SlideShare une entreprise Scribd logo

Entrepreneurship for hackers

S
snyff

Slides of my talk at Christchurch CON 2019 on "Entrepreneurship for Hackers"

Ingénierie
1  sur  39
Télécharger pour lire hors ligne
Entrepreneurship for Hackers “A thing or two I learnt while building PentesterLab” Louis Nyffenegger <louis@pentesterlab.com> @PentesterLab / @snyff
About me Louis Nyffenegger Security Engineer Diploma in Computer Architecture from a French Engineering school (+ master degree in security) in 2006 Moved to Australia in 2009 Security Consultant (2006) -> Pentester (2009) -> Code Reviewer (2012) -> AppSec/DevSecOps (2014)
The security industry! The Market for Lemons Buyers are not necessarily knowledgeable (but it’s changing) Hackers think they can rewrite your product in a week-end of hacking (or maybe 2…) Funding for anything with Cyber in the name (double that if AI)…
Timing! Very special time Compute is cheap Most products don’t dockerize well Most products don’t cloudify well Most products don’t CI/CD well People who used to be (very) technical are now in leadership roles
Why this talk? The media focuses on the wrong aspects: • Funding rounds • Exit from founders • Revolutionary products No one cares about a small founder that had a good year… 
 No one cares about products that just do solve an actually problem.
PentesterLab First version of the site One exercise as ISO and course as PDF for sale $9.99 Everything for free ! Around 6 exercises as ISO and course Trying to build a PRO version… and failing! First release of PentesterLab PRO $19.99 per month 5 PRO exercises Soft launch December 2011 ~ July 2012 December 2014 Novembre 2015
PentesterLab First enterprise client 33 exercises First PRO customer Still Full Time > 250 exercises Working Full Time on PentesterLab 194 exercises June 2016 Late November 2015 Today October 2018
PentesterLab First enterprise client 33 exercises First PRO customer Still Full Time > 250 exercises Working Full Time on PentesterLab 194 exercises June 2016 Late November 2015 Today October 2018 AN OVERNIGHT SUCCESS 🤔
The IDEA Something that scales and compounds Something you love Something people are willing to pay for Something you are good at
Something scalable… SCALABLENOTSCALABLE 1 Unit of Work 3 Units of Work 5 Units of Work 20 Units of Work
Something compoundable… COUMPOUNDABLE!COMPOUNDABLE After 1 month After 3 months After 1 year After 3 years
The IDEA Something that scales and compounds Something you love Something people are willing to pay for Something you are good at • Don’t try to be everything • Don’t try to be for everyone • Solve a problem you have • Solve a problem people have • Try to leverage your unfair advantage/strengths • Something ethical • Something non critical (your customers’ SLA shouldn't rely on you) • Pivot!
The IDEA: common misconceptions Needstobeoriginal • Most likely someone thought about it before you did • If no one thought about it, it is maybe because no one cares (aside from you) Needstobehuge NeedstobeprotectedNeedstobecool • You don’t need to be the next Facebook/RSA/ Twitter • You don’t need a huge part of a huge cake • It just needs to be sustainable • If you rely on the fact that your idea is not public, you will most likely have a big surprise once it is • If you protect your idea, you don’t get any feedback • Anti-Reversing, Anti-X, … and spending more time protecting the idea than building it • Software patent == EVIL • Sometimes boring products solve real problems • You can add the “cool” later on!
Bad Ideas • AI for Blockchain Security • Web Application Firewall based on AI • Cloud based Vulnerability Detection • Code review tool Better Ideas • Fuzzers Integrated in CI/CD for firmware developers • Vulnerability Assessment for docker images • Web Scanner for QA testers • Code review tool integrating in CI/CD for appsec teams • Something that actually helps increase security
The IDEA: common misconceptions http://christophjanz.blogspot.com/2014/10/five- ways-to-build-100-million-business.html
The IDEA: common misconceptions $100K Business
The IDEA: common misconceptions $100K Business The Safe & Sweet Zone
The IDEA: common misconceptionsAwful idea = -1 Weak idea = 1 So-so idea = 5 Good idea = 10 Great idea = 15 Brilliant idea = 20 No execution = $1 Weak execution = $1000 So-so execution = $10,000 Good execution = $100,000 Great execution = $1,000,000 Brilliant execution = $10,000,000 To make a business, you need to multiply the two.
Funding Try to avoid external funding If you do it, read carefully the terms (money is great, keeping control of your company is greater) Try to wait for as long as possible Disclaimer: from my limited experience with funding People funding business are not here for a nice&profitable business they want multipliers (10x, 100x)
Avoid making a business with a free product People are going to love you at first! It’s all fine until you need to make money Ads… Not sustainable Selling user’s data It’s hard to get back to a paid model
Pricing Disclaimer: I did terrible at this Base your prices on the value you are bringing to your customers Don’t base your prices on the time it takes you KISS: Keep It Simple Stupid! Don’t base your prices on how much it costs you (time or $ amount) The impact of low pricing…
Co-Founders? Try to find one… it’s hard Try to find one… it gets lonely Try to get someone who is the opposite of you in term of skills It’s kind of like dating/getting married: • Make sure you know what you are getting into • Make it official Try to get someone who is the opposite of you in term of background (avoid image below)
Employees Avoid hiring until you cannot anymore: • Try to automate first (or avoid doing) • Try to use freelancers • Every person you hire will impact the ability of your company to survive Try to get people who are the opposite of you in term of background (avoid image below)
Minimum Viable Product Wikipedia: “A minimum viable product (MVP) is a product with just enough features to satisfy early customers and provide feedback for future product development” Just enough features Satisfy early customers Provide feedback for future product development
Minimum Viable Product
Minimum Viable Product
Minimum Viable Product
Minimum Viable Product
Marketing Try to avoid ads Think of things that your customers like Don't spend money on big events (RSA/…) Do things that don't scale Do something unique
Services you can use
Things you will need Sysadmin 101 Programming 101 Business 101
Final advice…
People on the Internet can be Jerks
BUT “Don’t let the rare liar control your policy in every interaction and hijack good business decisions with paranoia”
Integrate a feedback loop in your product as soon as possible
Don’t underestimate your skills or how hard something may be for someone else
Don't worry about billing and issuing invoices… it's pretty easy (for hackers) and if you get it wrong people will tell/ help you
Stop making excuses and just do it!
Thank you! Thanks for your time! @snyff / @pentesterLab louis@pentesterlab.com

Recommandé

Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The WebMichael Coates
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Técnicas de Invasão - INFOESTE 2015
Técnicas de Invasão - INFOESTE 2015Técnicas de Invasão - INFOESTE 2015
Técnicas de Invasão - INFOESTE 2015C H
 
Black and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API VulnerabilitiesBlack and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API VulnerabilitiesMatt Tesauro
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 

Recommandé

Peeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityPeeling the Onion: Making Sense of the Layers of API Security
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
Bug Bounty Programs For The Web
Bug Bounty Programs For The WebBug Bounty Programs For The Web
Bug Bounty Programs For The WebMichael Coates
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Técnicas de Invasão - INFOESTE 2015
Técnicas de Invasão - INFOESTE 2015Técnicas de Invasão - INFOESTE 2015
Técnicas de Invasão - INFOESTE 2015C H
 
Black and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API VulnerabilitiesBlack and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API VulnerabilitiesMatt Tesauro
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Red7 Software Application Security Threat Modeling
Red7 Software Application Security Threat ModelingRed7 Software Application Security Threat Modeling
Red7 Software Application Security Threat ModelingRobert Grupe, CSSLP CISSP PE PMP
 
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsDenis Kolegov
 
Dica 02 - Como mitigar os ataques de SQL Injection em aplicações WEB
Dica 02 - Como mitigar os ataques de SQL Injection em aplicações WEBDica 02 - Como mitigar os ataques de SQL Injection em aplicações WEB
Dica 02 - Como mitigar os ataques de SQL Injection em aplicações WEBAlcyon Ferreira de Souza Junior, MSc
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Log Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinLog Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You..."Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...Izar Tarandach
 
How to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteHow to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteVu Long Tran
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk Splunk
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriBGA Cyber Security
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchLior Rotkovitch
 
Scalable threat modelling with risk patterns
Scalable threat modelling with risk patternsScalable threat modelling with risk patterns
Scalable threat modelling with risk patternsStephen de Vries
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Starting startups
Starting startupsStarting startups
Starting startupsStuart Bertsch
 
Updated: You Have An Idea ... Do You Have A Business?
Updated: You Have An Idea ... Do You Have A Business?Updated: You Have An Idea ... Do You Have A Business?
Updated: You Have An Idea ... Do You Have A Business?Marty Kaszubowski
 

Contenu connexe

Tendances

Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsDenis Kolegov
 
Dica 02 - Como mitigar os ataques de SQL Injection em aplicações WEB
Dica 02 - Como mitigar os ataques de SQL Injection em aplicações WEBDica 02 - Como mitigar os ataques de SQL Injection em aplicações WEB
Dica 02 - Como mitigar os ataques de SQL Injection em aplicações WEBAlcyon Ferreira de Souza Junior, MSc
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Log Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinLog Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You..."Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...Izar Tarandach
 
How to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteHow to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteVu Long Tran
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk Splunk
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriBGA Cyber Security
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchLior Rotkovitch
 
Scalable threat modelling with risk patterns
Scalable threat modelling with risk patternsScalable threat modelling with risk patterns
Scalable threat modelling with risk patternsStephen de Vries
 

Tendances (20)

Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
Red7 Software Application Security Threat Modeling
Red7 Software Application Security Threat ModelingRed7 Software Application Security Threat Modeling
Red7 Software Application Security Threat Modeling
 
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
F5 BIG-IP Misconfigurations
F5 BIG-IP MisconfigurationsF5 BIG-IP Misconfigurations
F5 BIG-IP Misconfigurations
 
Dica 02 - Como mitigar os ataques de SQL Injection em aplicações WEB
Dica 02 - Como mitigar os ataques de SQL Injection em aplicações WEBDica 02 - Como mitigar os ataques de SQL Injection em aplicações WEB
Dica 02 - Como mitigar os ataques de SQL Injection em aplicações WEB
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Log Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinLog Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton Chuvakin
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You..."Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
 
How to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteHow to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your website
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk
 
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve ÇeşitleriTemel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
Temel Kavramlar, DoS/DDoS Saldırıları ve Çeşitleri
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Asm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitchAsm bot mitigations v3 final- lior rotkovitch
Asm bot mitigations v3 final- lior rotkovitch
 
Scalable threat modelling with risk patterns
Scalable threat modelling with risk patternsScalable threat modelling with risk patterns
Scalable threat modelling with risk patterns
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 

Similaire à Entrepreneurship for hackers

Updated: You Have An Idea ... Do You Have A Business?
Updated: You Have An Idea ... Do You Have A Business?Updated: You Have An Idea ... Do You Have A Business?
Updated: You Have An Idea ... Do You Have A Business?Marty Kaszubowski
 
Starting a business as engineers: algorithms aren't everything
Starting a business as engineers: algorithms aren't everythingStarting a business as engineers: algorithms aren't everything
Starting a business as engineers: algorithms aren't everythingAlja Isakovic
 
What to expect from investing in startups
What to expect from investing in startupsWhat to expect from investing in startups
What to expect from investing in startupsBenoit Wirz
 
Agile product development
Agile product developmentAgile product development
Agile product developmentBrenn Hill
 
Final cycles overview jan 2019 with toolkit
Final cycles overview jan 2019 with toolkitFinal cycles overview jan 2019 with toolkit
Final cycles overview jan 2019 with toolkitBryan Cassady
 
Lean Startup - Dr. Tendayi Viki - BCS Kent Branch Event [AUDIO]
Lean Startup - Dr. Tendayi Viki - BCS Kent Branch Event [AUDIO]Lean Startup - Dr. Tendayi Viki - BCS Kent Branch Event [AUDIO]
Lean Startup - Dr. Tendayi Viki - BCS Kent Branch Event [AUDIO]Jose Casal-Gimenez FBCS CITP
 
The incumbent’s playbook for launching a vertical SaaS product (Directions EM...
The incumbent’s playbook for launching a vertical SaaS product (Directions EM...The incumbent’s playbook for launching a vertical SaaS product (Directions EM...
The incumbent’s playbook for launching a vertical SaaS product (Directions EM...Martin Karlowitsch
 
Build Winning Products
Build Winning ProductsBuild Winning Products
Build Winning ProductsTathagat Varma
 
Leveraging on scalable technology to expand regionally
Leveraging on scalable technology to expand regionallyLeveraging on scalable technology to expand regionally
Leveraging on scalable technology to expand regionallyMichael Smith Jr.
 
Cycles: The simplest, proven way to build your business
Cycles: The simplest, proven way to build your businessCycles: The simplest, proven way to build your business
Cycles: The simplest, proven way to build your businessBryan Cassady
 
ENTREPRENEURSHIP_PRESENTATION[1].pdf
ENTREPRENEURSHIP_PRESENTATION[1].pdfENTREPRENEURSHIP_PRESENTATION[1].pdf
ENTREPRENEURSHIP_PRESENTATION[1].pdfMUHUMUZAONAN1
 
EDHEC Course Introduction
EDHEC Course Introduction EDHEC Course Introduction
EDHEC Course Introduction Bryan Cassady
 
Class 1: Introduction to web technology entrepreneurship
Class 1: Introduction to web technology entrepreneurship Class 1: Introduction to web technology entrepreneurship
Class 1: Introduction to web technology entrepreneurship allanchao
 
The Care and Feeding of Ideas
The Care and Feeding of IdeasThe Care and Feeding of Ideas
The Care and Feeding of Ideas_gmathur
 
Secrets of Starting a Winning Company: annotated by Elton
Secrets of Starting a Winning Company: annotated by EltonSecrets of Starting a Winning Company: annotated by Elton
Secrets of Starting a Winning Company: annotated by EltonElton Sherwin
 
The 7 myths of speed .
The 7 myths of speed .The 7 myths of speed .
The 7 myths of speed .Bryan Cassady
 
Now is the best time to start a company… Now what?
Now is the best time to start a company… Now what?Now is the best time to start a company… Now what?
Now is the best time to start a company… Now what?Brian Kelly
 
Presentation to NY Tech Meetup Student Group
Presentation to NY Tech Meetup Student GroupPresentation to NY Tech Meetup Student Group
Presentation to NY Tech Meetup Student GroupSan Kim
 

Similaire à Entrepreneurship for hackers (20)

Starting startups
Starting startupsStarting startups
Starting startups
 
Updated: You Have An Idea ... Do You Have A Business?
Updated: You Have An Idea ... Do You Have A Business?Updated: You Have An Idea ... Do You Have A Business?
Updated: You Have An Idea ... Do You Have A Business?
 
Starting a business as engineers: algorithms aren't everything
Starting a business as engineers: algorithms aren't everythingStarting a business as engineers: algorithms aren't everything
Starting a business as engineers: algorithms aren't everything
 
What to expect from investing in startups
What to expect from investing in startupsWhat to expect from investing in startups
What to expect from investing in startups
 
Agile product development
Agile product developmentAgile product development
Agile product development
 
Final cycles overview jan 2019 with toolkit
Final cycles overview jan 2019 with toolkitFinal cycles overview jan 2019 with toolkit
Final cycles overview jan 2019 with toolkit
 
Lean Startup - Dr. Tendayi Viki - BCS Kent Branch Event [AUDIO]
Lean Startup - Dr. Tendayi Viki - BCS Kent Branch Event [AUDIO]Lean Startup - Dr. Tendayi Viki - BCS Kent Branch Event [AUDIO]
Lean Startup - Dr. Tendayi Viki - BCS Kent Branch Event [AUDIO]
 
The incumbent’s playbook for launching a vertical SaaS product (Directions EM...
The incumbent’s playbook for launching a vertical SaaS product (Directions EM...The incumbent’s playbook for launching a vertical SaaS product (Directions EM...
The incumbent’s playbook for launching a vertical SaaS product (Directions EM...
 
Build Winning Products
Build Winning ProductsBuild Winning Products
Build Winning Products
 
Leveraging on scalable technology to expand regionally
Leveraging on scalable technology to expand regionallyLeveraging on scalable technology to expand regionally
Leveraging on scalable technology to expand regionally
 
Lean thinking and the agile culture
Lean thinking and the agile cultureLean thinking and the agile culture
Lean thinking and the agile culture
 
Cycles: The simplest, proven way to build your business
Cycles: The simplest, proven way to build your businessCycles: The simplest, proven way to build your business
Cycles: The simplest, proven way to build your business
 
ENTREPRENEURSHIP_PRESENTATION[1].pdf
ENTREPRENEURSHIP_PRESENTATION[1].pdfENTREPRENEURSHIP_PRESENTATION[1].pdf
ENTREPRENEURSHIP_PRESENTATION[1].pdf
 
EDHEC Course Introduction
EDHEC Course Introduction EDHEC Course Introduction
EDHEC Course Introduction
 
Class 1: Introduction to web technology entrepreneurship
Class 1: Introduction to web technology entrepreneurship Class 1: Introduction to web technology entrepreneurship
Class 1: Introduction to web technology entrepreneurship
 
The Care and Feeding of Ideas
The Care and Feeding of IdeasThe Care and Feeding of Ideas
The Care and Feeding of Ideas
 
Secrets of Starting a Winning Company: annotated by Elton
Secrets of Starting a Winning Company: annotated by EltonSecrets of Starting a Winning Company: annotated by Elton
Secrets of Starting a Winning Company: annotated by Elton
 
The 7 myths of speed .
The 7 myths of speed .The 7 myths of speed .
The 7 myths of speed .
 
Now is the best time to start a company… Now what?
Now is the best time to start a company… Now what?Now is the best time to start a company… Now what?
Now is the best time to start a company… Now what?
 
Presentation to NY Tech Meetup Student Group
Presentation to NY Tech Meetup Student GroupPresentation to NY Tech Meetup Student Group
Presentation to NY Tech Meetup Student Group
 

Plus de snyff

JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5usnyff
 
Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)snyff
 
Entomology 101
Entomology 101Entomology 101
Entomology 101snyff
 
Jwt == insecurity?
Jwt == insecurity?Jwt == insecurity?
Jwt == insecurity?snyff
 
Finding Needles in Haystacks
Finding Needles in HaystacksFinding Needles in Haystacks
Finding Needles in Haystackssnyff
 
Defcon CTF quals
Defcon CTF qualsDefcon CTF quals
Defcon CTF qualssnyff
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661snyff
 
Ln monitoring repositories
Ln monitoring repositoriesLn monitoring repositories
Ln monitoring repositoriessnyff
 
Owasp tds
Owasp tdsOwasp tds
Owasp tdssnyff
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railssnyff
 
Harder Faster Stronger
Harder Faster StrongerHarder Faster Stronger
Harder Faster Strongersnyff
 

Plus de snyff (11)

JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
 
Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)Code that gets you pwn(s|'d)
Code that gets you pwn(s|'d)
 
Entomology 101
Entomology 101Entomology 101
Entomology 101
 
Jwt == insecurity?
Jwt == insecurity?Jwt == insecurity?
Jwt == insecurity?
 
Finding Needles in Haystacks
Finding Needles in HaystacksFinding Needles in Haystacks
Finding Needles in Haystacks
 
Defcon CTF quals
Defcon CTF qualsDefcon CTF quals
Defcon CTF quals
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661
 
Ln monitoring repositories
Ln monitoring repositoriesLn monitoring repositories
Ln monitoring repositories
 
Owasp tds
Owasp tdsOwasp tds
Owasp tds
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to rails
 
Harder Faster Stronger
Harder Faster StrongerHarder Faster Stronger
Harder Faster Stronger
 

Dernier

Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 

Dernier (20)

🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 

Entrepreneurship for hackers

  • 1. Entrepreneurship for Hackers “A thing or two I learnt while building PentesterLab” Louis Nyffenegger <louis@pentesterlab.com> @PentesterLab / @snyff
  • 2. About me Louis Nyffenegger Security Engineer Diploma in Computer Architecture from a French Engineering school (+ master degree in security) in 2006 Moved to Australia in 2009 Security Consultant (2006) -> Pentester (2009) -> Code Reviewer (2012) -> AppSec/DevSecOps (2014)
  • 3. The security industry! The Market for Lemons Buyers are not necessarily knowledgeable (but it’s changing) Hackers think they can rewrite your product in a week-end of hacking (or maybe 2…) Funding for anything with Cyber in the name (double that if AI)…
  • 4. Timing! Very special time Compute is cheap Most products don’t dockerize well Most products don’t cloudify well Most products don’t CI/CD well People who used to be (very) technical are now in leadership roles
  • 5. Why this talk? The media focuses on the wrong aspects: • Funding rounds • Exit from founders • Revolutionary products No one cares about a small founder that had a good year… 
 No one cares about products that just do solve an actually problem.
  • 6. PentesterLab First version of the site One exercise as ISO and course as PDF for sale $9.99 Everything for free ! Around 6 exercises as ISO and course Trying to build a PRO version… and failing! First release of PentesterLab PRO $19.99 per month 5 PRO exercises Soft launch December 2011 ~ July 2012 December 2014 Novembre 2015
  • 7. PentesterLab First enterprise client 33 exercises First PRO customer Still Full Time > 250 exercises Working Full Time on PentesterLab 194 exercises June 2016 Late November 2015 Today October 2018
  • 8. PentesterLab First enterprise client 33 exercises First PRO customer Still Full Time > 250 exercises Working Full Time on PentesterLab 194 exercises June 2016 Late November 2015 Today October 2018 AN OVERNIGHT SUCCESS 🤔
  • 9. The IDEA Something that scales and compounds Something you love Something people are willing to pay for Something you are good at
  • 10. Something scalable… SCALABLENOTSCALABLE 1 Unit of Work 3 Units of Work 5 Units of Work 20 Units of Work
  • 12. The IDEA Something that scales and compounds Something you love Something people are willing to pay for Something you are good at • Don’t try to be everything • Don’t try to be for everyone • Solve a problem you have • Solve a problem people have • Try to leverage your unfair advantage/strengths • Something ethical • Something non critical (your customers’ SLA shouldn't rely on you) • Pivot!
  • 13. The IDEA: common misconceptions Needstobeoriginal • Most likely someone thought about it before you did • If no one thought about it, it is maybe because no one cares (aside from you) Needstobehuge NeedstobeprotectedNeedstobecool • You don’t need to be the next Facebook/RSA/ Twitter • You don’t need a huge part of a huge cake • It just needs to be sustainable • If you rely on the fact that your idea is not public, you will most likely have a big surprise once it is • If you protect your idea, you don’t get any feedback • Anti-Reversing, Anti-X, … and spending more time protecting the idea than building it • Software patent == EVIL • Sometimes boring products solve real problems • You can add the “cool” later on!
  • 14. Bad Ideas • AI for Blockchain Security • Web Application Firewall based on AI • Cloud based Vulnerability Detection • Code review tool Better Ideas • Fuzzers Integrated in CI/CD for firmware developers • Vulnerability Assessment for docker images • Web Scanner for QA testers • Code review tool integrating in CI/CD for appsec teams • Something that actually helps increase security
  • 15. The IDEA: common misconceptions http://christophjanz.blogspot.com/2014/10/five- ways-to-build-100-million-business.html
  • 16. The IDEA: common misconceptions $100K Business
  • 17. The IDEA: common misconceptions $100K Business The Safe & Sweet Zone
  • 18. The IDEA: common misconceptionsAwful idea = -1 Weak idea = 1 So-so idea = 5 Good idea = 10 Great idea = 15 Brilliant idea = 20 No execution = $1 Weak execution = $1000 So-so execution = $10,000 Good execution = $100,000 Great execution = $1,000,000 Brilliant execution = $10,000,000 To make a business, you need to multiply the two.
  • 19. Funding Try to avoid external funding If you do it, read carefully the terms (money is great, keeping control of your company is greater) Try to wait for as long as possible Disclaimer: from my limited experience with funding People funding business are not here for a nice&profitable business they want multipliers (10x, 100x)
  • 20. Avoid making a business with a free product People are going to love you at first! It’s all fine until you need to make money Ads… Not sustainable Selling user’s data It’s hard to get back to a paid model
  • 21. Pricing Disclaimer: I did terrible at this Base your prices on the value you are bringing to your customers Don’t base your prices on the time it takes you KISS: Keep It Simple Stupid! Don’t base your prices on how much it costs you (time or $ amount) The impact of low pricing…
  • 22. Co-Founders? Try to find one… it’s hard Try to find one… it gets lonely Try to get someone who is the opposite of you in term of skills It’s kind of like dating/getting married: • Make sure you know what you are getting into • Make it official Try to get someone who is the opposite of you in term of background (avoid image below)
  • 23. Employees Avoid hiring until you cannot anymore: • Try to automate first (or avoid doing) • Try to use freelancers • Every person you hire will impact the ability of your company to survive Try to get people who are the opposite of you in term of background (avoid image below)
  • 24. Minimum Viable Product Wikipedia: “A minimum viable product (MVP) is a product with just enough features to satisfy early customers and provide feedback for future product development” Just enough features Satisfy early customers Provide feedback for future product development
  • 29. Marketing Try to avoid ads Think of things that your customers like Don't spend money on big events (RSA/…) Do things that don't scale Do something unique
  • 31. Things you will need Sysadmin 101 Programming 101 Business 101
  • 33. People on the Internet can be Jerks
  • 34. BUT “Don’t let the rare liar control your policy in every interaction and hijack good business decisions with paranoia”
  • 35. Integrate a feedback loop in your product as soon as possible
  • 36. Don’t underestimate your skills or how hard something may be for someone else
  • 37. Don't worry about billing and issuing invoices… it's pretty easy (for hackers) and if you get it wrong people will tell/ help you
  • 38. Stop making excuses and just do it!
  • 39. Thank you! Thanks for your time! @snyff / @pentesterLab louis@pentesterlab.com