로딩 중...
영어학습소
영어학습소
홈
테디잉글리시
수능
Shadowing
재생 속도
0.5x
0.75x
1x
1.25x
1.5x
시작 지점을 클릭하세요
0:00
Hi, I'm Amanda Russo, aka Maori Unicorn, and I'm an offensive security engineer, and this is Hacking Support.
0:05
This Twitter user, Cloud Opening Ass, at this point, hackers know everything there is to know about every one of us.
0:15
Why do we need passwords now?
0:17
Why keep going to the gym if you're going to die anyways?
0:23
Passwords are kind of a necessary evil, and hackers really don't know everything about you.
0:23
It all depends if you put that information out there on the internet.
0:23
Congrats, I know what a white hat is, I know what a black hat is, what is a red hat angry hacker?
0:23
I don't think I've heard the term Red Hat hacker before.
0:36
When you're a white hat hacker, you hack for good.
0:42
A lot of people in the security industry are white hat hackers, and then for the cyber criminals, we call them black hats.
0:42
There's also this other term called grey hat, where they could be an IT admin during the day while moonlighting as a black hat during the night.
0:42
Hacker for Life asks Maori Unicorn, "How do you even begin learning and exceeding in this field?"
1:01
"I'm trying to become a penetration tester, I need inspiration."
1:09
So a pen tester is kind of like an attacker that goes and checks all of the external ports, any openings within someone's network.
1:09
But if you really want to be a penetration tester, there's a lot of content out on the web right now: courses, workshops, they even have events at conferences where you can meet other people in the field.
1:24
You can find a mentor, learn from them, they would point you in the right direction.
1:29
I feel like the hacker culture is pretty open and diverse, so there's a lot of content out there.
1:38
Malware is the worst, what is its purpose other than wasting my time?
1:39
Usually malware is going after money, and if anything, you're considered collateral damage.
1:49
When malware is delivered, they're usually just spraying that malware to as many people as possible, so it may not be intended for you.
1:53
I think of malware as like a fashion trend, you know, there's different malware every season, every quarter, and you have to stay in fashion, and I'm trying all the time.
2:04
When you think about older malware that you saw a couple years ago, sometimes it comes back in fashion.
2:04
This Twitter user's name is Jessica Alba, is an interesting choice for hacking, how do hackers decide who they're going to target?
2:04
Jessica Alba is a beautiful woman, and she's also a celebrity, so she sounds like a great shiny object for cyber criminals to go after.
2:19
But a lot of them have different motivations that could include money, is probably the biggest one.
2:24
Another one would be reputation, it would be like, "Haha, I hacked this person!"
2:29
It could be information, kind of like corporate espionage, and then we have destruction, which is kind of rare.
2:34
Basically, it is they try to destroy all the systems to put that company out of business.
2:39
Kylie Minaj asks, "Why do they make the login process for your student loan aid so difficult and tedious?
2:44
If some hackers want to break into my account and pay off all my student loans, please don't make it difficult for them, you all are going to ruin this for me, let them run wild in there."
3:00
Kylie, these hackers are not going to go and pay off your debt, if anything, they're going to go into the system to pay off their tuition.
3:00
So a lot of these controls are in place to hinder hackers like that to get into your account.
3:00
It's an unfortunate thing to do, but you know, it's necessary.
3:00
Axel Blazing asks, "Speaking of, what is even the point of these bot accounts that follow you?
3:00
Well, that's it, no messaging or anything, no spam, just follow, like, sake, it's done."
3:00
Well, these accounts are doing something that may not pertain to you, what we call it account aging.
3:00
So what that means is they're trying to bypass a lot of automated detection from social media that they have in place to look for fake accounts.
3:00
And so by tweeting or messaging or making any type of action, they're trying to bypass the detection to look more like a legitimate account.
3:00
This Twitter user, Andrew Chiqui, asks, "What will they think of next?
3:00
Is there anything that has been created in the last decade that hackers haven't found a vulnerability, can do some damage?"
3:55
If you think about your fridge at home being able to connect to the Wi-Fi, or your pressure cooker being able to connect to the app on your phone, a lot of these devices are developed in a way where they're looking for the lowest possible cost of manufacturing.
4:11
So when they get to the security part, it's kind of like an afterthought.
4:19
So until things change, we're going to still have these problems with IoT.
4:19
Twitter user Sift Basques, "Maori Unicorn, what should my first step be in debugging?
4:24
Should I just get a file in a book and start doing?"
4:27
The best way is to just jump right in.
4:30
Think about it as riding a bike, it takes time, it takes practice, but eventually you'll get it.
4:35
There's a different debugger for every operating system, but they're not easy to learn unless you start, you know, just doing it yourself and training yourself and practicing.
4:46
Like, I don't remember every single command in the debugger, I have to use a cheat sheet.
4:52
Twitter user Storm Wolf, "My awesome boss says that I can request to change my job title to whatever I want it to be in our company profile, obviously safe for work.
4:52
Could anything random like Pokemon hacker or cybersecurity wizard, what do you guys think it should be?"
4:52
Well, I can see you just said obviously safe for work, so I think you should just name yourself safe for work.
4:52
This Twitter user, Sub-Eight U, asks, "Your smart TV and your video streaming apps are collecting and sharing tons of data just because it can.
5:18
How long before we can start having embedded cameras that malware triggers surreptitiously?"
5:25
I have unfortunate news for you, this has been happening two to six years, and it's going to continue to happen, so too late for you.
5:25
Allison 82718685, that's a mouthful, "Why do you hate C#?"
5:25
And his handle looks like a bot.
5:25
I don't hate C#, C# hates me.
5:40
The only one of you asks, "Why can't hackers do anything useful like leak Taylor's recordings of Babe and Better Man?
5:50
Grow up, hackers."
5:50
If you don't already know, Taylor Swift has an alter ego that we call Swift on Security, and she's considered a security pro in the cybersecurity industry, so no one actually wants to hack her.
6:02
But if you're in the know and you know who that is, then you know who it is.
6:02
This Twitter user, Zero Pone, asks, "Can we stop calling people who DDoS hackers, Journal's?
6:02
Why the hell do you even call them hackers to begin with?
6:02
Looking for legitimate answers as I'm confused as hell."
6:02
Let me set the record straight, there's a difference between a hacker and a cyber criminal.
6:02
So if we were to refer to the bad guys, I would rather prefer to call them a cyber criminal.
6:02
There's a lot of people in the security industry that consider themselves hackers.
6:02
There's a lot of people that hack for good.
6:02
WM Ramadan asks, "Maori Unicorn, I have a simple yet daunting question, why do you use a Mac for your security work?
6:02
I mean, a lot of people argue the fact that Linux is a way to go in terms of security."
6:02
Mac is similar to Linux, think about two different brands of cars, they look different on the outside, but they could be sharing the same chassis underneath.
6:53
There's not a lot of malware out there for Mac and Linux, I mean, it's there, but you know, currently most of the malware is on Windows.
7:07
The Bishop, or Josh Harris 25, "What is the point of spam emails?
7:07
Are they profiting from it?
7:07
What do they gain from sending random unnecessary emails?"
7:07
When people send out spam emails, they're sending it to thousands and thousands of targets.
7:07
Say you had a million emails sent out, and they're requesting $1, these cyber criminals are expecting that 1% will actually bite.
7:07
A lot of these cyber criminals will treat this as a business, so it becomes very lucrative for them.
7:07
Cybertooth Maori Unicorn, "If you would or create a timeline for an incident, what would it look like?
7:07
Just curious because your design skills are cray-cray."
7:07
Well, a lot of people don't know this, but before I got into computer science, I was actually pursuing a degree in graphic design, so a lot of it from my time doing that carries over into my work.
7:52
Back when I used to work at the Department of Defense, I used to create these 3D videos to describe different types of network layouts.
8:01
I didn't know 3D design at the time, so I spent a weekend, taught myself, and the next day started, you know, making content.
8:01
If you can make things look nice and be able to communicate the actual abstract content, it helps.
8:01
Don't Look asks, "Yeah, but bad pickup lines and phishing, really any different, low effort, easy reuse, and rarely do you get a success?"
8:01
I really think phishing is more effective than saying a pickup line.
8:01
I've Vlad Dalvi, "I studied one account I case in NHS Hospital, a disaster seemed totally preventable, why didn't they patch?
8:01
Were they lazy, stupid?"
8:36
In the case of this incident, a hospital in the UK was under a ransomware attack.
8:42
It happened because they didn't upgrade their servers or their computers, and this is the whole reason why upgrading is really important.
8:55
But when you think about it, some of these infrastructures like a hospital or a power plant, a lot of them cannot experience any downtime.
8:59
So when you do do an upgrade, you have to shut down the systems for a little while.
9:05
Hiero 733 asks, "As someone who doesn't work in InfoSec, what are red and blue team?
9:11
I'm assuming red are the pen testers."
9:13
These terms actually come from the military where they would perform military operations, they have a team that acts as the red team doing the attacks, and the blue team serves as the defense team, similar to what we have in cybersecurity, and that the red team is attacking the blue team's systems.
9:33
The whole point of what the red team does is to enumerate holes within a network, we want to find the holes before the bad actors do.
9:33
You think of it like we're sparring partners, so we're really not there to antagonize a blue team or anything like that, we really want to work together with the blue team.
9:33
Roots Asylum Hacker Kid interviewed his mom about what it's like to build a career in InfoSec, something Defcon parents often think about, how do we inspire kids to go into the space and see it for the fun and challenge that it is?
9:33
Well, when I was young, I had no idea I was going to be in this job, I actually had to know that this job existed in order to actually go into it.
9:33
If there was a chance that at a career fair you would have someone who gets to hack for a living, I think that would be a really cool thing to have.
9:33
You have to have the correct mentality to be in this industry, the whole hacker mentality is creatively thinking outside the box, solving a problem that's out of the standards or norms of what how it's supposed to execute.
9:33
If we kind of use that type of mentality in some of the content or workshops or anything that we reach out to these kids with, it will kind of inspire them to want to solve problems in this field.
9:33
This Twitter user, ARF Ness, asks, "Why do stock image hackers exclusively wear ski masks and hoodies?"
9:33
Well, I think the photographer was going for a feel of an actual robber criminal, but there is a reason to wear something on your face, they're trying to hide their face from cameras or any type of identifier that will attribute them to a crime.
11:00
And why they're wearing hoodies, I can imagine that some of these server rooms are super cold, they need to cover their ears.
11:08
If you don't already know, you know, some of us actually dress like this to work, and I actually have a ski mask for all of my outfits, and let me put it on for you guys, and it's not complete without the glasses.
11:08
We're good to go, it's time to hack.
11:08
This has been Hacking a Support with a manner or so, you guys stay safe out there.