Episode 10. - OSINT in Pentesting with John Strand

Pivoting is one of the most fundamental investigative techniques you should have in your toolset but it's an easy thing to gloss over. In this episode, I get to sit down with Griffin and walk through some amazing pivots. Griffin on LinkedIn: https://linkedin.com/in/griffin-gGriffin on X: https://x.com/hatless1derGriffin's blogs: https://hatless1der.com Griffin's OSINT Training: https://myosint.trainingNational Child Protection Task Force: https://ncptf.org-------------------------------------------Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsOn LinkedIn: https://www.linkedin.com/company/27143440/admin/feed/posts/Join our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

In this episode we get to sit down with Ritu Gill (OSINT Techniques) and talk about their tool, Forensic OSINT. Along the way we discuss my own screenshot misadventures and touch on a few other OSINT topics. Ritu on LinkedIn: https://www.linkedin.com/in/ritugill-osinttechniques/Forensic OSINT: https://www.forensicosint.com/-------------------------------------------Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsOn LinkedIn: https://www.linkedin.com/company/27143440/admin/feed/posts/Join our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

In this episode we get to sit down with Patrick Laverty, host of the Layer 8 Podcast and organizer of the Layer 8 Conference in Rhode Island. Patrick's podcast and conference have been a gateway for many us in to the world of Social Engineering and Open Source Intelligence. We hope you enjoy this conversation as much as we did!Layer 8 Podcast will be debuting a new season on Monday February 5th!  Patrick on LinkedIn: https://www.linkedin.com/in/plaverty9/ Patrick on X: https://twitter.com/plaverty9/ Layer 8 Podcast: https://layer8conference.com/the-layer-8-podcast/ -------------------------------------------Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

In this episode we sit down with Dale Ayers. I met Dale at B-Sides Bloomington at our OSINT Workshop. At the time, Dale was trying to pivot in to his first tech job. He was recently successful! We sit down to discuss his journey from a non-technical field, what worked and what didn't. Dale on LinkedIn: https://www.linkedin.com/in/daleaayers/Jason Blanchard, creator of "Job Hunt Like a Hacker": https://www.linkedin.com/in/jasonsblanchard/Jason Blanchard, previous streams: https://www.linkedin.com/in/jasonsblanchard/recent-activity/events/-------------------------------------------Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

The best way to learn is by doing and doing is easier when it's engaging. We sit down with Rae Baker to talk about KASE Scenarios. KASE offers realistic OSINT training scenarios with a narrative catalyst. KASE Scenarios: https://kasescenarios.comKASE on Twitter: https://twitter.com/kasescenariosRae on Twitter: https://twitter.com/wondersmith_raeRae's book: https://www.raebaker.net/-------------------------------------------Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

Just in time for DEF CON 31....A special Training TreatIn this episode I'm joined by Joe Gray. Joe is a Trace Labs Black Badge winner, author, speaker and trainer amongst other things. We dive deep in to the world of OSINT training, discussing Joe's take on training in general as well as guidance for those new to the field. You can find Joe online at:Joe's Socials:Twitter (X): https://twitter.com/C_3PJoeTraining with Joe through The OSINTionDiscord: https://osint.mobi/discord YouTube: https://osint.mobi/youtube Blog: https://tidbit.theosintion.com/ On-Demand Academy: https://academy.theosintion.com/Joe's Book:https://www.amazon.com/Practical-Social-Engineering-Joe-Gray/dp/171850098XWant to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

The best Social Engineers do a tremendous amount of research before engaging a target. As luck would have it, we get to speak with one of them today! Chris and I talk about the pivotal role of OSINT in preparing for an SE engagement and also get a "peek behind the curtain" in relation to OSINT sources during a Social Engineering "capture the flag" style competition.  Chris Kirsch is the CEO of runZero (www.runzero.com), a cyber asset management company he co-founded with Metasploit creator HD Moore. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering capture the flag competition at DEF CON, the world’s largest hacker conference. If you'd like to learn more about Chris and the organizations he advocates for:Defcon 2022 OSINT & vishing research: https://medium.com/@chris.kirsch/top-osint-sources-and-vishing-pretexts-from-def-cons-social-engineering-competition-8e08de4c8ea8Winning call from DEF CON SECTF 2017: https://www.youtube.com/watch?v=yhE372sqURUExternal perimeter recon using runZero: https://www.runzero.com/blog/external-scanning/Competitive Intelligence talk at Layer 8 Conference: https://www.youtube.com/watch?v=NB-wLadJ3hkFacebook Talent Intelligence Collective: https://www.facebook.com/groups/talentintelligencecollectiveNational Child Protection Task Force (NCPTF): https://www.ncptf.org/Twitter profile: https://twitter.com/chris_kirschMastodon profile: https://infosec.exchange/@chris_kirschLinkedIn profile: https://www.linkedin.com/in/ckirsch/Chris' company: https://www.runzero.com/Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

In this bonus episode, Tom Hocker and Rae Baker sit down to talk about their respective journeys in to infosec. Getting in to Infosec can seem challenging but if these two can do it so can you. With a little bit of forward momentum and a clear goal in mind you can pretty much achieve anything.Rae on Twitter: https://twitter.com/wondersmith_raePre-Order Rae's Book: https://www.amazon.com/gp/product/1119933242/ref=dbs_a_def_rwt_hsch_vapi_taft_p1_i0 Tom on Twitter: https://twitter.com/human_decodedTom and Rae would both like it if you considered supporting Operation Safe Escape and the great work they do:Operation Safe Escape - https://safeescape.orgOperation Safe Escape Donations - https://funraise.org/give/Operation-Safe-Escape/ca21cf2f-52c3-45c0-af23-fe9441b7b0b6Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

#Hack4Good can come in many different forms. The team from Operation Safe Escape works in the same "space" as Trace Labs but with a different mission. They're focused on assisting the survivors of domestic violence escape their situation and stay safe in a digital world that makes tracking and control easier than it's ever been. In this episode, I talk with some of the OSE team about the organization, how they operate and what it takes to make a Safe Escape from an abusive situation. Operation Safe Escape - https://safeescape.orgOperation Safe Escape Donations - https://funraise.org/give/Operation-Safe-Escape/ca21cf2f-52c3-45c0-af23-fe9441b7b0b6Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

Paying an organization to provide you with intelligence you either don't have access to or don't have the time to collect can expedite an investigation. But how does it work? Where does the intelligence come from? How do these businesses work? In this episode, Roelof gives us some insight in to the business of breach data and people information services.Vortimo: https://www.vortimo.com/Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org