In this episode of "The Cyber Threat Perspective," Tyler and Brad, members of SecurIT360's offensive security team, take us through the evolution of various penetration testing TTPs. Specifically, using the external penetration test process as an example and analyzing other processes and why/how they changed.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Spencer and Tyler go "behind the hack" and discuss what life is like behind the keyboard of an external pentest. They discuss various parts of an external penetration test such as planning and preparation, execution, and post-exploitation as well as common challenges throughout the way.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

This week we are replaying one of our earliest episodes. In this episode, Brad and Spencer discuss the THREE primary ways we gain initial access on penetration tests and how to stop us! The moral of this story is that these are attack vectors we see adversaries using day in and day out to compromise organizations. We hope this episode helps you track down and close those gaps in your own environments.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Spencer and Darrius discuss a common divide found among companies between the Security Team and the development teams. These are two teams that are ultimately trying to benefit the company, and by working together both are able to succeed.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

This is the November 2023 Cyber Threat Recap. Every day our Cyber Threat Intelligence team is tracking, researching, and analyzing threats, vulnerabilities, exploits, and techniques with the purpose of keeping you up-to-date on what's relevant and important in the industry. So you can be more prepared today than you were yesterday to protect your organization.Okta Breach/1PasswordOkta says its support system was breached using stolen credentials1Password Detects Suspicious Activity Following Okta Support BreachHackers Stole Access Tokens from Okta’s Support Unit – Krebs on SecurityOcto Tempesthttps://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/Trendshttps://www.simplilearn.com/top-cybersecurity-trends-articleThe 10 Biggest Cyber Security Trends In 2024 Everyone Must Be Ready For NowBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Get ready for a spine-chilling dive into the world of unsecured credentials! Discover the hidden spots where credentials often lurk, like unattended answer files and even auto hotkey scripts. The hosts share eye-opening stories about the dangers of overprivileged accounts and misconfigured tools. Uncover how everyday items like sticky notes can become gateways for hackers. Ultimately, this thrilling discussion highlights the urgent need for better security practices and user education in the digital realm.

In this episode, Spencer and Darrius go "behind the hack" and discuss what life is like behind the keyboard of a web application penetration tester. They discuss various parts of a web app penetration test such as planning and preparation, execution, and post-exploitation as well as common challenges throughout the way.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Brad and Spencer go "behind the hack" and discuss what life is like behind the keyboard of an internal penetration tester. They discuss various parts of an internal penetration test such as planning and preparation, execution, post-exploitation as well as common challenges throughout the way.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Learn what makes a penetration test report truly impactful. Discover the essential elements that ensure clarity and actionable insights for improving organizational security. Hear about the importance of clear communication and contextual risk framing in conveying findings to stakeholders. The discussion also covers challenges in vulnerability remediation and the need for ongoing audits. Plus, tips on enhancing report composition and the critical role of client feedback in refining the reporting process.

Delve into the manipulative tactics of social engineering and their rising prevalence in cybersecurity. Discover the importance of comprehensive training to foster awareness and a strong security culture within organizations. Learn about effective strategies like Multi-Factor Authentication and the principles of least privilege. Embrace a proactive approach to identify vulnerabilities and enhance defenses against these attacks. Explore how viewing challenges as opportunities can strengthen overall security.