(replay) Common Pentest Findings That Shouldn't Exist in 2025
In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues over and over again. If you're an IT admin or security leader, this episode is your checklist of what to fix yesterday.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.
--------
27:23
--------
27:23
Episode 152: What is Offensive Security?
In this episode, Spencer and Brad dig into a question that comes up all the time: what exactly is offensive security? Hint: it’s not just “pentesting.” Offensive security covers a whole spectrum of activities, including, penetration testing, red teaming, purple teaming, adversary emulation, and more. We’ll break down what each of these means, how they’re different, and how we do things at SecurIT360. By the end, you’ll have a clearer picture of how offensive security fits into a bigger security strategy and why it’s more than just finding vulnerabilities.👉Find vulnerabilities that matter, learn about how we do assume breach internal pentesting here.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.
--------
43:33
--------
43:33
Episode 151: Tool Time - PingCastle for Defenders
In this episode, we’re digging into a super awesome Active Directory security tool called PingCastle. We’ll cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversaries. PingCastle is a staple tool on our internal pentesting toolbelt. In this episode, you will find out why.👉Find vulnerabilities that matter, learn about how we do assume breach internal pentesting here.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.
--------
42:27
--------
42:27
Episode 150: How to Use Pentest Findings to Justify Your Next Security Spend
https://offsec.blog/budgetIn this episode, we’re tackling an often-overlooked opportunity: using pentest results to secure more budget for security initiatives. Too many organizations run a pentest, file the report away, and move on without leveraging it for strategic value. We’ll break down how to translate findings into business language, influence leadership, and turn vulnerabilities into funding for better defenses.Click here to see if you're a fit for our style of internal pentesting.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.
--------
30:36
--------
30:36
Episode 149: Building a Security Stack That Works A Practitioner’s Perspective
In this episode, Brad and Spencer sit down with an experienced information security and risk manager to explore how they build and manage their security stack, choose the right tools, and win support from their team and leadership. We dig into the balance between technical defenses and business-driven risk management, from budgeting and vendor selection to measuring success and preparing for emerging threats. Whether you’re a hands-on practitioner or a security leader, you’ll walk away with practical insights on building stronger defenses and aligning security with business goals.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal assume breach pentesting here.
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting [email protected]
Ireland