Subscribe
Share
Share
Embed
He had his credit card compromised and attempted identity theft. Now he teaches others the secrets hackers use to compromise your security.
TJ Bettles put his computer training into high gear and learned all the tricks and tactics cyber thieves use to compromise your security and applies his knowledge through his ethical hacking company, White Hat Cyber Security Solutions. Just like in the 1992 Robert Redford movie “Sneakers” companies around the world will employ White Hat Security Solutions to conduct “penetration testing” to break their systems and highlight areas they should buttress. https://whitehatsolutions.ca https://ca.linkedin.com/in/tj-bettles-534072206
______
Silvercore Club - https://bit.ly/2RiREb4
Online Training - https://bit.ly/3nJKx7U
Other Training & Services - https://bit.ly/3vw6kSU
Merchandise - https://bit.ly/3ecyvk9
Blog Page - https://bit.ly/3nEHs8W
Host Instagram - @Bader.Trav https://www.instagram.com/bader.trav
Silvercore Instagram - @SilvercoreOutdoors https://www.instagram.com/silvercoreoutdoors
____
The Silvercore Podcast explores the mindset and skills that build capable people. Host Travis Bader speaks with hunters, adventurers, soldiers, athletes, craftsmen, and founders about competence, integrity, and the pursuit of mastery, in the wild and in daily life. Hit follow and step into conversations that sharpen your edge.
Kind: captions
Language: en-GB
Travis Bader: I'm Travis Bader and
this is the Silvercore Podcast.
Silvercore has been providing its
members with the skills and knowledge
necessary to be confident and proficient
in the outdoors for over 20 years, and
we make it easier for people to deepen
their connection to the natural world.
If you enjoy the positive and educational
content we provide, please let others
know by sharing, commenting and
following so that you can join in on
everything that Silvercore stands for.
If you'd like to learn more
about becoming a member of the
Silvercore Club and community,
visit our website at Silvercore.ca
so if you're like me as a child,
I love the movie sneakers.
Had a group of guys that would pick locks
on a building, go on inside, get past
their electronic security measures, hack
into their system, transfer funds on, and,
and just do some nefarious looking things.
And you look at these guys and you
think there are a bunch of bank
robbers, only to find out that
the company had hired them to do a
penetration testing on their business.
I thought that was the
coolest thing in the world.
And today I'm joined by a fellow
who just does just that and he owns
White Hat Cybersecurity Solutions.
Welcome to the Silvercore Podcast, DJ Bes.
TJ Bettles: Thank you very
much for having me here.
Travis Bader: So White Hat
Cybersecurity Solutions.
Tell me how did this come
TJ Bettles: about?
Um, this has been in the making probably
for the last 30 plus years or so.
Um, my journey as a hacker
began at the age of 11.
Uh, When I took control of my
elementary school's network Oh yeah.
And locked out all the teachers.
Um, so I didn't really have skills
at that point to do this type of
thing, but the systems administrators
had not password protected the
system administrator's accounts.
Hmm.
So we were able to access super
user systems, admin, uh, and change
passwords, lock people out, whatever.
Um, I never got in trouble for that.
I didn't get caught.
They never caught you.
They never caught.
That's rule number one is
that that's rule number one.
No, don't get caught.
Uh, and that's kind of how my journey
down and that's what I see hacking as.
It's, it's a big, or it's, it's a
progressive number of rabbit holes that
you end up going down and researching.
So, Being a good hacker is
about being able to pull
information, uh, from your target.
So the more information that you
can gather about your target,
hmm, the better chances you will
have of being able to succeed in,
in penetrating into the system.
So you learn this framework as you
go, uh, of being able to extract
information from your targets to
determine what software they're running.
Mm, are is it an Apple system,
is it a Linux system or is it
a Windows system, et cetera.
Um, what, what are they
running on their website?
What versions of the different plug-ins
are they running on their website?
Cuz any, any one of those could be,
uh, your way in to an internal network.
So,
Travis Bader: uh, you know, I've always
found this sort of thing very fascinating.
I.
When in high school, actually a high
school that both you and I went to mm-hmm.
Uh, we had a computer teacher there
who uses wife's name as a password.
And uh, I was able to, I didn't
hack, I just kind of figured it out.
I, what do they call it?
Biohacking.
When you start, uh, trying to look at
the person as opposed to the technology.
Well,
TJ Bettles: it's educated guessing.
Right.
And that's, that's, that's one of the
things that we do when we're, we're
doing an assessment on, on a target
or a client target, is we will go out
onto one of the first things that we
do is called open source intelligence.
We go on, go out onto the web and see
if there has been previous breaches, uh,
email addresses, passwords, et cetera.
In the past, uh, and, and in a lot of
instances, organizations are not staying
up to date in changing passwords and
keeping things in, keeping things secure.
So, and in a lot of instances, we were
able to get in, gain our initial foothold
into an A client's network through.
Just open source intelligence, pulling
that information off of the web and
then you just, you just, you run
a brute force attack and you try.
Is,
Travis Bader: is that like dark web
type stuff or is, is that Yeah, yeah.
Yeah.
TJ Bettles: There that sometimes,
sometimes there's, there's a few sites
that we go to that are constantly
publishing stuff off of the dark web.
Okay.
So some of them are, you pay
for, some of them are free.
I've got a database, uh, on my
Linux machine that's 44 gigs of
credentials from the web Holy Grow.
Yeah.
So it's, uh, I dunno.
Uh,
Travis Bader: and that's just,
when you say credentials, that's
just like username passwords,
TJ Bettles: that's email address.
Not all of them are accurate anymore cause
the database is a couple of years old.
Uh, and so I have other, other avenues
that I can go down to go down when
I'm looking for, for credentials
that are a little bit more recent.
So that's the first thing we look for.
We always look for the easy
wins to start off with.
Uh, and then if we don't find the
easy wins, then we start pulling
information about the system.
Hmm.
What are they running?
Uh, Are there, is it,
do they have a website?
Are they, you know, you just, you
have to go through these steps in
order to see what you're up against.
Totally.
Uh, and so you go through that
information gathering process, and
then once you've gone through that
process, you sit down and you analyze
the information and you determine, okay,
what's gonna be my best next course of
action in regards to my tax surface?
What are my options?
What might, what can I
run here that might work?
That might allow me to get a shell.
So, and
Travis Bader: your whole process
is to try and get through, is it,
without breaking things through
the process because you don't wanna
cause hardship for your client.
Yeah.
TJ Bettles: And we've, I've been
doing it long enough to know certain
things that you would run, uh, and
certain things that you wouldn't run.
So one of the things that's always out
of scope for us is we don't run denial of
service tax against, against our client
resources because our intent is not to
cause harm or disruption to the resource.
Our intent is to identify and,
uh, I identify and document
what we find in a report.
It
Travis Bader: struck me as we're talking
about things here that some things might
be a little bit foreign to the listeners.
Can you explain what a denial
of service a D D O S sort of
TJ Bettles: attack would be?
Okay.
A denial of service attack is, is
essentially a, uh, a program or a, a,
a script that you would run against,
a target that would crash it or,
or cause damage to the resource.
So it, it, it might, at the very
least, it might just crash it,
so it needs to repeat itself.
And worst case scenario, it's
gonna corrupt and destroy
all of the data, right.
That that's there.
So that from our perspective, yes.
We'll, we'll, we'll, When we go through
our assessments and we run different
scans of our target, and sometimes we'll
come back and it'll come back and we'll,
it'll say we have some potential denial
service attacks that we could run.
We just document that and we don't
actually run them against the client.
Got it.
Simply because we're not there
to, to cause damage or disruption.
Um, we're adhered to
identify and document.
Travis Bader: So I find that there's
so many avenues that we can talk
about here and I'm gonna try my best,
excuse me, in a, to try and address
it in a chronological order in the
best sort of a d h, D way I can.
Okay.
Which is tend to be all over the place.
Oh, that's fine.
Let's just
TJ Bettles: have a conversation.
Travis Bader: Yeah.
Um, so I find that the people
I know who make the best.
Sort of hackers, let's say, are, and
they're not necessarily people who
are computer hackers, but they're
able to figure out problems, right?
They're able to figure out,
um, puzzles, get around things.
They're people who have a
mindset of approaching a problem
in a very particular way.
And the first thing that you
said about the low hanging
fruit, finding the easy way in.
So often when you're given a hammer and
you come in and you're looking at all the
places to use this hammer, you become just
laser focused on how do I use my hammer?
How do I use my hammer?
And the people who tend to make the
best problem solvers in this respect are
those who can put that hammer down and
say, I know I've got this hammer, but
let me just take a look at this, this
situation around me and what I can do.
And I'll give you an example of that.
Um, when I was in grade four,
I learned how to pick locks.
And it was fun.
It was like a puzzle.
And.
By the time I got into, well, I was
outta high school at this point.
I, um, was working for, uh, Shaw Cable.
Mm-hmm.
They'd just taken over from, you
know, Shaw and Robert Rogers.
They did their swap and it was my job
to go into places and audit and make
sure that if they're getting cable
and they're not paying for it, that
they're either upsold or disconnected.
But you have to go into the
apartment blocks and you have to
find, um, uh, the electrical boxes
and, and where everyone's at.
So, mm-hmm.
I'd have to drive all the way downtown,
go get the keys to the apartment blocks,
come all the way back to wherever it
was, and then zip back out as quick
as I could before everything closed.
I'm like, this doesn't suit me.
I want to get up early.
I want to do my job.
I want to get out and be on the beach or
do something else halfway through, I know
my list of the places I have to go to.
I just gotta skip the key part
and use this as a challenge.
Right.
And I ended up making a, uh, uh,
a lock pick for internal locks.
I just turned down some steel in, in
a lathe and drilled it out and hand
ground some hacksaw blades as the, it's,
uh, I think they call 'em super locks.
Uh, I found a real easy way
you can get 'em, basically any
apartment block in around here.
Anyways, with this, this pick
contacted the company, told
'em their, the security flaw.
They still haven't changed it, but some
places I'd get in and I'd start trying
to get the door open and I'd get in the
door open, I'm working at this and come
on, I don't know why I can't get into
it, only to realize that, you know,
there's a male slaughter, a little thing
I can reach through with my arm and
just open the thing from the other side.
And to me, when I finally reached
that point of getting away from that
linear vision of how to approach
that problem, I got my hammer.
How do I use it?
Um, I was in and out of these buildings
in record time, getting my audits
done, getting my work done in no time.
I think that is something that a lot of
people in your line of work that I've
encountered tend to still struggle with
is to break out of that, uh, that sort of
linear thinking to an, to an, an approach.
Would, is that, that's my observation
from the outside on the inside.
Is that what you see?
Um,
TJ Bettles: I think the biggest thing
to, to be good at this type of work
is that you have to be creative.
It's, it's, it's just as much
art form as it is technical.
So think about, uh, the master thief who
figures out a way to steal a multimillion
dollar painting from a museum.
He has to do his reconnaissance, he
has to gather information about the
target and then analyze that information
is to, okay, what's gonna be my.
Best chance of success here.
Mm-hmm.
Being a hacker is much the same.
Uh, except, well, it, it is the
same in the sense that you need
to be creative and you need to
be able to think outside the box.
You know?
Uh, there's a, there's a video
that I posted a while ago and there
was, it was a, uh, I guess a, a
cybersecurity security center analyst
standing there and he's like, okay,
sh shoot me, uh, shoot me here.
And he's wearing a, he wearing a
bulletproof vest and the guy shoots him in
the leg because that, that's essentially
what penetration testing is, right.
So from the defensive standpoint,
most organization, organizations
think that they're protected.
Mm.
In regards they have firewalls and
antivirus and, and and whatnot.
But let a hacker loose on them for
five or 10 minutes and they'll have
a whole list of things that they find
that could potentially be exploited.
Mm.
To gain access, not only gain access to.
Private resources, but then once you
gain access, there's really no controls
on the inside of an internal network.
So if you gain a foothold, you're
well on your way to causing some
serious damage if that's your intent.
Travis Bader: One of the easiest
ways that I found for access was
just to walk in behind somebody else.
There you go.
Right.
Yeah.
And then I didn't have to do anything.
And that's a security.
Um, A security flaw from
the users of that place?
Yep.
Or where, whatever it might be.
Do you ever, do you ever try accessing
those sort of measures on people?
Just say, oh, hey, I'm put on, put on
a nice shirt and a name tag and have a
little clipboard with you and just say,
Hey, I'm, I'm here with blah, blah, blah.
I just want to go see.
TJ Bettles: Yeah.
I mean, we've, we've done, we've done
a couple of physical penetration tests
now and it was about gaining access
to the, to the works, the work site.
Right.
Okay.
So I ended up dressing up as a
courier in order to get myself in
through the door and it worked.
Travis Bader: Um, that's amazing.
A little bit of confidence.
And a clipboard can get
you a long way, can't it?
Or,
TJ Bettles: or you can even
take it a step further.
You can clone ID badges
and things like that.
So going back to the open source
intelligence things, one of the
things that we look for is a hack.
If I'm a hacker or an ethical
hacker, is what white hat does.
We look for any information that we
can use that could help us gain access.
So we're combing Facebook, we're
combing LinkedIn, we're looking
for pictures, we're looking for
staff pictures where a staff member
might have an ID badge, right.
Showing in the picture.
So with digital cameras nowadays,
the megapixels are so high that
you can zoom in on that image and
you can very easily get the barcode
and you can clone that badge in
order to gain access to a company.
Wow.
You know, so from our perspective,
um, most organizations are
just, they're wide open.
Um, and that's really what, and
you know, a little bit about my
history, I had a gym in Nova Scotia.
Yeah.
And before that, I, I worked in
hr, I worked in software solutions
for a number of years, but I've
been a hacker since I was a kid.
Mm-hmm.
Uh, and I sort of put that onto the back
burner for a little while when I was doing
the work thing with, with in HR and in
software solutions and, and then the gym.
And then when my wife and I got out
to Nova Scotia in 2018, I was hacked.
My phone was hacked, they
got into my bank account Mm.
And whatnot.
Luckily the bank caught it
before, uh, any damage was done.
But that was, it was then, so 2018
or so that I ramped up, I took my
mediocre skills as a hacker, uh, and I,
I ramped up my studying and training.
And so over the last five years, it's,
I've taken it to a whole other level.
And because of what I had done with my
extracurricular activities growing up.
Now let me preface this by saying
I've never caused any damage.
Yeah.
And I've never done anything that
would be, would warrant a knock
on the door from the police.
Right.
Right.
So when you're learning how to do these
things, the web's a great place to go.
You can see other people who've
gone down the path before and they,
they're great at writing write-ups
and YouTube videos and, and whatever.
And then you find, you start
finding different areas that you
can get information from mm-hmm.
In regards to your, your learning process.
And then you just, it's
Travis Bader: trial and error.
Well, I, I really like that so, Just from
the, let's say the lock picking side,
I was always told don't tell anybody.
Yeah.
Keep, keep it to yourself.
Yeah.
Nobody's gonna trust you if they
think something and sure enough
told someone something goes missing.
You're like, well, Travis
knows how to pick locks.
Like, I never stole it.
I wouldn't do that.
Right.
I enjoy the puzzle of it.
Mm-hmm.
I enjoy the learning process of it.
I, I'm, I'm not here to do something
TJ Bettles: illegal.
No.
And that, and that's, that's for me,
it was, I was never interested in
causing damage or harm to anybody.
It was all about ch always about
challenging myself to see could I do it?
Travis Bader: But that also raises
a, um, the, the perception of
threat in other people's minds.
Right.
They'll, they'll watch Mr.
Robot and they'll think,
Hey tj, he's just like, Mr.
Robot, he can do anything.
He'll take, take this thing apart.
And their idea of what is possible with
hacking and, and what is actually done
with ethical hacking and white hat.
Hacking seals is miles apart.
Yeah, absolutely.
Miles apart.
TJ Bettles: Yeah.
We're, it's not our goal to
steal information or cause,
or cause any harm whatsoever.
Our, our goal is always to help the,
the business that's engaged us Right.
To evaluate the attack surface
of their, of their network.
Travis Bader: We were talking prior, off
camera off Mike here about, um, sort of
forensic services and some of the places
that I've done some work with in the past.
You know, I, I've told this story
before on the podcast mm-hmm.
About sitting in the, um, a lawyer's
office waiting my turn to, uh, chat
with a lawyer because they needed
some help on a, um, this was a, a
weapons case and they were looking for
somebody to be a subject matter expert.
Mm-hmm.
Weapons.
Mm-hmm.
As I'm sitting in there, I'm listening
to this private investigator, talk
to the lawyer and all the steps that
they've taken to try and locate this
person who, I guess I don't know
why they needed to find him, they
needed to serve her or something.
Right.
And uh, as I'm sitting in the
other room, I just open up my, my
computer, connected to my phone.
I start typing away, and by the time they
finish their conversation, just through
open source tools, and I don't have a
background in this, this is just, to me,
it looks like a fun, puzzler, fun game.
Um, I was able to find
where this person was.
It wasn't through her Facebook accounts.
It was the fact that her child
had piano lessons at another
person's place out in Squamish.
That person at a Facebook account.
And the security flaw for her,
because she was hiding, uh, wasn't
so much on her side, but on those who
she surrounded herself with, which
I thought was kind of interesting.
Anyways, the PI leaves.
I go in and talk to the lawyer.
I said, well, I don't, excuse me, I don't
know how accurate this information is
gonna be for you, but you know, from the
looks of it, it appears that she'll be
at this location for piano lessons in
Squamish at this day and on this time.
And sure enough, that's
exactly where she was.
And that led to, um, a few
other interesting gigs, and I
can chat about that afterwards.
But, um, the, the security that
falls outside of your control, so
to speak, um, is that an area where
you typically find people's flaws?
People's
TJ Bettles: points?
In a lot of instances, yeah.
You'd be amazed at what people share.
Confidential information that they
share on, on their social media
pages, pictures specifically, you
could get, um, a license plate of,
of, of their vehicle, for example.
Or, um, like I said before, ID badges
from the workplace or we're list as, as as
ethical hackers when we're going through
our evaluation process, we're looking
for anything that we could potentially
leverage that would help us gain access.
So any, any information about employees,
for example, their personal life they
give, that's gonna give you ideas
for password guesses, for example?
Hmm.
Right.
Um, I, I guess the, the biggest things
that we see over and over and over again,
there's, there's, there's three things.
Um, I mean, where our focus
is of course prevention.
So the three things are security
policies, good security policies, good
password policies, good configuration.
So using.
The best encryption available, et cetera.
Making sure that all of the pages
on your, on your site and your
network that you're connecting to
have, uh, have good encryption.
And then of course, What's the last one?
Uh, my, my brain's just fart.
I don't know.
Travis Bader: Hey, it'll come to you.
It's okay.
So good security
TJ Bettles: policies.
Yep.
Good security policies.
Good configuration, hygiene.
Elliot, then software
Travis Bader: patching, software patch.
Oh, right.
Yes.
Yeah.
Uh, so a lot of people don't update
TJ Bettles: their software.
They don't up, they're, they're
not, they're not, they don't
think it's that big of a deal.
They think it's more of an
annoyance than anything else.
And anytime a, a vendor releases
a software patch for a piece of
software that you're running,
it's because they have identified
bugs or vulnerabilities in it.
Hmm.
So it's important to do your Windows
updates and all of your software
updates as they a, as they are released.
Cuz if you don't, you could very well
then be, be vulnerable to attack.
What
Travis Bader: about firmware
updates on, let's say routers?
And is that, are those, are those
gonna contain performance upgrades
usually, or, or security upgrades?
Both.
TJ Bettles: Yeah.
Usually.
Uh, and generally it's security upgrades.
Hmm.
Right.
So you've got older routers that
they come default out of the box
with a a nine digit password.
Hmm.
Uh, and so nine number digit
passwords are very easy to crack.
They don't take very long to,
so a nine digit would probably
take 15 minutes and that'd
Travis Bader: be alphanumeric capital.
No, that would just be
TJ Bettles: numbers.
Just numbers.
Okay.
So these are, these are com default
out of the box with numbered passwords.
Right.
Which are, it's not secure.
So I'll give you an example.
Was just on the island doing a
penetration test for a resort.
Uh, and, uh, we, uh, tested
their wireless, all right.
So they had nine wireless access points.
We were able to not only gain the
passwords for each, each and every
single one to access the wifi network.
Mm-hmm.
But I was able to then, With
default credentials get into the
back end of the routers as well.
Come on.
Oh yeah.
So we had full control.
We were able to take full control over
their internal network, uh, simply
by breaching their wireless security.
Now this, this becomes, uh, an animal with
legs on it or a spotter with legs, cuz
the implications of this are, are huge.
This is, this is a, a resort
where they have business
conferences on a regular basis.
So they have a conference
center and whatever.
Uh, think of the business people that are
going in there and then they're off time,
then they're in the rooms and they're
accessing the hotel's wireless network.
And there could be malicious
actors on there because they're
very, very weak security.
So you just never know who's
listening and who might be trying to.
Intercept your traffic, who's
even evaluating your machine?
So if you get onto the internal
network, I can then run a couple of
different commands and I can see,
and I, which machines are running
on, on that particular network.
And I get an IP address, an
internal IP address for each
and every single one of them.
And then you start the evaluation process.
You start your scans and you
see, well, what are they running?
How many, which ports are open?
And then it just goes from there.
And so you're always pressing forward.
Right?
Travis Bader: Would you ever use the free
wifi, the included wifi with a, a hotel?
TJ Bettles: Yeah, I would, I would.
Uh, but use your, use A V P N.
So protect yourself through A V P N.
Okay.
Um, but you just never know who else might
be in the hotel sitting in their room.
Uh, could be a malicious actor.
He's sitting there waiting
for someone to log in.
You know,
Travis Bader: I, I remember a
number of years ago now, I had, I
think it was a W r T 54 G mm-hmm.
Router that I'd taken it apart and it was
a project in mind to try and be able to
pick up, um, wifi signal at long distance.
Mm-hmm.
And, uh, that was, that
was kind of a fun thing.
Not that I know what I'm doing to
do it, but I can follow instructions
like on YouTube or on the internet.
Mm-hmm.
And just kind of go along with that.
But, uh, I'm, I'm sure that sort of
thing is probably pretty outdated.
What are, what are some of the, um, more
common threats or devices that people
kind of need to protect themselves from?
Uh, because these devices get easier
and easier for people to purchase.
And cheaper.
And cheaper, and.
TJ Bettles: Uh, there's really no, you
can mitigate your risk, but there's
really no way to protect yourself 100%.
If you're connected to the
internet, you're vulnerable.
Mm-hmm.
And that's just the
reality of the landscape.
So just going on and opening up
a web browser and going to your
favorite websites is a risk.
Right.
It's just simply because you have an IP
address that's assigned to your machine.
You're, you're connected to
a network that then connects
on a gateway to the internet.
You're, you're, you could potentially
be a targeted by malicious actors.
Travis Bader: One thing that surprised
me, another law firm doing some work
for, they had a woman come in and
she was a, uh, wanted to separate
from her husband spousal abuse.
Mm-hmm.
It was pretty bad.
I won't get into the details.
Um, lawyers, what they usually try and
do is they pour cold water in the person.
They say, ah, you know, just
gonna be a lot of money.
It's gonna be painful and
difficult If there's an easier
way you can resolve this.
Right?
The good lawyers, anyways, they don't
want to just jump in, take your money
and pull you through the ringer.
Anyways, she pulls out a tin can with a
boat who's, I think it was like 50 or I
think they, they said they had about, I
don't know how much money she had there.
See, she had about 50 grand worth of tin
cans of money rolled up inside there.
80 grand, I think is what it was.
Like, where are you
getting all this cash from?
Oh, my husband, he's got lots of these.
They have what?
Right?
And all of a sudden the picture started
expanding of what they were looking
for and we ended up using a company.
Called, uh, TCS Forensics, uh,
Keith Peron individual owns it.
Mm-hmm.
He's got no computer background, he
doesn't have the expertise that you have.
He hires other people that do
and put a PI on the husband, a PI
on the building, um, just so you
can see who's coming and going.
And he can keep in contact
if someone's coming back.
And then the team goes
inside and they imaged.
And this was a surprising thing for me.
Everything, like they had devices.
I guess if you're gonna take things in
a forensically sound way, you wanna make
sure you're not introducing any data.
So they have these devices that it can
only pull data, but it won't push data.
But I mean, everything, your tv, your,
the phones, the computers are obvious,
I think like coffee machines and
toasters and like, just, just stupid
stuff that you wouldn't even think of.
Um, that has, that is I o t.
Internet of Things.
Yeah.
I, I, iot, ot, iot.
OT enabled.
Yep.
Um, And the amount of information
that we willingly release through our
thermostat, through our television.
TJ Bettles: Oh no.
It's crazy.
I know.
And that's, that's, that's the, the
currency of the hacker is information.
Right?
Right.
So you're always looking for how much
information I can get out of a, out
of a potential tar or out of a client
target, cuz that information will
determine our, our level of success.
So what makes a good hacker?
Uh, a curious mind, uh,
outside the box thinking.
Hmm.
And, uh, and that ability
to, uh, To execute.
Right.
Uh, so you have to be able to,
it's, it's, it's repetitive.
Hmm.
So I mentioned a little earlier
that I was a little, I was, I, I
found out recently that I'm, I'm
likely on the autism spectrum.
Right.
Uh, and so that, it's kind of
stemming for me when I, when I go
through a penetration test, cuz
it's, it's repetitive after a while.
Oh.
Once you learn the, the ins and the
outs and the, and the basics of it,
then it's just, it's, it's a progressive
number of rabbit holes that you go down
when you're exploring, uh, whether or
not something will be, uh, a viable
vulnerability for exploitation.
Travis Bader: It's like
stacking boxes pretty much.
Ha ha.
Have you seen that?
Uh, man, we all got a good
laugh out of it, you know.
We've watched this autistic
fellow do a review of this comedy.
I guess it's a comedy sketch guy
standing outside the jail cell
and uh, have you seen this one?
Mm-hmm.
I think so.
The reporter's like, okay, well
it's good to, good to see you,
whatever the guy's name is.
I cannot see you.
I can only hear you.
Right.
I have been here, I've done my interview,
I've been waiting for 26 minutes.
It's time to speak with you.
But anyways, shows his interview.
He is talking with this guy and
getting more and more excited.
The guy's like, oh, it's a rigid routine.
Oh, tell me more about the rigid routine.
Oh, you know, we had to stack boxes who
stacking boxes and he's sta sitting up and
standing down, standing up, sitting down.
And, uh, anyways, by the end of the
skit, the guy's like, I wanna go to jail.
How do I get in here?
We wear the same thing every day.
But that mindset, although that was set up
as a comedy skit and the autistic fellow
who was uh, reviewing it and laughing at
it cuz he says, I can identify if a bunch
of these things he says, But I'm older.
Some of these things I had in
a more serious way, now I'm
able to control it better.
A lot of those traits really kind
of set you up for being able to
problem solve and in a way that most
people would lose patience with.
Yeah.
TJ Bettles: Yeah.
Um, I mean, my wife, I'll give you these,
my wife as an example, she's pretty
good with the computer, but she, when
I start talking to her about what White
Hat does and getting into a little bit
more detail, she's just, her eyes glaze
over and she's, her brain just doesn't
work that way, and you're just getting
Travis Bader: ramped
TJ Bettles: up.
And I just start, I get excited about it.
I, my, the tone of my voice goes up and
I, you know, you can, when I get excited
about something, I don't shut up about it.
My wife will be the first
person to tell you that.
Travis Bader: I love it.
Um, so.
W what kind of a business would
be looking for your services?
Um, are this only like big
companies that have a lot to
protect or is it like everyone?
Well,
TJ Bettles: here's the thing.
Large companies, your large
multinational corporations generally
have cybersecurity covered in-house.
They have a security operations
center, they have Blue
Team, red Team, purple Team.
So purple team's, basically
a combination of, of, you got
people that play both sides of the
red teams offensive securities.
So Ethical hackers.
Blue Team is more, uh, is more on
the de defensive side of things.
So threat respon, threat
monitoring and response.
Okay.
Okay.
And then you have purple team,
which is, you, you have, it's
like war games pretty much.
You have the red team guys trying to
break in and the, and the blue team guys
are, are addressing the threats as they
come in and, and, and identifying them
and, and then, Implementing a response
based on standard operating procedures.
So the larger organizations
have it taken care of.
It's the small and the medium sized
businesses that are, are Target.
Mm.
Simply because they generally don't
have the same level of security
controls in place that the lar,
they're loud, larger counterparts do.
Mm-hmm.
And this makes them especially vulnerable
to attack from malicious actors.
The malicious actors know this,
they know that the small and the
medium sized business has probably
done nothing for their cybersecurity
beyond a firewall and antivirus.
Mm-hmm.
You know, and, and so the malicious
actors know this, and so they target
the small and medium sized business.
Because it's, like we said earlier,
it's the low hanging fruit.
They're looking for an
easy win, an easy way in.
That's how hackers operate.
That's 90, 99% of them.
The other 1% are targeting
specific organizations.
Hmm.
Cause of what, for whatever reason,
whether it's for their anarchists or it's
monetary gain or whatever, or ransomware.
Um, you have to understand
how a hacker thinks.
Uh, so as I said earlier, if
you're online, you're vulnerable
with that's, that's true.
But you can take reasonable
steps to mitigate your risk.
Travis Bader: What are
some things that it would.
Frustrate a
TJ Bettles: hacker.
Frustrate.
A hacker.
Um, good security.
Yeah.
Yeah.
Travis Bader: So, uh, like what would
good security be like if, if someone's
listening to this and they're like,
you know, I've got my router okay.
And I know I'm gonna have to do a
firmware update after listening to this.
Mm-hmm.
Make sure my software
updates are all good.
I'm not gonna use that nine digit,
uh, numerical code, cuz it could be
brute force attack, which is Yep.
0 1, 0 0 2.
Yep.
0 0 3.
And it just runs through and takes time
to run through all the different numbers.
Yep.
Um, on top of that, should they be,
like, is there a, a preferred length
of a, um, like a password length?
Yeah.
TJ Bettles: And special characters.
I always recommend 13 characters or more.
Okay.
Um, alpha numeric and symbols.
Travis Bader: Okay.
Yeah.
What, what about those like key chain
on a Mac and these things, like people
start relying on these like, uh, password
wallets to hold everything, but what
if that wallet gets con compromised?
Are they,
TJ Bettles: well, there was, there
was one a few months ago that was
compromised, I think it was, oh, I
can't even remember what it was now,
but one of the major password volt
companies, they, they were hacked, right?
And so hackers were able to get in
and access information, passwords
for different accounts for all
of these people that were using.
Was it secure guard, I think, wasn't it?
I'm not sure.
Travis Bader: I'm not sure.
TJ Bettles: Uh, but yeah, that's, that's
what they were, that's what they did.
So nothing is a hundred percent,
as I said, you can, all you
can do is mitigate risk.
Travis Bader: See, I used to, I got
lazy and I start using one of these like
password things to, to hold everything.
But I used to just use an algorithm
and I'd apply it to everything.
Mm-hmm.
And so if someone learned my algorithm
that might be able to figure out the
passwords for the things, like for
example, if you're, you're wearing a west
side shirt and you've got a, what is that?
A bulldog lift in and
Yeah, that's bulldog.
Yeah.
And, uh, it's black.
And so the algorithm, like if that
was your company and I'd, I would
apply it to the, the logo, the
color, the name, um, maybe location.
Mm-hmm.
And then I'd do an Alpha Nu American
character swapping off of that.
So all I have to remember is I'd look
at the company or I'd remember, oh yeah,
it's the Bulldog West side, barbell black.
And I'd be able to figure out
what my password was off of that.
Um, I got lazy.
I stopped doing that.
Is that a good way to, for people
to use, like from a, from a secure
standpoint or have you ever.
Have you ever encounted people
that use algorithms and try
and hold it all in their mind?
TJ Bettles: Algorithms can be cracked too.
It all depends on how complex
the algorithm is and how, how,
how strongly the encryption is.
Hmm, right.
So it, it might be better than using
just a regular password provided
that the malicious actor isn't
able to gain access to your actual
algorithm to decrypt the information.
Travis Bader: One thing that I
found, uh, to be true is the more
complex the security system was,
the more rudimentary a means that
a person would use to bypass it.
Now, that might not apply for an
ethical hacker, but for someone who's
not ethical, man, this thing's like.
Fort Knox.
All right.
Break up the dynamite, right?
Yeah.
Now we're in,
TJ Bettles: well, I mean, even, even
the, your software vendors out there,
like least Fort Net as an, as an example,
they, they used to have one of them.
Yeah.
You,
Travis Bader: you're using it Well, I I
used to have a couple of the Fort Net.
TJ Bettles: Yeah.
They, there was a major critical
vulnerability in their system that
came out a few months ago, so.
Oh wow.
Oh yeah.
It was, it was a C V E 10.
So which is the highest rating
you can assign to vulnerability.
It allowed, uh, unauthenticated
users route access, and they're like,
this is security company standard.
This is a security company.
And this is, this is what I try and
say to people when they ask about what
we do and they think, oh, we, we've
got a firewall, we've got Fort Net.
We're fine.
Yeah.
Well, actually you're not.
The reality of it is, is you're,
you're not, you're not safe.
Mm-hmm.
Uh, un until you've taken care of your
configuration, your security policies,
and up-to-date software patching, that
will prevent 95% of attacks that much, eh?
Yep.
95% of attacks can be prevented when
you focus on those three things.
Did
Travis Bader: you ever find out
how your phone was compromised?
TJ Bettles: Yeah, it was my fault.
I, I, I received a, a text message,
which I thought was from the bank, and
it was, so I was social engineered,
so I clicked on, I clicked on a link
and that, that downloaded malware to
my phone, and that's how they got in.
Mm-hmm.
Yeah.
Travis Bader: That's, um, I, I
guess good chip, everyone knows it.
Don't
TJ Bettles: click on a link.
Well, there's even, there's even touchless
payloads now that, that hackers are using.
So they can launch a, launch,
a payload against a target.
And me as the recipient, I don't even,
I don't have to click on anything or
touch anything for it to, to then.
Travis Bader: Wow.
And that'd just be vi that'd be
exploiting a, um, uh, vulnerability.
Yeah.
TJ Bettles: It just, it's avol,
it's exploiting a vulnerability
by giving you malware.
So I, I don't have to click on
anything through a social engineering
attack or an email or whatever for,
in order for that payload to execute.
All they have to do is send and they,
they pointed it at my IP address and.
They're in,
Travis Bader: you know, we're, we're
getting into a more and more digital
world where they're trying to bring in,
like, you look in the states and they're
trying to say, look at our currency
is gonna be cryptocurrency, right?
Mm-hmm.
And we're, that's gonna be, everything's
gonna be trackable, but man,
everything's gonna be so damn vulnerable.
Especially when we bring
in quantum computing.
There's a company here in Burnaby that
a few years ago was kind of leading the
edge on the quantum computing standpoint.
Mm-hmm.
Like, I gotta imagine, I, I guess
there's a couple approaches.
It's sort of like people I've spoken
to who are concerned about having
information out there on the internet.
Mm-hmm.
They say, I can either A, hide everything
or b inundate so much stuff that it's
so difficult for them to look through.
Right.
Um, with quantum computing coming
down the pipe, everything's gonna
be open and vulnerable, I would
TJ Bettles: imagine.
Well, not necessarily with, there's
quantum encryption now in that, That to
my knowledge, has not been cracked yet.
Interesting.
So, speaking of crypto for
a second, uh, think of xr.
Have you heard of X rrp?
Yeah.
The X RRP ledger.
Well, the XRP ledger
uses quantum encryption.
Okay.
Um, and so it's, it's, as far as we know
in, in the industry and in throughout the
world, the X R P ledger is unhackable.
At this point in time, nobody has
figured out a way to hack it yet.
Not to say that it can't
happen, cuz anything's possible.
Totally right.
But, uh, it's at this point in time, as
of today, the X R P ledgers, unhackable,
Travis Bader: I didn't even think about
the, the other side of that, of quantum
encryption and that, and that's kind
of crazy when you think about that a
computer can operate not in a binary
mode, but in a mode of superposition.
Mm-hmm.
That, that's, I, I still don't have my
head wrapped around exactly how they do
that, but it's, uh, it's pretty cool.
Um, And when you say not hackable at
this point, you ever hear that story?
It's going back a few years now, where
they said, we've got a, uh, secure
air gapped, computer air gap, meaning
it's not connected to the internet.
It's, you know what it means.
Yep.
But for the listeners, uh, not connected
to anything and other than to this
model rocket that we want to launch.
Right.
Can we, can we hack this computer?
Did you, did ever see that one?
No.
Okay.
So this is pretty cool.
Essentially what they had to do, and
it's gonna require a certain level
of physical intervention, they had to
load malware onto that computer mm-hmm.
As well as malware onto a
computer that was near it.
And what.
The computer that was near it,
which was connected to the internet,
would be able to use its own
internal processes to monitor heat,
ambient heat in the environment.
And the com.
They would have that
malware loaded on the both.
And so the one that was air
gapped would just data load.
So it heated up and then it would
cool down, heat up and cool down.
And it would transmit, I think it
was about like eight bites an hour.
So not, not efficient, not fast, but
through a sort of Morris code, it would
transmit the information they needed
in order to, uh, to hack that computer.
And they were able to launch
that model rocket on an air gap
computer just by somebody plugging
in a little bit of malware on
TJ Bettles: both.
That's why you ne you can
never say never, right?
I said, why?
I said, at this point in time, right?
Nobody's done it yet.
The term, the, the, the word yet
is what you should be focused on
because just because it hasn't been
done today doesn't mean it won't.
Right.
Happen tomorrow or the
next day or, or whatever.
So as is currently, it's not
hackable, the X RRP ledger, but
it may very well be down the road.
Someone finds a new way.
You got, there's millions of hackers
out there who all they do is sit
in front of their terminal all day
and they, they, they try different
things and they, they get frustrated.
They go away, they come back to it
and they, they sit there and then
they try and they try and they try
different things and then Right.
Until they just keep going
until something works.
It's, it's persistence.
Right.
And that, that's another thing
that makes a good ethical hacker
is most give up too easily.
Right.
If they can't find the, the easy way in.
And, and in a lot of instances,
your first go through of the
information, you might miss something.
Mm.
Whereas you have to go back.
It's like, oh, I, I don't really have
a, a, a really strong attack plan yet.
I'm gonna go back over my information
and see if there's anything
that I overlooked or missed.
Or, or is there.
Any other information that I can pull
from the target that will help me.
And
Travis Bader: that's a tenacity
that somebody who's on the
spectrum will have in spades.
Just keep going, keep going, keep going.
I know with, uh, you know, I was diagnosed
a d ADHD when I was in grade three,
and then a number of times afterwards.
Still not a hundred percent positive.
I have h ADHD based on literature, but
I do seem to present some of the mm-hmm.
All of the, anyways.
Um, It's not necessarily the inability
to pay attention because you can
pay attention really, really well.
Mm-hmm.
To things that you want to.
In fact, of course, 24 hours can
go by and you haven't eaten and you
haven't left your seat and you're
still working on the same thing.
Cuz a puzzle anyway.
Are you speaking
TJ Bettles: about yourself here?
Because those are, those are, those
are some traits of autism, huh?
Yeah.
You do some research on your own.
You might, you might be
amazed at what you find.
Hmm.
Interesting.
I, I'm like that too.
When I get immersed in a penetration test
for a client, my wife can come into the
room and, and, and try and talk to me.
I don't hear, I don't hear damn words.
She says, Hmm, I'm, I'm too, I'm like,
so laser focused on what I'm doing.
I forget to eat, I forget
to go to the bathroom.
I forget to shower.
I've, I'm just, I'm immersed in it, man.
Travis Bader: Huh, interesting.
So that trait.
Is, and I've seen other people that
work in like just basic engineering.
They're trying to, or, uh, computer
engineering and they're trying
to problem solve and they give up
and they don't know how to do it.
And someone's like, have you tried this?
Have you tried this?
Have you, have you just pressed control
brake like back in the day right?
As you're going through Escape.
Escape, right.
That was always the one, uh, password
coming up on the game you want to do.
But quick, quick, quick, quick control
break and you get past it, right?
And Yep.
Um, interesting.
Uh, R F I D, have you
ever played much of that?
No.
Okay.
I played a little bit, I made
some ar, Arduino, R F I D reader
writers, and then, uh, I ended up.
Some commercial ones.
And that's, I think, a massive
vulnerability for people who think, oh,
look it, I got a super high tech secure.
I just swipe my card.
Don't even swipe it.
Proximity.
Go.
Those are so
TJ Bettles: not secure.
It's, it's, it's actually
quite easy to clone a badge.
Yeah.
Surprisingly.
I mean, it's, I just say the more I I
got into the security stuff, the more,
the more I realized how much of an
opportunity, business opportunity there,
there was for what it is that we offer.
We don't sell software.
We're not, we don't go out and
advertise, we don't do marketing.
Our business has grown from word
of mouth and client referrals.
Yeah.
You know, uh, the nature
of what we do, it's.
There has to be trust there.
And, and, and I, myself, I'm hesitant
to work with people or organizations
that I don't know or aren't known
within my network of people that I know
Travis Bader: well, people
don't know what they don't know.
Right?
They don't know they're at
risk until all of a sudden
their credit cards compromised.
Yeah.
And that's massive, like identity theft.
Oh, huge.
TJ Bettles: So I'll give
you an example of that.
Uh, a couple of weeks ago or last
week, I was doing a penetration
test for a, uh, a nonprofit.
So it's an end of life care place.
I'm not gonna say who it is.
What we were able to, just looking at
the website was able, I was able to
pull, uh, stored credit card numbers.
Travis Bader: Well, that's,
what do they call it?
PCI compliance or p
Yeah, yeah, that's, uh,
TJ Bettles: which is, and they, they
take donations from over their website
through an unencrypted connection.
And, uh, I just, by running the website
through a tool I use called Burp Suite.
Are you familiar with Burp Suite?
No, no, no.
That one, it's, it's a web
application testing tool.
It is one of the most
amazing programs I have.
I have ever had the pleasure
of learning how to use.
Really?
My God, it is so awesome that,
uh, what you can do with it.
You can do brute force attacks.
You can, you can do basically pull
back any information on, on different
pages, and you get the response
code, you get all the information.
Really.
Oh, this is where you, and it's
Travis Bader: online,
TJ Bettles: it's online resource, or?
No, it's, it's, it's a, it's a
program that, uh, the community
version comes with Linux.
Okay.
Callie Linnux.
It's just basically this,
that's the platform that I use
for hacking most of the time.
There's a couple of other.
Uh, operating systems that I
will use depending on what it
is that we're, we're doing.
Yeah.
Um, but Callie's usually the go-to
and Burp Suite comes with it.
Um, it's, it, it's made by a
company called Port Wicker.
Okay.
And, um, the, they have a free edition,
which is, the community edition
doesn't have all the features of the,
of the, the pay edition, but, uh,
it's for web application testing.
So you can pull back all the
pages and you can even do SQL
injection, cross-site scripting.
So anywhere, anywhere on a webpage where
you have an, the ability to input data.
So whether it's a login, login form,
or a search function, et cetera.
In a lot of instances, websites
are vulnerable to SQL injection
or across a scripting just simply
by dumping a payload into the, the
field where you enter in information.
So with Burp Suite, you can then capture.
Capture that information into,
into Berk Street, and then
you can change your payloads.
You can run brief force and
then just see which one's
Travis Bader: gonna work.
Wow.
So would a headless design website be
inherently a little bit more secure
if one area gets compromised and
might not compromise the entirety?
Or
TJ Bettles: If you get in one
place, then chances are they're
gonna get in for the rest of it.
Okay.
It's just a matter of time.
Okay.
It's just about escalating
privileges and being able to
then access different resources.
And if you get in to the internal,
there's usually no controls.
Like most organizations now are
running active directory on the,
through their internal networks.
So employee comes into work, they
log into their computer, they, if
their login screen right, they put
their username and their password
that's logging into active directory.
So they're on a, actually
logging into an internal domain.
Mm-hmm.
Active directory is so vulnerable,
it's not even funny really.
And, and mostly due to default settings.
So people don't admin.
Yeah.
It people don't know what they don't know.
Right.
Uh, and, and they end up setting
up active directory incorrectly,
so it leaves it vulnerable.
So we've done some internal ones where
we've gone in, uh, where we were given,
um, login access just to gain initial
foothold onto the, onto the network
to do an internal network assessment.
And within a few hours we were able
to take over the domain controller,
uh, and basically have root
control over your entire network.
Travis Bader: Man, that's scary.
Yeah,
TJ Bettles: you're very
Travis Bader: scary.
Have you heard of a guy by
the name of Sammy Cam car?
No.
You should look him up.
I think you'd enjoy some of the
stuff that he's done, but, um,
He back in the day, MySpace days.
Oh, that's, that's way
back then, eh, going back.
But he's still active,
he's still doing his stuff.
But, um, uh, he's does the
ethical hacking and stuff as well.
But back in MySpace, I guess he made
the world's, and I might still stand
to date, um, fastest propagating worm.
And essentially anybody who like clicked
on his profile would get a little
thing injected on their profile that
says like, Sammy Camcar is my hero.
My name is so-and-so, and
Sammy Camcar is my hero.
Right.
Anyone who clicked on their, um, their
link, it would do the same thing.
And basically it just boom.
He, he put the thing out there
and it just spread like wildfire.
And, uh, he looks for exploits and things
and he does a lot of stuff at the actual
physical level of like working with
the, um, The microchips and everything.
You know, the neat one with a, uh, a
Mattel toy called, uh, I M M E, um,
basically it was an instant messaging
device for kids who the parents,
excuse me, parents didn't want to give
phones to and expose 'em to the world.
They could only instant message between
other people who had these things.
And it was running a, a Texas
instrument, um, chip in there.
That was actually a pretty cool little
chip that he said, geez, that's,
I can't believe they're using that
chip in there for this little device.
And he developed a, um, some code
to use this little kid's device to
basically open up any, uh, rolling code.
Uh, was it rolling code?
No, I don't know if it did.
Rolling code and basically all garage
door openers, all garage doors.
You can open it up this little
kid's device, uh, using, uh,
deru and logic where, oh, if you
have a number, like let's say the
password is, uh, Uh, uh, 2, 3, 4.
Right.
So you go root forcing your way through.
He found that he could greatly
reduce the time of injecting a
code if the device didn't require
a reset in between each password.
Mm-hmm.
So if he goes 1, 2, 3 and he's keeps
running 4 56 in the middle, there he is,
got 2 34 and that would be the password
that, so anyways, pretty brilliant fellow.
And he, what was the other one?
Uh, peep mail if you wanted to see who
was, and I don't know if it's still
running, but it was kind of a neat one.
You could go onto a website and
say, let's say, Amazon or, um,
Microsoft or whatever it might be.
And you could essentially search all the
people's names who are associated with
email addresses through that system in
a good way to be able to find out, um,
people's email addresses, contact the
big boss or, or pretend to be someone.
I guess
TJ Bettles: that's, finding
email addresses is one of the
easiest things That's one of the.
What you, I've mentored a few guys
along the way, and that's one of the
first things that, like I teach them,
is the open source intelligence stuff.
It's like how to find email addresses
and figure, and if you can't find it,
what you make educated guests is like,
especially if you're a salesperson.
Hmm.
You know, you're, you're always looking
to try and connect with decision makers.
Right.
Right.
And so how do you do that if
it's not listed on the website?
Well, you got LinkedIn, you
can figure out, okay, who
works for this organization?
Who's, who's the big boss?
They likely have a LinkedIn profile.
Then there's some different tools
that we can use to figure out
the syntax for the email address.
Uh, and then you just go from there.
And then, then you, there's another
couple of other tools that you can
use to verify the email address
before you even send them anything
to make sure it's it's Oh, really?
A legit email address.
Smart.
Oh yeah.
So it, it automates a lot of that
rather than doing it one by one,
it it, you just, Point and click.
And
Travis Bader: is AI gonna play a role
into this, into how you can start shifting
TJ Bettles: through data?
I've, I've been playing with AI actually.
Um, I had a, I have a bypass for chat G p
T, so it allows me to run it from the Lin
Linux command line using an API plugin.
Cool.
And so it, with this bypass it, I've got
it to write exploits and, uh, scripts for
me and things like that, so That is crazy.
Um, there's, there's, there's a,
a guy at a Singapore who has built
an open source penetration testing.
System.
That's the back end of it.
Is, is, is run by chat g p t four ai.
Yeah.
And I've been meeting to download
it, I just haven't gotten
around to, to trying it out yet.
Um, but he says from, it's the AI
assists you from the prospectus.
So of if you get stuck, the AI will be
able to look at all the information that
you've pulled down and go, okay, have, you
haven't looked over here or over here yet?
It's time.
You, you should go look in these
areas and it will give you hints on
Travis Bader: how to, right.
Because this, they've been building
safeguards in like originally I could
upload, and I guess you can still do
it through api, but I could upload
unlimited size document essentially.
And it would, so if I've got a book I have
to read to prepare for a podcast, I could
upload that book and it can give me a
summary of all of these different things.
I'm sure there's a way to
do that now, but you can't.
Do it right through the
front facing anymore?
No,
TJ Bettles: you, you, you
need to run the, the bypass.
Mm.
Uh, on the ba on through, like
Linux or whatever the, the bypass
I have is, is written in Python.
Travis Bader: Right, okay.
Yeah.
So some of the, uh, the prompts,
the safeguards are putting in now
is like, sorry, I can't help this.
I can't divulge that.
Or whatever I may be.
Yeah, exactly.
But is that only on the front facing?
TJ Bettles: That's only on the front
facing the, the, the, the running it
from the command line with the bypasses.
There are no restrictions.
Wow.
And that's the whole, that's the whole
reason that a hacker would want to do
that, or the ethical hacker would wanna
use a, uh, something like open ai, open
ai, ai chat, G P T for that is because
it can help you with that kind of thing.
Now I got just to test it out.
I got it to write me a couple of scripts.
The coding could be a little bit better.
Mm-hmm.
But it wasn't bad.
It, it, it, it, the scripts ran.
They worked.
They worked.
They, they could be a little bit
more efficient, but they worked.
Travis Bader: Geez.
Seems like the, uh, the whole landscape's
gonna be changing over the next few years
TJ Bettles: here.
Yeah, I think so.
Um, I don't think we'll see
the disappearance of the human
penetration tester anytime soon.
What the, what AI lacks still is that
outside the box thinking that creativity
that the human factor brings into it.
Right.
The, the ai AI only knows what it knows.
Yeah.
It's not at that point yet, I don't
think where it has the ability to
think abstractly and outside the
box when it comes to trying to
push forward on a penetration test.
Now I'm just saying that
based on my limited.
Experience playing with it.
Mm-hmm.
Um, I certainly need to experiment more.
Mm-hmm.
In order to, and I've been waiting,
I, I, I reached out to open AI and
asked them for an API key for the
newest release, which is chat G
p T four, and I'm on a wait list.
Travis Bader: Okay.
So day-to-day person, everyday
person, say, I don't run a business.
Just average person.
Where, what are typically their biggest
concerns from a security standpoint?
Is it just luck of the
draw if they get targeted?
TJ Bettles: Yeah.
I mean, unless they're being targeted
specifically by, by a malicious actor.
And that does happen.
You see that happen with, uh, VIPs,
celebrities, that kind of thing.
They get targeted by, especially
if you're, if you have a,
a public persona per Right.
You know, uh, The malicious actor
could end up tarking you because they
wanna shake you down for, for money.
They're gonna steal your
information and put it out there.
And there might be things that you don't
want going out into the public domain.
Mm.
So they'll be like, okay, well I'm gonna,
I'm gonna dump in on the web unless
you pay me x x number of dollars Mm.
Through Bitcoin or whatever, right?
Mm-hmm.
Um, so what can the individual
do to protect themselves?
Don't use public wifi.
Okay.
Um, stay up to date with their
software patching on all their devices.
So anytime you get a, um, a systems
update from, for your phone,
download that same with the apps
that you have running on your phone.
Make sure they stay up to date.
Mm.
And, uh, use strong passwords.
Travis Bader: Are there ever system
updates that come through that
aren't actually system updates,
but there's somebody trying to
get you to update something?
TJ Bettles: I'm not, do
you have a, an iPhone or
Travis Bader: a Yeah,
I shut it off before we
TJ Bettles: start recording,
but Yeah, yeah, yeah.
Um, I, I've never actually seen that,
but I suppose anything's possible.
Yeah.
It would, it would mean that they would
have needed to compromise the system
server that you would be getting the
da, the update for, say, iOS, right?
They would have to have then put something
malicious on the download server so that
you're connecting from, so they could
not target you directly in that regard.
They'd have to go through, like target,
apple, and then put something in
there that you would then download.
And now I'd like to think
that Apple is pretty secure.
But again, just like everything
else, if you're connected,
you're, you're vulnerable.
Mm.
Uh, it used to be that there was a
story that would go around that Apple
is far more secure than Microsoft.
Travis Bader: It's not,
I don't know if it's.
In my opinion anyways, at the time
was just less people were using it.
That's exactly it.
And so there's less people
trying to attack it.
Yeah.
And so those known exploits weren't.
TJ Bettles: And there's, there's
exploits that are, are being made
public all the time, our vulnerabilities
for iOS devices and Apple products.
Hmm.
So again, staying up to date with your
software patching is probably the biggest
thing because that, that, from a hacker's
perspective, that's, that's an easy win.
Mm-hmm.
If you're running
outdated software, I'm in.
Mm-hmm.
It's, it, it literally won't
take me very long at all.
Really.
Oh,
Travis Bader: yeah.
What about open source systems?
What are your, what are some of your
favorite places to go to for open source?
Would it just be basically
social media for op, like
TJ Bettles: intelligence wise?
Or, or, or, well, if you're
Travis Bader: tools and if you're
taking your first steps at looking
at a, um, uh, doing an ethical
penetration test on a business, uh,
TJ Bettles: okay.
So if, let's just use an a,
an external penetration test.
So with that, we look at all of the
access points to the internal network, the
website, uh, routers, that kind of thing.
And we pull as much information,
uh, From those IP addresses that
are within the scope of the test.
Mm.
And then we analyze
and then go from there.
Um, we have yet to do, uh, an
engagement where we have not found
at least one critical vulnerability,
which means full compromise.
Wow.
And, and you know, in a lot of
instances we don't actually go and
there'll be certain things that we
won't run against a client target.
Like so for example, we can attack
pieces of software that are attached to
a website or you can, you can even attack
the memory and the operating system.
Right.
We wouldn't generally attack the
memory and the operating system cuz
that could crash it and cause damage.
Hmm.
So there would be certain attacks,
like one's called a buffer overflow
is basically you, you part of the
attack crashes, it crashes the system.
And if you know how many bits it
takes to crash, A resource you can
at that exact moment when it hits
that, that number of bits to crash it.
Mm, you can then insert code and
launch and get a, get a shell.
Mm.
That will give you a reverse
shell access to the resource.
So I don't like to run those
against our client targets.
Not that all of them would cause
damage, but there's a risk, right?
So there's certain things like in,
in that regard that in my opinion,
I, I'm hesitant to go and, and do
that simply because there's risk
of causing harm, damage, et cetera.
Um, remember we have to remember what
our, our, our focus is, and that's
identify and document not cause damage.
Travis Bader: Where do
you see the future of.
Cybersecurity going,
TJ Bettles: it's gonna get
worse before it gets better.
Yeah.
Oh yeah.
Um, there's a lot of people now learning
how to do this stuff, but it, it
takes a special kind of in individual.
Some people can try, try, try, try.
They don't, they don't pick it up at all.
And others within six
months, they're dangerous.
You know, when they first,
from when they first.
Start playing around with it.
And it's just, it's like anything else.
It's a skill.
It's just practice,
practice, practice, practice.
Hmm.
Travis Bader: Easier to
identify pattern recognition.
This work last time.
Yep.
Just give it a shot again.
TJ Bettles: Yeah.
And then you just, you
end up learning as you go.
Cuz a lot of times you get stuck on
an engagement and you have to, okay.
Where I'm stuck here, what do I do?
Okay.
Out to Google.
Yeah.
Start searching.
You know, uh, when I first
started back in the nineties,
that stuff didn't really exist.
So I hang out with my friends and
we sort of learn off of each other.
I had a, a buddy that lived down the
street from me, he taught me the basics
and so we kind of went back and forth
and then we lost touch with each other.
And then I met another friend in
my twenties who he was the, the
greatest hacker I've ever known.
And he's never taken a
computer course in his life.
Really.
The guy's like seriously a genius.
Uh, and uh, he taught me more about.
All of this then.
Really?
Yeah.
And then, and then when I was
hacked in 2018, that's when I
really kicked it up on my own.
My friend that, that was the hacker
who taught me, he's, he's in his
fifties and he's, he had a stroke and
Travis Bader: Right.
Yeah.
He's young, young for a stroke.
TJ Bettles: Yeah.
Uh, he's, he's had his issues with him
hit by a car a number of years ago.
And anyway, that's
another story altogether.
Travis Bader: No kidding.
Yeah.
Well, is there anything else
we should be talking about on
this before we, uh, wrap up?
TJ Bettles: I can't think of anything.
Um, if, if you think that we
might be able to add value to your
organization, reach out to us.
Yeah.
Um, I'm sure Travis will, uh,
publish our website and our contact
information when he puts this up.
Yep.
Travis Bader: So we're gonna
have, uh, links in the bio.
We're gonna have links, okay?
Both on the podcast, both you on YouTube.
And you know, it's probably causing
people to have a whole bunch of questions.
And it's something I know about you
is you enjoy those sort of things.
You enjoy questions if people have them.
So look at the links, contact
TJ with your questions.
Tj, thank you so much.
TJ Bettles: Thank you very much.