Layer 8 Podcast
121 episodes - English - Latest episode: 2 days ago -Welcome to the Layer 8 Podcast season 3! This season we’ll have conversations with social engineers and OSINT investigators who will tell their stories. We hope you enjoy them.
Homepage Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Episode 62: Jonathan Younie - Social Engineering from a CISO's Point of View
June 07, 2021 11:00 - 34 minutes - 45.8 MBOn this episode, we talked with Jonathan Younie, aka @InfosecCanuck. Younie is a CISO for a financial services firm and a social engineer. He talks with us about his experience at the recent Human Hacking Conference, and the lessons he brought back for his own company's social engineering training. Younie has also created and is a part of social engineering and OSINT professional networking groups on Clubhouse and Slack. Younie also gives us a little bit of information about the upcoming ILF...
Episode 61: Polarisu Solves the OSINT Challenge
May 31, 2021 11:00 - 37 minutes - 49.4 MBOn April 3, we re-shared a photo from a friend of a building and asked "Where is this?" People from literally around the world began searching, and it wasn't until the following day when Marlena von Hoffer, aka @Polarisu used her skiptracing OSINT skills to finally locate the building in the image. In this episode, Marlena tells us about the tools, techniques and strategy she used to eventually figure out the location. She also tells us a fun story of how she was able to locate someone using...
Episode 60: Breaking Into Buildings with Crystal
May 24, 2021 11:00 - 27 minutes - 37.5 MBFor this episode, Crystal aka UnluckyNum7 joins us to talk about her methods and strategy for bypassing security controls to access buildings. She talks about what she did when faced with locked doors during an upstate New York winter, or when the elevator required a valid badge to get to floors and what she came up with when someone asked what she will bring to the company holiday party. All this and more in today's fun episode!
Episode 59: Twig - Identifying Locks and Vishing Her Targets
May 17, 2021 11:00 - 20 minutes - 29.2 MBFor this episode, we welcome our friend Twig. Twig is a member of IBM’s X-Force Red and a social engineer. She tells us about a lock identification tool that she created and presented at Shellcon. She also takes us through a vishing engagement and the various strategies that she uses.
Episode 58: Siobhan Kelleher - "Be Stubborn and Want to Learn"
May 10, 2021 11:00 - 22 minutes - 32.6 MBFor this episode, we're joined by Siobhan Kelleher, also known as @Secure_Coffee. Siobhan's day job is in higher ed but she got introduced to OSINT by joining in to a Trace Labs Capture the Flag competition at the 2019 Layer 8 Conference. She has worked in sales, so she's also always had a knack for social engineering, plus it appears to run in her family. Let's hear from Siobhan about the strategies and many tools that she has learned to use during her OSINT investigations.
Episode 57: Collegiate Social Engineering Capture the Flag Organizing Team
May 03, 2021 11:00 - 1 hour - 88.9 MBThe main organizers of the Collegiate SECTF include Temple University's CARE Lab of Professor Aunshul Rege, Rachel Bleiman and Katorah Williams, plus Patrick Laverty from Layer 8 Conference. In this episode, the team discusses the origins of the SECTF, how it works, who can compete, as well as the impressions of the competition by graduate students Rachel and Katorah. If you are a college student and would like to compete in this tournament, this is a can't miss episode!
Episode 56: Michele Stuart - Evolution of OSINT Tools and Talking Her Way Into a Super Bowl Party
April 26, 2021 11:00 - 43 minutes - 59.4 MBFor this episode, we speak with Michele Stuart of JAG Investigations. Michele is a social engineer and OSINT investigator. She also offers training on her strategies and techniques. Michele tells us about the OSINT tools that she used when she first got started in the field, which was before searching on the internet became common. She also tells us how she talked her way into a Super Bowl party and also ended up selling raffle tickets at a holiday party!
Episode 55: Magic and Social Engineering with Lee Anderson, Richard Davy and Chris Kirsch
April 19, 2021 11:00 - 1 hour - 92.7 MBFor this episode, we speak with three social engineers who are also hobbyists in the art of magic. Magic is often about deception, distraction and sleight of hand techniques. We'll talk with Lee, Richard and Chris about how they got started learning these techniques, as well as some of the psychology needed to make people believe the tricks and find the overlaps with social engineering.
Episode 54: Searching the Dark Net with Levitannin
April 12, 2021 11:00 - 36 minutes - 49.5 MBWhat is the dark net, the dark web, the clear web and the differences between them? For this episode, we'll hear some fun stories from Levitannin, an OSINT researcher and Innocent Lives Foundation volunteer. Are Red Rooms real? And what are some of the places to look for some of the rumored illicit information that is on these layers of the internet? Join Levi today and find out all this, plus even more! And you can also join Levi for the Innocent Lives Foundation gamer streams on Twitch! ...
Episode 53: Collegiate SECTF with Ragnhild "Bridget" Sageng, Prof. Aunshul Rege and TinkerSec
April 05, 2021 11:00 - 1 hour - 135 MBFrom October 2nd to 4th, six teams competed in the first ever Collegiate Social Engineering Capture the Flag competition at Temple University. They were tested on their ability to perform OSINT, create a phishing email and even make phone calls to gain information. This episode speaks with the creator of the competition, Professor Aunshul Rege and the winner of the competition, a one-woman team from Noroff University College in Norway, Ragnhild "Bridget" Sageng. We also have one of the judge...
Episode 52: Tokyo_v2 - Anonymous Reviews Might Not Be So Anonymous
March 29, 2021 11:00 - 12 minutes - 17.3 MBFor this episode, we welcome our friend Tokyo. Tokyo is a member of Team Searchlight community, and is the author of many blog posts on OSINT investigations. Today, Tokyo shows us the steps, methodology and tools that can be used to trace a single online review all the way to the person who left it.
Episode 51: Stephanie LeHart - The Defcon Social Engineering Capture the Flag Experience
March 22, 2021 11:00 - 48 minutes - 66.9 MBFor this episode, we hear from Stefanie LaHart. Stefanie is an expert social media strategist and podcaster who has competed in the Defcon social engineering capture the flag competition twice! She tells us how she got into the competition as someone who was unfamiliar with the terms social engineering and OSINT, showed up to the competition without much of a strategy and figured it out on the spot. She also tells us about what happened when a person from her competition target was in the au...
Episode 51: Stefanie LaHart - The Defcon Social Engineering Capture the Flag Experience
March 22, 2021 11:00 - 48 minutes - 66.9 MBFor this episode, we hear from Stefanie LaHart. Stefanie is an expert social media strategist and podcaster who has competed in the Defcon social engineering capture the flag competition twice! She tells us how she got into the competition as someone who was unfamiliar with the terms social engineering and OSINT, showed up to the competition without much of a strategy and figured it out on the spot. She also tells us about what happened when a person from her competition target was in the au...
Episode 50: BOsintBlanc - Let's Talk Methodology
March 15, 2021 11:00 - 21 minutes - 29.8 MBFor this episode, we welcome BOsintBlanc. He loves to use OSINT tools and loves to help others with their OSINT skills. But there's one thing that he'd love to see everyone do before using tools. That is to develop a solid methodology and mindset around the OSINT process. In this episode, he talks about how he got started in OSINT and other tips and tricks to refining your own methodology. Also, he asks that you consider making a donation to the National Child Protection Task Force, where he...
Episode 49: Nicole Beckwith - Going Undercover for Roses and the PornHub Interview
March 08, 2021 12:00 - 28 minutes - 41.5 MBFor this episode, we welcome Nicole Beckwith. Nicole is a Staff Cyber Intel Analyst with GE Aviation. She previously worked in law enforcement and was tasked with going undercover into the world of sex work. She played the role of a sex worker and explains all the background and research that went into it, learning the language, the acronyms, the signal words and ways to protect herself in the job. She also tells a second story of a night when one unsuspecting person crossed paths with Nicol...
Episode 48: Phillip Wylie - Pwn School, Pentester Blueprint, and Wrestling a Bear!
March 01, 2021 12:00 - 45 minutes - 60.2 MBIn this episode, we talk with Phillip Wylie. Phillip is a former professional wrestler turned hacker and now teacher, and an ambassador to the Innocent Lives Foundation. Please donate today on Phillip's page! Phillip works as an offensive security instructor for INE, he created the Pwn School, co-authored The Pentester's Blueprint with Kim Crawley which he also turned into a conference presentation, and also co-hosts the podcast The Uncommon Journey with Alyssa Miller and Chloe Messdaghi. Ph...
Episode 47: Deviant Ollam - The Covert Entry Specialist
February 22, 2021 12:00 - 41 minutes - 59.1 MBFor this episode, we speak with @DeviantOllam who runs both the Core Group and Red Team Alliance. Deviant is also the author of two books, Practical Lock Picking: A Physical Penetration Tester's Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks. Today, Deviant tells us three stories of covert entry, including much of his strategy, tips, techniques and the social engineering that goes into an engagement. He...
Episode 46: Ryan MacDougall and Curt Klump - Using OSINT to Get the Win!
February 15, 2021 12:00 - 16 minutes - 25.8 MBFor this episode, we talk with Ryan MacDougall, the Chief Operating Officer at Social-Engineer.org and Curt Klump, a Human Risk Analyst, also at Social-Engineer.org. They tell two stories of using OSINT during social engineering engagements. In Ryan's, he shows how sometimes no matter how deep you dig, it might not be enough. In Curt's story, he tells us about ways that he was able to use OSINT to find a ghost. Curt and Ryan also join us to talk about the upcoming Human Hacking Conference ...
Episode 45: Zlata Pavlova - Доверяй, но проверяй
February 08, 2021 12:00 - 26 minutes - 38.7 MBДоверяй, но проверяй - Doveryai, No Proveryai (Trust, but verify) For this episode, we welcome Zlata Pavlova aka @3latka_ on Twitter. By day, Zlata works with InGuardians but she is also working with OSINT and social engineering. Zlata speaks multiple languages which is a big asset with the type of OSINT she does. Today, she walks us through the steps that a hacker took to take control of a celebrity's Instagram account.
Episode 44: Jon Nichols and John Kirbow - PsyOps and Disinformation Campaigns
February 01, 2021 12:00 - 1 hour - 101 MBFor this episode, we talk with Jon Nichols, aka @WVUAlphaSoldier and @JohnKirbow, two men trained by the US military in psychological operations and disinformation. We talk with them about current disinformation campaigns, where they come from, how they work and how people can start to understand each other again.
Episode 43: Benjamin Strick - OSINT Takedown of West Papua Disinformation
January 25, 2021 12:00 - 21 minutes - 30.3 MBFor this episode, we welcome Benjamin Strick, also known as BenDoBrown on Twitter. Ben tells us of an investigation that he published for Bellingcat where he was seeing contrasting information coming from Indonesia during a genocidal event. He began digging in, starting with a Twitter timeline that was publishing videos and eventually got to the source, but not without experiencing death threats for his work along the way. You can find Ben's writeups here: https://www.bellingcat.com/news/r...
Episode 42: Edward Miro - Social Rideshare Experience and Hacking Your Own Brain
January 18, 2021 12:00 - 30 minutes - 44.1 MBWe welcome Edward Miro to this week's episode. You can find his work on YouTube at https://www.youtube.com/MiroLabs or his own site, https://mirolabs.info. In this episode, Edward walks us through his start in the field as he gave a presentation in the Defcon Social Engineering Village to hundreds of attendees, and he talks about social tips he learned as a rideshare driver and also tells us how we can hack our own brain.
Episode 41: Leon Johnson and Shane Young - Pwning the Check Casher
January 11, 2021 12:00 - 33 minutes - 46.8 MBTwo expert social engineers, Leon (“sho_luv“) Johnson and Shane (“t1d3nio“) Young are assigned to infiltrate a financial institution. In this episode, they tell us how they went on the roof, to the basement, got into the safe and even got some valuable shirts for themselves.
Episode 40: Hakeem Thomas - The Unredaction Expert
January 04, 2021 12:00 - 14 minutes - 21.1 MBHakeem Thomas tells us about his start in OSINT, beginning with a Capture the Flag competition where he got a simple, helpful tip that led him in a career direction. He also became the expert at being able to unredact a great deal of hidden information in documents, some of which he'll share with us. You can find Hakeem on Twitter at @S6Vet_Infosec
Episode 39: Jenny Radcliffe - The Cat and the Cake (and the Open Window)
December 28, 2020 12:00 - 20 minutes - 29.1 MBWe get to talk with social engineer and fellow podcaster Jenny Radcliffe as she tells us a couple great stories. The first story is one that she has never told before, and the second one is what she did when on an SE job and faced with a birthday cake, a cat, and an open window. You can see Jenny's work and check out her podcast at https://humanfactorsecurity.co.uk
Episode 38: Tigran Terpandjian - The Experience Catch-22
December 21, 2020 12:00 - 17 minutes - 25.3 MBWe have Tigran Terpandjian, also known as Th3CyF0x talking to us about how he also faced the common Catch-22 of needing experience to get a job, but how do you get the experience without a job. He talks about the strategies that he used and gives tips on things others than try too. You can also ask Tigran about his love of foxes and ramen!
Episode 37: Billy and Vache - Flair Bartending and SE
December 14, 2020 12:00 - 37 minutes - 55.3 MBThis is an interview episode with Billy (@fuzzy_logic) Boatright and Vache (@flying.v) Manoukian. These guys are social engineers and flair bartenders. During this interview, Billy and Vache talk about how quickly the build rapport and some of the tips and tricks they have for winning people over quickly.
Episode 36: Inês Narciso - Teamwork Makes Dreamwork
December 07, 2020 12:00 - 20 minutes - 29 MBOur friend, Inês Narciso talks about how to best use multi-disciplinary teams to be most efficient during OSINT and social engineering investigations. She talks about bringing together specialists to create teams that will better get the needed information. You can find Ines on Twitter at @IWN_LX and she also presented at the Layer 8 Conference in 2020 on OSINT’s Role Tackling Disinformation In Portuguese Elections
Episode 35: Joshua Richards - Buying/Selling Body Parts on the Dark Web
November 30, 2020 12:00 - 23 minutes - 36.9 MBJoshua Richards, is also known as AccessOSINT on twitter and can be found as an administrator on the Searchlight Discord server. Josh was doing a little searching on the dark web one day and found someone looking to sell human body organs. In this episode, he tells us how he used OSINT to discover the identity of the person, and hand that information off to law enforcement officials. You can read Josh's blog at https://accessosint.com/
Joshua Richards - Buying/Selling Body Parts on the Dark Web
November 30, 2020 12:00 - 23 minutes - 36.9 MBJoshua Richards, is also known as AccessOSINT on twitter and can be found as an administrator on the Searchlight Discord server. Josh was doing a little searching on the dark web one day and found someone looking to sell human body organs. In this episode, he tells us how he used OSINT to discover the identity of the person, and hand that information off to law enforcement officials. You can read Josh's blog at https://accessosint.com/
Episode 34: Shelby Dacko - ScaryLilHuman in the Trash Chute
November 23, 2020 12:00 - 11 minutes - 16.1 MBFor this episode, Shelby Dacko, also known as @ScaryLilHuman tells us how she got started as a social engineer, and also about one engagement where the team was running into roadblocks. That is, until they discovered one path into the server room was through a very narrow trash chute that only a small person could fit through. Shelby fit the bill. Catch Shelby teaching a course on vishing at the Human Hacking Conference from March 11th to 13th.
Shelby Dacko - ScaryLilHuman in the Trash Chute
November 23, 2020 12:00 - 11 minutes - 16.1 MBFor this episode, Shelby Dacko, also known as @ScaryLilHuman tells us how she got started as a social engineer, and also about one engagement where the team was running into roadblocks. That is, until they discovered one path into the server room was through a very narrow trash chute that only a small person could fit through. Shelby fit the bill. Catch Shelby teaching a course on vishing at the Human Hacking Conference from March 11th to 13th.
MangoPDF - The "Don't Get Arrested Challenge"
November 16, 2020 12:00 - 36 minutes - 56.6 MBMangoPDF, also known as Alex Hope is from Australia. One day, a friend asked him what information can he get from a simple boarding pass. With this, the "Don't Get Arrested" challenge began. What information can one person get from a boarding pass, what kind of legal trouble might it lead to and who might even call your phone. All things Alex found out! You can follow along with Alex's story on his blog at The Mango.PDF.Zone!
Episode 33: MangoPDF - The "Don't Get Arrested Challenge"
November 16, 2020 12:00 - 36 minutes - 56.6 MBMangoPDF, also known as Alex Hope is from Australia. One day, a friend asked him what information can he get from a simple boarding pass. With this, the "Don't Get Arrested" challenge began. What information can one person get from a boarding pass, what kind of legal trouble might it lead to and who might even call your phone. All things Alex found out! You can follow along with Alex's story on his blog at The Mango.PDF.Zone!
Marina Ciavatta - Tropical Spy: Stories And Tricks From Social Engineering
June 29, 2020 19:58 - 43 minutes - 79.2 MBHere is Marina's presentation from the Layer 8 Conference. She did not want the video released but allowed for the audio.
Episode 32: Marina Ciavatta - Tropical Spy: Stories And Tricks From Social Engineering
June 29, 2020 19:58 - 43 minutes - 79.2 MBHere is Marina's presentation from the Layer 8 Conference. She did not want the video released but allowed for the audio.
Episode 31: Joe Gray - His Origins and a Phish
June 29, 2020 11:00 - 22 minutes - 35 MBFor this episode, we welcome Joe Gray, a senior OSINT specialist at QOMPLX, a frequent public speaker at conferences and trainer of OSINT and social engineering. Joe joins us to tell us how he got into the field and how he got to where he is today. He also tells a second story about a particular phishing engagement where a senior manager built him up as someone who was unstoppable. But was he? Let him tell you how that went.
Episode 30: Brent White and Tim Roberts
June 22, 2020 12:24 - 51 minutes - 78.2 MBFor this episode, we veer off course again. This time, to talk with Brent White and Tim Roberts from NTT Security and their own site wehackpeople.com. One day, Brent asked on twitter what types of things people would want to know about social engineering and he got some great questions. I asked and he and Tim agreed to answer those questions on this podcast. Let’s hear their answers now.
Episode 29: Social Engineers from Rapid7
June 15, 2020 11:00 - 57 minutes - 85.9 MBFor this episode, we talk with three expert social engineers from Rapid7. Leon Johnson, Aaron Herndon and Jonathan Stines will tell us about some of the best security they’ve seen, some of the worst, some of the tools they carry on an engagement and how they sleep at night, knowing it is their job to trick people.
Episode 28: Josh (@Baywolf88) Huff
June 01, 2020 12:29 - 16 minutes - 24.3 MBFor this episode, we welcome Josh Huff, but you might know him as BayWolf88 on Twitter. He is a member of the OSINTCurious Advisory board and runs the web site LearnAllTheThings.net. In his experience doing digital forensics, he learned how to best frame information for those who hired him, which also helps with his OSINT investigations. Plus, he talks about how he dabbles in social engineering!
Episode 27: TrustedSec Social Engineers Ask Me Anything
May 25, 2020 11:00 - 56 minutes - 85 MBFor this episode, we have another Ask Me Anything treat for you. Today’s guests are four social engineers from TrustedSec. We’ll hear from David Boyd, Paul Koblitz, Scot Berner and Jason Lang. Let's talk about their favorite engagements, some times when things went well, and some engagements that didn’t go so well and how they handle the situation when an engagement goes upside down. We’ll hear of one time when a medical procedure almost went too far and plus some resources on how to get sta...
Episode 26: Krittika Lalwaney - One Woman's Domination in a Male Dominated Field
May 18, 2020 11:00 - 23 minutes - 34.5 MBFor this episode, we welcome Krittika Lalwaney. Krittika is a red teamer on the offensive security team for Capital One. She is a social engineering capture the flag black badge winner at DerbyCon in 2018. She takes us through her career path, where she started, which was not in IT, to eventually joining a SOC, catching a red teamer due to her awareness, all the way to her successes of today. This is a story of one woman’s domination in a male dominated field. Take it away Krittika!
Episode 25: Tracy Z. Maleeff, a.k.a. The InfoSecSherpa
May 11, 2020 11:00 - 53 minutes - 80.6 MBFor this episode, we welcome Tracy Z. Maleeff, also known as InfosecSherpa. He has a blog set up at medium.com/@infosecsherpa and a newsletter at nuzzel.com/infosecsherpa. Tracy harkens us back to her presentation from Layer 8 Conference last year titled Lawyers, Guns and Money where she showed us great sources of OSINT research. Today, she gives us even more sources to search and explains how at the heart of it, security is a people problem so let’s also focus on interpersonal communication...
Episode 24: OSINT AMA with Noneprivacy and Ding0snax
May 04, 2020 11:00 - 48 minutes - 74 MBFor this episode, we break our format again and interview two OSINT experts, Francesco Poldi and Jason Edison. Also known as @NonePrivacy and @Ding0snax on Twitter. These two are commonly found sharing information on the https://osint.team server. In this “Ask Me Anything” find out their thoughts on an OSINT mindset, some investigations they have dug in to, what gets them excited and how you can also be a better OSINT investigator.
Episode 23: Amanda Berlin - The $15,000 Teddy Bear
April 27, 2020 11:00 - 12 minutes - 19 MBFor this episode, we welcome Amanda Berlin of Blumira. She is also the CEO of the non-profit organization Mental Health Hackers, and can be found on twitter at InfoSystir. Today, she tells us about a romance scam where she helped a friend finally understand she was being duped, and explains how these work, plus she’ll tell us a little bit about a fifteen thousand dollar teddy bear.
Episode 22: Derrick Levasseur - Going to College...for the Bust
April 20, 2020 12:19 - 21 minutes - 32.1 MBFor this episode, we welcome Derrick Levasseur, winner of Big Brother season 16, host of the Discovery ID tv show Breaking Homicide and the author of the best selling book, Undercover Edge, which helps you find your strengths and gain confidence to win in all situations. Derrick tells us the story about the first time he went undercover as a police officer and the methods he used to quickly gain the trust of a university drug dealer over a few games of pool that eventually led to a bust.
Episode 21: Adam Compton - The Ladder and the Big Gulp
April 13, 2020 11:10 - 18 minutes - 27.6 MBFor this episode, we welcome Adam Compton, a pentester and social engineer for TrustedSec. You can also meet TrustedSec at the Layer 8 Conference, and you can find Adam on twitter at Tatanus. Adam talks about the various ways and methods that he was able to successfully test the physical security of a health care facility, using the remnants of a Big Gulp and a ladder in the snow, as well as simply asking for a tour.
Episode 20: Ritu Gill - Tips and Tricks from OSINTtechniques
April 06, 2020 12:02 - 11 minutes - 17 MBFor this episode, we welcome Ritu Gill, also known as OSINTTechniques on twitter and at osinttechniques.com. First, Ritu helps us to understand the differences between intelligence and data. Then she takes us through some examples of combinations of OSINT and social engineering. In one such example, she finds a way to get a target to reveal his real name on Facebook. She also tells us about canary tokens and phone spoofing.
Episode 19: Jayson E. Street - "One of the Best Stories I Can Tell"
March 30, 2020 11:40 - 23 minutes - 36.9 MBFor this episode, we welcome Jayson E. Street, VP at SphereNY and will be teaching a two-day course at Blackhat titled “Access Denied - Social Engineering Detection and Incident Response”. Jayson tells us about a huge success for him, getting caught. Physical social engineers are often able to breach a company’s physical defenses, but are we teaching the client how to improve? Jayson proudly tells us about one incredible success story.
Episode 18: Christina Lekati - They Never Saw Her Coming
March 23, 2020 12:17 - 21 minutes - 31.8 MBFor this episode, we welcome Christina Lekati, a social engineer and psychologist for Cyber Risk Gmbh in Switzerland. You can find her on twitter at ChristinaLekati. Christina was tasked with confirming one client’s suspicions that their employee was stealing information from them. In this story, you’ll hear that the target had no idea what was coming for him once Christina got started.