loader from loading.io

5 - Asset Inventory for Red Teamers and OSINT Investigators

The InfoSec & OSINT Show

Release Date: 05/01/2020

8 - Domain and Network Recon using Amass - Mapping the Attack Surface show art 8 - Domain and Network Recon using Amass - Mapping the Attack Surface

The InfoSec & OSINT Show

This week we do a deep dive into Amass, the OWASP domain enumeration and network mapping tool. This is essential for figuring out your target's attack surface both for offensive and defensive security.

info_outline
7 - GitHub Reconnaissance - Finding the needle in the Haystack  show art 7 - GitHub Reconnaissance - Finding the needle in the Haystack

The InfoSec & OSINT Show

This week we do a deep dive into GitHub reconnaissance. GitHub can be a goldmine for finding leaked credentials and expanding the attack surface by finding new subdomains and API endpoints. This is important both from an OSINT or red team standpoint to figure out where to focus your attacks as well as for the blue team to know what information has been leaked.

info_outline
6 - Hunting Open Elasticsearch Databases for Fun and Profit show art 6 - Hunting Open Elasticsearch Databases for Fun and Profit

The InfoSec & OSINT Show

This week I discuss the latest InfoSec news including hiding XSS payloads in polymorphic images, exploiting remote code execution on Salt servers, using open source intelligence to track down Russian operatives, tracking Ransomware, DNS over HTTPS, Zoom security improvements and the latest data breaches. We also discuss several techniques to track down open noSQL servers like Elasticsearch.

info_outline
5 - Asset Inventory for Red Teamers and OSINT Investigators show art 5 - Asset Inventory for Red Teamers and OSINT Investigators

The InfoSec & OSINT Show

This week I discuss the latest InfoSec news including Covid-19 tracking apps, an iOS no-click 0-day,  phishing the WHO, hacking Microsoft Teams and and a SQL Injection in the Sophos firewall. We also discuss several techniques on mapping out the attack surface for your target.

info_outline
4 - Infosec News & Website Attribution show art 4 - Infosec News & Website Attribution

The InfoSec & OSINT Show

This week I discuss the latest InfoSec news including automated grocery shopping delivery time slot bots, IBM 0-days, thieves returning stolen cryptocurrency, the Webkinz breach and more, as well as some tips on how to track down who is behind a website.

info_outline
3 - InfoSec News & Reverse Image Search show art 3 - InfoSec News & Reverse Image Search

The InfoSec & OSINT Show

This week I discuss the latest InfoSec news including Cloudflare, Git and infected Ruby Gems, ransomware news, the latest data leaks, as well as optimizing your reverse image search capabilities.

info_outline
2 - InfoSec News & Cyber Attribution with Canary Tokens show art 2 - InfoSec News & Cyber Attribution with Canary Tokens

The InfoSec & OSINT Show

This week I discuss the latest InfoSec news including Zoom, Twitter, Marriott, GoDaddy, the SBA and CloudFlare as well as cyber attribution and how to implement canary tokens to figure out who's attacking you.

info_outline
1 - Zoom Security Risks & Anonymous LinkedIn Searches show art 1 - Zoom Security Risks & Anonymous LinkedIn Searches

The InfoSec & OSINT Show

This week I discuss the security risks video conferencing software such as Zoom presents, some tips on separating your work and personal digital lives as well as an OSINT tip on how to search LinkedIn anonymously.

info_outline
 
More Episodes

This week I discuss the latest InfoSec news including Covid-19 tracking apps, an iOS no-click 0-day,  phishing the WHO, hacking Microsoft Teams and and a SQL Injection in the Sophos firewall. We also discuss several techniques on mapping out the attack surface for your target.