The Cyber Threat Perspective

In this episode of The Cyber Threat Perspective, we break down the 7 critical questions every security leader should ask after a penetration test. A pentest isn't just about checking a box, it's an opportunity to assess your defenses, measure progress, and refine your strategy. We discuss how to go beyond the report, extract real value from the assessment, and ensure findings lead to meaningful action across your organization. Whether you're a CISO, IT director, or team lead, this episode will help you make every pentest count.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we dive into why a “A day in the life of an External Penetration Tester." What do we actually do, and how do the things we do affect the overall engagement? What's important? We answer all of these questions and more in this week's episode. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

(REPLAY) This is a recording of a webinar aimed at IT professionals, system administrators, and cybersecurity professionals eager to bolster their defenses against cyber threats. In this session, "How to Harden Active Directory to Prevent Cyber Attacks," our expert speakers will discuss comprehensive strategies and best practices for securing your Active Directory environment. Download the slides here.Key Takeaways:- Understanding AD Vulnerabilities: Learn about the most common security weaknesses in      Active Directory (AD) and how attackers exploit these gaps.- Best Practices in Configuration: Discover how to properly configure Active Directory settings for maximum security to deter potential breaches.- Advanced Security Measures: Explore advanced techniques and tools for monitoring, detecting, and responding to suspicious activities within your network.- Case Studies: Hear real-world examples of Active Directory attacks and what lessons can be learned from them.- Interactive Q&A: Have your specific questions answered during our live Q&A session with the experts.Whether you want to enhance your security posture or start from scratch, this webinar will provide you with the knowledge and tools necessary to protect your systems more effectively.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we dive into why a “we couldn't get in” result on a pentest isn't always the victory it seems—and why it can be a great sign if interpreted correctly. We break down the real defensive controls that prevented compromise, explore what might still be hiding under the surface, and share why even a clean report shouldn't mean letting your guard down.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we tackle the crucial first step in cybersecurity: preventing initial compromise. We'll dissect common attack vectors like phishing and exploitation and explore layered defenses ranging from MFA and patch management to DMZs and WAFs. Get actionable guidance to integrate these controls into your security program and safeguard your organization against the risk of that initial foothold.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we break down how attackers steal credentials and hijack sessions to gain unauthorized access to systems and data. From phishing to cookie stealing to session token theft, we'll explore the most common techniques and how to defend against them. Whether you're an IT admin or security pro, you'll walk away with practical tips to help protect your users and your organization.Recommended Conditional Access Policies to protect against account compromise: https://x.com/techspence/status/1919815226158932119Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this episode Spencer and Brad review the M-Trends 2025 Report. M-Trends 2025 is Mandiant's annual report that shares frontline learnings from its global incident-response engagements—over 450 000 hours of investigations in 2024—providing sanitized, data-driven analysis of evolving attacker tactics, dwell times, industry and regional trends, and practical recommendations to help organizations improve their defenses.M-Trends 2025: Data, Insights, and Recommendations From the Frontlines | Google Cloud BlogBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this replay, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strategies to restrict it, such as least privilege access, network segmentation, and monitoring. The podcast emphasizes the importance of understanding lateral movement and implementing comprehensive security measures to mitigate these threats.Resourceshttps://www.reddit.com/r/cybersecurity/comments/1ellylu/what_lateral_attacks_have_you_been_seeing/The DFIR ReportLateral Movement, Tactic TA0008 - Enterprise | MITRE ATT&CK®Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovSpencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessiWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this episode, Tyler and Brad discuss DMARC and how the latest version of the PCI framework requires phishing protection. You'll also learn about DMARC, DKIM, and SPF and how to elevate them to help protect your organization from attacks like Business Email Compromise (BEC).Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we explore the strategic integration of deception technology like canaries and honeypots into your cybersecurity defenses. Discover how these tools allow you to detect threat actors earlier in their attack sequence, disrupt malicious activities, and mitigate potential damage to your organization. Join us for actionable insights and defensive advice to enhance your organization's security posture.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

Threat reports can be goldmines for defenders — but only if we know how to extract and apply what matters. A good analysis can mean catching an attack early or missing it entirely. There's no shortage of threat intel out there. The real challenge is making sense of it without getting overwhelmed. In this episode we discuss:What makes up a threat reportGoals of analyzing threat reportsHow to analyze the pieces that matterActionable tips you can use todayBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this episode, Brad and Sam discuss the most common security issues found on external penetration tests, how to find them yourself, and how to address them. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

 This episode focuses on SaaS (Software as a Service) Supply Chain Attacks. We discuss what SaaS applications are most at risk, what the real danger of saas supply chain attacks are and most importantly how to defend and detect these attacks. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

Dive into the quirky underworld of digital misdirection in this episode, where we explore the art of typosquatting. Discover how a simple mistyped URL can turn into a gateway for cyber trickery, as we break down the many forms of typosquatting—from subtle misspellings that mimic trusted sites to more elaborate schemes designed to deceive. Learn why these small errors are so effective in luring unsuspecting users and get insider tips on how to protect yourself from falling into these cleverly crafted traps. Whether you're a digital native or just curious about the hidden risks of the internet, this episode equips you with the knowledge and defenses you need to navigate online spaces with confidence. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

In this episode, we discuss whose job is harder. The red team or the blue team? We discuss the roles and responsibilities of many red and blue teamers, the challenges both those teams face, and then we share some advice for handling and overcoming those challenges.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.com

Unlock the secrets of effective attack surface monitoring in this replay of The Cyber Threat Perspective. Brad and Spencer dive into essential practices, tools, and methodologies to keep your systems secure.Define and understand attack surface and attack vectorsDistinguish between physical and digital attack surfacesExplore DIY vs. commercial tools for attack surface monitoringLearn from bug bounty industry methodologies and resourcesEmphasize the importance of continuous monitoring and asset managementCheck out our show notes for additional resources, and don't forget to like, share, and subscribe!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we discuss several insecure protocols that are found within Active Directory environments. When these protocols are enabled, they could be abused by an attacker to perform a number of attacks, including privilege escalation and lateral movement. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Chelsea (ChatGTP) interviews Brad about web application penetration testing. Listen in to learn how the process works from start to finish! Resourceshttps://owasp.org/https://nvd.nist.gov/vuln-metrics/cvsshttps://chatgpt.com/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and this topic more in general.Resources(Jun 1, 2021) Evadere Classifications - detection & response focusDefense Evasion, Tactic TA0005 - Enterprise | MITRE ATT&CK® - controls focus(Mar 22, 2024) Atomics on a Friday - Evade or Bypass - edr focusBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Spencer and Tyler discuss key things that they as pentesters wish all organizations knew about pentesting and the pentest process. They go through the entire lifecycle of a pentest and discuss definitions, processes, misconceptions and much more. By the end of this episode, we hope you have a better understanding of everything that goes into the pentesting process including things that are not typically visible to clients.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we draw parallels between natural disasters and navigating today's cybersecurity landscape. From the importance of preparation and layered defenses to the critical need for constant monitoring and resilience, we uncover valuable lessons that nature's challenges can teach us about protecting systems and data. Whether you're an IT professional, a business owner, or just someone passionate about cybersecurity, this episode will inspire you to think differently about your defenses—and stay one step ahead.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Join us for this replay of episode 78 - an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360.Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Welcome to this replay on The Cyber Threat Perspective! In this episode, Brad and Spencer dive into the mechanics and recent developments of email spoofing, shedding light on how attackers are bypassing advanced email protections.In this episode, we cover:The fundamentals of email spoofing and why it's a significant threat.Insight into the recent echo spoofing campaign exploiting Proofpoint's misconfiguration.The role of SPF, DKIM, and DMARC in combating email spoofing.How threat actors are using Microsoft 365 to bypass email protections.Mitigation strategies and the latest updates from Proofpoint and Microsoft to address these vulnerabilities.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, Nathan and Spencer discuss crucial strategies for Windows and Active Directory hardening, emphasizing the importance of community collaboration and the value of using CIS benchmarks for security compliance.In this episode, we cover:Implementing multi-factor authentication for domain adminsThe benefits and importance of using CIS benchmarks for Windows 10 and 11Advantages of having a consistent standard in an active directory environmentAssurance and verification tools available in the benchmarksSimulated environment testing and active community participation for benchmark improvementBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we're discussing what a seasoned CISO is focused on going into 2025. Mike Whitt is a Cheif Information Security Officer in the financial sector with over 20 years of experience building teams, security programs, and leading organizations to a more secure posture. https://www.linkedin.com/in/mike-whitt-a4b4802/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we're peeling back the layers of the question so many organizations ask: Why do penetration tests cost so much? But here's the real twist—are they actually expensive, or are we measuring their value the wrong way?By the end of this episode, you'll understand not just the cost of a penetration test, but its value as an investment in protecting your business. We'll dive into real-world examples, break down the factors that drive pentest pricing, and explore how it compares to the costs of incidents like data breaches, ransomware, and PR disasters. Let's get started.https://www.morganlewis.com/blogs/sourcingatmorganlewis/2024/03/study-finds-average-cost-of-data-breaches-continued-to-rise-in-2023Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we're diving into one of the most enduring cybersecurity challenges—weak passwords. We'll explore how poor password practices and identity management pitfalls leave organizations vulnerable to compromise. From understanding the most common mistakes to implementing effective defenses, we're breaking down what it takes to fortify your systems against attackers exploiting the weakest link. Sourceshttps://www.verizon.com/about/news/2023-data-breach-investigations-report?utm_source=chatgpt.comhttps://blog.1password.com/challenges-of-shadow-it/https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024?msockid=2e875ee0e1fe64d22f854aa6e0746523Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we discuss the broad concept of risk, what it is, and how to manage it. This episode is a great way to begin understanding how to develop an overall risk management strategy at your organization or understand how a risk management program might work for you.You find out more about what Rob and his team can do here:https://www.securit360.com/services/managed-services-consulting/Reach him directly here: rob@securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we discuss the challenge of translating penetration test findings into practical and effective security improvements, and we delve into the three major bottlenecks to improving security and give recommendations for overcoming them.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we're talking about a significant development in the cyber threat landscape. There has been a surge in activity from a group known as Midnight Blizzard, also known as APT29. They're a sophisticated Russian state-sponsored group, and their primary targets are governments, diplomats, NGOs, and IT service providers, mainly in the US and Europe. What's really alarming is their recent shift in tactics. They're now using malicious RDP files in their spear-phishing campaigns, which is a new approach for them. This indicates they are evolving their methods, becoming even more dangerous. RDP is commonly used in corporate environments for remote access to resources, so many organizations have it enabled and may not be blocking RDP files, making them an ideal attack vector.Amazon identified internet domains abused by APT29 | AWS Security Blog: https://aws.amazon.com/blogs/security/amazon-identified-internet-domains-abused-by-apt29/Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments | CISA: https://www.cisa.gov/news-events/cybersecurity-alerts-advisories/aa24-329aMidnight Blizzard conducts large-scale spear-phishing campaign using RDP files _ Microsoft Security Blog.pdf: The URL for this source was not provided.Rogue RDP – Revisiting Initial Access Methods - Black Hills Information Security: https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/Rogue RDP: Bring Your Own Server | Mike Felch | 1-Hour: https://www.youtube.com/watch?v=y1Y-t7fDwXUWarning: Government-themed Phishing with RDP Attachments | CCB Safeonweb: https://www.safeonweb.be/en/news/warning-government-themed-phishing-rdp-attachmentsRogue RDP Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers - SOC Prime: https://socprime.com/blog/rogue-rdp-attack-detection-uac-0215-leverages-rdp-configuration-files-to-gain-remote-access-to-ukrainian-public-sector-computers/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we dive deep into the newly released Microsoft Digital Defense Report 2024, which offers a comprehensive look at the latest trends in the global cybersecurity landscape. From evolving cyber threats and attack strategies to Microsoft's analysis of the most vulnerable sectors, we break down the key findings and what they mean for businesses, governments, and cybersecurity professionals. Join us as we discuss how threat actors are leveraging new technologies, the role of AI in defense strategies, and what steps organizations can take to bolster their cyber resilience. Whether you're an IT professional or just passionate about cybersecurity, this episode will give you critical insights into defending against tomorrow's threats, today.Microsoft Digital Defense Report 2024Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode replay, Spencer and Darrius break down the complexities of credential protection, discussing everything from user education and tools to threat modeling and guardrails. Plus, we delve into the world of protecting credentials within scripts and code. This is a must-listen for all IT admins, CISOs and any other IT/Security professional.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Spencer and Brad discuss a recent Trend Micro research project and associated white paper "Red Team Tools in the Hands of Cybercriminals and Nation States". Spencer and Brad dig into what red teaming is, what red team tools (often referred to as offensive security tools) are and why they are used. They also cover the abuse of red team tools, the speed of exploitation after public release and supply chain attacks against red team tools.From Defense to Offense: The Misuse of Red Teaming Tools by Cybercriminals | Trend Micro (US)Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this replay episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Brad and Spencer discuss Spencer's upcoming in-person workshop at Cyber SC. The **Hardening Active Directory to Prevent Cyber Attacks** Workshop is aimed at IT professionals, system administrators, and cybersecurity professionals eager to learn how to bolster their defenses against cyber threats. In this workshop, we will discuss comprehensive strategies and best practices for securing Active Directory.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, Spencer and Tyler share what they love and hate about the current state of penetration testing, they discuss current and future trends, and what it means to be a true cybersecurity partner. We hope you enjoy this episode!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, Tyler and Brad talk about various security issues found on recent penetration tests. They outline the how and why, and talk about mitigation strategies to help you beat these issues in your environment.ResourcesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strategies to restrict it, such as least privilege access, network segmentation, and monitoring. The podcast emphasizes the importance of understanding lateral movement and implementing comprehensive security measures to mitigate these threats.Resourceshttps://www.reddit.com/r/cybersecurity/comments/1ellylu/what_lateral_attacks_have_you_been_seeing/The DFIR ReportLateral Movement, Tactic TA0008 - Enterprise | MITRE ATT&CK®Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In our "DNS Security" podcast, we delve into DNS's critical role in how the internet works, exploring its vulnerabilities and attacks like DNS spoofing, cache poisoning, and DDoS. We discuss DNSSEC and its components, including public and private keys, and examine practical solutions such as DNS and content filtering. The episode also highlights the advantages of cloud-based DNS services, like those offered by Cloudflare.Finally, we share best practices and resources for securing DNS infrastructure, addressing challenges like scalability and false positives. Join us for a concise yet comprehensive exploration of DNS security's complexities and solutions.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!Let's talk about cyber risk classification in this episode of The Cyber Threat Perspective. Brad and Tyler provide a high-level overview of various types of cyber risk encountered in penetration testing.-Reputational Risk-Financial Risk-Operational Risk-Direct Risk-Indirect Risk-Lateral Risk-Strategic Risk-Compliance Riskhttps://offsec.blogBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode Brad and Spencer discuss Attack Surface Monitoring, what it is, and why it's important for defending against cyber-attacks. They give into the difference between attack vectors and attack surface and share a high-level overview on how to go about monitoring your own attack surface. Finally, they share tools and techniques for attack surface monitoring, many of which are key concepts taken from the world of bug bounty.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, Spencer has Sam Killingsworth on the show to talk about getting into cybersecurity, specifically penetration testing, coming from a first responder background. Sam is currently a full-time Firefighter/EMT and part-time penetration tester here at SecurIT360. Sam shares his background and experiences of learning cybersecurity and pentesting and how he has used the skills from his full-time job to help him be a better pentester.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, Spencer and Brad dive into the complex maze of 3rd party email providers, filtering and spoofing. Email spoofing is a technique used by cybercriminals to disguise the sender's address in an email message, making it appear as though the email originated from a different source. This can be used for a variety of malicious purposes, such as phishing attacks, fraudulent activities, or spreading malware.DMARC Rundown - Offensive Security Blog - SecurIT360“EchoSpoofing” — A Massive Phishing Campaign Exploiting...Spoof intelligence insight - Microsoft Defender for Office 365How attackers bypass third-party mail filtering to Office 365Spoofing Microsoft 365 Like It's 1995 - Black Hills Information SecurityBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, Spencer is joined by Joey Vandergrift (SecurIT360's VP of Security Operations) and Mark Brophy (SecurIT360's DFIR practice lead). Together they discuss how CrowdStrike, a leading EDR product, caused one of the largest global IT outages in history.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, Spencer and Brad dive into the deep underworld of infostealer malware. They discuss what infostealers are, how they are used and what they are used for. They will dig into how the information obtained from infostealers can help cyber threat actors compromise large and small organizations, cloud providers and more but also how the infostealer data and logs can be used by authorities for good.Resources10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruithttps://x.com/vxunderground/status/1757467533202862344Infostealer malware logs used to identify child abuse website membershttps://cybernews.com/cybercrime/disney-slack-data-breach-unreleased-projects/https://x.com/arekfurt/status/1800181869256024083https://x.com/ddd1ms/status/1755256762997850279https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion?linkId=10091118Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented features and firmware flaws with far-reaching security implications.- Real-world examples highlighting the importance of pen testing medical devices, including the potential for increased medication dosing due to infusion pump flaws.- A deep dive into the broad-reaching impact of exploited vulnerabilities, from chaos in hospitals to privacy breaches through interconnected devices and mobile apps.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, Spencer and Brad discuss the OpenSSH "regreSSHion" vulnerability. This is being tracked as CVE-2024-6409 & CVE-2024-6387. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.Links:https://nvd.nist.gov/vuln/detail/CVE-2024-6409https://nvd.nist.gov/vuln/detail/CVE-2024-6387https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=thestack.technologyhttps://www.infosecurity-magazine.com/news/chinese-state-exploits/https://x.com/fofabot/status/1810622161192919350https://justpaste.it/do235Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, Spencer and Tyler discuss two of their current favorite tools: OneDriveEnum for enumerating user accounts in Microsoft 365 and AD Miner for visualizing attack paths in Active Directory. We hope you enjoy and get value from this episode!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this. Topics covered: Credential Stuffing, Brute Force Attacks, Password Spraying, Prompt Bombing, Session Hijacking, Adversary-in-the-Middle (AiTM) Attacks, OAuth Phishing, Legacy Authentication Protocols, App Passwords, Conditional Access PoliciesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com