The Cyber Threat Perspective

Send us a Text Message. In this episode, Brad and Spencer discuss the preparation stage of defending against ransomware. As we know, the time to have a plan is before you enter the woods and cybersecurity is no different. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, Brad and Spencer discuss the preparation stage of defending against ransomware. As we know, the time to have a plan is before you enter the woods and cybersecurity is no different. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, Spencer and Darrius share their expertise on navigating the world of cybersecurity training and certification. With decades of experience and numerous certifications, they provide valuable insights, tips, and personal stories to help listeners stay ahead of emerging threats and advance their careers in cybersecurity. Whether you're a beginner or a veteran in the field, this episode offers practical advice to enhance your skills and succeed in this ever-changing industry. Tune in to gain insider knowledge and expert guidance from professionals dedicated to protecting digital environments and combating cyber threats. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, Spencer and Brad discuss the highly respected 2024 Verizon Data Breach Investigations Report (DBIR), a data-driven analysis of cyberattacks and data breaches from around the world. Tune in to discover the latest global trends and patterns in cybersecurity, as well as key insights for security professionals and executives. Don't miss out on this essential resource that has been shaping the industry for the past 15 years. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode Spencer chats with Mark Brophy (of SecurIT360) to discuss his background and experience with coaching a collegiate cyber defense team and how many of those lessons learned from defending against expert red team operators translate to securing organizations in today's modern thread landscape. Another must-listen to episode for all defenders, it admins, cisos, it directors, or anyone else in charge of managing, maintaining and/or securing computers and networks. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, Spencer and Darrius break down the complexities of credential protection, discussing everything from user education and tools to threat modeling and guardrails. Plus, we delve into the world of protecting credentials within scripts and code. This is a must-listen for all IT admins, CISOs and any other IT/Security professional. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. Get into the dynamic world of penetration testing with Episode 88 of The Cyber Threat Perspective. Hosts Brad and Tyler discuss how to plan for penetration testing from both a budgeting and success perspective. • How to budget for penetration testing - by evaluating risk and compliance needs. • Discussion on the ways to ensure you're getting value and quality in your penetration testing. • How to avoid pit-falls before, during and after penetration testing. • The role of communication in delivering effective pen testing services and client relationships. • How to establish a proper cadence of offensive security work. https://OffSec.blog https://SecurIT360.com Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, Spencer and Tyler dive into the common challenges, struggles and obstacles a pentester may face in their career and they offer advice for dealing with and overcoming those hurdles. Thank you for listening! We hope this episode brings you value! 🙏 Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode Spencer and Darrius discuss the XZ backdoor fiasco and share their perspective on what to be thinking about as a defender and what the long-term impact of this event may be. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, Spencer and Darrius discuss DarkGPT, which is an OSINT assistant based on GPT-4-200K (recommended use) designed to perform queries on leaked databases, thus providing an artificial intelligence assistant that can be useful in your traditional OSINT processes. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech. - Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques. - Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety. - An in-depth analysis of a common air purifier APK, exposing undocumented features and firmware flaws with far-reaching security implications. - Real-world examples highlighting the importance of pen testing medical devices, including the potential for increased medication dosing due to infusion pump flaws. - A deep dive into the broad-reaching impact of exploited vulnerabilities, from chaos in hospitals to privacy breaches through interconnected devices and mobile apps. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, Brand and Spencer dive into Defense in Depth. What is it, what does that mean, what are some actionable and practical steps you can take to implement a defense in depth strategy, how does threat modeling and incident response tabletop exercises fit into it and so much more. Do not miss this episode Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, we dive into the world of digital forensics and incident response. Spencer, Mark and Andrew discuss the various roles you might see on a DFIR team, the psychology of IR and the stages of incident response, the challenges of responding to cloud compromises, what comes after after the breach and so much more. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, Spencer and Tyler discuss common misconceptions about penetration testing and provide clarity on its purpose and importance in cybersecurity. Join us as we explore the realities behind this vital security assessment, debunking myths and offering insights into its role in safeguarding organizations and data. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, Spencer and Brad deep dive into several tools that IT Admins can use to identify critical issues within Active Directory environments, without breaking the bank. There's a misconception that security can only be achieved by spending large sums of money. That simply isn't the case. Listen to this episode to learn how. https://pingcastle.com/ https://github.com/mtth-bfft/adeleg https://github.com/techspence/ScriptSentry https://github.com/TrimarcJake/Locksmith https://github.com/BloodHoundAD/BloodHound https://github.com/EvotecIT/GPOZaurr Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. Our expert hosts unpack the intricacies of bug bounty programs, exploring how they've become a pivotal element in the cybersecurity world and also how they fail. Whether you're a cybersecurity professional, an aspiring ethical hacker, or simply curious about the mechanisms that protect our online spaces, this episode comprehensively explores the bug bounty ecosystem. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. Join us for an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360. Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense. Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations. Learn from a seasoned expert who has navigated complex cyber threats; he will shed light on sophisticated tactics, techniques, and procedures that define modern offensive security strategies. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In our "DNS Security" podcast, we delve into DNS's critical role in how the internet works, exploring its vulnerabilities and attacks like DNS spoofing, cache poisoning, and DDoS. We discuss DNSSEC and its components, including public and private keys, and examine practical solutions such as DNS and content filtering. The episode also highlights the advantages of cloud-based DNS services, like those offered by Cloudflare. Finally, we share best practices and resources for securing DNS infrastructure, addressing challenges like scalability and false positives. Join us for a concise yet comprehensive exploration of DNS security's complexities and solutions. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In this episode, we dive into the world of Windows and Active Directory and we explore strategies and best practices to secure these systems. This episode will provide you with actionable advice for securing your organization against cyber attacks. We discuss topics such as least privilege, tiered admin model, CIS benchmarks, and much more. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com

Send us a Text Message. In today's rapidly evolving cybersecurity landscape, where organizations of all verticals and industries are more and more being targeted, organizations must adopt a proactive approach to securing their systems and data. Penetration testing is an essential component of identifying vulnerabilities and weaknesses. However, many organizations fail to extract maximum value from their penetration tests, treating them as isolated events rather than continuous learning opportunities. This session aims to shed light on the concept of "Assume Breach" and explore how organizations can extract the most value from their penetration tests. By embracing the assumption that systems and users at some point will become compromised, organizations can develop a comprehensive security strategy that goes beyond a checklist approach. The session will feature real-world case studies and practical examples to illustrate successful Assume Breach penetration tests. Attendees will gain insights into developing a robust security strategy, optimizing resources, and aligning penetration tests with broader organizational goals. Whether you are a security professional, an IT admin, an MSP, or a business leader, this session will provide valuable insights to enhance your understanding of penetration testing as a continuous improvement process and empower you to strengthen your customer's security posture. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov Work with Us: https://securit360.com