WEBVTT

1
00:00:00.120 --> 00:00:04.040
<v Speaker 1>Usually when we talk about fixing a technical problem, there's

2
00:00:04.120 --> 00:00:07.120
<v Speaker 1>this expectation of mechanical precision. I mean, you have a

3
00:00:07.160 --> 00:00:11.679
<v Speaker 1>server crash, the diagnostic logs spits out a jagged red

4
00:00:11.880 --> 00:00:14.080
<v Speaker 1>error code, and the IT person just points at the

5
00:00:14.080 --> 00:00:15.839
<v Speaker 1>screen and says, there it is broken.

6
00:00:15.839 --> 00:00:19.399
<v Speaker 2>Part A right, Yeah, it's a comforting illusion. Really, we

7
00:00:19.480 --> 00:00:22.440
<v Speaker 2>treat networks like car engines. Something clanks, you find the

8
00:00:22.480 --> 00:00:26.039
<v Speaker 2>broken gear, you replace it. It's you know, binary visible,

9
00:00:26.239 --> 00:00:27.440
<v Speaker 2>neatly categorized.

10
00:00:27.800 --> 00:00:30.359
<v Speaker 1>But the moment you step into the world of cybersecurity,

11
00:00:31.000 --> 00:00:36.119
<v Speaker 1>that pristine diagnostic machine just well, it shatters. We're looking

12
00:00:36.159 --> 00:00:39.759
<v Speaker 1>at a landscape that is incredibly murky, and that murky

13
00:00:39.799 --> 00:00:42.719
<v Speaker 1>landscape is exactly what we're doing our deep dive into today.

14
00:00:42.840 --> 00:00:43.719
<v Speaker 2>Oh absolutely.

15
00:00:43.799 --> 00:00:46.920
<v Speaker 1>We are pulling insights from a massive stack of research

16
00:00:47.799 --> 00:00:50.679
<v Speaker 1>primarily centered around hacking for dummies to figure out how

17
00:00:50.719 --> 00:00:54.119
<v Speaker 1>attackers actually operate in those shadows. So our mission for

18
00:00:54.159 --> 00:00:56.719
<v Speaker 1>this deep dive is to pull back the cursion on

19
00:00:56.799 --> 00:01:00.759
<v Speaker 1>this secretive world, exploring how malicious hackers operate and more importantly,

20
00:01:00.799 --> 00:01:03.399
<v Speaker 1>how you, the person listening right now, can think like

21
00:01:03.439 --> 00:01:05.920
<v Speaker 1>want to protect your own digital and physical life. Okay,

22
00:01:05.959 --> 00:01:10.000
<v Speaker 1>let's unpack this because true security isn't just about buying

23
00:01:10.040 --> 00:01:14.680
<v Speaker 1>the most expensive software, It's about fundamentally understanding the enemy's mindset.

24
00:01:14.959 --> 00:01:18.200
<v Speaker 2>Yeah, we have to look at information systems completely from

25
00:01:18.200 --> 00:01:20.760
<v Speaker 2>the perspective of those trying to break them. Right. We

26
00:01:20.840 --> 00:01:25.879
<v Speaker 2>need to go beyond simply listing what vulnerabilities exist and

27
00:01:26.000 --> 00:01:28.879
<v Speaker 2>explore the mechanics of how they are exploited and why

28
00:01:28.959 --> 00:01:32.239
<v Speaker 2>they matter to you personally. Because until you apply that

29
00:01:32.359 --> 00:01:35.680
<v Speaker 2>knowledge to assess your own systems from an attacker's point

30
00:01:35.680 --> 00:01:38.439
<v Speaker 2>of view, I mean, it is practically impossible to have

31
00:01:38.519 --> 00:01:41.640
<v Speaker 2>a true sense of how secure your information actually is.

32
00:01:42.159 --> 00:01:45.439
<v Speaker 1>So let's start by redefining the threat itself, like who

33
00:01:45.519 --> 00:01:47.959
<v Speaker 1>is actually hacking you? Yeah, because for anyone who follows

34
00:01:47.959 --> 00:01:50.959
<v Speaker 1>this space, we know we have to dismantle that tired

35
00:01:51.000 --> 00:01:56.359
<v Speaker 1>pop culture stereotype of the lone pimply teenager.

36
00:01:55.920 --> 00:01:57.920
<v Speaker 2>In a hoodie, right, yeah, the hacker in a dark

37
00:01:57.959 --> 00:01:58.760
<v Speaker 2>basement exactly.

38
00:01:58.799 --> 00:02:01.560
<v Speaker 1>The threat landscape is highly stratified. At the baseline. You

39
00:02:01.599 --> 00:02:04.040
<v Speaker 1>have what the text calls the script kitties.

40
00:02:03.959 --> 00:02:06.959
<v Speaker 2>Which is, well, it's a slightly condescending term for a

41
00:02:07.079 --> 00:02:10.240
<v Speaker 2>very real problem. These are computer novices who lack a

42
00:02:10.280 --> 00:02:14.800
<v Speaker 2>deep understanding of networking protocols. But the thing is, they

43
00:02:14.840 --> 00:02:19.000
<v Speaker 2>don't need it anymore. The democratization of exploit tools has

44
00:02:19.080 --> 00:02:23.039
<v Speaker 2>completely changed the game. Wow, they just download free vulnerability

45
00:02:23.080 --> 00:02:27.360
<v Speaker 2>scanners and automated malware packages from the Internet. They're sloppy,

46
00:02:27.479 --> 00:02:31.240
<v Speaker 2>they leave massive digital footprints, but because they can launch

47
00:02:31.400 --> 00:02:34.719
<v Speaker 2>thousands of automated attacks with a single click, they cause

48
00:02:34.759 --> 00:02:37.159
<v Speaker 2>an enormous amount of collateral damage.

49
00:02:36.759 --> 00:02:39.599
<v Speaker 1>Just sheer volume. And then, sitting above them, you have

50
00:02:39.840 --> 00:02:43.680
<v Speaker 1>the heavy hitters, the criminal hackers or crackers. These are

51
00:02:43.719 --> 00:02:46.759
<v Speaker 1>the highly skilled experts who actually write the underlying code

52
00:02:46.879 --> 00:02:47.800
<v Speaker 1>right exactly.

53
00:02:47.840 --> 00:02:50.479
<v Speaker 2>They are the architects of the malware that the script

54
00:02:50.520 --> 00:02:53.520
<v Speaker 2>kitties end up deploying. They break into networks, they steal

55
00:02:53.520 --> 00:02:57.520
<v Speaker 2>intellectual property, and they have the sophisticated knowledge required to

56
00:02:58.159 --> 00:03:00.800
<v Speaker 2>completely scrub their tracks from the system logs.

57
00:03:01.000 --> 00:03:01.840
<v Speaker 1>It's terrifying.

58
00:03:02.199 --> 00:03:05.599
<v Speaker 2>Yeah. And meanwhile, working in parallel to them, you have

59
00:03:06.039 --> 00:03:10.159
<v Speaker 2>the security researchers. These are the highly technical experts who

60
00:03:10.199 --> 00:03:12.919
<v Speaker 2>actively hunt for the exact same flaws, but they do

61
00:03:13.000 --> 00:03:15.919
<v Speaker 2>it to build defensive tools and issue patches before the

62
00:03:15.960 --> 00:03:17.280
<v Speaker 2>criminals can exploit them.

63
00:03:17.400 --> 00:03:21.599
<v Speaker 1>The good guys essentially, but you know, the most chilling

64
00:03:21.639 --> 00:03:24.800
<v Speaker 1>paradigm shift here isn't about skill level at all. It's

65
00:03:24.840 --> 00:03:29.000
<v Speaker 1>about proximity, because the biggest threat to your data might

66
00:03:29.080 --> 00:03:32.039
<v Speaker 1>not be some faceless syndicate halfway across the world. It

67
00:03:32.120 --> 00:03:34.039
<v Speaker 1>might just be the person sitting in the next cubicle

68
00:03:34.039 --> 00:03:35.639
<v Speaker 1>over the insider threat.

69
00:03:35.800 --> 00:03:37.120
<v Speaker 2>Oh absolutely, we're.

70
00:03:36.960 --> 00:03:40.759
<v Speaker 1>Talking about malicious users. So employees contractors are interns who

71
00:03:40.800 --> 00:03:43.960
<v Speaker 1>actively abuse the privileges they've been granted. I mean, Edward

72
00:03:44.039 --> 00:03:46.879
<v Speaker 1>Snowden is a prime historical example mentioned in the text

73
00:03:47.120 --> 00:03:50.280
<v Speaker 1>of a trusted user who utilized his legitimate clearance to

74
00:03:50.360 --> 00:03:54.360
<v Speaker 1>bypass external defenses and access deeply sensitive data.

75
00:03:54.520 --> 00:03:57.039
<v Speaker 2>Right, but we have to widen that definition, though intentional

76
00:03:57.080 --> 00:04:00.000
<v Speaker 2>sabotage is actually pretty rare compared to the damage cause

77
00:04:00.280 --> 00:04:04.159
<v Speaker 2>by sheer ignorance. Wait really, Oh yeah, an innocent insider

78
00:04:04.280 --> 00:04:07.199
<v Speaker 2>can level a company's network just as effectively as a

79
00:04:07.280 --> 00:04:12.159
<v Speaker 2>nation state attacker. It's the careless user who mindlessly clicks

80
00:04:12.199 --> 00:04:16.959
<v Speaker 2>on a sophisticated ransomware link in an email, or the

81
00:04:17.040 --> 00:04:21.920
<v Speaker 2>database administrator who accidentally deletes a critical directory. A single

82
00:04:22.000 --> 00:04:25.040
<v Speaker 2>keystroke error can trigger a catastrophic failure.

83
00:04:25.199 --> 00:04:27.279
<v Speaker 1>Okay, I'm going to push back on grouping those two

84
00:04:27.319 --> 00:04:32.000
<v Speaker 1>things together, though, labeling an innocent employee a malicious user

85
00:04:32.120 --> 00:04:35.199
<v Speaker 1>just because they have a fat finger on the keyboard

86
00:04:35.519 --> 00:04:38.879
<v Speaker 1>feels a bit disingenuous. Fair to me, that's like saying

87
00:04:39.120 --> 00:04:41.120
<v Speaker 1>leaving your house key in the front door by accident

88
00:04:41.120 --> 00:04:43.120
<v Speaker 1>makes you the exact same thing as the burglar who

89
00:04:43.120 --> 00:04:45.480
<v Speaker 1>eventually uses it to rob your house. One is the

90
00:04:45.600 --> 00:04:48.120
<v Speaker 1>human error and the other is a premeditated crime.

91
00:04:48.279 --> 00:04:50.600
<v Speaker 2>I get that. But if we connect this to the

92
00:04:50.720 --> 00:04:53.680
<v Speaker 2>bigger picture, consider it from the perspective of the system's

93
00:04:53.680 --> 00:04:57.839
<v Speaker 2>defense mechanisms, to the firewall or the database architecture, the

94
00:04:57.920 --> 00:04:59.800
<v Speaker 2>intent is entirely irrelevant.

95
00:05:00.000 --> 00:05:00.720
<v Speaker 1>I guess it's true.

96
00:05:00.800 --> 00:05:04.240
<v Speaker 2>The mathematical result is identical. Whether the digital door was

97
00:05:04.319 --> 00:05:06.959
<v Speaker 2>kicked off its hinges or simply left unlocked by a

98
00:05:07.000 --> 00:05:10.000
<v Speaker 2>tired accountant, the data still walked out the door. A

99
00:05:10.120 --> 00:05:14.560
<v Speaker 2>vulnerability is a vulnerability, right. The network only registers the breach,

100
00:05:14.959 --> 00:05:17.560
<v Speaker 2>not the feelings or the intent of the person who

101
00:05:17.600 --> 00:05:21.800
<v Speaker 2>caused it. And understanding that mechanical indifference is exactly why

102
00:05:21.839 --> 00:05:25.839
<v Speaker 2>we have to dig into the psychology driving the intentional attacks.

103
00:05:25.399 --> 00:05:28.439
<v Speaker 1>Which moves us from the who to the why. Beyond

104
00:05:28.519 --> 00:05:32.519
<v Speaker 1>just financial gain, the underlying motivations in the research are fascinating.

105
00:05:32.959 --> 00:05:37.199
<v Speaker 1>Hackers are heavily driven by adrenaline, bravado, and often a

106
00:05:37.240 --> 00:05:40.839
<v Speaker 1>well a borderline sociopathic need to outsmart authority.

107
00:05:40.959 --> 00:05:42.560
<v Speaker 2>Yeah, it's a game to them, exactly.

108
00:05:42.720 --> 00:05:46.360
<v Speaker 1>Yeah, they view electronic defenses merely as puzzles to be solved.

109
00:05:46.560 --> 00:05:49.800
<v Speaker 1>They completely decouple their actions from the human cost, you know,

110
00:05:49.839 --> 00:05:53.360
<v Speaker 1>the ruined credit, the lost jobs, the compromise physical safety

111
00:05:53.360 --> 00:05:54.519
<v Speaker 1>that sits right behind the firewall.

112
00:05:54.600 --> 00:05:57.000
<v Speaker 2>They just broke through, and there is a brutal reality

113
00:05:57.040 --> 00:05:59.959
<v Speaker 2>we have to confront here. The law of averages fundamentally

114
00:06:00.040 --> 00:06:03.959
<v Speaker 2>works against businesses and individuals. Well, an attacker has endless time.

115
00:06:04.720 --> 00:06:08.480
<v Speaker 2>They use automated networks, routing through the dark web or

116
00:06:08.519 --> 00:06:13.360
<v Speaker 2>open public Wi Fi to relentlessly probe your defenses. It

117
00:06:13.439 --> 00:06:18.079
<v Speaker 2>is a mathematical certainty that eventually your system will be scanned.

118
00:06:17.720 --> 00:06:20.720
<v Speaker 1>And that's scanning is highly automated. Now i'd actually want

119
00:06:20.759 --> 00:06:23.040
<v Speaker 1>to talk about how they do that. The text compares

120
00:06:23.120 --> 00:06:27.439
<v Speaker 1>hackers to tinkerers like Tim the Toolman tailor from that

121
00:06:27.480 --> 00:06:28.120
<v Speaker 1>old sitcom.

122
00:06:28.279 --> 00:06:29.399
<v Speaker 2>Oh yeah right, Like.

123
00:06:29.439 --> 00:06:32.360
<v Speaker 1>Old school mechanics who just love taking an engine apart

124
00:06:32.399 --> 00:06:34.759
<v Speaker 1>to see what happens when a specific valve is removed.

125
00:06:35.800 --> 00:06:38.519
<v Speaker 1>But if hackers have endless time and an endless array

126
00:06:38.560 --> 00:06:41.879
<v Speaker 1>of automated tools to tinker with our networks, how can

127
00:06:41.920 --> 00:06:45.319
<v Speaker 1>a busy it person or just a regular listener trying

128
00:06:45.319 --> 00:06:48.000
<v Speaker 1>to protect their home router ever, hope to defend against that.

129
00:06:48.160 --> 00:06:50.519
<v Speaker 2>Well, you don't try to build an impenetrable fortress. You

130
00:06:50.560 --> 00:06:52.959
<v Speaker 2>address the low hanging fruit. This is where the Peretto

131
00:06:53.040 --> 00:06:56.639
<v Speaker 2>principle or the eighty twenty rule becomes your primary survival

132
00:06:56.680 --> 00:06:59.759
<v Speaker 2>tax or the eighty twenty rule. Yeah, roughly twenty percent

133
00:07:00.120 --> 00:07:03.399
<v Speaker 2>of your system vulnerabilities are going to be responsible for

134
00:07:03.480 --> 00:07:07.000
<v Speaker 2>eighty percent of your actual risk exposure. To find that

135
00:07:07.079 --> 00:07:10.800
<v Speaker 2>critical twenty percent, you cannot just install an antivirus program

136
00:07:10.839 --> 00:07:14.160
<v Speaker 2>and walk away. You have to actively simulate an ethical

137
00:07:14.199 --> 00:07:17.439
<v Speaker 2>attack on your own infrastructure to see what the automated

138
00:07:17.480 --> 00:07:18.519
<v Speaker 2>scanners see.

139
00:07:18.360 --> 00:07:21.839
<v Speaker 1>And how exactly do those automated scanners work, Like, what

140
00:07:21.920 --> 00:07:23.120
<v Speaker 1>are they actually seeing?

141
00:07:23.360 --> 00:07:26.480
<v Speaker 2>Think of a port scanner like a burglar walking down

142
00:07:26.519 --> 00:07:29.560
<v Speaker 2>a long hotel hallway at two in the morning, just

143
00:07:29.680 --> 00:07:32.920
<v Speaker 2>rapidly jiggling every single door handle to see which one gives.

144
00:07:33.000 --> 00:07:34.680
<v Speaker 1>Okay, that's a creepy image.

145
00:07:34.399 --> 00:07:37.160
<v Speaker 2>It is, But a port scanner is just software asking

146
00:07:37.360 --> 00:07:39.920
<v Speaker 2>thousands of digital entry points on your network, hey are

147
00:07:39.920 --> 00:07:42.639
<v Speaker 2>you locked? And once it finds an unlocked door, the

148
00:07:42.639 --> 00:07:46.800
<v Speaker 2>attacker uses an exploitation framework like metasploit, which is essentially

149
00:07:47.160 --> 00:07:50.680
<v Speaker 2>a massive searchable database of known vulnerabilities.

150
00:07:50.720 --> 00:07:51.000
<v Speaker 1>Wow.

151
00:07:51.240 --> 00:07:55.360
<v Speaker 2>Metasploit provides the specific digital crowbar designed to pry open

152
00:07:55.399 --> 00:07:57.240
<v Speaker 2>that exact brand of unlocked door.

153
00:07:57.519 --> 00:08:00.000
<v Speaker 1>So because the attackers are so methodical with these twols,

154
00:08:00.639 --> 00:08:03.399
<v Speaker 1>the defenders have to be just as rigorous. I mean,

155
00:08:03.439 --> 00:08:05.439
<v Speaker 1>you don't just sit down and start blindly hacking your

156
00:08:05.439 --> 00:08:09.120
<v Speaker 1>own company. That brings us to the methodology of vulnerability

157
00:08:09.160 --> 00:08:13.600
<v Speaker 1>and penetration testing. It requires a highly documented scope, a

158
00:08:13.639 --> 00:08:16.720
<v Speaker 1>strict timeline, and most crucially, a get out of jail

159
00:08:16.800 --> 00:08:17.279
<v Speaker 1>free card.

160
00:08:17.439 --> 00:08:23.279
<v Speaker 2>Oh yeah, that authorization is non negotiable. You need written

161
00:08:23.560 --> 00:08:27.879
<v Speaker 2>executive approval outlining exactly what IP addresses you are allowed

162
00:08:27.879 --> 00:08:31.399
<v Speaker 2>to test. Without documented sponsorship, running these tools on a

163
00:08:31.439 --> 00:08:33.720
<v Speaker 2>corporate network is a massive liability.

164
00:08:33.799 --> 00:08:34.279
<v Speaker 1>Oh I bet.

165
00:08:34.320 --> 00:08:37.840
<v Speaker 2>The Digital Millennium Copyright Act and various federal regulations treat

166
00:08:37.919 --> 00:08:41.519
<v Speaker 2>unauthorized probing as a crime. Furthermore, if you launch a

167
00:08:41.519 --> 00:08:44.080
<v Speaker 2>heavy scan without warning your Internet service provider or your

168
00:08:44.080 --> 00:08:47.360
<v Speaker 2>cloud vendor their automated defenses might flag you as a

169
00:08:47.360 --> 00:08:50.360
<v Speaker 2>hostile threat, and they will shut down your entire business operation.

170
00:08:50.600 --> 00:08:53.320
<v Speaker 1>Not to mention the danger of self inflicted sabotage. The

171
00:08:53.360 --> 00:08:56.440
<v Speaker 1>source talks about this. If you aren't careful, you can

172
00:08:56.519 --> 00:09:00.600
<v Speaker 1>accidentally trigger a denial of service or DOS for anyone.

173
00:09:00.679 --> 00:09:05.559
<v Speaker 1>Unfamiliar ADS attack is basically creating a massive artificial traffic jam.

174
00:09:06.120 --> 00:09:09.240
<v Speaker 1>You flood a server with so many fake requests that

175
00:09:09.360 --> 00:09:12.399
<v Speaker 1>legitimate users can't get through. If your internal it team

176
00:09:12.480 --> 00:09:16.039
<v Speaker 1>runs a vulnerability scanner too aggressively during peak business hours,

177
00:09:16.720 --> 00:09:20.200
<v Speaker 1>they can inadvertently overwhelm their own servers. You become the

178
00:09:20.320 --> 00:09:22.200
<v Speaker 1>exact threat you're trying to prevent.

179
00:09:22.600 --> 00:09:25.279
<v Speaker 2>This is exactly where internal teams shoot themselves in the foot.

180
00:09:25.480 --> 00:09:28.320
<v Speaker 2>They lack the precision you have to throttle back your

181
00:09:28.360 --> 00:09:32.120
<v Speaker 2>automated scans and understand the granular impact of the tools

182
00:09:32.159 --> 00:09:32.879
<v Speaker 2>you are deploying.

183
00:09:33.360 --> 00:09:37.039
<v Speaker 1>So what does this all mean for structuring these tests sufficiently?

184
00:09:37.600 --> 00:09:40.639
<v Speaker 1>There's a debate in the material between blind testing, where

185
00:09:40.639 --> 00:09:43.759
<v Speaker 1>the ethical hacker is given absolutely no prior information about

186
00:09:43.799 --> 00:09:47.960
<v Speaker 1>the company's internal layout, and knowledge based testing. Honestly, blind

187
00:09:47.960 --> 00:09:51.240
<v Speaker 1>testing seems wildly inefficient to me. Why do you say that, well,

188
00:09:51.320 --> 00:09:54.320
<v Speaker 1>why would a company pay a highly skilled professional to

189
00:09:54.399 --> 00:09:57.919
<v Speaker 1>spend three weeks just guessing internal IP addresses and mapping

190
00:09:57.919 --> 00:10:00.519
<v Speaker 1>out server names when you could hand them the network

191
00:10:00.519 --> 00:10:03.720
<v Speaker 1>map on day one and focus their expensive hours on

192
00:10:03.879 --> 00:10:05.639
<v Speaker 1>actually finding the deep flaws.

193
00:10:06.200 --> 00:10:09.720
<v Speaker 2>I mean, from a purely financial standpoint, you're spot on

194
00:10:10.600 --> 00:10:14.159
<v Speaker 2>knowledge based testing. Sharing the network map is far more

195
00:10:14.159 --> 00:10:19.000
<v Speaker 2>cost effective for finding deep architectural flaws. Hoerever, simulating a

196
00:10:19.000 --> 00:10:22.240
<v Speaker 2>blind test for the initial external footprint is still a

197
00:10:22.360 --> 00:10:26.120
<v Speaker 2>vital exercise. You have to discover what is publicly visible

198
00:10:26.200 --> 00:10:29.639
<v Speaker 2>without insider knowledge, because that is exactly where a real

199
00:10:29.720 --> 00:10:33.080
<v Speaker 2>criminals attack begins. They don't start with your internal map,

200
00:10:33.240 --> 00:10:36.440
<v Speaker 2>They start in the reconnaissance phase, the digital breadcrumbs.

201
00:10:36.720 --> 00:10:40.000
<v Speaker 1>Ye, this leads us right into footprinting. This is how

202
00:10:40.080 --> 00:10:43.440
<v Speaker 1>hackers gather a terrifying amount of public intelligence about a

203
00:10:43.519 --> 00:10:46.759
<v Speaker 1>target before they ever send a single malicious packet to

204
00:10:46.799 --> 00:10:49.399
<v Speaker 1>the actual network. And the tools they use aren't some

205
00:10:49.519 --> 00:10:52.759
<v Speaker 1>dark Web exclusive software. They use the open web.

206
00:10:52.960 --> 00:10:55.639
<v Speaker 2>Yeah. The primary weapon of reconnaissance is just a standard

207
00:10:55.679 --> 00:10:57.960
<v Speaker 2>search engine weaponized through specific.

208
00:10:57.559 --> 00:11:02.600
<v Speaker 1>Syntac exactly Google hacking. Using specific search switches, an attacker

209
00:11:02.639 --> 00:11:05.480
<v Speaker 1>can force the search engine to hunt down unsecured files.

210
00:11:06.000 --> 00:11:09.159
<v Speaker 1>If they type the command file type colon pdf, then

211
00:11:09.240 --> 00:11:12.679
<v Speaker 1>add a target company's name and the word confidential, the

212
00:11:12.720 --> 00:11:16.440
<v Speaker 1>search engine bypasses the main website and directly indexes every

213
00:11:16.559 --> 00:11:20.360
<v Speaker 1>unsecured PDF document sitting on a forgotten public facing server.

214
00:11:20.480 --> 00:11:24.480
<v Speaker 1>It's that easy, yeah, And they pair this with whois lookups,

215
00:11:24.960 --> 00:11:27.879
<v Speaker 1>querying the global demand registries to find the exact names,

216
00:11:27.919 --> 00:11:31.240
<v Speaker 1>phone numbers, and physical addresses of the people who registered

217
00:11:31.240 --> 00:11:32.639
<v Speaker 1>the company's web assets.

218
00:11:32.879 --> 00:11:36.039
<v Speaker 2>They also deploy web crawlers to scrape the raw HTML

219
00:11:36.200 --> 00:11:39.519
<v Speaker 2>source code of the company's public websites, and they aren't

220
00:11:39.559 --> 00:11:42.120
<v Speaker 2>looking at the visual design. They're looking for the hidden

221
00:11:42.159 --> 00:11:44.639
<v Speaker 2>comments developers leave for each other, which.

222
00:11:44.480 --> 00:11:48.039
<v Speaker 1>Happens constantly because human beings are lazy and constantly rushing

223
00:11:48.080 --> 00:11:50.759
<v Speaker 1>to meet deadlines. A developer will even note in the

224
00:11:50.799 --> 00:11:53.879
<v Speaker 1>code saying, Hey, Dave, the new staging server is at

225
00:11:53.879 --> 00:11:57.279
<v Speaker 1>this IP address. Use this temporary admin credential to check

226
00:11:57.320 --> 00:12:00.159
<v Speaker 1>the layout. They forget to delete it, and suddenly the

227
00:12:00.200 --> 00:12:03.600
<v Speaker 1>attacker has a direct roadmap to an unprotected test server.

228
00:12:03.759 --> 00:12:07.799
<v Speaker 2>And sometimes organizations volunteer this information out of a misguided

229
00:12:07.799 --> 00:12:08.960
<v Speaker 2>sense of transparency.

230
00:12:09.039 --> 00:12:11.440
<v Speaker 1>Oh man, here's where it gets really interesting. There's an

231
00:12:11.519 --> 00:12:15.440
<v Speaker 1>incredibly vivid example of this in the research. A business

232
00:12:15.440 --> 00:12:18.080
<v Speaker 1>owner wanted to brag to his customers about how secure

233
00:12:18.120 --> 00:12:21.679
<v Speaker 1>their data was, so in the company's public privacy policy,

234
00:12:21.840 --> 00:12:26.080
<v Speaker 1>he proudly listed the exacut make model and firmware version

235
00:12:26.240 --> 00:12:29.960
<v Speaker 1>of the firewall they had just installed. Unbelievable, he effectively

236
00:12:30.039 --> 00:12:33.679
<v Speaker 1>handed the global hacking community the precise blueprints to his

237
00:12:33.759 --> 00:12:36.840
<v Speaker 1>perimeter defense. An attacker can just look up the known

238
00:12:36.879 --> 00:12:39.600
<v Speaker 1>vulnerabilities for that specific firmware and walk right in.

239
00:12:39.840 --> 00:12:42.799
<v Speaker 2>What's fascinating here is when you apply that concept to

240
00:12:42.840 --> 00:12:47.399
<v Speaker 2>your own personal digital footprint. An attacker's reconnaissance isn't limited

241
00:12:47.399 --> 00:12:50.840
<v Speaker 2>to server architecture. They will spend hours mapping your human

242
00:12:50.879 --> 00:12:55.039
<v Speaker 2>network on LinkedIn, Facebook or Instagram. They identify who works

243
00:12:55.039 --> 00:12:57.360
<v Speaker 2>in the IT department, what sports teams, they follow, the

244
00:12:57.440 --> 00:13:00.000
<v Speaker 2>names of their pets, and when they post vacation photos

245
00:13:00.039 --> 00:13:04.200
<v Speaker 2>from another state. This vast web of personal intelligence theer's

246
00:13:04.279 --> 00:13:07.240
<v Speaker 2>one singular purpose, and that is weaponizing trust.

247
00:13:07.480 --> 00:13:11.279
<v Speaker 1>Weaponizing trust. That is the perfect pivot into the absolute

248
00:13:11.320 --> 00:13:14.960
<v Speaker 1>core of modern hacking, which is social engineering. Yes, we've

249
00:13:15.039 --> 00:13:20.320
<v Speaker 1>been decades building incredibly strong perimeter firewalls and complex encryption algorithms,

250
00:13:20.720 --> 00:13:25.000
<v Speaker 1>so hackers simply stopped attacking the technology. They pivoted to

251
00:13:25.480 --> 00:13:28.519
<v Speaker 1>the weakest, most unpredictable link in the chain, which is

252
00:13:28.600 --> 00:13:29.519
<v Speaker 1>human psychology.

253
00:13:29.559 --> 00:13:32.159
<v Speaker 2>It's the soft chewy sun, exactly.

254
00:13:31.759 --> 00:13:35.360
<v Speaker 1>The candy analogy. Modern security is like candy, a hard

255
00:13:35.399 --> 00:13:39.480
<v Speaker 1>crunchy outside, but a soft chewy inside. It's like spending

256
00:13:39.480 --> 00:13:41.600
<v Speaker 1>five million dollars on the state of the art retinal

257
00:13:41.600 --> 00:13:44.480
<v Speaker 1>scanner and biometric vault for a bank, but then putting

258
00:13:44.480 --> 00:13:46.279
<v Speaker 1>a guy named Gary in front of it, who will

259
00:13:46.320 --> 00:13:48.639
<v Speaker 1>happily hold the vault door open for anyone carrying a

260
00:13:48.639 --> 00:13:50.279
<v Speaker 1>clipboard and looking like they're in a rush.

261
00:13:50.399 --> 00:13:53.879
<v Speaker 2>Cheery, but yeah, Gary is the vulnerability you can't patch.

262
00:13:54.399 --> 00:13:59.000
<v Speaker 2>Social engineers exploit our deepest, hardwired social instincts, you know,

263
00:13:59.039 --> 00:14:01.399
<v Speaker 2>our desire to be helped, our deference to authority, and

264
00:14:01.440 --> 00:14:04.559
<v Speaker 2>our fear of confrontation. An attacker will call the help desk,

265
00:14:04.960 --> 00:14:08.840
<v Speaker 2>spoofing their caller ID, so the phone screen literally displays

266
00:14:08.879 --> 00:14:12.039
<v Speaker 2>the name of the CEO. They act panicked. They claim

267
00:14:12.080 --> 00:14:14.200
<v Speaker 2>they are about to step into a vital board meeting,

268
00:14:14.519 --> 00:14:17.600
<v Speaker 2>and they demand a password reset immediately.

269
00:14:17.279 --> 00:14:21.919
<v Speaker 1>And people just cave. But the truly insidious tactic is

270
00:14:22.399 --> 00:14:27.559
<v Speaker 1>reverse social engineering. It's the ultimate arsonist playing firefighters scenario. Oh,

271
00:14:27.600 --> 00:14:30.759
<v Speaker 1>this one is brilliant, It really is. The attacker intentionally

272
00:14:30.799 --> 00:14:34.039
<v Speaker 1>creates a minor network problem for you. Maybe they flood

273
00:14:34.080 --> 00:14:36.480
<v Speaker 1>your specific machine with a tiny doss attack so your

274
00:14:36.519 --> 00:14:40.080
<v Speaker 1>internet drops. Then five minutes later they call your desk,

275
00:14:40.320 --> 00:14:42.960
<v Speaker 1>posing as the IT support team, claiming they noticed an

276
00:14:42.960 --> 00:14:46.120
<v Speaker 1>anomaly and are here to fix it. They become your savior,

277
00:14:46.440 --> 00:14:49.159
<v Speaker 1>and while you are profusely thanking them, you gladly hand

278
00:14:49.159 --> 00:14:52.720
<v Speaker 1>over your log in credentials so they can resolve the issue.

279
00:14:52.759 --> 00:14:57.039
<v Speaker 2>The psychological manipulation extends to written communication as well. Targeted

280
00:14:57.039 --> 00:15:00.600
<v Speaker 2>phishing emails are terrifyingly effective. When an attack uses the

281
00:15:00.600 --> 00:15:03.559
<v Speaker 2>reconnaissance data they gather to craft a hyper specific earmail,

282
00:15:03.840 --> 00:15:07.000
<v Speaker 2>perhaps referencing a recent company event or an urgent payroll update,

283
00:15:07.440 --> 00:15:09.360
<v Speaker 2>the success rates just skyrocket.

284
00:15:09.639 --> 00:15:11.080
<v Speaker 1>Yeah, the stats on this are wild.

285
00:15:11.279 --> 00:15:15.240
<v Speaker 2>During controlled penetration tests, highly sophisticated phishing emails have been

286
00:15:15.279 --> 00:15:18.840
<v Speaker 2>shown to trick up to seventy percent of employees. Seventy

287
00:15:18.879 --> 00:15:21.799
<v Speaker 2>percent of a workforce will click a malicious link because

288
00:15:21.799 --> 00:15:25.320
<v Speaker 2>the email perfectly balances a false sense of urgency with

289
00:15:25.399 --> 00:15:30.879
<v Speaker 2>a veneer of legitimacy. Urgency systematically overrides critical thinking, and we.

290
00:15:30.919 --> 00:15:35.600
<v Speaker 1>Cannot ignore physical footprinting. Real world dumpster diving. Oh yeah,

291
00:15:35.919 --> 00:15:39.559
<v Speaker 1>hackers will literally put on a reflective vest, walk into

292
00:15:39.600 --> 00:15:42.720
<v Speaker 1>an office park at night and pull garbage bags looking

293
00:15:42.720 --> 00:15:46.519
<v Speaker 1>for printed network diagrams, sticky notes with passwords, or discarded

294
00:15:46.519 --> 00:15:50.720
<v Speaker 1>employee rosters. If your office is using a standard strip shredder,

295
00:15:50.919 --> 00:15:54.320
<v Speaker 1>you are wasting your time. The text explicitly notes that

296
00:15:54.360 --> 00:15:57.159
<v Speaker 1>a patient attacker with a roll of clear tape can

297
00:15:57.200 --> 00:16:00.799
<v Speaker 1>reconstruct a document cut into long vertical strips in an afternoon.

298
00:16:01.360 --> 00:16:06.559
<v Speaker 1>You absolutely need confetti crossshredders to make physical reconstruction mathematically impossible.

299
00:16:06.600 --> 00:16:09.000
<v Speaker 2>It all comes back to gathering puzzle pieces. Whether they

300
00:16:09.039 --> 00:16:10.919
<v Speaker 2>pull it from a dumpster or a charm it out

301
00:16:10.960 --> 00:16:13.559
<v Speaker 2>of a receptionist, they are just collecting the context they

302
00:16:13.559 --> 00:16:15.679
<v Speaker 2>need to physically walk through your front door.

303
00:16:15.679 --> 00:16:18.480
<v Speaker 1>And when they do, attempt to manipulate you in person.

304
00:16:18.960 --> 00:16:22.799
<v Speaker 1>There are subtle physiological tales to watch for. If someone's

305
00:16:22.840 --> 00:16:26.600
<v Speaker 1>intent doesn't match their friendly demeanor, their body language often

306
00:16:26.639 --> 00:16:31.120
<v Speaker 1>betrays them. Look for dilated pupils, unexpected changes in vocal pitch,

307
00:16:31.360 --> 00:16:35.840
<v Speaker 1>or someone eagerly answering questions you haven't even finished asking yet. Interestingly,

308
00:16:35.879 --> 00:16:39.399
<v Speaker 1>you should watch their feet. Fidgeting feet are a huge

309
00:16:39.440 --> 00:16:43.120
<v Speaker 1>giveaway because it takes far more conscious cognitive effort to

310
00:16:43.159 --> 00:16:46.159
<v Speaker 1>control the body parts furthest from our face. I mean,

311
00:16:46.240 --> 00:16:47.799
<v Speaker 1>how often do you hold the door open for a

312
00:16:47.840 --> 00:16:51.919
<v Speaker 1>stranger carrying coffee your office? You're being polite, but you

313
00:16:52.000 --> 00:16:55.200
<v Speaker 1>might be bypassing a million dollar security system.

314
00:16:55.480 --> 00:16:58.440
<v Speaker 2>This raises an important question, though, how do we defend

315
00:16:58.480 --> 00:17:02.080
<v Speaker 2>against human nature? These are the microexpressions of deception. Sure,

316
00:17:02.600 --> 00:17:06.720
<v Speaker 2>but relying on employees to constantly spot micro expressions isn't

317
00:17:06.720 --> 00:17:08.200
<v Speaker 2>a scalable defense strategy.

318
00:17:08.319 --> 00:17:08.920
<v Speaker 1>Though definitely not.

319
00:17:09.359 --> 00:17:12.839
<v Speaker 2>You can't patch human nature with a software update. The

320
00:17:12.920 --> 00:17:18.480
<v Speaker 2>only effective countermeasure is relentless security awareness. Training. Organizations have

321
00:17:18.559 --> 00:17:22.359
<v Speaker 2>to run their own safe controlled phishing simulations using tools

322
00:17:22.440 --> 00:17:26.599
<v Speaker 2>like Lucy or cofence to train that soft chewy center

323
00:17:26.640 --> 00:17:31.039
<v Speaker 2>to become hardened. You send fake, convincing phishing emails to

324
00:17:31.079 --> 00:17:33.839
<v Speaker 2>your own staff, track who clicks, and use it as

325
00:17:33.839 --> 00:17:36.799
<v Speaker 2>a teaching moment to systematically harden your human perimeter.

326
00:17:37.160 --> 00:17:39.319
<v Speaker 1>So to bring this all together, we've talked about a

327
00:17:39.359 --> 00:17:42.319
<v Speaker 1>lot of technical mechanisms. Today we explored how port scanners

328
00:17:42.359 --> 00:17:45.480
<v Speaker 1>automate the rattling of digital door handles, how metasploit provides

329
00:17:45.519 --> 00:17:49.160
<v Speaker 1>the custom crowbars, and how Google search operators bypass websites

330
00:17:49.200 --> 00:17:52.200
<v Speaker 1>to find raw files. But the core thread connecting all

331
00:17:52.240 --> 00:17:53.240
<v Speaker 1>of this isn't code.

332
00:17:53.319 --> 00:17:53.960
<v Speaker 2>No, it's not.

333
00:17:54.200 --> 00:17:59.079
<v Speaker 1>It's deeply fundamentally psychological. Hacking relies on exploiting human trust,

334
00:17:59.359 --> 00:18:02.119
<v Speaker 1>our natural curiosity, and our inherent laziness.

335
00:18:02.240 --> 00:18:05.200
<v Speaker 2>Exactly whether you are an IT professional defending a multinational

336
00:18:05.240 --> 00:18:08.400
<v Speaker 2>corporate database, or just someone trying to secure your personal

337
00:18:08.440 --> 00:18:11.680
<v Speaker 2>Wi Fi network and social media accounts, the primary directive

338
00:18:11.720 --> 00:18:15.079
<v Speaker 2>is the same. You must adopt the attacker's mindset. You

339
00:18:15.160 --> 00:18:17.680
<v Speaker 2>have to step outside of your own life, look at

340
00:18:17.680 --> 00:18:20.640
<v Speaker 2>your digital and physical footprint from the outside in, and

341
00:18:20.720 --> 00:18:24.000
<v Speaker 2>critically evaluate how the information you broadcast can be used

342
00:18:24.000 --> 00:18:24.839
<v Speaker 2>to manipulate you.

343
00:18:25.079 --> 00:18:27.400
<v Speaker 1>Which brings us right back to where we started. Yeah,

344
00:18:27.400 --> 00:18:31.920
<v Speaker 1>the broken diagnostic machine. We desperately want security to be precise,

345
00:18:32.200 --> 00:18:34.359
<v Speaker 1>to be a clear line of broken or not broken.

346
00:18:34.799 --> 00:18:37.400
<v Speaker 1>But the reality is that the most critical vulnerability in

347
00:18:37.480 --> 00:18:42.119
<v Speaker 1>any sophisticated network is the messy, unpredictable, emotional human being

348
00:18:42.440 --> 00:18:45.119
<v Speaker 1>sitting at the keyboard. That's the truth which leaves us

349
00:18:45.119 --> 00:18:48.599
<v Speaker 1>with a final lingering thought to ponder long after this

350
00:18:48.720 --> 00:18:52.279
<v Speaker 1>deep dive ends. If the ultimate defense against social engineering

351
00:18:52.319 --> 00:18:56.519
<v Speaker 1>requires us to constantly doubt our colleagues, to articulously scrutinize

352
00:18:56.559 --> 00:18:59.599
<v Speaker 1>every friendly favor, and to treat basic human politeness as

353
00:18:59.599 --> 00:19:02.640
<v Speaker 1>a critical security threat, well, what is the long term

354
00:19:02.680 --> 00:19:05.920
<v Speaker 1>psychological toll of that paranoia on our basic human empathy

355
00:19:05.960 --> 00:19:09.559
<v Speaker 1>and our workplace culture? Can we ever achieve perfect security

356
00:19:09.599 --> 00:19:11.440
<v Speaker 1>without becoming entirely isolated