Episodios
-
About this Episode
Hosts: Daniel Clemens, ShadowDragon CEO
Elliott Anderson, ShadowDragon CTO
Nico Dekens, ShadowDragon Director of Intelligence and Innovation Collection (aka Dutch_OSINTguy)
The guys are on top of the latest espionage and OSINT news around the world. From lone wolf activity to coordinated attacks, they examine recent events from an intelligence perspective, discussing new methodology and emerging patterns.
In a world where it isn’t always easy to know what’s real and what to dismiss as disinformation, we look at data to tell the true story.
Islamic Terrorism:
• An uprise of lone wolf attacks by the Islamic State have been observed in in Europe. Different than the terrorist cells we saw around 2015, but similar methods for achieving maximum damage with a knife.
• There is more activity than the last five years so there's clearly something going on. We hope to get more insight on if these were orchestrated or coordinated attacks.
• Islamic State simply wants to show they are still present and can do whatever they want when they want. That scares people and also makes some people choose sides.
Tyranny Against Farmers:
• Farmers in Europe are rising up against strict limits on emissions and nitrogen and have been aggressively protesting, blocking roads and going to politicians’ homes to make their point.
• Farmers seek to work out a long-term plan with the government, but so far it hasn't been going that well. It takes time to make big changes. The US took 12 years to switch consumers from analog to digital TV.
• Reminiscent of how the United States was started with overburdensome government interference impacting those without appropriate representation.
Irregular Warfare/Asymmetric Warfare:
• It is all about disrupting society through pinching. Russian election influence didn’t just pick one side, they picked both sides.
• It took a long time for many to realize the ability of the internet to interfere with geopolitics. The vast majority will never spot the manipulation.
• Irregular warfare uses hacker math to find two or three low-risk vulnerabilities that can affect one super critical vulnerability. Smaller groups can exploit weaknesses and tilt the scales in their favor.
Data Dumps:
• Super spies that successfully worked covertly for many years are being exposed with data dumps. Also revealing their families disrupts their daily lives for maximum damage.
• Foreign policy connections and illegal surveillance on Russian citizens are being exposed through a Snowden type of leak. What we're seeing with data dumps is similar to the Berlin Wall coming down. We believe WWIII has started.
• We are now seeing ransomware groups incorporate public relations and openly post job openings with benefits.
Data Collection:
• People don't question the tech they use like they should.
• Vulnerability is on the rise with smart devices and household appliances transmitting usage data across the web and basic apps requesting access to phone data for no good reason.
• In China, TikTok users that had anti-government pictures on their phone suddenly found those pictures deleted from their camera roll. We should rename TikTok to DickTok.
Splintered Social Media:
• People are being pulled out of their comfort zone on certain platforms. It is hard for them to adjust to new restrictions. Splintering mostly affected right-leaning groups. Now we see the same pattern with the left.
• Social aspects of the internet started in a very raw state with IRC type things and Yahoo chats. After that it became more polished like Instagram. Parents have stayed but kids have moved on.
• Every 7-10 years there is a generational change in social media platforms. The new wave of social media is a little more personal. To some extent it started with Snapchat and now with Be Real.
State of OSINT:
• For a few years we saw a mass exodus from platforms like YouTube, Twitter, and Facebook. New groups rose but most have died off.
• In smaller ecosystems users tend to trust each other and act more extremely. Bad actors can do a lot more damage in these small groups.
• This is great for OSINT investigation and attribution. We can target them easier in a smaller space and get better results.
Human Trafficking:
• Sex workers tend to advertise online, which can lead to a trove of open source intelligence.
• We see handlers slip up on operational security when they get into new platforms.
• Even with faces blurred, connections can be made through identifying the same phone number, lingerie, hotel décor, bedspread, carpet, and power outlets.
Catching Spies:
• Spies are being outed at a high rate through open source intelligence, similar to that used in the Ukraine war. Spies in Russia, Brazil, Sweden, U.S., Germany, Sweden, the Netherlands, and more have recently been exposed.
• Searching for those 35-65 is ideal. Younger people have more knowledge of online intelligence and older people have little or no online presence.
• At-home spy hunters are now finding people and “unlocking achievements” like a video game.
Chinese Spy Balloon:
• Hobbyists were tracking and identifying the Chinese spy balloon starting in the Western United States.
• A low-cost RTL USB stick and antenna has democratized the radio spectrum, enabling anyone to access the signals. People use the Flight Aware app to monitor local air traffic.
• Databases like ADS-B exchange will also give you free access to their global coverage for planes and boats. There are also weather balloon tracking apps.
Using Data To Tell The Story:
• News today can cause anxiety from not knowing what is the real truth or what is behind it.
• Figuring out what is going on is a rush. It lowers the anxiety level and lets you be at peace with whatever is the conclusion.
• With OSINT investigations, data tells the unbiased story.
ShadowDragon is excited to have Nico Dekens officially join the team. For those interested in improving their open source investigative techniques and methodology, ShadowDragon now offers a special 5-day OSINT training class that is not advertised on the website. Contact us for details.
Thank you for joining us. You can look forward to more interesting news and information from the OSINT perspective in new episodes coming soon. Special Guest: Nico "Dutch Osint Guy". -
About This Episode
Hosts: Daniel Clemens, ShadowDragon CEO; Elliott Anderson, ShadowDragon CTO
Guest: Nico Dekens, Dutch_OSINTguy
After an extended layoff, the team returns with Dutch OSINT guy Nico Dekens to discuss changes and lessons learned during that time in the world of OSINT. They cover everything from the evolution of the internet landscape to the latest trends in counter social media and the use of technology in cybercrime and modern warfare.
The guys get right into a no holds barred conversation including methodology, tactics, and the current state of affairs.
On social media:
• For many, the newest social media is like a new drug
• Social media gave everyone a voice, but no one is actually listening
• More free speech alternatives will rise over the next 24 to 36 months
• Twitter model has always been broken, but remains a great source for breaking news
• Segmentation of social audiences will see more disinformation with less accountability
The war in Ukraine revealed:
• Russia was only a regional power, never a global power.
• Disinformation was defeated with even quicker counter disinformation
• OSINT can be an effective weapon against asymmetrical warfare
• Truth beats lies. War is cognitive. Input validation is important.
OSINT investigation tips:
• Honest intelligence from people with smart phones replaces spy craft
• Use the connector of a group to get to the hidden individual
• “Pinch” bad guys with a curiosity or provocative action to reveal themselves
• Food reviews, dating sites, sports sites, and gaming forums are valuable resources.
• Google is good but it is not the internet. Use varied sources.
What the near future holds:
• Energy prices are contributing to inflation and a weak economy, signaling ongoing instability
• Unsophisticated criminals with easy access to phishing tools may increase cybercrime
• The power of drones to be used a weapon is much higher than people realize
• Organizations give low priority to cyber investigations, acting tactically instead of strategically
• OSINT provides more pieces for putting the puzzles together.
Nico Dekens teaches OSINT methodology, critical thinking, proper intelligence analysis, and how to interpret large datasets.
For tools to help you apply some of the “pinch” techniques mentioned in the podcast, check out Spotter by ShadowDragon. You can also find other great cyber investigative tools and training from ShadowDragon.
Join us for more thought-provoking episodes and conversations with experts from within the OSINT world. Special Guest: Nico "Dutch Osint Guy". -
¿Faltan episodios?
-
Nico shares his origin story along with war stories old, and new.
Topics the following:
* Leadership seems to want visualization, analyst don't care. Discussions evolve about how heat maps/crap maps may or may not be relevant.
* Geographical visualization helps with different types of investigations.
* Mapping Tactical Data is useful, timelines are helpful with pruning as well as mapping money laundering while other types of data fall short.
Special Guest: Nico "Dutch Osint Guy". -
Red team versus blue team. All should become a purple team!! Searching for a way around the rockstar mentality all too common within the infosec industry, as the proposal to build a team of teams is announced. Deception technology mixed with an actual true cost analysis of threat intelligence lending questionable returns. The roller coaster of topics reaches a pinnacle with a reflection on being allocentric within the security industry versus viewing security solely through the lens of industry growth.
Topics include:
* Charl shares his history, growth, and maturity within the industry.
* Red team vs. blue team, and how everyone should be a purple team.
* Deception technology, honeypots, forensics, and storytelling with data.
* Getting around the rockstar mentality within infosec, and teamwork produces a higher ROI.
* Demystifying the value of threat intelligence.
Notable Quotes:
"Think about what you do as something that matters and approach it in that way and the rest will follow." - Charl van der Walt
Special shout outs to:
* Haroon Meer (https://linkedin.com/in/haroonmeer) from Thinkst (https://www.thinkst.com)
* Roelof Temmingh (https://linkedin.com/in/roeloftemmingh) from Vortimo (https://www.vortimo.com/). Special Guest: Charl van der Walt. -
Actor engagement, and physical security intersect when active shooter situations or heightened security threats are targeted against executives or physical locations. Naturally, the topic of hack-back arises but this takes us down the rabbit trails of the roles synthetic identities play in the cognitive landscape, actor engagement and experiences found only in the trenches. Blake Butler from Paypal joins us in exploring very specific topics that are not discussed enough.
Topics include:
* Using OSINT, and Targeting in Active Shooter or physical security situations.
* Hack back or Long Term Investigations
* Actor engagement is a must for gleaning better intelligence. This isn't hack back, but to non-technical folks it sounds like hackback. Clarification is needed.
* Cognitive Warfare landscape coupled with Synthetic Identities.
Special Guest: Blake Butler. -
Risk management strategies that work are hard to find in such a noisy infosec buzzword filled industry. Our guest Matt Devost, offers perspective on subjects which will be helpful for beginners, advisors or CISO's.
We cover some of the following items:
* AI & Turing Integrity Assessments
* Risk Management strategies that work.
* Historical reference points to the beginnings of the threat intelligence industry.
* Similarities between an evolving TI landscape, and red teaming over the last 20 years.
* Where bad threat intelligence can take you.
* Insider threats are always constant.
* Context and discussion on disinformation.
"Here are the threat actors that likely to target you, here are the goals that they are trying to achieve, here are the attack surfaces that presented themselves, here is the outcome we could achieve, here is the mitigation strategy. Metrics and measurement matter, but strategic outcomes must be pursued. Risk management should always focus on time to detection.".... (Paraphrased from Matt Devost)
Matt Devost was one of the first white hat hackers to bridge the gap between the top-secret / national security circles and the hacker world. He was one of the few to have a masters degree in political science with a focus on national security, while also having the skills to attack and defend. He has been renowned as one of the few that had a world of "first's" within the industry. Matt was one of the first pulled into the United States Presidential commission on critical infrastructure protection in the 90s. The Presidential commission had a significant focus on cyber risks associated with the United States' critical infrastructure. Something that affects most of our careers in one way or another today.
Special Guest: Matt Devost. -
In our podcast, we aren’t always the experts in all of the topics at hand, but we know where to get experts and have candid conversations.
Standard Disclaimer
The intent is to explore information around this topic. This episode is long, and we will get a bibliography put together. In no way should the questions fan the flame of conspiracies, fear or panic. The information discussed are opinions and dialogue. Please verify the information or theories shared on your own time. The doctor Interviewed had requested to not publish his identity in this piece. We respect that and hope you will as well. -
The hack of old Zack Payton describes his role in pushing the boundaries of incident response, threat hunting and scaling up SOC teams and MSSPs with the innovations Westward.AI is pushing. Mr. Payton spent years providing in the trench incident response, reversing, exploit development and so much more.
Special mentions to the following:
@insanitybit
grapl project: https://github.com/insanitybit/grapl
@rw_access Ross Wolf designer of EQL
https://github.com/endgameinc/eql
@Cyb3rWard0g Roberto Rodriguez Inventor of Mordor, HELK, and OSSEM
https://github.com/hunters-forge/mordor
https://github.com/hunters-forge/OSSEM
https://github.com/Cyb3rWard0g/HELK
@john_threat - making memory thieves
Special Guest: Zack Payton. -
Truly Advanced Persistent attacks where physical exploitation and even death are rarely discussed. We cover some of this along with security within the Healthcare and Government space.
Security Within Healthcare and government is always hard. Tensions between information security and the business make this harder. Hospitals hit in fall of 2019 had a taste of exploitation. Similarly, state governments have had issues with cartel related attackers. CISO's that enable assessment, and security design around systems that cannot be fully hardened can kill two birds with one stone.
Weighing authority versus influence, FDA approved equipment, 0day discovery within applications.
Designing security around systems is a must when unpatchable vulnerabilities exist. -
*A variety of topics are covered in this episode. *
* Candor on the Infosec industry.
* VC Trends & Startup trends.
* Tools vs. Process.
* Brian Dykstra, shares some of the high's and low's after doing forensics for the last 24 years.
* If you don't have a CSI room while doing forensics, you are totally lame.
* Hotness with getting 500g/sec on forensic image acquisition.
* Evaluating Sandbox technologies in use. What is hot or not. ThreatGrid, Joe's Sandbox, or bare metal.
Dan's Inbox review:
* Casemanagement vs. Target centric analysis.
* Alternatives to Maltego, pros/cons. Tools mentioned Kaseware, Kivutech, Datawalk, i2, etc.
* Vc's falling into "Platform" trap, versus understanding data sales market.