The UNSECURITY Podcast – Episode 39 Show Notes

HAPPY FRIDAY! You made it through another week. Did you survive or did you thrive? Hmm. Something to think about, I suppose.

Good week here for me, the folks at FRSecure and the folks at SecurityStudio. Most weeks are good weeks really.

I was in town all week, but not in the office too much. Came in for meetings, then excused myself for more writing. Most of my days are consumed by writing lately. Writing a few blog posts, a few articles, and working on the upcoming book.

I’ll leave it at that for now. Many exciting things to share, but we’ll be patient and let them take a little more shape before sharing.

Did you catch episode 38 of the UNSECURITY Podcast? John Harmon, the president of SecurityStudio was in studio and we had a great chat. John and I are working well and working closely together. It’s a blast!

This week’s show, episode 39, is a real treat. “Ben” comes back in studio to give us the lowdown on what he’s been up to. I’m excited for you to hear what he’s got to say. This show is released on Monday (8/5), so be sure to look for it!

On to the show notes…


SHOW NOTES – Episode 39

Date: Monday, August 5th, 2019

Today’s Topics:

Our topics for the week include:

  • Conversation with “Ben”
    • Research
    • Responsible Disclosure
    • Social Engineering (SE) Things
    • Team Ambush
    • DEF CON
  • Industry News

[Evan] – Hello listeners, and welcome to episode 39 of the UNSECURITY Podcast. My name, for those of you who don’t know, if Evan Francen. I’m your host for today’s show, again. Scheduling stuff for security people is always a pain in the ass, and this week is no different. We’re recording this show on Friday because I’m out of the office next week. This is still Brad’s vacation, so he’s out of hand for hosting. All this means that I get to host again! That’s cool, right?!

Brad will be back next week, and he’ll have a great show planned I’m sure.

Now, you don’t want to sit there and listen to this voice for an entire show, so I invited someone last minute to join me. I found “Ben”! Want to say hi to the listeners Ben?

[Ben] Ben does Ben.

[Evan] Ben, thank you for agreeing to join me, especially last minute like this.

[Ben] Ben does Ben.

[Evan] Ben’s not your real name, right? So why do we call you “Ben”?

[Ben] Ben does Ben.

[Evan] You were here back in episode 14 (February 11). It was a great talk then, and this one will certainly be as good or better. Ben, you live a damn cool life, at least as it goes for security people. You cool if we talk about some of the things going on with you?

[Ben] Ben does Ben.

Conversation with “Ben”

Topics to discuss with Ben include:

  • Research
  • Responsible Disclosure
  • Social Engineering (SE) Things
  • Team Ambush
  • DEF CON

[Evan] See, I told you. Ben does cool stuff, and a lot of it! We could have talked for hours, but we can’t do that here. Let’s close with some news.

Industry News

Plenty of news this week, but arguably the most talked about is the Capital One breach. Instead of what’s in your wallet, now the joke is “who’s” in your wallet. Seriously though, this was big news this week.

Here’s our news to discuss in this week’s show.

Closing

[Evan] – So, there you go. That’s how it is. Ben, a huge thank you for joining me this week. Best of luck to you and all of Team Ambush this week at DEF CON. You’re going to have a great time and I can’t wait to hear how things went. Also, as always, thank you to our listeners. The podcast continues to grow and we’re grateful. Keep the awesome feedback coming, send it to unsecurity@protonmail.com. If you give us something real cool, we’ll mention it. Without your approval of course. Wait. That’s not right. I mean WITH your approval.

If you’d like to be a guest on the show or if you want to nominate someone to be a guest, send us that information too.

Ben, how can people reach out to you? Or do you even want people to reach out to you?

[Ben] People can reach me through Twitter. My Twitter handle is @M1ndFl4y. I don’t post much, but you can reach me through a DM there.

[Evan] OK. Thanks again. Find us on Twitter for daily chatter. I’m @evanfrancen and Brad’s @BradNigh. Have another great week everybody!

OSINT (and Human Trafficking) Resources and Suggestions

I’m writing this article for two reasons. To give props to our community and to summarize the quality responses that I got to a recent tweet.

Props

First off, I’d like to give HUGE props to our information security community. Last week I posted the following on Twitter.

I use Twitter like many people do, I’ll respond to interesting topics and post thoughts about things. I’ll get an occasional “Like” here or there for something, and maybe even a “Retweet” once in a while. My expectations are fairly low when it comes to Twitter.

Then, boom! At least boom for me. This tweet gets 442 Likes, 63 Retweets, and a boatload of good responses. THANK YOU INFORMATION SECURITY COMMUNITY! My faith in us is intact.

OSINT (and human trafficking) Suggestions

Here’s the discussion, in no particular order really because I suck or Twitter sucks. Either way, I had too much trouble figuring out how get conversations out in a nice format. Like stubbing my toe on a coffee table over and over again.

This slideshow requires JavaScript.

As you can see there are some great responses and resources.

Resources Cited

Here are some of the resources that were collected/referenced. They are completely unorganized, and I’m sure I missed a few. Keep coming back, I’ll organize more and add to this list. If you have more suggestions, comment on the post.

IntelTechniques.com (Web)

@IntelTechniques

@HumanHacker (Chris Hadnagy)

TraffickCam

Hetherington Group

Bellingcat (Web)

@Bellingcat

@kpadvocacy (Kate Price)

OSINTCurio.us

@OsintCurious (OSINTCurious)

Trace Labs (Web)

@TraceLabs

Layer 8 Conference (Web)

@Layer8Conf

@Ginsberg5150 (Frank Castle)

@ReconVillage

@InnocentOrg

Paterva (Maltego)

@hunchly (OSINT Framework)

@osintbrowser

Timothy De Block (Blog)

Open Source Intelligence 101 (April Wright’s talk at 2018 Wild West Hackin’ Fest)

@aprilwright (April C. Wright)

Polaris Project

National Center for Missing and Exploited Children

Certified Human Trafficking Investigator (CHTI)

@C_3PJoe (Joe Gray)

@Dolph_Lundgren (Yes, that Dolph Lundgren)

Dolph Lundgren’s Tech Talk

@HydeNS33K (Jek Hyde)

OSINT.team (Forum; ask questions)

@technisette

@dutch_osintguy

@InfoSecSherpa

@osintpodcast

@BadassBowden (Katelyn Bowden)

The Badass Army

@Sector035

@jms_dot_py (Justin Seitz)

Dehashed.com

pipl

Hunter.io

So, there you go. I was really impressed with this response, and I’m excited to watch my best friend find her way in all of this.

Tons of great advice, but think the best came from @SecurityTrails:

”She shouldn’t overwhelm herself with resources and trying to learn everything at once. Even learning how to navigate a Linux shell is a great starting point so that she can master more complex commandline tools. Welcome to the infosec family!”

Come back later too. I’ll be re-organizing and adding to this post later.

Again, THANK YOU!