The InfoSec & OSINT Show
The goal of the podcast is to share practical tips of what works and what doesn't in information security. Essentially we turn our guests' wisdom into practical tips you can use to improve your own skills.
info_outline Episode 80 | Psychology and Ransomware 11/11/2021
Episode 80 | Psychology and Ransomware In Episode 80, Josh Amishav talks about the pyschological warfare that is being waged against various ransomware gangs, developments to Darkside, REvil and Blackmatter, Russia's handling of cyber criminals, using stealer log combo lists as part of your OSINT investigations and more.
info_outline Episode 79 | Mastering The Science Behind Social Engineering 11/04/2021
Episode 79 | Mastering The Science Behind Social Engineering In Episode 79, Josh Amishav chats with Mike Murr about the science behind social engineering, micro-expressions, FACS, which is the Facial Action Coding System, Common mistakes made during SE engagements, manipulation techniques and more.
info_outline 75 - Jeff Man - From the NSA to PCI 10/07/2021
75 - Jeff Man - From the NSA to PCI In episode 75, Jeff Man joins us to talk about his time in the NSA, PCI, Hak4Kidz and content creation. My 3 main takeaways were 1) What red teaming was like in the 80s 2) Why PCI gets a bad reputation and 3) His tips for giving great conference talks.
info_outline 74 - Brett Johnson & Online Crime 09/16/2021
74 - Brett Johnson & Online Crime In episode 74, Brett Johnson joins us to talk about online crime, social engineering, spear phishing and trust. My 3 main takeaways were 1) How criminals convince us to trust them online 2) Bypassing company policies via social engineering and 3) How to get people to believe fake news and legends over facts
info_outline 73 - Higinio Ochoa & Hacking with Anonymous 09/09/2021
73 - Higinio Ochoa & Hacking with Anonymous In episode 73, Higinio Ochoa joins us for a behind the scenes look at his hacking escapades with Anonymous. The same methodology can be used for bug hunting today. My 3 main takeaways were 1) Building target lists at scale 2) His two OpSec mistakes which led to him getting caught and 3) What his must have hacking tools are now.
info_outline 72 - Nathan Sweaney & The Future of Privacy 09/02/2021
72 - Nathan Sweaney & The Future of Privacy In episode 72, Nathan Sweaney joins us talk about the future of privacy. My 3 main takeaways were 1) Who's collecting our bluetooth and wifi signals 2) How to get your talk accepted to a security con and 3) How he used OSINT to steal (in air quotes) his twitter handle from a Nazi.
info_outline 71 - Peter Taylor & Fraud Detection 08/26/2021
71 - Peter Taylor & Fraud Detection In episode 71, Peter Taylor "The Fraud Guy" joins us talk about various aspects of fraud. My 3 main takeaways were 1) The common types of fraud he sees in his investigations 2) How Covid has influenced the fraud space and 3) Why aged shell companies and email addresses are so valuable
info_outline 70 - Bob Diachenko & Hunting Open Databases 08/19/2021
70 - Bob Diachenko & Hunting Open Databases In episode 70, Volodymyr "Bob" Diachenko joins us talk about his research around open databases. My 3 main takeaways were 1) How he finds open databases 2) How he stays on the legal side when verifying his research and 3) Some cyber hygiene tips to prevent allowing unauthorized access to your critical infrastructure
info_outline 69 - James Linton & The Email Prankster 08/12/2021
69 - James Linton & The Email Prankster In episode 69, James Linton joins us talk about his email pranking days and Business Email Compromise in general. My 3 main takeaways were 1) some tactical tips on how he gained rapport on the initial contact 2) common risks associated with email related fraud and 3) how to protect yourself against email scams
info_outline 68 - Christian Espinosa & Tactical Communication 08/05/2021
68 - Christian Espinosa & Tactical Communication In episode 68, Christian Espinosa joins us talk about effective communication. My 3 main takeaways were 1) Why we need to stop listening for agreement and instead look for insights 2) how acknowledging yourself plays a critical role in your ability to recognize others achievements and 3) The advantages of mono-tasking vs multi-tasking
info_outline 67 - Evan Francen & Security Fundamentals 07/29/2021
67 - Evan Francen & Security Fundamentals In episode 67, Evan Francen hangs out to talk about security fundamentals, communicating risk & passwords. My 3 main takeaways were 1) What a CISOs job actually is when you boil it down 2) How to choose a risk methodology that’s right for you and 3) Some of the intricacies involved in secure password management
info_outline 66 - Matt Danner & Digital Forensics 07/22/2021
66 - Matt Danner & Digital Forensics In episode 66, Matt Danner joins the show to talk about digital forensics. My 3 main takeaways were 1) How to perform a forensics investigation against Google Storage 2) What the limitations of the Google Drive API are and 3) How to approach iOS and Android devices in an investigation.
info_outline 65 - Martina Dove PhD & The Psychology of Scams 07/15/2021
65 - Martina Dove PhD & The Psychology of Scams In episode 65, I talk with Dr. Martina Dove about the psychology behind fraud, persuasion and scam techniques. My 3 main takeaways were 1) What makes some people more susceptible to fraud 2) the techniques scammers use to convince us to take certain actions and 3) What influence factor is the most powerful For more information, including the show notes check out:
info_outline 64 - Daniel Cuthbert & Pen Testing with the ASVS 07/08/2021
64 - Daniel Cuthbert & Pen Testing with the ASVS In episode 64, Daniel Cuthbert joins us to talk about the OWASP Application Security Verification Standard. My 3 main takeaways were 1) Why the ASVS will make you a better pen tester and even bounty hunter 2) How to use the ASVS for threat modelling and 3) His tips on getting your talk accepted at a security conference For more information, including the show notes check out:
info_outline 63 - Nico "Dutch_Osintguy" Dekens & Leveraging Telegram in OSINT 07/01/2021
63 - Nico "Dutch_Osintguy" Dekens & Leveraging Telegram in OSINT In episode 63, I talk with Nico Dekens, a.k.a Dutch_Osintguy about the dangers of relying on one search engine, Telegram OpSec, browser extensions & more. My 3 main takeaways were 1) When specific search engine will give you better results than others 2) How Telegram can be a better OSINT source than Tor and 3) Search techniques for finding the right keywords and channels on Telegram
info_outline 62 - Alissa Knight & Hacking Cars 06/24/2021
62 - Alissa Knight & Hacking Cars In episode 62, Alissa Knight, the author of Hacking Connected Cars, joins us to talk about hacking connected cars, APIs, defense as well as vulnerability management. My 3 main takeaways were 1) Where to even begin with car hacking 2) The challenges car manufacturers have when trying to defend against these attacks and 3) How APIs are shaping the future of hacking
info_outline 61 - Robert Graham & Large Scale Port Scanning w/Masscan 06/17/2021
61 - Robert Graham & Large Scale Port Scanning w/Masscan In episode 61, Robert Graham, the creator of masscan, joins us to talk about running internet wide port scanning the right way. My 3 main takeaways were 1) How to use the banner function correctly 2) How to figure out the fastest rate you can send packets and 3) The most common mistakes Rob sees when folks run masscan
info_outline 60 - AJ Yawn & Automating AWS Security 06/10/2021
60 - AJ Yawn & Automating AWS Security In episode 60, Josh Amishav chats with AJ Yawn about AWS security, compliance in the cloud, choosing an auditor and more. My 3 main takeaways were 1) How to make compliance not suck 2) How to automate security within an AWS environment and 3) What shared responsibility means when managing cloud infrastructure
info_outline 59 - Tim Adams & DNS Filtering 06/03/2021
59 - Tim Adams & DNS Filtering In episode 59, Tim Adams joins us this week to talk DNS security, Zero Trust, TLD filtering and more. My 3 main takeaways were 1) How to integrate DNS Response Policy Zones, or RPZs, to prevent access to known bad domains 2) How aged a domain should be, sort of like wine, before trusting it and 3) DNS Tunneling, how to identify it and stop it
info_outline 58 - Ryan Dewhurst & Securing WordPress 05/27/2021
58 - Ryan Dewhurst & Securing WordPress Ryan Dewhurst joins us this week to talk about all things WPScan. My 3 main takeaways were 1) common mistakes he sees when people run WPScan 2) 3 things you can do to stop 90% of WordPress attacks 3) His tips on launching a security tool
info_outline 57 - Ben Dowling & IP Geolocation 05/20/2021
57 - Ben Dowling & IP Geolocation Ben Dowling hangs out this week to talk about IP Geolocation. My 3 main takeaways were 1) how they determine where an IP address is actually located 2) how they deal with massive amounts of crowdsourced geodata 3) how they attribute IP addresses to specific companies
info_outline 56 - Assaf Dahan & Ransomware Trends 05/13/2021
56 - Assaf Dahan & Ransomware Trends In episode 56, Assaf Dahan joins us to talk about ransomware, monetization techniques, attribution and getting started as a malware researcher. My 3 main takeaways were 1) why the double extortion method is so popular 2) how long it takes to exfiltrate our data 3) the most common initial attack vectors used to infect targets
info_outline 55 - Charlie Belmer & NoSQL Injection 05/06/2021
55 - Charlie Belmer & NoSQL Injection This week Charlie Belmer joins the show to chat about NoSQLi, web proxies, cloud security, tips to get started in InfoSec and more. My 3 main takeaways were 1) how SQLi differs from NoSQLi 2) why privacy still matters and 3) How cookieless tracking works and some of the frightening techniques used
info_outline 54 - Jeff Foley & Asset Discovery with Amass 04/29/2021
54 - Jeff Foley & Asset Discovery with Amass This week Jeff Foley hangs all to talk about asset discovery using amass, recon methodologies, hashcat style brute forcing, extending functionality via Lua and more. My 3 main takeaways were 1) finding assets that don’t share a domain name using JARM 2) how they made scanning faster by essentially lowering the DNS brute forcing query rate and 3) where the project is headed
info_outline 53 - hashcat 101 04/15/2021
53 - hashcat 101 This week we cover a basic introduction to password cracking with hashcat. We cover why rainbow tables are no longer useful, password salts, identifying hash types, wordlists, attack modes, the rules language, secure hashing algorithms, password safes and more.
info_outline 52 - InfoSec News & Analysis 04/08/2021
52 - InfoSec News & Analysis This week I offer a curated (almost) 5 minute summary of the latest InfoSec news including the Ubiquiti hack, the latest Facebook data leak, PHP's official Git repository hack, Github security tool updates, Government phishing attacks, a critical netmask NPM vuln, a Spectre/Meltdown mitigation bypass, a zero-click exploit in IoS's Mail, cryptomining Docker images and Microsoft Exchange exploits in the wild.
info_outline 51 - Jim Manico & Developing Securely 04/01/2021
51 - Jim Manico & Developing Securely This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies, NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords