125: Jeremiah

en-usOctober 04, 2022

Podcast Summary

The Story of Michael Fagan and Buckingham Palace Breach: Mental health issues should not be ignored, and no place is entirely secure from a breach. It raises the need for adequate security measures to protect important people and places.
The story of Michael Fagan, who climbed over the wall and entered Buckingham Palace, shows how a seemingly secure place can be vulnerable to breaches. Michael's experience inside the palace reveals that it was not as grand as people imagine and that the decorations cost too much. The story also highlights mental health issues, as Michael was going through a breakdown and was not mentally stable during the incident. The lack of security during Michael's break-in raises questions about the security measures in place to protect important places and people. In summary, the Michael Fagan story serves as a warning that even the most secure places can be vulnerable to breaches and that mental health issues should not be ignored.
From Buckingham Palace to Cybersecurity: The Importance of Prioritizing Security Measures.: Whether it’s a royal palace or a company with sensitive information, security breaches can have serious consequences. Hiring experts to test vulnerabilities and staying up-to-date with technology can mitigate potential risks.
Michael Fagan broke into Buckingham Palace twice and got into the Queen's bedroom while she was asleep causing security concerns. He was later arrested, tried and found innocent. He was sent to a psychiatric ward due to his mental health problems. He later divorced his wife and become a single father. Jeremiah, a certified penetration tester, seized the opportunity to exploit company vulnerabilities and test security measures through advanced hacking techniques and tools. His background in technology, cybersecurity, and serving in the military equipped him with the fundamental knowledge and skills that helped him land a better job. Jeremiah urges everyone to prioritize security measures and keep up-to-date with the latest technologies.
The Importance of Regular Security Assessments and Addressing Risks: Conducting regular security assessments, including physical red team operations or physical penetration tests, can help identify and mitigate vulnerabilities, preventing potential attacks and avoiding network outages and reputational damage. Don't neglect security assessments due to fear, prioritize them to address risks.
Conducting regular security assessments, including physical red team operations or physical penetration tests, is important to identify and mitigate vulnerabilities in an organization's network and infrastructure. Neglecting security assessments due to fear of potential consequences of finding security holes can be detrimental in the long run. It is better to know the risks and address them rather than being blindsided by a potential attack. Businesses and government contractors should prioritize regular security assessments, as these entities are more susceptible to nation-state actors who may try to breach their security through a contractor's network. Knowing the risks and conducting security assessments can also help in avoiding network outages and reputational damage.
Prioritizing Security in Remote Office Testing: When testing remote offices, prioritize security by being persistent, utilizing a good offense, minimizing network impact, gaining access to location/devices, and conducting tests as an outsider. Use Google maps and light surveillance for additional information.
It is important for contractors to prioritize security when testing remote offices. Persistence is key to convincing businesses to conduct testing. The best defense is a good offense to challenge technical capabilities. When conducting a test, it is important to have minimal impact on the network to prevent the installation of malicious tools. Objectives should include gaining access to location and devices, and risk assessment of scenarios. Tests should be conducted as if the tester is an outsider. Google maps can provide relevant information about the building. Light surveillance is important for identifying entry points, lunch schedules, and employee locations.
Tips for effective Penetration Testing: When conducting Penetration Testing, avoid front entrances and dress appropriately to avoid being challenged. Prepare by carrying necessary tools and equipment and thoroughly examine the perimeter for access points.
Penetration testing involves thoroughly checking every external egress point of a building to identify security loopholes and access points. It is best to avoid the front entrance, where security measures are usually concentrated, and instead look for side doors or back doors. Having multiple individuals in a group reduces the chances of being challenged while performing a penetration test. Dressing in business casual clothes and getting well-groomed add to the authenticity of the testers. Preparation involves carrying the necessary tools and equipment such as lockpick sets, Raspberry Pis, and mobile Kali Linux. It is also essential to mark up aerial photographs of the location and conduct a thorough examination of the perimeter along with tugging on every door to see if they open.
Importance of Regular Penetration Testing for Physical Security: Conducting penetration testing and securing physical access points can prevent easy breaches of buildings, like doors not locking, and unauthorized access to sensitive areas and data.
Physical security of buildings can be easily breached through simple implementation flaws, like doors not locking properly or being left open. It is important for organizations to regularly conduct penetration testing to identify such vulnerabilities and fix them to prevent potential breaches. In this case, the pen testers were able to gain access to the contractor's secured floors through a partially open door in the stairwell and easily open doors on the second and third floors. The testers also noted the presence of Ethernet ports on the lobby walls which could be explored for potential access in future testing. Conducting penetration testing and securing physical access points can help prevent unauthorized access to sensitive areas and data.
Exploiting Physical Security Vulnerabilities in Office Buildings: Physical security measures such as key card access and locked doors are crucial to prevent unauthorized access. Continual monitoring and testing of security systems can help identify and address vulnerabilities.
Penetration testers were able to gain unauthorized access to a secure office building by exploiting vulnerabilities in the lobby area. By gaining access to an unattended kiosk computer through a Bash Bunny, they were able to prove that the system was not locked down. They were also able to walk right in through the front door of the office, which was unexpectedly unlocked, and access private information. This highlights the importance of physical security measures, such as key card access and locked doors, to protect against unauthorized access. It also shows the need for continual monitoring and testing of security systems to identify and address vulnerabilities.
Risks and Measures in Penetration Testing.: Penetration testing requires more than just physical presence. Testers must consider Network Access Control, company location, and disguise. Ethernet ports are crucial entry points and must be thoroughly assessed.
Physical presence doesn't guarantee complete access to the internal network of an organization. Network Access Control (NAC) is a security measure implemented by some companies to restrict access based on MAC addresses. Penetration testers can bypass NAC by finding MAC addresses from vendors that are on the allow list and changing their computer's MAC address to one of those. Also, the physical location of the company can have an impact on the success of the penetration test. To avoid suspicion, testers should dress appropriately, act confidently and avoid looking suspicious. Ethernet ports are significant points of entry into a network, so testers should check them and see if they give internal access or restricted access.
MAC Address Spoofing and Maintaining Security Measures: While changing a MAC address can grant network access, it is not a secure way to do so. To maintain security, implement registry files and physical security measures. When gathering intelligence, obtain information ethically and within authorized activities to avoid breaches of trust or legal liability.
Changing the MAC address can allow for network access bypass, but it may not be a secure way to grant access. In order to maintain security, it is important to implement other measures such as registry files on computers. Additionally, physical security measures such as badge-swipe doors should be in place to prevent unauthorized entry. When conducting intelligence-gathering, it is useful to collect as much information as possible about programs, whiteboards, paperwork, and file names. However, it is important to obtain this information ethically and within the scope of authorized activities, in order to avoid potential breaches of trust or legal liability.
The Importance of Conducting Physical Penetration Testing for Organizations: Regular physical penetration testing helps organizations identify weaknesses in their security measures, preventing future breaches that could have far-reaching negative impacts.
Physical penetration testing can reveal vulnerabilities in an organization's security measures that may not have been previously considered. Malicious entities may attempt to access a location using a variety of methods that may not be immediately apparent, and the implications of a successful breach can be far-reaching and impactful. For this reason, it is important for organizations to regularly conduct physical penetration tests to identify and address weaknesses in their security posture. The results of such testing may be surprising and enlightening for leadership, but can ultimately help to improve security measures and prevent future breaches.

Recent Episodes from Darknet Diaries

In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

Darknet Diaries

en-usJuly 02, 2024

146: ANOM

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

Related Episodes

The Secret Sunday Session with Hugo Toovey

(Visual Podcast) **This podcast has a trigger warning**

In this weeks episode we speak with army captain and cancer survivor, Hugo Toovey. Hugo shares his battle with testicular and bowel cancer whilst working in the Australian army. We start the conversation about the struggle on one's mental health to overcome adversity, the need for hope as a motivational driver and the power of gratitude.

Start the conversation by pressing play!

Where you can find the visual episode:

https://www.facebook.com/thesecretburden/

https://www.instagram.com/ashlee.thomas/?hl=en

https://www.youtube.com/channel/UC8lPUj1SAkqf1jKvLsk0Stw?app=desktop

Connect with Hugo:

https://www.instagram.com/hugotoovey/?hl=en
https://www.linkedin.com/in/hugo-toovey-12853377/?originalSubdomain=au

We start to make change and challenge stigmas when we start one conversation, so let us be your one for today!

If you found this episode triggering please reach out to the below support services:

https://www.thesecretburden.com.au/

https://butterfly.org.au/

https://kidshelpline.com.au/

https://www.lifeline.org.au/

https://www.blackdoginstitute.org.au

The Secret Sunday Session

en-auNovember 04, 2023

Headspace through Fragrance feat. WAH WASH

You smell that? It's the perfect scent to get you into a deeper headspace....

enFebruary 01, 2024

Milestones - Revenge of Bad Bart - Season 3 Premiere - Episode 25

Saddle up for some rootin' tootin' good podcastin' pardner. The boys go WAY West in order to share some of the most important events of their lives.

Join us for the positive and negative milestones of Ryan, David, and Brandon.

Watch our video game goofs on YouTube @ We're Probably Not Okay!
Follow us on Facebook, Instagram, and Twitter.
Email us at wereprobablynotok@gmail.com
Find us on Patreon to get even more involved.

Watch our video game goofs on YouTube @ We're Probably Not Okay!
Follow us on Facebook, Instagram, and Twitter.
Email us at wereprobablynotok@gmail.com
Find us on Patreon to get even more involved.

We're Probably Not Ok!

en-usAugust 19, 2022

EPISODE 2: VILLAINS, VICTIMS AND HEROES | PASSING THOUGHTS PODCAST | rbccmnq

In order to see the bigger picture, we must step back. What role do you see yourself playing?

----

You can view the transcription, references and resources on the podcast episode page here (If link is faulty, copy and paste: https://www.rbccmnq.com/episode-2).

About host

Hi, I’m Rebecca-Monique: an ICF accredited (PCC) somatic and transformational coach. My work is centred around supporting individuals through their healing.

My specialist areas are grief, trauma, anxiety, depression, addiction, sense of Self (identity), boundaries and confidence.

I have particular interests in social sciences and human-centred disciplines, including psychology, psycholinguistics, sociology, spirituality and philosophy.

I live in London, UK with my son (who is also blessed with the awesomeness that is hyphenated first names!).

You can find out more about my personal journey and what led me to becoming a coach here.

If you’re thinking about working together for 1:1 coaching, please start here.

Subscribe to PASSING THOUGHTS

You can subscribe to my podcast via your preferred streaming services at podcast.rbccmnq.com

Support the PASSING THOUGHTS podcast

If you find my content valuable, and would like to support my work, you can do so here via Ko-fi.

Get in touch

If you’d like to get in touch about the podcast, please do so here.

Disclaimer

This podcast is not coaching, nor a replacement for coaching with an accredited professional.

These episodes are published with the understanding that the Coach and the Business are not engaged in rendering psychological, financial, legal or other professional services to its listeners.

If expert assistance is needed, the service of a competent professional should be sought.

PASSING THOUGHTS

en-gbNovember 27, 2021

The Seven Training Laws

Sadie and Sausha dive into seven laws of training. Explain how they're intertwined and how you apply them to your own training.

Please follow, rate and review our podcast!

Follow us on Twitter, Instagram, TikTok, and Youtube.

Hosted by @meatheadsadie and @meatheadsausha

Show notes and more on our website: meatheadtestkitchen.com

A Hurrdat Media Production. Hurrdat Media is a digital media and commercial video production company based in Omaha, NE. Find more podcasts on the Hurrdat Media Network and learn more about our other services today on HurrdatMedia.com.

See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.