The Cyber Threat Perspective

In this episode, we discuss soft skills and mental health for security professionals.Soft Skillsself-awarenessGumption (initiative & resourcefulness)Autodidactic (self-educate)EmpathyPatienceDeterminationCommunication - This is one to hit heavilyWritten & Spokenread the roomCreativity (BS-ing)Attention to detailCuriosityMental Healthdo you truly enjoy/love what you do?work-life balancechange the definition of "success"give yourself a break/don't be so hard on yourselfschedule time to yourself for escapismfind a hobbydon't force inspiration because you can'twhen you're feeling inspired capitalize on itstand on the shoulders of giants24-hour examsBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we discuss password spraying, a favorite technique among attackers who are trying to compromise organizations. Spencer and Tyler discuss external and internal password spraying, why it is so effective, how password spraying works, and what to look out for on your network.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Zach Sims, Information Security Officer at SecureIT360, brings his extensive experience building security programs to discuss offensive security services. He highlights the essential role of a CISO in aligning offensive strategies with cybersecurity goals. Zach explains how penetration testing allows organizations to uncover vulnerabilities safely and how these findings can inform security strategies. He emphasizes the value of testing both technology and team processes, underlining that basic controls can prevent most attacks. Lastly, he advocates for collaboration within the cybersecurity community for robust defense.

Explore the future of penetration testing with insights on emerging techniques and tools for 2024. Discover the role of AI and LLMs in enhancing practical testing and the potential for improving communication and reporting. The hosts delve into the risks of deepfakes and the growing trend of local models in security. Also discussed are the benefits and limits of automated pentesting and the necessity of R&D in offensive security as defenses evolve. The debate over open-sourcing versus keeping tools private rounds out this thought-provoking conversation.

Brad and Darrius dive into the future of penetration testing, highlighting the need for defenders to adapt to evolving threats. They discuss the shift in exploit languages to Rust and Go, and how this impacts defense strategies. The duo also explores trends in ransom dynamics, where attackers report victims, and new attack techniques like token theft. They emphasize the rising complexity of cloud environments and the importance of secure configurations. Finally, they touch on how attackers leverage cloud infrastructure to enhance their tactics.

In this episode of "The Cyber Threat Perspective," Tyler and Brad, members of SecurIT360's offensive security team, take us through the evolution of various penetration testing TTPs. Specifically, using the external penetration test process as an example and analyzing other processes and why/how they changed.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Tyler Roberts, an offensive security professional and penetration tester, takes listeners behind the scenes of external pentesting. He emphasizes the importance of meticulous planning and documentation for efficient testing. Tyler shares insights on day-one recon, the balance between automation and manual research, and the risks of forgotten client assets. He explores various attack strategies like credential stuffing and the significance of multi-factor authentication across cloud services. Ultimately, Tyler highlights how pentesters provide value by validating security processes and empowering IT teams.

Discover the top methods attackers use to gain access, including credential stuffing and password spraying. Learn how to detect compromises and reinforce defenses with multi-factor authentication. Dive into web app vulnerabilities, where small apps pose big risks. They highlight effective phishing techniques and how to bolster email defenses. Plus, many security solutions are low-cost or even free! Get ready to close those security gaps!

In this episode, Spencer and Darrius discuss a common divide found among companies between the Security Team and the development teams. These are two teams that are ultimately trying to benefit the company, and by working together both are able to succeed.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.