DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)

Поділитися
Вставка
  • Опубліковано 21 лис 2024

КОМЕНТАРІ • 1,8 тис.

  • @seimar1671
    @seimar1671 4 роки тому +367

    As a pizza hut driver, I can confirm how easy it is to get past security. As long as you seem like you're supposed to be there, 19/20 times no one will stop to question you.

    • @joshfloyd7755
      @joshfloyd7755 Рік тому +22

      In a lot of places, a green hard hat and a clipboard repel every one . No one wants to talk to the Osha inspector...

    • @roosterqmoney
      @roosterqmoney Рік тому +8

      @@joshfloyd7755 a white hard hat and a ladder works a lot too.

    • @Kirt44
      @Kirt44 Рік тому +1

      Exactly it all comes down to if u dont look like being someone Who isnt supposed to be there or dont look like your doing something shady No one will notice you or think twice about what you are doing

    • @triple_gem_shining
      @triple_gem_shining Рік тому

      thats social engineering.

    • @oh_finks
      @oh_finks Рік тому +1

      how much security is there at pizza hut lol.

  • @gadgetroyster
    @gadgetroyster 4 роки тому +212

    As an Air Conditioning mechanic with a very nice uniform and tool pouch, with appropriate name badge and company logo I was admitted to some of the most secure sites in all of
    Southern California, including IBM. and several federal buildings. I was only asked to produce Identification one time and that was an FBI site. The front desk would take one look at me and I would ask to speak to the building manager who would then escort me to the server room and rooftop where the equipment was. That FBI site was very different, as I was escorted by someone with a little hand held siren and flashing light. As we walked down the corridor to the server room I watched doors slamming shut as we approached within 20ft. So cool.

    • @oh_finks
      @oh_finks Рік тому +12

      seems like the fbi know exactly what to do

    • @LBrawn
      @LBrawn 8 місяців тому +1

      bullshit

    • @Mothyone
      @Mothyone 2 місяці тому +1

      😂 pen testing is real

    • @Tridenux
      @Tridenux Місяць тому

      I have heard your podcast

    • @Mikey-b1s
      @Mikey-b1s Місяць тому

      I used to sit on the planter 15 feet from the guard shack at las vegas fbi building smoking a meth pipe.

  • @jaredspence3020
    @jaredspence3020 6 років тому +1331

    I work in childcare and this is so important. We have pissed off so many parents and grandparents just because we had never seen them before or because they aren't on the enrolment forms. The only thing worse than someone stealing data is someone stealing a child. Constant vigilance!

    • @frother
      @frother 6 років тому +133

      Any parent or grandparent who gets angry when confronted with that situation doesn't care about the child at all. Keep fucking up their day with a smile on your face.

    • @MrFunkhauser
      @MrFunkhauser 6 років тому +72

      It's just natural instinct to get pissed off when you are going to pick up your kid and you are immediately treated like a child rapist. I'm a big gruffy guy and the daycare wouldn't even open the front door to talk to me. It's a giant over-reaction by the industry my kid is way more likely to die by car accident on the way home than be nabbed by a stranger.

    • @kilikus822
      @kilikus822 5 років тому +54

      Same thing at a hospital I worked at when a baby couldnt be found in the NICU. It was never someone abducting a baby but we still posted guards at the entrances with orders to search all bags leaving the building.
      You don't want me looking in your purse/backpack? Sorry ma'am/sir , you're welcome to have a seat right over there until the code is resolved but unless I've searched your bag. You ARE NOT leaving this facility.

    • @redtails
      @redtails 5 років тому +33

      there's only one thing worse than a rapist
      a child
      NO

    • @KingOhmni
      @KingOhmni 5 років тому +62

      This. I once had to pick up a relative after other relatives were indisposed. However I had never picked up the relative from school before and the school almost refused me access but I presented ID and explained the situation, which involved hospitalization, and this was their solution.
      As the Head Teacher talked to me about the need for security they quietly brought the relative in question into another room wherein there was line of site to me but without me seeing. Naturally my relative confirmed my relation to them and the Head Teacher brought the relative in and then the apologies came but I politely rebuffed them as I considered their actions more than appropriate.

  • @oljimeagle
    @oljimeagle 5 років тому +310

    Im a delivery driver and Ive had people let me into secure locations to complete a delivery. I carry a box to a door near the smoking area. Almost always, someone will see you with your hands full and offer to swipe their card and let you in.. Saves me tons of time

    • @Speed001
      @Speed001 4 роки тому +9

      As long as you're in uniform.

    • @TheLazyass111
      @TheLazyass111 2 роки тому +26

      @@Speed001 I'm a delivery driver for a small pharmacy. I'm in plain clothes. I'm never holding something with more than one hand. People still just let me in if I knock and wave.

    • @jamesmaddison4546
      @jamesmaddison4546 2 роки тому +32

      @@Speed001 uniform doesn't matter. While I was going to school for cybersecurity I was also a pizza delivery guy. You'd be amazed how many places you can get into with a pizza bag. Even secure places. People are all too eager to let you in when carrying pizza

    • @dwaterson21
      @dwaterson21 2 роки тому +8

      Pizza bag, the new clipboard.

    • @Teh_Random_Canadian
      @Teh_Random_Canadian Рік тому +11

      I'm a contractor. Carrying a toolbag with some paperwork and I can walk into any building without ever getting questioned

  • @GryphonArmorer
    @GryphonArmorer 5 років тому +111

    I used to work for a high speed cable & connector manufacturer in the design division. Not long after I started, I was offered & accepted a slot in the ITAR team. ITAR, basically is the military equipment systems (I was offered the position because I was really good with 3D design & concept modeling, and I am a veteran, so they figured getting a security clearance wouldn't be an issue & would process quickly. Which it did). Immediately after getting approval to work on ITAR projects, I requested a monitor filter so only I could see my screen, or rather you had to be directly in front of it to see it and turned my monitor so people passing by my cubicle couldn't see my screen. I also locked up my cabinets & drawers every time I stepped away from my cube. And, never left papers laying around and until I memorized passwords, I kept the notes in my pocket in a small notebook or in my wallet. Now.... the funny thing is, my diligence on security frustrated other designers & engineers because they couldn't just swing by my cube and rifle through my desk and hand to stand behind me when going over 3D CAD models. My standard answer to their bitchy little rants to me was, "well I'm working on ITAR, and I'm not going to risk my security clearance or the company's ITAR certification because we regularly have foreign nationals in the building, for your convince. I take security, seriously". That usually shut them up, and I even saw a few engineers loose their ITAR cert after complaining to management about my personal approach to security (really I was just following the rules), because they didn't take it seriously.
    I've known about your profession for a long time and always thought it would be cool to do what you do. Cool video. Thanks for sharing your thoughts and knowledge. Keep up the great work. 😎👍👍
    Semper Fi 🇺🇸

    • @GiganFTW
      @GiganFTW Рік тому +1

      Nice wish I have your job but I’d need to work on my safety security knowledge.

    • @godfreypoon5148
      @godfreypoon5148 Рік тому +2

      ITAR? Utah!
      In Communist Russia they did not have "ITAR"... they had "we tar".

  • @iancoker1987
    @iancoker1987 4 роки тому +72

    Once upon a time, I worked for ups. I can guarantee, that when confronted with authority or a developed sense of trust/ignorance, individuals will cave and allow access to sensitive items and information. Also, many individuals are dumb as hell with no sense of security and will often ignorantly leave sensitive locations open with no security. I once delivered a package to a company that consisted of an office and warehouse. Upon coming to the location, I walked in the front door, saw no one, proceeded to venture through the building walking into multiple offices and into a warehouse with hundreds of thousands if not millions in product, I then walked into the security office, found a name badge and dropped the package off under his name.
    Don't worry though, I did walk off with some loot. I managed to steal two water bottles out of the fridge like a freakin smooth criminal.

  • @nmap-p-
    @nmap-p- 4 роки тому +171

    It’s amazing that even this talk is 10 years old, it’s still relevant. Says a lot about the evolution of physical security.

    • @TheSpiffingSangheili
      @TheSpiffingSangheili 2 роки тому

      DEAR GOD NO

    • @KoldAsHell
      @KoldAsHell Рік тому +2

      Yeah this presentation is legendary. I watched it when I'm 12, now I'm coming back 10 years later

    • @Nderak
      @Nderak Рік тому +3

      yeah… i spent quite a long time thinking defcon 19 meant it was 2019 and was wondering why the quality was so bad…

    • @nmap-p-
      @nmap-p- Рік тому

      ​@@motrinmedic No your mom doesn't amaze me that much anymore

    • @Cfomodz
      @Cfomodz Рік тому +1

      Here 3 years later to ask: What evolution? Oh no, I had to buy *different* specialized picks and bypass tools 😢...🙄

  • @MorningDusk7734
    @MorningDusk7734 Рік тому +32

    Honestly, one of the most secure places I worked at was a small engineering firm. You know why? There were 10 employees, one IT guy, the door required you to walk past the nosiest office admin in the world, and the UPS guy was the same every time. Everyone knew every time work was being done in advance, and when people from the parent company were coming, and the only flaw I saw was that the bathroom was right next to the 3D printer room, but that had glass doors in a high-traffic area, so anyone could see if someone was in there. The door badges were separate from the alarm, which everyone had a different code for, and both reported to the security log on who opened or deactivated what and when, which the office admin regularly checked. I'll admit that I memorized a senior coworker's alarm code when I started, but that's only because my code hadn't been working, and everyone knew that.

  • @NefariousElasticity
    @NefariousElasticity 7 років тому +528

    He's so right about management being reactive and not proactive. I work security for a building in a major city, and our contractor network has so many holes in it that basically anyone with a hardhat, reflective vest, and a clip board could slip through unnoticed at any time of the day or night. When we mention it to our management, one of us gets written up or fired, and the problem continues. They do the bare possible minimum by terminating contracted employees rather than actually admitting fault and fixing the issue.

    • @peter_smyth
      @peter_smyth 6 років тому +34

      High visibility clothing sometimes does the exact opposite. Hiding in plain sight.

    • @ohmyblindman
      @ohmyblindman 6 років тому +16

      Sounds about right for management in today's climate: cheaper is better.

    • @hosmerhomeboy
      @hosmerhomeboy 5 років тому +22

      as a carpenter i have gone all sorts of places, just by looking like i work there. I don't do anything, mostly i just do it to check out neat projects. I did get sweet parking at the airport once because their work trucks looked like my work truck.

    • @jremy89
      @jremy89 4 роки тому +7

      Sounds like somebody doesn't want that back door being closed

    • @finns99
      @finns99 4 роки тому +12

      Used to do accreditation (is that the proper term?) for venues and festivals for a while. Basically, no one's allowed backstage until they come tell us what they're there for. You probably must've seen the pictures on Facebook "this is my guitar that got stolen" by some guy in a band when he kept his stuff in the backstage. It happens a lot. We know that, so we try to avoid it.
      And unsurprisingly, i've actually had people trying to get in the backstage, though they didn't seem malevolent - i was never sure. Mostly just drunk adolescents. (its a festival after all) Heard a lot of bullshit and flimsy shit, i don't think i ever let someone through that wasn't allowed to. But festivals are pretty busy and all that and most of them are always edging towards complete chaos and collapse.
      The maintenance and tech teams that keep passing by all day, in their reflective clothing, carrying some big cables and other heavy equipment around? They never get asked. I really can't even, they usually just walk up and down all the time, stopping them everytime would just be ridiculous. Its incredibly easy to blend in with that and just sneak past.
      So if you ever want a free ticket inside a festival, all you need is a reflective vest. There you go - enjoy.

  • @sacredcowbbq1326
    @sacredcowbbq1326 4 роки тому +27

    I'm not even in security and I loved this talk. Hilarious delivery. If things don't work out for Jayson in security, he can always do stand up.

    • @whatabouttheearth
      @whatabouttheearth 2 роки тому

      I was in a special Marine Corps security unit and I think this guy is ego based, unrealistic and has unrealistic expectations of normal workplace relations and personal actions with ones own personal property. If I left my items at my work space and some ego driven dude steals my shit it won't be a scenario anymore, he's getting fucked up. I've seen guys like him before that overuses their few opportunities in life to be billy bad ass, it's not the professional stuff I'm talking about, it's the seizure of people personal goods (assuming they know nothing about any of this). He's essentially doing individual OpFor but seems way to glib about it.

    • @sacredcowbbq1326
      @sacredcowbbq1326 2 роки тому

      @@whatabouttheearth Fair enough assessment.

  • @lanceroark6386
    @lanceroark6386 7 років тому +1131

    Hahahaha. Employees that get treated like shit aren't going to care about some companies financial security.

    • @finnelhumano6096
      @finnelhumano6096 7 років тому +188

      Rule 0 Don't treat your employees like shit.

    • @Choice777
      @Choice777 6 років тому +32

      sorry, i can't count to 0.

    • @ulture
      @ulture 6 років тому +111

      exactly, the only real security solution is to make sure that all the workers actually have a reason to be interested in their work and its security, if not by turning your workplace into a worker-run horizontally-organised democracy in which everyone has a stake, then at least by actually paying people enough to care

    • @NiceCoopBro
      @NiceCoopBro 6 років тому +29

      You had an easy life congratulations

    • @AmericasComic
      @AmericasComic 6 років тому +25

      Ed Peck I like the horizontal model for businesses, but I also feel no matter how democratic a workspace or how much someone gets paid, you’ll still get a work environment where people don’t give a shit.
      Work and most jobs suck.

  • @Zamolxes77
    @Zamolxes77 5 років тому +296

    An alert and educated work force is truly dangerous. They might realize how bad they're getting shafted.

    • @NTF-zb9wi
      @NTF-zb9wi 5 років тому +4

      You must not hang out with folks who have a bit of a twisted sense of humor...

    • @DouglasHPlumb
      @DouglasHPlumb 4 роки тому +3

      It will never happen. If it could happen it would have.

    • @frankiegargoyle7783
      @frankiegargoyle7783 4 роки тому

      for reeeeeeeeeeeal

    • @darrellmay4502
      @darrellmay4502 4 роки тому

      That means You!

  • @Chiovarie
    @Chiovarie 7 років тому +1534

    " I hate when they steal my stuff that I stole " best part

    • @bishopvida
      @bishopvida 5 років тому +26

      If there's a red button, I'm pushing it twice.

    • @Roobah
      @Roobah 5 років тому +11

      Can you imagine being his mother when he was a toddler? Same kid who would stick a knife in an electrical socket, turn on a stove and sit on the burner, put firecrackers up the kitten's behind, bite the head off a bat to act like Ozzy... And so on. Society really does need people like this to keep us safe from ourselves.

    • @autohmae
      @autohmae 5 років тому +4

      "enforce [...] not with a baseball bat. Ohh, gush that would be fun."

    • @pamcagle7689
      @pamcagle7689 5 років тому +2

      I love that line from Cheech and Chong!

    • @DFPercush
      @DFPercush 5 років тому +17

      @Ami Riegel You really don't understand the red vs. blue thing, do you? People pay him to check their security, he's there with permission, like that show undercover boss. And he gives the stolen things back. Notice the comment about giving 4 sets of car keys to the manager. He shows companies their weaknesses so they can be fixed. It's an important job, and you are safer because of people like him.

  • @0mikr0n
    @0mikr0n 6 років тому +64

    Security officer here. I agree entirely with the contents of this video... physical security penetration is not difficult at all, and usually involves manipulating the inherent human desire to trust others.
    The biggest key to security is to *LEARN HOW TO SAY NO AND OWN THAT DECISION.* If you go into an interaction with the goal of verifying identity, *DO NOT LOSE SIGHT OR BACK DOWN UNTIL YOUR OBJECTIVE IS COMPLETE.* A penetrator's objective is to deflect your attention or turn the encounter around on you. They accuse you of being unprofessional or rude; outright ignore these accusations. Remain professional, repeat your question until they acquiesce or leave.
    The average person like to be helpful. No one enjoys confrontation except a deviant. Breachers like to threaten consequences to manipulate both aspects. But few employees realize that it's possible to remain professional AND tell someone no. It's a difficult skill to teach in new officers, so imagine how hard it is to teach frontline employees the same thing.

    • @ShrekOgrelord
      @ShrekOgrelord 11 місяців тому

      nice to see a comment from you here, your ace combat videos are awesome!

  • @thedayzgod
    @thedayzgod 7 років тому +1785

    Security companies HATE him, See how one man got past million dollar security with just a pen cap!

    • @jfbeam
      @jfbeam 6 років тому +40

      I doubt that really was a million dollar system. All he did was prop a door open once getting it open. Security companies just want to cash your check. And so does he. Your security will only be as good/effective as you make it -- with people in the equation, it gets very difficult.

    • @chibisingh2726
      @chibisingh2726 6 років тому +50

      jfbeam i work for a large multi billion dollar hospital that has secure areas that can be bypassed this very way, the more money they spend the more the forget about the basics and SE.

    • @itsskat3
      @itsskat3 6 років тому +10

      jfbeam it's a joke

    • @sloo6425
      @sloo6425 6 років тому +1

      lol

    • @TheHelghast1138
      @TheHelghast1138 6 років тому +4

      @@jfbeam ever heard of a joke before?

  • @Volvith
    @Volvith 6 років тому +55

    You know, it's these kinds of talks that should blow up in the millions.
    People don't even need to watch the entire talk, people just need to be aware of the fact that there IS a possibility of a security flaw.
    As much as they make it seem, people aren't stupid.
    All they need is a what, the who, why, when and where will follow shortly after.

    • @no-pl6jc
      @no-pl6jc 4 роки тому

      But they are, have to seen what going on in this world 99% of people are fucking dumb.

  • @Shisouhyou
    @Shisouhyou 7 років тому +209

    I used to work security at a factory that had defense contracts.
    If you came in without a badge, you parked in visitor parking, signed in with me (didn't need ID) and then signed in at the main office where they would check your ID.
    Just walk in, "Where is your restroom" and off you go.... or just not go into the office. We only had one guard at each gate, and guards were required to stay at the gates.
    Trying to describe one person to someone else after you have seen 5 other people since seeing them will limit your ability to describe them in detail.
    Trying to track that person down when you only have camera's at gates, is laughable.

  • @dnssigns
    @dnssigns 5 років тому +6

    You can go just about anywhere with a clipboard and confidence. I went into the reactor building when the Crystal River nuke plant was running. Walked all around, took pictures, and left. I walked right past the guard at the door. Drove a 30 foot crane truck up to the door. I had a work order for FL power but I was at the wrong location. I went in looking for a supervisor. Never found one so figured this is cool, I need photos.

  • @arthurmorgan2714
    @arthurmorgan2714 9 років тому +561

    I'm not a hacker or a tech guy of any measure, but I'm so glad I clicked this video. It was eye opening!!!!

    • @Nameless-bp8wz
      @Nameless-bp8wz 6 років тому +9

      yeah its a great talk

    • @maxkordon
      @maxkordon 6 років тому +12

      Good, more people should be aware

    • @kennethevans9371
      @kennethevans9371 6 років тому

      Me too man this is crazy

    • @AverageDoomer69
      @AverageDoomer69 6 років тому +8

      i bankrupted my company after watching this , it was so eazy .

    • @johnjohnson201
      @johnjohnson201 5 років тому +5

      Rabbi Schlomo Ben Goldbergstein Same dude, I just had to wear a hard hat and nobody was any wiser. It didn’t even make sense, since I work in a kitchen. I was able to redirect all of the paychecks to my name, though. Too easy.

  • @eggx-9463
    @eggx-9463 5 років тому +93

    Best job in the world, common sense levels OVER 9000!!!! hotels, banks, and so many other establishments truly do need to empower their employees, obviously teaching ground level security, but also recognizing that nobody working 40-60 hr work weeks for $20,000 a year has a vested interest in the security of the company and that includes the security at the front gate. People that work 6 or 7 days a week are too engrossed in thinking about how to keep on the damn lights, to ever have the thought, "why's that guy been in the bathroom for 2 hours?"

    • @Olivia-W
      @Olivia-W 5 років тому +11

      And even if they are, they rationalize they guy's really sick/working/whatever not my business.

    • @kennethrussell5604
      @kennethrussell5604 5 років тому +3

      I can confirm for sure!

    • @EugeneHoverhand
      @EugeneHoverhand 2 місяці тому

      Why did I have to scroll this far to find this comment

    • @MargoTheNerd
      @MargoTheNerd Місяць тому

      But if you look at it from employers perspective - why pay people more if they'll resort to the same excuses about doing the bare minimum? I can somewhat understand that sentiment in large corporations where individual contribution can go unnoticed longer but how can people expect to advance to higher pay grade when they are unwilling to put in effort to show that they, out of all employees, deserve it? Sure, everyone should earn enough to keep their light on - but that's besides the point in discussion about effort and rarely up to decide for the direct supervisor. If one is willing to put in minimum effort only then how can they genuinely expect more than minimum wage?

  • @TheOneWhoMightBe
    @TheOneWhoMightBe 7 років тому +257

    The comments about creating competition amongst employees is bang on the money. I'm not in IT, just retail, but when you put everyone together doing the same job, we work faster. Seperate us, and less gets done because you're not subconsiously trying to beat someone. Seperating people also means the genuine slackers will be able to get away with slacking off, because their co-workers aren't watching them.
    Years ago we had a team competition to find the most mis-picks: all stock arrived from the warehouse with a picking label. If the label didn't conform to what the product actually was, we removed the label, wrote the correct product reference # on it. Whoever got the most mis-picks at the end of the month (adjusted for hours worked) got a _paid shift off_. Management saw that as a cost, so they stopped us doing it. Result? Stock control is out of control, because no one is checking the stock, and the six-monthly stocktake is a nightmare. What was costing them a few hundred a year now costs tens of thousands in 'unknown losses'.

    • @littlerhino2006
      @littlerhino2006 7 років тому +27

      TheOneWhoMightBe lol so you've seen the benefits of a competitive environment and what a disaster a disincentivised one is, yet you still supported a socialist for President... Come on. Really?

    • @Anvilshock
      @Anvilshock 6 років тому

      separate*

    • @baliktad8
      @baliktad8 6 років тому +30

      Pretty typical upper management thinking. They will step over a dollar to pick up a dime. Company I used to work for ended up spending $50,000 to fix a stamping press, when maintenance told them that if they would overhaul it right away it would cost about $5,000 for an overhaul. Idiots.

    • @simpleman72685
      @simpleman72685 6 років тому +21

      @@littlerhino2006 What Sanders wants to do will make us more competitive. When people are more educated, they can bring innovation. When people are compensated more, they will try harder to be productive. When people are healthy, everything they do is better than if they were sick.

    • @wolfvonversweber1109
      @wolfvonversweber1109 6 років тому +15

      Well, I'm sure the guy that "figured out" how to save those few hundred got a promotion, while nobody is really responsible for "unknown losses"...
      Incentive structures ... what's best for an employed manager might not be best for the company and/or long term, especially when one thing is easily measurable, while the other is not.

  • @youreallinsane
    @youreallinsane 5 років тому +489

    nothing he said sold me on his claim that he's a bad guy more than his open admission that he drinks diet pepsi.

    • @altareggo
      @altareggo 4 роки тому +3

      IS this an inside joke??? Diet Pepsi is EPIC!! Ok Pepsi zero is better but still, as diet pops which aren't Dr. Pepper go, Pepsi is Top Tier.

    • @rolobotoman
      @rolobotoman 4 роки тому

      When he was pissed that bankers got kidnapped TO THIS DAY convinced me.

    • @TheChadPad
      @TheChadPad 4 роки тому +5

      @Frank Snapp This man isn't a sociopath. He clearly has a conscience

    • @blackopal3138
      @blackopal3138 4 роки тому

      Not the haircut?

    • @Tyler_Titus
      @Tyler_Titus 4 роки тому

      @Frank Snapp HUH

  • @SomeInfo-ib3wz
    @SomeInfo-ib3wz 10 років тому +265

    "I'd rather get a thousand false positives because at least I know they are actually thinking about security." Great ideas here. Funny because a lot of the "pro" security guys who spend hours a day double checking all their code-based defenses would be put out of work by employees who just follow basic protocols and think about security for themselves.

    • @HO1ySh33t
      @HO1ySh33t 10 років тому +26

      then these out-of-job "pro" security guys just have to outsmart employers and invent new methods, until the company is forced to employ people like them. This guy even said it himself, he played for both team.

    • @Vicorcivius
      @Vicorcivius 7 років тому +30

      The thing is the regular employee already has a full time job to do, Companies need to stop expecting their employees to do 3-5 separate jobs at once while getting paid the lowest amount possible.
      When companies are willing to pay their employees a fair wage for the amount of responsibility and work they put on said employee, Then and only then will they get the results they desire.

    • @freman
      @freman 6 років тому +16

      Some of us would love it if employees would just follow basic protocols... The number of times I've thrown out the door stop they put under the lunchroom door (which leads from the entire office to reception which is an unsecured area)...

    • @MrSirwolf2001
      @MrSirwolf2001 6 років тому +13

      Scientiae Magicae I cannot agree more. If an employer expects me to protect their million dollar investment (their business) then they need to pay me for it. They can say that they are paying me to do this as part of my job, but it is not going to make me care about their business security one iota more. Also if you blow me off when I do report an issue, then chances are I will never report another and not lose one wink of sleep over it either. I used to work in several high security fields and physical security (and bypassing it) is one of my acquired skills. It is usually surprisingly easy.

    • @KingOhmni
      @KingOhmni 5 років тому +1

      Hmmm. Almost like ever greater centralization at the cost of individual autonomy is detrimental to work flow efficiency.

  • @grendelum
    @grendelum 6 років тому +414

    I was a touring lighting director with a band for 23 years... I could walk past venue security *_every_* time as long as I had some badges on a lanyard, a roll of gaff tape in one hand and a scowl on my face...

    • @harlsy796
      @harlsy796 6 років тому +68

      feels like how agent 47 fits in everywhere, no one wants to mess with the bald guy with a death stare

    • @bitscript868
      @bitscript868 6 років тому +29

      Can confirm, music festival security are either volunteers or contracted workers. I once forgot my badge and the polo/radio combo was enough to get around despite the access control that was implemented.

    • @jincyquones
      @jincyquones 5 років тому +19

      Same with the film industry. There are "day-players" on set literally all the time so there are always unfamiliar people around, and it's generally organized chaos as it is, especially big and/or on-location shoots. As long as you don't look blatantly shady, everyone just assumes you're supposed to be there. A walkie with an earpiece and maybe a badge and people will assume you're a production assistant, and you could get away with a lot.

    • @tixtix2468
      @tixtix2468 5 років тому +5

      I can still do this at many places

    • @shniblob
      @shniblob 5 років тому +15

      @@jincyquones Lol I've done some work as an extra and half the time i was supposed be on set ready for the next scene , I just pretended I was in a hurry to wherever I'm supposed to be, sneak behind the back studio light, out the door and go nap or get a sandwich. Was even easier to sneak back on set even in scenes I was pretty visible there were tiny continuity errors in the background cause I was there and then suddenly not and then back.

  • @daviddunmore8415
    @daviddunmore8415 4 роки тому +9

    Regular security awareness training for ALL employees is essential. With realistic tests. One office I worked in lost a couple of dozen desktop PCs (including screens/keyboards & mice). two men in warehouse coats and a trolley just walked in unchallenged and took the computers.

  • @dogdriver70
    @dogdriver70 5 років тому +372

    Install a million dollar security system, contract with a security company that pays $11.50 an hour.

    • @cheery-hex
      @cheery-hex 5 років тому +16

      exactly lol If they paid 50 grand starting they'd get some quality guys

    • @jimblaszczyk185
      @jimblaszczyk185 5 років тому +20

      Yup if you really want to keep a good employee as in lock in step and keep vigilant every day the pay must equal the risk...I work for a major power company and for real if I wanted I could cripple most of the city for weeks... reason I don't??? THE DECENT WAGE AND BENEFITS THAT I HAVE!! BLOOD SUCKING TOP DOGS WITH MILLIONS TO SPARE DONT GET IT...YOU CANT BUY LOYALTY BUT YOU CAN DAM WELL RENT IT IF YOU PAY A MAN THAT KEEPS HIS HEAD UP HIGH....YOU PEEPS AT THE TOP NEED A LESSON FROM THE OWNER OF DACATTE....NOT SPELLED RITE BUT TRUST HE CARES AND SHARES....OR OLD SCHOOL JAMES CASH PENNY...MY IS CLASSIFIED AS MOST DANGEROUS IN U.S. AS OF THIS YEAR... EMPLOYEES CAN DESTROY YOU...LOOK WHAT HAPPENED TO FORD YEARS BACK WITH THEIR DIESEL MOTORS OVERHEATING....IT WAS A TEAM OF EMPLOYEES THAT DID BECAUSE THE COMPANY CUT THEIR WAGES...THING IS THEY CUT THEIR OWN TROUT LOOSING MILLIONS ON A CANCELLED CONTACT...YOU GETTING IT YET RICH OWNERS???...

    • @RogerBarraud
      @RogerBarraud 4 роки тому +8

      @@jimblaszczyk185 Shouty poster is shouty.

    • @jimblaszczyk185
      @jimblaszczyk185 4 роки тому +1

      @@RogerBarraud what don't you get?

    • @wesidk5662
      @wesidk5662 4 роки тому +10

      Most security guys ik at low levels get drunk and high on the clock and never report anything that's not super extreme

  • @Ye4rZero
    @Ye4rZero 10 років тому +403

    "Look, I stole your shoelace, and tied a coffee cup to the end of it. Now I've got a deadly weapon."
    This is Star Wars Kid grown up.

    • @SeanHellOMG
      @SeanHellOMG 6 років тому

      Actually that kid killed himself. Js

    • @AnonymousUser77254
      @AnonymousUser77254 6 років тому +17

      Sean Hell Is God No, he's alive and in Law School.

    • @lillyanneserrelio2187
      @lillyanneserrelio2187 5 років тому +4

      wow he lost a lot of weight. I knew there would be a silver lining to the business decision to cease production of Twinkies (at least until next year's board meeting when they caved to the many THREATENED hunger strikes (none of the fatties err fans actually went on a real hunger strike)).

    • @Iheartdgd
      @Iheartdgd 5 років тому

      Lilly Anne Serrelio LoL

    • @mayankraj2294
      @mayankraj2294 4 роки тому +1

      .

  • @dynagaming2693
    @dynagaming2693 Рік тому +3

    I work as a fork truck technician, and the amount of times I've accidentally went to the wrong warehouse (since a lot of industrial parks have warehouses grouped together and subdivided) and they literally let me walk the facility looking for the particular brand of trucks I service is astounding. I was literally able to pull my service van directly into a facility which processed / stored ammonium nitrate. We're talking about a quantity that would make Timothy McVeigh blush. Coincidentally one of the most secure facilities I've ever been to has been a factory that makes PVC siding for houses. You were not allowed to even come inside without an escort, you had to turn in your electronics before servicing a truck, and your van was thoroughly searched before leaving the property. I understand that in a lot of these places the employees simply want to be helpful, but there are tons of bad actors out there who are looking for exploits, and that's to harm others / commit corporate espionage.

  • @itchykami
    @itchykami 5 років тому +46

    Just a guess: a lot of this might be harder with smaller companies, where people have a better chance of knowing what's going on around them. Where everyone kinda knows eachother, and they don't feel like just a cog.

    • @williamallen7836
      @williamallen7836 Рік тому +1

      Nope. Works just as well. Sometimes you need a slightly better back story, but only slightly better. Lol people are people, and unless you train them they won't behave correctly. I should realy say untrain thier bad habits, and train good habits. As a society we have been doing something that has gotten many people killed. That is, don't stigmatize the weirdos, don't make the weirdos feel like they are weird. #1 that's a good way to end up dead, #2 it psychologically makes the somewhat normal looking bad guys, look innocent in our minds. We need to stop treating the abhorrent as normal, and reestablish boundaries.

  • @paulmoore7064
    @paulmoore7064 4 роки тому +6

    When I was eighteen, I got a job as a laborer at one of the main Midwest railroad terminals. I soon discovered that my work clothing was disguise enough to let me wander over the entire yard unchallenged. In college, I stuffed the strike plate in the rear door of the field house with toilet paper to keep the latch from engaging, and snuck in to use the weight equipment after hours.

  • @Joichard
    @Joichard 10 років тому +436

    Wow, this dude's fucking hardcore.

    • @EdmondDantesLeComte
      @EdmondDantesLeComte 9 років тому +40

      I think that your simple statement sums up this man better than anything I could ever think up. LOL Really, what a hardcore dude. He actually gives off the "I'll fuck you up" vibe, which is sooo rare for a "good guy" to have.

    • @neversurrender5798
      @neversurrender5798 9 років тому +26

      EdmondDantesLeComte The best part of it is that unlike a lot of pentesting talks I've seen, he isn't going after obscure angles or doing things that are overly technical. What he's doing has more realistic expectations of being used as a true attack venue.

    • @rixsta1256
      @rixsta1256 9 років тому

      EdmondDantesLeComte kinda guy that plays bad ass with u, then gets ur ass locked up. Fk guys like this

    • @Croix1
      @Croix1 9 років тому +16

      Birmingham Man Rixstaa ya fuck him for trying to stop people from breaking into places.

    • @TheReaMrBurntSausage
      @TheReaMrBurntSausage 9 років тому +8

      +Joichard how hard would it be to start up a hobby of asking companies if they want to test their security and then do something like this with their consent?

  • @EUGENKECK
    @EUGENKECK 2 місяці тому +1

    This was the hardest intro to a defcon talk I've seen so far lmao

  • @jamesmccallum1248
    @jamesmccallum1248 8 років тому +464

    Weird...same thing ahppened to me in a Hxxx Kxxx Police Station when I went to report a theft. I couldn't find that dang bathroom for ages. Found the evidence room, but.

  • @danielmace406
    @danielmace406 5 років тому +46

    "Or seven minutes of uncomfortable silence, your choice" this guy kills me

    • @gonun69
      @gonun69 5 років тому +9

      Only if you pay him.

  • @MiXzZiLe
    @MiXzZiLe 8 років тому +220

    One of my favorite Defcon talks, at least one of the most interesting.

  • @tonygville2969
    @tonygville2969 4 роки тому +3

    Working in the hotel convention industry for 20+ years, I have learned that if you pretend that you Belong There, you will probably get in. I've done it many times. True story ✌️

  • @menkio
    @menkio 10 років тому +83

    wish this guy had more videos, talks, etc... so good.

  • @katden220
    @katden220 5 років тому +2

    My son was into the defcon group. He and his wife and my grandgirls went to Las Vegas quite awhile back. He flies me there to watch the kids while they attended defcon meetings. I asked him at one point if there was a at. Close by. He said yes, but don't use any of them and laughed. He told me to go to one of the big hotels to use them. On the TV in the condo it had stream down on the bottom of screen of how many hacks they were accomplishing. It was a very interesting weekend. Before then I never knew something like Defcon existed.

  • @francez123456789
    @francez123456789 9 років тому +144

    It's like 3am and I havnt slept in a couple of days but I want to hear more from this guy! He's awesome!

    • @amor76
      @amor76 7 років тому +2

      Daud A. x
      I think we lost him

    • @wannanda
      @wannanda 7 років тому +1

      you alright Kinzuko?

    • @amor76
      @amor76 7 років тому

      Ridwan Sunandar why?

    • @wannanda
      @wannanda 7 років тому +1

      I meant Kinzuko since he havent replied since 1 year ago. last i saw him havent had slept for couple of days.

    • @amor76
      @amor76 7 років тому

      Ridwan Sunandar I meant why would you revive this thread

  • @Yora21
    @Yora21 4 роки тому +4

    I actually had a stranger walk up to me in a non-public area at work and ask if he I have the keys for our delivery truck, mumbling something about being a friend of the boss. (While I had a guess that they might be lying around in plain sight just 10 meters from us, I send him to the office and ask there.)
    Turned out he really was a friend of the boss, who had offered to sell the truck and told him to come buy and take a look at it. Such things really happen, which makes apparently stupid lies feel actually plausible.

  • @Disrupted_SP
    @Disrupted_SP 5 років тому +24

    This reminds me of one time when I was at a supermarket and two suits (owners) were right next to me talking about investment (and one employee also 1 meter away) and I absent-mindedly put a pack of gum in my outside jacket pocket in order to hold down some items while I opened a refrigerator section door. Only noticed I had it by the end of the day when I took my jacket to get home (went back and explained to the cashier and paid them). Even if unintentional, somehow I had stolen goods right in front of the owners and they didnt even notice it. I think it was likely because of how natural I did it while holding other stuff, which I guess goes a long way. This guy acts naturally, and that throws people off.

  • @usern4metak3ns
    @usern4metak3ns 4 роки тому +39

    i love how this showcases just how safe and unsafe we all truly are. we could be infiltrated/hacked/poisoned etc... everyday, but we arent... wonder why that is. because not everyone or even the majority of people WANT to attempt to do these things. most just want to exist and be happy and enjoy life as much as possible.
    good wolves need to unify and take out the bad wolves lol

    • @AnonyMous-pi9zm
      @AnonyMous-pi9zm 2 роки тому +2

      This kind of terrorism just isn't what we face these days. We have so many more visible attack vectors, walking into a school or movie theater with an AK-47 because you hate the world, hijacking a plane to kill a bunch of people and instill fear, calling in a bomb threat to get out of your test that day, etc, those vectors are much more visible trying to find an unlocked mechanical room after procuring napalm.
      It's the kind of attack that you'd need to be a part of a much larger network. Think IRA during The Troubles in Ireland. They were doing semi coordinated terror attacks on the daily all across the country, you never know where they'll strike next. Small cells using the same tactics to create a much larger group. Sure, you could kill 20 people in a hotel by setting fire and turning off the fire alarms and sprinklers, but that isn't too impactful on its own, you'd need dozens of them across the country to spark true fear by identifying a pattern.
      Hotels aren't symbolic targets like sports stadiums or airports, and those targets are generally very well protected. Not perfect, but far better than a hotel.

    • @usern4metak3ns
      @usern4metak3ns 2 роки тому +2

      @@AnonyMous-pi9zm well that target of terrorism is often the point of the attack. Take the towers for example, most want to argue whether.or not jet fuel can melt steel. It can't but that's not the point.
      The towers held a lot of physical financial records and the building was old. So ny profited by getting rid of some old buildings and old records.
      Rarely are coordinated terrorist attacks just random, usually they are strategic or financial targets.

  • @71dembonesTV
    @71dembonesTV 9 років тому +62

    This guy is good; another one of those people I'm glad is on our side!

    • @nikkoss1128
      @nikkoss1128 9 років тому +5

      +71dembones Not my side

    • @71dembonesTV
      @71dembonesTV 9 років тому +8

      +nik mc excuse me for speaking out of turn. I suppose you're a lone wolf of some kind. not sure where you're coming from but you took time out of your busy day to comment so I'll return the favor. do you care to explain why he's not on your side or do you simply enjoy being a contrarian? are you someone who benefits from security breaches??

    • @texasdeeslinglead2401
      @texasdeeslinglead2401 8 років тому +2

      +71dembones you've been trolled, lol

    • @71dembonesTV
      @71dembonesTV 8 років тому +2

      +texasdee slinglead yeah i guess so

    • @cosmonaut379
      @cosmonaut379 7 років тому +1

      texasdee slinglead that's not being trolled ....

  • @90fif
    @90fif 4 роки тому +2

    A PERFECT EXAMPLE OF WHAT I SAY.....JUST BECAUSE A PERSON IS NICE, DOESN'T MEAN THEIR GOOD!

  • @jfan4reva
    @jfan4reva 6 років тому +4

    2018 - We received an e-mail recently telling us not to STORE printouts with confidential information IN TRASH CANS (we all have locking file cabinets and we have a shredder on every floor.)
    After someone hammered the lock (from the outside) and broke the panic bar on the outside stairwell door, they replaced the door,,,12 months later. During that time they put a sign on the door telling the employees to make sure the door closed behind them. This door is six feet from the server room door. We are a billion dollar organization, yet it took them a year to fix an external security door....

  • @JasonMTuftsify
    @JasonMTuftsify 5 років тому +2

    I always loved re-listening to this Defcon talk. Just myself working as a Technician this hits hard as I've seen many people just get "let in" to areas because they "look like they should be there". This has always urcked me, and when I have a security let me into a badge area, or verify my credentials on the phone before unlocking a door it makes me so happy.

  • @ObservantPiratePlus
    @ObservantPiratePlus 5 років тому +57

    The problem in security is usually somewhere between the keyboard and the chair. Every time.

    • @geraldwebster9426
      @geraldwebster9426 5 років тому +4

      PICNIC .... problem in chair, not in computer, hehe

    • @DeathBringer769
      @DeathBringer769 5 років тому +5

      PEBKAC - Problem Exists Between Keyboard And Chair
      That's the one I always heard back in my Computer Science schooling days, lol.

    • @JoshSweetvale
      @JoshSweetvale 5 років тому

      Well, yeah. You can't remove that problem, only minimize it.

  • @lilolmecj
    @lilolmecj 5 років тому +2

    I worked as an RN, very few hospitals ever offered enough lockers or other secure place to put a purse, or even a set of car keys. Even after having an employee steal, and outsiders come in and take purses, no action was taken, three different hospitals.

  • @KingJellyfishII
    @KingJellyfishII 4 роки тому +6

    "I don't care about an ISO unless it's got linux on it" I cant tell whether that's a compliment to linux or an insult

  • @globalbridges8570
    @globalbridges8570 4 роки тому +1

    Everything you have pointed out shows that ultimately we still trust each other to not destroy other peoples sleep or lives, just because you figured out to do it.

  • @roidroid
    @roidroid 10 років тому +43

    27:20 Back at a corporate lawfirm i worked for, their shreading was done out-of-house, they had these locked wheelie bins that anyone could put paper into through it's post-box style slot, they'd get taken away every day/week/month/dunno. Seems secure enough.
    But now that i think about it... these locked wheelie bins were put right next to the service elevator doors (ie: deliveries). Any delivery man could walk out with one of those wheelie bins. Whoops

    • @frother
      @frother 6 років тому +9

      We have a wooden cabinet with a lock and a slot, and a shredding company opens it up and takes away sensitive documents periodically. Except the lock is a bullshit dinky little tubular lock and it doesn't matter anyway because it's *fucking wood* and anyone could rip it apart with a prybar or any kind of leverage at all

    • @sarge1176
      @sarge1176 5 років тому +2

      @@CB3ROB-CyberBunker Outsourcing coffee making... does the name "starbucks" mean anything to you? :P

    • @frother
      @frother 5 років тому +2

      @@CB3ROB-CyberBunker do you think buildings are heated by coal or something? You can't just have a shit ton of paper ash accumulate in a natural gas furnace

    • @CB3ROB-CyberBunker
      @CB3ROB-CyberBunker 5 років тому

      @@frother any self respecting building should have some sort of autonomous heating system that works without external suppliers, which might as well just destroy the documents and other garbage when not strictly needed for tactical or heating purposes (in summer just direct the waterpipes to radiators on the roof).

    • @CB3ROB-CyberBunker
      @CB3ROB-CyberBunker 5 років тому

      the 'nice' bit about central heating is that the waterpipe doesn't care wether it runs only through your oil or gas or electric heaters, or wether there are also some coal/garbage/document burners installed in your basement right next to them on the same pipe and expansion vats.

  • @G4rr3tt
    @G4rr3tt 6 років тому +2

    Although at first glance dated, the info in this presentation is even today still very valuable. And Mr. Jayson can, next to being a very strong speaker/presenter, best be described as a highly versatile, inconspicuous security endboss!

  • @0ne0fmany
    @0ne0fmany Рік тому +7

    After all these years, this is still my favorite stand up comedy show.

  • @jasonmcmurry1281
    @jasonmcmurry1281 5 років тому +56

    Guy walks into a secured facility bearfooted, wearing pajama bottoms, sporting a mohawk and carrying a 2ltr of soda.......meh, no issues.
    Wait, hold on.........is that DIET pepsi??!!
    !!ALERT!! !!ALERT!! !!ALERT!!

    • @whackyjinak4978
      @whackyjinak4978 4 роки тому

      Jason McMurry not a mohawk, it’s a mullet with the sides shaved.

    • @TheChadPad
      @TheChadPad 4 роки тому

      @@whackyjinak4978 I don't think what distinguishes a mohawk from a mullet is simply whether it's spiked up or not. The native americans certainly didn't spike up their mohawks

    • @whackyjinak4978
      @whackyjinak4978 4 роки тому

      The Chad Pad I said nothing about spikes, it’s just not a mohawk.

    • @mikedun8882
      @mikedun8882 4 роки тому

      Lol.great

    • @whackyjinak4978
      @whackyjinak4978 4 роки тому

      Fred Flintstone Some kind of new dinosaur maybe?

  • @chaz706
    @chaz706 9 років тому +705

    Remember the kittens

    • @SuperAntichicken
      @SuperAntichicken 7 років тому +15

      If not for this comment I would forget all the kittens and think this was just some baddy.

    • @MajkaSrajka
      @MajkaSrajka 7 років тому +6

      That what the bad guy would say.

    • @__-yu2mz
      @__-yu2mz 4 роки тому

      @@MajkaSrajka y do good girls like bad guys?

  • @sippycupsamurai669
    @sippycupsamurai669 6 років тому +2

    A uniform, no matter the uniform is ridiculously powerful, nobody questions it.
    I was a Delivery driver for a couple years and I laughed at how easy it would be to get into places. I walked up, said I had an order and the gates would open right up. Then go wherever I want from there. I remember delivering to a hotel once and just walking to the counter and telling them to page them and she just said "Oh she's in room 111". I've walked into employee entrances because I wasn't real sure what else to do other than that and the security guard let me right in. Same with several other companies, with my own chaueffer

  • @ronaldckrausejr7762
    @ronaldckrausejr7762 6 років тому +8

    Some people refer to it as low hanging fruit.
    I refer to it as *the weakest link*
    Ever worked for a company and spotted one (or possibly one per hour) of those weakest links? Ever been a visitor to one of those companies? Just how critical is that company? How many people does it employ, ho much per year does it make, how much credit do they have?
    Could it be something just a bit more critical? A hospital, key infrastructure, a major government contractor?
    If you are seeing it as a non professional, or even a semi-professional... Then imagine who else is seeing it. What would your competition do? Would they ever try to knock your company out from being the competition, or damage you enough to make you want to walk away?
    Every company and employer is effected; from just a few employees to the top of the Fortune 500 - and then some. For those anywhere in the Fortune 500 or any publicly traded company...
    The worst enemy is one that you cannot see, one that you will never see. Imagine someone just slipping into a company, and then not doing one item of visible dame to it - ever. They just sit back and watch. They will make money just sitting back and watching

    • @voidofspaceandtime4684
      @voidofspaceandtime4684 5 років тому

      @FatherBootyHands The guy in the video? His job is to expose major security flaws in businesses by sneaking in and acting like he belongs, installing his bugs, and stealing stuff, then returning to the guy who hired him and presenting what he got out of it and the many flaws.

  • @redtails
    @redtails 5 років тому +4

    As much as I support this person, there's nothing worse than being treated suspicious when you're not. At some point my electronic badge stopped working at the company I work for. I couldn't access restricted areas. I sent a request to get a new badge, which would take a few days. In the mean time I borrowed badges as work just goes on, right? And fuck I was being looked at by everyone. Dude I come here every single day, just let me in. Those days I did find out shortcuts to almost everything so I didn't need to borrow badges as often. Putting a handkerchief between an electronically locked door blocks the lock from engaging XD

    • @revenevan11
      @revenevan11 Рік тому

      Wow it's neat seeing you comment here lol, I subbed to you years ago after listening to some Demetori on your channel!

  • @TheKutia
    @TheKutia 7 років тому +23

    Watching this remided me of something
    I work as a lumper for a small albertsons warehouse branch, sometimes i transfer over to a winco warehouse. The first time i went over there they didnt know i was coming i offered to go for more hours
    I drove up to the gate (im a idiot they told me to go to the front for employes..) buuuuut i went to the back because i was lost and really close to being late
    right behind a semi truck. the stopper came down, i stoped
    the gard just looked at me (i didnt have a vest on, just a black hoodie) and opened the gate. Now they have RFID tags for the lumper team i work for, my card for alberstons doesnt work at winco
    So, I waited tell a lumper came out and asked him to let me in. Still, no vest on or anything
    i just said i was here to help from the other branch...... It never donged on me that i just got in there without saying my name, or any form of proof...... i just got in...

    • @Lavarusity
      @Lavarusity 6 років тому +4

      How do you look like? Hair color skin color? Im Interested because I dont look European (half German/Mexican) and I am interested if this would work for me.

    • @christopherschafer6455
      @christopherschafer6455 5 років тому +1

      heh, it "donged" on you?

    • @kennethrussell5604
      @kennethrussell5604 5 років тому +1

      @@Lavarusity sorry it wouldn't work for you as it wouldn't for me either..

  • @StereoSpace
    @StereoSpace 4 роки тому +2

    40 years ago I worked at a defense contractor who was a USSR's *number one* infiltration target. I recall a security awareness briefing where the security head said (even then) if someone is in our facility and has access to data there is no way to keep them from walking out with it. None. There are simply too many methods that are effective at recording and concealing.
    The only solution that is effective is comparmentalization to 'need to know'. Find those things that are truly secret and limit access to them to the smallest group of people possible, and make sure any processing equipment used is not connected to a wide area or unsecured network. Otherwise, it's going to be found and stolen.

  • @Dakarn
    @Dakarn 6 років тому +28

    This guy would love my boss.
    Boss gets an email. Email says it's from someone else in the company. Boss knows this person, and has their number in his cellphone. Email has a file attached, and corporate had warned not to open any attachments from unknown sources. This person had alerted corporate that his computers had been compromised, and don't open emails coming from his email address. Boss doesn't know what to do. He has a meeting coming up, and this person has information he needs. He doesn't call the person on his cellphone to confirm he actually sent the email.... he *replies to the email* asking the sender "is this you? Is it safe to open the email?"
    *facepalm*
    Everyone can guess what happens next...
    The hacker replies "Yes, it's safe to open the file."
    So the boss opens the file, and gets infected with malware.
    The look I gave him when I heard the story....
    THE LOOK I GAVE HIM.....
    Imagine looking at someone that does something so *stupid* and you look at them with a bewildered look on your face that can only be described as "How the fuck did you even get this job?!"

    • @bradleyboisselle1292
      @bradleyboisselle1292 5 років тому +4

      r/thathappened

    • @JoshSweetvale
      @JoshSweetvale 5 років тому +1

      These are the people who make the big bucks. Who get treated for cancer. Whose kids get educated.

  • @MatthewMiller-u8r
    @MatthewMiller-u8r 4 місяці тому

    I own my own camera and network security company, I have worn many hats, like worked for AT&T/Comcats/Xfinity(Same company, different shirts) and many times, I walked right through metal detectors, with police and security around, because I was there to fix something. All I did was hand them a work order, It was never confirmed and I walked through with my tool bag. This is one instance and I have so many more! I have always stated the same message you are stating, as I am going back to school for Cybersecurity. It is time to fix the basics! Most hackers are attacking our lazy past.

  • @notmuch_23
    @notmuch_23 6 років тому +26

    Two truth bombs that will undo every single one of those security measures:
    1. Normalcy Bias
    2. Nobody's job is worth _dying_ for (intruder draws a pistol on the employee challenging them)

    • @farmerboy916
      @farmerboy916 5 років тому +2

      1 yes which is why it's hard and requires constant effort, 2 that sort of thing is easier to get responses to and will quickly get law enforcement involved more than just some corporate espionage/ sabotage that you may not know happened.

    • @aviaviavian
      @aviaviavian 5 років тому +5

      The main thing he is discussing is that you don't //need// the gun to get in. Just the right clothes and some decent props and boom, you are in.
      He was literally defcon tagged, skull and crossbones, with a clipboard, and he was let into a secure facility.
      He didn't need a gun.
      He was walking around Malaysia, a hotel, spoke to the manager about cords or wi-fi, in pajamas, and wasn't questioned. At all.
      It's not a matter of flashy. It's a matter of complacency.

  • @craig3714
    @craig3714 4 роки тому +2

    This explains how organized crime & gangstalking , community mobbing and hackers well . This very interesting and disturbing at the same time ! Nice to know he's an honest criminal though. This video is really educational I needed to see this !

  • @gregedge3909
    @gregedge3909 10 років тому +162

    the Kenny Powers of office security

    • @Ye4rZero
      @Ye4rZero 10 років тому +4

      THAT'S WHO HE REMINDS ME OF! Awesome call

    • @bkl8804
      @bkl8804 7 років тому +3

      Grèg Ëdgé u nailed it brah

    • @PapaKakaes
      @PapaKakaes 7 років тому +3

      Grèg Ëdgé Kenny fuckin Powers

    • @TRUENEPHILIM1
      @TRUENEPHILIM1 5 років тому

      That's fucking hilarious

  • @aaronpitts5127
    @aaronpitts5127 5 років тому

    I wasn't going to watch the whole thing but it's almost IMPOSSIBLE not to watch this train wreck. Well done. EVERY company needs a visit from this guy.

  • @Decentralized_Maze
    @Decentralized_Maze 4 роки тому +4

    It's 2020 when I found this video. It's still as relevant today as it was in 2012. Great presentation! 👍

  • @royyoung9355
    @royyoung9355 4 роки тому +1

    I want to work for this Man....his philosophy and motive of operation are exquisitely effective yet simple.

  • @gabeslist
    @gabeslist 7 років тому +5

    this was the most eye opening video on security and hacking I've ever seen.

  • @BitsofSkin
    @BitsofSkin Рік тому

    This is very similar to an article I read in 2600 years ago.
    It was about a guy in an airport causing havoc.
    I liked this presentation. Even though it’s old.

  • @jek__
    @jek__ 5 років тому +10

    4:49 "Its not that I'm that great, it's that our security is that weak" I would think teaching people this lesson is a large portion of why many ethical hackers hack

  • @disaidra
    @disaidra 6 років тому +2

    I work at a company with a lot of sensitive information. This really hit home. Everything is getting locked in my drawer tomorrow. Even my pens.

  • @afilina
    @afilina 5 років тому +9

    What I do if I forget my access key to a building is to read an e-mail on my phone. As soon as someone opens the door, I frown while still staring at my phone, as though some work-related emergency just came up and then walk in without making eye contact. This works every time. I never used it to get into places where I'm not allowed, but it's scary to see how easy it is to get into places. People are afraid to get in the way of someone who seems busy with something. God forbid they disrupt someone's important work!

  • @wildonemeister
    @wildonemeister 5 років тому +1

    That is one of the best talks I've heard. He did a lot of preparation for that presentation regarding it's content. That was simply awesome.

  • @Volvith
    @Volvith 6 років тому +42

    "People don't expect bad things to happen..."
    And then there's me, I don't fucking trust anybody unless i know their name.
    Which, even if I've met you before, I will NOT remember your name the first 2 months I know you, yes, my memory is that bad when it comes to names.
    Reason: My first internship was at a company I won't name right now, because the name doesn't matter.
    They were a manufacturer of installation equipment (think boilers, expansion barrels and the like), emphasis on 'were' for reasons later discussed.
    What happened is that they'd been hiring a lot of new people with low level education as of late, in order to help out with machine transport, welding, bolting, etc, as they just finished and opened a new hangar-wing (Don't know the exact english translation, but you get the point.).
    A lot of really nice, and really good people, they did a bunch of work that would've taken weeks longer than with just the maintenance personnel originally present.
    So... one day we open up shop after a holiday, which is like the one day we'd halt production, and we immediately see the desk PC's missing.
    Everyone is just standing around whipping their dicks on a drum saying shit like "Huh, that's weird, i could have sworn it was there yesterday...".
    My boss instantly snaps and just sprints upstairs to the offices, and we hear the loudest 'fuck' we've ever heard.
    Everything was gone.
    I mean everything, server racks were pulled clean, computers were gone, blueprints for products, valuables and other things were taken out of the vault, which was opened as anyone would have, with the fucking combination, no sign of a break in or anything like that.
    In the following 10 ish minutes we just roam about the building, and it was hollow, not a cable left in sight.
    It wasn't a robbery or a normal raid, they took their time and cleaned the place out.
    Those 10 minutes were the last of my internship there.
    Luckily someone in the IT department with half a brain had, about 2 years ago, suggested to use security cameras which stored off-site, in case, you know, _someone would take the entire security server rack with them,_ and we had the guys who did it on tape.
    The thing is, there are a few people that knew them, the offenders, by their first names, like 6, out of the 70 odd people working there.
    Everyone had a different description of what the fuck they were doing at the company, and everyone's reason for trusting them was "Well, i mean, Johnny trusted them, and he's an alright lad, so they seemed fine...".
    In the end they went to prison, but the equipment was cloned, sold off, handed out or destroyed.
    The damage was done.
    Jayson here, in this talk, was absolutely right.
    People don't expect anything to go wrong until shit goes wrong.
    The company went downhill from that point forward, losing clients because of trust issues, competitors tapping into their designs, production downtime...
    They lasted for about 6 years after the raid, and had to close their doors last year.
    Is this a worst case scenario?
    Abso-fucking-lutely.
    But that day taught me a lesson, be it a good or a bad one:
    *Never blindly trust anyone, and fucking. ask. questions.*
    Sure, you might annoy the people you're questioning, but is that really such a bad thing considering who you _could_ be talking to?

    • @JoshSweetvale
      @JoshSweetvale 6 років тому +1

      Not my job and not my problem. If being nosy (and thus annoying) gets in the way of getting paid, then clearly the boss actively wants me to not give a shit about thieves.

    • @JoshSweetvale
      @JoshSweetvale 6 років тому

      @@realKenM Money is god. It's healthcare, it's food, it's a roof over my head. Fuck you.

    • @tradecrypto3653
      @tradecrypto3653 6 років тому +1

      Could you have summarized your book any better?

    • @MrFunkhauser
      @MrFunkhauser 6 років тому +2

      So if you caught onto this scheme you think the company would have given you a massive bonus? Probably not. As far as I have seen there are absolutely no incentives offered to employees to catch this kind of stuff unless your job is tied to security.

    • @slave138
      @slave138 5 років тому +1

      @@MrFunkhauser 6 years later *all* of their jobs were lost, so their jobs were tied to security. It's just a matter of short-term vs long-term thinking.

  • @TransistorBased
    @TransistorBased 2 роки тому +1

    I work with a defense contractor and EVERYTHING is duplicated to paper. I've noticed some lax security stuff so I am tempted to try and bring some of it up at some point but they're never gonna get away from the paper trails. I'm still new so I don't have much say at all, but some of it seems a little concerning. I haven't dealt with anything super secret but we do see some stuff that we're advised to not really talk about, so better basic security stuff seems like a good idea

  • @kebman
    @kebman 8 років тому +98

    Title sounds like an average session in EVE Online. :D

    • @jovi___
      @jovi___ 7 років тому +19

      I'd join that fleet in a heartbeat.

    • @ishashka
      @ishashka 5 років тому +12

      Most EVE corps have much better security awareness than the average real life company. Probably mostly because you cannot shoot any unknown guy who approaches your front desk irl.

  • @aaronbrungardt1527
    @aaronbrungardt1527 6 років тому

    I think realizing about how vulnerable our security is becomes a proof of how there are very very few bad malicious people in the world. There are so many opportunities to commit selfish harmful acts all the time, everywhere and yet we live in arguably the greatest time in human history.

  • @TheAnon03
    @TheAnon03 7 років тому +36

    I should look into getting a job testing security, the number of passcard/code locked ID doors I've walked through over the years....

  • @sushimamba4281
    @sushimamba4281 2 місяці тому +1

    Some years ago I went to visit a friend in hospital. I was well dressed that day, wearing white pants and a white short-sleeved shirt and was carrying a clipboard, as I'd just been visiting a nearby architect on business. I found it surprising and amusing that hospital staff automatically assumed I was her doctor (they actually asked if I was)- simply because I looked the part and was carrying a clipboard and a pen.

  • @bimmer4011
    @bimmer4011 5 років тому +27

    "Social Engineering" is and old CIA/Psychological term that referred to changing societal thoughts to align how you want.
    This term is often used instead of "Phishing emails" or "phishing phone calls" where people pretend to be someone they are not in order to get your personal information.
    Social engineering is alive and well in USA but not in the way your being taught today.

    • @hairystyles4212
      @hairystyles4212 4 роки тому +1

      My buddy just got sim port hacked, someone almost got all of his money pretending to be him on the phone with his cell phone carrier.

    • @Lizardkingmediaproductions
      @Lizardkingmediaproductions 4 роки тому +2

      Yeah I can't stand how they use that term now. I think of Operation Mockingbird when I hear Social Engineering. What they're talking about it physical network security.

  • @securemindsetofficial
    @securemindsetofficial 4 роки тому

    AS a security professional myself this guy is my best friend and worst enemy!

  • @mikefister5810
    @mikefister5810 7 років тому +55

    well now we are on a list for watching this

    • @petti78
      @petti78 7 років тому +31

      You are on all kinds of lists for all kinds of things you will never know about.

    • @Make-Asylums-Great-Again
      @Make-Asylums-Great-Again 7 років тому +8

      It is appreciated.

    • @BuddyLee23
      @BuddyLee23 5 років тому +3

      It’s the opposite. Most people are so inconsequential they aren’t on any special lists.

  • @davebutler3905
    @davebutler3905 4 роки тому +1

    My invisibility cloak is a toolbox and overalls. But the very best is a mop bucket and cleaning gear.
    The truth is we rely on honesty and good will.
    When it is gone, we are stuffed.

  • @chaz706
    @chaz706 11 років тому +5

    The assumption everyone makes: Every system is secure.
    The Truth: No system is secure from a determined attacker.

  • @bigelk0
    @bigelk0 6 років тому +1

    I really like how he breaks everything down!! Need more like him.. and I know exactly what he means when they let you in. I live in NYC. So I know...

  • @Joe_Goofball
    @Joe_Goofball 5 років тому +8

    Your mentioning the theft of docs left on printers reminds me of a time that I was able to get incredible revenge on crooked employers who were so arrogant and certain that no one would ever catch them, that they often left damning documents lying on printers or on a desk with a fax machine through which the docs had been sent. The more spectacular doc was from the executive veep of the western division sent to my immediate superior warning her that the revenues for that quarter fell short of her being able to be paid a bonus. He explained to her that corporate would, at the beginning of each calendar year, pre-pay the company participation in all of the benefit programs that long-term employees had signed up for (For example, our medical/dental plan cost $540/month. Employees had $20 deducted from their pay every week--the company prepaid $500 x 12 months into an escrow account for each employee. If the employee signed up for the 401k, the employee contributed 5% and corporate contributed a lump sum of 8% of the employees pay from the previous year--any adjustment of course would be made as needed at the end of the year--and there were other benefit programs, too).If that employee left the company for any reason before the end of the calendar year, the unused portion of the his/her escrow account would be applied to the operation's bottom line for that quarter to help defray the cost of recruiting and training a replacement--and, best of all, it could tilt the revenue picture in favor of the manager in search of a bonus. The veep bragged that he'd fired many an employee when he managed one of the company's publications in Seattle just to make certain he got his bonus. I lifted that email right off of the printer and faxed it to my home from the company fax machine right beside the printer. That document and a host of other equally damning documents including which national advertisers were being overcharged for a fictional product were eventually mailed to the legal dept.of the main corporate office in Iowa--not the western division in Washington state. Within two weeks, the president of the western division--appropriately named "Dick"--his executive veep, whose name was rather similar, and a gaggle of underlings were all terminated, including one based out of our office in the SW US--his job was to figure out why there was so much turnover at our operation. I still smile whenever I remember that..

    • @kennethrussell5604
      @kennethrussell5604 5 років тому +1

      I smiled just reading it, ya big hero! Me an my coworkers could use your help lol but seriously

    • @Joe_Goofball
      @Joe_Goofball 5 років тому +1

      @@kennethrussell5604 Keep your eyes and mind open--crooks, especially arrogant crooks who think themselves intellectually superior to their employees are bound to slip up. Good luck!

  • @Axiom2.0
    @Axiom2.0 4 роки тому +2

    Still one of the best lectures from defcon. Hands down

  • @brianschermerhorn7294
    @brianschermerhorn7294 8 років тому +133

    "unless you pay me" - lol

  • @KR-wf5km
    @KR-wf5km 9 років тому +323

    MMM KAY CLASS

  • @robertfoertsch
    @robertfoertsch 4 роки тому +1

    Excellent,Added To My Research Library, Sharing Through TheTRUTH Network...

  • @jdearing46
    @jdearing46 5 років тому +11

    Anolog is your friend. The pen cap getting past security locks since 1985 😂

  • @BitsofSkin
    @BitsofSkin Рік тому +1

    Another trick is to ask someone if they can let you out a rear door a quick cigarette. If they don’t smoke, ask them for the code to get back in so you do t disturb them.
    This trick I pulled of in a server facility. The guy gave me a fob to get back in. He said ‘take this for now, once your finished hand it back in’. That gave me PLENTY of time to copy it. (Took me 30seconds to copy it onto a device and write it onto the card I had been given) The access card I was given only let me open internal doors and even at that it was only on 2 levels. The card the security guy gave me was an AAA card. So, reprogramming the card I was issued with meant it looked legit. (A lime shade of Green coloured card).
    PS; Always pick a security guard that smokes. 😜

  • @antoy384
    @antoy384 5 років тому +3

    I’m at 1/3 and I bet at the end he’ll say “Btw, this is not the time slot that was planned for me at Defcon, it was someone else’s, but I walked confidently on stage and the real presenter is still wondering when was his slot”.

  • @MegaLogical1
    @MegaLogical1 4 роки тому +1

    Man does this take me back to my Security days. I dont know how many of the client personel expected to get in without their badges.

  • @TheHelghast1138
    @TheHelghast1138 6 років тому +2

    as an entrepreneur of an app company I must say I am damn glad this showed up in my watchlist, this was an excellent video!

  • @clairifedverified2513
    @clairifedverified2513 5 років тому +1

    This dude is basically recounting every time we have ever played Hitman.

  • @joedalton77
    @joedalton77 9 років тому +285

    Eugene from the walking dead, anyone?

    • @Carrosive
      @Carrosive 8 років тому +24

      The looks, the voice, the social engineering, the resemblance is uncanny. Perhaps the walking dead writers actually had this guy in mind?

    • @deviouscarma
      @deviouscarma 7 років тому +3

      exactly lol

    • @zephirol4638
      @zephirol4638 6 років тому

      No not really, it's more of a shitty mohawk than a mullet.

    • @chibisingh2726
      @chibisingh2726 6 років тому

      Thats a stretch... watch less TV

    • @Huxtee7
      @Huxtee7 6 років тому

      Begone troll.

  • @Twisted_Code
    @Twisted_Code 11 місяців тому

    As someone who's actually paralyzed, the part where he mentioned "I'm coming in a wheelchair" bothered me… But to be fair to him, I thought the same thing earlier in the presentation, I thought "you know, maybe I could use my actual disability to get paid…". People are so helpful to me because of my disability that OBVIOUSLY the kitten of darkness is going to use that tactic.

  • @PlayedbyInstinct
    @PlayedbyInstinct 4 роки тому +6

    Lol, someone reported a sus guy walking around the halls at my workplace to security and they didn't do anything. A week later a whole bunch of computers got stolen haha