Threat hunting is about focus. Knowing where to spend your time is what sets tactical hunters apart. Join Out of the Woods live tomorrow for an interactive discussion on what drives real results. Our hosts will be engaging in real time on Discord. 🔗 hubs.la/Q03bpV4F0

LockBit 4.0 enhances its stealth with PowerShell abuse, security feature bypasses, and obfuscated exfiltration. Intel 471 tracks its evolving tactics, read the full report here: hubs.la/Q03bP3sK0 #emergingthreat #lockbit #threathunting #threatintel

Happy Monday everyone! Here is your #readoftheday! Source: CYFIRMA cyfirma.com/research/apt-p… A nice collection of #TTPs and #behaviors associated with #VoltTyphoon! Enjoy and #HappyHunting Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting

🚨 VanHelsing Ransomware hit 3 victims within weeks of launch. Cross-platform, $500K ransoms, and growing fast. Intel 471 is tracking it, read the full report: hubs.la/Q03fwSjX0 #vanhelsing #ransomware #emergingthreats #threathunting #cybersecurity

#Cybersecurity truly is a collaborative endeavor. We asked Steve Orrin from Intel to share his insights on how the government and commercial sides can work together to stay ahead of #CYBER threats. #informationsecurity

“For this case we observed TXT records being utilized for C2 communication rather than MX records. This can be identified by the "type: 16" in the Sysmon logs seen above. Below is a sample list that, while not exhaustive, provides a clear example of the traffic patterns:” 1/2

this continues to be the most simple yet diabolical defense evasion.

🌟New report out today!🌟 Navigating Through The Fog Analysis and reporting completed by Angelo Violetti, and reviewed by Zach. Audio: Available on Spotify, Apple, YouTube and more! thedfirreport.com/2025/04/28/nav…

📉DFIR Labs Weekend Discount📉 Use this discount code to receive 10% off all DFIR Labs cases! Discount expires May 5th 04:00 UTC ⏲️Buy now, use anytime over the next 3 months. ➡️Discount code: WeekendDiscount20250502 Access DFIR Labs: store.thedfirreport.com/collections/df…

Join Intel 471's Level 2 Threat Hunting Workshop on Execution tomorrow, May 14 from 12 - 1 PM EDT. Investigate PowerShell abuse, LOLBins, macro payloads, and more using real-world data. Finish the challenge, earn your #threathunting badge. Register now: hubs.la/Q03m5Z1H0

🚨Kroger cybersecurity is hiring! Check out the postings here: linkedin.com/posts/activity… #cyberjobs #hiring

CTI teams are under pressure to mature fast. In this #SANS webcast, Intel 471’s Ashley Jess shares insights on integrating #geopolitics and measuring CTI value using frameworks like CTI-CMM & CU-GIRH. Watch the full discussion: hubs.la/Q03tbg-t0 #CTI #cybersecurity

Check out this opportunity to work with an awesome team! #ThreatHunting #ThreatIntel

🌟New report out today!🌟 Hide Your RDP: Password Spray Leads to RansomHub Deployment Analysis and reporting completed by [email protected], Aleks and UC2 🔊Audio: Available on Spotify, Apple, YouTube and more! thedfirreport.com/2025/06/30/hid…

🚨 New Threat Actor Profile by Anastasia From the shadows of Conti, Black Basta emerged as one of the most prolific ransomware gangs in recent years—until a massive internal leak exposed everything. 🔍 In our latest profile, we trace the group’s Conti lineage, breakdown

Intel 471: This post will examine one of the top pro-Russian hacktivist groups, new ones that have entered the scene and the impact of these groups. intel471.com/blog/pro-russi… Intel 471

How do #malware behaviors inform hunt strategy? Find out July 31 in Intel 471’s live, hands-on workshop. Real telemetry, real IOAs, guided by our #threatintel and #threathunting teams. Sign up: hubs.la/Q03w49-h0 #cybersecurity #CTI

REPOST THIS for a chance to win a New Era Cap Players' Weekend 59FIFTY Cap!

Super fun working on this lab with the XINTRA gang!! Enjoy and let us know your feedback! #ScatteredSpider #MuddledLibra #UNC3944

Happy Skenes Day! REPOST THIS for a chance to win this autographed baseball by Paul Skenes. Presented by SHEETZ