(Replay) How We Evade Detection During Internal Pentests
(Replay) In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and this topic more in general.Resources(Jun 1, 2021) Evadere Classifications - detection & response focusDefense Evasion, Tactic TA0005 - Enterprise | MITRE ATT&CK® - controls focus(Mar 22, 2024) Atomics on a Friday - Evade or Bypass - edr focusBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
--------
40:44
--------
40:44
Episode 138: The 7 Questions Every Security Leader Should Ask After a Pentest
In this episode of The Cyber Threat Perspective, we break down the 7 critical questions every security leader should ask after a penetration test. A pentest isn’t just about checking a box, it’s an opportunity to assess your defenses, measure progress, and refine your strategy. We discuss how to go beyond the report, extract real value from the assessment, and ensure findings lead to meaningful action across your organization. Whether you’re a CISO, IT director, or team lead, this episode will help you make every pentest count.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
--------
42:16
--------
42:16
Episode 137: Common Pentest Findings That Shouldn’t Exist in 2025
In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
--------
27:23
--------
27:23
Episode 136: A day in the life of an External Penetration Tester
In this episode of The Cyber Threat Perspective, we dive into why a “A day in the life of an External Penetration Tester." What do we actually do, and how do the things we do affect the overall engagement? What's important? We answer all of these questions and more in this week's episode. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
--------
37:32
--------
37:32
(Replay) How To Harden Active Directory To Prevent Cyber Attacks - Webinar
(REPLAY) This is a recording of a webinar aimed at IT professionals, system administrators, and cybersecurity professionals eager to bolster their defenses against cyber threats. In this session, "How to Harden Active Directory to Prevent Cyber Attacks," our expert speakers will discuss comprehensive strategies and best practices for securing your Active Directory environment. Download the slides here.Key Takeaways:- Understanding AD Vulnerabilities: Learn about the most common security weaknesses in Active Directory (AD) and how attackers exploit these gaps.- Best Practices in Configuration: Discover how to properly configure Active Directory settings for maximum security to deter potential breaches.- Advanced Security Measures: Explore advanced techniques and tools for monitoring, detecting, and responding to suspicious activities within your network.- Case Studies: Hear real-world examples of Active Directory attacks and what lessons can be learned from them.- Interactive Q&A: Have your specific questions answered during our live Q&A session with the experts.Whether you want to enhance your security posture or start from scratch, this webinar will provide you with the knowledge and tools necessary to protect your systems more effectively.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.com
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting [email protected]
Ireland