Shows
The Cyber Threat Perspective(Replay) How To Defend Against Lateral MovementIn this replay, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strategies to restrict it, such as least privilege access, network segmentation, and monitoring. The podcast emphasizes the importance of understanding lateral movement and implementing comprehensive security measures to mitigate these threats.Resourceshttps://www.reddit.com/r/cybersecurity/comments/1ellylu/what_lateral_attacks_have_you...2025-04-2537 minThe Cyber Threat Perspective(Replay) Tales From The TrenchesJoin us for this replay of episode 78 - an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360.Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire orga...2025-01-0157 minThe Cyber Threat PerspectiveEpisode 115: How to understand and address risk w/ Robert McElroyIn this episode, we discuss the broad concept of risk, what it is, and how to manage it. This episode is a great way to begin understanding how to develop an overall risk management strategy at your organization or understand how a risk management program might work for you.You find out more about what Rob and his team can do here:https://www.securit360.com/services/managed-services-consulting/Reach him directly here: rob@securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.c...2024-11-2040 minThe Cyber Threat Perspective(Replay) Vulnerability Management Deep DiveIn this replay episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2024-10-0935 minThe Cyber Threat PerspectiveEpisode 108: New tales from the trenches!In this episode, Tyler and Brad talk about various security issues found on recent penetration tests. They outline the how and why, and talk about mitigation strategies to help you beat these issues in your environment.ResourcesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks...2024-09-1838 minThe Cyber Threat Perspective(Replay) DNS SecurityIn our "DNS Security" podcast, we delve into DNS's critical role in how the internet works, exploring its vulnerabilities and attacks like DNS spoofing, cache poisoning, and DDoS. We discuss DNSSEC and its components, including public and private keys, and examine practical solutions such as DNS and content filtering. The episode also highlights the advantages of cloud-based DNS services, like those offered by Cloudflare.Finally, we share best practices and resources for securing DNS infrastructure, addressing challenges like scalability and false positives. Join us for a concise yet comprehensive exploration of DNS security's complexities and solutions.2024-09-0431 minThe Cyber Threat PerspectiveEpisode 104: How To Get Into Cyber For First RespondersIn this episode, Spencer has Sam Killingsworth on the show to talk about getting into cybersecurity, specifically penetration testing, coming from a first responder background. Sam is currently a full-time Firefighter/EMT and part-time penetration tester here at SecurIT360. Sam shares his background and experiences of learning cybersecurity and pentesting and how he has used the skills from his full-time job to help him be a better pentester.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.co...2024-08-1432 minThe Cyber Threat PerspectiveEpisode 103: Email SpoofingIn this episode, Spencer and Brad dive into the complex maze of 3rd party email providers, filtering and spoofing. Email spoofing is a technique used by cybercriminals to disguise the sender's address in an email message, making it appear as though the email originated from a different source. This can be used for a variety of malicious purposes, such as phishing attacks, fraudulent activities, or spreading malware.DMARC Rundown - Offensive Security Blog - SecurIT360“EchoSpoofing” — A Massive Phishing Campaign Exploiting...Spoof intelligence insight - Microsoft Defender for Office 365How...2024-08-0727 minThe Cyber Threat PerspectiveEpisode 102: The Global CrowdStrike OutageIn this episode, Spencer is joined by Joey Vandergrift (SecurIT360's VP of Security Operations) and Mark Brophy (SecurIT360's DFIR practice lead). Together they discuss how CrowdStrike, a leading EDR product, caused one of the largest global IT outages in history.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2024-07-3148 minThe Cyber Threat Perspective(Replay) How We Hack Medical Devices To Save LivesDiscover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented...2024-07-1736 minThe Cyber Threat PerspectiveEpisode 98: Current State of M365 Attacks: Initial AccessIn this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this. Topics covered: Credential Stuffing, Brute Force Attacks, Password Spraying, Prompt Bombing, Session Hijacking, Adversary-in-the-Middle (AiTM) Attacks, OAuth Phishing, Legacy Authentication Protocols, App Passwords, Conditional Access PoliciesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpov...2024-06-2627 minThe Cyber Threat PerspectiveEpisode 90: Transforming Your Security - Insights from Coaching a Collegiate Cyber Defense TeamIn this episode Spencer chats with Mark Brophy (of SecurIT360) to discuss his background and experience with coaching a collegiate cyber defense team and how many of those lessons learned from defending against expert red team operators translate to securing organizations in today's modern thread landscape. Another must-listen to episode for all defenders, it admins, cisos, it directors, or anyone else in charge of managing, maintaining and/or securing computers and networks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Li...2024-05-0144 minThe Cyber Threat PerspectiveEpisode 88: Budgeting for Security: Optimizing Penetration Testing InvestmentsGet into the dynamic world of penetration testing with Episode 88 of The Cyber Threat Perspective. Hosts Brad and Tyler discuss how to plan for penetration testing from both a budgeting and success perspective.• How to budget for penetration testing - by evaluating risk and compliance needs.• Discussion on the ways to ensure you're getting value and quality in your penetration testing.• How to avoid pit-falls before, during and after penetration testing.• The role of communication in delivering effective pen testing services and client relationships.• How to establish a proper ca...2024-04-1725 minThe Cyber Threat PerspectiveEpisode 84: How We Hack Medical Devices to Save LivesDiscover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented...2024-03-2036 minThe Cyber Threat PerspectiveEpisode 78: Tales from the TrenchesJoin us for an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360. Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations. Learn from a seasoned expert who has...2024-02-0757 minThe Cyber Threat PerspectiveEpisode 72: Vulnerability Management Deep DiveIn this episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-12-2735 minThe Cyber Threat PerspectiveEpisode 71: A CISO's Perspective on Offensive Security ServicesIn this episode, Zach Sims (Information Security Officer at SecurIT360) provides valuable insights into offensive security services from the perspective of a security leader. This episode explores the significance of these services in today's digital landscape. Listeners gain a concise understanding of the CISO's role, the alignment of offensive security goals with cybersecurity strategy, and the challenges faced in implementation. The discussion also delves into how CISOs balance the need for offensive and defensive security assessments, offering a compact yet informative overview of key aspects of the world of information security.Blog: https://offsec.blog/Youtube...2023-12-2034 minThe Cyber Threat PerspectiveEpisode 70: Future Trends in Penetration Testing Part 2This is part two of Future Trends in Pentesting. Spencer and Darrius, members of SecurIT360's offensive security team discuss up and coming techniques, tools and tactics that they see on the horizon for 2024 and beyond.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-12-1331 minThe Cyber Threat PerspectiveEpisode 68: The evolution of penetration testing TTPsIn this episode of "The Cyber Threat Perspective," Tyler and Brad, members of SecurIT360's offensive security team, take us through the evolution of various penetration testing TTPs. Specifically, using the external penetration test process as an example and analyzing other processes and why/how they changed.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-11-2918 minThe Cyber Threat Perspective(Replay) HACKERS: How we GET IN and how to STOP USThis week we are replaying one of our earliest episodes. In this episode, Brad and Spencer discuss the THREE primary ways we gain initial access on penetration tests and how to stop us! The moral of this story is that these are attack vectors we see adversaries using day in and day out to compromise organizations. We hope this episode helps you track down and close those gaps in your own environments.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com2023-11-1534 minThe Cyber Threat PerspectiveEpisode 58: How To Identify and Mitigate Insecure Windows ServicesIn this episode, we're talking about How To Identify and Mitigate Insecure Windows Services. This is a very common issue we see on internal pentests. So much so that day 1 of our internal pentests revolves around evaluating the security and configuration of the endpoint to identify these issues. But this is only the tip of the ice burg.https://offsec.blog/hidden-danger-how-to-identify-and-mitigate-insecure-windows-services/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Wo...2023-09-1330 minThe Cyber Threat PerspectiveEpisode 57: Find and FIX AD CS Vulnerabilities Using Locksmith with Jake and SamIn this episode we talk all about Active Directory Certificate Services and a free tool designed to help find and fix AD CS misconfigurations called Locksmith. Jake Hildreth (Mastodon: @horse@infosec.exchange) the creator of Locksmith together with Sam Erde (Twitter: @SamErde) and myself (who are contributors to the project) chat about the inception of Locksmith and some of the awesome features, such as remediation snippets.Invoke-Locksmith today!https://github.com/TrimarcJake/LocksmithBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer...2023-09-0638 minThe Cyber Threat PerspectiveEpisode 56: Vulnerabilities & Severity - Explain It To Me Like I'm 5In this episode, Brad and Spencer talk about how vulnerabilities are assigned severity ratings, why they are important, how they are not perfect and why you should not rely on severity ratings alone to determine risk.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-08-3025 minThe Cyber Threat PerspectiveEpisode 55: What If Your EDR Doesn't Detect or Respond?In this episode, Brad and Spencer discuss the role EDR and Antivirus plays in a modern security stack, the overreliance on EDR, and how that's a dangerous game. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-08-2323 minThe Cyber Threat PerspectiveEpisode 54: Misconfigured and Dangerous Logon ScriptsIn this episode we're talking about misconfigured and dangerous logon scripts. Spencer and Brad discuss 4 common examples, based on real-world engagements, of how logon scripts can be misconfigured and how they can allow for all sorts of bad things. Do you know what's hiding in your logon scripts? Read the blog post that goes along with this episode here: https://offsec.blog/hidden-menace-how-to-identify-misconfigured-and-dangerous-logon-scripts/https://github.com/techspence/ScriptSentryBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://cli...2023-08-1622 minThe Cyber Threat PerspectiveEpisode 53: How to Defend and Mitigate PowerShell AttacksThis episode concludes our miniseries all about PowerShell. In this episode, we're going to discuss How to Defend and Mitigate PowerShell Attacks. Definitely check out our previous episodes: How Attackers Use PowerShell, and Security Automation with PowerShell.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-08-0928 minThe Cyber Threat PerspectiveEpisode 52: How to Prepare for an External Penetration TestIn this episode Spencer and Tyler discuss the most important things you must do before you have an external penetration test. Everything from understanding goals and objectives to asset management to dark web searches. Listen in as Tyler shares how the SecurIT360 external pentest process may be different from other pentests you've received in the past.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-08-0221 minThe Cyber Threat PerspectiveEpisode 51: Security Automation with PowerShellSpencer and Darrius continue their series of episodes all about PowerShell. In this episode, they discuss using PowerShell for automation and orchestration. Stay tuned for the next episode where we talk about defending against PowerShell abuse.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-07-2636 minThe Cyber Threat PerspectiveEpisode 50: How Attackers Use PowerShellIn this episode Spencer and Darrius discuss how cyber adversaries harness the power of PowerShell to orchestrate their malicious activities. Stay tuned for the next episode where we talk about security automation with PowerShell.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-07-1928 minThe Cyber Threat PerspectiveEpisode 49: Scoping Offensive Security EngagementsIn this episode Brad and Spencer discuss the nuances around scoping offensive security engagements. Scoping an offensive security engagement involves defining boundaries, objectives, and limitations before starting. It includes objectives, rules, scope boundaries, legal considerations, timeframe, reporting, approval, and sign-off. Scoping is important for clarity, risk management, compliance, stakeholder involvement, and setting expectations.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-07-1227 minThe Cyber Threat PerspectiveEpisode 48: Authentication done right!In this episode, Brad and Darrius talk about Authentication and what issues they routinely see while performing penetration tests. They walk about MFA, Passwords, Conditional Access, and other solutions that, done right, will improve your external security posture.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-07-0522 minThe Cyber Threat PerspectiveEpisode 47: How to Sharpen your Sword as a PentesterIn this episode Spencer, Darrius and Tyler get together for a round-table discussion on sharpening your sword as a pentester. They discuss what they do to keep improving, upping their skill and honing their craft. Spoiler, it's not just the technical aspects of pentesting that are important to work on.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-06-2826 minThe Cyber Threat PerspectiveEpisode 46: Reducing Active Directory Security Risks from a Hackers PerspectiveIn this episode Spencer and Darrius discuss and explore Active Directory security risks from a hacker's point of view. They discuss various techniques and tools that attackers use to attack Active Directory and how you can reduce your organization's risk by finding these vulnerabilities and misconfigurations and fixing them.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-06-2136 minThe Cyber Threat PerspectiveEpisode 45: Our Most Common External Pen Test FindingsIn this episode, Tyler and Brad talk about the most common external penetration test findings. We see these findings over and over again and want you to know what to do about them and how they may impact you. Check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-06-1421 minThe Cyber Threat PerspectiveEpisode 44: Should penetration testers know how to code?In this episode, Darrius and Brad talk about the need for coding skills in the offensive security world. There's some fun with regard to which languages are important too. Check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-06-0719 minThe Cyber Threat PerspectiveEpisode 43: Hacking for Good - Insights and Inspiration with John HammondIn this episode John Hammond joins us on the show! We talk about John's background and how he got interested in computers, how he approaches learning a new topic, if you have to create content to grow your career and so much more. There's a whole lot of fun and smiles and joy in this episode, check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.co...2023-05-3131 minThe Cyber Threat PerspectiveEpisode 42: OSINT - What You Don't Know Can Hurt YouOSINT - Open Source Intelligence: is the process of collecting and analyzing publicly available information in order to achieve some goal or facilitate some kind of action. OSINT can and is used for all sorts of things and it's applicable to virtually every industry. OSINT like many other things, can be used for good and it can be used for evil. But it's what you don't know about OSINT that can really hurt you...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer...2023-05-2434 minThe Cyber Threat PerspectiveEpisode 41: Security Assessment vs Pentest Which is More Impactful and WhyIn this episode Brad, Spencer and Tyler discuss the major differences and pros and cons of Security Assessments and Penetration Tests. In the end they are both very different types of assessments and require different skill sets to perform. If you're in charge of IT or Security at your organization, this is a must-listen episode!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-05-1736 minThe Cyber Threat PerspectiveEpisode 40: How Attackers Target Law Firms and How To Detect & Prevent ItIt's no secret law firms have become prime targets for attackers due to the sensitive information they handle and the clients they do business with. In this episode Brad and Spencer discuss common tactics used by attackers to breach law firms' defenses and provide practical tips on how to detect and prevent these types of attacks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-05-1031 minThe Cyber Threat PerspectiveEpisode 39: Pentesting Certifications Tier List Part 2This is part 2 of a 2 part series where Spencer, Darrius and Tyler talk about pentesting certifications and where they fall on a tier list. For those unfamiliar, we're ranking the popular pentesting certifications from best to worst. This is a must listen/watch episode, check it out and be sure to let us know in the comments what YOU think of these certifications and if we had any bad takes!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://cl...2023-05-031h 06The Cyber Threat PerspectiveEpisode 38: Pentesting Certifications Tier List Part 1This is part 1 of a 2 part series where Spencer, Darrius and Tyler talk about pentesting certifications and where they fall on a tier list. For those unfamiliar, we're ranking the popular pentesting certifications from best to worst. This is a must listen/watch episode, check it out and be sure to let us know in the comments what YOU think of these certifications and if we had any bad takes!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://cl...2023-04-2630 minThe Cyber Threat PerspectiveEpisode 37: Offensive Security Testing Part 5 - Wireless PentestingIn this episode Brad and Darrius continue the Offensive Security Testing series and discuss Wireless Penetration Testing. Wireless Pentesting is often overlooked, but could be the blind spot that allows an attacker onto your network. Listen to this episode for key insights and considerations related to wireless networks and pentesting.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-04-1932 minThe Cyber Threat PerspectiveEpisode 36: Pentest vs Purple Team vs Red TeamIn this episode Brad and Spencer discuss the differences between a Penetration Test, Purple Team Exercise and a Red Team Engagement. The goal of this episode is to help educate and inform on the differences between a pentest, a purple team and a red team, what the goals of each may be, and how they help an organization improve security and resilience.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us...2023-04-1235 minThe Cyber Threat PerspectiveEpisode 35: Getting Into Pentesting Without an IT BackgroundIn this episode, Spencer and Tyler discuss Tyler's journey from working at Home Depot to getting a job as a Penetration Tester. They also share first-hand advice for those that are looking to break into this exciting field.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-04-0542 minThe Cyber Threat PerspectiveEpisode 34: The State of Web Application Penetration TestingIn this episode, Darrius and Brad look at the current state of web application penetration testing, why it is how it is, and what you can do if you want to break into the field. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: htt...2023-03-2925 minThe Cyber Threat PerspectiveEpisode 33: Reflections on Privacy Law and Privacy IssuesIn this episode, Brad and Darrius talk about some of the buzz around recent changes in privacy regulation/law and how it may impact other market verticals such as banking, law firms, and retail. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://sec...2023-03-2224 minThe Cyber Threat PerspectiveEpisode 32: Our Favorite Pentesting Tools: PingCastleIn this episode Spencer shares his affinity for PingCastle. If you are in IT, if you're a sysadmin or network admin or have any kind of responsibility for the security of your environment. I encourage you to have a look at PingCastle. Not only can it be used to find VERY severe vulnerabilities, but you can use it to track progress over time and show leadership you're doing the work. We also talk about some of my favorite ways to use this tool on penetration tests. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpov2023-03-1532 minThe Cyber Threat PerspectiveEpisode 31: Pentesting War StoriesIn this episode Brad and Spencer discuss some of the more, interesting, pentest engagements they've been on. The goal of this episode is to reflect on some of the significant vulnerabilities and "cool" attacks we've performed on pentests, yes, but it's also an important reminder that if we don't remember history we are bound to repeat it. Yes we are total nerds and no we're not going to apologize for that ;)Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: ht...2023-03-0834 minThe Cyber Threat PerspectiveEpisode 30: LastPass DataBreach UpdatesIn this episode, Brad and Spencer discuss the newly released information surrounded the 2022 LastPass data breach. They discuss potential controls that may have prevented the incident and recommendations for protecting your own organization against this kind of threat.https://support.lastpass.com/download/lastpass-blog-securityhttps://support.lastpass.com/help/what-data-was-accessedBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com2023-03-0131 minThe Cyber Threat PerspectiveEpisode 29: Critical Vulnerabilities You WON’T Find Using NessusIn this episode Brad and Spencer vulnerabilities that are not detected by vulnerability scanning tools such as Nessus and explored several methods that can be used to identify them. While vulnerability scanning is important and effective at identifying known vulnerabilities, they are not so good at detecting unknown or complex vulnerabilities. To address this gap, we discussed several complementary methods that can be used, such as penetration testing, red teaming, fuzzing, and source code review, to identify vulnerabilities and weaknesses that may not be apparent from a vulnerability scan. By incorporating these additional methods into a comprehensive security testing...2023-02-2232 min