Claim OwnershipLayer 8 Podcast
Subscribed: 123Played: 2,812
Subscribe
© 850257
Description
Welcome to the Layer 8 Podcast season 5! This season we’ll have conversations with social engineers and OSINT investigators who will tell their stories. We hope you enjoy them.
137 Episodes
Reverse
Rosa Rowles has spent more than six years as a social engineer, mainly performing vishing calls. She reports that she has made more than 20,000 calls in her career. In this episode, she talks about using OSINT to build a pretext and how she chooses favorite pretexts to fit into a target's own bias. She also explains amygdala hijacking and how the right pretext can put someone's mind into a state where they might not make the best choices. Rosa will be presenting at BSides Tampa on May 16 at 2 pm!
It's pretty easy to guess what she does simply by her name. Mrs. OSINT has an incredible web site dedicated to sharing her learning journey and helping others do the same. She has a "Start Here" page for people looking to get into OSINT and she also has frequent OSINT challenges for those looking to test their own skills. Even better, her site is bilingual! She has blog posts in both Spanish and English.
Johnathan Walton got conned out of $100,000 by a very experienced con-woman. When most people get conned or scammed, they're embarrassed and never tell anyone about the experience. Johnathan is different. He tells everyone about it, including law enforcement and multiple court judges. Johnathan got his con artist imprisoned twice. He also assists others who have been conned. While reviewing his experience and that of others, he noticed recurring themes. He calls these themes "red flags" that many con artists exhibit. In his book "Anatomy of a Con Artist" he details 14 of these red flags and how to spot them. Johnathan has also created the Queen of the Con podcast where he tells his story, as well as during television and public speaking engagements, which can be found on his site at https://johnathanwalton.com/
Want to get into the OSINT field and are unsure where to start? Then this is the episode for you. Dennis Keefe started out in law enforcement, became a web developer and then changed into the OSINT field through his own determination and hard work. Through this episode, Dennis will talk about his path to OSINT and how others can follow in his footsteps. Dennis' web site where he posts all of his learning and advice can be found at https://denniskeefe.me This episode is sponsored by Compass Cyber Guard.
Have you thought much about physical security and whether someone could breach a building's guards, alarms and cameras? On this episode, we talk with Chris Cowling, the founder of RedTeamers.eu and their training company, RedTeamers.academy. We talk about setting expectations about scope and how Chris goes about bypassing the features of a secure facility. You can listen to Chris talk about how he does it and you can also watch him in this short video where he demonstrates some of his company's skills in covert entry: https://redteamers.eu/redteamers_video.mp4 If you take a course with Red Teamers, they are offering a discount to Layer 8 Podcast listeners, just use "Layer826" as the discount code. This episode and the Layer 8 Conference are sponsored by Compass Cyber Guard.
Kirby Plessas is an OSINT pioneer, US military veteran, business owner, board member, is OSC certified and podcast host. Kirby was an Arabic linguist in the military who started sharing what she knew with team members in a newsletter and it grew from there. She is the founder of the Plessas Experts Network which offers training, classes and webinars in OSINT investigations. She also co-hosts the OSINT Cocktail podcast where they talk about investigations and techniques seen in movies and television shows.
Craig Taylor is the founder and CEO of CyberHoot a security awareness company that focuses on positive reinforcement and gamification. Craig studied psychology and used that knowledge when creating CyberHoot, which he offers for free. Craig also set up a challenge specifically for listeners of the Layer 8 Podcast, if you'd like to test your ability to identify a phish and the parts of a phish quickly. It's even free! You can try that out here: https://cps.cyberhoot.com/hootphish-challenge/?hash=65199056c6edbc93f2755078a5b15743 There will be a leaderboard, and you can check your status on the leaderboard here: https://cps.cyberhoot.com/hootphish-challenge/shared-results/?hash=8b7f346b97c7dd027215d741f0ae36fb This free challenge will end on May 31, 2025.
Tim Farmer is the OSINT Training Lead for Dark Blue at CACI. He performs investigations along with teaching OSINT classes with a focus on the deep and dark web. (Don't know the difference? We discuss that in this episode.) Tim has his own podcast with Chris, titled The OSINT Output. Tim has achieved the OSC certification from Osmosis Academy and will be presenting at the Layer 8 Conference this year with a talk titled "Deanonymizing Dark Web Hidden Services: Capitalizing on User Mistakes and Querying Internet of Things Databases"
Dorota Kozlowska is a social engineer and penetration tester for Black Hills Information Security. She has her own podcast which can be found on Twitch and YouTube and recently presented at the Disobey conference in Finland. On this episode, she talks about how to get into social engineering as a job, some techniques for elicitation, what skills one needs to be a social engineer and the all-important sympathy vs. empathy.
Sho Luv, aka Leon Johnson is a ninja, a hacker, a penetration tester and a computer security expert. Leon has performed all types of testing engagements and has mentored many other aspiring pentesters. On this episode, Leon talks about what it takes to be a tester along with some of his own stories of social engineering engagements and his thoughts on being a Black man while doing covert entry engagements. If you want to try your hand at the hacker box Leon created, titled Mr. Robot, have at it: https://sholuv.net/
How does a man living in England trace the history of Compton, California and the evolution of gangs across the country? And then evolve to tracking financial crimes? By using his OSINT skills! In this episode, Brett Redman the Head of Intelligence at Blackdot Solutions takes us through where he started with tracking this information and also some discussion of OSINT differences between the US and UK, with an emphasis on investigational ethics.
Olie Brown is a self-described hacker and the creator of the penetration testing company CC Labs. In this episode, Olie tells us of some social engineering exploits he has pulled off with some very simple techniques. He also stresses the social in social engineering with his tips on how people can get started and how to get better at social engineering. He also talks about why he is constantly learning and hasn't slowed down.
Dmitry Danilov, aka Soxoj is an OSINT investigator and CPO for Social Links. In this episode, we talk about his Substack where he shares his methodology and his incredibly helpful "4P Method" of doing investigations. We also talked about some of the tools he works with and created, which you can find in his github: https://github.com/soxoj https://soxoj.com/ https://t.me/soxoj_insides https://github.com/soxoj/maigret Presentation at LeHack: https://www.youtube.com/watch?v=0yQRf0Mx-hc https://sociallinks.io/products/sl-crimewall
Jeff Tomkiewicz, aka The Gh0stface Killer is a social engineer who is employed but a health services company. He will also be teaching a pretexting workshop at the Layer 8 Conference! You can find out more about that here: https://layer8conference.com/training-at-layer-8-conference-2025/
In this episode, we learn how Jeff moved from the military to becoming a social engineer where he does red team engagements for his company. He also penned a great article about social engineering and pretexting here: https://heyzine.com/flip-book/8467826462.html
Let's talk covert entry, vishing, phishing and how to get into the field with Jeff!
My OSINT Training is a company created by Griffin (@hatless1der) Glynn and Micah (@webbreacher) Hoffman. Their goal was to create affordable high quality OSINT training, and they'll be offering that at the Layer 8 Conference in June! You can sign up today for their class!
In this episode, we also spoke about the National Child Protection Task Force (NCPTF) and how Micah and Griffin conduct investigations along with how others can help and how ethics play a huge part in their investigations. Griffin also runs a hugely popular page of OSINT tools at The Ultimate OSINT Collection
Get your ticket to the Layer 8 Conference on June 14, in Boston!
In this episode, we're joined by Nico Dekens, aka Dutch_OSINTGuy where he talks about lessons in OSINT including the value of operational security, ethics and classes he teaches. He also tells us about his 5W1H method of performing an investigation. We also discussed some blog posts he wrote for ShadowDragon, including one about OSINT on people in heightened emotional states.
Aidan Raney is the founder of Farnsworth Intelligence, an OSINT company that focuses on due diligence investigations, among others. Aidan freely shares content and tools, has been a volunteer with Trace Labs, teaches OSINT and OpSec.
He presented at both BSidesSF and ShmooCon about "Catching Some Phisherman" where he exposed a large phishing organization.
Aidan has experience with using Artificial Intelligence (AI) in OSINT and has also helped to catch vishing scammers.
Brian Harris from the Covert Access Team is a social engineer, a physical pentester and a member of the black team. If you've heard of blue team, purple team and red team but not black team, you can hear what that is about in this episode!
Brian explains why all businesses should have their physical access tested, regardless of whether they believe the tester would be successful. Also, is it fair to test the third party cleaning crew during a test? We talk about this and a lot more!
Nathaniel Fried is the CEO of OSINT Industries. He's also one of the founding members and current chair of UK OSINT, a non-profit public meetup group.
In this episode, we talk about ways to perform OSINT with only a single selector, such as an email address, a phone number or a username.
We also discussed how he discovered that Donetsk was using western-based IT tools, in spite of sanctions. Nathaniel walked through this investigation with his OSINT methods.
He explained his thoughts on how to get started in the OSINT world, recommendations on areas to focus on and also told us a brief story of how he did not get extradited to the Philippines.
Matt Linton (@0xMatt)is a Googler and former NASA employee and red teamer. He has some opinions on the way we do phishing testing today with comparisons to how fire safety evolved. Even better, he offers solid solutions on how we can do better phishing testing so that people better understand the expectations of them and to still keep the enterprise protected.
In this episode, we discuss a blog post that he wrote for Google. You can read the blog post here: https://security.googleblog.com/2024/05/on-fire-drills-and-phishing-tests.html
Comments
Download from Google Play
Download from App Store
United States