Out of the Woods: The Threat Hunting Podcast

Understanding your environment is one of the most overlooked parts of threat hunting, and one of the most important. This live episode focuses on how to profile your environment, work through both existing and newly onboarded datasets, and build a clear picture of what normal actually looks like across your telemetry.
The conversation centers on practical approaches. How to think about your data. How to ask better questions. How to work through common challenges like incomplete visibility, noisy datasets, and inconsistent logging across tools. The session will include real examples, lessons learned, and the methods used to turn raw data into meaningful hunting insight.
This episode is built for practitioners who want to move beyond reactive detection and make decisions grounded in a deep understanding of their own systems, data, and gaps.
What We’ll Cover:

How to profile your environment and baseline normal activity across datasets

Approaches for working with new and unfamiliar telemetry sources

Techniques for handling noisy data and inconsistent logging

Ways to identify and account for visibility gaps

Practical examples from real-world threat hunting workflows

Watch the episode here: https://youtu.be/Uv46waZVAC0

Top Headlines:

Qualys | CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path: https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-lo[…]ion-and-credential-disclosure-in-the-linux-kernel-ptrace-path

Microsoft Security Blog | Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow: https://www.microsoft.com/en-us/security/blog/2026/05/20/introducing-rampart-and-clar[…]ource-tools-to-bring-safety-into-agent-development-workflow/

Socket | Mini Shai-Hulud Hits @antv Ecosystem, 639 Compromised npm Package Verssions: https://socket.dev/blog/antv-packages-compromised

WeLiveSecurity | Webworm: New Burrowing Techniques: https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/

----------
Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines:

The Hacker News | Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages: https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html

Checkmarx | Update: Ongoing Checkmarx Supply Chain Security Incident: https://checkmarx.com/blog/ongoing-security-updates/

Google Cloud Blog | Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access

Bitdefender | FamousSparrow APT Targets Azerbaijani Oil and Gas Industry: https://businessinsights.bitdefender.com/famoussparrow-apt-targets-azerbaijani-oil-gas-industry

----------
Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines:

Elastic Security Labs | Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT: https://www.elastic.co/security-labs/phantom-in-the-vault

SentinelOne | Annual Threat Report: A Defender's Guide from the Frontlines: https://www.sentinelone.com/resources/ebooks/assets/threat-intel-program-fy27/tdr-annual-threat-report-25-en?utm_medium=paid-display&utm_source=thehackernews&utm_campaign=amer-us-platform&utm_content=homepage-newsfeed-3-23-2026

eSentire | STX RAT: A new RAT in 2026 with Infostealer Capabilities: https://www.esentire.com/blog/stx-rat-a-new-rat-in-2026-with-infostealer-capabilities

----------
Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

In this special episode of Out of the Woods, Scott Poley and Tom Kostura review key findings from the Q1 2026 Threat Hunt Report and discuss what stood out across the quarter. They cover recurring living off the land activity, persistence techniques, valid account abuse, social engineering trends, geopolitical developments and supply chain compromises, with a focus on what those patterns mean for threat hunters and defenders.
Download the full Q1 2026 Threat Hunt Report: https://www.intel471.com/resources/whitepapers/threat-hunt-report-q1-2026
----------
Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/