Look for any podcast host, guest or anyone
Showing episodes and shows of

OffSec

Shows

Sips with Purple Cork
Sips with Purple CorkE37 - Lauren Newman - OffSecLauren Newman is the Senior Global Demand Generation Manager at OffSec
2025-05-0716 minCyber Bites
Cyber BitesCyber Bites - 2nd May 2025We hit a milestone today as this is our 50th Podcast Episode! A Big thank you to You, our listeners for your continued support!* Kali Linux Users Face Update Issues After Repository Signing Key Loss* CISOs Advised to Secure Personal Protections Against Scapegoating and Whistleblowing Risks* WhatsApp Launches Advanced Chat Privacy to Safeguard Sensitive Conversations* Samsung Confirms Security Vulnerability in Galaxy Devices That Could Expose Passwords* Former Disney Menu Manager Sentenced to 3 Years for Malicious System AttacksKali Linux Users Face Update Issues After Repository...
2025-05-0113 minDavid Bombal
David Bombal#476: New Cybersecurity Certification?A huge thanks to OFFSec for sponsoring this video - get your $100 discount using my link (valid until 31 August 2024): davidbombal.wiki/osccWant to win the free place? (T&C's apply)Enter here: gleam.io/BS3FT/offsec-oscc-gi...//Jeremy’s Socials//Website: jeremyharbinger.com/X: x.com/JeremyHarbingerLinkedIn: / jeremy-miller-b6816987//OffSec’s Socials//X: x.com/offsectrainingSpotify: podcasters.spotify.com/pod/sh...// OffSec’s OSCC link //OSCC: davidbombal.wiki/oscc// YouTube video Reference //
2025-03-1432 minThe B2B Content Strategy Show
The B2B Content Strategy ShowFrom Silos to Synergy: How Companies Should Align Their Content and Product Marketing (with Thereasa Roy from OffSec)This week on the podcast, Niels van Melick is joined by Thereasa Roy, Director of Content and Product Marketing at OffSec, to explore the unique benefits of aligning product marketing with content marketing for long-term success. Thereasa shares her experiences overseeing both teams and how it has led to more cohesive messaging and impactful campaigns.Here's what you'll learn in this episode:Why combining product marketing and content marketing creates more impact.The benefits of a unified messaging framework and how to implement it.How to use customer insights to shape both content and...
2024-11-2028 minDavid Bombal
David Bombal#476: New Cybersecurity Certification?A huge thanks to OFFSec for sponsoring this video - get your $100 discount using my link (valid until 31 August 2024): https://davidbombal.wiki/oscc Want to win the free place? (T&C's apply) Enter here: https://gleam.io/BS3FT/offsec-oscc-gi... //Jeremy’s Socials// Website: https://jeremyharbinger.com/ X: https://x.com/JeremyHarbinger LinkedIn: / jeremy-miller-b6816987 //OffSec’s Socials// X: https://x.com/offsectraining Spotify: https://podcasters.spotify.com/pod/sh... // OffSec’s OSCC link // OSCC: https://davidbombal.wiki/oscc // YouTube video Reference // Dark Side of AI: • The real world truth about AI Hacking // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twit...
2024-08-1432 minCISO Series Podcast
CISO Series PodcastYou Can't Leak What You Don't CollectAll links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our sponsored guest, Jeremiah Roe, advisory CISO, OffSec. In this episode: What happens as data minimization in the US changes from a potential policy goal to a regulatory imperative? How does this impact the rest of the industry? How do CISOs start getting ready for compliance? How to improve cybersecurity...
2024-05-2134 minThe Professional CISO
The Professional CISOAttacking Healthcare from All Sides with OffSec Director, James BinfordA Texas Tech2Table event sets the stage for David and his podcast guest, James Binford, an Offensive Security Director. They discuss how his background as a former BISO influences his insights on offensive and defensive security, specifically surrounding healthcare. The conversation also touches on AI in security, and the importance of incorporating writing and storytelling to help formulate your message. Sponsors:  This episode is brought to you by ContraForce. When you need to to get maximum productivity from your existing Microsoft Security stack and other leading tools, you should be working with ContraForce. https://w...
2024-04-1022 minDefense in Depth
Defense in DepthOnboarding Security ProfessionalsAll links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Paul Connelly, former CISO, HCA HealthcareGot feedback? In this episode: How important is onboarding new cyber talent? Does it set the tone for their tenure with your organization? What should CISOs do to make sure onboarding i...
2024-04-0431 minDefense in Depth
Defense in DepthHow to Improve Your Relationship With Your BossAll links and images for this episode can be found on CISO Series. Check out this post Monte Pedersen of The CDA Group for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.  Joining us is our guest, Jerry Davis, division director for cyber defense at Truist Bank. In this episode: Why does advancing your career require more than just technical skills? Does it require you to build relationships within y...
2024-03-2829 minCybersecurity Headlines
Cybersecurity HeadlinesWeek in Review: Okta explains hack, Google Calendar as C2, Selling military dataLink to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Sean Kelly with guest Howard Holton, CTO, GigaOm Thanks to today’s episode sponsor, OffSec OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you’ll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear fro...
2023-11-1025 minCybersecurity Headlines
Cybersecurity HeadlinesUS most breached, ChatGPT gets DDoS, Clop exploits SysAidUS most breached country last quarter OpenAI blames DDoS attacks for ongoing ChatGPT outages Clop exploits SysAid vulnerability Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board...
2023-11-1007 minCybersecurity Headlines
Cybersecurity HeadlinesShields Ready campaign, AI imagery rules for the election, App Defense Alliance moves to Linux FoundationUS launches “Shields Ready” campaign Microsoft and Meta announced AI imagery rules App Defense Alliance moves under the Linux Foundation Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attr...
2023-11-0907 minCybersecurity Headlines
Cybersecurity HeadlinesMarina Bay Sands customer data hacked, Atlassian bug escalated to 10.0 severity, Fake crypto app steals over $700,000Singapore’s Marina Bay Sands customer data stolen in cyberattack Atlassian bug escalated to 10.0 severity Fake Ledger Live app steals over $700,000 in crypto Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, wh...
2023-11-0808 minCybersecurity Headlines
Cybersecurity HeadlinesDropper bypasses Google, CISA’s zero-day worries, Google Calendar as C2Android Dropper-as-a-Service Bypasses Google’s Defenses Increase in zero-day exploits worries CISA Google Calendar as a C2 infrastructure Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the cr...
2023-11-0708 minCybersecurity Headlines
Cybersecurity HeadlinesOkta’s hack explanation, Looney Tunables exploited, Lazarus likes KandyKornOkta explains hack source and response timeline Looney Tunables now being exploited Lazarus Group uses KandyKorn against blockchain engineers Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great...
2023-11-0607 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 58: How To Identify and Mitigate Insecure Windows ServicesIn this episode, we're talking about How To Identify and Mitigate Insecure Windows Services. This is a very common issue we see on internal pentests. So much so that day 1 of our internal pentests revolves around evaluating the security and configuration of the endpoint to identify these issues. But this is only the tip of the ice burg.https://offsec.blog/hidden-danger-how-to-identify-and-mitigate-insecure-windows-services/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Wo...
2023-09-1330 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 54: Misconfigured and Dangerous Logon ScriptsIn this episode we're talking about misconfigured and dangerous logon scripts. Spencer and Brad discuss 4 common examples, based on real-world engagements, of how logon scripts can be misconfigured and how they can allow for all sorts of bad things. Do you know what's hiding in your logon scripts?  Read the blog post that goes along with this episode here: https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-scripts/https://github.com/techspence/ScriptSentryBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go...
2023-08-1622 minDavid Bombal
David Bombal#421: The best Hacking Cert just got updated (OSCP PEN-200)If you want to become a Pentester in 2023, then you should get your OSCP - this is what a lot of experts I interview recommend. The Official OSCP course (PEN-200: Penetration Testing with Kali Linux) recently got updated. I interview Jeremy Miller from OffSec about the changes. Disclaimer: I was NOT paid for this interview. I wanted to make this video because it affects many of you watching and I would have done it without receiving anything from OffSec. However, they did give me access to Learn One for one year so I could see the course content. This...
2023-07-0255 minDavid Bombal
David Bombal#421: The best Hacking Cert just got updated (OSCP PEN-200)If you want to become a Pentester in 2023, then you should get your OSCP - this is what a lot of experts I interview recommend. The Official OSCP course (PEN-200: Penetration Testing with Kali Linux) recently got updated. I interview Jeremy Miller from OffSec about the changes. Disclaimer: I was NOT paid for this interview. I wanted to make this video because it affects many of you watching and I would have done it without receiving anything from OffSec. However, they did give me access to Learn One for one year so I could see the course content. This has...
2023-05-0255 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 34: The State of Web Application Penetration TestingIn this episode, Darrius and Brad look at the current state of web application penetration testing, why it is how it is, and what you can do if you want to break into the field. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: htt...
2023-03-2925 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 33: Reflections on Privacy Law and Privacy IssuesIn this episode, Brad and Darrius talk about some of the buzz around recent changes in privacy regulation/law and how it may impact other market verticals such as banking, law firms, and retail. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://sec...
2023-03-2224 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 28: BurpSuite 2023 Roadmap - Huge Improvements!In this episode, Brad and Darrius discuss recent and upcoming changes made to the BurpSuite line of products. If you're a web application penetration tester or just interested in web application security, check this out, it's a game-changer.PortSwigger Post: https://portswigger.net/blog/burp-suite-roadmap-update-january-2023Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Sp...
2023-02-1527 minThe Official OffSec Podcast
The Official OffSec Podcast#37: Persistence in Information Security with Shad0wbitsThe OffSec Podcast returns this week with special guest Kai (Shad0wbits), the founder and Chief Security Architect at Black Cipher Security. Host TJ Null begins by asking Kai about what piqued his interest in the Infosec field and what resources he used to get himself started. He shares what made him decide to start his own pentesting firm and gives advice for those looking to start their own business. He then describes his definition of red teaming, his favorite environment to access, and the worst thing he’s done in a test. Lastly, Kai explains why it’s impo...
2023-01-1741 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 18: An introduction to Burp SuiteIn this episode, Darrius and Brad talk about Portswigger's Burp Suite, how they use it, and why it's important. They also offer a sneak-peak into what's coming in 2023! Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Fin...
2022-11-3018 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 17: Abusing WSUS for Lateral MovementIn this episode Spencer and Brad talk about the hidden dangers of not properly protecting Microsoft WSUS Servers. That's Windows Server Update Service for those not in the know. Attackers often use legitimate functionality to gain ground and WSUS is no different.Nettitude blog discussing SharpWSUS: Introducing SharpWSUS - Nettitude LabsSpencer's fork of SharpWSUS: GitHub - techspence/SharpWSUS: SharpWSUS is a c# tool for abusing Microsoft Windows Server Update Services for Lateral MovementBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpov
2022-11-2321 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 16: OWASP API Hacking and DevSec with Matt TesauroIn this episode Brad is joined by Matt Tesauro to talk all things OWASP, API Hacking and DevSec. Matt Tesauro is a Distinguished Engineer at NoName Labs, a member of the OWASP Global Board of Directors and Founder of 10Security, the creators of DefectDojo.Matt Tesauro is a DevSecOps and AppSec guru with specialization in creating security programs, leveraging automation to maximize team velocity and training emerging and senior professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via his involvement in open-source projects, presentations, trainings and new technology innovation....
2022-11-1633 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 15: Pentesting Certifications - which to get and whyAre you looking for your first job in penetration testing? Perhaps you're looking to advance and up your skills or maybe you're a manager looking to hire a penetration tester to your team. In this episode Brad, Spencer and Darrius talk about which pentesting certs to get and why.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov ...
2022-11-0937 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 14: Offensive Security Testing Part 3 - Web App PentestingThis is part 3 of a multi-episode series where the Offsec group at SecurIT360 dives into the details of various Offensive Security Tests, what they mean, what to expect, war stories and much more!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us...
2022-11-0231 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 13: Offensive Security Testing Part 2 - Mobile PentestingThis is part 2 of a multi-episode series where the Offsec group at SecurIT360 dives into the details of various Offensive Security Tests, what they mean, what to expect, war stories and much more!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us...
2022-10-2617 minThe Official OffSec Podcast
The Official OffSec Podcast#36: Continuous Security Testing with Rob Ragan, Principal Researcher at Bishop FoxHost FalconSpy returns this week joined by Rob Ragan, Principal Researcher at Bishop Fox! They begin by diving into tips for organizations beginning to build out their continuous security testing and why it’s so important. Regan also shares bugs he’s discovered deploying your tools to assist with continuous security testing. Next, he gives advice based on his own experience in the InfoSec field to those aspiring to break into the industry. Lastly, he discloses whether degrees or certifications are necessary for a career in InfoSec and how to become more specialized in continuous security testing and automation. Enjo...
2022-10-2553 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 12: Law Firm Security Challenges Live at LegalSec22Coming at you LIVE from LegalSec22 in San Antonio Texas. In this episode Brad and Spencer discuss common security challenges that are unique to law firms and provide insights on ways to begin solving those challenges.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links ...
2022-10-1915 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 11: Offensive Security Testing Part 1 - Internal PentestingThis is part 1 of a multi-episode series where the Offsec group at SecurIT360 dives into the details of various Offensive Security Tests, what they mean, what to expect, war stories and much more!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us...
2022-10-1226 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 10: Web Application Threats in the Modern LandscapeWeb application risks are not new, but they are different because how they have fully proliferated all aspects of modern computing. Everything lives on HTTP or HTTPS or some webservice. Tune into this episode to learn about some of the most common risks we see with web applications in the modern landscape.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com...
2022-10-0522 minThe Official OffSec Podcast
The Official OffSec Podcast#35: Cybersecurity Awareness with Christopher ForteIn this week’s episode, host TJ Null welcomes Christopher Forte, an infrastructure engineer at Offensive Security. Forte has red-teamed the city of Los Angeles, spoken at Defcon, and hosted training events for multiple intelligence agencies. The episode begins with Christopher sharing resources he used to get his start in the infosec field.  He then comments on why he believes information security is an important topic to care about in our technology-driven lives. Next, the most important security awareness topic, according to Forte, is discussed and he shares some recommendations for improving your information security–whether personally or professionally. Lastl...
2022-10-0429 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 9: Breaking In Or Branching Out: How To Get A Job In CybersecurityThere's essentially a 0% unemployment rate in cybersecurity. It's a very hot field, great job security, great pay and great mission. But, with that comes a high level of competition for individuals seeking cybersecurity jobs. So on today's episode, Brad and Spencer talk with Misty Stacy, Managing Partner at Trusted Cyber Talent, who is on the forefront of helping cybersecurity professionals find their first or next cybersecurity job.Looking for help getting a job in Cyber? Check out https://testedcybertalent.com or reach out to Misty at https://www.linkedin.com/in/mistystacy Blog: https://offsec...
2022-09-2840 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 8: Hackers: How we get in and how to stop usIn this episode Brad and Spencer discuss the THREE primary ways we gain initial access on penetration tests and how to stop us! The moral of this story is that these are attack vectors we see adversaries using day in and day out to compromise organizations. We hope this episode helps you track down and close those gaps in your own environments. Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube...
2022-09-2134 minThe Cyber Threat Perspective
The Cyber Threat Perspective9-16-22 Week in Review: Uber Hacked, Teams Cleartext Tokens, Intermittent Ransomware EncryptionIn this week's reviewUber was hackedMicrosoft Teams stores auth tokens as cleartext in Windows, Linux, MacsRansomware Developers Turn to Intermittent Encryption to Evade DetectionBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vu...
2022-09-1615 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 7: How to Make Threat Actors CryIn this episode Brad and Spencer talk about what mature, proactive organizations are doing to harden and secure their environments, with the end goal of forcing attackers to make more noise which hopefully leads to quicker detection and ejection from your network. These are things that get us caught and slow us down on penetration tests and they are things that will absolutely do the same to real threat actors. Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
2022-09-1430 minThe Cyber Threat Perspective
The Cyber Threat Perspective9-9-22 Week in Review: New EvilProxy Phishing Service and Linux MalwareIn this week's review:New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor SecurityNew Linux Malware Evades Detection Using Multi-stage DeploymentBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn ab...
2022-09-0921 minThe Official OffSec Podcast
The Official OffSec Podcast#34: How to Succeed in InfoSec with Jim O’Gorman and Dave KennedyHost TJ Null returns this week with an episode featuring two special guests: Jim O’Gorman and Dave Kennedy! Jim O’Gorman is the Chief Content and Strategy Officer for OffSec and has been in the information security world for more than a decade. Dave Kennedy, CEO and Founder of TrustedSec, has presented at conferences such as Defcon and Blackhat. Together, Jim and Dave wrote Metasploit: The Penetration Tester's Guide and collaborated on ideas for the Mr. Robot TV Show. They begin the episode by sharing what got them into the information security field and how they met for the...
2022-09-081h 18The Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 6: 5 Ways to Get More Value out of your External Penetration TestAre you sure you're getting what you paid for when it comes to external penetration tests? In this podcast Brad and Spencer discuss 5 things that you as a consumer of penetration tests can do to get more value from them. Some of these are easy wins, some of them require work, all of them will make your external pentests better.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www...
2022-09-0723 minThe Cyber Threat Perspective
The Cyber Threat Perspective9-2-22 Week in Review: Okta Phishing, BEC Analysis, LNK AttacksIn this week's reviewRoasting 0ktapus: The phishing campaign going after Okta identity credentialsAdvanced BEC Scam Campaign Targeting Executives on O365The Rise of LNK Files (T1547.009) and Ways To Detect ThemBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work wi...
2022-09-0227 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 5: Common High Risk Findings on Internal Penetration Tests & How to Mitigate ThemIt's an unfortunate truth that we see these common high risk findings time and time again on internal pentests. We find these issues on super-maximum secured environments as well in less hardened environments. The end result though is the same. Tune in to learn more about these common high risk findings and most importantly, how to mitigate them for free!Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www...
2022-08-3130 minThe Cyber Threat Perspective
The Cyber Threat Perspective8-26-22 Week in Review: LastPass Breach, Office 365 Abuse, DevSecOpsIn this week's reviewHackers Breach LastPass Developer System to Steal Source CodeYou Can’t Audit Me: APT29 Continues Targeting Microsoft 365 | MandiantThe GitLab 2022 Global DevSecOps SurveyBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matt...
2022-08-2631 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 4: 7 Awesome Ways to Show Off Your Skills as a PentesterIn order to stay relevant and up-to-date with new techniques and tools, it requires a certain amount of focus day after day, week after week, year after year. That focus being constant improvement. If we, as pentesters, don’t get better, we can’t help businesses defend better.So that’s what this podcast is about. Constant improvement and showing that off to the world. We are going to talk about WHY you would want to show off your skills as a pentester as well as 7 awesome ways to do just that, show off your skills as a pent...
2022-08-2432 minThe Cyber Threat Perspective
The Cyber Threat Perspective8-19-22 Week in Review: Password Snooping, Supply Chain, Cl0p RansomwareIn this week's reviewCleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPYRealtek SDK Vulnerability Exposes RoutersInfoSec Handlers Diary Blog - SANS Internet Storm CenterCVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflowClop Ransomware Gang Breaches Water Utility, Just Not the Right Onehttps://twitter.com/malwrhunterteam/status/1559244860636413952?s=20&t=ixiTRaQ9aflHzI37D_VlwQhttps://twitter.com/UK_Daniel_Card/status/1559252446320500741?s=20&t=ixiTRaQ9aflHzI37D_VlwQBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
2022-08-1922 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 3: It's a Trap! Avoid These 4 Common Pentesting MistakesThis podcast is a discussion about 4 Common Pentesting Mistakes that we oursleves have made and have seen other pentesters make. Hopefully, the dialog around these mistakes and how we go about solving them, helps you not make them yourself or to realize them and recover from them quickly.Read the associated blog post here: https://offsec.blog/its-a-trap-avoid-these-4-common-pentesting-mistakes/Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/...
2022-08-1732 minThe Cyber Threat Perspective
The Cyber Threat Perspective8-12-22 Week in Review: BumbleBee Malware & High Profile Phishing AttacksIn this week's reviewBumbleBee Roasts Its Way to Domain AdminSMS & Voice Phishing Attackshttps://www.twilio.com/blog/august-2022-social-engineering-attackhttps://blog.cloudflare.com/2022-07-sms-phishing-attacks/https://blog.talosintelligence.com/2022/08/recent-cyber-attack.htmlBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://se...
2022-08-1223 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 2: How to Find Passwords on Network Shares Before Attackers DoBrad and Spencer discuss a common finding on internal penetration tests. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
2022-08-1016 minThe Cyber Threat Perspective
The Cyber Threat Perspective8-5-22 Week in Review: Evasive Phishing, Tricky Malware and Initial Access BrokersIn this week's reviewLarge-Scale AiTM Attack targeting enterprise users of Microsoft email servicesDeception at a scaleInitial Access Brokers Are Key to Rise in Ransomware AttacksBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Fi...
2022-08-0524 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveEpisode 1: Takeaways from the 2022 Verizon Data Breach Investigations ReportThis podcast is a discussion about the 2022 Verizon Data Breach Investigations Report and some of our key takeaways. From the Executive Summary of the DBIR: As introduced in the 2018 report, the DBIR provides “a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime.” For this, our 15th anniversary installment, we continue in that same tradition by providing insight into what threats your organization is likely to face today, along with the occasional look back at previous reports and how the threat landscape has changed over...
2022-08-0333 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveJuly 29th Week in Review: Intergalactic Planetary Phishing, ISOs & LNKs, Ransomware & ExtortionIn this week's reviewIPFS The New Hotbed of PhishingHow Threat Actors Are Adapting to a Post-Macro WorldPalo Alto 2022 Incident Response Threat ReportFewer Ransomware Victims Pay As Medium Ransom Falls in Q2 2022Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: ht...
2022-07-2931 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveJuly 22nd 2022 CTP Week in Review: RIP Macros, Bad Luck BlackCat, Mr. EagleIn this week's review: Microsoft resumes default blocking of Office macros after updating docshttps://docs.microsoft.com/en-us/deployoffice/security/internet-macros-blockedA potentially dangerous macro has been blockedBlackCat ransomware attacks not merely a byproduct of bad luck'AIG' Threat Group Launches With Unique Business ModelBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Lin...
2022-07-2224 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveJuly 15th 2022 CTP Week in Review: Macros, Coin Miners, Rustomware, Cookie PhishingIn this week's review:Microsoft DOES plan to work on blocking internet macros by default in Office, their pause is apparently temporaryThe DFIR Report - SELECT XMRig FROM SQLServerHive ransomware gets upgrades in RustFrom cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraudBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov
2022-07-1528 minThe Official OffSec Podcast
The Official OffSec Podcast#33: FalconSpy Dives into His Day Job, Internal Penetration TestingIn this week's episode, host Jeremy (harbinger) Miller chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into penetration testing, what pentesting is, application/code reviews, red teaming, and more. He also dives into internal vs external pentesting by discussing who the client is, perimeter access levels, and the mindset of each. While sharing his experience throughout his pentesting journey, he also gives tips on what every pentester should know. Enjoy!
2022-07-1431 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveJuly 8th 2022 CTP Week in Review: Office Macros - BRC4 - QNAPWorm - Leaky S3 Buckets - Prevention Over ResponseIn this week's reviewMicrosoft Rolls Back Decision to Block Office Macros By Default 😢Possible APT29/Ransomware Groups Use of Brute Ratel C4When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious ActorsReversing Malware Also How is APT 29 Successful with This Phishing TechniqueRaspberry Robin/QNAPWormRaspberry Robin gets the worm earlyMicrosoft finds Raspberry Robin worm in hundreds of Windows networksNew Raspberry Robin worm uses Windows Installer to drop malwareCloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 BucketPrevention Takes Priority Over ResponseBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTN...
2022-07-0826 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveJuly 1st 2022 CTP Week in Review: LNK Malware - LockBit 3.0 Bug Bounty - PwnKit Exploitation In The WildIn this week's reviewRise of LNK (Shortcut files) MalwareLockBit 3.0 Released Now With Bug Bounty ProgramCISA Says PwnKit Exploited in the WildBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, le...
2022-07-0112 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveJune 24th 2022 CTP Week In Review: DFSCoerce, Ransomware in OneDrive & PowerShell ForeverIn this week's review:New NTLM Relaying Attack via DFSCoerceRansomware Potential for OneDrive & SharePoint FilesKeeping PowerShell: Security Measures to Use and EmbraceBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, le...
2022-06-2815 minThe Official OffSec Podcast
The Official OffSec Podcast#32: Election Integrity & Critical Infrastructure with Lester GodseyIn this week’s special episode, Dr. Heather Monthie sits down with Lester Godsey, CISO of Maricopa County, Arizona. Lester begins by explaining how he got into the cybersecurity field and shares a fun fact about himself. He then shares his role as a CISO, how security supports different departments, and the biggest risks he sees in critical infrastructure security. The integrity of the 2020 US Presidential Election is discussed along with Godsey’s take on the threats he saw in Maricopa County and lessons learned. Moreover, he highlights the spread of misinformation on social media as well as advice he h...
2022-06-2141 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveJune 17th 2022 CTP Week In Review: BlackCat - LockBit 2.0 - Saitama DNS Tunneling - Exposed Travis CI LogsIn this week's review:The rise of BlackCat (ALPHV) ransomwareMicrosoft Analysis of BlackCatAdvIntel Analysis of BlackCatRansomware Group Debuts Searchable Victim DataLockBit 2.0: How This RaaS Operates and How to Protect Against ItTranslating Saitama's DNS tunneling messages - SANS Internet Storm CenterPublic Travis CI Logs (Still) Expose Users to Cyber AttacksBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com...
2022-06-1728 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveJune 10th 2022 CTP Week in Review: Dogwalk - Qakbot - Follina - ESXi RansomwareIn this week's review:A DFIR Report with no Ransomware and no Cobalt StrikePath Traversal & MOTW Bypass - DIAGCAB Windows Zero-day aka "Dogwalk"Linux version of Black Basta ransomware targets VMware ESXi serversTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go...
2022-06-1023 minThe Official OffSec Podcast
The Official OffSec Podcast#31: How the OSCP Certification Supports Career GrowthIn this episode, host TJ Null sits down with DarkStar7471 aka Dark, our recent community moderator for the OffSec Community. Dark is currently a lead pentester at State Farm Insurance and has produced content for TryHackMe. He starts by sharing his journey before working for OffSec as well as what piqued his interest in the information security field. Then, Dark highlights why he decided to obtain his OSCP and how the knowledge he gained from the course benefits him in his career trajectory. He also shares some exciting projects he works on relevant to pentesting. Lastly, Dark shares advice...
2022-06-0827 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveJune 3rd 2022 – Cyber Threat Perspective – Week in ReviewIn this week's review:Microsoft Diagnostics Tool Remote Code Execution Zero DayNew Windows Search zero-day added to Microsoft protocol nightmareVendor Refuses to Remove Backdoor Account That Can...Over 3.6 million exposed MySQL servers on IPv4 and IPv6 |...APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-DaysBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇
2022-06-0328 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveThreat Intel Flash Briefing May 31st 2022 - Follina - CVE-2022-30190The sky IS NOT falling with this one. Is it important? Yes. Does it highlight an area that's under-researched and likely contains additional attack vectors and techniques? Absolutely. Resourceshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629ehttps://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bughttps://github.com/NVISOsecurity/nviso-cti/blob/master/advisories/29052022%20-%20msdt-0-day.mdJohn Hammond's Excellent CVE-2022-30190 VideoBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpov...
2022-05-3117 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveMay 27th 2022 – Cyber Threat Perspective – Week in ReviewIn This Weeks ReviewPDF Malware Is Not Dead YetDetecting & Preventing Rogue Azure SubscriptionsPython and PHP Library Updated with 'Extra' Features by a "Security Researcher"2022 Verizon Data Breach Investigations ReportZoom: Remote Code Execution with XMPPExploit released for critical VMware auth bypass bugBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: ht...
2022-05-2733 minThe Official OffSec Podcast
The Official OffSec Podcast#30: How to Hire the Best Cybersecurity Talent with FalconSpyIn this week’s episode, host Dr. Heather Monthie chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into cybersecurity, what attracted him to the field, and the biggest lesson he’s learned in his career so far. Sharing his experience throughout his OSCP journey, he shares tips for anyone looking to pass the exam who are trying to balance other responsibilities. Then, he offers advice for cybersecurity managers on how to locate the best talent. FalconSpy explains how to make these positions more attractive to c...
2022-05-2533 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveMay 20th, 2022 - Cyber Threat Perspective - Week in ReviewIn This Weeks ReviewGootloader & Gootkit Analysis by DFIR Report and Red CanaryAuthenticated PetitPotam Lives On (CVE-2022-26925)The Hunter Becomes the Hunted: Evicting the AdversarySpoofing SaaS Vanity URLS for Social Engineering AttacksBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links ...
2022-05-2021 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveMay 13th, 2022 - Cyber Threat Perspective - Week in ReviewIn This Weeks ReviewThreat Actor using Windows Event Logs for "fileless" MalwareCVE-2022-1388 - F5 BIG-IP PoC ReleasedCVE-2021-22600 - Privilege Escalation Bug In The Linux KernelCVE-2022-26925 - A Windows LSA Spoofing Vulnerability (PetitPotam)CVE-2022–26923 - Another ADCS Domain Privilege EscalationBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on so...
2022-05-1318 minThe Cyber Threat Perspective
The Cyber Threat PerspectiveMay 6th, 2022 - Cyber Threat Perspective - Week in ReviewIn this week's review:Detecting SharpHound using DecoysUNC3524: Eye Spy on Your Email | MandiantThe New Initial Access Trend: ZIPs, ISOs & LNKsUnauthenticated RCE in F5 BIG-IP CVE-2022-1388Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Fi...
2022-05-0627 minThe Official OffSec Podcast
The Official OffSec Podcast#29: How Hackers Think with Dr. Timothy SummersIn this week’s special episode, hosts Dr. Heather Monthie and Jeremy (harbinger) Miller sit down with Dr. Timothy Summers, PhD and Executive Director of Product Development at Arizona State University. Summers is an ethical hacker, professor, TED speaker, and a leading expert in cybersecurity strategy, blockchain technology, and how hackers think. To begin, he explains how he first got into cybersecurity when he got hacked himself. From this experience, he generated a curiosity about why and how it happened. He then shares his hobbies outside of cybersec and dives into his work on hacking cognitive psychology and the ha...
2022-04-2056 minThe Official OffSec Podcast
The Official OffSec Podcast#28: ShadowKhan, Lead Pentester and OffSec Community ModeratorIn this episode, host TJ Nulls sits down with ShadowKhan, a lead pentester and a community moderator in the OffSec Discord server. ShadowKhan tells his non-traditional story as to how he got into infosec. He also tells what resources he used to get started and gives some tips for anyone interested in getting into the security world. There’s one book in particular, that he highly recommends. ShadowKhan recently obtained his OSCE³ certification and describes his favorite aspect of those courses. On the offensive side of security, our guest tells us his favorite environment to access as well as two...
2022-04-1341 minThe Official OffSec Podcast
The Official OffSec Podcast#27: YinYang in Infosec with Jeremy (harbinger) MillerIn this special episode, Jeremy (harbinger) Miller chats with Chris Glanden on the BarCode podcast. From BarCode’s show notes: “The YinYang philosophy says that the universe is composed of competing and complementary forces governed by a cosmic duality, sets of two opposing and complementing principles or energies that can be observed in nature. Similarly, the nature of offensive security requires a balance of proper mindset and technical expertise. To truly master this security discipline, you must learn to balance and draw from different sides of experiences in life, including the psychological aspect as well as t...
2022-04-0638 minThe Official OffSec Podcast
The Official OffSec Podcast#26: Cybersecurity hiring with CISO, Mike ManrodFor this week’s episode, host Dr. Heather Monthie chats with Mike Manrod, CISO of Grand Canyon Education. As a cybersecurity leader, he shares his expertise on how he recruits, mentors, and guides aspiring cybersecurity professionals in their career paths. He first starts by sharing his mid-career switch into the cybersecurity world along with his interest in martial arts. Then, he discusses his experience as a CISO, plus the biggest challenge and most rewarding part of the role. He offers tips for security leaders and managers on how to hire top talent in the cybersecurity industry. Moreover, they chat ab...
2022-03-2324 minThe Official OffSec Podcast
The Official OffSec Podcast#25: Mentoring and OSCP Tips with Mike Waxman (Security Engineer, LinkedIn)This week, hosts TJ Null and FalconSpy sit down with Mike Waxman, Security Engineer at LinkedIn. Mike was originally a TPM and is now a Security Engineer. He starts off by describing how he made the switch and shares some advice for those looking to change roles into security. And for those already in the field, he also gives tips on how to get that coveted promotion. Related to that, Mike discusses his mentoring experience and what kinds of knowledge he passes along to those new to the industry. Mike is currently working through his PEN-200 journey toward the...
2022-03-1626 minThe Official OffSec Podcast
The Official OffSec Podcast#24: Kerberoasting & Security Consulting with Tim Medin (@timmedin)On this week’s episode, host TJ Null is joined by Tim Medin. Tim is the creator of kerberoasting and the CEO of Red Siege Information Security. He begins by recounting how he joined the infosec field as well as some resources he used to get himself started. Next, he highlights his favorite tools that he enjoys using on an engagement. TJ and Tim also chat about the first moment Tim discovered kerberoasting and his research on new attack techniques. He gives advice to users who want to implement detection/protection against kerberoasting. Then, he details what it’s like...
2022-03-0243 minThe Official OffSec Podcast
The Official OffSec Podcast#23: Sharing Knowledge in Infosec with Phillip WylieThis week host TJ Null chats with Phillip Wylie, Tech Evangelist at cycognito. Phillip has been a pentester for several years and in the IT industry for even longer. He tells an interesting story of how he got into infosec and some of the resources he used to get started. TJ and Phillip also chat about the OSCP, the Try Harder mindset, and what they mean for Phillip. Our guest regularly shares knowledge, gives talks, blogs, and teaches, and, in this episode, dives into what drives him to pass on knowledge. He also gives some tips for those starting...
2022-02-2329 minThe Official OffSec Podcast
The Official OffSec Podcast#22: Cybersecurity in Higher Ed with Ken PyleHost Dr. Heather Monthie sits down with Ken Pyle, a graduate professor of cybersecurity and a partner of CYBIR. He begins the episode by chatting about how he got into cybersecurity and teaching in higher education. Then, he shares what he considers the hardest part as well as the most rewarding part of teaching cybersecurity to students. Heather and Ken also discuss how technology will change how higher education approaches teaching and learning infosec. He reveals how he believes colleges and universities can meet the demand for skilled professionals in this field and advice he has for infosec professors...
2022-02-1640 minThe Official OffSec Podcast
The Official OffSec Podcast#21: PEN-200 (PWK) Topic Exercises with Matteo Malvica (uf0)Join host, Jeremy Miller (harbinger), as he sits down with Matteo Malvica (uf0) to discuss the new PEN-200 (PWK) Topic Exercises. They start the chat with Matteo’s background and what it’s like to be a Content Developer at OffSec. His first project was SOC-200, though his background was largely offensive. They chat about taking on the creation of a defensive course, coming from the offensive side. Matteo also reveals more details about SOC-200, including its structure and forthcoming content. Then they move to PEN-200 (PWK)’s new Topic Exercises: what they are and why they help the studen...
2022-02-0924 minThe Official OffSec Podcast
The Official OffSec Podcast#20: The importance of a growth mindset in infosec with J3rryBl4nksHosts FalconSpy and TJ Null sit down with J3rryBl4nks, a member and Community Moderator on the OffSec Discord server. J3rryBl4nks is a Director of InfoSec for a small business organization. In this episode, he talks about how he got interested in the infosec field. He discusses why he thinks gaining knowledge through a degree or certifications is imperative in the infosec industry, along with a growth mindset. Then, he details his experience with PEN-200, including his take on the OSCP exam and tips to future students embarking on their PEN-200 journey. Additionally, J3rryBl4nks...
2022-02-0237 minThe Official OffSec Podcast
The Official OffSec Podcast#19: Getting comfortable with the uncomfortable in infosec with Heather MonthieHost Harbinger (Jeremy Miller) sits down with Dr. Heather Monthie, Head of Cybersecurity Training, Education, and Innovation at OffSec. In this episode, Heather highlights her diverse background in education, leadership, and technology and how this allows her to improve initiatives at OffSec. Then, she details the intersection of teaching and learning in the classroom and how this relates in OffSec courses. Harbinger and Monthie additionally dive into the importance of being a lifelong learner in the cybersecurity industry and the best way to create a safe learning environment. Finally, they wrap up by emphasizing the significance of continuing to...
2022-01-2636 minThe Official OffSec Podcast
The Official OffSec Podcast#18. From Defensive to Offensive with Billy Trobbiani (c0ntra)Host TJ Null sits down with Billy Trobbiani (c0ntra), Content Developer at OffSec. c0ntra starts by describing what got him interested in joining the Information Security field. Then, he details the role he specialized in when he was a blue teamer and the issues that blue teamers face during their day-to-day operations. c0ntra additionally reveals how he felt after his transition from defense to offense in cybersecurity. Next, they dive into how people on the defensive side of cybersec can learn techniques from those on the offensive side. We then learn how c0ntra got into...
2021-12-2030 minThe Official OffSec Podcast
The Official OffSec Podcast#17. Web Developer turned InfoSec Pro with OmeganethHosts FalconSpy and Harbinger (Jeremy Miller) catch up with Omeganeth, a member and Community companion on our Discord server. In the episode, Omeganeth reveals what got him into the Information Security field. He then mentions the resources he leveraged that got him started on his journey with InfoSec. They dive into the struggles and challenges he faced on his PEN-200 journey and how that changed through the Learn One subscription. Omeganeth gives a description of his experience on Discord when interacting with the community and offers advice to fellow students in regards to it. Finally, Omeganeth ends with a...
2021-12-0724 minThe Official OffSec Podcast
The Official OffSec Podcast#16. Nation-State Level Defense with Max Kelly, Founder and CEO of [redacted]Hosts Harbinger (Jeremy Miller) and TJNull catch up with Max Kelly, Founder and CEO of [redacted], a threat intelligence and response platform. Max starts by describing his interesting professional story with nation-state level defense from the highest levels of the private and public sectors at organizations including Facebook and U.S. CyberCom. With the level of sophistication used in cyber-attacks increasing, they discuss how this has changed how organizations need to defend themselves. Specifically, they dig into whether purely defensive playbooks apply anymore. They also get into how this changes the skill set that infosec professionals need to be...
2021-11-0539 minThe Official OffSec Podcast
The Official OffSec Podcast#15. Cloud Security with Seth Art, Sr. Security Consultant at Bishop FoxHosts TJNull and FalconSpy catch up with Seth Art, Sr. Security Consultant at Bishop Fox, who also holds his OSCP. They discuss how Seth got into security and his varied background. He also reveals his favorite aspects of working for Bishop Fox, as well as what a junior pentester should know in order to join an offensive security-focused firm like Bishop Fox. They talk about Seth’s OSCP journey and the challenges he overcame to earn his OSCP, including juggling parenting and studying. They then turn to cloud pentesting and Kubernetes security and Seth spills the details on interesting fi...
2021-10-2641 minThe Official OffSec Podcast
The Official OffSec Podcast#14. macOS Control Bypasses (EXP-312) with Csaba Fitzl (@theevilbit)In this episode, Jeremy Miller (Harbinger) catches up with Csaba Fitzl (@theevilbit), Lead Content Developer for macOS Control Bypasses (EXP-312) at OffSec. They start with how Csaba got into InfoSec, particularly macOS security. Csaba explains why he focuses on macOS and why OffSec decided to offer a course on this topic. They dive into the syllabus and Csaba walks us through what EXP-312 covers. He gives a brief description of many of the vulnerabilities and exploits covered and the different techniques employed. They also discuss what to expect in terms of labs as well as prerequisites for the course...
2021-10-1437 minThe Official OffSec Podcast
The Official OffSec Podcast#13. Developer Turned InfoSec Pro, Rey Bango (@reybango)In this episode, our host TJNull chats with Rey Bango (@reybango), Sr. Director, Developer and Security Relations at Veracode. They cover many topics, starting with Rey’s story of how he got into InfoSec, transitioning from being a full-time developer. Rey talks about his favorite programming languages and why he likes each one. They also talk about helping those getting into the field, what languages they should learn, and other skills to develop. Since Rey’s been a developer for a long time, they discuss common coding practices that Rey believes developers should be doing. Additionally, they cover the one...
2021-09-291h 21The Official OffSec Podcast
The Official OffSec Podcast#12. Harbinger spills the details on the OffSec Training Library!Host TJNull talks with Harbinger (Jeremy Miller), Product Manager and Content Contributor at OffSec, who tells about Learn One and Learn Unlimited subscriptions from the OffSec Training Library. They go into why OffSec decided to launch this model as well as the new features and benefits of the Training Library. One area that’s particularly exciting is the brand-new PEN-100 fundamentals content. Harbinger goes into detail on what this fundamentals content is all about and how it differs from anything else OffSec has released to date. They also touch on the new EXP-312 course (macOS Control Bypasses)—which is excl...
2021-09-2123 minThe Official OffSec Podcast
The Official OffSec Podcast#11. Second-career pentester, Drew Kirkpatrick (@hoodoer)Join our host TJNull as he stills down with Drew Kirkpatrick (@hoodoer), Senior Security Consultant at TrustedSec and former Senior Computer Scientist for the U.S. Navy. They discuss his second-career pentesting pursuits and how he made the transition to infosec from a different career. Find out which three skills are the most important to have in pentesting—and how they differ for internal pentesters vs. consultants. They also discuss hoodoer’s favorite tools for web app pentesting as well as some interesting stories from recent engagements he’s been on. Finally, hear some helpful advice for those who are wo...
2021-08-3037 minThe Official OffSec Podcast
The Official OffSec Podcast#10. Team Hashcat Contributor, Dustin Heywood (@EvilMog)Listen in as our host TJNull chats with Dustin Heywood (@EvilMog), a contributor to Team Hashcat who has an extreme addiction to cracking hashes. In addition, he is a Black Badge Holder at DEF CON, DerbyCon, SkyDogCon, and THOTCON. After covering how EvilMog got into infosec, they discuss the most important quality for a pentester or red teamer: writing. Find out why EvilMog considers writing skills to be more important than technical skills when pentesting. Learn more about Team Hashcat as well and the Crack Me If You Can contest they competed in. TJNull and EvilMog get into some...
2021-08-2343 minThe Official OffSec Podcast
The Official OffSec Podcast#9. Red Teamers from Oracle: @ttimzen and @r00tkillahIn this episode, our host, FalconSpy, sits down with Topher Timzen (@ttimzen) and Michael Leibowitz (@r00tkillah), two red teamers from Oracle. They discuss a number of topics, including Topher’s and Michael’s DEF CON 27 Endpoint Detection & Response presentation. They dive into how they got into the infosec field and what makes them so passionate about it. Find out their answer to the age-old question: what's the difference between red teaming and pentesting? Plus, get their take on certifications and what you really need these days to be successful. Finally, as BSides Portland organizers, Topher and Michael give you...
2021-08-0640 minThe Official OffSec Podcast
The Official OffSec Podcast#8. DEF CON Goon, Andy Gill (ZephrFish)Our host, TJ Null, sat down with Andy Gill (ZephrFish) to hear lots of interesting stories from his 15+ years in infosec, including his experience as a Goon at DEF CON (he even met Elon Musk!). They discuss how he got started, his book on learning the ropes, important qualities every pentester and red teamer should have, and more. Hear what ZephrFish advises aspiring pentesters learn and get into before they embark on this path. They also discuss what ZephrFish would like to see changed in the infosec community and how to get there. Enjoy this week’s episode! ...
2021-07-2355 minThe Official OffSec Podcast
The Official OffSec Podcast#7. Popular YouTuber talks offense/defense, imposter syndrome, gatekeeping, and moreHear from Cybersecurity Meg, X-Force Cybersecurity Incident Responder for IBM and popular cybersecurity YouTuber, as she sits down with Harbinger and FalconSpy! They discuss a number of interesting topics, ranging from defense vs. offense and her CISSP journey to what inspired Meg to become a YouTube creator. They also discuss overcoming imposter syndrome and how to handle it as well as naysayers and gatekeepers. Hear about how to maintain mental health, specifically within the information security field, as well as ensuring work-life balance. Finally, learn what Meg has planned next, including earning her OSCP. Enjoy the episode! ...
2021-06-2529 minThe Official OffSec Podcast
The Official OffSec Podcast#6. Chief OffSec content developers pull back the curtain on course development and what’s coming nextIn this exciting episode, hear from OffSec’s chief content developers, Morten Schenk and Alex Uifalvi (Sickness). They discuss with hosts TJ Null and Jeremy Miller (Harbinger) a range of topics including course design, pedagogy, their own backgrounds, and exploit development. Learn about the philosophy behind OffSec’s courseware and their most important lesson learned to teach well. They also spill the details on upcoming projects they are working on as well as how to best prepare for an OffSec course. Finally, get tips on how many lab days are best for you, directly from OffSec. Enjoy the episode!
2021-06-1147 minThe Official OffSec Podcast
The Official OffSec Podcast#5. Hear from DEF CON Black Badge, Social Engineering CTF winner: Alethe Denis!In this action-packed episode, our host TJ Null sits down with Alethe Denis, to talk social engineering, red team, blue team, raising chickens, and everything in between! Learn why Alethe was honored by DEF CON with a Black Badge following her win of the Social Engineering Capture the Flag (CTF) contest at DEF CON 27. She shares her favorite tools for social engineering campaigns as well as the best way to gain trust and get the answers you need in a phishing campaign. Alethe breaks down what it takes to be a world-class social engineer. She also touches on her...
2021-05-2854 minThe Official OffSec Podcast
The Official OffSec Podcast#4. S1REN on advice for women in Infosec, essential technical skills and more!In this episode, hosts TJ Null and Harbinger talk infosec with S1REN, a very accomplished member of the community and a moderator of OffSec's Discord. Among other things, they discuss how S1REN got into infosec and why, some advice for women looking to get into infosec, and why BASH, Python, and TCP/IP are so essential for people to get into before getting into security. They also touch on good ways to break into infosec and some things S1REN would like to see changed in the infosec field.
2021-05-1552 minThe Official OffSec Podcast
The Official OffSec Podcast#3. 0xdade on hacking and making music about the Infosec worldIn this action-packed episode, hosts TJ Null and FalconSpy sit down with 0xdade. Here are some of topics they discuss: How 0xdade broke into InfoSec 0xdade’s OSCP advice The importance of note taking and communication skills in InfoSec The most important quality of a pentester or red teamer 0xdade’s project, Natlas - what it is and what it does Advice for those who want to develop and release their own tools for the community How 0xdade wound up writing and recording the hip-hop/rap song, “Red Team”
2021-05-0156 minThe Official OffSec Podcast
The Official OffSec Podcast#2. BlindHacker on the importance supporting people with disabilities in cybersecurityIn this second episode of the Official Offensive Security Podcast, hosts TJ Null and Harbinger sit down with the very talented and respected Joe (BlindHacker), where they discuss the challenges and opportunities around improving accessibility for the disabled community in Infosec. BlindHacker provides insights and perspective on how we can all help to provide more accessibility options, considerations and accommodations to people across a range of disabilities -- and why it's critical for filling the skills gap in cybersecurity going forward. 
2021-04-1351 minThe Official OffSec Podcast
The Official OffSec Podcast#1. The best ways to prepare for PWK/OSCP -- learn how from the experts!The best ways to prepare for PWK/OSCP -- learn how from the experts! In this first episode of the all-new, official Offensive Security Podcast, hear first hand from experts TJ Null, FalconSpy and Jeremy (Harbinger) share some of the latest, greatest and even lesser-known ways to prepare for the Penetration Testing with Kali (PWK, PEN-200) course in preparation for getting your OSCP certification. Real, frank talk from OffSec experts and OffSec community leaders!
2021-03-2233 minCyberSpeaksLIVE
CyberSpeaksLIVEOffensive Security OSCP Exam ReviewCyberSpeaksLIVE with Jim O'Gorman of Offensive Security (@offsectraining) and our panel of #OSCP certified experts discuss everything you need to know to prepare yourself for the exam. Our panel includes: Blind Hacker, @TheBlindHacker John Dorobek, @_zenmaster_ iansecretario, @Iansecretario_ Roger Whyte, @teckkie2k (candidate)Learn about the OffSec Giving Program: https://www.offensive-security.com/offsec/offsec-giving-program/Join the Dead Pixel Sec community: https://deadpixelsec.com/Follow the OffSec Community Lead, @TJ_Null, on TwitterConnect with NOVA region hackers: https://novahackers.com/Help support the @DianaInitiative and their events: https...
2020-08-151h 04CoalCast - Coalfire\'s Cybersecurity Podcast
CoalCast - Coalfire's Cybersecurity PodcastCoalCast #15 - The Offensive Security InterviewIn this episode of Coalcast, Offensive Security (Offsec) hackers @g0tmi1k and @_elwood_ talk about their journeys as hackers and the secrets within Offsec.  
2020-06-023h 22