New episode!
I chat with Ryan Williams, creator of HVCK Magazine, about creativity in cybersecurity, AI in design, and building community through hacking.
https://heyzine.com/flip-book/cd19181153.html
#Cybersecurity #Infosec #OffensiveSecurity #HVCKMagazine #PhillipWylieShow
After 18 years my @YouTube channel is on the brink of a milestone. This is not a big deal for most, but sharing and helping others has been a big focus for me the past 7 years. Growing my channel helps with that mission. Please subscribe.
https://youtube.com/@phillipwylie
#CyberSecurity #BugBounty #pentesting #offensivesecurity
Day 1 of posting to social media until I get an offensive security research job
First, I’m going to start with what I know – Windows. I need to recreate what I had access to at Microsoft, so that starts by setting up a dev environment and finding a copy of Windows System Internals, perhaps the greatest resource for learning Windows out there. My expertise is in Windows and virtualization, so I’m going to make sure I master those areas.
Next, I don’t think I want to grind coding exercises, but I do need to shake the rust off my coding skills. I think I’m going to start with some HackTheBox challenges and find some CTFs to participate in.
Finally, my long overdue goal: learn Rust. I’m not sure if this will help immediately, as I could choose to improve my knowledge of Python. But Rust was getting more and more popular in the areas of Windows I was tasked with protecting, so I need to learn what all the fuss is about with regards to memory safety.
If anyone is on a similar journey, let’s hold each other accountable in the comments! I will be sure to document any write-ups at blog.maxrenke.com (work in progress).
From payload smuggling to stealthy persistence...
This year, hashtag#leHACK 2025 talks are digging deep:
Cache me if you can – payloads via browser cache
The imposter’s guide to Hacking – with live demos
The Art of Staying In – unconventional backdoors on Windows & Linux
Explore the full lineup: https://lehack.org/2025/tracks/conferences/
Don’t sleep on this : https://www.billetweb.fr/lehack-2025-the-singularity
------------
Du contournement au maintien d’accès furtif…
Cette année, les talks hashtag#leHACK2025 vont droit au système 
: Cache me if you can – des payloads via le cache navigateur The imposter’s guide to Hacking – avec démos en live The Art of Staying In – backdoors atypiques sur Windows & Linux
Découvrez le programme complet : https://lehack.org/2025/tracks/conferences/ N'oubliez pas vos places : https://www.billetweb.fr/lehack-2025-the-singularity
#Hacking #OffensiveSecurity #leHACK
What happens when you combine the mindset of a red team with the precision of elite cybersecurity strategy? In this On Location Briefing from #RSAC2025, we find out how real-world impact is changing the game.
New Briefing from #RSAC 2025: From Red Teams to Real Impact — Bringing Artistry and Precision to Cybersecurity Programs
At RSA Conference 2025, Sean Martin, CISSP caught up with Charles Henderson, Executive Vice President of Cyber Security Services at Coalfire, to talk about the evolving role of offensive security — and why artistry, precision, and strategic thinking are becoming essential elements of the most effective cybersecurity programs.
How can organizations move beyond check-the-box testing to build truly resilient systems?
Find out how Coalfire is helping companies rethink offensive security as a critical driver of real-world cyber resilience and innovation.
Watch, listen, or read the full conversation here:
https://www.itspmagazine.com/their-stories/from-red-teams-to-real-impact-bringing-artistry-and-precision-to-cybersecurity-programs-a-brand-story-with-charles-henderson-from-coalfire-an-on-location-rsac-conference-2025-brand-story
Learn more about Coalfire’s work: https://www.itspmagazine.com/directory/coalfire
See all our RSAC 2025 coverage: https://www.itspmagazine.com/rsac25
Discover more On Location Conversations, Brand Stories, and Briefings: https://www.itspmagazine.com/brand-story
This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.
Stay tuned for more Briefings, Brand Stories, and candid conversations from RSAC 2025!
Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for #InfosecurityEurope in June and #BlackHatUSA in August!
RSAC 2025 sold out fast — we expect the same for these next events. Reserve your full sponsorship or briefing now: https://www.itspmagazine.com/purchase-programs
Here is a new Brand Story!
Guest: John Stigerwalt & Gregory Hatcher
Episode Title: No Manuals, No Shortcuts: Inside the Offensive Security Mindset at White Knight Labs
Marco Ciappelli and Sean Martin, CISSP are back — and this time, they’re chatting with the founders of White Knight Labsfor their first Brand Story with ITSPmagazine!
From learning on the field to building red teams to one of the toughest certification programs — John and Greg aren’t just playing the cybersecurity game. They’re rewriting it.
They don’t believe in cookie-cutter pen tests.
They simulate real ransomware attacks.
They write their own loaders.
And they only resell products they’ve personally tested in the wild.
Passion.
Precision.
Purpose.
Listen or watch now — and meet the team that’s raising the bar for offensive security:
Video Teaser: https://youtu.be/VdGyPFhLAvU Full Podcast: https://brand-stories-podcast.simplecast.com/episodes/no-manuals-no-shortcuts-inside-the-offensive-security-mindset-at-white-knight-labs-a-white-knight-labs-brand-story-with-co-founders-john-stigerwalt-and-greg-hatcher
Learn more about White Knight Labs on their Brand Page on ITSPmagazine:
https://www.itspmagazine.com/directory/white-knight-labs
Join us in welcoming White Knight Labs to the ITSPmagazine family!
We already have three more conversations scheduled with them — you won’t want to miss what’s coming next.
Be sure to follow White Knight Labs and the Brand Stories with Sean and Marco podcast to stay connected with this exciting journey.
Man, this whole AI hype train... Yeah, sure, the tools are definitely getting sharper and faster, no doubt about it. But an AI pulling off a *real* pentest? Seriously doubt that's happening anytime soon. Let's be real: automated scans are useful, but they just aren't the same beast as a genuine penetration test.
Honestly, I think security needs to be woven right into the fabric of a company from the get-go. It can't just be an afterthought you tack on when alarms are already blaring.
Now, don't get me wrong, AI definitely brings its own set of dangers – disinformation is a big one that springs to mind. But here's the thing: we absolutely *have* to get our heads around these tools and figure them out. If we don't keep pace, we risk becoming irrelevant pretty quick.
So, curious to hear what you all think – where do the greatest pitfalls lie with AI in the security field? What keeps you up at night?
Recon CFP ends in less than 2 weeks on April 28. Prices for the training and conference increase on May 1st. Register now to save with early bird price. We have already announced a few talks and workshops, and more videos from last year have been released. https://recon.cx #reverseengineering #cybersecurity #offensivesecurity #hardwarehacking @hackingump1 @mr_phrazer @nicolodev @SinSinology @hunterbr72 @clearbluejar @phLaul @oryair1999 @hookgab @TheQueenofELF @So11Deo6loria @i0n1c @pedrib1337 @MalachiJonesPhD @Pat_Ventuzelo @KB_Intel @pinkflawd @Reverse_Tactics @OnlyTheDuck @t0nvi @drch40s @BrunoPujos @mhoste1 @andreyknvl @texplained_RE @jsmnsr @pulsoid @SpecterDev @richinseattle @yarden_shafir @aionescu @hackerschoice @SinSinology @sergeybratus @SpecterOps @oryair1999 @phLaul @trailofbits @HexRaysSA @nostarch
Whoa, the IT security world was on FIRE this week! 
Open source supply chain attacks, malware sneaking into the Play Store, ransomware bypassing EDR... and is AI just pouring gasoline on the phishing flames?! Seriously intense! 
Cloud security's getting a raw deal and let's be real, backups are only as good as their security.
It's wild how rapidly the threat landscape's evolving, isn't it? Gotta stay sharp, folks! Automated vulnerability scans? They're definitely nice, but manual penetration tests are still essential. And AI? Awesome tech, but also seriously risky. Disinformation and manipulation are spiraling out of control. We've gotta stay vigilant!
So, what are *your* biggest IT security pain points right now? Spill the beans!
5 reasons why working in #offensivesecurity is low-key amazing:
You get to solve problems creatively. Every day brings a new puzzle to crack which fires up your synapses and keeps you learning and growing.
You get to make a significant impact on security. Your expertise protects countless users and businesses, reinforcing the value of your work in the grand scheme of #cybersecurity.
You get to experience the adrenaline rush of finding an exploit that works! There's a thrilling sense of accomplishment when your skills get validated like that.
You get to collaborate with a vibrant community. There's nothing like building meaningful relationships and a deep sense of camaraderie while working your way to professional - and personal - achievement.
You get to contribute to open-source projects. Giving back to the community through open-source contributions is highly rewarding because your work becomes a valuable asset your peers recognize and rely on.
What else comes up for you when you think of your work in #ethicalhacking
You know, a few months ago I said I was #hiring, I am now. So, if you're interested in #AI, #LLM, #Omnichannel and get #OffensiveSecurity at a #global scale, apply now.
Calling all red and blue teams! Register NOW for the third year of Beacon: London's social knowledge exchange for hackers and hunters.
Thursday 5 September 2024 in Hackney Wick, London.
Should be the biggest Beacon yet with an awesome and growing line-up of red team gangsters from around the globe.
Held in a hyper-real hacker green™ event space at the Digital Institute London. Quality, fresh hot lunch and ice-cold drinks on the house as usual.
After-party til late at the 1990s video game arcade - expect Red vs. Blue team Time Crisis mayhem!
We'd love to hear your ideas for a talk.
https://www.eventbrite.co.uk/e/beacon-c2-tickets-906291942597
#redteam #offensivesecurity #london #londonevents #hackneywick #hackney
#redteaming #blueteam #soc #security #edr #hacking #hackers #ethicalhacking #cybersecurity #cyber
You can now watch the recording of our team's talk at @bsidesprg on YouTube: "Hack to the Future: Using LLMs as Attacking Agents in Real Networks" 
We asked our Red Team Practice Director Trevin Edgeworth what long-standing unpatched #vulnerabilities can indicate to a Red Teamer. He uses the examples of two vulnerabilities that have gone unpatched for several years: an RCE flaw in Microsoft Office used to deliver spyware and a vulnerability in the popular #GWT framework discovered by Ben Lincoln. https://bfx.social/3RK49YE
Take a look into what sets the Bishop Fox approach to tabletop exercises in #RedTeaming apart. Senior Red Team Consultant @alethe shares how our team focuses on these highly beneficial exercises as building blocks for stronger #security programs versus mandatory compliance tasks. https://bfx.social/3H7Ech2
Time to brush off the old skill set. 
“Healthcare organizations prioritize #offensivesecurity testing for their internal and external networks (50%) and #IoT testing/product security (51%) at a slightly higher rate than other industries (47% and 49%). This is mostly due to government regulations, such as #HIPAA, & recommendations from certification agencies.”
Read this overview of our #PonemonInstitute industry cut to discover more about offensive security in healthcare, and how you stack up against your peers.
Use the new #opensource tool Swagger Jacker to audit OpenAPI definition files, allowing you to identify potential vulnerabilities or misconfigurations in API routes defined within the definition document. Learn how it works, how it can make auditing API endpoints less tedious, and more in this tutorial from Tony West.
Increasingly challenging times in #security demand a new approach.
Purple Teaming, a symbiotic merger of Red Team offense with Blue Team defense, has emerged as a promising #offensivesecurity solution. Discover how this technique can help you achieve multiple goals for your organization – and don’t forget to stream our #BFLive recording if you missed the original broadcast!
How do you get organizational buy-in to stop viewing #cybersecurity as a cost and start seeing it as an investment? Join Ryan Basden to learn how the adoption of Purple Teaming initiatives can help demonstrate ROI and secure revenue.
