The Cyber Threat Perspective

Dive into the intriguing world of Active Directory security risks from a hacker's perspective. The discussion covers various attack techniques and essential tools. Listeners learn about the vulnerabilities tied to legacy protocols and the urgency of disabling them. Key strategies for managing Kerberos vulnerabilities and local admin rights are explored, along with the importance of continuous security reviews. Practical tools like Script Century and Pincastle are introduced to enhance security measures.

Tyler and Brad delve into the most frequent vulnerabilities found during external penetration tests. They unpack user enumeration issues on law firm websites and the risks of exposing personal information. The conversation shifts to cross-site scripting vulnerabilities, stressing the dangers of outdated web libraries. They also analyze security flaws in WordPress and the critical need for patch management. Finally, they highlight how implementing DMARC records can significantly bolster email security against attacks and domain misuse.

In this episode, Darrius and Brad talk about the need for coding skills in the offensive security world. There's some fun with regard to which languages are important too. Check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode John Hammond joins us on the show! We talk about John's background and how he got interested in computers, how he approaches learning a new topic, if you have to create content to grow your career and so much more. There's a whole lot of fun and smiles and joy in this episode, check it out!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Tyler Roberts, a cybersecurity expert, dives into the world of Open Source Intelligence (OSINT) and its dual nature. He highlights the risks of oversharing personal data online, as seemingly harmless posts can be exploited by attackers. The discussion uncovers vulnerabilities in law firm websites and the dangers posed by social engineering. Roberts also emphasizes the importance of securing sensitive data and mitigating risks through effective online monitoring, showcasing how even default web configurations can lead to security breaches.

Delve into the key differences between security assessments and penetration tests, highlighting how each serves distinct roles in safeguarding IT infrastructure. Discover the value of real-world penetration testing in measuring the effectiveness of security policies. The conversation emphasizes the critical need for testing third-party applications to unveil vulnerabilities and discusses the challenges organizations face in resource allocation for effective assessments. Gain insights on how both methods complement each other for a stronger cybersecurity strategy.

It's no secret law firms have become prime targets for attackers due to the sensitive information they handle and the clients they do business with. In this episode Brad and Spencer discuss common tactics used by attackers to breach law firms' defenses and provide practical tips on how to detect and prevent these types of attacks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Dive into the world of pentesting certifications as experts rank them from best to worst. Discover the significance of key credentials like OSCP, GPN, and the emerging PNPT. Explore personal experiences with the G-Pen and critiques of practical versus theoretical value in these certifications. Learn about the advantages of Pentest Plus and advanced red team tactics with CRTO. Get insights into accessible certification options and community support for beginners, igniting a lively debate on their real-world application!

The hosts rank popular pentesting certifications from best to worst, diving into their significance in cybersecurity. They emphasize real-world experience and community involvement as key factors in this landscape. Discussions include detailed critiques of certifications like the Burp Suite Certified Practitioner and ECPPT, with evaluations of their exam formats and practical applications. The tier list approach sparks lively debate, inviting listeners to share their own perspectives on these valuable credentials.

In this episode Brad and Darrius continue the Offensive Security Testing series and discuss Wireless Penetration Testing. Wireless Pentesting is often overlooked, but could be the blind spot that allows an attacker onto your network. Listen to this episode for key insights and considerations related to wireless networks and pentesting.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com