The Cyber Threat Perspective

SecurIT360

Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics.brad@securit360.com

  1. 4 DAYS AGO

    Episode 173: How to Find Insecure Active Directory Permissions with ADeleg

    How do you find insecure permissions in Active Directory before they turn into attack paths? In this episode, we take a practical look at how to identify insecure Active Directory permissions using ADeleg, a free security tool trusted by penetration testers. Misconfigured delegation and overly permissive access rights are a common source of risk in Active Directory environments. These gaps can create hidden attack paths—but many teams don’t know where to look or how to interpret what they’re seeing. In this episode, we cover: How to identify insecure permissions in Active DirectoryWhat to look for in high-risk users and groups like Domain Users, Everyone, and Authenticated UsersHow these misconfigurations translate into real-world attack pathsHow to use ADeleg to analyze delegated permissions and uncover hidden riskWe also include a reference to ADeleginator, a related tool that can help automate parts of this process using PowerShell. While this episode focuses on hands-on analysis with ADeleg, ADeleginator is a useful companion for scaling this work. Tools referenced: ADeleg: https://github.com/mtth-bfft/adeleg Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

    23 min

  2. 12 MAR

    Episode 172: The biggest security blind spots in Midsized companies

    Hey folks! Greetings from the Offensive Security group at SecurIT360. Brad & Spencer are on this episode of The Cyber Threat Perspective to break down The Biggest Security Blind Spots in Mid-Size Companies. In this episode, we expose the most common (and dangerous) gaps that leave mid-sized organizations wide open: poor asset inventory, flat networks, flat identities, overconfidence in security tools, credential reuse, and the emerging risks with AI. If any of these hit home, go to offsec.blog/pentesting, fill out the form on our website, and see if we’re a fit for you. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

    34 min

  3. 6 MAR

    Episode 171: The future of pentesting with AI

    Pentesting is quickly evolving with the integration of AI, fundamentally changing how cybersecurity professionals approach their work. In this episode, Spencer and Brad discuss the real shifts they’re seeing in the industry and what the future may look like. The pivotal changes in AI that have impacted pentesting over the past yearThe emergence of agents, orchestration, and single-pane-of-glass platforms for streamlined operationsHow AI is enabling rapid tool creation, customization, and administrative efficiencyThe effect of AI on skillsets, closing the gap between junior and senior pentestersWhy human expertise remains irreplaceable despite advancements in AI-driven toolsTune in to hear straight-forward perspectives on the future of pentesting and actionable insights for professionals looking to stay ahead. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

    33 min

  4. 27 FEB

    Episode 170: The Evasive Adversary

    In this episode, we break down the biggest insights from the CrowdStrike 2026 Global Threat Report and what they actually mean for IT leaders, security teams, and executives. From attackers abusing trusted identities and bypassing security tools to exploiting edge infrastructure and leveraging AI to move faster than ever, the modern threat landscape is shifting in ways many organizations aren’t prepared for. https://www.crowdstrike.com/en-us/global-threat-report/ https://mhaggis.github.io/ClickGrab/ Episode 164: Offensive Security in the Age of AI - What Has... Episode 155: How We Use AI Offensively - Offensive Security Blog - SecurIT360 Episode 146: What Are The Security Implications of AI -... Episode 144: How Cyber Threat Actors Are Using AI -... Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

    35 min

  5. 20 FEB

    Episode 169: Malicious Browser Extensions

    In this episode, we’re digging into malicious browser extensions...the quiet, often overlooked attack vector living inside nearly every organization. While we focus on patching servers, hardening Active Directory, and deploying EDR, attackers are increasingly abusing the browser as their initial foothold. We’ll break down how these extensions work, why they’re so dangerous, and what IT leaders can realistically do about it. Check out these resources: Annex - Enterprise Software Extension Security & Management https://crxaminer.tech/ https://x.com/tuckner https://x.com/IceSolst brad@securit360.com Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

    30 min

  6. 13 FEB

    Episode 168: Do you need a web app pen test?

    Brad and Jordan talk bout web app pen testing, why you might need it, and why other forms of app sec might not be good enough. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

    23 min

  7. 6 FEB

    Episode 167: TLS and SSL vulnerabilities - do they matter?

    You've got Tyler & Brad and In this episode, we break down the early versions of Transport Layer Security (TLS) — TLS 1.0 and TLS 1.1 — and explain why these once-standard encryption protocols are now considered insecure. We’ll cover when they were released, how modern attacks and cryptographic weaknesses caught up with them, and why today’s internet relies on newer, more secure protocols like TLS 1.2 and TLS 1.3. We’ll also discuss how even “secure” protocols can become vulnerable when weak ciphers are enabled, using Sweet32 as a real-world example of cipher-level risk. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

    30 min

  8. 30 JAN

    Episode 166: Why Your Pentest Didn’t Make You Safer

    In this episode, we explore why many organizations invest in penetration testing yet see little improvement in their actual security posture. We discuss the common pitfalls of treating pentests as one-time events, how attackers operate very differently from scoped assessments, and why remediation—not the report—is what determines real safety. If you’ve ever wondered why “passing” a pentest didn’t translate into stronger defenses, this episode is for you. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://spenceralessi.com Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

    40 min
See All (209)

About

Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics.brad@securit360.com

Information

  • Creator
    SecurIT360
  • Years Active
    2022 - 2026
  • Episodes
    209
  • Rating
    Clean
  • Copyright
    © 2026 The Cyber Threat Perspective
  • Show Website
    The Cyber Threat Perspective

You Might Also Like