The Cyber Threat Perspective

Pentesting is quickly evolving with the integration of AI, fundamentally changing how cybersecurity professionals approach their work. In this episode, Spencer and Brad discuss the real shifts they’re seeing in the industry and what the future may look like.
The pivotal changes in AI that have impacted pentesting over the past year
The emergence of agents, orchestration, and single-pane-of-glass platforms for streamlined operations
How AI is enabling rapid tool creation, customization, and administrative efficiency
The effect of AI on skillsets, closing the gap between junior and senior pentesters
Why human expertise remains irreplaceable despite advancements in AI-driven tools
Tune in to hear straight-forward perspectives on the future of pentesting and actionable insights for professionals looking to stay ahead.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we break down the biggest insights from the CrowdStrike 2026 Global Threat Report and what they actually mean for IT leaders, security teams, and executives. From attackers abusing trusted identities and bypassing security tools to exploiting edge infrastructure and leveraging AI to move faster than ever, the modern threat landscape is shifting in ways many organizations aren’t prepared for.
https://www.crowdstrike.com/en-us/global-threat-report/
https://mhaggis.github.io/ClickGrab/
Episode 164: Offensive Security in the Age of AI - What Has...
Episode 155: How We Use AI Offensively - Offensive Security Blog - SecurIT360
Episode 146: What Are The Security Implications of AI -...
Episode 144: How Cyber Threat Actors Are Using AI -...
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

In this episode, we’re digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers are increasingly abusing the browser as their initial foothold. We’ll break down how these extensions work, why they’re so dangerous, and what IT leaders can realistically do about it.

Check out these resources:
Annex - Enterprise Software Extension Security & Management
https://crxaminer.tech/
https://x.com/tuckner
https://x.com/IceSolst

[email protected]
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

Brad and Jordan talk bout web app pen testing, why you might need it, and why other forms of app sec might not be good enough.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

You've got Tyler & Brad and In this episode, we break down the early versions of Transport Layer Security (TLS) — TLS 1.0 and TLS 1.1 — and explain why these once-standard encryption protocols are now considered insecure. We’ll cover when they were released, how modern attacks and cryptographic weaknesses caught up with them, and why today’s internet relies on newer, more secure protocols like TLS 1.2 and TLS 1.3.
We’ll also discuss how even “secure” protocols can become vulnerable when weak ciphers are enabled, using Sweet32 as a real-world example of cipher-level risk.
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.