SHOW NOTES

In episode 3 of the 2026 Threat Detection Report miniseries, Red Canary experts Stef Rand and Tony Lambert discuss key threat trends from this year’s report.

The session covers three major themes: the rise of Node.js malware used by adversaries, DLL sideloading, and the continued use of living off the land binaries and scripts (LOLBins/LOLBAS) by threat actors.

Stef and Tony explain how adversaries prefer using existing system tools rather than bringing their own malware, making detection more challenging. They provide practical defense recommendations including changing default file handlers, ensuring comprehensive EDR coverage, baselining normal system behavior, and implementing application control policies. The discussion includes real-world examples from threats like JustAskJacky, Tampered Chef, and Scarlet Goldfinch, emphasizing that these techniques are evergreen and will continue to be used by adversaries.

Timestamps:

• 00:00: Introduction
• 01:22: Welcome to SecOps Weekly!
• 03:37: Why adversaries are choosing Node.js
• 12:48: We know: DLL sideloading is a constant struggle
• 20:15 : Combatting LOLbins and LOLBAS