The Cyber Threat Perspective

In Episode 177 of the Cyber Threat Perspective podcast, host Brad Causey and virtual CISO Daniel Perkins take a clear-eyed look at Claude Mythos — Anthropic's AI model that's generating serious buzz in the cybersecurity world for its ability to analyze source code, identify vulnerabilities at scale, build working exploits, and surface flaws that have sat undetected for decades.The cybersecurity community is reacting. Brad and Daniel think a more measured response is warranted.This episode breaks down what Mythos actually is, what it actually did, and what it actually means for your security program — without the hype or the hand-waving.Topics covered include:What Mythos really is — a purpose-built code analysis model, not a hacker-in-a-box or AI overlord, and why that distinction mattersThe BSD vulnerability reality check — it cost $20,000 to find a 20-year-old DOS flaw in software almost nobody uses, and what that tells us about the real-world economics of AI-driven vulnerability discoverySpeed, not net-new — why Mythos hasn't introduced anything fundamentally new to the threat landscape, just compressed the timeline dramaticallyVulnerability chaining — how Mythos could change triage by identifying how low and medium severity CVEs combine into critical attack pathsThe vibe coding problem — why organizations that have never written code before are now writing a lot of it, and why that's where Mythos becomes genuinely importantWhat this means for pen testing — why AI finding code flaws doesn't replace the human-driven validation of security programs, business logic testing, and misconfiguration discoveryThe shift to continuous vulnerability management — why monthly or quarterly scanning cycles won't be sufficient once Mythos capabilities proliferate, and how to make the move to continuous without going big bangThe Mythos-Ready framework — a look at the CSA guidance document, what's useful, what needs to be scaled to your organization, and why inventory and attack surface should come before governance for most teamsSupply chain and third-party risk — how Mythos changes the questions you should be asking your software vendorsThe bottom line from Brad and Daniel: be responsive, not reactive. Tighten your patching SLAs, understand your attack surface, document your decisions, and execute the fundamentals well. The organizations that do that won't be caught flat-footed when this becomes mainstream.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In Episode 176 of the Cyber Threat Perspective podcast, Brad and Spencer break down some of the most repeated cybersecurity best practices in the industry and explain why, despite sounding solid on paper, they consistently fall short in real IT environments.This isn't about dismissing good security principles. It's about closing the gap between advice that looks great in a framework and controls that actually hold up against how attackers operate.Topics covered include:"Just enable MFA everywhere" — why focusing only on RDP leaves SMB, WinRM, service accounts, and legacy protocols wide open"EDR will catch it" — the danger of over-relying on a single control, including a little-known CrowdStrike behavior where it self-disables on domain controllers at 90% resource utilization — often completely unnoticed"Patch everything immediately" — why blind speed creates its own operational risk, and how to build a prioritized, high-risk patching process that actually works"Least privilege everywhere" — why removing permissions without providing alternatives drives workarounds, shared accounts, and exceptions that undo the whole point"Follow the framework and you're secure" — why compliance is a starting point, not a finish line, and what most standards actually require vs. what actually reduces riskFocusing on attack paths over checklists — why thinking like an attacker leads to better security decisions than ticking boxesBrad and Spencer close with what actually works: context-driven decisions, management buy-in, clear communication when making sweeping changes, and validating every control through internal penetration testing. As Spencer notes, most clients don't have full confidence in their EDR and SOC after a pentest — and that's exactly why trust but verify matters.Also mentioned: Spencer and Brad's upcoming Tools of the Trade workshop at the ILTA Evolve conference in Denver.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In Episode 175, Spencer and Tyler break down NetTools — a free, self-contained Active Directory management and troubleshooting tool that's become a go-to for their internal penetration testing engagements.They start with the backstory: years of relying on AD Explorer from Microsoft Sysinternals, and the growing need to evade EDR detections. At one point, that meant manually obfuscating binaries with a hex editor. NetTools eliminates that friction entirely — no installation, no dependencies, no signatures to fight.Topics covered include:Why NetTools replaced AD Explorer and how EDR pressure forced the shiftGroup Policy enumeration, including how to spot dangerous GPO permissions like authenticated users with write access to server OUsLDAP Search & Browser for querying AD, identifying risky data (like passwords in descriptions), and exploring object relationshipsAssigned Trustees & Permissions Reporter for fast, visual identification of misconfigurationsHow to run NetTools from non-domain-joined machines using saved credential profilesPassword checker functionality for targeted validation without spraying the environmentFor pentesters, it's a faster way to get visibility into AD risk. For IT admins, it's a practical way to audit and harden your environment.NetTools combines the functionality of multiple tools into one portable utility. Learn more at nettools.net. Credit to creator Gary Reynolds.NetTools | The Swiss army knife of AD troubleshootingBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In Episode 174, host Brad Causey is joined by guest Jordan Natter for a practical, tool-focused conversation on web application penetration testing. Together they break down the essential tools and Burp Suite Pro extensions that make up a modern web app pen testing toolkit.Topics covered include:Burp Suite Pro vs. OWASP ZAP — comparing capabilities, extensions, and use casesCSP Auditor — identifying unsafe Content Security Policy directivesJSON Web Token (JWT) extension — surfacing and tampering with JWTs in HTTP historyRetire.js — flagging outdated JavaScript libraries with known vulnerabilitiesCyberChef & JWT.io — encoding, decoding, and debugging tokensPostman & Swagger — API testing and documentation workflowsSQLMap — powerful SQL injection discovery (and why you should never run it in production)Proxy Forge — evading cloud-based WAFs and testing geo-blockingGraphQL Hunter — enumerating and testing GraphQL instancesHave a tool or extension you swear by? Drop it in the comments — Brad and Jordan want to hear from you!---Burp Suite is an integrated platform for attacking web applications. http://portswigger.net/burp/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

How do you find insecure permissions in Active Directory before they turn into attack paths?In this episode, we take a practical look at how to identify insecure Active Directory permissions using ADeleg, a free security tool trusted by penetration testers.Misconfigured delegation and overly permissive access rights are a common source of risk in Active Directory environments. These gaps can create hidden attack paths—but many teams don't know where to look or how to interpret what they're seeing.In this episode, we cover:How to identify insecure permissions in Active DirectoryWhat to look for in high-risk users and groups like Domain Users, Everyone, and Authenticated UsersHow these misconfigurations translate into real-world attack pathsHow to use ADeleg to analyze delegated permissions and uncover hidden riskWe also include a reference to ADeleginator, a related tool that can help automate parts of this process using PowerShell. While this episode focuses on hands-on analysis with ADeleg, ADeleginator is a useful companion for scaling this work.Tools referenced:ADeleg: https://github.com/mtth-bfft/adelegBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Hey folks! Greetings from the Offensive Security group at SecurIT360. Brad & Spencer are on this episode of The Cyber Threat Perspective to break down The Biggest Security Blind Spots in Mid-Size Companies.In this episode, we expose the most common (and dangerous) gaps that leave mid-sized organizations wide open: poor asset inventory, flat networks, flat identities, overconfidence in security tools, credential reuse, and the emerging risks with AI.If any of these hit home, go to offsec.blog/pentesting, fill out the form on our website, and see if we're a fit for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Pentesting is quickly evolving with the integration of AI, fundamentally changing how cybersecurity professionals approach their work. In this episode, Spencer and Brad discuss the real shifts they're seeing in the industry and what the future may look like.The pivotal changes in AI that have impacted pentesting over the past yearThe emergence of agents, orchestration, and single-pane-of-glass platforms for streamlined operationsHow AI is enabling rapid tool creation, customization, and administrative efficiencyThe effect of AI on skillsets, closing the gap between junior and senior pentestersWhy human expertise remains irreplaceable despite advancements in AI-driven toolsTune in to hear straight-forward perspectives on the future of pentesting and actionable insights for professionals looking to stay ahead.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we break down the biggest insights from the CrowdStrike 2026 Global Threat Report and what they actually mean for IT leaders, security teams, and executives. From attackers abusing trusted identities and bypassing security tools to exploiting edge infrastructure and leveraging AI to move faster than ever, the modern threat landscape is shifting in ways many organizations aren't prepared for.https://www.crowdstrike.com/en-us/global-threat-report/https://mhaggis.github.io/ClickGrab/Episode 164: Offensive Security in the Age of AI - What Has...Episode 155: How We Use AI Offensively - Offensive Security Blog - SecurIT360Episode 146: What Are The Security Implications of AI -...Episode 144: How Cyber Threat Actors Are Using AI -...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we're digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers are increasingly abusing the browser as their initial foothold. We'll break down how these extensions work, why they're so dangerous, and what IT leaders can realistically do about it.Check out these resources:Annex - Enterprise Software Extension Security & Managementhttps://crxaminer.tech/https://x.com/tucknerhttps://x.com/IceSolstBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Brad and Jordan talk bout web app pen testing, why you might need it, and why other forms of app sec might not be good enough.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

You've got Tyler & Brad and In this episode, we break down the early versions of Transport Layer Security (TLS) — TLS 1.0 and TLS 1.1 — and explain why these once-standard encryption protocols are now considered insecure. We'll cover when they were released, how modern attacks and cryptographic weaknesses caught up with them, and why today's internet relies on newer, more secure protocols like TLS 1.2 and TLS 1.3.We'll also discuss how even “secure” protocols can become vulnerable when weak ciphers are enabled, using Sweet32 as a real-world example of cipher-level risk.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we explore why many organizations invest in penetration testing yet see little improvement in their actual security posture. We discuss the common pitfalls of treating pentests as one-time events, how attackers operate very differently from scoped assessments, and why remediation—not the report—is what determines real safety. If you've ever wondered why “passing” a pentest didn't translate into stronger defenses, this episode is for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, Brad and Jordan talk about API pen testing, how it works, and what you can expect if you want to procure one. They discuss pitfalls, common findings, and ways to streamline the process. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we take a step back from the AI hype and focus on what has actually changed in offensive security. AI isn't replacing attackers or inventing brand-new techniques, but it is dramatically reducing friction across the attack lifecycle. We break down the myths, explain where AI is already impacting real-world attacks, and walk through how defenders need to adapt if they want to keep up.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we dissect the dangerous trend of organizations ceding control of their security strategy to vendors, exploring the pitfalls of vendor lock-in, overspending, and the illusion of comprehensive protection. We'll provide actionable steps to reclaim your security posture and build an independent strategy tailored to your specific needs.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, Brad and Spencer from SecurIT360's Offensive Security group delve into the crucial reconnaissance phase attackers undertake before launching an attack. They discuss the real-world impact of seemingly harmless data leaks, how attackers chain them together to build a profile of your organization, and common misconceptions about what data is truly "sensitive" from an external attacker's perspective. Learn how organizations can realistically assess their external attack surface beyond automated scanning and discover creative OSINT techniques defenders can use to mimic attacker reconnaissance.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Spencer discuss the rapid technology shift that's happening in cybersecurity, hybrid pentesting models and the overall evolution of pen testing as we head into 2026.Need a pentest before the end of the year?Learn how here...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we're discussing the pros and mostly the cons of notifying your SOC/MSSP before your penetration test. Spencer and Brad delve into the details of why it matters and share their experience from hundreds of penetration tests. Get your 2025 External Pentest done before time runs out! https://www.securit360.com/external-penetration-testing-services-sa/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we're sharing practical, no-fluff advice for getting into cybersecurity, whether you're switching careers, just starting out, or leveling up your IT skills. We'll cover what actually matters to employers, what to avoid, and the fastest paths into the industry. If you're looking for a clear roadmap into cybersecurity, this episode is for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Jordan sit down to discuss how she was caught and reported on a penetration test engagement. We deep dive into the details and why it's a net positive. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Jordan sit down to discuss common web application security findings we've seen this year.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Spencer and Tyler discuss post-exploitation tactics that still work in 2025. The guys discuss everything from credential access techniques to defense evasion, lateral movement and even exfiltration.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we're taking a deep dive into how the Offensive Security group at SecurIT360 is strategically leveraging and utilizing artificial intelligence technologies in offensive security operations. We'll explore the innovative ways this team is harnessing the power of AI to enhance their penetration testing capabilities, automate security assessments, and identify vulnerabilities more efficiently.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

This episode is all about pentesting on a budget for IT Admins. This episode is inspired by the PDQ Live stream held on October 23rd, 2025, where Spencer shared tips, tactics, tools and advice for IT admins wanting to better defend and protect their environments.All tools, checklists, guides and resources can be found here: https://go.spenceralessi.com/budgetBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.

In this episode, we dig into how to move from “we think we're secure” to “we can prove it.” We'll lay out a practical loop for validating controls, gathering evidence, and tracking results that leadership understands. If you've ever wondered how to demonstrate security value beyond dashboards and audits, this is your playbook.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.

In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.

In this episode, Spencer and Brad dig into a question that comes up all the time: what exactly is offensive security? Hint: it's not just “pentesting.” Offensive security covers a whole spectrum of activities, including, penetration testing, red teaming, purple teaming, adversary emulation, and more. We'll break down what each of these means, how they're different, and how we do things at SecurIT360. By the end, you'll have a clearer picture of how offensive security fits into a bigger security strategy and why it's more than just finding vulnerabilities.

In this episode, we're digging into a super awesome Active Directory security tool called PingCastle. We'll cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversaries. PingCastle is a staple tool on our internal pentesting toolbelt. In this episode, you will find out why.

https://offsec.blog/budgetIn this episode, we're tackling an often-overlooked opportunity: using pentest results to secure more budget for security initiatives. Too many organizations run a pentest, file the report away, and move on without leveraging it for strategic value. We'll break down how to translate findings into business language, influence leadership, and turn vulnerabilities into funding for better defenses.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com

In this episode, Brad and Spencer sit down with an experienced information security and risk manager to explore how they build and manage their security stack, choose the right tools, and win support from their team and leadership. We dig into the balance between technical defenses and business-driven risk management, from budgeting and vendor selection to measuring success and preparing for emerging threats. Whether you're a hands-on practitioner or a security leader, you'll walk away with practical insights on building stronger defenses and aligning security with business goals.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com

This is the webinar I gave in August 2025 on the topic of common Windows misconfigurations I see during internal pentests. Make sure you grab your free gifts!https://securit360.com/free-giftshttps://links.spenceralessi.com/credshttps://go.spenceralessi.com/windows-slidesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com

 In this episode, we're digging into one of the most overlooked parts of a penetration test, when it actually makes sense to not fix a finding. Not every vulnerability deserves equal treatment, and sometimes accepting the risk is the most mature decision a business can make. We'll cover how to recognize those situations, avoid common pitfalls, and document your choices so they stand up to scrutiny. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we're exploring the broader security implications of artificial intelligence. AI is transforming everything—from how we defend our networks to how attackers exploit them. We'll break down the risks, the opportunities, and what security teams need to be thinking about right now as AI becomes embedded in both our tools and becomes a part of our daily life.Spencer's next webinar 8/28 12pm EasternTopic: Securing Windows, Common Misconfigurations That Give Attackers The Advantagehttps://go.spenceralessi.com/windowsBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com

In this episode, we're diving into what to do the minute incident response arrives. That first moment matters—a lot. Whether it's a ransomware attack, unauthorized access, or data exfiltration, how you act in minute one can either help or hinder the investigation. We'll cover the do's, don'ts, and common mistakes we see, so you're ready when the heat is on.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we're diving into one of the most pressing trends in cybersecurity: how threat actors are using AI. From deepfake scams and AI-generated phishing emails to automated malware and voice cloning, attackers are leveraging artificial intelligence to scale their operations and sharpen their tactics. We'll break down real-world examples, tools like WormGPT, and what this means for defenders going forward.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com

In this episode, we break down a question that often gets overlooked: When should you not do a penetration test? Not every organization needs a pentest right away, and choosing the wrong assessment can waste time, money, and effort. We'll walk through the differences between pentests, vulnerability scans, and risk assessments — and when each one is the right move.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, we're diving into one of the most overlooked yet dangerous components of Active Directory: Certificate Services. What was designed to build trust and secure authentication is now being exploited by attackers to silently escalate privileges and persist in your environment. We'll break down how AD CS works, how it gets abused, and what defenders need to do to lock it down.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

It's easy to overlook small misconfigurations on Windows endpoints, but those little mistakes can create big opportunities for attackers. In this episode, we break down the most common Windows security missteps we see in real-world environments, from missing the basics to reused local admin passwords. If you're a sysadmin, IT admin, or just responsible for keeping Windows machines secure, this one's for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. We'll break down common attack paths, what makes financial orgs so attractive to threat actors, and most importantly, what IT and security teams can do to stay ahead. Whether you're on the red team, blue team, or in leadership, this episode will help you strengthen your security posture in one of the most targeted industries on the planet.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. Whether you're on the red team, blue team, or in leadership, this episode will help you strengthen your security posture in one of the most targeted industries on the planet.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

(Replay) In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and this topic more in general.Resources(Jun 1, 2021) Evadere Classifications - detection & response focusDefense Evasion, Tactic TA0005 - Enterprise | MITRE ATT&CK® - controls focus(Mar 22, 2024) Atomics on a Friday - Evade or Bypass - edr focusBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we break down the 7 critical questions every security leader should ask after a penetration test. A pentest isn't just about checking a box, it's an opportunity to assess your defenses, measure progress, and refine your strategy. We discuss how to go beyond the report, extract real value from the assessment, and ensure findings lead to meaningful action across your organization. Whether you're a CISO, IT director, or team lead, this episode will help you make every pentest count.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we dive into why a “A day in the life of an External Penetration Tester." What do we actually do, and how do the things we do affect the overall engagement? What's important? We answer all of these questions and more in this week's episode. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

(REPLAY) This is a recording of a webinar aimed at IT professionals, system administrators, and cybersecurity professionals eager to bolster their defenses against cyber threats. In this session, "How to Harden Active Directory to Prevent Cyber Attacks," our expert speakers will discuss comprehensive strategies and best practices for securing your Active Directory environment. Download the slides here.Key Takeaways:- Understanding AD Vulnerabilities: Learn about the most common security weaknesses in      Active Directory (AD) and how attackers exploit these gaps.- Best Practices in Configuration: Discover how to properly configure Active Directory settings for maximum security to deter potential breaches.- Advanced Security Measures: Explore advanced techniques and tools for monitoring, detecting, and responding to suspicious activities within your network.- Case Studies: Hear real-world examples of Active Directory attacks and what lessons can be learned from them.- Interactive Q&A: Have your specific questions answered during our live Q&A session with the experts.Whether you want to enhance your security posture or start from scratch, this webinar will provide you with the knowledge and tools necessary to protect your systems more effectively.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we dive into why a “we couldn't get in” result on a pentest isn't always the victory it seems—and why it can be a great sign if interpreted correctly. We break down the real defensive controls that prevented compromise, explore what might still be hiding under the surface, and share why even a clean report shouldn't mean letting your guard down.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we tackle the crucial first step in cybersecurity: preventing initial compromise. We'll dissect common attack vectors like phishing and exploitation and explore layered defenses ranging from MFA and patch management to DMZs and WAFs. Get actionable guidance to integrate these controls into your security program and safeguard your organization against the risk of that initial foothold.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we break down how attackers steal credentials and hijack sessions to gain unauthorized access to systems and data. From phishing to cookie stealing to session token theft, we'll explore the most common techniques and how to defend against them. Whether you're an IT admin or security pro, you'll walk away with practical tips to help protect your users and your organization.Recommended Conditional Access Policies to protect against account compromise: https://x.com/techspence/status/1919815226158932119Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this episode Spencer and Brad review the M-Trends 2025 Report. M-Trends 2025 is Mandiant's annual report that shares frontline learnings from its global incident-response engagements—over 450 000 hours of investigations in 2024—providing sanitized, data-driven analysis of evolving attacker tactics, dwell times, industry and regional trends, and practical recommendations to help organizations improve their defenses.M-Trends 2025: Data, Insights, and Recommendations From the Frontlines | Google Cloud BlogBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this replay, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strategies to restrict it, such as least privilege access, network segmentation, and monitoring. The podcast emphasizes the importance of understanding lateral movement and implementing comprehensive security measures to mitigate these threats.Resourceshttps://www.reddit.com/r/cybersecurity/comments/1ellylu/what_lateral_attacks_have_you_been_seeing/The DFIR ReportLateral Movement, Tactic TA0008 - Enterprise | MITRE ATT&CK®Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovSpencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessiWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this episode, Tyler and Brad discuss DMARC and how the latest version of the PCI framework requires phishing protection. You'll also learn about DMARC, DKIM, and SPF and how to elevate them to help protect your organization from attacks like Business Email Compromise (BEC).Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com