The Cyber Threat Perspective

In this episode, we’re sharing practical, no-fluff advice for getting into cybersecurity, whether you're switching careers, just starting out, or leveling up your IT skills. We’ll cover what actually matters to employers, what to avoid, and the fastest paths into the industry. If you’re looking for a clear roadmap into cybersecurity, this episode is for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Jordan sit down to discuss how she was caught and reported on a penetration test engagement. We deep dive into the details and why it's a net positive. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Jordan sit down to discuss common web application security findings we've seen this year.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this conversation, Tyler Roberts, a penetration tester with expertise in post-exploitation tactics, shares the insider's view on strategies that still prevail in 2025. He and Spencer delve into the importance of credential access and the dangers of password reuse. They discuss effective techniques like Kerberoasting and the implications of misconfigurations in ADCS. Other key topics include evasion methods like DLL injection, credential theft via browsers, and current trends in data exfiltration using cloud tools. It's a must-listen for cybersecurity enthusiasts!

In this episode, we're taking a deep dive into how the Offensive Security group at SecurIT360 is strategically leveraging and utilizing artificial intelligence technologies in offensive security operations. We'll explore the innovative ways this team is harnessing the power of AI to enhance their penetration testing capabilities, automate security assessments, and identify vulnerabilities more efficiently.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Dive into practical pentesting tips for IT admins on a budget. Discover essential free tools like Pink Castle and Locksmith to identify vulnerabilities in Active Directory. Spencer shares effective methodologies to detect low-hanging fruits in Windows security. Learn how to prioritize findings based on impact and remediation costs. Get insights on tracking security improvements and fixing insecure delegations. Finally, explore additional resources and community wikis to further enhance your skills and tools.

Discover how to transition from thinking you're secure to having proof of it. The hosts discuss the importance of validating security controls and using real-world pen tests to demonstrate effectiveness. Learn the four levels of security outcomes and why it's crucial to validate expensive tools. They highlight common misconfigurations and what to prioritize in testing, from EDR assessments to backup verification. Plus, find out how AI can assist in creating test plans tailored to your security needs.

Tyler Roberts, an offensive security practitioner, sheds light on critical pentest findings still plaguing organizations in 2025. Discussion covers the alarming persistence of weak passwords, risks from corporate emails used for third-party signups, and the dangers of plaintext credentials on file shares. Tyler emphasizes the importance of updating outdated TLS protocols and tackling local admin password reuse. The conversation also highlights vulnerabilities in on-prem Exchange systems and the need for better control over public-facing protocols. This is a must-listen for anyone in IT security!

In this episode, Spencer and Brad dig into a question that comes up all the time: what exactly is offensive security? Hint: it’s not just “pentesting.” Offensive security covers a whole spectrum of activities, including, penetration testing, red teaming, purple teaming, adversary emulation, and more. We’ll break down what each of these means, how they’re different, and how we do things at SecurIT360. By the end, you’ll have a clearer picture of how offensive security fits into a bigger security strategy and why it’s more than just finding vulnerabilities.👉Find vulnerabilities that matter, learn about how we do assume breach internal pentesting here.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Discover how PingCastle transforms Active Directory security management! The hosts dive into its impressive capabilities, revealing how it uncovers vulnerabilities and provides actionable insights. From identifying sensitive account settings to tracking security maturity, the tool's depth is impressive. Explore findings like GPP password risks and unsafe delegations that can lead to domain compromise. Plus, learn how PingCastle's scanning abilities provide a comprehensive overview of your environment, making it an essential resource for defenders.