Preview Mode Links will not work in preview mode

Jun 14, 2017

Hector Monsegur (@hxmonsegur on Twitter) is a good friend of the show, and we invited him to come on and discuss some of the #OSINT research he's doing to identify servers without using noisy techniques like DNS brute forcing.


We also discuss EclinicalWorks and their massive fine for falsifying testing of their EHR system, and implications for that. What happens to customers confidence in the product, and what happens if you're already a customer and realize you were duped by them?


We also discuss Hector's involvement with the TV show "Outlaw Tech". Who approached him, why he did it, why it's not CSI:Cyber or "Scorpion" and how it discusses the techniques used by bad guys.


Direct Link:



Youtube Channel:

iTunes Store Link: 

#Google Play Store:



Join our #Slack Channel! Sign up at

#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast on #Patreon:

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM :

#Stitcher Network:

#TuneIn Radio App:




Show notes:


going beyond DNS bruteforcing and passively discovering assets from public datasets???

Very interested in hearing about this

Straight OSINT, or what?

Hxm: Over at RSL (Rhino Sec Labs), one of the research projects I’m working on is discovery of assets (subdomains) while minimizing footprint (dns bruteforcing). Datasets include things like:


Training gained from internal phishing campaigns

Does it breed internal mis-trust?

Recent campaign findings

Why do it if we know one account is all it takes? Because we know it’s a ‘win’ for security?


Outlaw Tech on Science Channel

What’s it about? (let’s talk about the show) - ”Estonia buoys cyber security with world's first data embassy” - interesting -- holy shit

-- Reminds me of the whole emissions scandal from a couple of years back.




OneLogin/Docusign breaches



Crowdfunding to buy shadowbroker exploits ended:


China's Cybersecurity Law:


Facial recognition for plane boarding:’s Chrome plugin  -- Game changer?