7MS #458: Interview with Tanya Janca
7 Minute Security11 Mars 2021

7MS #458: Interview with Tanya Janca

Today we're super excited to share a featured interview with Tanya Janca of WeHackPurple!

Tanya has been in software development from the moment she was of legal age to work in Canada - beginning by working with some huge companies (Nokia/Adobe) before falling in love with application security and eventually starting a company of her own. Gh0sthax and I sat down with Tanya over Zoom to discuss:

  • How to overcome your fears and present at conferences, write blog posts and even start your own company!
  • How to deal with online jackwagons who troll you online at conferences
  • The importance of finding a mentor and mentoring others

Also, here are a bunch of handy links and hashtags Tanya shares throughout the interview:

  • Bob and Alice Learn Application Security - Tanya's book, available on Amazon
  • Women of Security (WoSEC)
  • We Hack Purple Podcast - weekly podcast with a diverse range of guests from all walks of infosec life
  • We Hack Purple Community - "a Canadian company dedicated to helping anyone and everyone create secure software."
  • Tanya's music on Spotify
  • #CyberMentoringMonday - a hashtag that Tanya and other security professionals monitor to help people connect with cyber mentors
  • InsiderPHd - has a safe space for bug bounty hunters to learn and collaborate
  • WeAreHackerz - "You are welcome to join WeAreHackerz if you identify as a person of a marginalized gender, including but not limited to non-binary individuals, women (trans and cis), trans men, genderqueer, etc. We welcome members across all nationalities, races, religions, ages, or other characteristics that make each of us unique."
  • Security in Color

Avsnitt(695)

7MS #648: First Impressions of Level.io

7MS #648: First Impressions of Level.io

Hey friends, today I’m sharing my first (and non-sponsored) impressions of Level.io, a cool tool for managing Windows, Mac and Linux endpoints. It fits a nice little niche in our pentest dropbox deployments, it has an attractive price point and their support is fantastic.

1 Nov 202440min

7MS #647: How to Succeed in Business Without Really Crying – Part 19

7MS #647: How to Succeed in Business Without Really Crying – Part 19

Today we’re talkin’ business – specifically how to make your report delivery meetings calm, cool and collect (both for you and the client!).

25 Okt 202422min

7MS #646: Baby’s First Incident Response with Velociraptor

7MS #646: Baby’s First Incident Response with Velociraptor

Hey friends, today I’m putting my blue hat on and dipping my toes in incident response by way of playing with Velociraptor, a very cool (and free!) tool to find evil in your environment.  Perhaps even better than the price tag, Velociraptor runs as a single binary you can deploy to spin up a server and then request endpoints to “phone home” to you by way of GPO scheduled task.  The things I talk about in this episode and show in the YouTube stream are all based off of this awesome presentation from Eric Capuano, who also was kind enough to publish a handout to accompany the presentation.  And on a personal note, I wanted to share that Velociraptor has got me interested in jumping face first into some tough APT labs provided by XINTRA.  More to come on XINTRA’s offering, but so far I’m very impressed!

18 Okt 202416min

7MS #645: How to Succeed in Business Without Really Crying - Part 18

7MS #645: How to Succeed in Business Without Really Crying - Part 18

Today I do a short travelogue about my trip to Washington, geek out about some cool training I did with Velociraptor, ponder drowning myself in blue team knowledge with XINTRA LABS, and share some thoughts about the conference talk I gave called 7 Ways to Panic a Pentester.

14 Okt 202431min

7MS #644: Tales of Pentest Pwnage – Part 64

7MS #644: Tales of Pentest Pwnage – Part 64

Hey!  I’m speaking in Wanatchee, Washington next week at the NCESD conference about 7 ways to panic a pentester!  Today’s tale of pentest pwnage is a great reminder to enumerate, enumerate, enumerate!  It also emphases that cracking NETLM/NETNTLMv1 isn’t super easy to remember the steps for (at least for me) but this crack.sh article makes it a bit easier!

4 Okt 202441min

7MS #643: DIY Pentest Dropbox Tips – Part 11

7MS #643: DIY Pentest Dropbox Tips – Part 11

Today we continue where we left off in episode 641, but this time talking about how to automatically deploy and install a Ubuntu-based dropbox!  I also share some love for exegol as an all-in-one Active Directory pentesting platform.

27 Sep 202426min

7MS #642: Interview with Ron Cole of Immersive Labs

7MS #642: Interview with Ron Cole of Immersive Labs

Ron Cole of Immersive Labs joins us to talk pentest war stories, essential skills he learned while serving on a SOC, and the various pentest training and range platforms you can use to sharpen your security skills! Here are the links Ron shared during our discussion: VetSec Fortinet Veterans Program Immersive Labs Cyber Million FedVTE

23 Sep 202442min

7MS #641: DIY Pentest Dropbox Tips – Part 10

7MS #641: DIY Pentest Dropbox Tips – Part 10

Today we’re revisiting the fun world of automating pentest dropboxes using Proxmox, Ansible, Cursor and Level.  Plus, a tease about how all this talk about automation is getting us excited for a long-term project: creating a free/community edition of Light Pentest LITE training!

13 Sep 202427min

Populärt inom Politik & nyheter

aftonbladet-krim
motiv
svd-dokumentara-berattelser-2
p3-krim
rss-krimstad
svenska-fall
fordomspodden
rss-viva-fotboll
flashback-forever
aftonbladet-daily
rss-sanning-konsekvens
olyckan-inifran
grans
rss-vad-fan-hande
rss-flodet
rss-frandfors-horna
dagens-eko
rss-krimreportrarna
blenda-2
svd-nyhetsartiklar