NeedleStack

Integrating security into our daily lives can feel overwhelming. From password management to encryption, it’s easy to feel frustrated. Robert Vamosi and AJ Nash share our experiences navigating security in our personal and professional lives. They discuss practical strategies like how to choose your seat in a restaurant for safety and the importance of encryption. Remember, security isn’t just a job; it’s a lifestyle. Finding the right balance is key, and it’s okay to have slip-ups along the way.

In this episode, hosts Robert Vamosi and AJ Nash engage with cybersecurity expert John DiMaggio to explore the complexities of ransomware negotiation. They discuss the process of responding to ransomware attacks, the stakeholders involved, and the legal and ethical considerations that companies face when deciding whether to pay a ransom. The conversation delves into the tactics used by ransomware groups, the importance of understanding target selection, and the role of insurance in these scenarios. Additionally, they highlight the need for standards in negotiation practices and preventative measures that organizations can take to mitigate risks. The episode concludes with a discussion on the future of ransomware negotiation and the importance of having knowledgeable advisors in the field.

In this special 100th episode of Needlestack, hosts Robert Vamosi and AJ Nash celebrate the milestone with former NeedleStack host, Matt Ashburn, discussing the evolution and importance of OSINT. They dive into best practices, the risks of normalized habits, and the significance of isolation in investigations. The conversation highlights the behavioral attributes that can identify investigators, the challenges of new generations in the field, and the need for accountability and reputation in intelligence work. They also explore the role of technology, the importance of first-hand access, and the balance between timeliness and accuracy in intelligence reporting.

NeedleStack hosts, AJ Nash and Robert Vamosi engage with Roman Sannikov a seasoned expert in cyber threat intelligence, to explore the complexities of the dark web. The conversation delves into the myths surrounding the dark web, the community dynamics within cybercrime, and the professionalization of criminal enterprises. Roman shares insights on how trust and reputation are managed in these underground communities, the barriers to entry for new members, and the human element that often gets overlooked in discussions about cybercriminals.

In this episode of NeedleStack, hosts AJ Nash and Robert Vamosi engage with John Costello, a director at WireScreen, to discuss the complexities of China's strategic competition with the United States. The conversation covers China's technological advancements, the implications of its five-year plans, challenges in intelligence gathering, and the dynamics of military-civil fusion. The discussion also touches on the importance of due diligence for businesses engaging with Chinese companies and the role of Chinese students in U.S. education.

In this episode, the hosts discuss the implications of surveillance technology and AI on intelligence, journalism, and civil liberties. They explore the dual nature of surveillance as both a tool for security and a potential threat to privacy. The conversation delves into the challenges posed by misinformation, the importance of expertise in navigating these issues, and the ethical considerations surrounding the use of surveillance technology. The episode concludes with reflections on the future of journalism and the role of AI in shaping public perception and trust.

In this episode of Needlestack, hosts AJ Nash and Robert Vamosi delve into the complexities of disappearing online, drawing insights from their experiences and the book 'The Art of Invisibility' by Kevin Mitnick. They discuss practical steps for maintaining anonymity, the role of technology in obfuscation, and the challenges of creating and sustaining multiple identities. The conversation also touches on the impact of AI on privacy and the importance of understanding personal risks in a digital world. Through engaging anecdotes and expert insights, the hosts provide a comprehensive overview of the art of invisibility in today's interconnected society.

In this episode, hosts Robert Vamosi and AJ Nash engage with Neil Ysart, a seasoned expert in cyber investigations and open source intelligence (OSINT). They discuss the Coalition of Cyber Investigators, its role in promoting OSINT, and the importance of establishing standards in the field. The conversation delves into the challenges and risks associated with OSINT, emphasizing the need for ethical practices and the potential dangers of unregulated citizen intelligence efforts. The episode concludes with a call to action for listeners to advocate for the development of global standards in OSINT.

In this episode, Michael DeBolt joins Robert Vamosi and AJ Nash to dive into the world of Cyber HUMINT — the application of traditional human intelligence (HUMINT) tradecraft in cyberspace. They discuss how investigators use digital personas (sometimes called “sock puppets”) to infiltrate online threat actor communities, collect intelligence, and even engage adversaries safely. Michael explains how credibility, language, slang, and cultural nuance are essential to blending in, while AJ highlights the risks of untrained amateurs attempting such operations. They explore the art, ethics, and operational security challenges of conducting human intelligence in the digital realm.

In this episode, AJ Nash and Robert Vamosi discuss the challenges posed by misinformation and the rise of AI-generated content. They explore the evolution of journalism, the impact of social media on information consumption, and the importance of critical thinking and media literacy. The conversation also touches on the role of AI in content creation, the balance between technology and human oversight, and the potential positive aspects of AI technology. Ultimately, they emphasize the need for source verification and the ongoing struggle to navigate the post-truth era.

In this episode of NeedleStack, hosts AJ Nash and Robert Vamosi engage with James Villenueve, a geospatial intelligence expert, to explore the world of GEOINT and its intersection with open source intelligence (OSINT). They discuss the importance of understanding geospatial data, the ethical implications of its use, and the challenges of protecting personal information in a data-rich environment. The conversation also highlights positive applications of geospatial intelligence, including environmental monitoring and humanitarian efforts, while addressing the risks associated with data misuse and the evolving role of AI in the field.

Jason Baker from the Guidepoint Research & Intelligence Team (GRIT) shares his background and provides insights into ransomware attribution, the challenges of defending against ransomware, and the implications of AI in ransomware operations.

How can Intelligence benefit financial sectors? It can address challenges like sanctions, data privacy, and cryptocurrency. Teresa Walsh highlights the importance of collaboration, the role of AI in intelligence, and the necessity to professionalize intelligence roles in the private sector. The conversation also delves into building mature and unified intelligence programs, emphasizing the need for a Chief Intelligence Officer role in any organization.

Ultimately, GenAI has the potential to create jobs in areas like data science and cybersecurity, but only if it is integrated responsibly. However, the consensus today is that AI should remain a just tool for analysts, not a direct decision-maker, until reliability and trust in its outputs significantly improve.About Brian FullerBrian A. Fuller is Director of Operations for the Ridge College of Intelligence Studies and Applied Sciences at Mercyhurst University, a position he assumed in December 2019. As the Director of Operations, Fuller supports all operations related to the academic curriculum or Ridge College activities. This includes working as the Director for the Center of Intelligence Research, Analysis and Training (CIRAT) and Director of the Innovation Entente Lab (IEL). Previously, he served as a Senior Open Source Intelligence (OSINT) instructor for the Department of the Army’s OSINT Office, where he was charged with overseeing the Army’s OSINT training program for the Midwest and Rocky Mountain regions. He trained Army intelligence professionals at the strategic, tactical, and special operations levels. He managed the training curriculum, personnel, financial, and administrative affairs of the program while participating as a subject matter expert in the intelligence communities’ OSINT program and operational development working groups, ensuring the continued growth of the discipline and associated tradecraft and technologies.

Robert and AJ went to Hacker Summer Camp. What’s that? It’s a week of conferences such as Black Hat USA, BSidesLV, the Dianna Initiative, Squadcom, and of course DEF CON. Find out what’s relevant for the intelligence community during this first week in August annual event.

From street cop to OSINT expert, Nico Dekens aka “the Dutch OSINT Guy” shares his incredible journey and insights. Discover the evolution of OSINT and the challenges of integrating AI in intelligence collection and analysis.

Sometimes, when a Hollywood actor stars in a blockbuster film or a hit TV show, or when an athlete wins the Super Bowl, their personal problems begin with scandalous photos, property theft, even death threats. That’s where OSINT can help them stay one step ahead.About Chad BrockwayChad Brockway, President of the Intelligence Operations Division at Edgeworth Security, is an industry expert in the fields of digital intelligence investigations and methodologies where he leverages his extensive background in intelligence, counterintelligence, counterterrorism, federal law enforcement and cyber operations to provide unique services and lectures to the professional and education industry. Chad has worked across multiple federal law enforcement and national security agencies both within the United States as well as in cooperation with foreign government and law enforcement partners. During his time with the Federal Bureau of Investigations, Chad served with the Special Technologies and Applications Section (STAS) where he oversaw multiple intelligence and cyber programs, personnel, and resources. Additionally, Chad served as the Deputy Watch Center Director for the Department of Defense Counterintelligence Field Activity (CIFA) agency and as a Military Police Officer in the Marine Corps where he was assigned to the Marine One Helicopter Squadron and the White House Liaison Office under the Clinton and Bush administrations.

There are OSINT tools that mirror or provide workarounds for hidden social media posts. Join us as we talk with an investigator who really knows his way around the internet, dark web, social platforms and more.

AJ and Robert explore the shadowy side of AI — how some users are becoming addicted, confiding in it like a personal therapist and then gaining confidence to take risky actions in their lives and at work. They discuss what this could mean for insider threats and the broader impact on security.

Anna discusses her career trajectory from corporate security and financial crimes to becoming the CEO of Pine Risk Management. She shares her experiences in conducting complex risk assessments, fraud detection, and crisis communications, particularly highlighting her role at Meta where she led Silicon Valley's largest physical red team.

An OSINT Arabic instructor and geopolitical risk expert joins the show to discuss what can get lost in translation when performing OSINT investigations. Plus learn how cultural knowledge can unlock key insights.About Paolo WalcherPaolo Walcher is a leading OSINT trainer and security consultant, recognized for his expertise in Arabic-language investigations, geopolitical risk, and strategic intelligence. With a background in counterterrorism and crisis management, Paolo delivers advanced OSINT training to law enforcement, military, and intelligence agencies on both national and international levels.At i-intelligence GmbH, he equips private and governmental organizations with the tools to navigate complex security environments, specializing in Arabic OSINT and Middle East-focused research. Formerly a Security Business Intelligence Analyst at BMW Group, he provided strategic insights on global threats, including the war in Ukraine, supporting corporate decision-making and conflict monitoring.Paolo holds a B.A. in Safety and Security Management and an M.Sc. in Crisis and Security Management from Leiden University, with a specialization in the Governance of Radicalism, Extremism, and Terrorism. His work spans illicit networks, military conflict analysis, and supply chain security. As a Bellingcat volunteer, he has contributed to civilian harm verification and human rights investigations—and continues to explore the full potential of OSINT as a force for accountability and justice in the human rights space.Fluent in English, German, and Italian, Paolo brings a cultural lens to OSINT, advocating for the ethical use of AI in intelligence gathering while emphasizing the enduring value of human-led analysis. His passion for maritime OSINT, regional dynamics, and investigative training makes him a key voice in the future of open-source intelligence.

Ransomware groups continue to generate significant profits, frequently relying on recycled or leaked code—leading researchers to describe them as “lazy.” OSINT analysts follow cryptocurrency transactions to trace financial trails, while effective defense depends on early detection, system-level visibility, and staying alert to shifts in attacker techniques.

Discover how AI is revolutionizing OSINT, from speeding up data collection to generating comprehensive reports, while also addressing the challenges and ethical considerations. Hosts AJ and Robert dive deep with Lance James, discussing real-world insights and the potential for misuse.

A librarian and an OSINT analyst may have more in common than you realize. That’s how Tracy Maleeff found her way into cyber and made a name as InfoSec Sherpa.

From government to private enterprise, counterintelligence can unlock big benefits in cybersecurity. We sit down with a counterintelligence professional to define the practice, and how everyone can benefit by employing it.

Meet the new hosts of NeedleStack. Robert Vamosi is a CISSP and award-winning journalist. AJ Nash has two decades of experience in the Intelligence community. Together they will host new episodes of NeedleStack, with an array of amazing guests.

Jacob Lloyd, head of investigations at Animal Welfare Investigations Project, has been putting OSINT skills to use to stop organized animal crime — dogfights, puppy mills, badger baiting and more. Jacob discusses how these crimes are often neglected by law enforcement due to lack of training and are thus dealt with reactively. He explains how to leverage pedigree sites, social media and other online sources to proactively investigate animal crime and save animals from this horrible fate. Key takeawaysWhat pedigree sites can tell you about fighting dogs and their ownersHow prevalent information on organized animal crime is on the surface webHow to get involved with Animal Welfare Investigations Project

From influence operations and Telegram to using marketing tools for OSINT insights, our guest gives pro tips on OSINT and cyber investigations for professional practitioners.Key takeawaysDigital forensics incident responseCyberthreat and OSINT crossoverMarketing tools for OSINT

In this episode, we sit down with cyber threat analyst and SANS OSINT instructor, Steven Harris. Steven discusses how Telegram is a must-use channel for investigating the war in Ukraine, and why cyber threat actors are flocking to the app.Key TakeawaysSOCMINT from law enforcement to cyber threatsInvestigating on TelegramWhy Telegram allows cyber threat actors a lower barrier to entry

Alex Lozano of Cybergy joins us to discuss how he uses OSINT and social media to protect executive clients, resources for his cyber students at University of Barcelona and the best tools for real-time monitoring.Key takeawaysHow to use OSINT for executive protectionResources for students and OSINT newbiesTools for real-time monitoring

Language can limit or expand your worldview. That’s important to remember in OSINT where what you’re able to find and analyze can greatly affect the intelligence you build. Skip Schiphorst, OSINT instructor at i-Intelligence, shares his expertise on why even baseline knowledge of a foreign language is important in a world flush with translation services; how foreign language content can counteract bias; and tips for verifying automated translations.Key takeawaysYou can find a lot more online than you may think by using foreign languages — even those using non-Latin charactersYou don’t need to be a ninja with years of training to find foreign content online, or outsource everything to language expertsKnow the basics of OSINT, be critical and be patient when searching online in a foreign language

MJ Banias discusses how one man’s late-night OpSec fail is an OSINTer’s treasure. If that’s too salacious for you, we also talk about how awesome newspaper archives and librarians are.Key takeawaysPut yourself in your targets shoes to understand what sites could give you your next selectorThe sites and services every OSINTer should subscribe toHow overcoming a millennial’s worst nightmare could be the break you need

Journalists, academics and NGOs face unprecedented levels of threats in real life and in the digital world. With limited resources, they often lack secure methods to collect OSINT. That’s why a digital investigations platform is being offered pro bono as part of a larger CISA initiative. Key takeawaysNew threats in the digital landscapeThe risks for journalists, NGOs and academics collecting OSINTHow digital investigative teams can protect themselves

An analysts from DarkOwl joins us to discuss dark web research and all its facets. From AI and other trends on the dark web, to operational security, learn how to turn on the light beneath the surface of the internet.Key takeawaysAI and other dark web trendsOperational security in dark web researchHow to search an unindexed environment

How can I get in? Steve Stasiukonis knows the power OSINT brings to this crucial pen testing question. From uncovering who to pose as, what to wear and how to forge a badge, OSINT can be the key you need to unlock a client's physical security. Steve also discusses the gold mine OSINT brings to cyber pen tests and what CTI pros need to know before going on the dark web.Key takeawaysHow OSINT is used in pen testingDark web OPSEC considerationsHow Steve easily broke into banks (for good!)

We go behind the scenes with Jon DiMaggio of Ransomware Diaries. As the chief security strategist at Analyst 1, Jon has conducted in-depth investigations of ransomware groups, including the famed Lockbit gang. He tells us the open-source tactics he uses and how cyber threats can take a mental toll.Key takeawaysTracking the Lockbit storyWhere OSINT meets ransomware investigationsThe human element in threat detection

Bullsh*t Hunting creators Justin Seitz and Some Lawyer share their tips on how OSINT and legal investigation tactics can benefit one another. They talk about their series “The Hunt” as it examines suspicious legal proceedings and possible wrongful convictions. Plus we dive deep into public records requests with tips of how to get the information you need.Key TakeawaysHow to effectively submit a public records requestWhat OSINTers can learn from legal professionals and vice versaThink like a lawyer when searching legal databases

Cybersecurity is rife with technological solutions, but as security researcher John Hammond knows all too well, it’s people that make the difference. Hear how people make or break security intel, both as researchers and threat actors. We’ll talk sock puppets, the role of OSINT for your own OPSEC and intelligence building, cybergang leaders as businessmen and more. Plus we’ll dive into John’s recent OSINT work on the ScreenConnect vulnerabilities and how they’re being leveraged in the wild.Key takeawaysUsing OSINT for opsec to protect your identity and enhance security intelligenceLurking in dark web forums, sock puppets and engaging with threat actorsThe role OSINT played in dissecting ScreenConnect vulnerabilities and exploits in the wild

Do you wish you had more training opportunities or just chances to flex your OSINT skills? We’re hosting a big event this month where we’ll talk ways to level up your tradecraft, training opportunities, take-home tips and more.

There are many paths to OSINT — one of them is through training programs and online resources! Aubrey and Shannon break down what’s available, what’s free (or not) to keep you abreast of how you can gain and further your OSINT skills.

Propublica reporter and author of the Digital Investigations newsletter, Craig Silverman joins the podcast to discuss disinformation trends on social media platforms, elections around the world in 2024 and what journalists and OSINT investigators can learn from each other.Key takeawaysOSINT for investigative journalismDisinformation trends on social mediaDocumenting evidence during an investigation

DefCon speaker and host of DoingFedTime on YouTube, Sam Bent joins the podcast to shine light on operational security concerns on the dark web. The reformed darknet marketplace seller shares insights and advice for best practices when investigating on the dark web. Key takeaways:OPSEC on the dark webThe different darknetsLinguistic analysis in evidence gathering

Ritu Gill, or @OSINTtechniques as she’s known online, joins the podcast to give tips for social media intelligence gathering. What are the little-known platforms to look at and how do you gather safely? Tune in to hear the tips.Key takeawaysOverlooked social media platforms for evidence gatheringOPSEC for law enforcementTips for beginning OSINT practitioners

The chief investigations officer of the National Child Protection Task Force shares the tools and methods he trains law enforcement on, how he protects his mental health in a such a devastating field and the latest platforms and technology to stay on top of.Key takeawaysOSINT for child protectionThe importance of mental healthWhat law enforcement need to know about trafficking

Jessica Smith, president and founder of ClickSafe intelligence and special investigations lead with the National Child Protection Task Force, joins the podcast to dispel misconceptions about child protection. From who is being targeted to where and how, Jessica Smith shares how misinformation about child exploitation can derail investigations, and how OSINT helps pave the way for child protection.Key takeawaysMisinformation around child protection can adversely affect investigationsHow OSINT plays a role in helping victimsThe new platforms where kids are targetedTips for vigilance and education

We discuss recent Bellingcat reports on whether AI has the capability to reliably identify AI. The reporter and fellow shares his research on AI for OSINT and the results.Key takeawaysTesting AI’s ability to recognize AI artBlending journalism and OSINT at BellingcatHow machine learning should and shouldn’t be used in OSINT

We talk to an OSINT professional about what he learned when he applied his daytime skills to a moonlighting hobby. On YouTube, Gary Ruddell shares 3-minute tips, geolocates scenes from movies and shares the OSINT discipline he learned from the U.K. military with hobbyists and practitioners just starting out.Key takeaways:Applying the intelligence cycleExecutive protection with social mediaGeolocation clues from the shortest frame

Producers Aubrey and Shannon review the latest articles and research on using AI in OSINT. Should you consider using AI chatbots in research now or in the future? And if so, how can you do so securely and with verification in mind?Key takeawaysAI chatbots aren’t great at OSINT right now, but they might be one dayVerification is keyYou need an access policy

How can researchers keep up with all the changes in the OSINT landscape? From AI to constantly shifting social media platforms, Neil Spencer from LifeRaft gives tips for how to adapt and optimize your OSINT practice.Key takeawaysHow AI has evolvedMassive shifts on social media platformsThreat verification

As analysts assess how AI could improve their workflow, Babel Street is presenting technology that can help border agents better name-match terrorist watchlist to travelers. Declan Trezise, vice president of global solutions engineering, joins the show to discuss how AI can create more seamless borders for agents and innocent travelers.Key TakeawaysDigitization and the future of bordersName–matching technology for terrorism watchlistsCreating faster, seamless travel for citizens