The Official Offensive Security Podcast
By Offensive Security, Inc.
The one and only official podcast from Offensive Security, Inc. -- creators of the Kali OS, the OSCP certification, and the world's leading cybersecurity training
#15. Cloud Security with Seth Art, Sr. Security Consultant at Bishop Fox
Hosts TJNull and FalconSpy catch up with Seth Art, Sr. Security Consultant at Bishop Fox, who also holds his OSCP. They discuss how Seth got into security and his varied background. He also reveals his favorite aspects of working for Bishop Fox, as well as what a junior pentester should know in order to join an offensive security-focused firm like Bishop Fox. They talk about Seth’s OSCP journey and the challenges he overcame to earn his OSCP, including juggling parenting and studying. They then turn to cloud pentesting and Kubernetes security and Seth spills the details on interesting findings from his recent research. Specifically, they discuss potential vulnerabilities in Kubernetes and AWS. Finally, they chat about the crucial skills Seth recommends budding penetration testers develop. Enjoy the episode!
October 26, 2021
#14. macOS Control Bypasses (EXP-312) with Csaba Fitzl (@theevilbit)
In this episode, Jeremy Miller (Harbinger) catches up with Csaba Fitzl (@theevilbit), Lead Content Developer for macOS Control Bypasses (EXP-312) at OffSec. They start with how Csaba got into InfoSec, particularly macOS security. Csaba explains why he focuses on macOS and why OffSec decided to offer a course on this topic. They dive into the syllabus and Csaba walks us through what EXP-312 covers. He gives a brief description of many of the vulnerabilities and exploits covered and the different techniques employed. They also discuss what to expect in terms of labs as well as prerequisites for the course. Finally, Csaba reveals what surprising things he learned about macOS while preparing this course. For more information on macOS Control Bypasses (EXP-312), visit https://www.offensive-security.com/exp312-osmr/.
October 14, 2021
#13. Developer Turned InfoSec Pro, Rey Bango (@reybango)
In this episode, our host TJNull chats with Rey Bango (@reybango), Sr. Director, Developer and Security Relations at Veracode. They cover many topics, starting with Rey’s story of how he got into InfoSec, transitioning from being a full-time developer. Rey talks about his favorite programming languages and why he likes each one. They also talk about helping those getting into the field, what languages they should learn, and other skills to develop. Since Rey’s been a developer for a long time, they discuss common coding practices that Rey believes developers should be doing. Additionally, they cover the one change in the InfoSec community that Rey would like to see, plus much more. Enjoy!
September 29, 2021
#12. Harbinger spills the details on the OffSec Training Library!
Host TJNull talks with Harbinger (Jeremy Miller), Product Manager and Content Contributor at OffSec, who tells about Learn One and Learn Unlimited subscriptions from the OffSec Training Library. They go into why OffSec decided to launch this model as well as the new features and benefits of the Training Library. One area that’s particularly exciting is the brand-new PEN-100 fundamentals content. Harbinger goes into detail on what this fundamentals content is all about and how it differs from anything else OffSec has released to date. They also touch on the new EXP-312 course (macOS Control Bypasses)—which is exclusive to subscription holders—as well as the new PEN-103 content (Kali Linux Revealed) and PEN-210 (the updated WiFu course). To access the exclusive content in this new flexible way to learn, there are two subscription options: Learn One and Learn Unlimited. Harbinger delves into how these packages work and why OffSec decided to go in this direction. For more information on the OffSec Training Library, visit https://www.offensive-security.com/learn/.
September 21, 2021
#11. Second-career pentester, Drew Kirkpatrick (@hoodoer)
Join our host TJNull as he stills down with Drew Kirkpatrick (@hoodoer), Senior Security Consultant at TrustedSec and former Senior Computer Scientist for the U.S. Navy. They discuss his second-career pentesting pursuits and how he made the transition to infosec from a different career. Find out which three skills are the most important to have in pentesting—and how they differ for internal pentesters vs. consultants. They also discuss hoodoer’s favorite tools for web app pentesting as well as some interesting stories from recent engagements he’s been on. Finally, hear some helpful advice for those who are working to become a pentester or enter the infosec field. Enjoy this week’s episode!
August 30, 2021
#10. Team Hashcat Contributor, Dustin Heywood (@EvilMog)
Listen in as our host TJNull chats with Dustin Heywood (@EvilMog), a contributor to Team Hashcat who has an extreme addiction to cracking hashes. In addition, he is a Black Badge Holder at DEF CON, DerbyCon, SkyDogCon, and THOTCON. After covering how EvilMog got into infosec, they discuss the most important quality for a pentester or red teamer: writing. Find out why EvilMog considers writing skills to be more important than technical skills when pentesting. Learn more about Team Hashcat as well and the Crack Me If You Can contest they competed in. TJNull and EvilMog get into some detail on how to crack a hash and EvilMog comments on custom wordlists and tools used. Join us for this exciting conversation. Enjoy!
August 23, 2021
#9. Red Teamers from Oracle: @ttimzen and @r00tkillah
In this episode, our host, FalconSpy, sits down with Topher Timzen (@ttimzen) and Michael Leibowitz (@r00tkillah), two red teamers from Oracle. They discuss a number of topics, including Topher’s and Michael’s DEF CON 27 Endpoint Detection & Response presentation. They dive into how they got into the infosec field and what makes them so passionate about it. Find out their answer to the age-old question: what's the difference between red teaming and pentesting? Plus, get their take on certifications and what you really need these days to be successful. Finally, as BSides Portland organizers, Topher and Michael give you a rundown on the process of developing a security conference. Enjoy!
August 6, 2021
#8. DEF CON Goon, Andy Gill (ZephrFish)
Our host, TJ Null, sat down with Andy Gill (ZephrFish) to hear lots of interesting stories from his 15+ years in infosec, including his experience as a Goon at DEF CON (he even met Elon Musk!). They discuss how he got started, his book on learning the ropes, important qualities every pentester and red teamer should have, and more. Hear what ZephrFish advises aspiring pentesters learn and get into before they embark on this path. They also discuss what ZephrFish would like to see changed in the infosec community and how to get there. Enjoy this week’s episode! Andy Gill on Twitter Breaking into Information Security: Learning the Ropes 101 (Andy’s book)
July 23, 2021
#7. Popular YouTuber talks offense/defense, imposter syndrome, gatekeeping, and more
Hear from Cybersecurity Meg, X-Force Cybersecurity Incident Responder for IBM and popular cybersecurity YouTuber, as she sits down with Harbinger and FalconSpy! They discuss a number of interesting topics, ranging from defense vs. offense and her CISSP journey to what inspired Meg to become a YouTube creator. They also discuss overcoming imposter syndrome and how to handle it as well as naysayers and gatekeepers. Hear about how to maintain mental health, specifically within the information security field, as well as ensuring work-life balance. Finally, learn what Meg has planned next, including earning her OSCP. Enjoy the episode! Meg on Twitter Meg on YouTube Meg's Discord community
June 25, 2021
#6. Chief OffSec content developers pull back the curtain on course development and what’s coming next
In this exciting episode, hear from OffSec’s chief content developers, Morten Schenk and Alex Uifalvi (Sickness). They discuss with hosts TJ Null and Jeremy Miller (Harbinger) a range of topics including course design, pedagogy, their own backgrounds, and exploit development. Learn about the philosophy behind OffSec’s courseware and their most important lesson learned to teach well. They also spill the details on upcoming projects they are working on as well as how to best prepare for an OffSec course. Finally, get tips on how many lab days are best for you, directly from OffSec. Enjoy the episode!
June 11, 2021
#5. Hear from DEF CON Black Badge, Social Engineering CTF winner: Alethe Denis!
In this action-packed episode, our host TJ Null sits down with Alethe Denis, to talk social engineering, red team, blue team, raising chickens, and everything in between! Learn why Alethe was honored by DEF CON with a Black Badge following her win of the Social Engineering Capture the Flag (CTF) contest at DEF CON 27. She shares her favorite tools for social engineering campaigns as well as the best way to gain trust and get the answers you need in a phishing campaign. Alethe breaks down what it takes to be a world-class social engineer. She also touches on her work with the Innocent Lives Foundation (ILF) and what you can do to help.
May 28, 2021
#4. S1REN on advice for women in Infosec, essential technical skills and more!
In this episode, hosts TJ Null and Harbinger talk infosec with S1REN, a very accomplished member of the community and a moderator of OffSec's Discord. Among other things, they discuss how S1REN got into infosec and why, some advice for women looking to get into infosec, and why BASH, Python, and TCP/IP are so essential for people to get into before getting into security. They also touch on good ways to break into infosec and some things S1REN would like to see changed in the infosec field.
May 14, 2021
#3. 0xdade on hacking and making music about the Infosec world
In this action-packed episode, hosts TJ Null and FalconSpy sit down with 0xdade. Here are some of topics they discuss: How 0xdade broke into InfoSec 0xdade’s OSCP advice The importance of note taking and communication skills in InfoSec The most important quality of a pentester or red teamer 0xdade’s project, Natlas - what it is and what it does Advice for those who want to develop and release their own tools for the community How 0xdade wound up writing and recording the hip-hop/rap song, “Red Team”
May 1, 2021
#2. BlindHacker on the importance supporting people with disabilities in cybersecurity
In this second episode of the Official Offensive Security Podcast, hosts TJ Null and Harbinger sit down with the very talented and respected Joe (BlindHacker), where they discuss the challenges and opportunities around improving accessibility for the disabled community in Infosec. BlindHacker provides insights and perspective on how we can all help to provide more accessibility options, considerations and accommodations to people across a range of disabilities -- and why it's critical for filling the skills gap in cybersecurity going forward.
April 13, 2021
#1. The best ways to prepare for PWK/OSCP -- learn how from the experts!
The best ways to prepare for PWK/OSCP -- learn how from the experts! In this first episode of the all-new, official Offensive Security Podcast, hear first hand from experts TJ Null, FalconSpy and Jeremy (Harbinger) share some of the latest, greatest and even lesser-known ways to prepare for the Penetration Testing with Kali (PWK, PEN-200) course in preparation for getting your OSCP certification. Real, frank talk from OffSec experts and OffSec community leaders!
March 22, 2021