The Cyber Threat Perspective

Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented features and firmware flaws with far-reaching security implications.- Real-world examples highlighting the importance of pen testing medical devices, including the potential for increased medication dosing due to infusion pump flaws.- A deep dive into the broad-reaching impact of exploited vulnerabilities, from chaos in hospitals to privacy breaches through interconnected devices and mobile apps.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, Brand and Spencer dive into Defense in Depth. What is it, what does that mean, what are some actionable and practical steps you can take to implement a defense in depth strategy, how does threat modeling and incident response tabletop exercises fit into it and so much more. Do not miss this episodeBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

In this episode, we dive into the world of digital forensics and incident response. Spencer, Mark and Andrew discuss the various roles you might see on a DFIR team, the psychology of IR and the stages of incident response, the challenges of responding to cloud compromises, what comes after after the breach and so much more.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Delve into the intriguing world of penetration testing and uncover the myths swirling around it! The conversation sheds light on the stark contrast between Hollywood’s glamorized view and the real complexities professionals encounter. Discover why even small organizations are prime targets and the vital role regular assessments play in cybersecurity. With insights on the limits of automation and the necessity for human intuition, this discussion emphasizes the importance of ongoing vigilance in protecting data.

Discover how IT admins can enhance Active Directory security without breaking the bank. The hosts explore a range of low-cost, user-friendly tools like Pink Castle for identifying critical vulnerabilities. They debunk the myth that robust security requires a big budget, emphasizing effective, accessible solutions. The conversation highlights the collaboration between red and blue teams and showcases how straightforward tools can empower users to take charge of their cybersecurity. Tune in for practical tips and strategies!

Dive into the world of bug bounty programs, where ethical hackers earn by discovering vulnerabilities. Discover the advantages over traditional penetration tests and how these programs significantly enhance application security. Unpack the crucial role bug bounties play for aspiring cybersecurity professionals and the challenges they face in managing these programs. Explore the impact of financial incentives on participation and the necessity of a strong security framework for success.

Join us for an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360. Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations. Learn from a seasoned expert who has navigated complex cyber threats; he will shed light on sophisticated tactics, techniques, and procedures that define modern offensive security strategies. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

In our "DNS Security" podcast, we delve into DNS's critical role in how the internet works, exploring its vulnerabilities and attacks like DNS spoofing, cache poisoning, and DDoS. We discuss DNSSEC and its components, including public and private keys, and examine practical solutions such as DNS and content filtering. The episode also highlights the advantages of cloud-based DNS services, like those offered by Cloudflare.Finally, we share best practices and resources for securing DNS infrastructure, addressing challenges like scalability and false positives. Join us for a concise yet comprehensive exploration of DNS security's complexities and solutions.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com

Discover effective strategies for hardening Windows and Active Directory systems. Dive into the concept of least privilege and the tiered admin model to enhance security management. Learn about the significance of applying CIS benchmarks and the importance of disabling legacy protocols. The discussion also covers the role of multi-factor authentication and the challenges it presents. Lastly, explore the value of community engagement in tackling cybersecurity threats and maintaining consistent security practices.

In today's rapidly evolving cybersecurity landscape, where organizations of all verticals and industries are more and more being targeted, organizations must adopt a proactive approach to securing their systems and data. Penetration testing is an essential component of identifying vulnerabilities and weaknesses. However, many organizations fail to extract maximum value from their penetration tests, treating them as isolated events rather than continuous learning opportunities.This session aims to shed light on the concept of "Assume Breach" and explore how organizations can extract the most value from their penetration tests. By embracing the assumption that systems and users at some point will become compromised, organizations can develop a comprehensive security strategy that goes beyond a checklist approach.The session will feature real-world case studies and practical examples to illustrate successful Assume Breach penetration tests. Attendees will gain insights into developing a robust security strategy, optimizing resources, and aligning penetration tests with broader organizational goals.Whether you are a security professional, an IT admin, an MSP, or a business leader, this session will provide valuable insights to enhance your understanding of penetration testing as a continuous improvement process and empower you to strengthen your customer's security posture.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://click.spenceralessi.com/mylinks Work with Us: https://securit360.com