Claim OwnershipLayer 8 Podcast
Subscribed: 122Played: 2,709
Subscribe
© 850257
Description
Welcome to the Layer 8 Podcast season 5! This season we’ll have conversations with social engineers and OSINT investigators who will tell their stories. We hope you enjoy them.
131 Episodes
Reverse
Kirby Plessas is an OSINT pioneer, US military veteran, business owner, board member, is OSC certified and podcast host. Kirby was an Arabic linguist in the military who started sharing what she knew with team members in a newsletter and it grew from there. She is the founder of the Plessas Experts Network which offers training, classes and webinars in OSINT investigations. She also co-hosts the OSINT Cocktail podcast where they talk about investigations and techniques seen in movies and television shows.
Craig Taylor is the founder and CEO of CyberHoot a security awareness company that focuses on positive reinforcement and gamification. Craig studied psychology and used that knowledge when creating CyberHoot, which he offers for free. Craig also set up a challenge specifically for listeners of the Layer 8 Podcast, if you'd like to test your ability to identify a phish and the parts of a phish quickly. It's even free! You can try that out here: https://cps.cyberhoot.com/hootphish-challenge/?hash=65199056c6edbc93f2755078a5b15743 There will be a leaderboard, and you can check your status on the leaderboard here: https://cps.cyberhoot.com/hootphish-challenge/shared-results/?hash=8b7f346b97c7dd027215d741f0ae36fb This free challenge will end on May 31, 2025.
Tim Farmer is the OSINT Training Lead for Dark Blue at CACI. He performs investigations along with teaching OSINT classes with a focus on the deep and dark web. (Don't know the difference? We discuss that in this episode.) Tim has his own podcast with Chris, titled The OSINT Output. Tim has achieved the OSC certification from Osmosis Academy and will be presenting at the Layer 8 Conference this year with a talk titled "Deanonymizing Dark Web Hidden Services: Capitalizing on User Mistakes and Querying Internet of Things Databases"
Dorota Kozlowska is a social engineer and penetration tester for Black Hills Information Security. She has her own podcast which can be found on Twitch and YouTube and recently presented at the Disobey conference in Finland. On this episode, she talks about how to get into social engineering as a job, some techniques for elicitation, what skills one needs to be a social engineer and the all-important sympathy vs. empathy.
Sho Luv, aka Leon Johnson is a ninja, a hacker, a penetration tester and a computer security expert. Leon has performed all types of testing engagements and has mentored many other aspiring pentesters. On this episode, Leon talks about what it takes to be a tester along with some of his own stories of social engineering engagements and his thoughts on being a Black man while doing covert entry engagements. If you want to try your hand at the hacker box Leon created, titled Mr. Robot, have at it: https://sholuv.net/
How does a man living in England trace the history of Compton, California and the evolution of gangs across the country? And then evolve to tracking financial crimes? By using his OSINT skills! In this episode, Brett Redman the Head of Intelligence at Blackdot Solutions takes us through where he started with tracking this information and also some discussion of OSINT differences between the US and UK, with an emphasis on investigational ethics.
Olie Brown is a self-described hacker and the creator of the penetration testing company CC Labs. In this episode, Olie tells us of some social engineering exploits he has pulled off with some very simple techniques. He also stresses the social in social engineering with his tips on how people can get started and how to get better at social engineering. He also talks about why he is constantly learning and hasn't slowed down.
Dmitry Danilov, aka Soxoj is an OSINT investigator and CPO for Social Links. In this episode, we talk about his Substack where he shares his methodology and his incredibly helpful "4P Method" of doing investigations. We also talked about some of the tools he works with and created, which you can find in his github: https://github.com/soxoj https://soxoj.com/ https://t.me/soxoj_insides https://github.com/soxoj/maigret Presentation at LeHack: https://www.youtube.com/watch?v=0yQRf0Mx-hc https://sociallinks.io/products/sl-crimewall
Jeff Tomkiewicz, aka The Gh0stface Killer is a social engineer who is employed but a health services company. He will also be teaching a pretexting workshop at the Layer 8 Conference! You can find out more about that here: https://layer8conference.com/training-at-layer-8-conference-2025/
In this episode, we learn how Jeff moved from the military to becoming a social engineer where he does red team engagements for his company. He also penned a great article about social engineering and pretexting here: https://heyzine.com/flip-book/8467826462.html
Let's talk covert entry, vishing, phishing and how to get into the field with Jeff!
My OSINT Training is a company created by Griffin (@hatless1der) Glynn and Micah (@webbreacher) Hoffman. Their goal was to create affordable high quality OSINT training, and they'll be offering that at the Layer 8 Conference in June! You can sign up today for their class!
In this episode, we also spoke about the National Child Protection Task Force (NCPTF) and how Micah and Griffin conduct investigations along with how others can help and how ethics play a huge part in their investigations. Griffin also runs a hugely popular page of OSINT tools at The Ultimate OSINT Collection
Get your ticket to the Layer 8 Conference on June 14, in Boston!
In this episode, we're joined by Nico Dekens, aka Dutch_OSINTGuy where he talks about lessons in OSINT including the value of operational security, ethics and classes he teaches. He also tells us about his 5W1H method of performing an investigation. We also discussed some blog posts he wrote for ShadowDragon, including one about OSINT on people in heightened emotional states.
Aidan Raney is the founder of Farnsworth Intelligence, an OSINT company that focuses on due diligence investigations, among others. Aidan freely shares content and tools, has been a volunteer with Trace Labs, teaches OSINT and OpSec.
He presented at both BSidesSF and ShmooCon about "Catching Some Phisherman" where he exposed a large phishing organization.
Aidan has experience with using Artificial Intelligence (AI) in OSINT and has also helped to catch vishing scammers.
Brian Harris from the Covert Access Team is a social engineer, a physical pentester and a member of the black team. If you've heard of blue team, purple team and red team but not black team, you can hear what that is about in this episode!
Brian explains why all businesses should have their physical access tested, regardless of whether they believe the tester would be successful. Also, is it fair to test the third party cleaning crew during a test? We talk about this and a lot more!
Nathaniel Fried is the CEO of OSINT Industries. He's also one of the founding members and current chair of UK OSINT, a non-profit public meetup group.
In this episode, we talk about ways to perform OSINT with only a single selector, such as an email address, a phone number or a username.
We also discussed how he discovered that Donetsk was using western-based IT tools, in spite of sanctions. Nathaniel walked through this investigation with his OSINT methods.
He explained his thoughts on how to get started in the OSINT world, recommendations on areas to focus on and also told us a brief story of how he did not get extradited to the Philippines.
Matt Linton (@0xMatt)is a Googler and former NASA employee and red teamer. He has some opinions on the way we do phishing testing today with comparisons to how fire safety evolved. Even better, he offers solid solutions on how we can do better phishing testing so that people better understand the expectations of them and to still keep the enterprise protected.
In this episode, we discuss a blog post that he wrote for Google. You can read the blog post here: https://security.googleblog.com/2024/05/on-fire-drills-and-phishing-tests.html
Jennifer is a hacker, a social engineer, a locksmith and a private investigator. In this episode, we talk about how she got into each of those fields and about her path to being a part of her company's red team. She has some great social engineering stories including where she's climbing through a ceiling!
Phil Eil is an investigative journalist who has written for publications such as Vice, Huffington Post, the Boston Globe and the Providence Phoenix. But there was always one story he wanted to write.
In his new book, Prescription for Pain, Phil documents the story of Dr. Paul Volkman, a midwestern physician who was convicted of distribution of a controlled substance resulting in death, plus additional charges.
Phil tells us about the story but also describes the various less-common investigative (OSINT) tools that he used to tell the story.
This is the second part of a two-part podcast episode with Alethe Denis. If you missed the first part, you'll want to go back and listen to that first as this episode picks up, mid-story where Alethe has just caught the eye of a security guard during a social engineering engagement. Can she evade the guard or will the job come to an end?
Alethe is a senior security consultant with Bishop Fox, has given presentations to multiple conferences, including a keynote on redteaming. Alethe was also the featured guest on one of the most popular episodes of Darknet Diaries.
Alethe Denis is the first ever three-time guest to the Layer 8 Podcast. When Alethe comes on, we can swap stories for hours. And we did! This is part 1 of a two-part episode, as Alethe had so many great stories to share.
For this episode, she talks her way into buildings, tells us how she prepares her OSINT and when she knows it's time to go into the building.
Check back in two weeks for part 2!
For this episode, we're joined by Cynthia Navarro and Bret Anderson from OsmosisCon. They are the two people that head up the annual OSINT conference in Las Vegas. The conference will be October 20-22 and can be attended in person or remotely.
Cynthia and Bret tell us about the origins of Osmosis, the certification they offer and we also talk about some methods, ethics and share some fun investigation stories.
Comments
Download from Google Play
Download from App Store
United States