STEAL EVERYTHING, KILL EVERYONE, CAUSE TOTAL FINANCIAL RUIN!

As interesting as this title is, this actually relates (in a way) to this talk given by Jayson E Street way back when at Defcon 19:

You see it wasn’t the title that had me click it, though it did intrigue me… or perhaps it was that intrigueanol that I took earlier… It was the concept, RED Team Security, break in and get your job done, get out. (Yes there are many other colours and Ill get to them eventually)

Some of my yammerings below are crude representations of the talk from above, I wish I had the gusto, the showmanship and balls made of depleted uranium to be a Social Engineer/Engagement guy, but I have a face for radio you see…

Now your job could be to get in and steal a load of shit, I get it, offices are filled with computers and things like laptops aren’t properly secured or have any of their details noted down like serial numbers etc etc. (This BTW is not a dig at any employer in particular of mine however I have been in a few places and this shit is every day ((looping the cable round the metal leg of the desk when you can just lift it and walk away)) ). so you can steal all that and sell it on to make a profit – yay Capitalism

A step easier and less obvious, you could get in and drop off a malicious payload on a very inconspicuous USB drive or ‘Bad USB’ cable/USB Pen/Cufflink/Juming bean thing/Vape Pen.

15 Seconds and poof, you have a reverse shell and someone on the other side scouring the network, listening to all those ports, sniffing all those packets and looking for all the juicy data – Much easier IMO.

When it comes to Social Engineering, getting the information out of the person your questioning, getting the access to that room to plug in the USB Rubber Ducky and walk away. That is where the amazing side of things is (to me anyway its fascinating).

Now you can spend all the money in the world on an IDS/Gateway/Firewalls but that isn’t going to count for toffee when you can get let in by the cleaning lady, or ‘shadow’ someone walking into a building, or ‘sorry I left my pass inside can you scan me through’.

A lot of companies may get pissed off about this but I’m going to tell it like it is, your employees… dont give a shit about your data or your policies, you really think that training you gave on security to tell people ‘refuse access’ or ‘check badges’ is going to stay fresh in the minds? 20/1 it is in one ear and out the other and normal behaviours pickup after about a week.

I know because I’ve seen and had it happen.

Now you can make this important, ‘your job depends on it’, but even then things are still pretty lax. You can incentivize it, who stopped this person getting in? stand up and a round of applause.

Incentives create competition, competition breeds changing behaviours and that winning feeling, who doesn’t like that winning feeling.

But is it enough?

Honestly, probably not, but at least you can make it something that should be communicated on all levels of the business, from the mail room guy to the CEO even down to Joe the scrappy new employee who starts today.

Lets face it a determined Social Engineer or very good hacker is going to get through and take your toys no matter what (or ransom them), and there are lots of companies out there saying its ‘unhackable’ like in the case of India’s National ID Database:

https://techcrunch.com/2018/01/04/indias-national-id-database-is-reportedly-accessible-for-less-than-10/ https://gizmodo.com/130-million-at-risk-of-fraud-after-massive-leak-of-indi-1794856154 https://www.express.co.uk/news/world/900409/Data-hack-ID-personal-information-WhatsApp-India-database-biometric A billion details up for grabs, I can’t help but laugh but also feel terrible for everyone involved, and people questioned why I hacked myself off the grid a little while back, I shrunk my online footprint to nothing and I’m only now starting to open it back up again

–

I realise this post has been a little more ‘ranty’ then my normal typings, its been a rough day, of a rough week and a pretty naff start to 2018…

When you hit rock bottom the only way is up – Someone Famous (maybe)

On a personal note I’ve been reading, books, actual mother f*ing books – not just ones with pictures on each page, now its every other page –

I find it often difficult to do this, A mild side of dyslexia normally does that to you but I managed to read while on a moving bus, something that would normally cause me motion sickness I managed to finally do after REDACTED years alive on this earth (though I can read an iPad/Phone etc no matter what and with no sickness bizarrely)

I’m planning on stretching my coding legs again soon and even picked up a PluralSight (10 Internet points if you get the reference) account so I can ‘test’ how terrible I am at things, though it has been a while since I last did anything, bah endless circle.

–

I know I usually button these with a Futurama pic/gif ,, I can’t think of one that works given the content however this sums up some of my personal life right now: