DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)

As a pizza hut driver, I can confirm how easy it is to get past security. As long as you seem like you're supposed to be there, 19/20 times no one will stop to question you.

As an Air Conditioning mechanic with a very nice uniform and tool pouch, with appropriate name badge and company logo I was admitted to some of the most secure sites in all of
Southern California, including IBM. and several federal buildings. I was only asked to produce Identification one time and that was an FBI site. The front desk would take one look at me and I would ask to speak to the building manager who would then escort me to the server room and rooftop where the equipment was. That FBI site was very different, as I was escorted by someone with a little hand held siren and flashing light. As we walked down the corridor to the server room I watched doors slamming shut as we approached within 20ft. So cool.

Im a delivery driver and Ive had people let me into secure locations to complete a delivery. I carry a box to a door near the smoking area. Almost always, someone will see you with your hands full and offer to swipe their card and let you in.. Saves me tons of time

I work in childcare and this is so important. We have pissed off so many parents and grandparents just because we had never seen them before or because they aren't on the enrolment forms. The only thing worse than someone stealing data is someone stealing a child. Constant vigilance!

I used to work for a high speed cable & connector manufacturer in the design division. Not long after I started, I was offered & accepted a slot in the ITAR team. ITAR, basically is the military equipment systems (I was offered the position because I was really good with 3D design & concept modeling, and I am a veteran, so they figured getting a security clearance wouldn't be an issue & would process quickly. Which it did). Immediately after getting approval to work on ITAR projects, I requested a monitor filter so only I could see my screen, or rather you had to be directly in front of it to see it and turned my monitor so people passing by my cubicle couldn't see my screen. I also locked up my cabinets & drawers every time I stepped away from my cube. And, never left papers laying around and until I memorized passwords, I kept the notes in my pocket in a small notebook or in my wallet. Now.... the funny thing is, my diligence on security frustrated other designers & engineers because they couldn't just swing by my cube and rifle through my desk and hand to stand behind me when going over 3D CAD models. My standard answer to their bitchy little rants to me was, "well I'm working on ITAR, and I'm not going to risk my security clearance or the company's ITAR certification because we regularly have foreign nationals in the building, for your convince. I take security, seriously". That usually shut them up, and I even saw a few engineers loose their ITAR cert after complaining to management about my personal approach to security (really I was just following the rules), because they didn't take it seriously.
I've known about your profession for a long time and always thought it would be cool to do what you do. Cool video. Thanks for sharing your thoughts and knowledge. Keep up the great work. 😎👍👍
Semper Fi 🇺🇸

Once upon a time, I worked for ups. I can guarantee, that when confronted with authority or a developed sense of trust/ignorance, individuals will cave and allow access to sensitive items and information. Also, many individuals are dumb as hell with no sense of security and will often ignorantly leave sensitive locations open with no security. I once delivered a package to a company that consisted of an office and warehouse. Upon coming to the location, I walked in the front door, saw no one, proceeded to venture through the building walking into multiple offices and into a warehouse with hundreds of thousands if not millions in product, I then walked into the security office, found a name badge and dropped the package off under his name.
Don't worry though, I did walk off with some loot. I managed to steal two water bottles out of the fridge like a freakin smooth criminal.

I remember waiting for an interview one time at a financial company when a lady walked up and asked if I was the IT guy that was supposed to be there an hour ago. Out of curiosity I said yes, and was taken to the server room and left alone with a list of things to fix, and a list of server credentials. After I fixed the problems I took the list to the manager and explained I was there for an interview, but fixed all their IT problems. I got kicked out and threatened with legal action. Got a phone call a week later when their system went down and their IT guy wasn't answering. They've been an on call client since then, and because of that occurrence I ended up deciding to run my own IT support company instead of working a desk job.

Security companies HATE him, See how one man got past million dollar security with just a pen cap!

" I hate when they steal my stuff that I stole " best part

It’s amazing that even this talk is 10 years old, it’s still relevant. Says a lot about the evolution of physical security.

Honestly, one of the most secure places I worked at was a small engineering firm. You know why? There were 10 employees, one IT guy, the door required you to walk past the nosiest office admin in the world, and the UPS guy was the same every time. Everyone knew every time work was being done in advance, and when people from the parent company were coming, and the only flaw I saw was that the bathroom was right next to the 3D printer room, but that had glass doors in a high-traffic area, so anyone could see if someone was in there. The door badges were separate from the alarm, which everyone had a different code for, and both reported to the security log on who opened or deactivated what and when, which the office admin regularly checked. I'll admit that I memorized a senior coworker's alarm code when I started, but that's only because my code hadn't been working, and everyone knew that.

An alert and educated work force is truly dangerous. They might realize how bad they're getting shafted.

He's so right about management being reactive and not proactive. I work security for a building in a major city, and our contractor network has so many holes in it that basically anyone with a hardhat, reflective vest, and a clip board could slip through unnoticed at any time of the day or night. When we mention it to our management, one of us gets written up or fired, and the problem continues. They do the bare possible minimum by terminating contracted employees rather than actually admitting fault and fixing the issue.

Hahahaha. Employees that get treated like shit aren't going to care about some companies financial security.

I was a touring lighting director with a band for 23 years... I could walk past venue security *_every_* time as long as I had some badges on a lanyard, a roll of gaff tape in one hand and a scowl on my face...

You can go just about anywhere with a clipboard and confidence. I went into the reactor building when the Crystal River nuke plant was running. Walked all around, took pictures, and left. I walked right past the guard at the door. Drove a 30 foot crane truck up to the door. I had a work order for FL power but I was at the wrong location. I went in looking for a supervisor. Never found one so figured this is cool, I need photos.

I used to work security at a factory that had defense contracts.
If you came in without a badge, you parked in visitor parking, signed in with me (didn't need ID) and then signed in at the main office where they would check your ID.
Just walk in, "Where is your restroom" and off you go.... or just not go into the office. We only had one guard at each gate, and guards were required to stay at the gates.
Trying to describe one person to someone else after you have seen 5 other people since seeing them will limit your ability to describe them in detail.
Trying to track that person down when you only have camera's at gates, is laughable.

I'm not a hacker or a tech guy of any measure, but I'm so glad I clicked this video. It was eye opening!!!!

I'm not even in security and I loved this talk. Hilarious delivery. If things don't work out for Jayson in security, he can always do stand up.

Best job in the world, common sense levels OVER 9000!!!! hotels, banks, and so many other establishments truly do need to empower their employees, obviously teaching ground level security, but also recognizing that nobody working 40-60 hr work weeks for $20,000 a year has a vested interest in the security of the company and that includes the security at the front gate. People that work 6 or 7 days a week are too engrossed in thinking about how to keep on the damn lights, to ever have the thought, "why's that guy been in the bathroom for 2 hours?"

Wow, this dude's fucking hardcore.

The comments about creating competition amongst employees is bang on the money. I'm not in IT, just retail, but when you put everyone together doing the same job, we work faster. Seperate us, and less gets done because you're not subconsiously trying to beat someone. Seperating people also means the genuine slackers will be able to get away with slacking off, because their co-workers aren't watching them.
Years ago we had a team competition to find the most mis-picks: all stock arrived from the warehouse with a picking label. If the label didn't conform to what the product actually was, we removed the label, wrote the correct product reference # on it. Whoever got the most mis-picks at the end of the month (adjusted for hours worked) got a _paid shift off_. Management saw that as a cost, so they stopped us doing it. Result? Stock control is out of control, because no one is checking the stock, and the six-monthly stocktake is a nightmare. What was costing them a few hundred a year now costs tens of thousands in 'unknown losses'.

Security officer here. I agree entirely with the contents of this video... physical security penetration is not difficult at all, and usually involves manipulating the inherent human desire to trust others.
The biggest key to security is to *LEARN HOW TO SAY NO AND OWN THAT DECISION.* If you go into an interaction with the goal of verifying identity, *DO NOT LOSE SIGHT OR BACK DOWN UNTIL YOUR OBJECTIVE IS COMPLETE.* A penetrator's objective is to deflect your attention or turn the encounter around on you. They accuse you of being unprofessional or rude; outright ignore these accusations. Remain professional, repeat your question until they acquiesce or leave.
The average person like to be helpful. No one enjoys confrontation except a deviant. Breachers like to threaten consequences to manipulate both aspects. But few employees realize that it's possible to remain professional AND tell someone no. It's a difficult skill to teach in new officers, so imagine how hard it is to teach frontline employees the same thing.

Just a guess: a lot of this might be harder with smaller companies, where people have a better chance of knowing what's going on around them. Where everyone kinda knows eachother, and they don't feel like just a cog.

I actually had a stranger walk up to me in a non-public area at work and ask if he I have the keys for our delivery truck, mumbling something about being a friend of the boss. (While I had a guess that they might be lying around in plain sight just 10 meters from us, I send him to the office and ask there.)
Turned out he really was a friend of the boss, who had offered to sell the truck and told him to come buy and take a look at it. Such things really happen, which makes apparently stupid lies feel actually plausible.

"Look, I stole your shoelace, and tied a coffee cup to the end of it. Now I've got a deadly weapon."
This is Star Wars Kid grown up.

You know, it's these kinds of talks that should blow up in the millions.
People don't even need to watch the entire talk, people just need to be aware of the fact that there IS a possibility of a security flaw.
As much as they make it seem, people aren't stupid.
All they need is a what, the who, why, when and where will follow shortly after.

nothing he said sold me on his claim that he's a bad guy more than his open admission that he drinks diet pepsi.

Install a million dollar security system, contract with a security company that pays $11.50 an hour.

When I was eighteen, I got a job as a laborer at one of the main Midwest railroad terminals. I soon discovered that my work clothing was disguise enough to let me wander over the entire yard unchallenged. In college, I stuffed the strike plate in the rear door of the field house with toilet paper to keep the latch from engaging, and snuck in to use the weight equipment after hours.

Working in the hotel convention industry for 20+ years, I have learned that if you pretend that you Belong There, you will probably get in. I've done it many times. True story ✌️

"Or seven minutes of uncomfortable silence, your choice" this guy kills me

"I'd rather get a thousand false positives because at least I know they are actually thinking about security." Great ideas here. Funny because a lot of the "pro" security guys who spend hours a day double checking all their code-based defenses would be put out of work by employees who just follow basic protocols and think about security for themselves.

Regular security awareness training for ALL employees is essential. With realistic tests. One office I worked in lost a couple of dozen desktop PCs (including screens/keyboards & mice). two men in warehouse coats and a trolley just walked in unchallenged and took the computers.

2018 - We received an e-mail recently telling us not to STORE printouts with confidential information IN TRASH CANS (we all have locking file cabinets and we have a shredder on every floor.)
After someone hammered the lock (from the outside) and broke the panic bar on the outside stairwell door, they replaced the door,,,12 months later. During that time they put a sign on the door telling the employees to make sure the door closed behind them. This door is six feet from the server room door. We are a billion dollar organization, yet it took them a year to fix an external security door....

I work as a fork truck technician, and the amount of times I've accidentally went to the wrong warehouse (since a lot of industrial parks have warehouses grouped together and subdivided) and they literally let me walk the facility looking for the particular brand of trucks I service is astounding. I was literally able to pull my service van directly into a facility which processed / stored ammonium nitrate. We're talking about a quantity that would make Timothy McVeigh blush. Coincidentally one of the most secure facilities I've ever been to has been a factory that makes PVC siding for houses. You were not allowed to even come inside without an escort, you had to turn in your electronics before servicing a truck, and your van was thoroughly searched before leaving the property. I understand that in a lot of these places the employees simply want to be helpful, but there are tons of bad actors out there who are looking for exploits, and that's to harm others / commit corporate espionage.

Weird...same thing ahppened to me in a Hxxx Kxxx Police Station when I went to report a theft. I couldn't find that dang bathroom for ages. Found the evidence room, but.

the Kenny Powers of office security

The problem in security is usually somewhere between the keyboard and the chair. Every time.

This reminds me of one time when I was at a supermarket and two suits (owners) were right next to me talking about investment (and one employee also 1 meter away) and I absent-mindedly put a pack of gum in my outside jacket pocket in order to hold down some items while I opened a refrigerator section door. Only noticed I had it by the end of the day when I took my jacket to get home (went back and explained to the cashier and paid them). Even if unintentional, somehow I had stolen goods right in front of the owners and they didnt even notice it. I think it was likely because of how natural I did it while holding other stuff, which I guess goes a long way. This guy acts naturally, and that throws people off.

wish this guy had more videos, talks, etc... so good.

It's like 3am and I havnt slept in a couple of days but I want to hear more from this guy! He's awesome!

I worked as an RN, very few hospitals ever offered enough lockers or other secure place to put a purse, or even a set of car keys. Even after having an employee steal, and outsiders come in and take purses, no action was taken, three different hospitals.

I was an Officer of the Crown, who was employed by the Parliament and the Government of the Commonwealth of Australia, attached to the Australian Department of Defence, embedded into the Australian Military (chiefly although not exclusively the Australian Army).
At one Time I worked in an Office alongside an Army Captain.
He had a Large Safe for the Storage of Classified Documents.
He was the only person in that Office who was Officially Aware of the Safe’s Combination.
He had to go away on a Course, so he told the Combination (Three Numbers) to a Lieutenant who was to cover his Duties whilst he was away.
Monday morning the Lieutenant tried Five Times to Open the Safe before giving up and walking away to get the Major, (the Captain’s Boss) who was also aware of the Combination, to come and try to Open the Safe.
When they walked into the Office, the Safe was Open (I had Opened it).
The Major immediately asked “How?”.
I answered “Simple. The Combination is written (in Indelible Ink) on the side of the Safe facing Me. This is the Combination which the Safe had, when it was Delivered Five Years Ago and which despite Security Regulations requiring it to be Changed every Three Months, has never been Altered”.
“And the Reason why the Lieutenant couldn’t Open the Safe, knowing and using the Correct Combination is because the Lieutenant is Left Handed and views the Number Alignment from a Left Handed Perspective rather than a Right Handed Perspective as per everyone else”.
Security Branch upon being advised of My “Unofficial” Opening of the Safe, simply commented “Typical. That Man always Knows far more than he ever lets on” and took no further Action.
When the Captain came back from his Course, he had to learn a new Combination in order to Open his Safe (one which I didn’t Know, well not Officially).

One of my favorite Defcon talks, at least one of the most interesting.

This guy is good; another one of those people I'm glad is on our side!

"I don't care about an ISO unless it's got linux on it" I cant tell whether that's a compliment to linux or an insult

i love how this showcases just how safe and unsafe we all truly are. we could be infiltrated/hacked/poisoned etc... everyday, but we arent... wonder why that is. because not everyone or even the majority of people WANT to attempt to do these things. most just want to exist and be happy and enjoy life as much as possible.
good wolves need to unify and take out the bad wolves lol

Remember the kittens

"unless you pay me" - lol

a was attending a school one day a guy in hawaiian themed t-shirt and says i'm here to pick up a computer. he wasn't even questioned he was escorted to where we had the spare laptop pc's.

A uniform, no matter the uniform is ridiculously powerful, nobody questions it.
I was a Delivery driver for a couple years and I laughed at how easy it would be to get into places. I walked up, said I had an order and the gates would open right up. Then go wherever I want from there. I remember delivering to a hotel once and just walking to the counter and telling them to page them and she just said "Oh she's in room 111". I've walked into employee entrances because I wasn't real sure what else to do other than that and the security guard let me right in. Same with several other companies, with my own chaueffer

Title sounds like an average session in EVE Online. :D

27:20 Back at a corporate lawfirm i worked for, their shreading was done out-of-house, they had these locked wheelie bins that anyone could put paper into through it's post-box style slot, they'd get taken away every day/week/month/dunno. Seems secure enough.
But now that i think about it... these locked wheelie bins were put right next to the service elevator doors (ie: deliveries). Any delivery man could walk out with one of those wheelie bins. Whoops

That is one of the best talks I've heard. He did a lot of preparation for that presentation regarding it's content. That was simply awesome.

I always loved re-listening to this Defcon talk. Just myself working as a Technician this hits hard as I've seen many people just get "let in" to areas because they "look like they should be there". This has always urcked me, and when I have a security let me into a badge area, or verify my credentials on the phone before unlocking a door it makes me so happy.

What I do if I forget my access key to a building is to read an e-mail on my phone. As soon as someone opens the door, I frown while still staring at my phone, as though some work-related emergency just came up and then walk in without making eye contact. This works every time. I never used it to get into places where I'm not allowed, but it's scary to see how easy it is to get into places. People are afraid to get in the way of someone who seems busy with something. God forbid they disrupt someone's important work!

Watching this remided me of something
I work as a lumper for a small albertsons warehouse branch, sometimes i transfer over to a winco warehouse. The first time i went over there they didnt know i was coming i offered to go for more hours
I drove up to the gate (im a idiot they told me to go to the front for employes..) buuuuut i went to the back because i was lost and really close to being late
right behind a semi truck. the stopper came down, i stoped
the gard just looked at me (i didnt have a vest on, just a black hoodie) and opened the gate. Now they have RFID tags for the lumper team i work for, my card for alberstons doesnt work at winco
So, I waited tell a lumper came out and asked him to let me in. Still, no vest on or anything
i just said i was here to help from the other branch...... It never donged on me that i just got in there without saying my name, or any form of proof...... i just got in...

A PERFECT EXAMPLE OF WHAT I SAY.....JUST BECAUSE A PERSON IS NICE, DOESN'T MEAN THEIR GOOD!

My son was into the defcon group. He and his wife and my grandgirls went to Las Vegas quite awhile back. He flies me there to watch the kids while they attended defcon meetings. I asked him at one point if there was a at. Close by. He said yes, but don't use any of them and laughed. He told me to go to one of the big hotels to use them. On the TV in the condo it had stream down on the bottom of screen of how many hacks they were accomplishing. It was a very interesting weekend. Before then I never knew something like Defcon existed.

This guy would love my boss.
Boss gets an email. Email says it's from someone else in the company. Boss knows this person, and has their number in his cellphone. Email has a file attached, and corporate had warned not to open any attachments from unknown sources. This person had alerted corporate that his computers had been compromised, and don't open emails coming from his email address. Boss doesn't know what to do. He has a meeting coming up, and this person has information he needs. He doesn't call the person on his cellphone to confirm he actually sent the email.... he *replies to the email* asking the sender "is this you? Is it safe to open the email?"
*facepalm*
Everyone can guess what happens next...
The hacker replies "Yes, it's safe to open the file."
So the boss opens the file, and gets infected with malware.
The look I gave him when I heard the story....
THE LOOK I GAVE HIM.....
Imagine looking at someone that does something so *stupid* and you look at them with a bewildered look on your face that can only be described as "How the fuck did you even get this job?!"

Two truth bombs that will undo every single one of those security measures:
1. Normalcy Bias
2. Nobody's job is worth _dying_ for (intruder draws a pistol on the employee challenging them)

My invisibility cloak is a toolbox and overalls. But the very best is a mop bucket and cleaning gear.
The truth is we rely on honesty and good will.
When it is gone, we are stuffed.

I work at a company with a lot of sensitive information. This really hit home. Everything is getting locked in my drawer tomorrow. Even my pens.

well now we are on a list for watching this

This is one of the best talks I have seen!

Anolog is your friend. The pen cap getting past security locks since 1985 😂

It's 2020 when I found this video. It's still as relevant today as it was in 2012. Great presentation! 👍

this was the most eye opening video on security and hacking I've ever seen.

MMM KAY CLASS

Love Jayson's talks, very educational. Thanks for uploading.

Some people refer to it as low hanging fruit.
I refer to it as *the weakest link*
Ever worked for a company and spotted one (or possibly one per hour) of those weakest links? Ever been a visitor to one of those companies? Just how critical is that company? How many people does it employ, ho much per year does it make, how much credit do they have?
Could it be something just a bit more critical? A hospital, key infrastructure, a major government contractor?
If you are seeing it as a non professional, or even a semi-professional... Then imagine who else is seeing it. What would your competition do? Would they ever try to knock your company out from being the competition, or damage you enough to make you want to walk away?
Every company and employer is effected; from just a few employees to the top of the Fortune 500 - and then some. For those anywhere in the Fortune 500 or any publicly traded company...
The worst enemy is one that you cannot see, one that you will never see. Imagine someone just slipping into a company, and then not doing one item of visible dame to it - ever. They just sit back and watch. They will make money just sitting back and watching

4:49 "Its not that I'm that great, it's that our security is that weak" I would think teaching people this lesson is a large portion of why many ethical hackers hack

As much as I support this person, there's nothing worse than being treated suspicious when you're not. At some point my electronic badge stopped working at the company I work for. I couldn't access restricted areas. I sent a request to get a new badge, which would take a few days. In the mean time I borrowed badges as work just goes on, right? And fuck I was being looked at by everyone. Dude I come here every single day, just let me in. Those days I did find out shortcuts to almost everything so I didn't need to borrow badges as often. Putting a handkerchief between an electronically locked door blocks the lock from engaging XD

This explains how organized crime & gangstalking , community mobbing and hackers well . This very interesting and disturbing at the same time ! Nice to know he's an honest criminal though. This video is really educational I needed to see this !

Everything you have pointed out shows that ultimately we still trust each other to not destroy other peoples sleep or lives, just because you figured out to do it.

Loved the talk and the security approach! Kudos...

I like it when he says "So When I talked to the FORMER head of security" HAAAH!

40 years ago I worked at a defense contractor who was a USSR's *number one* infiltration target. I recall a security awareness briefing where the security head said (even then) if someone is in our facility and has access to data there is no way to keep them from walking out with it. None. There are simply too many methods that are effective at recording and concealing.
The only solution that is effective is comparmentalization to 'need to know'. Find those things that are truly secret and limit access to them to the smallest group of people possible, and make sure any processing equipment used is not connected to a wide area or unsecured network. Otherwise, it's going to be found and stolen.

as an entrepreneur of an app company I must say I am damn glad this showed up in my watchlist, this was an excellent video!

Awesome talk! Every company should watch this.

After all these years, this is still my favorite stand up comedy show.

Although at first glance dated, the info in this presentation is even today still very valuable. And Mr. Jayson can, next to being a very strong speaker/presenter, best be described as a highly versatile, inconspicuous security endboss!

Guy walks into a secured facility bearfooted, wearing pajama bottoms, sporting a mohawk and carrying a 2ltr of soda.......meh, no issues.
Wait, hold on.........is that DIET pepsi??!!
!!ALERT!! !!ALERT!! !!ALERT!!

"People don't expect bad things to happen..."
And then there's me, I don't fucking trust anybody unless i know their name.
Which, even if I've met you before, I will NOT remember your name the first 2 months I know you, yes, my memory is that bad when it comes to names.
Reason: My first internship was at a company I won't name right now, because the name doesn't matter.
They were a manufacturer of installation equipment (think boilers, expansion barrels and the like), emphasis on 'were' for reasons later discussed.
What happened is that they'd been hiring a lot of new people with low level education as of late, in order to help out with machine transport, welding, bolting, etc, as they just finished and opened a new hangar-wing (Don't know the exact english translation, but you get the point.).
A lot of really nice, and really good people, they did a bunch of work that would've taken weeks longer than with just the maintenance personnel originally present.
So... one day we open up shop after a holiday, which is like the one day we'd halt production, and we immediately see the desk PC's missing.
Everyone is just standing around whipping their dicks on a drum saying shit like "Huh, that's weird, i could have sworn it was there yesterday...".
My boss instantly snaps and just sprints upstairs to the offices, and we hear the loudest 'fuck' we've ever heard.
Everything was gone.
I mean everything, server racks were pulled clean, computers were gone, blueprints for products, valuables and other things were taken out of the vault, which was opened as anyone would have, with the fucking combination, no sign of a break in or anything like that.
In the following 10 ish minutes we just roam about the building, and it was hollow, not a cable left in sight.
It wasn't a robbery or a normal raid, they took their time and cleaned the place out.
Those 10 minutes were the last of my internship there.
Luckily someone in the IT department with half a brain had, about 2 years ago, suggested to use security cameras which stored off-site, in case, you know, _someone would take the entire security server rack with them,_ and we had the guys who did it on tape.
The thing is, there are a few people that knew them, the offenders, by their first names, like 6, out of the 70 odd people working there.
Everyone had a different description of what the fuck they were doing at the company, and everyone's reason for trusting them was "Well, i mean, Johnny trusted them, and he's an alright lad, so they seemed fine...".
In the end they went to prison, but the equipment was cloned, sold off, handed out or destroyed.
The damage was done.
Jayson here, in this talk, was absolutely right.
People don't expect anything to go wrong until shit goes wrong.
The company went downhill from that point forward, losing clients because of trust issues, competitors tapping into their designs, production downtime...
They lasted for about 6 years after the raid, and had to close their doors last year.
Is this a worst case scenario?
Abso-fucking-lutely.
But that day taught me a lesson, be it a good or a bad one:
*Never blindly trust anyone, and fucking. ask. questions.*
Sure, you might annoy the people you're questioning, but is that really such a bad thing considering who you _could_ be talking to?

This was a fascinating lecture. Your holistic approach to security totally changed my perception of the field.

Man does this take me back to my Security days. I dont know how many of the client personel expected to get in without their badges.

When I was in the national guard one of my buddies did this to the one of the other military companies during the first day of a large scale exercise. Dude's an electrician so he rolls up in his company car, wearing his tools and high visibility jacket and tells the guard he needs to check their electrical system. He gets in, checks everything, does some important-looking stuff with the wires... and leaves small packages labeled "bomb" in convenient places. He has the entire place mapped and as far as the exercise planners were concerned, killed a lot of people.

this guy has an awesome job

By far one of my favorite videos Thanks for keeping it real!

27:20 Next PLC use regular bins but red plastic bags for their confidential waste. I always thought it funny when I watched the cleaner emptying it into the regular waste so he didn't have to replace the red bag 😂

The assumption everyone makes: Every system is secure.
The Truth: No system is secure from a determined attacker.

TH-cam keeps insisting I watch this video. I've finally given in in order to find out why.

Man I love checking other peoples security for such easy flaws. So many doors are just unlocked, so many areas are unsupervised where you could do damage and so much sensitive data is open to anyone. Not kidding, some shops have their change just in a drawer in the office, which isn't locked and no cameras are around. Shops even put keys for the office on the damn door frame

As someone who's actually paralyzed, the part where he mentioned "I'm coming in a wheelchair" bothered me… But to be fair to him, I thought the same thing earlier in the presentation, I thought "you know, maybe I could use my actual disability to get paid…". People are so helpful to me because of my disability that OBVIOUSLY the kitten of darkness is going to use that tactic.

"Social Engineering" is and old CIA/Psychological term that referred to changing societal thoughts to align how you want.
This term is often used instead of "Phishing emails" or "phishing phone calls" where people pretend to be someone they are not in order to get your personal information.
Social engineering is alive and well in USA but not in the way your being taught today.

Lol, someone reported a sus guy walking around the halls at my workplace to security and they didn't do anything. A week later a whole bunch of computers got stolen haha

I watch this stuff mostly for the lock picking because it has come up in my line of work. Now this might blow your mind a little or maybe not but I work maintenance. No big deal right?
My first maintenance gig I was taught to master key locks. Easy stuff. Learned it off TH-cam. I also used to program in the 80s and 90s. Got bored with that but the point is I think sequentially and fairly quickly. I figured out immediately if I was a predator, of any kind, I have the first and easiest access to your apartment. I just take my lock and make a master key off of it. 4am in the morning I just take my store bought match to the outside of my lock, swap it in about 10 seconds, take the one with the master key pins in it, sit down at my kitchen table and if your management and maintenance are really sloppy, I have a key to everybody's door.
Anyone with a little bit of skill can figure out how to get in. The attack can be just to see what you take home from work if you work in a place I am interested in. Or to leave stuff for you to take to work. Or worse.
My point is this guy is talking about not very sophisticated attacks that can mean a lot to you personally and it isn't just bank stuff. Like he is saying it can be just to cause harm.
The master key thing was so obvious and I was a newbie. And let me tell you. There are a lot of stupid people running apartment complexes where turning and earning is the #1 goal. Not making sure you are safe. In this day and age that's in the much higher price range.

I really like how he breaks everything down!! Need more like him.. and I know exactly what he means when they let you in. I live in NYC. So I know...

I should look into getting a job testing security, the number of passcard/code locked ID doors I've walked through over the years....