People really are one of the weakest parts of most security systems. How did you get in here? Front door. do you have a pass? no. Well let's get you a pass!
nah, its good people aren't practicing security by obscurity anymore - now if only MasterLock and American would develop some real locks instead of just letting them comb open in 2 seconds.
This is dope as hell. I'm kind of blown away because although I know that companies higher a hacker or two to come into a office during working hours to test security, never did I think people go Metal Gear Solid on their ass and stealthily break into buildings and power substations. It actually looks fun.
i work at a remote fully independant work station. and yeah its kinda fun sneaking around and seeing whats unlocked. ima poke around their network ina bit. but for example every vic is unlocked and theres open networks
If you're interested in this type of stuff, I highly recommend the podcast darknet diaries cause it's super fascinating. And no, I have no affiliation with it or the host lol, it's just an incredible podcast. The xbox underground hackers were probably some of the best podcast episodes I've ever heard cause it's batshit insane what those guys did. Also a pentester team that got arrested by backwoods cops who didn't believe them when they got caught lol, and their ensuing trial.
@@mdog86 Darknet Diaries actually linked to this video in Episode 95 from 2021 when they interviewed folks from RedTeam Security. I just finished listening to the episode. Super interesting stuff, and Darknet Diaries is great.
It entirely depends on what worries the company the most. If you're a retail store, for example, the company would be most worried about opportunistic thefts and premeditated low skill break-ins and will instruct the red team to play as that threat accordingly instead of having them go undercover spy like they did here with the national power grid
NOTICE: these guys were hired by the power company to test their own security, they weren't entering without the power companies consent. This does not mean the company lowered their defenses either, they just won't arrest them if they get caught before they fully get through
depends on the local legislation, but usually, if somebody calls the cops on the situation, the cops first arrest, then notify the affected party, and _then_ if the affected party doesn't press charges, they walk. mostly, if no charges are presented, they get no record. but in some cases they still get a record, with the note of "charges dropped". in some cases, you have to first notify the police that you intend to run a security drill, and that somebody might call the police to a situation involving your person or establishment. in that case, sometimes they'll post an officer to respond specifically to that call, to just play along.
"Can I help you?" "Yeah, I'm just looking for the bathroom." "Oh... How did you get in?" "Just through the front." "Do you have a pass?" "Uh... no." "Well then, let's get you one."
Ok, all kidding aside. I'm a working student at a top applied research facility in Germany which, among other things, develops for airtravel and the military. They occupy a large space with various buildings surrounded by a huge fence; looks kind of intimidating. Some buildings are "breaking" the fence, so to speak; they have an entrance outside of the fence and if you walk through them, then you are behind the fence. Those buildings have all key card scanners and/or guards posted. On my first day, before I got my card, I was walking towards one of the buildings where I was supposed to be picked up by my superior. The door i was walking up to was facing the street, so open to anyone. I had some time to kill and just for shits and kicks pushed against the door, locked, alrighty I thought. But an employee working there saw me push the door from the outside, walked over and.. opened it for me. Just said, "there you go", I was like "thanks" and he walked off. No IT in the world can stop stupid people from breaking security concepts.
The amount of times I was hired for a job that was inside of another store and I was able to just say "Yeah I work here" and be able to go anywhere is crazy.
crime is a mix of want and accessibility, if it's not easily accessible it's typically not worth it to get in. making it easily accessible makes a person just wanting a extra buck able to get in
To be as good as these guys, you need passion and determination in learning these things. Learning SQL Injections, which are considered as basic pentesting methods, can take time to master as you need to be proficient with databases. And they don't work all the time. The guys with application pentesting background must have spent most of their time staring at their debuggers to track data flow so that they can create "zero day" exploits, which are exploits not known to the company, so they can have persistent connection/backdoor.
Brazilian research shows a result impossible to happen due to the law of physics in electric power electricity. It absorbs 35 watts of power and powers the power to 140 watts, consuming only 35 watts of power. ua-cam.com/video/aEyXmsn9Mlo/v-deo.html The hope of the world is in our research, who has energy has the power.
Major kudos to the power company for taking the time out to actually assess their internal security. I hope all major power companies are being this proactive.
They have dedicated "spotters" that literally look for movement in all directions. it's impossible pretty much unless you somehow got in by saying u work there.
nothing would work for that area (unless you made really good friends with ancient intelligent space peeps) they got help there from other dudes in the far beyond.
This type of response is vastly more common than you'd think. If you look and act like you belong there, most people will assume that you do. Most people in a professional environment are biased towards helping, so nefarious people can exploit that inclination, the famous example is standing outside a card-reader door with a bunch of books in the rain with a fake badge on your neck, feigning you can't reach the scanner. Most people would just open the door and let you in. The final thing is, when you think you might be caught, stick to your story to the bitter end, and *never* even when facing arrest from law enforcement or security, admit to anything. :P Of course, it's easier said than done, but for these guys, they carry a get-out-of-jail-free card on them at all times while doing this, so even if the guy had been like, "I'm calling the police." They could have pulled it out and although they would have been busted (hence the company "passes" the test), their hiring contact at the company they were testing would have vouched for them and bailed them out, so of course there is no risk to them sticking with their story for as long as possible even though it's socially difficult to lie under pressure like that and maintain composure even when you know there are no actual consequences. ^_^ That being said, if you ever do this, it better be in the context of pen-testing a company that you've been hired to pen-test, not for actual malicious purposes.
Hacker 1-charisma 100 Hacker 3-intelligence level 100 Hacker 2-strength level 100 Hacker 4-penetration level 100 and they all have the stealth perk unlocked.
@@AndorranStairway This was a power company. They don’t mess around with security. There are all kinds of NERC cyber security compliance standards that they are responsible for otherwise they get fined millions of dollars. Trust me, I’m working for a power company right now.
@@AndorranStairway This power company cared enough to hire another company to come and audit them. They obviously failed and I was simply making the claim that some people lost their jobs over it. Do you disagree?
Penetration testing is such an amazing field. It teaches you so much and it's probably one of the most useful jobs next to IT in today's infrastructure!
And yet my recent former university shut down all my pen testing and IT classes. Part of a deal to shore up the athletic department with $5 million from teaching departments. So count on training yourself, in a lot of places.
Let's be honest here, they just wear it to look cool and *"professional"*. If there is a cyber attack, the SWAT/Police would be there first, then these guys will come in and fix shits up.
Jason Patowsky wtf are you talking about?? Flack jackets are rarely necessary in the US, and very few security guards carry firearms. Certainly not at a tiny utility like this. I didn’t see _any_ security, anyway. Ignorant comment.
Hell I've done this at 3 in the afternoon working for ups. I went to an office/ manufacturing business and scoured the office for employees to sign for a package. I eventually went to an unoccupied security office, after going through multiple unlocked offices, and dropped the package off under the name badge sitting on the desk.
4:12 - I like to use the phrase "I have an appointment to....". I work for an ISP and people at the front desk almost never know Im showing up to perform work. But as long as I say Ive got an appointment it puts the pressure on them to figure out who will get me access to their data room. It helps too if you're wearing some kind of safety vest. I also follow up at some point with phrases like "I promise I wont be turning anything off, Im just here to setup a new service" since thats all the office staff really care about. If the desk person looks willing to give access but confused about where things are located I say "It will be which ever room has all the wires" then they walk me around the office until we find the telecom equipment. Ive lost count of how many times Ive gained unescorted access to data rooms using those 3 phrases. And the front desk personnel dont like to be away from their station so they often leave me alone immediately after finding the data room.
I work in IT too, and my experience is the same. I've had full unescorted access to hospitals and other important places. They even give me badges so other people don't bother/try to stop me.
Today I learned that you need to secure the physical location first. If they could not gain access to the building it would have been very hard to deploy their hacking tech.
If you cant hear or something. They were talking about a bad USB that could take over systems with a RAT. Right, so from there we know that they have a computer nearby RATed and he is typing this command on a macbook, but somehow if you read the Command Prompt it says "Microsoft Windows". He was controlling another computer not simply echoing "hello" to himself lmao.
Foxmanded42 mr robot is nothing like this, this is real situations and white hat hacking. Mr robot is black hat hacking, it's dramatized, and its fake companies/situations
Taylor N I saw Mr Robot. one thing that was clear from the start is that, although dramatized, they did an excellent job at making the show a VERY probable method of hacking. I could have done the whole tricking the server room thermostat trick. A raspberry pi was way overkill for that job. I would have used an arduino or other small microcontroller.
Actually no, hacking is using programming languages to figure out the variables and encryption data that is used to block just anyone from getting into your important software. And yes, this is entirely my definition.
I honestly find it funny, but also somewhat comforting that they had a close call with a protective/nosy neighbor. Sometimes they can actually help with stuff like this, lol
The saying hello part is to make sure that you have control of the other computer. And in a lot of hacking software's, you are required to say: "Hello World" before you can even begin hacking... To make sure that a small kid or someone unable to hack doesn't screw something up, as they would not now you are required to say that. Some even have you set a password.
They're a bunch of script-kiddies. The true hackers are situated in countries excluding USA, Australia, UK, Canada and New Zealand (basically the west). The best hackers are situated in China and Russia.
I think this is one of the parts i like about Brazil. The technology used in our energy companies is so outdated that is basically impossible to hack with them, and so bad organized that not even the people who created it really know how to use it properly.
I've been working in IT programming for 30+ years now and believe me any software can be hacked. It's a never ending cycle and it's just a matter of who gets to the finish line quicker. If it can be created, it can be destroyed 😉
That's actually a big thing with white hat hackers and security firms, there have been loads of times when companies have hired people like this to break in or acquire secret info and they've ended up achieving large parts of it by just having someone who looks authoritative (i.e. in a suit with a clipboard or something) just politely asking different staff about information they could end up using to their advantage.
To clarify for some commenters, yes, this is an actual job. A company hires a group like RedTeam Security to try to break in [to the company], as a way of 1) testing their defenses, and 2) finding what holes are left that need fixing. The hacker team eventually discloses everything they tried, fail or success, so that the company knows how good their security posture turned out to be. The hacker team does have to act and think like "bad guys" because that's the whole point -- but they don't end up doing any real damage, which is also the point.
WWAVYY a 35 dollar credit card size computer. you can install kali OS in it and use thatt for hacking. you can also use that for a lots of projects too.
He already had a reverse TCP shell. You obviously have no idea what you're looking at, so why are you being so condescending? He's using the echo hello as a test. Think of it like if a network admin wants to test connectivity, he wouldn't write dozens of lines of code to manipulate packets in the TCP/IP stack. He'd do a simple ping (and simple pings have brought down entire networks before). There's nothing wrong with using simple tools. That's a script kiddie mindset, thinking everything has to be complex like in movies. Take a stick for instance, in the hands of a child, it's not a big deal, but that same simple stick in the hands of a martial arts master will fuck you up. It's the same with simple hacking tools. It's no so much about the tool, it's about how you use it.
Jdiggy77 My bad, I didn't look closely enough, so I didn't catch that reverse_tcp shell, Its funny because, in windows cmd you can do that and it will say hi and some little kids think they are black cap hackers and do that command...I Understand now that you addressed that mistake.
+JackAttack That's cool. At least you have the character to admit your mistake. Reading these comments is hilarious though. It's like a damn script kiddie convention in here (kiddie-con?) lol. So many thinking they're actually better than the professionals. I work in It sec. One major fuck up and your career is over. These guys wouldn't be in business if they sucked.
The software they used was pre-coded and it would be boring to watch them write every single line of code they used to bypass security or install backdoors.
Actual hacking is not like the BS you see in movies or what these script kiddies do from the UA-cam videos. Most of it is surveillance, monitoring, planning, etc. There is more to true hacks then mindlessly punching computer code into a system.
I really love videos like this, but its uncommon for them to exist because companies aren't exactly that willing to show that their security systems can easily be bypassed.
@@sebastianskovnielsen6472 This one has some not-real stuff in it, it seems. The overhead map they were planning with shows the location of a boat dealership, for example. So at least some stuff appears to have been altered.
@@sebastianskovnielsen6472I feel like there isn't going to be, because companies can't really fully "patch" a sophisticated hired hack like this. It wouldn't be wise to post the best way to breach your companies security publicly, unless it's impossible to replicate again
+Hexigonz If you check their website, they say the RPi is one of the viable devices that can run the software for a PlugBot - basically any small computer that can issue commands and send information over the internet.
The RPI is more valuable than you might think. It may not be a full computer, but very close. It have network access, good storage and good amount of ram and the cpu speed is quite good. And it run linux. All you need to do is write a program for linux and compile for the ARM processor that the RPI use. And it is inexpensive and small. One of the best suited hardware for that job beside having a custom made one.
I love the video and the experience of seeing how a RED team actually works/operates. I just don't understand why there is such a lack of security cameras, motion sensors inside the building alerting of movement after hours. I wonder if they lit something on fire if they even have a fire alarm or system to put out a fire.
Higher management of the company may have turned off the security for that night to see just how far they could get through the building. They don't want the police showing up for these guys since they're being hired to do it. Regular employees and lower management had no idea they were coming, but the higher ups did
@@GatheringRaysThat's unlikely, you usually secretly hire a pentest team without telling your security team so it's as secure as it would be normally. My guess is nobody was watching the cameras, and the building didn't have motion sensors.
For everyone asking "How is this legal?" Since the video doesn't REALLY explain it all that well. This is a group of "White hat" hackers, also known as penetration, or pen testers. They are hired by companies of all types to use the skills and tools they have to test physical and network security. Commonly there are 3 different types of pen tests. An open test, where everyone in the company knows what's going on and they are there literally to test the network as best as they can from inside. A middle ground where security and some higher ups in the department know what's going on, but most employees have no clue so some physical/person security is tested. And then this, a closed test. Only the highest ranking people in the company know the test is happening, the testing group is supposed to get in any way they can, whenever they want to try. Security, if any, isn't notified. Employees aren't notified. It's the most brutal pen test, but also provides the most results. Everything that they do, from picking a lock, to cloning an employee access card will be written up in the test report and given to the hiring company at the end of the test.
Daniella Araujo No. A nuclear power plant. If a airplane flys too close to the reactor (150-50km, depends on size, and if it was planed to fly there) we launch jets to shoot them down if they don't react. (Only in real emergency, Did never happen.)
blue team is defencive hackers hired to secure your cyber security. red team is offensive hackers hired to test and break your cyber security. these guys are using a combernation of social engineering (manipulating people to give you information and access to certain things) and hacking tools to break into the systems of the power grid
Its stronger than normal clothes, they can probably get over a barbed wire easily. Also if an accident happens or a guard sees them they wont be as hurt.
CrapLuckSimon Windows too but they rarely are made to be open frequently. Definitely weaker structure but usually requires you to just smash it where as with door, you just turn the handle. It is totally human to forget to lock the door you use to say, go to cigarrette break ;) Most common door to be unlocked, sometimes even propped open..
SquidCaps I was just saying, doors are typically how a person pass into/out of a room. And by that I mean it's not surprising. However I understand what you're saying, that it IS surprising that mostly anyone can get through those doors. I dunno, maybe I'm being a dick, sorry. I was just trying to make a light joke lol.
“Everyone has their equipment?”
-“Cigarettes”
-“iPhone”
and the USB
K
Android*
It has termux wich is a Linux emulator
EZ CLAP
@@victoriakamani1838 stfu bot
Think different.
People really are one of the weakest parts of most security systems.
How did you get in here?
Front door.
do you have a pass?
no.
Well let's get you a pass!
@@christiandominiclangreo5101 did we ask
Christian Dominic Langreo did we ask?
@@christiandominiclangreo5101 did we ask?
Nope. But your moms did.
@@christiandominiclangreo5101 at least we have 1
Security people: "You need to update your operating system regularly to prevent hacks."
Hospitals: *WINDOWS 7 / XP*
Use Linux, duh
Where i'm from, windows 98 and XP are still used
@Watching Channel i wish i was, that's really sad
@Watching Channel Literally in my place we still use Windows xp and windows 1.0.
@@coolwei1427 theres alot of windows longhorn and xp here, i honestly dont know how or why we still have longhorn.
So they got a programmer, a network engineer , and a wild card ( the army guy) and a social engineer
Bro that’s the perfect hacking team
yes they can hack u
Daniel Wilten
You are correct sir.
@@jakaimsirovic3736 no shit
Just needs a system administrator
Man the new watch dogs looks great
Lmfao I was waiting for someone to make this comment
This obviously isn't Watchdogs, the graphics are too good.
+Oreki Houtarou the new graphics look so good and the parkour mechanics
in Wd you can get pretty good looking graphics with mod
+Oreki Houtarou It's still a trailer, they're going to downgrade for sure. I just hope they don't downgrade the volumetric beard rendering.
Security tip number 1.
Lock.. the... door.
Right, that'll totally help! 😂
Daniel RRNC That is one minute of fiddling with a lock compared to twist the door handle and nothing suss.
+Daniel RRNC not if my snipers have anything to say about it
+Daniel RRNC you can hardly pick your nose, so full of shit
Depends on the lock. Not every lock is picked in a minute.
"Any time you break into a building"
Thief: "Write that down, Write that down!"
LOL
charles the french reference? LOL
nah, its good people aren't practicing security by obscurity anymore - now if only MasterLock and American would develop some real locks instead of just letting them comb open in 2 seconds.
This is dope as hell. I'm kind of blown away because although I know that companies higher a hacker or two to come into a office during working hours to test security, never did I think people go Metal Gear Solid on their ass and stealthily break into buildings and power substations. It actually looks fun.
i work at a remote fully independant work station. and yeah its kinda fun sneaking around and seeing whats unlocked. ima poke around their network ina bit. but for example every vic is unlocked and theres open networks
If you're interested in this type of stuff, I highly recommend the podcast darknet diaries cause it's super fascinating. And no, I have no affiliation with it or the host lol, it's just an incredible podcast. The xbox underground hackers were probably some of the best podcast episodes I've ever heard cause it's batshit insane what those guys did. Also a pentester team that got arrested by backwoods cops who didn't believe them when they got caught lol, and their ensuing trial.
@@mdog86 Darknet Diaries actually linked to this video in Episode 95 from 2021 when they interviewed folks from RedTeam Security. I just finished listening to the episode. Super interesting stuff, and Darknet Diaries is great.
It entirely depends on what worries the company the most. If you're a retail store, for example, the company would be most worried about opportunistic thefts and premeditated low skill break-ins and will instruct the red team to play as that threat accordingly instead of having them go undercover spy like they did here with the national power grid
@@mdog86 Definitely recommend Darknet Diaries as well. Jack gets some amazing guests.
NOTICE: these guys were hired by the power company to test their own security, they weren't entering without the power companies consent. This does not mean the company lowered their defenses either, they just won't arrest them if they get caught before they fully get through
no shit? that was explained in the video...
there's still dumb people out there who don't listen but watch for example.
depends on the local legislation, but usually, if somebody calls the cops on the situation, the cops first arrest, then notify the affected party, and _then_ if the affected party doesn't press charges, they walk.
mostly, if no charges are presented, they get no record.
but in some cases they still get a record, with the note of "charges dropped".
in some cases, you have to first notify the police that you intend to run a security drill, and that somebody might call the police to a situation involving your person or establishment.
in that case, sometimes they'll post an officer to respond specifically to that call, to just play along.
That dumb person who don't listen and just watch would be me. Thanks for the info
I heard that too. My $.02-thought is that a bigger company bought this company and hired these guys to see where the security need to be updated.
Here in Kenya a simple drizzle is enough to send the country into a 3 day blackout.
haha hiyo ni noma bro !
Nah thats Zimbabwe
@S.O.L Masterclass Music You didn't get the joke, did you?
really?
In South Africa they call them Load Shedding, they just switch off the power for the whole country🤷🏽♂️
"Can I help you?"
"Yeah, I'm just looking for the bathroom."
"Oh... How did you get in?"
"Just through the front."
"Do you have a pass?"
"Uh... no."
"Well then, let's get you one."
That would be MY company right there.
Ok, all kidding aside. I'm a working student at a top applied research facility in Germany which, among other things, develops for airtravel and the military. They occupy a large space with various buildings surrounded by a huge fence; looks kind of intimidating. Some buildings are "breaking" the fence, so to speak; they have an entrance outside of the fence and if you walk through them, then you are behind the fence. Those buildings have all key card scanners and/or guards posted.
On my first day, before I got my card, I was walking towards one of the buildings where I was supposed to be picked up by my superior. The door i was walking up to was facing the street, so open to anyone. I had some time to kill and just for shits and kicks pushed against the door, locked, alrighty I thought. But an employee working there saw me push the door from the outside, walked over and.. opened it for me. Just said, "there you go", I was like "thanks" and he walked off.
No IT in the world can stop stupid people from breaking security concepts.
You could design absolute measures but they might get a bit intrusive.
Laughed my fucking ass off XD
A+ security.
The amount of times I was hired for a job that was inside of another store and I was able to just say "Yeah I work here" and be able to go anywhere is crazy.
Them: "Were just gonna throw Steve over the fence"
Me: wut
Video: immediately cuts to the other hackers literally throwing steve over the fence.
This was 4 years ago... now the hacking is even easier
Yeah just throw Steve over the fence
Lmfao
Plot twist: these guys aren’t ethical hackers and they successfully hacked into the US Power Grid
I wouldn’t even be mad at that point xD
They social engineered Tech Insider to make them think they were ethical hackers 😂
🤣
But that makes no sense
@@DweeD1516 r/wooosh
"so what do you do for a living?"
-"well I break in some company and some stuff..."
"..."
Daan Mateman that's awesome during the process!!!
you can have a shirt saying "I am a *PENETRATION* tester."
Dont worry about it, a criminal record is a plus in the dating market for a lot of women xD
Xtcent penn testing isn't criminal at all
Doge This! Ethical hacking you can leave with it
#1 rule of security: Someone will always get in.
#2 rule of security: Make it as hard as possible for them to get in.
crime is a mix of want and accessibility, if it's not easily accessible it's typically not worth it to get in. making it easily accessible makes a person just wanting a extra buck able to get in
that has to be one of the must fun jobs in the world. You're getting paid to hack a company legally...
What they don't show you is the months of planning, surveillance, and training involved leading up to this event.
And, most importantly, whether you fail or succeed :D
To be as good as these guys, you need passion and determination in learning these things. Learning SQL Injections, which are considered as basic pentesting methods, can take time to master as you need to be proficient with databases. And they don't work all the time. The guys with application pentesting background must have spent most of their time staring at their debuggers to track data flow so that they can create "zero day" exploits, which are exploits not known to the company, so they can have persistent connection/backdoor.
These guys hack the US power grid and I couldn't get into a girls pants until I was 19.
Judging by their job they might have not.
Top 10 Archive haha nice joke I’m dying,
Brazilian research shows a result impossible to happen due to the law of physics in electric power electricity.
It absorbs 35 watts of power and powers the power to 140 watts, consuming only 35 watts of power.
ua-cam.com/video/aEyXmsn9Mlo/v-deo.html
The hope of the world is in our research, who has energy has the power.
Top 10 Archive don't worry, we're in the same boat
Top 10 Archive you mean 30
Major kudos to the power company for taking the time out to actually assess their internal security. I hope all major power companies are being this proactive.
+Jason Baumgartner We can only hope.
It's not optional for them
WHAT DO YOU MEAN
RIP YOUR ENGLISH
+common sense
OH REALY EVERY ASIAN LOOKING PERSON IS MUSLIM?
HAHAHAHA
THEN EVERY BLACK AFRICAN IS CHRISTIAN THEN
+VAJ nope, just from your history you seem Muslim. Your researching making bombs and watch allot of videos about Isis
Imagine if this was a watch dogs mission.
Mission name: *POWER PLAY*
Holy sh*t, this is actually a great idea, especially with all the social engineering stuff
next break into area 51
They have dedicated "spotters" that literally look for movement in all directions. it's impossible pretty much unless you somehow got in by saying u work there.
Plague Doc only way to get in is by aircraft
nothing would work for that area (unless you made really good friends with ancient intelligent space peeps) they got help there from other dudes in the far beyond.
now i want people to raid the area 51 so everyone in the world can see whats been going on
do you mean 'missiles'?
They better not interrupt my minecraft grinding
With a username like that I bet you do grind minecraft.
Him.
S hut up weeb
koolness does stuff *calls* *someone* *weeb* *thinks* *youtube* *censors*
Han Xu s was their name so i added hut to it idiot
Keemstar hacks a power grid
WOT that was Keemstar will that guy PLZ Stop!
On files on top of files on top of files
LOL XD
Swing at me and I can swing back harder
SHAT AP
I love the idea of legal hackers that test our own defenses
that is the job of physical penetration tester and certified ethical hacker lol
*Oh, well then, let's get you a pass*
At that point I was sure he was busted.. lol
This type of response is vastly more common than you'd think. If you look and act like you belong there, most people will assume that you do. Most people in a professional environment are biased towards helping, so nefarious people can exploit that inclination, the famous example is standing outside a card-reader door with a bunch of books in the rain with a fake badge on your neck, feigning you can't reach the scanner. Most people would just open the door and let you in. The final thing is, when you think you might be caught, stick to your story to the bitter end, and *never* even when facing arrest from law enforcement or security, admit to anything. :P Of course, it's easier said than done, but for these guys, they carry a get-out-of-jail-free card on them at all times while doing this, so even if the guy had been like, "I'm calling the police." They could have pulled it out and although they would have been busted (hence the company "passes" the test), their hiring contact at the company they were testing would have vouched for them and bailed them out, so of course there is no risk to them sticking with their story for as long as possible even though it's socially difficult to lie under pressure like that and maintain composure even when you know there are no actual consequences. ^_^
That being said, if you ever do this, it better be in the context of pen-testing a company that you've been hired to pen-test, not for actual malicious purposes.
can someone tell me why this isnt a TV show?
Amadeus Xersy cuz no one watches tv
Amadeus Xersy Well there's a show called Mr. Robot. You should check it out.
Amadeus Xersy Because most of their clients probably want to remain private.
I find this video dangerous just for being avaible here. A tv show would end up inspiring many black hats.
VICE 's cyber war is kinda like this
Hacker 1-charisma 100
Hacker 3-intelligence level 100
Hacker 2-strength level 100
Hacker 4-penetration level 100
and they all have the stealth perk unlocked.
Yeah penetration 😂😂
penetration
and you sir have penetration 500
Mr Dick lol
@@emilvincent5034 *excuse me what the f*
After trying their best, all they found was a hamster powered generator.
There are a few people that probably woke up to a permanent vacation after this debacle.
@Kelvin Guru I doubt it. They probably just got a warning.
Think different.
...so now I can actually not go to jail for this kind of activity
@@AndorranStairway This was a power company. They don’t mess around with security. There are all kinds of NERC cyber security compliance standards that they are responsible for otherwise they get fined millions of dollars. Trust me, I’m working for a power company right now.
@@AndorranStairway This power company cared enough to hire another company to come and audit them. They obviously failed and I was simply making the claim that some people lost their jobs over it. Do you disagree?
Started from moms basement and now breaking into shit.
lol we all gotta start somewhere rite..
Right.
wright
Ritz
HAHAHA LOL!!!
Keemstar? Is that you? You went from
DOXing to full on hacking? Damn.
ISexuallyIdentityAsAnAttackHelicopter 😂
Who?
+Nic Wilson Fousseytube is that you?
+blackheart909 What does fousy have to do with this
CaptBlenZ Who?
This new season of _Mr Robot_ looks legit!
Yes
Penetration testing is such an amazing field. It teaches you so much and it's probably one of the most useful jobs next to IT in today's infrastructure!
IT? Damn, i thought about penetration testing something else ... :/
And yet my recent former university shut down all my pen testing and IT classes. Part of a deal to shore up the athletic department with $5 million from teaching departments. So count on training yourself, in a lot of places.
@@SchoolforHackersAnything for the athletic department!
@@SchoolforHackers Because you likely live in a rural area where IT careers are not prevalent
@@austen2751 No, Albuquerque, NM. Sandia Labs, Los Alamos Labs, Kirtland AFB, Intel....
They are wearing bulletproof vests jus in case there's a trigger happy security guard.
ThePoorEditing Channel xD
Well, this IS in the US, so it was necessary
While they were wearing vests that could certainly have plate carrying capabilities... they weren't necessarily bullet proof
Let's be honest here, they just wear it to look cool and *"professional"*. If there is a cyber attack, the SWAT/Police would be there first, then these guys will come in and fix shits up.
Jason Patowsky wtf are you talking about?? Flack jackets are rarely necessary in the US, and very few security guards carry firearms. Certainly not at a tiny utility like this. I didn’t see _any_ security, anyway.
Ignorant comment.
Hell I've done this at 3 in the afternoon working for ups. I went to an office/ manufacturing business and scoured the office for employees to sign for a package. I eventually went to an unoccupied security office, after going through multiple unlocked offices, and dropped the package off under the name badge sitting on the desk.
4:12 - I like to use the phrase "I have an appointment to....". I work for an ISP and people at the front desk almost never know Im showing up to perform work. But as long as I say Ive got an appointment it puts the pressure on them to figure out who will get me access to their data room. It helps too if you're wearing some kind of safety vest. I also follow up at some point with phrases like "I promise I wont be turning anything off, Im just here to setup a new service" since thats all the office staff really care about. If the desk person looks willing to give access but confused about where things are located I say "It will be which ever room has all the wires" then they walk me around the office until we find the telecom equipment. Ive lost count of how many times Ive gained unescorted access to data rooms using those 3 phrases. And the front desk personnel dont like to be away from their station so they often leave me alone immediately after finding the data room.
I work in IT too, and my experience is the same.
I've had full unescorted access to hospitals and other important places.
They even give me badges so other people don't bother/try to stop me.
legit keemstar in the thumbnail
Booce
dude
thats what I was thinking when I opened the vid
Booqueefius oh my fucking god hahaha
Booqueefius booqueefius ees dat uuu
Booqueefius lol
*that guy is like "I was a paratrooper medic so that makes me an elite 4 hacker of the worlds."*
♛ Huffdaddy™ If im reconaissance and surveillance does that make me an elite hackz0r?
Plot twist these guys are actually hacking and stealing everything there......
well, their service doesn't come free ;)
These guys are probably making 200k+ USD each, don't think anything in there would be worth it lmao
Okay, stop with the plot twist. Maybe flip side of the story would work. Lol.
Today I learned that you need to secure the physical location first. If they could not gain access to the building it would have been very hard to deploy their hacking tech.
Need Helper
6:57 "make a dash for that dumpster"
*proceeds to slowly jog*
I litteraly read this right when i herd it 😂
You would rather sprint and make obvious noise, giving away your position?
Sounds about right lmao
13:38
Team: **explains advanced techniques**
Video: *echo "hello"*
If you cant hear or something. They were talking about a bad USB that could take over systems with a RAT. Right, so from there we know that they have a computer nearby RATed and he is typing this command on a macbook, but somehow if you read the Command Prompt it says "Microsoft Windows". He was controlling another computer not simply echoing "hello" to himself lmao.
It's a .exe and he's echoing to make sure he's made contact remotely.
@@molly3237 bruh.exe has loaded
Also windows 6...😀
roman s yeah they are from offensive security I believe which I think is part of the people that make kali Linux
this would be a fucking awesome TV series.
Zbbbudi Yea!
With similar production to this, not full of unnecessary fluff.
Foxmanded42 mr robot is nothing like this, this is real situations and white hat hacking. Mr robot is black hat hacking, it's dramatized, and its fake companies/situations
Taylor N
I saw Mr Robot. one thing that was clear from the start is that, although dramatized, they did an excellent job at making the show a VERY probable method of hacking. I could have done the whole tricking the server room thermostat trick. A raspberry pi was way overkill for that job. I would have used an arduino or other small microcontroller.
Elliot is almost entirely black hat. White hat would mean that he was authorized to do his hacking.
12:00 the thing is too, is you only need to get in there for a minute. By the time an alarm or someone shows up, its way to late.
this was the original trailer for watch dogs 2
Explosions Fire n' More lol w
LEAVE ME ALONE! Thank god they changed it. Looks boring as fuck!
watch dogs in real life
Watchdogs should've been more like Mr robot then it would've probably the best game of 2014, of course with no hyped graphics.
Lieutenant Dan DRINK ALL THE BOOZE, HACK ALL THE THINGS!
"A snowstorm swept the region"
Shows the most peacefully snow fall.
Yep gotta love Michigan
This seems really fun to do. Imagine, you get to break into places for your job.
That would be fun.
Become a pentester
Yes, I wanna do this lol
that's why hackers exist
@@deathbynecro7813 red teamer*. Pen testers are slightly different
"we thought we had all the security holes patched" 😂 no lady you just forgot to lock the back door
Her "2 steps forward, 3 steps back", was also very telling.
How to hack:
1.Take baseball bat to local powerplant
2. Fill in the rest
The Real Adam Sandler Already stated it all
The Real Adam Sandler that’s not hacking, dumbass, and won’t achieve anything
Filming In Portland it's a joke
Filming In Portland fucking idiot you are are you 2 stfu
Actually no, hacking is using programming languages to figure out the variables and encryption data that is used to block just anyone from getting into your important software. And yes, this is entirely my definition.
This is why you don't bully us nerds. We can take your robux in a matter of minutes.
LOL
Blue Milk idiot they ain't even low hackers
*robux*
Tomos Halsey in game currency for a child’s gaming website called Roblox.
I agree
13:38 He's literally just printing out "hello" lol
-Goes to desktop
-Opens notepad and writes hello?
-Tries to write hello as a command
-Fails
-Just prints hello
@@Tiogar60 Big brain !
@@hackanddrift4692 Hackerman
You also realize that he's also writing it to a remote pc that's running windows right? Did you notice he is writing the command on a mac?
Josh Dobis it's just SSH. Not anything interesting.
I honestly find it funny, but also somewhat comforting that they had a close call with a protective/nosy neighbor. Sometimes they can actually help with stuff like this, lol
13:38 batch cmd literally saying "hello." epic coding. I'm impressed.
The saying hello part is to make sure that you have control of the other computer. And in a lot of hacking software's, you are required to say: "Hello World" before you can even begin hacking... To make sure that a small kid or someone unable to hack doesn't screw something up, as they would not now you are required to say that. Some even have you set a password.
L6 Mayhem well now I know :) lets fuck that up
L6 Mayhem
echo Hello World
He's giving the 'hacked' computer a command to test whether or not he has control
lmfao
10:52 A truly skilled hacker, the best of the best. This is what we have to offer.
rofl
Reno Cicchi we can afford faster computers in America. So. we can hack faster
They're a bunch of script-kiddies. The true hackers are situated in countries excluding USA, Australia, UK, Canada and New Zealand (basically the west).
The best hackers are situated in China and Russia.
Just as a geography lesson New Zealand is East of both China and Russia..
Oi how'd you find that one out? Cause you're pulling it out of your ass.
When you're breaking into a power grid and your teammate starts throwing
Leeeeeee Rooooy Jenkins
yeah, throwing your teammate over a barbed wire fence
I think this is one of the parts i like about Brazil. The technology used in our energy companies is so outdated that is basically impossible to hack with them, and so bad organized that not even the people who created it really know how to use it properly.
I've been working in IT programming for 30+ years now and believe me any software can be hacked. It's a never ending cycle and it's just a matter of who gets to the finish line quicker.
If it can be created, it can be destroyed 😉
@@natahliak7691 sudo rm -rf
ultra kek@@ufmatt001
Do you have a pass?
No...
Then let's get you one.
Great security!
That's actually a big thing with white hat hackers and security firms, there have been loads of times when companies have hired people like this to break in or acquire secret info and they've ended up achieving large parts of it by just having someone who looks authoritative (i.e. in a suit with a clipboard or something) just politely asking different staff about information they could end up using to their advantage.
User:Admin
Password:
*Hmmmmm*
Password:Admin
Cool, I'm in. xD
Working IT ive seen this far too often *Facepalm*
That is very true i was able to guess my gateway password first try then i changed the password since im the only one who really needs it
What about root without a password?
@@rubenadema1094 *su root* o look i now have full access to their computer
-HOW TO HACK IPHONE
-HOW TOHACK SAMSUNG
To clarify for some commenters, yes, this is an actual job. A company hires a group like RedTeam Security to try to break in [to the company], as a way of 1) testing their defenses, and 2) finding what holes are left that need fixing. The hacker team eventually discloses everything they tried, fail or success, so that the company knows how good their security posture turned out to be. The hacker team does have to act and think like "bad guys" because that's the whole point -- but they don't end up doing any real damage, which is also the point.
I love the live training with live scenarios. Expect the unexpected.
Keemstar trying to hack the UA-cam database
TheTan Alex is a stupid n......
Get his subscribers back.
TheTan That exactly what i was thinking😂😂😂
they hilarious
Ahhh *Raspberry Pi* one of the best thing British invented after cricket..
What exactly is a raspberry pi ? I’m kinda new to this whole thing
WWAVYY a 35 dollar credit card size computer. you can install kali OS in it and use thatt for hacking. you can also use that for a lots of projects too.
lol..."computer"
Isaac Kay Yes, the raspberry pi is a computer.
@@isaackay5887 1.2 GHz CPU that can fit in your pocket ¯\_(ツ)_/¯
Watchdogs 3
Ryan Acree wright
+James Savona right*
Horzinicla Phoenix Wright*
my thoughts exactly when this popped up in my reccomended vids
+Bombs Away Thank you :)
13:38 echo "hello" LMAO
so 1337
Hahah, hes such a bad hacker! XD
He already had a reverse TCP shell. You obviously have no idea what you're looking at, so why are you being so condescending?
He's using the echo hello as a test. Think of it like if a network admin wants to test connectivity, he wouldn't write dozens of lines of code to manipulate packets in the TCP/IP stack. He'd do a simple ping (and simple pings have brought down entire networks before).
There's nothing wrong with using simple tools. That's a script kiddie mindset, thinking everything has to be complex like in movies. Take a stick for instance, in the hands of a child, it's not a big deal, but that same simple stick in the hands of a martial arts master will fuck you up.
It's the same with simple hacking tools. It's no so much about the tool, it's about how you use it.
Jdiggy77 My bad, I didn't look closely enough, so I didn't catch that reverse_tcp shell, Its funny because, in windows cmd you can do that and it will say hi and some little kids think they are black cap hackers and do that command...I Understand now that you addressed that mistake.
+JackAttack That's cool. At least you have the character to admit your mistake.
Reading these comments is hilarious though. It's like a damn script kiddie convention in here (kiddie-con?) lol. So many thinking they're actually better than the professionals.
I work in It sec. One major fuck up and your career is over. These guys wouldn't be in business if they sucked.
Me hacking into the US power grid to steal some Bobux:
“Business is boomin”
I rate it 9/11
@@doink4997 Never Forget.
@@OfficialMrMalicious you changed you name, it was "rate my comment". That's why I rated it....
@@doink4997 Yeah I know, also if you see a guy named @Cowbelly tell him he owes me $100
Watch Dogs be like
Pichu Pichu 1 or 2
technically 1 since you go to power grids to hack them
Pichu Pichu more like watch dogs 2
No i'm Pikachu
Evan Zu actually the first one was not even pikachu it is pichu
You don't need a hacker, all you need to do is, well as a Lineman I'm not going to tell you how. But it starts at the substations.
Bain: Okay guys, the thermal drill, go get it.
*99% of the video sneaking around*
*1% of the video hackers actually hacking*
The software they used was pre-coded and it would be boring to watch them write every single line of code they used to bypass security or install backdoors.
BarkeyGaming Thats called hacking mah bru
Actual hacking is not like the BS you see in movies or what these script kiddies do from the UA-cam videos. Most of it is surveillance, monitoring, planning, etc. There is more to true hacks then mindlessly punching computer code into a system.
a lot of penetration testing involves "hello, I'm a technician/anti rodent guy/student/whatever". You could still consider it hacking.
Its physical and hardware hack just at the same time, lol
This is scary that they can do this
lukas proctor I’m hype for the new album
Me too
They make a 2 new songs already jumpsuit and nico and the niners
Having tried all hack tools on UA-cam,I must say @hackrone on Instagram is the only working and most recommended one.
It's called physical PENTESTING if ur doing this without permission it's called physical acess
IP skid: I'll take out your wifi!
These guys:Lol, I'll take out your countries electricity
Plug boy is a raspberry pi
J Vlogs and Reviews it has to be. lol
J Vlogs and Reviews lol ikr
Its the pie 3
raspberry pi is really good for hacking
Pi*
They are like PayDay 2 in stealth
Matt Yaqin I would say GTA Heists
@@nameinnprogress nah payday is where it's @
Shadowraid
i can do everything... echo "hello"
Echo hello
Open roblox.exe
Cyberspyzie.com
So this is a tutorial how to do it worked well, thank you. 10/10 tutorial.
Hey. Respect for not dramatizing the hell out of this...this is what documentaries should be.
Thumbnail is keemstar oml
ProperGanderSaul i am
made my day
I really love videos like this, but its uncommon for them to exist because companies aren't exactly that willing to show that their security systems can easily be bypassed.
Have you found any other?? this is the best, and only, one that I've found. I'd love to see some more physical pen testing "pov" videos
@@sebastianskovnielsen6472darknet diaries has a few podcasts of pentesters talking about jobs theyve been on
@@sebastianskovnielsen6472 This one has some not-real stuff in it, it seems. The overhead map they were planning with shows the location of a boat dealership, for example. So at least some stuff appears to have been altered.
@@sebastianskovnielsen6472I feel like there isn't going to be, because companies can't really fully "patch" a sophisticated hired hack like this. It wouldn't be wise to post the best way to breach your companies security publicly, unless it's impossible to replicate again
It's creepy that this came out 6 years ago And there's now been attacks on the power grid.
Did anyone else see the Raspberry Pi when they were talking about the plug bot and grin? lol
+Hexigonz If you check their website, they say the RPi is one of the viable devices that can run the software for a PlugBot - basically any small computer that can issue commands and send information over the internet.
you wanna hack someday i see..
The RPI is more valuable than you might think. It may not be a full computer, but very close. It have network access, good storage and good amount of ram and the cpu speed is quite good. And it run linux. All you need to do is write a program for linux and compile for the ARM processor that the RPI use. And it is inexpensive and small. One of the best suited hardware for that job beside having a custom made one.
12:31 Was that dude really wasn't able to pick that Masterlock number 5? That's like the easiest lock to pick.
LPL has entered the chat
While he should be able to do that, Pickin in the field especially in harsher conditions, can make picking locks more difficult
He was attempting to rake the lock not actually pick it, thats why he couldn't get in
@@grayson4175 yeah I wondered why dude went the easy amateur route as a professional
@@K-Riz314 maybe that’s what they wanted to simulate it.
Me who doesn't live in the US:
*Oh no!*
Anyway
Me who lives in the US:
*Oh no!*
Anyway
Me who doesn't live:
@@Banana-rg9pz R/whoosh
Its most likely not better in your country.
@@XY-wy3rh well.. instead of cyberattacks here we have drugs, murder, and human trafficking
"You have a pass?"
".. Uh.. no."
" ... Well let's go get you a pass!"
"Anytime you're gonna break into a building.." Oh here's were I take notes!
*Where
13:39 "echo "hello" " haha DAT HACKER
Skyyward lol, he's running Meterpreter. I'm assuming he's trying to display a console window saying "hello" on \stevek\
Ryan Montgomery Yeah maybe
What does this even mean...?
PluginSupport It means he does actually know what hes doing
hold my beer
thx for telling me how to do all of this
jokes im a lazy kid in England
exactly xD
i cant believe i fall for that
meme
your picture lookst shitty on my retina MBP and its outdatet. now we have this Big Leters on profile picutres
420
Strider Da Bowmb i know x))))))))))
I love the video and the experience of seeing how a RED team actually works/operates. I just don't understand why there is such a lack of security cameras, motion sensors inside the building alerting of movement after hours. I wonder if they lit something on fire if they even have a fire alarm or system to put out a fire.
Higher management of the company may have turned off the security for that night to see just how far they could get through the building. They don't want the police showing up for these guys since they're being hired to do it. Regular employees and lower management had no idea they were coming, but the higher ups did
@@GatheringRays If they're intentionally lowering their defenses then that defeats the point of a pentest though ...
@@GatheringRaysThat's unlikely, you usually secretly hire a pentest team without telling your security team so it's as secure as it would be normally. My guess is nobody was watching the cameras, and the building didn't have motion sensors.
For everyone asking "How is this legal?" Since the video doesn't REALLY
explain it all that well. This is a group of "White hat" hackers, also
known as penetration, or pen testers. They are hired by companies of all
types to use the skills and tools they have to test physical and
network security. Commonly there are 3 different types of pen tests. An
open test, where everyone in the company knows what's going on and they
are there literally to test the network as best as they can from inside.
A middle ground where security and some higher ups in the department
know what's going on, but most employees have no clue so some
physical/person security is tested. And then this, a closed test. Only
the highest ranking people in the company know the test is happening,
the testing group is supposed to get in any way they can, whenever they
want to try. Security, if any, isn't notified. Employees aren't
notified. It's the most brutal pen test, but also provides the most
results. Everything that they do, from picking a lock, to cloning an
employee access card will be written up in the test report and given to
the hiring company at the end of the test.
it says near the end that they were hired
The video shouldn't really have to explain this, people are just fucking retards that dont understand it.
Where I work, the security is so high, that we launch jets when necessary.
Did u work in Area 51 my dude?
XD
+Daniella Araujo aircraft carrier.
Daniella Araujo No. A nuclear power plant. If a airplane flys too close to the reactor (150-50km, depends on size, and if it was planed to fly there) we launch jets to shoot them down if they don't react. (Only in real emergency, Did never happen.)
i was really hoping u worked in area 51
This is more fun to watch than any other tv show. So cool to finally see what is really going on.
_"We are a professional hacker team"_
*1:02* starts, touching a lock with no gloves
FBI: _nah, you not_
Don't get your knowledge of forensics from tv shows...
Dat music makes the whole thing even more funny
they should make this a show on Netflix or a TV show
Why do I feel like none of these guys know what the fuck there talking about
RED EYES ALWAYS probably because you don't know what their talking about. 😉 lol
Mark Faley or they just think Ima dumb ass so they say big words in there sentences to trick ignorant people like you
lmao
Sheyon "echo 'hello'"
we're in guise we got their mainframe! !!1!!!!111!
they could've done some cool shit with the meterpreter payload, instead they echo basic shit which doesn't look impressive at all
I’m completely confused at what is going on here
Same wish I knew 😪
@@kezin395 basically people hire pro hackers to try and break in to test their security
@@bt-qq1rp living the dream! Haha
blue team is defencive hackers hired to secure your cyber security. red team is offensive hackers hired to test and break your cyber security. these guys are using a combernation of social engineering (manipulating people to give you information and access to certain things) and hacking tools to break into the systems of the power grid
Why are some of them in combat gear?
Anders Kristensen safety first tss. you didnt know if theres guard here who has in bad mood
Its stronger than normal clothes, they can probably get over a barbed wire easily. Also if an accident happens or a guard sees them they wont be as hurt.
Anders Kristensen i love the pfp 👌
Safety
they think it looks cool and tactical and shit. no real benefits. they are still nerds
You'd be surprised how many places you can get in to by simply opening the door. Specially government facilities, power grid but also to homes..
Doors typically are both the entrance and exit of a building.. I'd find the window perhaps a bit more surprising.
CrapLuckSimon Windows too but they rarely are made to be open frequently. Definitely weaker structure but usually requires you to just smash it where as with door, you just turn the handle. It is totally human to forget to lock the door you use to say, go to cigarrette break ;) Most common door to be unlocked, sometimes even propped open..
SquidCaps I was just saying, doors are typically how a person pass into/out of a room. And by that I mean it's not surprising. However I understand what you're saying, that it IS surprising that mostly anyone can get through those doors.
I dunno, maybe I'm being a dick, sorry. I was just trying to make a light joke lol.
Alternate Title :
POV : You’re a professional skid trying to commit epic computer hack
Lmao he said “ I’m gonna download some malicious scripts” and I just pause the video to take that in
Well, they are not programmers. They are professionals who use tools.
FOR SCHOOL THO RIGHT?
@@tonybloodloss the plugbot they used was made in house....
@@tonybloodloss lol, script kiddies yeah any 12 year old can run a script and take out entire bank networks and school networks, calm down
These red team guy are the Navy seal of cybersecurity!! You need to have so much skills in order to do that, that is really impressing!!
Yeah... well my dad works at microsoft and I'm gonna get you banned
Aaron They were paid to test the security, hence, white hat hacking.
You missed the meme.
joel. No but you and your zero subs can tho
TechBaron, Cameras and more! The joke went straight over your head
Aaron my dad works at Sony and Sony is better than Microsoft wanna know why Microsoft is named that?