I've been working as web developer for 3 years now and always knew deep inside that security passionated way more than building apps. I didn't now where to start neither had the balls to. With this article you encouraged me to start once and for all, thanks a lot!!!

I love this and I will continue supporting you! Thank you for all the information that you provide us with. Could you please talk about the smiling hacker “Hamza Bendelladj” he’s in prison but I think his story is interesting.

going to have look as i start my journey

I am in cyber security too. Pleased to meet you.

Man this is awesome, thanks Jack. I'm jumping into a SANS institute program, but I'll be using your suggestions in your article in tandem.

Legit lol! "Go to fkn Arby's, damn you!!" As he tosses $20's to each of them.

I thought he might pull the fire alarm.

@@YerBrwnDogAteMyRabit un

@@johnm9899 Sri Lanka

​@mrtechie6810 they would see that an alarm was pulled and it would be suspicious. Better to use some "smoke detector testing powder" and use that to set off a detector since it's scent free.

Apple Inc

Ooo dang os x hostile af

Ya this one is a classic great one

Thanks Jack. Your content is one of the best I've heard. It's like listening to a movie!!

Hacked his way into a broom closet 😂

@@goldnutter412 Just got to that point, I find it hilarious !

Black duck eggs was great as well, whats the other top 3 episode

yep, i am literally crying...

Me too. Holy shiznish feel my brain pulsing this dude is great

@@poppy2244 L😊😊ppp P K looking b K K K k killing kill B

If admin isnt admin then who's the admin !!?

@@miss_tech Well, not the admin.

@@miss_tech admin_2

hahahahahahhahaha

That's just an absolutely wonderful misdirection to throw off someone...like this guy....who was somewhat experienced, but still got kinda flustered and seemed to slip up after the normal shit doesn't't work. I know of a few companies that I have been with and inside that do some sneaky tricks with their security, surprisingly.

And it cause him to break character 😂

@@johnsmith60 fucking Citrix!!!!!

@@johnsmith60 ¹1¹

This should be emulated and become bare minimum standard to everyone else, with some additional tricks and minor differences.😂😂😂

Agree, it’s so good. I got cyber security management certificate and showing some of these videos in class as examples of concepts we talked about would have been great.

Wired Magazine ran a great article on 'Net vulnerability. At the time, domain manes were not protected enough. (I'm not a techie so I'll probably describe some of this incorrectly.) A guy had a bike accident and broke his ankle. While on prescribed pain killers his mind, was, well, high and disconnected. He suddenly had an insight that panicked him. He called one important exec (to something) and described the problem, and the man told him this was going to be a priority fix and NEVER discuss this on a cell phone again. The anecdote I remember is that he could have emptied the entire French treasury into his personal bank account and there'd be no way for anyone to know why France was suddenly bankrupt. They fixed it, and Wired ran the article.

Me to.

Always the most basic things when you think you’re stumped.

> _"I find it difficult to explain things to my students without overwhelming them"_ yeah, me to my peers too! the biggest gap is that i dont know what they know or dont know. so, either i become tooooo dependent on using the keywords, and forget the layman terms; or i start explaining in layman even the terms they already know.

Keep practicing bro....rent on pc environment and do your thing or just use the real world.... Have fun brother

@@kareemcallender1930 thank you

Where can I learn how to start doing any of this? Can be illegal or legal I just want to learn something new and challenging

@@elon.evans228 the Internet is full of information

@@elon.evans228 "learn absolutely everything to do with computer science, networking, programming, web apps etc."

imo they focussed on plausibility based rules and detections, I don't know if it was truly written down as a rule somewhere in their sec handbook, but it suspect it was really a design principe there. if they'd had turned off netbios broadcasts and locked down the master browser shit 90s-style they'd have driven him completely nuts.

@@udirt right, I give that company a 9 out of 10, Tinker was even using msfconsole instead of writting his own reverse shells, so maybe a 4 out of 10 for Tinker on his end... i rate it script kiddie with military experience out 10.. his story telling was 10 out of 10... if he had more patience he wouldn't even have been caught..

Cant agree moree.....

Yes maybe...but almost nobody would be that patient...considering all those stressful situation he was in...not just 'pressuring' stress, but 'annoying' stress. (weird configuration like admin is not admin, SSO that is abnormal and requires MFA, only IT team doesn't go to lunch, etc.) At least in 'pressuring' stress, one can keep cool and be rational, but these kinds of annoying situations, I bet almost nobody can keep his/her cool.

Even at that point he had already admitted that the place was pretty secure. He just really wanted to get them with something. Personally I believe I.T was tipped off and told to be readily on defense.

Where can I learn how to start doing any of this? Can be illegal or legal I just want to learn something new and challenging

@@elon.evans228 wtf my comment got deleted

haha I was thinking the same thing, this sounds like something I could hear on NPR, right after wait wait don't tell me lol

@@TheMrDrMs Yeah, Jack has that "Moth Radio Hour" vibe going.

How much would you say, percentage wise of the entire online/cyber budget, was routed to enhancing security capabilities after the evaluation? And how much is an evaluation such as that cost, if you dont mind me asking.

@@MrNecryptic budget almost dobled... Old sonic wall boxes replaced and a old 2008 server replaced after that was the entry point for the hack etc...

@@MrNecryptic I don't know specifics but it wasn't cheap since it is a 13 stores car dealership. The hacker could lateral move between them after hacking a server that had vpn access across all the network

@@PinguimFU Immediately doubled, wow. That's extreme but I guess no expense can be spared after such an event, within reason. I can see why federal charges often apply to such events, the amount of resources used for recovery are immense.

I've only recently begun my study of ethical hacking this last year but, I'm pretty sure I heard him mention that what he found is hashes for some passwords. Hashing is a form of obfuscating the actual plaintext password by running the password through an algortihm where it becomes unitelligible from the original. If you have the hash of a password and figure out what encryption scheme was used, then you can crack the password offline in your own environment using tools such as hashcat or johntheripper. Hopefully this helps a little!

I'm leaving this comment so I can tell you later, I'll look into it. Edit:sorry just remembered this comment, but so: They use things like botnets and parallelization to increase the number of guesses per second and distribute it among computers and other resources. IP rotation allows a hacker to have a new identity when reaching a limit by using proxy's, Tor or VPN's. Credential stuffing, which are made with dedicated tools and software to automate the process of leaked credentials, these use things like IP rotation mentioned above and random intervals between attempts to bypass detection mechanisms. There is also a possibility of vulnerabilities present in target system that allows the bypass of those restrictions, these can involve such things as software bugs, misconfigurations, or vulnerabilities on the authentication system itself. Hope it helped.

Game over

P.S. in-between the video I just watched and the comment section there are like 15ish suggestions of videos for me to watch.... HOW DO I PICK?!?!?! I want to watch most if not all of them!! LMAO!!

which development tool?

I guess you pspause their software....

DC30 was an absolute blast

the funny thing is, even i can break my company's security, even with good security in place, and I am just l1 employee working remotely... (once i even got ssh access to some random server) so i am amazed by which ever company that is , with this much security in place....

@@vaisakh_km I guess it depends from company to company, how big they are, what kind of information they handle, and what their third party partners expect from them.