loader from loading.io

57 - Ben Dowling & IP Geolocation

The InfoSec & OSINT Show

Release Date: 05/20/2021

60 - AJ Yawn & Automating AWS Security show art 60 - AJ Yawn & Automating AWS Security

The InfoSec & OSINT Show

In episode 60, Josh Amishav chats with AJ Yawn about AWS security, compliance in the cloud, choosing an auditor and more. My 3 main takeaways were 1) How to make compliance not suck 2) How to automate security within an AWS environment and 3) What shared responsibility means when managing cloud infrastructure

info_outline
59 - Tim Adams & DNS Filtering show art 59 - Tim Adams & DNS Filtering

The InfoSec & OSINT Show

In episode 59, Tim Adams joins us this week to talk DNS security, Zero Trust, TLD filtering and more. My 3 main takeaways were 1) How to integrate DNS Response Policy Zones, or RPZs, to prevent access to known bad domains 2) How aged a domain should be, sort of like wine, before trusting it and 3) DNS Tunneling, how to identify it and stop it

info_outline
58 - Ryan Dewhurst & Securing WordPress show art 58 - Ryan Dewhurst & Securing WordPress

The InfoSec & OSINT Show

Ryan Dewhurst joins us this week to talk about all things WPScan. My 3 main takeaways were 1) common mistakes he sees when people run WPScan 2) 3 things you can do to stop 90% of WordPress attacks 3) His tips on launching a security tool

info_outline
57 - Ben Dowling & IP Geolocation show art 57 - Ben Dowling & IP Geolocation

The InfoSec & OSINT Show

Ben Dowling hangs out this week to talk about IP Geolocation. My 3 main takeaways were 1) how they determine where an IP address is actually located 2) how they deal with massive amounts of crowdsourced geodata 3) how they attribute IP addresses to specific companies

info_outline
56 - Assaf Dahan & Ransomware Trends show art 56 - Assaf Dahan & Ransomware Trends

The InfoSec & OSINT Show

In episode 56, Assaf Dahan  joins us to talk about ransomware, monetization techniques, attribution and getting started as a malware researcher. My 3 main takeaways were 1) why the double extortion method is so popular 2) how long it takes to exfiltrate our data 3) the most common initial attack vectors used to infect targets

info_outline
55 - Charlie Belmer & NoSQL Injection show art 55 - Charlie Belmer & NoSQL Injection

The InfoSec & OSINT Show

This week Charlie Belmer joins the show to chat about NoSQLi, web proxies, cloud security, tips to get started in InfoSec and more. My 3 main takeaways were 1) how SQLi differs from NoSQLi 2) why privacy still matters and 3) How cookieless tracking works and some of the frightening techniques used

info_outline
54 - Jeff Foley & Asset Discovery with Amass show art 54 - Jeff Foley & Asset Discovery with Amass

The InfoSec & OSINT Show

This week Jeff Foley hangs all to talk about asset discovery using amass, recon methodologies,  hashcat style brute forcing, extending functionality via Lua and more. My 3 main takeaways were 1) finding assets that don’t share a domain name using JARM 2) how they made scanning faster by essentially lowering the DNS brute forcing query rate and 3) where the project is headed

info_outline
53 - hashcat 101 show art 53 - hashcat 101

The InfoSec & OSINT Show

This week we cover a basic introduction to password cracking with hashcat. We cover why rainbow tables are no longer useful, password salts, identifying hash types, wordlists, attack modes, the rules language, secure hashing algorithms, password safes and more.

info_outline
52 - InfoSec News & Analysis show art 52 - InfoSec News & Analysis

The InfoSec & OSINT Show

This week I offer a curated (almost) 5 minute summary of the latest InfoSec news including the Ubiquiti hack, the latest Facebook data leak, PHP's official Git repository hack, Github security tool updates, Government phishing attacks, a critical netmask NPM vuln, a Spectre/Meltdown mitigation bypass, a zero-click exploit in IoS's Mail, cryptomining Docker images and Microsoft Exchange exploits in the wild.

info_outline
51 - Jim Manico & Developing Securely show art 51 - Jim Manico & Developing Securely

The InfoSec & OSINT Show

This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies,  NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords

info_outline
 
More Episodes
 
 
 

In episode 56, Assaf Dahan  joins us to talk about ransomware, monetization techniques, attribution and getting started as a malware researcher. My 3 main takeaways were 1) why the double extortion method is so popular 2) how long it takes to exfiltrate our data 3) the most common initial attack vectors used to infect targets

For more information, including the show notes check out https://breachsense.io/podcast

 
 
 

In episode 56, Assaf Dahan  joins us to talk about ransomware, monetization techniques, attribution and getting started as a malware researcher. My 3 main takeaways were 1) why the double extortion method is so popular 2) how long it takes to exfiltrate our data 3) the most common initial attack vectors used to infect targets

For more information, including the show notes check out https://breachsense.io/podcast

In episode 56, Assaf Dahan  joins us to talk about ransomware, monetization techniques, attribution and getting started as a malware researcher. My 3 main takeaways were 1) why the double extortion method is so popular 2) how long it takes to exfiltrate our data 3) the most common initial attack vectors used to infect targets

For more information, including the show notes check out https://breachsense.io/podcast 

Ben Dowling hangs out this week to talk about IP Geolocation. My 3 main takeaways were 1) how they determine where an IP address is actually located 2) how they deal with massive amounts of crowdsourced geodata 3) how they attribute IP addresses to specific companies

For more information, including the show notes check out:
https://breachsense.io/podcast