The New Guy at the Office Is a Secret Super Hacker🎙Darknet Diaries Ep. 36: Jeremy From Marketing
ฝัง
- เผยแพร่เมื่อ 19 ก.ย. 2024
- Penetration testers are good guys, hired by companies to hack into their own networks by any means necessary. Pro hacker and ex-marine "Tinker" goes undercover as a marketing temp for the toughest crack of his career.
Visit darknetdiaries... for a list of sources, full transcripts, and to listen to all episodes.
Oh by the way. If you want to get started in InfoSec I wrote an article on it. darknetdiaries.com/breakingintoinfosec
I've been working as web developer for 3 years now and always knew deep inside that security passionated way more than building apps. I didn't now where to start neither had the balls to. With this article you encouraged me to start once and for all, thanks a lot!!!
I love this and I will continue supporting you! Thank you for all the information that you provide us with. Could you please talk about the smiling hacker “Hamza Bendelladj” he’s in prison but I think his story is interesting.
going to have look as i start my journey
I am in cyber security too. Pleased to meet you.
Man this is awesome, thanks Jack. I'm jumping into a SANS institute program, but I'll be using your suggestions in your article in tandem.
This story was a roller-coaster of emotions. I half expected him to literally walk up to IT and shout at them for being at their desks during lunch.
Legit lol! "Go to fkn Arby's, damn you!!" As he tosses $20's to each of them.
I thought he might pull the fire alarm.
@@YerBrwnDogAteMyRabit un
@@johnm9899 Sri Lanka
@mrtechie6810 they would see that an alarm was pulled and it would be suspicious. Better to use some "smoke detector testing powder" and use that to set off a detector since it's scent free.
This is, in my opinion, one of the 3 best episodes. An absolute gem! Another great one is Ep 21 "Black Duck Eggs". Phenomenal work!
Ya this one is a classic great one
Thanks Jack. Your content is one of the best I've heard. It's like listening to a movie!!
Hacked his way into a broom closet 😂
@@goldnutter412 Just got to that point, I find it hilarious !
Black duck eggs was great as well, whats the other top 3 episode
One of my favorite stories.
Hacking into a broom closest. Admin isn't admin. The silent rage building leading to a mistake being made.
If admin isnt admin then who's the admin !!?
@@miss_tech Well, not the admin.
@@miss_tech admin_2
hahahahahahhahaha
That's just an absolutely wonderful misdirection to throw off someone...like this guy....who was somewhat experienced, but still got kinda flustered and seemed to slip up after the normal shit doesn't't work. I know of a few companies that I have been with and inside that do some sneaky tricks with their security, surprisingly.
My favorite line is "what kind of locked down prison is this". Great work
Apple Inc
Ooo dang os x hostile af
This was an incredible story, i could almost feel the frustration while listening. Hearing a win for the blue team is a nice change of pace!
yep, i am literally crying...
Me too. Holy shiznish feel my brain pulsing this dude is great
@@poppy2244 L😊😊ppp P K looking b K K K k killing kill B
I love this guy so determined and when he gets frustrated and desperate it made me laugh. Really good example of some good security.
And it cause him to break character 😂
@@johnsmith60 fucking Citrix!!!!!
@@johnsmith60 ¹1¹
This should be emulated and become bare minimum standard to everyone else, with some additional tricks and minor differences.😂😂😂
Honestly this is my favorite channel now
Agree, it’s so good. I got cyber security management certificate and showing some of these videos in class as examples of concepts we talked about would have been great.
Wow, this episode of Darknet Diaries was intense! I couldn't believe the level of dedication and determination that Tinker had as he went undercover as a marketing temp. The way he was able to hack into the company's network by any means necessary was impressive. The frustration and tension throughout the story made it an emotional roller coaster. A definite must-listen episode, in my opinion.👏
Wired Magazine ran a great article on 'Net vulnerability. At the time, domain manes were not protected enough. (I'm not a techie so I'll probably describe some of this incorrectly.)
A guy had a bike accident and broke his ankle. While on prescribed pain killers his mind, was, well, high and disconnected. He suddenly had an insight that panicked him. He called one important exec (to something) and described the problem, and the man told him this was going to be a priority fix and NEVER discuss this on a cell phone again.
The anecdote I remember is that he could have emptied the entire French treasury into his personal bank account and there'd be no way for anyone to know why France was suddenly bankrupt.
They fixed it, and Wired ran the article.
As a former network engineer from the old days I loved this listen. Incredible how advanced the technology has actually become and yet the rules haven’t changed
I absolutely respect Tinker for sharing his story. I was at the edge of my seat the entire time!
Totally addicted to your work Jack! Geek heaven!
Me to.
Pentesters are a great sort in my experience, I learned a helluva lot from every single one that's been on our site. They can learn a thing or 2 from us Sysadmins too however, 1st guy I supervised "mysteriously lost connection" and started querying our blocking of IP scans etc. - Told him I'd need to confirm with Networks, but that 1st he should plug back in the LAN cable from his machine that he'd just kicked out of the floorport under the desk... 😅
Always the most basic things when you think you’re stumped.
I have a "Writing" playlist on TH-cam. Half of those videos talk about writing advice, expertise, tips & tricks, etc. The other half is non-fiction storytelling which provide inspiration for my own fiction writing. This video fulfilled both criteria: A 3-act structure, the hero's journey, a tale of the hacker that couldn't, and even a moral. Truly a podcast where fairytales are born.
Even as a very technical person, I love your ability to properly explain everything. I'm a Web Developer Instructor, and I find it difficult to explain things to my students without overwhelming them. So I've been digging through your blogs and everything, and I really appreciate what you do sir.
> _"I find it difficult to explain things to my students without overwhelming them"_
yeah, me to my peers too! the biggest gap is that i dont know what they know or dont know.
so, either i become tooooo dependent on using the keywords, and forget the layman terms; or i start explaining in layman even the terms they already know.
I'm speechless! this episode should be a MUST listen to everyone in the InfoSec domain! so many lessons to be learned here! phenomenal!
When I learned about pentesting about 5 years ago it was like a light bulb went off and something was like finally a job for me and my criminal mind. Now just to learn absolutely everything to do with computer science, networking, programming, web apps etc. Almost 5 years later and although I've gotten so many skills and done a bunch of CTFs I still know I wouldn't be a great pentester just yet
Keep practicing bro....rent on pc environment and do your thing or just use the real world.... Have fun brother
@@kareemcallender1930 thank you
Where can I learn how to start doing any of this? Can be illegal or legal I just want to learn something new and challenging
@@elon.evans228 the Internet is full of information
@@elon.evans228 "learn absolutely everything to do with computer science, networking, programming, web apps etc."
wow, i normally don’t listen to hacking related podcasts, although i do watch a fair bit of shorter youtube videos about similar topics … but this was just entirely captivating and it could have easily been another hour! great job!!
Jeremy from Marketing thought he was going to spend five minutes at his desk and say, "I'm in!" LOL. But for real though, that's some INSANE security they had. I don't know who that company is but they definitely did their homework.
imo they focussed on plausibility based rules and detections, I don't know if it was truly written down as a rule somewhere in their sec handbook, but it suspect it was really a design principe there. if they'd had turned off netbios broadcasts and locked down the master browser shit 90s-style they'd have driven him completely nuts.
@@udirt right, I give that company a 9 out of 10, Tinker was even using msfconsole instead of writting his own reverse shells, so maybe a 4 out of 10 for Tinker on his end... i rate it script kiddie with military experience out 10.. his story telling was 10 out of 10... if he had more patience he wouldn't even have been caught..
Many other admin/engineer/hacking videos that I watch always feel either too basic or too complicated. Rarely do I find a video that happily sits in the middle. This is like the donut media of hacking. I love it
This episode was especially dope! Big up to both of You!
I bet if he sat tight and waited it out for a few days, he could have gotten that IT access that he needed to continue on with the powershell and nobody probably would have caught it.
Cant agree moree.....
Yes maybe...but almost nobody would be that patient...considering all those stressful situation he was in...not just 'pressuring' stress, but 'annoying' stress. (weird configuration like admin is not admin, SSO that is abnormal and requires MFA, only IT team doesn't go to lunch, etc.) At least in 'pressuring' stress, one can keep cool and be rational, but these kinds of annoying situations, I bet almost nobody can keep his/her cool.
Even at that point he had already admitted that the place was pretty secure. He just really wanted to get them with something. Personally I believe I.T was tipped off and told to be readily on defense.
Where can I learn how to start doing any of this? Can be illegal or legal I just want to learn something new and challenging
@@elon.evans228 wtf my comment got deleted
Thank you for putting so much effort into your videos keep it up. Always looking forward to the next one ☺️
I have recommended this episode to so many people in the office. Love your podcast!
Ok, this episode is so helpful and motivating to me. Currently I’m a cs uni student specifically focused on networking. This videos gives me an entry point to develop my own roadmap. Thank you for such a nice content!
Patience is not simply the ability to wait - it's how we behave while we're waiting.
The IT staff at this place sound like they have shoulder holsters and loose fitting suit jackets. Love it.
I am so happy that there is another episode out!
This was an amazing story. You really feel Tinkers frustration building and I myself was longing for the catharsis of him finally catching a break. And then being caught red handed instead. The satisfaction instead coming from IT saying, "well, Finance doesnt use Powershell."
Hands down my most listened to episode of Darknet Diaries!
My uncle was a professional high end car thief for like 15 years then he went to prison and now car companies hire him to test there cars security.
Lol
Really enjoyed this one. Super cool guy too. Loved that part when he got caught; the intensity, and overall his laughter behind it with the “scream” 😂 thanks for this one you guys 🙏🏽
I loved this episode for both the technical and human parts. Tinker - what an awesome guy! I totally felt his agony and energy as he told the story. Hacking tales arent exactly lame, but rarely this engaging, vibrant and vivid.
These episodes keep getting better and better! Loving the growth! I’m just getting into infosec and coding and your show definitely keeps me motivated to learn more!
Damn this is the best emotional rollercoaster I have heard. Need more episodes like this. Pure awesomeness.
One of the best episodes I've listened to and was fascinating to listen to a true Account of a professional pen tester. Quality show and thank you for sharing 🙏
As a federal government employee, the thing I find most amazing is that he was able to get a laptop AND access to the network within a week, let alone on the first day!
Loved this. I am a developer with a good amount of networking knowledge and have been tasked with pentesting our sites and testing our lan/wans. So I was able to get immersed when he was using tools I know and excited for him when he had any “wins.”
This guy sounds solid and would be a joy to work with.
I felt like I was in the office with them, great story and great story telling !!
This was like a trip to the theatre for Me! I'm barely even a script kiddie at the moment, but I know enough to appreciate this. Also I'm an amateur in lock sport, so it was thrilling to picture this dude with a tension wrench and a variety of rakes and spp... Only to see it was rolling out the red carpet for him XD
These are some of my favorite videos you make.
Sure, hearing all the insane nation-state hacks are very interesting & eye-opening…but this gives insight into what a single person might aspire to become.
Thank you for all of your great & hard work! You have become an awesome storyteller.
Hey Jack, you need to audition for NPR or something out of WBUR or WNYC. Your voice, interview style and production quality is perfect for a public radio broadcast. Send this episode in as an audition tape. You are just that damn good.
haha I was thinking the same thing, this sounds like something I could hear on NPR, right after wait wait don't tell me lol
@@TheMrDrMs Yeah, Jack has that "Moth Radio Hour" vibe going.
My last employer locked down a development tool I needed so I stayed late to find a workaround. It was a convoluted workaround but I went home happy thinking I could use it. The next day my boss confronted me. It turned out all my activities started throwing up red flags. I offered to show him what I did, but they already knew 😂. I wasn’t allowed to use the workaround since it bypassed their security 😮
which development tool?
I guess you pspause their software....
I get a big smile on my face when I get an alert for new Jack Rhysider!
Love listening to this at night. Keep up the great work!!!
I'm totally not a tech guy, but this channel is one of my favorites.
I am finding all of this so interesting! I’m learning hacking now that I have better seizure control, but I’m basically starting from scratch because concussion accumulation screws with many things.
So even basic things like balancing and programming/languages I knew are having to be relearnt and playing the 7 instruments I played before, so yeah, having to re learn stuff sucks, but just as exciting and intriguing as before:) thanks, friend, for AWESOME CONTENT!
Thank you Tinker for sharing that story. You did a amazing Pentesting job. Myself as being a Hacker, I like how you shared many places where a lot of your hacks didn't work. They never show this side of failed hacking in the movies. Great job man!
Love the work DnD, keep up the effort.
Best "war story" I've heard from a penetration tester, thanks for interbiewing Tinker, and thanks to Tinker for sharing this roller coaster ride👍👍
This episode is so good I feel ashamed to have not started supporting you yet. I'll fix this shame right now. Keep up the great work!
~ 55:08: "I let out this high pitched 7th grade girl scream", killed me!! 🤣
I love this episode so much. Goals for my cyber security career! "Hi I'm Nick from accounting 🙂"
This is my second full listen, can’t wait to save the rest to listen to while I work. You’re awesome, tinker is awesome, MobMan is awesome!
I have never listened to an IT story like this with more excitement, this was amazing.
Whoa new intro narrator I wasn't expecting that!
I remember when I was young n trying to join a group of hackers to possibly learn more... the people wanted me to help target and keylogg younger girls... I was about 15 at the time and that just completely disgusted me and turned me off to the whole thing and I never pursued learning anything else. I regret not just ignoring them n continue learning
One of my favorite episode
55:13 😂🤣 i hollered. Everyone can relate to this moment
🤣😂
@@jeffreywhewhetu5754 I’m late but, I still go back to this part lmfao 😂. I may turn it into a meme
One of the best interviews I've every listened to. I was extremely interested the whole way through.
Thanks Jack for this new one, had be checking this channel for days and Finally!!!
had a pentester on one of our sites... learned a lot that day... what a incredible bunch.... it highlithed some or our flaws but also brough security to the atention of the right people to get the founding to fix it
How much would you say, percentage wise of the entire online/cyber budget, was routed to enhancing security capabilities after the evaluation? And how much is an evaluation such as that cost, if you dont mind me asking.
@@MrNecryptic budget almost dobled... Old sonic wall boxes replaced and a old 2008 server replaced after that was the entry point for the hack etc...
@@MrNecryptic I don't know specifics but it wasn't cheap since it is a 13 stores car dealership. The hacker could lateral move between them after hacking a server that had vpn access across all the network
@@PinguimFU Immediately doubled, wow. That's extreme but I guess no expense can be spared after such an event, within reason. I can see why federal charges often apply to such events, the amount of resources used for recovery are immense.
Nice Mr. Robot reference at the end lol
The story telling was so good! that I felt like I was there with him hacking lol
What a great story. I was so invested that at the end when he got caught I literally yelled, “Ha! They got him!” in the middle of work 😅
Hell yeah, my favorite thing on the internet! I've never been this early to an upload I feel lucky haha 😄
wow awesome jack! really like to ear thoses stories!! keep it up!!
i listend to this on spotify. but i needed to levae a comment here. this story had me glued to my phone. i can not remmember when some form of media had me catched that mutch. generaly i love this podcast keep up the great work. and thx you
Nerdy and technical talks are the BEST! I learn so much more from them.
This was absolutely amazing. Great story, well constructed, well related, and I really enjoyed the technical dive.
I enjoy taking a peek at little business operations when I visit, often I see a workstation left in session or just plain file drawers left unlocked, when someone leave me to wait in such offices I have a little "gotcha" ring in my head...
*Ppl just don't care for other people data in general until they get exposed to a ransomware or something real bad, so what's to do? Keep silent or try to scare them?
Great episode! Doing some catch-up post #DEFCON30. It was nice chatting with you at the VetCon party.
DC30 was an absolute blast
Holy crap this is like an action movie
The first time I worked for a big company I was anoyed by all their security measures, now I'm use to it, but after listening to this it just makes sense, nice story it touches everything and is told in an interesting way
the funny thing is, even i can break my company's security, even with good security in place, and I am just l1 employee working remotely... (once i even got ssh access to some random server)
so i am amazed by which ever company that is , with this much security in place....
@@vaisakhkm783 I guess it depends from company to company, how big they are, what kind of information they handle, and what their third party partners expect from them.
Honestly love the security that this company had done.
Great ep and story telling as always. Wasn’t terribly technical and where there was tech jargon thrown around you explained it briefly and eloquently. Well done!
A question regarding password cracking. Okay at around the 19 minute mark a program like hashcat is mentioned. It was mentioned it can go through the dictionary in under a second, but what happens if the software or hardware only allows a maximum amount of passwords. For example, my friends phone allows 10 or rather 9 failed password attempts. On the 10th failed attempt it initialises the phone. I know there's other software & hardware that does something similar. Wouldn't something like this cause a problem?
I've only recently begun my study of ethical hacking this last year but, I'm pretty sure I heard him mention that what he found is hashes for some passwords. Hashing is a form of obfuscating the actual plaintext password by running the password through an algortihm where it becomes unitelligible from the original. If you have the hash of a password and figure out what encryption scheme was used, then you can crack the password offline in your own environment using tools such as hashcat or johntheripper. Hopefully this helps a little!
I'm leaving this comment so I can tell you later, I'll look into it.
Edit:sorry just remembered this comment, but so:
They use things like botnets and parallelization to increase the number of guesses per second and distribute it among computers and other resources.
IP rotation allows a hacker to have a new identity when reaching a limit by using proxy's, Tor or VPN's.
Credential stuffing, which are made with dedicated tools and software to automate the process of leaked credentials, these use things like IP rotation mentioned above and random intervals between attempts to bypass detection mechanisms.
There is also a possibility of vulnerabilities present in target system that allows the bypass of those restrictions, these can involve such things as software bugs, misconfigurations, or vulnerabilities on the authentication system itself.
Hope it helped.
Game over
Awesome story. Thank you very much for the content. I am studying right now for the comptia security + certification, trying to change careers. This story gave me alot of information and insights. Again, thank you!
What a suspenseful Story... Great Hacks & Social engineering from Tinker and Great work from the Blue-Team..Now I know only the IT run powershell 🔥
Finance: "It was him!"
him: "Eek!"
This is the best story I have heard. When he said Citrix I just lit up and thought he had it then when he said there was nothing my hart dropped. I feel your pain
You should make a playlist for these type of stories… felt like I was inside the network myself just by listening
This was an absolutely awesome episode. Great work. The hacking into the broom closet was probably my favorite.
Does anyone else think that Tinker sounds just like Seth Rogen?? LMAO
Amazing content bro, it’s crazy the different approaches and elaborate hacks.
Tinker needs to come back on the show and do another Noirnet type of episode.
Just found your channel today, with the ep 'how hackers used p0rn ads...' was great to get a feel of the innerworks that they made to get the cash. But this episode, covering a BT operation, man it's like listening a good book. Imagine the situation almost like "I'm seeing the people"... really great to have grasp of the 'troubles' the pentest guys get in to... lol ! Thanks for sharing, Tinker and Jack !!!
As a former Network Engineer I can tell you that everyone ignores IT, we were invisible (unless someone wanted something then suddenly we exist & it's always an emergency.... it's not, it never is, but it's always at the end of the day on a Friday 🙄). Conversations, phone calls, meetings, lunch etc happen like you don't exist & no one ever bothers to verify you work there, much less are from IT 🤦♂️....
I was given your channel by the algorithm today and I am 4 videos in so far. What I have watched is great for energizing the creative mind and getting into that flow. It probably came from all the scam baiting I have been watching but I am happy the math worked out, I will be catching up on your videos for sure.
This is now my favourite episode, this is a great story.
when tinker says "YES I'M IN" i felt the joy. hella good episode. o7
Daaaaammn
What a nice story, what a great storytelling, I loved everything about it
The thing I liked the most is to finally hear a story of a pentester that actually cannot break in
More tech stuff yay , I hope you continue to make more tech related EPs.
I know nothing about computers or did but listening to you I have learned a lot about the digital world and how scarily easy it is to compromise your security
_Awesome_ story. 😎
_Please_ do _more_ of these!
This episode was absolutely amazing. Fantastic guest
Finance running powershell sent alarm bells ? LOL :D Hilarious
All week at work I’ve been anxiously checking to see if a new episode is up on Spotify 🤣🤣 keep up the good work
Really cool to hear details of tools and methods he tries. Good way to make that blue hat fit a little better.
This is amazing, new favorite podcast for sure