Claim OwnershipLayer 8 Podcast
Subscribed: 93Played: 1,903
Subscribe
© 850257
Description
Welcome to the Layer 8 Podcast season 3! This season we’ll have conversations with social engineers and OSINT investigators who will tell their stories. We hope you enjoy them.
104 Episodes
Reverse
Tom Hocker is the Director at Trace Labs. Trace Labs is a non-profit organization who crowdsources OSINT skills from the public to find information and clues on people in missing persons cases.
As mentioned in this episode, you can get more information about Trace Labs, get in contact with Tom and jump into a Search Party all by joining their Discord channel here: https://discord.gg/tracelabs
Chris Pritchard is a UK-based social engineer with Lares Consulting. He has accessed some of the most secure facilities, sometimes seemingly too easily. In this episode, Chris (aka @Ghostie_) talks about what was his process to access seemingly secure facilities like airports and casinos. He also gives his thoughts on dealing with the adrenaline rush of getting in and also has advice on how to get started in the industry.
Rae, aka @Wondersmith_Rae is back! After chatting about maritime OSINT in episode 75, Rae came back to discuss her book "Deep Dive - Exploring the Real World Value of Open Source Intelligence" and to talk about what skills or mindset is important in the OSINT world. We also talked about how to practice your OSINT skills in a realistic way by using Kase Scenarios, a learning site she built along with Espen Ringstad.
Dylan is named the Magician yet he doesn't do card tricks, doesn't pull a rabbit from a hat and doesn't cut his assistant in half. Dylan is a social engineer who earned that moniker during an engagement. In this episode, Dylan will explain the job where he was tagged "The Magician." We'll also talk about the planning that went into his engagement and other aspects of social engineering he uses every day.
This episode is brought to you by Compass Cyber Guard. To find out more about Cyber Guard's social engineering or pentesting services, contact info@layer8podcast.org
Ritu Gill is back! A return guest who first appeared on episode 20, Ritu (also known as OSINT Techniques) is back to talk about Operational Security, about how to create and curate sock puppets, how to keep the integrity of an investigation and to tell us about Forensic OSINT, a Chrome extension that can easily help with investigations!
This episode is brought to you by Compass Cyber Guard. To find out more about Cyber Guard's social engineering or pentesting services, contact info@layer8podcast.org
Our host, Patrick Laverty, has gotten to talk with experts in OSINT and social engineering and heard their stories. But Patrick has never told one of his own. That's what we get here as he explains how he got access to sensitive areas of a bank during a social engineering job.
This episode is brought to you by Compass Cyber Guard. To find out more about Cyber Guard's social engineering or pentesting services, contact info@layer8podcast.org
Charles Shirer, aka @BSDBandit is the part of the internet that exudes positivity and happiness. He frequently posts happy and affirming messages for people to enjoy. He's also a self-taught OSINT expert. In this episode, he'll explain how he learned OSINT, projects he took on and give suggestions and advice for others who might look to follow in his path.
Dr. Abbie Maroño is the Director of Education at Social Engineer, LLC. She earned her PhD in Behaviour Analysis from Lancaster University in the UK. In this episode, we talk about human lie detection and that everything we learned on Lie to Me might be a lie! How can we discern good scientific information from bad, so we can learn the skills of social engineering and Dr. Maroño also talks about her own new podcast where she goes into the detail of the science and research behind many social engineering topics!
Venessa Ninovic is @Intel_Inquirer on Twitter and frequently posts her findings and research at https://intel-inquirer.medium.com/ She has been on the OSINT Curious podcast and presented at the 2022 SANS OSINT Summit. In this episode, she tells us how much OSINT one can find just in dating apps. She explains how some military members failed so badly at OpSec that they were forced to delete their social media applications and she digs into the exercise app Strava. Strava can reveal quite a bit about the person exercising, even as much as where they live!
Alan Neilan is a security analyst who searches for phishing kits in his spare time, using x0rz's Phishing Catcher. Alan often tweets out his work at @aneilan and he also posts his findings under the title "Crap I Found on the Internet" on his blog at aneilan.github.io. In this episode, Alan talks about how he uses certificate transparency certstreams to feed the analysis tool and tells some of his experiences with reporting the kits he's found.
John TerBush, known as TheGumshoo on Twitter joins us to talk about his previous life as a private investigator and how he merged into the information security world. He, like so many others, was doing OSINT before we called it OSINT and he describes some of the locations and techniques. John is also a founding member of OSINT Curious and a course developer/instructor for the SANS SEC 487 and SEC 587 OSINT courses. He is also a threat researcher for Recorded Future. John has some great advice for getting started in the OSINT world and some fun stories of life on the job.
On this episode, we speak with Dalin McClellan, a penetration tester and social engineer for NetSPI. The idea for this episode came from a blog post that Dalin wrote here: Not Your Average Bug Bounty: How an Email, a Shirt and a Sticker Compromised a High Security Datacenter. Dalin explains the preparation necessary for an on site physical penetration test when the location is highly secured with barbed wire fencing, human guards 24x7, retinal scanners and mantraps. Sometimes very simple solutions can be used to bypass highly technical controls. Just ask.
Sylvain Hajri, aka Navlys_ on Twitter created Epieos.com a freemium site that lets you perform passive OSINT with just an email address. Sylvain wears an incredible number of hats as the creator of not just Epieos but also MyOSINTJob, OSINTFr, the SpyingChallenge and is also an organizer of LeHack in France and also the OSINTVillage.
In this episode, Sylvain has great advice on how to use passive OSINT, on how he created his company and whether people should focus on tools and learn python to get better at OSINT, plus even more!
When we think of phishing attacks, we immediately think of email. In this episode, Chris Cleveland, the Founder and CEO of Pixm Security walks us through a massive phishing attack that his company discovered. In this attack, millions of Facebook credentials were stolen using multiple layers of trusted environments. Have you ever gotten contacted by a friend in Facebook messenger with a link to check out a funny video? After this episode, you might be a little more careful with those.
If you want to read the blog post that we discuss: https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/
People claim degrees and credentials that they haven't earned. This could be for a number of reasons, whether professional or personal. In this episode, we speak with the Fake PhD Investigator, a person who uses OSINT to determine whether the doctorate degree that someone claims, has actually been conferred on them. This episode goes through the methodology, some stories and some of the reasons that someone might claim to have earned a doctorate degree when they actually have not.
You can find the Fake PhD Investigator on twitter at FakePhD_reveal.
We talk with Steven Harris, aka @nixintel who is an Executive Board Member with @OSINTCurious and is currently employed by Qomplx to perform investigations. He also teaches SEC 487 for SANS. In this episode, we walk through some of the Quiztime investigations that he did on his web site (https://nixintel.info) and another where he was able to figure out exactly who was plagiarizing his content. Steven gives great advice for people starting out, what they should focus on and the value of learning Python.
Griffin is also known online as @hatless1der. You can find his tips and blog articles at hatless1der.com and at the Ultimate OSINT Collection. Griffin is also a part of the National Child Protection Task Force (NCPTF) where he is a speaker at their conference. He also speaks at the ConINT conference. In this episode, Griffin discusses how to do OSINT investigations that require pivoting off data, how to find people who really don't want to be found, and some great ways to get started in the field of OSINT, plus a whole lot more!
Josten Peña is a Human Risk Analyst at Social Engineer, LLC. Josten performs risk testing with contracted company employees via phone calls and email. In this episode, Josten focuses on various shortcuts our brains use, commonly known as biases, that can help in some situation, but can also be detrimental in others. Josten describes these biases and how a social engineer might use them to achieve the desired goals.
In this episode, we talk with Erich Kron from KnowBe4. We go into a number of topics, but mainly focus on phishing. Erich talks about phishing as a service, ransomware as a service and gives recommendations on how to best perform your own phishing engagements within your company.
Oliver Lebhardt is the creator and CEO of Complytron, a tool used for OSINT investigations to determine if seemingly unrelated websites are actually related. In addition, Complytron has data about politically-exposed people (PEP), people who have been sanctioned and who are on government watchlists. The data can be heavily used in anti-money laundering situations, but is also valuable for human intelligence.
Oliver's background is in investigative journalism and has paired his investigatory skills with code developers who have built this powerful database that offers free trials. He originally created the Source Code Leak Project which received funding from Google's Digital News Innovation Fund in 2019.
Comments
Download from Google Play
Download from App Store
United States