loader from loading.io

45 - John Hammond & Hacking CTFs

The InfoSec & OSINT Show

Release Date: 02/18/2021

47 - Christian Folini & The Core Rule Set show art 47 - Christian Folini & The Core Rule Set

The InfoSec & OSINT Show

This week Christian Folini hangs out to talk about protecting web apps with the OWASP Core Rule Set, getting into the security industry, impedance mismatch and anomaly scoring. My 3 main takeaways were 1) how RASPs compare to WAFs 2) how paranoia levels are used to eliminate false positives and 3) how the Swiss Post used the CRS to protect a vulnerable online voting system

info_outline
46 - InfoSec News & Analysis show art 46 - InfoSec News & Analysis

The InfoSec & OSINT Show

This week we change things up a bit and review a curated (almost) 5 minute summary of the latest InfoSec news including SolarWinds sanctions, language supply chain attacks, Egregor ransomware as a service, N.Korean crypto theft, vuln exploitation in the wild, Mexican politicians and ATM skimming, a new password manager, legal use of look-alike domains, rogue Yandex employees and SIM swapping attacks.

info_outline
45 - John Hammond & Hacking CTFs show art 45 - John Hammond & Hacking CTFs

The InfoSec & OSINT Show

This week John Hammond joins the show to talk about hacking with Python, certs vs degrees, avoiding rabbit holes and the differences between various flavors of CTFs. My 3 main takeaways were 1) how to get started with capture the flag competitions 2) dealing with burnout and 3) his methodology to analyze malware

info_outline
44 - Ted Harrington & Doing Application Security Right show art 44 - Ted Harrington & Doing Application Security Right

The InfoSec & OSINT Show

This week Ted Harrington hangs out to talk about hacking passive medical devices, predicting Ethereum private keys and exploiting business logic flaws. My 3 main takeaways were 1) Ted's 6 fundamentals of security testing 2) How do to threat modelling right and 3) His advice for starting a security company

info_outline
43 - Robert 43 - Robert "RSnake" Hansen & The Future of Data Privacy

The InfoSec & OSINT Show

This week Robert Hansen joins us to talk about privacy as a service, search engine and VPN privacy, the future of cyber-insurance, asset discovery, hackers.org and some tips on starting a security business. My 3 main takeaways were 1) the future of data privacy 2) How he used snapshots of the internet to predict stock prices and 3) what security controls he would do differently if he ran hackers.org today

info_outline
42 - Charles Shirer & Pen Testing with No Money Down show art 42 - Charles Shirer & Pen Testing with No Money Down

The InfoSec & OSINT Show

This week Charles Shirer joins us to talk about pen testing, OSINT and how he got started in security. My 3 main takeaways were 1) when to use SecBSD as an alternative to Kali 2) How to approach pen testing APIs as opposed to web apps and 3) some tactical tips on maintaining your mental health when dealing with the pressures of InfoSec.

info_outline
41 - Chris Hadnagy & Human Hacking show art 41 - Chris Hadnagy & Human Hacking

The InfoSec & OSINT Show

This week Chris Hadnagy joins us to talk about the psychology behind social engineering, choosing effective pretexts, as well as the science behind how we make decisions. My 3 main takeaways were 1) how to identify personality types and communicate effectively using DISC 2) how Oxytocin and Amygdala hijacking influence our behavior and 3) How to get started in a career as a social engineer

info_outline
40 - Fabio Viggiani & Supply Chain Attacks show art 40 - Fabio Viggiani & Supply Chain Attacks

The InfoSec & OSINT Show

This week Fabio Viggiani hangs out to talk about supply chain attacks, ransomware, mapping your software dependencies and assuming breach. My 3 main takeaways were 1) his insights into reverse engineering the SolarWinds Orion malware 2) Up-in-coming trends he sees in ransomware and 3) how he runs incident response investigations

info_outline
39 - Josh Sokol & Managing Risk Simply show art 39 - Josh Sokol & Managing Risk Simply

The InfoSec & OSINT Show

This week Josh Sokol joins the show talk about managing risk with a focus on keeping it simple, turning a free open source project into a business and his suggestions on how to get started in InfoSec. My 3 main takeaways were 1) the three components of risk mitigation 2) the different level of maturity within risk management programs and 3) his process for ensuring his codebase is secure

info_outline
38 - Tyrone Wilson & Breaking Into the Security Industry show art 38 - Tyrone Wilson & Breaking Into the Security Industry

The InfoSec & OSINT Show

This week Tyrone Wilson hangs out to talk about breaking into the security industry, passive OSINT and starting a security business. My 3 main takeaways were 1) how to use free tools to gain experience before joining a SOC 2) how he used OSINT to find his biological father and 3) how to maintain your privacy when using exercise apps.

info_outline
 
More Episodes
 

This week John Hammond joins the show to talk about hacking with Python, certs vs degrees, avoiding rabbit holes and the differences between various flavors of CTFs. My 3 main takeaways were 1) how to get started with capture the flag competitions 2) dealing with burnout and 3) his methodology to analyze malware

For more information, including the show notes check out https://breachsense.io/podcast