Logo
    Search

    Podcast Summary

    • Enforcing Security Measures Through Awareness Campaigns and Physical Penetration TestingSecurity measures can be improved through awareness campaigns and physical penetration testing. Limiting access to authorized personnel and testing security of other locations can help prevent security breaches.

      The JDLR campaign used in a mall to report suspicious activities, including sneaking or trespassing is an example of how awareness campaigns can be implemented to enforce security measures. Kyle's job as a member of the red team involves testing the security of buildings through physical penetration to identify potential vulnerabilities that may be exploited by criminals. Utility companies need to have secure networks that limit access only to authorized personnel due to the calamitous effects of a security breach. To gain access to headquarters, Kyle's objective is to test the security of other locations that might help him gain access to headquarters.

    • Gathering Information for Physical IntrusionBefore attempting a physical intrusion, gather information about the target company and its employees from platforms such as LinkedIn and Facebook. Learn about the location, dress to blend in, and be prepared for any situation.

      When planning a physical intrusion, gathering information about the target company and its employees is crucial. By checking LinkedIn and Facebook, one can get a list of names and roles, which can help in lying or dropping a name to enter the building. Also, checking Google Maps for information about the location, such as the door locations, fencing, and neighboring buildings, can be of great help. One should start with the small garage or warehouse buildings where the staff may not be too vigilant and easily escalate privileges. Furthermore, it is important to dress up and blend in with the surroundings and be mindful of lighting and other elements that may give you away. For physical intrusion, being well-prepared with information and planning is key.

    • The Importance of Proper Security Measures for CompaniesCompanies should prioritize the implementation of guarded entrances, functioning locking mechanisms, proper camera coverage, and strong firewalls to prevent unauthorized access and protect sensitive data and equipment. Penetration testing can also identify vulnerabilities.

      This story highlights the importance of proper security measures for companies, particularly those with sensitive data or equipment. Guarded entrances, functioning locking mechanisms, and proper camera coverage can prevent unauthorized access. Additionally, sensitive documents should be locked up at night to prevent theft. Penetration testing can also identify vulnerabilities in a company's security systems. However, in this case, the use of a dropbox - a portable, self-contained computer that can connect to a network - allowed unauthorized network access. It's important to have strong firewalls in place to prevent unauthorized access. Overall, this story emphasizes the need for companies to have strong security measures in place to protect their data and equipment.

    • Protecting Company Networks from Physical Access BreachesCompanies should use .1x or Knack authentication to slow down hackers and exhaust their resources. Simple measures, like minimizing physical access and securing valuable data, are key to preventing security breaches.

      Physical access to a company’s network can be detrimental to their security as it allows a skilled hacker to gain full administrator abilities within minutes. To prevent such infiltration, companies should consider enabling .1x or Knack authentication. While perfect security may not be achievable, slowing down hackers is crucial to exhausting their resources and potentially catching them in the act. Competitive intel may be the desirable item for a hacker but there is a lot of valuable information that is often lying around randomly in a company. Companies should be aware of the simple measures they can take to protect their valuable data.

    • Importance of Proper Security Measures and Cybersecurity Training in BusinessesCompanies must take necessary precautions to protect their physical assets and data. Employees should receive cybersecurity training to prevent unauthorized access to systems and data and avoid storing sensitive information on their mobile devices.

      Proper security measures, such as hiring guards or monitoring surveillance cameras, could have prevented the theft of trucks and other equipment. It is important for companies to take necessary precautions to protect not only their physical assets but also their valuable data. This incident also highlights the potential dangers of employees storing sensitive information on their mobile devices. This information can be easily accessed and sold to competitors or enemies of the state. Companies should train their employees on cybersecurity best practices, such as using strong passwords and enabling two-factor authentication, to prevent unauthorized access to their systems and data.

    • Sneaking into a building with passive reconnaissanceAttention to detail and passive reconnaissance can lead to gaining access to sensitive areas - highlighting the importance of security systems and personnel.

      The individuals planned to conduct reconnaissance on a building they wanted to gain access to. They did passive reconnaissance for preparation, such as looking on social media, and checking Google maps. They went to the building during the day to observe the area before sneaking in at night. In order to avoid detection, they dressed like homeless people. They managed to sneak into the building, and eventually found an open door which led them right into the office building. Passive reconnaissance and attention to detail can enable individuals to gain access to sensitive areas, but also highlights the importance of security systems and personnel.

    • The Art of Bypassing Security MeasuresBypassing security measures requires careful planning and reconnaissance, with passive reconnaissance and directory search being crucial for successful break-ins. Exploiting vulnerabilities and staying low is important, but considering the legal and moral consequences is paramount. Always seek legal permission before attempting any cybersecurity penetration.

      Bypassing security measures requires strategic planning and reconnaissance. Passive reconnaissance and directory search are vital to successfully execute break-ins. Certain areas can provide keys to enter restricted zones. By exploiting vulnerabilities like key placement, hackers may gain unauthorized access to sensitive information. Additionally, staying low and out of sight is crucial to avoid detection. Hiding in places like bathrooms can provide a good opportunity for planning. However, hacking into systems comes with legal and moral consequences that can harm others and ruin careers. It's important to consider these risks and seek legal permission before attempting any sort of cybersecurity penetration.

    • Importance of Secure Server Room for Utility CompaniesA secure server room for utility companies should have a locked door, security cameras, and extended walls to prevent access through the ceiling. Regular security tests should also be performed to identify potential vulnerabilities.

      The server room of a headquarters of a utility company should be a very secure room. Thus, it should have a security camera monitoring the outside/inside of the door and inside the server room and a very securely locked door that should be logged when it's opened or closed. Constructing the server room should extend the walls up into the drop ceiling to stop the people from going through the ceiling. As a pen tester, they left the dropbox in the secured server room and then attacked the network from that dropbox. Also, they tried to see what other findings they could generate from the site, such as common mistakes like are shred bins unlocked.

    • Importance of Physical Security and Social Engineering in Breaching itPhysical security can be breached through social engineering tactics such as posing as an employee or taking advantage of unlocked areas. Proper precautions are necessary to avoid getting caught, even while celebrating success. Small offices may have better physical security, and industrial-grade locks can make entering challenging.

      Physical security is as important as digital security. Social engineering plays a significant role in breaching physical security. Taking advantage of unlocked or unsecured areas, dressing up as employees, and walking out freely can provide access to restricted areas. Reconnaissance plays a significant role in analyzing the target and the location before attempting to enter. The team's success may lead to overconfidence that can subsequently increase the chances of getting caught. Adequate precautions must be taken while celebrating success, such as not leaving behind evidence. Small offices can have better physical security than large ones, and the front door may remain open to allow overnight staff. An industrial-grade lock can make entering the building challenging.

    • Picking a Lock - A Slow and Difficult ProcessPicking a lock requires patience, focus, and the right tools. It can be stressful and may take hundreds of attempts, but success can lead to valuable information. Prepare with the necessary tools for the mission.

      Picking a lock is a slow and difficult process involving two basic tools, a rake and a tension bar. It can take hundreds or thousands of attempts to successfully open a tough lock. Additionally, it's easy to twist the lock in the wrong direction, reducing your chances of success. The process is stressful and requires a lot of patience and focus. However, when successful, it can lead to valuable information like in this case where the team found a badge cloner. It's also important to be prepared with the right tools, like Kyle's dropbox, pick locks, and badge cloner, when going on a mission like this.

    • Essentials and Strategy for Penetration TestingPenetration testing requires careful planning and essential tools, including spare phones, network taps, and multiple methods of persistence. Proper reconnaissance and attention to potential backdoors or entrances are critical to avoid being caught and ensure success.

      When conducting a penetration testing, it is important to have general essentials, such as standard tools, network taps and multiple methods of persistence. A spare phone with service is essential as it can be used for hotspot and calling oneself in case of emergency. Cloned badges, spare antennas and spare working phones are also essential. Reconnaissance is a key part of penetration testing, and the case study showed the importance of careful recon against the target building. The professionals always look for potential backdoors or entrances to avoid being burned. It is important to have a plan and be careful when conducting a break-in as the process can be challenging based on the size and complexity of the target building.

    • Importance of Secure Back Doors and Seemingly Unimportant Details in Security.Back doors are as important as front doors and should have equal security measures. Authentication is crucial for network ports. Utilize seemingly unimportant details to strengthen security. Challenge and test security regularly to identify potential breaches.

      Back doors should have as much security as front doors because bad guys use the back door as if it is the front door. Network ports should require authentication to prevent unauthorized access. Make use of seemingly unimportant details, like access to company letterhead or envelopes when stuck in a paper room. It can be useful to have a handwritten letter on company letterhead than have nothing at all. The pen tester successfully breached and compromised the network of the headquarters building without being detected. It's important to challenge security and test the building further to see what else can be done.

    • The Importance of Backup Plans and Contingency Measures in Breaking into a BuildingIt's crucial to have backup plans and contingency measures when attempting to break into a building to ensure success and avoid legal consequences. Understanding and following security protocols is also critical.

      Breaking into a building requires careful planning and execution. The trio's lack of proper parking options and the security guard's suspicion nearly derailed their mission. However, luck and quick thinking saved them as one member had a cloned badge that they used to gain entry while the others tried their luck with blank badges. This highlights the importance of having backup plans and contingency measures in case anything goes wrong during a mission. It also emphasizes the need to fully understand and adhere to security protocols to avoid getting caught and potentially facing legal consequences.

    • How RFID Badge Readers Can be Easily FooledBe cautious when relying on RFID badge readers for security as they can be easily fooled. Don't underestimate the importance of checking logs and keeping a guard up. Furthermore, social networks can be useful tools in testing security measures.

      RFID badge readers can be fooled easily. It is not the beep but the click sound that indicates successful badge scanning. A get-out-of-jail-free letter can save one's life when caught in such a situation. Kyle, the protagonist, was able to successfully execute his plan of testing the security of the company because he had this letter. However, this does not mean that anyone can do this. Keeping a guard up while scanning through the logs is crucial, and one should not take this task lightly. Kyle's smooth entry into the building can be attributed to the fact that he relied heavily on his social network and used it to his advantage.

    • Demonstration of Vulnerabilities in Corporate Systems can Facilitate Budget Approvals for Security MeasuresDemonstrating vulnerabilities in corporate security systems can be an effective method for obtaining budget approval for security improvements. However, revealing the 'get out of jail free' card should only be a last resort, as it burns the cover and may be dangerous.

      Demonstrating vulnerabilities in corporate security systems can help get budget approvals to improve security measures. Kyle and his team successfully demonstrated vulnerabilities to the executives and were able to get budgets approved for improving security measures. The team had a great time while doing their job and also provided beneficial information to the company. However, revealing the get out of jail free card should only be the last option, as it burns the cover. The situation Kyle faced was pretty wild, but they were able to escape without much damage. Sneaking into places is not a new thing, but demonstrating vulnerabilities as a part of the job can be fascinating and can help secure companies.

    Recent Episodes from Darknet Diaries

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    144: Rachel

    144: Rachel
    Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    143: Jim Hates Scams

    143: Jim Hates Scams
    Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    142: Axact

    142: Axact
    Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    141: The Pig Butcher

    141: The Pig Butcher
    The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    139: D3f4ult

    139: D3f4ult
    This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

    138: The Mimics of Punjab

    138: The Mimics of Punjab
    This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    137: Predator

    137: Predator
    A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    59: The Courthouse

    59: The Courthouse
    In this episode we hear from Gary and Justin. Two seasoned penetration testers who tell us a story about the time when they tried to break into a courthouse but it went all wrong. Sponsors This episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources https://arstechnica.com/information-technology/2019/11/how-a-turf-war-and-a-botched-contract-landed-2-pentesters-in-iowa-jail/ https://krebsonsecurity.com/2020/01/iowa-prosecutors-drop-charges-against-men-hired-to-test-their-security/ https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-CEO-Tom-McAndrew-statement https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/10/iowa-supreme-court-justice-cady-policies-courthouse-break-ins-senate-polk-dallas-burglary-ia-cyber/3930656002/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/09/19/iowa-state-senator-calls-oversight-committee-investigate-courthouse-break-ins-crime-polk-dallas/2374576001/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/28/iowa-courthouse-break-ins-men-security-firm-plead-not-guilty-trespassing/2488314001/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/30/courthouse-break-in-ceo-cyber-security-coalfire-charges-dropped/4097354002/ https://www.desmoinesregister.com/story/news/crime-and-courts/2020/01/30/courthouse-break-ins-charges-dropped-against-coalfire-employees/4611574002/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

    67: The Big House

    67: The Big House
    John Strand is a penetration tester. He’s paid to break into computer networks and buildings to test their security. In this episode we listen to stories he has from doing this type of work. Thanks to John Strand for coming on the show and telling your story. Sponsors Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. Visit LastPass.com/Darknet to start your 14 day free trial. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources How a Hacker’s Mom Broke Into a Prison—and the Warden’s Computer Video: How not to suck at pen testing John Strand Video: I Had My Mom Break Into Prison Learn more about your ad choices. Visit podcastchoices.com/adchoices

    🔴 December 14's Top Cyber News NOW! - Ep 515

    🔴 December 14's Top Cyber News NOW! - Ep 515

    The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.

    Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance 
    https://barricadecyber.com.

    Build an evidence-based, data-driven cyber security program with Panoptcy's Quantified Risk Assessments!
    https://panoptcy.com/

    Check out John Strand's Pay What You Can Antisyphon Training: 
    https://simplycyber.hopp.to/antisyphontraining

    Gerald’s practical skills course with no prerequisites - GRC Analyst Master Class - https://simplycyber.teachable.com

    💥Get 30% off ITPro from ACI Learning with coupon code “SIMPLYCYBER30” for Binge-worthy cybersecurity education! https://go.itpro.tv/simplycyber

    Join the Simply Cyber Discord  https://SimplyCyber.io/Discord

    Podcast in stream is from https://cisoseries.com.

    🔴 December 27's Top Cyber News NOW! - Ep 523

    🔴 December 27's Top Cyber News NOW! - Ep 523

    The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.

    Check out Barricade Cyber if you need an incident response, ransomware protection, or business recovery assistance 
    https://barricadecyber.com.

    Build an evidence-based, data-driven cyber security program with Panoptcy's Quantified Risk Assessments!
    https://panoptcy.com/

    Check out John Strand's Pay What You Can Antisyphon Training: 
    https://simplycyber.hopp.to/antisyphontraining

    https://simplycyber.hopp.to/antisyphontraining
    ADCD: https://bit.ly/ADCD-JohnStrand
    SOC Core Skills. https://bit.ly/SOCCoreSkills-JohnStrand

    Gerald’s practical skills course with no prerequisites - GRC Analyst Master Class - https://simplycyber.teachable.com

    💥Get 30% off ITPro from ACI Learning with coupon code “SIMPLYCYBER30” for Binge-worthy cybersecurity education! https://go.itpro.tv/simplycyber

    Join the Simply Cyber Discord  https://SimplyCyber.io/Discord

    Podcast in stream is from https://cisoseries.com.

    🔴 June 5's Top Cyber News NOW! - Ep 380

    🔴 June 5's Top Cyber News NOW! - Ep 380

    The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.

    Check out Barricade Cyber if you need incident response, ransomware protection, or business recovery assistance
    https://barricadecyber.com.

    Build an evidence-based and data-driven cyber security program with Panoptcy's Quantified Risk Assessments!
    https://panoptcy.com/

    Gerald’s practical skills course with no prerequisites - GRC Analyst Master Class - https://simplycyber.teachable.com

    💥Get 30% off ITPro from ACI Learning with coupon code “SIMPLYCYBER30” Binge-worthy cybersecurity education ! https://go.itpro.tv/simplycyber

    Join the Simply Cyber Discord  https://SimplyCyber.io/Discord

    Podcast in stream is from cisoseries.com.