Tyler Roberts

Tyler Roberts, an offensive security practitioner, sheds light on critical pentest findings still plaguing organizations in 2025. Discussion covers the alarming persistence of weak passwords, risks from corporate emails used for third-party signups, and the dangers of plaintext credentials on file shares. Tyler emphasizes the importance of updating outdated TLS protocols and tackling local admin password reuse. The conversation also highlights vulnerabilities in on-prem Exchange systems and the need for better control over public-facing protocols. This is a must-listen for anyone in IT security!

In this conversation, Tyler Roberts, a penetration tester with expertise in post-exploitation tactics, shares the insider's view on strategies that still prevail in 2025. He and Spencer delve into the importance of credential access and the dangers of password reuse. They discuss effective techniques like Kerberoasting and the implications of misconfigurations in ADCS. Other key topics include evasion methods like DLL injection, credential theft via browsers, and current trends in data exfiltration using cloud tools. It's a must-listen for cybersecurity enthusiasts!

In this discussion, Tyler Roberts, a Microsoft 365 security expert and penetration tester, delves into the latest enumeration techniques used in attacks against M365. He explains how attackers identify tenants and validate accounts, spotlighting the risks associated with user enumeration and password spraying. Roberts emphasizes the importance of strong security measures, including multi-factor authentication, and sheds light on vulnerabilities in services like SharePoint. IT admins gain actionable insights to better protect their organizations from these evolving threats.

Tyler Roberts, an offensive security professional and penetration tester, takes listeners behind the scenes of external pentesting. He emphasizes the importance of meticulous planning and documentation for efficient testing. Tyler shares insights on day-one recon, the balance between automation and manual research, and the risks of forgotten client assets. He explores various attack strategies like credential stuffing and the significance of multi-factor authentication across cloud services. Ultimately, Tyler highlights how pentesters provide value by validating security processes and empowering IT teams.

Tyler Roberts, a cybersecurity expert, dives into the world of Open Source Intelligence (OSINT) and its dual nature. He highlights the risks of oversharing personal data online, as seemingly harmless posts can be exploited by attackers. The discussion uncovers vulnerabilities in law firm websites and the dangers posed by social engineering. Roberts also emphasizes the importance of securing sensitive data and mitigating risks through effective online monitoring, showcasing how even default web configurations can lead to security breaches.