loader from loading.io

27 - Joona Hoikkala and Advanced FFuF Scanning

The InfoSec & OSINT Show

Release Date: 10/01/2020

30 - Hakluke & The Bug Bounty Mindset show art 30 - Hakluke & The Bug Bounty Mindset

The InfoSec & OSINT Show

This week Hakluke shares some mindset tweaks and tactical advice on how to improve your bug bounty hunting. My 3 main takeaways were 1) why the abundance mindset is so important 2) what we can learn from the similarities between the music industry and bounty hunting and 3) why collaboration is so important.

info_outline
29 - Katie Moussouris & Running Bug Bounties show art 29 - Katie Moussouris & Running Bug Bounties

The InfoSec & OSINT Show

This week Katie Moussouris hangs out to talk about both the advantages as well as challenges in running bug bounty programs. My 3 main takeaways were when companies should choose a bounty as opposed to a pen test, where a company should be at operationally before launching a program and how companies should prepare before launching their bug bounty program.

info_outline
28 - STÖK and Hunting Bug Bounties show art 28 - STÖK and Hunting Bug Bounties

The InfoSec & OSINT Show

This week STÖK joins us to talk about how he approaches bug bounties. My 3 main takeaways were why you should specialize in a couple of specific bug types. Why you should constantly scan a multitude of bounty programs and why you should hack with a team.

info_outline
27 - Joona Hoikkala and Advanced FFuF Scanning show art 27 - Joona Hoikkala and Advanced FFuF Scanning

The InfoSec & OSINT Show

This week Joona Hoikkala joins us to talk about some of the advanced features of ffuf. My 3 main takeaways were why you should use a VPS for running scans and how to integrate an external ffuf scan into your local Burp instance. Why you should use filters instead of the default pattern matcher to remove false positives as well as what cool functionality he's working on to enhance ffuf's capabilities.

info_outline
26 - James Kettle and Becoming a Security Researcher show art 26 - James Kettle and Becoming a Security Researcher

The InfoSec & OSINT Show

This week James Kettle joins the show to talk about the methodology he uses to find really novel widespread vulnerabilities that break the internet. My 3 main takeaways were what techniques he uses to decide what research topics are worth pursuing. Second, what behavior traits are needed to become a successful security researcher and third why the HTTPOnly cookie flag is useless and a complete joke.

info_outline
25 - Jeremiah Grossman and Asset Inventory show art 25 - Jeremiah Grossman and Asset Inventory

The InfoSec & OSINT Show

This week Jeremiah Grossman hangs out talk InfoSec, ransomware and asset inventory. My 3 main takeaways were how we can use metadata to corrolate assets to an entity. Second, why cyber insurance will dictate what security tests are run and third Jeremiah's 3 super powers that aren't related to Jiu-jitsu

info_outline
24 - Ira Winkler & How to Stop Stupid show art 24 - Ira Winkler & How to Stop Stupid

The InfoSec & OSINT Show

This week Ira Winkler joins the show to talk about social engineering & protecting your network against the human element. My 3 main takeaways were how we need to integrate lessons from industrial safety programs into our security policies. Second, what procedures Twitter should've had in place to prevent their recent hack against high profile users as well as what the most important skill for social engineering is.

info_outline
23 - Samy Kamkar & Reverse Engineering show art 23 - Samy Kamkar & Reverse Engineering

The InfoSec & OSINT Show

This week Samy Kamkar hung out to talk about some of his adventures creating worms and zombie drone armies with a focus on his process for reverse engineering both software and hardware. My three main takeaways were how he created cheats on Counter-Strike, how he created one of the fasting spreading viruses of all time and why he finds the physical access control problem interesting. For more information, including the show notes check out https://breachsense.io/podcast

info_outline
22 - Chris Kubecka & Hacking the World with OSINT show art 22 - Chris Kubecka & Hacking the World with OSINT

The InfoSec & OSINT Show

This week Chris Kubecka joins the show. We focused on leveraging OSINT in security research. My three main takeaways were how she used OSINT to find Boeing's dev systems. As well how she uses code search engines to find a systems running a piece of known vulnerable code and why its worthwhile doing security research out of the Netherlands when your target likes to sue you into silence.

info_outline
21 - HD Moore & Advanced Asset Inventory Techniques show art 21 - HD Moore & Advanced Asset Inventory Techniques

The InfoSec & OSINT Show

This week HD Moore is on the show. We focused on asset identification. The three main takeaways are how to figure out relationships between domains, meaning how to correlate domain ownership without relying on whois information (which in our GDPR world is no longer available). We also talked about moving beyond fingerprints to figure out what a device actual is and not just the OS it runs. Finally, why local networks are only growing and getting denser even when the trend is to move everything to the cloud.

info_outline
 
More Episodes

This week Joona Hoikkala joins us to talk about some of the advanced features of ffuf. My 3 main takeaways were why you should use a VPS for running scans and how to integrate an external ffuf scan into your local Burp instance. Why you should use filters instead of the default pattern matcher to remove false positives as well as what cool functionality he's working on to enhance ffuf's capabilities.

For more information, including the show notes check out https://breachsense.io/podcast