![Caught in the funnel. [Research Saturday]](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F6afc0d6a-f872-11f0-b67c-5fd64c8ef79d%2Fimage%2F95b72a93c2ffaf8ff900d662a9bd3735.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=640&q=75)
S10E409 - Caught in the funnel. [Research Saturday]
Published: January 24, 2026
Duration: 23:33
Today we have Andrew Northern, Principal Security Researcher at Censys, discussing "From Evasion to Evidence: Exploiting the Funneling Behavior of Injects". This research explains how modern web malware campaigns use multi-stage JavaScript injections, redirects, and fake CAPTCHAs to selectively deliver payloads and evade detection.
It shows that these attack chains rely on stable redirect and traffic-distribution chokepoints that can be monitored at scale. Using the SmartApe campaign as a case study, the report demonstrates how defenders can turn those chokepoints into high-confidence detection and tracking opportunities.
The research can be found here:
From Evasion...