![<p>In this episode, <strong>Corey LeBleu</strong>, a veteran penetration tester, shares a raw and intense story from his early days in offensive security. Corey walks through a social engineering engagement that took a sharp turn, from being closely watched by a security guard to receiving the call that changed everything. What followed was a confrontation with authority, handcuffs, and a moment that forced him to confront the legal and emotional consequences of impersonation.</p><p>Through honest storytelling, Corey reflects on the pressure of physical security testing, the thin line between authorization and trouble, and the lessons he carried forward in his career. This episode serves as a cautionary tale about understanding boundaries, respecting authority, and the unseen risks behind revealing what’s hidden.</p><p><br></p><p>00:00 Introduction to Corey LeBleu and His Journey</p><p>03:34 Corey's Early Career and Learning Path</p><p>06:34 The Role of Mentorship in Pen Testing</p><p>09:19 Experiences in Social Engineering and Physical Pen Testing</p><p>12:22 The Handcuff Incident: A Lesson in Risk</p><p>15:12 Transitioning to Web Application Pen Testing</p><p>18:01 The Evolution of Pen Testing Practices</p><p>20:48 The Impact of AI on Pen Testing</p><p>23:42 The Future of Pen Testing and Learning for Beginners</p><p>26:28 Navigating Active Directory and Pen Testing Tools</p><p>27:35 Essential Training for Web App Pen Testing</p><p>30:34 Advice for Aspiring Pen Testers</p><p>32:30 Exploring AI and Learning Resources</p><p>37:05 Personal Interests and Hobbies</p><p>39:17 Living in Austin and Local Music Scene</p><p><br></p><p>SYMLINKS</p><p><strong>[LinkedIn]</strong> – <a href="https://www.linkedin.com/in/coreylebleu/"><u>https://www.linkedin.com/in/coreylebleu/</u></a>Primary platform Corey recommends for connecting with him professionally.</p><p><strong>[Relic Security]</strong> – <a href="https://www.relixsecurity.com/"><u>https://www.relixsecurity.com/</u></a>Cybersecurity consulting firm founded and run by Corey LeBleu, focused primarily on web application penetration testing and offensive security work.</p><p><strong>[PortSwigger Academy]</strong> – <a href="https://portswigger.net/web-security"><u>https://portswigger.net/web-security</u></a>A free and advanced online training platform for web application security, created by the makers of Burp Suite. Recommended by Corey as one of the best learning resources for modern web app pentesting.</p><p><strong>[Burp Suite]</strong> – <a href="https://portswigger.net/burp"><u>https://portswigger.net/burp</u></a>A widely used web application security testing tool. Corey emphasizes learning Burp Suite as a core skill for anyone entering web app penetration testing.</p><p><strong>[OWASP Juice Shop]</strong> – <a href="https://owasp.org/www-project-juice-shop/"><u>https://owasp.org/www-project-juice-shop/</u></a>An intentionally vulnerable web application created by OWASP for learning and practicing web security testing.</p><p><strong>[OWASP – Open Web Application Security Project]</strong> – <a href="https://owasp.org"><u>https://owasp.org</u></a>A global nonprofit organization focused on improving software security. Corey previously ran an OWASP project and references OWASP tools and resources throughout his career.</p><p><strong>[SANS Institute]</strong> – <a href="https://www.sans.org"><u>https://www.sans.org</u></a>A major cybersecurity training and certification organization, referenced in relation to early penetration testing education and the high cost of formal training.</p><p><strong>[Hack The Box]</strong> – <a href="https://www.hackthebox.com"><u>https://www.hackthebox.com</u></a>An online platform for practicing penetration testing skills in simulated environments.</p><p><strong>[PromptFoo]</strong> –<a href="https://promptfoo.dev"><u> https://promptfoo.dev</u></a>A tool for testing, evaluating, and securing LLM prompts. Mentioned in the context of prompt injection and AI security experimentation.</p><p><strong>[PyTorch]</strong> – <a href="https://pytorch.org"><u>https://pytorch.org</u></a>An open-source machine learning framework widely used for deep learning and AI research. Corey mentions it as part of his learning path for understanding how LLMs work.</p><p><strong>[Hugging Face]</strong> –<a href="https://huggingface.co"><u> https://huggingface.co</u></a>An AI platform providing open-source models, datasets, and tools for machine learning and LLM experimentation.</p>](https://us-central1-podcastguru-217d6.cloudfunctions.net/gcf_get_image?image_url=https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/ee/91/d2/ee91d20d-2e23-9f04-4546-227adab5ae27/mza_6229529712810471896.jpg/600x600bb.jpg&width=300&height=300&api_key=xqFmUFX5BHLBTA)
BarCode
Chris Glanden
Trespass
JAN 17, 202642 MIN
Trespass
JAN 17, 202642 MIN
Description
<p>In this episode, <strong>Corey LeBleu</strong>, a veteran penetration tester, shares a raw and intense story from his early days in offensive security. Corey walks through a social engineering engagement that took a sharp turn, from being closely watched by a security guard to receiving the call that changed everything. What followed was a confrontation with authority, handcuffs, and a moment that forced him to confront the legal and emotional consequences of impersonation.</p><p>Through honest storytelling, Corey reflects on the pressure of physical security testing, the thin line between authorization and trouble, and the lessons he carried forward in his career. This episode serves as a cautionary tale about understanding boundaries, respecting authority, and the unseen risks behind revealing what’s hidden.</p><p><br></p><p>00:00 Introduction to Corey LeBleu and His Journey</p><p>03:34 Corey's Early Career and Learning Path</p><p>06:34 The Role of Mentorship in Pen Testing</p><p>09:19 Experiences in Social Engineering and Physical Pen Testing</p><p>12:22 The Handcuff Incident: A Lesson in Risk</p><p>15:12 Transitioning to Web Application Pen Testing</p><p>18:01 The Evolution of Pen Testing Practices</p><p>20:48 The Impact of AI on Pen Testing</p><p>23:42 The Future of Pen Testing and Learning for Beginners</p><p>26:28 Navigating Active Directory and Pen Testing Tools</p><p>27:35 Essential Training for Web App Pen Testing</p><p>30:34 Advice for Aspiring Pen Testers</p><p>32:30 Exploring AI and Learning Resources</p><p>37:05 Personal Interests and Hobbies</p><p>39:17 Living in Austin and Local Music Scene</p><p><br></p><p>SYMLINKS</p><p><strong>[LinkedIn]</strong> – <a href="https://www.linkedin.com/in/coreylebleu/"><u>https://www.linkedin.com/in/coreylebleu/</u></a>Primary platform Corey recommends for connecting with him professionally.</p><p><strong>[Relic Security]</strong> – <a href="https://www.relixsecurity.com/"><u>https://www.relixsecurity.com/</u></a>Cybersecurity consulting firm founded and run by Corey LeBleu, focused primarily on web application penetration testing and offensive security work.</p><p><strong>[PortSwigger Academy]</strong> – <a href="https://portswigger.net/web-security"><u>https://portswigger.net/web-security</u></a>A free and advanced online training platform for web application security, created by the makers of Burp Suite. Recommended by Corey as one of the best learning resources for modern web app pentesting.</p><p><strong>[Burp Suite]</strong> – <a href="https://portswigger.net/burp"><u>https://portswigger.net/burp</u></a>A widely used web application security testing tool. Corey emphasizes learning Burp Suite as a core skill for anyone entering web app penetration testing.</p><p><strong>[OWASP Juice Shop]</strong> – <a href="https://owasp.org/www-project-juice-shop/"><u>https://owasp.org/www-project-juice-shop/</u></a>An intentionally vulnerable web application created by OWASP for learning and practicing web security testing.</p><p><strong>[OWASP – Open Web Application Security Project]</strong> – <a href="https://owasp.org"><u>https://owasp.org</u></a>A global nonprofit organization focused on improving software security. Corey previously ran an OWASP project and references OWASP tools and resources throughout his career.</p><p><strong>[SANS Institute]</strong> – <a href="https://www.sans.org"><u>https://www.sans.org</u></a>A major cybersecurity training and certification organization, referenced in relation to early penetration testing education and the high cost of formal training.</p><p><strong>[Hack The Box]</strong> – <a href="https://www.hackthebox.com"><u>https://www.hackthebox.com</u></a>An online platform for practicing penetration testing skills in simulated environments.</p><p><strong>[PromptFoo]</strong> –<a href="https://promptfoo.dev"><u> https://promptfoo.dev</u></a>A tool for testing, evaluating, and securing LLM prompts. Mentioned in the context of prompt injection and AI security experimentation.</p><p><strong>[PyTorch]</strong> – <a href="https://pytorch.org"><u>https://pytorch.org</u></a>An open-source machine learning framework widely used for deep learning and AI research. Corey mentions it as part of his learning path for understanding how LLMs work.</p><p><strong>[Hugging Face]</strong> –<a href="https://huggingface.co"><u> https://huggingface.co</u></a>An AI platform providing open-source models, datasets, and tools for machine learning and LLM experimentation.</p>