Ep. 104: White Hat Cyber Security
TJ Bettles put his computer training into high gear and learned all the tricks and tactics cyber thieves use to compromise your security and applies his knowledge through his ethical hacking company, White Hat Cyber Security Solutions. Just like in the 1992 Robert Redford movie “Sneakers” companies around the world will employ White Hat Security Solutions to conduct “penetration testing” to break their systems and highlight areas they should buttress.
Website: https://whitehatsolutions.ca
LinkedIn - https://ca.linkedin.com/in/tj-bettles-534072206
Transcription
Silvercore Podcast 104 TJ Bettles
[00:00:00] Travis Bader: I'm Travis Bader and this is the Silvercore Podcast. Silvercore has been providing its members with the skills and knowledge necessary to be confident and proficient in the outdoors for over 20 years, and we make it easier for people to deepen their connection to the natural world. If you enjoy the positive and educational content we provide, please let others know by sharing, commenting and following so that you can join in on everything that Silvercore stands for.
[00:00:40] Travis Bader: If you'd like to learn more about becoming a member of the Silvercore Club and community, visit our website at Silvercore.ca
[00:00:52] Travis Bader: so if you're like me as a child, I love the movie sneakers. Had a group of guys that would pick locks on a building, go on inside, get past their electronic security measures, hack into their system, transfer funds on, and, and just do some nefarious looking things. And you look at these guys and you think there are a bunch of bank robbers, only to find out that the company had hired them to do a penetration testing on their business.
[00:01:18] Travis Bader: I thought that was the coolest thing in the world. And today I'm joined by a fellow who just does just that and he owns White Hat Cybersecurity Solutions. Welcome to the Silvercore Podcast, DJ Bes.
[00:01:30] TJ Bettles: Thank you very much for having me here.
[00:01:33] Travis Bader: So White Hat Cybersecurity Solutions. Tell me how did this come
[00:01:39] TJ Bettles: about?
[00:01:40] TJ Bettles: Um, this has been in the making probably for the last 30 plus years or so. Um, my journey as a hacker began at the age of 11. Uh, When I took control of my elementary school's network Oh yeah. And locked out all the teachers. Um, so I didn't really have skills at that point to do this type of thing, but the systems administrators had not password protected the system administrator's accounts.
[00:02:19] TJ Bettles: Hmm. So we were able to access super user systems, admin, uh, and change passwords, lock people out, whatever. Um, I never got in trouble for that. I didn't get caught. They never caught you. They never caught. That's rule number one is that that's rule number one. No, don't get caught. Uh, and that's kind of how my journey down and that's what I see hacking as.
[00:02:41] TJ Bettles: It's, it's a big, or it's, it's a progressive number of rabbit holes that you end up going down and researching. So, Being a good hacker is about being able to pull information, uh, from your target. So the more information that you can gather about your target, hmm, the better chances you will have of being able to succeed in, in penetrating into the system.
[00:03:10] TJ Bettles: So you learn this framework as you go, uh, of being able to extract information from your targets to determine what software they're running. Mm, are is it an Apple system, is it a Linux system or is it a Windows system, et cetera. Um, what, what are they running on their website? What versions of the different plug-ins are they running on their website?
[00:03:33] TJ Bettles: Cuz any, any one of those could be, uh, your way in to an internal network. So,
[00:03:41] Travis Bader: uh, you know, I've always found this sort of thing very fascinating. I. When in high school, actually a high school that both you and I went to mm-hmm. Uh, we had a computer teacher there who uses wife's name as a password. And uh, I was able to, I didn't hack, I just kind of figured it out.
[00:04:00] Travis Bader: I, what do they call it? Biohacking. When you start, uh, trying to look at the person as opposed to the technology. Well,
[00:04:06] TJ Bettles: it's educated guessing. Right. And that's, that's, that's one of the things that we do when we're, we're doing an assessment on, on a target or a client target, is we will go out onto one of the first things that we do is called open source intelligence.
[00:04:19] TJ Bettles: We go on, go out onto the web and see if there has been previous breaches, uh, email addresses, passwords, et cetera. In the past, uh, and, and in a lot of instances, organizations are not staying up to date in changing passwords and keeping things in, keeping things secure. So, and in a lot of instances, we were able to get in, gain our initial foothold into an A client's network through.
[00:04:42] TJ Bettles: Just open source intelligence, pulling that information off of the web and then you just, you just, you run a brute force attack and you try. Is,
[00:04:49] Travis Bader: is that like dark web type stuff or is, is that Yeah, yeah. Yeah.
[00:04:52] TJ Bettles: There that sometimes, sometimes there's, there's a few sites that we go to that are constantly publishing stuff off of the dark web.
[00:04:59] TJ Bettles: Okay. So some of them are, you pay for, some of them are free. I've got a database, uh, on my Linux machine that's 44 gigs of credentials from the web Holy Grow. Yeah. So it's, uh, I dunno. Uh,
[00:05:11] Travis Bader: and that's just, when you say credentials, that's just like username passwords,
[00:05:15] TJ Bettles: that's email address. Not all of them are accurate anymore cause the database is a couple of years old.
[00:05:21] TJ Bettles: Uh, and so I have other, other avenues that I can go down to go down when I'm looking for, for credentials that are a little bit more recent. So that's the first thing we look for. We always look for the easy wins to start off with. Uh, and then if we don't find the easy wins, then we start pulling information about the system.
[00:05:38] TJ Bettles: Hmm. What are they running? Uh, Are there, is it, do they have a website? Are they, you know, you just, you have to go through these steps in order to see what you're up against. Totally. Uh, and so you go through that information gathering process, and then once you've gone through that process, you sit down and you analyze the information and you determine, okay, what's gonna be my best next course of action in regards to my tax surface?
[00:06:05] TJ Bettles: What are my options? What might, what can I run here that might work? That might allow me to get a shell. So, and
[00:06:12] Travis Bader: your whole process is to try and get through, is it, without breaking things through the process because you don't wanna cause hardship for your client. Yeah.
[00:06:20] TJ Bettles: And we've, I've been doing it long enough to know certain things that you would run, uh, and certain things that you wouldn't run.
[00:06:26] TJ Bettles: So one of the things that's always out of scope for us is we don't run denial of service tax against, against our client resources because our intent is not to cause harm or disruption to the resource. Our intent is to identify and, uh, I identify and document what we find in a report. It
[00:06:46] Travis Bader: struck me as we're talking about things here that some things might be a little bit foreign to the listeners.
[00:06:51] Travis Bader: Can you explain what a denial of service a D D O S sort of
[00:06:54] TJ Bettles: attack would be? Okay. A denial of service attack is, is essentially a, uh, a program or a, a, a script that you would run against, a target that would crash it or, or cause damage to the resource. So it, it, it might, at the very least, it might just crash it, so it needs to repeat itself.
[00:07:12] TJ Bettles: And worst case scenario, it's gonna corrupt and destroy all of the data, right. That that's there. So that from our perspective, yes. We'll, we'll, we'll, When we go through our assessments and we run different scans of our target, and sometimes we'll come back and it'll come back and we'll, it'll say we have some potential denial service attacks that we could run.
[00:07:33] TJ Bettles: We just document that and we don't actually run them against the client. Got it. Simply because we're not there to, to cause damage or disruption. Um, we're adhered to identify and document.
[00:07:46] Travis Bader: So I find that there's so many avenues that we can talk about here and I'm gonna try my best, excuse me, in a, to try and address it in a chronological order in the best sort of a d h, D way I can.
[00:07:59] Travis Bader: Okay. Which is tend to be all over the place. Oh, that's fine. Let's just
[00:08:02] TJ Bettles: have a conversation.
[00:08:03] Travis Bader: Yeah. Um, so I find that the people I know who make the best. Sort of hackers, let's say, are, and they're not necessarily people who are computer hackers, but they're able to figure out problems, right? They're able to figure out, um, puzzles, get around things.
[00:08:21] Travis Bader: They're people who have a mindset of approaching a problem in a very particular way. And the first thing that you said about the low hanging fruit, finding the easy way in. So often when you're given a hammer and you come in and you're looking at all the places to use this hammer, you become just laser focused on how do I use my hammer?
[00:08:43] Travis Bader: How do I use my hammer? And the people who tend to make the best problem solvers in this respect are those who can put that hammer down and say, I know I've got this hammer, but let me just take a look at this, this situation around me and what I can do. And I'll give you an example of that. Um, when I was in grade four, I learned how to pick locks.
[00:09:00] Travis Bader: And it was fun. It was like a puzzle. And. By the time I got into, well, I was outta high school at this point. I, um, was working for, uh, Shaw Cable. Mm-hmm. They'd just taken over from, you know, Shaw and Robert Rogers. They did their swap and it was my job to go into places and audit and make sure that if they're getting cable and they're not paying for it, that they're either upsold or disconnected.
[00:09:26] Travis Bader: But you have to go into the apartment blocks and you have to find, um, uh, the electrical boxes and, and where everyone's at. So, mm-hmm. I'd have to drive all the way downtown, go get the keys to the apartment blocks, come all the way back to wherever it was, and then zip back out as quick as I could before everything closed.
[00:09:45] Travis Bader: I'm like, this doesn't suit me. I want to get up early. I want to do my job. I want to get out and be on the beach or do something else halfway through, I know my list of the places I have to go to. I just gotta skip the key part and use this as a challenge. Right. And I ended up making a, uh, uh, a lock pick for internal locks.
[00:10:04] Travis Bader: I just turned down some steel in, in a lathe and drilled it out and hand ground some hacksaw blades as the, it's, uh, I think they call 'em super locks. Uh, I found a real easy way you can get 'em, basically any apartment block in around here. Anyways, with this, this pick contacted the company, told 'em their, the security flaw.
[00:10:23] Travis Bader: They still haven't changed it, but some places I'd get in and I'd start trying to get the door open and I'd get in the door open, I'm working at this and come on, I don't know why I can't get into it, only to realize that, you know, there's a male slaughter, a little thing I can reach through with my arm and just open the thing from the other side.
[00:10:41] Travis Bader: And to me, when I finally reached that point of getting away from that linear vision of how to approach that problem, I got my hammer. How do I use it? Um, I was in and out of these buildings in record time, getting my audits done, getting my work done in no time. I think that is something that a lot of people in your line of work that I've encountered tend to still struggle with is to break out of that, uh, that sort of linear thinking to an, to an, an approach.
[00:11:13] Travis Bader: Would, is that, that's my observation from the outside on the inside. Is that what you see? Um,
[00:11:20] TJ Bettles: I think the biggest thing to, to be good at this type of work is that you have to be creative. It's, it's, it's just as much art form as it is technical. So think about, uh, the master thief who figures out a way to steal a multimillion dollar painting from a museum.
[00:11:43] TJ Bettles: He has to do his reconnaissance, he has to gather information about the target and then analyze that information is to, okay, what's gonna be my. Best chance of success here. Mm-hmm. Being a hacker is much the same. Uh, except, well, it, it is the same in the sense that you need to be creative and you need to be able to think outside the box.
[00:12:05] TJ Bettles: You know? Uh, there's a, there's a video that I posted a while ago and there was, it was a, uh, I guess a, a cybersecurity security center analyst standing there and he's like, okay, sh shoot me, uh, shoot me here. And he's wearing a, he wearing a bulletproof vest and the guy shoots him in the leg because that, that's essentially what penetration testing is, right.
[00:12:27] TJ Bettles: So from the defensive standpoint, most organization, organizations think that they're protected. Mm. In regards they have firewalls and antivirus and, and and whatnot. But let a hacker loose on them for five or 10 minutes and they'll have a whole list of things that they find that could potentially be exploited.
[00:12:45] TJ Bettles: Mm. To gain access, not only gain access to. Private resources, but then once you gain access, there's really no controls on the inside of an internal network. So if you gain a foothold, you're well on your way to causing some serious damage if that's your intent.
[00:13:06] Travis Bader: One of the easiest ways that I found for access was just to walk in behind somebody else.
[00:13:13] Travis Bader: There you go. Right. Yeah. And then I didn't have to do anything. And that's a security. Um, A security flaw from the users of that place? Yep. Or where, whatever it might be. Do you ever, do you ever try accessing those sort of measures on people? Just say, oh, hey, I'm put on, put on a nice shirt and a name tag and have a little clipboard with you and just say, Hey, I'm, I'm here with blah, blah, blah.
[00:13:34] Travis Bader: I just want to go see.
[00:13:35] TJ Bettles: Yeah. I mean, we've, we've done, we've done a couple of physical penetration tests now and it was about gaining access to the, to the works, the work site. Right. Okay. So I ended up dressing up as a courier in order to get myself in through the door and it worked.
[00:13:50] Travis Bader: Um, that's amazing. A little bit of confidence.
[00:13:53] Travis Bader: And a clipboard can get you a long way, can't it? Or,
[00:13:56] TJ Bettles: or you can even take it a step further. You can clone ID badges and things like that. So going back to the open source intelligence things, one of the things that we look for is a hack. If I'm a hacker or an ethical hacker, is what white hat does. We look for any information that we can use that could help us gain access.
[00:14:15] TJ Bettles: So we're combing Facebook, we're combing LinkedIn, we're looking for pictures, we're looking for staff pictures where a staff member might have an ID badge, right. Showing in the picture. So with digital cameras nowadays, the megapixels are so high that you can zoom in on that image and you can very easily get the barcode and you can clone that badge in order to gain access to a company.
[00:14:39] TJ Bettles: Wow. You know, so from our perspective, um, most organizations are just, they're wide open. Um, and that's really what, and you know, a little bit about my history, I had a gym in Nova Scotia. Yeah. And before that, I, I worked in hr, I worked in software solutions for a number of years, but I've been a hacker since I was a kid.
[00:15:00] TJ Bettles: Mm-hmm. Uh, and I sort of put that onto the back burner for a little while when I was doing the work thing with, with in HR and in software solutions and, and then the gym. And then when my wife and I got out to Nova Scotia in 2018, I was hacked. My phone was hacked, they got into my bank account Mm. And whatnot.
[00:15:19] TJ Bettles: Luckily the bank caught it before, uh, any damage was done. But that was, it was then, so 2018 or so that I ramped up, I took my mediocre skills as a hacker, uh, and I, I ramped up my studying and training. And so over the last five years, it's, I've taken it to a whole other level. And because of what I had done with my extracurricular activities growing up.
[00:15:45] TJ Bettles: Now let me preface this by saying I've never caused any damage. Yeah. And I've never done anything that would be, would warrant a knock on the door from the police. Right. Right. So when you're learning how to do these things, the web's a great place to go. You can see other people who've gone down the path before and they, they're great at writing write-ups and YouTube videos and, and whatever.
[00:16:08] TJ Bettles: And then you find, you start finding different areas that you can get information from mm-hmm. In regards to your, your learning process. And then you just, it's
[00:16:18] Travis Bader: trial and error. Well, I, I really like that so, Just from the, let's say the lock picking side, I was always told don't tell anybody. Yeah. Keep, keep it to yourself.
[00:16:28] Travis Bader: Yeah. Nobody's gonna trust you if they think something and sure enough told someone something goes missing. You're like, well, Travis knows how to pick locks. Like, I never stole it. I wouldn't do that. Right. I enjoy the puzzle of it. Mm-hmm. I enjoy the learning process of it. I, I'm, I'm not here to do something
[00:16:43] TJ Bettles: illegal.
[00:16:43] TJ Bettles: No. And that, and that's, that's for me, it was, I was never interested in causing damage or harm to anybody. It was all about ch always about challenging myself to see could I do it?
[00:16:53] Travis Bader: But that also raises a, um, the, the perception of threat in other people's minds. Right. They'll, they'll watch Mr. Robot and they'll think, Hey tj, he's just like, Mr.
[00:17:07] Travis Bader: Robot, he can do anything. He'll take, take this thing apart. And their idea of what is possible with hacking and, and what is actually done with ethical hacking and white hat. Hacking seals is miles apart. Yeah, absolutely. Miles apart.
[00:17:21] TJ Bettles: Yeah. We're, it's not our goal to steal information or cause, or cause any harm whatsoever.
[00:17:27] TJ Bettles: Our, our goal is always to help the, the business that's engaged us Right. To evaluate the attack surface of their, of their network.
[00:17:41] Travis Bader: We were talking prior, off camera off Mike here about, um, sort of forensic services and some of the places that I've done some work with in the past. You know, I, I've told this story before on the podcast mm-hmm.
[00:17:55] Travis Bader: About sitting in the, um, a lawyer's office waiting my turn to, uh, chat with a lawyer because they needed some help on a, um, this was a, a weapons case and they were looking for somebody to be a subject matter expert. Mm-hmm. Weapons. Mm-hmm. As I'm sitting in there, I'm listening to this private investigator, talk to the lawyer and all the steps that they've taken to try and locate this person who, I guess I don't know why they needed to find him, they needed to serve her or something.
[00:18:22] Travis Bader: Right. And uh, as I'm sitting in the other room, I just open up my, my computer, connected to my phone. I start typing away, and by the time they finish their conversation, just through open source tools, and I don't have a background in this, this is just, to me, it looks like a fun, puzzler, fun game. Um, I was able to find where this person was.
[00:18:43] Travis Bader: It wasn't through her Facebook accounts. It was the fact that her child had piano lessons at another person's place out in Squamish. That person at a Facebook account. And the security flaw for her, because she was hiding, uh, wasn't so much on her side, but on those who she surrounded herself with, which I thought was kind of interesting.
[00:19:03] Travis Bader: Anyways, the PI leaves. I go in and talk to the lawyer. I said, well, I don't, excuse me, I don't know how accurate this information is gonna be for you, but you know, from the looks of it, it appears that she'll be at this location for piano lessons in Squamish at this day and on this time. And sure enough, that's exactly where she was.
[00:19:25] Travis Bader: And that led to, um, a few other interesting gigs, and I can chat about that afterwards. But, um, the, the security that falls outside of your control, so to speak, um, is that an area where you typically find people's flaws? People's
[00:19:45] TJ Bettles: points? In a lot of instances, yeah. You'd be amazed at what people share.
[00:19:51] TJ Bettles: Confidential information that they share on, on their social media pages, pictures specifically, you could get, um, a license plate of, of, of their vehicle, for example. Or, um, like I said before, ID badges from the workplace or we're list as, as as ethical hackers when we're going through our evaluation process, we're looking for anything that we could potentially leverage that would help us gain access.
[00:20:19] TJ Bettles: So any, any information about employees, for example, their personal life they give, that's gonna give you ideas for password guesses, for example? Hmm. Right. Um, I, I guess the, the biggest things that we see over and over and over again, there's, there's, there's three things. Um, I mean, where our focus is of course prevention.
[00:20:42] TJ Bettles: So the three things are security policies, good security policies, good password policies, good configuration. So using. The best encryption available, et cetera. Making sure that all of the pages on your, on your site and your network that you're connecting to have, uh, have good encryption. And then of course, What's the last one?
[00:21:05] TJ Bettles: Uh, my, my brain's just fart. I don't know.
[00:21:08] Travis Bader: Hey, it'll come to you. It's okay. So good security
[00:21:11] TJ Bettles: policies. Yep. Good security policies. Good configuration, hygiene. Elliot, then software
[00:21:15] Travis Bader: patching, software patch. Oh, right. Yes. Yeah. Uh, so a lot of people don't update
[00:21:19] TJ Bettles: their software. They don't up, they're, they're not, they're not, they don't think it's that big of a deal.
[00:21:23] TJ Bettles: They think it's more of an annoyance than anything else. And anytime a, a vendor releases a software patch for a piece of software that you're running, it's because they have identified bugs or vulnerabilities in it. Hmm. So it's important to do your Windows updates and all of your software updates as they a, as they are released.
[00:21:42] TJ Bettles: Cuz if you don't, you could very well then be, be vulnerable to attack. What
[00:21:47] Travis Bader: about firmware updates on, let's say routers? And is that, are those, are those gonna contain performance upgrades usually, or, or security upgrades? Both.
[00:21:56] TJ Bettles: Yeah. Usually. Uh, and generally it's security upgrades. Hmm. Right. So you've got older routers that they come default out of the box with a a nine digit password.
[00:22:07] TJ Bettles: Hmm. Uh, and so nine number digit passwords are very easy to crack. They don't take very long to, so a nine digit would probably take 15 minutes and that'd
[00:22:17] Travis Bader: be alphanumeric capital. No, that would just be
[00:22:19] TJ Bettles: numbers. Just numbers. Okay. So these are, these are com default out of the box with numbered passwords.
[00:22:25] TJ Bettles: Right. Which are, it's not secure. So I'll give you an example. Was just on the island doing a penetration test for a resort. Uh, and, uh, we, uh, tested their wireless, all right. So they had nine wireless access points. We were able to not only gain the passwords for each, each and every single one to access the wifi network.
[00:22:48] TJ Bettles: Mm-hmm. But I was able to then, With default credentials get into the back end of the routers as well. Come on. Oh yeah. So we had full control. We were able to take full control over their internal network, uh, simply by breaching their wireless security. Now this, this becomes, uh, an animal with legs on it or a spotter with legs, cuz the implications of this are, are huge.
[00:23:16] TJ Bettles: This is, this is a, a resort where they have business conferences on a regular basis. So they have a conference center and whatever. Uh, think of the business people that are going in there and then they're off time, then they're in the rooms and they're accessing the hotel's wireless network. And there could be malicious actors on there because they're very, very weak security.
[00:23:38] TJ Bettles: So you just never know who's listening and who might be trying to. Intercept your traffic, who's even evaluating your machine? So if you get onto the internal network, I can then run a couple of different commands and I can see, and I, which machines are running on, on that particular network. And I get an IP address, an internal IP address for each and every single one of them.
[00:24:00] TJ Bettles: And then you start the evaluation process. You start your scans and you see, well, what are they running? How many, which ports are open? And then it just goes from there. And so you're always pressing forward. Right?
[00:24:12] Travis Bader: Would you ever use the free wifi, the included wifi with a, a hotel?
[00:24:20] TJ Bettles: Yeah, I would, I would. Uh, but use your, use A V P N.
[00:24:26] TJ Bettles: So protect yourself through A V P N. Okay. Um, but you just never know who else might be in the hotel sitting in their room. Uh, could be a malicious actor. He's sitting there waiting for someone to log in. You know,
[00:24:41] Travis Bader: I, I remember a number of years ago now, I had, I think it was a W r T 54 G mm-hmm. Router that I'd taken it apart and it was a project in mind to try and be able to pick up, um, wifi signal at long distance.
[00:24:57] Travis Bader: Mm-hmm. And, uh, that was, that was kind of a fun thing. Not that I know what I'm doing to do it, but I can follow instructions like on YouTube or on the internet. Mm-hmm. And just kind of go along with that. But, uh, I'm, I'm sure that sort of thing is probably pretty outdated. What are, what are some of the, um, more common threats or devices that people kind of need to protect themselves from?
[00:25:22] Travis Bader: Uh, because these devices get easier and easier for people to purchase. And cheaper. And cheaper, and.
[00:25:29] TJ Bettles: Uh, there's really no, you can mitigate your risk, but there's really no way to protect yourself 100%. If you're connected to the internet, you're vulnerable. Mm-hmm. And that's just the reality of the landscape.
[00:25:40] TJ Bettles: So just going on and opening up a web browser and going to your favorite websites is a risk. Right. It's just simply because you have an IP address that's assigned to your machine. You're, you're connected to a network that then connects on a gateway to the internet. You're, you're, you could potentially be a targeted by malicious actors.
[00:26:01] Travis Bader: One thing that surprised me, another law firm doing some work for, they had a woman come in and she was a, uh, wanted to separate from her husband spousal abuse. Mm-hmm. It was pretty bad. I won't get into the details. Um, lawyers, what they usually try and do is they pour cold water in the person. They say, ah, you know, just gonna be a lot of money.
[00:26:21] Travis Bader: It's gonna be painful and difficult If there's an easier way you can resolve this. Right? The good lawyers, anyways, they don't want to just jump in, take your money and pull you through the ringer. Anyways, she pulls out a tin can with a boat who's, I think it was like 50 or I think they, they said they had about, I don't know how much money she had there.
[00:26:40] Travis Bader: See, she had about 50 grand worth of tin cans of money rolled up inside there. 80 grand, I think is what it was. Like, where are you getting all this cash from? Oh, my husband, he's got lots of these. They have what? Right? And all of a sudden the picture started expanding of what they were looking for and we ended up using a company.
[00:27:02] Travis Bader: Called, uh, TCS Forensics, uh, Keith Peron individual owns it. Mm-hmm. He's got no computer background, he doesn't have the expertise that you have. He hires other people that do and put a PI on the husband, a PI on the building, um, just so you can see who's coming and going. And he can keep in contact if someone's coming back.
[00:27:21] Travis Bader: And then the team goes inside and they imaged. And this was a surprising thing for me. Everything, like they had devices. I guess if you're gonna take things in a forensically sound way, you wanna make sure you're not introducing any data. So they have these devices that it can only pull data, but it won't push data.
[00:27:38] Travis Bader: But I mean, everything, your tv, your, the phones, the computers are obvious, I think like coffee machines and toasters and like, just, just stupid stuff that you wouldn't even think of. Um, that has, that is I o t. Internet of Things. Yeah. I, I, iot, ot, iot. OT enabled. Yep. Um, And the amount of information that we willingly release through our thermostat, through our television.
[00:28:06] TJ Bettles: Oh no. It's crazy. I know. And that's, that's, that's the, the currency of the hacker is information. Right? Right. So you're always looking for how much information I can get out of a, out of a potential tar or out of a client target, cuz that information will determine our, our level of success. So what makes a good hacker?
[00:28:30] TJ Bettles: Uh, a curious mind, uh, outside the box thinking. Hmm. And, uh, and that ability to, uh, To execute. Right. Uh, so you have to be able to, it's, it's, it's repetitive. Hmm. So I mentioned a little earlier that I was a little, I was, I, I found out recently that I'm, I'm likely on the autism spectrum. Right. Uh, and so that, it's kind of stemming for me when I, when I go through a penetration test, cuz it's, it's repetitive after a while.
[00:29:01] TJ Bettles: Oh. Once you learn the, the ins and the outs and the, and the basics of it, then it's just, it's, it's a progressive number of rabbit holes that you go down when you're exploring, uh, whether or not something will be, uh, a viable vulnerability for exploitation.
[00:29:16] Travis Bader: It's like stacking boxes pretty much. Ha ha. Have you seen that?
[00:29:19] Travis Bader: Uh, man, we all got a good laugh out of it, you know. We've watched this autistic fellow do a review of this comedy. I guess it's a comedy sketch guy standing outside the jail cell and uh, have you seen this one? Mm-hmm. I think so. The reporter's like, okay, well it's good to, good to see you, whatever the guy's name is.
[00:29:40] Travis Bader: I cannot see you. I can only hear you. Right. I have been here, I've done my interview, I've been waiting for 26 minutes. It's time to speak with you. But anyways, shows his interview. He is talking with this guy and getting more and more excited. The guy's like, oh, it's a rigid routine. Oh, tell me more about the rigid routine.
[00:29:55] Travis Bader: Oh, you know, we had to stack boxes who stacking boxes and he's sta sitting up and standing down, standing up, sitting down. And, uh, anyways, by the end of the skit, the guy's like, I wanna go to jail. How do I get in here? We wear the same thing every day. But that mindset, although that was set up as a comedy skit and the autistic fellow who was uh, reviewing it and laughing at it cuz he says, I can identify if a bunch of these things he says, But I'm older.
[00:30:23] Travis Bader: Some of these things I had in a more serious way, now I'm able to control it better. A lot of those traits really kind of set you up for being able to problem solve and in a way that most people would lose patience with. Yeah.
[00:30:41] TJ Bettles: Yeah. Um, I mean, my wife, I'll give you these, my wife as an example, she's pretty good with the computer, but she, when I start talking to her about what White Hat does and getting into a little bit more detail, she's just, her eyes glaze over and she's, her brain just doesn't work that way, and you're just getting
[00:31:00] Travis Bader: ramped
[00:31:00] TJ Bettles: up.
[00:31:00] TJ Bettles: And I just start, I get excited about it. I, my, the tone of my voice goes up and I, you know, you can, when I get excited about something, I don't shut up about it. My wife will be the first person to tell you that.
[00:31:13] Travis Bader: I love it. Um, so. W what kind of a business would be looking for your services? Um, are this only like big companies that have a lot to protect or is it like everyone?
[00:31:23] Travis Bader: Well,
[00:31:23] TJ Bettles: here's the thing. Large companies, your large multinational corporations generally have cybersecurity covered in-house. They have a security operations center, they have Blue Team, red Team, purple Team. So purple team's, basically a combination of, of, you got people that play both sides of the red teams offensive securities.
[00:31:44] TJ Bettles: So Ethical hackers. Blue Team is more, uh, is more on the de defensive side of things. So threat respon, threat monitoring and response. Okay. Okay. And then you have purple team, which is, you, you have, it's like war games pretty much. You have the red team guys trying to break in and the, and the blue team guys are, are addressing the threats as they come in and, and, and identifying them and, and then, Implementing a response based on standard operating procedures.
[00:32:17] TJ Bettles: So the larger organizations have it taken care of. It's the small and the medium sized businesses that are, are Target. Mm. Simply because they generally don't have the same level of security controls in place that the lar, they're loud, larger counterparts do. Mm-hmm. And this makes them especially vulnerable to attack from malicious actors.
[00:32:39] TJ Bettles: The malicious actors know this, they know that the small and the medium sized business has probably done nothing for their cybersecurity beyond a firewall and antivirus. Mm-hmm. You know, and, and so the malicious actors know this, and so they target the small and medium sized business. Because it's, like we said earlier, it's the low hanging fruit.
[00:33:00] TJ Bettles: They're looking for an easy win, an easy way in. That's how hackers operate. That's 90, 99% of them. The other 1% are targeting specific organizations. Hmm. Cause of what, for whatever reason, whether it's for their anarchists or it's monetary gain or whatever, or ransomware. Um, you have to understand how a hacker thinks.
[00:33:25] TJ Bettles: Uh, so as I said earlier, if you're online, you're vulnerable with that's, that's true. But you can take reasonable steps to mitigate your risk.
[00:33:36] Travis Bader: What are some things that it would. Frustrate a
[00:33:40] TJ Bettles: hacker. Frustrate. A hacker. Um, good security. Yeah. Yeah.
[00:33:46] Travis Bader: So, uh, like what would good security be like if, if someone's listening to this and they're like, you know, I've got my router okay.
[00:33:51] Travis Bader: And I know I'm gonna have to do a firmware update after listening to this. Mm-hmm. Make sure my software updates are all good. I'm not gonna use that nine digit, uh, numerical code, cuz it could be brute force attack, which is Yep. 0 1, 0 0 2. Yep. 0 0 3. And it just runs through and takes time to run through all the different numbers.
[00:34:08] Travis Bader: Yep. Um, on top of that, should they be, like, is there a, a preferred length of a, um, like a password length? Yeah.
[00:34:16] TJ Bettles: And special characters. I always recommend 13 characters or more. Okay. Um, alpha numeric and symbols.
[00:34:24] Travis Bader: Okay. Yeah. What, what about those like key chain on a Mac and these things, like people start relying on these like, uh, password wallets to hold everything, but what if that wallet gets con compromised?
[00:34:34] Travis Bader: Are they,
[00:34:34] TJ Bettles: well, there was, there was one a few months ago that was compromised, I think it was, oh, I can't even remember what it was now, but one of the major password volt companies, they, they were hacked, right? And so hackers were able to get in and access information, passwords for different accounts for all of these people that were using.
[00:35:00] TJ Bettles: Was it secure guard, I think, wasn't it? I'm not sure.
[00:35:03] Travis Bader: I'm not sure.
[00:35:04] TJ Bettles: Uh, but yeah, that's, that's what they were, that's what they did. So nothing is a hundred percent, as I said, you can, all you can do is mitigate risk.
[00:35:14] Travis Bader: See, I used to, I got lazy and I start using one of these like password things to, to hold everything.
[00:35:20] Travis Bader: But I used to just use an algorithm and I'd apply it to everything. Mm-hmm. And so if someone learned my algorithm that might be able to figure out the passwords for the things, like for example, if you're, you're wearing a west side shirt and you've got a, what is that? A bulldog lift in and Yeah, that's bulldog.
[00:35:38] Travis Bader: Yeah. And, uh, it's black. And so the algorithm, like if that was your company and I'd, I would apply it to the, the logo, the color, the name, um, maybe location. Mm-hmm. And then I'd do an Alpha Nu American character swapping off of that. So all I have to remember is I'd look at the company or I'd remember, oh yeah, it's the Bulldog West side, barbell black.
[00:36:00] Travis Bader: And I'd be able to figure out what my password was off of that. Um, I got lazy. I stopped doing that. Is that a good way to, for people to use, like from a, from a secure standpoint or have you ever. Have you ever encounted people that use algorithms and try and hold it all in their mind?
[00:36:17] TJ Bettles: Algorithms can be cracked too.
[00:36:20] TJ Bettles: It all depends on how complex the algorithm is and how, how, how strongly the encryption is. Hmm, right. So it, it might be better than using just a regular password provided that the malicious actor isn't able to gain access to your actual algorithm to decrypt the information.
[00:36:45] Travis Bader: One thing that I found, uh, to be true is the more complex the security system was, the more rudimentary a means that a person would use to bypass it.
[00:36:57] Travis Bader: Now, that might not apply for an ethical hacker, but for someone who's not ethical, man, this thing's like. Fort Knox. All right. Break up the dynamite, right? Yeah. Now we're in,
[00:37:06] TJ Bettles: well, I mean, even, even the, your software vendors out there, like least Fort Net as an, as an example, they, they used to have one of them.
[00:37:14] TJ Bettles: Yeah. You,
[00:37:15] Travis Bader: you're using it Well, I I used to have a couple of the Fort Net.
[00:37:18] TJ Bettles: Yeah. They, there was a major critical vulnerability in their system that came out a few months ago, so. Oh wow. Oh yeah. It was, it was a C V E 10. So which is the highest rating you can assign to vulnerability. It allowed, uh, unauthenticated users route access, and they're like, this is security company standard.
[00:37:39] TJ Bettles: This is a security company. And this is, this is what I try and say to people when they ask about what we do and they think, oh, we, we've got a firewall, we've got Fort Net. We're fine. Yeah. Well, actually you're not. The reality of it is, is you're, you're not, you're not safe. Mm-hmm. Uh, un until you've taken care of your configuration, your security policies, and up-to-date software patching, that will prevent 95% of attacks that much, eh?
[00:38:08] TJ Bettles: Yep. 95% of attacks can be prevented when you focus on those three things. Did
[00:38:14] Travis Bader: you ever find out how your phone was compromised?
[00:38:17] TJ Bettles: Yeah, it was my fault. I, I, I received a, a text message, which I thought was from the bank, and it was, so I was social engineered, so I clicked on, I clicked on a link and that, that downloaded malware to my phone, and that's how they got in.
[00:38:32] TJ Bettles: Mm-hmm. Yeah.
[00:38:35] Travis Bader: That's, um, I, I guess good chip, everyone knows it. Don't
[00:38:40] TJ Bettles: click on a link. Well, there's even, there's even touchless payloads now that, that hackers are using. So they can launch a, launch, a payload against a target. And me as the recipient, I don't even, I don't have to click on anything or touch anything for it to, to then.
[00:38:56] Travis Bader: Wow. And that'd just be vi that'd be exploiting a, um, uh, vulnerability. Yeah.
[00:39:01] TJ Bettles: It just, it's avol, it's exploiting a vulnerability by giving you malware. So I, I don't have to click on anything through a social engineering attack or an email or whatever for, in order for that payload to execute. All they have to do is send and they, they pointed it at my IP address and.
[00:39:18] TJ Bettles: They're in,
[00:39:19] Travis Bader: you know, we're, we're getting into a more and more digital world where they're trying to bring in, like, you look in the states and they're trying to say, look at our currency is gonna be cryptocurrency, right? Mm-hmm. And we're, that's gonna be, everything's gonna be trackable, but man, everything's gonna be so damn vulnerable.
[00:39:35] Travis Bader: Especially when we bring in quantum computing. There's a company here in Burnaby that a few years ago was kind of leading the edge on the quantum computing standpoint. Mm-hmm. Like, I gotta imagine, I, I guess there's a couple approaches. It's sort of like people I've spoken to who are concerned about having information out there on the internet.
[00:39:55] Travis Bader: Mm-hmm. They say, I can either A, hide everything or b inundate so much stuff that it's so difficult for them to look through. Right. Um, with quantum computing coming down the pipe, everything's gonna be open and vulnerable, I would
[00:40:10] TJ Bettles: imagine. Well, not necessarily with, there's quantum encryption now in that, That to my knowledge, has not been cracked yet.
[00:40:19] TJ Bettles: Interesting. So, speaking of crypto for a second, uh, think of xr. Have you heard of X rrp? Yeah. The X RRP ledger. Well, the XRP ledger uses quantum encryption. Okay. Um, and so it's, it's, as far as we know in, in the industry and in throughout the world, the X R P ledger is unhackable. At this point in time, nobody has figured out a way to hack it yet.
[00:40:45] TJ Bettles: Not to say that it can't happen, cuz anything's possible. Totally right. But, uh, it's at this point in time, as of today, the X R P ledgers, unhackable,
[00:40:56] Travis Bader: I didn't even think about the, the other side of that, of quantum encryption and that, and that's kind of crazy when you think about that a computer can operate not in a binary mode, but in a mode of superposition.
[00:41:06] Travis Bader: Mm-hmm. That, that's, I, I still don't have my head wrapped around exactly how they do that, but it's, uh, it's pretty cool. Um, And when you say not hackable at this point, you ever hear that story? It's going back a few years now, where they said, we've got a, uh, secure air gapped, computer air gap, meaning it's not connected to the internet.
[00:41:25] Travis Bader: It's, you know what it means. Yep. But for the listeners, uh, not connected to anything and other than to this model rocket that we want to launch. Right. Can we, can we hack this computer? Did you, did ever see that one? No. Okay. So this is pretty cool. Essentially what they had to do, and it's gonna require a certain level of physical intervention, they had to load malware onto that computer mm-hmm.
[00:41:52] Travis Bader: As well as malware onto a computer that was near it. And what. The computer that was near it, which was connected to the internet, would be able to use its own internal processes to monitor heat, ambient heat in the environment. And the com. They would have that malware loaded on the both. And so the one that was air gapped would just data load.
[00:42:12] Travis Bader: So it heated up and then it would cool down, heat up and cool down. And it would transmit, I think it was about like eight bites an hour. So not, not efficient, not fast, but through a sort of Morris code, it would transmit the information they needed in order to, uh, to hack that computer. And they were able to launch that model rocket on an air gap computer just by somebody plugging in a little bit of malware on
[00:42:38] TJ Bettles: both.
[00:42:38] TJ Bettles: That's why you ne you can never say never, right? I said, why? I said, at this point in time, right? Nobody's done it yet. The term, the, the, the word yet is what you should be focused on because just because it hasn't been done today doesn't mean it won't. Right. Happen tomorrow or the next day or, or whatever.
[00:42:57] TJ Bettles: So as is currently, it's not hackable, the X RRP ledger, but it may very well be down the road. Someone finds a new way. You got, there's millions of hackers out there who all they do is sit in front of their terminal all day and they, they, they try different things and they, they get frustrated. They go away, they come back to it and they, they sit there and then they try and they try and they try different things and then Right.
[00:43:19] TJ Bettles: Until they just keep going until something works. It's, it's persistence. Right. And that, that's another thing that makes a good ethical hacker is most give up too easily. Right. If they can't find the, the easy way in. And, and in a lot of instances, your first go through of the information, you might miss something.
[00:43:38] TJ Bettles: Mm. Whereas you have to go back. It's like, oh, I, I don't really have a, a, a really strong attack plan yet. I'm gonna go back over my information and see if there's anything that I overlooked or missed. Or, or is there. Any other information that I can pull from the target that will help me. And
[00:43:55] Travis Bader: that's a tenacity that somebody who's on the spectrum will have in spades.
[00:44:01] Travis Bader: Just keep going, keep going, keep going. I know with, uh, you know, I was diagnosed a d ADHD when I was in grade three, and then a number of times afterwards. Still not a hundred percent positive. I have h ADHD based on literature, but I do seem to present some of the mm-hmm. All of the, anyways. Um, It's not necessarily the inability to pay attention because you can pay attention really, really well.
[00:44:25] Travis Bader: Mm-hmm. To things that you want to. In fact, of course, 24 hours can go by and you haven't eaten and you haven't left your seat and you're still working on the same thing. Cuz a puzzle anyway. Are you speaking
[00:44:34] TJ Bettles: about yourself here? Because those are, those are, those are some traits of autism, huh? Yeah. You do some research on your own.
[00:44:41] TJ Bettles: You might, you might be amazed at what you find. Hmm. Interesting. I, I'm like that too. When I get immersed in a penetration test for a client, my wife can come into the room and, and, and try and talk to me. I don't hear, I don't hear damn words. She says, Hmm, I'm, I'm too, I'm like, so laser focused on what I'm doing.
[00:45:00] TJ Bettles: I forget to eat, I forget to go to the bathroom. I forget to shower. I've, I'm just, I'm immersed in it, man.
[00:45:08] Travis Bader: Huh, interesting. So that trait. Is, and I've seen other people that work in like just basic engineering. They're trying to, or, uh, computer engineering and they're trying to problem solve and they give up and they don't know how to do it.
[00:45:23] Travis Bader: And someone's like, have you tried this? Have you tried this? Have you, have you just pressed control brake like back in the day right? As you're going through Escape. Escape, right. That was always the one, uh, password coming up on the game you want to do. But quick, quick, quick, quick control break and you get past it, right?
[00:45:38] Travis Bader: And Yep. Um, interesting. Uh, R F I D, have you ever played much of that? No. Okay. I played a little bit, I made some ar, Arduino, R F I D reader writers, and then, uh, I ended up. Some commercial ones. And that's, I think, a massive vulnerability for people who think, oh, look it, I got a super high tech secure. I just swipe my card.
[00:46:04] Travis Bader: Don't even swipe it. Proximity. Go. Those are so
[00:46:06] TJ Bettles: not secure. It's, it's, it's actually quite easy to clone a badge. Yeah. Surprisingly. I mean, it's, I just say the more I I got into the security stuff, the more, the more I realized how much of an opportunity, business opportunity there, there was for what it is that we offer.
[00:46:29] TJ Bettles: We don't sell software. We're not, we don't go out and advertise, we don't do marketing. Our business has grown from word of mouth and client referrals. Yeah. You know, uh, the nature of what we do, it's. There has to be trust there. And, and, and I, myself, I'm hesitant to work with people or organizations that I don't know or aren't known within my network of people that I know
[00:46:58] Travis Bader: well, people don't know what they don't know.
[00:47:00] Travis Bader: Right? They don't know they're at risk until all of a sudden their credit cards compromised. Yeah. And that's massive, like identity theft. Oh, huge.
[00:47:07] TJ Bettles: So I'll give you an example of that. Uh, a couple of weeks ago or last week, I was doing a penetration test for a, uh, a nonprofit. So it's an end of life care place.
[00:47:19] TJ Bettles: I'm not gonna say who it is. What we were able to, just looking at the website was able, I was able to pull, uh, stored credit card numbers.
[00:47:29] Travis Bader: Well, that's, what do they call it? PCI compliance or p Yeah, yeah, that's, uh,
[00:47:33] TJ Bettles: which is, and they, they take donations from over their website through an unencrypted connection.
[00:47:39] TJ Bettles: And, uh, I just, by running the website through a tool I use called Burp Suite. Are you familiar with Burp Suite? No, no, no. That one, it's, it's a web application testing tool. It is one of the most amazing programs I have. I have ever had the pleasure of learning how to use. Really? My God, it is so awesome that, uh, what you can do with it.
[00:47:58] TJ Bettles: You can do brute force attacks. You can, you can do basically pull back any information on, on different pages, and you get the response code, you get all the information. Really. Oh, this is where you, and it's
[00:48:09] Travis Bader: online,
[00:48:10] TJ Bettles: it's online resource, or? No, it's, it's, it's a, it's a program that, uh, the community version comes with Linux.
[00:48:16] TJ Bettles: Okay. Callie Linnux. It's just basically this, that's the platform that I use for hacking most of the time. There's a couple of other. Uh, operating systems that I will use depending on what it is that we're, we're doing. Yeah. Um, but Callie's usually the go-to and Burp Suite comes with it. Um, it's, it, it's made by a company called Port Wicker.
[00:48:34] TJ Bettles: Okay. And, um, the, they have a free edition, which is, the community edition doesn't have all the features of the, of the, the pay edition, but, uh, it's for web application testing. So you can pull back all the pages and you can even do SQL injection, cross-site scripting. So anywhere, anywhere on a webpage where you have an, the ability to input data.
[00:48:54] TJ Bettles: So whether it's a login, login form, or a search function, et cetera. In a lot of instances, websites are vulnerable to SQL injection or across a scripting just simply by dumping a payload into the, the field where you enter in information. So with Burp Suite, you can then capture. Capture that information into, into Berk Street, and then you can change your payloads.
[00:49:18] TJ Bettles: You can run brief force and then just see which one's
[00:49:21] Travis Bader: gonna work. Wow. So would a headless design website be inherently a little bit more secure if one area gets compromised and might not compromise the entirety? Or
[00:49:32] TJ Bettles: If you get in one place, then chances are they're gonna get in for the rest of it. Okay.
[00:49:36] TJ Bettles: It's just a matter of time. Okay. It's just about escalating privileges and being able to then access different resources. And if you get in to the internal, there's usually no controls. Like most organizations now are running active directory on the, through their internal networks. So employee comes into work, they log into their computer, they, if their login screen right, they put their username and their password that's logging into active directory.
[00:50:02] TJ Bettles: So they're on a, actually logging into an internal domain. Mm-hmm. Active directory is so vulnerable, it's not even funny really. And, and mostly due to default settings. So people don't admin. Yeah. It people don't know what they don't know. Right. Uh, and, and they end up setting up active directory incorrectly, so it leaves it vulnerable.
[00:50:27] TJ Bettles: So we've done some internal ones where we've gone in, uh, where we were given, um, login access just to gain initial foothold onto the, onto the network to do an internal network assessment. And within a few hours we were able to take over the domain controller, uh, and basically have root control over your entire network.
[00:50:50] Travis Bader: Man, that's scary. Yeah,
[00:50:53] TJ Bettles: you're very
[00:50:53] Travis Bader: scary. Have you heard of a guy by the name of Sammy Cam car? No. You should look him up. I think you'd enjoy some of the stuff that he's done, but, um, He back in the day, MySpace days. Oh, that's, that's way back then, eh, going back. But he's still active, he's still doing his stuff.
[00:51:09] Travis Bader: But, um, uh, he's does the ethical hacking and stuff as well. But back in MySpace, I guess he made the world's, and I might still stand to date, um, fastest propagating worm. And essentially anybody who like clicked on his profile would get a little thing injected on their profile that says like, Sammy Camcar is my hero.
[00:51:30] Travis Bader: My name is so-and-so, and Sammy Camcar is my hero. Right. Anyone who clicked on their, um, their link, it would do the same thing. And basically it just boom. He, he put the thing out there and it just spread like wildfire. And, uh, he looks for exploits and things and he does a lot of stuff at the actual physical level of like working with the, um, The microchips and everything.
[00:51:55] Travis Bader: You know, the neat one with a, uh, a Mattel toy called, uh, I M M E, um, basically it was an instant messaging device for kids who the parents, excuse me, parents didn't want to give phones to and expose 'em to the world. They could only instant message between other people who had these things. And it was running a, a Texas instrument, um, chip in there.
[00:52:18] Travis Bader: That was actually a pretty cool little chip that he said, geez, that's, I can't believe they're using that chip in there for this little device. And he developed a, um, some code to use this little kid's device to basically open up any, uh, rolling code. Uh, was it rolling code? No, I don't know if it did.
[00:52:38] Travis Bader: Rolling code and basically all garage door openers, all garage doors. You can open it up this little kid's device, uh, using, uh, deru and logic where, oh, if you have a number, like let's say the password is, uh, Uh, uh, 2, 3, 4. Right. So you go root forcing your way through. He found that he could greatly reduce the time of injecting a code if the device didn't require a reset in between each password.
[00:53:06] Travis Bader: Mm-hmm. So if he goes 1, 2, 3 and he's keeps running 4 56 in the middle, there he is, got 2 34 and that would be the password that, so anyways, pretty brilliant fellow. And he, what was the other one? Uh, peep mail if you wanted to see who was, and I don't know if it's still running, but it was kind of a neat one.
[00:53:27] Travis Bader: You could go onto a website and say, let's say, Amazon or, um, Microsoft or whatever it might be. And you could essentially search all the people's names who are associated with email addresses through that system in a good way to be able to find out, um, people's email addresses, contact the big boss or, or pretend to be someone.
[00:53:50] Travis Bader: I guess
[00:53:51] TJ Bettles: that's, finding email addresses is one of the easiest things That's one of the. What you, I've mentored a few guys along the way, and that's one of the first things that, like I teach them, is the open source intelligence stuff. It's like how to find email addresses and figure, and if you can't find it, what you make educated guests is like, especially if you're a salesperson.
[00:54:10] TJ Bettles: Hmm. You know, you're, you're always looking to try and connect with decision makers. Right. Right. And so how do you do that if it's not listed on the website? Well, you got LinkedIn, you can figure out, okay, who works for this organization? Who's, who's the big boss? They likely have a LinkedIn profile. Then there's some different tools that we can use to figure out the syntax for the email address.
[00:54:32] TJ Bettles: Uh, and then you just go from there. And then, then you, there's another couple of other tools that you can use to verify the email address before you even send them anything to make sure it's it's Oh, really? A legit email address. Smart. Oh yeah. So it, it automates a lot of that rather than doing it one by one, it it, you just, Point and click.
[00:54:49] TJ Bettles: And
[00:54:50] Travis Bader: is AI gonna play a role into this, into how you can start shifting
[00:54:53] TJ Bettles: through data? I've, I've been playing with AI actually. Um, I had a, I have a bypass for chat G p T, so it allows me to run it from the Lin Linux command line using an API plugin. Cool. And so it, with this bypass it, I've got it to write exploits and, uh, scripts for me and things like that, so That is crazy.
[00:55:18] TJ Bettles: Um, there's, there's, there's a, a guy at a Singapore who has built an open source penetration testing. System. That's the back end of it. Is, is, is run by chat g p t four ai. Yeah. And I've been meeting to download it, I just haven't gotten around to, to trying it out yet. Um, but he says from, it's the AI assists you from the prospectus.
[00:55:46] TJ Bettles: So of if you get stuck, the AI will be able to look at all the information that you've pulled down and go, okay, have, you haven't looked over here or over here yet? It's time. You, you should go look in these areas and it will give you hints on
[00:55:59] Travis Bader: how to, right. Because this, they've been building safeguards in like originally I could upload, and I guess you can still do it through api, but I could upload unlimited size document essentially.
[00:56:09] Travis Bader: And it would, so if I've got a book I have to read to prepare for a podcast, I could upload that book and it can give me a summary of all of these different things. I'm sure there's a way to do that now, but you can't. Do it right through the front facing anymore? No,
[00:56:23] TJ Bettles: you, you, you need to run the, the bypass.
[00:56:26] TJ Bettles: Mm. Uh, on the ba on through, like Linux or whatever the, the bypass I have is, is written in Python.
[00:56:33] Travis Bader: Right, okay. Yeah. So some of the, uh, the prompts, the safeguards are putting in now is like, sorry, I can't help this. I can't divulge that. Or whatever I may be. Yeah, exactly. But is that only on the front facing?
[00:56:45] TJ Bettles: That's only on the front facing the, the, the, the running it from the command line with the bypasses. There are no restrictions. Wow. And that's the whole, that's the whole reason that a hacker would want to do that, or the ethical hacker would wanna use a, uh, something like open ai, open ai, ai chat, G P T for that is because it can help you with that kind of thing.
[00:57:07] TJ Bettles: Now I got just to test it out. I got it to write me a couple of scripts. The coding could be a little bit better. Mm-hmm. But it wasn't bad. It, it, it, it, the scripts ran. They worked. They worked. They, they could be a little bit more efficient, but they worked.
[00:57:24] Travis Bader: Geez.
[00:57:27] Travis Bader: Seems like the, uh, the whole landscape's gonna be changing over the next few years
[00:57:31] TJ Bettles: here. Yeah, I think so. Um, I don't think we'll see the disappearance of the human penetration tester anytime soon. What the, what AI lacks still is that outside the box thinking that creativity that the human factor brings into it.
[00:57:50] TJ Bettles: Right. The, the ai AI only knows what it knows. Yeah. It's not at that point yet, I don't think where it has the ability to think abstractly and outside the box when it comes to trying to push forward on a penetration test. Now I'm just saying that based on my limited. Experience playing with it. Mm-hmm. Um, I certainly need to experiment more.
[00:58:17] TJ Bettles: Mm-hmm. In order to, and I've been waiting, I, I, I reached out to open AI and asked them for an API key for the newest release, which is chat G p T four, and I'm on a wait list.
[00:58:30] Travis Bader: Okay. So day-to-day person, everyday person, say, I don't run a business. Just average person. Where, what are typically their biggest concerns from a security standpoint?
[00:58:46] Travis Bader: Is it just luck of the draw if they get targeted?
[00:58:50] TJ Bettles: Yeah. I mean, unless they're being targeted specifically by, by a malicious actor. And that does happen. You see that happen with, uh, VIPs, celebrities, that kind of thing. They get targeted by, especially if you're, if you have a, a public persona per Right. You know, uh, The malicious actor could end up tarking you because they wanna shake you down for, for money.
[00:59:15] TJ Bettles: They're gonna steal your information and put it out there. And there might be things that you don't want going out into the public domain. Mm. So they'll be like, okay, well I'm gonna, I'm gonna dump in on the web unless you pay me x x number of dollars Mm. Through Bitcoin or whatever, right? Mm-hmm. Um, so what can the individual do to protect themselves?
[00:59:34] TJ Bettles: Don't use public wifi. Okay. Um, stay up to date with their software patching on all their devices. So anytime you get a, um, a systems update from, for your phone, download that same with the apps that you have running on your phone. Make sure they stay up to date. Mm. And, uh, use strong passwords.
[00:59:55] Travis Bader: Are there ever system updates that come through that aren't actually system updates, but there's somebody trying to get you to update something?
[01:00:02] TJ Bettles: I'm not, do you have a, an iPhone or
[01:00:05] Travis Bader: a Yeah, I shut it off before we
[01:00:06] TJ Bettles: start recording, but Yeah, yeah, yeah. Um, I, I've never actually seen that, but I suppose anything's possible. Yeah. It would, it would mean that they would have needed to compromise the system server that you would be getting the da, the update for, say, iOS, right?
[01:00:21] TJ Bettles: They would have to have then put something malicious on the download server so that you're connecting from, so they could not target you directly in that regard. They'd have to go through, like target, apple, and then put something in there that you would then download. And now I'd like to think that Apple is pretty secure.
[01:00:42] TJ Bettles: But again, just like everything else, if you're connected, you're, you're vulnerable. Mm. Uh, it used to be that there was a story that would go around that Apple is far more secure than Microsoft.
[01:00:55] Travis Bader: It's not, I don't know if it's. In my opinion anyways, at the time was just less people were using it. That's exactly it.
[01:01:04] Travis Bader: And so there's less people trying to attack it. Yeah. And so those known exploits weren't.
[01:01:08] TJ Bettles: And there's, there's exploits that are, are being made public all the time, our vulnerabilities for iOS devices and Apple products. Hmm. So again, staying up to date with your software patching is probably the biggest thing because that, that, from a hacker's perspective, that's, that's an easy win.
[01:01:26] TJ Bettles: Mm-hmm. If you're running outdated software, I'm in. Mm-hmm. It's, it, it literally won't take me very long at all. Really. Oh,
[01:01:32] Travis Bader: yeah. What about open source systems? What are your, what are some of your favorite places to go to for open source? Would it just be basically social media for op, like
[01:01:40] TJ Bettles: intelligence wise?
[01:01:41] TJ Bettles: Or, or, or, well, if you're
[01:01:43] Travis Bader: tools and if you're taking your first steps at looking at a, um, uh, doing an ethical penetration test on a business, uh,
[01:01:51] TJ Bettles: okay. So if, let's just use an a, an external penetration test. So with that, we look at all of the access points to the internal network, the website, uh, routers, that kind of thing.
[01:02:02] TJ Bettles: And we pull as much information, uh, From those IP addresses that are within the scope of the test. Mm. And then we analyze and then go from there. Um, we have yet to do, uh, an engagement where we have not found at least one critical vulnerability, which means full compromise. Wow. And, and you know, in a lot of instances we don't actually go and there'll be certain things that we won't run against a client target.
[01:02:32] TJ Bettles: Like so for example, we can attack pieces of software that are attached to a website or you can, you can even attack the memory and the operating system. Right. We wouldn't generally attack the memory and the operating system cuz that could crash it and cause damage. Hmm. So there would be certain attacks, like one's called a buffer overflow is basically you, you part of the attack crashes, it crashes the system.
[01:02:57] TJ Bettles: And if you know how many bits it takes to crash, A resource you can at that exact moment when it hits that, that number of bits to crash it. Mm, you can then insert code and launch and get a, get a shell. Mm. That will give you a reverse shell access to the resource. So I don't like to run those against our client targets.
[01:03:21] TJ Bettles: Not that all of them would cause damage, but there's a risk, right? So there's certain things like in, in that regard that in my opinion, I, I'm hesitant to go and, and do that simply because there's risk of causing harm, damage, et cetera. Um, remember we have to remember what our, our, our focus is, and that's identify and document not cause damage.
[01:03:46] Travis Bader: Where do you see the future of. Cybersecurity going,
[01:03:50] TJ Bettles: it's gonna get worse before it gets better. Yeah. Oh yeah. Um, there's a lot of people now learning how to do this stuff, but it, it takes a special kind of in individual. Some people can try, try, try, try. They don't, they don't pick it up at all. And others within six months, they're dangerous.
[01:04:07] TJ Bettles: You know, when they first, from when they first. Start playing around with it. And it's just, it's like anything else. It's a skill. It's just practice, practice, practice, practice. Hmm.
[01:04:18] Travis Bader: Easier to identify pattern recognition. This work last time. Yep. Just give it a shot again.
[01:04:23] TJ Bettles: Yeah. And then you just, you end up learning as you go.
[01:04:26] TJ Bettles: Cuz a lot of times you get stuck on an engagement and you have to, okay. Where I'm stuck here, what do I do? Okay. Out to Google. Yeah. Start searching. You know, uh, when I first started back in the nineties, that stuff didn't really exist. So I hang out with my friends and we sort of learn off of each other.
[01:04:42] TJ Bettles: I had a, a buddy that lived down the street from me, he taught me the basics and so we kind of went back and forth and then we lost touch with each other. And then I met another friend in my twenties who he was the, the greatest hacker I've ever known. And he's never taken a computer course in his life.
[01:04:56] TJ Bettles: Really. The guy's like seriously a genius. Uh, and uh, he taught me more about. All of this then. Really? Yeah. And then, and then when I was hacked in 2018, that's when I really kicked it up on my own. My friend that, that was the hacker who taught me, he's, he's in his fifties and he's, he had a stroke and
[01:05:14] Travis Bader: Right.
[01:05:15] Travis Bader: Yeah. He's young, young for a stroke.
[01:05:18] TJ Bettles: Yeah. Uh, he's, he's had his issues with him hit by a car a number of years ago. And anyway, that's another story altogether.
[01:05:25] Travis Bader: No kidding. Yeah. Well, is there anything else we should be talking about on this before we, uh, wrap up?
[01:05:31] TJ Bettles: I can't think of anything. Um, if, if you think that we might be able to add value to your organization, reach out to us.
[01:05:42] TJ Bettles: Yeah. Um, I'm sure Travis will, uh, publish our website and our contact information when he puts this up. Yep.
[01:05:48] Travis Bader: So we're gonna have, uh, links in the bio. We're gonna have links, okay? Both on the podcast, both you on YouTube. And you know, it's probably causing people to have a whole bunch of questions. And it's something I know about you is you enjoy those sort of things.
[01:06:03] Travis Bader: You enjoy questions if people have them. So look at the links, contact TJ with your questions. Tj, thank you so much.
[01:06:11] TJ Bettles: Thank you very much.