Layer 8 Podcast

For this episode, we veer off course again. This time, to talk with Brent White and Tim Roberts from NTT Security and their own site wehackpeople.com. One day, Brent asked on twitter what types of things people would want to know about social engineering and he got some great questions. I asked and he and Tim agreed to answer those questions on this podcast. Let’s hear their answers now.

For this episode, we talk with three expert social engineers from Rapid7. Leon Johnson, Aaron Herndon and Jonathan Stines will tell us about some of the best security they’ve seen, some of the worst, some of the tools they carry on an engagement and how they sleep at night, knowing it is their job to trick people.

For this episode, we welcome Josh Huff, but you might know him as BayWolf88 on Twitter. He is a member of the OSINTCurious Advisory board and runs the web site LearnAllTheThings.net. In his experience doing digital forensics, he learned how to best frame information for those who hired him, which also helps with his OSINT investigations. Plus, he talks about how he dabbles in social engineering! 

For this episode, we have another Ask Me Anything treat for you. Today’s guests are four social engineers from TrustedSec. We’ll hear from David Boyd, Paul Koblitz, Scot Berner and Jason Lang. Let's talk about their favorite engagements, some times when things went well, and some engagements that didn’t go so well and how they handle the situation when an engagement goes upside down. We’ll hear of one time when a medical procedure almost went too far and plus some resources on how to get started in social engineering.

For this episode, we welcome Krittika Lalwaney. Krittika is a red teamer on the offensive security team for Capital One. She is a social engineering capture the flag black badge winner at DerbyCon in 2018. She takes us through her career path, where she started, which was not in IT, to eventually joining a SOC, catching a red teamer due to her awareness, all the way to her successes of today. This is a story of one woman’s domination in a male dominated field. Take it away Krittika!

For this episode, we welcome Tracy Z. Maleeff, also known as InfosecSherpa. He has a blog set up at medium.com/@infosecsherpa and a newsletter at nuzzel.com/infosecsherpa. Tracy harkens us back to her presentation from Layer 8 Conference last year titled Lawyers, Guns and Money where she showed us great sources of OSINT research. Today, she gives us even more sources to search and explains how at the heart of it, security is a people problem so let’s also focus on interpersonal communications.

For this episode, we break our format again and interview two OSINT experts, Francesco Poldi and Jason Edison. Also known as @NonePrivacy and @Ding0snax on Twitter. These two are commonly found sharing information on the https://osint.team server. In this “Ask Me Anything” find out their thoughts on an OSINT mindset, some investigations they have dug in to, what gets them excited and how you can also be a better OSINT investigator.

For this episode, we welcome Amanda Berlin of Blumira. She is also the CEO of the non-profit organization Mental Health Hackers, and can be found on twitter at InfoSystir. Today, she tells us about a romance scam where she helped a friend finally understand she was being duped, and explains how these work, plus she’ll tell us a little bit about a fifteen thousand dollar teddy bear.

For this episode, we welcome Derrick Levasseur, winner of Big Brother season 16, host of the Discovery ID tv show Breaking Homicide and the author of the best selling book, Undercover Edge, which helps you find your strengths and gain confidence to win in all situations. Derrick tells us the story about the first time he went undercover as a police officer and the methods he used to quickly gain the trust of a university drug dealer over a few games of pool that eventually led to a bust.

For this episode, we welcome Adam Compton, a pentester and social engineer for TrustedSec. You can also meet TrustedSec at the Layer 8 Conference, and you can find Adam on twitter at Tatanus. Adam talks about the various ways and methods that he was able to successfully test the physical security of a health care facility, using the remnants of a Big Gulp and a ladder in the snow, as well as simply asking for a tour.