I'm Jason E Street a penetration tester and I'm here today to answer your questions from the internet this is pin testing support [Music] first up John Hannan hey Siri what is penetration testing penetration testing is basically a company hiring a hacker or security professional to test their security by breaking in via the website or the building itself or you know their internal network devices just any way they can to validate their security at volkis AU what's the most underrated physical pin test tool you use a lot I got a lot of them it's hard to narrow it down to just one one of the things that you you want to get when you're doing a physical pin test is you want to record as much data as you can I just need my glasses that has a camera installed in it with a Micro SD card to store the data I have the newer version of the Microsoft employee badge but quite frankly why mess with a good thing no one knows what the new employee badge looks like anyway so I'm still using this one mostly every engagement I go to I'm always carrying a cup of coffee or a clipboard because that way the camera is facing the right way when I'm recording it with my watch and I have at least one or two video recorder pins that I carry with me this is actually what the video camera looks like this will if I get close enough it will copy the employee badge of employee going through the door I can clone it and then I can resend that to the gate or the door and it'll let me in thinking I'm that employee this looks like a typical iPhone charger that's a micro computer with Wi-Fi and Bluetooth with several different payloads installed on it that I can launch individually from my phone a lot of CEOs a lot of Executives have those high-end HDMI monitors that's perfect because this screen crab plugs in HDMI from the monitor into here then back to the computer through here and Records it onto a Micro SD card and also will wirelessly transmit it to you so you're seeing their whole desktop when I'm feeling really fancy I like to wear my cuff links because this comf link is a USB wireless adapter turning any desktop or any device or any server into its own wireless access point into this company's Network and then this one has the drivers and malware that I I can read and copy over onto that drive and use it to launch the attacks with stylish and also scary more ocean Sun can you walk me through the process of a penetration test including the different phases and types of tests that may be performed ninety percent of what you're going to be doing on a penetration test is Recon reconnaissance is actually finding out all you can about the target all the different variables checking their websites trying to look to see what technology they have looking at their location see if you can find blueprints online seeing if you can see pictures from social media of what the directions of the flows or what people are doing what their security looks like then with the scanning what you're doing is usually doing different kinds of scans to see what kind of Port responds which will give you a better way of trying to exploit it to see if there's vulnerabilities in it then you're going to try to see what you can compromise and what kind of privileges you can escalate or how you can pivot to other parts of the network that can give you more privilege and then you do the exploitation phase where you're actually running the code and trying to download the data and then you export trait try to get all that data out try to show that it can be successfully taken away from the client then the worst part of the penetration test report is the reporting because the report writing is you know the boringest and the most important part of the whole engagement at Bella pada Anna can someone teach me how to rob a bank from my phone yes and no I'm not going to at dude who code what's a hacker attire everybody thinks it wants to be a hoodie I am way more scarier when I'm dressed up in my suit the whole stereotypes are what's going to get you in trouble because when they're not dressed like that stereotype you're more likely to trust that person or that attacker Acorn back what documentation should you carry on site for a physical pin test a get out of jail free card in a get out of jail free card is going to be the letter of Engagement that the client gives you so when someone catches you you show it to them and it says hey they're supposed to be here call me if you've got problems I create a forged one that says yes I'm supposed to be here and do these things you're supposed supposed to help me and not report it and hear some phone numbers of the people to call but those numbers actually goes to my teammates who will then impersonate the voice of the person that gave me the authorization I can show you a video of when I was conducting a physical pin test on a bank here you can see me going in and compromising the first machine within 15 seconds awesome then you see the manager I'm just here to do the USB audit so I need to look at your computer real quick okay actually escorting me into the data server to leave me unattended into their vault appreciate your help thank you very much y'all take care I gave them no documentation no validation all it took was a forged Microsoft employee badge to get me all this access 10 million if you don't say I'm in are you really a hacker no and you've got to say it properly I'm in at tooth and Claw uh TV what do you think is on this USB drive that I found on my gate I always assume Kitty pictures but I'll never know because as I never plug in devices that I find this isn't an episode of Mr Robot I'm not going to go plug in stuff that I find lying around but you should be worried about this because yes that is a valid tactic I will leave USB drives in company bathrooms in lobby bathrooms and more importantly when I'm on an engagement I have a stack of blank envelopes when I see someone that's not at their desk or in their office but I see their nameplate I write their name on the empty envelope I put a malicious USB drive in it I leave it on their desk 99.9 success rate because who's not going to open up a sealed envelope in a secured area that they're in and not plug that into their computer at hide and seek my fellow physical pin testers what are some of your go-to resources for doing ocean to gather info about security measures your targets have in place which do you think are underrated I'll start Instagram is an absolute Gold Mine osent means open source intelligence trying to gather information on companies using open information like social media like Google I am not going to argue with that I totally agree I love Instagram if you want to know why Security Professionals drink go to Instagram and type in a search hashtag new badge or hashtag new job it's depressing if you have employees showing their employee badges sometimes in secured locations they're taking pictures that they shouldn't take but I will tell you this one that's underrated going to LinkedIn looking at the employees and the IT security department and what you see is everybody's listing their skills they are telling you what they were hired for so that means that's what the company is working with and there's no alerts that's going to go off on the company that you're doing it at 5m477 good Recon skills the most important key to being a good penetration tester agreed what are the tools you use for Recon main tool that I use to be honest Google Google is one of the best hacking tools ever invented as soon as you list the company in the Google search it's going to tell you who the CEO is What their subsidiaries are what are their similar companies they give you all their social video profiles nicely listed shows you the geographical location of their main headquarters building also might show you how many employees they have gives you the direct link to their website and then when you start adding different keywords like problem with your target or Target vulnerabilities or Target harassment which is called Google Dorking you get way more information than probably the company even wants you to have about them and then going to LinkedIn and finding their employees finding their job postings which list the different technologies that they have employers will actually post nice events that they've had with their employees and the employees are wearing their company badges so you can copy that I robbed a telecom company in another country once and by Rob I mean simulating a what an actual criminal will do the CEO of the company had went to a conference three months before and I went to that conference page found a speaker that was in the same business as him and then I assume that guy's identity and I sent an email to the CEO saying hey like we discussed three months ago at this conference we would like you to be on the board of directors for our new initiative that we're having here's the link to our website within 12 hours the CEO clicked the link he was the one who hired me to do the spearfishing attack and he still got caught at gossy 84 a fiery debate and cyber security is Red Team Versus Blue Team which is better for those who don't know red team usually means the offensive security the people testing the security the penetration testers blue team is the defensive team working for the company to protect their company in their assets as a person who does a lot of red teaming I will tell you this the red team only exists to make the blue team better so the blue team is the one doing the hard work they're the ones trying to build the defenses to keep criminals out red teams are there just to help them do their job better from be healthy by NATO how do I know if my home Wi-Fi is being hacked very simple you go to the web interface for your router and then there's going to be a field where it says devices connected if it's got a name that you've never seen before or too many devices you know something's up at zeph X2 two do you get hacked just by clicking the link somebody sent yes not only that but there have been certain vulnerabilities and Office Products where just having the reading pane open would attack your machine just receiving an SMS message or iMessage on an Apple phone would compromise your machine so yes it is just that simple at Josh Savage web it legal question is it legal to try and hack a website as part of penetration testing without the owner knowing no the main difference between criminal activity and hacking is permission if you may have been hide by the client to do certain things in that scope of work it has to say that the website owner or the hosting has given permission to also test that asset app Mic Mac 29 what do hackers actually do with your data they bundle it up and they sell it in bulk your data is not worth that much by itself and what they can do with that information is not just open up lines of credit they can tried to go get passports they can try to get identities they can try to create and assume your identity and then sell these to criminals at RZ cyber phishing attacks why is email still such an easy target for hackers my hot take because companies are too busy investing in technology instead of investing in their employees if they invested more time and money in educating their employees on what kind of attacks are going on and how they're part of the security team from day one you would have a lot less successful phishing attacks phishing attacks are becoming more and more prevalent 82 percent of attacks are started with the phishing email over 30 billion dollars has been lost because of these kind of phishing attacks at Classic brand what do movies frequently get wrong about hacking because of the very essence of what hacking is it's boring when you talk about straight up computer network hacking it's bunch of command prompts and it's just looking at a screen as it does letters and executing commands and then downloading a file that's not exciting the reason why hackers which was a great movie War games which was a great movie they visualized how the breaches were happening they visualized how the hacks were going because no one wants just to see a bunch of lines and a bunch of code dreaming around on a screen curb bill you what does a firewall do you ever been to a club that's like been very exclusive and they're like no you can't come in that's a firewall a firewall inspects package going into the network and it dictates it's like based on a certain set of rules that have been set by the client to allow packets in or not and only in certain use cases that was all the questions I'm hoping you learned something and until next time [Music]