

The Cyber Threat Perspective
SecurIT360
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics.brad@securit360.com
Episodes
Mentioned books

Nov 16, 2022 • 34min
Episode 16: OWASP API Hacking and DevSec with Matt Tesauro
Matt Tesauro, a Distinguished Engineer at NoName Labs and an OWASP Global Board member, dives into the realm of API security and DevSecOps. He discusses the evolution of Defect Dojo, a tool streamlining vulnerability management, and the pressing challenges of API security. The conversation covers the importance of machine learning in monitoring API behavior and the essential role of manual penetration testing in CI/CD pipelines. Tesauro emphasizes community collaboration in enhancing application security practices.

Nov 9, 2022 • 38min
Episode 15: Pentesting Certifications - which to get and why
Explore the world of penetration testing certifications and their importance in cybersecurity careers. The hosts discuss how certifications can boost interview chances and professional credibility. They analyze the OSCP's impact and critique its training approach, while also highlighting the rising relevance of the PNPT. The conversation emphasizes the need for practical skills and ongoing learning. Discover how to choose the right certifications tailored to your career goals and the evolving landscape of effective training in the field.

Nov 2, 2022 • 31min
Episode 14: Offensive Security Testing Part 3 - Web App Pentesting
Dive into the thrilling world of web application penetration testing! Discover why proactive assessments are vital to uncover vulnerabilities in applications and APIs before they’re exploited. Learn about the often-overlooked business logic flaws and the critical importance of thorough testing, including manual methods over automated tools. Understand what makes a quality pentest and the essential steps to effectively prepare for one. Each topic is laced with engaging war stories that highlight real-world implications and best practices in cybersecurity.

Oct 26, 2022 • 17min
Episode 13: Offensive Security Testing Part 2 - Mobile Pentesting
Jordan Natter, a mobile penetration tester at SecureIT360, shares insights on the complexities of mobile app security. He discusses common vulnerabilities like incorrect permissions that can expose sensitive data. Natter highlights the importance of methodologies such as static and dynamic analysis tailored for mobile apps and their APIs. He emphasizes the collaborative process between testers and developers and the need for clear communication during assessments. Additionally, he guides listeners on how to identify quality mobile penetration testing services.

Oct 19, 2022 • 16min
Episode 12: Law Firm Security Challenges Live at LegalSec22
Coming at you LIVE from LegalSec22 in San Antonio Texas. In this episode Brad and Spencer discuss common security challenges that are unique to law firms and provide insights on ways to begin solving those challenges.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Oct 12, 2022 • 26min
Episode 11: Offensive Security Testing Part 1 - Internal Pentesting
Dive into the world of internal penetration testing, where the focus shifts from traditional methods to real-world attack simulations. Discover how access control misconfigurations can be exploited and the critical importance of user behavior in security assessments. Learn about essential tools like Bloodhound and Pincastle, which help identify vulnerabilities in Active Directory. The conversation also highlights best practices for preparing effective penetration tests, such as thorough vulnerability assessments and robust security measures.

Oct 5, 2022 • 22min
Episode 10: Web Application Threats in the Modern Landscape
Web application risks are not new, but they are different because how they have fully proliferated all aspects of modern computing. Everything lives on HTTP or HTTPS or some webservice. Tune into this episode to learn about some of the most common risks we see with web applications in the modern landscape.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Sep 28, 2022 • 40min
Episode 9: Breaking In Or Branching Out: How To Get A Job In Cybersecurity
There's essentially a 0% unemployment rate in cybersecurity. It's a very hot field, great job security, great pay and great mission. But, with that comes a high level of competition for individuals seeking cybersecurity jobs. So on today's episode, Brad and Spencer talk with Misty Stacy, Managing Partner at Trusted Cyber Talent, who is on the forefront of helping cybersecurity professionals find their first or next cybersecurity job.Looking for help getting a job in Cyber? Check out https://testedcybertalent.com or reach out to Misty at https://www.linkedin.com/in/mistystacy Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Sep 21, 2022 • 34min
Episode 8: Hackers: How we get in and how to stop us
Discover the primary methods hackers use to gain access to organizations through penetration tests. Dive into the world of credential attacks and the vital role of Multi-Factor Authentication. Explore critical web application vulnerabilities like SQL injection and phishing tactics that exploit user behavior. Learn about effective tools and strategies for enhancing security and fortifying defenses against these persistent threats. This insightful discussion blends technical analysis with practical recommendations to safeguard your organization.

Sep 16, 2022 • 16min
9-16-22 Week in Review: Uber Hacked, Teams Cleartext Tokens, Intermittent Ransomware Encryption
In this week's reviewUber was hackedMicrosoft Teams stores auth tokens as cleartext in Windows, Linux, MacsRansomware Developers Turn to Intermittent Encryption to Evade DetectionBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com