The Cyber Threat Perspective SecurIT360

Text us feedback!In this episode, Spencer and Brad dive into the deep underworld of infostealer malware. They discuss what infostealers are, how they are used and what they are used for. They will dig into how the information obtained from infostealers can help cyber threat actors compromise large and small organizations, cloud providers and more but also how the infostealer data and logs can be used by authorities for good.Resources10,000 Victims a Day: Infostealer Garden of Low-Hanging Frui...

Text us feedback!Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios...

Text us feedback!In this episode, Spencer and Brad discuss the OpenSSH "regreSSHion" vulnerability. This is being tracked as CVE-2024-6409 & CVE-2024-6387. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.Links:https://nvd.nist.gov/vuln/detail/CVE-2024-6...

Text us feedback!In this episode, Spencer and Tyler discuss two of their current favorite tools: OneDriveEnum for enumerating user accounts in Microsoft 365 and AD Miner for visualizing attack paths in Active Directory. We hope you enjoy and get value from this episode!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Text us feedback!In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this. Topics covered: Credential Stuffing, Brute Force Attacks, Password Spraying, Prompt Bombing, Session Hijacking, Adversary-in-the-Middle (AiTM) Attacks, OAuth Phishing, Legacy Authentication Protoc...

Text us feedback!In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com