The InfoSec & OSINT Show

This week we cover a basic introduction to password cracking with hashcat. We cover why rainbow tables are no longer useful, password salts, identifying hash types, wordlists, attack modes, the rules language, secure hashing algorithms, password safes and more.

The InfoSec & OSINT Show

This week I offer a curated (almost) 5 minute summary of the latest InfoSec news including the Ubiquiti hack, the latest Facebook data leak, PHP's official Git repository hack, Github security tool updates, Government phishing attacks, a critical netmask NPM vuln, a Spectre/Meltdown mitigation bypass, a zero-click exploit in IoS's Mail, cryptomining Docker images and Microsoft Exchange exploits in the wild.

The InfoSec & OSINT Show

This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies,  NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords

The InfoSec & OSINT Show

This week pdp hangs out to chat about PownJS, SecApps, recon tool orchestration and tool development. My 3 main takeaways were 1) how to integrate PownJS into your recon process 2) his recon workflow and 3) Why JavaScript is a great language for quick PoC development

The InfoSec & OSINT Show

This week Gabrielle Botbol joins the show to talk about getting into the world of pen testing, certs, CTFs, self study resources, report writing, repeatable risk scoring, finding XSS and staying current. My 3 main takeaways were 1) the CTFs you should be practicing on 2) some strategies to gain credibility in the industry and 3) which certs are worth the investment

The InfoSec & OSINT Show

This week Paulino Calderón joins the show to chat about his methodology for finding bugs in IoT devices, using Lua for quick exploit development, alarming vulnerabilities he found in a smart water bottle, extending Nmap's functionality and his tips for starting a security business.

The InfoSec & OSINT Show

This week Christian Folini hangs out to talk about protecting web apps with the OWASP Core Rule Set, getting into the security industry, impedance mismatch and anomaly scoring. My 3 main takeaways were 1) how RASPs compare to WAFs 2) how paranoia levels are used to eliminate false positives and 3) how the Swiss Post used the CRS to protect a vulnerable online voting system

The InfoSec & OSINT Show

This week we change things up a bit and review a curated (almost) 5 minute summary of the latest InfoSec news including SolarWinds sanctions, language supply chain attacks, Egregor ransomware as a service, N.Korean crypto theft, vuln exploitation in the wild, Mexican politicians and ATM skimming, a new password manager, legal use of look-alike domains, rogue Yandex employees and SIM swapping attacks.

The InfoSec & OSINT Show

This week John Hammond joins the show to talk about hacking with Python, certs vs degrees, avoiding rabbit holes and the differences between various flavors of CTFs. My 3 main takeaways were 1) how to get started with capture the flag competitions 2) dealing with burnout and 3) his methodology to analyze malware

The InfoSec & OSINT Show

This week Ted Harrington hangs out to talk about hacking passive medical devices, predicting Ethereum private keys and exploiting business logic flaws. My 3 main takeaways were 1) Ted's 6 fundamentals of security testing 2) How do to threat modelling right and 3) His advice for starting a security company