The InfoSec & OSINT Show
The goal of the podcast is to share practical tips of what works and what doesn't in information security. Essentially we turn our guests' wisdom into practical tips you can use to improve your own skills.
info_outline 66 - Matt Danner & Digital Forensics 07/22/2021
66 - Matt Danner & Digital Forensics In episode 66, Matt Danner joins the show to talk about digital forensics. My 3 main takeaways were 1) How to perform a forensics investigation against Google Storage 2) What the limitations of the Google Drive API are and 3) How to approach iOS and Android devices in an investigation.
info_outline 65 - Martina Dove PhD & The Psychology of Scams 07/15/2021
65 - Martina Dove PhD & The Psychology of Scams In episode 65, I talk with Dr. Martina Dove about the psychology behind fraud, persuasion and scam techniques. My 3 main takeaways were 1) What makes some people more susceptible to fraud 2) the techniques scammers use to convince us to take certain actions and 3) What influence factor is the most powerful For more information, including the show notes check out:
info_outline 64 - Daniel Cuthbert & Pen Testing with the ASVS 07/08/2021
64 - Daniel Cuthbert & Pen Testing with the ASVS In episode 64, Daniel Cuthbert joins us to talk about the OWASP Application Security Verification Standard. My 3 main takeaways were 1) Why the ASVS will make you a better pen tester and even bounty hunter 2) How to use the ASVS for threat modelling and 3) His tips on getting your talk accepted at a security conference For more information, including the show notes check out:
info_outline 63 - Nico "Dutch_Osintguy" Dekens & Leveraging Telegram in OSINT 07/01/2021
63 - Nico "Dutch_Osintguy" Dekens & Leveraging Telegram in OSINT In episode 63, I talk with Nico Dekens, a.k.a Dutch_Osintguy about the dangers of relying on one search engine, Telegram OpSec, browser extensions & more. My 3 main takeaways were 1) When specific search engine will give you better results than others 2) How Telegram can be a better OSINT source than Tor and 3) Search techniques for finding the right keywords and channels on Telegram
info_outline 62 - Alissa Knight & Hacking Cars 06/24/2021
62 - Alissa Knight & Hacking Cars In episode 62, Alissa Knight, the author of Hacking Connected Cars, joins us to talk about hacking connected cars, APIs, defense as well as vulnerability management. My 3 main takeaways were 1) Where to even begin with car hacking 2) The challenges car manufacturers have when trying to defend against these attacks and 3) How APIs are shaping the future of hacking
info_outline 61 - Robert Graham & Large Scale Port Scanning w/Masscan 06/17/2021
61 - Robert Graham & Large Scale Port Scanning w/Masscan In episode 61, Robert Graham, the creator of masscan, joins us to talk about running internet wide port scanning the right way. My 3 main takeaways were 1) How to use the banner function correctly 2) How to figure out the fastest rate you can send packets and 3) The most common mistakes Rob sees when folks run masscan
info_outline 60 - AJ Yawn & Automating AWS Security 06/10/2021
60 - AJ Yawn & Automating AWS Security In episode 60, Josh Amishav chats with AJ Yawn about AWS security, compliance in the cloud, choosing an auditor and more. My 3 main takeaways were 1) How to make compliance not suck 2) How to automate security within an AWS environment and 3) What shared responsibility means when managing cloud infrastructure
info_outline 59 - Tim Adams & DNS Filtering 06/03/2021
59 - Tim Adams & DNS Filtering In episode 59, Tim Adams joins us this week to talk DNS security, Zero Trust, TLD filtering and more. My 3 main takeaways were 1) How to integrate DNS Response Policy Zones, or RPZs, to prevent access to known bad domains 2) How aged a domain should be, sort of like wine, before trusting it and 3) DNS Tunneling, how to identify it and stop it
info_outline 58 - Ryan Dewhurst & Securing WordPress 05/27/2021
58 - Ryan Dewhurst & Securing WordPress Ryan Dewhurst joins us this week to talk about all things WPScan. My 3 main takeaways were 1) common mistakes he sees when people run WPScan 2) 3 things you can do to stop 90% of WordPress attacks 3) His tips on launching a security tool
info_outline 57 - Ben Dowling & IP Geolocation 05/20/2021
57 - Ben Dowling & IP Geolocation Ben Dowling hangs out this week to talk about IP Geolocation. My 3 main takeaways were 1) how they determine where an IP address is actually located 2) how they deal with massive amounts of crowdsourced geodata 3) how they attribute IP addresses to specific companies
info_outline 56 - Assaf Dahan & Ransomware Trends 05/13/2021
56 - Assaf Dahan & Ransomware Trends In episode 56, Assaf Dahan joins us to talk about ransomware, monetization techniques, attribution and getting started as a malware researcher. My 3 main takeaways were 1) why the double extortion method is so popular 2) how long it takes to exfiltrate our data 3) the most common initial attack vectors used to infect targets
info_outline 55 - Charlie Belmer & NoSQL Injection 05/06/2021
55 - Charlie Belmer & NoSQL Injection This week Charlie Belmer joins the show to chat about NoSQLi, web proxies, cloud security, tips to get started in InfoSec and more. My 3 main takeaways were 1) how SQLi differs from NoSQLi 2) why privacy still matters and 3) How cookieless tracking works and some of the frightening techniques used
info_outline 54 - Jeff Foley & Asset Discovery with Amass 04/29/2021
54 - Jeff Foley & Asset Discovery with Amass This week Jeff Foley hangs all to talk about asset discovery using amass, recon methodologies, hashcat style brute forcing, extending functionality via Lua and more. My 3 main takeaways were 1) finding assets that don’t share a domain name using JARM 2) how they made scanning faster by essentially lowering the DNS brute forcing query rate and 3) where the project is headed
info_outline 53 - hashcat 101 04/15/2021
53 - hashcat 101 This week we cover a basic introduction to password cracking with hashcat. We cover why rainbow tables are no longer useful, password salts, identifying hash types, wordlists, attack modes, the rules language, secure hashing algorithms, password safes and more.
info_outline 52 - InfoSec News & Analysis 04/08/2021
52 - InfoSec News & Analysis This week I offer a curated (almost) 5 minute summary of the latest InfoSec news including the Ubiquiti hack, the latest Facebook data leak, PHP's official Git repository hack, Github security tool updates, Government phishing attacks, a critical netmask NPM vuln, a Spectre/Meltdown mitigation bypass, a zero-click exploit in IoS's Mail, cryptomining Docker images and Microsoft Exchange exploits in the wild.
info_outline 51 - Jim Manico & Developing Securely 04/01/2021
51 - Jim Manico & Developing Securely This week Jim Manico joins the show to talk about Cross Site Scripting, CSPs, strict dynamic, trusted types, SameSite cookies, NIST SP 800-63, password shucking and more. My 3 main takeaways were 1) how to do input validation correctly 2) why using nonces in your CSP is safer than creating an allowed list policy and 3) the right way to handle passwords
info_outline 50 - pdp (Petko Petkov) & Automating Pownage with PownJS 03/25/2021
info_outline 49 - Gabrielle Botbol & Becoming a Pen Tester 03/18/2021
49 - Gabrielle Botbol & Becoming a Pen Tester This week Gabrielle Botbol joins the show to talk about getting into the world of pen testing, certs, CTFs, self study resources, report writing, repeatable risk scoring, finding XSS and staying current. My 3 main takeaways were 1) the CTFs you should be practicing on 2) some strategies to gain credibility in the industry and 3) which certs are worth the investment
info_outline 48 - Paulino Calderón & Practical IoT Hacking 03/11/2021
48 - Paulino Calderón & Practical IoT Hacking This week Paulino Calderón joins the show to chat about his methodology for finding bugs in IoT devices, using Lua for quick exploit development, alarming vulnerabilities he found in a smart water bottle, extending Nmap's functionality and his tips for starting a security business.
info_outline 47 - Christian Folini & The Core Rule Set 03/04/2021
47 - Christian Folini & The Core Rule Set This week Christian Folini hangs out to talk about protecting web apps with the OWASP Core Rule Set, getting into the security industry, impedance mismatch and anomaly scoring. My 3 main takeaways were 1) how RASPs compare to WAFs 2) how paranoia levels are used to eliminate false positives and 3) how the Swiss Post used the CRS to protect a vulnerable online voting system
info_outline 46 - InfoSec News & Analysis 02/25/2021
46 - InfoSec News & Analysis This week we change things up a bit and review a curated (almost) 5 minute summary of the latest InfoSec news including SolarWinds sanctions, language supply chain attacks, Egregor ransomware as a service, N.Korean crypto theft, vuln exploitation in the wild, Mexican politicians and ATM skimming, a new password manager, legal use of look-alike domains, rogue Yandex employees and SIM swapping attacks.
info_outline 45 - John Hammond & Hacking CTFs 02/18/2021
45 - John Hammond & Hacking CTFs This week John Hammond joins the show to talk about hacking with Python, certs vs degrees, avoiding rabbit holes and the differences between various flavors of CTFs. My 3 main takeaways were 1) how to get started with capture the flag competitions 2) dealing with burnout and 3) his methodology to analyze malware
info_outline 44 - Ted Harrington & Doing Application Security Right 02/11/2021
44 - Ted Harrington & Doing Application Security Right This week Ted Harrington hangs out to talk about hacking passive medical devices, predicting Ethereum private keys and exploiting business logic flaws. My 3 main takeaways were 1) Ted's 6 fundamentals of security testing 2) How do to threat modelling right and 3) His advice for starting a security company
info_outline 43 - Robert "RSnake" Hansen & The Future of Data Privacy 02/04/2021
43 - Robert "RSnake" Hansen & The Future of Data Privacy This week Robert Hansen joins us to talk about privacy as a service, search engine and VPN privacy, the future of cyber-insurance, asset discovery, hackers.org and some tips on starting a security business. My 3 main takeaways were 1) the future of data privacy 2) How he used snapshots of the internet to predict stock prices and 3) what security controls he would do differently if he ran hackers.org today
info_outline 42 - Charles Shirer & Pen Testing with No Money Down 01/28/2021
42 - Charles Shirer & Pen Testing with No Money Down This week Charles Shirer joins us to talk about pen testing, OSINT and how he got started in security. My 3 main takeaways were 1) when to use SecBSD as an alternative to Kali 2) How to approach pen testing APIs as opposed to web apps and 3) some tactical tips on maintaining your mental health when dealing with the pressures of InfoSec.
info_outline 41 - Chris Hadnagy & Human Hacking 01/21/2021
41 - Chris Hadnagy & Human Hacking This week Chris Hadnagy joins us to talk about the psychology behind social engineering, choosing effective pretexts, as well as the science behind how we make decisions. My 3 main takeaways were 1) how to identify personality types and communicate effectively using DISC 2) how Oxytocin and Amygdala hijacking influence our behavior and 3) How to get started in a career as a social engineer
info_outline 40 - Fabio Viggiani & Supply Chain Attacks 01/14/2021
40 - Fabio Viggiani & Supply Chain Attacks This week Fabio Viggiani hangs out to talk about supply chain attacks, ransomware, mapping your software dependencies and assuming breach. My 3 main takeaways were 1) his insights into reverse engineering the SolarWinds Orion malware 2) Up-in-coming trends he sees in ransomware and 3) how he runs incident response investigations
info_outline 39 - Josh Sokol & Managing Risk Simply 01/07/2021
39 - Josh Sokol & Managing Risk Simply This week Josh Sokol joins the show talk about managing risk with a focus on keeping it simple, turning a free open source project into a business and his suggestions on how to get started in InfoSec. My 3 main takeaways were 1) the three components of risk mitigation 2) the different level of maturity within risk management programs and 3) his process for ensuring his codebase is secure
info_outline 38 - Tyrone Wilson & Breaking Into the Security Industry 12/17/2020
38 - Tyrone Wilson & Breaking Into the Security Industry This week Tyrone Wilson hangs out to talk about breaking into the security industry, passive OSINT and starting a security business. My 3 main takeaways were 1) how to use free tools to gain experience before joining a SOC 2) how he used OSINT to find his biological father and 3) how to maintain your privacy when using exercise apps.
info_outline 37 - Jenny Radcliffe & People Hacking 12/10/2020
37 - Jenny Radcliffe & People Hacking This week Jenny Radcliffe joins to the show to talk about social engineering. My 3 main takeaways were 1) which influence factors are most useful in specific situations like in person social engineering vs phishing emails 2) reading micro-expressions in context and understanding their limitations and 3) how to protect yourself against social engineering attacks.