Podcasts about pentesting

Method of evaluating computer and network security by simulating a cyber attack

  • 264PODCASTS
  • 806EPISODES
  • 40mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • Jun 22, 2026LATEST

POPULARITY

20192020202120222023202420252026


Best podcasts about pentesting

Show all podcasts related to pentesting

Latest podcast episodes about pentesting

Cybersecurity ist Chefsache - Der Podcast!
Pentest, Schwachstellenscan oder Red Teaming, wer blickt da noch durch?

Cybersecurity ist Chefsache - Der Podcast!

Play Episode Listen Later Jun 22, 2026 71:04


In dieser Folge von „Cyber Security ist Chefsache" sprechen Nico und Ann-Kathrin mit Andreas Krüger, Gründer und Geschäftsführer von Laokoon SecurITy, über ein Thema, bei dem in der Praxis ständig Begriffe durcheinandergeworfen werden: Penetrationstests, und warum gerade im OT- und Hardware-Umfeld vieles anders läuft als in der klassischen IT. Andreas kommt selbst aus dem Bundeswehr-Umfeld, hat dort das Hacken von der Pike auf gelernt und betreibt heute ein eigenes Labor für Hardware- und OT-Pentests.Zum Einstieg räumt Andreas mit dem „bunten Blumenstrauß" aus Pentest, Schwachstellenscan, Red Teaming und Hardware-Hacking auf. Sein Bild dafür ist eine Pyramide: Sie beginnt unten bei der konzeptionellen Absicherung, also klaren Dokumenten, Prozessen und einem sauberen Asset-Management. Darauf folgen der breit angelegte Schwachstellenscan, der nur bereits bekannte Muster findet, dann der fokussierte Pentest, der bewusst die Angreiferperspektive einnimmt und auch unbekannte Lücken sucht, und schließlich das Red Teaming, das eher Prozesse prüft und im besten Fall als Purple Teaming gemeinsam mit dem Verteidiger-Team läuft. Seine klare Botschaft an Unternehmen: Überspringt keine Stufe der Pyramide, und beginnt mit dem Fundament statt mit der spektakulären Übung.Besonders ehrlich wird das Gespräch beim Unterschied zwischen IT und OT. Ein OT-Pentest ist für Andreas eine „Operation am offenen Herzen": Man kann nicht einfach einen automatisierten Scanner über eine laufende Produktionsanlage jagen, sondern braucht echtes Prozessverständnis, Referenz- oder Laborsysteme und oft auch den Blick auf physische Sicherheit und Social Engineering. Genau hier sieht er ein Marktproblem: Immer mehr IT-Beratungen drängen ohne echte Expertise in den OT-Markt und machen mit „grünen Häkchen" den Preis kaputt. Wie man einen wirklich kompetenten Anbieter erkennt, woran man Scharlatane entlarvt und warum Pentests, die aus Compliance-Gründen unbedingt „grün" sein müssen, das eigentliche Ziel sabotieren, diskutieren die drei sehr offen.Im Gespräch geht es außerdem um:Den Unterschied zwischen Schwachstellenscan, Pentest, Red Teaming und Hardware-Hacking, ohne Buzzword-NebelWarum Asset-Management und die kritischen Pfade der Ausgangspunkt jedes sinnvollen Tests sindWarum ein OT-Pentest „Operation am offenen Herzen" ist und auf Referenz- statt Produktionssystemen gehörtWie physische Sicherheit, Social Engineering und sogar Drohnen ins Spiel kommenWoran man einen seriösen Anbieter erkennt, und warum manche Beratungen den OT-Markt kaputtmachenWarum Compliance-getriebene Pentests, die „grün" sein müssen, kontraproduktiv sindWie oft man wirklich testen sollte, mindestens jährlich und nach jeder großen Änderung, nicht alle drei JahreWelche Rolle KI im Pentesting spielt, stark beim Report und der Ausbildung, riskant als Ersatz für echtes VerständnisWarum „Prompt Engineering" kein Pentest ist und Leidensfähigkeit zum Handwerk gehörtHardware als Nischenmarkt: offene Debug-Schnittstellen, Seitenkanalangriffe und Firmware als GoldgrubeDie Anekdote mit dem Computerspiel auf dem Geräte-Display, das den Hardware-Zugriff beweisen sollteLieferketten und digitale Souveränität: zugelieferte Chips, versteckte Menüs und Europas blinde FleckenEinsteiger-Tipps für Studierende: erst die Basics verstehen (TCP/IP, Protokolle), dann Plattformen wie Capture the FlagEine sehr praxisnahe Folge für IT- und OT-Verantwortliche, Sicherheitsbeauftragte, Hersteller und alle, die wissen wollen, was ein Pentest wirklich leistet, und die nicht erst im Ernstfall merken wollen, dass „Häkchen grün" eben nicht „sicher" bedeutet.____________________________________________

ChannelBuzz.ca
The Buzz: Pax8 crowns the MIP era at Beyond26, Arrow launches partner experience centers, and Mitel names a new channel chief

ChannelBuzz.ca

Play Episode Listen Later Jun 11, 2026 4:55


Today’s headline news for Canadian IT solution providers: Pax8 Beyond26 – managed intelligence: Pax8 wrapped its annual Beyond conference in Salt Lake City on Tuesday with over 3,500 attendees including 200+ from Canada, centering the show on the transition from managed services to the Managed Intelligence Provider model. The headline announcement was Microsoft Agent 365 for Managed Intelligence – multi-tenant governance of agentic AI across MSP client environments through the Pax8 Agent Store, arriving in July – alongside the launch of the Managed Intelligence Provider Program, Voyager Alliance Rewards, and the Managed Intelligence Alliance. CEO Scott Chasin argued that as AI models commoditize, the trust MSPs have already built with clients is their primary competitive advantage going forward. Arrow Electronics global experience centers: Arrow introduced a network of global experience centers on Tuesday, built in close collaboration with channel partners in North America and Europe to reflect how partners actually go to market today. Facilities in the US and Sweden are fully networked to deliver a consistent design and testing experience regardless of location, and are designed specifically to help partners accelerate the move from AI and cloud evaluation into deployment and monetization. Mitel names new channel chief: Mitel has appointed Ben Macdonald as vice president of global channel go-to-market, bringing experience from Owl Labs, Poly, Juniper Networks, and Ekahau. The hire comes as Mitel’s own research shows 68 percent of businesses are running communications infrastructure more than seven years old, with 92 percent of modernizing organizations choosing an integrated-hybrid strategy – a dynamic the company says positions its 6,000-plus channel partners at the center of one of the largest communications refresh cycles in a decade. Cork Cyber wins Pax8 Startup Vendor of the Year: Pax8 recognized Cork Cyber at Beyond26 for its AI-native remediation platform built for MSPs, which remediates threats automatically, reduces ticket volume, and provides financial payback when risks slip through. The award was presented on the Beyond mainstage by Pax8 president Nick Heddy. Canada’s cloud market: A new report from the Canadian Anti-Monopoly Project, covered by CBC News, calls the Canadian cloud computing market “broken,” warning that Amazon, Microsoft, and Google control approximately 85 percent of the market. The report argues that even adding domestic sovereign alternatives will not fix the problem without interoperability standards, coining the term “maplewashed dependency” for the risk of trading one lock-in for another. Pentesting research: New research from Cobalt and Omdia finds that 53 percent of security leaders believe traditional penetration testing is now outdated, with demand growing for continuous, AI-assisted approaches. iCOUNTER leadership: iCOUNTER has appointed Joel Molinoff, formerly of BlueVoyant and CBS Corporation, as chief operating officer. DataStrike expansion: DataStrike has expanded its Linux managed services practice by hiring Jon Cain as senior Linux infrastructure engineer to meet growing client demand. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Thursday, June 11, 2026, and here’s what’s happening in the channel today. Pax8 wrapped its annual Beyond conference in Salt Lake City on Tuesday, and the event made a clear statement about where the distributor sees the managed services business heading. With more than 3,500 attendees – including over 200 from Canada – the show centered on what Pax8 is calling the Managed Intelligence Provider model, or MIP. The idea is that MSPs are no longer primarily managing infrastructure. The next phase of the business is orchestrating agentic AI and delivering outcomes that SMB customers cannot build on their own. The headline product announcement from the show was Microsoft Agent 365 for Managed Intelligence, which will give MSPs multi-tenant governance of agentic AI across their client base through the Pax8 Agent Store, arriving in July. Alongside that, Pax8 announced the Managed Intelligence Provider Program, the Voyager Alliance Rewards program, and the Managed Intelligence Alliance, all aimed at helping partners navigate that business model transition. CEO Scott Chasin’s central argument was that as AI models commoditize rapidly, the trust that MSPs have already built with their clients becomes the primary competitive differentiator. It’s a different kind of pitch than many vendors have been making this year, and the Canadian partner contingent at the show was among the largest regional groups in attendance. Distribution giant Arrow Electronics introduced a new set of networked global experience centers on Tuesday, and the design philosophy behind them is worth paying attention to. According to Arrow, the facilities in the US and Sweden were built in close collaboration with channel partners across North America and Europe, specifically around how partners actually go to market today, where they face constraints, and what slows them down. The two locations are fully networked, meaning the design and testing experience is consistent regardless of where the customer or partner is located. Arrow has operated various lab facilities over the years, but this iteration is explicitly oriented around solving the commercial and operational friction partners face in moving customers from AI and cloud evaluation into deployment. For solution providers working to differentiate on deep technical expertise and pre-sales capability, the ability to leverage distribution infrastructure at this level is increasingly part of the value equation. Mitel announced Tuesday that Ben Macdonald has joined the company as vice president of global channel go-to-market, making him the company’s new channel chief. Macdonald comes from Owl Labs, where he led the shift to a scalable B2B and enterprise channel model including strategic alliances with Microsoft and Lenovo. He has also held senior channel roles at Poly, Juniper Networks, and Ekahau. The appointment arrives at a moment Mitel describes as one of the largest communications refresh cycles in a decade. According to Mitel’s own research, 68 percent of businesses are currently running communications systems that are more than seven years old, and 92 percent of organizations actively modernizing are choosing an integrated-hybrid strategy. Macdonald’s specific background – building recurring revenue models out of historically transactional, hardware-centric businesses – aligns directly with what Mitel says it needs. For the more than 6,000 channel partners in Mitel’s ecosystem, including a significant number of Canadian resellers and MSPs with established UC practices, the appointment signals an intent to activate that market opportunity through the partner community. In Brief – Pax8 named Cork Cyber its Startup Vendor of the Year at Beyond, recognizing the MSP-focused AI remediation platform that remediates threats automatically and pays out financially when risks slip through. A report from the Canadian Anti-Monopoly Project calls Canada’s cloud computing market “broken,” warning that Amazon, Microsoft and Google control 85 percent of the market and domestic providers risk creating what the report calls “maplewashed dependencies.” Cobalt and Omdia research finds that 53 percent of security leaders believe traditional penetration testing is now outdated. iCOUNTER appoints Joel Molinoff, formerly of BlueVoyant and CBS Corporation, as chief operating officer. DataStrike expands its Linux managed services practice by hiring Jon Cain as senior Linux infrastructure engineer. Full details and links in the show notes or the blog post. Later today on In The Channel, we’re hearing from Josh Singh at Turning Point Technologies in Vancouver – it’s a conversation about running a single-vendor Dell practice, AI for SMB, and why backup is the last line of defense against ransomware. And if you haven’t heard it yet, yesterday on In The Channel I sat down with ESTI’s Earl Gosick on AI infrastructure, cyber resilience, and why Saskatchewan may be Canada’s next data center hub. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.

Cybersecurity Where You Are
Episode 189: The Present and Future of AI-enabled Pentesting

Cybersecurity Where You Are

Play Episode Listen Later May 27, 2026 33:33


In episode 189 of Cybersecurity Where You Are, Sean Atkinson sits down with Ed Skoudis, President of SANS Technology Institute. Together, they discuss the present and future of pentesting enabled by artificial intelligence (AI).Here are some highlights from our episode:00:39. Introductions to Ed01:49. The promise of AI-enabled pentesting in creating more secure infrastructure04:52. AI-enabled and AI-centric workflows in the realm of penetration testing08:03. Wranglers, matadors, and centaurs, oh my! Metaphors for AI-enabled pentesters13:00. How AI can assist with reporting, enumeration, and scanning as part of a pentest14:57. AI-enabled source-assisted pentesting and the types of vulnerabilities it finds19:50. A learning opportunity for the broader cybersecurity community23:44. How AI and human analysts could split the workload in a future penetration test25:54. AI-enabled pentesting vs. AI pentester in a box29:51. Why "human in the loop" might be too passive a phrase30:37. The use of AI for source code developmentResourcesMythos AI: What Actually Matters for Cybersecurity LeadersSecure by DesignSEC543: AI-Assisted Source Code Analysis and Exploitation for Penetration TestersEpisode 108: Gaming and Competition in CybersecurityEpisode 59: Probing the Modern Role of the PentestIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Security Conversations
Federico Kirschbaum on XBOW, AI Hackers, and the Future of Pen Testing

Security Conversations

Play Episode Listen Later May 25, 2026 58:02


(Presented by TLPBLACK: A cybersecurity intelligence platform focused on sharing curated, high-sensitivity threat insights and research with trusted security professionals.) Three Buddy Problem x Ekoparty Miami: Federico Kirschbaum, founder of Ekoparty and now head of Security Lab at XBOW, talks about what happens to offensive security when an autonomous AI hacker can find and exploit real vulnerabilities. Fede walks through XBOW's "Tales from the Trace," the surreal experience of watching a non-human adversary reason its way to an ASLR bypass, and why he believes pen-testing isn't dying but finally becoming accessible to far more than the world's biggest companies. Plus, where humans still matter in the loop, whether an LLM-discovered bug is public by definition, the looming reckoning over software liability, and Halvar Flake's very honest fear of getting lazy. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Federico Kirschbaum. Timestamps: 0:00 Fede's move to XBOW 2:20 What's XBOW building? An AI hacker for real vulnerabilities 5:53 Where the human stays in the loop 6:35 The Exim bug: a craftsman races the LLM to an ASLR bypass 10:49 Does bug discovery still need a human asking the right question? 16:24 A short history: Satan, CORE, Metasploit, bug bounties 18:48 An LLM-discovered bug is public by definition 24:12 Halvar Flake's laziness worry & the assembly-to-C parallel 29:47 Rising tides: script kiddies get the full gamut 41:02 The economics: does pentesting get cheap? 43:18 Argentina, Ekoparty, and an untapped talent pipeline

Breach FM - der Infosec Podcast
Flurfunk - MuddyWater Ransomware-False Flag, Mythos in der Praxis & Echtzeit-Deepfakes

Breach FM - der Infosec Podcast

Play Episode Listen Later May 19, 2026 53:58


In der neuen Folge von Breach FM melde ich mich aus dem ICE mit einem kurzen Canvas-Update zum Einstieg: Instructure hat an ShinyHunters gezahlt und dafür digitale Shredlogs als Löschbestätigung erhalten. Interessante Formulierung für "wir haben gezahlt".Das erste Hauptthema: Rapid7 hat einen Vorfall analysiert, der zunächst wie ein klassischer Chaos-Ransomware-Angriff aussah – bis auffiel, dass trotz Erpressung und Leak-Seite keine einzige Datei verschlüsselt wurde. Mit moderater Confidence attribuieren die Forscher den Angriff an MuddyWater, eine iranische APT-Gruppe des Geheimdienstministeriums MOIS. Einstieg: Microsoft-Teams-Social-Engineering, Screensharing, Credential-Harvesting, MFA-Manipulation, Persistenz via DWAgent und AnyDesk. Das Fazit: Spionageoperation mit Ransomware-Kulisse. Iran läuft in der breiten Cyberöffentlichkeit immer noch unter ferner liefen – dabei agiert die Gruppe zunehmend aggressiv und methodisch.Dann bringt Max zwei Berichte zu Mythos Preview in der Praxis: Mozilla beschreibt, wie sie Firefox mit Mythos-Zugang gehärtet haben – weniger Rauschen, vollständige Exploit-Ketten statt isolierter Bug-Hinweise, aber trotzdem über 100 Menschen, die den finalen Code geprüft haben. xbow nutzte Mythos aus Red-Team-Perspektive für Pentesting. Wir diskutieren, wo die Diskrepanz zwischen technisch Machbarem und vertrauenswürdig Auslieferbarem noch liegt – und warum das für Hersteller eine andere Frage ist als für interne Teams.Kurzes Update von Max: Grafana Labs bestätigt unautorisierten Zugriff auf Teile ihres Repositories. Noch wenig Details, aber relevant angesichts der weiten Verbreitung des Tools.Dann unser Ausflug ins Boulevard-Segment: Das OLG Hamm hat entschieden, dass Unternehmen für Falschangaben ihrer KI-Chatbots haften – auch wenn korrekte Ausgangsdaten geliefert wurden. Anlass: der Chatbot der Aesthetify GmbH (Dr. Rick & Dr. Nick) hatte den Ärzten frei erfundene Facharzttitel angedichtet. Kläger war die Verbraucherzentrale NRW. Das Gericht: Ein Chatbot ist kein Dritter, sondern Teil der Unternehmensorganisation. Revision zum BGH zugelassen. Für alle, die heute einen Chatbot kommerziell betreiben, ist das ein erster wichtiger Präzedenzfall.Zum Abschluss ein 404-Media-Artikel von Joseph Cox: Er konnte chinesische Echtzeit-Deepfake-Software für rund 500 Dollar kaufen – kommerziell angeboten, läuft auf Gaming-Hardware, umgeht staatliche Erkennungsmodelle zu fast 100 Prozent. Der Markt für Deepfake-Betrug ist längst kein Darknet-Phänomen mehr.Canvas/Instructure zahlt Lösegeldhttps://www.insidehighered.com/news/tech-innovation/administrative-tech/2026/05/11/instructure-pays-ransom-canvas-hackersMuddyWater / Chaos Ransomware False Flag (Rapid7)https://www.rapid7.com/blog/post/tr-muddying-tracks-state-sponsored-shadow-behind-chaos-ransomware/Mozilla Firefox & Mythos Previewhttps://blog.mozilla.org/attack-and-defense/2026/05/06/mythospreview-firefox/xbow & Mythos Preview https://xbow.com/blog/mythos-previewGrafana Labs Breach https://grafana.com/blog/2026/05/12/grafana-security-incident/OLG Hamm – Chatbot-Haftung Dr. Rick & Dr. Nick https://www.heise.de/news/Dr-Rick-Dr-Nick-Aerzte-verlieren-wegen-KI-Halluzinationen-vor-Gericht-11293866.htmlEchtzeit-Deepfake-Software (404 Media) https://www.404media.co/chinese-realtime-deepfake-software-sold-commercially/

David Bombal
#574: Hacking Windows Active Directory in 10 minutes

David Bombal

Play Episode Listen Later Apr 14, 2026 25:28


Thank you ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // Spencer Alessi's SOCIAL // YouTube: / @techspence Website: https://spenceralessi.com/adsecuritykit/ X: https://x.com/techspence LinkedIn: / spenceralessi Swag: https://www.etsy.com/shop/ethicalthre... // ThreatLocker's SOCIAL // LinkedIn: https://www.linkedin.com/company/thre... X: https://x.com/threatlocker Instagram: / threatlocker Website: https://www.threatlocker.com/ / David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:54 - Spencer Alessi introduction & background 02:20 - Pentesting demo // Active Directory 03:34 - Control paths // Finding bad permissions with ADeleg 06:04 - Finding bad permissions with NetTools 06:52 - The most common issue 08:15 - Certificate abuse 12:20 - Quick recap 12:30 - Certificate abuse continued 15:10 - Pentesting summary 15:09 - How to become a pentester 18:48 - Recommended certifications 20:54 - Advice for blue teamers 22:15 - Overcoming being an introvert // Soft skills vs tech skills 23:43 - Windows hacking in the real world 24:54 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #microsoft #windows11 #hacker

Breach FM - der Infosec Podcast
Flurfunk - McKinseys KI-Plattform gehackt, OpenAI kauft PromptFoo, Trumps Cyber-Strategie & Microsoft Copilot Cowork

Breach FM - der Infosec Podcast

Play Episode Listen Later Mar 11, 2026 54:12


Robert war leider zu müde von meinen Abenteuern am Wochenende für eine pünktliche Folge - dafür steigen wir direkt mit dem vielleicht kuriosesten KI-Fail des noch jungen Jahres ein.Sicherheitsforscher von CodeWall haben McKinseys interne Gen-AI-Plattform "Lilli" auseinandergenommen. Über 200 API-Endpunkte waren öffentlich zugänglich, 22 davon komplett ohne Authentifizierung. Besonders pikant: Die Reconnaissance haben die Forscher selbst größtenteils per KI-Agenten durchgeführt – der dann autonom anfing, die gefundene API-Dokumentation zu testen. Das Ergebnis war eine SQL-Injection über unsanitierte JSON-Keys, mit der man am Ende rund 46,5 Millionen Chatnachrichten, 57.000 Nutzerkonten, die komplette Organisationsstruktur und den gesamten vektorisierten Wissensbestand der Plattform hätte abgreifen können – inklusive fast live mitlesbar, welcher Berater gerade an was arbeitet. McKinsey hat nach Responsible Disclosure innerhalb eines Tages gepatcht, was fair ist. Dass sowas bei einer der einflussreichsten Beratungsfirmen der Welt gebaut werden konnte, bleibt trotzdem schwer zu erklären.Passend dazu: OpenAI hat Promptfoo akquiriert – ein Framework für LLM Red-Teaming und Pentesting, gerade mal zwei Jahre alt. Das Tool war auf automatisiertes Testen von Prompt Injections, Jailbreaks und Data Leakage ausgelegt und bereits bei über 100.000 Entwicklern und zahlreichen Fortune-500-Unternehmen im Einsatz. Wir ordnen ein, warum wir eher an einen Acquihire glaube als an ein eigenständiges Produkt – und warum AI Application Security trotzdem gerade als eigenständige Marktkategorie entsteht.Dann schauen wir uns Trumps neue Cyber Strategy for America an – und sind ehrlich überrascht. Das Dokument ist auffällig kurz, aber das ist nicht zwingend ein Kritikpunkt. Sechs strategische Leitlinien, darunter offensive Abschreckung, stärkere Einbindung der Privatwirtschaft gegen Cybercrime-Netzwerke und Regulierungsentlastung. Wir diskutieren, was losgelöst vom Namen auf dem Deckblatt inhaltlich tatsächlich Sinn ergibt und wo berechtigte Skepsis bleibt.Zum Abschluss: Satya Nadella kündigt Copilot Cowork an – einen vollständigen Workspace-Agenten mit Zugriff auf alle Apps und Dateien innerhalb von M365. Wir fragen uns, wann der erste Pentesting-Report kommt, der das auseinandernimmt und warum das undurchschaubare Microsoft-Lizenz-Ökosystem selbst für erfahrene Security-Leute mittlerweile kaum noch zu überblicken ist.HOW WE HACKED MCKINSEY'S AI PLATFORMhttps://codewall.ai/blog/how-we-hacked-mckinseys-ai-platformOpenAI to acquire Promptfoohttps://openai.com/index/openai-to-acquire-promptfoo/Trumps Cyber Strategy for Americahttps://www.whitehouse.gov/wp-content/uploads/2026/03/president-trumps-cyber-strategy-for-america.pdfAnnouncing Copilot Cowork, a new way to complete tasks and get work done in M365.https://x.com/satyanadella/status/2030992877665583440?s=46

The Cyber Threat Perspective
Episode 171: The future of pentesting with AI

The Cyber Threat Perspective

Play Episode Listen Later Mar 6, 2026 33:28


Pentesting is quickly evolving with the integration of AI, fundamentally changing how cybersecurity professionals approach their work. In this episode, Spencer and Brad discuss the real shifts they're seeing in the industry and what the future may look like.The pivotal changes in AI that have impacted pentesting over the past yearThe emergence of agents, orchestration, and single-pane-of-glass platforms for streamlined operationsHow AI is enabling rapid tool creation, customization, and administrative efficiencyThe effect of AI on skillsets, closing the gap between junior and senior pentestersWhy human expertise remains irreplaceable despite advancements in AI-driven toolsTune in to hear straight-forward perspectives on the future of pentesting and actionable insights for professionals looking to stay ahead.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Zoldersessions
#48 - Kees Stammes

Zoldersessions

Play Episode Listen Later Feb 25, 2026 57:23


Kees Stammes is Managing Director van Securify. Hij praat met Rik over Pentesting, keurmerken en standaarden. Meer over ons: Attic Security - Identity MDR for SME - https://atticsecurity.comDSCM - AitM & Clone Detection - https://didsomeoneclone.meZolder - Pentesting & Threat Research - https://zolder.io 

UBC News World
Cyber Threats Are Rising: Why Pen Testing Is Now Critical for Small Businesses

UBC News World

Play Episode Listen Later Feb 23, 2026 4:46


Should small businesses request a penetration test? Is the threat to SMBs significant enough to justify it? Tune in to find out why an enterprise-grade service is increasingly making its way into smaller operations.Learn more at https://www.feemcotech.solutions/ Feemco Technologies City: Red Oak Address: 225 Richard Lane Website: https://www.feemcotech.solutions

@BEERISAC: CPS/ICS Security Podcast Playlist
Pen Testing Reality Check: Why Cybersecurity Fundamentals Still Matter More Than AI

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 11, 2026 33:37


Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: Pen Testing Reality Check: Why Cybersecurity Fundamentals Still Matter More Than AIPub date: 2026-02-09Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationShiny tools don't break attackers in basic mistakes. In Episode 92 of Protect It All, host Aaron Crow sits down with Corey LeBleu, founder of Relix Security and seasoned penetration tester, for a candid look at what actually causes organizations to get compromised and why fundamentals still matter more than the latest security trends. Drawing from years of red-team and penetration-testing experience, Corey shares real stories from the field: forgotten printers, unmanaged IoT devices, legacy systems no one owns anymore, and misconfigurations hiding in plain sight. Together, Aaron and Corey unpack why asset visibility, patching, and change management continue to be the weakest links - even as AI and automation enter the security conversation. You'll learn: Why old printers, IoT devices, and “temporary” systems are prime attack paths What most organizations misunderstand about pen testing and red teaming How poor asset inventory and change management undermine security programs The real risks behind shadow IT and unmanaged tools Where AI helps in pen testing and where experience still wins Why mastering the basics beats chasing new security gadgets every time Whether you're a security professional, IT leader, or someone looking to break into cybersecurity, this episode delivers practical, no-nonsense lessons from the front lines - focused on what actually reduces risk. Tune in to hear why cybersecurity success still starts with the fundamentals - only on Protect It All. Key Moments:  03:57 Critical Infrastructure: Finding Vulnerabilities 06:44 "Cyber Risks from Hidden Devices" 11:25 Cybersecurity: Focus on Basics 16:09 Complex Systems Demand Continuous Testing 18:17 Understanding Complex System Security 22:54 "Testing: External vs. Internal" 24:12 Enterprise Challenges with AI Integration 27:40 AI Lowers Barriers for Hacking About the guest :  Corey LeBleu has built a career around application security testing, becoming deeply involved in integrating vulnerability assessments throughout the software testing lifecycle. Noticing shifts in industry practices, Corey observed major international financial institutions moving to routinely pentest every application- even legacy IBM systems - leading the way in robust cybersecurity practices. In contrast, Corey also highlights the challenges faced by manufacturing, where operational technology often suffers from outdated, vulnerable systems. Corey's experience showcases the evolving landscape of application security, emphasizing the need for continuous testing and vigilance across diverse industries. How to connect Corey : https://www.linkedin.com/in/coreylebleu/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The Tech Blog Writer Podcast
Cobalt Shares Hard Lessons From the State of Pen Testing Report

The Tech Blog Writer Podcast

Play Episode Listen Later Jan 28, 2026 26:43


What happens when artificial intelligence starts accelerating cyberattacks faster than most organizations can test, fix, and respond? In this fast-tracked episode of Tech Talks Daily, I sat down with Sonali Shah, CEO of Cobalt, to unpack what real-world penetration testing data is revealing about the current state of enterprise security. With more than two decades in cybersecurity and a background that spans finance, engineering, product, and strategy, Sonali brings a grounded, operator-level view of where security teams are keeping up and where they are quietly falling behind. Our conversation centers on what happens when AI moves from an experiment to an attack surface. Sonali explains how threat actors are already using the same AI-enabled tools as defenders to automate reconnaissance, identify vulnerabilities, and speed up exploitation. We discuss why this is no longer theoretical, referencing findings from companies like Anthropic, including examples where models such as Claude have demonstrated both power and unpredictability. The takeaway is sobering but balanced. AI can automate a large share of the work, but human expertise still plays a defining role, both for attackers and defenders. We also dig into Cobalt's latest State of Pentesting data, including why median remediation times for serious vulnerabilities have improved while overall closure rates remain stubbornly low. Sonali breaks down why large enterprises struggle more than smaller organizations, how legacy systems slow progress, and why generative AI applications currently show some of the highest risk with some of the lowest fix rates. As more companies rush to deploy AI agents into production, this gap becomes harder to ignore. One of the strongest themes in this episode is the shift from point-in-time testing to continuous, programmatic risk reduction. Sonali explains what effective continuous pentesting looks like in practice, why automation alone creates noise and friction, and how human-led testing helps teams move from assumptions to evidence. We also address a persistent confidence gap, where leaders believe their security posture is strong, even when testing shows otherwise. We close by tackling one of the biggest myths in cybersecurity. Security is never finished. It is a constant process of preparation, testing, learning, and improvement. The organizations that perform best accept this reality and build security into daily operations rather than treating it as a one-off task. So as AI continues to accelerate both innovation and attacks, how confident are you that your security program is keeping pace, and what would continuous testing change inside your organization? I would love to hear your thoughts. Useful Links Connect with Sonali Shah Learn more about Cobalt Check out the Cobalt Learning Center State of Pentesting Report Thanks to our sponsors, Alcor, for supporting the show.

The Cybersecurity Defenders Podcast
#286 - Intel Chat: Visual Studio Code malware, Sinkholes reversal, Chinese pen-testing & FortiSIEM zero-day

The Cybersecurity Defenders Podcast

Play Episode Listen Later Jan 26, 2026 31:58


In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.North Korean threat actors are targeting macOS software developers in a new malware campaign that abuses Visual Studio Code (VS Code) confi gurations to deliver JavaScript-based backdoors, according to research from Jamf.Sinkholes are usually seen as the end of a malicious campaign - the point where domains are seized and abuse stops.China's pen-testing and red-team ecosystem has always been hard to observe, especially since many teams stopped participating in international CTFs post-2018.A critical zero-day vulnerability, CVE-2025-64155, has been discovered in Fortinet's FortiSIEM platform by Horizon3.ai, allowing unauthenticated remote code execution and privilege escalation to root.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

mnemonic security podcast
Pentesting anno 2026

mnemonic security podcast

Play Episode Listen Later Jan 26, 2026 32:47


Pentesting anno 2026Erica Burgess, an experienced penetration tester and security consultant, joins us for this episode of the mnemonic security podcast to deliver a state of the union on penetration testing in 2026. Drawing on her Black Hat Europe AI Security Summit keynote, “Never Break the Chain: Attack Chaining for 0-Days,” Erica breaks down how seemingly low-severity or “informational” findings can be chained together into full system compromises.   Erica details her practical approach to using customized AI agents for subtasking, from validating dynamic scanner results to finding obscure commands that bypass blacklists. Tasks that once required three days of manual research can now be completed in minutes, dramatically increasing the volume and sophistication of findings during time-constrained engagements. They also explore the broader implications of AI-assisted hacking: the risk of new blind spots when everyone leans on similar models, and the uncomfortable questions this raises about creativity, labor, and the future of junior talent in cybersecurity. Erica emphasizes the importance of maintaining human intuition and critical thinking, warning that over-reliance on AI can literally reduce brain activity, while acknowledging that pen testers who don't adapt to these tools risk being left behind.Send us a text

The CyberWire
Pentesting at the speed of thought. [CyberWire-X]

The CyberWire

Play Episode Listen Later Jan 19, 2026 24:10


While our team is observing the Martin Luther King, Jr. holiday in the United States, please enjoy this CyberWire-X episode featuring the team from Horizon3.ai. In this CyberWire-X episode, Dave Bittner speaks with Horizon3.ai co-founder and CEO Snehal Antani about how continuous autonomous penetration testing is reshaping security resilience. Antani reflects on his journey from CIO to DoD operator, where he learned that the hardest part of security isn't patching — it's prioritizing what matters and proving defenses work before attackers do. He explains why vulnerability scans fall short, how “AI hackers” simulate adversary behavior at machine speed, and why organizations must shift from compliance thinking to attacker-centric validation. Antani shares real-world findings, warns of 77-second domain compromise, and predicts a future of AI fighting AI, with humans by exception. Resources: Whitepaper: NodeZero® for Pentesters and Red Teams Whitepaper: Traditional vs. Autonomous: Why NodeZero® is the Future of Cyber Risk Assessments Learn more about your ad choices. Visit megaphone.fm/adchoices

BarCode
Trespass

BarCode

Play Episode Listen Later Jan 17, 2026 42:13


In this episode, Corey LeBleu, a veteran penetration tester, shares a raw and intense story from his early days in offensive security. Corey walks through a social engineering engagement that took a sharp turn, from being closely watched by a security guard to receiving the call that changed everything. What followed was a confrontation with authority, handcuffs, and a moment that forced him to confront the legal and emotional consequences of impersonation.Through honest storytelling, Corey reflects on the pressure of physical security testing, the thin line between authorization and trouble, and the lessons he carried forward in his career. This episode serves as a cautionary tale about understanding boundaries, respecting authority, and the unseen risks behind revealing what's hidden.00:00 Introduction to Corey LeBleu and His Journey03:34 Corey's Early Career and Learning Path06:34 The Role of Mentorship in Pen Testing09:19 Experiences in Social Engineering and Physical Pen Testing12:22 The Handcuff Incident: A Lesson in Risk15:12 Transitioning to Web Application Pen Testing18:01 The Evolution of Pen Testing Practices20:48 The Impact of AI on Pen Testing23:42 The Future of Pen Testing and Learning for Beginners26:28 Navigating Active Directory and Pen Testing Tools27:35 Essential Training for Web App Pen Testing30:34 Advice for Aspiring Pen Testers32:30 Exploring AI and Learning Resources37:05 Personal Interests and Hobbies39:17 Living in Austin and Local Music SceneSYMLINKS[LinkedIn] – https://www.linkedin.com/in/coreylebleu/Primary platform Corey recommends for connecting with him professionally.[Relic Security] – https://www.relixsecurity.com/Cybersecurity consulting firm founded and run by Corey LeBleu, focused primarily on web application penetration testing and offensive security work.[PortSwigger Academy] – https://portswigger.net/web-securityA free and advanced online training platform for web application security, created by the makers of Burp Suite. Recommended by Corey as one of the best learning resources for modern web app pentesting.[Burp Suite] – https://portswigger.net/burpA widely used web application security testing tool. Corey emphasizes learning Burp Suite as a core skill for anyone entering web app penetration testing.[OWASP Juice Shop] – https://owasp.org/www-project-juice-shop/An intentionally vulnerable web application created by OWASP for learning and practicing web security testing.[OWASP – Open Web Application Security Project] – https://owasp.orgA global nonprofit organization focused on improving software security. Corey previously ran an OWASP project and references OWASP tools and resources throughout his career.[SANS Institute] – https://www.sans.orgA major cybersecurity training and certification organization, referenced in relation to early penetration testing education and the high cost of formal training.[Hack The Box] – https://www.hackthebox.comAn online platform for practicing penetration testing skills in simulated environments.[PromptFoo] – https://promptfoo.devA tool for testing, evaluating, and securing LLM prompts. Mentioned in the context of prompt injection and AI security experimentation.[PyTorch] – https://pytorch.orgAn open-source machine learning framework widely used for deep learning and AI research. Corey mentions it as part of his learning path for understanding how LLMs work.[Hugging Face] – https://huggingface.coAn AI platform providing open-source models, datasets, and tools for machine learning and LLM experimentation.

Critical Thinking - Bug Bounty Podcast
Episode 154: Starting a Pentesting Company on Top of Bug Bounty

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Dec 25, 2025 41:28


Episode 154: In this episode of Critical Thinking - Bug Bounty Podcast Joseph and Brandyn talk through the transition from Bug Bounty hunting to Pentesting. We cover diversifying income streams, the challenges of pricing for Pentests, legal considerations, and what Bug Hunters can bring to the Pentesting worldFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pme====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Timestamps ======(00:00:00) Introduction(00:03:36) Starting a Pentesting Company (00:12:25) Advantages of Pentesting as a Bug Bounty Hunter(00:29:03) Pricing, Sales, and knowing your Market/Worth(00:36:21) Compliance in Pentests & Rapid-Fire Takaways

Destination Linux
446: Ubuntu From The BIOS & The Quest for an Open Source Mac

Destination Linux

Play Episode Listen Later Dec 16, 2025 70:08


This week on Destination Linux, we are joined by a special guest host: Craig Rowland, the CEO of Sandfly Security! We're diving deep into the reality of modern security—specifically when third-party code knocks over your castle. From malicious VSCode extensions to the "React2Shell" vulnerability, we discuss why "Open Source" doesn't automatically mean "Safe" and how to protect your supply chain. Then, is it possible to have the macOS experience without the Apple ecosystem? Ryan explores ravynOS, a daring new project with "macOS vibes and a BSD soul." It's attempting to bring the Aqua interface—and eventually Mac app compatibility—to the open-source world. Plus, Jill brings us massive news from Canonical and AMI. You might soon be installing Ubuntu directly from your motherboard's BIOS without ever needing a USB drive. We break down how this partnership changes the game for hardware. Finally, we read an incredible listener story. Show Notes: 00:00:00 Intro 00:02:39 Extended Intro: Open Source or Bust 00:03:08 Community Feedback: A Pentester's Origin Story 00:10:03 Guest Host: Sandfly Security & Agentless Protection 00:15:53 Security Deep Dive: Supply Chain Attacks, Malicious VSCode Extensions & React2Shell 00:44:31 ravynOS: The Open Source Mac Killer? 00:56:05 News: Canonical + AMI: Installing Ubuntu from the BIOS 01:08:07 Outro 01:09:33 Post-Show Shenanigans Support the Show: Sponsored by Sandfly Security: destinationlinux.net/sandfly - Get 50% off the Home Edition with code DESTINATION50 Special Guest: Craig Rowland.

The Cyber Threat Perspective
Episode 161: The Evolution of Pentesting Going Into 2026

The Cyber Threat Perspective

Play Episode Listen Later Dec 12, 2025 38:50


In this episode Brad and Spencer discuss the rapid technology shift that's happening in cybersecurity, hybrid pentesting models and the overall evolution of pen testing as we head into 2026.Need a pentest before the end of the year?Learn how here...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Security Unfiltered
From Sewers To Subsea: Rethinking Data Centers And Defense

Security Unfiltered

Play Episode Listen Later Nov 24, 2025 52:57 Transcription Available


Send us a textWe trace a winding path from offshore rigs to elite red team ops and into subsea data centers, using one sewer-side breach as the spark for a new way to secure and scale compute. Along the way we unpack social engineering basics, the blue vs red culture clash, and whether AI is building features or changing outcomes.• junk folders, platform fatigue, and curated personas • kids chasing influence and the low barrier to entry • leaving school early, offshore work, and non-linear careers • social engineering as ordinary behavior with intent • red team vs blue team dynamics and trust • the sewer break-in that birthed an idea • how subsea data centers plug into power and fiber • threat models at sea and nation-state realities • latency wins for gaming, streaming, fintech, telehealth • AI hype, thin moats, and the need for stack controlFind Maxi: most active on LinkedIn; launching an AI security blog and weekly newsletter at maxirynolds.comSupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

ITCS PIZZATIME TECH PODCAST
#178 - Pentests & Incident Response?! IT-Sicherheit für Infrastrukturen, Daten und digitale Identitäten // secunet

ITCS PIZZATIME TECH PODCAST

Play Episode Listen Later Nov 24, 2025 45:17


Cyberangriffe werden härter, schneller und professioneller – doch wie sieht echte Abwehrarbeit im Alltag aus? In dieser Folge sprechen wir mit Dirk Reimers und Jannik Pewny von secunet über Pentesting, Incident Response und die Realität moderner Cybersecurity. Dirk erklärt, wie sich Pentests entwickelt haben, warum „einmal von außen auf die Firewall schauen“ selten ausreicht und wo Unternehmen heute den größten Impact erzielen. Jannik nimmt uns mit in den Ernstfall: Wie läuft ein Incident ab, welche Datenquellen zählen wirklich und wie bringt man Systeme wieder hoch? Außerdem sprechen wir über Teamkultur, den Einstieg in Pentest/IR/Forensik, gesuchte Profile und die On-Call-Realität im IR-Team. Wenn du wissen willst, wie moderne Cyberabwehr wirklich funktioniert – hör rein!

Cybercrime Magazine Podcast
Locker Talk. How AI Is Transforming Pentesting. Russ Gleber, BreachLock.

Cybercrime Magazine Podcast

Play Episode Listen Later Nov 12, 2025 6:09


Russ Gleber is the Senior Director of Penetration Testing Solutions at BreachLock. In this episode, he joins host Scott Schober to discuss how artificial intelligence is transforming penetration testing, including what is driving the need to integrate AI into workflows across organizations, some of the most promising use cases, and more. This episode is brought to you by BreachLock. To learn more about our sponsor, visit https://breachlock.com.

Cybercrime Magazine Podcast
Locker Talk. High-Stakes Industry Pentesting. Vishal Verma, VP Pentesting Solutions, BreachLock.

Cybercrime Magazine Podcast

Play Episode Listen Later Nov 7, 2025 7:30


Vishal Verma is the VP of Pentesting Solutions at BreachLock. In this episode, he joins host Scott Schober to discuss pentesting in high-stakes industries, such as healthcare, finance, and critical infrastructure. This episode is brought to you by BreachLock. To learn more about our sponsor, visit breachlock.com.

Community IT Innovators Nonprofit Technology Topics
Pen Testing for Nonprofit Cybersecurity with Matthew Eshleman

Community IT Innovators Nonprofit Technology Topics

Play Episode Listen Later Nov 7, 2025 18:22


What Do Nonprofits Need to Know About Penetration Testing?Nonprofit Cybersecurity expert and Community IT CTO Matt Eshleman explains what penetration testing is, why some nonprofits may need it, and why other nonprofits may not, or may not need it until after a basic assessment and vulnerability scanning. Do you have someone urging you to get expensive pen testing, and you aren't sure if you really need it, or if it is just checking a box on an insurance form? This podcast should give you more information on what the pen test tests, and how to match your investment in cybersecurity to your nonprofits' risks and needs. Takeaways on Pen Testing for Nonprofit CybersecurityWhat is penetration testing? When nonprofits hosted a server on premises, penetration testing was a step that could be taken to look for vulnerabilities such as open ports on the local network.Pen testing, as the name implies, involves finding vulnerabilities and exploiting those openings to show how far into your system a hacker could get. Usually a pen testing company will provide a long and very technical report about the client's cybersecurity configurations. Now that most nonprofits are working in the cloud, there is less to test in a pen test. Vulnerability scanning and a basic assessment can usually create a more valuable list of vulnerabilities and remediation suggestions, for a more affordable price. An assessment will provide a more comprehensive and holistic report on the cybersecurity practices at your nonprofit.If you have been told you “need” to have a pen test, make sure you understand why and the ROI return on investment the pen test is expected to provide.Pen testing has definite value, but that value is very specific to certain types of organizations; with on-site servers, and with certain technical needs and risks. The most likely source of compromise and fraud at most small- to mid-sized nonprofits is going to be malicious phishing email leading to wire fraud or compromised credentials. If you have a limited budget to put toward cybersecurity practices, it makes sense to invest in staff training to decrease the risks of clicking on a bad link, and “basic” cybersecurity to protect account credentials and user ID. In general, Community IT would recommend starting a cybersecurity improvement journey with a basic assessment, adding vulnerability scanning, and only after addressing any vulnerabilities discovered at that level, determining whether a pen test is a valuable tool to learn more about your system security and resilience.Community IT hopes that we can provide trusted advice and guidelines for nonprofit safety and security. Your cybersecurity risks and needs will be individual to your nonprofit. If you have questions on pen testing, vulnerability scanning, and basic assessments, reach out and schedule a conversation or assessment with Matt. _______________________________Start a conversation :) Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/ email Carolyn at cwoodard@communityit.com on LinkedIn Thanks for listening.

Cybercrime Magazine Podcast
Locker Talk. AI As The Adversary. Vishal Verma, VP Pentesting Solutions, BreachLock.

Cybercrime Magazine Podcast

Play Episode Listen Later Oct 31, 2025 7:29


Vishal Verma is the VP of Pentesting Solutions at BreachLock. In this episode, he joins host Scott Schober to discuss AI as the adversary, including what AI-powered phishing is, use cases of improvement, and more. This episode is brought to you by BreachLock. To learn more about our sponsor, visit https://breachlock.com.

The Cyber Threat Perspective
Episode 154: Pentesting on a Budget for IT Admins

The Cyber Threat Perspective

Play Episode Listen Later Oct 24, 2025 25:56


This episode is all about pentesting on a budget for IT Admins. This episode is inspired by the PDQ Live stream held on October 23rd, 2025, where Spencer shared tips, tactics, tools and advice for IT admins wanting to better defend and protect their environments.All tools, checklists, guides and resources can be found here: https://go.spenceralessi.com/budgetBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.

Risky Business
Snake Oilers: Realm Security, Horizon3 and Persona

Risky Business

Play Episode Listen Later Oct 7, 2025 45:40


In this edition of the Snake Oilers podcast, three vendors pop in to pitch you all on their wares: Realm Security: A security focussed, AI-first data pipeline platform Horizon3: AI hackers! Pentesting robots!! They're coming fer yur jerbs! Persona: Verify customer and staff identities with live capture This episode is also available on Youtube. Show notes

Resilient Cyber
Resilient Cyber w/ Snehal Antani - AI and Autonomous Pen Testing

Resilient Cyber

Play Episode Listen Later Oct 3, 2025 38:46


In this episode of Resilient Cyber, I sit down with repeat guest Snehal Antani, who serves as the Co-Founder & CEO of Autonomous Pen Testing leader Horizon3.ai.We will discuss the latest developments in AI and Autonomous Pen Testing, as well as the tremendous growth and success of Horizon3.ai, as Snehal balances technical topics with business-centric hard won wisdom of growing an industry leading organization.

UNSECURITY: Information Security Podcast
Unsecurity Episode 245: DEF CON Recap w/ Matt Dowd, Matt Findlay, Pinky Thompson

UNSECURITY: Information Security Podcast

Play Episode Listen Later Aug 27, 2025 30:35


Returning from this year's DEF CON, hear from our Offensive Team Managers, Dowd and Findlay, and Pinky, IR Manager and co-host of The Hackle Box. Hear about new highlights, CTF's, and villages, and reflection from Brad as a Blue Team member navigating past challenges. Have something to say? Contact us at unsecurity@frsecure.com and follow us for more!LinkedIn: frsecure Instagram: frsecureofficialFacebook: frsecureBlueSky: frsecureAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

Alliant Specialty Podcasts
Pen Testing 101: Finding Cyber Weaknesses Before Hackers Do

Alliant Specialty Podcasts

Play Episode Listen Later Aug 21, 2025 18:04


Join Brendan Hall, Alliant Cyber, and Gaurav Kulkarni, COO, Sprocket Security, as they explore the evolution of penetration (Pen) testing from traditional legacy models to continuous security programs that deliver real-time insights into an organization's ever-changing attack surface. Their discussion highlights how this new approach supports compliance, reduces exposure and aligns with modern cybersecurity frameworks like Continuous Threat Exposure Management (CTEM). Gaurav also outlines how Sprocket's hybrid model blends technology with human-led testing to better identify, validate and remediate risk to stay ahead of zero-day vulnerabilities and emerging risks in today's changing climate.

UNSECURITY: Information Security Podcast
Unsecurity Episode 244: Journey to Pen Testing w/ Morgan Trust

UNSECURITY: Information Security Podcast

Play Episode Listen Later Aug 13, 2025 32:48


We're back! Pen Tester and Team Ambush member Morgan Trust walks us through his journey into the cybersecurity field. With a can-do approach, Morgan discusses how he has developed professionally, expanding his expertise across public speaking and competitive hacking. His presentation, "The New Era of Deception: AI, Deep Fakes, and The Dark Web" has hit many a stage with these essential points to keep in mind: - AI is increasingly being used in sophisticated phishing attacks. - Cybersecurity practices should be proactive; be prepared for a situation- Understanding the evolving nature of cyber threats is vital. Enjoy this episode featuring a balance of hobby pursuits, shared experiences in security, and informative points.We want to hear from you! Contact us at unsecurity@frsecure.com and follow us for more! LinkedIn: https://www.linkedin.com/company/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ Facebook: https://www.facebook.com/frsecure/ BlueSky: https://bsky.app/profile/frsecure.bsky.social About FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

The Nonprofit Show
Is Your Nonprofit Already Hacked? The Truth About Pen Testing

The Nonprofit Show

Play Episode Listen Later Aug 13, 2025 29:32


Has your nonprofit ever had a simulated break-in to test your digital defenses? If not, you may already have an intruder inside!Cyberattacks aren't just happening to big corporations—they're happening to nonprofits every day. And far too many organizations have no idea they've been breached until months later. Cybersecurity expert Michael Nouguier, Partner of Cybersecurity Services at Richey May, pulls back the curtain on the urgent, often-overlooked practice of penetration testing—known as “pen testing.” His message is blunt: if your nonprofit hasn't done one, you may already be compromised.Michael explains that a pen test is essentially a real-world simulation of a cyberattack, conducted by ethical hackers to expose weaknesses before malicious actors exploit them. “It's like hiring a home inspector before you buy a house,” he says, “but instead of finding leaky pipes, we're finding the digital doors and windows you've accidentally left wide open.” These gaps can exist in email, donor databases, websites, payment systems—anywhere sensitive information lives.The process starts with scoping—identifying your organization's tech environment, third-party tools, and data flows. From there, ethical hackers gather open-source intelligence (OSINT) to see what information about your nonprofit is publicly available, then attempt to exploit any vulnerabilities found. This may involve phishing attempts, network access attempts, or probing for weaknesses in online applications. Post-exploitation, the team determines how far they can move within your systems—accessing donor records, financial data, or confidential client files.The findings are compiled into a detailed report, along with a letter of assessment that can be shared with insurers or contractual partners. In many industries, including healthcare, justice, and education, annual pen testing isn't optional—it's required by regulation or by contract. Yet, as Michael warns in this episode, many nonprofits sign agreements without realizing they're agreeing to perform such tests.Waiting too long is costly. IBM research shows that proactive security measures can save organizations over $200,000 per breach. On the flip side, skipping pen testing can raise your cyber insurance premiums—or get your coverage denied entirely. And because updates, new software, and staffing changes continually introduce new risks, pen testing isn't a one-and-done task—it's an annual checkup for your organization's digital health.Michael also touches on the human factor. When testing social engineering risks, you often don't alert staff in advance—because real attackers certainly won't. The goal is to create realistic conditions, not staged ones.This conversation should serve as a wake-up call: penetration testing is not an optional luxury—it's a frontline defense. Whether you hold donor payment information, confidential case files, or sensitive program data, you can't afford to leave your cybersecurity to chance.Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

To The Point - Cybersecurity
Pen Testing to Red Teaming: Greg Hatcher Explores Cyber Maturity and Defending Against AI Attacks

To The Point - Cybersecurity

Play Episode Listen Later Aug 5, 2025 41:57


Welcome back to the "To The Point Cybersecurity" podcast! After a short hiatus, hosts Rachel Lyon and Jonathan Knepher return with an exciting new episode featuring Greg Hatcher, co-founder of White Knight Labs—dubbed the "Ocean's Eleven of cybersecurity." Greg brings a unique perspective from his days in Army Special Forces and his deep expertise in offensive cybersecurity operations. In this episode, the conversation dives into the world of red teaming, how it differs from traditional penetration testing, the realities of social engineering and physical access exploits, supply chain and AI security threats, and the ever-evolving role of CISOs in defending their organizations. Whether you're curious about insider threats, the challenges of shadow AI, or just want a glimpse into some of the most compelling stories from the front lines of cyber offense, this episode delivers insights, cautionary tales, and actionable advice for organizations looking to stay one step ahead. So sit back, tune in, and get ready to go "to the point" on everything cybersecurity! For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e344

The Tea on Cybersecurity
Breaking Down PTaaS: Continuous Security for Modern Companies

The Tea on Cybersecurity

Play Episode Listen Later Jul 29, 2025 19:07


Most companies continually push code, launch new features, and update their infrastructure. However, for many businesses, security testing occurs only once a year. That gap leaves systems exposed to risks that go unnoticed.In this episode, Anh Pham, Director of Penetration Testing at Trava, explains the concept of Penetration Testing as a Service (PTaaS). He shares how it works and why it's more beneficial than one-time pentests. You'll also learn how AI fits into the picture and what to consider when choosing a provider.Key takeaways:The difference between PTaaS and traditional pentestingHow PTaaS supports fast-changing environmentsThe qualities of a trustworthy PTaaS provider Episode highlights:(00:00) Today's topic: Penetration Testing as a Service(03:16) PTaaS vs one-time pentests(08:36) How PTaaS works(11:59) Choosing a secure PTaaS provider(13:17) Can AI help in PTaaS?(15:22) A key reminder for businesses getting startedConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Anh Pham's LinkedIn - @anhpham11Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurityListen to past episodes:Unveiling Vulnerabilities: The Power of Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/Proving Compliance and Security Effectiveness Through Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/proving-compliance-and-security-effectiveness-through-pen-testing/

ITSPmagazine | Technology. Cybersecurity. Society
Catching Up With Ken Munro After Infosecurity Europe 2025 — Hacking the Planet, One Car, One Plane, and One System at a Time | On Location Podcast With Sean Martin & Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jul 17, 2025 23:25


Title: "Catching Up With Ken Munro After Infosecurity Europe 2025 — Hacking the Planet, One Car, One Plane, and One System at a Time"A Post–Infosecurity Europe 2025 Conversation with Ken MunroGuestsKen Munro Security writer & speakerhttps://www.linkedin.com/in/ken-munro-17899b1/HostsSean Martin, Co-Founder at ITSPmagazineWebsite: https://www.seanmartin.comMarco Ciappelli, Co-Founder, CMO, and Creative Director at ITSPmagazineWebsite: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974___________After a whirlwind week at Infosecurity Europe 2025, I had the chance to reconnect with Ken Munro from Pen Test Partners — a longtime friend, hacker, and educator who brings cybersecurity to life in the most tangible ways. From car hacking escape rooms to flight simulators in pubs, we talked about why touching tech matters, how myth-busting makes us safer, and how learning through play might just be the key to securing our increasingly complex world. Tune in, and maybe bring a cocktail.⸻There's something special about catching up with someone who's not just an expert in cybersecurity, but also someone who reminds you why this industry can — and should — be fun. Ken Munro and I go back to the early days of DEFCON's Aviation Village, and this post-Infosecurity Europe 2025 chat brought all that hacker spirit right back to the surface.Ken and his crew from Pen Test Partners set up shop next to the main Infosecurity Europe venue in a traditional London pub — but this wasn't your average afterparty. They transformed it into a hands-on hacking village, complete with a car demo, flight simulator, ICS cocktail CTF, and of course… a bar. The goal? Show that cybersecurity isn't just theory — it's something you can touch. Something that moves. Something that can break — and be fixed — before it breaks us.We talked about the infamous “Otto the Autopilot” from Airplane, the Renault Clio-turned-Mario Kart console, and why knowing how TCAS (collision avoidance) works on an Airbus matters just as much as knowing your Wi-Fi password. We also dug into the real-world cybersecurity concerns of industrial systems, electronic flight bags, and why European regulation might be outpacing the U.S. in some areas — for better or worse.One of the biggest takeaways? It's time to stop fearing the hacker mindset and start embracing it. Curiosity isn't a threat — it's a superpower. And when channeled correctly, it leads to safer skies, smarter cars, and fewer surprises in the water we drink or the power we use.There's a lot to reflect on from our conversation, but above all: education, community, and creativity are still the most powerful tools we have in security — and Ken is out there proving that, one demo and one pint at a time.Thanks again, Ken. See you at the next village — whichever pub, hangar, or DEFCON corner it ends up in.⸻Keywords: cybersecurity, ethical hacking, pen testing, Infosecurity Europe, embedded systems, car hacking, flight simulator, ICS security, industrial control systems, aviation cybersecurity, hacker mindset, DEFCON___________ResourcesLearn more and catch more stories from Infosecurity Europe 2025 London coverage: https://www.itspmagazine.com/infosec25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Cooperatively Speaking
From Pen Testing to Protection: Ball State's Cybersecurity Journey

Cooperatively Speaking

Play Episode Listen Later Jul 16, 2025 33:41


What does it take to build a resilient cybersecurity strategy in higher education - especially with limited resources and rising threats?Tobey Coffman, Chief Information Security Officer at Ball State University, and Ron Pelletier, founder of Pondurance, share how their partnership grew from a single pen test into a fully managed, 24/7 detection and response program. Together, they break down the real-world challenges campuses face, the tipping point that led Ball State to invest in around-the-clock protection, and what makes a vendor-university relationship truly work.Whether you're just getting started or looking to deepen your institution's cybersecurity posture, this conversation delivers insight, strategy, and lessons learned from the front lines.Guests: Tobey Coffman, Executive Director of Information Security and Chief Information Security Officer, Ball State University & Ron Pelletier, Founder & Chief Customer Officer, Pondurance Host: Matt Levine, Category Marketing Manager, E&I Cooperative Services Relevant Links:E&I's Pondurance ContractCooperatively Speaking is hosted by E&I Cooperative Services, the only member-owned, non-profit procurement cooperative exclusively focused on serving the needs of education. Visit our website at www.eandi.org/podcast.Contact UsHave questions, comments, or ideas for a future episode? We'd love to hear from you! Contact Cooperatively Speaking at podcast@eandi.org. This podcast is for informational purposes only. The views expressed in this podcast may not be those of the host(s) or E&I Cooperative Services.

No Password Required
On No Password Required Podcast Episode 61 — Kathy Collins

No Password Required

Play Episode Listen Later Jul 9, 2025 40:15


keywordscybersecurity, culinary arts, penetration testing, career transition, high-pressure situations, horror films, IT, social engineering, cooking, cybersecurity horror, dark web, pen testing, B-Sides community, cybersecurity, lifestyle polygraph, music, childhood memories, culinary skills, competition takeawaysKathy Collins transitioned from IT to culinary arts and back to cybersecurity.Her journey highlights the transferable skills between cooking and cybersecurity.Physical penetration testing involves unpredictable human elements.High-pressure situations in cooking can prepare one for cybersecurity challenges.Unexpected challenges can arise in both culinary events and cybersecurity tests.The importance of communication in cybersecurity engagements is crucial.Kathy's experience in cooking for large groups parallels the complexities of cybersecurity.The need for proper notification in penetration testing to avoid misunderstandings.Kathy's culinary background influences her approach to problem-solving in cybersecurity.There is a lack of big-budget horror films focused on cybersecurity. Going with the correct skeptical mindset is crucial.Using tools like Flare helps in dark web monitoring.B-Sides events are affordable and beneficial for newcomers.Engaging with the community fosters excitement and learning.Hannibal Lecter would be an interesting pen test partner.The Jaws soundtrack sets a perfect mood for stealth.Bonding over music can strengthen family relationships.Childhood toys can reveal early hacker tendencies.Culinary skills can be approached with a hacker mindset.Competition in cooking shows often emphasizes drama over skill. summaryIn this episode of the No Password Required podcast, host Jack Clabby and co-host Kaylee Melton welcome Kathy Collins, a security consultant at Secure Ideas. Kathy shares her unique journey from working in IT to pursuing a culinary career, and then back to cybersecurity. The conversation explores the transferable skills between cooking and cybersecurity, the unpredictability of physical penetration testing, and the high-pressure situations faced in both fields. Kathy also recounts memorable experiences from her culinary career and discusses the lack of horror films centered around cybersecurity. In this engaging conversation, the speakers delve into various aspects of cybersecurity, including the use of the dark web in penetration testing, the importance of community events like B-Sides, and the fun of the Lifestyle Polygraph segment. They also share personal anecdotes about music, childhood memories, and culinary skills, creating a rich tapestry of insights and experiences in the cybersecurity field. titlesFrom Chef to Cybersecurity: A Unique JourneyThe Culinary Path to CybersecurityHigh Stakes: Cooking and Cybersecurity Under PressurePenetration Testing: The Culinary Connection Sound Bites"I had to do some soul searching.""I was like, what if I have to do...""It's disturbingly easy.""There are so many opportunities there.""Going with the correct skeptical mindset.""We have a tool that we use called Flare.""They should attend them, first of all.""I had an Easy Bake Oven and took it apart." Chapters00:00 Introduction to Cybersecurity and Culinary Journeys02:46 From IT to Culinary Arts: A Unique Transition06:02 The Shift Back to Cybersecurity09:00 Experiences in Physical Penetration Testing11:48 High-Pressure Situations: Cooking vs. Cybersecurity15:02 Unexpected Challenges in Culinary Events17:54 The Intersection of Horror and Cybersecurity23:32 Exploring the Dark Web in Pen Testing25:34 Engaging with the B-Sides Community27:09 The Lifestyle Polygraph: Fun and Games 31:09 Bonding Over Music and Childhood Memories34:17 Culinary Skills and Competition Insights

Joey Pinz Discipline Conversations
#645 David Chernitzky :

Joey Pinz Discipline Conversations

Play Episode Listen Later Jul 2, 2025 29:03 Transcription Available


Send us a textFrom the IDF to international MSP defense, David Chernitzky lives cybersecurity like it's a martial art.

ITSPmagazine | Technology. Cybersecurity. Society
Hands-On, Job-Ready: A Fresh Approach to Building the Next Generation of Pen Testers | A White Knight Labs Brand Story With John Stigerwalt And Greg Hatcher

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jun 30, 2025 40:25


Getting a start in cybersecurity has never been easy — but for today's aspiring pen testers, the entry barriers are even higher than they were a decade ago. In this conversation, Sean Martin and Marco Ciappelli sit down with Greg Hatcher and John Stigerwalt from White Knight Labs to unpack why they decided to flip the script on entry-level offensive security training.Greg, a former Army Special Operations communicator, and John, who got his break as a self-taught hacker, agree that the traditional path — expensive certifications and theoretical labs — doesn't reflect the reality of the work. That's why White Knight Labs is launching the Entry Level Pen Tester (ELPT) program. The idea is straightforward: make high-quality, practical training accessible to anyone, anywhere.Unlike other courses that focus purely on the technical side, the ELPT emphasizes the full skill set a junior pen tester needs. This means not just breaking into systems, but learning how to write clear reports, communicate effectively with clients, and operate as part of a real engagement team. John explains that even the best technical find is worthless if it's not explained properly or delivered with clear guidance for fixing the issue.Greg points out that the team culture at White Knight Labs borrows from his Special Forces days — small, specialized teams where each individual goes deep on a specific domain but works in tight coordination with others. Their goal for trainees mirrors this: to develop focused, practical skills while understanding how their piece fits into bigger, complex attack scenarios.Affordability and global access are key parts of the mission. The team wants the ELPT to open doors for people who might not have thousands to spend on training. By combining hands-on labs, in-depth modules, real-world scenarios, and a tough final exam, they aim to ensure that passing the ELPT means you're truly job-ready.For anyone considering a start in offensive security, this episode is a glimpse into a program designed to create more than just hackers — it's building adaptable, communicative professionals ready to hit the ground running.Learn more about White Knight Labs: https://itspm.ag/white-knight-labs-vukrGuests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/______________________Keywords: sean martin, marco ciappelli, greg hatcher, john stigerwalt, cybersecurity, pentesting, training, certification, whiteknightlabs, hacking, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

7 Minute Security
7MS #681: Pentesting GOAD – Part 3

7 Minute Security

Play Episode Listen Later Jun 27, 2025 18:18


Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local!  The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus!  Enjoy.

Resilience Unravelled
The Vital Role of Cybersecurity in Business Resilience with Rene Sylvain Bedard

Resilience Unravelled

Play Episode Listen Later Jun 16, 2025 37:03


In this episode of Resilience Unravelled, Dr Russell Thackeray interviews Rene Sylvain Bedard, an IT veteran with over 30 years of experience primarily in IT architecture. Currently based in Montreal, Rene discusses the critical connection between cybersecurity and business resilience. He shares his journey from founding Indominus to focusing on cybersecurity solutions for small and medium-sized businesses (SMBs). Rene elaborates on the various types of cybercriminals, the importance of employee awareness in preventing cyber attacks, and the consequences of ransomware. He outlines his 'Secure Method' for building cybersecurity resilience, which includes steps like surveying IT landscape, educating staff, and continuously reviewing and evolving security measures. Rene emphasizes the significant risks businesses face and underscores that leadership and a proactive approach are key to safeguarding any organization. He also highlights his book "Secure by Design," aimed to guide business leaders in protecting their companies from cyber threats.00:00 Introduction and Today's Topic00:32 Meet the Expert: Rene Sylvain Bedard01:09 Rene's Background in IT and Cybersecurity04:29 Understanding Cyber Attacks and Online Scams07:23 The Mechanics of Cyber Attacks11:46 The Importance of Cybersecurity Awareness14:19 Real-World Examples and Prevention Tips19:13 The Secure Method for SMB Owners19:37 Understanding Your IT and Data Landscape19:50 Building and Testing Cyber Defenses20:51 The Importance of Unified Cybersecurity22:24 Managed Service Providers vs. Managed Security Service Providers24:39 The Role of Pen Testing and Configuration Audits26:07 Balancing Cybersecurity Costs and Risks27:55 Real-World Cybersecurity Incidents and Lessons28:56 The Human Element in Cybersecurity29:56 Writing the Book: Secure by Design37:05 Final Thoughts and Contact InformationYou can contact us at info@qedod.comResources can be found online or link to our website https://resilienceunravelled.com#resilience, #burnout, #intuition

Cyber 9/11 with Dr. Eric Cole
From Pen Testing to Purpose: Jane Frankland on Cyber, Burnout, & Reinvention

Cyber 9/11 with Dr. Eric Cole

Play Episode Listen Later Jun 12, 2025 35:12


In this special episode of Life of a CISO, I sit down with the brilliant Jane Frankland, MBE—an internationally recognized thought leader in cybersecurity with over 28 years of experience. Jane shares her unexpected journey into the field, starting not from a tech background but from art and design. Her curiosity and drive led her to co-found one of the earliest penetration testing consultancies, long before the term "cybersecurity" became mainstream. Together, we dive into how the industry has evolved, why penetration testing has become commoditized, and why it's no longer enough to offer just technical solutions—true value now comes from insight, strategy, and resilience.   Jane also offers powerful reflections on the burnout many CISOs face today and why so many are leaving traditional roles to launch their own consultancies or step into virtual CISO models. We discuss what it really means to build a business in today's climate, the importance of defining your unique value, and why small businesses are an underrated opportunity in the cyber space. From vendor strategy to shifting away from limiting beliefs, Jane brings a fresh, honest, and empowering perspective that challenges the status quo. Whether you're building your career or launching your own venture, this episode is full of clarity and inspiration for the next step in your cyber journey.  

The Tea on Cybersecurity
Proving Compliance and Security Effectiveness Through Pen Testing

The Tea on Cybersecurity

Play Episode Listen Later Jun 3, 2025 26:17


Many companies start penetration testing to address compliance requirements. However, it can also provide valuable insights beyond just meeting standards.In this episode, host Jara Rowe sits down with Anh Pham and Christina Annechino from Trava to talk about how pen tests uncover hidden risks and strengthen your cybersecurity. They explain compliance frameworks, typical pen test schedules, and common mistakes to avoid.Key takeaways:Compliance frameworks and their pen test requirementsThe different types of penetration testingHow to prepare your environment for a successful pen testEpisode highlights:(00:00) Today's topic: Penetration Testing and Compliance(03:42) Pen testing compliance frameworks(05:46) The difference between vulnerability scans and pen tests(09:11) How often to conduct pen tests(11:04) Qualities of a good penetration testing vendor (14:34) Making pen testing work on a budget(16:49) Scoping mistakes that limit test outcomes(18:53) Using pen tests to improve overall cybersecurityConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Anh Pham's LinkedIn - @anhpham11Christina Annechino's LinkedIn - @christinaannechinoConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurityListen to a related episode:Unveiling Vulnerabilities: The Power of Pen Testing - https://travasecurity.com/learn-with-trava/podcasts/unveiling-vulnerabilities-the-power-of-pen-testing-in-cybersecurity/

Cyber Work
Build your own pen testing tools and master red teaming tactics | Ed Williams

Cyber Work

Play Episode Listen Later Jun 2, 2025 34:46 Transcription Available


Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastEd Williams, Vice President of EMEA Consulting and Professional Services (CPS) at TrustWave, shares his two decades of pentesting and red teaming experience with Cyber Work listeners. From building his first programs on a BBC Micro (an early PC underwritten by the BBC network in England to promote computer literacy) to co-authoring award-winning red team security tools, Ed discusses his favorite red team social engineering trick (hint: it involves fire extinguishers!), and the ways that pentesting and red team methodologies have (and have not) changed in 20 years. As a bonus, Ed explains how he created a red team tool that gained accolades from the community in 2013, and how building your own tools can help you create your personal calling card in the Cybersecurity industry! Whether you're breaking into cybersecurity or looking to level up your pentesting skills, Ed's practical advice and red team “war stories,” as well as his philosophy of continuous learning that he calls “Stacking Days,” bring practical and powerful techniques to your study of Cybersecurity.0:00 - Intro to today's episode2:17 - Meet Ed Williams and his BBC Micro origins5:16 - Evolution of pentesting since 200812:50 - Creating the RedSnarf tool in 201317:18 - Advice for aspiring pentesters in 202519:59 - Building community and finding collaborators 22:28 - Red teaming vs pentesting strategies24:19 - Red teaming, social engineering, and fire extinguishers27:07 - Early career obsession and focus29:41 - Essential skills: Python and command-line mastery31:30 - Best career advice: "Stacking Days"32:12 - About TrustWave and connecting with EdAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

7 Minute Security
7MS #675: Pentesting GOAD – Part 2

7 Minute Security

Play Episode Listen Later May 16, 2025 31:41


Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

7 Minute Security
7MS #671: Pentesting GOAD

7 Minute Security

Play Episode Listen Later Apr 18, 2025 25:18


Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory).  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

7 Minute Security
7MS #667: Pentesting GOAD SCCM - Part 2!

7 Minute Security

Play Episode Listen Later Mar 21, 2025 28:52


Hey friends, our good buddy Joe “The Machine” Skeen and I are back this week with part 2 (check out part 1!) tackling GOAD SCCM again!  Spoiler alert: this time we get DA!  YAY! Definitely check out these handy SCCM resources to help you – whether it be in the lab or IRL (in real life): GOAD SCCM walkthrough MisconfigurationManager – tremendous resource for enumerating/attacking/privesc-ing within SCCM This gist from Adam Chester will help you decrypt SCCM creds stored in SQL

ITSPmagazine | Technology. Cybersecurity. Society
Cybersecurity in Italy: ITASEC 2025 Recap & Future Outlook with Professor Alessandro Armando | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Mar 18, 2025 25:35


Cybersecurity in Italy: ITASEC 2025 Recap & Future Outlook with Professor Alessandro ArmandoCybersecurity is no longer a niche topic—it's a fundamental pillar of modern society. And in Italy, ITASEC has become the go-to event for bringing together researchers, government officials, and industry leaders to tackle the biggest security challenges of our time.Although we weren't there in person this year, we're diving into everything that happened at ITASEC 2025 in this special On Location recap with Professor Alessandro Armando. As Deputy Director of the Cybersecurity National Laboratory at CINI and Chairman of the Scientific Committee of the SERICS Foundation, Alessandro has a front-row seat to the evolution of cybersecurity in Italy.This year's event, held in Bologna, showcased the growing maturity of Italy's cybersecurity landscape, featuring keynotes, technical sessions, and even hands-on experiences for the next generation of security professionals. From government regulations like DORA (Digital Operational Resilience Act) to the challenges of AI security, ITASEC 2025 covered a vast range of topics shaping the future of digital defense.One major theme? Cybersecurity as an investment, not just a cost. Italian companies are increasingly recognizing security as a competitive advantage—something that enhances trust and reputation rather than just a compliance checkbox.We also discuss the critical role of education in cybersecurity, from university initiatives to national competitions that are training the next wave of security experts. With programs like Cyber Challenge.IT, Italy is making significant strides in developing a strong cybersecurity workforce, ensuring that organizations are prepared for the evolving threat landscape.And of course, Alessandro shares a big reveal: ITASEC 2026 is heading to Sardinia! A stunning location for what promises to be another exciting edition of the conference.Join us for this insightful discussion as we reflect on where cybersecurity in Italy is today, where it's headed, and why events like ITASEC matter now more than ever.