loader from loading.io

11 - Hacking from the command line with Bash and Vim

The InfoSec & OSINT Show

Release Date: 06/12/2020

25 - Jeremiah Grossman and Asset Inventory show art 25 - Jeremiah Grossman and Asset Inventory

The InfoSec & OSINT Show

This week Jeremiah Grossman hangs out talk InfoSec, ransomware and asset inventory. My 3 main takeaways were how we can use metadata to corrolate assets to an entity. Second, why cyber insurance will dictate what security tests are run and third Jeremiah's 3 super powers that aren't related to Jiu-jitsu

info_outline
24 - Ira Winkler & How to Stop Stupid show art 24 - Ira Winkler & How to Stop Stupid

The InfoSec & OSINT Show

This week Ira Winkler joins the show to talk about social engineering & protecting your network against the human element. My 3 main takeaways were how we need to integrate lessons from industrial safety programs into our security policies. Second, what procedures Twitter should've had in place to prevent their recent hack against high profile users as well as what the most important skill for social engineering is.

info_outline
23 - Samy Kamkar & Reverse Engineering show art 23 - Samy Kamkar & Reverse Engineering

The InfoSec & OSINT Show

This week Samy Kamkar hung out to talk about some of his adventures creating worms and zombie drone armies with a focus on his process for reverse engineering both software and hardware. My three main takeaways were how he created cheats on Counter-Strike, how he created one of the fasting spreading viruses of all time and why he finds the physical access control problem interesting. For more information, including the show notes check out https://breachsense.io/podcast

info_outline
22 - Chris Kubecka & Hacking the World with OSINT show art 22 - Chris Kubecka & Hacking the World with OSINT

The InfoSec & OSINT Show

This week Chris Kubecka joins the show. We focused on leveraging OSINT in security research. My three main takeaways were how she used OSINT to find Boeing's dev systems. As well how she uses code search engines to find a systems running a piece of known vulnerable code and why its worthwhile doing security research out of the Netherlands when your target likes to sue you into silence.

info_outline
21 - HD Moore & Advanced Asset Inventory Techniques show art 21 - HD Moore & Advanced Asset Inventory Techniques

The InfoSec & OSINT Show

This week HD Moore is on the show. We focused on asset identification. The three main takeaways are how to figure out relationships between domains, meaning how to correlate domain ownership without relying on whois information (which in our GDPR world is no longer available). We also talked about moving beyond fingerprints to figure out what a device actual is and not just the OS it runs. Finally, why local networks are only growing and getting denser even when the trend is to move everything to the cloud.

info_outline
20 - Robert Baptiste (Elliot Anderson) & Mobile App Hacking show art 20 - Robert Baptiste (Elliot Anderson) & Mobile App Hacking

The InfoSec & OSINT Show

This week Robert Baptiste, aka Elliot Anderson (@fs0c131y) joins us to chat about his research into TikTok, how he bypassed limitations in the Indian government’s Covid tracing app to figure out how many sick people were in their parliament building as well as his new endeavor fighting disinformation with Predicta Lab.

info_outline
19 - Tommy Devoss (Dawgyg) & Bug Bounty Hunting on Steroids show art 19 - Tommy Devoss (Dawgyg) & Bug Bounty Hunting on Steroids

The InfoSec & OSINT Show

This week Dawgyg (Tommy DeVoss) hangs out to chat about his approach to bug bounty hunting, which led him to be one of eight million dollar hackers on the HackerOne platform. We discuss his approach to recon, how he finds unique bugs, how to get into bug hunting and more.

info_outline
18 - Simon Bennetts & Headless Automated Scanning with ZAP show art 18 - Simon Bennetts & Headless Automated Scanning with ZAP

The InfoSec & OSINT Show

This week Simon Bennetts joins me to talk about how to automate web app scanning via ZAP. We discuss API integration, headless scanning, Github action scans, the HUD and more.

info_outline
17 - Matthias Wilson & Using OSINT Against Nigerian Scammers show art 17 - Matthias Wilson & Using OSINT Against Nigerian Scammers

The InfoSec & OSINT Show

This week Matthias Wilson joins me to discuss how he uses various OSINT techniques to track down Nigerian advance payment scammers while having a bit of fun. Matthias also shares some social engineering techniques he's used on physical engagements.

info_outline
16 - Ty Miller & Security Automation show art 16 - Ty Miller & Security Automation

The InfoSec & OSINT Show

This week Ty Miller of Threat Intelligence fame joins us to talk about security automation. Whether you're tasked with incident response, pen testing or gathering threat intelligence, automation can enable you to scale and maximize resources. We talk about chaining various open source tools together to give you an initial baseline level of information as well as Evolve, their commercial alternative.

info_outline
 
More Episodes

This week we talk about how to use the Bash shell to help automate OSINT and pen testing tasks that are run often. We also discuss how to automate parts of the recon process by using vim as a visualization tool to find anomalies.