loader from loading.io

13 - Advanced Passive Recon with the Amass Scripting Engine

The InfoSec & OSINT Show

Release Date: 06/26/2020

35 - Ed Bellis & Risk Based Vulnerability Management show art 35 - Ed Bellis & Risk Based Vulnerability Management

The InfoSec & OSINT Show

This week Ed Bellis joins the show to talk about risk based vulnerability management. My 3 main takeaways were 1) which factors you should take into consideration when prioritizing vulnerability remediation 2) the effects that public exploit code has on remediation efforts 3) how organizations can improve their threat prioritization by using their own threat intel in their risk assessments

info_outline
34 - John Strand & Moving Beyond 0-Days show art 34 - John Strand & Moving Beyond 0-Days

The InfoSec & OSINT Show

This week John Strand joins the show to talk about pen testing in the age of Corona, bypassing multi-factor authentication, dealing with ransomware and starting a security business. My 3 main takeaways were 1) why 0-days don't matter 2) how to bypass identity services like Okta and 3) the one guiding rule for creating a security business

info_outline
33 - Tanya Janca & Coding Securely show art 33 - Tanya Janca & Coding Securely

The InfoSec & OSINT Show

This week Tanya Janca hangs out to talk about secure coding, supply chain security and her new book 'Alice and Bob Learn Application Security'. My 3 main takeaways were 1) how to choose the right language to develop in when starting a project 2) why we should get rid of as many different JavaScript frameworks as possible within our code base and 3) what drives someone to write a computer security book

info_outline
32 - Or Katz & Phishing Evasion Techniques show art 32 - Or Katz & Phishing Evasion Techniques

The InfoSec & OSINT Show

This week Or Katz joins us to shares his research into novel phishing evasion techniques seen in the wild. My 3 main takeaways were 1) What the most popular methods to propagate phishing attacks are 2) what signals can help determine if complicated code is malicious or not and 3) How to handle potentially malicious users when we don’t have enough information to understand their true intentions

info_outline
31 - Chris Rock & Cyber Mercenaries show art 31 - Chris Rock & Cyber Mercenaries

The InfoSec & OSINT Show

This week Chris Rock shares his story as well as some techniques he's used as a cyber mercenary. My 3 main takeaways were 1) why 0-days are rarely needed 2) Spear-phishing as the most efficient technique for the initial compromise 3) why the easiest path to your target may be by hacking someone else, like their accountant

info_outline
30 - Hakluke & The Bug Bounty Mindset show art 30 - Hakluke & The Bug Bounty Mindset

The InfoSec & OSINT Show

This week Hakluke shares some mindset tweaks and tactical advice on how to improve your bug bounty hunting. My 3 main takeaways were 1) why the abundance mindset is so important 2) what we can learn from the similarities between the music industry and bounty hunting and 3) why collaboration is so important.

info_outline
29 - Katie Moussouris & Running Bug Bounties show art 29 - Katie Moussouris & Running Bug Bounties

The InfoSec & OSINT Show

This week Katie Moussouris hangs out to talk about both the advantages as well as challenges in running bug bounty programs. My 3 main takeaways were when companies should choose a bounty as opposed to a pen test, where a company should be at operationally before launching a program and how companies should prepare before launching their bug bounty program.

info_outline
28 - STÖK and Hunting Bug Bounties show art 28 - STÖK and Hunting Bug Bounties

The InfoSec & OSINT Show

This week STÖK joins us to talk about how he approaches bug bounties. My 3 main takeaways were why you should specialize in a couple of specific bug types. Why you should constantly scan a multitude of bounty programs and why you should hack with a team.

info_outline
27 - Joona Hoikkala and Advanced FFuF Scanning show art 27 - Joona Hoikkala and Advanced FFuF Scanning

The InfoSec & OSINT Show

This week Joona Hoikkala joins us to talk about some of the advanced features of ffuf. My 3 main takeaways were why you should use a VPS for running scans and how to integrate an external ffuf scan into your local Burp instance. Why you should use filters instead of the default pattern matcher to remove false positives as well as what cool functionality he's working on to enhance ffuf's capabilities.

info_outline
26 - James Kettle and Becoming a Security Researcher show art 26 - James Kettle and Becoming a Security Researcher

The InfoSec & OSINT Show

This week James Kettle joins the show to talk about the methodology he uses to find really novel widespread vulnerabilities that break the internet. My 3 main takeaways were what techniques he uses to decide what research topics are worth pursuing. Second, what behavior traits are needed to become a successful security researcher and third why the HTTPOnly cookie flag is useless and a complete joke.

info_outline
 
More Episodes

This week we discuss several passive recon techniques to further enumerate the attack surface as well as how we can tie the output from the rest of our recon tools together into a central location via the Amass scripting engine. This allows us to easily combine our results into a single database to track changes over time as well as visualize data points discovered from all of our recon tools.