stitcherLogoCreated with Sketch.
Get Premium Download App
Listen
Discover
Premium
Shows
Likes

Listen Now

Discover Premium Shows Likes

The InfoSec & OSINT Show

41 Episodes

33 minutes | a day ago
41 - Chris Hadnagy & Human Hacking
  This week Chris Hadnagy joins us to talk about the psychology behind social engineering, choosing effective pretexts, as well as the science behind how we make decisions. My 3 main takeaways were 1) how to identify personality types and communicate effectively using DISC 2) how Oxytocin and Amygdala hijacking influence our behavior and 3) How to get started in a career as a social engineer For more information, including the show notes check out https://breachsense.io/podcast
35 minutes | 8 days ago
40 - Fabio Viggiani & Supply Chain Attacks
  This week Fabio Viggiani hangs out to talk about supply chain attacks, ransomware, mapping your software dependencies and assuming breach. My 3 main takeaways were 1) his insights into reverse engineering the SolarWinds Orion malware 2) Up-in-coming trends he sees in ransomware and 3) how he runs incident response investigations For more information, including the show notes check out https://breachsense.io/podcast
36 minutes | 15 days ago
39 - Josh Sokol & Managing Risk Simply
      This week Josh Sokol joins the show talk about managing risk with a focus on keeping it simple, turning a free open source project into a business and his suggestions on how to get started in InfoSec. My 3 main takeaways were 1) the three components of risk mitigation 2) the different level of maturity within risk management programs and 3) his process for ensuring his codebase is secure For more information, including the show notes check out https://breachsense.io/podcast
28 minutes | a month ago
38 - Tyrone Wilson & Breaking Into the Security Industry
  This week Tyrone Wilson hangs out to talk about breaking into the security industry, passive OSINT and starting a security business. My 3 main takeaways were 1) how to use free tools to gain experience before joining a SOC 2) how he used OSINT to find his biological father and 3) how to maintain your privacy when using exercise apps. For more information, including the show notes check out https://breachsense.io/podcast
37 minutes | a month ago
37 - Jenny Radcliffe & People Hacking
  This week Jenny Radcliffe joins to the show to talk about social engineering. My 3 main takeaways were 1) which influence factors are most useful in specific situations like in person social engineering vs phishing emails 2) reading micro-expressions in context and understanding their limitations and 3) how to protect yourself against social engineering attacks. For more information, including the show notes check out https://breachsense.io/podcast
40 minutes | 2 months ago
36 - Tracy Maleeff & Empathy Based InfoSec
          This week Tracy Maleeff hangs out to talk about using empathy to improve your InfoSec investigations. My 3 main takeaways were 1) how to collaborate OSINT findings before drawing a conclusion 2) how to communicate technical issues to a non-technical audience and 3) some tactical tips on using empathy to discover new information. For more information, including the show notes check out https://breachsense.io/podcast
33 minutes | 2 months ago
35 - Ed Bellis & Risk Based Vulnerability Management
  This week Ed Bellis joins the show to talk about risk based vulnerability management. My 3 main takeaways were 1) which factors you should take into consideration when prioritizing vulnerability remediation 2) the effects that public exploit code has on remediation efforts 3) how organizations can improve their threat prioritization by using their own threat intel in their risk assessments For more information, including the show notes check out https://breachsense.io/podcast
37 minutes | 2 months ago
34 - John Strand & Moving Beyond 0-Days
        This week John Strand joins the show to talk about pen testing in the age of Corona, bypassing multi-factor authentication, dealing with ransomware and starting a security business. My 3 main takeaways were 1) why 0-days don't matter 2) how to bypass identity services like Okta and 3) the one guiding rule for creating a security business For more information, including the show notes check out https://breachsense.io/podcast
33 minutes | 2 months ago
33 - Tanya Janca & Coding Securely
      This week Tanya Janca hangs out to talk about secure coding,  supply chain security and her new book 'Alice and Bob Learn Application Security'. My 3 main takeaways were 1) how to choose the right language to develop in when starting a project 2) why we should get rid of as many different JavaScript frameworks as possible within our code base and 3) what drives someone to write a computer security book For more information, including the show notes check out https://breachsense.io/podcast
35 minutes | 3 months ago
32 - Or Katz & Phishing Evasion Techniques
  This week Or Katz joins us to shares his research into novel phishing evasion techniques seen in the wild. My 3 main takeaways were 1) What the most popular methods to propagate phishing attacks are 2) what signals can help determine if complicated code is malicious or not and 3) How to handle potentially malicious users when we don’t have enough information to understand their true intentions For more information, including the show notes check out https://breachsense.io/podcast
28 minutes | 3 months ago
31 - Chris Rock & Cyber Mercenaries
  This week Chris Rock shares his story as well as some techniques he's used as a cyber mercenary. My 3 main takeaways were 1) why 0-days are rarely needed 2) Spear-phishing as the most efficient technique for the initial compromise 3) why the easiest path to your target may be by hacking someone else, like their accountant For more information, including the show notes check out https://breachsense.io/podcast
32 minutes | 3 months ago
30 - Hakluke & The Bug Bounty Mindset
    This week Hakluke shares some mindset tweaks and tactical advice on how to improve your bug bounty hunting. My 3 main takeaways were 1) why the abundance mindset is so important 2) what we can learn from the similarities between the music industry and bounty hunting and 3) why collaboration is so important. For more information, including the show notes check out https://breachsense.io/podcast
31 minutes | 3 months ago
29 - Katie Moussouris & Running Bug Bounties
  This week Katie Moussouris hangs out to talk about both the advantages as well as challenges in running bug bounty programs. My 3 main takeaways were when companies should choose a bounty as opposed to a pen test, where a company should be at operationally before launching a program and how companies should prepare before launching their bug bounty program. For more information, including the show notes check out https://breachsense.io/podcast
31 minutes | 3 months ago
28 - STÖK and Hunting Bug Bounties
This week STÖK joins us to talk about how he approaches bug bounties. My 3 main takeaways were why you should specialize in a couple of specific bug types. Why you should constantly scan a multitude of bounty programs and why you should hack with a team. For more information, including the show notes check out https://breachsense.io/podcast
29 minutes | 4 months ago
27 - Joona Hoikkala and Advanced FFuF Scanning
This week Joona Hoikkala joins us to talk about some of the advanced features of ffuf. My 3 main takeaways were why you should use a VPS for running scans and how to integrate an external ffuf scan into your local Burp instance. Why you should use filters instead of the default pattern matcher to remove false positives as well as what cool functionality he's working on to enhance ffuf's capabilities. For more information, including the show notes check out https://breachsense.io/podcast
20 minutes | 4 months ago
26 - James Kettle and Becoming a Security Researcher
This week James Kettle joins the show to talk about the methodology he uses to find really novel widespread vulnerabilities that break the internet. My 3 main takeaways were what techniques he uses to decide what research topics are worth pursuing. Second, what behavior traits are needed to become a successful security researcher and third why the HTTPOnly cookie flag is useless and a complete joke. For more information, including the show notes check out https://breachsense.io/podcast
30 minutes | 4 months ago
25 - Jeremiah Grossman and Asset Inventory
This week Jeremiah Grossman hangs out talk InfoSec, ransomware and asset inventory. My 3 main takeaways were how we can use metadata to corrolate assets to an entity. Second, why cyber insurance will dictate what security tests are run and third Jeremiah's 3 super powers that aren't related to Jiu-jitsu For more information, including the show notes check out https://breachsense.io/podcast
37 minutes | 4 months ago
24 - Ira Winkler & How to Stop Stupid
This week Ira Winkler joins the show to talk about social engineering & protecting your network against the human element. My 3 main takeaways were how we need to integrate lessons from industrial safety programs into our security policies. Second, what procedures Twitter should've had in place to prevent their recent hack against high profile users as well as what the most important skill for social engineering is. For more information, including the show notes check out https://breachsense.io/podcast
45 minutes | 5 months ago
23 - Samy Kamkar & Reverse Engineering
This week Samy Kamkar hung out to talk about some of his adventures creating worms and zombie drone armies with a focus on his process for reverse engineering both software and hardware. My three main takeaways were how he created cheats on Counter-Strike, how he created one of the fasting spreading viruses of all time and why he finds the physical access control problem interesting. For more information, including the show notes check out https://breachsense.io/podcast
30 minutes | 5 months ago
22 - Chris Kubecka & Hacking the World with OSINT
This week Chris Kubecka joins the show. We focused on leveraging OSINT in security research. My three main takeaways were how she used OSINT to find Boeing's dev systems. As well how she uses code search engines to find a systems running a piece of known vulnerable code and why its worthwhile doing security research out of the Netherlands when your target likes to sue you into silence.
COMPANY
About us Careers Stitcher Blog Help
AFFILIATES
Partner Portal Advertisers Podswag
Privacy Policy Terms of Service Do Not Sell My Personal Information
© Stitcher 2020