A cyber security guy gave a lecture in my class once and he said "The most difficult part of cyber security is the people". "You can rewrite code, you can isolate networks, but people like to be helpful and that is all it takes for a hacker to get in"
This is true. People believe that most people are not very trusting of others but in fact, studies have shown that people are much more trusting of strangers than we'd assume. One of the studies I remember they called a bunch of random people, told them to flip a coin, and if it was heads, they win money. If it was tails, they didn't win. It was split evenly 50/50 on who reported heads and tails, meaning people weren't lying to say they got heads just to win the fake prize. They actually believed the caller and flipped a coin. Pretty interesting. This sort of psychology can be quite fascinating, especially since we don't know exactly how or why it all works the way it does.
A quote that I remember is "if there is a conflict between security and usability, usability always wins". An example for this is that if employees are required to use long and complicated passwords, they will start writing them down on a piece of paper on their workplace. I also know a company where there was a requirement to use second factor authentication to access certain data, and the session regularly expired while looking through the data. Only took 1 day until someone wrote a "stay alive" script that prevented the expiry. If you restrict the user rights on computers too much (e.g. keep them from installing software they actually need), employees will start working on their private PCs and transfer data. If employees are required to change their passwords regularly, they will only change a minor detail about it (e.g. change a digit at the end of it) I think this goes in a similar direction - you can totally make an IT system quite secure, but you really need to be careful how it impacts usability. This, combined with, as you said, general helpfulness and trust in other people's good intentions will always be a weakness. Imo, if social engineering is done well (involving publicly available information about a company or private data that makes things seem plausible, almost everyone will fall for it. I include myself here btw. If someone really did his research on me and crafts an email with believable content from a person or company I interact with, without any obvious red flags, it is quite likely that I will click a link or open an email attachment...
I recommend you to watch some defcon presentations on social engineering. It's really easy to convince people to give you the information. You have to understand that all he does was asking a guy to search a web-site. What they didn't tell you that somebody had to find that exploit, wrote a code/script... Not to mention they need to mess around his/theirs system and dig deep for flaws.
When used for crime, these kinds of people are called manipulators and sociopaths. This guy was smart enough to make a good living off of being conniving and convincing. Pretty cool dude.
Ya alot of the top hackers change sides after they are caught by fbi and are asked for a good plea deal or no jail at all if they would instead use their knowledge and help the government
That's not sociopathy, Sociopathy is someone who doesn't have the ability to form their own emotions, and can't really comprehend why emotions are important, and they can become great a miming emotions, so yes sociopaths are great manipulators, but there's a whole bunch of impulse stuff that comes along with it.
its not impossible, its possible. We have something called a brain inplant where a chip gets inplanted in your brain, after thats done you can hack it. They inplant these chips into paralyzed people in some countrys like America so they can gain control of parts of their body. So with a chip inplanted in your brain hackers can manipulate the signals and make harm. This tech is many years old so google it if you dont believe me. You can do same thing with cookroaches and other insects aswell, Google cyber cookroach, inplant a chip into his antennas and you can control the cookroach like a robot.
Bro that just mimics the electricity sent by a nerve. It doesn't posess the power to control the brain but rather mimic some signals the brain sends out. Trust me it's not the same.
I find it very hard to believe that this script could, with a *single* input from a person, grant any useful access to anything, let alone enough to 'bring down the company'. This is hyperbolic to say the least. I've worked in Operations and tech support, I would never go to a page one of my clients told me to go to, I would vet it on a virtual machine....for THIS very reason.
I know right, this is news doing scare bs once again. Just clicking a link doesn’t give them access to your whole computer. Otherwise it be completely unsafe to surf the web, since clicking links is the entire process of surfing the web. These scam sites are always trying to get you to run executables. Why the heck would they bother if just clicking the link for the executable download was enough?
Yea it’s mostly bullshit unless he had some kind of zero-day that allowed him to get a reverse shell onto this dudes pc through RCE but I really doubt that.
@@Dark_Rizz Moron you can't hack robux by messing with inspect element. The currency is stored on secured roblox servers. I already tried with picto and failed.
I'm guessing the real problem here is not that Ken from support visited a website, it's that the remote desktop software on his computer wasn't configured to ask for authentication. All the website did was provide his computer's local IP address and then the hacker used that to connect to his computer. He could have easily done this completely without Ken from support's assistance by simply scanning the local network for computers that respond on whatever port they are using for RDP. That whole call to Ken from support was nothing but added dramatic effect.
@annaparker8234 I think this video give the wrong portrayal. I'm in tech so I know what you are talking about, which is totally logical, but this video definitely made it look like the user interaction was all it took to completely own them.
"There are very, very bad people, which means it falls to the good people to try to fight it. We have so much potential to shape our culture, our values, our safety - if not us, then who?" Exactly the confirmation I needed to hear to clear up my own dilemma, and feelings of responsibility for others in my situation. I was unsure whether to pursue fighting a seemingly small issue, or concede to someone who is blatantly abusing their power and position because it would be much easier to just give in and a LOT less stressful. But, this guy just gave me more motivation to keep me going. And he is right.
@@puchu_5001 nevermind. It's in the past. Evil neighbors and evil HOA in my old neighborhood in Florida. They attacked a single mom (and others before me too), vandalized my property, and I had to cash in what little retirement I had worth thousands of dollars in order to hire lawyers to fight them. My own lawyers scammed me too. I only lived in my house for 4 years. That was enough for me. You can't win against an evil HOA. Don't bother fighting them. There is no law that will protect you against them. 4 years of hell and that was the last straw. I moved to Alaska. No more HOA ever again.
@@puchu_5001 she's in Alaska so she was probably in the midst of fighting with a bear; the bear obviously won, took her phone, then made this comment while pretending to be her. It's a very tragic story, and we watched it play out.
Our internal "customers" were supposed to open problem tickets for help, not call someone in IT. Yea, that rarely worked -- especially for managers and higher. 🤣🤣🤣
He could just as easily asked the operator to try an download a program to see if it works on his computer instead of leading him to a phishing website.
Chuck Norris If it was that easy cybercrime statistics would be exponential.. Software bugs that can be leveraged are world-class-hard which is why bounties are so high and so sporadically claimed.. Social-engineering is very hit and miss that's why in the rare instances it works it usually doesn't get the attacker that far in to infrastrucure before getting response. The headlines you see every month or two are like one out of tens of thousands for that months. At the very least.
nigga browser exploitation is trivial. just because people aren't partcipating in pwn2own or whatever fucking competition doesn't mean there aren't hundreds of fucking exploits being vantaged in the wild. computer security is a fucking joke. a 120k line program isn't ever going to be secure unless the entire fucking world audits it and every modification made is signed off on by every1
yeah that's why world class hackers are digging in to nvidia driver code looking for sandbox escapes.. Stuff people pay bounties on is way bigger than 120k lines..
@@revivalamt6991 metasploitable is a machine meant to be created to practice exploitation and pentesting, on the other hand metasploit is the one handles the exploits
I see a lot of off comments here, this man is bringing awareness, and considering just how many people and companies are affected every day, I support this work, and will now invite him to appear as a speaker at out awareness summit, well done.
That's unrealistic. If that IT guy simply visited the site without downloading anything and the companies corporate IT is even slightly up to date, there's no way he gained access to the computer just by opening a website... Either they're making up a story or the IT guy had automatic downloads enabled in his browser which resulted in him catching a drive by download. However no one working in IT should have automatic downloads enables anyway...
Ahhh yes because hackers aren't masterminds. You have no clue what you're talking about. It definitely IS possible, and it's not about having "automatic downloads" enabled.
I agree with this comment, unless that IT guy has a fully disabled firewall and has all the network ports in his pc fully open and unsecured, there is no way just entering a website would get you hacked.
This isn't an ordinary hack, by some random person. So it's more LIKELY to succeed. So let's see the mistakes. (our company practices) 1> Having an internal company number means nothing, we ask whose calling and verify that person. 2> If that person has a COMPANY asset. we would log onto that machine only 3> Generally we would not CLICK on any links, before doing so, we would CHECK the link by hovering over it 4> EVEN if we did, we have secure software/AV etc, which WILL and has detected rootkits, trojans etc, so if my machine was infected, IT security would get an alarm and lock us out, and/or our own machine software would do the same. 5> Permissions on the machine would pop up asking for a piece of software to be installed. 6> remoting into another machine we are the other machine, anything I click on, will install on that machine not mine, mine is behind a firewall............ basically a BS article, not realistic, of course companies get hacked, but this example is totally not real world, as a front line IT tech, we generally know everyone we work with and get a feeling for when something is wrong, of course things happen, but this particular example is non-sense. WELL it's American, what else do you expect... You guy's better wake up on your own government messing with you they are the real hackers... PEACE
well, not all companies have AVs some are just too stupid and maybe we could use something like powersploit, to avpid AV? and as security developes, so does exploits just make an invisible 0-day exploit, and u're good to go no AV alarms
Mate, im a bit late here but i know companies today who's ''databases'' are still run on fucking excel spreadsheets. Don't come all high and proud about your startup having good security practices. This is miles more common than you think.
You probably don't know what hacking is, there is 3 types of hackers, black hat hackers which as you said if they are know they are a failure, there is the grey hat they are neutral they hack but they do not steal any money they just do it for fun then there is the white hat like this guy, he helps companies to protect against black hat hackers
not necessarely if I'm gonna be a black hat hacker, (there's 20% chance that I'll be one) and I'm known as for example: *3xploit* (my alias), that doesn't mean that I've failed as long as I am free and anonymous (my real identity isn't known), I'm successful hacker
@0:41 Problem number one....the company (IT Department) does not authenticate the employee. Some verbal passcode, plus a MFA(text code to cell# on file). Do that and you plug that hole fast. You've shut it down instantly and you also become aware of this hole that is occurring.
@cat and lasagna the guy made a rat and that is what was installed on the victims computer the victim never executed the file so how does that work??? It doesn’t so yeah
I've always told the men I've had relationships with, the moment you are unfaithful is the moment you end our relationship. If I've ever felt so disconnected from my partner that I have felt myself drawn even into a hypothetical affair in my mind, I end the relationship. I've been in many abusive relationships (that I ultimately ended) but never once have I been unfaithful. Why? Because no failing relationship is worth sacrificing my morals and integrity for. No matter how it unfolds with a partner, there should be a base level of respect and empathy towards them as a human being. A failed relationship will not pollute your mind and foster insecurities anywhere near as much as being on the receiving end of adultery. I dind't know what was happening all along for years that she's been cheating until I met explore.hacker thanks guys..
I heard an interesting thought experiment recently. If we were to live thousands of years, most of us would eventually become polyamorous. Because, you're bound to eventually meet/know more than one person who you love. And, it's essentially impossible for one person to meet all of your needs indefinitely. I think consensual non-monogamy is underrated.
Good example of the struggle IT staff have. He’s running as an admin on his machine without functional AV as a non admin would have less chance of running code and AV should have picked it up or apps aren’t being patched daily, weekly, monthly as management refuse to allow IT teams to do their jobs so the remote code is using a known exploit. , NO staff in a business including admins should be logged in as admins, everyone should be non admins (zero excuses for this) and admins should elevate any tasks they need to admin. If your IT department and staff aren’t working like this as a basic config, assume you’ve already been hacked or will be
Yeah, and you have a picture of Aleks as your profile pic. You also have a username Gravity Sandwich. Also, you failed to punctuate your sentence. Did you fail the fifth grade? Ever read spiderman? It's not aimed towards children.
It's more smoke than fire. He probably did run a malicious script and gained some control of his browser but no way did he take control of the computer in 2 minutes. Trusting he actually knows thing or two, it's probably the first step to getting full access of the computer and not the last
ha we have been using these techniques since AOL. This is not "Hacking" this is "social engineering" most social engineers suck with real hacking skills, and real hackers suck at social engineering.
My manager wanted me to provide some sensitive information, like server passwords, screenshots of various thing. I refused because it smelled like a pentest. She didn’t know but found out it was. Silly people.
MemoriesDestroyUs Fucking hell there are way too many elitists when it comes to hacking. Bro, "hacking" is LITERALLY just gaining unauthorized access to something. It does not matter how you do it. Even watching somebody type in their password is technically hacking.
well techniqally it is, hacking is a term meaning you gain access to somthing you shouldn't be able to and that what the hacker did and What he did was trick a person to go to a malicious website he created it a bit like spear phishing. Probably used abit of java script to make the victim to download a file that let the hacker to gain access.
00:34 Lmfao this "hacker" doesn't even know how to escalate privileges when "getsystem" doesn't work. You can see he just gives up and spawns a shell anyways with shit privileges. And LOL he fuckin' misspelled "getsystem" twice! xD
thats actually unlikely to be the same person. years ago i was interviewed by global news in canada and when the crew came to my house a lot of the stuff was edited and sometimes if things were not shot the way they want they will just have a pair of hands and make it look like its you to the casual viewer. They tell you that they are doing this upfront.
Apparently the stereotypical hackers use MacBooks with Kali Linux, that is so based. It's a literal Hackintosh, that is the opposite of the definition of Hackintosh, ironically enough.
Hey guys what's up its Scarce here and today we got a lot of news now this ones from David Kennedy you all know who David Kennedy is, a huge channel with 6 subs well he actually managed to hack into a company thats right this guy actually hacked into a company through IT support. That's all guys thanks for watching peace.
Social engineering is something I practice on a daily basis. It is easy, if you know what your doing. You have to have the right mindset. Just because you know how to do it, doesn't mean you can do it effectively.
My moms ex bf does the exact same thing these guys do. He protects major businesses from attacks/cyber security. And it was scary when I heard the stuff he was able to hack and do if he wanted to and do it easy. Ppl have no clue
PLEASE READ { Hire A Private Investigator} Establishing your company’s best defense is much like dealing with natural disasters, the best defense against cybercriminals is being proactive. You won’t know when or how a disaster may hit, but you can minimize the damage and recover quickly if it does. Attackers have grown creative over the years by requiring payments that are nearly impossible to trace, which helps cybercriminals remain anonymous. Prevention for DDOS attacks and ransomware attacks typically involves setting up and testing backups as well as applying ransomware protection in security tools. Security tools such as email protection gateways are the first line of defence, while endpoints are a secondary defence. Intrusion Detection Systems (IDSs) are sometimes used to detect ransomware command-and-control to alert against a ransomware system calling out to a control server.This type of services requires an expertise and that's where we come in. Alright listen up if you have experienced any of these.. Over the years, attackers have grown creative over the years by requiring payments that are nearly impossible to trace, which helps cybercriminals remain anonymous.Webghost33 on teleegram , is a cyberspace expert and professional cyberspace expert. They can help if you're ever exposed to internet scams and cybersecurity breach such as Business Email Compromise too.They can can help get it restored and track down the person who did it in many cases. Do you want to install spyware on a cellphone, smartphone or computer? Do you know if you have spyware on your computer or mobile devices? Reputation Management? Control your online reputation but removing false information and getting your positive message out. Cyber Stalkers? Don’t be harassed or stalked online. Find the person responsible and put an end to it all. Cheating Spouse? Find out for sure what your spouse is up to with our Digital Investigation services. Perhaps my hacking professionalism has helped in various aspects like; Removing links and posts, eradicate being Cyber Bullied or Cyber Stalked, Locate Missing People, Computer Security Training, Background Checks, Cyber Extortion, Relationships, Nationwide Employment Background Check, Tracking, Online Dating Scams, Cyber Frauds, cyber-espionage, criminal gangs or the pursuit of data. We aim to make all kind online protections for our valuable clients. Reach out on w'app 1 414 909 3913
That's true. I was a victim of scam and someone gave me webghost's contact, i was able to recover my funds from a scammer in South Africa. great and professional hacker. There are scammers and there are hackers. Great hacker will help you recover your funds and hack scammers . webghost33 would help you clear any virus detection and security threat. very good and i have confirmed it
3 роки тому+3
1:49 "to show you this demo, WE'VE AGREED to not use the company's name" this is how you know that neither the journalist nor the company are based within the EU, where GDPR is in place.
The government and government officials are the biggest hackers. That is why we need such people (hackers) to be able to defend ourselves against those who are trying to control us. Beautiful video. I wish a lot of success in my career.
Dark is the absence of light. Cold is the absence of heat... Was going to comment that this came from Albert Einstein, but that was a fictional story... Where did this quote come from? lol
Exactly. They probably didnt show some intermediary steps. Maybe ran an exe file or something. But asking tech support to download and run a file isnt very conincing. Pretty sus…
A cyber security guy gave a lecture in my class once and he said "The most difficult part of cyber security is the people". "You can rewrite code, you can isolate networks, but people like to be helpful and that is all it takes for a hacker to get in"
This is true. People believe that most people are not very trusting of others but in fact, studies have shown that people are much more trusting of strangers than we'd assume.
One of the studies I remember they called a bunch of random people, told them to flip a coin, and if it was heads, they win money. If it was tails, they didn't win.
It was split evenly 50/50 on who reported heads and tails, meaning people weren't lying to say they got heads just to win the fake prize. They actually believed the caller and flipped a coin. Pretty interesting.
This sort of psychology can be quite fascinating, especially since we don't know exactly how or why it all works the way it does.
A quote that I remember is "if there is a conflict between security and usability, usability always wins".
An example for this is that if employees are required to use long and complicated passwords, they will start writing them down on a piece of paper on their workplace.
I also know a company where there was a requirement to use second factor authentication to access certain data, and the session regularly expired while looking through the data. Only took 1 day until someone wrote a "stay alive" script that prevented the expiry.
If you restrict the user rights on computers too much (e.g. keep them from installing software they actually need), employees will start working on their private PCs and transfer data.
If employees are required to change their passwords regularly, they will only change a minor detail about it (e.g. change a digit at the end of it)
I think this goes in a similar direction - you can totally make an IT system quite secure, but you really need to be careful how it impacts usability. This, combined with, as you said, general helpfulness and trust in other people's good intentions will always be a weakness.
Imo, if social engineering is done well (involving publicly available information about a company or private data that makes things seem plausible, almost everyone will fall for it. I include myself here btw. If someone really did his research on me and crafts an email with believable content from a person or company I interact with, without any obvious red flags, it is quite likely that I will click a link or open an email attachment...
Yes sir 😺
yeah, it's said all the time, it's not surprising, I think that is has been said too much, everyone knows it
Spoiler Alert: The company was Yahoo
home depot and target on episode 2 and 3
or microsoft....
Microsoft tech support is like 90% Indian
Yeah the fake tech support William
It could be any company, really.
i wish i had this lads social skills
Rhandy it's not even social skills, it's just lying. You have the skills to do this haha
Everything is easy, if you know what you're doing
just stick to the script and its easy as hell
I recommend you to watch some defcon presentations on social engineering. It's really easy to convince people to give you the information. You have to understand that all he does was asking a guy to search a web-site. What they didn't tell you that somebody had to find that exploit, wrote a code/script... Not to mention they need to mess around his/theirs system and dig deep for flaws.
guys, I think he was being sarcastic
"Oh btw, Ken was fired"
@matthewmorrison3703 Nigga I don't even remember what this video is about
😂😂
When used for crime, these kinds of people are called manipulators and sociopaths. This guy was smart enough to make a good living off of being conniving and convincing. Pretty cool dude.
Ya alot of the top hackers change sides after they are caught by fbi and are asked for a good plea deal or no jail at all if they would instead use their knowledge and help the government
It's just fun
That's not sociopathy, Sociopathy is someone who doesn't have the ability to form their own emotions, and can't really comprehend why emotions are important, and they can become great a miming emotions, so yes sociopaths are great manipulators, but there's a whole bunch of impulse stuff that comes along with it.
@@callofdutyblackops9 agreed, and I'll add to grace that Being used for crime or not it's still manipulation.
What a crockof shit he's stealing
Watch this hacker break into a company > Watch this random guy make a phone call and install remote desktop.
lol yeah that is what I thought too
I like to think he had Social Engineering Toolkit on Kali on that laptop installing his own propagating java backdoor.
Hardly a random guy.
Adam Webster well, he did write it.
never heard about privilege escalation? if he hacks a pc inside a company, he can access to the whole
I need to hack into my customer's brains
I think that's impossible
njice nice meme nice nice meme nice meme
Yes, learn your marketing.
its not impossible, its possible. We have something called a brain inplant where a chip gets inplanted in your brain, after thats done you can hack it. They inplant these chips into paralyzed people in some countrys like America so they can gain control of parts of their body. So with a chip inplanted in your brain hackers can manipulate the signals and make harm. This tech is many years old so google it if you dont believe me.
You can do same thing with cookroaches and other insects aswell, Google cyber cookroach, inplant a chip into his antennas and you can control the cookroach like a robot.
Bro that just mimics the electricity sent by a nerve. It doesn't posess the power to control the brain but rather mimic some signals the brain sends out. Trust me it's not the same.
2:18
"We gotta grow up a bit"
*sees spider-man blanket and mannequin in background"
ok
The day an Age where being a gee is still "Childish "
Extritio I thought this same exact thing and scrolled down to see someone else did too lol
It's not childish to be a fan of something
lmfaaooooo
That joke was actually a lil more funny because it's comin' from a weeb, haha.
The most ironic sentence that came out of his mouth “I really suck with computers man” 😂😂😭
i know for real
I find it very hard to believe that this script could, with a *single* input from a person, grant any useful access to anything, let alone enough to 'bring down the company'. This is hyperbolic to say the least.
I've worked in Operations and tech support, I would never go to a page one of my clients told me to go to, I would vet it on a virtual machine....for THIS very reason.
I know right, this is news doing scare bs once again. Just clicking a link doesn’t give them access to your whole computer. Otherwise it be completely unsafe to surf the web, since clicking links is the entire process of surfing the web. These scam sites are always trying to get you to run executables. Why the heck would they bother if just clicking the link for the executable download was enough?
Yea it’s mostly bullshit unless he had some kind of zero-day that allowed him to get a reverse shell onto this dudes pc through RCE but I really doubt that.
"What do you think of when I say the word hacker?"
um
*inspect element*
Yeah keep *inspecting robux in roblox dude*
+MrLeviNielsen
lmao😂😂😂
but that's true
@@Dark_Rizz Moron you can't hack robux by messing with inspect element. The currency is stored on secured roblox servers. I already tried with picto and failed.
@@blakebarbee7224 that was a joke don't take it too serious you'll get heart attack LOL
So CNN learned clickbait...
Kyle Choi how was this Click Bait??
ikenna unamadu title watch this hacker break into a company instead he just calls a bussiness man and let him go through a computer..
Marcus 5_887_4 lol so the computer broke in the company?
Boy does this comment age well
For each thing he hacked he lost a single hair
LMFAO
Priceless
🤣😂😂😂😂
Hahah
Hahahaha
I'm guessing the real problem here is not that Ken from support visited a website, it's that the remote desktop software on his computer wasn't configured to ask for authentication. All the website did was provide his computer's local IP address and then the hacker used that to connect to his computer. He could have easily done this completely without Ken from support's assistance by simply scanning the local network for computers that respond on whatever port they are using for RDP. That whole call to Ken from support was nothing but added dramatic effect.
What if he wasnt given the local ip of the company?
@annaparker8234 I think this video give the wrong portrayal. I'm in tech so I know what you are talking about, which is totally logical, but this video definitely made it look like the user interaction was all it took to completely own them.
There are several levels of hack.
He hacked his browser this way and that is all you need bro...
i need hackers worldwide m4n4n@hotmail.com
"we gotta grow up a bit" *he says sitting in front of a giant spiderman"
ya
dafuq is wrong with that?
And here is another guy who thinks that growing up means giving up Anime & Cartoons.😂😂
lmao
We got lots of famous people who are fans of marvel. What’s wrong with that
"There are very, very bad people, which means it falls to the good people to try to fight it. We have so much potential to shape our culture, our values, our safety - if not us, then who?"
Exactly the confirmation I needed to hear to clear up my own dilemma, and feelings of responsibility for others in my situation. I was unsure whether to pursue fighting a seemingly small issue, or concede to someone who is blatantly abusing their power and position because it would be much easier to just give in and a LOT less stressful. But, this guy just gave me more motivation to keep me going. And he is right.
wth?
@@AlexYazanGames nevermind, they won. I lost. But I gave them hell in the meantime. Evil does win sometimes.
@@puchu_5001 nevermind. It's in the past. Evil neighbors and evil HOA in my old neighborhood in Florida. They attacked a single mom (and others before me too), vandalized my property, and I had to cash in what little retirement I had worth thousands of dollars in order to hire lawyers to fight them. My own lawyers scammed me too. I only lived in my house for 4 years. That was enough for me. You can't win against an evil HOA. Don't bother fighting them. There is no law that will protect you against them. 4 years of hell and that was the last straw. I moved to Alaska. No more HOA ever again.
@@puchu_5001 she's in Alaska so she was probably in the midst of fighting with a bear; the bear obviously won, took her phone, then made this comment while pretending to be her. It's a very tragic story, and we watched it play out.
@@5kr3aminMunk33 That’s very tragic. I feel very sad that Shannon died. 😔
I think of the Hacker known as 4chan.
He's the 400 pound man in the basement, right?
Yeah, his real name is Chuck, and it's his mother's basement.
Spooky euH
Uh 4chan is a chat service.. not a hackers name.
Broken Logic whoosh...
"we should all grow up..." Says the guy with all the spiderman stuff in his living room loool
Tequila Tyrant spider man isn’t just for kids, how could u think that? That is so stereotypical 😹😹😹
It's just a joke bro.
i was just about to say that🤣🤣🤣
Plot twist : The company was Twitter
***Clicks link***
Hacker: LMAO JUST HACKED YOU NOOB
BOI DONT TRUST THE LINK I GOT RATTED!!!!!!
lol you cant do that thats impossbile is this like some windows 7?
untrip trip you’re brain dead. You’d need a JavaScript RCE exploit (all of them are patched) so it’s impossible
leaking RC4 isnt hard lol no where near it
go to d99q.cn if you want to get hacked lol
Edit: actually don't go
Takes more than 2 minutes to reach a human voice when calling tech support...
not when you work in the company
No company I've ever worked for has had automated tech support. Every time I've called it's been a human straight away.
Our internal "customers" were supposed to open problem tickets for help, not call someone in IT. Yea, that rarely worked -- especially for managers and higher. 🤣🤣🤣
That's not a social problem it's an un-patched-browser problem..
He could just as easily asked the operator to try an download a program to see if it works on his computer instead of leading him to a phishing website.
Chuck Norris If it was that easy cybercrime statistics would be exponential.. Software bugs that can be leveraged are world-class-hard which is why bounties are so high and so sporadically claimed.. Social-engineering is very hit and miss that's why in the rare instances it works it usually doesn't get the attacker that far in to infrastrucure before getting response.
The headlines you see every month or two are like one out of tens of thousands for that months. At the very least.
nigga browser exploitation is trivial. just because people aren't partcipating in pwn2own or whatever fucking competition doesn't mean there aren't hundreds of fucking exploits being vantaged in the wild.
computer security is a fucking joke. a 120k line program isn't ever going to be secure unless the entire fucking world audits it and every modification made is signed off on by every1
yeah that's why world class hackers are digging in to nvidia driver code looking for sandbox escapes.. Stuff people pay bounties on is way bigger than 120k lines..
TJ DEV as far i i understood the support guy opened a file... that he downloaded from that website... So i guess it wasn't the browser's fault...
“Hello world”
I’m in boys
Print:(“hello, world”)
@@iiReTr0Z python :)
@@iiReTr0Z actually print("hello, world") :)
for anyone wondering, he used metasploitable to create a reverse shell onto his computer
*metasploit not metasploitable
@@steez4778 the vm image is called metasploitable...
@@revivalamt6991 metasploitable is a machine meant to be created to practice exploitation and pentesting, on the other hand metasploit is the one handles the exploits
@@steez4778 yeah man i got confused
Having tried all hack tools on UA-cam,I must say @andrewhack4 on Instagram is the only working one.
In my case, with great power comes great electric bills. fml.
.
my electricity bills are only 15$ per month
but good one😂😂😂
@@nightviper7354 old is no bill
🤣🤣🤣👍
I see a lot of off comments here, this man is bringing awareness, and considering just how many people and companies are affected every day, I support this work, and will now invite him to appear as a speaker at out awareness summit, well done.
social engineering (people) are easy to manipulate, this is why you need to have IT meetings and educate users on all these items.
me: going on the website and clicking here
my brain: i hope its the wrong website
How did he make the website? What did he use?
That was insane!
I truly believe that hackers will actually become our only protection in the future since the world evolves more around technology now
That guy he hacked was genuinely nice
Social skills? That spiderman house will scare anybody off.
Says Vadim
So we are gonna ignore the boys or scammers reposting their comments?
i need hackers worldwide m4n4n@hotmail.com
That's unrealistic. If that IT guy simply visited the site without downloading anything and the companies corporate IT is even slightly up to date, there's no way he gained access to the computer just by opening a website...
Either they're making up a story or the IT guy had automatic downloads enabled in his browser which resulted in him catching a drive by download. However no one working in IT should have automatic downloads enables anyway...
Yeah
Ahhh yes because hackers aren't masterminds. You have no clue what you're talking about. It definitely IS possible, and it's not about having "automatic downloads" enabled.
It isn’t possible to get your computer hacked by opening a website
Unless there’s a vulnerability but Microsoft would fix it fast
I agree with this comment, unless that IT guy has a fully disabled firewall and has all the network ports in his pc fully open and unsecured, there is no way just entering a website would get you hacked.
This isn't an ordinary hack, by some random person. So it's more LIKELY to succeed. So let's see the mistakes. (our company practices) 1> Having an internal company number means nothing, we ask whose calling and verify that person. 2> If that person has a COMPANY asset. we would log onto that machine only 3> Generally we would not CLICK on any links, before doing so, we would CHECK the link by hovering over it 4> EVEN if we did, we have secure software/AV etc, which WILL and has detected rootkits, trojans etc, so if my machine was infected, IT security would get an alarm and lock us out, and/or our own machine software would do the same. 5> Permissions on the machine would pop up asking for a piece of software to be installed. 6> remoting into another machine we are the other machine, anything I click on, will install on that machine not mine, mine is behind a firewall............ basically a BS article, not realistic, of course companies get hacked, but this example is totally not real world, as a front line IT tech, we generally know everyone we work with and get a feeling for when something is wrong, of course things happen, but this particular example is non-sense. WELL it's American, what else do you expect... You guy's better wake up on your own government messing with you they are the real hackers... PEACE
well, not all companies have AVs
some are just too stupid
and maybe we could use something like powersploit, to avpid AV?
and as security developes, so does exploits
just make an invisible 0-day exploit, and u're good to go
no AV alarms
Mate, im a bit late here but i know companies today who's ''databases'' are still run on fucking excel spreadsheets. Don't come all high and proud about your startup having good security practices. This is miles more common than you think.
@@stillmillionair A bit late? Its been 4 years my guy
A known hacker is a failed hacker.
Sayyam Jain how?
Sayyam Jain not necessarily... it really depends on if your a white hat or black hat hacker
You probably don't know what hacking is, there is 3 types of hackers, black hat hackers which as you said if they are know they are a failure, there is the grey hat they are neutral they hack but they do not steal any money they just do it for fun then there is the white hat like this guy, he helps companies to protect against black hat hackers
not necessarely
if I'm gonna be a black hat hacker, (there's 20% chance that I'll be one) and I'm known as for example: *3xploit* (my alias), that doesn't mean that I've failed
as long as I am free and anonymous (my real identity isn't known), I'm successful hacker
your on the FBI hit-list
all he did was RAT the dude xD
lmao
and got paid.
with a link to a website? I didn't know you can do that so easily. unless the IT guy clicked on a prompt triggering some js code.
I do cyber security for the USAF lol
Pikachu Fizz So true
@0:41 Problem number one....the company (IT Department) does not authenticate the employee. Some verbal passcode, plus a MFA(text code to cell# on file). Do that and you plug that hole fast. You've shut it down instantly and you also become aware of this hole that is occurring.
what the
The most vulnerable part of any network is the people.
I find it funny how a guy called David Kennedy ends up on the line with a guy called "Ken"
Just for demonstration...
Barbie wasn't there.
A majority of Instagram accounts are hackable with instahaxor. There is no need to throw away your time with complex methods such as phishing.
His mom sounds like she was a super hero.
Great moral values.
I'd love to know how clicking a 'here' hyperlink gives somebody full access to another persons computer. This is over simplifying it to the extreme.
i know right. complete bs. missing 1/2 the story
@cat and lasagna the guy made a rat and that is what was installed on the victims computer the victim never executed the file so how does that work??? It doesn’t so yeah
Actually it’s simple. The Browser Exploit Framework (BeEF) does exactly this, as well as other tools in Kali Linux.
Lea.... The world is talking about hacking.... Here I don't even know how to on and off the computer 😂😂
I've always told the men I've had relationships with, the moment you are unfaithful is the moment you end our relationship. If I've ever felt so disconnected from my partner that I have felt myself drawn even into a hypothetical affair in my mind, I end the relationship. I've been in many abusive relationships (that I ultimately ended) but never once have I been unfaithful. Why? Because no failing relationship is worth sacrificing my morals and integrity for. No matter how it unfolds with a partner, there should be a base level of respect and empathy towards them as a human being. A failed relationship will not pollute your mind and foster insecurities anywhere near as much as being on the receiving end of adultery. I dind't know what was happening all along for years that she's been cheating until I met explore.hacker thanks guys..
I heard an interesting thought experiment recently. If we were to live thousands of years, most of us would eventually become polyamorous. Because, you're bound to eventually meet/know more than one person who you love. And, it's essentially impossible for one person to meet all of your needs indefinitely. I think consensual non-monogamy is underrated.
I just watched 3 minutes of explaining the word pentest. It's not that interesting.
damn phrazzal tropix here
This dude has a strong Dax Shepard voice and I love it
Watch this hacker break into my heart
not gonna lie. The interviewer got a little bit wet when he told her he successfully hacked the entire company.
A hacker doesn't want to be known ever until death
I really like the Josh Corman guy. All that Spider-Man stuff. He seems genuinely nice
Hasnt Devid Kennedy written the SEToolkit?
I7itI3ull T.O he has
then why doesn't he know how to use it?
He does, better than we do, including you
Guy Facks f
lol i went on the link and it opened 3 "node.js" files runing silently on my pc xD
The IT guy is yiiiiikes.
Good example of the struggle IT staff have. He’s running as an admin on his machine without functional AV as a non admin would have less chance of running code and AV should have picked it up or apps aren’t being patched daily, weekly, monthly as management refuse to allow IT teams to do their jobs so the remote code is using a known exploit. ,
NO staff in a business including admins should be logged in as admins, everyone should be non admins (zero excuses for this) and admins should elevate any tasks they need to admin. If your IT department and staff aren’t working like this as a basic config, assume you’ve already been hacked or will be
This dude is talking about growing up but he still got a life size statue of spiderman
ain't nothing wrong with that.
hey, he bought that statue, that`s what adults do, buy shit with your own money.
Yeah, and you have a picture of Aleks as your profile pic. You also have a username Gravity Sandwich. Also, you failed to punctuate your sentence. Did you fail the fifth grade?
Ever read spiderman? It's not aimed towards children.
too many manchildren here, defending the grown adult with spiderman merch
@@ClockworkRBLX Who cares about Spider-Man merch lol
"Just by clicking that link hes given David full access to his computer"
Yes and
"Some creepy dude in a basement?"
*Shows a guy with a fedora. Lel
Just by visiting a site, without doing _anything_ else, he was able to access his PC? How is that supposed to work?
It's more smoke than fire. He probably did run a malicious script and gained some control of his browser but no way did he take control of the computer in 2 minutes. Trusting he actually knows thing or two, it's probably the first step to getting full access of the computer and not the last
Were you in Denmark , Germany
Johan
0:24 "can I jus just get your credit card number" ffs lmao
ha we have been using these techniques since AOL. This is not "Hacking" this is "social engineering" most social engineers suck with real hacking skills, and real hackers suck at social engineering.
asmcriminaL
Social engineering is not separate from hacking.
It's a different branch, sure, but social engineering is still technically hacking.
"what do you think when i say the word hacker? some creepy dude in a basement?" wtf no xD
Why is a senior technology correspondent surprised by this?
That Spider-Man guy was high on himself
A true captain America!
No command prompt? This guy's a noob
1. It's called jokes
No Inspect Element too? what a noob jk dont take this seriously
did anyone go to the website he said
Ant Yes
My manager wanted me to provide some sensitive information, like server passwords, screenshots of various thing. I refused because it smelled like a pentest. She didn’t know but found out it was. Silly people.
They literally showed him using metasploit, he was in a meterpreter command promt
was he in kali linux?
Saksham Gaming we can’t tell but at the beginning it showed a meterpreter prompt so it could be anything, windows Mac kali etc
remote desktop isnt hacking lol
lolman8776 click bait title
ur a fucking idiot, hes a social engineer do you even understand what hacking even is
MemoriesDestroyUs
Fucking hell there are way too many elitists when it comes to hacking.
Bro, "hacking" is LITERALLY just gaining unauthorized access to something. It does not matter how you do it. Even watching somebody type in their password is technically hacking.
well techniqally it is, hacking is a term meaning you gain access to somthing you shouldn't be able to and that what the hacker did and What he did was trick a person to go to a malicious website he created it a bit like spear phishing. Probably used abit of java script to make the victim to download a file that let the hacker to gain access.
Remote desktop IS hacking if the person was not willing to provide you with a login in the first place.
00:34 Lmfao this "hacker" doesn't even know how to escalate privileges when "getsystem" doesn't work. You can see he just gives up and spawns a shell anyways with shit privileges. And LOL he fuckin' misspelled "getsystem" twice! xD
BAHAHAHAHAHAHAHAHA DUDE im like that when chicks around i wanna fucking stick my usb in her 3.0
thats actually unlikely to be the same person. years ago i was interviewed by global news in canada and when the crew came to my house a lot of the stuff was edited and sometimes if things were not shot the way they want they will just have a pair of hands and make it look like its you to the casual viewer. They tell you that they are doing this upfront.
It's the guy with the vape shirt. You can see his sleeve tattoo.
imagine the guy he called watching this video 😂😂😂🤘
0:34 is he using kali linux and meterpreter to hack into?
Apparently the stereotypical hackers use MacBooks with Kali Linux, that is so based. It's a literal Hackintosh, that is the opposite of the definition of Hackintosh, ironically enough.
Hey guys what's up its Scarce here and today we got a lot of news now this ones from David Kennedy you all know who David Kennedy is, a huge channel with 6 subs well he actually managed to hack into a company thats right this guy actually hacked into a company through IT support. That's all guys thanks for watching peace.
Lmao
Social engineering is something I practice on a daily basis. It is easy, if you know what your doing. You have to have the right mindset. Just because you know how to do it, doesn't mean you can do it effectively.
Ha "I'm not good at computers." 😂😂😂
Cool Videos its a fact doe all he did was make him install a keylogger
My moms ex bf does the exact same thing these guys do. He protects major businesses from attacks/cyber security. And it was scary when I heard the stuff he was able to hack and do if he wanted to and do it easy. Ppl have no clue
2:17 "We've got to grow up a bit" meanwhile behind him is a full-size spiderman toy
388 Note he might have a child that likes spiderman
am i the only one who thought is was the company instead of a company as in prison break
Daan Boleij How do you even remember that rofl
lol thats funny you remember that. Prison break is coming back!
SP_23 haha ikr i also dunno how i just thought about that xD
Now +900k know how to hack into the pentagon
0:43 "How my I help you" lmao
What program did he use to create the link to gain access to the guys computer?
So what was the IT guy supposed to do?
Well, i need a hacker to give me back my 2 minutes and 55 seconds
"We have to grow up a bit" with spider man pillow and cut out behind him lol
who is this 4chan guy?
LMAO. Love that clip
PLEASE READ { Hire A Private Investigator}
Establishing your company’s best defense is much like dealing with natural disasters, the best defense against cybercriminals is being proactive. You won’t know when or how a disaster may hit, but you can minimize the damage and recover quickly if it does.
Attackers have grown creative over the years by requiring payments that are nearly impossible to trace, which helps cybercriminals remain anonymous. Prevention for DDOS attacks and ransomware attacks typically involves setting up and testing backups as well as applying ransomware protection in security tools. Security tools such as email protection gateways are the first line of defence, while endpoints are a secondary defence. Intrusion Detection Systems (IDSs) are sometimes used to detect ransomware command-and-control to alert against a ransomware system calling out to a control server.This type of services requires an expertise and that's where we come in.
Alright listen up if you have experienced any of these.. Over the years, attackers have grown creative over the years by requiring payments that are nearly impossible to trace, which helps cybercriminals remain anonymous.Webghost33 on teleegram , is a cyberspace expert and professional cyberspace expert. They can help if you're ever exposed to internet scams and cybersecurity breach such as Business Email Compromise too.They can can help get it restored and track down the person who did it in many cases. Do you want to install spyware on a cellphone, smartphone or computer? Do you know if you have spyware on your computer or mobile devices? Reputation Management? Control your online reputation but removing false information and getting your positive message out. Cyber Stalkers? Don’t be harassed or stalked online. Find the person responsible and put an end to it all. Cheating Spouse? Find out for sure what your spouse is up to with our Digital Investigation services. Perhaps my hacking professionalism has helped in various aspects like; Removing links and posts, eradicate being Cyber Bullied or Cyber Stalked, Locate Missing People, Computer Security Training, Background Checks, Cyber Extortion, Relationships, Nationwide Employment Background Check, Tracking, Online Dating Scams, Cyber Frauds, cyber-espionage, criminal gangs or the pursuit of data. We aim to make all kind online protections for our valuable clients. Reach out on w'app 1 414 909 3913
thanks for the info. I've also heard of Webghost
That's true. I was a victim of scam and someone gave me webghost's contact, i was able to recover my funds from a scammer in South Africa.
great and professional hacker. There are scammers and there are hackers. Great hacker will help you recover your funds and hack scammers . webghost33 would help you clear any virus detection and security threat. very good and i have confirmed it
1:49 "to show you this demo, WE'VE AGREED to not use the company's name" this is how you know that neither the journalist nor the company are based within the EU, where GDPR is in place.
Good for you?
Might not even mean that- I doubt it does. It’s just text.
and people think i’m a hacker when i open inspect element
The government and government officials are the biggest hackers. That is why we need such people (hackers) to be able to defend ourselves against those who are trying to control us. Beautiful video. I wish a lot of success in my career.
Dark is the absence of light. Cold is the absence of heat... Was going to comment that this came from Albert Einstein, but that was a fictional story... Where did this quote come from? lol
what?
U WOT M8?
Did anyone try out the link in the beginning?
Damm.. thats some good social skills.... if you came here from the havard course , hit the like button.
"That was easy" lmao
0:35 look at his console as it comes into focus "get system": Unknown Command. "getsystem": Operation Failed lmao
brute forcing commands manually is the way to go
OMG I"m not amazed that you tell this to your audience, I'm amazed that they buy this crap :D
can anyone explain how to take control of a computer from clicking a malicious website?
Exactly. They probably didnt show some intermediary steps. Maybe ran an exe file or something. But asking tech support to download and run a file isnt very conincing. Pretty sus…
This happens to roblox all the time and the company does nothing about it.