Explore the latest trends in attacks on Microsoft 365 environments. Discover how attackers use techniques like credential stuffing and brute-force attacks to compromise accounts. Learn about the risks of social engineering tactics targeting corporate systems, including man-in-the-middle attacks. Delve into the vulnerabilities of legacy authentication protocols and the challenges of app passwords. This discussion emphasizes the importance of robust security measures and conditional access policies to safeguard sensitive information.

In this discussion, Tyler Roberts, a Microsoft 365 security expert and penetration tester, delves into the latest enumeration techniques used in attacks against M365. He explains how attackers identify tenants and validate accounts, spotlighting the risks associated with user enumeration and password spraying. Roberts emphasizes the importance of strong security measures, including multi-factor authentication, and sheds light on vulnerabilities in services like SharePoint. IT admins gain actionable insights to better protect their organizations from these evolving threats.

Dive into the intricacies of Active Directory security and discover common vulnerabilities that cyber attackers exploit. Uncover best practices for configuration and advanced security measures to enhance your defenses. Real-world case studies provide invaluable lessons on preventing breaches. Learn about the importance of effective documentation and credential management. Plus, get insights on vulnerability scoring and the challenges of managing security findings in your organization. This session is packed with practical tools and strategies for cybersecurity professionals!

In this episode, Alex Boyd joins Spencer and Brad. Alex is a shareholder in Polsinelli's national Technology Transactions and Data Privacy practice, shares crucial insights for CTOs, IT Directors, CISOs, Security Managers when responding to security incidents. Discover common misconceptions about breaches and the mistakes organizations make in regulatory compliance. Gain valuable advice on selecting cyber insurance policies and navigating the legal landscape of regulatory investigations, licensing agreements and terms of service.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Brad and Spencer discuss the preparation stage of defending against ransomware. As we know, the time to have a plan is before you enter the woods and cybersecurity is no different.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Brad and Spencer discuss the preparation stage of defending against ransomware. As we know, the time to have a plan is before you enter the woods and cybersecurity is no different.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Spencer and Darrius share their expertise on navigating the world of cybersecurity training and certification. With decades of experience and numerous certifications, they provide valuable insights, tips, and personal stories to help listeners stay ahead of emerging threats and advance their careers in cybersecurity. Whether you're a beginner or a veteran in the field, this episode offers practical advice to enhance your skills and succeed in this ever-changing industry. Tune in to gain insider knowledge and expert guidance from professionals dedicated to protecting digital environments and combating cyber threats.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Spencer and Brad discuss the highly respected 2024 Verizon Data Breach Investigations Report (DBIR), a data-driven analysis of cyberattacks and data breaches from around the world. Tune in to discover the latest global trends and patterns in cybersecurity, as well as key insights for security professionals and executives. Don't miss out on this essential resource that has been shaping the industry for the past 15 years.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode Spencer chats with Mark Brophy (of SecurIT360) to discuss his background and experience with coaching a collegiate cyber defense team and how many of those lessons learned from defending against expert red team operators translate to securing organizations in today's modern thread landscape. Another must-listen to episode for all defenders, it admins, cisos, it directors, or anyone else in charge of managing, maintaining and/or securing computers and networks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Spencer and Darrius break down the complexities of credential protection, discussing everything from user education and tools to threat modeling and guardrails. Plus, we delve into the world of protecting credentials within scripts and code. This is a must-listen for all IT admins, CISOs and any other IT/Security professional.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com