NeedleStack – Details, episodes & analysis

From government to private enterprise, counterintelligence can unlock big benefits in cybersecurity. We sit down with a counterintelligence professional to define the practice, and how everyone can benefit by employing it.

Meet the new hosts of NeedleStack. Robert Vamosi is a CISSP and award-winning journalist. AJ Nash has two decades of experience in the Intelligence community. Together they will host new episodes of NeedleStack, with an array of amazing guests.

How can I get in? Steve Stasiukonis knows the power OSINT brings to this crucial pen testing question. From uncovering who to pose as, what to wear and how to forge a badge, OSINT can be the key you need to unlock a client's physical security. Steve also discusses the gold mine OSINT brings to cyber pen tests and what CTI pros need to know before going on the dark web.

Key takeaways

• How OSINT is used in pen testing
• Dark web OPSEC considerations
• How Steve easily broke into banks (for good!)

We go behind the scenes with Jon DiMaggio of Ransomware Diaries. As the chief security strategist at Analyst 1, Jon has conducted in-depth investigations of ransomware groups, including the famed Lockbit gang. He tells us the open-source tactics he uses and how cyber threats can take a mental toll.

Key takeaways

• Tracking the Lockbit story
• Where OSINT meets ransomware investigations
• The human element in threat detection

Bullsh*t Hunting creators Justin Seitz and Some Lawyer share their tips on how OSINT and legal investigation tactics can benefit one another. They talk about their series “The Hunt” as it examines suspicious legal proceedings and possible wrongful convictions. Plus we dive deep into public records requests with tips of how to get the information you need.

Key Takeaways

• How to effectively submit a public records request
• What OSINTers can learn from legal professionals and vice versa
• Think like a lawyer when searching legal databases

Cybersecurity is rife with technological solutions, but as security researcher John Hammond knows all too well, it’s people that make the difference. Hear how people make or break security intel, both as researchers and threat actors. We’ll talk sock puppets, the role of OSINT for your own OPSEC and intelligence building, cybergang leaders as businessmen and more. Plus we’ll dive into John’s recent OSINT work on the ScreenConnect vulnerabilities and how they’re being leveraged in the wild.

Key takeaways

• Using OSINT for opsec to protect your identity and enhance security intelligence
• Lurking in dark web forums, sock puppets and engaging with threat actors
• The role OSINT played in dissecting ScreenConnect vulnerabilities and exploits in the wild

Do you wish you had more training opportunities or just chances to flex your OSINT skills? We’re hosting a big event this month where we’ll talk ways to level up your tradecraft, training opportunities, take-home tips and more.

There are many paths to OSINT — one of them is through training programs and online resources! Aubrey and Shannon break down what’s available, what’s free (or not) to keep you abreast of how you can gain and further your OSINT skills.

Propublica reporter and author of the Digital Investigations newsletter, Craig Silverman joins the podcast to discuss disinformation trends on social media platforms, elections around the world in 2024 and what journalists and OSINT investigators can learn from each other.

Key takeaways

• OSINT for investigative journalism
• Disinformation trends on social media
• Documenting evidence during an investigation

DefCon speaker and host of DoingFedTime on YouTube, Sam Bent joins the podcast to shine light on operational security concerns on the dark web. The reformed darknet marketplace seller shares insights and advice for best practices when investigating on the dark web. 

Key takeaways:

• OPSEC on the dark web
• The different darknets
• Linguistic analysis in evidence gathering