The Cyber Threat Perspective

(Replay) In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and this topic more in general.Resources(Jun 1, 2021) Evadere Classifications - detection & response focusDefense Evasion, Tactic TA0005 - Enterprise | MITRE ATT&CK® - controls focus(Mar 22, 2024) Atomics on a Friday - Evade or Bypass - edr focusBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we break down the 7 critical questions every security leader should ask after a penetration test. A pentest isn’t just about checking a box, it’s an opportunity to assess your defenses, measure progress, and refine your strategy. We discuss how to go beyond the report, extract real value from the assessment, and ensure findings lead to meaningful action across your organization. Whether you’re a CISO, IT director, or team lead, this episode will help you make every pentest count.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

Discover the intriguing daily life of an external penetration tester. Uncover how they differentiate between penetration testing and vulnerability assessments. Learn why detailed documentation and preparation are vital for successful engagements. Explore the power of Open Source Intelligence in identifying unseen vulnerabilities. Dive into the limitations of AI in cybersecurity and the need for human expertise. Gain insights into effective communication with clients, emphasizing trust while addressing security risks.

(REPLAY) This is a recording of a webinar aimed at IT professionals, system administrators, and cybersecurity professionals eager to bolster their defenses against cyber threats. In this session, "How to Harden Active Directory to Prevent Cyber Attacks," our expert speakers will discuss comprehensive strategies and best practices for securing your Active Directory environment. Download the slides here.Key Takeaways:- Understanding AD Vulnerabilities: Learn about the most common security weaknesses in      Active Directory (AD) and how attackers exploit these gaps.- Best Practices in Configuration: Discover how to properly configure Active Directory settings for maximum security to deter potential breaches.- Advanced Security Measures: Explore advanced techniques and tools for monitoring, detecting, and responding to suspicious activities within your network.- Case Studies: Hear real-world examples of Active Directory attacks and what lessons can be learned from them.- Interactive Q&A: Have your specific questions answered during our live Q&A session with the experts.Whether you want to enhance your security posture or start from scratch, this webinar will provide you with the knowledge and tools necessary to protect your systems more effectively.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we dive into why a “we couldn’t get in” result on a pentest isn’t always the victory it seems—and why it can be a great sign if interpreted correctly. We break down the real defensive controls that prevented compromise, explore what might still be hiding under the surface, and share why even a clean report shouldn’t mean letting your guard down.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we tackle the crucial first step in cybersecurity: preventing initial compromise. We'll dissect common attack vectors like phishing and exploitation and explore layered defenses ranging from MFA and patch management to DMZs and WAFs. Get actionable guidance to integrate these controls into your security program and safeguard your organization against the risk of that initial foothold.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode of The Cyber Threat Perspective, we break down how attackers steal credentials and hijack sessions to gain unauthorized access to systems and data. From phishing to cookie stealing to session token theft, we’ll explore the most common techniques and how to defend against them. Whether you're an IT admin or security pro, you’ll walk away with practical tips to help protect your users and your organization.Recommended Conditional Access Policies to protect against account compromise: https://x.com/techspence/status/1919815226158932119Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode Spencer and Brad review the M-Trends 2025 Report. M-Trends 2025 is Mandiant's annual report that shares frontline learnings from its global incident-response engagements—over 450 000 hours of investigations in 2024—providing sanitized, data-driven analysis of evolving attacker tactics, dwell times, industry and regional trends, and practical recommendations to help organizations improve their defenses.M-Trends 2025: Data, Insights, and Recommendations From the Frontlines | Google Cloud BlogBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this replay, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strategies to restrict it, such as least privilege access, network segmentation, and monitoring. The podcast emphasizes the importance of understanding lateral movement and implementing comprehensive security measures to mitigate these threats.Resourceshttps://www.reddit.com/r/cybersecurity/comments/1ellylu/what_lateral_attacks_have_you_been_seeing/The DFIR ReportLateral Movement, Tactic TA0008 - Enterprise | MITRE ATT&CK®Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovSpencer's Twitter: https://x.com/techspenceSpencer's LinkedIn: https://linkedin.com/in/SpencerAlessiWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com