In this episode of Out of the Woods: The Threat Hunting Podcast, Scott Poley sits down with Brian Hill, a cybersecurity leader with a rich background in law enforcement, military service, and corporate security. Brian shares his journey from major crimes detective and forensics expert to building and managing Security Operations Centers (SOCs) at organizations like Arctic Wolf and Black Cloak. The discussion highlights challenges in scaling SOCs, the importance of balancing specialized...

In this episode of Out of the Woods: The Threat Hunting Podcast, Scott Poley catches up with Violet Sullivan, cyber services lead for insurance carrier Crum and Forester, at the Information Security Summit in Cleveland. Violet dives into the evolving world of cyber insurance, shedding light on the often-overlooked layers of coverage that go beyond cyber events, including system outages and privacy litigation. She explains the shifting focus from ransomware to privacy issues, and how the...

**Threat Hunting Workshop: Hunting for Discovery November 20, 2024 | 12:00 – 1:00 PM EST Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery **Out of the Woods: The Threat Hunting Podcast [LIVE EPISODE] December 5, 2024 | 12:00 - 1:30 PM EST Sign Up Here: https://intel471.com/resources/podcasts/the-ideal-outcome-the-gift-of-a-well-crafted-threat-hunt ---------- Top Headlines: Sophos News | Bengal cat lovers in Australia get psspsspss’d...

In this bonus episode of Out of the Woods, Scott Poley sits down with John DiMaria, Director of Operations Excellence at the Cloud Security Alliance (CSA), live from the Information Security Summit in Cleveland. DiMaria discusses his pivotal role in developing CSA’s STAR (Security, Trust, Assurance, and Risk) program and shares insights on cloud security, the evolution of the STAR program, and its alignment with CSA's Cloud Controls Matrix (CCM). They also explore the future of STAR in the...

**Threat Hunting Workshop: Hunting for Discovery November 20, 2024 | 12:00 – 1:00 PM ET Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery ---------- Top Headlines: Unit 42 | Jumpy Pisces Engages in Play Ransomware: https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/ Help Net Security | Sophos Mounted Counter-Offensive Operation to Foil Chinese Attackers:...

*Join our Threat Hunting Workshop: Hunting for Discovery* November 20, 2024 | 12:00 - 1:00 PM ET Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery ---- In this live episode of Out of the Woods: The Threat Hunting Podcast, we dive into essential threat hunting techniques and the journey to mastering the craft.  Join us as we discuss: Building resilience through community insights and shared resources Practical threat hunting tips with...

**[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter ---------- Top Headlines: Aqua | perfctl: A Stealthy Malware Targeting Millions of Linux Servers: https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/  Cisco Talos Blog | Threat Actor Believed to be Spreading New MedusaLocker Variant in Europe and...

**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection **[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter ---------- Top Headlines: The Hacker News | Critical Linux CUPS Printing System Flaws Could Allow...

**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection **[LIVE] Out of the Woods: The Threat Hunting Podcast October 24, 2024 | 7:00 – 8:30 PM ET Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter ---------- In this episode of Out of the Woods: The Threat Hunting Podcast, Scott Poley and Tom Kastura...

**Threat Hunting Workshop: Hunting for Collection October 2, 2024 | 12:00 - 1:00 PM ET Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection In this episode of Out of the Woods: The Threat Hunting Podcast, Scott and Lee discuss four key topics: North Korea’s social engineering attacks on the crypto industry, the rise of the malicious Chrome extension Luma C2 Stealer, a phishing and doxxing campaign by Russian threat actors targeting NGOs, and...

In this episode of "Out of the Woods: The Threat Hunting Podcast," Scott and Tom dive into the latest threat hunting headlines for the week of September 2nd, 2024. They explore how basic techniques are being repurposed in advanced ways, such as using Google Sheets for command and control in a suspected espionage campaign and employing web dev to enhance phishing attacks. The discussion also covers a new wave of skimming attacks targeting e-commerce sites and a deep dive into APT32’s advanced...

In this episode of the "Out of the Woods Threat Hunting Podcast," Scott and Tom break down the top threat hunting stories for the week of August 26, 2024. They dive into SetXP, a stealthy Linux malware that manipulates UDEV rules to evade detection, and explore why it’s not yet on the MITRE ATT&CK radar. The duo also covers PeakLight, a new memory-only dropper, and Stick Stealer, a malware targeting browser data and crypto wallets. Wrapping up with insights from a BlackSuit ransomware...

In this week's Top 5 Threat Hunting Headlines, Scott and Tom discuss top cybersecurity threats, including Kaspersky's Tusk InfoStealer campaign, a cloud extortion campaign exploiting AWS environments, APT41's advanced tactics against a Taiwanese research institute, and the Banshee InfoStealer targeting macOS. They also explore the impact of AI on cybersecurity, emphasizing the need for SOCs to evolve with new talent and strategies to address emerging threats. The episode underscores the...

In this week's Out of the Woods: The Threat Hunting Podcast, Scott and Tom dive into some big stories you should know about. They chat about a recent report on cyber attackers using Sliver C2 and simple HTTP servers to spread their tools, which is a good reminder to keep an eye on anything out of the ordinary in your systems. They also touch on a sneaky new malware campaign that's targeting browsers, a clever Windows downgrade attack, and the rise of phishing sites posing as Google...

Top 5 Threat Hunting Headlines - 12 August 2024 1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackers https://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true 2. ReasonLabs | Enterprise Grade Security to All of Your Personal Devices https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign 3. DFIR | Threat Actors' Toolkit: Leveraging Silver, PoshC2 & Batch...

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 29 July 2024 1. Bleeping Computer | Acronis Warns of Cyber Infrastructure Default Password Abused in...

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 22 July 2024 1. Popular Ukrainian Telegram Channels Hacked to Spread Russian...

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 15 July 2024 1. Infosecurity Magazine | CISA Urges...

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 1 July 2024 1. Qualys Security Blog | Remote...

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 25 June 2024 1. Positive Technologies | ExCobalt: GORed, the hidden-tunnel...

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 10 June 2024 1. Google Cloud | UNC5537 Targets Snowflake Customer Instances for Data Theft and...

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Early registration closes on May 24, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 22 May 2024 1. Kandji | Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware https://blog.kandji.io/malware-cuckoo-infostealer-spyware 2. Rapid7 | Ongoing...

Top 5 Threat Hunting Headlines - 13 May 2024 1. Infosecurity Magazine | AI-Powered Russian Network Pushes Fake Political News https://www.infosecurity-magazine.com/news/aipowered-russian-network-fake-news/?&web_view=true 2. Elastic Security Labs | Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Two https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two 3. The Record | Cyberthreat Landscape Permanently Altered by Chinese Operations, US...

Top 5 Threat Hunting Headlines - 22 April 2024 1. The Record | NATO to launch new cyber center to contest cyberspace 'at all times' https://therecord.media/nato-new-military-civilian-cyber-center-mons-belgium?&web_view=true 2. Securonix | Securonix Threat Research Knowledge Sharing Series: Detecting DLL Sideloading Techniques Found In Recent Real-world Malware Attack Chains https://www.securonix.com/blog/detecting-dll-sideloading-techniques-in-malware-attack-chains/ 3.  Darkreading |...