Find partners
Biz & Tech Podcasts — Collaboration Platform
Menu
HomeBusiness and Technology PodcastsAboutBlogContactSubmit Podcast
Out of the Woods: The Threat Hunting Podcast

Out of the Woods: The Threat Hunting Podcast

Hosted by Out of the Woods: The Threat Hunting Podcast

TechnologyBusinessInterviews guests
WebsiteRSS feed

Episodes

160

Latest episode

May 2026

Language

EN

About the show

Intel 471's podcast with a twist! Join us for the first fully interactive threat hunting podcast where you can hang out with threat hunters from all over the world! Join a rag-tag bunch of threat hunters as they come out of the woods to explore some of the most burning issues related to cyber security. The Out of the Woods podcast is a casual talk covering the topics of threat hunting, security research, and threat intelligence, and some ranting and raving along the way, all over a cocktail or two! The Out of the Woods cyber security podcast is filmed in front of a live studio audience, and by that we mean YOU! We're inviting folks to join us once a month for a LIVE evening of great technical discussions, where you can ask questions and give your opinion in real time on a variety of discussions about threat hunting, security research, blue teaming, and wherever else the evening takes us!

Listen to episodes

60 recent
June 16, 2026Episode 445 min

S4 Ep4: Old Flaws, New Attacks

Top Headlines: Trend Micro | Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open: https://www.trendmicro.com/en_us/research/26/f/old-winrar-flaw-fuels-attacks-on-ukraine.html The Hacker News | Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models: https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html Huntress | Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix | Huntress: https://www.huntress.com/blog/unpatched-ntlm-leak-windows-search-uri-handler aikido.dev | Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm: https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm?_gl=1*8wn4a9*_up*MQ..*_gs*MQ..&gclid=Cj0KCQjw_vnQBhCxARIsADcZyxL-SVitznmoZxhQ5DpjJdXLfpMZyybysJ0YaiJmipzBYpqtqpTk2GUaAtsMEALw_wcB&gbraid=0AAAAApQ3BFhNDUDPZ7DnB3pGVCSCcmPoZ ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

May 29, 2026Episode 31 hr 30 min

S4 Ep3: [LIVE] Know Thy Environment: Building Context for Effective Threat Hunting

Understanding your environment is one of the most overlooked parts of threat hunting, and one of the most important. This live episode focuses on how to profile your environment, work through both existing and newly onboarded datasets, and build a clear picture of what normal actually looks like across your telemetry.The conversation centers on practical approaches. How to think about your data. How to ask better questions. How to work through common challenges like incomplete visibility, noisy datasets, and inconsistent logging across tools. The session will include real examples, lessons learned, and the methods used to turn raw data into meaningful hunting insight.This episode is built for practitioners who want to move beyond reactive detection and make decisions grounded in a deep understanding of their own systems, data, and gaps.What We’ll Cover: How to profile your environment and baseline normal activity across datasets Approaches for working with new and unfamiliar telemetry sources Techniques for handling noisy data and inconsistent logging Ways to identify and account for visibility gaps Practical examples from real-world threat hunting workflows Watch the episode here: https://youtu.be/Uv46waZVAC0

May 21, 2026Episode 236 min

S4 Ep2: Ptrace Yourself Before Your Agent Wrecks Yourself

Top Headlines: Qualys | CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path: https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-lo[…]ion-and-credential-disclosure-in-the-linux-kernel-ptrace-path Microsoft Security Blog | Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow: https://www.microsoft.com/en-us/security/blog/2026/05/20/introducing-rampart-and-clar[…]ource-tools-to-bring-safety-into-agent-development-workflow/ Socket | Mini Shai-Hulud Hits @antv Ecosystem, 639 Compromised npm Package Verssions: https://socket.dev/blog/antv-packages-compromised WeLiveSecurity | Webworm: New Burrowing Techniques: https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/ ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

May 18, 2026Episode 156 min

S4 Ep1: When the Chain Bites Back

Top Headlines: The Hacker News | Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages: https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html Checkmarx | Update: Ongoing Checkmarx Supply Chain Security Incident: https://checkmarx.com/blog/ongoing-security-updates/ Google Cloud Blog | Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access Bitdefender | FamousSparrow APT Targets Azerbaijani Oil and Gas Industry: https://businessinsights.bitdefender.com/famoussparrow-apt-targets-azerbaijani-oil-gas-industry ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

April 22, 2026Episode 6350 min

S3 Ep63: May the Context Be With You

Top Headlines: Elastic Security Labs | Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT: https://www.elastic.co/security-labs/phantom-in-the-vault SentinelOne | Annual Threat Report: A Defender's Guide from the Frontlines: https://www.sentinelone.com/resources/ebooks/assets/threat-intel-program-fy27/tdr-annual-threat-report-25-en?utm_medium=paid-display&utm_source=thehackernews&utm_campaign=amer-us-platform&utm_content=homepage-newsfeed-3-23-2026 eSentire | STX RAT: A new RAT in 2026 with Infostealer Capabilities: https://www.esentire.com/blog/stx-rat-a-new-rat-in-2026-with-infostealer-capabilities ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

April 21, 2026Episode 621 hr 4 min

S3 Ep62: Q1 2026 - Threat Hunt Report

In this special episode of Out of the Woods, Scott Poley and Tom Kostura review key findings from the Q1 2026 Threat Hunt Report and discuss what stood out across the quarter. They cover recurring living off the land activity, persistence techniques, valid account abuse, social engineering trends, geopolitical developments and supply chain compromises, with a focus on what those patterns mean for threat hunters and defenders.Download the full Q1 2026 Threat Hunt Report: https://www.intel471.com/resources/whitepapers/threat-hunt-report-q1-2026----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

March 26, 2026Episode 611 hr 29 min

S3 Ep61: [LIVE] Guess Who: The Malware Edition

Can You Identify the Malware Family?Out of the Woods: The Threat Hunting Podcast returns with another live, interactive edition designed to test how you analyze malicious activity. This session will focus on a specific malware family, revealing its behavior in stages as our hosts walk through execution patterns, infrastructure clues, and operational tradecraft.Participants will examine how observed behaviors align to MITRE ATT&CK, how the malware evolves across campaigns, and how delivery methods and post-exploitation activity signal attribution. Before the final reveal, attendees will have the opportunity to submit their best guess on which malware family is responsible.What You’ll Learn: Real-world malware behavior – A phase-by-phase breakdown of an active malware campaign MITRE ATT&CK in context – How techniques manifest during execution Behavioral fingerprinting – Identifying patterns across variants and infrastructure Delivery and objectives – What infection chains reveal about operator intent Interactive analysis – Submit your guess before the final reveal Watch the episode here: https://youtu.be/wo-Vy6okKVI

March 5, 2026Episode 6047 min

S3 Ep60: Honey, I sideloaded Havoc...

*[LIVE] Out of the Woods Podcast: Guess Who: The Malware EditionMarch 25, 2026 | 12:00 - 1:30 PM ETSign Up: https://www.intel471.com/resources/podcasts/guess-who-the-malware-edition-1*Threat Hunting Management Workshop: Rethinking PriorityMarch 18, 2026 | 12:00 - 12:30 PM ETSign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-rethinking-priority----------Top Headlines: Arctic Wolf | SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh: https://arcticwolf.com/resources/blog/sloppylemming-deploys-burrowshell-and-rust-based-rat-to-target-pakistan-and-bangladesh/ Huntress | Fake Tech Support Delivers Havoc Command & Control: https://www.huntress.com/blog/fake-tech-support-havoc-command-control Socket | StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer: https://socket.dev/blog/stegabin-26-malicious-npm-packages-use-pastebin-steganography ThreatLabz | APT37 Adds New Tools For Air-Gapped Networks: https://www.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks?&web_view=true#technical-analysis ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

February 27, 2026Episode 591 hr 2 min

S3 Ep59: Raiders of the Lost Macro

Top Headlines: Group-IB | Operation Olalampo: Inside MuddyWater’s Latest Campaign: https://www.group-ib.com/blog/muddywater-operation-olalampo/ Point Wild | Remcos Revisited: Inside the RAT’s Evolving Command-and-Control Techniques: https://www.pointwild.com/threat-intelligence/remcos-revisited-inside-the-rats-evolving-command-and-control-techniques/ Lab 52 | Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure: https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/ therecord.media | Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found: https://therecord.media/researchers-warn-volt-typhoon-still-active-critical-infrastructure?&web_view=true ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

February 19, 2026Episode 5846 min

S3 Ep58: Keep the Classics, Cue the Chaos

Top Headlines: The Hacker News | Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging: https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html?m=1 Straiker | SmartLoader Clones Oura Ring MCP to Deploy Supply Chain Attack: https://www.straiker.ai/blog/smartloader-clones-oura-ring-mcp-to-deploy-supply-chain-attack InfoStealers | Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations: https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations/ Forcepoint | ScreenConnect Under Attack: SmartScreen Evasion and RMM Abuse: https://www.forcepoint.com/blog/x-labs/screenconnect-attack ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

Is this your show?

Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.

Claim this listing

More Technology podcasts

Sin88

Business
Drive Electric Alabama

Drive Electric Alabama

Drive Electric Alabama

TechnologyInterviews guests

WW88

Business

Thabet

Business
SowGrow Marketing Council

SowGrow Marketing Council

sgmc

BusinessMarketing
Toldjya Finance Podcast

Toldjya Finance Podcast

Zac Huish, Cameron Cooke, and Paul Lamb

BusinessInvesting