![Caught in the funnel. [Research Saturday] - podcast episode cover](https://assets.metacast.app/images/episode/artwork/UtfMsGmx)
Caught in the funnel. [Research Saturday]
Jan 24, 2026•24 min•Season 10Ep. 409
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Today we have Andrew Northern, Principal Security Researcher at Censys, discussing "From Evasion to Evidence: Exploiting the Funneling Behavior of Injects". This research explains how modern web malware campaigns use multi-stage JavaScript injections, redirects, and fake CAPTCHAs to selectively deliver payloads and evade detection.
It shows that these attack chains rely on stable redirect and traffic-distribution chokepoints that can be monitored at scale. Using the SmartApe campaign as a case study, the report demonstrates how defenders can turn those chokepoints into high-confidence detection and tracking opportunities.
The research can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices
For the best experience, listen in Metacast app for iOS or Android