WEBVTT Kind: captions Language: en-GB 00:00:08.340 --> 00:00:14.270 Travis Bader: I'm Travis Bader and this is the Silvercore Podcast. 00:00:14.270 --> 00:00:17.970 Silvercore has been providing its members with the skills and knowledge 00:00:17.975 --> 00:00:22.800 necessary to be confident and proficient in the outdoors for over 20 years, and 00:00:22.800 --> 00:00:26.820 we make it easier for people to deepen their connection to the natural world. 00:00:27.720 --> 00:00:32.940 If you enjoy the positive and educational content we provide, please let others 00:00:32.940 --> 00:00:37.460 know by sharing, commenting and following so that you can join in on 00:00:37.460 --> 00:00:39.660 everything that Silvercore stands for. 00:00:40.710 --> 00:00:43.320 If you'd like to learn more about becoming a member of the 00:00:43.320 --> 00:00:49.250 Silvercore Club and community, visit our website at Silvercore.ca 00:00:52.650 --> 00:00:56.540 so if you're like me as a child, I love the movie sneakers. 00:00:57.275 --> 00:01:00.995 Had a group of guys that would pick locks on a building, go on inside, get past 00:01:00.995 --> 00:01:07.205 their electronic security measures, hack into their system, transfer funds on, and, 00:01:07.205 --> 00:01:09.425 and just do some nefarious looking things. 00:01:09.425 --> 00:01:11.375 And you look at these guys and you think there are a bunch of bank 00:01:11.375 --> 00:01:15.725 robbers, only to find out that the company had hired them to do a 00:01:15.725 --> 00:01:17.825 penetration testing on their business. 00:01:18.215 --> 00:01:19.955 I thought that was the coolest thing in the world. 00:01:20.405 --> 00:01:25.025 And today I'm joined by a fellow who just does just that and he owns 00:01:25.025 --> 00:01:27.245 White Hat Cybersecurity Solutions. 00:01:27.365 --> 00:01:30.125 Welcome to the Silvercore Podcast, DJ Bes. 00:01:30.755 --> 00:01:32.405 TJ Bettles: Thank you very much for having me here. 00:01:33.455 --> 00:01:37.235 Travis Bader: So White Hat Cybersecurity Solutions. 00:01:37.715 --> 00:01:39.255 Tell me how did this come 00:01:39.255 --> 00:01:39.575 TJ Bettles: about? 00:01:40.795 --> 00:01:46.655 Um, this has been in the making probably for the last 30 plus years or so. 00:01:47.045 --> 00:01:53.255 Um, my journey as a hacker began at the age of 11. 00:01:54.315 --> 00:02:02.820 Uh, When I took control of my elementary school's network Oh yeah. 00:02:02.880 --> 00:02:04.350 And locked out all the teachers. 00:02:05.429 --> 00:02:11.160 Um, so I didn't really have skills at that point to do this type of 00:02:11.165 --> 00:02:17.700 thing, but the systems administrators had not password protected the 00:02:17.700 --> 00:02:19.500 system administrator's accounts. 00:02:19.560 --> 00:02:20.220 Hmm. 00:02:20.520 --> 00:02:25.320 So we were able to access super user systems, admin, uh, and change 00:02:25.320 --> 00:02:26.940 passwords, lock people out, whatever. 00:02:27.510 --> 00:02:30.360 Um, I never got in trouble for that. 00:02:31.110 --> 00:02:31.710 I didn't get caught. 00:02:32.070 --> 00:02:32.760 They never caught you. 00:02:32.820 --> 00:02:33.329 They never caught. 00:02:33.390 --> 00:02:34.801 That's rule number one is that that's rule number one. 00:02:35.040 --> 00:02:35.850 No, don't get caught. 00:02:36.180 --> 00:02:41.700 Uh, and that's kind of how my journey down and that's what I see hacking as. 00:02:41.700 --> 00:02:48.060 It's, it's a big, or it's, it's a progressive number of rabbit holes that 00:02:48.060 --> 00:02:51.540 you end up going down and researching. 00:02:51.545 --> 00:02:56.355 So, Being a good hacker is about being able to pull 00:02:56.355 --> 00:02:59.025 information, uh, from your target. 00:02:59.055 --> 00:03:02.115 So the more information that you can gather about your target, 00:03:02.295 --> 00:03:07.695 hmm, the better chances you will have of being able to succeed in, 00:03:07.700 --> 00:03:09.525 in penetrating into the system. 00:03:10.095 --> 00:03:17.715 So you learn this framework as you go, uh, of being able to extract 00:03:17.715 --> 00:03:21.855 information from your targets to determine what software they're running. 00:03:22.245 --> 00:03:25.665 Mm, are is it an Apple system, is it a Linux system or is it 00:03:25.665 --> 00:03:27.525 a Windows system, et cetera. 00:03:27.825 --> 00:03:29.835 Um, what, what are they running on their website? 00:03:29.895 --> 00:03:33.345 What versions of the different plug-ins are they running on their website? 00:03:33.345 --> 00:03:39.555 Cuz any, any one of those could be, uh, your way in to an internal network. 00:03:40.695 --> 00:03:41.295 So, 00:03:41.855 --> 00:03:45.495 Travis Bader: uh, you know, I've always found this sort of thing very fascinating. 00:03:45.885 --> 00:03:46.455 I. 00:03:47.325 --> 00:03:50.775 When in high school, actually a high school that both you and I went to mm-hmm. 00:03:51.554 --> 00:03:55.334 Uh, we had a computer teacher there who uses wife's name as a password. 00:03:55.635 --> 00:04:00.674 And uh, I was able to, I didn't hack, I just kind of figured it out. 00:04:00.680 --> 00:04:01.424 I, what do they call it? 00:04:01.430 --> 00:04:02.114 Biohacking. 00:04:02.174 --> 00:04:05.424 When you start, uh, trying to look at the person as opposed to the technology. 00:04:05.495 --> 00:04:05.785 Well, 00:04:06.015 --> 00:04:07.155 TJ Bettles: it's educated guessing. 00:04:07.155 --> 00:04:07.424 Right. 00:04:07.430 --> 00:04:10.334 And that's, that's, that's one of the things that we do when we're, we're 00:04:10.334 --> 00:04:16.394 doing an assessment on, on a target or a client target, is we will go out 00:04:16.394 --> 00:04:19.305 onto one of the first things that we do is called open source intelligence. 00:04:19.310 --> 00:04:24.344 We go on, go out onto the web and see if there has been previous breaches, uh, 00:04:24.350 --> 00:04:26.295 email addresses, passwords, et cetera. 00:04:26.414 --> 00:04:31.425 In the past, uh, and, and in a lot of instances, organizations are not staying 00:04:31.425 --> 00:04:35.594 up to date in changing passwords and keeping things in, keeping things secure. 00:04:35.600 --> 00:04:40.034 So, and in a lot of instances, we were able to get in, gain our initial foothold 00:04:40.039 --> 00:04:42.025 into an A client's network through. 00:04:42.990 --> 00:04:46.380 Just open source intelligence, pulling that information off of the web and 00:04:46.380 --> 00:04:48.900 then you just, you just, you run a brute force attack and you try. 00:04:48.960 --> 00:04:49.180 Is, 00:04:49.185 --> 00:04:51.700 Travis Bader: is that like dark web type stuff or is, is that Yeah, yeah. 00:04:51.705 --> 00:04:52.050 Yeah. 00:04:52.290 --> 00:04:55.200 TJ Bettles: There that sometimes, sometimes there's, there's a few sites 00:04:55.205 --> 00:04:58.860 that we go to that are constantly publishing stuff off of the dark web. 00:04:59.070 --> 00:04:59.370 Okay. 00:04:59.460 --> 00:05:01.620 So some of them are, you pay for, some of them are free. 00:05:01.970 --> 00:05:06.930 I've got a database, uh, on my Linux machine that's 44 gigs of 00:05:07.080 --> 00:05:09.360 credentials from the web Holy Grow. 00:05:09.510 --> 00:05:09.780 Yeah. 00:05:09.780 --> 00:05:10.740 So it's, uh, I dunno. 00:05:10.920 --> 00:05:11.190 Uh, 00:05:11.820 --> 00:05:13.770 Travis Bader: and that's just, when you say credentials, that's 00:05:13.770 --> 00:05:15.600 just like username passwords, 00:05:15.659 --> 00:05:16.470 TJ Bettles: that's email address. 00:05:17.190 --> 00:05:20.850 Not all of them are accurate anymore cause the database is a couple of years old. 00:05:21.720 --> 00:05:26.070 Uh, and so I have other, other avenues that I can go down to go down when 00:05:26.130 --> 00:05:28.830 I'm looking for, for credentials that are a little bit more recent. 00:05:28.835 --> 00:05:30.330 So that's the first thing we look for. 00:05:30.335 --> 00:05:33.180 We always look for the easy wins to start off with. 00:05:33.240 --> 00:05:37.380 Uh, and then if we don't find the easy wins, then we start pulling 00:05:37.380 --> 00:05:38.400 information about the system. 00:05:38.540 --> 00:05:38.659 Hmm. 00:05:38.659 --> 00:05:39.780 What are they running? 00:05:39.930 --> 00:05:44.445 Uh, Are there, is it, do they have a website? 00:05:44.445 --> 00:05:48.945 Are they, you know, you just, you have to go through these steps in 00:05:48.945 --> 00:05:51.675 order to see what you're up against. 00:05:51.675 --> 00:05:52.155 Totally. 00:05:52.515 --> 00:05:55.604 Uh, and so you go through that information gathering process, and 00:05:55.604 --> 00:05:59.265 then once you've gone through that process, you sit down and you analyze 00:05:59.265 --> 00:06:03.105 the information and you determine, okay, what's gonna be my best next course of 00:06:03.105 --> 00:06:05.775 action in regards to my tax surface? 00:06:05.775 --> 00:06:06.825 What are my options? 00:06:07.635 --> 00:06:10.125 What might, what can I run here that might work? 00:06:10.695 --> 00:06:12.284 That might allow me to get a shell. 00:06:12.555 --> 00:06:12.945 So, and 00:06:12.945 --> 00:06:15.854 Travis Bader: your whole process is to try and get through, is it, 00:06:15.854 --> 00:06:18.435 without breaking things through the process because you don't wanna 00:06:18.440 --> 00:06:19.995 cause hardship for your client. 00:06:20.205 --> 00:06:20.534 Yeah. 00:06:20.534 --> 00:06:23.625 TJ Bettles: And we've, I've been doing it long enough to know certain 00:06:23.625 --> 00:06:26.835 things that you would run, uh, and certain things that you wouldn't run. 00:06:26.835 --> 00:06:31.034 So one of the things that's always out of scope for us is we don't run denial of 00:06:31.034 --> 00:06:35.625 service tax against, against our client resources because our intent is not to 00:06:35.625 --> 00:06:37.245 cause harm or disruption to the resource. 00:06:37.245 --> 00:06:44.265 Our intent is to identify and, uh, I identify and document 00:06:44.325 --> 00:06:45.855 what we find in a report. 00:06:46.245 --> 00:06:46.395 It 00:06:46.395 --> 00:06:49.215 Travis Bader: struck me as we're talking about things here that some things might 00:06:49.220 --> 00:06:50.925 be a little bit foreign to the listeners. 00:06:51.165 --> 00:06:54.675 Can you explain what a denial of service a D D O S sort of 00:06:54.680 --> 00:06:55.185 TJ Bettles: attack would be? 00:06:55.185 --> 00:06:55.195 Okay. 00:06:55.195 --> 00:06:59.665 A denial of service attack is, is essentially a, uh, a program or a, a, 00:07:00.255 --> 00:07:05.505 a script that you would run against, a target that would crash it or, 00:07:05.505 --> 00:07:07.755 or cause damage to the resource. 00:07:07.755 --> 00:07:10.965 So it, it, it might, at the very least, it might just crash it, 00:07:10.970 --> 00:07:12.345 so it needs to repeat itself. 00:07:12.675 --> 00:07:15.645 And worst case scenario, it's gonna corrupt and destroy 00:07:15.645 --> 00:07:17.025 all of the data, right. 00:07:17.385 --> 00:07:18.135 That that's there. 00:07:18.135 --> 00:07:21.015 So that from our perspective, yes. 00:07:21.015 --> 00:07:25.020 We'll, we'll, we'll, When we go through our assessments and we run different 00:07:25.020 --> 00:07:29.250 scans of our target, and sometimes we'll come back and it'll come back and we'll, 00:07:29.370 --> 00:07:33.450 it'll say we have some potential denial service attacks that we could run. 00:07:33.660 --> 00:07:36.600 We just document that and we don't actually run them against the client. 00:07:37.110 --> 00:07:37.410 Got it. 00:07:37.440 --> 00:07:41.050 Simply because we're not there to, to cause damage or disruption. 00:07:41.790 --> 00:07:45.660 Um, we're adhered to identify and document. 00:07:46.230 --> 00:07:50.250 Travis Bader: So I find that there's so many avenues that we can talk 00:07:50.250 --> 00:07:56.370 about here and I'm gonna try my best, excuse me, in a, to try and address 00:07:56.370 --> 00:07:59.341 it in a chronological order in the best sort of a d h, D way I can. 00:07:59.570 --> 00:07:59.610 Okay. 00:07:59.790 --> 00:08:01.530 Which is tend to be all over the place. 00:08:01.560 --> 00:08:02.040 Oh, that's fine. 00:08:02.040 --> 00:08:02.280 Let's just 00:08:02.280 --> 00:08:03.060 TJ Bettles: have a conversation. 00:08:03.150 --> 00:08:03.630 Travis Bader: Yeah. 00:08:03.690 --> 00:08:10.320 Um, so I find that the people I know who make the best. 00:08:11.250 --> 00:08:15.090 Sort of hackers, let's say, are, and they're not necessarily people who 00:08:15.090 --> 00:08:17.880 are computer hackers, but they're able to figure out problems, right? 00:08:17.880 --> 00:08:21.240 They're able to figure out, um, puzzles, get around things. 00:08:21.359 --> 00:08:25.409 They're people who have a mindset of approaching a problem 00:08:25.414 --> 00:08:26.609 in a very particular way. 00:08:27.030 --> 00:08:31.500 And the first thing that you said about the low hanging 00:08:31.500 --> 00:08:33.689 fruit, finding the easy way in. 00:08:34.380 --> 00:08:38.400 So often when you're given a hammer and you come in and you're looking at all the 00:08:38.400 --> 00:08:43.710 places to use this hammer, you become just laser focused on how do I use my hammer? 00:08:43.710 --> 00:08:44.670 How do I use my hammer? 00:08:45.360 --> 00:08:49.439 And the people who tend to make the best problem solvers in this respect are 00:08:49.439 --> 00:08:53.069 those who can put that hammer down and say, I know I've got this hammer, but 00:08:53.069 --> 00:08:56.189 let me just take a look at this, this situation around me and what I can do. 00:08:56.220 --> 00:08:57.510 And I'll give you an example of that. 00:08:57.900 --> 00:09:00.689 Um, when I was in grade four, I learned how to pick locks. 00:09:00.750 --> 00:09:02.220 And it was fun. 00:09:02.220 --> 00:09:02.970 It was like a puzzle. 00:09:03.140 --> 00:09:03.360 And. 00:09:04.470 --> 00:09:08.280 By the time I got into, well, I was outta high school at this point. 00:09:08.670 --> 00:09:12.540 I, um, was working for, uh, Shaw Cable. 00:09:12.540 --> 00:09:12.630 Mm-hmm. 00:09:12.870 --> 00:09:15.930 They'd just taken over from, you know, Shaw and Robert Rogers. 00:09:15.935 --> 00:09:21.390 They did their swap and it was my job to go into places and audit and make 00:09:21.390 --> 00:09:24.660 sure that if they're getting cable and they're not paying for it, that 00:09:24.660 --> 00:09:26.970 they're either upsold or disconnected. 00:09:26.970 --> 00:09:29.670 But you have to go into the apartment blocks and you have to 00:09:29.670 --> 00:09:35.130 find, um, uh, the electrical boxes and, and where everyone's at. 00:09:35.135 --> 00:09:35.400 So, mm-hmm. 00:09:35.880 --> 00:09:39.090 I'd have to drive all the way downtown, go get the keys to the apartment blocks, 00:09:39.095 --> 00:09:43.260 come all the way back to wherever it was, and then zip back out as quick 00:09:43.260 --> 00:09:45.180 as I could before everything closed. 00:09:45.180 --> 00:09:46.800 I'm like, this doesn't suit me. 00:09:46.800 --> 00:09:47.940 I want to get up early. 00:09:47.940 --> 00:09:49.140 I want to do my job. 00:09:49.145 --> 00:09:53.700 I want to get out and be on the beach or do something else halfway through, I know 00:09:53.700 --> 00:09:55.380 my list of the places I have to go to. 00:09:55.680 --> 00:09:58.830 I just gotta skip the key part and use this as a challenge. 00:09:58.830 --> 00:09:58.831 Right. 00:09:59.925 --> 00:10:04.694 And I ended up making a, uh, uh, a lock pick for internal locks. 00:10:04.694 --> 00:10:09.584 I just turned down some steel in, in a lathe and drilled it out and hand 00:10:09.589 --> 00:10:13.905 ground some hacksaw blades as the, it's, uh, I think they call 'em super locks. 00:10:14.235 --> 00:10:16.604 Uh, I found a real easy way you can get 'em, basically any 00:10:16.604 --> 00:10:18.714 apartment block in around here. 00:10:18.785 --> 00:10:22.155 Anyways, with this, this pick contacted the company, told 00:10:22.155 --> 00:10:23.535 'em their, the security flaw. 00:10:23.535 --> 00:10:28.935 They still haven't changed it, but some places I'd get in and I'd start trying 00:10:28.939 --> 00:10:31.905 to get the door open and I'd get in the door open, I'm working at this and come 00:10:31.905 --> 00:10:35.265 on, I don't know why I can't get into it, only to realize that, you know, 00:10:35.270 --> 00:10:38.954 there's a male slaughter, a little thing I can reach through with my arm and 00:10:38.959 --> 00:10:40.694 just open the thing from the other side. 00:10:41.295 --> 00:10:45.405 And to me, when I finally reached that point of getting away from that 00:10:45.405 --> 00:10:49.844 linear vision of how to approach that problem, I got my hammer. 00:10:49.849 --> 00:10:50.655 How do I use it? 00:10:51.074 --> 00:10:55.334 Um, I was in and out of these buildings in record time, getting my audits 00:10:55.339 --> 00:10:57.555 done, getting my work done in no time. 00:10:58.200 --> 00:11:04.350 I think that is something that a lot of people in your line of work that I've 00:11:04.350 --> 00:11:10.320 encountered tend to still struggle with is to break out of that, uh, that sort of 00:11:10.320 --> 00:11:12.870 linear thinking to an, to an, an approach. 00:11:13.680 --> 00:11:17.390 Would, is that, that's my observation from the outside on the inside. 00:11:17.730 --> 00:11:18.390 Is that what you see? 00:11:18.450 --> 00:11:18.930 Um, 00:11:20.610 --> 00:11:25.470 TJ Bettles: I think the biggest thing to, to be good at this type of work 00:11:25.770 --> 00:11:27.660 is that you have to be creative. 00:11:27.660 --> 00:11:31.950 It's, it's, it's just as much art form as it is technical. 00:11:32.610 --> 00:11:41.100 So think about, uh, the master thief who figures out a way to steal a multimillion 00:11:41.100 --> 00:11:42.840 dollar painting from a museum. 00:11:43.320 --> 00:11:47.160 He has to do his reconnaissance, he has to gather information about the 00:11:47.160 --> 00:11:51.550 target and then analyze that information is to, okay, what's gonna be my. 00:11:52.485 --> 00:11:54.135 Best chance of success here. 00:11:54.224 --> 00:11:54.615 Mm-hmm. 00:11:54.855 --> 00:11:56.895 Being a hacker is much the same. 00:11:56.985 --> 00:12:00.525 Uh, except, well, it, it is the same in the sense that you need 00:12:00.525 --> 00:12:04.724 to be creative and you need to be able to think outside the box. 00:12:05.714 --> 00:12:06.165 You know? 00:12:06.165 --> 00:12:09.824 Uh, there's a, there's a video that I posted a while ago and there 00:12:09.824 --> 00:12:15.765 was, it was a, uh, I guess a, a cybersecurity security center analyst 00:12:15.795 --> 00:12:20.235 standing there and he's like, okay, sh shoot me, uh, shoot me here. 00:12:20.235 --> 00:12:22.964 And he's wearing a, he wearing a bulletproof vest and the guy shoots him in 00:12:22.969 --> 00:12:26.925 the leg because that, that's essentially what penetration testing is, right. 00:12:27.045 --> 00:12:31.694 So from the defensive standpoint, most organization, organizations 00:12:31.785 --> 00:12:33.105 think that they're protected. 00:12:33.165 --> 00:12:33.405 Mm. 00:12:33.435 --> 00:12:37.485 In regards they have firewalls and antivirus and, and and whatnot. 00:12:37.515 --> 00:12:41.745 But let a hacker loose on them for five or 10 minutes and they'll have 00:12:41.745 --> 00:12:45.615 a whole list of things that they find that could potentially be exploited. 00:12:45.620 --> 00:12:45.795 Mm. 00:12:46.094 --> 00:12:48.555 To gain access, not only gain access to. 00:12:49.620 --> 00:12:56.670 Private resources, but then once you gain access, there's really no controls 00:12:56.819 --> 00:12:58.890 on the inside of an internal network. 00:12:59.430 --> 00:13:03.180 So if you gain a foothold, you're well on your way to causing some 00:13:03.180 --> 00:13:05.459 serious damage if that's your intent. 00:13:06.300 --> 00:13:11.520 Travis Bader: One of the easiest ways that I found for access was 00:13:11.520 --> 00:13:13.110 just to walk in behind somebody else. 00:13:13.230 --> 00:13:13.650 There you go. 00:13:13.829 --> 00:13:14.160 Right. 00:13:14.160 --> 00:13:14.219 Yeah. 00:13:14.219 --> 00:13:15.780 And then I didn't have to do anything. 00:13:15.780 --> 00:13:16.920 And that's a security. 00:13:17.310 --> 00:13:22.020 Um, A security flaw from the users of that place? 00:13:22.020 --> 00:13:22.110 Yep. 00:13:22.140 --> 00:13:23.490 Or where, whatever it might be. 00:13:23.490 --> 00:13:27.450 Do you ever, do you ever try accessing those sort of measures on people? 00:13:27.450 --> 00:13:31.500 Just say, oh, hey, I'm put on, put on a nice shirt and a name tag and have a 00:13:31.500 --> 00:13:34.890 little clipboard with you and just say, Hey, I'm, I'm here with blah, blah, blah. 00:13:34.895 --> 00:13:35.580 I just want to go see. 00:13:35.760 --> 00:13:36.030 TJ Bettles: Yeah. 00:13:36.030 --> 00:13:38.940 I mean, we've, we've done, we've done a couple of physical penetration tests 00:13:38.940 --> 00:13:42.840 now and it was about gaining access to the, to the works, the work site. 00:13:42.840 --> 00:13:43.110 Right. 00:13:43.140 --> 00:13:43.410 Okay. 00:13:43.770 --> 00:13:48.090 So I ended up dressing up as a courier in order to get myself in 00:13:48.090 --> 00:13:49.830 through the door and it worked. 00:13:50.220 --> 00:13:52.260 Travis Bader: Um, that's amazing. 00:13:52.860 --> 00:13:53.940 A little bit of confidence. 00:13:53.940 --> 00:13:56.400 And a clipboard can get you a long way, can't it? 00:13:56.430 --> 00:13:56.760 Or, 00:13:56.940 --> 00:13:58.410 TJ Bettles: or you can even take it a step further. 00:13:58.410 --> 00:14:00.660 You can clone ID badges and things like that. 00:14:00.660 --> 00:14:03.390 So going back to the open source intelligence things, one of the 00:14:03.390 --> 00:14:04.890 things that we look for is a hack. 00:14:05.040 --> 00:14:08.040 If I'm a hacker or an ethical hacker, is what white hat does. 00:14:08.700 --> 00:14:15.150 We look for any information that we can use that could help us gain access. 00:14:15.150 --> 00:14:18.810 So we're combing Facebook, we're combing LinkedIn, we're looking 00:14:18.815 --> 00:14:22.170 for pictures, we're looking for staff pictures where a staff member 00:14:22.170 --> 00:14:24.210 might have an ID badge, right. 00:14:24.210 --> 00:14:25.290 Showing in the picture. 00:14:25.295 --> 00:14:29.761 So with digital cameras nowadays, the megapixels are so high that 00:14:29.766 --> 00:14:34.080 you can zoom in on that image and you can very easily get the barcode 00:14:34.110 --> 00:14:39.360 and you can clone that badge in order to gain access to a company. 00:14:39.630 --> 00:14:40.140 Wow. 00:14:40.949 --> 00:14:46.319 You know, so from our perspective, um, most organizations are 00:14:46.319 --> 00:14:47.850 just, they're wide open. 00:14:48.270 --> 00:14:51.810 Um, and that's really what, and you know, a little bit about my 00:14:51.810 --> 00:14:53.880 history, I had a gym in Nova Scotia. 00:14:53.880 --> 00:14:53.939 Yeah. 00:14:53.944 --> 00:14:57.569 And before that, I, I worked in hr, I worked in software solutions 00:14:57.574 --> 00:15:00.390 for a number of years, but I've been a hacker since I was a kid. 00:15:00.510 --> 00:15:00.840 Mm-hmm. 00:15:00.990 --> 00:15:05.760 Uh, and I sort of put that onto the back burner for a little while when I was doing 00:15:05.850 --> 00:15:09.870 the work thing with, with in HR and in software solutions and, and then the gym. 00:15:09.930 --> 00:15:15.060 And then when my wife and I got out to Nova Scotia in 2018, I was hacked. 00:15:15.660 --> 00:15:18.079 My phone was hacked, they got into my bank account Mm. 00:15:18.300 --> 00:15:19.290 And whatnot. 00:15:19.470 --> 00:15:23.790 Luckily the bank caught it before, uh, any damage was done. 00:15:24.510 --> 00:15:29.550 But that was, it was then, so 2018 or so that I ramped up, I took my 00:15:30.030 --> 00:15:34.350 mediocre skills as a hacker, uh, and I, I ramped up my studying and training. 00:15:34.470 --> 00:15:38.820 And so over the last five years, it's, I've taken it to a whole other level. 00:15:39.180 --> 00:15:44.970 And because of what I had done with my extracurricular activities growing up. 00:15:45.180 --> 00:15:48.660 Now let me preface this by saying I've never caused any damage. 00:15:49.110 --> 00:15:49.350 Yeah. 00:15:49.410 --> 00:15:54.780 And I've never done anything that would be, would warrant a knock 00:15:54.780 --> 00:15:56.100 on the door from the police. 00:15:56.105 --> 00:15:56.340 Right. 00:15:56.760 --> 00:15:57.180 Right. 00:15:57.180 --> 00:16:00.930 So when you're learning how to do these things, the web's a great place to go. 00:16:00.930 --> 00:16:04.500 You can see other people who've gone down the path before and they, 00:16:04.800 --> 00:16:08.190 they're great at writing write-ups and YouTube videos and, and whatever. 00:16:08.190 --> 00:16:11.100 And then you find, you start finding different areas that you 00:16:11.100 --> 00:16:14.340 can get information from mm-hmm. 00:16:14.585 --> 00:16:17.670 In regards to your, your learning process. 00:16:17.670 --> 00:16:18.570 And then you just, it's 00:16:18.570 --> 00:16:19.350 Travis Bader: trial and error. 00:16:19.800 --> 00:16:24.390 Well, I, I really like that so, Just from the, let's say the lock picking side, 00:16:24.720 --> 00:16:26.580 I was always told don't tell anybody. 00:16:26.820 --> 00:16:26.940 Yeah. 00:16:26.940 --> 00:16:27.930 Keep, keep it to yourself. 00:16:28.020 --> 00:16:28.080 Yeah. 00:16:28.230 --> 00:16:31.380 Nobody's gonna trust you if they think something and sure enough 00:16:31.860 --> 00:16:33.930 told someone something goes missing. 00:16:33.935 --> 00:16:35.520 You're like, well, Travis knows how to pick locks. 00:16:35.520 --> 00:16:36.450 Like, I never stole it. 00:16:36.450 --> 00:16:37.320 I wouldn't do that. 00:16:37.320 --> 00:16:37.590 Right. 00:16:37.920 --> 00:16:39.390 I enjoy the puzzle of it. 00:16:39.390 --> 00:16:39.391 Mm-hmm. 00:16:39.660 --> 00:16:41.520 I enjoy the learning process of it. 00:16:41.910 --> 00:16:43.500 I, I'm, I'm not here to do something 00:16:43.505 --> 00:16:43.590 TJ Bettles: illegal. 00:16:43.690 --> 00:16:43.910 No. 00:16:43.910 --> 00:16:47.040 And that, and that's, that's for me, it was, I was never interested in 00:16:47.040 --> 00:16:49.200 causing damage or harm to anybody. 00:16:49.470 --> 00:16:52.890 It was all about ch always about challenging myself to see could I do it? 00:16:53.250 --> 00:17:00.270 Travis Bader: But that also raises a, um, the, the perception of 00:17:00.270 --> 00:17:02.040 threat in other people's minds. 00:17:02.100 --> 00:17:02.430 Right. 00:17:02.610 --> 00:17:03.960 They'll, they'll watch Mr. 00:17:03.960 --> 00:17:07.470 Robot and they'll think, Hey tj, he's just like, Mr. 00:17:07.474 --> 00:17:08.579 Robot, he can do anything. 00:17:08.579 --> 00:17:09.810 He'll take, take this thing apart. 00:17:09.815 --> 00:17:15.030 And their idea of what is possible with hacking and, and what is actually done 00:17:15.035 --> 00:17:17.101 with ethical hacking and white hat. 00:17:17.835 --> 00:17:20.265 Hacking seals is miles apart. 00:17:20.270 --> 00:17:21.165 Yeah, absolutely. 00:17:21.165 --> 00:17:21.855 Miles apart. 00:17:21.885 --> 00:17:22.125 TJ Bettles: Yeah. 00:17:22.125 --> 00:17:25.875 We're, it's not our goal to steal information or cause, 00:17:25.935 --> 00:17:27.605 or cause any harm whatsoever. 00:17:27.945 --> 00:17:33.795 Our, our goal is always to help the, the business that's engaged us Right. 00:17:33.915 --> 00:17:40.065 To evaluate the attack surface of their, of their network. 00:17:41.355 --> 00:17:48.165 Travis Bader: We were talking prior, off camera off Mike here about, um, sort of 00:17:48.165 --> 00:17:52.455 forensic services and some of the places that I've done some work with in the past. 00:17:52.995 --> 00:17:55.305 You know, I, I've told this story before on the podcast mm-hmm. 00:17:55.385 --> 00:18:01.335 About sitting in the, um, a lawyer's office waiting my turn to, uh, chat 00:18:01.335 --> 00:18:05.265 with a lawyer because they needed some help on a, um, this was a, a 00:18:05.265 --> 00:18:08.535 weapons case and they were looking for somebody to be a subject matter expert. 00:18:08.540 --> 00:18:08.585 Mm-hmm. 00:18:08.665 --> 00:18:08.905 Weapons. 00:18:08.905 --> 00:18:09.145 Mm-hmm. 00:18:10.860 --> 00:18:14.730 As I'm sitting in there, I'm listening to this private investigator, talk 00:18:14.730 --> 00:18:18.209 to the lawyer and all the steps that they've taken to try and locate this 00:18:18.215 --> 00:18:20.550 person who, I guess I don't know why they needed to find him, they 00:18:20.550 --> 00:18:22.020 needed to serve her or something. 00:18:22.024 --> 00:18:22.290 Right. 00:18:22.980 --> 00:18:27.570 And uh, as I'm sitting in the other room, I just open up my, my 00:18:27.570 --> 00:18:28.919 computer, connected to my phone. 00:18:29.669 --> 00:18:34.050 I start typing away, and by the time they finish their conversation, just through 00:18:34.050 --> 00:18:37.919 open source tools, and I don't have a background in this, this is just, to me, 00:18:37.919 --> 00:18:39.750 it looks like a fun, puzzler, fun game. 00:18:40.439 --> 00:18:43.199 Um, I was able to find where this person was. 00:18:43.199 --> 00:18:45.540 It wasn't through her Facebook accounts. 00:18:45.780 --> 00:18:49.050 It was the fact that her child had piano lessons at another 00:18:49.050 --> 00:18:50.520 person's place out in Squamish. 00:18:50.520 --> 00:18:52.139 That person at a Facebook account. 00:18:52.439 --> 00:18:58.050 And the security flaw for her, because she was hiding, uh, wasn't 00:18:58.110 --> 00:19:01.500 so much on her side, but on those who she surrounded herself with, which 00:19:01.504 --> 00:19:02.850 I thought was kind of interesting. 00:19:03.120 --> 00:19:05.340 Anyways, the PI leaves. 00:19:05.610 --> 00:19:06.420 I go in and talk to the lawyer. 00:19:06.720 --> 00:19:12.344 I said, well, I don't, excuse me, I don't know how accurate this information is 00:19:12.344 --> 00:19:17.205 gonna be for you, but you know, from the looks of it, it appears that she'll be 00:19:17.385 --> 00:19:22.965 at this location for piano lessons in Squamish at this day and on this time. 00:19:23.324 --> 00:19:25.665 And sure enough, that's exactly where she was. 00:19:25.665 --> 00:19:30.854 And that led to, um, a few other interesting gigs, and I 00:19:30.854 --> 00:19:32.415 can chat about that afterwards. 00:19:32.415 --> 00:19:38.804 But, um, the, the security that falls outside of your control, so 00:19:38.804 --> 00:19:44.504 to speak, um, is that an area where you typically find people's flaws? 00:19:44.915 --> 00:19:45.475 People's 00:19:45.975 --> 00:19:46.395 TJ Bettles: points? 00:19:46.395 --> 00:19:48.615 In a lot of instances, yeah. 00:19:48.615 --> 00:19:50.865 You'd be amazed at what people share. 00:19:51.315 --> 00:19:55.035 Confidential information that they share on, on their social media 00:19:55.035 --> 00:19:59.475 pages, pictures specifically, you could get, um, a license plate of, 00:19:59.535 --> 00:20:01.875 of, of their vehicle, for example. 00:20:02.415 --> 00:20:10.075 Or, um, like I said before, ID badges from the workplace or we're list as, as as 00:20:10.365 --> 00:20:14.115 ethical hackers when we're going through our evaluation process, we're looking 00:20:14.175 --> 00:20:19.365 for anything that we could potentially leverage that would help us gain access. 00:20:19.635 --> 00:20:24.915 So any, any information about employees, for example, their personal life they 00:20:24.920 --> 00:20:29.504 give, that's gonna give you ideas for password guesses, for example? 00:20:29.775 --> 00:20:30.165 Hmm. 00:20:30.825 --> 00:20:31.245 Right. 00:20:31.305 --> 00:20:36.585 Um, I, I guess the, the biggest things that we see over and over and over again, 00:20:36.585 --> 00:20:38.264 there's, there's, there's three things. 00:20:38.504 --> 00:20:41.955 Um, I mean, where our focus is of course prevention. 00:20:42.315 --> 00:20:46.675 So the three things are security policies, good security policies, good 00:20:46.785 --> 00:20:49.635 password policies, good configuration. 00:20:49.635 --> 00:20:50.325 So using. 00:20:51.330 --> 00:20:53.970 The best encryption available, et cetera. 00:20:53.970 --> 00:20:57.360 Making sure that all of the pages on your, on your site and your 00:20:57.360 --> 00:21:00.900 network that you're connecting to have, uh, have good encryption. 00:21:01.410 --> 00:21:04.470 And then of course, What's the last one? 00:21:05.430 --> 00:21:07.080 Uh, my, my brain's just fart. 00:21:07.080 --> 00:21:07.260 I don't know. 00:21:08.310 --> 00:21:09.090 Travis Bader: Hey, it'll come to you. 00:21:09.090 --> 00:21:09.780 It's okay. 00:21:10.620 --> 00:21:11.700 So good security 00:21:11.700 --> 00:21:12.300 TJ Bettles: policies. 00:21:12.330 --> 00:21:12.570 Yep. 00:21:12.575 --> 00:21:13.650 Good security policies. 00:21:13.655 --> 00:21:15.150 Good configuration, hygiene. 00:21:15.155 --> 00:21:15.990 Elliot, then software 00:21:15.990 --> 00:21:17.220 Travis Bader: patching, software patch. 00:21:17.280 --> 00:21:18.000 Oh, right. 00:21:18.005 --> 00:21:18.040 Yes. 00:21:18.040 --> 00:21:18.240 Yeah. 00:21:18.690 --> 00:21:19.950 Uh, so a lot of people don't update 00:21:19.950 --> 00:21:20.370 TJ Bettles: their software. 00:21:20.370 --> 00:21:21.930 They don't up, they're, they're not, they're not, they don't 00:21:21.930 --> 00:21:23.040 think it's that big of a deal. 00:21:23.040 --> 00:21:25.200 They think it's more of an annoyance than anything else. 00:21:25.410 --> 00:21:29.100 And anytime a, a vendor releases a software patch for a piece of 00:21:29.100 --> 00:21:33.450 software that you're running, it's because they have identified 00:21:33.600 --> 00:21:35.310 bugs or vulnerabilities in it. 00:21:35.580 --> 00:21:35.910 Hmm. 00:21:36.030 --> 00:21:39.660 So it's important to do your Windows updates and all of your software 00:21:39.660 --> 00:21:41.850 updates as they a, as they are released. 00:21:42.300 --> 00:21:47.580 Cuz if you don't, you could very well then be, be vulnerable to attack. 00:21:47.640 --> 00:21:47.820 What 00:21:47.825 --> 00:21:50.340 Travis Bader: about firmware updates on, let's say routers? 00:21:50.340 --> 00:21:54.570 And is that, are those, are those gonna contain performance upgrades 00:21:54.575 --> 00:21:56.100 usually, or, or security upgrades? 00:21:56.100 --> 00:21:56.550 Both. 00:21:56.640 --> 00:21:56.820 TJ Bettles: Yeah. 00:21:56.820 --> 00:21:57.210 Usually. 00:21:57.570 --> 00:22:00.210 Uh, and generally it's security upgrades. 00:22:00.360 --> 00:22:00.810 Hmm. 00:22:01.330 --> 00:22:01.530 Right. 00:22:01.560 --> 00:22:05.340 So you've got older routers that they come default out of the box 00:22:05.340 --> 00:22:07.260 with a a nine digit password. 00:22:07.470 --> 00:22:07.830 Hmm. 00:22:08.010 --> 00:22:12.120 Uh, and so nine number digit passwords are very easy to crack. 00:22:12.120 --> 00:22:14.340 They don't take very long to, so a nine digit would probably 00:22:14.340 --> 00:22:17.580 take 15 minutes and that'd 00:22:17.580 --> 00:22:18.660 Travis Bader: be alphanumeric capital. 00:22:19.110 --> 00:22:19.860 No, that would just be 00:22:19.860 --> 00:22:19.861 TJ Bettles: numbers. 00:22:19.930 --> 00:22:20.380 Just numbers. 00:22:20.410 --> 00:22:20.700 Okay. 00:22:20.880 --> 00:22:25.080 So these are, these are com default out of the box with numbered passwords. 00:22:25.140 --> 00:22:25.620 Right. 00:22:25.860 --> 00:22:27.480 Which are, it's not secure. 00:22:27.540 --> 00:22:28.650 So I'll give you an example. 00:22:28.650 --> 00:22:31.770 Was just on the island doing a penetration test for a resort. 00:22:32.400 --> 00:22:39.000 Uh, and, uh, we, uh, tested their wireless, all right. 00:22:39.000 --> 00:22:41.340 So they had nine wireless access points. 00:22:41.340 --> 00:22:45.990 We were able to not only gain the passwords for each, each and every 00:22:45.990 --> 00:22:48.140 single one to access the wifi network. 00:22:48.480 --> 00:22:48.570 Mm-hmm. 00:22:48.840 --> 00:22:53.730 But I was able to then, With default credentials get into the 00:22:53.735 --> 00:22:55.470 back end of the routers as well. 00:22:55.650 --> 00:22:55.860 Come on. 00:22:56.460 --> 00:22:56.730 Oh yeah. 00:22:56.730 --> 00:22:58.200 So we had full control. 00:22:58.230 --> 00:23:02.340 We were able to take full control over their internal network, uh, simply 00:23:02.345 --> 00:23:05.970 by breaching their wireless security. 00:23:06.300 --> 00:23:13.590 Now this, this becomes, uh, an animal with legs on it or a spotter with legs, cuz 00:23:14.220 --> 00:23:16.230 the implications of this are, are huge. 00:23:16.230 --> 00:23:19.770 This is, this is a, a resort where they have business 00:23:19.770 --> 00:23:21.690 conferences on a regular basis. 00:23:21.690 --> 00:23:23.610 So they have a conference center and whatever. 00:23:24.030 --> 00:23:27.781 Uh, think of the business people that are going in there and then they're off time, 00:23:27.786 --> 00:23:32.730 then they're in the rooms and they're accessing the hotel's wireless network. 00:23:33.780 --> 00:23:37.320 And there could be malicious actors on there because they're 00:23:37.410 --> 00:23:38.910 very, very weak security. 00:23:38.910 --> 00:23:42.510 So you just never know who's listening and who might be trying to. 00:23:43.500 --> 00:23:46.439 Intercept your traffic, who's even evaluating your machine? 00:23:46.439 --> 00:23:51.120 So if you get onto the internal network, I can then run a couple of 00:23:51.120 --> 00:23:55.110 different commands and I can see, and I, which machines are running 00:23:55.110 --> 00:23:56.639 on, on that particular network. 00:23:57.149 --> 00:23:59.909 And I get an IP address, an internal IP address for each 00:23:59.909 --> 00:24:00.810 and every single one of them. 00:24:00.814 --> 00:24:02.070 And then you start the evaluation process. 00:24:02.730 --> 00:24:05.610 You start your scans and you see, well, what are they running? 00:24:05.610 --> 00:24:07.230 How many, which ports are open? 00:24:09.030 --> 00:24:10.169 And then it just goes from there. 00:24:10.169 --> 00:24:11.699 And so you're always pressing forward. 00:24:11.699 --> 00:24:11.970 Right? 00:24:12.149 --> 00:24:19.050 Travis Bader: Would you ever use the free wifi, the included wifi with a, a hotel? 00:24:20.730 --> 00:24:22.590 TJ Bettles: Yeah, I would, I would. 00:24:22.770 --> 00:24:25.560 Uh, but use your, use A V P N. 00:24:26.340 --> 00:24:28.290 So protect yourself through A V P N. 00:24:28.379 --> 00:24:28.830 Okay. 00:24:29.669 --> 00:24:36.179 Um, but you just never know who else might be in the hotel sitting in their room. 00:24:36.389 --> 00:24:37.889 Uh, could be a malicious actor. 00:24:37.889 --> 00:24:39.900 He's sitting there waiting for someone to log in. 00:24:41.145 --> 00:24:41.595 You know, 00:24:41.855 --> 00:24:45.014 Travis Bader: I, I remember a number of years ago now, I had, I 00:24:45.014 --> 00:24:47.264 think it was a W r T 54 G mm-hmm. 00:24:47.504 --> 00:24:51.915 Router that I'd taken it apart and it was a project in mind to try and be able to 00:24:51.915 --> 00:24:57.254 pick up, um, wifi signal at long distance. 00:24:57.260 --> 00:24:57.274 Mm-hmm. 00:24:57.735 --> 00:24:59.566 And, uh, that was, that was kind of a fun thing. 00:24:59.695 --> 00:25:02.925 Not that I know what I'm doing to do it, but I can follow instructions 00:25:02.925 --> 00:25:04.665 like on YouTube or on the internet. 00:25:04.670 --> 00:25:04.715 Mm-hmm. 00:25:04.795 --> 00:25:06.435 And just kind of go along with that. 00:25:07.095 --> 00:25:12.195 But, uh, I'm, I'm sure that sort of thing is probably pretty outdated. 00:25:12.524 --> 00:25:19.545 What are, what are some of the, um, more common threats or devices that people 00:25:19.545 --> 00:25:21.405 kind of need to protect themselves from? 00:25:22.455 --> 00:25:26.625 Uh, because these devices get easier and easier for people to purchase. 00:25:26.629 --> 00:25:27.075 And cheaper. 00:25:27.075 --> 00:25:27.915 And cheaper, and. 00:25:29.455 --> 00:25:32.625 TJ Bettles: Uh, there's really no, you can mitigate your risk, but there's 00:25:32.625 --> 00:25:34.875 really no way to protect yourself 100%. 00:25:34.875 --> 00:25:37.545 If you're connected to the internet, you're vulnerable. 00:25:37.635 --> 00:25:38.055 Mm-hmm. 00:25:38.115 --> 00:25:40.305 And that's just the reality of the landscape. 00:25:40.305 --> 00:25:44.685 So just going on and opening up a web browser and going to your 00:25:44.685 --> 00:25:46.095 favorite websites is a risk. 00:25:46.100 --> 00:25:46.395 Right. 00:25:46.725 --> 00:25:50.415 It's just simply because you have an IP address that's assigned to your machine. 00:25:50.595 --> 00:25:52.995 You're, you're connected to a network that then connects 00:25:52.995 --> 00:25:54.615 on a gateway to the internet. 00:25:55.275 --> 00:26:00.915 You're, you're, you could potentially be a targeted by malicious actors. 00:26:01.215 --> 00:26:04.635 Travis Bader: One thing that surprised me, another law firm doing some work 00:26:04.635 --> 00:26:10.335 for, they had a woman come in and she was a, uh, wanted to separate 00:26:10.335 --> 00:26:12.975 from her husband spousal abuse. 00:26:12.980 --> 00:26:13.065 Mm-hmm. 00:26:13.175 --> 00:26:13.935 It was pretty bad. 00:26:14.025 --> 00:26:15.165 I won't get into the details. 00:26:15.705 --> 00:26:19.785 Um, lawyers, what they usually try and do is they pour cold water in the person. 00:26:19.785 --> 00:26:21.975 They say, ah, you know, just gonna be a lot of money. 00:26:21.975 --> 00:26:24.735 It's gonna be painful and difficult If there's an easier 00:26:24.735 --> 00:26:25.755 way you can resolve this. 00:26:25.755 --> 00:26:25.935 Right? 00:26:25.940 --> 00:26:28.485 The good lawyers, anyways, they don't want to just jump in, take your money 00:26:28.485 --> 00:26:29.985 and pull you through the ringer. 00:26:31.215 --> 00:26:37.515 Anyways, she pulls out a tin can with a boat who's, I think it was like 50 or I 00:26:37.515 --> 00:26:40.545 think they, they said they had about, I don't know how much money she had there. 00:26:40.725 --> 00:26:44.985 See, she had about 50 grand worth of tin cans of money rolled up inside there. 00:26:44.985 --> 00:26:46.575 80 grand, I think is what it was. 00:26:47.115 --> 00:26:49.425 Like, where are you getting all this cash from? 00:26:49.935 --> 00:26:51.645 Oh, my husband, he's got lots of these. 00:26:51.650 --> 00:26:52.635 They have what? 00:26:52.805 --> 00:26:53.155 Right? 00:26:53.295 --> 00:26:56.865 And all of a sudden the picture started expanding of what they were looking 00:26:56.865 --> 00:27:01.575 for and we ended up using a company. 00:27:02.295 --> 00:27:07.155 Called, uh, TCS Forensics, uh, Keith Peron individual owns it. 00:27:07.185 --> 00:27:07.275 Mm-hmm. 00:27:07.575 --> 00:27:10.605 He's got no computer background, he doesn't have the expertise that you have. 00:27:10.635 --> 00:27:15.435 He hires other people that do and put a PI on the husband, a PI 00:27:15.440 --> 00:27:19.605 on the building, um, just so you can see who's coming and going. 00:27:19.610 --> 00:27:21.706 And he can keep in contact if someone's coming back. 00:27:21.711 --> 00:27:24.465 And then the team goes inside and they imaged. 00:27:24.465 --> 00:27:25.905 And this was a surprising thing for me. 00:27:26.415 --> 00:27:29.355 Everything, like they had devices. 00:27:29.625 --> 00:27:32.385 I guess if you're gonna take things in a forensically sound way, you wanna make 00:27:32.385 --> 00:27:34.815 sure you're not introducing any data. 00:27:34.820 --> 00:27:38.365 So they have these devices that it can only pull data, but it won't push data. 00:27:38.665 --> 00:27:44.925 But I mean, everything, your tv, your, the phones, the computers are obvious, 00:27:44.925 --> 00:27:48.855 I think like coffee machines and toasters and like, just, just stupid 00:27:48.860 --> 00:27:50.265 stuff that you wouldn't even think of. 00:27:50.685 --> 00:27:54.855 Um, that has, that is I o t. 00:27:55.515 --> 00:27:56.295 Internet of Things. 00:27:56.295 --> 00:27:56.475 Yeah. 00:27:56.475 --> 00:27:57.395 I, I, iot, ot, iot. 00:27:57.435 --> 00:27:58.545 OT enabled. 00:27:58.815 --> 00:27:58.935 Yep. 00:27:59.265 --> 00:28:04.740 Um, And the amount of information that we willingly release through our 00:28:04.740 --> 00:28:06.690 thermostat, through our television. 00:28:06.690 --> 00:28:06.900 TJ Bettles: Oh no. 00:28:06.960 --> 00:28:07.770 It's crazy. 00:28:07.770 --> 00:28:08.130 I know. 00:28:08.130 --> 00:28:13.500 And that's, that's, that's the, the currency of the hacker is information. 00:28:13.770 --> 00:28:14.190 Right? 00:28:14.400 --> 00:28:14.820 Right. 00:28:14.880 --> 00:28:20.610 So you're always looking for how much information I can get out of a, out 00:28:20.610 --> 00:28:25.980 of a potential tar or out of a client target, cuz that information will 00:28:25.980 --> 00:28:28.260 determine our, our level of success. 00:28:28.260 --> 00:28:30.390 So what makes a good hacker? 00:28:30.450 --> 00:28:33.960 Uh, a curious mind, uh, outside the box thinking. 00:28:34.230 --> 00:28:34.650 Hmm. 00:28:34.740 --> 00:28:40.620 And, uh, and that ability to, uh, To execute. 00:28:40.620 --> 00:28:40.980 Right. 00:28:41.070 --> 00:28:45.270 Uh, so you have to be able to, it's, it's, it's repetitive. 00:28:45.600 --> 00:28:46.080 Hmm. 00:28:46.230 --> 00:28:49.140 So I mentioned a little earlier that I was a little, I was, I, I 00:28:49.140 --> 00:28:52.200 found out recently that I'm, I'm likely on the autism spectrum. 00:28:52.260 --> 00:28:52.620 Right. 00:28:52.740 --> 00:28:57.300 Uh, and so that, it's kind of stemming for me when I, when I go 00:28:57.305 --> 00:29:01.020 through a penetration test, cuz it's, it's repetitive after a while. 00:29:01.025 --> 00:29:01.170 Oh. 00:29:01.410 --> 00:29:06.120 Once you learn the, the ins and the outs and the, and the basics of it, 00:29:06.450 --> 00:29:10.200 then it's just, it's, it's a progressive number of rabbit holes that you go down 00:29:10.205 --> 00:29:14.550 when you're exploring, uh, whether or not something will be, uh, a viable 00:29:14.555 --> 00:29:16.130 vulnerability for exploitation. 00:29:16.770 --> 00:29:18.480 Travis Bader: It's like stacking boxes pretty much. 00:29:18.485 --> 00:29:18.750 Ha ha. 00:29:18.750 --> 00:29:19.650 Have you seen that? 00:29:19.650 --> 00:29:23.250 Uh, man, we all got a good laugh out of it, you know. 00:29:24.405 --> 00:29:28.155 We've watched this autistic fellow do a review of this comedy. 00:29:28.155 --> 00:29:31.995 I guess it's a comedy sketch guy standing outside the jail cell 00:29:31.995 --> 00:29:33.495 and uh, have you seen this one? 00:29:33.524 --> 00:29:33.615 Mm-hmm. 00:29:33.860 --> 00:29:34.095 I think so. 00:29:35.745 --> 00:29:38.324 The reporter's like, okay, well it's good to, good to see you, 00:29:38.324 --> 00:29:39.405 whatever the guy's name is. 00:29:40.095 --> 00:29:40.965 I cannot see you. 00:29:40.965 --> 00:29:41.925 I can only hear you. 00:29:42.345 --> 00:29:42.584 Right. 00:29:42.675 --> 00:29:46.274 I have been here, I've done my interview, I've been waiting for 26 minutes. 00:29:46.274 --> 00:29:47.264 It's time to speak with you. 00:29:47.415 --> 00:29:49.155 But anyways, shows his interview. 00:29:49.155 --> 00:29:52.304 He is talking with this guy and getting more and more excited. 00:29:52.304 --> 00:29:53.955 The guy's like, oh, it's a rigid routine. 00:29:54.165 --> 00:29:55.814 Oh, tell me more about the rigid routine. 00:29:55.845 --> 00:30:00.465 Oh, you know, we had to stack boxes who stacking boxes and he's sta sitting up and 00:30:00.465 --> 00:30:02.655 standing down, standing up, sitting down. 00:30:03.284 --> 00:30:06.254 And, uh, anyways, by the end of the skit, the guy's like, I wanna go to jail. 00:30:06.254 --> 00:30:07.185 How do I get in here? 00:30:07.245 --> 00:30:08.564 We wear the same thing every day. 00:30:09.314 --> 00:30:13.995 But that mindset, although that was set up as a comedy skit and the autistic fellow 00:30:13.995 --> 00:30:19.064 who was uh, reviewing it and laughing at it cuz he says, I can identify if a bunch 00:30:19.064 --> 00:30:23.925 of these things he says, But I'm older. 00:30:23.955 --> 00:30:28.125 Some of these things I had in a more serious way, now I'm 00:30:28.125 --> 00:30:29.325 able to control it better. 00:30:30.195 --> 00:30:36.405 A lot of those traits really kind of set you up for being able to 00:30:36.405 --> 00:30:40.005 problem solve and in a way that most people would lose patience with. 00:30:40.010 --> 00:30:40.195 Yeah. 00:30:41.225 --> 00:30:41.515 TJ Bettles: Yeah. 00:30:42.095 --> 00:30:46.725 Um, I mean, my wife, I'll give you these, my wife as an example, she's pretty 00:30:46.725 --> 00:30:51.435 good with the computer, but she, when I start talking to her about what White 00:30:51.440 --> 00:30:56.025 Hat does and getting into a little bit more detail, she's just, her eyes glaze 00:30:56.025 --> 00:31:00.345 over and she's, her brain just doesn't work that way, and you're just getting 00:31:00.345 --> 00:31:00.705 Travis Bader: ramped 00:31:00.705 --> 00:31:00.765 TJ Bettles: up. 00:31:00.765 --> 00:31:02.715 And I just start, I get excited about it. 00:31:02.720 --> 00:31:08.115 I, my, the tone of my voice goes up and I, you know, you can, when I get excited 00:31:08.115 --> 00:31:09.495 about something, I don't shut up about it. 00:31:09.495 --> 00:31:11.115 My wife will be the first person to tell you that. 00:31:13.575 --> 00:31:14.025 Travis Bader: I love it. 00:31:15.015 --> 00:31:15.825 Um, so. 00:31:16.514 --> 00:31:19.605 W what kind of a business would be looking for your services? 00:31:19.784 --> 00:31:22.215 Um, are this only like big companies that have a lot to 00:31:22.215 --> 00:31:23.594 protect or is it like everyone? 00:31:23.594 --> 00:31:23.685 Well, 00:31:23.745 --> 00:31:24.645 TJ Bettles: here's the thing. 00:31:25.034 --> 00:31:28.485 Large companies, your large multinational corporations generally 00:31:28.490 --> 00:31:30.725 have cybersecurity covered in-house. 00:31:31.455 --> 00:31:35.504 They have a security operations center, they have Blue 00:31:35.510 --> 00:31:37.395 Team, red Team, purple Team. 00:31:37.665 --> 00:31:41.355 So purple team's, basically a combination of, of, you got 00:31:41.355 --> 00:31:44.024 people that play both sides of the red teams offensive securities. 00:31:44.024 --> 00:31:45.495 So Ethical hackers. 00:31:45.824 --> 00:31:49.605 Blue Team is more, uh, is more on the de defensive side of things. 00:31:49.605 --> 00:31:53.415 So threat respon, threat monitoring and response. 00:31:53.419 --> 00:31:53.594 Okay. 00:31:53.865 --> 00:31:54.155 Okay. 00:31:54.415 --> 00:31:58.635 And then you have purple team, which is, you, you have, it's 00:31:58.639 --> 00:32:00.014 like war games pretty much. 00:32:00.254 --> 00:32:04.844 You have the red team guys trying to break in and the, and the blue team guys 00:32:04.844 --> 00:32:10.834 are, are addressing the threats as they come in and, and, and identifying them 00:32:11.375 --> 00:32:17.024 and, and then, Implementing a response based on standard operating procedures. 00:32:17.355 --> 00:32:19.544 So the larger organizations have it taken care of. 00:32:19.544 --> 00:32:24.014 It's the small and the medium sized businesses that are, are Target. 00:32:24.044 --> 00:32:24.074 Mm. 00:32:24.254 --> 00:32:30.165 Simply because they generally don't have the same level of security 00:32:30.169 --> 00:32:33.885 controls in place that the lar, they're loud, larger counterparts do. 00:32:34.125 --> 00:32:34.304 Mm-hmm. 00:32:34.304 --> 00:32:39.225 And this makes them especially vulnerable to attack from malicious actors. 00:32:39.254 --> 00:32:41.625 The malicious actors know this, they know that the small and the 00:32:41.625 --> 00:32:45.675 medium sized business has probably done nothing for their cybersecurity 00:32:45.675 --> 00:32:48.225 beyond a firewall and antivirus. 00:32:48.230 --> 00:32:48.445 Mm-hmm. 00:32:49.395 --> 00:32:54.105 You know, and, and so the malicious actors know this, and so they target 00:32:54.105 --> 00:32:55.875 the small and medium sized business. 00:32:56.700 --> 00:33:00.090 Because it's, like we said earlier, it's the low hanging fruit. 00:33:00.120 --> 00:33:02.880 They're looking for an easy win, an easy way in. 00:33:03.090 --> 00:33:04.560 That's how hackers operate. 00:33:04.950 --> 00:33:06.840 That's 90, 99% of them. 00:33:06.840 --> 00:33:10.830 The other 1% are targeting specific organizations. 00:33:10.920 --> 00:33:11.100 Hmm. 00:33:11.190 --> 00:33:16.830 Cause of what, for whatever reason, whether it's for their anarchists or it's 00:33:16.830 --> 00:33:20.070 monetary gain or whatever, or ransomware. 00:33:20.460 --> 00:33:24.570 Um, you have to understand how a hacker thinks. 00:33:25.020 --> 00:33:29.280 Uh, so as I said earlier, if you're online, you're vulnerable 00:33:29.280 --> 00:33:30.690 with that's, that's true. 00:33:30.900 --> 00:33:35.130 But you can take reasonable steps to mitigate your risk. 00:33:36.000 --> 00:33:38.040 Travis Bader: What are some things that it would. 00:33:39.584 --> 00:33:40.155 Frustrate a 00:33:40.155 --> 00:33:40.544 TJ Bettles: hacker. 00:33:41.385 --> 00:33:41.865 Frustrate. 00:33:41.865 --> 00:33:42.405 A hacker. 00:33:42.405 --> 00:33:44.655 Um, good security. 00:33:45.074 --> 00:33:45.344 Yeah. 00:33:45.465 --> 00:33:45.945 Yeah. 00:33:46.784 --> 00:33:49.965 Travis Bader: So, uh, like what would good security be like if, if someone's 00:33:49.965 --> 00:33:51.945 listening to this and they're like, you know, I've got my router okay. 00:33:51.945 --> 00:33:54.435 And I know I'm gonna have to do a firmware update after listening to this. 00:33:54.435 --> 00:33:54.524 Mm-hmm. 00:33:54.764 --> 00:33:56.024 Make sure my software updates are all good. 00:33:56.165 --> 00:34:01.215 I'm not gonna use that nine digit, uh, numerical code, cuz it could be 00:34:01.215 --> 00:34:03.254 brute force attack, which is Yep. 00:34:03.314 --> 00:34:04.824 0 1, 0 0 2. 00:34:04.824 --> 00:34:04.985 Yep. 00:34:04.995 --> 00:34:05.745 0 0 3. 00:34:05.745 --> 00:34:08.355 And it just runs through and takes time to run through all the different numbers. 00:34:08.355 --> 00:34:08.444 Yep. 00:34:08.835 --> 00:34:13.574 Um, on top of that, should they be, like, is there a, a preferred length 00:34:13.574 --> 00:34:16.225 of a, um, like a password length? 00:34:16.495 --> 00:34:16.784 Yeah. 00:34:16.884 --> 00:34:18.495 TJ Bettles: And special characters. 00:34:18.795 --> 00:34:21.344 I always recommend 13 characters or more. 00:34:21.674 --> 00:34:21.855 Okay. 00:34:21.915 --> 00:34:24.344 Um, alpha numeric and symbols. 00:34:24.760 --> 00:34:25.065 Travis Bader: Okay. 00:34:25.215 --> 00:34:25.304 Yeah. 00:34:25.310 --> 00:34:28.995 What, what about those like key chain on a Mac and these things, like people 00:34:28.995 --> 00:34:32.955 start relying on these like, uh, password wallets to hold everything, but what 00:34:32.955 --> 00:34:34.485 if that wallet gets con compromised? 00:34:34.514 --> 00:34:34.755 Are they, 00:34:34.755 --> 00:34:38.175 TJ Bettles: well, there was, there was one a few months ago that was 00:34:38.304 --> 00:34:44.045 compromised, I think it was, oh, I can't even remember what it was now, 00:34:44.065 --> 00:34:49.605 but one of the major password volt companies, they, they were hacked, right? 00:34:49.605 --> 00:34:56.264 And so hackers were able to get in and access information, passwords 00:34:56.264 --> 00:34:59.445 for different accounts for all of these people that were using. 00:35:00.375 --> 00:35:02.115 Was it secure guard, I think, wasn't it? 00:35:02.445 --> 00:35:02.746 I'm not sure. 00:35:03.165 --> 00:35:03.765 Travis Bader: I'm not sure. 00:35:04.155 --> 00:35:07.335 TJ Bettles: Uh, but yeah, that's, that's what they were, that's what they did. 00:35:07.335 --> 00:35:12.405 So nothing is a hundred percent, as I said, you can, all you 00:35:12.405 --> 00:35:13.905 can do is mitigate risk. 00:35:14.670 --> 00:35:18.630 Travis Bader: See, I used to, I got lazy and I start using one of these like 00:35:18.960 --> 00:35:20.670 password things to, to hold everything. 00:35:20.670 --> 00:35:23.250 But I used to just use an algorithm and I'd apply it to everything. 00:35:23.460 --> 00:35:23.580 Mm-hmm. 00:35:23.910 --> 00:35:29.430 And so if someone learned my algorithm that might be able to figure out the 00:35:29.430 --> 00:35:33.240 passwords for the things, like for example, if you're, you're wearing a west 00:35:33.240 --> 00:35:35.880 side shirt and you've got a, what is that? 00:35:35.880 --> 00:35:38.600 A bulldog lift in and Yeah, that's bulldog. 00:35:38.790 --> 00:35:39.240 Yeah. 00:35:39.570 --> 00:35:40.920 And, uh, it's black. 00:35:40.920 --> 00:35:44.070 And so the algorithm, like if that was your company and I'd, I would 00:35:44.100 --> 00:35:50.490 apply it to the, the logo, the color, the name, um, maybe location. 00:35:50.495 --> 00:35:50.520 Mm-hmm. 00:35:50.910 --> 00:35:53.910 And then I'd do an Alpha Nu American character swapping off of that. 00:35:53.910 --> 00:35:57.600 So all I have to remember is I'd look at the company or I'd remember, oh yeah, 00:35:57.600 --> 00:36:00.000 it's the Bulldog West side, barbell black. 00:36:00.240 --> 00:36:02.640 And I'd be able to figure out what my password was off of that. 00:36:03.000 --> 00:36:05.670 Um, I got lazy. 00:36:05.850 --> 00:36:06.930 I stopped doing that. 00:36:07.440 --> 00:36:10.500 Is that a good way to, for people to use, like from a, from a secure 00:36:10.500 --> 00:36:12.240 standpoint or have you ever. 00:36:14.085 --> 00:36:16.215 Have you ever encounted people that use algorithms and try 00:36:16.215 --> 00:36:17.115 and hold it all in their mind? 00:36:17.835 --> 00:36:20.145 TJ Bettles: Algorithms can be cracked too. 00:36:20.685 --> 00:36:25.515 It all depends on how complex the algorithm is and how, how, 00:36:25.965 --> 00:36:27.525 how strongly the encryption is. 00:36:27.615 --> 00:36:29.115 Hmm, right. 00:36:29.120 --> 00:36:36.465 So it, it might be better than using just a regular password provided 00:36:36.465 --> 00:36:40.875 that the malicious actor isn't able to gain access to your actual 00:36:40.875 --> 00:36:43.815 algorithm to decrypt the information. 00:36:45.465 --> 00:36:49.515 Travis Bader: One thing that I found, uh, to be true is the more 00:36:49.515 --> 00:36:54.705 complex the security system was, the more rudimentary a means that 00:36:54.795 --> 00:36:56.715 a person would use to bypass it. 00:36:57.045 --> 00:37:00.435 Now, that might not apply for an ethical hacker, but for someone who's 00:37:00.440 --> 00:37:02.415 not ethical, man, this thing's like. 00:37:02.805 --> 00:37:03.645 Fort Knox. 00:37:03.674 --> 00:37:04.005 All right. 00:37:04.005 --> 00:37:05.235 Break up the dynamite, right? 00:37:05.235 --> 00:37:05.295 Yeah. 00:37:05.325 --> 00:37:05.955 Now we're in, 00:37:06.375 --> 00:37:10.365 TJ Bettles: well, I mean, even, even the, your software vendors out there, 00:37:10.365 --> 00:37:14.235 like least Fort Net as an, as an example, they, they used to have one of them. 00:37:14.505 --> 00:37:14.775 Yeah. 00:37:14.775 --> 00:37:15.045 You, 00:37:15.165 --> 00:37:18.015 Travis Bader: you're using it Well, I I used to have a couple of the Fort Net. 00:37:18.134 --> 00:37:18.555 TJ Bettles: Yeah. 00:37:18.585 --> 00:37:23.895 They, there was a major critical vulnerability in their system that 00:37:23.895 --> 00:37:25.305 came out a few months ago, so. 00:37:25.310 --> 00:37:25.485 Oh wow. 00:37:25.845 --> 00:37:26.295 Oh yeah. 00:37:26.295 --> 00:37:28.275 It was, it was a C V E 10. 00:37:29.115 --> 00:37:32.714 So which is the highest rating you can assign to vulnerability. 00:37:33.045 --> 00:37:37.665 It allowed, uh, unauthenticated users route access, and they're like, 00:37:38.055 --> 00:37:39.285 this is security company standard. 00:37:39.285 --> 00:37:40.516 This is a security company. 00:37:40.875 --> 00:37:44.805 And this is, this is what I try and say to people when they ask about what 00:37:44.805 --> 00:37:48.045 we do and they think, oh, we, we've got a firewall, we've got Fort Net. 00:37:48.045 --> 00:37:48.555 We're fine. 00:37:49.065 --> 00:37:49.185 Yeah. 00:37:49.799 --> 00:37:50.850 Well, actually you're not. 00:37:52.470 --> 00:37:55.740 The reality of it is, is you're, you're not, you're not safe. 00:37:55.859 --> 00:37:55.950 Mm-hmm. 00:37:55.980 --> 00:38:02.160 Uh, un until you've taken care of your configuration, your security policies, 00:38:02.310 --> 00:38:08.009 and up-to-date software patching, that will prevent 95% of attacks that much, eh? 00:38:08.250 --> 00:38:08.520 Yep. 00:38:08.549 --> 00:38:13.609 95% of attacks can be prevented when you focus on those three things. 00:38:13.870 --> 00:38:14.089 Did 00:38:14.089 --> 00:38:16.920 Travis Bader: you ever find out how your phone was compromised? 00:38:17.910 --> 00:38:18.990 TJ Bettles: Yeah, it was my fault. 00:38:19.290 --> 00:38:24.480 I, I, I received a, a text message, which I thought was from the bank, and 00:38:24.480 --> 00:38:28.379 it was, so I was social engineered, so I clicked on, I clicked on a link 00:38:28.859 --> 00:38:32.730 and that, that downloaded malware to my phone, and that's how they got in. 00:38:32.879 --> 00:38:33.330 Mm-hmm. 00:38:34.589 --> 00:38:35.069 Yeah. 00:38:35.129 --> 00:38:39.855 Travis Bader: That's, um, I, I guess good chip, everyone knows it. 00:38:39.860 --> 00:38:40.025 Don't 00:38:40.029 --> 00:38:40.694 TJ Bettles: click on a link. 00:38:40.725 --> 00:38:45.944 Well, there's even, there's even touchless payloads now that, that hackers are using. 00:38:46.185 --> 00:38:49.035 So they can launch a, launch, a payload against a target. 00:38:49.154 --> 00:38:52.694 And me as the recipient, I don't even, I don't have to click on anything or 00:38:52.755 --> 00:38:54.865 touch anything for it to, to then. 00:38:56.335 --> 00:38:56.555 Travis Bader: Wow. 00:38:56.575 --> 00:39:01.665 And that'd just be vi that'd be exploiting a, um, uh, vulnerability. 00:39:01.694 --> 00:39:01.935 Yeah. 00:39:01.935 --> 00:39:04.395 TJ Bettles: It just, it's avol, it's exploiting a vulnerability 00:39:05.025 --> 00:39:06.495 by giving you malware. 00:39:06.795 --> 00:39:09.585 So I, I don't have to click on anything through a social engineering 00:39:09.585 --> 00:39:13.335 attack or an email or whatever for, in order for that payload to execute. 00:39:13.424 --> 00:39:17.595 All they have to do is send and they, they pointed it at my IP address and. 00:39:18.975 --> 00:39:19.365 They're in, 00:39:19.695 --> 00:39:22.605 Travis Bader: you know, we're, we're getting into a more and more digital 00:39:22.605 --> 00:39:25.665 world where they're trying to bring in, like, you look in the states and they're 00:39:25.665 --> 00:39:28.275 trying to say, look at our currency is gonna be cryptocurrency, right? 00:39:28.275 --> 00:39:28.365 Mm-hmm. 00:39:28.605 --> 00:39:33.075 And we're, that's gonna be, everything's gonna be trackable, but man, 00:39:33.585 --> 00:39:35.505 everything's gonna be so damn vulnerable. 00:39:35.505 --> 00:39:37.395 Especially when we bring in quantum computing. 00:39:37.695 --> 00:39:40.875 There's a company here in Burnaby that a few years ago was kind of leading the 00:39:40.875 --> 00:39:43.125 edge on the quantum computing standpoint. 00:39:43.130 --> 00:39:43.355 Mm-hmm. 00:39:43.625 --> 00:39:48.615 Like, I gotta imagine, I, I guess there's a couple approaches. 00:39:48.675 --> 00:39:53.325 It's sort of like people I've spoken to who are concerned about having 00:39:53.330 --> 00:39:55.395 information out there on the internet. 00:39:55.395 --> 00:39:55.396 Mm-hmm. 00:39:55.515 --> 00:40:01.455 They say, I can either A, hide everything or b inundate so much stuff that it's 00:40:01.455 --> 00:40:03.015 so difficult for them to look through. 00:40:03.015 --> 00:40:03.405 Right. 00:40:03.915 --> 00:40:08.625 Um, with quantum computing coming down the pipe, everything's gonna 00:40:08.625 --> 00:40:10.395 be open and vulnerable, I would 00:40:10.400 --> 00:40:10.905 TJ Bettles: imagine. 00:40:11.295 --> 00:40:16.500 Well, not necessarily with, there's quantum encryption now in that, That to 00:40:16.500 --> 00:40:18.689 my knowledge, has not been cracked yet. 00:40:19.379 --> 00:40:20.069 Interesting. 00:40:20.129 --> 00:40:24.270 So, speaking of crypto for a second, uh, think of xr. 00:40:24.270 --> 00:40:25.319 Have you heard of X rrp? 00:40:25.410 --> 00:40:25.620 Yeah. 00:40:25.770 --> 00:40:26.640 The X RRP ledger. 00:40:26.640 --> 00:40:29.370 Well, the XRP ledger uses quantum encryption. 00:40:30.089 --> 00:40:30.480 Okay. 00:40:31.259 --> 00:40:37.200 Um, and so it's, it's, as far as we know in, in the industry and in throughout the 00:40:37.200 --> 00:40:39.509 world, the X R P ledger is unhackable. 00:40:40.259 --> 00:40:44.939 At this point in time, nobody has figured out a way to hack it yet. 00:40:45.450 --> 00:40:48.120 Not to say that it can't happen, cuz anything's possible. 00:40:48.125 --> 00:40:49.169 Totally right. 00:40:49.259 --> 00:40:54.960 But, uh, it's at this point in time, as of today, the X R P ledgers, unhackable, 00:40:56.189 --> 00:40:58.980 Travis Bader: I didn't even think about the, the other side of that, of quantum 00:40:58.980 --> 00:41:02.819 encryption and that, and that's kind of crazy when you think about that a 00:41:02.819 --> 00:41:06.509 computer can operate not in a binary mode, but in a mode of superposition. 00:41:06.600 --> 00:41:06.689 Mm-hmm. 00:41:06.930 --> 00:41:10.319 That, that's, I, I still don't have my head wrapped around exactly how they do 00:41:10.379 --> 00:41:13.049 that, but it's, uh, it's pretty cool. 00:41:13.770 --> 00:41:17.880 Um, And when you say not hackable at this point, you ever hear that story? 00:41:17.880 --> 00:41:21.900 It's going back a few years now, where they said, we've got a, uh, secure 00:41:22.290 --> 00:41:25.680 air gapped, computer air gap, meaning it's not connected to the internet. 00:41:25.685 --> 00:41:27.240 It's, you know what it means. 00:41:27.300 --> 00:41:27.450 Yep. 00:41:27.480 --> 00:41:33.260 But for the listeners, uh, not connected to anything and other than to this 00:41:33.310 --> 00:41:35.970 model rocket that we want to launch. 00:41:35.970 --> 00:41:36.330 Right. 00:41:36.540 --> 00:41:39.060 Can we, can we hack this computer? 00:41:39.420 --> 00:41:41.070 Did you, did ever see that one? 00:41:41.310 --> 00:41:41.820 No. 00:41:41.910 --> 00:41:42.240 Okay. 00:41:42.450 --> 00:41:43.470 So this is pretty cool. 00:41:44.130 --> 00:41:47.640 Essentially what they had to do, and it's gonna require a certain level 00:41:47.640 --> 00:41:51.260 of physical intervention, they had to load malware onto that computer mm-hmm. 00:41:52.160 --> 00:41:55.110 As well as malware onto a computer that was near it. 00:41:55.710 --> 00:41:57.150 And what. 00:41:57.509 --> 00:42:00.600 The computer that was near it, which was connected to the internet, 00:42:01.169 --> 00:42:04.350 would be able to use its own internal processes to monitor heat, 00:42:04.350 --> 00:42:05.700 ambient heat in the environment. 00:42:05.759 --> 00:42:06.419 And the com. 00:42:06.509 --> 00:42:08.669 They would have that malware loaded on the both. 00:42:08.674 --> 00:42:12.029 And so the one that was air gapped would just data load. 00:42:12.029 --> 00:42:15.540 So it heated up and then it would cool down, heat up and cool down. 00:42:15.540 --> 00:42:19.080 And it would transmit, I think it was about like eight bites an hour. 00:42:19.200 --> 00:42:23.609 So not, not efficient, not fast, but through a sort of Morris code, it would 00:42:23.615 --> 00:42:29.939 transmit the information they needed in order to, uh, to hack that computer. 00:42:29.939 --> 00:42:33.660 And they were able to launch that model rocket on an air gap 00:42:33.720 --> 00:42:38.580 computer just by somebody plugging in a little bit of malware on 00:42:38.580 --> 00:42:38.759 TJ Bettles: both. 00:42:38.765 --> 00:42:41.009 That's why you ne you can never say never, right? 00:42:41.015 --> 00:42:41.609 I said, why? 00:42:41.609 --> 00:42:43.200 I said, at this point in time, right? 00:42:43.200 --> 00:42:44.490 Nobody's done it yet. 00:42:45.120 --> 00:42:49.350 The term, the, the, the word yet is what you should be focused on 00:42:49.354 --> 00:42:53.109 because just because it hasn't been done today doesn't mean it won't. 00:42:54.825 --> 00:42:55.065 Right. 00:42:55.065 --> 00:42:57.585 Happen tomorrow or the next day or, or whatever. 00:42:57.585 --> 00:43:02.535 So as is currently, it's not hackable, the X RRP ledger, but 00:43:02.595 --> 00:43:04.395 it may very well be down the road. 00:43:05.115 --> 00:43:06.285 Someone finds a new way. 00:43:06.285 --> 00:43:09.615 You got, there's millions of hackers out there who all they do is sit 00:43:09.615 --> 00:43:12.165 in front of their terminal all day and they, they, they try different 00:43:12.165 --> 00:43:14.625 things and they, they get frustrated. 00:43:14.625 --> 00:43:17.265 They go away, they come back to it and they, they sit there and then 00:43:17.265 --> 00:43:19.815 they try and they try and they try different things and then Right. 00:43:19.875 --> 00:43:22.125 Until they just keep going until something works. 00:43:22.125 --> 00:43:23.955 It's, it's persistence. 00:43:23.955 --> 00:43:24.195 Right. 00:43:24.200 --> 00:43:27.645 And that, that's another thing that makes a good ethical hacker 00:43:27.645 --> 00:43:30.315 is most give up too easily. 00:43:30.320 --> 00:43:30.575 Right. 00:43:30.885 --> 00:43:32.835 If they can't find the, the easy way in. 00:43:33.225 --> 00:43:36.795 And, and in a lot of instances, your first go through of the 00:43:36.795 --> 00:43:38.445 information, you might miss something. 00:43:38.625 --> 00:43:39.315 Mm. 00:43:39.405 --> 00:43:40.575 Whereas you have to go back. 00:43:40.575 --> 00:43:44.775 It's like, oh, I, I don't really have a, a, a really strong attack plan yet. 00:43:44.775 --> 00:43:47.415 I'm gonna go back over my information and see if there's anything 00:43:47.415 --> 00:43:49.015 that I overlooked or missed. 00:43:49.395 --> 00:43:50.095 Or, or is there. 00:43:50.910 --> 00:43:55.140 Any other information that I can pull from the target that will help me. 00:43:55.740 --> 00:43:55.890 And 00:43:55.890 --> 00:43:58.860 Travis Bader: that's a tenacity that somebody who's on the 00:43:58.865 --> 00:44:01.170 spectrum will have in spades. 00:44:01.500 --> 00:44:03.330 Just keep going, keep going, keep going. 00:44:03.330 --> 00:44:07.860 I know with, uh, you know, I was diagnosed a d ADHD when I was in grade three, 00:44:08.160 --> 00:44:09.400 and then a number of times afterwards. 00:44:09.730 --> 00:44:11.640 Still not a hundred percent positive. 00:44:11.640 --> 00:44:15.600 I have h ADHD based on literature, but I do seem to present some of the mm-hmm. 00:44:16.050 --> 00:44:17.640 All of the, anyways. 00:44:17.670 --> 00:44:23.760 Um, It's not necessarily the inability to pay attention because you can 00:44:23.760 --> 00:44:25.410 pay attention really, really well. 00:44:25.500 --> 00:44:25.590 Mm-hmm. 00:44:25.596 --> 00:44:26.550 To things that you want to. 00:44:26.550 --> 00:44:30.270 In fact, of course, 24 hours can go by and you haven't eaten and you 00:44:30.270 --> 00:44:32.790 haven't left your seat and you're still working on the same thing. 00:44:32.790 --> 00:44:33.720 Cuz a puzzle anyway. 00:44:34.020 --> 00:44:34.290 Are you speaking 00:44:34.290 --> 00:44:35.220 TJ Bettles: about yourself here? 00:44:35.225 --> 00:44:38.380 Because those are, those are, those are some traits of autism, huh? 00:44:38.810 --> 00:44:39.100 Yeah. 00:44:39.660 --> 00:44:40.800 You do some research on your own. 00:44:41.145 --> 00:44:43.410 You might, you might be amazed at what you find. 00:44:44.040 --> 00:44:44.340 Hmm. 00:44:44.490 --> 00:44:45.210 Interesting. 00:44:45.300 --> 00:44:46.260 I, I'm like that too. 00:44:46.260 --> 00:44:51.960 When I get immersed in a penetration test for a client, my wife can come into the 00:44:51.960 --> 00:44:53.910 room and, and, and try and talk to me. 00:44:53.910 --> 00:44:55.560 I don't hear, I don't hear damn words. 00:44:55.560 --> 00:45:00.600 She says, Hmm, I'm, I'm too, I'm like, so laser focused on what I'm doing. 00:45:00.810 --> 00:45:02.910 I forget to eat, I forget to go to the bathroom. 00:45:02.910 --> 00:45:03.960 I forget to shower. 00:45:03.960 --> 00:45:06.570 I've, I'm just, I'm immersed in it, man. 00:45:08.400 --> 00:45:09.570 Travis Bader: Huh, interesting. 00:45:10.740 --> 00:45:13.260 So that trait. 00:45:14.220 --> 00:45:18.540 Is, and I've seen other people that work in like just basic engineering. 00:45:18.540 --> 00:45:21.000 They're trying to, or, uh, computer engineering and they're trying 00:45:21.000 --> 00:45:23.100 to problem solve and they give up and they don't know how to do it. 00:45:23.100 --> 00:45:24.839 And someone's like, have you tried this? 00:45:24.839 --> 00:45:25.529 Have you tried this? 00:45:25.535 --> 00:45:28.380 Have you, have you just pressed control brake like back in the day right? 00:45:28.380 --> 00:45:30.029 As you're going through Escape. 00:45:30.029 --> 00:45:31.200 Escape, right. 00:45:32.160 --> 00:45:35.370 That was always the one, uh, password coming up on the game you want to do. 00:45:35.370 --> 00:45:38.310 But quick, quick, quick, quick control break and you get past it, right? 00:45:38.310 --> 00:45:38.580 And Yep. 00:45:39.540 --> 00:45:43.200 Um, interesting. 00:45:43.380 --> 00:45:46.589 Uh, R F I D, have you ever played much of that? 00:45:46.890 --> 00:45:47.370 No. 00:45:47.430 --> 00:45:47.880 Okay. 00:45:48.210 --> 00:45:51.509 I played a little bit, I made some ar, Arduino, R F I D reader 00:45:51.509 --> 00:45:54.060 writers, and then, uh, I ended up. 00:45:54.795 --> 00:45:55.995 Some commercial ones. 00:45:55.995 --> 00:46:00.885 And that's, I think, a massive vulnerability for people who think, oh, 00:46:00.885 --> 00:46:02.895 look it, I got a super high tech secure. 00:46:02.895 --> 00:46:04.005 I just swipe my card. 00:46:04.155 --> 00:46:04.845 Don't even swipe it. 00:46:04.845 --> 00:46:05.445 Proximity. 00:46:05.445 --> 00:46:05.715 Go. 00:46:05.775 --> 00:46:06.525 Those are so 00:46:06.525 --> 00:46:07.515 TJ Bettles: not secure. 00:46:07.695 --> 00:46:12.525 It's, it's, it's actually quite easy to clone a badge. 00:46:12.530 --> 00:46:12.625 Yeah. 00:46:13.385 --> 00:46:14.185 Surprisingly. 00:46:14.865 --> 00:46:21.745 I mean, it's, I just say the more I I got into the security stuff, the more, 00:46:21.825 --> 00:46:26.475 the more I realized how much of an opportunity, business opportunity there, 00:46:26.625 --> 00:46:29.685 there was for what it is that we offer. 00:46:29.985 --> 00:46:31.245 We don't sell software. 00:46:31.250 --> 00:46:35.145 We're not, we don't go out and advertise, we don't do marketing. 00:46:35.715 --> 00:46:40.905 Our business has grown from word of mouth and client referrals. 00:46:41.295 --> 00:46:41.415 Yeah. 00:46:42.075 --> 00:46:46.005 You know, uh, the nature of what we do, it's. 00:46:46.620 --> 00:46:47.910 There has to be trust there. 00:46:47.910 --> 00:46:53.100 And, and, and I, myself, I'm hesitant to work with people or organizations 00:46:53.100 --> 00:46:57.750 that I don't know or aren't known within my network of people that I know 00:46:58.350 --> 00:47:00.150 Travis Bader: well, people don't know what they don't know. 00:47:00.150 --> 00:47:00.360 Right? 00:47:00.360 --> 00:47:02.700 They don't know they're at risk until all of a sudden 00:47:02.700 --> 00:47:04.140 their credit cards compromised. 00:47:04.140 --> 00:47:04.380 Yeah. 00:47:04.680 --> 00:47:06.720 And that's massive, like identity theft. 00:47:06.750 --> 00:47:07.650 Oh, huge. 00:47:07.920 --> 00:47:09.690 TJ Bettles: So I'll give you an example of that. 00:47:09.750 --> 00:47:13.560 Uh, a couple of weeks ago or last week, I was doing a penetration 00:47:13.560 --> 00:47:17.130 test for a, uh, a nonprofit. 00:47:17.130 --> 00:47:19.380 So it's an end of life care place. 00:47:19.380 --> 00:47:20.610 I'm not gonna say who it is. 00:47:21.030 --> 00:47:25.230 What we were able to, just looking at the website was able, I was able to 00:47:25.230 --> 00:47:27.690 pull, uh, stored credit card numbers. 00:47:29.055 --> 00:47:30.075 Travis Bader: Well, that's, what do they call it? 00:47:30.075 --> 00:47:32.924 PCI compliance or p Yeah, yeah, that's, uh, 00:47:33.075 --> 00:47:36.345 TJ Bettles: which is, and they, they take donations from over their website 00:47:36.345 --> 00:47:38.145 through an unencrypted connection. 00:47:39.015 --> 00:47:44.865 And, uh, I just, by running the website through a tool I use called Burp Suite. 00:47:44.865 --> 00:47:45.915 Are you familiar with Burp Suite? 00:47:46.365 --> 00:47:47.145 No, no, no. 00:47:47.145 --> 00:47:49.305 That one, it's, it's a web application testing tool. 00:47:49.305 --> 00:47:51.795 It is one of the most amazing programs I have. 00:47:51.975 --> 00:47:54.795 I have ever had the pleasure of learning how to use. 00:47:54.795 --> 00:47:55.095 Really? 00:47:55.125 --> 00:47:58.964 My God, it is so awesome that, uh, what you can do with it. 00:47:58.964 --> 00:48:00.345 You can do brute force attacks. 00:48:00.345 --> 00:48:05.295 You can, you can do basically pull back any information on, on different 00:48:05.295 --> 00:48:07.545 pages, and you get the response code, you get all the information. 00:48:07.549 --> 00:48:07.955 Really. 00:48:08.234 --> 00:48:09.345 Oh, this is where you, and it's 00:48:09.345 --> 00:48:09.795 Travis Bader: online, 00:48:10.214 --> 00:48:11.085 TJ Bettles: it's online resource, or? 00:48:11.085 --> 00:48:14.654 No, it's, it's, it's a, it's a program that, uh, the community 00:48:14.660 --> 00:48:16.004 version comes with Linux. 00:48:16.009 --> 00:48:16.234 Okay. 00:48:16.415 --> 00:48:17.075 Callie Linnux. 00:48:17.205 --> 00:48:19.605 It's just basically this, that's the platform that I use 00:48:19.605 --> 00:48:21.045 for hacking most of the time. 00:48:21.049 --> 00:48:22.335 There's a couple of other. 00:48:22.640 --> 00:48:25.009 Uh, operating systems that I will use depending on what it 00:48:25.009 --> 00:48:26.390 is that we're, we're doing. 00:48:26.600 --> 00:48:26.690 Yeah. 00:48:26.720 --> 00:48:30.020 Um, but Callie's usually the go-to and Burp Suite comes with it. 00:48:30.410 --> 00:48:34.040 Um, it's, it, it's made by a company called Port Wicker. 00:48:34.069 --> 00:48:34.100 Okay. 00:48:35.000 --> 00:48:38.299 And, um, the, they have a free edition, which is, the community edition 00:48:38.359 --> 00:48:42.470 doesn't have all the features of the, of the, the pay edition, but, uh, 00:48:42.620 --> 00:48:44.089 it's for web application testing. 00:48:44.089 --> 00:48:48.380 So you can pull back all the pages and you can even do SQL 00:48:48.384 --> 00:48:50.120 injection, cross-site scripting. 00:48:50.359 --> 00:48:54.440 So anywhere, anywhere on a webpage where you have an, the ability to input data. 00:48:54.710 --> 00:48:59.151 So whether it's a login, login form, or a search function, et cetera. 00:49:00.670 --> 00:49:04.850 In a lot of instances, websites are vulnerable to SQL injection 00:49:04.850 --> 00:49:09.830 or across a scripting just simply by dumping a payload into the, the 00:49:09.830 --> 00:49:11.750 field where you enter in information. 00:49:11.750 --> 00:49:13.450 So with Burp Suite, you can then capture. 00:49:15.120 --> 00:49:17.460 Capture that information into, into Berk Street, and then 00:49:17.460 --> 00:49:18.900 you can change your payloads. 00:49:18.900 --> 00:49:21.180 You can run brief force and then just see which one's 00:49:21.180 --> 00:49:21.630 Travis Bader: gonna work. 00:49:21.900 --> 00:49:22.440 Wow. 00:49:22.620 --> 00:49:27.480 So would a headless design website be inherently a little bit more secure 00:49:27.630 --> 00:49:30.930 if one area gets compromised and might not compromise the entirety? 00:49:30.930 --> 00:49:31.200 Or 00:49:32.009 --> 00:49:34.690 TJ Bettles: If you get in one place, then chances are they're 00:49:34.695 --> 00:49:36.240 gonna get in for the rest of it. 00:49:36.390 --> 00:49:36.570 Okay. 00:49:36.570 --> 00:49:37.740 It's just a matter of time. 00:49:38.280 --> 00:49:38.550 Okay. 00:49:38.700 --> 00:49:41.460 It's just about escalating privileges and being able to 00:49:41.460 --> 00:49:44.009 then access different resources. 00:49:44.009 --> 00:49:48.990 And if you get in to the internal, there's usually no controls. 00:49:48.990 --> 00:49:53.160 Like most organizations now are running active directory on the, 00:49:53.190 --> 00:49:54.360 through their internal networks. 00:49:54.360 --> 00:49:58.080 So employee comes into work, they log into their computer, they, if 00:49:58.080 --> 00:50:00.450 their login screen right, they put their username and their password 00:50:00.600 --> 00:50:02.220 that's logging into active directory. 00:50:02.220 --> 00:50:04.770 So they're on a, actually logging into an internal domain. 00:50:04.890 --> 00:50:05.160 Mm-hmm. 00:50:06.030 --> 00:50:10.290 Active directory is so vulnerable, it's not even funny really. 00:50:10.390 --> 00:50:14.190 And, and mostly due to default settings. 00:50:15.405 --> 00:50:17.555 So people don't admin. 00:50:17.755 --> 00:50:17.955 Yeah. 00:50:17.975 --> 00:50:20.205 It people don't know what they don't know. 00:50:20.295 --> 00:50:20.445 Right. 00:50:20.935 --> 00:50:25.275 Uh, and, and they end up setting up active directory incorrectly, 00:50:25.635 --> 00:50:27.885 so it leaves it vulnerable. 00:50:27.885 --> 00:50:32.315 So we've done some internal ones where we've gone in, uh, where we were given, 00:50:32.955 --> 00:50:37.635 um, login access just to gain initial foothold onto the, onto the network 00:50:37.635 --> 00:50:39.255 to do an internal network assessment. 00:50:39.765 --> 00:50:45.045 And within a few hours we were able to take over the domain controller, 00:50:45.315 --> 00:50:49.195 uh, and basically have root control over your entire network. 00:50:50.055 --> 00:50:50.925 Travis Bader: Man, that's scary. 00:50:50.945 --> 00:50:51.235 Yeah, 00:50:53.015 --> 00:50:53.775 TJ Bettles: you're very 00:50:53.915 --> 00:50:54.075 Travis Bader: scary. 00:50:54.305 --> 00:50:56.535 Have you heard of a guy by the name of Sammy Cam car? 00:50:56.745 --> 00:50:57.345 No. 00:50:57.435 --> 00:50:58.215 You should look him up. 00:50:58.215 --> 00:51:00.975 I think you'd enjoy some of the stuff that he's done, but, um, 00:51:01.365 --> 00:51:04.875 He back in the day, MySpace days. 00:51:05.085 --> 00:51:07.245 Oh, that's, that's way back then, eh, going back. 00:51:07.245 --> 00:51:09.015 But he's still active, he's still doing his stuff. 00:51:09.015 --> 00:51:13.485 But, um, uh, he's does the ethical hacking and stuff as well. 00:51:13.485 --> 00:51:18.585 But back in MySpace, I guess he made the world's, and I might still stand 00:51:18.590 --> 00:51:22.155 to date, um, fastest propagating worm. 00:51:22.695 --> 00:51:26.925 And essentially anybody who like clicked on his profile would get a little 00:51:26.925 --> 00:51:30.825 thing injected on their profile that says like, Sammy Camcar is my hero. 00:51:30.830 --> 00:51:33.225 My name is so-and-so, and Sammy Camcar is my hero. 00:51:33.225 --> 00:51:33.435 Right. 00:51:34.065 --> 00:51:38.836 Anyone who clicked on their, um, their link, it would do the same thing. 00:51:39.165 --> 00:51:40.875 And basically it just boom. 00:51:40.880 --> 00:51:44.025 He, he put the thing out there and it just spread like wildfire. 00:51:44.715 --> 00:51:50.505 And, uh, he looks for exploits and things and he does a lot of stuff at the actual 00:51:50.835 --> 00:51:55.710 physical level of like working with the, um, The microchips and everything. 00:51:55.830 --> 00:52:00.510 You know, the neat one with a, uh, a Mattel toy called, uh, I M M E, um, 00:52:00.540 --> 00:52:04.260 basically it was an instant messaging device for kids who the parents, 00:52:04.890 --> 00:52:09.510 excuse me, parents didn't want to give phones to and expose 'em to the world. 00:52:09.510 --> 00:52:12.241 They could only instant message between other people who had these things. 00:52:12.690 --> 00:52:18.180 And it was running a, a Texas instrument, um, chip in there. 00:52:18.180 --> 00:52:22.260 That was actually a pretty cool little chip that he said, geez, that's, 00:52:22.380 --> 00:52:25.200 I can't believe they're using that chip in there for this little device. 00:52:25.980 --> 00:52:31.770 And he developed a, um, some code to use this little kid's device to 00:52:31.775 --> 00:52:35.130 basically open up any, uh, rolling code. 00:52:35.790 --> 00:52:37.620 Uh, was it rolling code? 00:52:37.740 --> 00:52:38.730 No, I don't know if it did. 00:52:38.735 --> 00:52:42.570 Rolling code and basically all garage door openers, all garage doors. 00:52:42.570 --> 00:52:46.050 You can open it up this little kid's device, uh, using, uh, 00:52:46.230 --> 00:52:50.370 deru and logic where, oh, if you have a number, like let's say the 00:52:50.370 --> 00:52:55.890 password is, uh, Uh, uh, 2, 3, 4. 00:52:55.980 --> 00:52:56.250 Right. 00:52:56.310 --> 00:52:58.740 So you go root forcing your way through. 00:52:58.740 --> 00:53:02.250 He found that he could greatly reduce the time of injecting a 00:53:02.250 --> 00:53:06.870 code if the device didn't require a reset in between each password. 00:53:06.875 --> 00:53:07.029 Mm-hmm. 00:53:07.290 --> 00:53:13.860 So if he goes 1, 2, 3 and he's keeps running 4 56 in the middle, there he is, 00:53:13.860 --> 00:53:19.590 got 2 34 and that would be the password that, so anyways, pretty brilliant fellow. 00:53:19.590 --> 00:53:20.910 And he, what was the other one? 00:53:21.180 --> 00:53:25.770 Uh, peep mail if you wanted to see who was, and I don't know if it's still 00:53:25.770 --> 00:53:27.029 running, but it was kind of a neat one. 00:53:27.779 --> 00:53:33.405 You could go onto a website and say, let's say, Amazon or, um, 00:53:33.675 --> 00:53:35.475 Microsoft or whatever it might be. 00:53:36.165 --> 00:53:40.665 And you could essentially search all the people's names who are associated with 00:53:40.670 --> 00:53:45.945 email addresses through that system in a good way to be able to find out, um, 00:53:46.005 --> 00:53:49.675 people's email addresses, contact the big boss or, or pretend to be someone. 00:53:50.025 --> 00:53:50.535 I guess 00:53:51.225 --> 00:53:53.355 TJ Bettles: that's, finding email addresses is one of the 00:53:53.355 --> 00:53:54.885 easiest things That's one of the. 00:53:56.145 --> 00:53:59.385 What you, I've mentored a few guys along the way, and that's one of the 00:53:59.385 --> 00:54:02.535 first things that, like I teach them, is the open source intelligence stuff. 00:54:02.535 --> 00:54:06.225 It's like how to find email addresses and figure, and if you can't find it, 00:54:06.285 --> 00:54:10.005 what you make educated guests is like, especially if you're a salesperson. 00:54:10.065 --> 00:54:10.365 Hmm. 00:54:10.905 --> 00:54:14.566 You know, you're, you're always looking to try and connect with decision makers. 00:54:15.105 --> 00:54:15.255 Right. 00:54:15.255 --> 00:54:15.555 Right. 00:54:15.885 --> 00:54:19.395 And so how do you do that if it's not listed on the website? 00:54:19.400 --> 00:54:22.485 Well, you got LinkedIn, you can figure out, okay, who 00:54:22.490 --> 00:54:23.865 works for this organization? 00:54:23.865 --> 00:54:25.185 Who's, who's the big boss? 00:54:25.185 --> 00:54:27.435 They likely have a LinkedIn profile. 00:54:27.435 --> 00:54:29.775 Then there's some different tools that we can use to figure out 00:54:29.775 --> 00:54:31.235 the syntax for the email address. 00:54:32.235 --> 00:54:33.855 Uh, and then you just go from there. 00:54:33.855 --> 00:54:36.555 And then, then you, there's another couple of other tools that you can 00:54:36.555 --> 00:54:39.405 use to verify the email address before you even send them anything 00:54:39.410 --> 00:54:40.995 to make sure it's it's Oh, really? 00:54:40.995 --> 00:54:42.285 A legit email address. 00:54:42.345 --> 00:54:42.885 Smart. 00:54:42.975 --> 00:54:43.365 Oh yeah. 00:54:43.365 --> 00:54:47.295 So it, it automates a lot of that rather than doing it one by one, 00:54:47.295 --> 00:54:49.440 it it, you just, Point and click. 00:54:49.440 --> 00:54:49.650 And 00:54:50.400 --> 00:54:53.640 Travis Bader: is AI gonna play a role into this, into how you can start shifting 00:54:53.640 --> 00:54:53.880 TJ Bettles: through data? 00:54:53.885 --> 00:54:55.830 I've, I've been playing with AI actually. 00:54:55.890 --> 00:55:02.820 Um, I had a, I have a bypass for chat G p T, so it allows me to run it from the Lin 00:55:02.850 --> 00:55:05.370 Linux command line using an API plugin. 00:55:05.490 --> 00:55:05.780 Cool. 00:55:06.630 --> 00:55:14.850 And so it, with this bypass it, I've got it to write exploits and, uh, scripts for 00:55:14.855 --> 00:55:18.600 me and things like that, so That is crazy. 00:55:18.780 --> 00:55:24.900 Um, there's, there's, there's a, a guy at a Singapore who has built 00:55:24.900 --> 00:55:27.540 an open source penetration testing. 00:55:28.694 --> 00:55:29.475 System. 00:55:29.504 --> 00:55:31.154 That's the back end of it. 00:55:31.154 --> 00:55:35.325 Is, is, is run by chat g p t four ai. 00:55:35.984 --> 00:55:36.795 Yeah. 00:55:36.795 --> 00:55:39.105 And I've been meeting to download it, I just haven't gotten 00:55:39.105 --> 00:55:40.845 around to, to trying it out yet. 00:55:41.234 --> 00:55:46.484 Um, but he says from, it's the AI assists you from the prospectus. 00:55:46.490 --> 00:55:51.045 So of if you get stuck, the AI will be able to look at all the information that 00:55:51.049 --> 00:55:55.904 you've pulled down and go, okay, have, you haven't looked over here or over here yet? 00:55:56.355 --> 00:55:56.805 It's time. 00:55:56.810 --> 00:55:59.745 You, you should go look in these areas and it will give you hints on 00:55:59.745 --> 00:56:01.125 Travis Bader: how to, right. 00:56:01.274 --> 00:56:04.335 Because this, they've been building safeguards in like originally I could 00:56:04.335 --> 00:56:07.545 upload, and I guess you can still do it through api, but I could upload 00:56:07.785 --> 00:56:09.475 unlimited size document essentially. 00:56:09.795 --> 00:56:14.835 And it would, so if I've got a book I have to read to prepare for a podcast, I could 00:56:14.865 --> 00:56:18.075 upload that book and it can give me a summary of all of these different things. 00:56:19.065 --> 00:56:20.984 I'm sure there's a way to do that now, but you can't. 00:56:21.505 --> 00:56:23.370 Do it right through the front facing anymore? 00:56:23.430 --> 00:56:23.760 No, 00:56:23.800 --> 00:56:25.980 TJ Bettles: you, you, you need to run the, the bypass. 00:56:26.670 --> 00:56:27.000 Mm. 00:56:27.090 --> 00:56:30.870 Uh, on the ba on through, like Linux or whatever the, the bypass 00:56:30.870 --> 00:56:33.030 I have is, is written in Python. 00:56:33.150 --> 00:56:33.780 Travis Bader: Right, okay. 00:56:34.080 --> 00:56:34.380 Yeah. 00:56:34.560 --> 00:56:38.850 So some of the, uh, the prompts, the safeguards are putting in now 00:56:38.850 --> 00:56:40.540 is like, sorry, I can't help this. 00:56:40.920 --> 00:56:42.120 I can't divulge that. 00:56:42.120 --> 00:56:42.600 Or whatever I may be. 00:56:42.600 --> 00:56:43.440 Yeah, exactly. 00:56:43.620 --> 00:56:45.120 But is that only on the front facing? 00:56:45.720 --> 00:56:48.660 TJ Bettles: That's only on the front facing the, the, the, the running it 00:56:48.660 --> 00:56:50.310 from the command line with the bypasses. 00:56:50.315 --> 00:56:51.480 There are no restrictions. 00:56:51.930 --> 00:56:52.260 Wow. 00:56:53.310 --> 00:56:56.340 And that's the whole, that's the whole reason that a hacker would want to do 00:56:56.340 --> 00:57:01.650 that, or the ethical hacker would wanna use a, uh, something like open ai, open 00:57:01.650 --> 00:57:07.740 ai, ai chat, G P T for that is because it can help you with that kind of thing. 00:57:07.740 --> 00:57:10.350 Now I got just to test it out. 00:57:10.355 --> 00:57:12.030 I got it to write me a couple of scripts. 00:57:13.275 --> 00:57:14.815 The coding could be a little bit better. 00:57:15.345 --> 00:57:15.435 Mm-hmm. 00:57:15.705 --> 00:57:17.295 But it wasn't bad. 00:57:17.355 --> 00:57:19.695 It, it, it, it, the scripts ran. 00:57:20.115 --> 00:57:20.625 They worked. 00:57:20.655 --> 00:57:21.255 They worked. 00:57:21.255 --> 00:57:23.505 They, they could be a little bit more efficient, but they worked. 00:57:24.195 --> 00:57:24.825 Travis Bader: Geez. 00:57:27.885 --> 00:57:31.695 Seems like the, uh, the whole landscape's gonna be changing over the next few years 00:57:31.695 --> 00:57:31.995 TJ Bettles: here. 00:57:32.345 --> 00:57:34.275 Yeah, I think so. 00:57:34.575 --> 00:57:38.565 Um, I don't think we'll see the disappearance of the human 00:57:38.565 --> 00:57:40.365 penetration tester anytime soon. 00:57:40.665 --> 00:57:48.105 What the, what AI lacks still is that outside the box thinking that creativity 00:57:48.345 --> 00:57:50.745 that the human factor brings into it. 00:57:50.745 --> 00:57:51.345 Right. 00:57:51.615 --> 00:57:54.795 The, the ai AI only knows what it knows. 00:57:54.885 --> 00:57:55.005 Yeah. 00:57:55.125 --> 00:58:00.075 It's not at that point yet, I don't think where it has the ability to 00:58:00.075 --> 00:58:05.295 think abstractly and outside the box when it comes to trying to 00:58:05.955 --> 00:58:08.625 push forward on a penetration test. 00:58:08.625 --> 00:58:10.875 Now I'm just saying that based on my limited. 00:58:12.420 --> 00:58:14.280 Experience playing with it. 00:58:14.400 --> 00:58:14.490 Mm-hmm. 00:58:14.790 --> 00:58:17.580 Um, I certainly need to experiment more. 00:58:17.700 --> 00:58:17.970 Mm-hmm. 00:58:18.450 --> 00:58:23.340 In order to, and I've been waiting, I, I, I reached out to open AI and 00:58:23.340 --> 00:58:28.350 asked them for an API key for the newest release, which is chat G 00:58:28.350 --> 00:58:30.060 p T four, and I'm on a wait list. 00:58:30.690 --> 00:58:30.980 Travis Bader: Okay. 00:58:31.890 --> 00:58:36.960 So day-to-day person, everyday person, say, I don't run a business. 00:58:37.170 --> 00:58:39.390 Just average person. 00:58:39.720 --> 00:58:45.060 Where, what are typically their biggest concerns from a security standpoint? 00:58:46.500 --> 00:58:48.600 Is it just luck of the draw if they get targeted? 00:58:50.490 --> 00:58:51.030 TJ Bettles: Yeah. 00:58:51.030 --> 00:58:56.490 I mean, unless they're being targeted specifically by, by a malicious actor. 00:58:56.490 --> 00:58:57.420 And that does happen. 00:58:57.420 --> 00:59:01.620 You see that happen with, uh, VIPs, celebrities, that kind of thing. 00:59:01.625 --> 00:59:05.580 They get targeted by, especially if you're, if you have a, 00:59:06.690 --> 00:59:09.090 a public persona per Right. 00:59:09.090 --> 00:59:13.860 You know, uh, The malicious actor could end up tarking you because they 00:59:13.860 --> 00:59:15.870 wanna shake you down for, for money. 00:59:15.870 --> 00:59:17.670 They're gonna steal your information and put it out there. 00:59:17.670 --> 00:59:20.820 And there might be things that you don't want going out into the public domain. 00:59:20.825 --> 00:59:21.009 Mm. 00:59:21.270 --> 00:59:24.720 So they'll be like, okay, well I'm gonna, I'm gonna dump in on the web unless 00:59:24.725 --> 00:59:27.170 you pay me x x number of dollars Mm. 00:59:27.320 --> 00:59:29.491 Through Bitcoin or whatever, right? 00:59:29.820 --> 00:59:30.390 Mm-hmm. 00:59:31.110 --> 00:59:34.020 Um, so what can the individual do to protect themselves? 00:59:34.470 --> 00:59:35.790 Don't use public wifi. 00:59:36.270 --> 00:59:36.480 Okay. 00:59:36.900 --> 00:59:41.190 Um, stay up to date with their software patching on all their devices. 00:59:41.190 --> 00:59:46.590 So anytime you get a, um, a systems update from, for your phone, 00:59:47.130 --> 00:59:50.040 download that same with the apps that you have running on your phone. 00:59:50.040 --> 00:59:51.330 Make sure they stay up to date. 00:59:51.779 --> 00:59:52.140 Mm. 00:59:52.170 --> 00:59:53.940 And, uh, use strong passwords. 00:59:55.110 --> 00:59:57.090 Travis Bader: Are there ever system updates that come through that 00:59:57.150 --> 00:59:59.670 aren't actually system updates, but there's somebody trying to 00:59:59.670 --> 01:00:00.840 get you to update something? 01:00:02.890 --> 01:00:05.010 TJ Bettles: I'm not, do you have a, an iPhone or 01:00:05.010 --> 01:00:06.480 Travis Bader: a Yeah, I shut it off before we 01:00:06.480 --> 01:00:07.470 TJ Bettles: start recording, but Yeah, yeah, yeah. 01:00:07.590 --> 01:00:12.510 Um, I, I've never actually seen that, but I suppose anything's possible. 01:00:12.600 --> 01:00:12.840 Yeah. 01:00:12.870 --> 01:00:17.460 It would, it would mean that they would have needed to compromise the system 01:00:17.465 --> 01:00:21.190 server that you would be getting the da, the update for, say, iOS, right? 01:00:21.480 --> 01:00:27.360 They would have to have then put something malicious on the download server so that 01:00:27.365 --> 01:00:31.530 you're connecting from, so they could not target you directly in that regard. 01:00:31.530 --> 01:00:37.680 They'd have to go through, like target, apple, and then put something in 01:00:37.680 --> 01:00:39.300 there that you would then download. 01:00:39.300 --> 01:00:42.330 And now I'd like to think that Apple is pretty secure. 01:00:42.780 --> 01:00:45.240 But again, just like everything else, if you're connected, 01:00:45.240 --> 01:00:46.860 you're, you're vulnerable. 01:00:46.865 --> 01:00:47.020 Mm. 01:00:47.430 --> 01:00:52.170 Uh, it used to be that there was a story that would go around that Apple 01:00:52.170 --> 01:00:54.780 is far more secure than Microsoft. 01:00:55.440 --> 01:00:57.260 Travis Bader: It's not, I don't know if it's. 01:00:58.379 --> 01:01:03.359 In my opinion anyways, at the time was just less people were using it. 01:01:03.359 --> 01:01:04.049 That's exactly it. 01:01:04.170 --> 01:01:05.850 And so there's less people trying to attack it. 01:01:05.940 --> 01:01:06.029 Yeah. 01:01:06.029 --> 01:01:07.629 And so those known exploits weren't. 01:01:08.535 --> 01:01:11.025 TJ Bettles: And there's, there's exploits that are, are being made 01:01:11.025 --> 01:01:15.735 public all the time, our vulnerabilities for iOS devices and Apple products. 01:01:15.884 --> 01:01:16.185 Hmm. 01:01:16.785 --> 01:01:22.125 So again, staying up to date with your software patching is probably the biggest 01:01:22.125 --> 01:01:26.305 thing because that, that, from a hacker's perspective, that's, that's an easy win. 01:01:26.305 --> 01:01:26.665 Mm-hmm. 01:01:27.075 --> 01:01:28.755 If you're running outdated software, I'm in. 01:01:28.875 --> 01:01:29.115 Mm-hmm. 01:01:29.360 --> 01:01:31.904 It's, it, it literally won't take me very long at all. 01:01:31.964 --> 01:01:32.415 Really. 01:01:32.565 --> 01:01:32.775 Oh, 01:01:32.775 --> 01:01:33.105 Travis Bader: yeah. 01:01:33.615 --> 01:01:34.875 What about open source systems? 01:01:34.875 --> 01:01:38.055 What are your, what are some of your favorite places to go to for open source? 01:01:38.055 --> 01:01:40.875 Would it just be basically social media for op, like 01:01:40.875 --> 01:01:41.714 TJ Bettles: intelligence wise? 01:01:41.714 --> 01:01:43.395 Or, or, or, well, if you're 01:01:43.395 --> 01:01:46.245 Travis Bader: tools and if you're taking your first steps at looking 01:01:46.245 --> 01:01:50.595 at a, um, uh, doing an ethical penetration test on a business, uh, 01:01:51.495 --> 01:01:51.765 TJ Bettles: okay. 01:01:51.765 --> 01:01:54.674 So if, let's just use an a, an external penetration test. 01:01:54.674 --> 01:01:59.145 So with that, we look at all of the access points to the internal network, the 01:01:59.145 --> 01:02:02.565 website, uh, routers, that kind of thing. 01:02:02.565 --> 01:02:07.560 And we pull as much information, uh, From those IP addresses that 01:02:07.560 --> 01:02:09.090 are within the scope of the test. 01:02:09.180 --> 01:02:09.210 Mm. 01:02:09.600 --> 01:02:12.000 And then we analyze and then go from there. 01:02:13.140 --> 01:02:18.750 Um, we have yet to do, uh, an engagement where we have not found 01:02:18.750 --> 01:02:22.980 at least one critical vulnerability, which means full compromise. 01:02:23.160 --> 01:02:23.700 Wow. 01:02:24.320 --> 01:02:28.980 And, and you know, in a lot of instances we don't actually go and 01:02:29.040 --> 01:02:32.370 there'll be certain things that we won't run against a client target. 01:02:32.460 --> 01:02:37.290 Like so for example, we can attack pieces of software that are attached to 01:02:37.290 --> 01:02:41.370 a website or you can, you can even attack the memory and the operating system. 01:02:41.750 --> 01:02:42.100 Right. 01:02:42.420 --> 01:02:45.750 We wouldn't generally attack the memory and the operating system cuz 01:02:45.750 --> 01:02:47.700 that could crash it and cause damage. 01:02:47.760 --> 01:02:48.210 Hmm. 01:02:48.900 --> 01:02:52.080 So there would be certain attacks, like one's called a buffer overflow 01:02:52.260 --> 01:02:57.330 is basically you, you part of the attack crashes, it crashes the system. 01:02:57.390 --> 01:03:03.270 And if you know how many bits it takes to crash, A resource you can 01:03:03.540 --> 01:03:07.830 at that exact moment when it hits that, that number of bits to crash it. 01:03:08.040 --> 01:03:12.509 Mm, you can then insert code and launch and get a, get a shell. 01:03:12.660 --> 01:03:12.750 Mm. 01:03:12.750 --> 01:03:16.290 That will give you a reverse shell access to the resource. 01:03:17.850 --> 01:03:21.930 So I don't like to run those against our client targets. 01:03:21.990 --> 01:03:26.819 Not that all of them would cause damage, but there's a risk, right? 01:03:26.879 --> 01:03:30.480 So there's certain things like in, in that regard that in my opinion, 01:03:30.480 --> 01:03:35.640 I, I'm hesitant to go and, and do that simply because there's risk 01:03:35.640 --> 01:03:38.210 of causing harm, damage, et cetera. 01:03:39.109 --> 01:03:43.620 Um, remember we have to remember what our, our, our focus is, and that's 01:03:43.649 --> 01:03:46.169 identify and document not cause damage. 01:03:46.439 --> 01:03:48.060 Travis Bader: Where do you see the future of. 01:03:48.645 --> 01:03:49.875 Cybersecurity going, 01:03:50.835 --> 01:03:52.485 TJ Bettles: it's gonna get worse before it gets better. 01:03:52.755 --> 01:03:53.085 Yeah. 01:03:53.145 --> 01:03:53.865 Oh yeah. 01:03:54.525 --> 01:03:58.545 Um, there's a lot of people now learning how to do this stuff, but it, it 01:03:58.545 --> 01:04:00.305 takes a special kind of in individual. 01:04:00.675 --> 01:04:02.655 Some people can try, try, try, try. 01:04:02.655 --> 01:04:04.725 They don't, they don't pick it up at all. 01:04:04.725 --> 01:04:07.105 And others within six months, they're dangerous. 01:04:07.765 --> 01:04:09.865 You know, when they first, from when they first. 01:04:10.485 --> 01:04:11.745 Start playing around with it. 01:04:12.645 --> 01:04:14.205 And it's just, it's like anything else. 01:04:14.205 --> 01:04:14.895 It's a skill. 01:04:14.924 --> 01:04:17.235 It's just practice, practice, practice, practice. 01:04:17.325 --> 01:04:17.805 Hmm. 01:04:18.105 --> 01:04:20.355 Travis Bader: Easier to identify pattern recognition. 01:04:20.955 --> 01:04:21.975 This work last time. 01:04:22.005 --> 01:04:22.095 Yep. 01:04:22.275 --> 01:04:23.205 Just give it a shot again. 01:04:23.235 --> 01:04:23.475 TJ Bettles: Yeah. 01:04:23.535 --> 01:04:26.265 And then you just, you end up learning as you go. 01:04:26.265 --> 01:04:29.154 Cuz a lot of times you get stuck on an engagement and you have to, okay. 01:04:29.154 --> 01:04:30.915 Where I'm stuck here, what do I do? 01:04:30.915 --> 01:04:31.125 Okay. 01:04:31.365 --> 01:04:32.055 Out to Google. 01:04:32.505 --> 01:04:32.805 Yeah. 01:04:32.865 --> 01:04:33.645 Start searching. 01:04:33.795 --> 01:04:36.855 You know, uh, when I first started back in the nineties, 01:04:36.855 --> 01:04:38.595 that stuff didn't really exist. 01:04:38.595 --> 01:04:42.645 So I hang out with my friends and we sort of learn off of each other. 01:04:42.645 --> 01:04:45.115 I had a, a buddy that lived down the street from me, he taught me the basics 01:04:45.945 --> 01:04:49.545 and so we kind of went back and forth and then we lost touch with each other. 01:04:49.545 --> 01:04:52.605 And then I met another friend in my twenties who he was the, the 01:04:52.605 --> 01:04:53.745 greatest hacker I've ever known. 01:04:53.745 --> 01:04:55.935 And he's never taken a computer course in his life. 01:04:56.115 --> 01:04:56.415 Really. 01:04:56.415 --> 01:04:58.275 The guy's like seriously a genius. 01:04:58.935 --> 01:05:00.975 Uh, and uh, he taught me more about. 01:05:01.240 --> 01:05:02.230 All of this then. 01:05:03.430 --> 01:05:03.790 Really? 01:05:03.850 --> 01:05:04.209 Yeah. 01:05:04.209 --> 01:05:07.089 And then, and then when I was hacked in 2018, that's when I 01:05:07.089 --> 01:05:08.319 really kicked it up on my own. 01:05:08.529 --> 01:05:11.649 My friend that, that was the hacker who taught me, he's, he's in his 01:05:11.654 --> 01:05:13.839 fifties and he's, he had a stroke and 01:05:14.770 --> 01:05:15.129 Travis Bader: Right. 01:05:15.160 --> 01:05:15.310 Yeah. 01:05:15.759 --> 01:05:17.529 He's young, young for a stroke. 01:05:18.040 --> 01:05:18.189 TJ Bettles: Yeah. 01:05:18.669 --> 01:05:22.689 Uh, he's, he's had his issues with him hit by a car a number of years ago. 01:05:22.689 --> 01:05:25.540 And anyway, that's another story altogether. 01:05:25.870 --> 01:05:26.330 Travis Bader: No kidding. 01:05:26.600 --> 01:05:26.890 Yeah. 01:05:27.129 --> 01:05:29.080 Well, is there anything else we should be talking about on 01:05:29.080 --> 01:05:31.149 this before we, uh, wrap up? 01:05:31.450 --> 01:05:32.740 TJ Bettles: I can't think of anything. 01:05:32.799 --> 01:05:40.359 Um, if, if you think that we might be able to add value to your 01:05:40.359 --> 01:05:42.069 organization, reach out to us. 01:05:42.069 --> 01:05:42.129 Yeah. 01:05:42.279 --> 01:05:45.939 Um, I'm sure Travis will, uh, publish our website and our contact 01:05:45.939 --> 01:05:47.410 information when he puts this up. 01:05:47.740 --> 01:05:47.919 Yep. 01:05:48.810 --> 01:05:50.819 Travis Bader: So we're gonna have, uh, links in the bio. 01:05:50.879 --> 01:05:51.790 We're gonna have links, okay? 01:05:52.169 --> 01:05:54.419 Both on the podcast, both you on YouTube. 01:05:55.080 --> 01:05:59.310 And you know, it's probably causing people to have a whole bunch of questions. 01:05:59.310 --> 01:06:03.540 And it's something I know about you is you enjoy those sort of things. 01:06:03.540 --> 01:06:05.160 You enjoy questions if people have them. 01:06:05.549 --> 01:06:09.419 So look at the links, contact TJ with your questions. 01:06:09.810 --> 01:06:11.460 Tj, thank you so much. 01:06:11.549 --> 01:06:12.330 TJ Bettles: Thank you very much.