The Cyber Threat Perspective

Dive into the world of cyber risk classification and its implications for organizations. Discover various risk types, including reputational, financial, and operational risks, especially in penetration testing scenarios. Learn about the challenges of vulnerability scanning tools and the irreplaceable role of penetration testers in assessing risks. Explore the financial fallout from reputational damage and the complexities of securing cyber insurance. Plus, get insights on operational disruptions and the necessity of robust business continuity plans.

Dive into the world of Attack Surface Monitoring and discover its significance in defending against cyber threats. Learn the critical differences between attack vectors and surfaces, plus the vital role of a comprehensive asset inventory. Understand the complexities of cloud environments and why monitoring them is essential. Explore proven tools like NMAP and Burp, and hear expert insights on integrating vulnerability management strategies. The discussion is filled with practical tips and real-world examples that highlight the importance of proactive security measures.

In this episode, Spencer has Sam Killingsworth on the show to talk about getting into cybersecurity, specifically penetration testing, coming from a first responder background. Sam is currently a full-time Firefighter/EMT and part-time penetration tester here at SecurIT360. Sam shares his background and experiences of learning cybersecurity and pentesting and how he has used the skills from his full-time job to help him be a better pentester.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, Spencer and Brad dive into the complex maze of 3rd party email providers, filtering and spoofing. Email spoofing is a technique used by cybercriminals to disguise the sender's address in an email message, making it appear as though the email originated from a different source. This can be used for a variety of malicious purposes, such as phishing attacks, fraudulent activities, or spreading malware.DMARC Rundown - Offensive Security Blog - SecurIT360“EchoSpoofing” — A Massive Phishing Campaign Exploiting...Spoof intelligence insight - Microsoft Defender for Office 365How attackers bypass third-party mail filtering to Office 365Spoofing Microsoft 365 Like It’s 1995 - Black Hills Information SecurityBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, Spencer is joined by Joey Vandergrift (SecurIT360's VP of Security Operations) and Mark Brophy (SecurIT360's DFIR practice lead). Together they discuss how CrowdStrike, a leading EDR product, caused one of the largest global IT outages in history.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, Spencer and Brad dive into the deep underworld of infostealer malware. They discuss what infostealers are, how they are used and what they are used for. They will dig into how the information obtained from infostealers can help cyber threat actors compromise large and small organizations, cloud providers and more but also how the infostealer data and logs can be used by authorities for good.Resources10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruithttps://x.com/vxunderground/status/1757467533202862344Infostealer malware logs used to identify child abuse website membershttps://cybernews.com/cybercrime/disney-slack-data-breach-unreleased-projects/https://x.com/arekfurt/status/1800181869256024083https://x.com/ddd1ms/status/1755256762997850279https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion?linkId=10091118Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented features and firmware flaws with far-reaching security implications.- Real-world examples highlighting the importance of pen testing medical devices, including the potential for increased medication dosing due to infusion pump flaws.- A deep dive into the broad-reaching impact of exploited vulnerabilities, from chaos in hospitals to privacy breaches through interconnected devices and mobile apps.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, Spencer and Brad discuss the OpenSSH "regreSSHion" vulnerability. This is being tracked as CVE-2024-6409 & CVE-2024-6387. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.Links:https://nvd.nist.gov/vuln/detail/CVE-2024-6409https://nvd.nist.gov/vuln/detail/CVE-2024-6387https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt?ref=thestack.technologyhttps://www.infosecurity-magazine.com/news/chinese-state-exploits/https://x.com/fofabot/status/1810622161192919350https://justpaste.it/do235Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com

Discover the innovative OneDriveEnum tool, designed for user account enumeration in Microsoft 365, revealing vulnerabilities in OneDrive. Learn advanced techniques for user enumeration, including permutated names and strategic mitigation strategies. Dive into AD Miner, an advanced Active Directory auditing tool, showcasing its user-friendly visuals and effective reporting. Explore the importance of proactive security measures like multi-factor authentication and geofencing to bolster defenses against potential threats.

Explore the latest trends in attacks on Microsoft 365 environments. Discover how attackers use techniques like credential stuffing and brute-force attacks to compromise accounts. Learn about the risks of social engineering tactics targeting corporate systems, including man-in-the-middle attacks. Delve into the vulnerabilities of legacy authentication protocols and the challenges of app passwords. This discussion emphasizes the importance of robust security measures and conditional access policies to safeguard sensitive information.