Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Here's
0:00
the story of a guy named Michael Fagan,
0:03
and it fascinates me.
0:05
This is a story that took place in June nineteen
0:08
eighty two in London. Michael
0:10
was thirty years old and he was an
0:12
interior painter. He had a wife and
0:14
six children, but times were tough for
0:16
him. and he was having trouble supporting
0:18
all those kids and he wasn't mentally stable.
0:21
His wife couldn't take living with him anymore
0:24
and she left. and that was the night
0:26
of June seventh nineteen eighty two.
0:28
Here's Michael in his own words
0:30
saying what happened next. mean,
0:32
those were pretty bad. They were going up and down.
0:34
Was that was it going through this breakdown? And
0:37
I've all transferred streets of London.
0:41
and
0:41
suddenly come across back in the palace.
0:44
So this audio is from a BBC interview.
0:47
They did with Michael in nineteen ninety three,
0:49
Now Buckingham Palace is where
0:51
the Queen of England lives. It's a
0:53
huge building. Three stories tall, seven
0:56
hundred and seventy five rooms, and
0:58
at night, it's clearly closed to the public.
1:01
But the Palace is in the heart of London
1:03
running along some public roads.
1:06
Michael was walking down one of those roads.
1:08
and I could see the window open. It was it
1:10
was there subconsciously to do it probably.
1:13
And I just hopped over the wall at
1:16
the drain pipe and end. Wait.
1:19
What? He just hopped the wall,
1:22
climbed up the drain pipe, and got in
1:24
through an open window on the second floor,
1:27
of Buckingham Palace? That
1:29
should not be possible. Walk
1:31
around the palace for about an
1:33
hour.
1:35
Look at pictures on the wall
1:37
paintings. But
1:40
it wasn't
1:40
how I would have imagined it. I don't think
1:42
people imagine it the way it is dusty
1:45
and
1:46
squeaky floorboards, very
1:48
ordinary. You know, I don't think they spend
1:51
too much on sort of decoration.
1:54
Mhmm.
1:54
Maybe they had a time plan and maybe
1:56
it was due a redec, passed
1:59
a few doors, and I came across
2:01
a problem. and they
2:03
evidently do the night hauls in there
2:05
and whatever. Well,
2:08
in there, I was crying. She just had a little sit on the
2:10
phone. I'm
2:11
walking about Willie and Elliott, actually. I'm
2:13
not hiding. Didn't you see any security
2:16
stuff? No. No. No. Not up to none. Not
2:18
to this point. when
2:20
it's a prince challenges, private
2:22
secretary's office have banned out later.
2:25
And
2:25
there's always presence around the walls.
2:28
presence
2:28
that people send him from
2:31
the
2:31
far reaches of the globe, you
2:33
know, sort of
2:35
steady bass and cups
2:39
and that there was this bottle of wine
2:42
in California. And
2:44
I was so thirsty and I couldn't find a title. I didn't
2:47
actually intend to steal anything
2:50
to the bottled ban from the show. and
2:53
I couldn't find a call school. I was
2:55
sitting on the desk with me feet up. Push
2:58
the call into the Oh,
3:00
drinking at the bottle. And
3:02
then all of a sudden, I've thought, my
3:05
God, where am I?
3:07
I'm in park in Venice.
3:09
I don't know. What
3:12
am I doing here? I mean, it was just like there's
3:16
as if he brainer the writing, the title, it's to
3:18
do with you know, and I get
3:20
out. So I was
3:23
a walk down to the passage where I saw
3:25
a security guard with
3:27
a dog. I
3:30
looked man at corner, and I stood back and went
3:32
into a room. And
3:34
I found my way out and I made my way
3:36
downstairs. at
3:39
a window across the
3:41
the grounds at the back and over
3:43
the wall and then walking up the mouth
3:45
five minutes later. And
3:47
I felt as I've got sort of towards
3:50
Nelson's column, I fought
3:52
my card, played back if Alice.
3:54
What
3:57
a crazy story. Michael
3:59
Fagan just popped
3:59
in to Buckingham Palace, drank some royal
4:02
wine, and left, incredible.
4:04
What if he was
4:06
a spy or there to cause harm
4:08
to the place? This place should
4:10
have been much more secure than this.
4:12
This shouldn't have been possible, but
4:14
things got worse for Michael. His
4:17
wife took the kids and
4:19
he stole a car to try to find her,
4:21
but he ran out of gas and got arrested
4:23
for stealing the car, and he was out on
4:25
bail and more distraught than ever.
4:28
July eighth, came along, and he
4:30
couldn't sleep at all that night.
4:32
And at five AM, he goes for walk
4:34
down the road that goes towards Buckingham
4:37
Palace. He was just trying to clear his
4:39
head and take a walk about. I'll
4:41
tell him what I was doing at that point.
4:44
started
4:44
walking towards back
4:46
in Paris.
4:48
That five o'clock is always swimming,
4:50
clean and is going to work. did
4:54
sense that now. I'm gonna sit. I'm gonna get
4:56
in there. I'm gonna
4:58
see the queen. fundraising,
4:59
nothing's gonna stop making through
5:01
Saint James Park an
5:05
overall incident of Palace.
5:08
say good morning to the servants as I'm walking
5:10
past her mother and I have a hell of a factor.
5:12
I really don't know how people have said to you know,
5:14
added to find it at all those rooms. I
5:17
really don't know. I'm in
5:19
the queen's bedroom. So to make sure it's
5:21
a queen, I walk through the wind up this She's
5:23
looking very small in her bed.
5:25
She was a sleeping. Yeah.
5:28
All past her bed looks too small
5:30
to be the queen's go to go over
5:32
and I draw the car back just
5:34
to make sure, and suddenly she sat
5:37
up, what are
5:37
you doing here? Some
5:39
said,
5:41
Well, I was dumb start to be honest. And
5:44
I was just I was thinking
5:46
what to say is, get out
5:48
get out.
5:49
she jumps out of bed. What are you doing here?
5:51
And
5:52
walks out of the room.
5:54
So
5:55
I stood there. Maybe
5:56
I'll sat in the corner with a bed, or just about
5:59
long conversations. I
5:59
mean, a lot has been said about what went on in that
6:02
room. This
6:03
is the truth. you know, nothing was
6:05
she just said, get out and that was it. The foreman
6:08
came in. And I looked at each other and said,
6:10
oh my gosh. What did we go here?
6:13
So it's just this thing that was a rebellion
6:15
going on in my head. Do
6:18
you think you were actually trying to
6:20
get caught? when you went in that second
6:22
time. Yeah.
6:23
Yeah.
6:24
It's to make that statement of,
6:27
you know, I
6:30
am.
6:32
I am. The guy
6:34
snuck into Buckingham Palace
6:37
twice.
6:38
And with the second time getting all the
6:40
way into the queen's bedroom while she
6:42
was asleep,
6:42
creepy, and incredible.
6:46
The
6:46
chaos he could have caused was
6:48
huge, and he
6:49
was arrested, and he went to court at
6:51
the old Bailey. I was actually
6:53
charged with stealing. half
6:56
a bottle of wine. It
6:59
was just unbelievable actually
7:01
to be tried at number one core,
7:03
old Bailey, the hanging core.
7:07
intimidated me. I mean, people have been
7:09
sent to Australia from there. They've been sent
7:11
to the gallows from there. And there's
7:13
me from Arthur Butler Wine. The
7:15
jury found him innocent of
7:17
wrongdoing, and he was not
7:19
sentenced to any jail type. However,
7:22
the judge found his mental health
7:24
to be something to worry about.
7:26
So they sent him to do time in
7:28
his psychiatric ward. And
7:30
while there he wasn't able to go home and see
7:32
his wife for kids, which caused
7:34
him more stress, but he eventually
7:36
got to go home. But he wasn't well,
7:38
though. He was arrested a few more
7:40
times for fighting at the pub and
7:42
dancing in the streets naked. And
7:44
certainly, Michael Fagan isn't the kind
7:46
of man to fade quietly from the public
7:49
eye.
7:51
He even made a call, a
7:53
version of the sex pistols
7:53
song, God Save the Queen.
7:56
God Save the Queen.
8:06
one wonders
8:10
of a man and
8:13
He
8:13
finally divorced his wife but got custody
8:15
of his kids. and spent a lot
8:17
of time just being a dad. Sarah's
8:19
in her first year of school and someone said,
8:22
that that broke into backing up
8:24
palace. and
8:25
she just turned man and said, yeah.
8:28
And your dad has an essay.
8:33
These are true stories
8:36
from the dark side of the Internet.
8:37
I'm
8:40
Jack Re
8:42
iter. This
8:44
is dark net diaries.
9:02
Support for this show comes from
9:04
Axonius. Security starts with
9:06
comprehensive asset visibility.
9:09
After all, you can't secure what don't know
9:11
exists. and
9:11
comprehensive asset visibility, that
9:14
starts
9:14
with Axonics. The Axonics
9:16
solution correlates asset data from your
9:18
existing IT and security solutions
9:21
to provide an always up to date
9:23
inventory of all devices, users,
9:25
cloud instances, and
9:27
SaaS apps. so you can easily
9:29
identify coverage gaps and automate
9:31
response actions. Axonius gives
9:33
IT and security teams the confidence to
9:35
control complexity by mitigating
9:37
threats navigating risks, decreasing incidents,
9:39
and informing business level strategy,
9:42
all while eliminating manual repetitive
9:44
tasks. Visit exonias dot com
9:46
slash darknet learn more and try it
9:48
free. That's exonius, spelled
9:50
AX0NIUS
9:54
Exonius dot com slash
9:56
dark man.
9:57
So let's
9:59
start out with you telling us your name and what do
10:02
you do? Yeah. My name is Jeremiah
10:04
Row, and I'm a solutions architect
10:06
for Cenac. So it drew
10:07
me to Jeremiah is his background in
10:10
penetration testing. Companies have
10:12
hired him to see if they have any security
10:14
holes and if he can find them and break
10:16
into their buildings or network.
10:18
because if someone could just walk into your
10:20
building, that can be bad.
10:22
So companies want to test how
10:24
hard it is to break into their buildings.
10:26
How good is their security?
10:29
And these stories of how people break into
10:31
buildings always fascinates me. And
10:33
today, Jeremiah brought us a
10:35
penetration test story. Now when
10:37
Jeremiah was a kid, he liked building little
10:39
websites and this was the seed that made him decide
10:41
to go into a tech career. He went
10:43
into the military and then got a job
10:45
at Geek Squad troubleshooting
10:47
customers' computer problems. But then he
10:49
landed a better job where he learned more about
10:51
technology, and this got him into cyber
10:53
security. And eventually, he took the 0SCP
10:56
certification. This is an advanced
10:58
cert that quizzes you on
11:00
how to use hacking tools and exploitation
11:02
techniques. and it's a pretty serious exam that you
11:04
have twenty four hours to complete.
11:06
Well, he passed that, which gave him new
11:08
opportunities. I was
11:10
able to transfer that
11:12
over to a government
11:15
contracting role, which
11:17
I got hired for out in
11:19
the DC area. And
11:21
from there, we really primarily
11:23
focused on conducting network
11:26
level penetration testing, web
11:29
application penetration testing.
11:31
We were both the
11:33
internal PIN test team and the
11:35
internal red team operations. all
11:37
in one for this organization.
11:40
This taught
11:40
him how to think like an attacker,
11:42
not just any attacker, but
11:44
one that would attack government networks
11:47
and systems. attackers
11:49
like this have a lot of resources
11:51
and sometimes stop at nothing to get into
11:54
certain networks. So Jeremiah
11:56
learned how nation state
11:58
actors would think and was able to
12:00
try some pretty wild things to gain access
12:02
into facilities. I think they even had
12:04
ex military working on his team
12:06
too, like, ones who were trained
12:08
by the military to hack into things.
12:10
And, yes, the military trains troops to
12:12
be hackers. I mean, there's the army cyber
12:14
command, just the name one group. So
12:16
learning from people like this really
12:18
gave him some interesting insight. Now
12:20
what Jeremiah did there was internal
12:22
Red Team Assessment. That is
12:24
he was attacking the contractor
12:26
he worked for itself to try to
12:28
find vulnerabilities in the buildings
12:30
and the network. Seep, this
12:32
Washington DC based contractor that he was
12:34
working for did a lot of work for the
12:36
federal government, and it was
12:38
growing in expanding and there were offices and
12:40
remote locations and scattered all
12:42
around. And here's the thing, when other
12:44
nations want to hack into
12:47
our government, they don't
12:49
always go directly towards the government's
12:51
networks. They might attack
12:53
a contractor and try to
12:55
get into the contractor's network which might
12:57
give them access into the government's
12:59
network. Because if a contractor is
13:01
doing work for the government, then it must
13:03
have some sort of access to the government.
13:05
Right? So this is sort
13:07
of coming in through the side door kind
13:09
of attack. Jeremiah knew this, and
13:11
this is why he was tasked with attacking
13:13
the company he worked for to try to
13:15
find ways a nation state attacker
13:17
might get in and what damage they could
13:19
do. At some point, Jeremiah
13:21
found a remote satellite office
13:23
which did a lot of business for the federal
13:25
government and he wanted to conduct a
13:27
penetration test on this
13:29
office to see if it was vulnerable.
13:30
Basically,
13:31
we came up with the idea. We
13:34
wanted to go and test out
13:36
this location. We felt that there
13:38
were risks to
13:40
the organization and to the
13:42
clients that we work with. through
13:45
this organization that
13:48
maybe weren't being addressed or thought
13:50
of. And so we wanted to
13:52
conduct a nation
13:54
state style
13:55
of an attack from
13:58
a physical perspective just
13:59
because physical assessments
14:02
or physical red team operations or
14:04
physical pin tests just really
14:06
aren't done all that much. and
14:08
we wanted to take it upon
14:10
ourselves to go ahead and and
14:12
conduct one towards this satellite
14:14
location. And
14:15
when you pitched this idea to them,
14:18
they said, okay. Go for it.
14:20
No. Full speed ahead. Not
14:22
at all. Nobody wanted to do
14:24
it. Nobody liked it. Nobody liked the idea.
14:26
It was very risky.
14:28
And, of course, this is
14:30
a risk adverse organization. I
14:32
think I think fair to say that government as
14:34
a whole is fairly risk adverse.
14:36
And see to
14:36
me, this is backwards thinking. How can you
14:39
say your risk adverse without looking to see
14:41
what risk you even have. If you're going
14:43
to claim to be risk adverse, then you
14:45
better be out there every day looking
14:47
for any and all risks that your
14:49
business faces and reevaluating
14:51
them constantly. And you
14:53
won't turn down a security assessment because
14:55
you're afraid of what it might uncover.
14:57
in a way, I think people are
14:59
scared of the of things
15:01
being found. Right? I think people know
15:04
that things are kind of there, but Nobody
15:06
really wants to want
15:07
the big red punch
15:10
in the face to show you the
15:12
things that are there. Okay.
15:13
Yeah. So it's embarrassing when
15:15
you realize that you've got a few security holes in
15:17
your business. And I suppose
15:20
that embarrassment can be pretty
15:22
bad. Like, what if the pen
15:24
test found some major security hole and
15:26
saw evidence that someone had
15:28
used that hole to get in and steal
15:30
things? Now the business has lots
15:32
of consequences they may face.
15:34
They would have to notify their customers or
15:36
may lose some government contracts. They
15:39
may be fined or sued. They
15:41
may get a lot of bad PR if it turned
15:43
out that the security was really
15:45
bad. but
15:45
I guess it's still better to know that you've
15:47
been hacked
15:48
to not know at all. Or
15:50
what
15:50
if a penetration test ended up
15:52
damaging the network? Like, what
15:54
if by trying to exploit a server, they
15:56
accidentally took that server down? Now
15:58
there's a network outage. So I guess
16:00
there are some risks
16:01
to doing a penetration test, but I
16:03
still think it's important to do
16:04
these tests, especially on big
16:07
businesses and government contractors I've
16:09
seen news article after news article
16:11
about how foreign governments have hacked into
16:13
our government through a
16:15
contractor, and that's how they got
16:17
access. so contractors should take their
16:19
security very seriously. And
16:22
Jeremiah had to convince them that testing this
16:24
remote office was important.
16:26
Yeah. I think quite
16:28
honestly, our convincing argument
16:30
was one persistence and
16:33
two, naming those very things that you just
16:35
mentioned. Right? really painting a
16:37
picture as to what could potentially
16:39
happen. Should there
16:41
be things in these locations that we
16:43
don't know about? that
16:45
persistent argument that we would make over and
16:47
over again ultimately
16:49
led to the decision
16:52
to give us the green light to go ahead and
16:54
conduct this. Right? Because so
16:56
this is just the saying that I have, which
16:58
is, you know, the best the best defense is
17:00
good offense. and unless
17:02
you're putting things and stressing
17:04
them and really
17:07
challenging, what
17:09
is their from a
17:11
technical capabilities perspective, you
17:13
really don't know what's possible within
17:16
that environment. So it
17:18
wasn't
17:18
easy, but he got the green light. The business
17:20
said, okay. You can try to break into
17:22
that remote office physically and
17:24
through the network, but we have some
17:27
rules. not installing
17:28
any any shelves
17:31
or back doors or malware
17:33
on physical devices
17:36
itself. They didn't
17:36
wanna have to clean up any malware left
17:39
behind or cause any damage to the
17:41
network. A lot of companies have a strict
17:43
configuration change policy things
17:45
need to be approved by a
17:47
committee when installing new stuff on
17:49
production servers. So they didn't want
17:51
him to just come through and plop a whole bunch
17:53
of hacker tools into a network. that's
17:55
heavily in use, it could cause things
17:57
to break. So they wanted
17:59
to have as little
17:59
impact as possible while still
18:02
trying to prove the point of
18:04
impact. And
18:04
so that was kind of our bounce. That's what
18:06
we had to play within. But
18:09
from
18:09
an
18:09
operational perspective, we were kind
18:12
of given some wide latitude as
18:14
to how we were gonna plan this
18:16
out. And and to be
18:18
fair, we other
18:20
than the time of day when we wanted
18:22
to go and scoping
18:24
a few things up prior to
18:26
it, we kind of also left it up
18:28
open to a target of opportunity
18:30
for what we would do when we were there
18:32
as well. because we didn't know what was gonna happen.
18:34
We didn't know how this whole thing was
18:36
gonna play it out. We could have, at
18:38
some point, the cops called on us and
18:40
we could have, you know, potentially gone to jail
18:43
or we could have eaten we just
18:45
didn't know.
18:46
So Jeremiah and his team started coming
18:48
up with their own objectives.
18:50
Basically, can you get access to this
18:53
location? When you do get access,
18:55
what can you see? From what
18:57
you see, what types of scenarios
18:59
can you play out? And out of those scenarios,
19:01
how risky are they?
19:04
And then separately, can you
19:07
obtain access to devices
19:09
that are on the network. Can you obtain
19:11
access to the to the network
19:14
itself? is
19:16
there information that you can
19:18
obtain from this operation
19:20
that would potentially compromise
19:23
any any contract that that we were working
19:25
on sort of all of
19:27
the above. Okay.
19:29
So
19:29
he's all set and ready to begin the test.
19:31
Now he wanted to conduct this test like he was
19:33
an outsider. Yes, he did actually
19:35
work at this company that he was testing, but
19:37
he had never been to that building
19:40
before. and wasn't going to use any
19:42
internal resources that he had to get
19:44
information to help him break in.
19:46
This test had to be as if he didn't
19:48
work there. So he started by
19:50
simply googling the location. Of
19:52
course, this landed him on Google Maps,
19:54
which he started noting all the relevant
19:56
information that he saw what
19:58
surrounded the the building.
20:00
Were there any coffee shops that were
20:02
attached to it? Were there
20:05
any other third parties that were
20:07
also in those buildings. What
20:10
access did they
20:12
potentially have? Were there
20:14
satellite aerial images of
20:16
the location. What were the
20:18
entry points to that building, the
20:21
ingress and egress points?
20:24
how do how how how many people went
20:26
to and from the location? Who worked
20:28
at that location? when
20:31
was the normal scheduling for when
20:33
people arrived? When did they go to
20:36
lunch? That sort of
20:39
thing. Right? Okay.
20:39
So he's picked up quite a bit from
20:42
Google and now it's time for him to
20:44
take it to the next step, drive
20:46
to the building and do some
20:48
light surveillance take notes along the
20:50
way.
20:51
I went
20:52
there to take a look at what
20:55
was happening when people would generally
20:57
show up when they were leaving
20:59
where their locations were for when
21:01
they would smoke. And I
21:03
was in my vehicle. I
21:06
parked and I would hang out and
21:08
just watch. And then I drove around
21:10
the building itself and then I
21:13
would note locations on a map that I had
21:15
with me as to what I thought that
21:17
was based off of what I was
21:19
seeing. And then I
21:21
ultimately left for the day and took that
21:23
information back to add to the
21:25
portfolio that we were putting together for
21:27
the location. He takes the
21:29
intelligence he's gathered and regroups back
21:31
at the home office. I was
21:33
working with another individual called him
21:36
busy. I was working
21:38
with BC, and we
21:40
both collaboratively decided to
21:43
go about checking
21:46
every external egress
21:48
point just to see what we could walking
21:50
around the buildings perimeter, just to
21:52
see what we could notice, if there was
21:54
anything open, what locations
21:57
we could actually get into the building
21:59
from and then to kind
22:01
of follow that bread crumb trail
22:04
to see where it led.
22:06
Okay. So that's the grand plan.
22:08
Just to walk the perimeter and see what
22:10
doors are opened. It's not
22:12
a bad plan, often the front entrance
22:14
sense is where all the security is.
22:16
So trying to slip in through a side door or a
22:18
back door, bypasses all that. So
22:21
that was plan a. Plan b was to
22:23
walk directly into the front of
22:25
the location at
22:27
the front the front doors.
22:29
Do you have any idea what's in those
22:31
front doors like security guard or another locked door? No
22:34
idea. No idea how the layout is.
22:36
We assumed that there was some
22:39
sort of four year that was
22:41
there, but we had no clue. We we
22:43
had never been there before. So,
22:45
Jeremiah and B. C. have
22:47
their plans. And BC has also done a few
22:49
of these penetration tests before. This
22:51
was a junior to me at the
22:53
time. And so I was bringing
22:55
him along as one,
22:57
a backup to to
22:59
look more more realistic like
23:01
I belong like I had company.
23:04
The more individuals that you've got with
23:06
you in a party, the less likely you are to
23:08
be challenged. And so that was a
23:10
benefit towards the location.
23:13
But separately, it allowed me
23:16
to spread the
23:19
workload that was involved in
23:21
checking things. to see
23:23
what was there? They pick
23:24
a date when they're going to go there and
23:26
start preparing for it.
23:27
Yeah. So we decided
23:31
that the best way to
23:32
address was obviously business casual
23:35
to make sure that we've groomed
23:38
professionally. We
23:40
got haircuts the day before where
23:42
may made sure that we were
23:44
kind of wearing wearing polos
23:47
and and slacks and we're
23:50
looking very
23:50
sort of business casual. Well, I mean,
23:52
the haircuts
23:52
were specifically for this engagement.
23:55
In
23:55
a way, yes. But
23:58
at the same time, we kinda wanted
23:59
to look like we were
24:01
blending
24:02
into everybody else within
24:05
the environment. as well. I wonder how that worked out
24:06
with
24:07
your junior. Like, was it your
24:09
idea? Like, hey, man. Get a haircut. And
24:12
what? Why? I'm fine. No. We're
24:14
gonna we wanna look this part and maybe you had
24:16
it in your head like, man. This guy really needs haircut. I
24:18
could use this as an excuse to, like, tell
24:20
him to get haircut. Yeah. When
24:21
so so the best thing
24:23
about this particular
24:26
guy is he he kinda
24:28
got it too because he
24:31
is is also former
24:33
military.
24:33
And so he was
24:36
totally
24:36
cool with making sure
24:38
that that he was well groomed, had a haircut,
24:40
and well dressed for the event. In
24:43
addition, we brought
24:46
our We had separate laptops to conduct
24:48
red red team operations. So we had
24:50
those with us. I
24:53
had a lockpick set and
24:55
Raspberry Pi, as well
24:58
as BaaS money. And I had
25:00
a network sort
25:02
of a network star tab what's it
25:04
called? Like a land star.
25:06
The land star. Thank you. I had
25:08
a land star just just in case
25:10
I wanted to tap something in
25:12
there. I also had actually mobile
25:15
version of Cali Linux
25:17
installed on my on
25:19
a on a burner phone that I had.
25:21
and that was about it.
25:23
So it's now
25:24
the day of its go time.
25:26
With their equipment and fresh haircuts,
25:28
they drive to the building. there
25:30
are no gate guards or security to just get on
25:32
the property. So they're able to drive right into
25:34
the parking lot, park the car, and they
25:36
immediately split up and walk around
25:38
the outside perimeter of the building. That's
25:41
exactly what
25:41
we did. Yeah. So,
25:43
BC went to the right, I went to
25:45
the left, and we both walked around
25:47
the perimeter of the building and
25:50
just sort of we each had a
25:52
copy of the aerial
25:54
photography that we had marked up and
25:56
he had a folder, had a folder that was inside
25:58
of it, that
25:59
was inside of our bags. And as we were walking
26:02
around, just kind of checking
26:04
doors along the way, to
26:07
see if they're open, to
26:09
see if they're locked, and or if we could
26:11
get access to them.
26:12
To walk around, tugging on every door
26:14
they came across to see if one
26:17
opened. Jeremiah tugged
26:19
and tugged, but he didn't
26:21
find a single door that
26:23
opened. He came around the backside of the building and that's
26:25
where he saw BC coming around from the other
26:27
side. Jeremiah told him that he didn't
26:29
find any doors open. and
26:31
he let me know that on one
26:33
of the doors on his side
26:36
actually have to be open.
26:38
So together, they
26:38
walked back towards that door, that
26:40
BC found open. It
26:42
was a
26:42
back door, but it was a
26:45
door to a
26:47
stairwell that led to
26:49
all the floors in the
26:51
building itself. And the
26:54
store was just kinda left open
26:56
and it was by sheer
26:58
happenstance. It was
27:00
most likely due to a particular
27:04
implementation flaw in the physical
27:06
door itself and that someone didn't
27:09
actively make sure that it was shut.
27:11
Otherwise, it would have been locked.
27:14
which in this particular instance, it was
27:16
open hanging out and there was a crack and we
27:18
were able to open the door. So they
27:20
slip in
27:20
through this partially open door that
27:23
wasn't locking properly and go
27:25
into the stairwell. At this point, they need
27:27
to make a decision. Go up the
27:29
stairs or just try to go to the
27:31
first floor. Yeah. Yeah.
27:31
So we didn't want to
27:34
mess with the door on the first
27:36
level to begin with.
27:38
We knew that the
27:41
contractor that we worked
27:44
for had offices on the
27:46
second and third floors. And
27:49
so we wanted to we we
27:51
knew that we could gain access to the first floor
27:53
through the front of the building anyways.
27:56
So what we did is we walk into this
27:58
stairwell. We took
27:59
photos of the of the
28:02
open door just kinda as it was,
28:04
took photos of us inside of stairwell
28:06
and of course going to the second
28:08
and third floors. Now in a lot of office
28:10
buildings, the stairwell doors are
28:13
locked. from the stairwell side. You can go into the
28:15
stairwell from the office, but you can't go
28:17
into the office from the stairwell. And
28:19
they were walking up the stairs expecting to
28:21
face this and trying to think of ways that they
28:23
could bypass the door and get into the
28:25
office, perhaps wait
28:27
for someone to come out or
28:29
maybe get some lock packs out try to pick the lock. They'll
28:31
have to see when they get there. But when
28:33
they got to the second floor, they
28:35
just tried pulling on the door And
28:37
to their surprise, it opened? We couldn't, and we
28:40
could get direct access to those
28:42
floors as well, which were supposed
28:44
to be secured floors. So they got into the
28:46
second floor office, took pictures
28:48
of themselves in the office and got
28:50
right back in to the stairwell. And then they went
28:52
up to the third floor. And again, that
28:55
stairwell door opened right up for them and
28:57
they got in. Yeah.
28:58
So we walk in.
29:00
take a quick photo to show that we were in the floor and that
29:02
we just kinda walked right back out. They walked
29:04
all the way back down the stairs and out of
29:06
the building. They
29:07
regrouped and made a new
29:09
plan. goal of
29:10
the pen test is to identify as many
29:13
exploitable vulnerabilities or findings as you
29:15
can and then present
29:18
that and have them fixed as much as
29:20
they can be fixed. So they were
29:21
able to successfully get access into this
29:24
building. And so
29:25
that was kind of checked one. Now
29:27
let's test another avenue. So they
29:29
regroup at the front of the building and this
29:31
time go in through the main entrance. They
29:33
have no idea what might be there.
29:35
and they know the office they want to get access to is on the
29:38
second and third floor. And there
29:40
should be some kind of thing to stop them
29:42
from getting just directly into the office and
29:44
roaming free, but where and
29:46
what exactly would stop them? They
29:48
didn't know. Stay with us
29:50
because after the break, they
29:52
head inside.
29:57
Support
30:01
for this show comes from Linode. Now,
30:03
Linode has been my go to service for whenever I
30:05
need a Linux server in the cloud. It's fast,
30:07
easy to deploy, and always cost just
30:10
right. But they're launching a brand new thing that
30:12
I'm excited about. Managed
30:14
databases. Instead of running your
30:16
own database, Lenovo do it for
30:18
you. They offer MySQL, MongoDB,
30:21
Postgres SQL, and Redis is coming
30:23
later this year. I'm excited about this
30:25
because building your own database server is
30:27
work. You have to make sure the OS is
30:29
patched and the database software is up to date and
30:31
then worry about performance and
30:33
optimization. Lenovo does all that for you now,
30:35
making it so much easier. And the Note
30:37
has always been easy to use, which is my
30:39
favorite part about them. You get simple
30:41
and fast deployment, secure access,
30:43
daily backups are included, and they
30:45
have flexible plans. Learn more by visiting
30:48
WWW dot
30:50
linode dot com slash products
30:52
slash databases. Linode is spelled
30:54
LIN0DE
30:57
lynode dot com slash
30:59
products slash databases.
31:02
Jeremy
31:07
and BC open the doors to the front of
31:09
the building and walk in. with their
31:11
goal to get into the second and third floor
31:14
offices.
31:14
And as we were going
31:17
through, we didn't initially see any kind of front
31:19
desk on the first floor We
31:21
did see some stairs that were
31:23
spiraling down kind of from the
31:25
second and third floors in the center of
31:28
the of the building in the
31:30
foyer. They
31:30
look around and see some elevators, which tells
31:32
them there's two ways to get to the
31:34
second floor. These stairs in the
31:37
foyer or the elevator, also
31:39
looked around in the lobby of the building there and noticed a
31:41
few ethernet ports on the walls. And they
31:44
wondered if that connected to
31:46
anything, but they just took a mental note
31:48
of that. and decided to go up
31:50
the stairs to the second
31:52
floor. And
31:52
so we were able
31:54
to move up to each floor
31:58
and we noticed as we got to the second and
31:59
third floors, there were
32:02
doors to either side that were
32:04
that
32:04
would grant access to the business operations of
32:06
this contractor. Now the entry
32:08
doors were closed and their,
32:11
you know, they had
32:13
locks on them that were
32:16
that
32:16
you utilized from your keycard to
32:20
unlock the doors so you could go in, and that was
32:22
for authorized employees for those
32:24
locations. Okay.
32:25
So just by walking by the office doors,
32:27
you could see that you need a keycard to get
32:29
into that door. And on one of these floors
32:31
was a person sitting at a desk in the lobby,
32:34
but on the other floor, there was nobody in
32:36
the lobby.
32:36
There was a public seating of
32:39
in the lobby on each floor
32:41
as well. And
32:43
we both sat down on one
32:45
of the couches just so we could
32:48
figure out what it was that we wanted to
32:50
do at this point and kinda pulled out our
32:52
computers. We're looking like we were kinda
32:54
collaborating together for
32:56
work. This
32:56
gave them an opportunity to just sit in front of
32:58
the door of this office and watch what
33:00
was going on. Since nobody was in the
33:02
lobby to really bother them, they
33:04
could on something right there in the lobby, but really
33:07
scouting around, watching what's going on,
33:09
like seeing how people get in and out of this
33:11
office, or are there opportunities to
33:13
tailgate behind someone as they in or
33:15
out, and that sort of thing. But
33:17
as they were looking around, you noticed
33:19
that in this lobby, there was
33:21
a kiosk a little computer that
33:23
lets visitors check-in or give some
33:25
information or something. Well, this
33:27
was curious, an unattended
33:29
computer in the lobby. What's a
33:31
couple of protesters do with
33:33
that? Well, they start messing with it.
33:35
It was running some kind of software that lets
33:37
users only use this one
33:39
app. but they were able to figure out a way to close that
33:41
app and get into the operating system
33:43
on that computer. We were
33:45
able to access the underlying Windows
33:48
OS that was running on it. And from there, there was
33:50
an exposed USB port on the back of
33:52
it. We're able to plug in a batch of money to
33:54
execute the previously written
33:56
script. Okay. So
33:57
a BaaS bunny looks like a normal USB stick,
33:59
but when you put it into a computer, the
34:01
computer asks, hey, what are you? And the BaaS
34:03
bunny says, oh, hi. I'm a keyboard.
34:06
and the computer's like, oh, okay. Got it. I'll
34:08
let you type stuff if you want. And so
34:10
the Bashmoney has this preloaded script
34:13
and it says, Okay. Here are some key presses
34:15
and it sends a pre created set of
34:18
keystrokes to
34:20
the computer. Well, the computer thinks
34:22
it's a keyboard. So it just starts accepting these
34:24
keystrokes. And you can do things
34:26
like open up a command terminal
34:28
or a program and then start typing
34:30
commands in that. In the case of
34:32
Jeremiah, he made the script open up
34:34
a word program and start
34:36
typing on the screen. And it was just enough
34:38
so that he take a photo to prove that he has control over this
34:40
computer. Because, I mean, if you can
34:42
open up a program on a computer and start
34:44
typing words on the screen, then you have control
34:46
of that
34:48
computer. Right? So while this kiosk computer didn't have an
34:50
actual keyboard connected to it,
34:52
Jeremiah could prove that it's not
34:54
locked down and he's able to plug
34:56
a keyboard into it and take control of that
34:58
computer and nobody would stop him.
35:00
They also noted that this kiosk had
35:02
an ethernet connection to
35:04
the wall, And this is
35:06
interesting because this Ethernet
35:08
jack might be on the same
35:10
network as the computers inside this office.
35:12
And you don't even need to go in the office to
35:14
get into the network. but they didn't plug into this Ethernet jack. They
35:16
wanted to see if they could get into the office
35:18
now. And after examining the doors
35:20
for a
35:22
little while, They understood that there's a key card reader there and you need
35:24
to swipe your key in order to get the door to
35:26
unlock, but they wanted to
35:28
see if that
35:30
was true. so they walked
35:32
up to the door and tried pulling on the
35:34
handle. They should
35:34
have been locked, but as we pulled
35:37
them, the doors were just unlocked at
35:39
this particular day. So we were able to to to
35:41
open the doors as they were
35:43
and walk right into
35:46
the floor. So
35:47
that's another photo that they
35:49
took that was going in the report. They were
35:51
able to walk right in through the front door, go
35:53
up to stairs and just open the office door
35:55
and go inside the office, now they
35:57
were in an office where there's a whole
35:59
bunch of private information
36:02
around. And now that they're in this office,
36:04
they might as well try to see what kind of private
36:06
information they can team. So at this point, we
36:07
took pictures of us freely being able to
36:10
open the office doors from the
36:12
lobby and us
36:14
walking around in the
36:16
internal office space. As
36:18
we walked through the office,
36:20
we noted again other network
36:22
ports, printers,
36:24
network TVs, projects that
36:26
were being worked on. So things
36:28
that were written on whiteboards,
36:30
labels that were labeling
36:33
files that were just out in the open
36:36
space. Different IP addresses.
36:38
As we walked through, we were
36:40
able to kind of map
36:42
out the IP address schema
36:44
from IP labels that
36:46
were written and addressed to
36:48
the printers that were around the
36:50
office space. looking for any
36:52
other kind of information that
36:55
could be leveraged in some way.
36:58
And so the whole time we're walking
37:00
around, keep in mind, we didn't have our badges on, like, at all.
37:02
We walked by many people.
37:04
watched by many people saying
37:07
hi to folks. We even at
37:09
one point, went into
37:12
the the employee break room and
37:14
grabbed some coffee and kinda hung out there for a few minutes just to
37:16
see if anybody would challenge
37:18
us, like, at all, because we were
37:20
not wearing our badges again.
37:22
And nobody
37:24
said anything, like at any points, and people
37:26
kind of said, hi. How
37:28
are you doing? Not at Addus, but for
37:30
the most part, nobody ever
37:34
us. I think what
37:35
worked here is they looked at the part
37:37
and acted with confidence. If they dressed
37:39
differently than the other workers or looked
37:41
suspicious in some way, like
37:43
the way they were moved around, they would have made them
37:45
more likely to be stopped. And there's
37:48
something that makes us more accepting of
37:50
somebody, if they're already passed the security
37:52
barriers. If they're in the office,
37:54
they must belong there. Right? Or else
37:56
they wouldn't have been able to get in? As
37:58
they were moving around, they open
38:00
conference table, a little spot where people
38:02
can gather to do work, but not quite
38:04
in a conference room. So we
38:06
sat down at this table, and we
38:09
noticed that there were some Ethernet jacks
38:11
on the wall. We both
38:13
had cables that
38:16
we up with us, and so
38:18
we plugged into the wall. Now
38:20
finding an open ethernet jack
38:23
could be a gold They
38:26
saw the WiFi networks were in this
38:28
place, but they didn't know what the WiFi password
38:30
was. But you don't need a
38:32
password when you're plugging in to a port on the
38:34
wall. All you need is a cable. So
38:36
plugging in could potentially get you
38:38
access into the internal
38:40
network. These Ethernet ports can
38:42
be configured a lot of ways though.
38:44
They might give you internal access or they might
38:46
give you no access at all. It's not
38:48
a sure thing that just because physically in the
38:50
office means that you're gonna be able to plug in and
38:52
use the network. And a properly
38:54
configured office will make it so
38:56
you can't just walk up and
38:58
plug into any ethernet port. But they plugged their
39:00
computers into the ethernet jacks
39:03
and saw that the ports were alive and
39:05
gave them IP addresses, then they
39:08
quickly scanned around the network to see what
39:10
was on this network,
39:12
but there were no other computers on the
39:14
network. All they could do was access the
39:16
Internet. Nothing internal in
39:19
the office. Okay. So
39:21
might be a sign that this
39:23
company was using NAC. NAC
39:25
stands for network access control,
39:27
and it means that when you plug a
39:29
computer into a port, The router takes a look at
39:31
your Mac address of your computer to see if that computer should
39:33
have special access. A Mac address is the
39:36
hardware address on an
39:38
ethernet port which is on your
39:40
computer. So this network was checking
39:42
the computer's MAC address to see if
39:44
it was allowed on the network. And if
39:46
so, it would give you special access. But
39:48
if not, it would just give you
39:50
very restricted access. In this
39:52
case, since the router didn't know
39:54
Jeremiah's computer's Mac address,
39:56
it just gave him very restricted
39:58
network access. sort of like guest access. And I guess this is
40:00
good security. You want your ethernet
40:02
ports to require users to
40:04
check for some authorization before
40:06
giving them
40:08
network access. Because you don't want anyone to just be able to walk up and plug their
40:10
computer into any Ethernet jack and get
40:12
full access to the soft underbelly of
40:14
the network, So
40:16
if you were a penetration
40:17
tester and notice that this network had
40:19
a knack to restrict your access when
40:21
you plug in, what can you do
40:23
to bypass this?
40:26
Well, you could find a MAC address that is on the
40:28
allow list. And you could change
40:30
your computer's MAC address to
40:32
be one of those. and
40:34
you might be able to get in.
40:36
So what we did is we noted a couple of the
40:38
printers that were there in those
40:42
locations. and we went to those printers and
40:44
we were able to look up the
40:46
Macs online for the for
40:48
the style printer it was.
40:51
See, what you need
40:52
to know about MAC addresses is that the first
40:54
part of the MAC address is assigned
40:56
to a vendor. So
40:58
if you had Cisco equipment,
41:00
Every single Ethernet port on all Cisco equipment starts with the
41:03
MAC address 9436
41:05
CC, and then the second
41:07
half of the MAC address
41:09
would be different for every ethernet port, making them all
41:11
different. So Jeremiah saw which types of printers
41:13
they had and look
41:16
up what that vendor's MAC address started with and then change
41:18
the MAC address on his computer to be
41:20
the same as what the printer started with.
41:22
And then he tried plugging
41:25
Ethernet cable back in to see if he would
41:27
get a different IP and
41:30
boom. This gave him a totally different
41:32
IP, which gave him totally on access,
41:34
which was the access he needed to get
41:36
to the inside of this network.
41:38
We
41:38
were ecstatic.
41:40
We were super excited. just because
41:43
well, one, we, you know, we're able to accomplish a goal
41:45
and that was to get access
41:47
to the network. and
41:50
being able to conduct network access
41:52
bypass was something so simple as
41:54
changing your MAC. One was super
41:57
exciting and it was like, we totally got a finding
41:59
out of
41:59
this. It's it's crazy.
42:02
There
42:02
are other ways to configure NAC.
42:04
I think they got lucky that this worked.
42:06
And the network team had to find a more secure way to check up
42:08
a computer should have this sort of network
42:10
access, such as having a certain
42:12
registry file on that computer or
42:15
something like that. So
42:16
we gained access to the network. We
42:19
again took screenshots
42:20
and photos of
42:23
our steps of what we did to get
42:25
access to it. We showed that we had access to it. We showed that we had an IP. We showed that we're
42:28
able to navigate the
42:30
Internet while being connected to
42:32
the network. we kind of packed
42:34
up. We disconnected.
42:36
Put our
42:37
laptops
42:38
back in our bag.
42:40
and we went around the floor just to kind of look for
42:43
any additional target of opportunities
42:45
that we may not
42:47
have noticed before.
42:50
As we were
42:51
walking around the floor, we
42:52
noticed there were kind of
42:54
actually two separate situations
42:56
of individuals who had kinda
42:59
walked away from their laptops and left
43:02
them unlocked and kind
43:03
of open at
43:06
their desks.
43:07
we took photos of us
43:10
sitting at those computers,
43:12
kind of pretending to plug in
43:14
a device. because, again, organization was very risk
43:16
adverse, and we didn't wanna
43:18
overstep any boundaries of
43:20
what we've been allowed to
43:22
do up into this point because we want to be
43:24
able to conduct these kinds of operations
43:26
again in the future. So
43:28
instead of plugging anything into
43:30
these particular laptops.
43:32
We just kinda sat down and showed
43:34
that they were unlocked, and we could mess with
43:36
them if we wanted to. And, oh, by
43:38
the way, here's a bash buddy. We
43:40
just got then plugging one into a kiosk. We could plug it into here
43:42
too, sort of a thing. And
43:44
so we took photos
43:46
to prove impact
43:48
instead of actually having to conduct
43:50
something on those, they were already unlocked.
43:52
We already had access to them. Someone had
43:54
walked away. So we left
43:57
that floor, as we were kinda walking
43:59
out, we went to the elevator. And
44:01
as we were walking to the elevator, there
44:03
was someone from the other side of the floor
44:05
that was also walking to the elevator and also happened to be going up. So
44:07
we rode with him and the elevator kinda,
44:09
you know, said high
44:12
or pleasantry sort of things, nodded
44:14
and we got off
44:16
on the third floor and as
44:18
they walked out I
44:20
decided I was gonna impromptu follow this
44:22
person and try to see if I can do
44:24
tailgating, to see if they would challenge me
44:26
at all, to see if
44:28
they were any kind of issues there. And and sure enough, if he walks
44:30
up, scans his badge and opens up the
44:32
door, holds it for me. And
44:34
and I'm like, thanks. Appreciate it and just kinda
44:36
walked on
44:38
in. and he never challenged me this particular individual.
44:40
Jeremiah saw that his
44:41
coworker, B. C. stayed behind in the
44:44
lobby and was walking towards a different set
44:46
of office
44:48
doors. Jeremy had tried to loop around towards the other doors to let
44:50
BC in. But when he came around the
44:52
corner, BC was already
44:55
in the office Apparently, those other doors didn't require a badge
44:57
to get in. And BC just pulled on them
45:00
and got right in. So I
45:02
didn't even need to
45:04
tailgate in. but I did and kinda proved that that was
45:06
possible. But the
45:08
doors themselves weren't locked either. So
45:10
we could just open the doors on that
45:14
floor too. another finding for the report. Yeah.
45:16
So while we were on the
45:17
third floor, we kind of
45:20
focused on
45:21
the doing
45:23
intelligence
45:23
gathering. Were there any kind
45:25
of programs that we
45:26
could identify that were being worked
45:30
on that maybe
45:32
shouldn't be public information. What
45:34
other things could we obtain
45:37
about the programs? As we were walking around, we were
45:39
taking photos of whiteboards of
45:42
desks, of paperwork on
45:44
desks, of
45:46
files, the file names,
45:48
trying to collect and obtain
45:49
as much information about these
45:52
programs as
45:54
we could. so that we could then go back and
45:56
see who these
45:58
potential programs
45:59
belong to. or what
46:02
level of sensitivity should really be
46:04
associated with this kind of information.
46:08
We also noted kind of network ports on this floor whether
46:10
or not there were people
46:12
who were at their desk
46:14
with their computers unlocked
46:18
or or if they were away from their desk and they
46:20
were locked. We just noted those things
46:22
as well. and carried
46:24
on with the or used the
46:26
carryover of the previous floor like, hey. If they
46:28
weren't there, we could have also done it on this
46:30
floor too. And,
46:32
hey, by the way, there were these exposed
46:34
network ports in the public
46:37
accessible zone inside of
46:39
the office location as well. These are the IP
46:41
addresses that were associated with printers on
46:43
this location. That
46:46
sort of thing. Right? So we were
46:48
walking around just very much trying to collect
46:50
as much information and data as we could
46:52
as to what was being worked on within
46:54
the location. Once they
46:55
gathered enough information, they packed up their stuff and headed to
46:57
the office, down the steps and out
46:59
the front door, not a single person
47:01
challenged them the whole
47:04
time. And
47:04
and that was that was a pretty successful day for us.
47:08
One, our team hadn't
47:09
conducted a physical
47:12
penetration test
47:14
to
47:14
this measure since
47:17
I'd been there. And
47:19
two, we wanted to
47:21
prove an impact to the organization and three,
47:23
we wanted to make it successful
47:26
enough that they wanted to conduct these kinds
47:28
of things going
47:30
forward because they're
47:32
really huge impacts. Right? Like, if you
47:34
break these things down, they're really
47:36
huge impacts to the
47:38
organization and who the organization
47:40
works with. that could
47:42
be potentially compromised here
47:44
from a number of
47:46
avenues, not only for internal
47:48
business operations,
47:50
but also potentially,
47:52
you know, things that
47:54
affect the
47:55
government and the Department of Defense
47:57
in some way.
47:59
should certain programs be
48:04
compromised or think of any
48:06
kind of code that might be worked on at these locations
48:08
that might be incorporated as part of a
48:10
end product
48:12
for certain entity.
48:14
Right? If there's malicious
48:16
code that's added to a
48:18
software development life cycle, that's
48:21
being conducted within the confines of location that could be
48:23
almost like a
48:26
time based time
48:28
based malware or time based backdoor that gives someone access
48:30
to something after the fact maybe six
48:32
months to a year down the road if
48:35
they wanted to leverage it. there's
48:37
a lot of implications from this kind of a
48:39
thing. Definitely. So
48:40
you put that in the report and you submit
48:42
it and how is it received? So
48:44
ah so this
48:46
was something that hadn't been conducted before.
48:51
They were to
48:54
put it Frank, they kinda everybody kinda had a no shit
48:56
moment because
48:58
it was certainly an avenue that most people didn't
49:02
think about. It
49:03
was an avenue that
49:05
was foreign. And
49:06
again, you know, not many
49:07
people think
49:10
like malicious entities and or what
49:12
they might go through or what the things
49:14
that they would try to accomplish
49:18
to prove their goals. So obviously, this kind of showcase
49:20
the ability of the malicious
49:22
entities to attain
49:24
unfettered access to a location.
49:27
and this was very much a no shit moment
49:29
for leadership. So what they did after
49:31
the fact we found out was obviously
49:33
they went through that location, spoke with
49:35
the facility's management,
49:38
asked questions as to why these doors
49:42
weren't locked, next time we were there, the doors were very much locked. And,
49:44
no, by the way, we didn't have access to it via
49:46
the badges.
49:48
And A lot of
49:50
things were fixed that
49:53
we had previously pointed
49:56
out after
49:56
the fact.
49:57
Leadership was
49:59
particularly surprised when they saw how
50:01
easily they got control of that kiosk. They
50:03
didn't know it was possible to take over
50:05
that computer in the lobby. so
50:07
they just removed it from the lobby. And they
50:09
were also really surprised to see them sitting at
50:11
someone's computer at an
50:14
unlocked workstation. and how they were able to plug into Ethernet JAKs and
50:16
bypass Snack to get into the Insight
50:18
Network. The leadership was impressed by
50:20
Jeremiah and
50:22
BC and allowed them to do further testing to help keep that
50:24
place secure. Since then, Jeremiah
50:26
has moved on to a different company
50:30
called Cenac where he conducts offensive
50:32
operations. Alright. Very cool. Thank you for sharing
50:34
this with us. Thanks, man.
50:36
Thanks for
50:36
having me as Certainly
50:39
a pleasure to chat
50:42
with you.
50:48
A big thank you to
50:50
Jeremiah Roe
50:50
for sharing this penetration
50:51
to our story with us. The show is made by
50:53
me, The DreamWeaver,
50:56
Jacky cider, Sound design and original music was created by the Acrobat, Garrett
50:58
Teederman, editing helped this episode by the
51:00
framemaker, Damien and mixing is
51:02
done
51:02
by
51:04
seventy
51:04
sound. Our theme music is by the premier brake master
51:06
cylinder. Hey, pop quiz.
51:08
What weighs more? A gallon of
51:12
water? or a gallon of butane. Water
51:14
weighs more. Butane is a lighter
51:16
fluid. This is dark
51:20
net diaries.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More