The one and only official podcast from OffSec, Inc. -- creators of the Kali OS, the OSCP certification, and the world's leading cybersecurity training
…
continue reading
We think we know how computer systems work, but how come they keep surprising us? We also think we know how humans behave, but we keep finding out we don’t. This podcast is for ethical hackers who are thirsty for challenges and who never settle for easy answers. We challenge some of the best offensive security pros in the world to reveal the unique traits, skills, and real-world experiences that got them where they are today. Get ready to be caught off guard as we debunk misconceptions, diss ...
…
continue reading
1
We think we know hackers thrive on deep environment knowledge
1:13:35
1:13:35
Play later
Play later
Lists
Like
Liked
1:13:35
“Not everything works as configured. Not everyone behaves as trained.” The reality of this statement makes it possible for us, the people in offensive security, to have a job. It also highlights how unpredictable our work can be and how never-ending our learning process is. We work in a space where things are so complex that we need to combine big-…
…
continue reading
1
We think we know you can't attack what you don't understand
54:42
54:42
Play later
Play later
Lists
Like
Liked
54:42
In this episode, we continue to ask the meaningful questions: What makes a great pentester? How can you balance the art of manual testing with the efficiency of automation? What is the unique value that pentesters bring to offensive security? And what can't be commoditized in this craft? Gabrielle's mantra, “action for cyberpeace”, resonates throug…
…
continue reading
1
We think we know what makes a good pentester
51:33
51:33
Play later
Play later
Lists
Like
Liked
51:33
With 20+ years of cybersecurity work, Tom unpacks the complexities of penetration testing, discussing the roles of vendors, practitioners, and technological advancements. He also shares his perspective on what makes a good pentester, the value of mentorship, and the ethical challenges in this line of work. Explore this conversation to learn: How pe…
…
continue reading
1
We think we know what it takes to build hacking tools
54:46
54:46
Play later
Play later
Lists
Like
Liked
54:46
Stay tuned as we explore how tools like Nmap and sqlmap have shaped penetration testing over the last two decades, and stick around to discover which aspects make pentesting predominantly a craft - and which parts have become standardized (and what that means for your work). Unpack this conversation to discover: The depth of the work involved in cr…
…
continue reading
1
We think we know our mind is our best hacking tool
48:23
48:23
Play later
Play later
Lists
Like
Liked
48:23
Inti not only sheds light on what happens when expectations meet reality, but he also shares his unique approach to problem-solving with real-life examples you can add to your own process. With 12+ years of experience in this space, Inti De Ceukelaire is a Belgian ethical hacker and cybercrime investigator. He currently works as the Chief Hacker Of…
…
continue reading
1
We think we know what it feels like when we do a good job
50:09
50:09
Play later
Play later
Lists
Like
Liked
50:09
Today’s guest, Willa Riggins, talks about how “every small piece contributes to the larger picture” in pentesting and explains why “it's about understanding the intricacies and appreciating the craftsmanship." From the mindset behind excellent pentesting work to the (difficult) things that are never going to change in this space, we glide through W…
…
continue reading
1
We think we know how to build differentiating skills in offsec
54:52
54:52
Play later
Play later
Lists
Like
Liked
54:52
There’s a constant loop of learning, doing, and improving in offensive security. And one way to develop the “muscle” to tackle complex security challenges is through hands-on training. That’s what IppSec, our guest, does with kindness, passion, and in the community’s best interest. IppSec helps us bust a couple of common myths which, if left unques…
…
continue reading
1
We think we know the value of first principles in offensive security
53:08
53:08
Play later
Play later
Lists
Like
Liked
53:08
Ready to excel in offensive security this year? Delve into the mind of Vivek Ramachandran, a cybersecurity virtuoso who’s seen (and learned) a lot in this field. He's a force that fuels both his current company and the broader cybersecurity landscape with original thinking, educational and actionable insights. And there's more to Vivek than just te…
…
continue reading
1
We think we know hacking is a tool for deeper change
59:13
59:13
Play later
Play later
Lists
Like
Liked
59:13
If you have questions that boggle your mind about penetration testing, Jayson is the person to learn from. In the fourth episode of our We think we know podcast, we delve into the world of ethical hacking with the legendary Jayson E. Street. As an icon in the penetration testing community, Jayson brings a unique blend of wit, wisdom, empathy, and a…
…
continue reading
1
We think we know offensive security is an infinite game (and why)
54:48
54:48
Play later
Play later
Lists
Like
Liked
54:48
“There is no end goal in this industry. You're always going to keep moving forward.” This quote from our guest does a great job at capturing the conversation we explore in this podcast: the love for the process, the hunger for knowledge, how to add value for clients, and become a better penetration tester. For the third episode of We think we know,…
…
continue reading
1
We think we know how to give pentest clients what they really need
52:41
52:41
Play later
Play later
Lists
Like
Liked
52:41
It’s not just penetration testing, just like today’s guest is not just an offensive security pro. If you’re the ambitious type who’s always up for new challenges, then you’re most likely going to resonate with today’s guest and his approach. Experienced penetration tester and Volkis co-founder, Alexei Doudkine joins us in the second episode of the …
…
continue reading
1
We think we know how to explain the value of a penetration test
54:33
54:33
Play later
Play later
Lists
Like
Liked
54:33
Welcome to the kick-off episode of the We think we know podcast! Whether you’re looking for a fresh perspective, to learn about and from our guest, or just to see if this podcast is worth your time, thanks for choosing to spend some time with us! We don’t take it for granted. Today, we've got the fantastic Alethe Denis with us. Wearer of many hats …
…
continue reading
🤩 We’re launching a podcast! On Nov. 7, the first episode of We Think We Know will be in your headphones! Here's the low-down: 🤔 What is it about? Learning how to be better hackers by challenging assumptions and digging deeper into the why, how, and what of offensive security. In the 1st season, we're unpacking why #penetrationtesting is a craft an…
…
continue reading
1
#37: Persistence in Information Security with Shad0wbits
41:17
41:17
Play later
Play later
Lists
Like
Liked
41:17
The OffSec Podcast returns this week with special guest Kai (Shad0wbits), the founder and Chief Security Architect at Black Cipher Security. Host TJ Null begins by asking Kai about what piqued his interest in the Infosec field and what resources he used to get himself started. He shares what made him decide to start his own pentesting firm and give…
…
continue reading
1
#36: Continuous Security Testing with Rob Ragan, Principal Researcher at Bishop Fox
53:33
53:33
Play later
Play later
Lists
Like
Liked
53:33
Host FalconSpy returns this week joined by Rob Ragan, Principal Researcher at Bishop Fox! They begin by diving into tips for organizations beginning to build out their continuous security testing and why it’s so important. Regan also shares bugs he’s discovered deploying your tools to assist with continuous security testing. Next, he gives advice b…
…
continue reading
1
#35: Cybersecurity Awareness with Christopher Forte
29:49
29:49
Play later
Play later
Lists
Like
Liked
29:49
In this week’s episode, host TJ Null welcomes Christopher Forte, an infrastructure engineer at Offensive Security. Forte has red-teamed the city of Los Angeles, spoken at Defcon, and hosted training events for multiple intelligence agencies. The episode begins with Christopher sharing resources he used to get his start in the infosec field. He then…
…
continue reading
1
#34: How to Succeed in InfoSec with Jim O’Gorman and Dave Kennedy
1:18:08
1:18:08
Play later
Play later
Lists
Like
Liked
1:18:08
Host TJ Null returns this week with an episode featuring two special guests: Jim O’Gorman and Dave Kennedy! Jim O’Gorman is the Chief Content and Strategy Officer for OffSec and has been in the information security world for more than a decade. Dave Kennedy, CEO and Founder of TrustedSec, has presented at conferences such as Defcon and Blackhat. To…
…
continue reading
1
#33: FalconSpy Dives into His Day Job, Internal Penetration Testing
31:59
31:59
Play later
Play later
Lists
Like
Liked
31:59
In this week's episode, host Jeremy (harbinger) Miller chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into penetration testing, what pentesting is, application/code reviews, red teaming, and more. He also dives into internal vs external pentesting by…
…
continue reading
1
#32: Election Integrity & Critical Infrastructure with Lester Godsey
41:00
41:00
Play later
Play later
Lists
Like
Liked
41:00
In this week’s special episode, Dr. Heather Monthie sits down with Lester Godsey, CISO of Maricopa County, Arizona. Lester begins by explaining how he got into the cybersecurity field and shares a fun fact about himself. He then shares his role as a CISO, how security supports different departments, and the biggest risks he sees in critical infrast…
…
continue reading
1
#31: How the OSCP Certification Supports Career Growth
27:11
27:11
Play later
Play later
Lists
Like
Liked
27:11
In this episode, host TJ Null sits down with DarkStar7471 aka Dark, our recent community moderator for the OffSec Community. Dark is currently a lead pentester at State Farm Insurance and has produced content for TryHackMe. He starts by sharing his journey before working for OffSec as well as what piqued his interest in the information security fie…
…
continue reading
1
#30: How to Hire the Best Cybersecurity Talent with FalconSpy
33:10
33:10
Play later
Play later
Lists
Like
Liked
33:10
In this week’s episode, host Dr. Heather Monthie chats with FalconSpy, an Offensive Security Engineer at Oracle and Community Ambassador here at OffSec. FalconSpy covers topics such as how he got into cybersecurity, what attracted him to the field, and the biggest lesson he’s learned in his career so far. Sharing his experience throughout his OSCP …
…
continue reading
1
#29: How Hackers Think with Dr. Timothy Summers
56:24
56:24
Play later
Play later
Lists
Like
Liked
56:24
In this week’s special episode, hosts Dr. Heather Monthie and Jeremy (harbinger) Miller sit down with Dr. Timothy Summers, PhD and Executive Director of Product Development at Arizona State University. Summers is an ethical hacker, professor, TED speaker, and a leading expert in cybersecurity strategy, blockchain technology, and how hackers think. …
…
continue reading
1
#28: ShadowKhan, Lead Pentester and OffSec Community Moderator
41:48
41:48
Play later
Play later
Lists
Like
Liked
41:48
In this episode, host TJ Nulls sits down with ShadowKhan, a lead pentester and a community moderator in the OffSec Discord server. ShadowKhan tells his non-traditional story as to how he got into infosec. He also tells what resources he used to get started and gives some tips for anyone interested in getting into the security world. There’s one boo…
…
continue reading
1
#27: YinYang in Infosec with Jeremy (harbinger) Miller
38:05
38:05
Play later
Play later
Lists
Like
Liked
38:05
In this special episode, Jeremy (harbinger) Miller chats with Chris Glanden on the BarCode podcast. From BarCode’s show notes: “The YinYang philosophy says that the universe is composed of competing and complementary forces governed by a cosmic duality, sets of two opposing and complementing principles or energies that can be observed in nature. Si…
…
continue reading
1
#26: Cybersecurity hiring with CISO, Mike Manrod
24:59
24:59
Play later
Play later
Lists
Like
Liked
24:59
For this week’s episode, host Dr. Heather Monthie chats with Mike Manrod, CISO of Grand Canyon Education. As a cybersecurity leader, he shares his expertise on how he recruits, mentors, and guides aspiring cybersecurity professionals in their career paths. He first starts by sharing his mid-career switch into the cybersecurity world along with his …
…
continue reading
1
#25: Mentoring and OSCP Tips with Mike Waxman (Security Engineer, LinkedIn)
26:12
26:12
Play later
Play later
Lists
Like
Liked
26:12
This week, hosts TJ Null and FalconSpy sit down with Mike Waxman, Security Engineer at LinkedIn. Mike was originally a TPM and is now a Security Engineer. He starts off by describing how he made the switch and shares some advice for those looking to change roles into security. And for those already in the field, he also gives tips on how to get tha…
…
continue reading
1
#24: Kerberoasting & Security Consulting with Tim Medin (@timmedin)
43:35
43:35
Play later
Play later
Lists
Like
Liked
43:35
On this week’s episode, host TJ Null is joined by Tim Medin. Tim is the creator of kerberoasting and the CEO of Red Siege Information Security. He begins by recounting how he joined the infosec field as well as some resources he used to get himself started. Next, he highlights his favorite tools that he enjoys using on an engagement. TJ and Tim als…
…
continue reading
1
#23: Sharing Knowledge in Infosec with Phillip Wylie
29:33
29:33
Play later
Play later
Lists
Like
Liked
29:33
This week host TJ Null chats with Phillip Wylie, Tech Evangelist at cycognito. Phillip has been a pentester for several years and in the IT industry for even longer. He tells an interesting story of how he got into infosec and some of the resources he used to get started. TJ and Phillip also chat about the OSCP, the Try Harder mindset, and what the…
…
continue reading
1
#22: Cybersecurity in Higher Ed with Ken Pyle
40:03
40:03
Play later
Play later
Lists
Like
Liked
40:03
Host Dr. Heather Monthie sits down with Ken Pyle, a graduate professor of cybersecurity and a partner of CYBIR. He begins the episode by chatting about how he got into cybersecurity and teaching in higher education. Then, he shares what he considers the hardest part as well as the most rewarding part of teaching cybersecurity to students. Heather a…
…
continue reading
1
#21: PEN-200 (PWK) Topic Exercises with Matteo Malvica (uf0)
24:59
24:59
Play later
Play later
Lists
Like
Liked
24:59
Join host, Jeremy Miller (harbinger), as he sits down with Matteo Malvica (uf0) to discuss the new PEN-200 (PWK) Topic Exercises. They start the chat with Matteo’s background and what it’s like to be a Content Developer at OffSec. His first project was SOC-200, though his background was largely offensive. They chat about taking on the creation of a…
…
continue reading
1
#20: The importance of a growth mindset in infosec with J3rryBl4nks
37:07
37:07
Play later
Play later
Lists
Like
Liked
37:07
Hosts FalconSpy and TJ Null sit down with J3rryBl4nks, a member and Community Moderator on the OffSec Discord server. J3rryBl4nks is a Director of InfoSec for a small business organization. In this episode, he talks about how he got interested in the infosec field. He discusses why he thinks gaining knowledge through a degree or certifications is i…
…
continue reading
1
#19: Getting comfortable with the uncomfortable in infosec with Heather Monthie
36:49
36:49
Play later
Play later
Lists
Like
Liked
36:49
Host Harbinger (Jeremy Miller) sits down with Dr. Heather Monthie, Head of Cybersecurity Training, Education, and Innovation at OffSec. In this episode, Heather highlights her diverse background in education, leadership, and technology and how this allows her to improve initiatives at OffSec. Then, she details the intersection of teaching and learn…
…
continue reading
1
#18. From Defensive to Offensive with Billy Trobbiani (c0ntra)
30:54
30:54
Play later
Play later
Lists
Like
Liked
30:54
Host TJ Null sits down with Billy Trobbiani (c0ntra), Content Developer at OffSec. c0ntra starts by describing what got him interested in joining the Information Security field. Then, he details the role he specialized in when he was a blue teamer and the issues that blue teamers face during their day-to-day operations. c0ntra additionally reveals …
…
continue reading
1
#17. Web Developer turned InfoSec Pro with Omeganeth
24:10
24:10
Play later
Play later
Lists
Like
Liked
24:10
Hosts FalconSpy and Harbinger (Jeremy Miller) catch up with Omeganeth, a member and Community companion on our Discord server. In the episode, Omeganeth reveals what got him into the Information Security field. He then mentions the resources he leveraged that got him started on his journey with InfoSec. They dive into the struggles and challenges h…
…
continue reading
1
#16. Nation-State Level Defense with Max Kelly, Founder and CEO of [redacted]
39:47
39:47
Play later
Play later
Lists
Like
Liked
39:47
Hosts Harbinger (Jeremy Miller) and TJNull catch up with Max Kelly, Founder and CEO of [redacted], a threat intelligence and response platform. Max starts by describing his interesting professional story with nation-state level defense from the highest levels of the private and public sectors at organizations including Facebook and U.S. CyberCom. W…
…
continue reading
1
#15. Cloud Security with Seth Art, Sr. Security Consultant at Bishop Fox
41:09
41:09
Play later
Play later
Lists
Like
Liked
41:09
Hosts TJNull and FalconSpy catch up with Seth Art, Sr. Security Consultant at Bishop Fox, who also holds his OSCP. They discuss how Seth got into security and his varied background. He also reveals his favorite aspects of working for Bishop Fox, as well as what a junior pentester should know in order to join an offensive security-focused firm like …
…
continue reading
1
#14. macOS Control Bypasses (EXP-312) with Csaba Fitzl (@theevilbit)
37:16
37:16
Play later
Play later
Lists
Like
Liked
37:16
In this episode, Jeremy Miller (Harbinger) catches up with Csaba Fitzl (@theevilbit), Lead Content Developer for macOS Control Bypasses (EXP-312) at OffSec. They start with how Csaba got into InfoSec, particularly macOS security. Csaba explains why he focuses on macOS and why OffSec decided to offer a course on this topic. They dive into the syllab…
…
continue reading
1
#13. Developer Turned InfoSec Pro, Rey Bango (@reybango)
1:21:45
1:21:45
Play later
Play later
Lists
Like
Liked
1:21:45
In this episode, our host TJNull chats with Rey Bango (@reybango), Sr. Director, Developer and Security Relations at Veracode. They cover many topics, starting with Rey’s story of how he got into InfoSec, transitioning from being a full-time developer. Rey talks about his favorite programming languages and why he likes each one. They also talk abou…
…
continue reading
1
#12. Harbinger spills the details on the OffSec Training Library!
23:20
23:20
Play later
Play later
Lists
Like
Liked
23:20
Host TJNull talks with Harbinger (Jeremy Miller), Product Manager and Content Contributor at OffSec, who tells about Learn One and Learn Unlimited subscriptions from the OffSec Training Library. They go into why OffSec decided to launch this model as well as the new features and benefits of the Training Library. One area that’s particularly excitin…
…
continue reading
1
#11. Second-career pentester, Drew Kirkpatrick (@hoodoer)
37:52
37:52
Play later
Play later
Lists
Like
Liked
37:52
Join our host TJNull as he stills down with Drew Kirkpatrick (@hoodoer), Senior Security Consultant at TrustedSec and former Senior Computer Scientist for the U.S. Navy. They discuss his second-career pentesting pursuits and how he made the transition to infosec from a different career. Find out which three skills are the most important to have in …
…
continue reading
1
#10. Team Hashcat Contributor, Dustin Heywood (@EvilMog)
43:47
43:47
Play later
Play later
Lists
Like
Liked
43:47
Listen in as our host TJNull chats with Dustin Heywood (@EvilMog), a contributor to Team Hashcat who has an extreme addiction to cracking hashes. In addition, he is a Black Badge Holder at DEF CON, DerbyCon, SkyDogCon, and THOTCON. After covering how EvilMog got into infosec, they discuss the most important quality for a pentester or red teamer: wr…
…
continue reading
1
#9. Red Teamers from Oracle: @ttimzen and @r00tkillah
40:16
40:16
Play later
Play later
Lists
Like
Liked
40:16
In this episode, our host, FalconSpy, sits down with Topher Timzen (@ttimzen) and Michael Leibowitz (@r00tkillah), two red teamers from Oracle. They discuss a number of topics, including Topher’s and Michael’s DEF CON 27 Endpoint Detection & Response presentation. They dive into how they got into the infosec field and what makes them so passionate …
…
continue reading
Our host, TJ Null, sat down with Andy Gill (ZephrFish) to hear lots of interesting stories from his 15+ years in infosec, including his experience as a Goon at DEF CON (he even met Elon Musk!). They discuss how he got started, his book on learning the ropes, important qualities every pentester and red teamer should have, and more. Hear what ZephrFi…
…
continue reading
1
#7. Popular YouTuber talks offense/defense, imposter syndrome, gatekeeping, and more
29:13
29:13
Play later
Play later
Lists
Like
Liked
29:13
Hear from Cybersecurity Meg, X-Force Cybersecurity Incident Responder for IBM and popular cybersecurity YouTuber, as she sits down with Harbinger and FalconSpy! They discuss a number of interesting topics, ranging from defense vs. offense and her CISSP journey to what inspired Meg to become a YouTube creator. They also discuss overcoming imposter s…
…
continue reading
1
#6. Chief OffSec content developers pull back the curtain on course development and what’s coming next
47:40
47:40
Play later
Play later
Lists
Like
Liked
47:40
In this exciting episode, hear from OffSec’s chief content developers, Morten Schenk and Alex Uifalvi (Sickness). They discuss with hosts TJ Null and Jeremy Miller (Harbinger) a range of topics including course design, pedagogy, their own backgrounds, and exploit development. Learn about the philosophy behind OffSec’s courseware and their most impo…
…
continue reading
1
#5. Hear from DEF CON Black Badge, Social Engineering CTF winner: Alethe Denis!
54:19
54:19
Play later
Play later
Lists
Like
Liked
54:19
In this action-packed episode, our host TJ Null sits down with Alethe Denis, to talk social engineering, red team, blue team, raising chickens, and everything in between! Learn why Alethe was honored by DEF CON with a Black Badge following her win of the Social Engineering Capture the Flag (CTF) contest at DEF CON 27. She shares her favorite tools …
…
continue reading
1
#4. S1REN on advice for women in Infosec, essential technical skills and more!
52:47
52:47
Play later
Play later
Lists
Like
Liked
52:47
In this episode, hosts TJ Null and Harbinger talk infosec with S1REN, a very accomplished member of the community and a moderator of OffSec's Discord. Among other things, they discuss how S1REN got into infosec and why, some advice for women looking to get into infosec, and why BASH, Python, and TCP/IP are so essential for people to get into before…
…
continue reading
1
#3. 0xdade on hacking and making music about the Infosec world
56:48
56:48
Play later
Play later
Lists
Like
Liked
56:48
In this action-packed episode, hosts TJ Null and FalconSpy sit down with 0xdade. Here are some of topics they discuss: How 0xdade broke into InfoSec 0xdade’s OSCP advice The importance of note taking and communication skills in InfoSec The most important quality of a pentester or red teamer 0xdade’s project, Natlas - what it is and what it does Adv…
…
continue reading
1
#2. BlindHacker on the importance supporting people with disabilities in cybersecurity
51:56
51:56
Play later
Play later
Lists
Like
Liked
51:56
In this second episode of the Official Offensive Security Podcast, hosts TJ Null and Harbinger sit down with the very talented and respected Joe (BlindHacker), where they discuss the challenges and opportunities around improving accessibility for the disabled community in Infosec. BlindHacker provides insights and perspective on how we can all help…
…
continue reading
1
#1. The best ways to prepare for PWK/OSCP -- learn how from the experts!
33:44
33:44
Play later
Play later
Lists
Like
Liked
33:44
The best ways to prepare for PWK/OSCP -- learn how from the experts! In this first episode of the all-new, official Offensive Security Podcast, hear first hand from experts TJ Null, FalconSpy and Jeremy (Harbinger) share some of the latest, greatest and even lesser-known ways to prepare for the Penetration Testing with Kali (PWK, PEN-200) course in…
…
continue reading