RunAs Radio Pen Testing Yourself with Paula Januszkiewicz
Oct 16, 2024
Paula Januszkiewicz, founder of Secure Academy, shares her cybersecurity expertise, encouraging proactive vulnerability assessments. She highlights common oversights organizations make, particularly with PKI servers. The discussion delves into effective penetration testing tools while warning about the risks of unreliable sources. Paula emphasizes the need for ethical considerations in cybersecurity, balancing automated methods with manual assessments. She also touches on the importance of security awareness and services like 'Have I Been Pwned' to help prevent breaches.
AI Snips
Chapters
Transcript
Episode notes
Low-Hanging Fruit and Misconfigurations
- Hackers exploit low-hanging fruit vulnerabilities, which are becoming less common in modern infrastructures.
- Finding and exploiting sophisticated misconfigurations requires knowledge and connecting the dots, emphasizing the importance of cybersecurity knowledge.
Automated vs. Manual Pentesting
- Automate some security testing like vulnerability scanning.
- Conduct thorough manual penetration testing for in-depth checks, similar to regular hygiene versus professional hairdressing.
GitHub Credentials Leak
- A company's domain admin credentials were exposed on GitHub by a third-party developer.
- This public exposure led to a security breach, highlighting the risks of publishing sensitive information in open source repositories.