A cyber security guy gave a lecture in my class once and he said "The most difficult part of cyber security is the people". "You can rewrite code, you can isolate networks, but people like to be helpful and that is all it takes for a hacker to get in"

Spoiler Alert: The company was Yahoo

i wish i had this lads social skills

"Oh btw, Ken was fired"

When used for crime, these kinds of people are called manipulators and sociopaths. This guy was smart enough to make a good living off of being conniving and convincing. Pretty cool dude.

2:18 "We gotta grow up a bit" *sees spider-man blanket and mannequin in background" ok

Watch this hacker break into a company > Watch this random guy make a phone call and install remote desktop.

"What do you think of when I say the word hacker?" um *inspect element*

The most ironic sentence that came out of his mouth “I really suck with computers man” 😂😂😭

I find it very hard to believe that this script could, with a *single* input from a person, grant any useful access to anything, let alone enough to 'bring down the company'. This is hyperbolic to say the least. I've worked in Operations and tech support, I would never go to a page one of my clients told me to go to, I would vet it on a virtual machine....for THIS very reason.

I need to hack into my customer's brains

For each thing he hacked he lost a single hair

So CNN learned clickbait...

I'm guessing the real problem here is not that Ken from support visited a website, it's that the remote desktop software on his computer wasn't configured to ask for authentication. All the website did was provide his computer's local IP address and then the hacker used that to connect to his computer. He could have easily done this completely without Ken from support's assistance by simply scanning the local network for computers that respond on whatever port they are using for RDP. That whole call to Ken from support was nothing but added dramatic effect.

There are several levels of hack. He hacked his browser this way and that is all you need bro...

"we gotta grow up a bit" *he says sitting in front of a giant spiderman"

***Clicks link*** Hacker: LMAO JUST HACKED YOU NOOB

I think of the Hacker known as 4chan.

Plot twist : The company was Twitter

“Hello world” I’m in boys

That's not a social problem it's an un-patched-browser problem..

"There are very, very bad people, which means it falls to the good people to try to fight it. We have so much potential to shape our culture, our values, our safety - if not us, then who?" Exactly the confirmation I needed to hear to clear up my own dilemma, and feelings of responsibility for others in my situation. I was unsure whether to pursue fighting a seemingly small issue, or concede to someone who is blatantly abusing their power and position because it would be much easier to just give in and a LOT less stressful. But, this guy just gave me more motivation to keep me going. And he is right.

Takes more than 2 minutes to reach a human voice when calling tech support...

not gonna lie. The interviewer got a little bit wet when he told her he successfully hacked the entire company.

for anyone wondering, he used metasploitable to create a reverse shell onto his computer

all he did was RAT the dude xD

In my case, with great power comes great electric bills. fml.

I truly believe that hackers will actually become our only protection in the future since the world evolves more around technology now

That's unrealistic. If that IT guy simply visited the site without downloading anything and the companies corporate IT is even slightly up to date, there's no way he gained access to the computer just by opening a website... Either they're making up a story or the IT guy had automatic downloads enabled in his browser which resulted in him catching a drive by download. However no one working in IT should have automatic downloads enables anyway...

"we should all grow up..." Says the guy with all the spiderman stuff in his living room loool

A known hacker is a failed hacker.

I see a lot of off comments here, this man is bringing awareness, and considering just how many people and companies are affected every day, I support this work, and will now invite him to appear as a speaker at out awareness summit, well done.

Social skills? That spiderman house will scare anybody off.

me: going on the website and clicking here my brain: i hope its the wrong website

I've always told the men I've had relationships with, the moment you are unfaithful is the moment you end our relationship. If I've ever felt so disconnected from my partner that I have felt myself drawn even into a hypothetical affair in my mind, I end the relationship. I've been in many abusive relationships (that I ultimately ended) but never once have I been unfaithful. Why? Because no failing relationship is worth sacrificing my morals and integrity for. No matter how it unfolds with a partner, there should be a base level of respect and empathy towards them as a human being. A failed relationship will not pollute your mind and foster insecurities anywhere near as much as being on the receiving end of adultery. I dind't know what was happening all along for years that she's been cheating until I met explore.hacker thanks guys..

That guy he hacked was genuinely nice

I find it funny how a guy called David Kennedy ends up on the line with a guy called "Ken"

social engineering (people) are easy to manipulate, this is why you need to have IT meetings and educate users on all these items.

So we are gonna ignore the boys or scammers reposting their comments?

Apparently the stereotypical hackers use MacBooks with Kali Linux, that is so based. It's a literal Hackintosh, that is the opposite of the definition of Hackintosh, ironically enough.

This isn't an ordinary hack, by some random person. So it's more LIKELY to succeed. So let's see the mistakes. (our company practices) 1> Having an internal company number means nothing, we ask whose calling and verify that person. 2> If that person has a COMPANY asset. we would log onto that machine only 3> Generally we would not CLICK on any links, before doing so, we would CHECK the link by hovering over it 4> EVEN if we did, we have secure software/AV etc, which WILL and has detected rootkits, trojans etc, so if my machine was infected, IT security would get an alarm and lock us out, and/or our own machine software would do the same. 5> Permissions on the machine would pop up asking for a piece of software to be installed. 6> remoting into another machine we are the other machine, anything I click on, will install on that machine not mine, mine is behind a firewall............ basically a BS article, not realistic, of course companies get hacked, but this example is totally not real world, as a front line IT tech, we generally know everyone we work with and get a feeling for when something is wrong, of course things happen, but this particular example is non-sense. WELL it's American, what else do you expect... You guy's better wake up on your own government messing with you they are the real hackers... PEACE

I just watched 3 minutes of explaining the word pentest. It's not that interesting.

His mom sounds like she was a super hero. Great moral values.

They literally showed him using metasploit, he was in a meterpreter command promt

A hacker doesn't want to be known ever until death

Watch this hacker break into my heart

I'd love to know how clicking a 'here' hyperlink gives somebody full access to another persons computer. This is over simplifying it to the extreme.

No command prompt? This guy's a noob

The IT guy is yiiiiikes.

The most vulnerable part of any network is the people.

This dude has a strong Dax Shepard voice and I love it

lol i went on the link and it opened 3 "node.js" files runing silently on my pc xD

I really like the Josh Corman guy. All that Spider-Man stuff. He seems genuinely nice

Whitehat hackers>Blackhat hackers

This happens to roblox all the time and the company does nothing about it.

ha we have been using these techniques since AOL. This is not "Hacking" this is "social engineering" most social engineers suck with real hacking skills, and real hackers suck at social engineering.

A true captain America!

"Just by clicking that link hes given David full access to his computer"

The government and government officials are the biggest hackers. That is why we need such people (hackers) to be able to defend ourselves against those who are trying to control us. Beautiful video. I wish a lot of success in my career.

Why is a senior technology correspondent surprised by this?

This dude is talking about growing up but he still got a life size statue of spiderman

Social engineering is something I practice on a daily basis. It is easy, if you know what your doing. You have to have the right mindset. Just because you know how to do it, doesn't mean you can do it effectively.

imagine the guy he called watching this video 😂😂😂🤘

Damm.. thats some good social skills.... if you came here from the havard course , hit the like button.

i wish had this social skills

remote desktop isnt hacking lol

"Some creepy dude in a basement?" *Shows a guy with a fedora. Lel

Hasnt Devid Kennedy written the SEToolkit?

Good example of the struggle IT staff have. He’s running as an admin on his machine without functional AV as a non admin would have less chance of running code and AV should have picked it up or apps aren’t being patched daily, weekly, monthly as management refuse to allow IT teams to do their jobs so the remote code is using a known exploit. , NO staff in a business including admins should be logged in as admins, everyone should be non admins (zero excuses for this) and admins should elevate any tasks they need to admin. If your IT department and staff aren’t working like this as a basic config, assume you’ve already been hacked or will be

How did he make the website? What did he use? That was insane!

Hey guys what's up its Scarce here and today we got a lot of news now this ones from David Kennedy you all know who David Kennedy is, a huge channel with 6 subs well he actually managed to hack into a company thats right this guy actually hacked into a company through IT support. That's all guys thanks for watching peace.

am i the only one who thought is was the company instead of a company as in prison break

"what do you think when i say the word hacker? some creepy dude in a basement?" wtf no xD

Break into company

That Spider-Man guy was high on himself

00:34 Lmfao this "hacker" doesn't even know how to escalate privileges when "getsystem" doesn't work. You can see he just gives up and spawns a shell anyways with shit privileges. And LOL he fuckin' misspelled "getsystem" twice! xD

Now +900k know how to hack into the pentagon

0:24 "can I jus just get your credit card number" ffs lmao

He is reliable

Ha "I'm not good at computers." 😂😂😂

Well, i need a hacker to give me back my 2 minutes and 55 seconds

who is this 4chan guy?

This man is so good at acting tho...

and people think i’m a hacker when i open inspect element

0:43 "How my I help you" lmao

did anyone go to the website he said

Darkness is the absorption of all light and colour not the absence.

This dude in his Spider-Man room says we have to grow up

was about to go to the website XD

1:49 "to show you this demo, WE'VE AGREED to not use the company's name" this is how you know that neither the journalist nor the company are based within the EU, where GDPR is in place.

Dark is the absence of light. Cold is the absence of heat... Was going to comment that this came from Albert Einstein, but that was a fictional story... Where did this quote come from? lol

@0:41 Problem number one....the company (IT Department) does not authenticate the employee. Some verbal passcode, plus a MFA(text code to cell# on file). Do that and you plug that hole fast. You've shut it down instantly and you also become aware of this hole that is occurring.

This is like a grabify link, but you get full remote access.

"We have to grow up a bit" with spider man pillow and cut out behind him lol

0:35 look at his console as it comes into focus "get system": Unknown Command. "getsystem": Operation Failed lmao

PLEASE READ { Hire A Private Investigator} Establishing your company’s best defense is much like dealing with natural disasters, the best defense against cybercriminals is being proactive. You won’t know when or how a disaster may hit, but you can minimize the damage and recover quickly if it does. Attackers have grown creative over the years by requiring payments that are nearly impossible to trace, which helps cybercriminals remain anonymous. Prevention for DDOS attacks and ransomware attacks typically involves setting up and testing backups as well as applying ransomware protection in security tools. Security tools such as email protection gateways are the first line of defence, while endpoints are a secondary defence. Intrusion Detection Systems (IDSs) are sometimes used to detect ransomware command-and-control to alert against a ransomware system calling out to a control server.This type of services requires an expertise and that's where we come in. Alright listen up if you have experienced any of these.. Over the years, attackers have grown creative over the years by requiring payments that are nearly impossible to trace, which helps cybercriminals remain anonymous.Webghost33 on teleegram , is a cyberspace expert and professional cyberspace expert. They can help if you're ever exposed to internet scams and cybersecurity breach such as Business Email Compromise too.They can can help get it restored and track down the person who did it in many cases. Do you want to install spyware on a cellphone, smartphone or computer? Do you know if you have spyware on your computer or mobile devices? Reputation Management? Control your online reputation but removing false information and getting your positive message out. Cyber Stalkers? Don’t be harassed or stalked online. Find the person responsible and put an end to it all. Cheating Spouse? Find out for sure what your spouse is up to with our Digital Investigation services. Perhaps my hacking professionalism has helped in various aspects like; Removing links and posts, eradicate being Cyber Bullied or Cyber Stalked, Locate Missing People, Computer Security Training, Background Checks, Cyber Extortion, Relationships, Nationwide Employment Background Check, Tracking, Online Dating Scams, Cyber Frauds, cyber-espionage, criminal gangs or the pursuit of data. We aim to make all kind online protections for our valuable clients. Reach out on w'app 1 414 909 3913

Just by visiting a site, without doing _anything_ else, he was able to access his PC? How is that supposed to work?

My moms ex bf does the exact same thing these guys do. He protects major businesses from attacks/cyber security. And it was scary when I heard the stuff he was able to hack and do if he wanted to and do it easy. Ppl have no clue

Humans are the weakest link in the security chain.

and you call him a hacker? Its not hacking he was just ratting the guys computer which is simple asf