The InfoSec & OSINT Show

In Episode 80, Josh Amishav talks about the pyschological warfare that is being waged against various ransomware gangs, developments to Darkside, REvil and Blackmatter, Russia's handling of cyber criminals, using stealer log combo lists as part of your OSINT investigations and more. For more information, including the show notes check out: https://breachsense.io/podcast

In Episode 79, Josh Amishav chats with Mike Murr about the science behind social engineering, micro-expressions, FACS, which is the Facial Action Coding System, Common mistakes made during SE engagements, manipulation techniques and more. For more information, including the show notes check out: https://breachsense.io/podcast

In Episode 78, Josh Amishav does a solo adventure to talk about the thought process behind launching the Breachsense Darkweb API. The three main takeaways from the episode are: How ransomware has become a life and death issue What effect shutting down the REvil gang has had The 3 most common initial attack vectors used in ransomware attacks For more information, including the show notes check out: https://breachsense.io/podcast

In Episode 77, Josh Amishav talks with Nate Warfield about threat intel, CTI League and cloud risk. My three main takeaways from the episode are: How to use tags to easily search Shodan for systems vulnerable to specific CVEs The most common threats the medical sector faces A couple of interesting techniques he uses to collect threat intel For more information, including the show notes check out: https://breachsense.io/podcast

In Episode 76, Josh Amishav chats with Chris Dale about several techniques to associate a given asset back to a company. Three takeaways from the episode are: How to generate a custom wordlist for brute forcing your target A bunch of methods to correlate associated company assets via things like the DOM, JARM and TLS How to automate vulnerability discover For more information, including the show notes check out: https://breachsense.io/podcast

In episode 75, Jeff Man joins us to talk about his time in the NSA, PCI, Hak4Kidz and content creation. My 3 main takeaways were 1) What red teaming was like in the 80s 2) Why PCI gets a bad reputation and 3) His tips for giving great conference talks. For more information, including the show notes check out: https://breachsense.io/podcast

In episode 73, Higinio Ochoa joins us for a behind the scenes look at his hacking escapades with Anonymous. The same methodology can be used for bug hunting today. My 3 main takeaways were 1) Building target lists at scale 2) His two OpSec mistakes which led to him getting caught and 3) What his must have hacking tools are now. For more information, including the show notes check out: https://breachsense.io/podcast In episode 74, Brett Johnson joins us to talk about online crime, social engineering, spear phishing and trust. My 3 main takeaways were 1) How criminals convince us to trust them online 2) Bypassing company policies via social engineeringand 3) How to get people to believe fake news and legends over facts For more information, including the show notes check out: https://breachsense.io/podcast

In episode 73, Higinio Ochoa joins us for a behind the scenes look at his hacking escapades with Anonymous. The same methodology can be used for bug hunting today. My 3 main takeaways were 1) Building target lists at scale 2) His two OpSec mistakes which led to him getting caught and 3) What his must have hacking tools are now. For more information, including the show notes check out: https://breachsense.io/podcast

In episode 72, Nathan Sweaney joins us talk about the future of privacy. My 3 main takeaways were 1) Who's collecting our bluetooth and wifi signals 2) How to get your talk accepted to a security con and 3) How he used OSINT to steal (in air quotes) his twitter handle from a Nazi. For more information, including the show notes check out: https://breachsense.io/podcast

In episode 71, Peter Taylor "The Fraud Guy" joins us talk about various aspects of fraud. My 3 main takeaways were 1) The common types of fraud he sees in his investigations 2) How Covid has influenced the fraud space and 3) Why aged shell companies and email addresses are so valuable For more information, including the show notes check out: https://breachsense.io/podcast