Keynote - Jayson E Street

Okay. Hello everyone. How y'all doing? Um, my name is Jason. It's like uh I uh usually when I go internationally, it's like uh except for when I come to to England, I always say it's like, you know, you got to be I I got to apologize. I'm from America, so I only speak one language. Uh I'm from uh Texas, so I don't speak it very well. Uh and it's like I only speak English. But then I was in London about two weeks ago and I was informed that I do not speak English. I speak American. So, uh hopefully I'll still be able to understand me. Uh but don't worry, I make up for my lack of uh lingual skills

by speaking very fast and very loud. So, I heard that helps. Um and so, yeah. And once again, I left Texas to escape the heat. People, what are y'all doing here? I mean, I would say I wouldn't make a big tie raid about climate change, but I'm from America where it's against the law for us to do that or acknowledge it. But still, it's way too effing hot. Sheesh. Okay. Um, this is my u legal disclaimer. Uh, but usually in these talks where I talk about like, you know, if I say something really horrible, really bad, or how I robbed someone to remember the kittens. This talk this year that I'm doing is a little bit

different. You only get the a bridged version because I only got 30 minutes. I'm going to go long. So sorry for destroying your schedule. Uh but uh see I already know that's going to happen. Uh but um but this is not that kind of legal disclaimer. This is when I talk about things and I usually like to have a an equal discourse with people. We can respectfully agree to disagree. When I give this talk and you disagree with something that I'm saying, that means you're a horrible person. I don't effing care. Okay? That's my disclaimer. It's like for this one and I'm I'm 100% serious. It's like because if it empathy and compassion is controversial, you

suck. Uh and that's all there is to it. So that's what that is. Uh let's get on. It's the Oh, that's what I changed to talk to. It's like uh I always change my titles the last minute because I I get a random thought. Uh no zero days. All hero the imposters guide the hacking. Uh and then who I am it doesn't really matter cuz I it's literally the whole point. Um, this is a question I ask myself a lot too. It's like, how can a poser like me still manage to successfully secure Rob Banks Enterprises on five continents for over 25 years? Yes, I'm old. And be so bad at Ker Linux, Metafloid, hack my

scripts, and programming. >> How it's just it boggles my mind. I tried to learn Python with the No Starts Press book of learning Python with Minecraft with my 12-year-old. The only thing I learned is I suck at Python and Minecraft. Okay, so thanks for that. It's like cuz my 12-year-old didn't need to look down on me any further, but there you go. It's like I appreciate that. No, Sarge. Um, and I love these comments here cuz who doesn't love the comments? Oh, I told be careful about the camera because but don't worry, I won't I won't be too difficult at all because I'm not like that. Um but so um I love this statement. I feel like Jason Street is a

fraud who's about to be exposed for being too noob to do assets. Just a hunch now. What are you? If you guys are figuring that out now that I'm a fraud, you have not been paying attention. People mostly every single one of my talks is about how this stuff is so easy. One of my taglines, this stuff is so easy I can do it. What part of easy do you not understand? It's like so I just I love that one. Just bless his heart. Um and also your work experience is pathetic and you're one heck of a con man. Thank you. I do social engineering. I am a con man. That's my job. It's like it's like and then then he

goes on to go bro you have a fake fraud and BSer your Lindsay shows nothing but fake companies created out of thin air and I know what it looks like to see someone barely able to keep up with today's world. Retire you effing dinosaur. First of all, dinosaurs are awesome. Okay, except for their inevitable betrayal which is horrible. It's like what really gets me is this. It's like your company's credit all the companies. I can't help it that I work for a company called True Sec or Pony Express and that these guys were silly enough to let me create my titles thinking I was going to be an adult. So at True Sec, I was chief chaos officer.

Pony Express, I was the infosc ranger and my current title is chief adversarial officer. Screw you. It's awesome. Okay. And it's like it's always just it really gets me and also and just not to be political. But I love the fact that this is a a Russian that's talking about this and I know for a fact that Russians are a little upset with me and that's okay. And I want to make it perfectly clear. It's like that I have friends in Russia that are like suffering right now because they're protesting uh the illegal invasion of Ukraine. No one got upset when I protested the illegal invasion of Iraq that America did. It's like I'm not upset with Russia. I'm

upset with Putin. That's who I'm going after. It's like Ukraine. It's like that's the whole point. We have to stand up when something's wrong. We have to say >> it's like so exactly the whole point. We need to do that. So, let's go and start looking at some of these fake hack things that I do. >> You know, one, I take an OMG cable that I bought off the internet because, you know, like any respectable hacker will do. Um, this data blocker, OMG, these three cables, and I have these, and if you're willing, I can I can plug it into your computer and show you just I'm not hacking you, but I can show you the

payload. It's a simple open that opens up a script. Um, and this is the whole point. So, I take the LMG cable, then I take my hearing aids. The only time I use these hearing aids, I I when I'm wearing my AirPod Pros, I'm not trying to drown you out most of the time. Um, it's like they're in hearing aid mode because those are my actual day-to-day hearing aids. I only use these hearing aids when I rob people. Asking my hearing aids. I'll be in a suit looking all professional and I'm like, can I charge the hearing aids on your computer because the power on the wall is powerful? What monster is not going to

let me charge my hearing aids? I plug it in and then it's game over. You're compromised. All right. So, all I do is just plug this in and it will attack my computer. Just plug it in. Oh. All right. Let's see what happens. >> No one's touching the keyboard. Nothing up our swing. What? You just opened something. Oh man, it's like typing all this stuff on here. If I charge those hearing aids, you can take the data from my computer. >> I can take all the data from your computer. I can take your identity. I will have all your stored passwords. I will have all your surfing history and while you're still on the machine, I can

still control it without you even realizing. I can find the information just found your social medias to like be able to call the bank, give them the password reset questions that you probably have. >> We'll see that later. >> Change the story and make them actually reset password. I've done that over the phone. >> So basically, you can ruin someone's life because they decided to plug in a single charge. I can ruin someone's life. I can destroy a company based off these kind of attacks. >> That's from a show on YouTube. was like the guy is a little weird, but you know, it was like whatever. It it it got some information out there to people. So,

that's an attack. Um, I get shell with that. Does that make But am I still a hacker? Cuz I didn't do anything except for buy a cable and utilize something that's not normally used one way. I looked at what everybody said. This is what this is supposed to be and I did something different with it. Let's go to the next one. I got a drone. I got a phone a friend and bad pilot. Okay, I'm not lying about the bad pilot. I'm not the greatest pilot. It's like, so what I do is I was like, you hear all these stories about hacking with drones, you know, hacking with drones. I'm like, that's cool. I want to hack with drones. And then I saw

what they all meant by hacking with drones. I was like, oh, maybe, maybe not. It's like uh but I have a a a DJI Mini 2 uh that's been hacked. It literally has been hacked, but it's only so it disregards no fly zone so I can fly it everywhere. It's like I got some I literally I haven't posted it yet because I need to get back out of England again cuz I know it's coming back. But I have a great video Parliament and Big Banner stuff that I took right across the Tims. It's like awesome. It's like so uh but oh wait crap I forgot to do the feds fed here. Okay, hypothetically that could have

happened. So I was like, so I like to like and I did it very safely. When I break the law, I do it responsibly. I just drew straight up and I just do circles to get a good video and I'll bring it back down. Um, so I was like, what could how could I hack with drones? And then I had an idea. Why not just use curiosity? Security guards are hardly trained for anything except for security incidents, right? So, my thing is I talked to my friend Phipe Kate, one of the best hackers you don't know. Nicest, scariest hacker I've ever met. He tapped Fiverr between two banks just to show that he could because

they said it wasn't possible. Okay, he's awesome. And no one knows who he is and why. Uh, which is a trap. So, I asked him to create a program for me. It's a small little malware package. It's got a movie DJI 001 something something something somethingOV and that's on the micro SD card of my drone and there's also a DLCX file which you know has got to be totally harmless is from Microsoft and it's like and it says and it's title pilot information and drone registration number as the title of it legit and it's like and those are the only two things on the micro SD card and then I fly my drone into the front door of a building

or to a guard booth between 7:30 and 8:30 p.m. at night. And on one of the engagements, you know what happened? Security guard finds a drone crash into the the door of the lobby. This is us. This I got to go figure out what's going on. So, it's like it goes and and as a good security aware person, it's like, oh, I'm going to find out who this person is rascal is. I'm going to get him. They use a USBC cable that they Oh, it's got USB. Let me plug that in to our security computer with all the access controls and everything in it. Hey, let me check to see. Oh, there's two files. Move it. Where did he come? Where did he

start? I bet you it shows where he came. Let me click on that one. And all of a sudden, Rick Ashley shows up and Rick rolls you because that's the best security ever been. Uh, and then when you close the Rick Castle video, uh, you get that box right there. Then you have been pawned because you know I'm leaked. Uh, it's like, so does that make me a hacker? I didn't program anything, but I figured out how to take something that not everybody thinks is one way and I did something else with it. It's like, so here's another one I used. Two years ago, I never would have tried on my best day to do

visioning calling people. I'm on the spectrum. So, when I'm robbing you, I have to do it face to face because I got to be able to see your body expression, your facial language. I've never been able to do it very well over the phone because I'm tonedeaf. Uh and it's like and I can't pick up on what is actually going. So, it's really bad. But I've had to start learning and so I can start doing better and doing better and doing better and uh so but what I do though is I take a a number a place a PBX application that's not mine it's companies and it's like I can call like I'm coming from an internal number you

know it's actually coming from within the house and it's like and then I take YouTube because YouTube has got plenty of not just videos pounds. Work office is like different kinds of offices nightclubs dinners parties babies crying, baby screaming. Who recorded 3 hours of babies screaming, "You horrible monster." Okay, but they've got all this and it's like, and they do all this and it's like, and so I've got this little background. Well, on one of these calls, you're going to hear me using the hospital sounds, you know, the That's the second one. But first, let's go to the first one. And and and hear how I I use uh visioning to call people and attack them.

Back to the cat. [Music] >> He's telling me what their default password is for. >> You don't have you don't have access to your email, right? >> Uh not right now. Not this. I mean, the doctor said that the chemo was going to mess with my memory, but I just didn't know it was going to be this bad. >> Remember the case? >> I apologize about that. I'm sure we can get this out for you. >> I I do appreciate it. Thank you. >> No problem. Anything else I can do for you? That's all I need. I'm not appropriating. I've had cancer before, okay? So, don't judge me. I saw some of those looks. Okay. Now, here's

the next one. I always make sure and this is where I differ from a lot of the red teamers. Uh besides I don't have toxic masculinity. It's like but one of the other reasons that I differ is I believe in education not exploitation. Okay. I believe making an educ show I guarantee my client during the engagement that I will get caught. That's part of my assignment is to make sure I get caught. And so on this vision exercise, they were like, "Well, we don't want you to be too successful, so we're going to give you this last one like to make sure you do get caught and like it'll work out." Okay, so what's the uh what's so different about this

person? Uh we want you to u try to break into this woman's account as her. I'm like, interesting. It's like, but uh but what I did was I realized that she was employed at the company that her husband owns. So, I decided the guy is like 40 years old. So, I aged him by 40 years and the scenario is uh I was at my son-in-law freaking son-in-law didn't de ice the stairs. This was during the holidays and I didn't deise the stairs and she fell down the stairs and broke her hip. It's like this man is always ruining the holidays. He burned the turkey one time at Thanksgiving. What are you going to do about that? And it's like so um it

was you're listening to only part of a 40inut conversation. I'm giving her an account or two to make her feel, you know, like she's working and pulling her own and stuff. I know it's that that nepotism stuff, but it's like it's not a bad thing. I'm working with security on this to see what we can do at least for your wife's account. That being said, I still want you to try and log into VMware and see if you can find that file anywhere in the share drive. >> But in the S drive, you would have access. >> All right. Where is the the VMware? Is it a do you see a green and white cloud icon on there?

>> The The cloud's blue is because the one drive not that we want VMware Horizon. Is there a search bar that you can see anywhere where you can type in VMware Horizon? >> Um the search bar where is that is that on like on the browser like Google? You want me to Google it? >> No. So, on the very bottom of the screen, there should be like a box that has like a magnifying glass on it. Do you happen to see that? >> Oh, yeah. The the magnifying glass. I see that. >> Yep. Click on that. And I want you to type in VMware in that. VMware. Okay. Open that up. It's not showing me a website. I could

have done that in the Google. So, we don't want the Google. We want the actual VMware. It should be a green and white cloud icon. If you don't see that, >> no. >> So, let's take a moment. The MVP, the real celebration of this whole talk was him. He was amazing. 40 minutes, never lost patience, was professional, courteous empathetic and did not deviate from security policy. And if you're not celebrating the successes of your clients when they do the right thing, you suck. because that's what it's about. Red teaming is not breaking and finding vulnerabilities. That's not your job. Your job is to validate your client's security, find where areas they can improve and report it in a way that they

management actually makes viable changes based on what you found. That's the job. It's not about the breaking and the like breaking and punching people in faces. They got plans. Why do we lose sight of that? The only reason the red team exists is to make the blue team better. I love it when the blue team does the right thing. This guy was amazing. I was dump. I was like annoying AF. It's like, trust me, 40 minutes. That's right. So, that was awesome. Uh, where was the hacking? Have a conversation at YouTube. Could it be that hacking doesn't require a hoodie? It doesn't require being a programmer. It doesn't require being a guy. It doesn't require being in a certain

package or a certain shade or a certain stereotype. What the How did that happen? Maybe, just maybe, it's because hacking has nothing and has never ever had anything to do with computers. When did we get so misguided and lost and thought hacking was about computing? Tesla hacked with lightning. He lit 25 light bulbs from 24 kilometers away using the conductive power and force of the earth. How is that not happening? Leonardo da Vinci created an armored car in scuba gear during the Renaissance. Ibraim, a Muslim scientist in what is now Spain, literally flew for 10 minutes. He didn't just fall with style. I mean, he did break his back on the landing cuz landings are hard. Okay, give it a

break. 300 years before Dainci devised the flying machine. That's hacking. Kinko's fascination with their partition. This lady helped create MR mRNA vaccines. May have heard of them recently in the last 5 years. 10 years ago. No way. No one believed that she she was going to be able to work on it. No one believed she was going to be able to do it. They gave her a lab in the basement to forget about her until she came up with the discoveries and stuff. And then she got to get a male scientist, you know, to help mansplain everything to them. So they actually would take it seriously. It's like and then that's when they took it seriously and started with the mRNA

vaccines. She hacked that code in uh America while American soldiers were coming back and the European American ones were getting cars and customizing them and turning them into hot rods. The Latin American ones were going like, "Yeah, that's all good, but can we make them go low and slow?" And so they started hacking the cars to create low riders and to create high drops. these things the I don't know why a car needs to bounce that much but it's cool. Okay. It's like and they got like all the lights. I mean my my motorcycle is like glows like it's like something out of you know freaking cyber punk. It's like so I love the glowies. They they

invented that. They hacked the vehicles. Old school car hacking not the you know the other kind of car hacking. And then in space the when the oxygen tank is put on Apollo 13, they literally used duct tape, a sock, and other pieces they found in the ship to come back alive. Okay, if you're using a sock in space to save your life, how could that not be a little hack? So maybe, just maybe, hacking has nothing to do with the computer, but it's how Oh, that's going to be way faster. She just gave me the five minute mark like, "Oh, yeah. I'm sorry." So maybe, just maybe, hacking has nothing to do with computers, but how we see the

world. We were all born hackers. Every single person that you've ever met was born a hacker. Look at a three-year-old. What is their main defining characteristic? Why? Why? Why is he doing that? Why is he doing that? It's like that guy the the fish the birds from Finding Nemo. Why? Why? Why? Why? It's like, why is this guy like that? Why do he looks like that? Why can't we go that way? Why are we doing this? It's like can't we do I want to go and look at that. That's a castle there. I want to climb up there. Can we go and find a way to climb up there? The inquisitiveness, the imagination, and the innovation of a three-year-old.

If that doesn't get destroyed in you through your peers and your uh institutionalized schooling and your family by the time you're in your 20s, congratulations. You made it to be a hacker. because that's basically all it is is retaining that three-year-old sense of curiosity and innovation. That's hacking. So, never ever allow some mother to come up to you at a conference and ask you why you're here. I'm a hacker of why are you here? Cuz that's why we're here. We all qualify. you're here, that means you're a hacker. You're watching this on YouTube, you're a hacker. And also, and I have to be perfectly clear with this, okay? Having an audience doesn't equal having talent.

I do not belong on a pedestal. I love jumping out of perfectly working good airplanes. It's a great ride. Okay. Well, or fall. But scale, the biggest heights I've ever been afraid of is the one on a pedestal because I guarantee you I'm going to fall. You look at social media and you see people like me living this life. That is so made up. My personal life is in shambles right now. You do not want to look at that. >> Okay. But you come and I hear everybody say and I hear so many times I hear people say oh man I wish I can have your life and I was like you'd have to survive the first 25 years of it. It's

like you know and when I say survived the first 25 years I survived my first murder since when I was 10 second one around 16 or 17. So like yeah you had to survive it. Okay only the tough got out of that house. So that's the key thing. You don't know what the backstories are that you're seeing online. Just because this person is on stage doesn't mean they know everything. It doesn't mean they have an answer for them. It doesn't mean you're supposed to be or like want to be like them. I always tell them, don't be like me. Be better cuz you're not trying to compare yourself to another hacker or another research. cuz I guarantee you're only

racing you from yesterday. That is the only person you need to impress is the the person you were yesterday. So stop this whole thing about like you know rock stars and like oh this person like no every single one of y'all should be on this stage after me. And it gets so irritating when you're not cuz every one of you have knowledge to share. And I don't want to hear like well I' I I do a lot with INAP but it's like you know there had so many inmap talks and like we've all I've seen a whole bunch of maps. So may give great INMAT talks since he created it, but I guarantee you it's

like those aren't the best videos out there on learning inmat. No offense to feudal. He's a great guy, but no. And it's like you need to understand you can look at my talks, get inspired by it, and do a talk almost exactly like I saw this once at a conference and the guy like is he giving your talk? I'm like, "No, it was inspired by myself and he's doing one and he is going to resonate with audience members that I never would have connected with." And that's the point. You don't know about how you bring it and your perspective that you bring to a subject will help affect and educate others where I wouldn't have been able to reach them or

another speaker on the same topic wouldn't have been able to reach them. So the biggest gatekeeper you're dealing with is you because honestly once again that's the only one that matters. Hacker screw the gate jump the fence go. It's like Neil there is no spoon. There is no gate. Okay so don't gatekeep yourself thinking that it's like oh I can't do this or I can't do that. Yes you can. That's what these B sides are about. And also remember um it's about opportunity. People stop acting like we're special. I have been blessed with a lot of opportunities. But I guarantee you that there are freaking scientists that could cure cancer that could actually find solutions for

renewable energy. and we're never going to hear it because they're stripping boats off the coast of Africa or they're working in a farm outside of Mumbai and the only reason is because they weren't given the opportunity. That's it. You got lucky. You won the geographical geopolitical lottery and you got in a place where you could actually thrive and you could deal and you could become into the situation where you can get into this community. But don't think that there's not 200,000 people that didn't get that opportunity that are just as qualified. And some of them might be out here working. It's like as a janitor. I was a janitor for two years at McDonald's. It's on my website on my bio because I'm

nothing proud of it. Two years in a row, we got cleanest restaurant in the southeast Texas region because look, I was an awesome janitor. I didn't want to be a janitor all my life. If you're going to do something, you do it right. And so I took pride in that cuz there's nothing wrong with it. Until I got opportunities to do something different. And when you get those opportunities, make it matter. two amazing hackers who are no longer with us. One Kaminski who died naturally through natural causes is like and literally helped save the internet and did the right thing day in and day out online and offline. An amazing man, an amazing human. And I don't say that

lightly though, you know, on humans, but it's like he was good for a human and he was also a wonderful hacker and friend. Aaron Schwarz, never met him. He died because the governmentounded him to death because he also did the right thing. But his right thing also wasn't what everybody wanted to consider to be right. It's like and so he was hounded by the government for trying to make information free. He gave his life to that cause because he believed in it. He stood up. Every single one of us and this day and time is required to stand up now and have your voices heard. If you think that you're comfortable and you don't want to risk that

comfortability because you don't want to voice what is right, shame on you. We are hackers. That's what we do. You see a problem, you try to fix it. You see someone else being attacked. You see someone else being maligned. You see someone else that needs help, you effing help them. What's the use of having white privilege if I can't use it as a shield? Cuz that's the only reason why you should be using it. We need to do more to make sure our voices are heard, but more importantly to make sure the voices of others who don't have one are heard and are seen. That's what we that's what we're required to do as hackers. When you see

something wrong, you fix it. And the reason why I use Mr. Rogers is Mr. Rogers was an OG hacker. Mr. Rogers hated children's television. So, you know what he did? He changed it and he created a children's television show to show people how they're supposed to be. and show humans how they're supposed to act. That's what it's about. Be more like Mr. Rogers.

Oh, I ain't joking. I'm done.