podcast
details
.com
Print
Share
Look for any podcast host, guest or anyone
Search
Showing episodes and shows of
Offensive Security - SecurIT360
Shows
The Cyber Threat Perspective
(Replay) How To Defend Against Lateral Movement
In this replay, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strategies to restrict it, such as least privilege access, network segmentation, and monitoring. The podcast emphasizes the importance of understanding lateral movement and implementing comprehensive security measures to mitigate these threats.Resourceshttps://www.reddit.com/r/cybersecurity/comments/1ellylu/what_lateral_attacks_have_you...
2025-04-25
37 min
The Cyber Threat Perspective
(Replay) Tales From The Trenches
Join us for this replay of episode 78 - an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360.Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire orga...
2025-01-01
57 min
The Cyber Threat Perspective
Episode 115: How to understand and address risk w/ Robert McElroy
In this episode, we discuss the broad concept of risk, what it is, and how to manage it. This episode is a great way to begin understanding how to develop an overall risk management strategy at your organization or understand how a risk management program might work for you.You find out more about what Rob and his team can do here:https://www.securit360.com/services/managed-services-consulting/Reach him directly here: rob@securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.c...
2024-11-20
40 min
The Cyber Threat Perspective
(Replay) Vulnerability Management Deep Dive
In this replay episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2024-10-09
35 min
The Cyber Threat Perspective
Episode 108: New tales from the trenches!
In this episode, Tyler and Brad talk about various security issues found on recent penetration tests. They outline the how and why, and talk about mitigation strategies to help you beat these issues in your environment.ResourcesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks...
2024-09-18
38 min
The Cyber Threat Perspective
(Replay) DNS Security
In our "DNS Security" podcast, we delve into DNS's critical role in how the internet works, exploring its vulnerabilities and attacks like DNS spoofing, cache poisoning, and DDoS. We discuss DNSSEC and its components, including public and private keys, and examine practical solutions such as DNS and content filtering. The episode also highlights the advantages of cloud-based DNS services, like those offered by Cloudflare.Finally, we share best practices and resources for securing DNS infrastructure, addressing challenges like scalability and false positives. Join us for a concise yet comprehensive exploration of DNS security's complexities and solutions.
2024-09-04
31 min
The Cyber Threat Perspective
Episode 104: How To Get Into Cyber For First Responders
In this episode, Spencer has Sam Killingsworth on the show to talk about getting into cybersecurity, specifically penetration testing, coming from a first responder background. Sam is currently a full-time Firefighter/EMT and part-time penetration tester here at SecurIT360. Sam shares his background and experiences of learning cybersecurity and pentesting and how he has used the skills from his full-time job to help him be a better pentester.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.co...
2024-08-14
32 min
The Cyber Threat Perspective
Episode 103: Email Spoofing
In this episode, Spencer and Brad dive into the complex maze of 3rd party email providers, filtering and spoofing. Email spoofing is a technique used by cybercriminals to disguise the sender's address in an email message, making it appear as though the email originated from a different source. This can be used for a variety of malicious purposes, such as phishing attacks, fraudulent activities, or spreading malware.DMARC Rundown - Offensive Security Blog - SecurIT360“EchoSpoofing” — A Massive Phishing Campaign Exploiting...Spoof intelligence insight - Microsoft Defender for Office 365How...
2024-08-07
27 min
The Cyber Threat Perspective
Episode 102: The Global CrowdStrike Outage
In this episode, Spencer is joined by Joey Vandergrift (SecurIT360's VP of Security Operations) and Mark Brophy (SecurIT360's DFIR practice lead). Together they discuss how CrowdStrike, a leading EDR product, caused one of the largest global IT outages in history.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2024-07-31
48 min
The Cyber Threat Perspective
(Replay) How We Hack Medical Devices To Save Lives
Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented...
2024-07-17
36 min
The Cyber Threat Perspective
Episode 98: Current State of M365 Attacks: Initial Access
In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this. Topics covered: Credential Stuffing, Brute Force Attacks, Password Spraying, Prompt Bombing, Session Hijacking, Adversary-in-the-Middle (AiTM) Attacks, OAuth Phishing, Legacy Authentication Protocols, App Passwords, Conditional Access PoliciesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpov...
2024-06-26
27 min
The Cyber Threat Perspective
Episode 90: Transforming Your Security - Insights from Coaching a Collegiate Cyber Defense Team
In this episode Spencer chats with Mark Brophy (of SecurIT360) to discuss his background and experience with coaching a collegiate cyber defense team and how many of those lessons learned from defending against expert red team operators translate to securing organizations in today's modern thread landscape. Another must-listen to episode for all defenders, it admins, cisos, it directors, or anyone else in charge of managing, maintaining and/or securing computers and networks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Li...
2024-05-01
44 min
The Cyber Threat Perspective
Episode 88: Budgeting for Security: Optimizing Penetration Testing Investments
Get into the dynamic world of penetration testing with Episode 88 of The Cyber Threat Perspective. Hosts Brad and Tyler discuss how to plan for penetration testing from both a budgeting and success perspective.• How to budget for penetration testing - by evaluating risk and compliance needs.• Discussion on the ways to ensure you're getting value and quality in your penetration testing.• How to avoid pit-falls before, during and after penetration testing.• The role of communication in delivering effective pen testing services and client relationships.• How to establish a proper ca...
2024-04-17
25 min
The Cyber Threat Perspective
Episode 84: How We Hack Medical Devices to Save Lives
Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented...
2024-03-20
36 min
The Cyber Threat Perspective
Episode 78: Tales from the Trenches
Join us for an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360. Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations. Learn from a seasoned expert who has...
2024-02-07
57 min
The Cyber Threat Perspective
Episode 72: Vulnerability Management Deep Dive
In this episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-12-27
35 min
The Cyber Threat Perspective
Episode 71: A CISO's Perspective on Offensive Security Services
In this episode, Zach Sims (Information Security Officer at SecurIT360) provides valuable insights into offensive security services from the perspective of a security leader. This episode explores the significance of these services in today's digital landscape. Listeners gain a concise understanding of the CISO's role, the alignment of offensive security goals with cybersecurity strategy, and the challenges faced in implementation. The discussion also delves into how CISOs balance the need for offensive and defensive security assessments, offering a compact yet informative overview of key aspects of the world of information security.Blog: https://offsec.blog/Youtube...
2023-12-20
34 min
The Cyber Threat Perspective
Episode 70: Future Trends in Penetration Testing Part 2
This is part two of Future Trends in Pentesting. Spencer and Darrius, members of SecurIT360's offensive security team discuss up and coming techniques, tools and tactics that they see on the horizon for 2024 and beyond.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-12-13
31 min
The Cyber Threat Perspective
Episode 68: The evolution of penetration testing TTPs
In this episode of "The Cyber Threat Perspective," Tyler and Brad, members of SecurIT360's offensive security team, take us through the evolution of various penetration testing TTPs. Specifically, using the external penetration test process as an example and analyzing other processes and why/how they changed.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-11-29
18 min
The Cyber Threat Perspective
(Replay) HACKERS: How we GET IN and how to STOP US
This week we are replaying one of our earliest episodes. In this episode, Brad and Spencer discuss the THREE primary ways we gain initial access on penetration tests and how to stop us! The moral of this story is that these are attack vectors we see adversaries using day in and day out to compromise organizations. We hope this episode helps you track down and close those gaps in your own environments.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
2023-11-15
34 min
The Cyber Threat Perspective
Episode 58: How To Identify and Mitigate Insecure Windows Services
In this episode, we're talking about How To Identify and Mitigate Insecure Windows Services. This is a very common issue we see on internal pentests. So much so that day 1 of our internal pentests revolves around evaluating the security and configuration of the endpoint to identify these issues. But this is only the tip of the ice burg.https://offsec.blog/hidden-danger-how-to-identify-and-mitigate-insecure-windows-services/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Wo...
2023-09-13
30 min
The Cyber Threat Perspective
Episode 57: Find and FIX AD CS Vulnerabilities Using Locksmith with Jake and Sam
In this episode we talk all about Active Directory Certificate Services and a free tool designed to help find and fix AD CS misconfigurations called Locksmith. Jake Hildreth (Mastodon: @horse@infosec.exchange) the creator of Locksmith together with Sam Erde (Twitter: @SamErde) and myself (who are contributors to the project) chat about the inception of Locksmith and some of the awesome features, such as remediation snippets.Invoke-Locksmith today!https://github.com/TrimarcJake/LocksmithBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer...
2023-09-06
38 min
The Cyber Threat Perspective
Episode 56: Vulnerabilities & Severity - Explain It To Me Like I'm 5
In this episode, Brad and Spencer talk about how vulnerabilities are assigned severity ratings, why they are important, how they are not perfect and why you should not rely on severity ratings alone to determine risk.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-08-30
25 min
The Cyber Threat Perspective
Episode 55: What If Your EDR Doesn't Detect or Respond?
In this episode, Brad and Spencer discuss the role EDR and Antivirus plays in a modern security stack, the overreliance on EDR, and how that's a dangerous game. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-08-23
23 min
The Cyber Threat Perspective
Episode 54: Misconfigured and Dangerous Logon Scripts
In this episode we're talking about misconfigured and dangerous logon scripts. Spencer and Brad discuss 4 common examples, based on real-world engagements, of how logon scripts can be misconfigured and how they can allow for all sorts of bad things. Do you know what's hiding in your logon scripts? Read the blog post that goes along with this episode here: https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-scripts/https://github.com/techspence/ScriptSentryBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go...
2023-08-16
22 min
The Cyber Threat Perspective
Episode 53: How to Defend and Mitigate PowerShell Attacks
This episode concludes our miniseries all about PowerShell. In this episode, we're going to discuss How to Defend and Mitigate PowerShell Attacks. Definitely check out our previous episodes: How Attackers Use PowerShell, and Security Automation with PowerShell.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-08-09
28 min
The Cyber Threat Perspective
Episode 52: How to Prepare for an External Penetration Test
In this episode Spencer and Tyler discuss the most important things you must do before you have an external penetration test. Everything from understanding goals and objectives to asset management to dark web searches. Listen in as Tyler shares how the SecurIT360 external pentest process may be different from other pentests you've received in the past.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-08-02
21 min
The Cyber Threat Perspective
Episode 51: Security Automation with PowerShell
Spencer and Darrius continue their series of episodes all about PowerShell. In this episode, they discuss using PowerShell for automation and orchestration. Stay tuned for the next episode where we talk about defending against PowerShell abuse.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-07-26
36 min
The Cyber Threat Perspective
Episode 50: How Attackers Use PowerShell
In this episode Spencer and Darrius discuss how cyber adversaries harness the power of PowerShell to orchestrate their malicious activities. Stay tuned for the next episode where we talk about security automation with PowerShell.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-07-19
28 min
The Cyber Threat Perspective
Episode 49: Scoping Offensive Security Engagements
In this episode Brad and Spencer discuss the nuances around scoping offensive security engagements. Scoping an offensive security engagement involves defining boundaries, objectives, and limitations before starting. It includes objectives, rules, scope boundaries, legal considerations, timeframe, reporting, approval, and sign-off. Scoping is important for clarity, risk management, compliance, stakeholder involvement, and setting expectations.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-07-12
27 min
The Cyber Threat Perspective
Episode 48: Authentication done right!
In this episode, Brad and Darrius talk about Authentication and what issues they routinely see while performing penetration tests. They walk about MFA, Passwords, Conditional Access, and other solutions that, done right, will improve your external security posture.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-07-05
22 min
The Cyber Threat Perspective
Episode 47: How to Sharpen your Sword as a Pentester
In this episode Spencer, Darrius and Tyler get together for a round-table discussion on sharpening your sword as a pentester. They discuss what they do to keep improving, upping their skill and honing their craft. Spoiler, it's not just the technical aspects of pentesting that are important to work on.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-06-28
26 min
The Cyber Threat Perspective
Episode 46: Reducing Active Directory Security Risks from a Hackers Perspective
In this episode Spencer and Darrius discuss and explore Active Directory security risks from a hacker's point of view. They discuss various techniques and tools that attackers use to attack Active Directory and how you can reduce your organization's risk by finding these vulnerabilities and misconfigurations and fixing them.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-06-21
36 min
The Cyber Threat Perspective
Episode 45: Our Most Common External Pen Test Findings
In this episode, Tyler and Brad talk about the most common external penetration test findings. We see these findings over and over again and want you to know what to do about them and how they may impact you. Check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-06-14
21 min
The Cyber Threat Perspective
Episode 44: Should penetration testers know how to code?
In this episode, Darrius and Brad talk about the need for coding skills in the offensive security world. There's some fun with regard to which languages are important too. Check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-06-07
19 min
The Cyber Threat Perspective
Episode 43: Hacking for Good - Insights and Inspiration with John Hammond
In this episode John Hammond joins us on the show! We talk about John's background and how he got interested in computers, how he approaches learning a new topic, if you have to create content to grow your career and so much more. There's a whole lot of fun and smiles and joy in this episode, check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.co...
2023-05-31
31 min
The Cyber Threat Perspective
Episode 42: OSINT - What You Don't Know Can Hurt You
OSINT - Open Source Intelligence: is the process of collecting and analyzing publicly available information in order to achieve some goal or facilitate some kind of action. OSINT can and is used for all sorts of things and it's applicable to virtually every industry. OSINT like many other things, can be used for good and it can be used for evil. But it's what you don't know about OSINT that can really hurt you...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer...
2023-05-24
34 min
The Cyber Threat Perspective
Episode 41: Security Assessment vs Pentest Which is More Impactful and Why
In this episode Brad, Spencer and Tyler discuss the major differences and pros and cons of Security Assessments and Penetration Tests. In the end they are both very different types of assessments and require different skill sets to perform. If you're in charge of IT or Security at your organization, this is a must-listen episode!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-05-17
36 min
The Cyber Threat Perspective
Episode 40: How Attackers Target Law Firms and How To Detect & Prevent It
It's no secret law firms have become prime targets for attackers due to the sensitive information they handle and the clients they do business with. In this episode Brad and Spencer discuss common tactics used by attackers to breach law firms' defenses and provide practical tips on how to detect and prevent these types of attacks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-05-10
31 min
The Cyber Threat Perspective
Episode 39: Pentesting Certifications Tier List Part 2
This is part 2 of a 2 part series where Spencer, Darrius and Tyler talk about pentesting certifications and where they fall on a tier list. For those unfamiliar, we're ranking the popular pentesting certifications from best to worst. This is a must listen/watch episode, check it out and be sure to let us know in the comments what YOU think of these certifications and if we had any bad takes!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go...
2023-05-03
1h 06
The Cyber Threat Perspective
Episode 38: Pentesting Certifications Tier List Part 1
This is part 1 of a 2 part series where Spencer, Darrius and Tyler talk about pentesting certifications and where they fall on a tier list. For those unfamiliar, we're ranking the popular pentesting certifications from best to worst. This is a must listen/watch episode, check it out and be sure to let us know in the comments what YOU think of these certifications and if we had any bad takes!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go...
2023-04-26
30 min
The Cyber Threat Perspective
Episode 37: Offensive Security Testing Part 5 - Wireless Pentesting
In this episode Brad and Darrius continue the Offensive Security Testing series and discuss Wireless Penetration Testing. Wireless Pentesting is often overlooked, but could be the blind spot that allows an attacker onto your network. Listen to this episode for key insights and considerations related to wireless networks and pentesting.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-04-19
32 min
The Cyber Threat Perspective
Episode 36: Pentest vs Purple Team vs Red Team
In this episode Brad and Spencer discuss the differences between a Penetration Test, Purple Team Exercise and a Red Team Engagement. The goal of this episode is to help educate and inform on the differences between a pentest, a purple team and a red team, what the goals of each may be, and how they help an organization improve security and resilience.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us...
2023-04-12
35 min
The Cyber Threat Perspective
Episode 35: Getting Into Pentesting Without an IT Background
In this episode, Spencer and Tyler discuss Tyler's journey from working at Home Depot to getting a job as a Penetration Tester. They also share first-hand advice for those that are looking to break into this exciting field.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-04-05
42 min
The Cyber Threat Perspective
Episode 34: The State of Web Application Penetration Testing
In this episode, Darrius and Brad look at the current state of web application penetration testing, why it is how it is, and what you can do if you want to break into the field. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: htt...
2023-03-29
25 min
The Cyber Threat Perspective
Episode 33: Reflections on Privacy Law and Privacy Issues
In this episode, Brad and Darrius talk about some of the buzz around recent changes in privacy regulation/law and how it may impact other market verticals such as banking, law firms, and retail. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://sec...
2023-03-22
24 min
The Cyber Threat Perspective
Episode 32: Our Favorite Pentesting Tools: PingCastle
In this episode Spencer shares his affinity for PingCastle. If you are in IT, if you're a sysadmin or network admin or have any kind of responsibility for the security of your environment. I encourage you to have a look at PingCastle. Not only can it be used to find VERY severe vulnerabilities, but you can use it to track progress over time and show leadership you're doing the work. We also talk about some of my favorite ways to use this tool on penetration tests. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpov
2023-03-15
32 min
The Cyber Threat Perspective
Episode 31: Pentesting War Stories
In this episode Brad and Spencer discuss some of the more, interesting, pentest engagements they've been on. The goal of this episode is to reflect on some of the significant vulnerabilities and "cool" attacks we've performed on pentests, yes, but it's also an important reminder that if we don't remember history we are bound to repeat it. Yes we are total nerds and no we're not going to apologize for that ;)Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: ht...
2023-03-08
34 min
The Cyber Threat Perspective
Episode 30: LastPass DataBreach Updates
In this episode, Brad and Spencer discuss the newly released information surrounded the 2022 LastPass data breach. They discuss potential controls that may have prevented the incident and recommendations for protecting your own organization against this kind of threat.https://support.lastpass.com/download/lastpass-blog-securityhttps://support.lastpass.com/help/what-data-was-accessedBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
2023-03-01
31 min
The Cyber Threat Perspective
Episode 29: Critical Vulnerabilities You WON’T Find Using Nessus
In this episode Brad and Spencer vulnerabilities that are not detected by vulnerability scanning tools such as Nessus and explored several methods that can be used to identify them. While vulnerability scanning is important and effective at identifying known vulnerabilities, they are not so good at detecting unknown or complex vulnerabilities. To address this gap, we discussed several complementary methods that can be used, such as penetration testing, red teaming, fuzzing, and source code review, to identify vulnerabilities and weaknesses that may not be apparent from a vulnerability scan. By incorporating these additional methods into a comprehensive security testing...
2023-02-22
32 min