GF - Hillbilly Storytime - Pentest Fails - Adam Compton

storytime pitting test fails talk about that a little bit more in a minute but the blue goo Toria who am i slide short answer you can see it up there father husband son brother over my career I've been pen tester researcher hillbilly born in Kentucky up in the mountains related to both Hatfields McCoy's all that fun stuff so this is not a gimmick for the show I mean this is actually has grass stains from where I was mowing my yard not too long ago with it so it serves two purposes is one it's comfortable and yeah it gets me into the mood to get the talk and all that but yeah I've been in InfoSec or info sick

as an industry for almost 20 years now 18 19 years somewhere in that range give or take a little during that time I've seen a lot of different things that's happened in the industry and we're gonna be sharing some of that as we go through some of these slides but first thing as you saw on the front slide they're the cover page you price on the schedule and all that this is gonna be about pin test fails it's not gonna be about some new awesome tool it's not gonna be about some new technique I know you all have seen a lot those at other presentations or that like I've got this great new way to get domain admin or I found this

great way to do this buffer overflow or something like that that's great and all but what you don't see there is all the stuff that led up to that all the time and energy that people put into it all the mistakes they had all the setbacks they had before they got to that awesome kernel of a greatness that they're going to be presenting to you're releasing to the industry and that's what we're going to be talking about it here is that these things just don't come out of nowhere you have a lot of trials and tribulations a lot of issues a lot of setbacks as you go along and I've been doing this like I said for a better part

of two decades now I still make mistakes not all the time I do but hopefully I've learned over my career and have gotten better and better but I just still make mistakes here and there and all of us do so what I'm going to do is I'm gonna go a few stories a few scenarios I've changed names locations as appropriate but all these are events that have actually really happened to either myself or co-workers of mine over my career and it's things that could have been prevented if we took the time and thought about stuff like that it's just mistakes that we all make and throughout this hopefully you all get to learn a little thing it's something about it

maybe you'll get a good laugh out of it whatever it's just a good exercise in learning that we're not all perfect so a little bit about myself well first of all my slides are all just quotes except for one slide pretty much so don't worry about them that much you can read them but so I started out my career more or less on accident the company I was going to go work for I had a job offer with signed up for I show up the first day and they're like sorry that division you were going to no longer exist oh my god that's great they're like here picking you office to go do and I picked one it

just happened to be pen testing their internal pen testing group so I went to that I'm like okay great I'm here I'm a CS major I've got mathematics computer science all this what can I do they're like first you need to learn so they gave me a big stack of well they showed me to my desk and there's a big stack of excess equipment in the corner that I could build a network I'm like okay so I grab some old spark 20s and stuff like that couple old Intel boxes built out of network talk to them going back and forth and it's just learning how to be assisted man a little bit I had a lot

of coaching along it but it was more of to do pen testing I was taught to start by building a network to play on and in there I had my mentors helping me out and for someone along the way of probably about the I don't know a month into it I was very new into this but a month into it they're like you're going on your first engagement well you get your first engagement so I go out there I'm just piggybacking watching people and all that it was it was fun and all enjoyed I'm still doing it but not that same engagement mind you but still doing pen testing so eventually I get my first

engagement by myself or a co-worker of mine it we're both new guys there and they're like okay here you got your first it's an external go in a do this okay we took the IP space let me get a drink sorry so we get the IEP this was back in 99 2000 somewhere in there we don't have all the awesome tools then as we do now we didn't have in map the early version of in map but we did have in map back then there were some limitations to it so we take in map we feed it in the IP ranges that were supposed to target they gave us a long list of IP ranges so we

app you think you just give it the long list of it and hit go this is on a Friday evening Rock okay we'll get let this run over the weekend so Monday we're good to go we're ready to go so we kick it off and we go home sometime that evening late that night I get a call from my manager like you need to come into the office there's been an issue okay not knowing what it is I come in there they're like so um we just got a call from a large automotive motor company out of the southeast somewhere and saying we're scanning them like okay that's not our customer so what happened is at that time in MAPP wasn't as

advanced as is now and if you put a long list of arguments on the command line for it it would get to a certain point and it would just start truncating you just truncate the rest of the line okay that's common in Linux but or UNIX but in this case in map was a very handy in that whatever it would truncate to you just guess at what the rest of that octet was supposed to be so yeah I was supposed to scan whatever to 37.0 so I scream for I ended up skinning whatever dot-to-dot owed us 24 totally different target so I worked out fine talk to the company that we in Burnley target which is a port scan mind

you low service stuff in there and they're in there responsible as well did you find anything no we did so there only no harm no foul so we moved on but that was just very simple one of me just not understanding that the operating I was working in there had I known this would be the case we would have worked it differently we were done in multiple commands what-have-you but I just didn't understand it at the time I was very new very green to it I also I don't think that I capital L option was in and map at the time if it was I didn't know about it there you know I might not have known the tool as

well so this is one of those things just understand the tools you're dealing with and as a little bit of an intro this is just a my start into the industry the first big issues I had with it here so what's going when some of the other fails that have come across I've either performed myself or other people close to me have so a while back there's a lot of news coming out about Cisco smart install you've probably heard about that if you're in the industry well there's a tool Cisco smart in Scott as that Cisco smart install exploit tool siet well there was a little issue with it at one version of it that if you ran it

with the test flag it would corrupt or delete the startup config the running config was still fine does the startup config was bad so whenever they rebooted the switch it's all gone it was quickly fixed mind you and once people notice that well the people performing this engagement they found a lot of Cisco switches out there they want to try this on they were running an older version of Kali or something like that that been updated a little bit so it didn't have the latest fixes to siet they ran it didn't notice anything right away a week or so later when the customer encountered some other issue had to just cycle bunch of their switches they

realized that nothing was coming back up finally traced it all back it was the pen testers who had run this tool without actually updating the tools first without reading the change logs on the tools that they're running without understanding the tools that they really ran at the time luckily during the engagement they had dumped the running config and save that off as well at the same time they had inadvertently trash the startup config so we were able to hand it back over rebuild it and all that this is another one of those of understand the tools that you're using if you're going to be using some tool that you didn't write and you're not intimately familiar with and things of

that nature go and read has been updated since the last time you used it what were the biggest changes in there was it or something like I don't know it deletes the config file things like that those are important things to try to understand about these tools that you're running

oh all of these little discs all these stories are gonna be a little group says I can fit them in there so this next one here is being aware of your as sort of I don't know situational awareness being polite it falls into a lot of different things there so let's say you're at a customer and you're doing a and engagement for them on side and they're just being a real pain in the backside you're frustrated with them they're doing everything possible to make your job hard you're just just getting fed up with them so you go out to dinner and you're sitting there with your co-workers at dinner keep it long distance on time so you have to load

that location you're sitting there with you co-workers and you're just trying to find a little bit you're talking like oh yeah can you believe so and so did this or what have you and you're sitting there just venting about it not be venting a little too aggressively you're a lord too much and also not realizing that you're in a very small town where everybody pretty much knows each other but so you get done with dinner it's been going on for a while and the waitress walks over you've never said who you work for waitress walks over and says oh hi you all must be the guys who are working in a forest so-and-so and working it and

helping out it so-and-so company right now y'all may be well why do you ask well jhonny sitting over at the table next to you said he recognized you at work today come to find out johnny is best friends with the people that the point of contact is that so next day at work was not a very fun day as you can walk in there like so I hear you've been talking about us a little bit not necessarily those words but the aggression level kind of amped up a little bit it's sort of that back and forth there I understand we all understand that it's okay to get frustrated it's okay to want to vent just be aware of your situation if

you're in a small town where a lot of people know each other and you're talking bad about some of them they're probably going to hear about it especially be careless if those are your customers you don't want to have a bad taste in your mouth I mean leave a bad taste in their mouth after that it's just one of these things that I don't know it's I don't know if you want to call it professionalism common courtesy whatever just try to keep that to official channels internal chat Network something like that if you want to when you're at the hotel whatever just be aware of that because these things can happen and they can have some

lasting impact with the relationship with that customer so we're gonna talk a little bit about some physical assessments now for a little bit well there was this one physical assessment that I know of where it was slated for later in the week it's supposed to be law after hours it was happen to be in Manhattan in the city of their country pentesters up there like okay we're gonna get a quick start here we're going to see how easy it is to get into its network they go and scope out the building first they blew up the address off of this statement of work they pull it up they're like okay they go they scoped out the building okay I think

I've got this they don't actually try to break into the building at this point but they're scoping it out they're like we can see there's an elevator there we see all this stuff that night engagement officially starts they go they get in to get on the elevator they go up to the right floor they get off they're starting to walk around like we made it we're on to the right floor of this building we're doing they start noticing what does that company name say what we're in the wrong place walk back down look at the company listing on the big board they're by the elevator dock her company isn't listed on here because I get this point the

guards getting suspicious he's areas like it he's starting to watch here you're outside you call up your project manager whatever I like okay listen we're at the customers location we're at we've got into the building it's not their building anymore well this is the address they gave you so contact the customer long story short a month or two prior they switched buildings or like that six months earlier they switched buildings without updating the project manager for this engagement this could have all been handled during the kick off car like are you still at location X Y Z Street oh whatever no okay what is your new address no this wasn't done so the pen test was broken

entered into a unknown company well it was a known company at that point but but the company didn't know about it and yeah so story went on just leave it there but they found the right location then broke in did their stuff found all the cookies all that fun stuff all fun stuff another time very similar to that one it was a bank you walking in you see the bank on this side it's inside of a little building sort of thing banks on one side and there's a few other doors around there you're falling off you see some people you're not but you're trying to look not suspicious you have a package in hand somebody opens the door for you you just

walk in you're walking back through there and again you finally open your eyes or look up and look around after you get away from everybody and it doesn't look like a bank it looks like an engineering firm so at this point you're inside of it they had to interpret key code and everything to get in they just let you in so you okay I'm just gonna go with them but I can get in so again this one wasn't an issue with the customer not giving you the right address this is a customer an issue with the pen tester not paying attention to which door they walk into they just turn 90 degrees that was the

door they wanted to go into not this store they went into this store and walked round they can't make out quietly so no-one be interrupted and then they proceeded to fail to get into the actual bank because it's all glass walls glass doors and a very mean secretary Stanton at the front desk so so they succeeded to breaking into the company they weren't supposed to be but failed at the other one but this is one of these just be aware of your surroundings be aware of the situations that you're dealing with one less physical one here get into a building two team members working together they're in there they're like okay they managed to get

into the building they were sneaking around it's a fairly large building like three storeys takes up like a full city block almost it salad in the county of ways they're walking around they found a back door they're like let's go ahead and I see if we can prop this door so we can get in later excuse me they've set down their bags they're they're checking on the door they go outside as checking the door they hear the door click they look at each other why are we both outside this door yeah I thought you were staying inside to open the door for me if I got stuck oh crap not only that but all their gear was now

on the inside the building as well so nil they had to break back into the building that they'd broken into that they'd locked themselves out of to retrieve their gear that they left inside and continued their pin test luckily it was a fairly easy building to break into but that's not the issue the issue is that neither one communicated with each other to make sure who is doing what job it's fairly easy say I'm going outside and see if I can get back in you stay here and let me back in if I can't no they both walked out but as easy you know they climb a ladder they jump in through a construction portal

they're fine but it's just a the things that happen when you're in the he'll just trying to do that pin test just kind of forget about some of this common-sense stuff at times I think what is this one uh so this actually that happened to this is one I'll admit to was me doesn't mean a few co-workers actually uh I was working for a company at the time that for whatever reason sold a tower pin test for web apps okay so be it you might laugh you might not you might say that's standard I don't know for me I don't like that it was a fairly large web app it was if we could get access

through it we could continue on whatever we could within eight hours so we're sitting there we're working on it and we can feel that we're almost getting something we got a sequel injection going we're almost getting it to go through to the backside and we get to a point and we've been working on this all day it's getting over it we already called our wives like we're not coming home right now we're just getting this done because we want to prove something to this customer that we can get it and we're already past eight hours at this point but we're sitting there like okay boy we've got it commands that are executing we just can't get the results back we can tell

like through timing a sequel injection saw you entail that something's running right we're issuing commands and you can tell that even on air base like you issue a command and you just happen like being a garbage command it gives you a different kind of error back than if you run a command that succeeds sort of end sequel here but we want to get that reversed shell back we want to know what's going on frustrated we're tired we're hungry all this stuff going on there and the intern just still happens to be in the office he walks over and it's like oh so uh what you trying to do well we we know it's a Windows box in

the back yeah but at least we believe it is we're doing all this stuff and some reason our connection is coming back out he had the brilliant idea seemed perfectly legit at the time we don't be enable with a Windows Firewall you can look at the log and see what it's being what's blocking and all that or something to that effect I can't remember exactly Oh 14 years ago all that we issue the to do that you look at it and her and my Mike Oh keeps moving on me hello nope I'll just hold it right here then hang on you see I can bend that a little bit there we go so as soon as we hit enter

on that we realize that the mistake we made because all connections any commands that we could run at that time went away because we do this enabled the Windows Firewall which would flat-out block anything we were going to do if we already had so at which point we just dust our hands all pack up and we go home for the night and worry about writing the report tomorrow saying that you're good we couldn't get in not necessarily because you did a great job sort of but because what an idiot but that's a different issue altogether oh man

so this is when I was present for I wasn't as hurry involved in but I was present for this one there was a social engineering exercise that came up run I don't know stuff I don't know a few hundred four hundred five hundred targets it's just a blanket to follow check our user awareness stuff like that so the senior team members Rock okay we got this we're good to go I don't want to stand all this up your intern you stand this up for us yes it's the same interment intern as the previous story so he goes over there's like fine I've been running a bunch of social engineering and fishing exercises for the while here I'll just reuse one of

the old ones he stands it up it says alright go well we trust them or the other team members trust them they run it and they're looking at the stats that come back and there's no hits coming back nothing they went against like 200 targets or selling it or 200 target email addresses nothing's coming back trying to get a little frustrated here what's going on they were in a look no one stood up the phishing website that they were supposed to they said it no they didn't enable the web server so yeah all right lesson learned lesson learn they stand it up again make sure that the website is up and going they even go to the website

looks good it's just like some sort of a I don't remember what it was Oh Debbie a login or just some sort of standard phishing one they send it out again for the other 200 or the other half of it and they get hits okay so it's working but they're getting like a tenth of the number of hits that they would typically expect off one of these not really sure what's going on what they let it run just cause they're getting results and at the end they terminate it and they start looking at it that's when they realize that the intern really did just copy and paste another over email and all of the company name

of the company logo in the email everything so well being good pen testers they turned and they found the super lining in there and they weren't Smith it enough to make it not look like they're complete idiots but say that look your employees at least 1.5 percent of them will still click on an email that has the wrong company name and logo in its do enter credentials so it's sort of a safe there but yeah it should have had to do that to begin with oh man I'm talking about copy and paste ones anyway there's been a number I won't even go into them but a number of times I've seen people copy and paste

stuff from one report into a new one keep over bita chode company names two main name stuff like that in there just don't do it work from a template and then copy that around and wordsmith old reports are always issues where I don't know you leave names in there you don't correct things just don't so hold on all right let's see about that I usually wear a little of a mic that's on here so it's a little different so oh yeah Dolly Parton had to put her in there I lived in Tennessee for long enough though so we're gonna talk about some webcam yeah Network East web cameras for a little bit well both of these are external

engagements where a customer I'll talk about them independently but they're both same general set up customer came to the company and said look we have external space I want you to do external pin test against it might have some web apps might have whatever just see what you can do all right in one case because honey the pen testers went through they found a couple of websites what have you but they also found a couple internet-based web cameras and they're sitting here and they're looking at it and they can guess the password go look up the documentation default creds finding right there so you open it up and they're looking around in there and this petition particular customer is

supposed to be in a law office okay it'll suddenly go firm what have you first of all why would they have internet web cameras yeah whatever so they're looking at it and they're looking through the some of the cameras there's a bunch of them one of the cameras shows the cafeteria a lot of a relatively large cafeteria that's kind of odd I'm gonna show the hallway another one shows some sort of training or classroom another shows a playground we're not looking at a legal firm we're looking at an elementary school so pause go talk to customer this is what we're seeing they're like oh yeah that's on one of the IP spaces that we no longer

own we gave that one back a while back it's just in our notes that we owned that one all right so who wants to call the school that and tell them to fix her camera so take care of that one similar setup on the other one doing an internet external web app pin test come across some web apps some cameras guess the credential this one actually was asked was a university so was it surprised that you saw school stuff here but it is a University on this one get into it guess credentials or default credentials again and there this one actually had a pan and tilt and zoom options on it really cool this is looking out a window

yo okay let's pan to the left okay rotates there's a whiteboard there with lots of writing on it and it starts to looking you pan down low there's a desk with writing and papers on oh god this is a goldmine here welcome so he's doing that so after a little bit yeah it moves back up to home no maybe it's a set on a timer that ever 10 minutes it resets or whatever so we go back and start looking again and panning around get over to the whiteboard scanning around on it finds how that looks like some credentials you start to write down it homes again yeah man it's getting frustrating keep doing this you're looking down at the desk and

it looks like a list of phone numbers and people's names on it that resets itself finally caught the customer came in found this web cameras on this IP and he goes oh yeah that's are a weather one that we take the video input or home Paige for people to see what the weather is outside the university whose office is that in I was in the IT director's office what do you have sensitive stuff on his desk and on his white board yeah probably you might want to change those sorry so yeah first of all you see an internet camera on the available from the internet default credentials probably somebody was probably already looking at it but you might just want to

double-check with the customer before you start potentially broadcasting sensitive information to the world yes this saying so a few lessons learned that come out of my whole career is it boils down to three and a possible fourth one at the bottom is if you do something if you're gonna type in a command if you're gonna type in an IP address if you're gonna copy from this document to this document double check it just do it because you've probably fat-fingered something it comes back the old adage from Woodworking measure twice cut once sort of thing it's always easier to spend a little extra time upfront to make sure you got everything copied over then to try to backpedal and

appease the angry customer after the fact so second one if something doesn't feel right it probably isn't if you broke into a building and it doesn't feel like your customers building because they're supposed to be in boating and you're looking at financial documents or legal documents and stuff probably the wrong building just saying my wanna double-check their if you have access into a building into a network before you do something that may compromise that access get a second method of getting that kit and have a second access in there this is very common like when you hear people say one shell is not enough you always have a backdoor a second way and some of that

this is one of these things that you tend to forget about in the heat of the moment you're oh yeah I have a access to this one critical server I want to start doing this other stuff and you end up locking yourself out you end up sending off some alert and blocked your connection one of the first things you should always do is try them set up a second means of gaining access again whether it's a call back later on a timer or you leave somebody on the inside the building so they can open the door when you shut yourself out whatever the and finally understand and update the tools you're using one of the

key things I would stress is if you're gonna be running an exploit to get some customer don't just download it from an exploit DB or whoever and run it minimum look through there see if there's IP address is minimum go in there and replace the shell code stuff like that just don't run something blindly if it's a relatively large well-maintained tool read the notes of it make sure that it's there's no major issues with it right now get the latest version and run that you can't always understand everything until every single thing a tour does but you can do your best best diligence in there so that's just some of that one of the last things here is say I know these

have been sort of funny stories at times I'm sure some of us have had similar experiences or you've had your own experiences out there the main thing is to understand that if you're new to the industry or you're been in the industry for a long time you're going to make mistakes it's not not all just rainbows and sunshine there's gonna be setbacks there's gonna be issues it's gonna be things that you mess up that you're thinking oh my god I've just lost my job over this no you may have but you may not have either don't assume the worst let's say there are times when you do stuff that is so bad you're gonna lose your job but

learn from it don't let it completely derail you pick yourself back up of course take whatever time you need to to recenter yourself all that but pick yourself back up learn from your mistake try not to make that same mistake again and move forward failure and mistakes are part of life you're always going to make them just learn from them and go forward and if you're so inclined like myself share your mistake suit the world so other people can't or we can hopefully learn from them as well or at least get a good laugh out of you which always cheers people up so questions comments requests we have a few minutes left in the presentation if

anybody has any requests for any particular kind of stories I've got a whole repertoire of them and back in my head from my career and uh what have you if anybody has anything they want to ask me about pen testing in general I'd be happy to try to answer so if not thank you but if anybody has any questions I'm got a few minutes here anyone yes sir any run-ins with the law was the question um personally no but I've had co-workers that have had to make a speedy retreat out of engagements because they were breaking into a local community bank and the people there's got very suspicious he was felt very uncomfortable there at that point is

like let me go get our car he got his car and headed out about the time the SWAT team was pulling in sound inside of the vehicle now because if the customers like yeah you might want to call the manager of bank XYZ because I think they just called SWAT on me but I'm out of here there's another customer another customer another colleague of mine at the time he was doing a physical engagement he had a package he walked in there's a sort of a strip mall area he walks into the building and he left it on the desk there it's a sort of goodie basket or something like that that had some thumb drives in and hoping they

would take them and plug them in and he turns and starts leaving there's no one there it's time they notice him leaving somebody sees the door and runs over and grabs him like what are you doing it's like oh I'm just doing this I'm just dropping off a goodie package I story didn't chatas work out well so they got more more suspicious keep in mind this is in Boston area right after the Boston bombing that happened a while back everybody's on high alert they kept pushing him he's like okay fine fine I'm here doing a pin test he hands out they get out jail free card with all the contact names no one answers their phone

by the time somebody actually does respond to one of the phone calls he's already in handcuffs waiting on the chair while the cop is going through some paperwork already he got out of it after somebody family's on the phone but there's again if you're gonna be doing something that risky make sure the people who are your lifelines are going to answer the phone because otherwise things in his case can get a little iffy so so yes there have been experiences with the law personally no but yes I've know of several so anyone else yes more than I know I'm sure but yeah it has happened more commonly than that is how many times does the production database

been filled up with thousand thousands of blank requests because you hit a what about page that submits a form for you and you hit it with some automated tool and before somebody alerts you it's already submitted a hundred thousand requests that's filling up the database so that's happened more than jumping the database but I don't know of any off top of my head of where we drop the production database but I do know where we've completely corrupted at a production database yes yes oh sorry so in cases where you have caused an outage for our customer yes how did you sue things over with the customer about that or okay if and when things do

happen badly for a customer to the point where they're upset with you there's issues there how do you make things smooth again make everybody happy some cases it's just not possible honestly in some cases just not possible but in most cases explaining what happened assisting or flat-out doing the remediation the fixing the recovery of whatever happened goes a long ways to helping them out just saying like oh sorry your database is dropped by it is not the way to do it that could case with the Cisco smart install we actually had copies of the running config at the time so like so sorry that happened glad that you let us know before we trash all of our data after the

engagement but here you go we have your copies of this it didn't make everything back to Ground Zero happy with us but it went a long ways that we still had that that we could help them out to recover and then we use that as a learning experience from all of us like okay look you do need to fix your systems we do apologize for doing this but you go through a learning process there and you just try to you do whatever you can to help appease them as from the pentester point of view you just try to be as accommodating and all that as possible from the legal side and the corporate side there might involve some discounts

on future work it might whatever the case in there but there's two different aspects to that but a lot of times it's just trying to be as understanding and helpful as possible it usually does it so anyone else up one here and one in the back is still so hey do you have a story that went really well but so well that it was unbelievable how it came together that you had to be there that you had to have pictures to prove it something just totally out of left field that came together and succeeded a few yes I'm kind of thinking would be a good one there's one where a colleague of mine while waiting on the point of

contact to come pick him up at the lobby of the building had already got in through their wireless network and compromiser their domain controller before he showed up but that was an interesting one but that was just a very poorly configured wireless and all that another one was on a physical where the tester is like okay what are you he manages to get into the building it's a power plant of sorts he gets into the gets three he's wearing the Hat all that he managed to sneak his way in he gets into this nice room and he calls up the point condi goes okay I made it into the building is there anything that you

would think would be like the ultimate bad or what that I could if I got somewhere what be the ultimate thing he goes well if he got into the control room he goes well what does the control room look like he describes it goes selfie is this the controller he goes just come to my office now we need to talk so things like that happen and there's always gonna be those scenarios like I was doing a physical one time I walk into the building I had not only these but like one of the big gulp I'm asking the nice receptionist there I'm like I'm looking for this address that other - I always write down the road

down here I'm gonna thank you by the way I'm you have a restroom I can go to I just show you I have no promise back behind me all the way just staircase up across to the next building and it's over there I'm going okay like an hour and a half two hours later I come back by okay okay bye I already set up backdrops and although I'm like sometimes scenarios just present themselves like that that is just interesting on I've got caught underneath the desk of some people trying to hook up taps before when they come back and that always gets interesting but I had a co-worker who snuck in through the back door of a

building doing a physical they're like okay we caught you you need to come with us oh you're very suspicious taking you to the Security Manager stops them outside the door goes hold on a second let me go get him treasure knocked in the door he's less he takes off running take them like an hour to find him in the buildings like three floors down there that's how I did desk working away okay there's our awesome stories and there's like four non pentose I was like how did you do that but if you do physicals and you're willing to make those risk you can see how it could happen so it's sort of that gray area as to if it had to be there or

not but yeah there's some amazing stories that are out there and if you want to hit up hit me about flying I can definitely try to share some more in there but I think there was one more back there and yes oh it is on so basically the same question but you hit the wrong target so we're you successfully managed to destroy the wrong talk that you know I would say the one word you I don't know of any offhand that it would be a perfect hit for that but because we've always in my experience at least people I know and myself we've always caught herself before we did anything too bad but it's these scenarios like I said at the very

beginning you break into a building you get by the security guard you go up to the elevator you pick you back through the big security doors you're in the building you're walking around looking at laptops and stuff in New York none of these say the right name yeah that's the closest I have for one like that it's just before you do anything too damaging we've always managed to catch ourselves everyone I know has so I'm sure there's an area there where that hasn't happened but luckily it hasn't ever happened to me or in my co-workers that I've worked with that something that bad has happened yes anyone else I'll share one last one here from my days from way ago

on just some standard etiquette for your coworkers this is a very just odd scenario odd situation all around co-worker of mine was tasked with doing an internal assessment at a customer at the time we had a policy that you call before you leave to go to the customer you call when you arrive at the customer so you know you made it he called when he left he didn't ever call when he made it we didn't know what was going on Monday morning rolls around still haven't heard from them noon rose around the customer calls us says yeah I've got all your equipment up here what do you want me to do with this what are you talking about you have all

our equipment oh yeah your employee showed up in sweat pants and a stained t-shirt no shoes and Hinda is all this gear and said at first to call you and tell you he quit yeah so yeah we quickly scrambled got somebody else on side to try to smooth all that over but I'm still not sure the full story I do believe there was a night in jail involved in there and a few other things but yeah quitting via proxy through a customer is not the way to handle this people professionalism let's have a little bit so with that I'll go ahead and call it an end unless anyone has any other comments questions yes in the back

back there our video guy so do you have any where you add like a phishing attack where you got like a hundred percent and the customer didn't believe you no but something very similar we had a target one where we had a target pool of like 20 people we sent them to phishing email that said like okay here go to this link and do something with it and um I forget what it was I think it was like it's some sort of payload I don't remember it's been a while but we sent it to like their target 20 50 people's honor that we got close to a thousand hits off of it what happened was one of the people thought it was

suspicious sent it to the Security office Security office took the zaxon email forwarded after the company said if you see this do not click on it everybody clicked on it so we had better than a hump recent success without just saying but yes it has happened and no the fun right up this has been a very similar with a thumb drive drop one time dropped it outside of the sock of a large company and we dropped several around we talked to older I got a copy machine guide plugged it in we knew which ones were which we saw they plugged in we got the shell and wing back to find it it's back on the copy

machine he returned it like nothing happened but we don't went off at this outside the sock I'm still getting shells off him some in the shop in the sock as they would plug it in he's not doing he go do this one it's not doing anything and this is that you relatively large government internationally long short but yes it was a good thing oh yes have you had any incidents where the security team caught on to you and just decided to screw with you sort of I mean there's been scenarios where they caught on to us and then they'll start changing the passwords of the accounts that we create and stuff like that times what

we're doing sort of a purple team and they catch the red team but they don't let on so they start setting up special accounts and whatever just like you create an account and they'll just let you create the account and they will delete it like what is this or like sometimes we'll connect to it it's fine connected the shell drops you can take the in and it's fine you know this isn't how this works there's gremlins and they're just saying mother done I mean there's always gonna be those scenarios relatively low incidence of that because most of time they just flat out to just drop you and do everything but occasionally you'll get somebody who's a little bit of a wisecracker in

there so yeah anyone else if not my contact information I appreciate everybody being here thank you for sitting through this thank you for listening to me ramble on for good what was this now 45 minutes or so about making mistakes and making a fool of myself but hopefully you've learned a little something about that and you feel a little better about your own mistakes because they're not as bad as mine and if they are worse than mine I'm sorry but yeah thank you very much and everybody have a wonderful day here besides thank you [Applause]