Sylvain Hajri, aka Navlys_ on Twitter created Epieos.com a freemium site that lets you perform passive OSINT with just an email address. Sylvain wears an incredible number of hats as the creator of not just Epieos but also MyOSINTJob, OSINTFr, the SpyingChallenge and is also an organizer of LeHack in France and also the OSINTVillage. 

In this episode, Sylvain has great advice on how to use passive OSINT, on how he created his company and whether people should focus on tools and learn python to get better at OSINT, plus even more!

When we think of phishing attacks, we immediately think of email. In this episode, Chris Cleveland, the Founder and CEO of Pixm Security walks us through a massive phishing attack that his company discovered. In this attack, millions of Facebook credentials were stolen using multiple layers of trusted environments. Have you ever gotten contacted by a friend in Facebook messenger with a link to check out a funny video? After this episode, you might be a little more careful with those. 

If you want to read the blog post that we discuss: https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/

People claim degrees and credentials that they haven't earned. This could be for a number of reasons, whether professional or personal. In this episode, we speak with the Fake PhD Investigator, a person who uses OSINT to determine whether the doctorate degree that someone claims, has actually been conferred on them. This episode goes through the methodology, some stories and some of the reasons that someone might claim to have earned a doctorate degree when they actually have not. 

You can find the Fake PhD Investigator on twitter at FakePhD_reveal. 

Jason Downey is a penetration testing security consultant with Red Siege and is known as HackAndBackpack on Twitter. In this episode, we talked with Jason about phishing, vishing and on-site physical social engineering engagements. He talked about some of the tools he uses, some of his successes and some campaigns that might not have gone exactly to plan. Plus, find out how the Legend of Zelda's Triforce can help people understand a path into this industry. 

More information about Jason can be found on his web site, https://hackandbackpack.com 

We talk with Steven Harris, aka @nixintel who is an Executive Board Member with @OSINTCurious and is currently employed by Qomplx to perform investigations. He also teaches SEC 487 for SANS. In this episode, we walk through some of the Quiztime investigations that he did on his web site (https://nixintel.info) and another where he was able to figure out exactly who was plagiarizing his content. Steven gives great advice for people starting out, what they should focus on and the value of learning Python.

Griffin is also known online as @hatless1der. You can find his tips and blog articles at hatless1der.com and at the Ultimate OSINT Collection. Griffin is also a part of the National Child Protection Task Force (NCPTF) where he is a speaker at their conference. He also speaks at the ConINT conference. In this episode, Griffin discusses how to do OSINT investigations that require pivoting off data, how to find people who really don't want to be found, and some great ways to get started in the field of OSINT, plus a whole lot more! 

Josten Peña is a Human Risk Analyst at Social Engineer, LLC. Josten performs risk testing with contracted company employees via phone calls and email. In this episode, Josten focuses on various shortcuts our brains use, commonly known as biases, that can help in some situation, but can also be detrimental in others. Josten describes these biases and how a social engineer might use them to achieve the desired goals.

In this episode, we talk with Erich Kron from KnowBe4. We go into a number of topics, but mainly focus on phishing. Erich talks about phishing as a service, ransomware as a service and gives recommendations on how to best perform your own phishing engagements within your company. 

Oliver Lebhardt is the creator and CEO of Complytron, a tool used for OSINT investigations to determine if seemingly unrelated websites are actually related. In addition, Complytron has data about politically-exposed people (PEP), people who have been sanctioned and who are on government watchlists. The data can be heavily used in anti-money laundering situations, but is also valuable for human intelligence.

Chris Russell, the CISO of tZero, is @cr00ster on twitter and https://github.com/cr00ster, joins us today to talk about his experience in the military and how he obtained intelligence during the Iraq War. Chris talks about some of the techniques used to help determine when people were telling the truth and when some might have just been looking for a payday. He also talks about his biggest social engineering concern from a CISO's perspective, and why we should focus on treating developers well.