Layer 8 Podcast

Brian Harris from the Covert Access Team is a social engineer, a physical pentester and a member of the black team. If you've heard of blue team, purple team and red team but not black team, you can hear what that is about in this episode!

Brian explains why all businesses should have their physical access tested, regardless of whether they believe the tester would be successful. Also, is it fair to test the third party cleaning crew during a test? We talk about this and a lot more!

Nathaniel Fried is the CEO of OSINT Industries. He's also one of the founding members and current chair of UK OSINT, a non-profit public meetup group.

In this episode, we talk about ways to perform OSINT with only a single selector, such as an email address, a phone number or a username.

We also discussed how he discovered that Donetsk was using western-based IT tools, in spite of sanctions. Nathaniel walked through this investigation with his OSINT methods.

He explained his thoughts on how to get started in the OSINT world, recommendations on areas to focus on and also told us a brief story of how he did not get extradited to the Philippines.

Matt Linton (@0xMatt)is a Googler and former NASA employee and red teamer. He has some opinions on the way we do phishing testing today with comparisons to how fire safety evolved. Even better, he offers solid solutions on how we can do better phishing testing so that people better understand the expectations of them and to still keep the enterprise protected.

In this episode, we discuss a blog post that he wrote for Google. You can read the blog post here: https://security.googleblog.com/2024/05/on-fire-drills-and-phishing-tests.html

Jennifer is a hacker, a social engineer, a locksmith and a private investigator. In this episode, we talk about how she got into each of those fields and about her path to being a part of her company's red team. She has some great social engineering stories including where she's climbing through a ceiling!

Phil Eil is an investigative journalist who has written for publications such as Vice, Huffington Post, the Boston Globe and the Providence Phoenix. But there was always one story he wanted to write.

In his new book, Prescription for Pain, Phil documents the story of Dr. Paul Volkman, a midwestern physician who was convicted of distribution of a controlled substance resulting in death, plus additional charges.

Phil tells us about the story but also describes the various less-common investigative (OSINT) tools that he used to tell the story.

This is the second part of a two-part podcast episode with Alethe Denis. If you missed the first part, you'll want to go back and listen to that first as this episode picks up, mid-story where Alethe has just caught the eye of a security guard during a social engineering engagement. Can she evade the guard or will the job come to an end?

Alethe is a senior security consultant with Bishop Fox, has given presentations to multiple conferences, including a keynote on redteaming. Alethe was also the featured guest on one of the most popular episodes of Darknet Diaries.

Alethe Denis is the first ever three-time guest to the Layer 8 Podcast. When Alethe comes on, we can swap stories for hours. And we did! This is part 1 of a two-part episode, as Alethe had so many great stories to share.

For this episode, she talks her way into buildings, tells us how she prepares her OSINT and when she knows it's time to go into the building.

Check back in two weeks for part 2!

For this episode, we're joined by Cynthia Navarro and Bret Anderson from OsmosisCon. They are the two people that head up the annual OSINT conference in Las Vegas. The conference will be October 20-22 and can be attended in person or remotely.

Cynthia and Bret tell us about the origins of Osmosis, the certification they offer and we also talk about some methods, ethics and share some fun investigation stories.

Andreas Heideck, the CEO of the Germany-based Impossible Security, joined the show to tell some incredible social engineering stories. The part that is different about his stories is the simplicity of his pretexts and thought process. As we tend to overthink these engagements, Andreas shows us how to stay in the moment, choose pretexts that make sense, are very simple and very successful.

This episode is a great discussion with Justin Seitz (@jms_dot_py) and Kennedy Chappell (@kcath23) of Permanent Record Research. They also write the free Substack newsletter https://www.bullshithunting.com/ along with its fun weekend edition, For the Weekend Warriors, Weirdos & Whackjobs, where you can get even more fun insight into the work they do and the lives they lead.

In this episode, Justin and Kennedy talk about how they "unf**k" things like junk science and pseudo-experts in courtrooms. Kennedy also talked about how she has helped friends by doing some OSINT on their online dating lives. Justin also talks about the importance of getting an investigation right, especially when you feel in your gut that you have it wrong.