13 - Advanced Passive Recon with the Amass Scripting Engine
Release Date: 06/26/2020
Episode 80 | Psychology and Ransomware
The InfoSec & OSINT Show
In Episode 80, Josh Amishav talks about the pyschological warfare that is being waged against various ransomware gangs, developments to Darkside, REvil and Blackmatter, Russia's handling of cyber criminals, using stealer log combo lists as part of your OSINT investigations and more.
info_outline
Episode 79 | Mastering The Science Behind Social Engineering
The InfoSec & OSINT Show
In Episode 79, Josh Amishav chats with Mike Murr about the science behind social engineering, micro-expressions, FACS, which is the Facial Action Coding System, Common mistakes made during SE engagements, manipulation techniques and more.
info_outline
Episode 78 | The 3 Root Causes of Ransomware
The InfoSec & OSINT Show
In Episode 78, Josh Amishav does a solo adventure to talk about the thought process behind launching the Breachsense Darkweb API. The three main takeaways from the episode are:
info_outline
Episode 77 | Collecting Threat Intel For Good
The InfoSec & OSINT Show
In Episode 77, Josh Amishav talks with Nate Warfield about threat intel, CTI League and cloud risk. My three main takeaways from the episode are:
info_outline
Episode 76 | Automating Attack Surface Management
The InfoSec & OSINT Show
In Episode 76, Josh Amishav chats with Chris Dale about several techniques to associate a given asset back to a company. Three takeaways from the episode are:
info_outline
75 - Jeff Man - From the NSA to PCI
The InfoSec & OSINT Show
In episode 75, Jeff Man joins us to talk about his time in the NSA, PCI, Hak4Kidz and content creation. My 3 main takeaways were 1) What red teaming was like in the 80s 2) Why PCI gets a bad reputation and 3) His tips for giving great conference talks.
info_outline
74 - Brett Johnson & Online Crime
The InfoSec & OSINT Show
In episode 74, Brett Johnson joins us to talk about online crime, social engineering, spear phishing and trust. My 3 main takeaways were 1) How criminals convince us to trust them online 2) Bypassing company policies via social engineering and 3) How to get people to believe fake news and legends over facts
info_outline
73 - Higinio Ochoa & Hacking with Anonymous
The InfoSec & OSINT Show
In episode 73, Higinio Ochoa joins us for a behind the scenes look at his hacking escapades with Anonymous. The same methodology can be used for bug hunting today. My 3 main takeaways were 1) Building target lists at scale 2) His two OpSec mistakes which led to him getting caught and 3) What his must have hacking tools are now.
info_outline
72 - Nathan Sweaney & The Future of Privacy
The InfoSec & OSINT Show
In episode 72, Nathan Sweaney joins us talk about the future of privacy. My 3 main takeaways were 1) Who's collecting our bluetooth and wifi signals 2) How to get your talk accepted to a security con and 3) How he used OSINT to steal (in air quotes) his twitter handle from a Nazi.
info_outline
71 - Peter Taylor & Fraud Detection
The InfoSec & OSINT Show
In episode 71, Peter Taylor "The Fraud Guy" joins us talk about various aspects of fraud. My 3 main takeaways were 1) The common types of fraud he sees in his investigations 2) How Covid has influenced the fraud space and 3) Why aged shell companies and email addresses are so valuable
info_outlineThis week we discuss several passive recon techniques to further enumerate the attack surface as well as how we can tie the output from the rest of our recon tools together into a central location via the Amass scripting engine. This allows us to easily combine our results into a single database to track changes over time as well as visualize data points discovered from all of our recon tools.