Hacker Answers Penetration Test Questions From Twitter | Tech Support | WIRED
HTML-код
- Опубликовано: 10 май 2024
- Hacker and expert security consultant Jayson E. Street joins WIRED to answer your penetration test questions from Twitter. What does penetration testing entail? What are some of the most underrated physical tools used for pen tests? How can I tell if my home wifi network is compromised?
Director: Justin Wolfson
Director of Photography: Rahil Ashruff
Editor: Richard Trammell
Expert: Jayson E. Street
Line Producer: Joseph Buscemi
Associate Producer: Brandon White
Production Manager: D. Eric Martinez
Production Coordinator: Fernando Davila
Casting Producer: Nicholas Sawyer
Camera Operator: Cloud
Sound Mixer: Brett Van Deusen
Production Assistant: Sonia Butt
Post Production Supervisor: Alexa Deutsch
Post Production Coordinator: Ian Bryant
Supervising Editor: Doug Larsen
Additional Editor: Paul Tael
Assistant Editor: Lauren Worona
Still haven’t subscribed to WIRED on RUclips? ►► wrd.cm/15fP7B7
Listen to the Get WIRED podcast ►► link.chtbl.com/wired-ytc-desc
Want more WIRED? Get the magazine ►► subscribe.wired.com/subscribe...
Follow WIRED:
Instagram ►► / wired
Twitter ►► / wired
Facebook ►► / wired
Tik Tok ►► / wired
Get more incredible stories on science and tech with our daily newsletter: wrd.cm/DailyYT
Also, check out the free WIRED channel on Roku, Apple TV, Amazon Fire TV, and Android TV.
ABOUT WIRED
WIRED is where tomorrow is realized. Through thought-provoking stories and videos, WIRED explores the future of business, innovation, and culture. - Наука
"Every employee is part of the security team" -- This is such a good take. I wish I could get my coworkers to understand this.
But how do you motivate completely uninterested employees to learn about IT security? (Assuming management is also just as uninterested.)
I certainly sense no interest assuming management spoke up.
They probably don't get paid enough to care about their normal job, let alone security
@@bpb210It's a culture thing. My team sends out pretty regular phishing tests via email that we send to specific departments, or all employees.
🔖Nah man, humans are just too stůpid. In my country, everyday we got dozens of warnings about text scams and everyday hundreds of people still fall victim. Humans have been getting scammed since the caveman days and they'll still get scammed til eternity, the technology just changes but the scams stay the same. MLM scams today are just modern variations of investment scams in the early 1900s.
As has often been said, the defenders (blue team) have to get it right every single time. The attackers (red team) only have to get it right once.
True, until the attackers get inside. Then they have to get it right each time to not get caught. They just need to make a single mistake to get caught by the blue team
@@basse889990 Truth. Makes my job much easier when your average hacker's first thought is "I'll start a cryptominer!".
@@basse889990 facts. But sadly I have often seen that eventho blue teams are able to detect, rapid containment can be incredible hard.
@@basse889990 again still much easier, its not the case that any single mistake will get them alerted. In some environments, monitoring may never pick up the attack happened, and companies only know when the data gets released or sent a ransom (this happens a lot...). Blue team has a much harder job every single time.
That’s not entirely true. Any bigger company will have multiple layers of defence. So you get through one you might get stopped on the next level. It’s usually also just about making it uneconomical to attack you. It’s like bicycle locks. There isn’t a lock that can’t be broken open in a few seconds if you have the right tools. Still if you want to protect your bicycle a bike lock is a very useful tool and if the bike next to you has a shittier lock it’s likely that bike will be stolen before yours.
He is not a pen tester, he is a full-blown secret agent.
Ummm, what do you think pen testing is? It's all corporate espionage or defense against it. Secret agent literally by definition.
Agree! The eyebrows give him away...
Bond.. James Bond
This "kind" of hacking is actually called Social Engineering, the reconnaissance part the guy was talking about. Look it up
Its amazing how much hacking occurs just by asking nicely.
Yep - most people think they are excellent judges of character, and when someone acts professional and polite while asking them for a simple innocent favor.... problems occur.
Not just hacking. A lot of crime is committed that way.
Pretending you belong somewhere also works.
I saw a video of a guy carrying a ladder and walking into buildings like he had a job to do.
He could go anywhere he wanted. Weirdest thing ever.
We think Ants are simple creatures. They trust everthing that carries a specific pheromone. In a corporate environment that's a badge and maybe a clipboard :)
almost every person want so act superior or feel superior, so if you act politely and as a newby looking for new things, you most probably are going to bypass a lot of human security because of that, it is something that sadly had happen to me some times i lost myself in a place, i usually end up with the staff at the staff side like a rookie, until they see that i am not of the staff and i am only lost, but at that point i am some steps of their boss, their servers or close/in to some critical building XD.
This guy communicates! Short and concise. Also...Wired...Give your editors a raise. They rule.
Wired Support is one of the best things on the internet. I think everything about it is perfect and I hope they never change it.
He's busy! Got things to do, companies to destroy...
(or help, as this case may be).
Yes this!!
become a CEO before asking other companies to give them the raise.
I think he should do a whole series on how us mere commoners can better protect our S!
It always scares me how little we, the average non-tech people, actually know about all this stuff
I didn't understand a single word he said lol
As a software engineer, you have no idea. It's only getting worse too. Due to the user friendliness of modern day technology (think today's iPhone vs Windows XP) users are required to know less and less about their technology because it "just works". Combine that with the Internet of Things, that so many devices connect to the internet, that even hacking someone's Wifi toaster could be a dangerous exploit in the wrong hands because that gave them access to everything on your network.
True. I know the bare minimum but I don't trust much so that helps.
99% of people use the same username and passwords for all sites and they don't use two-factor authentication. I'm a computer programmer and a hobbyist hacker and I can into people's Instagram and Facebook accounts. There are professional hackers out there that are 100 times better than me. Yeah that's a scary thought.
with great power comes great responsibility.
5:25 - The envelope trick is amazing, that's one I'd not considered before. I try to be as security conscious as possible, but I think I'd have fallen for that.
Yeah stuff like that and the email to the CEO about the conference are very scary. Not falling for random phishing attacks it one thing, but we usually aren't expecting anything that is more targeted.
- im sure that worked like a charm 20 years ago. these days a security camera will ID you dropping a weird envelope on the desk and the FBI will be at your door 5am ready to take you and all your computer crap down to the field office😅
Unless of course company execs don’t want a security cam in their office. IT and the security team might also not want cams in offices on the offchance the system gets compromised and now the intruders get unrestricted access to things they just need to lie low and wait around for. Bonus points if the surveillance system also includes audio.
@spg1794 Not all places that need good security have good security. Don't forget, leaders of companies are people, and people can be extremely stupid. That security breach that happened a few years ago with EA where hundreds of thousands of gamers' personal information was compromised? That was just a series of phone calls to get that information, and six months earlier guys like this dude told the CEO and Board that this was an extremely dangerous flaw, and they did nothing about it.
@@spg1794 even if they do get caught doesn't mean there won't be damages
I think the reason why email continues to be such an effective vector for attacks is because of the sheer volume of email people receive in a day. Especially in large companies where everyone is copied on everything
That is way too true. And then among all the clutter, someone sends a message about registering on a 3rd party website with your internal password, which you competently identify as an obvious phishing attempt, hah!
Only to find out it was actually your boss and he actually wants you to do that and he tells you in person, completely oblivious about everything.
The reason is HTML email, which effectively hides what’s actually in the message data. Links are disguised and lead to bogus sites. Another disaster we can thank Microsoft for.
His hot take is 100% accurate. Phishing is by far the most popular and effective way to penetrate an environment. It is far more tedious and cumbersome to develop sophisticated malware than it is to get an ignorant person to scan a QR code.
If everyone developed basic knowledge on how to identify phishing emails, there would likely be over a 90% reduction in cyber crime out there.
Im so happy seeing someone say this. I've been saying the same thing every time something gets "hacked." i don't even call phishing hacking because it's more like a scam.
Ah you again pretending to know what your talking about. Hot take, huh? This line has been said and has remained true for over 10 years, if anything thinks this is new information you truly have no idea about IT security. (which makes sense give your other inane comments trying to call out other people)
@@benhook1013 yeah I do know what I’m talking about since I hold both CISSP and OSCP. All I did was agree with his statement, but you went on a tangent about “new information”, which I never said it was. I’m guessing you’re just an internet rando “IT security” or sysadmin wannabe who thinks using wireshark makes him Mr Robot? 😂🤡
@@benhook1013 Is your iq low or are you simply ignorant?
Yep, scan a QR code or click a link that says, "Click here to learn how to avoid scams..."
I am a security engineer and I loved every bit of this video.
hey , i really want to know something. Can you tell the process to become a penetration test/ hacker ??
Skillset. Learn as much as you can and get good at it. @@sreyashkanjilal4929
@sreyashkanjilal4929 Learn I.T. Helpdesk and Networking first. Then pivot into focusing on network security.
Security gigs are an "after 5-10 years of experience" career.
Me too! I'm an ethical hacker/pentester
@@sreyashkanjilal4929 , nope, that's not a youtube block, I think it's a person removing replies, curious if the channel moderator is removing such posts.
Why do all pen-testers look like they were kicked through the Las Vegas strip
great way to describe it lol
through?
If this guy had an internship or some certification program I would 10000% sign up for his program
I love that his job title on his Microsoft badge is "hacker".
Didn't even look at that, that's hilarious.
@@GeekGamer666 yep, and that's the lesson, most people aren't actually checking.
...but he presents himself as a "penetration tester"...
@@benoitbvg2888 watch Jayson E Street's DEFCON presentations, as they've said above; many peeps are only looking at the surface level without even properly seeing what's in front of them
@@benoitbvg2888 how much people know what a "penetration tester" do? and how much people only assume that is a thing of informatics wich they do not want to talk?
I'm in college for cybersecurity engineering right now and this video was great, this guy explains a lot of these concepts very well for people who aren't familiar with the field
what are the requirements for getting into that field? I understand hardware far better than software, can barely code without using AI, but have thought about it. My local college says you need an degree in IT first, but they don't offer that sadly
@@mattc9598don't worry about the degree nonsense. You can learn software Online. You will be confused at first, but don't worry. Just use online resources.
@@mattc9598 interest in the field, mostly. As long as you're passionate you don't even need university to start as an analyst, I highly recommend researching certificates and requirements and just studying for those.
@mattc9598 what field exactly? It? Engineering? IT is very broad so if you can provide some additional information I may be able to point you in the right direction. What stuff are you interested in?
@@RealWorldMaverick exactly.. you dont really need a degree or even much technical knowledge to get into penetration testing. That is part of it but there are also people that specialize in the social engineering side of things. I would love to get into physical penetration testing. I listen to Darknet Diaries and that side of things honestly seems like a fun job. You are getting paid to get access to buildings and areas you shouldnt have access to.
Thanks for the blue team love! We love you right back, even if we don't always show it.
Also: clipboard + hi-vis vest is also an amazing pen test tool. Bonus points if you have the metal clipboard with storage. And practice a bored, slightly disgruntled (not full on angry) look. 30 bucks at Amazon and a few basic acting chops go a LONG way to getting you into places you shouldn't be.
just go ahead and credit Deviant Ollam, please
That’s real. Go Blue Team!
He knows who pays the bill.
@@error.418 sure, why not, even though I've done this as far back as the 1980s and I'm not the first to do it.
@@igmusicandflying Some people are too young to realize not everything originates on the the internet lol.
Need more of this! Definitely my favorite speaker and content thus far. Educational and entertaining
This guy is great. I'd love for him to return with more QA!
He's a very well-known name in the space. If you search his name on RUclips, you will find tons of speaking events that he's done over the years. It'll keep you busy for a while.
Oh man, you right. I'm about to binge right now lol. Thanks, @@johnmiller9931
@@johnmiller9931thx!
Hes done presentations at Defcon, he's very entertaining
WHT is his name
Even as a computer professional, and computer sales person for over 20 years, this video is still quite informative. Take the heart the information this gentleman has posted. It could save you and your company a lot of time.
More of this guy please. This stuff is so prevalent nowadays
Talked to a guy in IT connected to banks.
The hackers can scope people so well.
A CEO had his kid at a school. A major incident happened at that school. Within less than an hour they had sent a very official looking e-mail to the CEO with a link, that they said was for more information about the schools reaction amd which children were affected.
So they had scouter the CEO and his family, and set alerts to if media wrote anything about things such as the childs school.
Kinda scary
or they played a role in whatever happened
I worked at a high class hotel for some time and had to prepare a report where I wrote everything down I could find on the internet about our guests. You wouldn't believe how much info you get about millionaires/billionaires, just by googling them.
We have the rule if someone does not lock their laptop and walks away, it's fair game to send "I'll bring cake tomorrow!" in the company wide Slack channel. It's not much, but it's a start of some education about security. And cake.
I was told there would be cake but it was a lie. Taking my stapler was the last straw, so I burned down the building.
Clever! We used to change people's languages.
Ctrl-shift-Right (on Intel integrated graphics machines) is another good one for messing with people who leave their computer signed in.
Same way Rickrolling has been one of the best ways to teach people to be cautious about which links you click.
This was spectacular. The way Jayson communicates shows his mastery over the subject
I'm still amazed on how this guy can articulate all this information for anyone to understand!
One time I had to argue with my manager that the request to provide server credentials to a vendor is 100% a pen-test and I was not going to oblige. We argued for days over it and I did not budge and of course it turns out it was a pen-test. Sadly, this was in an IT department and IT management is pretty clueless when it comes to this and just "want things done".
You definitely could have rubbed that in their face, great job!
Not knowing technology is one thing, but people who brag about being computer illiterate is another thing. They lash out at people helping them with security advice. I see it everyday on Reddit; *"I don't need your security advice! I don't believe in this computer mumbo jumbo! I don't believe in all these threats! You people are just being paranoid!".*
Did you get promoted?
Is kinda sad and pathetic that some IT managers have 0 knowledge of basic cyber security measures
@@WarriorOfPieceThe Jen Barbers of the IT world. People persons.
I was an IT Security Admin for a big restaurant group. We had to go through PEN testing every year. I don't miss it one bit
hey , i really want to know something. Can you tell the process to become a penetration test/ hacker ??
I don't know how you guys sleep at night having to worry every minute about someone hacking into the systems you need to keep secure.
@@jameslarosa2396 Most of the time, we don't
you have to be really good at researching things on the internet instead of asking people for help thats step one lol@@sreyashkanjilal4929
I like to call it PEN15 testing and throw in as many phallic facsimiles as I can get away with in the report while playing dumb.
I'm CEH/OSCP myself and I have to say the information that was put out here is awesome. Way to go, and very well articulated. Lots to learn for those willing to - keep it up!
Good job Jayson! Hope to see you on more of these videos! Very informative.
Annual pen testing reminds you it is best to not trust anyone and treat everything as suspicious. This was another good reminder to be careful online.
Spear-phishing scares me the most. Some attempts are very hard to spot.
People in the security industry tend to express this a bit differently - "trust _BUT VERIFY"._
I've been spear phished more than a few times. Some of them are very convincing. It does make me wonder about the security of a platform like LinkedIn in conjunction with the standard first.lastname@companydomain. If email wasn't as easy to guess I think that would decrease phishing attacks of all kinds.
Phishing has become even more effective now that non-English speaking hackers can leverage LLM such as ChatGPT to write more convincing emails!
Absolutely true 😂 annual pen testing was the only time I got commended for being grumpy and telling front desk "I'm not expecting anyone, send them away" when red team tried to use me to get physical access to the building under the guise of a visit
@@julianakarasawa315 They're probably going to treat that as a competition for you guys haha
as a security tech, it feels almost illegal releasing this video lol.
The bad guys already know the tricks anyway. This is serving as education so other people know what to be wary of.
of course, was more of a joke. But lots about this video easily entices the wrong crowd @@XSemperIdem5
I enjoyed your video. I’m older going back to school at Devry for IT and Networking. At the moment got online classes dealing with Cisco security. The other wire, wireless and optical. There’s so much to learn and it’s getting more interesting as I get deeper into the tech world. I’m still on the surface while getting a solid understanding.
This is one of the best of this series, together with Burial Support. 😂
This guy kept me glued to the screen wanting to know more about what he had to say
Never would I ever pick a USB no matter how tempting it feels. Also loved it when asked "how to rob a bank" and he said that he knows but wouldn't tell 😂
Jason has done a talk at Defcon called “Steal Everything, Kill Everyone, Cause Total Financial Ruin!” where he breaks into a building using a piece of cardboard. Cannot recommend it enough.
I'm the opposite. I'd never ignore one and honestly, I'm surprised Jayson said he would. It seems far more plausible he's got a bunch of secure burner laptops he can use to plug them in and find out what other people are trying to hack with.
@@smnsmnsmn he's also gone on the Darknet Diaries podcast, Ep. 6
cause he doesn't know. it's much easier to rob a armored vehicle than it is to rob a bank.
This video is genuinely hilarious yet fascinating at the same time.
I think you spelled 'terrifying' wrong...
great explaining, jayson!
we need a part 2 of this.
This has to be one of my favorite Support videos on Wired (the others being Mortician Support and Doc Support). More of this, please! Very educational and enlightening.
So many great things going on in this video. Great explanations in plainly digestible terms of what can be opaque and jargon littered subject matter. Not only is the presenter genuinely excited by some of the questions, he obviously wants to share. Makes the content all that more authentic and enjoyable. This dude seems like he'd be a great co-worker and colleague!
3:19 He's being real here 😂😂😂
Report & documentation is the most challenging part of any job.
Yeah, I felt that one, too. When I was programming back in the day, 'What do you mean I have to document every single line of code?' And don't get me started on flowcharts. I had hair back then, and there were times I was pulling it out. It's all gone now, so who know what caused the baldness. At least my salt and pepper beard is working.
True. What's the most difficult part of a PhD program? Thesis write-up - not the research part of it. I know a few guys who did not complete their doctorates because of it.
@@bikenyThankfully the "document every line of code" is a bit less common now, but there is plenty of other things that are difficult to get through.
I hate writing reports man. Most boring part of hacking.
Really well explained video and it's amazing when he breaks down all the various tools he uses and how easy it is to be hacked with any number of those tools.
this dude really knows his stuff & just hearing him talk about some of the tools he uses and things he's done gets me excited
LOL
that means you're a beginner
and that's fine... we all start somewhere
but... TELL TALE SIGNS and all that
don't get me wrong,
Excitement is good and it gets you motivated
but one day you will look back at this comment and say to yourself
"i was stupid" LOL
we all do it
Out of the best videos I have seen on Wired. I hope to see a second part with that same guy. He is quite clear in the way he speaks and you can also tell he knows quite a lot 😃
I don’t know how you find these people but keep it up. Such great communication with so much to learn
he is verry famous and does conferences and talks all the time .
Google "Who is the number one expert in the field that I'm interested in" and then hire them.
he's given about 1000 talks at DEFCON
Looks like hes part of defcon, lot of notorious hackers go there
whats defcon?@@error.418
I love this guy so much! He explaining things in easy way as possible
Please bring this guy back frormore interviews. super interesting and a great speaker.
I’ve been a fan for a long time, read his book during my undergraduate studies. Clear, concise, and to the point.
How come your YT is verified with only 517 subs ?
Your comment that, Every employee is part of the security team, is something that will always be embedded in me now, thank you so much
Great video! Very informative and well explained, in plain terms. We need more videos like this!!
As a penetration tester, I can confirm this is solid information. Good high-level answers to every question.
High level answers explained in low level vocabulary as well.
the social engineering god himself. best talks of all time were done by this OG
If only more concepts were as quick and easy to understand as this was. I’m in cybersecurity wanting to branch out and this was the information I needed before I got started. Thank you
this info is available everywhere online lookup network chuck or david bombal
Please bring this guy back for multiple sessions! He's a great communicator with a lot of interesting insight and legit experience in cybsersecurity!
I’m not in the field of IT and watched this out of curiosity. He explained things so well and I understood a lot more than I thought I would! Really interesting!
The weakest part of your network is always the human element. Train your people on what to expect, and train them to raise the red flag when something seems at all suspicious.
I've been in this industry for 20+ years and even I've had pen testers get through my defenses. It was a valuable lesson: even a professional isn't beyond making mistakes. And it didn't happen again.
Treating them with common decency also helps since they will actually care what happens. You treat them like crap they won't care about their job and so won't take actions as readily if they see something wrong. It becomes a "not my problem" situation.
@@l33tninja1 100% !! Respecting your people is a must.
I believe the right thing to do if you catch someone with a "get out of jail free card" is to escort them back to a public area, and wait for the person that will actually release them. However, in a real situation, there is always the threat of violence.
Either that, or call your boss who should be high enough to be able to directly call whoever is apparently responsible for the unknown person.
Because as mentioned in the video, the numbers might be false and the answering party might give excuses why they can’t appear in person to validate the intruder, while the person you are detaining is putting pressure on you because you are costing the company precious time and money…
Call people?! Is it 1965 or something?!
@@halfsourlizard9319 yeah. phones didn't get tossed out in 1966.
Or what do you think that little rectangular device in your pocket is meant to be used for?
Glad they didn't call it as "This is Penetration Support ! " LMAO🤣
Amazing tech/test tool. This is the 1st time I see watch, pen that are actually a camera. Thank you for the content!
Dang that was a really good video! I have heard little snippets of what pen testers do but this was really good!
This is one of the scariest things I’ve seen about the times we live in!😳
ethical hackers hack so you dont get hacked if anything this is reassuring to know that there are more people like him than bad hackers out there .
Im not even a pen tester or "hacker" but I've always enjoyed Jayson Street's talks.
Lmao, a USB audit 😂
The single most interesting video wired has done in years. Great stuff!
As someone that works with InfoSec regularly, this guy is spot on. Thanks for this video, Wired.
'Penetration Testing' sounds crazy💀
Give this guy a show!
Making computer hacking interesting is no small task. I love his firewall analogy.
I clicked thinking I wasn’t going to be interested, but ended up watching the whole thing. Thanks- this was pretty darn cool!
I did learn something important ... don't mess with a skilled IT person . Be well .
Penetration Tester... They gotta figure out a new name for that profession.
We gotta ban any word that people choose to sexualize now? Penetration testing is the best description of what they're doing.
I personally like it better than "Hacker"
"Vulnerability documenter" just doesn't have the same ring to it.
How about “Penetrator”?
wait
Well, at least it's true, you test to see if you can penetrate computers. I prefer 'ethical hacker' or 'cybersecurity analyst' more though
I know Jayson personally, and he’s just an incredible human. So happy to see him here ❤
WOW great video!!! Always very interesting to ear someone with experience in the field !
This video is so concise, clear and relevant, that it really needs a 2nd part
Google him, his talks are not usually so technical.
@@aetch77 Thanks, will do
Awesome guy (you instantly feelhis passion about what he is doing) I love listening to him eventough its kinda scary !
how is it scary ? he hacks companies so that bad people dont .. its reassuring more than anything to know that there are more good hackers than bad ones
@@myname-mz3lo it's scary how easy some tricks are and how vulnerable everyone is.
That was really well done and easy to understand explanations. Ill show this to my family later cause you do a much better job explaining what I do in cybersecurity.
Mr. Jayson such amazing person to deliver the dangerous things that can be happen
If you're not already, you would make a wonderful instructor.
He does talks at a ton of cybersecurity conferences.
i remember there being a thing with apple's calendar. you could inject code when sending a schedule request, this wouldnt be a problem since you need to accept it first. but apparently if you send a schedule request for a date in the past, it automatically puts it in the target's calendar and it could run the code
More of this guy. He’s awesome
This guy does what I'm studying to do!! Appreciate this video
The expert, Jayson E. Street is a great communicator. Check out his talks, there's tons.
This guy is spot on. I want to be like this guy.
Very great episode! Even more people need to watch this. It shows how easily people could be taken advantage of. It shows how socal engineering tactics are so easily performed.
I'm a Security Culture Manager, and I'm so glad he said what he did about investing more in people. Spot on!
"I'm in"
this man is great!
he *said* you gotta say it *properly*
love how they still call it twitter, nobody wants to call it X lmaoo
I stumbled across an old spy video that had a unique spy gadget hidden in a belt. Even a tool made in the 1930's seemed so technologically advanced. It made me wonder just how crazy the spy/hacker technology must be today.
And this video made it clear: it's absolutely crazy.
Preach it, brother. Glad to see you talking about pentesting. Cheers!
Very cool and scary at the same time. Thank you
he is making things safer how is it scary lol ??
@@myname-mz3lo Because attacks happen constantly, every single day? I'm not scared personally, but you're talking like crime is a small-time problem. It's big.
@@myname-mz3lo its scary how few things you need to break into such high systems.
I cant believe that I'm a 38 year old mom giggling at "penetration tester"
Doesn't matter. Just let the giggle out. It feels good!
Wow you're beautiful for a 38 year old mom.
Aaaw...thanks mate :)
glad im not the only one lmaoo
This was phenomenal. My favorite back in the day was Hackers.
I’ve been an infosec pro for 20+ years, this guy was great.
A lot of good tools here, we use to make all of our own tools. One thing he didn't mention 95% of the telco rooms are outside the building and once you have access to the MPO/DMARC you have ultimate access to their phones and Internet access.
FYI - This guy is legit, not like some other names in the field.
What a cool and informative videos we need more of this guy
This guys still straight up in 2000 and I dig it
6:14 #MaxFosh managed to get into the major security convention in Las Vegas, with this trick among others. He wasnt detected. He. Snuck. In. To. A. SECURITY. Convention :D
Phishing is easy because people are gullible, even with training. My company provided anti-phishing training (in-person group setting) to our phone center employees. Two weeks later, our external security consultant conducted a phishing attack on that group and we had over a 20% fail rate. During training, we had even highlighted the type of attack the consultant planned to use and over 1 and 5 still fell for it.
Wait, so was it twenty percent, or one in five!?!? /Joke
I don't believe you…
@@blindbrad4719 Lol. Why would I care if a rando doesn't believe the truth? Nice troll.
@@Tom-ev4rg it was a pretty basic troll to BH, but considering your gullible remark I felt it had to be said 😂. Your story didn't surprise me though. I'd be willing to bet as well that the 20% that passed were already tech savvy before the training.
@@blindbrad4719 80% passed
Currently in college for Cybersecurity and I'm so glad this video came out. Honestly makes me much more excited to study this field more. Also was thinking of going for my masters in this field, is it worth it? I also would get certs along the way
absolutely
This is a gold mine. Thanks Wired!
Personally, I think people (students, employees, etc) should be subject to these sorts of simulated attacks more often.
Basically if they fall for some sort of phishing attack or whatever, they get a report saying that they were caught falling victim, what they did and how they can prevent it in the future.
Learned a lot! Great video, love the answers. This was so much more than I expected! Would love to see him answer more questions in future episodes!
Wow his analogy of an firewall being compare to a bouncer at a club was great! It was never put to me like that, granted I knew what a firewall was but his comparison makes it easier to understand.
So awesome to see one of my fellow pentesters on this channel!!