The Cyber Threat Perspective

In this episode, Darrius and Spencer discuss Offensive Security TTPs and tools that look promising, that we're excited for, or are trending.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Dive into the world of securing Windows services, where the speakers reveal the hidden dangers often uncovered during internal penetration tests. Discover the crucial role of lesser-known services like the print spooler and the risks of running them with elevated privileges. Learn about the importance of secure installation practices and the common pitfalls stemming from misconfigured file permissions. Plus, explore essential tools and strategies for risk identification and mitigation, ensuring your systems stay safe from ever-present threats.

Jake Hildreth, the creator of the Locksmith tool, and Sam Erde, an IT veteran specializing in Microsoft technologies, discuss the critical role of Active Directory Certificate Services (AD CS) security. They delve into the inception of Locksmith, highlighting its unique features for identifying and fixing misconfigurations. The conversation is filled with personal anecdotes reflecting on their IT journeys and the importance of mentorship. They also share proactive strategies for enhancing organizational security, making this a treasure trove for cybersecurity enthusiasts.

Brad and Spencer dive into the world of cybersecurity vulnerabilities and their severity ratings. They break down why these ratings are essential, yet imperfect. The duo highlights the confusion in cybersecurity language and the need for clear communication. Real-world examples illustrate the limitations of the Common Vulnerability Scoring System. They advocate for a genuine vulnerability management strategy that focuses on identifying true threats rather than relying solely on automated patching. Context and human analysis are key to effective risk management.

The discussion highlights the dangers of over-relying on Endpoint Detection and Response (EDR) solutions in cybersecurity. Real-world examples reveal significant limitations and the need for proper configuration. Attackers are evolving, pushing the importance of comprehensive strategies beyond traditional EDR tools. Monitoring network traffic becomes crucial for enhanced visibility and protection. The conversation emphasizes a well-rounded defense, warning against misconceptions about advanced detection systems.

Misconfigured logon scripts pose significant security threats. The discussion highlights four real-world examples of how these scripts can be exploited. Risks include exposing sensitive credentials and creating malicious DNS entries. The conversation emphasizes the importance of managing logon scripts with appropriate tools like group policies. Best practices to secure these scripts and minimize vulnerabilities are shared, alongside insights on using 'Script Century' to identify issues. Access control for privileged accounts is also crucial for preventing exploitation.

In this discussion, Joey Vandegrift, who leads the blue team at SecurIT360, shares his expertise in defending against PowerShell attacks. He explores the dual role of PowerShell as a tool for both automation and criminal activities. Joey emphasizes the importance of access controls and logging in mitigating risks. He also introduces strategies for privilege management, highlighting tools like MakeMeAdmin. The conversation wraps up with essential defensive practices, including the need for execution policies and regular system updates.

Get ready for an eye-opening discussion on preparing for an external penetration test! Explore the essential steps, from understanding goals to performing asset inventories. Discover the importance of clear communication and proactive dark web monitoring to safeguard sensitive information. Learn how breach credentials and password reuse can threaten your organization. This podcast is packed with expert tips to make your penetration testing process not only effective but also secure!

Discover the power of PowerShell for automating and orchestrating security tasks. Learn how it compares to Python and why hands-on experience is essential. Delve into coding best practices for security automation and effective incident response. Explore the pros and cons of different coding environments, such as PowerShell ISE and Visual Studio Code. Plus, uncover strategies for streamlining IT processes and mastering essential techniques that boost productivity in cybersecurity.

Discover the sinister side of PowerShell as cyber adversaries exploit its capabilities for malicious attacks. The discussion reveals how attackers use PowerShell for everything from reconnaissance to bypassing security measures. Techniques like fileless malware and SQL server exploitation are analyzed, showcasing the tool's dual-edged nature. The speakers emphasize the importance of monitoring PowerShell to defend against these evolving threats while highlighting its indispensable role in both offensive and defensive cybersecurity.