Open Source Intelligence (OSINT): The Data We Leak
8th Layer Insights
English - October 04, 2022 04:00 - 47 minutes - ★★★★★ - 54 ratingsSocial Sciences Science Business cybersecurity psychology behavior science human layer human factor social engineering scams security culture phishing security awareness Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project, Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-founder and CEO of runZero). Chris is a former black badge winner at DEF CON's social engineering competition and served as a judge in the most recent competition. He recently released an interesting report analyzing the top OSINT sources and vishing (voice phishing via phone) pretexts from that competition.
Guests:
Christina Lekati (LinkedIn) (Twitter)
Chris Kirsch (LinkedIn) (Twitter)
Books and References:
Top OSINT sources and vishing pretexts from DEF CON’s social engineering competition, research by Chris Kirsch referenced in this episode
YouTube video by Christina Lekati: Protecting High-Value Individuals: An OSINT Workflow
YouTube video: DEF CON 27 Recon Village presentation by Chris Kirsch: Using OSINT for Competitive Intelligence
YouTube Playlist from the 2022 SANS OSINT Summit
YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours
The OSINT Curious project
DEFCON Social Engineering Community
15 top open-source intelligence tools, CSO Online
Top 25 OSINT Tools for Penetration Testing, SecurityTrails
WebMii.com
Hunter.io
Wigle.net
Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Threat Modeling: Designing for Security by Adam Shostack
What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/
12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/
The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds
Perry's Books
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter
The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer
Production Credits:
Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.
Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.
8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/
Want to get in touch with Perry? Here's how:
Email: perry [at] 8thLayerMedia [dot] com
Over the past few years, there's been a lot of talk about the value of understanding Open Source Intelligence (OSINT). But, even with so much talk, relatively few cybersecurity professionals have had the time to take a deep dive into the topic. In this episode, Perry sits down with social engineer, OSINT investigator, and member of the OSINT Curious project, Christina Lekati to get an overview of the value of OSINT as well as some basic techniques. After that, we hear from Chris Kirsch (co-founder and CEO of runZero). Chris is a former black badge winner at DEF CON's social engineering competition and served as a judge in the most recent competition. He recently released an interesting report analyzing the top OSINT sources and vishing (voice phishing via phone) pretexts from that competition.
Guests:
Christina Lekati (LinkedIn) (Twitter)
Chris Kirsch (LinkedIn) (Twitter)
Books and References:
Top OSINT sources and vishing pretexts from DEF CON’s social engineering competition, research by Chris Kirsch referenced in this episode
YouTube video by Christina Lekati: Protecting High-Value Individuals: An OSINT Workflow
YouTube video: DEF CON 27 Recon Village presentation by Chris Kirsch: Using OSINT for Competitive Intelligence
YouTube Playlist from the 2022 SANS OSINT Summit
YouTube video by The Cyber Mentor: Learn OSINT in 4.5 Hours
The OSINT Curious project
DEFCON Social Engineering Community
15 top open-source intelligence tools, CSO Online
Top 25 OSINT Tools for Penetration Testing, SecurityTrails
WebMii.com
Hunter.io
Wigle.net
Lockheed Martin Cyber Kill-Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Threat Modeling: Designing for Security by Adam Shostack
What is Threat Modeling: https://securityintelligence.com/posts/what-is-threat-modeling-and-how-does-it-impact-application-security/
12 Methods of threat Modeling: https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/
The Art of Attack: Attacker Mindset for Security Professionals by Maxie Reynolds
Perry's Books
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter
The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer
Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.
Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.
8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/
Want to get in touch with Perry? Here's how:Email: perry [at] 8thLayerMedia [dot] com