The Cyber Threat Perspective
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics.
brad@securit360.com
Episodes
194 episodes
Episode 158: How to get kicked out of AWS by the FBI
In this episode Brad and Jordan sit down to discuss how she was caught and reported on a penetration test engagement. We deep dive into the details and why it's a net positive.
•
Season 1
•
Episode 158
•
21:22
Episode 157: AppSec Findings in 2025
In this episode Brad and Jordan sit down to discuss common web application security findings we've seen this year.
•
Season 1
•
Episode 157
•
24:54
Episode 156: Post-Exploitation Tactics That Still Work in 2025
In this episode Spencer and Tyler discuss post-exploitation tactics that still work in 2025. The guys discuss everything from credential access techniques to defense evasion, lateral movement and even exfiltration.
•
Season 1
•
Episode 156
•
28:53
Episode 155: How We Use AI Offensively
In this episode, we're taking a deep dive into how the Offensive Security group at SecurIT360 is strategically leveraging and utilizing artificial intelligence technologies in offensive security operations. We'll explore the innovative ways thi...
•
Season 1
•
Episode 155
•
37:03
Episode 154: Pentesting on a Budget for IT Admins
This episode is all about pentesting on a budget for IT Admins. This episode is inspired by the PDQ Live stream held on October 23rd, 2025, where Spencer shared tips, tactics, tools and advice for IT admins wanting to better defend and protect ...
•
Season 1
•
Episode 154
•
25:56
Episode 153: How to Prove Your Security Works Before Attackers Do
In this episode, we dig into how to move from “we think we’re secure” to “we can prove it.” We’ll lay out a practical loop for validating controls, gathering evidence, and tracking results that leadership understands. If you’ve ever wondered ho...
•
Season 1
•
Episode 153
•
33:04
(replay) Common Pentest Findings That Shouldn't Exist in 2025
In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the commo...
•
27:23
Episode 152: What is Offensive Security?
In this episode, Spencer and Brad dig into a question that comes up all the time: what exactly is offensive security? Hint: it’s not just “pentesting.” Offensive security covers a whole spectrum of activities, including, penetration te...
•
Season 1
•
Episode 152
•
43:33
Episode 151: Tool Time - PingCastle for Defenders
In this episode, we’re digging into a super awesome Active Directory security tool called PingCastle. We’ll cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversarie...
•
Season 1
•
Episode 151
•
42:27
Episode 150: How to Use Pentest Findings to Justify Your Next Security Spend
https://offsec.blog/budgetIn this episode, we’re tackling an often-overlooked opportunity: using pentest results to secure more budget for security initiatives. Too many organizations run a pentes...
•
Season 1
•
Episode 150
•
30:36
Episode 149: Building a Security Stack That Works A Practitioner’s Perspective
In this episode, Brad and Spencer sit down with an experienced information security and risk manager to explore how they build and manage their security stack, choose the right tools, and win support from their team and leadership. We dig into ...
•
Season 1
•
Episode 149
•
36:33
Episode 148: Securing Windows: Common Misconfigurations That Give Attackers The Advantage
This is the webinar I gave in August 2025 on the topic of common Windows misconfigurations I see during internal pentests. Make sure you grab your free gifts!Learn how we do internal pen...
•
Season 1
•
Episode 148
•
54:45
Episode 147: When to Accept the Risk
In this episode, we’re digging into one of the most overlooked parts of a penetration test, when it actually makes sense to not fix a finding. Not every vulnerability deserves equal treatment, and sometimes accepting the risk is the most ...
•
Season 1
•
Episode 147
•
39:02
Episode 146: What Are the Security Implications of AI?
In this episode of The Cyber Threat Perspective, we’re exploring the broader security implications of artificial intelligence. AI is transforming everything—from how we defend our networks to how attackers exploit them. We’ll break down the ris...
•
Season 1
•
Episode 146
•
45:09
Episode 145: What To Do Minute 1 When Incident Response Arrives
In this episode, we're diving into what to do the minute incident response arrives. That first moment matters—a lot. Whether it's a ransomware attack, unauthorized access, or data exfiltration, how you act in minute one can either help...
•
Season 1
•
Episode 145
•
33:46
Episode 144: How Cyber Threat Actors Are Using AI
In this episode of The Cyber Threat Perspective, we're diving into one of the most pressing trends in cybersecurity: how threat actors are using AI. From deepfake scams and AI-generated phishing emails to automated malware and voice cloning, at...
•
Season 1
•
Episode 144
•
31:53
Episode 143: Stop Wasting Money on Pentests - Do This First
In this episode, we break down a question that often gets overlooked: When should you not do a penetration test? Not every organization needs a pentest right away, and choosing the wrong assessment can waste time, money, and effort. We...
•
Season 1
•
Episode 143
•
44:46
Episode 142: How Active Directory Certificates Become Active Threats
In this episode, we're diving into one of the most overlooked yet dangerous components of Active Directory: Certificate Services. What was designed to build trust and secure authentication is now being exploited by attackers to silently escalat...
•
Season 1
•
Episode 142
•
35:56
Episode 141: Are You Making These Windows Security Mistakes
It’s easy to overlook small misconfigurations on Windows endpoints, but those little mistakes can create big opportunities for attackers. In this episode, we break down the most common Windows security missteps we see in real-world environments...
•
Season 1
•
Episode 141
•
30:24
Episode 140: Financial Services Cybersecurity Challenges & How to Address Them - Part 2
In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. We’ll break down common atta...
•
Season 1
•
Episode 140
•
43:33
Episode 139: Financial Services Cybersecurity Challenges & How to Address Them - Part 1
In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. Whether you're on the red te...
•
Season 1
•
Episode 139
•
41:12
(Replay) How We Evade Detection During Internal Pentests
(Replay) In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our ho...
•
40:44
Episode 138: The 7 Questions Every Security Leader Should Ask After a Pentest
In this episode of The Cyber Threat Perspective, we break down the 7 critical questions every security leader should ask after a penetration test. A pentest isn’t just about checking a box, it’s an opportunity to assess your defenses, measure p...
•
Season 1
•
Episode 138
•
42:16
Episode 137: Common Pentest Findings That Shouldn’t Exist in 2025
In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the commo...
•
Season 1
•
Episode 137
•
27:23
Episode 136: A day in the life of an External Penetration Tester
In this episode of The Cyber Threat Perspective, we dive into why a “A day in the life of an External Penetration Tester." What do we actually do, and how do the things we do affect the overall engagement? What's important? We answer a...
•
Season 1
•
Episode 136
•
37:32