The InfoSec & OSINT Show
Your weekly dose of information security and open source intelligence news, tips and commentary.
info_outline 36 - Tracy Maleeff & Empathy Based InfoSec 12/03/2020
36 - Tracy Maleeff & Empathy Based InfoSec This week Tracy Maleeff hangs out to talk about using empathy to improve your InfoSec investigations. My 3 main takeaways were 1) how to collaborate OSINT findings before drawing a conclusion 2) how to communicate technical issues to a non-technical audience and 3) some tactical tips on using empathy to discover new information.
info_outline 35 - Ed Bellis & Risk Based Vulnerability Management 11/26/2020
35 - Ed Bellis & Risk Based Vulnerability Management This week Ed Bellis joins the show to talk about risk based vulnerability management. My 3 main takeaways were 1) which factors you should take into consideration when prioritizing vulnerability remediation 2) the effects that public exploit code has on remediation efforts 3) how organizations can improve their threat prioritization by using their own threat intel in their risk assessments
info_outline 34 - John Strand & Moving Beyond 0-Days 11/19/2020
34 - John Strand & Moving Beyond 0-Days This week John Strand joins the show to talk about pen testing in the age of Corona, bypassing multi-factor authentication, dealing with ransomware and starting a security business. My 3 main takeaways were 1) why 0-days don't matter 2) how to bypass identity services like Okta and 3) the one guiding rule for creating a security business
info_outline 33 - Tanya Janca & Coding Securely 11/12/2020
info_outline 32 - Or Katz & Phishing Evasion Techniques 11/05/2020
32 - Or Katz & Phishing Evasion Techniques This week Or Katz joins us to shares his research into novel phishing evasion techniques seen in the wild. My 3 main takeaways were 1) What the most popular methods to propagate phishing attacks are 2) what signals can help determine if complicated code is malicious or not and 3) How to handle potentially malicious users when we don’t have enough information to understand their true intentions
info_outline 31 - Chris Rock & Cyber Mercenaries 10/29/2020
31 - Chris Rock & Cyber Mercenaries This week Chris Rock shares his story as well as some techniques he's used as a cyber mercenary. My 3 main takeaways were 1) why 0-days are rarely needed 2) Spear-phishing as the most efficient technique for the initial compromise 3) why the easiest path to your target may be by hacking someone else, like their accountant
info_outline 30 - Hakluke & The Bug Bounty Mindset 10/22/2020
30 - Hakluke & The Bug Bounty Mindset This week Hakluke shares some mindset tweaks and tactical advice on how to improve your bug bounty hunting. My 3 main takeaways were 1) why the abundance mindset is so important 2) what we can learn from the similarities between the music industry and bounty hunting and 3) why collaboration is so important.
info_outline 29 - Katie Moussouris & Running Bug Bounties 10/15/2020
29 - Katie Moussouris & Running Bug Bounties This week Katie Moussouris hangs out to talk about both the advantages as well as challenges in running bug bounty programs. My 3 main takeaways were when companies should choose a bounty as opposed to a pen test, where a company should be at operationally before launching a program and how companies should prepare before launching their bug bounty program.
info_outline 28 - STÖK and Hunting Bug Bounties 10/08/2020
28 - STÖK and Hunting Bug Bounties This week STÖK joins us to talk about how he approaches bug bounties. My 3 main takeaways were why you should specialize in a couple of specific bug types. Why you should constantly scan a multitude of bounty programs and why you should hack with a team.
info_outline 27 - Joona Hoikkala and Advanced FFuF Scanning 10/01/2020
27 - Joona Hoikkala and Advanced FFuF Scanning This week Joona Hoikkala joins us to talk about some of the advanced features of ffuf. My 3 main takeaways were why you should use a VPS for running scans and how to integrate an external ffuf scan into your local Burp instance. Why you should use filters instead of the default pattern matcher to remove false positives as well as what cool functionality he's working on to enhance ffuf's capabilities.
info_outline 26 - James Kettle and Becoming a Security Researcher 09/24/2020
26 - James Kettle and Becoming a Security Researcher This week James Kettle joins the show to talk about the methodology he uses to find really novel widespread vulnerabilities that break the internet. My 3 main takeaways were what techniques he uses to decide what research topics are worth pursuing. Second, what behavior traits are needed to become a successful security researcher and third why the HTTPOnly cookie flag is useless and a complete joke.
info_outline 25 - Jeremiah Grossman and Asset Inventory 09/17/2020
25 - Jeremiah Grossman and Asset Inventory This week Jeremiah Grossman hangs out talk InfoSec, ransomware and asset inventory. My 3 main takeaways were how we can use metadata to corrolate assets to an entity. Second, why cyber insurance will dictate what security tests are run and third Jeremiah's 3 super powers that aren't related to Jiu-jitsu
info_outline 24 - Ira Winkler & How to Stop Stupid 09/10/2020
24 - Ira Winkler & How to Stop Stupid This week Ira Winkler joins the show to talk about social engineering & protecting your network against the human element. My 3 main takeaways were how we need to integrate lessons from industrial safety programs into our security policies. Second, what procedures Twitter should've had in place to prevent their recent hack against high profile users as well as what the most important skill for social engineering is.
info_outline 23 - Samy Kamkar & Reverse Engineering 09/03/2020
23 - Samy Kamkar & Reverse Engineering This week Samy Kamkar hung out to talk about some of his adventures creating worms and zombie drone armies with a focus on his process for reverse engineering both software and hardware. My three main takeaways were how he created cheats on Counter-Strike, how he created one of the fasting spreading viruses of all time and why he finds the physical access control problem interesting. For more information, including the show notes check out https://breachsense.io/podcast
info_outline 22 - Chris Kubecka & Hacking the World with OSINT 08/27/2020
22 - Chris Kubecka & Hacking the World with OSINT This week Chris Kubecka joins the show. We focused on leveraging OSINT in security research. My three main takeaways were how she used OSINT to find Boeing's dev systems. As well how she uses code search engines to find a systems running a piece of known vulnerable code and why its worthwhile doing security research out of the Netherlands when your target likes to sue you into silence.
info_outline 21 - HD Moore & Advanced Asset Inventory Techniques 08/21/2020
21 - HD Moore & Advanced Asset Inventory Techniques This week HD Moore is on the show. We focused on asset identification. The three main takeaways are how to figure out relationships between domains, meaning how to correlate domain ownership without relying on whois information (which in our GDPR world is no longer available). We also talked about moving beyond fingerprints to figure out what a device actual is and not just the OS it runs. Finally, why local networks are only growing and getting denser even when the trend is to move everything to the cloud.
info_outline 20 - Robert Baptiste (Elliot Anderson) & Mobile App Hacking 08/14/2020
20 - Robert Baptiste (Elliot Anderson) & Mobile App Hacking This week Robert Baptiste, aka Elliot Anderson (@fs0c131y) joins us to chat about his research into TikTok, how he bypassed limitations in the Indian government’s Covid tracing app to figure out how many sick people were in their parliament building as well as his new endeavor fighting disinformation with Predicta Lab.
info_outline 19 - Tommy Devoss (Dawgyg) & Bug Bounty Hunting on Steroids 08/07/2020
19 - Tommy Devoss (Dawgyg) & Bug Bounty Hunting on Steroids This week Dawgyg (Tommy DeVoss) hangs out to chat about his approach to bug bounty hunting, which led him to be one of eight million dollar hackers on the HackerOne platform. We discuss his approach to recon, how he finds unique bugs, how to get into bug hunting and more.
info_outline 18 - Simon Bennetts & Headless Automated Scanning with ZAP 07/31/2020
18 - Simon Bennetts & Headless Automated Scanning with ZAP This week Simon Bennetts joins me to talk about how to automate web app scanning via ZAP. We discuss API integration, headless scanning, Github action scans, the HUD and more.
info_outline 17 - Matthias Wilson & Using OSINT Against Nigerian Scammers 07/24/2020
17 - Matthias Wilson & Using OSINT Against Nigerian Scammers This week Matthias Wilson joins me to discuss how he uses various OSINT techniques to track down Nigerian advance payment scammers while having a bit of fun. Matthias also shares some social engineering techniques he's used on physical engagements.
info_outline 16 - Ty Miller & Security Automation 07/17/2020
16 - Ty Miller & Security Automation This week Ty Miller of Threat Intelligence fame joins us to talk about security automation. Whether you're tasked with incident response, pen testing or gathering threat intelligence, automation can enable you to scale and maximize resources. We talk about chaining various open source tools together to give you an initial baseline level of information as well as Evolve, their commercial alternative.
info_outline 15 - Chris Dale & Breaking up Recon from the Pen Test 07/10/2020
15 - Chris Dale & Breaking up Recon from the Pen Test This week River Security's Founder and SANS instructor Chris Dale joins us to explain why recon should be separated from the pen test in order to improve efficiency and increase the quality of the outcome. He also explains his recon process as well as the tools he uses to map out the target's attack surface.
info_outline 14 - Andrew van der Stock & the Future of OWASP 07/03/2020
14 - Andrew van der Stock & the Future of OWASP This week OWASP's new executive director Andrew van der Stock hangs out to talk about the future of several flagship projects like the Application Security Verification Standard (ASVS) and the Top 10 as well as how OWASP should adapt in order to continue growing in light of Covid.
info_outline 13 - Advanced Passive Recon with the Amass Scripting Engine 06/26/2020
13 - Advanced Passive Recon with the Amass Scripting Engine This week we discuss several passive recon techniques to further enumerate the attack surface as well as how we can tie the output from the rest of our recon tools together into a central location via the Amass scripting engine. This allows us to easily combine our results into a single database to track changes over time as well as visualize data points discovered from all of our recon tools.
info_outline 12 - Brute force more effectively with custom wordlists 06/19/2020
12 - Brute force more effectively with custom wordlists This week we discuss how pen testers and bug bounty hunters can get better brute force results by creating a custom wordlist based on what they're trying to enumerate. The lists that come with popular tools are often dated. We can generate more targeted wordlists based on current trends with BigQuery as well as unique terms used in the target web app itself.
info_outline 11 - Hacking from the command line with Bash and Vim 06/12/2020
11 - Hacking from the command line with Bash and Vim This week we talk about how to use the Bash shell to help automate OSINT and pen testing tasks that are run often. We also discuss how to automate parts of the recon process by using vim as a visualization tool to find anomalies.
info_outline 10 - Server Side Request Forgery Attacks and Bypasses 06/05/2020
10 - Server Side Request Forgery Attacks and Bypasses This week we cover a couple of new OSINT tools and techniques like Snapchat maps, Signal face obfuscation, web cam indexes and httpx. We also do a deep dive into Server Side Request Forgery (SSRF) attacks and how to bypass common defenses.
info_outline 9 - Automating Recon - Mapping Your Target Effectively 05/29/2020
9 - Automating Recon - Mapping Your Target Effectively This week we cover a couple of new tools like ffuf, RecurseBuster, Subjack and Cloud_enum. We discuss how to combine and recursively scan the output. Then we throw this into a Bash script to automate the initial attack surface mapping to help us find juicy vulns with minimal effort
info_outline 8 - Domain and Network Recon using Amass - Mapping the Attack Surface 05/28/2020
8 - Domain and Network Recon using Amass - Mapping the Attack Surface This week we do a deep dive into Amass, the OWASP domain enumeration and network mapping tool. This is essential for figuring out your target's attack surface both for offensive and defensive security.
info_outline 7 - GitHub Reconnaissance - Finding the needle in the Haystack 05/15/2020
7 - GitHub Reconnaissance - Finding the needle in the Haystack This week we do a deep dive into GitHub reconnaissance. GitHub can be a goldmine for finding leaked credentials and expanding the attack surface by finding new subdomains and API endpoints. This is important both from an OSINT or red team standpoint to figure out where to focus your attacks as well as for the blue team to know what information has been leaked.