Breadcrumbs by Trace Labs

The best Social Engineers do a tremendous amount of research before engaging a target. As luck would have it, we get to speak with one of them today! Chris and I talk about the pivotal role of OSINT in preparing for an SE engagement and also get a "peek behind the curtain" in relation to OSINT sources during a Social Engineering "capture the flag" style competition.  Chris Kirsch is the CEO of runZero (www.runzero.com), a cyber asset management company he co-founded with Metasploit creator HD Moore. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering capture the flag competition at DEF CON, the world's largest hacker conference. If you'd like to learn more about Chris and the organizations he advocates for: Defcon 2022 OSINT & vishing research: https://medium.com/@chris.kirsch/top-osint-sources-and-vishing-pretexts-from-def-cons-social-engineering-competition-8e08de4c8ea8 Winning call from DEF CON SECTF 2017: https://www.youtube.com/watch?v=yhE372sqURU External perimeter recon using runZero: https://www.runzero.com/blog/external-scanning/ Competitive Intelligence talk at Layer 8 Conference: https://www.youtube.com/watch?v=NB-wLadJ3hk Facebook Talent Intelligence Collective: https://www.facebook.com/groups/talentintelligencecollective National Child Protection Task Force (NCPTF): https://www.ncptf.org/ Twitter profile: https://twitter.com/chris_kirsch Mastodon profile: https://infosec.exchange/@chris_kirsch LinkedIn profile: https://www.linkedin.com/in/ckirsch/ Chris' company: https://www.runzero.com/ Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

In this bonus episode, Tom Hocker and Rae Baker sit down to talk about their respective journeys in to infosec. Getting in to Infosec can seem challenging but if these two can do it so can you. With a little bit of forward momentum and a clear goal in mind you can pretty much achieve anything.Rae on Twitter: https://twitter.com/wondersmith_raePre-Order Rae's Book: https://www.amazon.com/gp/product/1119933242/ref=dbs_a_def_rwt_hsch_vapi_taft_p1_i0 Tom on Twitter: https://twitter.com/human_decodedTom and Rae would both like it if you considered supporting Operation Safe Escape and the great work they do:Operation Safe Escape - https://safeescape.orgOperation Safe Escape Donations - https://funraise.org/give/Operation-Safe-Escape/ca21cf2f-52c3-45c0-af23-fe9441b7b0b6Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

#Hack4Good can come in many different forms. The team from Operation Safe Escape works in the same "space" as Trace Labs but with a different mission. They're focused on assisting the survivors of domestic violence escape their situation and stay safe in a digital world that makes tracking and control easier than it's ever been. In this episode, I talk with some of the OSE team about the organization, how they operate and what it takes to make a Safe Escape from an abusive situation. Operation Safe Escape - https://safeescape.orgOperation Safe Escape Donations - https://funraise.org/give/Operation-Safe-Escape/ca21cf2f-52c3-45c0-af23-fe9441b7b0b6Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

Paying an organization to provide you with intelligence you either don't have access to or don't have the time to collect can expedite an investigation. But how does it work? Where does the intelligence come from? How do these businesses work? In this episode, Roelof gives us some insight in to the business of breach data and people information services.Vortimo: https://www.vortimo.com/Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

In this episode we have the good fortune of sitting down with xFreed0m - AKA Roei Sherman. Roei has been a Trace Labs contributor for several years and we take some time to talk about his journey in to infosec, OSINT and the Trace Labs community. Want to know how to get started in the industry? Want to hear about OSINT's use in red team operations? We've got you covered on this episode.Roei on Twitter: x_Freed0mRoei on Github: xFreed0mhttps://betheadversary.com/Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

Today we're joined by Roelof Temmingh. Roelof is the creator of OSINT tools you've certainly heard of such as Maltego and Vortimo. Roelof recently got to test Vortimo in the context of a Trace Labs CTF and his team placed very well. In this episode we discuss the history/inception of these tools as well as CTFs vs Real World investigations. Vortimo: https://www.vortimo.com/Blog post about competing in the CTF: https://www.vortimo.com/competing-in-the-tracelabs-ctf-26-march-2022/Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

Spend enough time in almost any OSINT community and you'll notice that some people just keep dropping resource after resource for the community. Ever wonder where those resources come from or who these people are? Today we get to talk to ohshint_ about their professional background as a private investigator, OSINT resources and how NOT to use OSINTOhShINT_ on Twitter: @OhShINT_ OhShINT_ on Github: https://github.com/OhShINT Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

Have you ever been on an investigation and thought to yourself "I can't wait to explain this to someone else!"?....The information you collect during an investigation is only as useful as your ability to communicate its meaning and value. In this episode we sit down with professional pentester and *spoiler alert* professional report writer Brian King. We'll be going over the value of communicating your findings and some basic guidance that should lead you to writing better reports. Brian on Twitter: @BBhacKingHack for Show Report for Dough: Part 2 -  https://www.youtube.com/watch?v=bJ4gJVXPAS0&t=2933sBrian's webapp pentesting course - https://www.antisyphontraining.com/modern-webapp-pentesting-w-bb-king/How To Really Use Microsoft Word (Scott Hanselman) - https://www.youtube.com/watch?v=u8CC0sng1FMPublic Pentesting Reports, from Julio Cesarfort - https://github.com/juliocesarfort/public-pentesting-reportsWant to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org

OSINT investigations aren't always glamorous. In this episode we talk to Rae Baker about some overlooked (although incredibly practical) applications of OSINT as well has her journey in to the field.Rae on Twitter: @wondersmith_raeRae's Blog: https://wondersmithrae.medium.comOrganizations Rae donates time to: https://safeescape.org/https://www.innocentlivesfoundation.org/https://osintcurio.us/Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordLearn how to get started with Trace Labs: https://www.youtube.com/watch?v=7OrI4MYv9i4Learn about our Search Party CTFs: https://www.tracelabs.org/initiatives/search-party

OPSEC. By the time you realize you need it....it's probably too late. Where should a new person get started with OPSEC? How much do they need? In this episode we talk to Sinwindie about the OPSEC spectrum, good advice for beginners and share our favorite OPSEC fails.Sinwindie on Twitter: @sinwindieWant to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordLearn how to get started with Trace Labs: https://www.youtube.com/watch?v=7OrI4MYv9i4Learn about our Search Party CTFs: https://www.tracelabs.org/initiatives/search-party

Chase Matheson is a student, artist, hacker and creator behind the iconic Trace Labs badge artwork. Today we talk through his 15 month journey from complete outsider to landing his first infosec gig. Chase shares his journey, lessons learned and the strategy that got him where he is today.Chase on Twitter: @ChaseMathesonChase on Linked In: Chase MathesonWant to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Slack Channel: https://tracelabs.org/slackLearn how to get started with Trace Labs: https://www.youtube.com/watch?v=7OrI4MYv9i4Learn about our Search Party CTFs: https://www.tracelabs.org/initiatives/search-party

OSINT is a valuable skill. There are a number of organizations you can volunteer your time with to make the world a better place while leveraging something you're good at. Contributing to such a noble mission does come at a price though. In this episode I'm joined by volunteers from Trace Labs and the National Child Protection Task Force (NCPTF). We talk through the highs but also the lows that come with giving up your time to walk through the darkness. National Child Protection Task Force: https://www.ncptf.org/Jessica on Twitter: @scarlettsleuthAlex on Twitter: @UlicBelouveWant to learn more about Open Source Intelligence? Follow us on Twitter: @TraceLabsJoin our Slack Channel: https://tracelabs.org/slackLearn how to get started with Trace Labs: https://www.youtube.com/watch?v=7OrI4MYv9i4Learn about our Search Party CTFs: https://www.tracelabs.org/initiatives/search-party

Whether it's a Defcon talk, a training or Twitter, the researcher known as Levi is best known for their expertise navigating and investigating on the Darknet. In this episode, we'll be talking other things! Hear us chat with Levi about some of the (often unconsidered) mental health aspects that accompany their investigations and how they stay safe and healthy online.  Levi on Twitter: @levitanninLevi would like you to check out the Innocent Lives Foundation: https://www.innocentlivesfoundation.org/If you'd like to support the Innocent Lives Foundation AND enjoy Levi's book recommendation check out their affiliate link to Amazon: "Lurking: How a Person Became a User"Want to learn more about Open Source Intelligence? Follow us on Twitter: @TraceLabsJoin our Slack Channel: https://tracelabs.org/slackLearn how to get started with Trace Labs: https://www.youtube.com/watch?v=7OrI4MYv9i4Learn about our Search Party CTFs: https://www.tracelabs.org/initiatives/search-party

As the saying goes: You can't spell Pentest without "preparation"! OSINT collection is an important (and perhaps under-appreciated) part of penetration testing. In this episode we talk to John Strand about OSINT's place in a pentesting toolkit, what pieces of OSINT don't belong in a final report as well as the Black Hills approach to training (spoiler alert: They suck at capitalism). John Strand on Linked In: https://www.linkedin.com/in/john-strand-a1b4b62/Black Hills Information Security: https://www.blackhillsinfosec.com/Want to learn more about Open Source Intelligence? Follow us on Twitter: @TraceLabsJoin our Slack Channel: https://tracelabs.org/slackLearn how to get started with Trace Labs: https://www.youtube.com/watch?v=7OrI4MYv9i4Learn about our Search Party CTFs: https://www.tracelabs.org/initiatives/search-party

Open Source Intelligence isn't just for civilians. Law Enforcement can leverage different aspects of OSINT to further an investigation. Nicole will walk us through examples of OSINT being used for evidence collection, understanding the "why" behind a crime and so much more.Nicole on Twitter: @NicoleBeckwithWant to learn more about Open Source Intelligence? Follow us on Twitter: @TraceLabsJoin our Slack Channel: https://tracelabs.org/slackLearn how to get started with Trace Labs: https://www.youtube.com/watch?v=7OrI4MYv9i4Learn about our Search Party CTFs: https://www.tracelabs.org/initiatives/search-party

Social media platforms can form the cornerstone of a People OSINT investigation but what how do you approach a brand new platform? Today I'm joined by Jake Creps and he'll answer the question "What comes after Facebook?".

OSINT can have a profound effect on a person's life. In part 2 of our conversation, Alethe lays out some amazing career advice (with an OSINT twist) and walks us through the wonderful (and perhaps under appreciated) world of Real Estate OSINT.

OSINT can have a profound effect on a person's life. In part 1 of our conversation, Alethe walks us through the twists, turns and Death Star runs that her OSINT journey has taken.

Today we're joined by Angus Red (aka Charles Wroth). He'll walk us through the ways that job seekers can leverage OSINT to not only improve their chances of getting hired but also understand who they might be working for.

In this episode we talk with Micah Hoffman, creator of the WhatsMyName app, about the value of username enumeration.

In this episode, Mishaal Khan walks us through the ins and outs of OSINT collection on the one of the most popular professional networking sites in the world.

In this webinar we engage a panel of experts to hear their thoughts, experiences and best practices when it comes to sock puppet creation and maintenance.

In this episode we sit down with the Trace Labs team to get their take on 2020.

Rob Sell (founder of Trace Labs) reflects on 10+ years in Search And Rescue (SAR). He compares physical searches to virtual searches and discusses what one could learn from the other.

In this episode we're joined by Eva Prokofiev. She'll be walking us through her thoughts and methodologies around pivoting off of password breach data in to other pieces of intelligence.