The Cyber Threat Perspective

In this episode Spencer and Darrius discuss an amazing new AI chatbot that has taken the internet by storm and captivated the infosec community. Listen to this episode to learn what ChatGPT is, how it can be used (and abused) and what the possible implications are (good and bad) of such an amazing piece of technology. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

CTF, or Capture The Flag, is a great way to expand your learning and understanding of various information security topics. It can also be great fun and a great way to meet people in the industry. In this episode Spencer and Darrius talk about the benefit of using CTFs to keep your pentesting skills sharp over the holiday "break."Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, Darrius and Brad talk about Portswigger's Burp Suite, how they use it, and why it's important. They also offer a sneak-peak into what's coming in 2023! Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Explore the hidden dangers of Microsoft WSUS servers and how attackers exploit them for lateral movement within networks. Learn about the critical roles WSUS plays in patch management and the cybersecurity risks associated with it. Discover real-world scenarios of compromised updates leading to severe breaches. The discussion also highlights challenges faced by attackers and the significance of Microsoft-signed binaries for malicious updates. Stay informed about the essential measures to secure WSUS and enhance your cybersecurity awareness.

Matt Tesauro, a Distinguished Engineer at NoName Labs and an OWASP Global Board member, dives into the realm of API security and DevSecOps. He discusses the evolution of Defect Dojo, a tool streamlining vulnerability management, and the pressing challenges of API security. The conversation covers the importance of machine learning in monitoring API behavior and the essential role of manual penetration testing in CI/CD pipelines. Tesauro emphasizes community collaboration in enhancing application security practices.

Explore the world of penetration testing certifications and their importance in cybersecurity careers. The hosts discuss how certifications can boost interview chances and professional credibility. They analyze the OSCP's impact and critique its training approach, while also highlighting the rising relevance of the PNPT. The conversation emphasizes the need for practical skills and ongoing learning. Discover how to choose the right certifications tailored to your career goals and the evolving landscape of effective training in the field.

Dive into the thrilling world of web application penetration testing! Discover why proactive assessments are vital to uncover vulnerabilities in applications and APIs before they’re exploited. Learn about the often-overlooked business logic flaws and the critical importance of thorough testing, including manual methods over automated tools. Understand what makes a quality pentest and the essential steps to effectively prepare for one. Each topic is laced with engaging war stories that highlight real-world implications and best practices in cybersecurity.

Jordan Natter, a mobile penetration tester at SecureIT360, shares insights on the complexities of mobile app security. He discusses common vulnerabilities like incorrect permissions that can expose sensitive data. Natter highlights the importance of methodologies such as static and dynamic analysis tailored for mobile apps and their APIs. He emphasizes the collaborative process between testers and developers and the need for clear communication during assessments. Additionally, he guides listeners on how to identify quality mobile penetration testing services.

Coming at you LIVE from LegalSec22 in San Antonio Texas. In this episode Brad and Spencer discuss common security challenges that are unique to law firms and provide insights on ways to begin solving those challenges.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Dive into the world of internal penetration testing, where the focus shifts from traditional methods to real-world attack simulations. Discover how access control misconfigurations can be exploited and the critical importance of user behavior in security assessments. Learn about essential tools like Bloodhound and Pincastle, which help identify vulnerabilities in Active Directory. The conversation also highlights best practices for preparing effective penetration tests, such as thorough vulnerability assessments and robust security measures.