The Cyber Threat Perspective

Web application risks are not new, but they are different because how they have fully proliferated all aspects of modern computing. Everything lives on HTTP or HTTPS or some webservice. Tune into this episode to learn about some of the most common risks we see with web applications in the modern landscape.Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

There's essentially a 0% unemployment rate in cybersecurity. It's a very hot field, great job security, great pay and great mission. But, with that comes a high level of competition for individuals seeking cybersecurity jobs. So on today's episode, Brad and Spencer talk with Misty Stacy, Managing Partner at Trusted Cyber Talent, who is on the forefront of helping cybersecurity professionals find their first or next cybersecurity job.Looking for help getting a job in Cyber? Check out https://testedcybertalent.com or reach out to Misty at https://www.linkedin.com/in/mistystacy Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Discover the primary methods hackers use to gain access to organizations through penetration tests. Dive into the world of credential attacks and the vital role of Multi-Factor Authentication. Explore critical web application vulnerabilities like SQL injection and phishing tactics that exploit user behavior. Learn about effective tools and strategies for enhancing security and fortifying defenses against these persistent threats. This insightful discussion blends technical analysis with practical recommendations to safeguard your organization.

In this week's reviewUber was hackedMicrosoft Teams stores auth tokens as cleartext in Windows, Linux, MacsRansomware Developers Turn to Intermittent Encryption to Evade DetectionBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Spencer talk about what mature, proactive organizations are doing to harden and secure their environments, with the end goal of forcing attackers to make more noise which hopefully leads to quicker detection and ejection from your network. These are things that get us caught and slow us down on penetration tests and they are things that will absolutely do the same to real threat actors. Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this week's review:New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor SecurityNew Linux Malware Evades Detection Using Multi-stage DeploymentBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Dive into the essentials of getting the most out of your external penetration tests. Discover the importance of asset inventory for effective testing and how understanding existing systems can enhance results. Learn about the crucial role of identifying security risks and leveraging open-source intelligence. The podcast stresses the significance of aligning testing objectives with client goals and emphasizes the value of building strong relationships with testers, turning assessments into valuable learning experiences.

In this week's reviewRoasting 0ktapus: The phishing campaign going after Okta identity credentialsAdvanced BEC Scam Campaign Targeting Executives on O365The Rise of LNK Files (T1547.009) and Ways To Detect ThemBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Internal penetration tests reveal shocking yet common high-risk vulnerabilities like weak passwords and misconfigurations. The discussion dives into the dangers of storing passwords in plain text and the need for better security education. Revamping password policies and embracing random generation is advocated. Common vulnerabilities in Active Directory configurations are unveiled, specifically regarding privilege escalation. Legacy systems pose significant risks with relay attacks, highlighting the urgency for improved practices in the cybersecurity landscape.

In this week's reviewHackers Breach LastPass Developer System to Steal Source CodeYou Can’t Audit Me: APT29 Continues Targeting Microsoft 365 | MandiantThe GitLab 2022 Global DevSecOps SurveyBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.