Layer 8 Podcast

People claim degrees and credentials that they haven't earned. This could be for a number of reasons, whether professional or personal. In this episode, we speak with the Fake PhD Investigator, a person who uses OSINT to determine whether the doctorate degree that someone claims, has actually been conferred on them. This episode goes through the methodology, some stories and some of the reasons that someone might claim to have earned a doctorate degree when they actually have not.  You can find the Fake PhD Investigator on twitter at FakePhD_reveal. 

Jason Downey is a penetration testing security consultant with Red Siege and is known as HackAndBackpack on Twitter. In this episode, we talked with Jason about phishing, vishing and on-site physical social engineering engagements. He talked about some of the tools he uses, some of his successes and some campaigns that might not have gone exactly to plan. Plus, find out how the Legend of Zelda's Triforce can help people understand a path into this industry.  More information about Jason can be found on his web site, https://hackandbackpack.com 

We talk with Steven Harris, aka @nixintel who is an Executive Board Member with @OSINTCurious and is currently employed by Qomplx to perform investigations. He also teaches SEC 487 for SANS. In this episode, we walk through some of the Quiztime investigations that he did on his web site (https://nixintel.info) and another where he was able to figure out exactly who was plagiarizing his content. Steven gives great advice for people starting out, what they should focus on and the value of learning Python.

Griffin is also known online as @hatless1der. You can find his tips and blog articles at hatless1der.com and at the Ultimate OSINT Collection. Griffin is also a part of the National Child Protection Task Force (NCPTF) where he is a speaker at their conference. He also speaks at the ConINT conference. In this episode, Griffin discusses how to do OSINT investigations that require pivoting off data, how to find people who really don't want to be found, and some great ways to get started in the field of OSINT, plus a whole lot more! 

Josten Peña is a Human Risk Analyst at Social Engineer, LLC. Josten performs risk testing with contracted company employees via phone calls and email. In this episode, Josten focuses on various shortcuts our brains use, commonly known as biases, that can help in some situation, but can also be detrimental in others. Josten describes these biases and how a social engineer might use them to achieve the desired goals.

In this episode, we talk with Erich Kron from KnowBe4. We go into a number of topics, but mainly focus on phishing. Erich talks about phishing as a service, ransomware as a service and gives recommendations on how to best perform your own phishing engagements within your company. 

Oliver Lebhardt is the creator and CEO of Complytron, a tool used for OSINT investigations to determine if seemingly unrelated websites are actually related. In addition, Complytron has data about politically-exposed people (PEP), people who have been sanctioned and who are on government watchlists. The data can be heavily used in anti-money laundering situations, but is also valuable for human intelligence. Oliver's background is in investigative journalism and has paired his investigatory skills with code developers who have built this powerful database that offers free trials. He originally created the Source Code Leak Project which received funding from Google's Digital News Innovation Fund in 2019. 

Chris Russell, the CISO of tZero, is @cr00ster on twitter and https://github.com/cr00ster, joins us today to talk about his experience in the military and how he obtained intelligence during the Iraq War. Chris talks about some of the techniques used to help determine when people were telling the truth and when some might have just been looking for a payday. He also talks about his biggest social engineering concern from a CISO's perspective, and why we should focus on treating developers well. 

Known online as @LockDownUrLife, we talk about how she helps people who have been a victim of online scams and harassment. She also talks about ways we can protect our own privacy, and what you can do when you are threatened or harassed. Her web site with a lot more information can be found at https://LockDownYourLife.com

Our guest this week is Andrew Lemon, who often just goes by "Lemon." You can find Lemon on Twitter as @LemonItUp or on his YouTube channel with original hacking videos. In this episode, we discuss a presentation he gave at the 2021 Armed Forces Communications and Electronics Association conference titled "A Social Engineer's Toolkit". He had some fun physical social engineering stories on ways he gets into facilities, on how he tries to get caught and even a story about why one of his engagements didn't go to plan.