loader from loading.io

13 - Advanced Passive Recon with the Amass Scripting Engine

The InfoSec & OSINT Show

Release Date: 06/26/2020

56 - Assaf Dahan & Ransomware Trends show art 56 - Assaf Dahan & Ransomware Trends

The InfoSec & OSINT Show

In episode 56, Assaf Dahan  joins us to talk about ransomware, monetization techniques, attribution and getting started as a malware researcher. My 3 main takeaways were 1) why the double extortion method is so popular 2) how long it takes to exfiltrate our data 3) the most common initial attack vectors used to infect targets

info_outline
55 - Charlie Belmer & NoSQL Injection show art 55 - Charlie Belmer & NoSQL Injection

The InfoSec & OSINT Show

This week Charlie Belmer joins the show to chat about NoSQLi, web proxies, cloud security, tips to get started in InfoSec and more. My 3 main takeaways were 1) how SQLi differs from NoSQLi 2) why privacy still matters and 3) How cookieless tracking works and some of the frightening techniques used

info_outline
54 - Jeff Foley & Asset Discovery with Amass show art 54 - Jeff Foley & Asset Discovery with Amass

The InfoSec & OSINT Show

This week Jeff Foley hangs all to talk about asset discovery using amass, recon methodologies,  hashcat style brute forcing, extending functionality via Lua and more. My 3 main takeaways were 1) finding assets that don’t share a domain name using JARM 2) how they made scanning faster by essentially lowering the DNS brute forcing query rate and 3) where the project is headed

info_outline
53 - hashcat 101 show art 53 - hashcat 101

The InfoSec & OSINT Show

This week we cover a basic introduction to password cracking with hashcat. We cover why rainbow tables are no longer useful, password salts, identifying hash types, wordlists, attack modes, the rules language, secure hashing algorithms, password safes and more.

info_outline
52 - InfoSec News & Analysis show art 52 - InfoSec News & Analysis

The InfoSec & OSINT Show

This week I offer a curated (almost) 5 minute summary of the latest InfoSec news including the Ubiquiti hack, the latest Facebook data leak, PHP's official Git repository hack, Github security tool updates, Government phishing attacks, a critical netmask NPM vuln, a Spectre/Meltdown mitigation bypass, a zero-click exploit in IoS's Mail, cryptomining Docker images and Microsoft Exchange exploits in the wild.

info_outline
51 - Jim Manico & Developing Securely show art 51 - Jim Manico & Developing Securely

The InfoSec & OSINT Show

This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies,  NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords

info_outline
50 - pdp (Petko Petkov) & Automating Pownage with PownJS show art 50 - pdp (Petko Petkov) & Automating Pownage with PownJS

The InfoSec & OSINT Show

This week pdp hangs out to chat about PownJS, SecApps, recon tool orchestration and tool development. My 3 main takeaways were 1) how to integrate PownJS into your recon process 2) his recon workflow and 3) Why JavaScript is a great language for quick PoC development

info_outline
49 - Gabrielle Botbol & Becoming a Pen Tester show art 49 - Gabrielle Botbol & Becoming a Pen Tester

The InfoSec & OSINT Show

This week Gabrielle Botbol joins the show to talk about getting into the world of pen testing, certs, CTFs, self study resources, report writing, repeatable risk scoring, finding XSS and staying current. My 3 main takeaways were 1) the CTFs you should be practicing on 2) some strategies to gain credibility in the industry and 3) which certs are worth the investment

info_outline
48 - Paulino Calderón & Practical IoT Hacking show art 48 - Paulino Calderón & Practical IoT Hacking

The InfoSec & OSINT Show

This week Paulino Calderón joins the show to chat about his methodology for finding bugs in IoT devices, using Lua for quick exploit development, alarming vulnerabilities he found in a smart water bottle, extending Nmap's functionality and his tips for starting a security business.

info_outline
47 - Christian Folini & The Core Rule Set show art 47 - Christian Folini & The Core Rule Set

The InfoSec & OSINT Show

This week Christian Folini hangs out to talk about protecting web apps with the OWASP Core Rule Set, getting into the security industry, impedance mismatch and anomaly scoring. My 3 main takeaways were 1) how RASPs compare to WAFs 2) how paranoia levels are used to eliminate false positives and 3) how the Swiss Post used the CRS to protect a vulnerable online voting system

info_outline
 
More Episodes

This week we discuss several passive recon techniques to further enumerate the attack surface as well as how we can tie the output from the rest of our recon tools together into a central location via the Amass scripting engine. This allows us to easily combine our results into a single database to track changes over time as well as visualize data points discovered from all of our recon tools.