Breadcrumbs by Trace Labs

Episode 22. - OSINT and Social Engineering with Chris Kirsch

Feb 10, 2023

53:45

Creator website

Highlights

AI Chapters

Episode notes

OSINT - What Do You Hope Your Teams Learned From the Challenge?

05:42

Social Engineering - What OSIN Resources Have You Found Most Useful?

01:21

Social Engineering - What I Wish I Had Known the First Year?

04:15

Introduction

2min

OSIN Isn't Always Called That in HR, Right?

2min

Social Engineering - What OSIN Resources Have You Found Most Useful?

1min

OSINT Sources in a Social Engineering Attack

5min

Search Party CTF

3min

Social Engineering Challenges - Is There a Flag in That Box?

3min

The Impact of Getting It Wrong

4min

Is OSINT Just One Part of an Intelligence Picture?

2min

What Are the Most Common OSINT Sources?

5min

10.

The Creative Nature of Intelligence Collection

4min

11.

Social Engineering - What I Wish I Had Known the First Year?

4min

12.

The Value of Enumeration in Open Source Intelligence

3min

13.

OSINT - What Do You Hope Your Teams Learned From the Challenge?

6min

14.

The Rules of Engagement in a Social Engineering Competition?

5min

15.

The Role of Engagement in Law Enforcement

2min

16.

Chris, I'm a Target Rich Environment.

2min

The best Social Engineers do a tremendous amount of research before engaging a target. As luck would have it, we get to speak with one of them today! Chris and I talk about the pivotal role of OSINT in preparing for an SE engagement and also get a "peek behind the curtain" in relation to OSINT sources during a Social Engineering "capture the flag" style competition.

Chris Kirsch is the CEO of runZero (www.runzero.com), a cyber asset management company he co-founded with Metasploit creator HD Moore. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering capture the flag competition at DEF CON, the world’s largest hacker conference.

If you'd like to learn more about Chris and the organizations he advocates for:

Defcon 2022 OSINT & vishing research: https://medium.com/@chris.kirsch/top-osint-sources-and-vishing-pretexts-from-def-cons-social-engineering-competition-8e08de4c8ea8
Winning call from DEF CON SECTF 2017: https://www.youtube.com/watch?v=yhE372sqURU
External perimeter recon using runZero: https://www.runzero.com/blog/external-scanning/
Competitive Intelligence talk at Layer 8 Conference: https://www.youtube.com/watch?v=NB-wLadJ3hk
Facebook Talent Intelligence Collective: https://www.facebook.com/groups/talentintelligencecollective
National Child Protection Task Force (NCPTF): https://www.ncptf.org/
Twitter profile: https://twitter.com/chris_kirsch
Mastodon profile: https://infosec.exchange/@chris_kirsch
LinkedIn profile: https://www.linkedin.com/in/ckirsch/
Chris' company: https://www.runzero.com/

Want to learn more about Open Source Intelligence?

Join our Discord server: https://tracelabs.org/discord

Check out the site: https://tracelabs.org

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.