I worked for a utility company that had a pen-tester steal a company dump truck and remove it from their lot as well. But instead of parking it down the street, they parked it in a river. And instead of a pen-tester, it was a crackhead.
Physec is extremely important and very, very neglected usually. I accidentally discovered how important physical security is, whenever I was trying to do Sec+ on deployment in greece, and I just plugged into random network drops. That was interesting to say the least as I could access almost all of them :D
I shouldn't give away too many secrets, but one great way is to pretend you are a new employee and go straight to the break room to put your food away. There talk to whoever and ask them about basic office procedures. Tell them you need wifi access on your phone and offhandedly ask for the wifi password. Later eat your lunch and chat more people up. Great way to gain intel.
I would not tell you anything if I didn’t know exactly who you were… in fact because I didn’t know you I would ask you a lot of questions so you best be having a good legend just to get out without any intel
That's a great idea but you would still need to come up with at least basic credentials to prove you were a new hire . And then after getting past that point how do you manage to stay in the break room and chat people up ? At some point if any supervisor or management comes through they're going to wonder why the new hire is lingering around the break room , and start looking for who's supposed to be training you . it is standard business practice that even someone with a degree and certifications in a specific field still usually gets at least five business days worth of on the job training .
Gaining access to a printer room is often as good as getting access to the server room. Printers are often on their own switch which goes right into the main switch and then straight into the server. 🤣 Added: oh good, they tried this
Are they? I think they're usually hooked up the same as the rest of the network. Now, MOST of the network goes "straight into the server" - that's the point of the network - so that's still fine.
@@thewhitefalcon8539 a lot of offices have the printer room running a wifi device, a switch. Often with low security or at most an 8 digit password with "copy" "printer" as the password. Admin and 1234 are other good attack choices.
Fantastic episode, I really dig the whole social engineering and physical access by the red team. As a salesperson it’s probably just an extension of skills I have with a need to up the technical side of things to match.
You would be shocked how many parking lot gates only look for metal on the inside to open, but require a code to enter...unless you slide a cookie sheet under the fence...which even works at some airports, allowing you access to the tarmac.
This is one of my favorite episodes so far. Kyle was a great story teller and this is some actual Netflix heist movie shit haha. I do wish you had asked him more about the aftermath. I was really interested to hear what the heads of security thought about it all. Maybe you did and he just didn't want to talk about it, but just for future reference that would be a great thing to include in all the red team episode when possible. Fantastic episode!
Would be interesting to get someone on who works for a corp and hires the testers. A discussion on the deficits and corrections from the client perspective.
Jack you have completely changed my outlook on life and I absolutely love listening to your extremely informative yet captivating stories.. your on the level of rogan. Thanks for All your hard work!
I stumbled on you like 5 months ago and I lose so much sleep listening to these stories. I listen to them at night in a dark room and just visualize the story in my head. I fucking love it. These InfoSec stories I always love the most
The ones on pen testers are some of my favorite eps. Listening to these, I get the same feeling I'd have while watching mission impossible as a kid. What a job!!
Soo I work as maintenance for probably the biggest train company there is, they just built the high speed train in New York a few months back. So the main place where they put the train together is extremely high tech with guards and sensors and all that good stuff. But they also own a bunch of the sister companies like the one that does the HVAC system, and another one that does just the wheels. Comparing the main HQ to there sister companies is literally night n day. Nothing is locked up or behind any type of security whatsoever, both of the other 2 places that I do maintenance on both leave there server room doors propped open with a box of paper and a note on the door that says "do not close door under any circumstances, AC is broken" and of course there is absolutely zero cameras located inside or even outside the buildings. On top of all that they all stay signed into there computers and most if not all have there company username and pw written on sticky notes stuck to there computer. It's legit like they're stuck in the early 2000's and security is truly an after thought, if even a thought at all. Ungodly amounts of the newest highspeed train equipment and plc's just sitting out! They literally didn't know how to lock the push to exit door on the back of the building to they just left it open for years! I've tried to tell them that they need to beef things up but bc im a low level maintenance guy with no security certs, they basically look at me like im trying to tell them how to do there job! If they ever hire someone that's not such a "good person" lan turtles n rubber ducky's all day everyday! It truly kills me to see how they treat there server rooms and company computers. How the HQ can literally be flawless with pristine white floors in a facility where they literally building the future of highspeed travel/delivery, security cameras and guards everywhere, Our Governor visited a few months back bc it was such a big deal, and yet... the little sister companies in the background who are doing majority of the work are left to the wolves, and there definitely not hurting for money bc when they won the contract to build the new highspeed trains it also came with a massive paper check with a big 1.4Trillion written on it, which also just lays on the floor in the big mans office so theres no excuse anymore. I've never told anyone or have ever posted this anywhere on the internet, but after listening to this pod, I had to unleash! And to all the possible commenters i'm already a convicted Felon so no i will absolutely not commit another one! Truly sry for the long rant Jack but goddamn this pod got me worked up. Love your videos man, keep on keepin on!
What also shouldn't be, is this channel being so damn underrated. I'm embarrassed to say, I just discovered the channel today. Please keep going, and I'll personally sue TH-cam if you don't get a million subs within 2 years.
The guard should not question them . He should call the company to see if they belonged there should have been a call number. Guards don't get paid much, they should not be placed in a serious situation. The police could be called if they didn't belong. Guards very seldom have any personal protection.
If you really know how to pick locks you can quickly tell if you're doing it correctly and which pins are set and how close you are to opening it. These guys just know the most basic info about picking where they just randomly move the pick in and out lifting pins hoping it works. That's basically how you open a Masterlock but not a decent lock
41:35 One use for spare phone is to have your other phone on speed dial, so you can put your hand into a pocket, trigger the call and answer it, then walk by if you are cough doing anything suspicious. People generally try to avoid interrupting you if you are on the phone so it might work for some people to distract them enough to let you leave and not pursuit further, or least lets you get outside of the door far enough to just make run for it, avoiding capture non violently.
I program fire alarms and access control systems. I am pretty sure that open ceiling above the server room door is against fire code, depending on the state of course. It should have a fire break rated for at least 2 hours and fire caulking around any pipes or wire going in and out the room. It would also prevent people crawling over the door...
I work for an architectural company and most Electrical and TER rooms typically have rated walls that ALWAYS go from the floor to the underside of the floor above for fire purposes. When the walls don't go from the floor to the underside of the upper floor it's typically because it's an office building. And the second building this guy went to was probably a converted office building that didn't get the proper renovation budget when it was taken over.
I had access satellite views back 20 years ago. Website was called Terra-Server All lf a sudden one year access was locked out to the public. Dunno if it was related to 9-11
This should be a TV show its super interesting to hear this stuff. I have a little experience with sort of thing I know what a lot of the things look like a how too use them but would never have thought to use them in this sort of way. Super interesting
When they left the original site wouldn't that blow their cover before they got to the next site since it was in a totally different state and site? They moved all the company vehicles and left the keys inside. So I'm just wondering how that being found didn't blow everything up before they went to the 2nd and 3rd site.
I visited a Motorola office many years ago, The USB ports were physically blanked off with metal sheet. There was a notice not to bring a USB. One of the people made sure I stayed in the same place till I was collected. Obviously I could not examine the back of their machines but I would not be surprised if any cables were hard-wired.
Dude I love your videos, I have been listening nonstop. You actually have quite a bit wrong when explaining lockpicking. If you are interested I could explain it a bit better. I dunno, maybe you have learned more since recording this, but if you're interested in learning just let me know. Or come by the lock pick village at Defcon or Shmoocon and Ill teach you in person😊
I didnt know this was a job until earlier today... me and my friends used to do the same thing (minus the stealing) just for fun. You know going to places we arnt suppost to go, trying random doors, finding servers (again when we found them we didnt really do anything with them)
How do I get this job. This sounds insanely fun. And also, picking locks is actually much easier than you would think. You can pick up a starter kit for like 50 bucks. And you get a transparent lock so you can see the pins and what you need to do
good people work for these companies and breaches like these dont ever cross their minds so ofcourse you a firm of reformed hackers are gonna find breaches ... but good for the company taking the inatiive to fortify security
I love how my city protect its water plant with no security. Feels safe. * I figured out that if someone put alimentary die in the water it would ring alarm bells but I'm not the one who's going to test the legality of this measure. I wrote a email to the city instead. Kinda lame I know.
One of my old battalion chiefs at the fire department i used to work for used to do penetration testing on the side (firefighters learn a lot about forceable entry/getting through locked doors so we can rescue people inside, so physical pen testing is a fairly common side job). He talked about on one job at a water bottling facility, they dumped a few containers of "Tang" (old shitty orange-flavored drink powder) into the supply for the facility, and it turned into a massive shit show lol. They expected it would just contaminate a few hundred bottles of water and they'd have to throw them out, but they ended up having to completely shut the facility down and tear all the equipment apart to clean/decontaminate it 😳😂
So timely I listen to this amazing story when there are attacks on substations happening - albeit rather crude ones and hopefully done by clueless idiots filming it on cellphones...
I worked for a utility company that had a pen-tester steal a company dump truck and remove it from their lot as well. But instead of parking it down the street, they parked it in a river. And instead of a pen-tester, it was a crackhead.
🤣🤣
he just wasn't getting paid to show security flaws
😂😂😂
You'll never get a better (physical) pen-tester than a crackhead.
same-same
i love these physical pen test stories. Id love to do this as a job one day.
Physec is extremely important and very, very neglected usually.
I accidentally discovered how important physical security is, whenever I was trying to do Sec+ on deployment in greece, and I just plugged into random network drops. That was interesting to say the least as I could access almost all of them :D
I shouldn't give away too many secrets, but one great way is to pretend you are a new employee and go straight to the break room to put your food away. There talk to whoever and ask them about basic office procedures. Tell them you need wifi access on your phone and offhandedly ask for the wifi password. Later eat your lunch and chat more people up. Great way to gain intel.
😳😳😳😳
I would not tell you anything if I didn’t know exactly who you were… in fact because I didn’t know you I would ask you a lot of questions so you best be having a good legend just to get out without any intel
That's a great idea but you would still need to come up with at least basic credentials to prove you were a new hire .
And then after getting past that point how do you manage to stay in the break room and chat people up ?
At some point if any supervisor or management comes through they're going to wonder why the new hire is lingering around the break room , and start looking for who's supposed to be training you .
it is standard business practice that even someone with a degree and certifications in a specific field still usually gets at least five business days worth of on the job training .
Ah yes, good old social engineering. One of the most deadly forms of pen testing. Lol
@@jwinnfield9192 that’s you, just like the security guard in the video not everyone will think malicious or be suspicious
Damn you're SOOOOOO productive, one of the most productive podcast out there, and also with top quality! Thank you Jack!
it's npr
Gaining access to a printer room is often as good as getting access to the server room. Printers are often on their own switch which goes right into the main switch and then straight into the server. 🤣
Added: oh good, they tried this
Are they? I think they're usually hooked up the same as the rest of the network. Now, MOST of the network goes "straight into the server" - that's the point of the network - so that's still fine.
@@thewhitefalcon8539 a lot of offices have the printer room running a wifi device, a switch. Often with low security or at most an 8 digit password with "copy" "printer" as the password. Admin and 1234 are other good attack choices.
Fantastic episode, I really dig the whole social engineering and physical access by the red team. As a salesperson it’s probably just an extension of skills I have with a need to up the technical side of things to match.
The best source for cool and interesting stories around the tech space. Good stuff!
I'm debating on whether to get to work on time, or finish this episode in the car and show up late 🤔. Thanks Jack for another awesome episode 👏
What did you decide?
@@Rubeneides246 I clocked in on time and finished the episode on my phone before starting work lol. Well worth it!
@@JAY.ARE47 4D Cheese player right here.
@@SpragginsDesigns Hopefully not Swiss... it can be difficult to explain away all the holes in your story if they catch on.
Your priorities are F’d
You would be shocked how many parking lot gates only look for metal on the inside to open, but require a code to enter...unless you slide a cookie sheet under the fence...which even works at some airports, allowing you access to the tarmac.
You comment alot. I award you with the first most comment award. That'll be five dollars please.
@@banonymous404 here is -$5 dollars.
@@hicknopunk lmao
@@banonymous404 so scary it works tho 😱
This is one of my favorite episodes so far. Kyle was a great story teller and this is some actual Netflix heist movie shit haha. I do wish you had asked him more about the aftermath. I was really interested to hear what the heads of security thought about it all. Maybe you did and he just didn't want to talk about it, but just for future reference that would be a great thing to include in all the red team episode when possible. Fantastic episode!
Best podcast ever! I always can't wait for the next episode You're the only reason why I check TH-cam everyday!
Would be interesting to get someone on who works for a corp and hires the testers. A discussion on the deficits and corrections from the client perspective.
Jack you have completely changed my outlook on life and I absolutely love listening to your extremely informative yet captivating stories.. your on the level of rogan. Thanks for All your hard work!
"Snowball the loot" my man is definitely a gamer
Tarkov most definitely
@@thorrzyrorust is more likely
Just when I was looking for good content on TH-cam. Instead of endlessly consuming "meh" content, you pull me back in.
I stumbled on you like 5 months ago and I lose so much sleep listening to these stories. I listen to them at night in a dark room and just visualize the story in my head. I fucking love it. These InfoSec stories I always love the most
Another great story!! Love the time you put into this!! 🙏
Your content is so underrated. The work that you put in and your narrations are awesome. Just waiting for your channel to blow up.
The ones on pen testers are some of my favorite eps. Listening to these, I get the same feeling I'd have while watching mission impossible as a kid. What a job!!
This is by far the best hacking story I have ever had the pleasure to enjoy.. beyond incredible 👏
17:27 snowballing the loot, my man plays rust, confirmed
on a more serious note, how would one go about getting a job like this, I used to be a squatter, getting into buildings isn't really that hard for me
Dude what a crazy story.. good entertainement, thanks!
I bet that security officer got the best damn pizza party after all that.
I’m obsessed with your Pentest stories!!!!!! Awesome!
I can't get enough of these stories, thanks!
These videos are so high quality. You absolutely deserve more subscribers.
Soo I work as maintenance for probably the biggest train company there is, they just built the high speed train in New York a few months back. So the main place where they put the train together is extremely high tech with guards and sensors and all that good stuff. But they also own a bunch of the sister companies like the one that does the HVAC system, and another one that does just the wheels. Comparing the main HQ to there sister companies is literally night n day. Nothing is locked up or behind any type of security whatsoever, both of the other 2 places that I do maintenance on both leave there server room doors propped open with a box of paper and a note on the door that says "do not close door under any circumstances, AC is broken" and of course there is absolutely zero cameras located inside or even outside the buildings. On top of all that they all stay signed into there computers and most if not all have there company username and pw written on sticky notes stuck to there computer. It's legit like they're stuck in the early 2000's and security is truly an after thought, if even a thought at all. Ungodly amounts of the newest highspeed train equipment and plc's just sitting out! They literally didn't know how to lock the push to exit door on the back of the building to they just left it open for years! I've tried to tell them that they need to beef things up but bc im a low level maintenance guy with no security certs, they basically look at me like im trying to tell them how to do there job! If they ever hire someone that's not such a "good person" lan turtles n rubber ducky's all day everyday! It truly kills me to see how they treat there server rooms and company computers. How the HQ can literally be flawless with pristine white floors in a facility where they literally building the future of highspeed travel/delivery, security cameras and guards everywhere, Our Governor visited a few months back bc it was such a big deal, and yet... the little sister companies in the background who are doing majority of the work are left to the wolves, and there definitely not hurting for money bc when they won the contract to build the new highspeed trains it also came with a massive paper check with a big 1.4Trillion written on it, which also just lays on the floor in the big mans office so theres no excuse anymore. I've never told anyone or have ever posted this anywhere on the internet, but after listening to this pod, I had to unleash! And to all the possible commenters i'm already a convicted Felon so no i will absolutely not commit another one! Truly sry for the long rant Jack but goddamn this pod got me worked up. Love your videos man, keep on keepin on!
I love your stories...any time of day. Whether before bed or to wake up to. Your an amazing story teller. Keep it up.
Absolutely love your stuff Jack keep it up ☺️
What also shouldn't be, is this channel being so damn underrated. I'm embarrassed to say, I just discovered the channel today. Please keep going, and I'll personally sue TH-cam if you don't get a million subs within 2 years.
The guard should not question them . He should call the company to see if they belonged there should have been a call number. Guards don't get paid much, they should not be placed in a serious situation. The police could be called if they didn't belong. Guards very seldom have any personal protection.
arent some gaurds armed these guys could stop a bullet as they reached in for the get out of jail free letter?
If you really know how to pick locks you can quickly tell if you're doing it correctly and which pins are set and how close you are to opening it. These guys just know the most basic info about picking where they just randomly move the pick in and out lifting pins hoping it works. That's basically how you open a
Masterlock but not a decent lock
LPL's Masterlock bashing seems to spread to other channels. :)
41:35 One use for spare phone is to have your other phone on speed dial, so you can put your hand into a pocket, trigger the call and answer it, then walk by if you are cough doing anything suspicious. People generally try to avoid interrupting you if you are on the phone so it might work for some people to distract them enough to let you leave and not pursuit further, or least lets you get outside of the door far enough to just make run for it, avoiding capture non violently.
I hope the workers at the end that boxed them in got a bonus of some sort
I program fire alarms and access control systems. I am pretty sure that open ceiling above the server room door is against fire code, depending on the state of course. It should have a fire break rated for at least 2 hours and fire caulking around any pipes or wire going in and out the room. It would also prevent people crawling over the door...
I work for an architectural company and most Electrical and TER rooms typically have rated walls that ALWAYS go from the floor to the underside of the floor above for fire purposes. When the walls don't go from the floor to the underside of the upper floor it's typically because it's an office building. And the second building this guy went to was probably a converted office building that didn't get the proper renovation budget when it was taken over.
" brake master cylinder" That's a classic name😅
Was glad to find somebody comment about this again.
I am thankful i found you jack, i just found out how addicted i am to your content great job
Good God was there ANY security at all??? 🤦There is going to be a TON of training to be done ✔. I hope the union jumps on this too!
Most locks I've picked are counterclockwise
ahhhh perfect timing for late night coding
Great segment as always, Jake!
I had access satellite views back 20 years ago. Website was called Terra-Server
All lf a sudden one year access was locked out to the public. Dunno if it was related to 9-11
Great Podcast. The Host’s knowledge of lock manipulation is . . . different.
Security Companies and Guards vary widely.
Lock picking is normally pretty fast tbh. Since most locks are shitty.. and osint will help with your lockpicking
So make sure you choose a decent lock or you’re fucked
Best podcast out there! Great content Jack
This should be a TV show its super interesting to hear this stuff. I have a little experience with sort of thing I know what a lot of the things look like a how too use them but would never have thought to use them in this sort of way. Super interesting
We need more of Kyle’s stories
He was doxxed, dude just makes up stories.
Love this channel
I always wondered the value of hiring a red team. Turns out there’s more to it then finding holes. These guys went on a dam Easter egg hunt.
When they left the original site wouldn't that blow their cover before they got to the next site since it was in a totally different state and site? They moved all the company vehicles and left the keys inside. So I'm just wondering how that being found didn't blow everything up before they went to the 2nd and 3rd site.
Probably the 1. Place got a message, that car thing should not be brought up
New here. Man, you could be on NPR. And I mean back when they were actually good.
I visited a Motorola office many years ago,
The USB ports were physically blanked off with metal sheet. There was a notice not to bring a USB. One of the people made sure I stayed in the same place till I was collected.
Obviously I could not examine the back of their machines but I would not be surprised if any cables were hard-wired.
I'm only 45 seconds in and I'm already loving this episode!
Dude I love your videos, I have been listening nonstop. You actually have quite a bit wrong when explaining lockpicking. If you are interested I could explain it a bit better. I dunno, maybe you have learned more since recording this, but if you're interested in learning just let me know. Or come by the lock pick village at Defcon or Shmoocon and Ill teach you in person😊
Bob's Burgers does security! 😂 as a new information security guy, this is crazy!
Here's your spaghetti code - now give me my bowl back...
Can anyone explain what do they mean when they talk about Dropbox? Is it a way to get into the network?
This was great
Thanks for you content and the work that goes into it
Probably open a lot of those office door locks with a comb and a tensioner 😂
Probably could even use an old tampon
I would need to get my random anxiety under control to be in tune with the act of being a pen-tester who acts like a bad actor but in good faith.
Good ol Keyhole was a very nice program that was basically the precursor to Google Earth. And still is massively used by the gov. ;-)
Lovely amazing productions
Spotify should sign this man
He stays calm and relaxed because there are no consequences for him.
Awesome Jack
great story!
This was a very entertaining episode!
Jack, you should podcast Live while breaking into a building and doing recognizance.
Hold tight Rhysider in the mix. ENTAAAA!
Really like this program- can you make a list of movies that are similar to this. I love to watch some movies on this
I didnt know this was a job until earlier today... me and my friends used to do the same thing (minus the stealing) just for fun. You know going to places we arnt suppost to go, trying random doors, finding servers (again when we found them we didnt really do anything with them)
This sounds like the coolest job ever
So physical penetration testers are basically real life Guybrush Threepwood, nice.
👀 Secret midnight Jack posting
37:15 After this video I hope you looked up the famous and humble LockPickingLawyer
How do I get this job. This sounds insanely fun. And also, picking locks is actually much easier than you would think. You can pick up a starter kit for like 50 bucks. And you get a transparent lock so you can see the pins and what you need to do
Though this is a country where people go armed to Walmart....
@@yangtse55 people should be armed everywhere they go
The "I commit felonies" username caught me off guard after the awesome story. lmao 😂
Edit: looks like he's suspended from twatter
this is hilariously good 😆👍👍👍😘😘😘
Technically speaking, they did not lie to the guard when they said they are working. 🤦🏼
Their fence perimeter sucks bad, that needs work ASAP! To hear physical and tech breaches, B R U H !
"Snowball the loot" this guy for sure is a rust player
Just realised Darknet Diaries is also on Spotify after I tried to go to the twitter handle mentioned at the end, this episode is from 2019..?
good people work for these companies and breaches like these dont ever cross their minds so ofcourse you a firm of reformed hackers are gonna find breaches ... but good for the company taking the inatiive to fortify security
midnight...wtf.....ok...let's go..
9am here ^^
Posted around 3am for me.
Hahahab let's go!! I'll replay it again at work lol
I love how my city protect its water plant with no security. Feels safe.
* I figured out that if someone put alimentary die in the water it would ring alarm bells but I'm not the one who's going to test the legality of this measure. I wrote a email to the city instead. Kinda lame I know.
One of my old battalion chiefs at the fire department i used to work for used to do penetration testing on the side (firefighters learn a lot about forceable entry/getting through locked doors so we can rescue people inside, so physical pen testing is a fairly common side job).
He talked about on one job at a water bottling facility, they dumped a few containers of "Tang" (old shitty orange-flavored drink powder) into the supply for the facility, and it turned into a massive shit show lol. They expected it would just contaminate a few hundred bottles of water and they'd have to throw them out, but they ended up having to completely shut the facility down and tear all the equipment apart to clean/decontaminate it 😳😂
Drinking game> take a shot every time you visibly roll your eyes.
What did he do this time his twitter got suspended.
I been bingein
Me to 🥸
Saved. To. Favorites.
Site 1 sounds like ComEd (power utility formerly Commonwealth Edison) owned by Exelon Inc
Our world really is the matrix, some rules can be bent, others completely broken.
I hope the security guard who rumbled them got a bonus and a promotion and a free holiday ! (and the rest got fired)
They fixed alot vulnerabilities or all vulnerabilities?
awesome episode
Thnx for not bowing down to youtube my man
What does he say at 40:57
Roof baiters? Can't understand exactly what he says here
Something to do with keeping persistence
Pretty sure he says 'rootabega' like the plant name used to make a hacking device but I'm not seeing anything but recipes
So timely I listen to this amazing story when there are attacks on substations happening - albeit rather crude ones and hopefully done by clueless idiots filming it on cellphones...
And another week of silence
great video