In this episode of The Cyber Threat Perspective, we dive into why a “we couldn’t get in” result on a pentest isn’t always the victory it seems—and why it can be a great sign if interpreted correctly. We break down the real defensive controls that prevented compromise, explore what might still be hiding under the surface, and share why even a clean …

In this episode of The Cyber Threat Perspective, we tackle the crucial first step in cybersecurity: preventing initial compromise. We'll dissect common attack vectors like phishing and exploitation and explore layered defenses ranging from MFA and patch management to DMZs and WAFs. Get actionable guidance to integrate these controls into your secur…

In this episode of The Cyber Threat Perspective, we break down how attackers steal credentials and hijack sessions to gain unauthorized access to systems and data. From phishing to cookie stealing to session token theft, we’ll explore the most common techniques and how to defend against them. Whether you're an IT admin or security pro, you’ll walk …

In this episode Spencer and Brad review the M-Trends 2025 Report. M-Trends 2025 is Mandiant's annual report that shares frontline learnings from its global incident-response engagements—over 450 000 hours of investigations in 2024—providing sanitized, data-driven analysis of evolving attacker tactics, dwell times, industry and regional trends, and …

In this replay, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strateg…

In this episode, Tyler and Brad discuss DMARC and how the latest version of the PCI framework requires phishing protection. You'll also learn about DMARC, DKIM, and SPF and how to elevate them to help protect your organization from attacks like Business Email Compromise (BEC). Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreat…

In this episode of The Cyber Threat Perspective, we explore the strategic integration of deception technology like canaries and honeypots into your cybersecurity defenses. Discover how these tools allow you to detect threat actors earlier in their attack sequence, disrupt malicious activities, and mitigate potential damage to your organization. Joi…

Threat reports can be goldmines for defenders — but only if we know how to extract and apply what matters. A good analysis can mean catching an attack early or missing it entirely. There's no shortage of threat intel out there. The real challenge is making sense of it without getting overwhelmed. In this episode we discuss: What makes up a threat r…

In this episode, Brad and Sam discuss the most common security issues found on external penetration tests, how to find them yourself, and how to address them. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/myli…

This episode focuses on SaaS (Software as a Service) Supply Chain Attacks. We discuss what SaaS applications are most at risk, what the real danger of saas supply chain attacks are and most importantly how to defend and detect these attacks. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthre…

This week on the podcast, Niels van Melick sits down with Catie Grasso, Head of Content Marketing at Dataiku, to dive into how AI is reshaping content marketing. Catie shares her insights on how her team integrates AI into their daily workflows, balances automation with creativity, and ensures high-quality content at scale. Here's what you'll learn…

Dive into the quirky underworld of digital misdirection in this episode, where we explore the art of typosquatting. Discover how a simple mistyped URL can turn into a gateway for cyber trickery, as we break down the many forms of typosquatting—from subtle misspellings that mimic trusted sites to more elaborate schemes designed to deceive. Learn why…

This week on the podcast, Niels van Melick is joined by Elise Thrale, Head of Content at Napier AI, to discuss how to maximize content marketing impact with limited resources. Elise shares her insights on prioritizing content efforts, learning from past experiments, and repurposing high-performing assets for long-term success. Here's what you'll le…

In this episode, we discuss whose job is harder. The red team or the blue team? We discuss the roles and responsibilities of many red and blue teamers, the challenges both those teams face, and then we share some advice for handling and overcoming those challenges. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter:…

Unlock the secrets of effective attack surface monitoring in this replay of The Cyber Threat Perspective. Brad and Spencer dive into essential practices, tools, and methodologies to keep your systems secure. Define and understand attack surface and attack vectors Distinguish between physical and digital attack surfaces Explore DIY vs. commercial to…

Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/mylinks Work with Us: https://securit360.comBy SecurIT360

This week on the podcast, Niels van Melick sits down with Aino Hakinen, VP of Marketing at Sievo, to dive into the challenges and opportunities of sales and marketing alignment. With a background in sales development, Aino brings a unique perspective on how marketing can drive revenue, build stronger relationships with sales teams, and create strat…

In this episode, we discuss several insecure protocols that are found within Active Directory environments. When these protocols are enabled, they could be abused by an attacker to perform a number of attacks, including privilege escalation and lateral movement. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: ht…

In this episode, Chelsea (ChatGTP) interviews Brad about web application penetration testing. Listen in to learn how the process works from start to finish! Resources https://owasp.org/ https://nvd.nist.gov/vuln-metrics/cvss https://chatgpt.com/ Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyber…

In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and th…

In this episode, Spencer and Tyler discuss key things that they as pentesters wish all organizations knew about pentesting and the pentest process. They go through the entire lifecycle of a pentest and discuss definitions, processes, misconceptions and much more. By the end of this episode, we hope you have a better understanding of everything that…

In this episode, we draw parallels between natural disasters and navigating today’s cybersecurity landscape. From the importance of preparation and layered defenses to the critical need for constant monitoring and resilience, we uncover valuable lessons that nature’s challenges can teach us about protecting systems and data. Whether you’re an IT pr…

Join us for this replay of episode 78 - an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360. Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career…

Welcome to this replay on The Cyber Threat Perspective! In this episode, Brad and Spencer dive into the mechanics and recent developments of email spoofing, shedding light on how attackers are bypassing advanced email protections. In this episode, we cover: The fundamentals of email spoofing and why it's a significant threat. Insight into the recen…

In this episode of The Cyber Threat Perspective, Nathan and Spencer discuss crucial strategies for Windows and Active Directory hardening, emphasizing the importance of community collaboration and the value of using CIS benchmarks for security compliance. In this episode, we cover: Implementing multi-factor authentication for domain admins The bene…

This week on the podcast, Niels van Melick is joined by John Habib, Director of Content Strategy at Diligent, to explore what it takes to build and scale a high-performing content team. With years of experience leading content teams, John shares his insights on identifying key roles, balancing internal and external resources, and adapting to evolvi…

In this episode, we’re discussing what a seasoned CISO is focused on going into 2025. Mike Whitt is a Cheif Information Security Officer in the financial sector with over 20 years of experience building teams, security programs, and leading organizations to a more secure posture. https://www.linkedin.com/in/mike-whitt-a4b4802/ Blog: https://offsec.…

In this episode, we’re peeling back the layers of the question so many organizations ask: Why do penetration tests cost so much? But here’s the real twist—are they actually expensive, or are we measuring their value the wrong way? By the end of this episode, you’ll understand not just the cost of a penetration test, but its value as an investment i…

This week on the podcast, Niels sits down with Elizabeth Strickart, Director of Content Marketing at A-LIGN, to explore the challenges and opportunities of breaking down organizational silos in marketing. Elizabeth shares her journey of fostering collaboration across teams to create more impactful campaigns and drive better results. Here's what you…

In this episode, we’re diving into one of the most enduring cybersecurity challenges—weak passwords. We’ll explore how poor password practices and identity management pitfalls leave organizations vulnerable to compromise. From understanding the most common mistakes to implementing effective defenses, we’re breaking down what it takes to fortify you…

This week on the podcast, Niels sits down with Matthew Grant, Director of Content Marketing at SAP LeanIX, to explore the challenges and opportunities of creating truly differentiated content in the age of AI. Matthew shares his wealth of experience in content strategy, customer storytelling, and leveraging subject matter expertise to stand out in …

In this episode, we discuss the broad concept of risk, what it is, and how to manage it. This episode is a great way to begin understanding how to develop an overall risk management strategy at your organization or understand how a risk management program might work for you. You find out more about what Rob and his team can do here: https://www.sec…

This week on the podcast, Niels van Melick is joined by Thereasa Roy, Director of Content and Product Marketing at OffSec, to explore the unique benefits of aligning product marketing with content marketing for long-term success. Thereasa shares her experiences overseeing both teams and how it has led to more cohesive messaging and impactful campai…

In this episode, we discuss the challenge of translating penetration test findings into practical and effective security improvements, and we delve into the three major bottlenecks to improving security and give recommendations for overcoming them. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cy…

This week on the podcast, Niels van Melick talks with Carleen Hughes, VP of Marketing at Kainos, about how to maximize ROI from events. With experience managing over 30 events annually, Carleen shares her insights on integrating events as a core element of a B2B marketing strategy, covering everything from planning to post-event follow-up. Here's w…

In this episode, we're talking about a significant development in the cyber threat landscape. There has been a surge in activity from a group known as Midnight Blizzard, also known as APT29. They're a sophisticated Russian state-sponsored group, and their primary targets are governments, diplomats, NGOs, and IT service providers, mainly in the US a…

This week on the podcast, Niels van Melick dives into the world of original research reports with Nicole Caci, Director of Content and Communications at AvePoint. Nicole recently launched a successful research report that has been referenced by industry heavyweights like Gartner. Here's what you'll learn in this episode: • Why original research rep…

In this episode, we dive deep into the newly released Microsoft Digital Defense Report 2024, which offers a comprehensive look at the latest trends in the global cybersecurity landscape. From evolving cyber threats and attack strategies to Microsoft's analysis of the most vulnerable sectors, we break down the key findings and what they mean for bus…

In this episode replay, Spencer and Darrius break down the complexities of credential protection, discussing everything from user education and tools to threat modeling and guardrails. Plus, we delve into the world of protecting credentials within scripts and code. This is a must-listen for all IT admins, CISOs and any other IT/Security professiona…

This week on the podcast, Niels van Melick sits down with Abi Malins, Content Strategist at Leadwave, to discuss how to build an effective content strategy that truly resonates with your audience. Drawing from her experience working with B2B tech & consulting firms, Abi shares her insights on what makes a content strategy successful. Here's what yo…

In this episode, Spencer and Brad discuss a recent Trend Micro research project and associated white paper "Red Team Tools in the Hands of Cybercriminals and Nation States". Spencer and Brad dig into what red teaming is, what red team tools (often referred to as offensive security tools) are and why they are used. They also cover the abuse of red t…

This week on the podcast, Niels van Melick is joined by Brooke Gocklin, Head of Content Marketing at CoreWeave, to discuss how to build effective thought leadership campaigns. Brooke shares her expertise on how to develop content strategies that resonate with your audience, stand out in the market, and drive results. Here's what you'll learn in thi…

In this replay episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program. Blog: https://offse…

In this episode, Brad and Spencer discuss Spencer's upcoming in-person workshop at Cyber SC. The **Hardening Active Directory to Prevent Cyber Attacks** Workshop is aimed at IT professionals, system administrators, and cybersecurity professionals eager to learn how to bolster their defenses against cyber threats. In this workshop, we will discuss c…

In this episode, Spencer and Tyler share what they love and hate about the current state of penetration testing, they discuss current and future trends, and what it means to be a true cybersecurity partner. We hope you enjoy this episode! Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatp…

In this episode of B2B Marketing Done Right, Niels van Melick sits down with Sonja Jacob, Director of Content Marketing at Athenahealth, to explore how content marketing leaders can make a real impact in a new company. Drawing from her experience at leading companies like Meta and Cisco, Sonja shares valuable insights on building a content function…

In this episode, Tyler and Brad talk about various security issues found on recent penetration tests. They outline the how and why, and talk about mitigation strategies to help you beat these issues in your environment. Resources Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov …

In this episode, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strate…

This week on the podcast, Niels van Melick is joined by Lena Weber-Reed, UK Marketing and Communications Manager at Getronics, to discuss the current state of B2B marketing and how teams should adapt to drive results. Lena shares her thoughts on the challenges facing B2B marketers today—from shifting away from traditional lead gen tactics to the ne…

In our "DNS Security" podcast, we delve into DNS's critical role in how the internet works, exploring its vulnerabilities and attacks like DNS spoofing, cache poisoning, and DDoS. We discuss DNSSEC and its components, including public and private keys, and examine practical solutions such as DNS and content filtering. The episode also highlights th…