Episode
Ep 42: Mini-Stories: Vol 2
57:15
Published: Tue Jul 09 2019
Description
Three stories in one episode. Listen in on one of Dave Kennedy's penetration tests he conducted where he got caught trying to gain entry into a datacenter. Listen to a network security engineer talk about the unexpected visitor found in his network and what he did about it. And listen to Dan Tentler talk about a wild and crazy engagement he did for a client. Guests A very special thanks to Dave Kennedy. Learn more about his company at trustedsec.com. Thank you Clay for sharing your story. Check out the WOPR Summit. Viss also brought an amazing story to share. Thank you too. Learn more about him at Phobos.io. I first heard Clay's story on the Getting Into Infosec Podcast. Thanks Ayman for finding him and bring that story to my attention. Sponsors This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools. For more show notes and links check out darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Chapters
The speaker shares their experience of setting up a file sharing website on a Raspberry Pi with advanced security measures such as an isolated network, firewall, intrusion detection system, and logging.
00:00 - 01:55 (01:55)
Summary
The speaker shares their experience of setting up a file sharing website on a Raspberry Pi with advanced security measures such as an isolated network, firewall, intrusion detection system, and logging.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
While considering joining the military, a man encounters four Marines who appear unhappy.
01:55 - 06:46 (04:50)
Summary
While considering joining the military, a man encounters four Marines who appear unhappy. This causes him to question his decision and ultimately leads him down a different career path as the VP of security for a Fortune 1000 company.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
The speaker describes sneaking into a store while pretending to be a regular customer and staying in the back for 20-30 minutes.
06:46 - 10:44 (03:58)
Summary
The speaker describes sneaking into a store while pretending to be a regular customer and staying in the back for 20-30 minutes.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
The speaker and his team attempted to gain access to a data center by following someone else in, but were denied and settled for using a conference room instead.
10:44 - 15:56 (05:12)
Summary
The speaker and his team attempted to gain access to a data center by following someone else in, but were denied and settled for using a conference room instead.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
An IT security professional describes the various layers of security he encountered in a high-security data center, emphasizing the importance of improving data protection for customers through testing and constructive feedback.
15:56 - 20:43 (04:46)
Summary
An IT security professional describes the various layers of security he encountered in a high-security data center, emphasizing the importance of improving data protection for customers through testing and constructive feedback. He also mentions the unsettling practice of creating counterfeit badges with a handheld printer to gain unauthorized access.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
IT worker, Clay, discusses the challenges of dealing with students installing bitcoin miners on university computers which consume a lot of processing power and cause issues for system administrators.
20:43 - 25:21 (04:38)
Summary
IT worker, Clay, discusses the challenges of dealing with students installing bitcoin miners on university computers which consume a lot of processing power and cause issues for system administrators.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
Learn about open ports, network security devices that inspect packets, and bash history investigation.
25:21 - 28:59 (03:37)
Summary
Learn about open ports, network security devices that inspect packets, and bash history investigation.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
This transcript discusses the risks of allowing anyone to log in as root, particularly when it comes to security.
28:59 - 33:55 (04:56)
Summary
This transcript discusses the risks of allowing anyone to log in as root, particularly when it comes to security. The dangers of having unknown users logged in as root are highlighted.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
The speaker describes a situation where they need to take down a database, change passwords, and look for evidence of any potential security breaches or back doors.
33:55 - 38:33 (04:37)
Summary
The speaker describes a situation where they need to take down a database, change passwords, and look for evidence of any potential security breaches or back doors.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
Neglecting security measures such as cleaning up logs and history or having proper audit readiness can result in a devastating cyberattack.
38:35 - 44:17 (05:41)
Summary
Neglecting security measures such as cleaning up logs and history or having proper audit readiness can result in a devastating cyberattack. The consequences of which lead to a cycle of blaming and firing employees, hiring new ones, and repeating the same negligent behavior.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
A company's employees are nervous about being surveilled by their IT coworker who has a creepy reputation and they fear he's accessing their personal data.
44:17 - 48:06 (03:49)
Summary
A company's employees are nervous about being surveilled by their IT coworker who has a creepy reputation and they fear he's accessing their personal data. The company is now trying to find ways to dismiss him.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
An IT guy took his company's hosting and on-premise equipment to his garage for hosting and claimed his mortgage and utilities as business expenses.
48:06 - 56:07 (08:01)
Summary
An IT guy took his company's hosting and on-premise equipment to his garage for hosting and claimed his mortgage and utilities as business expenses. The FBI discovered his actions and the investigation uncovered many other problems in the company.
EpisodeEp 42: Mini-Stories: Vol 2
PodcastDarknet Diaries
A tale of incompetence, malfeasance and an expensive lesson in trust.
56:07 - 57:31 (01:23)
Summary
A tale of incompetence, malfeasance and an expensive lesson in trust. Dave Kennedy shares a story that shows how risky it can be giving high-level access to a single individual who has the keys to the Castle.