Artwork

Content provided by Pentest-Tools.com. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Pentest-Tools.com or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

We think we know hackers thrive on deep environment knowledge

1:13:35
 
Share
 

Manage episode 419066857 series 3575078
Content provided by Pentest-Tools.com. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Pentest-Tools.com or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

“Not everything works as configured. Not everyone behaves as trained.”

The reality of this statement makes it possible for us, the people in offensive security, to have a job. It also highlights how unpredictable our work can be and how never-ending our learning process is.

We work in a space where things are so complex that we need to combine big-picture, higher-level thinking with boost-on-the-ground practice.

And our guest today is brilliant at doing just that.

Pete Herzog has spent over two decades distilling the fundamental principles of security testing, turning them into a decade-defining manual - the Open Source Security Testing Methodology Manual (OSSTMM). Pete brings offensive and defensive security concepts together to break down important misconceptions.

Listen to this conversation to uncover:

  • Why you can’t do security without understanding the process behind it [08:23]
  • How automation can help but, at the same time, hurt the ones using it [11:00]
  • Why you can’t rely only on automated security tools in your pentests [19:10]
  • The importance of implementing security controls to change the environment [28:22]
  • Pete’s perspective on "Zero Trust" and how they tackled this ion OSSTMM [35:18]
  • Why he thinks there are “too many parrots, not enough pirates” in this space [43:42]
  • The excitement of researching for OSSTMM v4 and exploring new technologies [51:40]

From the expert systems behind AI-driven tools and their blindspots to generalizations that hurt offensive security outcomes, we explore key elements that shape today’s problems - some of which you’re probably wrestling with as well.

Let’s explore them!

  continue reading

13 episodes

Artwork
iconShare
 
Manage episode 419066857 series 3575078
Content provided by Pentest-Tools.com. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Pentest-Tools.com or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

“Not everything works as configured. Not everyone behaves as trained.”

The reality of this statement makes it possible for us, the people in offensive security, to have a job. It also highlights how unpredictable our work can be and how never-ending our learning process is.

We work in a space where things are so complex that we need to combine big-picture, higher-level thinking with boost-on-the-ground practice.

And our guest today is brilliant at doing just that.

Pete Herzog has spent over two decades distilling the fundamental principles of security testing, turning them into a decade-defining manual - the Open Source Security Testing Methodology Manual (OSSTMM). Pete brings offensive and defensive security concepts together to break down important misconceptions.

Listen to this conversation to uncover:

  • Why you can’t do security without understanding the process behind it [08:23]
  • How automation can help but, at the same time, hurt the ones using it [11:00]
  • Why you can’t rely only on automated security tools in your pentests [19:10]
  • The importance of implementing security controls to change the environment [28:22]
  • Pete’s perspective on "Zero Trust" and how they tackled this ion OSSTMM [35:18]
  • Why he thinks there are “too many parrots, not enough pirates” in this space [43:42]
  • The excitement of researching for OSSTMM v4 and exploring new technologies [51:40]

From the expert systems behind AI-driven tools and their blindspots to generalizations that hurt offensive security outcomes, we explore key elements that shape today’s problems - some of which you’re probably wrestling with as well.

Let’s explore them!

  continue reading

13 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide