The Cyber Threat Perspective

In this episode, Brad and Jordan talk about API pen testing, how it works, and what you can expect if you want to procure one. They discuss pitfalls, common findings, and ways to streamline the process. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we take a step back from the AI hype and focus on what has actually changed in offensive security. AI isn’t replacing attackers or inventing brand-new techniques, but it is dramatically reducing friction across the attack lifecycle. We break down the myths, explain where AI is already impacting real-world attacks, and walk through how defenders need to adapt if they want to keep up.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we dissect the dangerous trend of organizations ceding control of their security strategy to vendors, exploring the pitfalls of vendor lock-in, overspending, and the illusion of comprehensive protection. We'll provide actionable steps to reclaim your security posture and build an independent strategy tailored to your specific needs.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, Brad and Spencer from SecurIT360's Offensive Security group delve into the crucial reconnaissance phase attackers undertake before launching an attack. They discuss the real-world impact of seemingly harmless data leaks, how attackers chain them together to build a profile of your organization, and common misconceptions about what data is truly "sensitive" from an external attacker's perspective. Learn how organizations can realistically assess their external attack surface beyond automated scanning and discover creative OSINT techniques defenders can use to mimic attacker reconnaissance.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Spencer discuss the rapid technology shift that's happening in cybersecurity, hybrid pentesting models and the overall evolution of pen testing as we head into 2026.Need a pentest before the end of the year?Learn how here...Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we're discussing the pros and mostly the cons of notifying your SOC/MSSP before your penetration test. Spencer and Brad delve into the details of why it matters and share their experience from hundreds of penetration tests. Get your 2025 External Pentest done before time runs out! https://www.securit360.com/external-penetration-testing-services-sa/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we’re sharing practical, no-fluff advice for getting into cybersecurity, whether you're switching careers, just starting out, or leveling up your IT skills. We’ll cover what actually matters to employers, what to avoid, and the fastest paths into the industry. If you’re looking for a clear roadmap into cybersecurity, this episode is for you.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Jordan sit down to discuss how she was caught and reported on a penetration test engagement. We deep dive into the details and why it's a net positive. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode Brad and Jordan sit down to discuss common web application security findings we've seen this year.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this conversation, Tyler Roberts, a penetration tester with expertise in post-exploitation tactics, shares the insider's view on strategies that still prevail in 2025. He and Spencer delve into the importance of credential access and the dangers of password reuse. They discuss effective techniques like Kerberoasting and the implications of misconfigurations in ADCS. Other key topics include evasion methods like DLL injection, credential theft via browsers, and current trends in data exfiltration using cloud tools. It's a must-listen for cybersecurity enthusiasts!