Get into the dynamic world of penetration testing with Episode 88 of The Cyber Threat Perspective. Hosts Brad and Tyler discuss how to plan for penetration testing from both a budgeting and success perspective.• How to budget for penetration testing - by evaluating risk and compliance needs.• Discussion on the ways to ensure you're getting value and quality in your penetration testing.• How to avoid pit-falls before, during and after penetration testing.• The role of communication in delivering effective pen testing services and client relationships.• How to establish a proper cadence of offensive security work.https://OffSec.bloghttps://SecurIT360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Spencer and Tyler dive into the common challenges, struggles and obstacles a pentester may face in their career and they offer advice for dealing with and overcoming those hurdles. Thank you for listening! We hope this episode brings you value! 🙏Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode Spencer and Darrius discuss the XZ backdoor fiasco and share their perspective on what to be thinking about as a defender and what the long-term impact of this event may be.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Dive into the fascinating world of DarkGPT, a groundbreaking OSINT assistant designed to tackle queries on leaked databases. Discover innovative prompt engineering that enhances AI tools for both data retrieval and security applications. The hosts evaluate the usability of this new tool, sharing strengths and potential improvements. They also discuss the dual-edged nature of DarkGPT, emphasizing its powerful capabilities alongside the critical need for security measures. Tune in for insights that blend technology with cybersecurity expertise!

Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented features and firmware flaws with far-reaching security implications.- Real-world examples highlighting the importance of pen testing medical devices, including the potential for increased medication dosing due to infusion pump flaws.- A deep dive into the broad-reaching impact of exploited vulnerabilities, from chaos in hospitals to privacy breaches through interconnected devices and mobile apps.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Brand and Spencer dive into Defense in Depth. What is it, what does that mean, what are some actionable and practical steps you can take to implement a defense in depth strategy, how does threat modeling and incident response tabletop exercises fit into it and so much more. Do not miss this episodeBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, we dive into the world of digital forensics and incident response. Spencer, Mark and Andrew discuss the various roles you might see on a DFIR team, the psychology of IR and the stages of incident response, the challenges of responding to cloud compromises, what comes after after the breach and so much more.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Delve into the intriguing world of penetration testing and uncover the myths swirling around it! The conversation sheds light on the stark contrast between Hollywood’s glamorized view and the real complexities professionals encounter. Discover why even small organizations are prime targets and the vital role regular assessments play in cybersecurity. With insights on the limits of automation and the necessity for human intuition, this discussion emphasizes the importance of ongoing vigilance in protecting data.

Discover how IT admins can enhance Active Directory security without breaking the bank. The hosts explore a range of low-cost, user-friendly tools like Pink Castle for identifying critical vulnerabilities. They debunk the myth that robust security requires a big budget, emphasizing effective, accessible solutions. The conversation highlights the collaboration between red and blue teams and showcases how straightforward tools can empower users to take charge of their cybersecurity. Tune in for practical tips and strategies!

Dive into the world of bug bounty programs, where ethical hackers earn by discovering vulnerabilities. Discover the advantages over traditional penetration tests and how these programs significantly enhance application security. Unpack the crucial role bug bounties play for aspiring cybersecurity professionals and the challenges they face in managing these programs. Explore the impact of financial incentives on participation and the necessity of a strong security framework for success.