In this episode, Corey LeBleu, a veteran penetration tester, shares a raw and intense story from his early days in offensive security. Corey walks through a social engineering engagement that took a sharp turn, from being closely watched by a security guard to receiving the call that changed everything. What followed was a confrontation with authority, handcuffs, and a moment that forced him to confront the legal and emotional consequences of impersonation.

Through honest storytelling, Corey reflects on the pressure of physical security testing, the thin line between authorization and trouble, and the lessons he carried forward in his career. This episode serves as a cautionary tale about understanding boundaries, respecting authority, and the unseen risks behind revealing what’s hidden.

00:00 Introduction to Corey LeBleu and His Journey

03:34 Corey's Early Career and Learning Path

06:34 The Role of Mentorship in Pen Testing

09:19 Experiences in Social Engineering and Physical Pen Testing

12:22 The Handcuff Incident: A Lesson in Risk

15:12 Transitioning to Web Application Pen Testing

18:01 The Evolution of Pen Testing Practices

20:48 The Impact of AI on Pen Testing

23:42 The Future of Pen Testing and Learning for Beginners

26:28 Navigating Active Directory and Pen Testing Tools

27:35 Essential Training for Web App Pen Testing

30:34 Advice for Aspiring Pen Testers

32:30 Exploring AI and Learning Resources

37:05 Personal Interests and Hobbies

39:17 Living in Austin and Local Music Scene

SYMLINKS

[LinkedIn] – https://www.linkedin.com/in/coreylebleu/Primary platform Corey recommends for connecting with him professionally.

[Relic Security] – https://www.relixsecurity.com/Cybersecurity consulting firm founded and run by Corey LeBleu, focused primarily on web application penetration testing and offensive security work.

[PortSwigger Academy] – https://portswigger.net/web-securityA free and advanced online training platform for web application security, created by the makers of Burp Suite. Recommended by Corey as one of the best learning resources for modern web app pentesting.

[Burp Suite] – https://portswigger.net/burpA widely used web application security testing tool. Corey emphasizes learning Burp Suite as a core skill for anyone entering web app penetration testing.

[OWASP Juice Shop] – https://owasp.org/www-project-juice-shop/An intentionally vulnerable web application created by OWASP for learning and practicing web security testing.

[OWASP – Open Web Application Security Project] – https://owasp.orgA global nonprofit organization focused on improving software security. Corey previously ran an OWASP project and references OWASP tools and resources throughout his career.

[SANS Institute] – https://www.sans.orgA major cybersecurity training and certification organization, referenced in relation to early penetration testing education and the high cost of formal training.

[Hack The Box] – https://www.hackthebox.comAn online platform for practicing penetration testing skills in simulated environments.

[PromptFoo] – https://promptfoo.devA tool for testing, evaluating, and securing LLM prompts. Mentioned in the context of prompt injection and AI security experimentation.

[PyTorch] – https://pytorch.orgAn open-source machine learning framework widely used for deep learning and AI research. Corey mentions it as part of his learning path for understanding how LLMs work.

[Hugging Face] – https://huggingface.coAn AI platform providing open-source models, datasets, and tools for machine learning and LLM experimentation.