The Cyber Threat Perspective

Explore practical strategies to enhance your cloud security game! Discover the vital role of access control in protecting your cloud environments, especially in Azure and Microsoft 365. Uncover the vulnerabilities in Azure Active Directory and learn how to thwart social engineering attacks. Find out why enabling audit logging and adopting a 'zero trust' approach is crucial. Plus, hear best practices for collaboration between development and security teams, ensuring your cloud infrastructure remains resilient and secure.

Discover the crucial steps to prepare for a penetration test, including establishing a strong password policy and managing access control. Dive into why testing your antivirus and EDR systems is essential for effective security measures. Learn about the importance of a secure test environment and realistic data configurations, while exploring the evolving landscape of social engineering and phishing tactics. The discussion is lightened with humor, ensuring an engaging experience while tackling these serious topics.

The discussion covers easy and effective strategies to strengthen Active Directory security. Topics include managing weak passwords and the importance of unique local admin passwords. The challenges faced by small IT teams and common misconfigurations are highlighted. Free tools like Pink Castle and Bloodhound are introduced as valuable resources for identifying vulnerabilities. Emphasis is placed on change control processes and consistent auditing to mitigate security risks in organizational environments.

Discover the ins and outs of External Penetration Testing and the essential role of the PTES framework. Delve into the world of Open Source Intelligence (OSINT) and learn how it can uncover vulnerabilities—especially for law firms. Explore different methods of external pentesting, including gray box and black box techniques, and the human element of social engineering that can lead to breaches. Get critical insights on reporting findings and the importance of effective communication. Plus, find tips on selecting the right testing partner!

In this episode Spencer and Darrius discuss the most recent LastPass Breach. We talk all about what happened, what it means to you and I as well as what it means for firms who use LastPass on an enterprise level. At the end we discuss some thoughts and opinions around with LastPass versus finding a new password vault product and some things to pay attention to if you're in the later boat.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode we've got the whole Offensive Security team at SecurIT360 on the podcast to talk about exciting moments of 2022 and what everyone is exited for as we move into 2023 and beyond. Thank you for listening and/or watching! If you enjoy our podcast we'd love to know what specifically you enjoy so we can make more of that type of content. Merry Christmas and Happy New Year!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode Spencer and Darrius discuss an amazing new AI chatbot that has taken the internet by storm and captivated the infosec community. Listen to this episode to learn what ChatGPT is, how it can be used (and abused) and what the possible implications are (good and bad) of such an amazing piece of technology. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

CTF, or Capture The Flag, is a great way to expand your learning and understanding of various information security topics. It can also be great fun and a great way to meet people in the industry. In this episode Spencer and Darrius talk about the benefit of using CTFs to keep your pentesting skills sharp over the holiday "break."Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, Darrius and Brad talk about Portswigger's Burp Suite, how they use it, and why it's important. They also offer a sneak-peak into what's coming in 2023! Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Explore the hidden dangers of Microsoft WSUS servers and how attackers exploit them for lateral movement within networks. Learn about the critical roles WSUS plays in patch management and the cybersecurity risks associated with it. Discover real-world scenarios of compromised updates leading to severe breaches. The discussion also highlights challenges faced by attackers and the significance of Microsoft-signed binaries for malicious updates. Stay informed about the essential measures to secure WSUS and enhance your cybersecurity awareness.