All Episodes

Episode 181: AI Zero Days (Google Threat Intelligence Report)

Episode 180: Cybersecurity Echo Chambers — How to Think Critically in a Hype-Driven Industry

Episode 179: OWASP Top 10 Part 1 - Broken Access Control, IDOR, and CORS Explained

Episode 178: Internal Security Controls That Actually Frustrate Attackers

Episode 177: Claude Mythos — What It Actually Does, What It Doesn't, and What Your Organization Should Do Now

Episode 176: Cybersecurity Advice That Sounds Smart But Fails in Practice

Episode 175: NetTools - The Free Active Directory Swiss Army Knife for IT Admins & Pen Testers

Episode 174: Web Application Penetration Testing Tools & Techniques with Jordan

Episode 173: How to Find Insecure Active Directory Permissions with ADeleg

Episode 172: The biggest security blind spots in Midsized companies

Episode 171: The future of pentesting with AI

Episode 170: The Evasive Adversary

Episode 169: Malicious Browser Extensions

Episode 168: Do you need a web app pen test?

Episode 167: TLS and SSL vulnerabilities - do they matter?

Episode 166: Why Your Pentest Didn’t Make You Safer

Episode 165: What to expect on your API Pentest

Episode 164: Offensive Security in the Age of AI: What Has Changed

Episode 163: The Vendor Security Trap: Are You Losing Control?

Episode 162: Before the Breach How Attackers Profile Your Organization

Episode 161: The Evolution of Pentesting Going Into 2026

Episode 160: Should You Alert Your SOC Before a Pentest?

Episode 159: How to Break Into Cybersecurity in 2026

Episode 158: How to get kicked out of AWS by the FBI

Episode 157: AppSec Findings in 2025

Episode 156: Post-Exploitation Tactics That Still Work in 2025

Episode 155: How We Use AI Offensively

Episode 154: Pentesting on a Budget for IT Admins

Episode 153: How to Prove Your Security Works Before Attackers Do

(replay) Common Pentest Findings That Shouldn't Exist in 2025

Episode 152: What is Offensive Security?

Episode 151: Tool Time - PingCastle for Defenders

Episode 150: How to Use Pentest Findings to Justify Your Next Security Spend

Episode 149: Building a Security Stack That Works A Practitioner’s Perspective

Episode 148: Securing Windows: Common Misconfigurations That Give Attackers The Advantage

Episode 147: When to Accept the Risk

Episode 146: What Are the Security Implications of AI?

Episode 145: What To Do Minute 1 When Incident Response Arrives

Episode 144: How Cyber Threat Actors Are Using AI

Episode 143: Stop Wasting Money on Pentests - Do This First

Episode 142: How Active Directory Certificates Become Active Threats

Episode 141: Are You Making These Windows Security Mistakes

Episode 140: Financial Services Cybersecurity Challenges & How to Address Them - Part 2

Episode 139: Financial Services Cybersecurity Challenges & How to Address Them - Part 1

(Replay) How We Evade Detection During Internal Pentests

Episode 138: The 7 Questions Every Security Leader Should Ask After a Pentest

Episode 137: Common Pentest Findings That Shouldn’t Exist in 2025

Episode 136: A day in the life of an External Penetration Tester

(Replay) How To Harden Active Directory To Prevent Cyber Attacks - Webinar

Episode 135: We Couldn’t Get In...And That’s a Good Thing, Or Is It?

Episode 134: Preventing Data Breaches: Strategies to Mitigate Initial Compromise

Episode 133: How Cyber Attackers Steal Credentials & Hijack Sessions

Episode 132: Reviewing the Mandiant M-Trends 2025 Report

(Replay) How To Defend Against Lateral Movement

Episode 131: DMARC & PCI 4.0 Compliance - Is your Organization Compliant?

Episode 130: Using Deception Technology to Detect Cyber Attacks

Episode 129: How to Analyze Threat Reports for Defenders

Episode 128: The Most Common External Pen Test Findings—And How to Fix Them

Episode 127: SaaS Supply Chain Attacks - How to Stay Secure

Episode 126: Typosquatting - How and Why It Works and How to Defend Against It

Episode 125: Whose Job Is Harder? Red or Blue

(Replay) How To Monitor Your Attack Surface

Episode 124: MFA != Secure

Episode 123: Insecure Active Directory Protocols

Episode 122: AI/ChatGPT Interviews a Web Pen Tester!!

Episode 121: How We Evade Detection During Internal Pentests

Episode 120: Demystifying Pentests: What Every Organization Needs to Know

Episode 119: Lessons Natural Disasters Can Teach Us About Cybersecurity

(Replay) Tales From The Trenches

(Replay) Email Spoofing: From Basics to Advanced Techniques and Solutions

(Replay) Windows and Active Directory Hardening

Episode 118: 2025 - A CISO's Perspective with Mike Whitt

Episode 117: Why Do Pentests Cost So Much?

Episode 116: Painfully Persistent Problems - Weak Passwords

Episode 115: How to understand and address risk w/ Robert McElroy

Episode 114: Making Penetration Test Results Actionable

Episode 113: Phishing with Malicious RDP Files

Episode 112: Key Insights From The Microsoft Digital Defense Report 2024

(Replay) How To Actually Protect Credentials

Episode 111: Red Team Tools (OST) Managing Open-Source Threats

(Replay) Vulnerability Management Deep Dive

Episode 110: AD Security Workshop Preview

Episode 109: Current State of Pentesting - Internal and External

Episode 108: New tales from the trenches!

Episode 107: How To Defend Against Lateral Movement

(Replay) DNS Security

Episode 106: An Overview of Cyber Risk

Episode 105: How to Monitor Your Attack Surface

Episode 104: How To Get Into Cyber For First Responders

Episode 103: Email Spoofing

Episode 102: The Global CrowdStrike Outage

Episode 101: Infostealers - 10,000 Victims a Day

(Replay) How We Hack Medical Devices To Save Lives

Episode 100: The OpenSSH RegreSSHion Vulnerability

Episode 99: Tool Time - OneDriveEnum & AD Miner

Episode 98: Current State of M365 Attacks: Initial Access

Episode 97: Current State of M365 Attacks: Enumeration

Episode 96: How to Harden Active Directory to Prevent Cyber Attacks

Episode 95: Navigating the Legal Maze of Cybersecurity with Alexander Boyd

Episode 94: Defending Against Ransomware Part 2

Episode 93: Defending Against Ransomware Part 1

Episode 92: Cybersecurity Training and Certification Advice

Episode 91: The 2024 Verizon Data Breach Investigations Report

Episode 90: Transforming Your Security - Insights from Coaching a Collegiate Cyber Defense Team

Episode 89: How to Actually Protect Credentials

Episode 88: Budgeting for Security: Optimizing Penetration Testing Investments

Episode 87: Pentesting Challenges and How to Overcome Them

Episode 86: The XZ Backdoor

Episode 85: Tool Time - DarkGPT

Episode 84: How We Hack Medical Devices to Save Lives

Episode 83 - Defense in Depth

Ep82 - DFIR For IT & Security Leadership

Ep81 - Pentesting Misconceptions

Ep 80: Low-Cost, High-Impact Security

Episode 79: Bug Bounties

Episode 78: Tales from the Trenches

Episode 77: DNS Security

Episode 76: Windows & Active Directory Hardening

Episode 75: Assume Breach - Extracting Maximum Value From Offensive Security Testing

Episode 74: Soft Skills and Mental Health For Security Professionals

Episode 73: Password Spraying Inside & Out

Episode 72: Vulnerability Management Deep Dive

Episode 71: A CISO's Perspective on Offensive Security Services

Episode 70: Future Trends in Penetration Testing Part 2

Episode 69: Future Trends in Penetration Testing Part 1

Episode 68: The evolution of penetration testing TTPs

Episode 67: A Day In The Life: External Penetration Testing

(Replay) HACKERS: How we GET IN and how to STOP US

Episode 66: The DevSec Divide: Breaking Down Barriers for Better Security

11/2023 Cyber Threat Recap: Okta, Octo Temptest, Smishing

Episode 65: Unsecured Credentials and Where To Find Them

Episode 64: A Day In The Life: Web Application Penetration Testing

Episode 63: A Day in The Life: Internal Penetration Testing

Episode 62: What Makes a Great Penetration Test Report?

Episode 61: How to Mitigate Social Engineering Attacks

Episode 60: Cybersecurity Hot Takes

Episode 59: Offensive TTPs and Tooling Trends

Episode 58: How To Identify and Mitigate Insecure Windows Services

Episode 57: Find and FIX AD CS Vulnerabilities Using Locksmith with Jake and Sam

Episode 56: Vulnerabilities & Severity - Explain It To Me Like I'm 5

Episode 55: What If Your EDR Doesn't Detect or Respond?

Episode 54: Misconfigured and Dangerous Logon Scripts

Episode 53: How to Defend and Mitigate PowerShell Attacks

Episode 52: How to Prepare for an External Penetration Test

Episode 51: Security Automation with PowerShell

Episode 50: How Attackers Use PowerShell

Episode 49: Scoping Offensive Security Engagements

Episode 48: Authentication done right!

Episode 47: How to Sharpen your Sword as a Pentester

Episode 46: Reducing Active Directory Security Risks from a Hackers Perspective

Episode 45: Our Most Common External Pen Test Findings

Episode 44: Should penetration testers know how to code?

Episode 43: Hacking for Good - Insights and Inspiration with John Hammond

Episode 42: OSINT - What You Don't Know Can Hurt You

Episode 41: Security Assessment vs Pentest Which is More Impactful and Why

Episode 40: How Attackers Target Law Firms and How To Detect & Prevent It

Episode 39: Pentesting Certifications Tier List Part 2

Episode 38: Pentesting Certifications Tier List Part 1

Episode 37: Offensive Security Testing Part 5 - Wireless Pentesting

Episode 36: Pentest vs Purple Team vs Red Team

Episode 35: Getting Into Pentesting Without an IT Background

Episode 34: The State of Web Application Penetration Testing

Episode 33: Reflections on Privacy Law and Privacy Issues

Episode 32: Our Favorite Pentesting Tools: PingCastle

Episode 31: Pentesting War Stories

Episode 30: LastPass DataBreach Updates

Episode 29: Critical Vulnerabilities You WON’T Find Using Nessus

Episode 28: BurpSuite 2023 Roadmap - Huge Improvements!

Episode 27: Password Myths Misconceptions and Lies

Episode 26: Cloud Security Quick Wins For Defenders

Episode 25: What To Do Before You Get A Pentest

Episode 24: Active Directory Security Quick Wins For Defenders

Episode 23: Offensive Security Testing Part 4 - External Pentesting

Episode 22: Yet Another LastPass Breach

Episode 21 - SecurIT360 Offensive Security Christmas Special

Episode 20 - ChatGPT: The Future of Infosec with AI

Episode 19: Staying Frosty Sharp over the Holidays

Episode 18: An introduction to Burp Suite

Episode 17: Abusing WSUS for Lateral Movement

Episode 16: OWASP API Hacking and DevSec with Matt Tesauro

Episode 15: Pentesting Certifications - which to get and why

Episode 14: Offensive Security Testing Part 3 - Web App Pentesting

Episode 13: Offensive Security Testing Part 2 - Mobile Pentesting

Episode 12: Law Firm Security Challenges Live at LegalSec22

Episode 11: Offensive Security Testing Part 1 - Internal Pentesting

Episode 10: Web Application Threats in the Modern Landscape

Episode 9: Breaking In Or Branching Out: How To Get A Job In Cybersecurity

Episode 8: Hackers: How we get in and how to stop us

9-16-22 Week in Review: Uber Hacked, Teams Cleartext Tokens, Intermittent Ransomware Encryption

Episode 7: How to Make Threat Actors Cry

9-9-22 Week in Review: New EvilProxy Phishing Service and Linux Malware

Episode 6: 5 Ways to Get More Value out of your External Penetration Test

9-2-22 Week in Review: Okta Phishing, BEC Analysis, LNK Attacks

Episode 5: Common High Risk Findings on Internal Penetration Tests & How to Mitigate Them

8-26-22 Week in Review: LastPass Breach, Office 365 Abuse, DevSecOps

Episode 4: 7 Awesome Ways to Show Off Your Skills as a Pentester

8-19-22 Week in Review: Password Snooping, Supply Chain, Cl0p Ransomware

Episode 3: It's a Trap! Avoid These 4 Common Pentesting Mistakes

8-12-22 Week in Review: BumbleBee Malware & High Profile Phishing Attacks

Episode 2: How to Find Passwords on Network Shares Before Attackers Do

8-5-22 Week in Review: Evasive Phishing, Tricky Malware and Initial Access Brokers

Episode 1: Takeaways from the 2022 Verizon Data Breach Investigations Report

July 29th Week in Review: Intergalactic Planetary Phishing, ISOs & LNKs, Ransomware & Extortion

July 22nd 2022 CTP Week in Review: RIP Macros, Bad Luck BlackCat, Mr. Eagle

July 15th 2022 CTP Week in Review: Macros, Coin Miners, Rustomware, Cookie Phishing

July 8th 2022 CTP Week in Review: Office Macros - BRC4 - QNAPWorm - Leaky S3 Buckets - Prevention Over Response

July 1st 2022 CTP Week in Review: LNK Malware - LockBit 3.0 Bug Bounty - PwnKit Exploitation In The Wild

June 24th 2022 CTP Week In Review: DFSCoerce, Ransomware in OneDrive & PowerShell Forever

June 17th 2022 CTP Week In Review: BlackCat - LockBit 2.0 - Saitama DNS Tunneling - Exposed Travis CI Logs

June 10th 2022 CTP Week in Review: Dogwalk - Qakbot - Follina - ESXi Ransomware

June 3rd 2022 – Cyber Threat Perspective – Week in Review

Threat Intel Flash Briefing May 31st 2022 - Follina - CVE-2022-30190

May 27th 2022 – Cyber Threat Perspective – Week in Review

May 20th, 2022 - Cyber Threat Perspective - Week in Review

May 13th, 2022 - Cyber Threat Perspective - Week in Review

May 6th, 2022 - Cyber Threat Perspective - Week in Review

Threat Intel Flash Briefing - Kerberos Relaying to Local SYSTEM