Delve into the key differences between security assessments and penetration tests, highlighting how each serves distinct roles in safeguarding IT infrastructure. Discover the value of real-world penetration testing in measuring the effectiveness of security policies. The conversation emphasizes the critical need for testing third-party applications to unveil vulnerabilities and discusses the challenges organizations face in resource allocation for effective assessments. Gain insights on how both methods complement each other for a stronger cybersecurity strategy.

It's no secret law firms have become prime targets for attackers due to the sensitive information they handle and the clients they do business with. In this episode Brad and Spencer discuss common tactics used by attackers to breach law firms' defenses and provide practical tips on how to detect and prevent these types of attacks.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Dive into the world of pentesting certifications as experts rank them from best to worst. Discover the significance of key credentials like OSCP, GPN, and the emerging PNPT. Explore personal experiences with the G-Pen and critiques of practical versus theoretical value in these certifications. Learn about the advantages of Pentest Plus and advanced red team tactics with CRTO. Get insights into accessible certification options and community support for beginners, igniting a lively debate on their real-world application!

The hosts rank popular pentesting certifications from best to worst, diving into their significance in cybersecurity. They emphasize real-world experience and community involvement as key factors in this landscape. Discussions include detailed critiques of certifications like the Burp Suite Certified Practitioner and ECPPT, with evaluations of their exam formats and practical applications. The tier list approach sparks lively debate, inviting listeners to share their own perspectives on these valuable credentials.

In this episode Brad and Darrius continue the Offensive Security Testing series and discuss Wireless Penetration Testing. Wireless Pentesting is often overlooked, but could be the blind spot that allows an attacker onto your network. Listen to this episode for key insights and considerations related to wireless networks and pentesting.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Explore the intriguing world of cybersecurity as experts dissect the differences between penetration testing, purple team exercises, and red team engagements. Discover the critical role of standardized terminology in aligning security needs with client expectations. Learn how public information can be a double-edged sword, posing risks that attackers can exploit. Dive into the dynamic interplay of red, blue, and purple teams, illuminating collaborative strategies to enhance an organization's security posture and resilience.

In this episode, Spencer and Tyler discuss Tyler's journey from working at Home Depot to getting a job as  a Penetration Tester. They also share first-hand advice for those that are looking to break into this exciting field.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Darrius and Brad look at the current state of web application penetration testing, why it is how it is, and what you can do if you want to break into the field. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode, Brad and Darrius talk about some of the buzz around recent changes in privacy regulation/law and how it may impact other market verticals such as banking, law firms, and retail. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode Spencer shares his affinity for PingCastle. If you are in IT, if you're a sysadmin or network admin or have any kind of responsibility for the security of your environment. I encourage you to have a look at PingCastle. Not only can it be used to find VERY severe vulnerabilities, but you can use it to track progress over time and show leadership you're doing the work. We also talk about some of my favorite ways to use this tool on penetration tests. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com