로딩 중...
영어학습소
영어학습소
홈
테디잉글리시
수능
Shadowing
재생 속도
0.5x
0.75x
1x
1.25x
1.5x
시작 지점을 클릭하세요
0:00
I'm Jason E. Street, a penetration tester, and I'm here today to answer your questions from the internet.
0:07
This is pen testing support.
0:11
First up, John Hannan, "Hey, Siri, what is penetration testing?"
0:14
Penetration testing is basically a company hiring a hacker or security professional to test their security by breaking in via the website or the building itself, or you know, their internal network devices, just any way they can to validate their security.
0:27
At volkis AU, "What's the most underrated physical pin test tool you use a lot?"
0:32
I got a lot of them, it's hard to narrow it down to just one.
0:36
One of the things that you want to get when you're doing a physical pin test is you want to record as much data as you can.
0:41
I just need my glasses that has a camera installed in it with a Micro SD card to store the data.
0:49
I have the newer version of the Microsoft employee badge, but quite frankly, why mess with a good thing?
0:53
No one knows what the new employee badge looks like anyway, so I'm still using this one.
0:58
Mostly every engagement I go to, I'm always carrying a cup of coffee or a clipboard because that way the camera is facing the right way when I'm recording it with my watch and I have at least one or two video recorder pens that I carry with me.
1:14
This is actually what the video camera looks like.
1:14
This will, if I get close enough, it will copy the employee badge of employee going through the door.
1:14
I can clone it and then I can resend that to the gate or the door and it'll let me in, thinking I'm that employee.
1:14
This looks like a typical iPhone charger, that's a microcomputer with Wi-Fi and Bluetooth with several different payloads installed on it that I can launch individually from my phone.
1:14
A lot of CEOs, a lot of executives have those high-end HDMI monitors, that's perfect because this screen crab plugs in HDMI from the monitor into here, then back to the computer through here, and records it onto a Micro SD card and also will wirelessly transmit it to you so you're seeing their whole desktop.
1:14
When I'm feeling really fancy, I like to wear my cufflinks because this cufflink is a USB wireless adapter, turning any desktop or any device or any server into its own wireless access point into this company's network.
1:14
And then this one has the drivers and malware that I can read and copy over onto that drive and use it to launch the attacks with, stylish and also scary.
1:14
More ocean sun, "Can you walk me through the process of a penetration test, including the different phases and types of tests that may be performed?"
1:14
90% of what you're going to be doing on a penetration test is recon.
2:27
Reconnaissance is actually finding out all you can about the target, all the different variables, checking their websites, trying to look to see what technology they have, looking at their location, see if you can find blueprints online, seeing if you can see pictures from social media of what the directions of the flows or what people are doing, what their security looks like.
2:45
Then with the scanning, what you're doing is usually doing different kinds of scans to see what kind of port responds, which will give you a better way of trying to exploit it to see if there's vulnerabilities in it.
2:54
Then you're going to try to see what you can compromise and what kind of privileges you can escalate or how you can pivot to other parts of the network that can give you more privilege.
3:04
And then you do the exploitation phase where you're actually running the code and trying to download the data.
3:13
And then you exfiltrate, try to get all that data out, try to show that it can be successfully taken away from the client.
3:09
Then the worst part of the penetration test report is the reporting, because the report writing is, you know, the boringest and the most important part of the whole engagement.
3:24
At Bella pada Anna, "Can someone teach me how to rob a bank from my phone?"
3:28
Yes and no.
3:30
I'm not going to.
3:30
At dude who code, "What's a hacker attire?"
3:33
Everybody thinks it wants to be a hoodie.
3:35
I am way more scarier when I'm dressed up in my suit.
3:38
The whole stereotypes are what's going to get you in trouble because when they're not dressed like that stereotype, you're more likely to trust that person or that attacker.
3:45
Acorn back, "What documentation should you carry on site for a physical pin test?"
3:50
A get out of jail free card.
3:56
And a get out of jail free card is going to be the letter of engagement that the client gives you, so when someone catches you, you show it to them and it says, hey, they're supposed to be here, call me if you've got problems.
4:02
I create a forged one that says, yes, I'm supposed to be here and do these things, you're supposed to help me and not report it, and here's some phone numbers of the people to call.
4:15
But those numbers actually go to my teammates who will then impersonate the voice of the person that gave me the authorization.
4:15
I can show you a video of when I was conducting a physical pin test on a bank.
4:15
Here you can see me going in and compromising the first machine within 15 seconds.
4:15
Awesome.
4:15
Then you see the manager, "I'm just here to do the USB audit so I need to look at your computer real quick."
4:15
Okay, actually escorting me into the data server to leave me unattended into their vault.
4:15
Appreciate your help, thank you very much.
4:15
Y'all take care.
4:15
I gave them no documentation, no validation, all it took was a forged Microsoft employee badge to get me all this access.
4:15
10 million, "If you don't say 'I'm in', are you really a hacker?"
4:57
No.
4:57
And you've got to say it properly.
5:00
I'm in.
5:00
At Tooth and Claw, "TV, what do you think is on this USB drive that I found on my gate?"
5:06
I always assume Kitty pictures, but I'll never know because I never plug in devices that I find.
5:12
This isn't an episode of Mr. Robot, I'm not going to go plug in stuff that I find lying around.
5:16
But you should be worried about this because yes, that is a valid tactic.
5:19
I will leave USB drives in company bathrooms, in lobby bathrooms and more importantly when I'm on an engagement, I have a stack of blank envelopes.
5:28
When I see someone that's not at their desk or in their office but I see their nameplate, I write their name on the empty envelope, I put a malicious USB drive in it, I leave it on their desk.
5:39
99.9% success rate because who's not going to open up a sealed envelope in a secured area that they're in and not plug that into their computer?
5:45
At Hide and Seek, "My fellow physical pin testers, what are some of your go-to resources for doing OSINT to gather info about security measures your targets have in place which do you think are underrated?
5:56
I'll start, Instagram is an absolute gold mine."
5:56
OSINT means Open Source Intelligence, trying to gather information on companies using open information like social media, like Google.
5:56
I am not going to argue with that, I totally agree.
5:56
I love Instagram.
5:56
If you want to know why Security Professionals drink, go to Instagram and type in a search #newbadge or #newjob.
7:03
It's depressing.
7:07
If you have employees showing their employee badges, sometimes in secured locations, they're taking pictures that they shouldn't take.
7:07
But I will tell you this one that's underrated, going to LinkedIn, looking at the employees and the IT security department.
7:07
And what you see is everybody's listing their skills, they are telling you what they were hired for, so that means that's what the company is working with and there's no alerts that's going to go off on the company that you're doing it at.
7:07
5M477, "Good recon skills are the most important key to being a good penetration tester."
7:07
Agreed.
7:07
"What are the tools you use for recon?"
7:07
The main tool that I use, to be honest, Google.
7:07
Google is one of the best hacking tools ever invented.
7:07
As soon as you list the company in the Google search, it's going to tell you who the CEO is, what their subsidiaries are, what are their similar companies.
7:09
They give you all their social video profiles nicely listed.
7:10
Shows you the geographical location of their main headquarters building, also might show you how many employees they have, gives you the direct link to their website.
7:18
And then when you start adding different keywords like 'problem with your target' or 'target vulnerabilities' or 'target harassment', which is called Google Dorking, you get way more information than probably the company even wants you to have about them.
7:32
And then going to LinkedIn and finding their employees, finding their job postings which list the different technologies that they have.
7:39
Employers will actually post nice events that they've had with their employees and the employees are wearing their company badges so you can copy that.
7:46
I robbed a telecom company in another country once, and by 'rob' I mean simulating what an actual criminal will do.
7:53
The CEO of the company had went to a conference three months before, and I went to that conference page, found a speaker that was in the same business as him, and then I assumed that guy's identity.
8:06
And I sent an email to the CEO saying, "Hey, like we discussed three months ago at this conference, we would like you to be on the board of directors for our new initiative that we're having, here's the link to our website."
8:06
Within 12 hours the CEO clicked the link.
8:06
He was the one who hired me to do the spear phishing attack, and he still got caught.
8:06
At Gossy 84, "A fiery debate in cyber security is Red Team versus Blue Team, which is better for those who don't know, Red Team usually means the offensive security, the people testing the security, the penetration testers, Blue Team is the defensive team working for the company to protect their company in their assets."
8:06
As a person who does a lot of red teaming, I will tell you this, the red team only exists to make the blue team better.
8:06
So the blue team is the one doing the hard work, they're the ones trying to build the defenses to keep criminals out.
8:06
Red teams are there just to help them do their job better.
8:06
From Be Healthy by NATO, "How do I know if my home Wi-Fi is being hacked?"
8:56
Very simple.
8:56
You go to the web interface for your router and then there's going to be a field where it says 'devices connected'.
9:02
If it's got a name that you've never seen before or too many devices, you know something's up.
9:13
At Zeph X22, "Do you get hacked just by clicking the link somebody sent?"
9:13
Yes.
9:18
Not only that, but there have been certain vulnerabilities in Office products where just having the reading pane open would attack your machine.
9:20
Just receiving an SMS message or iMessage on an Apple phone would compromise your machine.
9:28
So yes, it is just that simple.
9:31
At Josh Savage Web, "IT legal question, is it legal to try and hack a website as part of penetration testing without the owner knowing?"
9:41
No.
9:41
The main difference between criminal activity and hacking is permission.
9:49
If you may have been hired by the client to do certain things in that scope of work, it has to say that the website owner or the hosting has given permission to also test that asset.
9:54
App Mic Mac 29, "What do hackers actually do with your data?"
10:00
They bundle it up and they sell it in bulk.
10:02
Your data is not worth that much by itself.
10:08
And what they can do with that information is not just open up lines of credit, they can try to go get passports, they can try to get identities, they can try to create and assume your identity and then sell these to criminals.
10:17
At RZ Cyber, "Phishing attacks, why is email still such an easy target for hackers?"
10:22
My hot take, because companies are too busy investing in technology instead of investing in their employees.
10:28
If they invested more time and money in educating their employees on what kind of attacks are going on and how they're part of the security team from day one, you would have a lot less successful phishing attacks.
10:37
Phishing attacks are becoming more and more prevalent, 82% of attacks are started with a phishing email.
11:09
Over 30 billion dollars has been lost because of these kind of phishing attacks.
11:09
At Classic Brand, "What do movies frequently get wrong about hacking?"
11:09
Because of the very essence of what hacking is, it's boring.
11:09
When you talk about straight up computer network hacking, it's a bunch of command prompts and it's just looking at a screen as it does letters and executing commands and then downloading a file, that's not exciting.
11:09
The reason why Hackers, which was a great movie, Wargames, which was a great movie, they visualized how the breaches were happening, they visualized how the hacks were going because no one wants just to see a bunch of lines and a bunch of code streaming around on a screen.
11:09
Kurbil you, "What does a firewall do?"
11:26
You ever been to a club that's like been very exclusive and they're like, "No, you can't come in"?
11:31
That's a firewall.
11:35
A firewall inspects packets going into the network and it dictates, it's like based on a certain set of rules that have been set by the client to allow packets in or not and only in certain use cases.
11:35
That was all the questions.
11:45
I'm hoping you learned something and until next time.