Dylan is named the Magician yet he doesn't do card tricks, doesn't pull a rabbit from a hat and doesn't cut his assistant in half. Dylan is a social engineer who earned that moniker during an engagement. In this episode, Dylan will explain the job where he was tagged "The Magician." We'll also talk about the planning that went into his engagement and other aspects of social engineering he uses every day. This episode is brought to you by Compass Cyber Guard. To find out more about Cyber Guard's ...
Mar 04, 2024•48 min•Season 4Ep. 3
Ritu Gill is back! A return guest who first appeared on episode 20, Ritu (also known as OSINT Techniques) is back to talk about Operational Security, about how to create and curate sock puppets, how to keep the integrity of an investigation and to tell us about Forensic OSINT , a Chrome extension that can easily help with investigations! This episode is brought to you by Compass Cyber Guard. To find out more about Cyber Guard's social engineering or pentesting services, contact info@layer8podca...
Feb 19, 2024•33 min•Season 4Ep. 2
Our host, Patrick Laverty, has gotten to talk with experts in OSINT and social engineering and heard their stories. But Patrick has never told one of his own. That's what we get here as he explains how he got access to sensitive areas of a bank during a social engineering job. This episode is brought to you by Compass Cyber Guard. To find out more about Cyber Guard's social engineering or pentesting services, contact info@layer8podcast.org...
Feb 05, 2024•36 min•Season 4Ep. 1
Charles Shirer, aka @BSDBandit is the part of the internet that exudes positivity and happiness. He frequently posts happy and affirming messages for people to enjoy. He's also a self-taught OSINT expert. In this episode, he'll explain how he learned OSINT, projects he took on and give suggestions and advice for others who might look to follow in his path.
Sep 19, 2022•47 min•Season 3Ep. 21
Dr. Abbie Maroño is the Director of Education at Social Engineer, LLC . She earned her PhD in Behaviour Analysis from Lancaster University in the UK. In this episode, we talk about human lie detection and that everything we learned on Lie to Me might be a lie! How can we discern good scientific information from bad, so we can learn the skills of social engineering and Dr. Maroño also talks about her own new podcast where she goes into the detail of the science and research behind many social eng...
Sep 12, 2022•38 min•Season 3Ep. 20
Venessa Ninovic is @Intel_Inquirer on Twitter and frequently posts her findings and research at https://intel-inquirer.medium.com/ She has been on the OSINT Curious podcast and presented at the 2022 SANS OSINT Summit . In this episode, she tells us how much OSINT one can find just in dating apps. She explains how some military members failed so badly at OpSec that they were forced to delete their social media applications and she digs into the exercise app Strava. Strava can reveal quite a bit a...
Sep 05, 2022•44 min•Season 3Ep. 19
Alan Neilan is a security analyst who searches for phishing kits in his spare time, using x0rz's Phishing Catcher . Alan often tweets out his work at @aneilan and he also posts his findings under the title "Crap I Found on the Internet" on his blog at aneilan.github.io . In this episode, Alan talks about how he uses certificate transparency certstreams to feed the analysis tool and tells some of his experiences with reporting the kits he's found....
Aug 29, 2022•30 min•Season 3Ep. 18
John TerBush, known as TheGumshoo on Twitter joins us to talk about his previous life as a private investigator and how he merged into the information security world. He, like so many others, was doing OSINT before we called it OSINT and he describes some of the locations and techniques. John is also a founding member of OSINT Curious and a course developer/instructor for the SANS SEC 487 and SEC 587 OSINT courses. He is also a threat researcher for Recorded Future . John has some great advice f...
Aug 22, 2022•47 min•Season 3Ep. 17
On this episode, we speak with Dalin McClellan , a penetration tester and social engineer for NetSPI . The idea for this episode came from a blog post that Dalin wrote here: Not Your Average Bug Bounty: How an Email, a Shirt and a Sticker Compromised a High Security Datacenter . Dalin explains the preparation necessary for an on site physical penetration test when the location is highly secured with barbed wire fencing, human guards 24x7, retinal scanners and mantraps. Sometimes very simple solu...
Aug 15, 2022•47 min•Season 3Ep. 16
Sylvain Hajri , aka Navlys_ on Twitter created Epieos.com a freemium site that lets you perform passive OSINT with just an email address. Sylvain wears an incredible number of hats as the creator of not just Epieos but also MyOSINTJob , OSINTFr , the SpyingChallenge and is also an organizer of LeHack in France and also the OSINTVillage. In this episode, Sylvain has great advice on how to use passive OSINT, on how he created his company and whether people should focus on tools and learn python to...
Aug 08, 2022•48 min•Season 3Ep. 15
When we think of phishing attacks, we immediately think of email. In this episode, Chris Cleveland , the Founder and CEO of Pixm Security walks us through a massive phishing attack that his company discovered. In this attack, millions of Facebook credentials were stolen using multiple layers of trusted environments. Have you ever gotten contacted by a friend in Facebook messenger with a link to check out a funny video? After this episode, you might be a little more careful with those. If you wan...
Aug 01, 2022•31 min•Season 3Ep. 14
People claim degrees and credentials that they haven't earned. This could be for a number of reasons, whether professional or personal. In this episode, we speak with the Fake PhD Investigator, a person who uses OSINT to determine whether the doctorate degree that someone claims, has actually been conferred on them. This episode goes through the methodology, some stories and some of the reasons that someone might claim to have earned a doctorate degree when they actually have not. You can find t...
Jul 25, 2022•41 min•Season 3Ep. 13
Jason Downey is a penetration testing security consultant with Red Siege and is known as HackAndBackpack on Twitter. In this episode, we talked with Jason about phishing, vishing and on-site physical social engineering engagements. He talked about some of the tools he uses, some of his successes and some campaigns that might not have gone exactly to plan. Plus, find out how the Legend of Zelda's Triforce can help people understand a path into this industry. More information about Jason can be fo...
Jul 18, 2022•48 min
We talk with Steven Harris, aka @nixintel who is an Executive Board Member with @OSINTCurious and is currently employed by Qomplx to perform investigations. He also teaches SEC 487 for SANS. In this episode, we walk through some of the Quiztime investigations that he did on his web site ( https://nixintel.info ) and another where he was able to figure out exactly who was plagiarizing his content. Steven gives great advice for people starting out, what they should focus on and the value of learni...
Jul 11, 2022•1 hr•Season 3Ep. 11
Griffin is also known online as @hatless1der . You can find his tips and blog articles at hatless1der.com and at the Ultimate OSINT Collection . Griffin is also a part of the National Child Protection Task Force (NCPTF) where he is a speaker at their conference. He also speaks at the ConINT conference . In this episode, Griffin discusses how to do OSINT investigations that require pivoting off data, how to find people who really don't want to be found, and some great ways to get started in the f...
Jul 04, 2022•47 min•Season 3Ep. 10
Josten Peña is a Human Risk Analyst at Social Engineer, LLC . Josten performs risk testing with contracted company employees via phone calls and email. In this episode, Josten focuses on various shortcuts our brains use, commonly known as biases, that can help in some situation, but can also be detrimental in others. Josten describes these biases and how a social engineer might use them to achieve the desired goals.
Jun 27, 2022•40 min•Season 3Ep. 9
In this episode, we talk with Erich Kron from KnowBe4 . We go into a number of topics, but mainly focus on phishing. Erich talks about phishing as a service, ransomware as a service and gives recommendations on how to best perform your own phishing engagements within your company.
Jun 20, 2022•47 min•Season 3Ep. 8
Oliver Lebhardt is the creator and CEO of Complytron , a tool used for OSINT investigations to determine if seemingly unrelated websites are actually related. In addition, Complytron has data about politically-exposed people (PEP), people who have been sanctioned and who are on government watchlists. The data can be heavily used in anti-money laundering situations, but is also valuable for human intelligence. Oliver's background is in investigative journalism and has paired his investigatory ski...
Jun 13, 2022•37 min•Season 3Ep. 7
Chris Russell, the CISO of tZero , is @cr00ster on twitter and https://github.com/cr00ster , joins us today to talk about his experience in the military and how he obtained intelligence during the Iraq War. Chris talks about some of the techniques used to help determine when people were telling the truth and when some might have just been looking for a payday. He also talks about his biggest social engineering concern from a CISO's perspective, and why we should focus on treating developers well...
Jun 06, 2022•42 min•Season 3Ep. 6
Known online as @LockDownUrLife , we talk about how she helps people who have been a victim of online scams and harassment. She also talks about ways we can protect our own privacy, and what you can do when you are threatened or harassed. Her web site with a lot more information can be found at https://LockDownYourLife.com
May 30, 2022•45 min
Our guest this week is Andrew Lemon, who often just goes by "Lemon." You can find Lemon on Twitter as @LemonItUp or on his YouTube channel with original hacking videos. In this episode, we discuss a presentation he gave at the 2021 Armed Forces Communications and Electronics Association conference titled " A Social Engineer's Toolkit ". He had some fun physical social engineering stories on ways he gets into facilities, on how he tries to get caught and even a story about why one of his engageme...
May 23, 2022•47 min•Season 3Ep. 4
Rosa ( @Rosa_Rowles ) is a social engineer working with Social Engineer, LLC. She has an interesting story that includes moving from Spain to England to the US all at a young age. She was a billing coordinator for a hotel before she moved into social engineering. In this episode, she discusses how she uses various principles of influence to evaluate the security posture of her clients. She gives advice on how to build rapport in mere seconds and how to get into the social engineering field witho...
May 16, 2022•48 min•Season 3Ep. 3
For this episode, we step away from discussing social engineering and OSINT directly and talk with Jack Rhysider . Jack is the creator and host of the hugely popular podcast, Darknet Diaries . Jack talks about and interviews people about "true stories from the dark side of the internet." Jack discusses how he does it, how he finds his guests, how much work goes into creating his biweekly podcast and more. Jack Rhysider is a veteran to the security world. He gained his professional knowledge of s...
May 09, 2022•37 min
Content Warning: This episode includes discussion of human trafficking and exploitation. Christine Talley, aka @AthenasOwl_97 joins us to talk about her work as an analyst with the anti-human trafficking task force in California. She talks about how she got started with OSINT after changing careers, tells us one instance where she got to use her former career during a law enforcement engagement and also tells us about contact exploitation. This is a method where she often can begin or continue t...
May 02, 2022•53 min•Season 3Ep. 1
For this episode, we talked with Lorand Bodo , one of the creators of OSINT Curious . Lorand talks with us about how he recommends people get started with OSINT, what OSINT is and then takes us through some stories about how he tracks jihadists and extremists. He also tells us about his role with OSINT Curious and the webcasts and streaming events that he puts on with them. Lorand also has a weekly updated list of curated tweets from extremists on his web site, lorandbodo.com...
Sep 20, 2021•48 min•Season 2Ep. 45
Alethe Denis is an amazing accomplished social engineer. She won the Social Engineering Capture the Flag competition at Defcon 27. She was part of a team that won a Trace Labs OSINT Capture the Flag competition. She will again be a judge at the Collegiate Social Engineering competition . She created the Defcon 209 chapter in California, and is the original ambassador to the Innocent Lives Foundation . In this episode, Alethe takes us through her pretext preparation for Defcon and how she creates...
Sep 13, 2021•1 hr•Season 2Ep. 44
For this episode, we get to speak with Rae Baker, also known as Wondersmith_Rae on Twitter. Rae changed careers a few years ago from a graphic designer to the world of OSINT. Along the way, she has competed in and won OSINT competitions, given presentations at BSides, ShmooCon and most recently, Defcon's Recon Village . She has some great advice for how to get into the field and also how to succeed in an OSINT Capture the Flag competition. Rae is on the executive board of OSINT Curious and is al...
Sep 06, 2021•39 min•Season 2Ep. 43
TW: Brief discussion of sexual assault/abuse. For this episode, we got to speak with Robin Dreeke, a 29 year veteran of federal service, including the US Naval Academy, US Marine Corps and the head of the FBI's Counterintelligence Behavioral Analysis Program. Robin owns https://peopleformula.com where he offers skills, newsletters, training classes and his books. In this conversation, we reference his books as we talk about building rapport and Robin's five basic principles of trust: 1) Suspend ...
Aug 30, 2021•49 min•Season 2Ep. 42
For this episode, we talk voice phishing, or vishing, with Curt Klump . Curt is a hacker with Social Engineer, LLC and he gets to hack people simply by calling them on the phone. We got to talk with Curt about how he went from being an actor to a social engineer, how to get started in the industry, great resources for learning, tips for particularly difficult environments and he shares stories of some of his favorite compromises and shut downs....
Aug 23, 2021•40 min•Season 2Ep. 41
For this episode, we are joined by Lisette Abercrombie, probably better known as Technisette . She is a Dutch OSINT investigator and one of the creators of OSINT Curious . We get to talk about her OSINT methodology, some tips and tricks and she shared two stories of her investigations. One that included the value of the color of garbage barrels in an image. We also learned the Dutch term "onderdompelen" meaning to submerge or immerse yourself. Jump in the deep end and start swimming!...
Aug 16, 2021•42 min•Season 2Ep. 40
