In this week's reviewHackers Breach LastPass Developer System to Steal Source CodeYou Can’t Audit Me: APT29 Continues Targeting Microsoft 365 | MandiantThe GitLab 2022 Global DevSecOps SurveyBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In order to stay relevant and up-to-date with new techniques and tools, it requires a certain amount of focus day after day, week after week, year after year. That focus being constant improvement. If we, as pentesters, don’t get better, we can’t help businesses defend better.So that’s what this podcast is about. Constant improvement and showing that off to the world. We are going to talk about WHY you would want to show off your skills as a pentester as well as 7 awesome ways to do just that, show off your skills as a pentester.Read the associated blog post here: https://offsec.blog/7-awesome-ways-to-show-off-your-skills-as-a-pentester/Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this week's reviewCleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPYRealtek SDK Vulnerability Exposes RoutersInfoSec Handlers Diary Blog - SANS Internet Storm CenterCVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflowClop Ransomware Gang Breaches Water Utility, Just Not the Right Onehttps://twitter.com/malwrhunterteam/status/1559244860636413952?s=20&t=ixiTRaQ9aflHzI37D_VlwQhttps://twitter.com/UK_Daniel_Card/status/1559252446320500741?s=20&t=ixiTRaQ9aflHzI37D_VlwQBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Dive into the thrilling world of penetration testing! Discover four common pitfalls that testers face, including the urgent need for thorough documentation and clear communication. Hear a captivating personal tale that illustrates the risks of rushing during reconnaissance. Learn how high-quality visuals can enhance reports and better engage clients. Emphasize professionalism and the importance of discretion when reporting findings to protect sensitive information. This conversation is a valuable guide for both new and seasoned pentesters!

In this week's reviewBumbleBee Roasts Its Way to Domain AdminSMS & Voice Phishing Attackshttps://www.twilio.com/blog/august-2022-social-engineering-attackhttps://blog.cloudflare.com/2022-07-sms-phishing-attacks/https://blog.talosintelligence.com/2022/08/recent-cyber-attack.htmlBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

The discussion dives into the criticality of recognizing artifacts in network file shares during internal penetration tests. Discover the interplay between user behavior and access permissions that can create vulnerabilities. Learn how sensitive information, like passwords and credentials, often lurks on file shares, waiting to be exploited. The speakers highlight the dangers of reused credentials and reveal tools like PowerView that can enhance network security. Valuable best practices for auditing permissions and safeguarding sensitive data are shared throughout.

In this week's reviewLarge-Scale AiTM Attack targeting enterprise users of Microsoft email servicesDeception at a scaleInitial Access Brokers Are Key to Rise in Ransomware AttacksBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

This podcast is a discussion about the 2022 Verizon Data Breach Investigations Report and some of our key takeaways. From the Executive Summary of the DBIR: As introduced in the 2018 report, the DBIR provides “a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime.” For this, our 15th anniversary installment, we continue in that same tradition by providing insight into what threats your organization is likely to face today, along with the occasional look back at previous reports and how the threat landscape has changed over the intervening years.  Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this week's reviewIPFS The New Hotbed of PhishingHow Threat Actors Are Adapting to a Post-Macro WorldPalo Alto 2022 Incident Response Threat ReportFewer Ransomware Victims Pay As Medium Ransom Falls in Q2 2022Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this week's review: Microsoft resumes default blocking of Office macros after updating docshttps://docs.microsoft.com/en-us/deployoffice/security/internet-macros-blockedA potentially dangerous macro has been blockedBlackCat ransomware attacks not merely a byproduct of bad luck'AIG' Threat Group Launches With Unique Business ModelBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com