The Cyber Threat Perspective

It's no secret law firms have become prime targets for attackers due to the sensitive information they handle and the clients they do business with. In this episode Brad and Spencer discuss common tactics used by attackers to breach law firms' defenses and provide practical tips on how to detect and prevent these types of attacks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Dive into the world of pentesting certifications as experts rank them from best to worst. Discover the significance of key credentials like OSCP, GPN, and the emerging PNPT. Explore personal experiences with the G-Pen and critiques of practical versus theoretical value in these certifications. Learn about the advantages of Pentest Plus and advanced red team tactics with CRTO. Get insights into accessible certification options and community support for beginners, igniting a lively debate on their real-world application!

The hosts rank popular pentesting certifications from best to worst, diving into their significance in cybersecurity. They emphasize real-world experience and community involvement as key factors in this landscape. Discussions include detailed critiques of certifications like the Burp Suite Certified Practitioner and ECPPT, with evaluations of their exam formats and practical applications. The tier list approach sparks lively debate, inviting listeners to share their own perspectives on these valuable credentials.

In this episode Brad and Darrius continue the Offensive Security Testing series and discuss Wireless Penetration Testing. Wireless Pentesting is often overlooked, but could be the blind spot that allows an attacker onto your network. Listen to this episode for key insights and considerations related to wireless networks and pentesting.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Explore the intriguing world of cybersecurity as experts dissect the differences between penetration testing, purple team exercises, and red team engagements. Discover the critical role of standardized terminology in aligning security needs with client expectations. Learn how public information can be a double-edged sword, posing risks that attackers can exploit. Dive into the dynamic interplay of red, blue, and purple teams, illuminating collaborative strategies to enhance an organization's security posture and resilience.

In this episode, Spencer and Tyler discuss Tyler's journey from working at Home Depot to getting a job as  a Penetration Tester. They also share first-hand advice for those that are looking to break into this exciting field.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, Darrius and Brad look at the current state of web application penetration testing, why it is how it is, and what you can do if you want to break into the field. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, Brad and Darrius talk about some of the buzz around recent changes in privacy regulation/law and how it may impact other market verticals such as banking, law firms, and retail. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Spencer shares his affinity for PingCastle. If you are in IT, if you're a sysadmin or network admin or have any kind of responsibility for the security of your environment. I encourage you to have a look at PingCastle. Not only can it be used to find VERY severe vulnerabilities, but you can use it to track progress over time and show leadership you're doing the work. We also talk about some of my favorite ways to use this tool on penetration tests. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Spencer discuss some of the more, interesting, pentest engagements they've been on. The goal of this episode is to reflect on some of the significant vulnerabilities and "cool" attacks we've performed on pentests, yes, but it's also an important reminder that if we don't remember history we are bound to repeat it. Yes we are total nerds and no we're not going to apologize for that ;)Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.