join the discussion here: https://discord.gg/DR4mcW4zBr ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Out of the Woods: The Threat Hunting Podcast - "Guess Who: The Adversary Edition" May 8, 2025 | 12:00 - 1:30 PM ET Sign Up: https://intel471.com/resources/podcasts/ootw-guess-who-the-adversary-edition Threat Hunting Workshop: Hunting for Execution - Level 2 May 14, 2025 | 12:00 - 1:00 PM ET Sign Up: https://intel471.com/resources/webinars/threat-hunting-workshop-15-hunting-for-execution-level-2 ---------- Top Headlines: Netcraft | Darcula-Suite Adds AI: Phishing Kits Now More Accessible CYFIRMA | Technical Malware Analysis Report: Python-based RAT Malware Google Cloud Blog | Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Cloud Blog The Cloudflare Blog | Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Out of the Woods: The Threat Hunting Podcast - "Guess Who: The Adversary Edition" May 8, 2025 | 12:00 - 1:30 PM ET Sign Up: https://intel471.com/resources/podcasts/ootw-guess-who-the-adversary-edition Threat Hunting Workshop: Hunting for Execution - Level 2 May 14, 2025 | 12:00 - 1:00 PM ET Sign Up: https://intel471.com/resources/webinars/threat-hunting-workshop-15-hunting-for-execution-level-2 ---------- Top Headlines: Check Point Research | Renewed APT29 Phishing Campaign Against European Diplomats: https://research.checkpoint.com/2025/apt29-phishing-campaign/ JPCERT/CC EYES | DslogdRAT Malware Installed in Ivanti Connect Secure: https://blogs.jpcert.or.jp/en/2025/04/dslogdrat.html?&web_view=true Tenable | ConfusedComposer: A Privilege Escalation Vulnerability Impacting GCP Composer: https://www.tenable.com/blog/confusedcomposer-a-privilege-escalation-vulnerability-impacting-gcp-composer Confense | Decoding Fake US ESTA Emails: Scam or Real Deal?: https://cofense.com/blog/decoding-fake-us-esta-emails-scam-or-real-deal?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[LIVE] Out of the Woods: The Threat Hunting Podcast - "Guess Who: The Adversary Edition" May 8, 2025 | 12:00 - 1:30 PM ET Sign Up: https://intel471.com/resources/podcasts/ootw-guess-who-the-adversary-edition Top Headlines: Symantec | Shuckworm Targets Foreign Military Mission Based in Ukraine: https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel BI.ZONE | Sapphire Werewolf Refines Amethyst Stealer to Attack Energy Companies: https://bi.zone/eng/expertise/blog/kamen-ogranennyy-sapphire-werewolf-ispolzuet-novuyu-versiyu-amethyst-stealer-dlya-atak-na-tek/ SentinelOne | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale: https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/ SecureList | GOFFEE Continues to Attack Organizations in Russia: https://securelist.com/goffee-apt-new-attacks/116139/?web_view=true ----------   Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/