13 - Advanced Passive Recon with the Amass Scripting Engine
Release Date: 06/26/2020
Episode 77 | Collection Threat Intel For Good
The InfoSec & OSINT Show
In Episode 77, Josh Amishav talks with Nate Warfield about threat intel, CTI League and cloud risk. My three main takeaways from the episode are:
info_outline
Episode 76 | Automating Attack Surface Management
The InfoSec & OSINT Show
In Episode 76, Josh Amishav chats with Chris Dale about several techniques to associate a given asset back to a company. Three takeaways from the episode are:
info_outline
75 - Jeff Man - From the NSA to PCI
The InfoSec & OSINT Show
In episode 75, Jeff Man joins us to talk about his time in the NSA, PCI, Hak4Kidz and content creation. My 3 main takeaways were 1) What red teaming was like in the 80s 2) Why PCI gets a bad reputation and 3) His tips for giving great conference talks.
info_outline
74 - Brett Johnson & Online Crime
The InfoSec & OSINT Show
In episode 74, Brett Johnson joins us to talk about online crime, social engineering, spear phishing and trust. My 3 main takeaways were 1) How criminals convince us to trust them online 2) Bypassing company policies via social engineering and 3) How to get people to believe fake news and legends over facts
info_outline
73 - Higinio Ochoa & Hacking with Anonymous
The InfoSec & OSINT Show
In episode 73, Higinio Ochoa joins us for a behind the scenes look at his hacking escapades with Anonymous. The same methodology can be used for bug hunting today. My 3 main takeaways were 1) Building target lists at scale 2) His two OpSec mistakes which led to him getting caught and 3) What his must have hacking tools are now.
info_outline
72 - Nathan Sweaney & The Future of Privacy
The InfoSec & OSINT Show
In episode 72, Nathan Sweaney joins us talk about the future of privacy. My 3 main takeaways were 1) Who's collecting our bluetooth and wifi signals 2) How to get your talk accepted to a security con and 3) How he used OSINT to steal (in air quotes) his twitter handle from a Nazi.
info_outline
71 - Peter Taylor & Fraud Detection
The InfoSec & OSINT Show
In episode 71, Peter Taylor "The Fraud Guy" joins us talk about various aspects of fraud. My 3 main takeaways were 1) The common types of fraud he sees in his investigations 2) How Covid has influenced the fraud space and 3) Why aged shell companies and email addresses are so valuable
info_outline
70 - Bob Diachenko & Hunting Open Databases
The InfoSec & OSINT Show
In episode 70, Volodymyr "Bob" Diachenko joins us talk about his research around open databases. My 3 main takeaways were 1) How he finds open databases 2) How he stays on the legal side when verifying his research and 3) Some cyber hygiene tips to prevent allowing unauthorized access to your critical infrastructure
info_outline
69 - James Linton & The Email Prankster
The InfoSec & OSINT Show
In episode 69, James Linton joins us talk about his email pranking days and Business Email Compromise in general. My 3 main takeaways were 1) some tactical tips on how he gained rapport on the initial contact 2) common risks associated with email related fraud and 3) how to protect yourself against email scams
info_outline
68 - Christian Espinosa & Tactical Communication
The InfoSec & OSINT Show
In episode 68, Christian Espinosa joins us talk about effective communication. My 3 main takeaways were 1) Why we need to stop listening for agreement and instead look for insights 2) how acknowledging yourself plays a critical role in your ability to recognize others achievements and 3) The advantages of mono-tasking vs multi-tasking
info_outlineThis week we discuss several passive recon techniques to further enumerate the attack surface as well as how we can tie the output from the rest of our recon tools together into a central location via the Amass scripting engine. This allows us to easily combine our results into a single database to track changes over time as well as visualize data points discovered from all of our recon tools.