Skip to main content
Spotify for Podcasters
Layer 8 Podcast

Layer 8 Podcast

By Layer 8 Conference

Welcome to the Layer 8 Podcast season 3! This season we’ll have conversations with social engineers and OSINT investigators who will tell their stories. We hope you enjoy them.
Available on
Apple Podcasts Logo
Castbox Logo
Google Podcasts Logo
Overcast Logo
Pocket Casts Logo
RadioPublic Logo
Spotify Logo
Stitcher Logo
Currently playing episode

Episode 70: The OSINT Dojo with Sinwindie

Layer 8 PodcastAug 02, 2021

00:00
43:47
Episode 97: Charles Shirer - BSDBandit Talks OSINT!

Episode 97: Charles Shirer - BSDBandit Talks OSINT!

Charles Shirer, aka @BSDBandit is the part of the internet that exudes positivity and happiness. He frequently posts happy and affirming messages for people to enjoy. He's also a self-taught OSINT expert. In this episode, he'll explain how he learned OSINT, projects he took on and give suggestions and advice for others who might look to follow in his path. 
Sep 19, 202247:15
Episode 96: Dr. Abbie Maroño - The Science of Social Engineering

Episode 96: Dr. Abbie Maroño - The Science of Social Engineering

Dr. Abbie Maroño is the Director of Education at Social Engineer, LLC. She earned her PhD in Behaviour Analysis from Lancaster University in the UK. In this episode, we talk about human lie detection and that everything we learned on Lie to Me might be a lie! How can we discern good scientific information from bad, so we can learn the skills of social engineering and Dr. Maroño also talks about her own new podcast where she goes into the detail of the science and research behind many social engineering topics! 
Sep 12, 202237:37
Episode 95: Intel Inquirer - Using Dating Apps and Exercise Apps from an OSINT Perspective

Episode 95: Intel Inquirer - Using Dating Apps and Exercise Apps from an OSINT Perspective

Venessa Ninovic is @Intel_Inquirer on Twitter and frequently posts her findings and research at https://intel-inquirer.medium.com/ She has been on the OSINT Curious podcast and presented at the 2022 SANS OSINT Summit. In this episode, she tells us how much OSINT one can find just in dating apps. She explains how some military members failed so badly at OpSec that they were forced to delete their social media applications and she digs into the exercise app Strava. Strava can reveal quite a bit about the person exercising, even as much as where they live! 
Sep 05, 202244:28
Episode 94: Alan Neilan - The Phishing Kit Hunter

Episode 94: Alan Neilan - The Phishing Kit Hunter

Alan Neilan is a security analyst who searches for phishing kits in his spare time, using x0rz's Phishing Catcher. Alan often tweets out his work at @aneilan and he also posts his findings under the title "Crap I Found on the Internet" on his blog at aneilan.github.io. In this episode, Alan talks about how he uses certificate transparency certstreams to feed the analysis tool and tells some of his experiences with reporting the kits he's found.
Aug 29, 202229:53
Episode 93: The Gumshoo - Tales of a PI in OSINT

Episode 93: The Gumshoo - Tales of a PI in OSINT

John TerBush, known as TheGumshoo on Twitter joins us to talk about his previous life as a private investigator and how he merged into the information security world. He, like so many others, was doing OSINT before we called it OSINT and he describes some of the locations and techniques. John is also a founding member of OSINT Curious and a course developer/instructor for the SANS SEC 487 and SEC 587 OSINT courses. He is also a threat researcher for Recorded Future. John has some great advice for getting started in the OSINT world and some fun stories of life on the job.
Aug 22, 202246:51
Episode 92: Dalin McClellan - SE'd Into a Highly Secure Building...How?!?

Episode 92: Dalin McClellan - SE'd Into a Highly Secure Building...How?!?

On this episode, we speak with Dalin McClellan, a penetration tester and social engineer for NetSPI. The idea for this episode came from a blog post that Dalin wrote here: Not Your Average Bug Bounty: How an Email, a Shirt and a Sticker Compromised a High Security Datacenter. Dalin explains the preparation necessary for an on site physical penetration test when the location is highly secured with barbed wire fencing, human guards 24x7, retinal scanners and mantraps. Sometimes very simple solutions can be used to bypass highly technical controls. Just ask. 
Aug 15, 202247:12
Episode 91: Sylvain Hajri - What Can You Do With An Email Address?

Episode 91: Sylvain Hajri - What Can You Do With An Email Address?

Sylvain Hajri, aka Navlys_ on Twitter created Epieos.com a freemium site that lets you perform passive OSINT with just an email address. Sylvain wears an incredible number of hats as the creator of not just Epieos but also MyOSINTJob, OSINTFr, the SpyingChallenge and is also an organizer of LeHack in France and also the OSINTVillage.  In this episode, Sylvain has great advice on how to use passive OSINT, on how he created his company and whether people should focus on tools and learn python to get better at OSINT, plus even more!
Aug 08, 202247:36
Episode 90: The Next Generation of Phishing Attack Vectors

Episode 90: The Next Generation of Phishing Attack Vectors

When we think of phishing attacks, we immediately think of email. In this episode, Chris Cleveland, the Founder and CEO of Pixm Security walks us through a massive phishing attack that his company discovered. In this attack, millions of Facebook credentials were stolen using multiple layers of trusted environments. Have you ever gotten contacted by a friend in Facebook messenger with a link to check out a funny video? After this episode, you might be a little more careful with those.  If you want to read the blog post that we discuss: https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/
Aug 01, 202230:56
Episode 89: The Fake PhD Investigator

Episode 89: The Fake PhD Investigator

People claim degrees and credentials that they haven't earned. This could be for a number of reasons, whether professional or personal. In this episode, we speak with the Fake PhD Investigator, a person who uses OSINT to determine whether the doctorate degree that someone claims, has actually been conferred on them. This episode goes through the methodology, some stories and some of the reasons that someone might claim to have earned a doctorate degree when they actually have not.  You can find the Fake PhD Investigator on twitter at FakePhD_reveal. 
Jul 25, 202240:57
Episode 88: Jason Downey - The Legend of...Triforce?

Episode 88: Jason Downey - The Legend of...Triforce?

Jason Downey is a penetration testing security consultant with Red Siege and is known as HackAndBackpack on Twitter. In this episode, we talked with Jason about phishing, vishing and on-site physical social engineering engagements. He talked about some of the tools he uses, some of his successes and some campaigns that might not have gone exactly to plan. Plus, find out how the Legend of Zelda's Triforce can help people understand a path into this industry.  More information about Jason can be found on his web site, https://hackandbackpack.com 
Jul 18, 202247:56
Episode 87: Steven Harris, aka NixIntel

Episode 87: Steven Harris, aka NixIntel

We talk with Steven Harris, aka @nixintel who is an Executive Board Member with @OSINTCurious and is currently employed by Qomplx to perform investigations. He also teaches SEC 487 for SANS. In this episode, we walk through some of the Quiztime investigations that he did on his web site (https://nixintel.info) and another where he was able to figure out exactly who was plagiarizing his content. Steven gives great advice for people starting out, what they should focus on and the value of learning Python.
Jul 11, 202259:35
Episode 86: Griffin Glynn, the Hatless1der!

Episode 86: Griffin Glynn, the Hatless1der!

Griffin is also known online as @hatless1der. You can find his tips and blog articles at hatless1der.com and at the Ultimate OSINT Collection. Griffin is also a part of the National Child Protection Task Force (NCPTF) where he is a speaker at their conference. He also speaks at the ConINT conference. In this episode, Griffin discusses how to do OSINT investigations that require pivoting off data, how to find people who really don't want to be found, and some great ways to get started in the field of OSINT, plus a whole lot more! 
Jul 04, 202246:56
Episode 85: Josten Peña - Using Bias in Social Engineering

Episode 85: Josten Peña - Using Bias in Social Engineering

Josten Peña is a Human Risk Analyst at Social Engineer, LLC. Josten performs risk testing with contracted company employees via phone calls and email. In this episode, Josten focuses on various shortcuts our brains use, commonly known as biases, that can help in some situation, but can also be detrimental in others. Josten describes these biases and how a social engineer might use them to achieve the desired goals.
Jun 27, 202240:29
Episode 85: Erich Kron - Phishing As A Service

Episode 85: Erich Kron - Phishing As A Service

In this episode, we talk with Erich Kron from KnowBe4. We go into a number of topics, but mainly focus on phishing. Erich talks about phishing as a service, ransomware as a service and gives recommendations on how to best perform your own phishing engagements within your company. 
Jun 20, 202246:58
Episode 84: Oliver Lebhardt - Digital Fingerprinting with Complytron

Episode 84: Oliver Lebhardt - Digital Fingerprinting with Complytron

Oliver Lebhardt is the creator and CEO of Complytron, a tool used for OSINT investigations to determine if seemingly unrelated websites are actually related. In addition, Complytron has data about politically-exposed people (PEP), people who have been sanctioned and who are on government watchlists. The data can be heavily used in anti-money laundering situations, but is also valuable for human intelligence. Oliver's background is in investigative journalism and has paired his investigatory skills with code developers who have built this powerful database that offers free trials. He originally created the Source Code Leak Project which received funding from Google's Digital News Innovation Fund in 2019. 
Jun 13, 202236:57
Episode 83: Chris Russell - The Military's Human Lie Detector

Episode 83: Chris Russell - The Military's Human Lie Detector

Chris Russell, the CISO of tZero, is @cr00ster on twitter and https://github.com/cr00ster, joins us today to talk about his experience in the military and how he obtained intelligence during the Iraq War. Chris talks about some of the techniques used to help determine when people were telling the truth and when some might have just been looking for a payday. He also talks about his biggest social engineering concern from a CISO's perspective, and why we should focus on treating developers well. 
Jun 06, 202241:48
Episode 82: Lock Down Your Life!

Episode 82: Lock Down Your Life!

Known online as @LockDownUrLife, we talk about how she helps people who have been a victim of online scams and harassment. She also talks about ways we can protect our own privacy, and what you can do when you are threatened or harassed. Her web site with a lot more information can be found at https://LockDownYourLife.com
May 30, 202245:28
Episode 81: Andrew Lemon - Just Walk Right In!

Episode 81: Andrew Lemon - Just Walk Right In!

Our guest this week is Andrew Lemon, who often just goes by "Lemon." You can find Lemon on Twitter as @LemonItUp or on his YouTube channel with original hacking videos. In this episode, we discuss a presentation he gave at the 2021 Armed Forces Communications and Electronics Association conference titled "A Social Engineer's Toolkit". He had some fun physical social engineering stories on ways he gets into facilities, on how he tries to get caught and even a story about why one of his engagements didn't go to plan. 
May 23, 202247:23
Episode 80: Rosa Rowles - Goin' Vishing!

Episode 80: Rosa Rowles - Goin' Vishing!

Rosa (@Rosa_Rowles) is a social engineer working with Social Engineer, LLC. She has an interesting story that includes moving from Spain to England to the US all at a young age. She was a billing coordinator for a hotel before she moved into social engineering. In this episode, she discusses how she uses various principles of influence to evaluate the security posture of her clients. She gives advice on how to build rapport in mere seconds and how to get into the social engineering field without any background in information technology.
May 16, 202248:17
Episode 79: Jack Rhysider - Darknet Diaries

Episode 79: Jack Rhysider - Darknet Diaries

For this episode, we step away from discussing social engineering and OSINT directly and talk with Jack Rhysider. Jack is the creator and host of the hugely popular podcast, Darknet Diaries. Jack talks about and interviews people about "true stories from the dark side of the internet." Jack discusses how he does it, how he finds his guests, how much work goes into creating his biweekly podcast and more.  Jack Rhysider is a veteran to the security world. He gained his professional knowledge of security by working in a Security Operations Center for a Fortune 500 company, a place to where threats are detected and stopped. During that time he was exposed to hundreds of client’s networks ranging from schools, to government, to banks, and commercial organizations.
May 09, 202236:47
Episode 78: Christine Talley - Contact Exploitation

Episode 78: Christine Talley - Contact Exploitation

Content Warning: This episode includes discussion of human trafficking and exploitation. Christine Talley, aka @AthenasOwl_97 joins us to talk about her work as an analyst with the anti-human trafficking task force in California. She talks about how she got started with OSINT after changing careers, tells us one instance where she got to use her former career during a law enforcement engagement and also tells us about contact exploitation. This is a method where she often can begin or continue to follow an OSINT trail with just one small piece of information. Her investigations often have a focus in social media intelligence, or SOCMINT. Christine also recently gave a presentation at the SANS OSINT Summit on April 7, 2022 titled "I Know You: Contact Exploitation in SOCMINT Investigations."  Christine Talley works human trafficking investigations as the analyst for a county-wide task force in California. She is Crime & Intelligence Analysis and GIAC Open Source Intelligence Certified.
May 02, 202253:23
Episode 77: Lorand Bodo - Using OSINT to Find Extremists

Episode 77: Lorand Bodo - Using OSINT to Find Extremists

For this episode, we talked with Lorand Bodo, one of the creators of OSINT Curious. Lorand talks with us about how he recommends people get started with OSINT, what OSINT is and then takes us through some stories about how he tracks jihadists and extremists. He also tells us about his role with OSINT Curious and the webcasts and streaming events that he puts on with them. Lorand also has a weekly updated list of curated tweets from extremists on his web site, lorandbodo.com
Sep 20, 202148:19
Episode 76: Alethe Denis - Creating Pretexts for Social Engineering

Episode 76: Alethe Denis - Creating Pretexts for Social Engineering

Alethe Denis is an amazing accomplished social engineer. She won the Social Engineering Capture the Flag competition at Defcon 27. She was part of a team that won a Trace Labs OSINT Capture the Flag competition. She will again be a judge at the Collegiate Social Engineering competition. She created the Defcon 209 chapter in California, and is the original ambassador to the Innocent Lives Foundation. In this episode, Alethe takes us through her pretext preparation for Defcon and how she creates pretexts for social engineering. She breaks down some of the principles of persuasion that she talks about in her presentation "Phishy Little Liars" and lets us in on an attempted financial scam against her that she exposed. 
Sep 13, 202101:00:27
Episode 75: Rae Baker - Maritime OSINT, Breaking In and OSINT Competitions

Episode 75: Rae Baker - Maritime OSINT, Breaking In and OSINT Competitions

For this episode, we get to speak with Rae Baker, also known as Wondersmith_Rae on Twitter. Rae changed careers a few years ago from a graphic designer to the world of OSINT. Along the way, she has competed in and won OSINT competitions, given presentations at BSides, ShmooCon and most recently, Defcon's Recon Village. She has some great advice for how to get into the field and also how to succeed in an OSINT Capture the Flag competition. Rae is on the executive board of OSINT Curious and is also a volunteer with the Innocent Lives Foundation.
Sep 06, 202138:59
Episode 74: Robin Dreeke - Social Engineering Tradecraft

Episode 74: Robin Dreeke - Social Engineering Tradecraft

TW: Brief discussion of sexual assault/abuse. For this episode, we got to speak with Robin Dreeke, a 29 year veteran of federal service, including the US Naval Academy, US Marine Corps and the head of the FBI's Counterintelligence Behavioral Analysis Program. Robin owns https://peopleformula.com where he offers skills, newsletters, training classes and his books. In this conversation, we reference his books as we talk about building rapport and Robin's five basic principles of trust: 1) Suspend Your Ego, 2) Be Nonjudgemental, 3) Validate Others, 4) Honor Reason, 5) Be Generous.  Robin's books discussed in the episode are:  It's Not All About "Me" Sizing People Up Code of Trust When we discuss validation, we referenced a video on YouTube that demonstrates the concept titled "It's Not About the Nail".
Aug 30, 202149:01
Episode 73: Vishing with Curt Klump

Episode 73: Vishing with Curt Klump

For this episode, we talk voice phishing, or vishing, with Curt Klump. Curt is a hacker with Social Engineer, LLC and he gets to hack people simply by calling them on the phone. We got to talk with Curt about how he went from being an actor to a social engineer, how to get started in the industry, great resources for learning, tips for particularly difficult environments and he shares stories of some of his favorite compromises and shut downs. 
Aug 23, 202139:56
Episode 72: Onderdompelen with Technisette

Episode 72: Onderdompelen with Technisette

For this episode, we are joined by Lisette Abercrombie, probably better known as Technisette. She is a Dutch OSINT investigator and one of the creators of OSINT Curious. We get to talk about her OSINT methodology, some tips and tricks and she shared two stories of her investigations. One that included the value of the color of garbage barrels in an image. We also learned the Dutch term "onderdompelen" meaning to submerge or immerse yourself. Jump in the deep end and start swimming! 
Aug 16, 202142:05
Episode 71: The Art of Attack with Maxie Reynolds

Episode 71: The Art of Attack with Maxie Reynolds

For this episode, we get to talk with Maxie Reynolds about her new book, "The Art of Attack: Attacker Mindset for Security Professionals". She talks about her four laws of attack and the skills necessary to be successful. These skills can help you as a social engineer as well as in other areas of life. Maxie is the Technical Team Lead at Social Engineer LLC where she also co-teaches the Advanced Practical Social Engineering course, co-hosts the Social Engineer Podcast, is involved with the Innocent Lives Foundation and you can find her on Instagram.
Aug 09, 202136:37
Episode 70: The OSINT Dojo with Sinwindie

Episode 70: The OSINT Dojo with Sinwindie

For this episode, we get to talk with Sinwindie. He got his start in law enforcement, learning tools of the trade in open source investigations. Eventually, Sinwindie had the idea to create the OSINT Dojo, a free online resource where people can learn the strategy and methodologies necessary to become better at OSINT investigations. Additionally, if one follows the progression through the Dojo, they'll have tangible results that can be shared with others or assist in job searches.
Aug 02, 202143:47
Episode 69: Natalia Antonova - GeoLocation Challenges and Keeping Safe Online

Episode 69: Natalia Antonova - GeoLocation Challenges and Keeping Safe Online

For this episode, we hear from Natalia Antonova, a journalist, a researcher and an OSINTer. She frequently posts on Substack at https://nataliaantonova.substack.com/ where she has given Geolocation challenges, tips for spotting a catfish, and using Google Lens, among other topics. She also posts on Twitter at @NataliaAntonova. Check out this episode for her tips on how to avoid online stalkers, why she posts photos of herself and challenges people with "Where am I?" and about learning human psychology.  And please join us for the Layer 8 Conference, happening online, October 8th. https://layer8conference.com 
Jul 26, 202151:31
Episode 68: Kate Kelley - The Photo Angel

Episode 68: Kate Kelley - The Photo Angel

In this episode, we talk with Kate Kelley, also known as The Photo Angel. Kate connects old photos with relatives of those in the photo. She uses OSINT techniques to locate the family members, often starting with little information. Kate finds the photos in antique stores and then goes to work on finding the family members. She also runs a Facebook group where she and others share stories of successful connections. The group is also named The Photo Angel. Kate was also recently featured in the Boston Globe, in an article describing her project.
Jul 19, 202120:28
Episode 67: "Lead with What Makes You Good" by Charles Hein Wroth

Episode 67: "Lead with What Makes You Good" by Charles Hein Wroth

In this episode, we speak with @AngusRedBlue, Charles Hein Wroth. Charles founded redherd.io and is a technical recruiter, but not your typical recruiter. Charles is a technical recruiter who understands the technical aspects of security, has given presentations at security conferences, regularly volunteers at conferences and also created Hack South, a South African infosec community. Charles also competes in the Trace Labs OSINT competitions. Charles tells us what he looks for in technical candidates, the value of certifications, how to get experience without having experience and his recommendations on how to make your resume stand out and catch the eye of the hiring managers. 
Jul 12, 202151:42
Episode 66: Micah Hoffman - His Origins in Infosec and in OSINT

Episode 66: Micah Hoffman - His Origins in Infosec and in OSINT

Micah Hoffman, known as WebBreacher on Twitter is a pioneer in the OSINT field. He created his own company, Spotlight Infosec, he created and teaches SANS 487: Open Source Intelligence Gathering and Analysis and also created OSINT Curious. We talked with Micah about how he got his start in infosec, how he started in OSINT and a little about Impostor Syndrome and feelings. Micah also gives advice on getting started and about OSINT strategy vs. tools. 
Jul 06, 202158:08
Episode 65: ILFest with Shane McCombs, Mandy Cox and John McCombs

Episode 65: ILFest with Shane McCombs, Mandy Cox and John McCombs

The second annual ILFest will begin at 11 am US ET on July 10th and available on Twitch.tv. In this episode, we hear from Shane, Mandy and John about what the Innocent Lives Foundation (ILF) is, the type of work that they do to unmask predators of children online and how they work with law enforcement to take these people off the streets. We'll hear about ways they raise money at ILFest including a "Sandwich of Suffering" which might be much to Chris Hadnagy's chagrin. 
Jun 28, 202146:18
Episode 64: The Sweet Old Lady and the Devil by Sam Moses

Episode 64: The Sweet Old Lady and the Devil by Sam Moses

We are joined by our good friend, Sam Moses, who generally goes by Moses. He tells us two stories of phishing and vishing engagements. He talks about the OSINT he performed and shows its value. He takes us through the ups and downs of calling people and how sometimes, no matter how prepared you are, there can still be an unforeseen curve thrown at you. He also tells us about a really nice conversation with The Sweet Old Lady and all the fun information she shared with him. Moses also gives advice on how to defend against these types of calls and how someone can get started as a social engineer! 
Jun 21, 202137:08
Episode 63: Joe Gray's Book Release - Practical Social Engineering

Episode 63: Joe Gray's Book Release - Practical Social Engineering

For this episode, we talk with Joe Gray, also known as @C_3PJoe on Twitter. His web site is https://www.theosintion.com, a destination for OSINT and social engineering training. Joe is an accomplished conference speaker and won the social engineering capture the flag competition at DerbyCon. Joe tells us about a couple of his favorite presentations and projects he has worked on, how to get started in the OSINT industry and tells us about his book Practical Social Engineering, available from No Starch Press. There is even a free chapter available for download! 
Jun 14, 202157:09
Episode 62: Jonathan Younie - Social Engineering from a CISO's Point of View

Episode 62: Jonathan Younie - Social Engineering from a CISO's Point of View

On this episode, we talked with Jonathan Younie, aka @InfosecCanuck. Younie is a CISO for a financial services firm and a social engineer. He talks with us about his experience at the recent Human Hacking Conference, and the lessons he brought back for his own company's social engineering training. Younie has also created and is a part of social engineering and OSINT professional networking groups on Clubhouse and Slack. Younie also gives us a little bit of information about the upcoming ILF Fest, being run by the Innocent Lives Foundation and the associated "Sandwich of Suffering" that could be in Chris Hadnagy's future.
Jun 07, 202134:46
Episode 61: Polarisu Solves the OSINT Challenge

Episode 61: Polarisu Solves the OSINT Challenge

On April 3, we re-shared a photo from a friend of a building and asked "Where is this?" People from literally around the world began searching, and it wasn't until the following day when Marlena von Hoffer, aka @Polarisu used her skiptracing OSINT skills to finally locate the building in the image. In this episode, Marlena tells us about the tools, techniques and strategy she used to eventually figure out the location. She also tells us a fun story of how she was able to locate someone using only incomplete information.  The original image that we were searching for can be found here: https://twitter.com/Layer8Con/status/1378372070153785346
May 31, 202137:38
Episode 60: Breaking Into Buildings with Crystal

Episode 60: Breaking Into Buildings with Crystal

For this episode, Crystal aka UnluckyNum7 joins us to talk about her methods and strategy for bypassing security controls to access buildings. She talks about what she did when faced with locked doors during an upstate New York winter, or when the elevator required a valid badge to get to floors and what she came up with when someone asked what she will bring to the company holiday party. All this and more in today's fun episode! 
May 24, 202127:39
Episode 59: Twig - Identifying Locks and Vishing Her Targets

Episode 59: Twig - Identifying Locks and Vishing Her Targets

For this episode, we welcome our friend Twig. Twig is a member of IBM’s X-Force Red and a social engineer. She tells us about a lock identification tool that she created and presented at Shellcon. She also takes us through a vishing engagement and the various strategies that she uses.
May 17, 202120:59
Episode 58: Siobhan Kelleher - "Be Stubborn and Want to Learn"

Episode 58: Siobhan Kelleher - "Be Stubborn and Want to Learn"

For this episode, we're joined by Siobhan Kelleher, also known as @Secure_Coffee. Siobhan's day job is in higher ed but she got introduced to OSINT by joining in to a Trace Labs Capture the Flag competition at the 2019 Layer 8 Conference. She has worked in sales, so she's also always had a knack for social engineering, plus it appears to run in her family. Let's hear from Siobhan about the strategies and many tools that she has learned to use during her OSINT investigations. 
May 10, 202122:57
Episode 57: Collegiate Social Engineering Capture the Flag Organizing Team

Episode 57: Collegiate Social Engineering Capture the Flag Organizing Team

The main organizers of the Collegiate SECTF include Temple University's CARE Lab of Professor Aunshul Rege, Rachel Bleiman and Katorah Williams, plus Patrick Laverty from Layer 8 Conference. In this episode, the team discusses the origins of the SECTF, how it works, who can compete, as well as the impressions of the competition by graduate students Rachel and Katorah. If you are a college student and would like to compete in this tournament, this is a can't miss episode!
May 03, 202101:04:16
Episode 56: Michele Stuart - Evolution of OSINT Tools and Talking Her Way Into a Super Bowl Party

Episode 56: Michele Stuart - Evolution of OSINT Tools and Talking Her Way Into a Super Bowl Party

For this episode, we speak with Michele Stuart of JAG Investigations. Michele is a social engineer and OSINT investigator. She also offers training on her strategies and techniques. Michele tells us about the OSINT tools that she used when she first got started in the field, which was before searching on the internet became common. She also tells us how she talked her way into a Super Bowl party and also ended up selling raffle tickets at a holiday party!
Apr 26, 202143:10
Episode 55: Magic and Social Engineering with Lee Anderson, Richard Davy and Chris Kirsch

Episode 55: Magic and Social Engineering with Lee Anderson, Richard Davy and Chris Kirsch

For this episode, we speak with three social engineers who are also hobbyists in the art of magic. Magic is often about deception, distraction and sleight of hand techniques. We'll talk with Lee, Richard and Chris about how they got started learning these techniques, as well as some of the psychology needed to make people believe the tricks and find the overlaps with social engineering. 
Apr 19, 202101:07:43
Episode 54: Searching the Dark Net with Levitannin

Episode 54: Searching the Dark Net with Levitannin

What is the dark net, the dark web, the clear web and the differences between them? For this episode, we'll hear some fun stories from Levitannin, an OSINT researcher and Innocent Lives Foundation volunteer. Are Red Rooms real? And what are some of the places to look for some of the rumored illicit information that is on these layers of the internet? Join Levi today and find out all this, plus even more! And you can also join Levi for the Innocent Lives Foundation gamer streams on Twitch!  If you enjoyed this episode or any others here, please donate to the Innocent Lives Foundation. 
Apr 12, 202136:26
Episode 53: Collegiate SECTF with Ragnhild "Bridget" Sageng, Prof. Aunshul Rege and TinkerSec

Episode 53: Collegiate SECTF with Ragnhild "Bridget" Sageng, Prof. Aunshul Rege and TinkerSec

From October 2nd to 4th, six teams competed in the first ever Collegiate Social Engineering Capture the Flag competition at Temple University. They were tested on their ability to perform OSINT, create a phishing email and even make phone calls to gain information. This episode speaks with the creator of the competition, Professor Aunshul Rege and the winner of the competition, a one-woman team from Noroff University College in Norway, Ragnhild "Bridget" Sageng. We also have one of the judges with us, our long time friend and all around great person, TinkerSec! Stay tuned for announcements about the second annual competition, coming soon!
Apr 05, 202101:29:16
Episode 52: Tokyo_v2 - Anonymous Reviews Might Not Be So Anonymous

Episode 52: Tokyo_v2 - Anonymous Reviews Might Not Be So Anonymous

For this episode, we welcome our friend Tokyo. Tokyo is a member of Team Searchlight community, and is the author of many blog posts on OSINT investigations. Today, Tokyo shows us the steps, methodology and tools that can be used to trace a single online review all the way to the person who left it. 
Mar 29, 202112:40
Episode 51: Stefanie LaHart - The Defcon Social Engineering Capture the Flag Experience

Episode 51: Stefanie LaHart - The Defcon Social Engineering Capture the Flag Experience

For this episode, we hear from Stefanie LaHart. Stefanie is an expert social media strategist and podcaster who has competed in the Defcon social engineering capture the flag competition twice! She tells us how she got into the competition as someone who was unfamiliar with the terms social engineering and OSINT, showed up to the competition without much of a strategy and figured it out on the spot. She also tells us about what happened when a person from her competition target was in the audience, listening to her vishing calls. This summer, Stefanie has a book being released, she has a class on safe online dating for women as well as many social media tips, tricks and strategies. You can find all of this and more at http://StefanieLahart.com.
Mar 22, 202148:01
Episode 50: BOsintBlanc - Let's Talk Methodology

Episode 50: BOsintBlanc - Let's Talk Methodology

For this episode, we welcome BOsintBlanc. He loves to use OSINT tools and loves to help others with their OSINT skills. But there's one thing that he'd love to see everyone do before using tools. That is to develop a solid methodology and mindset around the OSINT process. In this episode, he talks about how he got started in OSINT and other tips and tricks to refining your own methodology. Also, he asks that you consider making a donation to the National Child Protection Task Force, where he volunteers. 
Mar 15, 202121:11
Episode 49: Nicole Beckwith - Going Undercover for Roses and the PornHub Interview

Episode 49: Nicole Beckwith - Going Undercover for Roses and the PornHub Interview

For this episode, we welcome Nicole Beckwith. Nicole is a Staff Cyber Intel Analyst with GE Aviation. She previously worked in law enforcement and was tasked with going undercover into the world of sex work. She played the role of a sex worker and explains all the background and research that went into it, learning the language, the acronyms, the signal words and ways to protect herself in the job. She also tells a second story of a night when one unsuspecting person crossed paths with Nicole and other social engineers and inadvertently began an interview for PornHub. 
Mar 08, 202128:60
Episode 48: Phillip Wylie - Pwn School, Pentester Blueprint, and Wrestling a Bear!

Episode 48: Phillip Wylie - Pwn School, Pentester Blueprint, and Wrestling a Bear!

In this episode, we talk with Phillip Wylie. Phillip is a former professional wrestler turned hacker and now teacher, and an ambassador to the Innocent Lives Foundation. Please donate today on Phillip's page! Phillip works as an offensive security instructor for INE, he created the Pwn School, co-authored The Pentester's Blueprint with Kim Crawley which he also turned into a conference presentation, and also co-hosts the podcast The Uncommon Journey with Alyssa Miller and Chloe Messdaghi. Phillip tells the lessons he imparts on his students, getting into pentesting as well as the crossover of social engineering into his professions in jewelry sales and professional wrestling. Oh, and did you hear he wrestled a bear?
Mar 01, 202145:13
Episode 47: Deviant Ollam - The Covert Entry Specialist

Episode 47: Deviant Ollam - The Covert Entry Specialist

For this episode, we speak with @DeviantOllam who runs both the Core Group and Red Team Alliance. Deviant is also the author of two books, Practical Lock Picking: A Physical Penetration Tester's Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks. Today, Deviant tells us three stories of covert entry, including much of his strategy, tips, techniques and the social engineering that goes into an engagement. He also tells us of the most difficult building he has ever had to enter and what made it so difficult for him.
Feb 22, 202141:55
Episode 46: Ryan MacDougall and Curt Klump - Using OSINT to Get the Win!

Episode 46: Ryan MacDougall and Curt Klump - Using OSINT to Get the Win!

For this episode, we talk with Ryan MacDougall, the Chief Operating Officer at Social-Engineer.org and Curt Klump, a Human Risk Analyst, also at Social-Engineer.org. They tell two stories of using OSINT during social engineering engagements. In Ryan's, he shows how sometimes no matter how deep you dig, it might not be enough. In Curt's story, he tells us about ways that he was able to use OSINT to find a ghost.  Curt and Ryan also join us to talk about the upcoming Human Hacking Conference on March 11th to 13th, 2021. If you sign up now, use the Promo Code L8HHC100 to get $100 off your registration price! 
Feb 15, 202116:26
Episode 45: Zlata Pavlova - Доверяй, но проверяй

Episode 45: Zlata Pavlova - Доверяй, но проверяй

Доверяй, но проверяй - Doveryai, No Proveryai (Trust, but verify) For this episode, we welcome Zlata Pavlova aka @3latka_ on Twitter. By day, Zlata works with InGuardians but she is also working with OSINT and social engineering. Zlata speaks multiple languages which is a big asset with the type of OSINT she does. Today, she walks us through the steps that a hacker took to take control of a celebrity's Instagram account.
Feb 08, 202126:26
Episode 44: Jon Nichols and John Kirbow - PsyOps and Disinformation Campaigns

Episode 44: Jon Nichols and John Kirbow - PsyOps and Disinformation Campaigns

For this episode, we talk with Jon Nichols, aka @WVUAlphaSoldier and @JohnKirbow, two men trained by the US military in psychological operations and disinformation. We talk with them about current disinformation campaigns, where they come from, how they work and how people can start to understand each other again. 
Feb 01, 202101:08:46
Episode 43: Benjamin Strick - OSINT Takedown of West Papua Disinformation

Episode 43: Benjamin Strick - OSINT Takedown of West Papua Disinformation

For this episode, we welcome Benjamin Strick, also known as BenDoBrown on Twitter. Ben tells us of an investigation that he published for Bellingcat where he was seeing contrasting information coming from Indonesia during a genocidal event. He began digging in, starting with a Twitter timeline that was publishing videos and eventually got to the source, but not without experiencing death threats for his work along the way.  You can find Ben's writeups here: https://www.bellingcat.com/news/rest-of-world/2019/10/11/investigating-information-operations-in-west-papua-a-digital-forensic-case-study-of-cross-platform-network-analysis/ and here: https://www.bellingcat.com/news/2020/11/11/west-papua-new-online-influence-operation-attempts-to-sway-independence-debate/
Jan 25, 202121:21
Episode 42: Edward Miro - Social Rideshare Experience and Hacking Your Own Brain

Episode 42: Edward Miro - Social Rideshare Experience and Hacking Your Own Brain

We welcome Edward Miro to this week's episode. You can find his work on YouTube at https://www.youtube.com/MiroLabs or his own site, https://mirolabs.info. In this episode, Edward walks us through his start in the field as he gave a presentation in the Defcon Social Engineering Village to hundreds of attendees, and he talks about social tips he learned as a rideshare driver and also tells us how we can hack our own brain. 
Jan 18, 202130:35
Episode 41: Leon Johnson and Shane Young - Pwning the Check Casher

Episode 41: Leon Johnson and Shane Young - Pwning the Check Casher

Two expert social engineers, Leon (“sho_luv“) Johnson and Shane (“t1d3nio“) Young are assigned to infiltrate a financial institution. In this episode, they tell us how they went on the roof, to the basement, got into the safe and even got some valuable shirts for themselves.
Jan 11, 202133:40
Episode 40: Hakeem Thomas - The Unredaction Expert

Episode 40: Hakeem Thomas - The Unredaction Expert

Hakeem Thomas tells us about his start in OSINT, beginning with a Capture the Flag competition where he got a simple, helpful tip that led him in a career direction. He also became the expert at being able to unredact a great deal of hidden information in documents, some of which he'll share with us. You can find Hakeem on Twitter at @S6Vet_Infosec
Jan 04, 202114:31
Episode 39: Jenny Radcliffe - The Cat and the Cake (and the Open Window)

Episode 39: Jenny Radcliffe - The Cat and the Cake (and the Open Window)

We get to talk with social engineer and fellow podcaster Jenny Radcliffe as she tells us a couple great stories. The first story is one that she has never told before, and the second one is what she did when on an SE job and faced with a birthday cake, a cat, and an open window. You can see Jenny's work and check out her podcast at https://humanfactorsecurity.co.uk
Dec 28, 202020:14
Episode 38: Tigran Terpandjian - The Experience Catch-22

Episode 38: Tigran Terpandjian - The Experience Catch-22

We have Tigran Terpandjian, also known as Th3CyF0x talking to us about how he also faced the common Catch-22 of needing experience to get a job, but how do you get the experience without a job. He talks about the strategies that he used and gives tips on things others than try too. You can also ask Tigran about his love of foxes and ramen! 
Dec 21, 202017:47
Episode 37: Billy and Vache - Flair Bartending and SE

Episode 37: Billy and Vache - Flair Bartending and SE

This is an interview episode with Billy (@fuzzy_logic) Boatright and Vache (@flying.v) Manoukian. These guys are social engineers and flair bartenders. During this interview, Billy and Vache talk about how quickly the build rapport and some of the tips and tricks they have for winning people over quickly. 
Dec 14, 202037:10
Episode 36: Inês Narciso - Teamwork Makes Dreamwork

Episode 36: Inês Narciso - Teamwork Makes Dreamwork

Our friend, Inês Narciso talks about how to best use multi-disciplinary teams to be most efficient during OSINT and social engineering investigations. She talks about bringing together specialists to create teams that will better get the needed information.  You can find Ines on Twitter at @IWN_LX and she also presented at the Layer 8 Conference in 2020 on OSINT’s Role Tackling Disinformation In Portuguese Elections 
Dec 07, 202020:05
Episode 35: Joshua Richards - Buying/Selling Body Parts on the Dark Web

Episode 35: Joshua Richards - Buying/Selling Body Parts on the Dark Web

Joshua Richards, is also known as AccessOSINT on twitter and can be found as an administrator on the Searchlight Discord server. Josh was doing a little searching on the dark web one day and found someone looking to sell human body organs. In this episode, he tells us how he used OSINT to discover the identity of the person, and hand that information off to law enforcement officials.  You can read Josh's blog at https://accessosint.com/
Nov 30, 202023:21
Episode 34: Shelby Dacko - ScaryLilHuman in the Trash Chute

Episode 34: Shelby Dacko - ScaryLilHuman in the Trash Chute

For this episode, Shelby Dacko, also known as @ScaryLilHuman tells us how she got started as a social engineer, and also about one engagement where the team was running into roadblocks. That is, until they discovered one path into the server room was through a very narrow trash chute that only a small person could fit through. Shelby fit the bill.  Catch Shelby teaching a course on vishing at the Human Hacking Conference from March 11th to 13th. 
Nov 23, 202011:19
Episode 33: MangoPDF - The "Don't Get Arrested Challenge"

Episode 33: MangoPDF - The "Don't Get Arrested Challenge"

MangoPDF, also known as Alex Hope is from Australia. One day, a friend asked him what information can he get from a simple boarding pass. With this, the "Don't Get Arrested" challenge began. What information can one person get from a boarding pass, what kind of legal trouble might it lead to and who might even call your phone. All things Alex found out!  You can follow along with Alex's story on his blog at The Mango.PDF.Zone! 
Nov 16, 202036:18
Episode 32: Marina Ciavatta - Tropical Spy: Stories And Tricks From Social Engineering

Episode 32: Marina Ciavatta - Tropical Spy: Stories And Tricks From Social Engineering

Here is Marina's presentation from the Layer 8 Conference. She did not want the video released but allowed for the audio. 
Jun 29, 202043:14
Episode 31: Joe Gray - His Origins and a Phish

Episode 31: Joe Gray - His Origins and a Phish

For this episode, we welcome Joe Gray, a senior OSINT specialist at QOMPLX, a frequent public speaker at conferences and trainer of OSINT and social engineering. Joe joins us to tell us how he got into the field and how he got to where he is today. He also tells a second story about a particular phishing engagement where a senior manager built him up as someone who was unstoppable. But was he? Let him tell you how that went.
Jun 29, 202022:59
Episode 30: Brent White and Tim Roberts

Episode 30: Brent White and Tim Roberts

For this episode, we veer off course again. This time, to talk with Brent White and Tim Roberts from NTT Security and their own site wehackpeople.com. One day, Brent asked on twitter what types of things people would want to know about social engineering and he got some great questions. I asked and he and Tim agreed to answer those questions on this podcast. Let’s hear their answers now.
Jun 22, 202051:58
Episode 29: Social Engineers from Rapid7

Episode 29: Social Engineers from Rapid7

For this episode, we talk with three expert social engineers from Rapid7. Leon Johnson, Aaron Herndon and Jonathan Stines will tell us about some of the best security they’ve seen, some of the worst, some of the tools they carry on an engagement and how they sleep at night, knowing it is their job to trick people.
Jun 15, 202057:34
Episode 28: Josh (@Baywolf88) Huff

Episode 28: Josh (@Baywolf88) Huff

For this episode, we welcome Josh Huff, but you might know him as BayWolf88 on Twitter. He is a member of the OSINTCurious Advisory board and runs the web site LearnAllTheThings.net. In his experience doing digital forensics, he learned how to best frame information for those who hired him, which also helps with his OSINT investigations. Plus, he talks about how he dabbles in social engineering! 
Jun 01, 202016:31
Episode 27: TrustedSec Social Engineers Ask Me Anything

Episode 27: TrustedSec Social Engineers Ask Me Anything

For this episode, we have another Ask Me Anything treat for you. Today’s guests are four social engineers from TrustedSec. We’ll hear from David Boyd, Paul Koblitz, Scot Berner and Jason Lang. Let's talk about their favorite engagements, some times when things went well, and some engagements that didn’t go so well and how they handle the situation when an engagement goes upside down. We’ll hear of one time when a medical procedure almost went too far and plus some resources on how to get started in social engineering.
May 25, 202056:04
Episode 26: Krittika Lalwaney - One Woman's Domination in a Male Dominated Field

Episode 26: Krittika Lalwaney - One Woman's Domination in a Male Dominated Field

For this episode, we welcome Krittika Lalwaney. Krittika is a red teamer on the offensive security team for Capital One. She is a social engineering capture the flag black badge winner at DerbyCon in 2018. She takes us through her career path, where she started, which was not in IT, to eventually joining a SOC, catching a red teamer due to her awareness, all the way to her successes of today. This is a story of one woman’s domination in a male dominated field. Take it away Krittika!
May 18, 202023:12
Episode 25: Tracy Z. Maleeff, a.k.a. The InfoSecSherpa

Episode 25: Tracy Z. Maleeff, a.k.a. The InfoSecSherpa

For this episode, we welcome Tracy Z. Maleeff, also known as InfosecSherpa. He has a blog set up at medium.com/@infosecsherpa and a newsletter at nuzzel.com/infosecsherpa. Tracy harkens us back to her presentation from Layer 8 Conference last year titled Lawyers, Guns and Money where she showed us great sources of OSINT research. Today, she gives us even more sources to search and explains how at the heart of it, security is a people problem so let’s also focus on interpersonal communications.
May 11, 202053:28
Episode 24: OSINT AMA with Noneprivacy and Ding0snax

Episode 24: OSINT AMA with Noneprivacy and Ding0snax

For this episode, we break our format again and interview two OSINT experts, Francesco Poldi and Jason Edison. Also known as @NonePrivacy and @Ding0snax on Twitter. These two are commonly found sharing information on the https://osint.team server. In this “Ask Me Anything” find out their thoughts on an OSINT mindset, some investigations they have dug in to, what gets them excited and how you can also be a better OSINT investigator.
May 04, 202048:52
Episode 23: Amanda Berlin - The $15,000 Teddy Bear

Episode 23: Amanda Berlin - The $15,000 Teddy Bear

For this episode, we welcome Amanda Berlin of Blumira. She is also the CEO of the non-profit organization Mental Health Hackers, and can be found on twitter at InfoSystir. Today, she tells us about a romance scam where she helped a friend finally understand she was being duped, and explains how these work, plus she’ll tell us a little bit about a fifteen thousand dollar teddy bear.
Apr 27, 202012:27
Episode 22: Derrick Levasseur - Going to College...for the Bust

Episode 22: Derrick Levasseur - Going to College...for the Bust

For this episode, we welcome Derrick Levasseur, winner of Big Brother season 16, host of the Discovery ID tv show Breaking Homicide and the author of the best selling book, Undercover Edge, which helps you find your strengths and gain confidence to win in all situations. Derrick tells us the story about the first time he went undercover as a police officer and the methods he used to quickly gain the trust of a university drug dealer over a few games of pool that eventually led to a bust.
Apr 20, 202021:13
Episode 21: Adam Compton - The Ladder and the Big Gulp

Episode 21: Adam Compton - The Ladder and the Big Gulp

For this episode, we welcome Adam Compton, a pentester and social engineer for TrustedSec. You can also meet TrustedSec at the Layer 8 Conference, and you can find Adam on twitter at Tatanus. Adam talks about the various ways and methods that he was able to successfully test the physical security of a health care facility, using the remnants of a Big Gulp and a ladder in the snow, as well as simply asking for a tour.
Apr 13, 202018:17
Episode 20: Ritu Gill - Tips and Tricks from OSINTtechniques

Episode 20: Ritu Gill - Tips and Tricks from OSINTtechniques

For this episode, we welcome Ritu Gill, also known as OSINTTechniques on twitter and at osinttechniques.com. First, Ritu helps us to understand the differences between intelligence and data. Then she takes us through some examples of combinations of OSINT and social engineering. In one such example, she finds a way to get a target to reveal his real name on Facebook. She also tells us about canary tokens and phone spoofing.
Apr 06, 202011:07
Episode 19: Jayson E. Street - "One of the Best Stories I Can Tell"

Episode 19: Jayson E. Street - "One of the Best Stories I Can Tell"

For this episode, we welcome Jayson E. Street, VP at SphereNY and will be teaching a two-day course at Blackhat titled “Access Denied - Social Engineering Detection and Incident Response”. Jayson tells us about a huge success for him, getting caught. Physical social engineers are often able to breach a company’s physical defenses, but are we teaching the client how to improve? Jayson proudly tells us about one incredible success story.
Mar 30, 202023:55
Episode 18: Christina Lekati - They Never Saw Her Coming

Episode 18: Christina Lekati - They Never Saw Her Coming

For this episode, we welcome Christina Lekati, a social engineer and psychologist for Cyber Risk Gmbh in Switzerland. You can find her on twitter at ChristinaLekati. Christina was tasked with confirming one client’s suspicions that their employee was stealing information from them. In this story, you’ll hear that the target had no idea what was coming for him once Christina got started.
Mar 23, 202021:37
Episode 17: AMA with Snow and TinkerSec

Episode 17: AMA with Snow and TinkerSec

Warning: Some language used is NSFW or children. For this episode, we break our format. Usually, we have a social engineer or OSINT investigator on to walk us through a great story, a fun engagement or the methodology of an investigation. On this episode, we welcome two extremely accomplished social engineers, Snow and TinkerSec to just chat, answer a few questions, give opinions and recount a lot of fun stories. You can find them on Twitter at @_sn0ww and @TinkerSec.  In this episode, Snow mentions her Full Scope Social Engineering class being taught at BlackHat USA. You can find out more about that class here: https://www.blackhat.com/us-19/training/schedule/index.html#full-scope-social-engineering-and-physical-security-14232 
Mar 19, 202001:12:35
Episode 16: Julie Clegg - Top 5 Things Not Seen on Hunted

Episode 16: Julie Clegg - Top 5 Things Not Seen on Hunted

For this episode, we welcome Julie Clegg, the OSINT expert on the United Kingdom-based television show "Hunted". Julie is also putting together OSINT2020, an event where OSINT investigators can come together and talk about the future of investigations. You can find out more at OSINT2020.com. Julie talks with us about her five favorite events that happened on Hunted but you didn’t get to see on television. She talks about various activities by the hunters and some pranks that the hunters and hunted played on each other. You can contact Julie on Twitter at @HuntedJulie
Mar 16, 202025:48
Episode 15: Cat Murdock - Know Your Name and Bring Snacks

Episode 15: Cat Murdock - Know Your Name and Bring Snacks

For this episode, we welcome Cat Murdock, a security consultant and social engineer from Guidepoint Security. You can find Cat on Twitter at CatMurd0ck. While most of our episodes are safe for work, this one has a few words mixed in that you might not want children to hear. Cat takes us through some of her social engineering encounters, explains why snacks and bathroom breaks are important and why the names on paperwork are very important.
Mar 09, 202042:07
Episode 14: Dutch_OSINTGuy - Spot the Jihadi

Episode 14: Dutch_OSINTGuy - Spot the Jihadi

For this episode, we welcome Nico Dekins, also known as Dutch OSINT Guy and a co-host of the OSINT Curious podcast. You can find Nico on Twitter at Dutch_OSINTGuy. Law enforcement officials in the Netherlands asked him to confirm whether a potential Jihadi’s threats were credible. They only gave him a first name and minimal other information. Find out how Nico went through his methodology to get the confirmation they needed.
Mar 02, 202017:26
Episode 13: Alethe Denis - Social Engineer Your Own Brain

Episode 13: Alethe Denis - Social Engineer Your Own Brain

For this episode, we welcome Alethe Denis, the founder of Dragonfly Security and the reigning champion of the Defcon social engineering capture the flag competition. This is Alethe’s story of where she came from, how she was always a social engineer from childhood and also how words from Lady Gaga turned her life around. She tells us how we can social engineer ourselves to move in a positive direction.
Feb 24, 202053:21
Episode 12: Keith Cox - The Value of Flexibility During Vishing

Episode 12: Keith Cox - The Value of Flexibility During Vishing

For this episode, we welcome Keith Cox, a social engineer and pentester from Rapid7. Keith takes us through a recent vishing engagement and he tells us how sometimes you can learn from the initial calls you make to drastically change your pretext and how it worked for him. Keith also describes how he got to flip the script a little and help his mentor fine tune his own social engineering skills.
Feb 17, 202047:28
Episode 11: Kirby Plessas - Happy Birthday...or is it?

Episode 11: Kirby Plessas - Happy Birthday...or is it?

For this episode, we welcome Kirby Plessas, host of the OSINT curious podcast. She is the founder and CEO of the Plessas Experts Network, found at plessas.net where you can find online training about how to perform OSINT investigations. Kirby tells us how she was able to track down a hacker, simply because someone wished him happy birthday.
Feb 10, 202008:48
Episode 10: Marina Ciavatta - Just Ask For Feedback

Episode 10: Marina Ciavatta - Just Ask For Feedback

For this episode, we welcome Marina Ciavatta, the journalist turned social engineer, from Brazil. Marina describes her first physical social engineering engagement where she will tell us how she successfully bypassed biometrics and how people will willingly give you more information if you just ask. You can find Marina on Twitter at: @MarinaCiavatta
Feb 03, 202047:28
Episode 9: Wondersmith Rae - Unraveling an Online Puppy Scam

Episode 9: Wondersmith Rae - Unraveling an Online Puppy Scam

For this episode, we welcome Wondersmith Rae, a professional OSINT investigator who tells us the story of an online puppy scam. This is a story where pulling on one thread of information seemed to lead down varying paths and exposing additional interesting areas to investigate. She and @Tokyo_v2 also wrote a blog post on Medium.com about her investigation titled “Anatomy of a Puppy Scam, Part 1, Meet Layla” where you can find even more details. You can find her on twitter at @Wondersmith_Rae
Jan 27, 202019:09
Episode 8: Deveeshree Nayak - Turning a Facebook Feature into a Ticket to Defcon

Episode 8: Deveeshree Nayak - Turning a Facebook Feature into a Ticket to Defcon

For this episode, we welcome Deveeshree Nayak, an educationalist and information security professional where she tells us about how she was able to find weaknesses in Facebook for gathering information on friends of friends, which eventually led to the company inviting her to Defcon. You can find Deveeshree on LinkedIn.
Jan 22, 202007:13
Episode 7: Robby Stewart - Sometimes the Client Wins

Episode 7: Robby Stewart - Sometimes the Client Wins

For this episode, we welcome Robby Stewart, a social engineer and pentester at Rapid7. Robby tells us about a story that we don’t hear that often from social engineers...failure. He explains why some might consider his test a failure and why some would call it a success. You can find Robby on Twitter at @RizzyRong.
Jan 21, 202010:04
Episode 6: Robby Stewart - How a Social Engineer (Ab)uses Trust

Episode 6: Robby Stewart - How a Social Engineer (Ab)uses Trust

For this episode, we welcome Robby Stewart, a social engineer and pentester at Rapid7. Robby takes us through the first social engineering engagement and the various decisions he needed to make along the way. He also explains how a good social engineer can really take advantage of people’s assumptions and their trust. You can find Robby on twitter at @RizzyRong
Jan 20, 202007:55
Episode 5: Matthias Wilson - Combining OSINT with SE in Germany

Episode 5: Matthias Wilson - Combining OSINT with SE in Germany

For this episode, we have Matthias Wilson, also known as MwOsint on twitter and owner of the https://keyfindings.blog site. Matthias is in Germany where the default is to trust no one and privacy is the utmost concern. Matthias takes us through how he was able to combine social engineering and OSINT to find out if a given business address was legit, or something a little more shady. 
Jan 13, 202021:07
Episode 4: Steve Laura - A Full PSE Walkthrough

Episode 4: Steve Laura - A Full PSE Walkthrough

For this episode, we have Steve Laura, a social engineer and pentester for Blue Cross Blue Shield. On this longer episode, he takes through the recon, the initial access, his thought process along the way and how he dealt with employees on the lookout for a pentester trying to get into their building! You can find Steve on twitter at Steven1669.
Jan 06, 202047:25
Episode 3: Katelyn Bowden - Her First OSINT

Episode 3: Katelyn Bowden - Her First OSINT

For this episode, we have Katelyn Bowden, CEO of the BADASS Army, a non-profit organization dedicated to providing support to victims of revenge porn and image abuse. Katelyn tells us about her first experience with OSINT. A personal experience that involved some social engineering to drum up some small town drama and how a machine gun was the one piece of information that got Katelyn the goods. You can find Katelyn on twitter at BadassBowden.
Dec 31, 201910:23
Episode 2: Katelyn Bowden - Taking Down a Criminal

Episode 2: Katelyn Bowden - Taking Down a Criminal

For this episode, we have Katelyn Bowden, CEO of the BADASS Army, a non-profit organization dedicated to providing support to victims of revenge porn and image abuse. Katelyn tells us about how her organization works and how her experience with a siren, and how one guy’s desire for Funko Pops ended up being his downfall in the world of trading nude images. You can find Katelyn on Twitter at BadassBowden.
Dec 31, 201911:22
Episode 1: Trevor O'Donnal - Rapport Building with Vishing

Episode 1: Trevor O'Donnal - Rapport Building with Vishing

For our first episode, we have Trevor O’Donnal from Rapid7. Trevor tells us about a particularly difficult social engineering engagement where he needed to engage staff through phone calls. But it was a small company, everyone knows each other and sits near each other. Let’s hear Trevor tell us how he used good reconnaissance to build rapport and get people talking. You can find Trevor on Twitter at todonnal.
Dec 17, 201917:23