The Cyber Threat Perspective

Brad and Jordan talk bout web app pen testing, why you might need it, and why other forms of app sec might not be good enough.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/links
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

You've got Tyler & Brad and In this episode, we break down the early versions of Transport Layer Security (TLS) — TLS 1.0 and TLS 1.1 — and explain why these once-standard encryption protocols are now considered insecure. We’ll cover when they were released, how modern attacks and cryptographic weaknesses caught up with them, and why today’s internet relies on newer, more secure protocols like TLS 1.2 and TLS 1.3.
We’ll also discuss how even “secure” protocols can become vulnerable when weak ciphers are enabled, using Sweet32 as a real-world example of cipher-level risk.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/links
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we explore why many organizations invest in penetration testing yet see little improvement in their actual security posture. We discuss the common pitfalls of treating pentests as one-time events, how attackers operate very differently from scoped assessments, and why remediation—not the report—is what determines real safety. If you’ve ever wondered why “passing” a pentest didn’t translate into stronger defenses, this episode is for you.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/links
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, Brad and Jordan talk about API pen testing, how it works, and what you can expect if you want to procure one. They discuss pitfalls, common findings, and ways to streamline the process. 
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/links
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we take a step back from the AI hype and focus on what has actually changed in offensive security. AI isn’t replacing attackers or inventing brand-new techniques, but it is dramatically reducing friction across the attack lifecycle. We break down the myths, explain where AI is already impacting real-world attacks, and walk through how defenders need to adapt if they want to keep up.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://go.spenceralessi.com/links
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.