Ep 42: Mini-Stories: Vol 2

Darknet Diaries

Jack Rhysider

True Crime, Technology

4.9 • 8.6K Ratings

🗓️ 9 July 2019

⏱️ 58 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Three stories in one episode. Listen in on one of Dave Kennedy's penetration tests he conducted where he got caught trying to gain entry into a datacenter. Listen to a network security engineer talk about the unexpected visitor found in his network and what he did about it. And listen to Dan Tentler talk about a wild and crazy engagement he did for a client. Guests A very special thanks to Dave Kennedy. Learn more about his company at trustedsec.com. Thank you Clay for sharing your story. Check out the WOPR Summit. Viss also brought an amazing story to share. Thank you too. Learn more about him at Phobos.io. I first heard Clay's story on the Getting Into Infosec Podcast. Thanks Ayman for finding him and bring that story to my attention. Sponsors This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools. For more show notes and links check out darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	Hey, it's Jack, host of the show.
0:04.4	A long time ago I set up a file sharing website at home.
0:07.4	On a Raspberry Pi, I set it up to make it easy to transfer files between me and anyone
0:11.7	I needed to send files to.
0:13.2	It was a simple website.
0:14.6	Drag and drop the file onto the webpage and boom, it's hosted on my website for like
0:18.9	a week and then it gets deleted.
0:20.8	I knew it wasn't secure, so I would never post it anything that was sensitive to it.
0:25.0	But I also took this opportunity to see if I could detect anyone trying to hack into
0:29.4	the thing.
0:30.4	I set up all my best sensors I had at home, a firewall and intrusion detection system,
0:34.6	full packet captures using security onion, I turned on tons of logging and watched.
0:39.4	But nothing happened.
0:41.4	Nobody knew my site existed to even think about trying to exploit it.
0:44.4	Oh well, yeah, I forgot about that little website for years.
0:47.8	But last week, I went to check on it and there was a suspicious file uploaded, not by
0:53.6	me.
0:54.6	I checked into it and whoa, someone uploaded an exploit and gained access to my
0:59.3	Raspberry Pi.
1:00.3	A hacker was in my house.
1:02.3	Okay, geez, quick, what do you do?
1:05.4	And perhaps some people would feel freaked out, violated or get anxiety because it's scary
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Jack Rhysider, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Jack Rhysider and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.