But how do you motivate completely uninterested employees to learn about IT security? (Assuming management is also just as uninterested.)

I certainly sense no interest assuming management spoke up.

They probably don't get paid enough to care about their normal job, let alone security

​@@bpb210It's a culture thing. My team sends out pretty regular phishing tests via email that we send to specific departments, or all employees.

🔖Nah man, humans are just too stůpid. In my country, everyday we got dozens of warnings about text scams and everyday hundreds of people still fall victim. Humans have been getting scammed since the caveman days and they'll still get scammed til eternity, the technology just changes but the scams stay the same. MLM scams today are just modern variations of investment scams in the early 1900s.

True, until the attackers get inside. Then they have to get it right each time to not get caught. They just need to make a single mistake to get caught by the blue team

@@basse889990 Truth. Makes my job much easier when your average hacker's first thought is "I'll start a cryptominer!".

@@basse889990 facts. But sadly I have often seen that eventho blue teams are able to detect, rapid containment can be incredible hard.

@@basse889990 again still much easier, its not the case that any single mistake will get them alerted. In some environments, monitoring may never pick up the attack happened, and companies only know when the data gets released or sent a ransom (this happens a lot...). Blue team has a much harder job every single time.

That’s not entirely true. Any bigger company will have multiple layers of defence. So you get through one you might get stopped on the next level. It’s usually also just about making it uneconomical to attack you. It’s like bicycle locks. There isn’t a lock that can’t be broken open in a few seconds if you have the right tools. Still if you want to protect your bicycle a bike lock is a very useful tool and if the bike next to you has a shittier lock it’s likely that bike will be stolen before yours.

Yep - most people think they are excellent judges of character, and when someone acts professional and polite while asking them for a simple innocent favor.... problems occur.

Not just hacking. A lot of crime is committed that way.

We think Ants are simple creatures. They trust everthing that carries a specific pheromone. In a corporate environment that's a badge and maybe a clipboard :)

almost every person want so act superior or feel superior, so if you act politely and as a newby looking for new things, you most probably are going to bypass a lot of human security because of that, it is something that sadly had happen to me some times i lost myself in a place, i usually end up with the staff at the staff side like a rookie, until they see that i am not of the staff and i am only lost, but at that point i am some steps of their boss, their servers or close/in to some critical building XD.

It’s not necessarily being a bad judge of character. Psychologically, humans inherently want to trust their fellow humans. Unfortunately, that opens the door for people to get taken advantage of.

Ummm, what do you think pen testing is? It's all corporate espionage or defense against it. Secret agent literally by definition.

Agree! The eyebrows give him away...

Bond.. James Bond

This "kind" of hacking is actually called Social Engineering, the reconnaissance part the guy was talking about. Look it up

@@Zevilon05 James Blonde?

Wired Support is one of the best things on the internet. I think everything about it is perfect and I hope they never change it.

He's busy! Got things to do, companies to destroy... (or help, as this case may be).

Yes this!!

become a CEO before asking other companies to give them the raise.

I think he should do a whole series on how us mere commoners can better protect our S!

I didn't understand a single word he said lol

As a software engineer, you have no idea. It's only getting worse too. Due to the user friendliness of modern day technology (think today's iPhone vs Windows XP) users are required to know less and less about their technology because it "just works". Combine that with the Internet of Things, that so many devices connect to the internet, that even hacking someone's Wifi toaster could be a dangerous exploit in the wrong hands because that gave them access to everything on your network.

True. I know the bare minimum but I don't trust much so that helps.

99% of people use the same username and passwords for all sites and they don't use two-factor authentication. I'm a computer programmer and a hobbyist hacker and I can into people's Instagram and Facebook accounts. There are professional hackers out there that are 100 times better than me. Yeah that's a scary thought.

with great power comes great responsibility.

Yeah stuff like that and the email to the CEO about the conference are very scary. Not falling for random phishing attacks it one thing, but we usually aren't expecting anything that is more targeted.

- im sure that worked like a charm 20 years ago. these days a security camera will ID you dropping a weird envelope on the desk and the FBI will be at your door 5am ready to take you and all your computer crap down to the field office😅

Unless of course company execs don’t want a security cam in their office. IT and the security team might also not want cams in offices on the offchance the system gets compromised and now the intruders get unrestricted access to things they just need to lie low and wait around for. Bonus points if the surveillance system also includes audio.

​@spg1794 Not all places that need good security have good security. Don't forget, leaders of companies are people, and people can be extremely stupid. That security breach that happened a few years ago with EA where hundreds of thousands of gamers' personal information was compromised? That was just a series of phone calls to get that information, and six months earlier guys like this dude told the CEO and Board that this was an extremely dangerous flaw, and they did nothing about it.

​@@spg1794 even if they do get caught doesn't mean there won't be damages

That is way too true. And then among all the clutter, someone sends a message about registering on a 3rd party website with your internal password, which you competently identify as an obvious phishing attempt, hah! Only to find out it was actually your boss and he actually wants you to do that and he tells you in person, completely oblivious about everything.

The reason is HTML email, which effectively hides what’s actually in the message data. Links are disguised and lead to bogus sites. Another disaster we can thank Microsoft for.

Im so happy seeing someone say this. I've been saying the same thing every time something gets "hacked." i don't even call phishing hacking because it's more like a scam.

Ah you again pretending to know what your talking about. Hot take, huh? This line has been said and has remained true for over 10 years, if anything thinks this is new information you truly have no idea about IT security. (which makes sense give your other inane comments trying to call out other people)

@@benhook1013 yeah I do know what I’m talking about since I hold both CISSP and OSCP. All I did was agree with his statement, but you went on a tangent about “new information”, which I never said it was. I’m guessing you’re just an internet rando “IT security” or sysadmin wannabe who thinks using wireshark makes him Mr Robot? 😂🤡

​@@benhook1013 Is your iq low or are you simply ignorant?

Yep, scan a QR code or click a link that says, "Click here to learn how to avoid scams..."

Didn't even look at that, that's hilarious.

​@@GeekGamer666 yep, and that's the lesson, most people aren't actually checking.

...but he presents himself as a "penetration tester"...

​@@benoitbvg2888 watch Jayson E Street's DEFCON presentations, as they've said above; many peeps are only looking at the surface level without even properly seeing what's in front of them

@@benoitbvg2888 how much people know what a "penetration tester" do? and how much people only assume that is a thing of informatics wich they do not want to talk?

There's numerous. I recommend OccupyTheWeb's courses and books. Check out their website

hey , i really want to know something. Can you tell the process to become a penetration test/ hacker ??

Skillset. Learn as much as you can and get good at it. @@sreyashkanjilal4929

​@sreyashkanjilal4929 Learn I.T. Helpdesk and Networking first. Then pivot into focusing on network security. Security gigs are an "after 5-10 years of experience" career.

Me too! I'm an ethical hacker/pentester

@@sreyashkanjilal4929 , nope, that's not a youtube block, I think it's a person removing replies, curious if the channel moderator is removing such posts.

what are the requirements for getting into that field? I understand hardware far better than software, can barely code without using AI, but have thought about it. My local college says you need an degree in IT first, but they don't offer that sadly

​@@mattc9598don't worry about the degree nonsense. You can learn software Online. You will be confused at first, but don't worry. Just use online resources.

​@@mattc9598 interest in the field, mostly. As long as you're passionate you don't even need university to start as an analyst, I highly recommend researching certificates and requirements and just studying for those.

​@mattc9598 what field exactly? It? Engineering? IT is very broad so if you can provide some additional information I may be able to point you in the right direction. What stuff are you interested in?

@@RealWorldMaverick exactly.. you dont really need a degree or even much technical knowledge to get into penetration testing. That is part of it but there are also people that specialize in the social engineering side of things. I would love to get into physical penetration testing. I listen to Darknet Diaries and that side of things honestly seems like a fun job. You are getting paid to get access to buildings and areas you shouldnt have access to.

I was told there would be cake but it was a lie. Taking my stapler was the last straw, so I burned down the building.

Clever! We used to change people's languages.

Ctrl-shift-Right (on Intel integrated graphics machines) is another good one for messing with people who leave their computer signed in.

Same way Rickrolling has been one of the best ways to teach people to be cautious about which links you click.

It’s shocking how many people leave their desktops unlocked. It’s like wearing a seatbelt for me, I don’t feel comfortable until I hit Ctrl L before I leave my desk. Also predictable passwords that they don’t change frequently. The number of “Admin” “admin” server admin accounts I’ve seen is also concerning.

He's a very well-known name in the space. If you search his name on KZbin, you will find tons of speaking events that he's done over the years. It'll keep you busy for a while.

Oh man, you right. I'm about to binge right now lol. Thanks, @@johnmiller9931

@@johnmiller9931thx!

Hes done presentations at Defcon, he's very entertaining

WHT is his name

You definitely could have rubbed that in their face, great job!

Not knowing technology is one thing, but people who brag about being computer illiterate is another thing. They lash out at people helping them with security advice. I see it everyday on Reddit; *"I don't need your security advice! I don't believe in this computer mumbo jumbo! I don't believe in all these threats! You people are just being paranoid!".*

Did you get promoted?

Is kinda sad and pathetic that some IT managers have 0 knowledge of basic cyber security measures

​@@Peacekeeper_84The Jen Barbers of the IT world. People persons.

great way to describe it lol

through?

Because defcon (big hacking convention) is in las vegas

They were?

A lot of them live in vegas

or they played a role in whatever happened

I worked at a high class hotel for some time and had to prepare a report where I wrote everything down I could find on the internet about our guests. You wouldn't believe how much info you get about millionaires/billionaires, just by googling them.

hey , i really want to know something. Can you tell the process to become a penetration test/ hacker ??

I don't know how you guys sleep at night having to worry every minute about someone hacking into the systems you need to keep secure.

@@jameslarosa2396 Most of the time, we don't

you have to be really good at researching things on the internet instead of asking people for help thats step one lol@@sreyashkanjilal4929

I like to call it PEN15 testing and throw in as many phallic facsimiles as I can get away with in the report while playing dumb.

People in the security industry tend to express this a bit differently - "trust _BUT VERIFY"._

I've been spear phished more than a few times. Some of them are very convincing. It does make me wonder about the security of a platform like LinkedIn in conjunction with the standard first.lastname@companydomain. If email wasn't as easy to guess I think that would decrease phishing attacks of all kinds.

Phishing has become even more effective now that non-English speaking hackers can leverage LLM such as ChatGPT to write more convincing emails!

Absolutely true 😂 annual pen testing was the only time I got commended for being grumpy and telling front desk "I'm not expecting anyone, send them away" when red team tried to use me to get physical access to the building under the guise of a visit

​@@julianakarasawa315 They're probably going to treat that as a competition for you guys haha

I think you spelled 'terrifying' wrong...

Jason has done a talk at Defcon called “Steal Everything, Kill Everyone, Cause Total Financial Ruin!” where he breaks into a building using a piece of cardboard. Cannot recommend it enough.

I'm the opposite. I'd never ignore one and honestly, I'm surprised Jayson said he would. It seems far more plausible he's got a bunch of secure burner laptops he can use to plug them in and find out what other people are trying to hack with.

@@smnsmnsmn he's also gone on the Darknet Diaries podcast, Ep. 6

cause he doesn't know. it's much easier to rob a armored vehicle than it is to rob a bank.

High level answers explained in low level vocabulary as well.

he is verry famous and does conferences and talks all the time .

Google "Who is the number one expert in the field that I'm interested in" and then hire them.

he's given about 1000 talks at DEFCON

Looks like hes part of defcon, lot of notorious hackers go there

whats defcon?@@error.418

just go ahead and credit Deviant Ollam, please

That’s real. Go Blue Team!

He knows who pays the bill.

@@error.418 sure, why not, even though I've done this as far back as the 1980s and I'm not the first to do it.

@@iagmusicandflying Some people are too young to realize not everything originates on the the internet lol.

Yeah, I felt that one, too. When I was programming back in the day, 'What do you mean I have to document every single line of code?' And don't get me started on flowcharts. I had hair back then, and there were times I was pulling it out. It's all gone now, so who know what caused the baldness. At least my salt and pepper beard is working.

True. What's the most difficult part of a PhD program? Thesis write-up - not the research part of it. I know a few guys who did not complete their doctorates because of it.

@@bikenyThankfully the "document every line of code" is a bit less common now, but there is plenty of other things that are difficult to get through.

I hate writing reports man. Most boring part of hacking.

How come your YT is verified with only 517 subs ?

The bad guys already know the tricks anyway. This is serving as education so other people know what to be wary of.

of course, was more of a joke. But lots about this video easily entices the wrong crowd @@XSemperIdem5

Treating them with common decency also helps since they will actually care what happens. You treat them like crap they won't care about their job and so won't take actions as readily if they see something wrong. It becomes a "not my problem" situation.

@@l33tninja1 100% !! Respecting your people is a must.

this info is available everywhere online lookup network chuck or david bombal

Either that, or call your boss who should be high enough to be able to directly call whoever is apparently responsible for the unknown person. Because as mentioned in the video, the numbers might be false and the answering party might give excuses why they can’t appear in person to validate the intruder, while the person you are detaining is putting pressure on you because you are costing the company precious time and money…

Call people?! Is it 1965 or something?!

​@@halfsourlizard9319 yeah. phones didn't get tossed out in 1966. Or what do you think that little rectangular device in your pocket is meant to be used for?

We gotta ban any word that people choose to sexualize now? Penetration testing is the best description of what they're doing.

I personally like it better than "Hacker"

"Vulnerability documenter" just doesn't have the same ring to it.

How about “Penetrator”? wait

Well, at least it's true, you test to see if you can penetrate computers. I prefer 'ethical hacker' or 'cybersecurity analyst' more though

ethical hackers hack so you dont get hacked if anything this is reassuring to know that there are more people like him than bad hackers out there .

Google him, his talks are not usually so technical.

@@aetch77 Thanks, will do

Lmao, a USB audit 😂

Doesn't matter. Just let the giggle out. It feels good!

Wow you're beautiful for a 38 year old mom.

Aaaw...thanks mate :)

glad im not the only one lmaoo

he is making things safer how is it scary lol ??

@@myname-mz3lo Because attacks happen constantly, every single day? I'm not scared personally, but you're talking like crime is a small-time problem. It's big.

@@myname-mz3lo its scary how few things you need to break into such high systems.

LOL that means you're a beginner and that's fine... we all start somewhere but... TELL TALE SIGNS and all that don't get me wrong, Excitement is good and it gets you motivated but one day you will look back at this comment and say to yourself "i was stupid" LOL we all do it

He does talks at a ton of cybersecurity conferences.

how is it scary ? he hacks companies so that bad people dont .. its reassuring more than anything to know that there are more good hackers than bad ones

@@myname-mz3lo it's scary how easy some tricks are and how vulnerable everyone is.

absolutely

he *said* you gotta say it *properly*

Wait, so was it twenty percent, or one in five!?!? /Joke

I don't believe you…

@@blindbrad4719 Lol. Why would I care if a rando doesn't believe the truth? Nice troll.

@@Tom-ev4rg it was a pretty basic troll to BH, but considering your gullible remark I felt it had to be said 😂. Your story didn't surprise me though. I'd be willing to bet as well that the 20% that passed were already tech savvy before the training.

@@blindbrad4719 80% passed