ICODE PodcastOct 25, 2020
Women in Infosec Pt.1 with @DevishaRochlani
A conversation with Devisha Rochlani talks about her journey and motivates women to take part in infosec.
USING-OS1nt-For-Good
A conversation with Subhajeet Singha @ElementalX2 who served SECARMY as one of thee founding member
Talks about
- Why and how is osint helpful
- What are few darksides of osint
- Does this technique work on privacy-aware people
- How to use osint for Cyber Threat Intelligence
- Explains his journey on trace labs
- How missing people be tracked on internet
- Talks about social media intelligence
- How to use Google dorks for collective intelligence
Bug Bounty & Automation
We have Devansh Batham @0xAsm0d3us Creator of Favfreak, ParamSpider
• Shares details about bug he found in Facebook
• Describes Cross-origin resource sharing vuln
• Talks about Same origin policy
• Enumerating api endpoints / params
• Exploiting Cross-origin resource sharing vuln
• Gives details how Fav-freak works his speciality
• Manually checking or automation which is better and why
• Gives us a insight about his upcoming projects (Must listen)
• What are his favourite tools which he uses on regular basis
• Since we are talking about bug bounty & automation , why is automation needed
Red-Teaming and Exploit Dev
We have Suvadip Kar who is a OSWP/OSCP ,Security Engineer & Red Teamer.
• Which is better being a full time pentester or freelancer pentester
• Explains Red teaming to a very new person
• Chaining low severity bugs and making them high impact , Gives advice on chaining low severity bugs like self XSS , information disclosure, key disclosure etc.
• Talks about experience gained after getting OSCP , what was his experience before getting certified
• Talks about his wireless security assessment techniques
• Something about lateral movement
• His OSCP lab experience
• Talks about his first bug in Jobberbase CMS
SCADA and ICS Devices
A conversation with Jim Gilsinn, Here he talks about
• Communication models of ICS
• Responding to attacks on SCADA
• Talks about Stuxnet & why it is harmless on non-PLC devices
• A quick walk-through on vulnerability assessment of SCADA
• How OSINT plays a role on hunting vulnerable devices
Bug bounties & CVE
A conversation with Ashish kunwar @d0rkerdevil
HE talks about his CVE discoveries
Disclosing bugs to a vendor
SSRF is his Favourite vulnerability
How much time does it take to find valid bugs
Malware-Osint-Talk-With-Jcybersec_
Jcybersec talks about effective ways to stop phishing
drops his top osint techniques.
insight about malware anti-analysis
Enumeration Talk With Abartan Dhakal
Abartan Dhakal talks about this personal techniques and strategies
which he has learned over the time.