The Art of Red Teaming with Shani Peled

07/04/23 • 27 min

About The Guest: Shani is a young and talented offensive security professional who has made a name for herself in the industry. With a background in computer science and physics, she started her cybersecurity journey in the Israeli intelligence course during her military service. After gaining valuable experience in the army, she joined CYE, where she currently works as a Red Teamer. Shani is passionate about helping organizations improve their security posture and enjoys the challenge of finding unique entry points and assessing real risks. Summary: In this episode, Phillip Wylie interviews Shani, a talented Red Teamer at CYE. Shani shares her journey into the cybersecurity world, starting with her military service in the Israeli intelligence course. She highlights the importance of hands-on training and the unique skills required to be successful in the Red Team industry. Shani also discusses the challenges faced by organizations in prioritizing vulnerabilities and assessing real risks. She emphasizes the need for Red Teamers to think like real attackers and understand the crown jewels of the organizations they are testing. Shani also dives into the world of cloud security and the common vulnerabilities she encounters during cloud assessments. She stresses the importance of proper cloud migration and the responsibility organizations have in securing their cloud environments. Throughout the conversation, Shani provides valuable insights and advice for aspiring Red Teamers, emphasizing the need for passion, creativity, and a deep understanding of the IT world. Key Takeaways: Prioritizing vulnerabilities and assessing real risks is a major challenge for organizations. Red Teamers should think like real attackers and understand the crown jewels of the organizations they are testing. Misconfigurations in storing technical secrets and exposed resources are common vulnerabilities in cloud environments. Proper cloud migration is crucial, and organizations have a responsibility to understand their cloud environment and secure it. Red Teamers should focus on reconnaissance and understand the techniques behind tools to be effective in their assessments. Shani's LinkedIn: https://www.linkedin.com/in/shani-peled-28b3211a3/ CYE LinkedIn and website: https://www.linkedin.com/company/cyesec/ https://cyesec.com/

Previous Episode

The Power of Bug Bounty Automation with Nenad Zaric

About The Guest(s):

Nenad Zarick is a cybersecurity expert and the founder of Trickest, a platform that automates offensive security workflows. With over 15 years of experience in the field, Nenad has a deep understanding of bug bounty programs and the importance of automation in cybersecurity.

Summary:

In this episode, Phillip interviews Nenad Zaric, the founder of Trickest, a platform that automates offensive security workflows. Nenad shares his background in cybersecurity and how he got started in bug bounty programs. He emphasizes the importance of automation in bug bounty and explains how Trickest can help bug hunters optimize their efforts. Nenad gives a live demo of the platform, showcasing its features and capabilities. He also discusses the scalability of the platform and the benefits of automation in the future of cybersecurity.

Key Takeaways: Bug bounty hunters need to automate their workflows to be successful.Trickest allows users to easily automate offensive security workflows without the need for manual scripting.The platform integrates various tools and provides a visual interface for building workflows.Users can schedule workflows and execute them on multiple machines for scalability.Automation is the key to the future of cybersecurity and can save time and improve efficiency.

Nenad's and Trickest's social media and website:

https://twitter.com/ZaricNenad_

https://www.linkedin.com/in/nenad-zaric/

https://twitter.com/trick3st

https://www.linkedin.com/company/trickest/

https://trickest.com/