Tyler Roberts

Tyler Roberts, an offensive security practitioner, sheds light on critical pentest findings still plaguing organizations in 2025. Discussion covers the alarming persistence of weak passwords, risks from corporate emails used for third-party signups, and the dangers of plaintext credentials on file shares. Tyler emphasizes the importance of updating outdated TLS protocols and tackling local admin password reuse. The conversation also highlights vulnerabilities in on-prem Exchange systems and the need for better control over public-facing protocols. This is a must-listen for anyone in IT security!

In this discussion, Tyler Roberts, a Microsoft 365 security expert and penetration tester, delves into the latest enumeration techniques used in attacks against M365. He explains how attackers identify tenants and validate accounts, spotlighting the risks associated with user enumeration and password spraying. Roberts emphasizes the importance of strong security measures, including multi-factor authentication, and sheds light on vulnerabilities in services like SharePoint. IT admins gain actionable insights to better protect their organizations from these evolving threats.

Tyler Roberts, an offensive security professional and penetration tester, takes listeners behind the scenes of external pentesting. He emphasizes the importance of meticulous planning and documentation for efficient testing. Tyler shares insights on day-one recon, the balance between automation and manual research, and the risks of forgotten client assets. He explores various attack strategies like credential stuffing and the significance of multi-factor authentication across cloud services. Ultimately, Tyler highlights how pentesters provide value by validating security processes and empowering IT teams.