DEF CON Comedy Inception
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 109 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/36412 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
DEF CON 2323 / 109
12
19
20
23
24
29
32
33
36
51
58
60
62
66
67
68
69
70
71
77
82
84
85
88
89
92
98
99
103
104
107
00:00
Internet forumLevel (video gaming)CybersexDifferent (Kate Ryan album)Multiplication signPerturbation theoryHacker (term)Data storage deviceMereologyDecision theoryRight angleIterationVariety (linguistics)AreaGoodness of fitInternet forumPOKEBitOrder (biology)QuicksortComputer animation
04:27
QuicksortDifferent (Kate Ryan album)Position operatorInformationMusical ensembleMultiplicationFamilyRoundness (object)Hacker (term)Level (video gaming)Integrated development environmentArtificial neural network
05:50
Group actionArtificial neural networkPerturbation theory1 (number)SoftwareMultiplication signOnline helpSelf-organizationRight angleVideo gameGodMereologyRevision controlPerturbation theoryFigurate numberAdventure gameStatement (computer science)Green's functionSpherical capAreaLaptopTime zoneExecution unitBridging (networking)BitValue-added networkTouch typing2 (number)DeterminismGoodness of fitComputer animation
10:54
Internetworking2 (number)DeterminismInternetworkingRight angleConnectivity (graph theory)Multiplication signBuildingSeries (mathematics)Wave packetAuditory maskingDifferent (Kate Ryan album)Variety (linguistics)Scripting languageStapeldateiComputer animation
13:21
TwitterWorkstation <Musikinstrument>Server (computing)Web 2.0Shooting methodCopyright infringementTwitterWorkstation <Musikinstrument>WindowGodInternetworkingPasswordComputer animation
14:38
Power (physics)Key (cryptography)Right anglePower (physics)Source codeSoftware developerReal numberLevel (video gaming)Formal languageCybersexReading (process)Computer animation
15:53
Software testingStructural loadLevel (video gaming)AreaRight angleCodeBuildingPhysical systemExistenceGoogle MapsStructural loadSoftware testingProcess (computing)Server (computing)Goodness of fitDenial-of-service attackMultiplication signInternetworkingComputer animationSource code
17:14
ASCIITable (information)Physical systemMultiplication signTrailMoving averageInternetworkingGodRight angleTwitterCybersexCodeSubsetGame theoryRouter (computing)Metropolitan area networkComputer animation
20:27
CybersexPlastikkarteInternetworkingWorkstation <Musikinstrument>Reading (process)Connectivity (graph theory)Multiplication signComputer animation
21:52
Control flowMachine visionLevel (video gaming)MereologyTwitterGame controllerInternetworkingRandomizationCopyright infringementDigital photographyRight angleLine (geometry)Arithmetic meanPoint (geometry)ThumbnailComputer animation
23:29
Sign (mathematics)Directory serviceBuildingInformationInternetworkingWorkstation <Musikinstrument>Food energyGame controllerFörderverein International Co-Operative StudiesProjective plane1 (number)Lattice (order)Wave packetSuite (music)Case moddingCommunications protocolControl systemService (economics)Sign (mathematics)TwitterComputer animation
24:43
Office suiteSign (mathematics)Power (physics)Real numberScripting languageBitCase moddingDisk read-and-write headInternetworkingOffice suiteDirectory serviceRight angleQuicksortFamilyReverse engineeringCodeGoodness of fitRemote procedure callInformationMotion capturePower (physics)Multiplication signPhysical systemComputer animation
26:10
Sign (mathematics)GodComputational intelligencePoint (geometry)BuildingOffice suiteGoodness of fitMultiplication signInformation securitySlide ruleType theoryWorkstation <Musikinstrument>Text editorInternetworkingData miningMassManifoldKey (cryptography)Firewall (computing)TwitterTheory of relativityRight anglePower (physics)Connectivity (graph theory)Public key certificateCoefficient of determinationAreaSource codeComputer animation
28:05
Server (computing)Online chatLink (knot theory)Functional (mathematics)Multiplication signRight angleInternetworkingAsynchronous Transfer ModeComputational intelligenceDisk read-and-write headBitArtificial neural networkCall centreReading (process)AverageSoftware testingFirewall (computing)Touch typingMetropolitan area networkComputer virusRevision controlTraffic reportingComputer animation
29:29
Demo (music)System callArtificial neural networkData managementInternetworkingMassMoistureFirewall (computing)Demo (music)Level (video gaming)Right angleWindowAuthenticationLoginSlide ruleTangentMereologyTouchscreenCuboidSoftware testingFrame problemGoodness of fitWeb pageComputer animation
30:56
Demo (music)Server (computing)WebsiteCuboidSocial engineering (security)Medical imagingMultiplication signBit rateTouch typingDefault (computer science)2 (number)Wave packetInformation securityGame controllerEmailTouchscreenInternetworkingComputer iconDependent and independent variablesException handlingThread (computing)Right angleSoftware testingComputer animation
32:15
WeightLength of staySlide ruleMultiplication signBitMachine visionKeyboard shortcutWordReal numberRight angleWeightWindowNumberTime travelPoint (geometry)Physical systemEvent horizonOcean currentOpen setType theoryInstallation artEmailSign (mathematics)Order (biology)Link (knot theory)Power (physics)SoftwareBit rateMereologyEntire functionPasswordProcess capability indexBookmark (World Wide Web)Speech synthesisGoodness of fitTouchscreenHand fanPublic key certificateComputer animation
33:36
Office suiteProcess capability indexField (computer science)Dependent and independent variablesGame controllerTraffic reportingNumberCountingMultiplication signGame theoryFile viewerPlastikkarteCartesian coordinate systemComputer animation
34:53
Density of statesPlastikkarte1 (number)Right angleRadical (chemistry)LoginCartesian coordinate systemNumberAreaSoftware developerAttribute grammarData storage devicePresentation of a groupMultiplication signPoint (geometry)InternetworkingWindowGodLaptopTrailGame controllerWave packetProcess (computing)Open setOrder (biology)Process capability indexIP addressHacker (term)Density of statesRevision controlMobile appLogistic distributionLogarithmChecklistPlotterMathematicsPhysical systemComputer animationJSON
36:54
ScreensaverPower (physics)Letterpress printingMultiplication signBitNumberData storage deviceData managementPoint (geometry)Electronic mailing listChainExpressionException handlingPower (physics)Physical systemMoving averagePlanningVideo gameRadical (chemistry)Right anglePasswordSingle-precision floating-point formatOpen setQuicksortScripting languageComputer animation
38:23
FreewareGame theoryWebsitePlastikkarteMultiplication signSlide ruleGraph coloringArmMereologyServer (computing)Regular graphMetropolitan area networkGoodness of fitInternetworkingMetreDevice driverImage registrationBitComputational intelligenceConnected spaceCuboidOrder (biology)Right angleMappingComputer animationSource code
39:55
Perturbation theorySingle-precision floating-point formatAutomorphismBootingComputer configurationOperating systemSystem callHand fanOffice suitePerturbation theoryProcess (computing)Goodness of fitMehrplatzsystemInformationAsynchronous Transfer ModeInformation securityLevel (video gaming)TwitterRevision controlNear-ringCoefficient of determinationSoftware testingComputational intelligenceComputer clusterMusical ensembleHTTP cookieMultiplication signMereologyJSONComputer animation
41:56
Workstation <Musikinstrument>Cellular automatonData centerProcess (computing)InformationMetropolitan area networkWorkstation <Musikinstrument>Goodness of fitBitType theoryRight angleMusical ensembleNoise (electronics)Open setGraphics tabletFile viewerAsynchronous Transfer ModeDrop (liquid)Line (geometry)Entire functionMultiplication signData centerOffice suiteComputer animation
43:11
Event horizonCopenhagen interpretationInformation technology consultingRight angleWebcamCellular automatonGoogolTwitterDependent and independent variablesRing (mathematics)Grand Unified TheoryProcess (computing)Sound effectShooting methodPasswordMathematicsComputational intelligenceIP addressGastropod shellOpen setMetropolitan area networkAddress spacePresentation of a groupMultiplication signPoint (geometry)EmailInternet forumSemiconductor memoryEncryptionInternetworkingJava appletLink (knot theory)GodComputer animation
45:31
Computer-generated imageryTotal S.A.Maxima and minimaGodWorkstation <Musikinstrument>Core dumpEmailAddress spaceMoving averageMP3Right angleState of matterOffenes KommunikationssystemObject-oriented programmingProcess (computing)Computer animation
47:05
InternetworkingControl flowTouch typingInternetworkingSpacetimeCovering spaceGame controllerACIDLaptopAsynchronous Transfer ModeCountingOffice suitePasswordRight angleComputational intelligenceWebsiteObject (grammar)Slide ruleUser profileKeyboard shortcutGodComputer animation
48:45
Information securityPlane (geometry)DialectService (economics)Disk read-and-write headNumberPerturbation theorySlide ruleGoogolFood energyMedical imagingReverse engineeringTraffic reportingMetropolitan area networkPlastikkarteLaptopPhysicalismPasswordPlanningCybersexInternet service providerLoginComputer animation
50:00
PasswordServer (computing)Software frameworkDomain nameGame controllerLink (knot theory)Square numberFactory (trading post)Auditory maskingHacker (term)Mathematical singularityShared memoryRemote procedure callCuboidSpreadsheetMehrplatzsystemTouch typingNumberPlastikkarteInformation securityArtificial neural networkInformationPhysicalismComputer animationMeeting/Interview
51:29
Information securityExplosionType theoryInformation securityReal numberMultiplication signMetreInternetworkingMetropolitan area networkRight angleTraffic reportingInternet service providerBitHand fanHidden Markov modelRow (database)InformationScripting languageData miningIn-System-Programmierung2 (number)Port scannerLevel (video gaming)State of matterComputer animation
53:14
ExplosionPhysical systemWindowMultiplication signNumberTraffic reportingSerial portData miningVirtual machineFile Transfer ProtocolOperator (mathematics)SmartphoneGame controllerMedical imagingSet (mathematics)Water vaporBitBookmark (World Wide Web)PlastikkartePoint (geometry)Covering spaceSlide ruleProcess (computing)Control systemPerturbation theoryTriangle
54:37
Physical systemFile Transfer ProtocolLaptopData Encryption StandardPlanningNumberLoginPrisoner's dilemmaConfiguration spaceGoogolBootingSystem administratorArtificial neural networkInternetworkingMilitary baseDomain nameIntegrated development environmentProcess (computing)Complete metric spaceFile Transfer ProtocolHard disk driveMultiplication signProjective planeOnline helpLaptopControl systemSoftwarePhysical systemBackupEntire functionForcing (mathematics)Game controllerRight angleDifferent (Kate Ryan album)
56:18
Workstation <Musikinstrument>TwitterMultiplication signServer (computing)Computer virusInternetworkingWindowWater vaporRule of inferenceLine (geometry)Data centerPhysical systemComputer architectureArtificial neural networkEntire functionNumberIntegrated development environmentPower (physics)Causality1 (number)CybersexMetropolitan area networkActive contour modelAreaInformation
57:42
Physical systemGodTwitterGroup actionTraffic reportingVulnerability (computing)Data miningBackupProduct (business)Frame problemProof theoryWebsiteValidity (statistics)WindowSoftware bugSequelInternetworkingIP addressProjective planeArtificial neural networkBackdoor (computing)Open sourceGame controllerDomain nameEmailPasswordMereologyPhysical systemControl systemSystem callMeeting/Interview
58:58
Control flowPhysical systemDistribution (mathematics)InternetworkingHacker (term)Slide ruleWebcamRight angleGame controllerCybersexMetropolitan area networkReal numberInternetworkingControl systemDistribution (mathematics)Web pagePhysical systemGodNumberMultiplication signHacker (term)1 (number)Operator (mathematics)Scripting languageGraph coloringCoefficient of determinationSystem administratorVariety (linguistics)Directory serviceRootConfiguration spaceBus (computing)Communications protocolCase moddingSuite (music)Computer animation
01:00:23
TwitterConfiguration spaceSoftwareDiscounts and allowancesCase moddingMultiplication signCommunications protocolScripting languageFamilyPower (physics)Data centerEntire functionWater vaporStudent's t-testPersonal digital assistantTournament (medieval)Auditory maskingLevel (video gaming)Physical systemSlide ruleGodBitPlastikkarteEmailPolar coordinate systemFiber (mathematics)Core dumpComputational intelligenceGoodness of fitData miningRing (mathematics)Computer animation
01:03:08
Finitary relationTwitterFirewall (computing)Normed vector spaceTheory of relativityInformation securityCoefficient of determinationFirewall (computing)Multiplication signLink (knot theory)Slide ruleComputer animation
01:04:24
Process capability indexExplosionIRIS-TSystem callFirewall (computing)Software testingFirewall (computing)Traffic reportingCall centreProcess capability indexRevision controlLevel (video gaming)System callSocial engineering (security)Domain nameSystem administrator
01:06:40
Social engineering (security)Computer programEmailClient (computing)Social engineering (security)Multiplication signSoftware development kitMedical imagingCuboidWebsitePlastikkarteEmailDependent and independent variablesInformationKeyboard shortcutReal numberRight angleWave packetSoftware testingFreewareComputer animation
01:08:22
Virtuelles privates NetzwerkBit rateEmailEvent horizonPasswordInformation securityProcess capability indexProcess capability indexPasswordWordEvent horizonRight angleMereologyOcean currentSlide ruleBitSoftwareEmailEntire functionOpen setPublic key certificateWindowTouchscreen
01:09:43
Dependent and independent variablesControl flowBlogTrailMathematicsNumberDependent and independent variablesTraffic reportingGame controllerTrailRight angleData storage deviceCartesian coordinate systemLoginPlastikkartePort scannerMathematicsProcess (computing)Radical (chemistry)
01:12:05
PlastikkarteData Encryption StandardPlastikkarteMathematicsGoodness of fitNumberChecklistCartesian coordinate systemOrder (biology)Logistic distributionProcess capability indexMultiplication signData storage deviceMoving averageVirtual machineChainElectronic mailing listData managementComputer animation
01:13:34
Cellular automatonMobile WebTerm (mathematics)PasswordArtificial neural networkGame theoryPower (physics)PasswordExpressionData storage deviceRadical (chemistry)Single-precision floating-point formatVideo gameFreewareConnected spaceWebsiteDevice driverWord2 (number)Information securityOffice suiteMereologySystem callComputational intelligenceOrder (biology)Level (video gaming)
01:16:22
Musical ensembleMereologyComputer animationSource code
01:17:53
Type theoryFluidLine (geometry)GenderLevel (video gaming)Office suite
01:19:17
MaizeInternet forumInternetworkingEncryptionUltraviolet photoelectron spectroscopyAddress spaceComputational intelligenceMultiplication signGoodness of fitPasswordEmailPoint (geometry)IP addressInformation technology consulting
01:21:33
Information securityTime seriesState of matterAddress spaceEmailState of matterPoint cloudNormal (geometry)Process (computing)Object-oriented programmingComputer animation
01:22:48
Asynchronous Transfer ModeComputational intelligenceClient (computing)PasswordHacker (term)Link (knot theory)Domain nameGame controllerNumberRemote procedure callInternet service providerAuditory maskingLaptopCache (computing)CuboidInformationPlastikkarteSpreadsheetArtificial neural networkServer (computing)Physical lawDialectLoginWebsiteMedical imagingService (economics)Single-precision floating-point formatMehrplatzsystemUser profileSoftware frameworkComputer animation
01:27:08
Multiplication signType theoryInternetworkingBit2 (number)In-System-ProgrammierungInternet service providerComputer animation
01:28:55
Perfect groupRow (database)Hand fanPerturbation theoryInformationMultiplication signSlide ruleCovering spaceComputer animation
01:30:16
TriangleBootingSystem administratorProcess (computing)Domain nameOnline helpIntegrated development environmentSoftwareMultiplication signArtificial neural networkComputer animation
01:32:21
Windows ServerService (economics)WindowLine (geometry)Water vaporServer (computing)Integrated development environmentGodComputer animation
01:33:41
WebsiteWindowGame controllerWeb pageInternetworkingOnline helpCybersexProduct (business)Domain nameIP addressArtificial neural networkSystem callPasswordComputer animation
01:35:15
GodOperator (mathematics)Gastropod shellEnterprise architectureDirectory serviceVariety (linguistics)Multiplication signGraph coloringSystem administratorDiscounts and allowancesScripting languageSystem callComputer animation
01:36:51
WindowCore dumpNetwork topologyFiber (mathematics)Water vaporRadical (chemistry)Power (physics)Physical systemLevel (video gaming)EmailMultiplication signComputer animation
01:38:15
Firewall (computing)Logic gateWide area networkDuality (mathematics)Link (knot theory)Social classEnterprise architectureIdeal (ethics)Annulus (mathematics)MassWave packetEntire functionPhysical systemFirewall (computing)BitComputer animation
Transcript: English(auto-generated)
00:00
All right. Let's do this. All right. So I am a former panelist for what was known as the DEF CON comedy jam, otherwise known as the fail panel. This is not the fail panel. It's really close, though. So the fail panel went away. We decided it was time for it to go away. I wanted to carry the torch. So now the panelist has become the moderator. Hence
00:26
inception. We're working towards inception. We've gone one level deep. So the panelist is now the moderator. And we've got a bunch of folks that I thought when I was going to submit the CFP that would make some really great part of the resurrected formerly what was
00:44
known as the fail panel, now the DEF CON comedy inception. We'll see what we start calling this potentially as we go through. But we're going to have lots of fun. Not everyone while we're here. So to my right in no particular order, we have Dan Tentler.
01:11
Amanda Berlin. Chris Distrunk. Chris Distrunk. Not yet. Chris Blow. Will Genovese.
01:32
And yours truly, Larry Pesci. Now there are a couple of our panelists that this is their first time on stage at DEF CON. So it's time to drink. Okay. Cyber. I brought the
01:48
good stuff. Okay. Amanda, into the mic, right? All right. Okay. Get it close to your
02:26
microphone. Chris, technically you spoke earlier at this con, but this is the first time here. So drink up. Dan, would you be so kind as to pass those down? I wouldn't ask you guys to do anything that I wouldn't do. We'll get back to that. Okay. Cheers. To
02:47
fail. Moving along. So while we're here, we're going to be soliciting donations for charity. Okay. Who's charity? We'll get there. Which charity? Who's charity? No,
03:08
charity is out on the strip somewhere soliciting already. Okay. All right. So in previous iterations of this panel, we've made waffles on stage and all sorts of other
03:22
shenanigans. We want to come up with something different because we're in fact different. So we are in fact doing hot sauce tasting for charity. I've got two varieties of hot sauce. We'll get to that in a minute. So consider that. We're going to do hot sauce tasting for charity. Please. If you're going to try some hot sauce, donate something for charity. But some of this stuff is really hot. Consider the value of the
03:49
antidote. If you can't handle it, we've got four gallons of milk and four loaves of bread. So we've got you covered. Now that said, I won't ask you guys to do anything I wouldn't do. All right. So when we initially talked about doing this panel, we
04:09
talked about doing donations for the electronic frontier foundation and hackers for charity. As moderator, we've changed our mind and I made the executive decision a little
04:22
bit earlier. So we've changed the charity that we're going to donate to. How many of you guys know this guy? This is DJ Rance. He's been in our community for many years. He does lots of fun things for us on stage. Spinning all sorts of music. And he
04:43
absolutely loves this community. And in fact, the community loves him. Rance, are you here? No? Well, that's okay. I talked to DJ Rance last night. And we're, Rance is in an interesting position. I would consider Rance a good friend even though I don't know him
05:04
that well. Just because he's a member of our family as hackers. And Rance was recently diagnosed with pancreatic cancer. He's undergoing multiple rounds of chemo. I talked to Rance. He says this is okay to say. Because the environment is all about learning
05:23
and sharing information. He puts it that this is just sharing a different kind of information. So Rance has been diagnosed with pancreatic cancer. And as some of you may know, this is often a death sentence. There are people that do survive. And we really hope that Rance is one of those people. So in honor of all that Rance does for
05:45
our community and to show our love for DJ Rance, we are going to in fact collect donations for PanCan.org, the pancreatic cancer research network. I've done some
06:02
research with folks and all of our other organizations to help fund pancreatic cancer research and or some either cure or some ability to prolong and or better the life for those who have been diagnosed. So I hate to bring this on a downer right to begin
06:21
with. But we really do love Rance, me personally. And no, not like that. Except for that one time at Derby Con when he gave me my first ever White Russian made in a hotel room. So Rance, this one is for you, buddy. All right. So here's the blanket
06:49
statement. Tasting this hot sauce is at your own risk. I'm not going to make you sign a waiver. Don't be dumb, please. This stuff is hot. We have one that is a ridiculous
07:01
amount of skull units. We have toothpicks. Why? Because some of these you may want just a little. Okay. And then again, I said I wouldn't ask you guys to do anything that I wouldn't do myself. So bear with me for one second. Don't die, bro. All
07:31
right. So we have two versions of hot sauce. This is homemade green zombie hot sauce from our garden last season made from green tomatoes as well as a bunch of other
07:42
secret stuff. This is the hot one. Figures I should have opened the toothpicks first, right? Don't spill it, bro. Don't fuck it up. Hey, I fucked that up. No, that's the
08:04
other one. All right. Audience participation. Stick your dick in it. That's the not hot one. You can ding that whenever you want. That's the not hot one. We'll ding you all day. I'm going to lose my shit. I can't remember the character's name. That doesn't
08:23
help. Breaking Bad. The dude with the bell from Hector. Ding, ding, ding, ding. So this is the really hot one. You will note this is the cap. This is not the bottle.
08:40
Yeah, there's a little bit on there, Dan. There's some on there, right? Yeah, that's good stuff. Yeah. And for those of you that don't know, Dan makes his own pepper stuff that's amazing. Yeah, that's good. Oh, my God, no. By the way, if you get that stuff
09:08
on your hands, don't touch your private areas. Or do. Or anyone else's. Unless you hate them. We don't judge. We don't judge. We just film. All right. But if you do, let us
09:23
know. Yeah. All right. So it's time for the kick. So we can go get started with all this fun stuff and hopefully get you guys to laugh. Don't forget to drink. And while these guys are starting to talk, I'm going to get the hot sauce and all the other fun stuff
09:42
ready for you guys. So I'll be down on the far end of the stage and have a place for you guys to give us some donations and try some hot sauce and have a good time. So with that, let's get in the van. Let's go get ready to jump off the bridge. And who wants to go first? I think we elected Dan to go first. We think we elected Dan to go first.
10:01
Are you kidding me? You're pissed. I don't care. It's that kind of party. No, it's going to be that kind of party. I'd stuck my dick in the mashed potatoes. So Dan, I don't care. You're coming up here, buddy. He is vastly underprepared. Oh, yeah. Did we
10:24
neglect to tell you that? What could possibly go wrong? Somebody else could go first. Don't fuck it up. Oh, I plan on it. So Dan, did you not know we were doing a panel and stuff like you need a laptop for? This is the part where we troll you. Oh,
10:44
shit. Amanda, what is this pink thing you have in front of you? Higher, higher. What, this? Yeah, that. This is my sexist ban hammer of doom. Do I want to know? There's a vulva on one side and a dick on the other. You can be knighted a sexist. You can be
11:10
knighted. Will is going to be knighted in 30 seconds. I actually found this at Gurcon in the hotel room when we checked in. It's made it through four cons. Was it
11:24
decorated as such? It was not. I'm pretty sure I just ruined some little girl's something. A pretty, pretty princess. Now it's my pretty, pretty princess hammer. With a dong and a vulva. Which are both pierced. Yes. There's a lot more detail on that
11:42
vulva than there is on the dune. There is. The vein work is nice, though. The vein work is nice. Very, very crooked. Does it work? Does it do it? Yeah. Right. So you've got me first. This is going to be the best transcript ever. I hope all you
12:02
people brought helmets because you're going to need them. I'm going to do my best to channel George Carlin. 150, holy fuck. Anybody go to Bruce Potter's talk this morning? No? Yeah, I'm going to do that. Yeah, it's going to be that. So yeah, so Larry comes to me a while ago and he says we want you on this panel. I'm like all
12:21
right, cool, what's a panel? He says it's a fail panel. I said oh, I have the perfect thing. So for folks that aren't aware of the research I've done, which I suspect almost everyone in the room, I have made a habitual problem of going and finding stupid bullshit on the internet that shouldn't be on the internet and ranting about it at
12:40
conferences for something like the last three or four years. It will happen. It's Def Con. Whatever. Is this why I came in with a mask and stuff? Right. So over the last four years or so I've done a series of talks at a variety of different conferences where I poke fun at the different things I found connected to the internet. And
13:02
believe me, there are things online that you will do the whole Jackie Chan what the fuck meme face over and over and over again. So the title of my component of this panel is literally 115 Batch of Stupid Things You Can Put on the Internet in As Fast As I Can Go, Somebody Get Me a Drink. With your host, me. About me, nobody cares. Thank you,
13:25
sir. Cheers. So big question. If there can be a thing and you can put a web server on the thing, should you put a web server on the thing? Yes. Let me introduce you to tonight's fucking mascot, Totes Magotes. Should you put a web server on the thing?
13:44
Totes Magotes. Fuck yeah. Let's do it. Fuck it. We'll do it live. So some of you may remember my 2014 Twitter rampage pirate ninja baby command amount of 9001 when I did that Def Con 20. My fire hose, Jodan talk where I basically did stuff like this.
14:01
We'll just get right into it. So why the fuck is a TV station online and I can get to it? Why would you give me control of a fucking television station? Why would you do that? Who is high and why aren't they sharing? Something German. I don't know. It's VNC. What the fuck? Windows CE. Why? What are you doing? Does that say washing? That's my
14:28
stuff. Take it off the fucking Internet. Oh, my God. Anybody want to make some phone calls? I bet we can guess the password. Or fuck it. Let's fuck with Korea. They're generating power. Let's go fuck with those guys. That's not my stuff. Press some
14:44
buttons and watch the news. It's a really fucking boring Mac desktop on VNC. Who gives a fuck? What a shitty finding. Mac desktop. Wait a minute. I wasn't the first one here. I wasn't the first one here either but it looks like you can get some SSH
15:05
keys off of this guy. That's cool. That's fun. Anybody been to the dentist lately? We can go back. We can learn things about drilling people in the skull. You can write some
15:20
Python if you feel like it. I write Python. Really angry Python that makes real developers upset. This just hurt my face. I don't know what to say about it. I can't
15:43
read. My brain is melting. I'm going to go. Second column, third one down. Love stage. Bang, bang. Well caught. Should we usurp the mascot? I'm not sure. I'm not sure.
16:07
That's what Ushi said. You can go to college here if you want. 702 is this area code, isn't it? Shit, I didn't notice that before. 702 is Las Vegas. That may also be the love stage, bang, bang. Anybody know what happens if skate equipment takes a
16:23
selfie? Might look like that maybe. A picture of the building in which the skater system exists. Awesome. Now I can find it on Google maps. Another post on the same college. This one was lonely. HTTP load testers. That's cool. Give the public access to
16:43
test things. HTTP server. This is preconfigured to denial of service. Well done. Good job. Don't they do that themselves already? Maybe. So you can find solar bullshit on the internet. Why? This could be cool. I'm not sure. I haven't spent a lot of time
17:04
playing with it. But grain silos seem fun. Probably way too much. Many, many mornings until 5 a.m. But this guy probably spent a lot more time playing with it. Like setting up mat lab to track sports ball. Okay. That's cool. However, if you
17:23
travel to Sydney any time in the future, there's a dessert place I can recommend. There's another place you can buy some squid. That's cool. Squid. On the internet. Why is there fucking squid on the internet? Oh, shit. That's right. The fucking
17:40
love. Oh, God. What was that? Amazing. You guys are amazing. This is good. Crowd sourcing the fuckery. If you want to buy some avocados, I know a place. Or if you want to really piss off some dude. Right? So this goes on for a long time.
18:03
There are certain times I wouldn't want the lights to automatically come on. Some of these buttons are ridiculous. He's got a guest room and a TV room and a game room and a hearth. I want those problems. I guess what is that? A chest of drawers? Why would you automate it? Even better, a fireplace on the internet. That's fucking smart. Oh, my God. Okay. So
18:28
full disclosure. Who knows Dave Maynor? Dave Maynor? One guy. So me and that guy and Dave Maynor had what we called a showdown race on the internet either earlier this year
18:42
or late last year. I forget. It was a while ago. And you're going to love this. CSI cyber, their Twitter account posited a question to the Twitterverse asking can you set a fire using the internet to which several of us, no shit jumped out of our chairs and said I'll take that fucking challenge. Really? Challenge accepted. Then we began a Twitter
19:07
race where we found for the next three hours just the most batshit random crap you could find. We were using showdown at the time. Which by the way, if John is here, everybody should point to John and tell him how amazing he is. Without him we wouldn't
19:21
be able to do half of this stuff. John, I'm going to interrupt. We've got hot sauce up here. Don't stick your dick in it. If you stick your dick in it, you've got to eat all of it. John should have just named it show Dan. People think I'm the guy that made
19:49
it because I'm Dan and it's show Dan and they just sort of put two and two together. I have to tell them calmly, no, I wish I was that clever with the code. I just make people like Paul M. angry. I hear collusion. I want to keep going. If you want to give us
20:08
money still, you don't have to have hot sauce. It's not really giving us money. We should invest in Rance's cyber pancreas. On that note, here's a cyber car wash. Why?
20:32
Why? All right. That's cool. Oil tanks. That's great. Yeah. That's fucking smart. Somebody sat down and decided I need my oil tanks on the Internet. It's the future.
20:44
This is how it must be. Who knows where ride pier is? I didn't look it up. Apparently there's substations on the Internet. That's cool. This one I've posted before. Does anybody
21:02
remember this one? The friendliest skater on the Internet. This is a caviar cannery that I think it's in Sweden. This one made news in Sweden and other various components of England. Not England. Europe. Sorry. England, Europe, same thing, whatever. I only have
21:23
two firing neurons and they're making me drink. You're behind. So yes, fun times.
21:43
This one? We'll make sure it stays warm for you. Can anybody read what I think is Swedish? Because all I hear is bork, bork, bork. It's something. It involves
22:01
temperatures and pumps. That's cool. This is cooler, though. It's a coal mine. Why would you let me play with a coal mine? What's better than playing with coal mines? I can think of a lot of things better than playing with coal. Potato technology. This was part
22:23
of my pirate baby cabana battle 2014 crazy bat shit rage fuel on Twitter. We scanned the Internet live on stage and we had 36,000 jpegs of random crap we found on VNC and I spent four days going through all 36,000 photos and picking out the interesting stuff and
22:43
flinging it on to Twitter and it got a lot of attention. This was one of them and I had no idea what it was until some random on Twitter told me that's actually potato climate control. Well, now you can be very comfortable counting to potato. Right? So
23:03
here's an Italian hydroelectric plant that's generating something. I don't speak Italian, sadly, but there's one line there that says it's generated 1,087 kilowatt hours, which is a megawatt, if I'm not mistaken. Almost. 1.087 gigawatts. This one is kind
23:30
of the same thing, but this is in Swedish, I think Swedish or maybe Dutch. Looks like an electrical relay station. Same kind of deal. Why in the fuck would you let me into
23:41
your electrical relay station over the Internet? Is that the Univision logo on the bottom? But would you know anything to do with it when you got in it? Indoor energy control. Hey, Dan, if you got in it, would you know about what to do with it when you got in it? Dan doesn't know what to do with it. Dan never knows what to do when he gets in. Hence why he doesn't know what to do with it. I know nothing. Why did
24:07
you even let me up here? What are you doing? Prank caller, prank caller. Conference rooms? Anybody? You can schedule a meeting. Apparently there's a port training project at 8 a.m. Rad. This one's fun. Who was at ShmooCon in the last two
24:22
years? Anybody? You remember MS paint as a service? You can do it over the Internet. This is a hotel lobby sign directly connected to the Internet that's accessible to the public. What if we made it say something like Ebola outbreak? How many shat pants would there be then? All of the pants. I am not a ham radio like
24:47
ultra nerd. I know a little bit. I know enough to make real ham radio nerds angry. Apparently you can run a D star, I guess this is a repeater off a Raspberry Pi and then you can put it on the Internet with VNC. All right. That's cool. I see
25:01
Brendan shaking his head yes. Right. Here's another one. Another wonderful office. Same thing like a hotel lobby but it's an office directory. Same sort of deal. Whose pants do you want to make brown today? What can brown do for you? Anybody familiar with Jenkins? The fun one that has groovy script with remote code execution? With VNC
25:25
on top of things. You can track boats too if you really want. I am not a boat guy myself but some of you guys might be. You can watch people day trade. This is like you want to get some insider information from some guy who is broadcasting
25:41
everything to the world. Or you can watch his solar system capture power. That's kind of cool. Yay power. I am not sure what kind of evil stuff you can do with a solar power system except maybe like fuck with the lipo batteries if there are lipo batteries but I am not an electrician. The dude in the pink helmet can help you there. Holy shit a guy brought a helmet. It just dawned on me. I was like I hope
26:04
you all have helmets and one guy puts on a helmet. That dude is prepared. Right? Another what is this? I feel left out. More hotel lobbies. I am sorry this is an office building lobby. Another like let's next. Oh, God. All right. So the
26:29
Echoplex is going to have a bad time at some point. Also for the sake of convenience you will see people that will put their security work station like the type of place you will walk into that has like dudes working a counter that have
26:44
security stuff happening and they man all the cameras and the badge readers. Say again? You can. Or you can watch them on VNC because it is fucking publicly
27:00
accessible. Or you really I don't know I am not a Redditor but there might be other Redditors in the room. Here is someone you can mess with. There is a dude on Reddit that is broadcasting his desktop to the internet. Have fun guy. So I have a funny story about these massive diesel generators that also have fucking VNC on them
27:21
for some reason. A friend of mine did a security audit for a power generation company a while back and realized that these things for the sake of emissions compliance have urea pumped into the exhaust area. I don't know if it's in the manifold. I am going somewhere with this and you are going to love it. And similar to
27:46
another slide I am going to have later you can open the valve and fill the exhaust manifold with urea which drowns the generator. Urea is the key component in urine and you can literally blast it with piss. Right? Or you can actually make it rain at
28:07
least for people that are really short. Sprinklers on the internet. I did forget one thing. There was the curtains I didn't put on here. You can find curtains on the internet too. Like that's fiendish I am sure. Functioning curtains that open and
28:23
close. Like computer controlled fucking curtains on the internet. You can open the curtains and switch to manual mode. Right? There is this other cool Japanese ham radio chat thing I found. I don't know if they are using ham radio as the back hall for all the networking but I guess. I was scratching my head a lot. I sadly can't read. Cool. What
28:56
is happening in Japan that let's nerds talk to each other over the internet? Who the fucking thought? Maybe Travis thought about it. I don't know man. I guess his AVG is
29:08
cool. I didn't find any threats. I ask again did anybody go to Bruce's talk this morning about risk? No threats. Your virus is clear. I can look at all your pictures
29:22
of somebody else. All right. I don't know if this was on purpose or if this was because management people need to watch Indians shopping for massive networking equipment but there is that on the internet too. That's pretty cool. I don't know what an oil
29:41
seller is but I think it might be kind of important and you may not want to tell the world about them or where they are or how much oil they have and things like that. Did anybody do med sec here? Check this out. Yeah. Fun shit right? You are going to
30:01
think. You are going to say but all of the fucking naysayers in the room. It's a fucking demo. It's a demo. Fuck you. I found a real one with 16 live hospital page. Come at me bro. Why? And you know what the fucked up part about this one is? This
30:23
was RDP not VNC so slightly off tangent. This was the background of the desktop. You know when you RDP into some hosts it gives you a login window over the background and you can just drag the login window off the screen and you see this full frame. So this was like you didn't even have to authenticate to the box. You just could sit here
30:43
and watch. That's good. Yeah. And this is another one. Fun fact. Tell me these guys weren't compliant. Tell me they didn't spend a million dollars a year on auditors to come in and fix their shit. Back up one slide. That one? Is it a hospital bed or a fucking hospital bed? Ask Amanda. Heart rate will tell you. Depends on the person.
31:07
What is that? Spoil everything for me. This is cool. I can't tell if it's a giant lipo battery but apparently you can control it from your old iPhone. That's kind of neat.
31:23
And the little icon on the bottom right hand, the little door, this means it's a touch panel. There's a lot of these things on the internet. All the stuff Chris is going to get into, some of it is mine, is all weird bullshit touch panel stuff. These
31:40
touch panels people buy and put on walls to control things you can VNC into with a default credential. Sometimes no credential. Fun fact. So this is another what appears to be really boring Mac VNC desktop except not. I'm going to take this one. It's the same
32:01
fucking guy. If you look at the name, it's the same fucking guy. So now we're getting the threat. Where's threat butt? I need you. No. That is a personal problem. That is a fucking personal problem. What are you doing? His first slide is a back to the future
32:27
slide. That's the first thing that came to mind. We're time traveling. Just wait. I got you better. It's way worse. It's face slappingly dumber. What? No. Just wait. There's more
32:46
cameras too. So geovision is a system that does like coax, those little dome camera type deals you see. That's fun. These cameras are really boring so you can get to this guy's XBMC install and watch movies on his tab instead. Or if you're really bored, you
33:01
can go to this Israeli pharmacy and order a bunch of crazy drugs and get high. That's shitty time, you have Agua Para Flushing. Cheers. Net coffee sounds cool. I'd sign up for that. I mean, I don't know what it does but it's got my attention. Really? Counter
33:22
strike? Holy shit, counter strike one six, nice. Well spotted. Obviously, lost poise. Good time. Yeah. And speaking of like crazy drug dealing people, here's $300,000. Right on. That's cool. And then here's an Italian something. I don't know. I don't speak
33:45
Italian. I actually stared at this thing and squinted it for a good 15 minutes. I have no fucking idea what this thing is. Maybe we can tap Chris with it. I know Chris isn't paying attention but that's cool. Other Chris. They're too busy scissoring. And my camera's over there. You didn't fucking wait. Can't count on you people for anything,
34:05
can I? Right? Is that the Spanish Minecraft sound? Because we have Spanish Minecraft. Phil is going to have a bad time. But I don't know. Like, I don't know. I
34:24
don't know. You're just going to make me drink. Right? But then again, you can feel better if you just watch a mender's game. That's cool too. The Italians like letting their team viewer licenses lapse on their 408 kilowatt hydroelectric generating facility.
34:47
Maybe you can forget about that by fucking with this guy's sprinklers. And if you're bored with that dude, there's another hotel. This one's in Oakland. If anybody's from the bay area. Voltage sensors are cool. I'm not sure what they're connected to. Maybe
35:03
there's a camera somewhere I can find that has something like that. Or maybe I can print some circuit boards because that would be cool. Who wants to hack some shit? You guys want to hack some shit? Who needs O'Day, right? Wait. There was an attribution talk that happened. Did anybody go to Morgan? Morgan did a presentation with another lady earlier today talking about attribution. Well, we can give them a bad time if you
35:23
want because there's like Cali on VNC publicly accessible on the internet and you can fuck some shit up that way and send Morgan for a throw, right? Or you can make some Spanish copies of stuff. So like all the people that were like, oh, God, 98, Windows 98, Windows 95, no, Windows 2000, right? Windows 1000, somebody else was
35:42
like, oh, no, the Windows 98 is bad. Welcome to my world. It gets worse. It gets worse. Wait for it. Wait. It's the same fucking guy. Again. Can you point out the
36:05
mistakes he made in his evil, evil hacks and his nefarious plot to overthrow the internet? No? Anybody? When was the last time you saw system 32 on DOS? Dell, EQ, echo, open some IP address, blah, seven, blah, blah, blah, I explore.exe on
36:25
DOS. Really? This is what we call our threat landscape, right? This is what we're up against, right? I'm going to try and open IE on fucking DOS. And what will really bake
36:41
your noodle is why the fuck is DOS available via VNC? How did you sort that shit out? It's an SSH tunnel through time. What the fuck? I don't know. I'm just going to print off a bunch of porn on whatever this giant ceramic printer is and that will make me feel better. I don't know. Providential, adjective occurring at a favorable time. You
37:12
can't make this shit up. I love it. You can't. It's good. This one is good, too. Same
37:20
guy. I think. I think. Yep. Same guy. On a Japanese system except McAfee is catching his shit. Can you read it? Probably too small to read. That's McAfee catching some kid, some skid doing some stuff. I think this might be the same Korean power
37:44
generation plan. Obviously I need to drink. At this point I don't even. This is number four. I don't. So when people go home after con, there's going to be a lot of shit to
38:07
play with, right? Especially more blind skinny derp. I don't know who white team is but they're dumb. Either that or they have scripts that are blindly pasting shit into every open VNC place they possibly can because that's what it looks like is happening. Cubs
38:25
win? I guess. I don't know. Okay. Sure. A lot of shouty arm waving why, what the hell. It's colorful times. But there's big German reservoirs. Wasser wurrungen.
38:45
This is why Germans don't play scrabble. I can't pronounce that. I'm just going to e-write. This one does something. I don't know if it's agua par or flushing but I guess we can check. There's also regular ordinary Swedish meal time with what also appears to be, it's
39:01
a show, man. You don't know about regular ordinary Swedish meal time? It's good for you. Right? It's good for you. But you know, if that distracts you, you can go back to the day traders again because apparently they're really happy publishing all their shit to the internet in public. Something. If you guys got something, I got nothing. It's
39:24
measuring it in meters squared. It's Polish? That's cool. Syslog is in English. I don't even know. This I got nothing. Isn't that Apple map? Right? Yes, it's a map. It's
39:47
fucking potato. It's Apple maps map. Potato. I will see your potato and I will raise you a hot parlor wash. Is there a happy ending? Yes. Okay. How many fans of BSD are there in
40:05
the room? BSD people? Yeah? How many people think BSD is the gnarliest, strongest, most awesome operating system that's the most secure? Yeah? What about now? Good job guys.
40:21
My single user mode. No creds. No security. Nothing. VNC. Right? What about now? Fun shit. Anybody lactose intolerant? Because we can have you have a really bad time. Here's a dairy plant. This one does something involving cows. Wait, what?
40:49
They're milking horses. Won't someone think of the children? See the really, really interesting shit? I think Chris has known the horse before. The really interesting shit
41:01
is I had no idea that was there. I didn't even notice it. When I find the shit it's like 4 in the morning and I haven't slept. I'm like look at this bad shit and saying stuff and then I get on stage and I have like all of you guys to point out all the stuff that I never noticed the first time around and it's like version 2 for me. This is amazing. Why the fuck is there a horse setting on the dairy milk plant? Why is
41:30
it still considered milking? Cannibal says it hides and not milk. This is where your children's milk comes from in their school. I said dogobetta. Standardized
41:44
testing. That's what that shit was all about. No wonder they were pissed. Is this what mulk is? I'd be pissed too if they wanted to milk my kids at school. User genu, I don't know, whoever is French in the room can help me pronounce that. But elite
42:04
31337X. Good job. What is it? Genuo? No. Yeah, right? No rag rats. Yeah. So one easy
42:21
way to catch skids is to leave VNC open and open note pad. Because they will blindly shove whatever the fuck they have into note pad and then you can have it. It's like an ultra poor man's honey. Who knew that note pad could be a honey pot? This is no shit. This is a note pad honey pot. Holy fuck. Right? I can go faster. Here's a TV
42:47
station that hasn't fucking updated their team viewer license. Here's another fucking TV station. Here's a goddamn ATM. Why the fuck is there a camera on a goddamn ATM? Why Genuo is going to shit his goddamn pants when he sees this. He's going to confess to
43:03
Luigi that he's been taking shrooms the entire goddamn time. Then he's going to turn off the goddamn Lieberts and all the data centers are going to go down. Right? Then the entire city of downtown Copenhagen, give or take a few places we can shut off for fun. There's an ice rink here that you can defrost if you have the minerals for it. The ice
43:21
rink is under there. Right? Webcams, too expensive. Cheap cell phones, better. Shady cops tracking you. What the fuck? Pips, auto play. Google it. Scary shit. Why are they doing that? I don't know. The EFF is investigating. I found a hydroelectric plant. No. I don't need to breathe. It's too bad Anthony's not here. There's a story
43:55
with this picture. I'll try to tell it really quickly. I found this. I put it on Twitter. Some guy said Michael, I don't know if he's in the room or not. He's not here.
44:03
Michael, I didn't know at the time, oh, no, that's totally legit. I said no, look at that fucking art, man. This is a defacement. Some kid did some MS paint bullshit on some skater and now this is his own. He said no, no, you can let the Java run. I said you're Java and you want shells on my shit? No. He said no, no, I promise it's okay. I spun up a VM and ran the Java and it said megawatts. I went oh, fuck. I put this
44:24
picture on Twitter and the next morning the DHS called me. No shit, it was like that. This guy was like I'm going to have some interesting people call you. I'm like, cool story, bro, Twitter, whatever. 830 in the morning, ring, ring, hi, my name is Anthony, I'm calling from the DHS. I'm like, it was bad. Right? This plant stayed online for like a year. Like, I
44:48
was driving, I have a distinct memory of driving somewhere at least six months after doing this presentation the first time like three or four years ago. And John Mathile, he's DMing me on Twitter, he's saying that fucking plant is still up. I'm like, which one? And
45:01
he's like the Fumel one. I'm like, oh, no way. He links me to it and it rendered on my phone. I went no, God damn it. We have a dam in your country that has flooded, if you Google for barrage de Fumel you'll find news articles about how this dam has flooded people in the past. They just don't care. They literally were like, we're on vacation, fuck off. No shit, they were on vacation and they didn't want to fix it.
45:24
Responsible disclosure works if you disclose to places that give a fuck and this place did not give a fuck. This place I didn't even bother disclosing to, God dam it. And neither did this place. We're up to three now. And then there's a switching station that is
45:43
involved so we're up to four. And I give up. Car washes. It's true. There's also speakers which is really fun. Because you can just send a Rick roll MP3 straight to a minute place. That's good. But how rich do you have to be to have a fridge just for the champagne and have the champagne have an alarm? Right? I want those problems. I don't
46:07
want these problems. That's CERN. To be fair, they fixed it. This is like two years old. I reported like 200 something of these to their CERT department and at first they
46:20
didn't really shit. We're this big open system for academics and things like that. That's cool. But like, no. I shouldn't be able to see this. All right. Cool. That's fun. They fixed it. It was really cool. Yay, CERN. I found a bunch of ski lifts. This is really funny because it's a gondola. You can open the doors, turn on the alarm and I
46:42
think, I can't remember, I can't read French. Shout at people through the PA. You can send people up in a gondola, stop the gondola, open the doors, get the fuck out. Why would you let me do this? Why? Right? This one is cool. I found a fishery in the Oxford
47:08
covered market in England. I went there and I actually put my hand on it. That was really cool to find some random bullshit on the internet and go touch it in meat space. But then I saw something. There's lobsters. You can fucking control the
47:23
temperature of lobsters over the internet. There's also swimming pools that have acid tanks that you can control over the internet. What the, why would you do that? I'm
47:42
going to take a breath. I will exercise George Carlin and I would like you all to consider following. Stop putting shit on the internet. Or for fuck's sake, at least count to ten before you decide to do it, right? I'm out. Next. You made me go first.
48:20
I knew he should have gone last. God damn it. Why, did I just burn all the time? I look better in everything. It goes right there, baby. Don't forget, we've got hot
49:00
sauce. We're at 300 bucks. Only 300? This room is not really full, but still, come on.
49:07
All right. My name is Chris Sistrunk. Get back in here. Don't leave. And I follow this guy. If anybody could float, I think he could just hover around with all the energy that he has. Electric engineer, skater dude, Chris Sistrunk. Let's get cyber-physical. Hey, hey, hey,
49:28
yeah. If you don't recognize that guy, that's Ralph Logner, the Stuxnet guy. Love you, man. Yeah, yeah. If you read the report on the reverse engineering of Stuxnet, he did it.
49:42
Very smart guy. Let's talk about top ten cyber-physical stunts. First, Side Dragon 1 made planes go sideways. Then Charlie and Chris made a car go sideways. Okay. What's next? Devian Olin and Sergeant Howard Payne making elevators go sideways? Yes. This is the
50:07
great glass Wonkavator. It's an elevator. It's a Wonkavator. An elevator can only go up and down, but the Wonkavator can go sideways and slant ways and long ways and back ways and square ways and front ways and any other ways that you can think of. It
50:21
can take you to any room in the whole factory just by pressing one of these buttons. Any of these buttons. Just press a button and sing. You're off. And up until now, I've pressed them all. Except one. Don't press anything, Bess. This one. Go ahead, Charlie. Please. Don't click shit, Charlie. No, seriously, there's an elevator that goes
50:54
sideways from ThyssenKrupp. So don't touch it if you find one. All right. Number nine.
51:05
Physical security fail. This is at a substation. And this happens all over the place. Also, I've seen where you have all the substations that might have the same
51:22
lock. Well, a substation had a homeless guy living in it, and he had a key. We have relays and substations, and that's a picture of one all around the world in America.
51:40
There's a picture of an attempt to do port security using a lead meter seal. Yeah, that's real secure. There's a substation that got shot. Metcalf and Keo in Arkansas that got set on fire. Yeah, that's Metcalf. Well, no, that was a different one.
52:02
Sorry. That was in Los Angeles. Yeah. Pretty serious stuff. So physical security is a pretty big fail. Pretty big fail. I'm going to keep drinking. All right. It's
52:37
a raspberry beer. That's fancy. Okay. Scans equals attacks. There's a couple reports that
52:47
came out in the news where scans from Iran to these company censors and honey pots and they called them attacks. And then a colleague of mine was scanning honey pots to
53:02
test his new NSC end map script, and he was from Chattanooga. And there's a nation state in Chattanooga. His name is to the hilt. So we have pew, pew, pew. Those are industrial control system threat butt there with a serial port coming out of his butt.
53:25
Number seven. He kind of touched on this a little bit. Smart phone apps that you can control systems with. What could possibly go wrong? Oh, well, I have stories. I have stories of things going on. Show me your honor. A colleague of mine said that they
53:47
had to go reimage all these machines at a glass plant. And what happened was the owner got a new iPad for Christmas and decided to put one of these Siemens apps on there and decided to configure, maybe optimize some of the PLC settings in the glass
54:05
plant. And then everything quit working. And so she had to go reimage all of the machines back to like three years ago because that was the last image they had. And I've also seen a hospital, you know, every hospital has a generator and they have a
54:29
plant operator have control over the water plant with a smart phone. So not a great idea at all. What could possibly go wrong? Yeah. Number six. Anonymous FTP. First one. Me
54:46
and a couple of other guys, we do this in our spare time. We search anonymous FTPs. We found a skate engineer like me but not as dumb as me. Maybe dumber. He backed up his entire work laptop on his home terabyte hard drive. And so what we did was he called him on
55:05
an anonymous Google voice number and called him and said, dude, you got your work laptop backed up on the internet. You should probably take it off. And he was like, what? Who are you? You had one job. Yeah. That's right. You had one job. Don't
55:21
bring it at home and don't put it on your anonymous FTP backup. And then we also found a city in Florida backed up their entire SCADA system for their electric grid and all the configurations and all the drawings and everything else on their anonymous FTP login. And this is all found with Google, okay? So we called ICSR and we called them and
55:44
they finally took it down. But it was pretty serious. Also we found engineering companies had schematics projects, all these different control systems, prison control system where you could let the control system for the doors open. We also found the air
56:01
force bases and we also found like the top secret room where they meet. We found all the plans for those. And we reported those in. That was pretty wild. There's all kinds of things you can find on anonymous FTP. Kind of like what he does with scanning the internet. So we had this thing on Twitter called we are the artillery. All of us
56:23
been finding these things in our own time and trying to get them taken down. Poor architecture. Any rules, anybody? There's lots of those in oil and gas.
56:40
CISSP certified. Yes, exactly right. So we have lots of problems in industrial control systems. Not in the electric sector for these but they still have some failures too. Also oil and gas and water, they have flat networks. Not a very good idea at all. And then number four, there's squirrels. That's the number three
57:08
cause of power outages in some areas. No, it's not number one. Number one is acts of god-like weather. Don't listen to Jericho, okay? That's cyber squirrel one and then
57:27
there's mylar squirrel. Follow those both on Twitter and they'll tell you all the power outages that's caused by squirrels, rabbits, birds, snakes. I have a picture of a very nasty fried squirrel. Like took down our entire data center. Okay, I'll go
57:42
faster. Vendor excuses. Risk is accepted. So there's a Twitter account that a friend of mine and I run. So I'll let you read some of these. And these are actual real excuses that we've gotten from vendors after we found vulnerabilities in their stuff. We received a vulnerability report and decided that the best course of action is just to
58:03
continue this product. We reviewed the proof of concept frame you submitted but our engineer says the valid end point wouldn't send that. The bug wasn't ours but it was an open source project we use and do not fund or contribute to in any way. A backdoor
58:23
password was discovered in our firmware. We've changed it. Thank you. And there's a whole treasure trove of those that we put up on vendor excuses. You can actually send your own vendor excuses to, we have the email set up. And then we have this guy. He already gave this part of the talk, ICS on the internet. When someone asks how your
58:43
control system was breached. Me. So we found this. Sorry. Sorry. Sorry but not sorry. God dammit what the hell. Why? Can you say that to me real quick? I found more. But
59:01
I'm not going to go through all these. I've got just a few slides left. Found a distribution substation. The turbine system seems pretty cool. Oh yeah. We found wind turbines. The milkman is interested in turbines. Have you seen the milkman? Yeah I'm telling you. We found a Houston data control center where you could go and look at their webcam and then you could move their webcam and then someone moved it back. And
59:27
then they had like DMP3 and Modbus talking from there. So you know it's a real control system. And we called them and told them to take that stuff offline. I don't always connect my control system to the internet but when I do I use IPv6. That's safe right?
59:46
And then the number one. Skater hackers. That's Jack Daniel if you don't recognize the guy. His beard is an IOC. We had 15,000 skater hackers at DevCon last year.
01:00:00
last year. And they went to the ICS village. How many people in here have been to the ICS village yet? Okay. Great. That's awesome. We had a whole bunch of people last year. What do they use to attack this stuff? Burp suite. That just means that they're not using any of the control system protocols at all. They were trying to attack things that really didn't exist or
01:00:22
anything like that. So let's get them on the mod bus. Let's take you guys down to the ICS village. And we even have a cartoon. I don't know if you follow Robert Emily on Twitter. He has little Bobby talking about mod bus, DMP3, ICCP. So we were teaching these people about
01:00:42
the protocols. So we wrote a script called mod turnt. And it turns on the lights and then you turn down for what? And you turn the lights off. So that's all. We have some shout outs to Adam Crane, to the hilt, Robert Emily, Mike Tucker, all my skater brothers. And
01:01:10
then my wife who is somewhere here. I don't know where she is. There she is. I love her. That's what she said. Holy shit, this is terrifying. Anyways. Any time now. This is
01:02:04
great. This is awesome. Someone ring the fail bell for me, will you? Anybody good with computers? Larry, you're not helping. I'm trying the computer. There we go. Yeah. I fixed my
01:02:33
shit. Anyways. So when Larry, I got a drink again? Okay. Oh, that was not my
01:02:42
original drink. Okay. So as you can see, I thought of mine back to the failure. Thanks to ill will for making this slide for me. I really appreciate it. One thing I forgot though was it still says Steven Spielberg and shit. I don't really photoshop at all. So I
01:03:03
just crossed off and there's my name. So along with my name, so Chris because that is really my last name. I'm a senior technical advisor for rook security in Indianapolis, Indiana. I consider myself an infosec nobody. I have no O day. I don't do
01:03:20
anything really cool but I love the profession that I do. I have no relation to Joe blow or Curtis blow. I want to get that part out of the way right now. If you do want to follow me on Twitter, feel free to go ahead. However, you get to see pictures of me wearing a wizard hat which goes great with Dan's robe. You see pictures of my dog or pictures of
01:03:41
stuff I make food wise or you see me drink. Usually drink. Feel free to follow me if you want them. Let's talk about firewalls though. Before I talk about that, let's talk about Dan's talk that he gave at layer one this year because it relates to what I'm going to talk about at least in my next slide. So it's actually a really good talk about
01:04:02
failure. So if you want to see even more failure after this, I don't think you can get any more failure than me talking up here. If you want to go, go check it out. It's great. I think it's another fail because I think that link actually goes to the certain time mark in there to, you know, so you get to see this picture of this like this. More Dan. As if you didn't take up enough fucking time up here. Somebody had to say
01:04:28
it. Come on. That's all right. He did. That was like early 90s. How old are you? No, sorry. Anyways. So anyways, let's get into some fails. I'm really going to talk about a lot of
01:04:42
fails that I've encountered myself over the past ten years. Probably more like the last five years. But a lot of these different failures are, you know, ten plus years old. So going back to Dan's bit, we're talking about international call center here. That's all they do. Call centers all over the world. They wanted a typical PCI DSS version 2.2 pen
01:05:04
test. And pen test is in quotes for one good reason. That usually means we want you to run end map. Give us a custom report. Don't touch any of our stuff but go ahead and scan it with Nessus and give us a report and show us that we're great and that we passed for
01:05:21
the year. So as we continue on, you know, I find out that these firewalls are running at over 90% saturation. I don't feel really comfortable talking, you know, when I'm talking to these guys saying we're on a scoping call and I'm like, hey, do you really want me to do this during the day? And they're like, yeah, it's fine. We do this every year. Go ahead. It's fine. Okay. Great. I'm trying. I talk faster than, okay.
01:05:46
You know, we've got this 90% saturation going on and then I do a firewall review on these guys and find out that their OS is at least 8 years old if not older. So between that I took down an entire international calling center by using end map. That was great. I
01:06:01
dropped over 3,000 calls. They were really pissed off and I'm like you told me to scan during the day and I'm on this call with all these executive people and they're like what did you do? And I'm like I ran end map and everyone just went silent. It was really annoying. And they had alerts that were set up to look at things like if a firewall was running over 70% saturation. All of those were disabled. So then we get to
01:06:24
the external pen test and we find out they've got open RDP. So that was fun. They also had MSO867. Oh, and they had absolutely no D and a Z. So with all that being said, domain admin credentials were pretty easy to find. They are very angry with me still. So moving on. Let's talk about social engineering. So when I think of social
01:06:43
engineering I think of the social engineering tool kit. Thanks to Dave Kennedy and all the folks at trusted sec. I mean that wholeheartedly. I love that tool with all of my heart and I love what Dave's done with it over the years. Dave Kennedy is a great guy. He's awesome. And you get to see him all the time. But when I think of Dave Kennedy most of the time I usually just think of clowns. I really wish he was in the room because he
01:07:03
would be shitting his pants right now and running out the door. But unfortunately he's not. Now what's funny about this is I needed to get that image of the box of social engineering tool kit from his site. So quick side note, this is what happens when I go and grab that image from his site. And if you want a little more detail on it, it's like, oh,
01:07:22
look, this stuff's malicious. There's been malicious things that come from the site or whatever. But I downloaded it anyways because YOLO sec and you needed to do that. Were you using IE? Yeah. What? Okay. So for this next one, let's talk about a financial institution when it comes to social engineering. They wanted me to come in and do
01:07:42
an email phone social engineering deal with them. That was cool. They bragged a lot about how they had a bunch of info sec training, had a bunch of instant response training. They were set to go. Nothing was going to get past them. So we started talking about the scope of the engagement. So you're going to set up a hey, get a free iTunes gift card email and stuff, right? So they're like, yeah, come at me, bro. And I'm like, by the
01:08:04
time we actually got to what I was going to do, they were like, holy shit, you can't do that. I'm like, well, do you want a real test or not? I feel really sorry for the person transcribing this right now. I'm really sorry for whoever it is behind the keyboard. I don't know. They probably won't talk back. This is a real person, right? We
01:08:20
already discussed that earlier. That was a person's talk. Anyways. Yes. Right there. I'm really sorry when I use the word shit and fuck a lot. Anyways, so, keeping going. So
01:08:41
do a little bit of research and find out that their SSL VPN is just sitting there whiteout in the open. Nothing special about it. So the place where this was happening, they had a bunch of current weather events going on that was snowstorms and ice storms and everything else. So I decided to put that in an email and put that through a relay and be like, so, due to recent weather events, we're going to start having more people work
01:09:03
from home. Click on this link, download the new VPN software. 78% rate hit. That was awesome. The best part was not only did I get current passwords, I got their entire password history because people didn't think it worked right. What could possibly go wrong? I got nine slides left. I'm going to be quick. There really is, isn't there? Let's
01:09:22
talk about my favorite subject. It's really not. Let's talk about PCI. PCI is great. I just put this slide together. It's a whole bunch of shit on the screen there. You got Windows XP because that's pretty much all it is. Apparently you can get the certificate of compliance with PCI and that's kind of fun, too. Yeah, that's a whole
01:09:40
fail. Keep hitting that button through this whole PCI thing. Let's talk about, that's my corgi by the way. Top four responses to noncompliance. Number one, it's too hard. I can't put that in your report. Number two, write a compensating control for it. I cannot write a compensating control for the fact that you have a lockout duration of 20, it
01:10:03
takes 28 failed attempts before it will actually lockout your account. I can't write anything up about that. I'm sorry about it. The fact you do that is really fucking stupid. So then I get, oh, QSA last year said it was good. That's great. I'm not that QSA. I'm really sorry. I can't accept the fact that whatever this mess is a report that I'm
01:10:20
reviewing actually passed. So then they're like, we'll just accept the risk. That's great, too, but I can't do anything about that. So that's always fun. So anyways, let's talk about, can I help you? I do not need to drink right now. I'm trying to keep going then. So let's talk about a rental car company, a very big rental
01:10:40
car company. I had to be the technical QSA, which by the way, those don't really exist. That's really, which is really fun. So I'm going through all of these credit card, you know, they've got all these credit card applications. One of them is this terminal they've got. And I'm like, oh, that's cool. I need all these T logs, I need all these application logs, SIS logs, et cetera. So, you know, I find credit card
01:11:01
numbers in the logs and I tell the developer, hey, I've got credit card numbers here. And he goes, no, that can't be right. I'm like, well, it's there. That can't be right. We don't store credit card numbers. It's great. I've got them right here. So then we get a little farther and I'm like, oh, by the way, that's actually track one data in your logs. And I'm like, this is a big problem. And they're like, well, we don't store credit card data. That can't be right. I'm like, I don't know what to tell you, but
01:11:24
you've got them in there. So just to prove this point, I was like, how recently are these logs? He goes, oh, it's from the past, you know, two or three days. I was like, okay, hold on. So I get a credit card scanner out of my bag, connect it to my laptop, swipe it, same one that I used. It was my track data that I found in those logs. So not only was my track data in those logs, but we go back and it turns
01:11:44
out there was this poor QA change control process. So those had been, it had been storing track data for a couple months before they actually shut it off. It took going past a vice president before they would actually admit that they had accidentally stored data and it was something where they had implemented a new version, they forgot to turn
01:12:02
off the debug log function. So that was awesome. I'm going. So I got two more things to talk about here. So let's talk about a logistics company. And we're talking about people that do self-assessments. People love doing self-assessments because you can just go through, take this checklist of 12 items and be like, done, done, done, we're good. So they declined to do any kind of PCI data discovery workshop. That was
01:12:24
always fun. So I'm like, okay, we're going to have to go off what you say. They say, we've only got six in scope applications. Okay, great. 24 hours later we find out they've got at least 15. And then they got angry when we're like, we need a change order so we can actually assess your guys' stuff. It's always great. But there
01:12:40
was credit card numbers for everybody and it was all over the place and it was in notepad, it was in the notes on some of these apps, it was fantastic. So, okay, last couple slides. Talking about red teaming. Red teaming is definitely in quotes because every time I do a red teaming engagement, it is never a true red teaming engagement. So let's get past doc here. Come on. Okay, so we've got a retail chain. They want
01:13:02
to do a red team exercise, performed on some of their retail stores. That was fun. And doing a little bit of awesome, find out that they've got this huge party list that they do for their Christmas party every year and it's got manager names, store numbers, et cetera. However, a lot of that didn't really help because as a lot of us know, retail can be an employment revolving door. So I had no clue what to do for this.
01:13:23
And I walk in and I'm just like, oh, they've got Verifone machines. I'm going to be a Verifone guy. So I go in there, you know, I'm in like polo and khakis or whatever. And I'm like, hey, I'm a Verifone guy. I'm here to check on your new systems and da, da, da, da. And I thought I was in the door. So I'm like, rock and roll. Let's keep going. So, you know, we keep, I keep going through stuff. I've got a wonderful Pony
01:13:41
Express power strip and a couple other things in my backpack. I'm like, I just need to replace the UPS you guys have under your desk. Do you mind if I go behind registers there and connect stuff in? They're like, sure, no problem. Well, the problem was that place was a cellular dead spot in a certain mall that I was at. I couldn't get AT&T, Verizon, you name it, I couldn't get a single cell phone signal to save my life. So
01:14:01
that was great. However, I did find a mobile terminal. Those are fun. They're even more fun when the passcode is the store number, which I'm sure nobody is shocked at. So as I keep going back and changing out all these cellular cards, eventually the NOC calls me and they're like, well, they called the store and all their POSs were going down and
01:14:20
coming back up, going down, coming back up, what's going on? And they decided to talk and say that a Verifone guy was on site who was being very friendly and helping out. And that's when I started to cry and, you know, it was like, well, this might be game over. I got out of there without having to show the little get out of jail free card, but still that kind of sucked. So last two slides. And I really can't make this shit up because this is a failure not only on the company's part but more so on my
01:14:43
own. So I went to go do some work for an auction company, do a lot of stuff with automobiles, pretty much anything with a motor, do a lot of stuff with memorabilia, anything like that. And the best part was I couldn't get in the front door. The woman there, I went in there as that picture shows as an exterminator. And she's like, we've been using XYZ exterminator for 30 years. Who the hell are you? I was like, shit.
01:15:03
This has never failed before. I really wasn't expecting that. So I ended up, I made up this big story about, you know, oh, I'm a contractor, da, da, da, da. We kept going back on and on. And they never let me in. But I went around to the back door. That was open. And, you know, just kind of went wherever I wanted from there. I did that to all
01:15:21
three sites. So PII was everywhere. And I'm not talking, I never even had to plug a computer in. They had photocopies of driver's licenses, photocopies of car registrations, photocopies of people's credit and debit cards, photocopies of checks, photocopies of anything you can imagine. Now, granted, I would have to take a large duffel bag in there in order to get this shit out. But it was very easily
01:15:41
accessible. And no one would have been the wiser. The bad part was when I got to the debrief. And that was the next week. And I was like, hey, you know, look at this. I owned all this shit and I didn't have to even connect a computer, da, da, da, da. And they were like, wait, go back to that first one for a second. Did you make it to the second floor? And I'm like, no, no, that was right behind the receptionist's desk and she wouldn't let me in. They're like, our office is on the second floor. You just
01:16:04
owned one of our competitors' companies. It took every ounce of me not to say the word fuck on that phone call. So, you know, not only is there a failure still in, you know, infosec in general, but I'm still a dumbass myself. So getting off the stage
01:16:23
here, but, you know, if you guys, like I said, if you want to follow me on Twitter, go right ahead. If you have any questions or whatever, feel free to e-mail me. Thank you very much. I have to dance, right? That's intermission music. Depending on how
01:16:51
much money you put up in this charity jar. Is there like an unventilated can of varnish somewhere near Chris? No, he's always like that. We'll all dance. He dances for
01:17:09
no money. How much money have we raised? Not enough. Come on. $650. You are lame. Let's get it to a thousand. Come on. Lame. Come on. Why is everybody leaving? What
01:17:25
the fuck? Come back. Come on. I swear my part will be way better than theirs. Come on, stay. We know how to computer, kind of. Who told you you could eat my cookies?
01:17:47
That's some hot stuff. I can smell it all the way over here. Do I need some more intermission music? That'd be good. No, I'm tempted to make fart noises. Are you
01:18:17
ready? All right. So originally when Larry got me to do this talk, he said it was going
01:18:24
to be a holds barred type of talk where we could just talk shit about everyone. And then I found a couple special snowflakes that kind of shot me down. So I'm just going to tone it down a little bit. Originally I was going to do like an offshoot of the
01:18:46
joke, the aristocrats, to start off with. I feel so bad that Amanda is following this. Is there Oday in here somewhere? I hear you can't speak unless you drop an Oday on stage. Originally the first line of the joke when a gender fluid social justice warrior
01:19:06
named Caitlin walks into iron geek's office and asks for a raise. I was going to snowball it from there. Boo. So who I am? I'm ill will. Professional IRC troll.
01:19:23
IT consultant. I also run a non-profit hackerspace. I don't have any certs because fuck certs. And I'm black hat as fuck. So when I started off with computers, I liked to have
01:19:44
fun. Me and my crew, we used to roll around. We brought you the world of Paris Hilton. And I'm sorry for that because it's like opening Pandora's box if Pandora's box smelled like herpes. We also brought you the world of Fred Durst O face. If you can burn
01:20:06
that image out of your mind. So unfortunately that brings a lot of attention to yourself. I did get in some trouble at some point. When you do get in trouble, you get
01:20:21
arrested and you think it's fame and fortune and you can talk about bullshit stuff like mittnik all day but you just get a shitty movie made after you. So basically this is going to be talking about doxing. So one of the famous fuck ups was like rust from silk
01:20:42
road who got caught because he basically posted on bitcoin forums and some other shit with his own email address and decided to start up silk road. Not scrubbing all this shit after the time because everything that goes on the internet stays on the internet. Another fuck up is this big snitch. He was doing pretty good until he
01:21:08
logged on to IRC using his own IP address for getting a turn on tour. In effect, getting this guy in trouble. So he had pretty good op sec. Unfortunately he trusted a snitch. And
01:21:23
also his password for his computer was chewy123. So you have all the encryption in the world, the tour, but if you fuck it up with any character password, you're fucked. So raise your hand if you think your email address is in this dump. How many of you
01:21:47
people shit when you heard that one out? Yes, but not for that reason. So basically there's 50 million users on there. If you break it down, there's a couple thousand federal state employees, FBI agents, that all have nudes. All the girls that they're
01:22:08
talking to. So when that shit gets leaked, you don't want it to leak. iCloud was another big one over the past year. From all the celebrities over the past years that
01:22:21
were hacked into, they still don't learn to trust the cloud with all the nudes. Normal people fuck up, too. So this isn't any celebrity stuff. This is just stuff I come across in my day to day job. Let's see if I can get this thing to play. Just wait for the
01:22:44
audio. It's not playing. Oops. We can probably. Let's see. Hold on. Let me get the
01:23:05
audio. If any of you can recognize this sound, please shout it out. This wasn't the
01:23:35
Bally's pool last night either. I was working on a client's laptop. They had brought it
01:23:45
into me. It was in standby mode. It's still going in the background. They brought it in. I'm working in an office full of a bunch of people and that goes off. I had no way to shut it down other than shutting it down. Another fail. When you bring your computer
01:24:07
into somebody to fix, you don't have a folder labeled my escort site on top. And in the other folder, classroom material for kids. So I had this other lady bringing a
01:24:27
laptop. She brought it into me. Had powder all over the laptop, the keyboard, everything. Thought it was a weird thing. She had a user profile that was messed up. Fixed it. She said her kid had messed it up. I said I'll turn on the guest account and that way
01:24:43
your kid can't mess it up. She brings it back two days later. It's messed up again. Fixed it. She's complaining she shouldn't have to pay again because it was broken. About three days later, I got an ass dial at 3 in the morning from a phone number. Me being curious, I Googled it. The Google search pulled up her phone number which led to an
01:25:04
adult baby service. It wasn't actually her kid. It was her adult baby diaper guy. If you're going to use the phone numbers for all that stuff, don't leave it anywhere. It's a thing. It's a thing. Google image that shit. So the last thing is going to be like
01:25:34
health care. For my wife's mother in law had bought a laptop at a flea market for 50
01:25:43
bucks. She called me up and said I need a password removed from it. I just bought this healthcare provider. For the provider itself, as you know, you can get the MS cache password and log into stuff. Instead of removing the password, I decided to crack it. That
01:26:05
led me to get on to the Citrix framework for them to log into their server. They were curious enough to basically let me get onto their main domain controller from a link on the desktop. So, of course, me being curious as I am, I had donned my hacker mask and
01:26:35
started searching around. Not only were they curious enough to leave the remote desktop link on their desktop, they were also curious enough to leave an Excel spreadsheet with
01:26:44
every single user password, every single Wi‑Fi password on the box. I did that in 2003. I checked again about ten years later and I was still able to log in with the same user name and password and all the same stuff was there. I did see somebody at
01:27:01
besides Boston last year that actually worked there and I let him know that I had owned his whole network and I gave him all the information. I gave him my card. I checked again right before today and everything is still not changed. This is just a shout out to one of my buddies here. When I got in trouble, there was somebody that
01:27:24
contacted me a few months ago that got me into all this stuff. I wanted to say hi to Dan if he is in the audience. Also, if you are any type of CSSP, like Boris, last time I
01:27:44
seen him, I don't know if he is here, last time I seen him at the queer con pool, sweating vodka. Just to let you know, everything you put on the internet stays on the internet and someone is going to find it eventually. I had to rush through this because we
01:28:01
only have like ten minutes left. So we are good to go. Can you see it? I have like 30
01:28:33
seconds so this is going to be awesome. First time speaking at DEF CON, I don't have a drink so I'm not sure how that works. I hate beer. That's horrible. A little bit about
01:28:46
myself, I'm going to talk some about a healthcare provider that I worked at, an ISP that I worked at, and a little small time that I spent in education. I'm sick, I'm sick. Oh, perfect. So my name is Amanda Berlin, info sister. I have my fan club like in the first
01:29:11
couple of rows. So, yes. I've been doing blue team stuff for a long, long time. Worked
01:29:22
out a lot of shit. Next. Yeah. So still doing some hot sauce for charity. That isn't charity as far as I know. So get up here and give some money. And a little bit about
01:29:43
me, adult supervision required. If you hung out with me at any point in time, these guys can probably vouch for that. Yes. Run. Otherwise I wouldn't be up here on this panel. This is one of my favorite kids movies. I have three little boys at home. Not so little
01:30:00
anymore. But this kind of explains pretty much blue team and red team. Red team is just cooler but fuck it, I've been doing red team for ten years. It's a lot of fun. So just wait for the next slide. Cover your eyes if you're squeamish. That's a thing.
01:30:23
That's what you have to do to get your CISSP, I think. Describe the CIA triangles. He got forked. A little bit of process. Everything that I mentioned has been fixed already so don't try and go fuck up my previous employer because I really still do like them. It was one of the best jobs I ever had. Got a lot of experience. Wouldn't be where I am today
01:30:43
without them. So imagine walking into an environment that there's absolutely no help. The network grew with him. They switched to an EMR. They completely digitized everything and he
01:31:09
had no other knowledge other than the one-week MCSE boot camp that they took. And they knew things were bad. I'm a self-proclaimed sexist but he was really bad so not really
01:31:22
involving infosec fail but I was pregnant when I was working there and this dude came up and said every time that I see you, you're eating. You must have an oral fetish or oral fixation with me. Ah, fuck off. So he got fired surprisingly but they actually were
01:31:42
scared to fire him because he knew, he supposedly knew so much about their infrastructure that they didn't want to fire him because they weren't sure what exactly what happened if he left. Um, I got there, we started out with everybody in the entire department as a domain admin. Forty or so people, anywhere from help desk to
01:32:05
directors, uh, to software administrators to the people that actually needed it and actually knew what the fuck domain admins were. Um, and it just, we dove in and we finally realized what exactly was happening. So a couple things that we didn't have.
01:32:22
Didn't have anti-virus on anything. Servers, workstations, nothing. Welcome to my world. What could possibly go wrong? Um, had no WSUS. So we had Windows 2000 servers that hadn't been patched in four years. You know, no big deal.
01:32:40
Didn't that get into like Windows 2003 server territory? We had a couple server 2003s, yeah. It was in 2008. No biggie. Um, we had a decent data center. There were water lines piped above them for the fire suppression system for our entire data center. Uh, yeah, we had open ports everywhere in the hospital. Um, we had no idea what was
01:33:07
in our environment. This was after we spent about 40 hours cleaning it up. We had this isn't really infosec, but holy shit. Like just cable fail.
01:33:25
We're up to $700 by the way, everybody. Yes, nice. Yes, keep coming. Come on. Come on, come on. I'm trying. I'm trying. Sorry. I have like 10, like, I'm half done. I'm halfway done. Okay. Oh my God. First talk ever. We know Larry can go in two
01:33:45
minutes. All right. So we had no backups at all. We were running a fucking hospital. Uh, 500 beds, you know, 2,000 employees. No backups at all. Um, had no DMZ. Not only did we
01:34:03
not have a DMZ, um, our production website was on a Windows 2003 box, uh, who was dual homed. One access, one had a public IP address to the internet just straight plugged into it. The other IP address went to our internal network because the, it had to have access
01:34:21
to that because the SQL back end was on our domain controller. We just accepted the risk, right? Yeah, we accepted the risk. It was fine. What could possibly go wrong? It was fine. We were compliant. It was great. Um, not only, not only was that on our, on our domain controller, we also had the, um, our, our public Wi-Fi actually, that
01:34:42
was where the DHCP came from. That Wi-Fi had no password. Actually had a lady call me up when I still worked in the help desk saying that her internet wasn't working, um, down the road. So some, some old lady just called up. She thought for some reason it was
01:35:01
our help desk. We had like a splash page up to call the help desk. She called us, let us know her internet wasn't working. I'm sorry this guy really supposed to be your internet, but it was. She had no idea. Cyber. Cyber. So if anybody's in healthcare, this is a cath lab. This is one of my, one of my favorite stories. Yeah, yeah, yeah. So,
01:35:25
um, they do some stuff with like heart cath things where they open you up and do, and do certain things. Um, yeah, right. They, um, actually had, are you gonna pull me off stage? No. Get the fuck out of here. Go. Go. Go. I'm done. I'm almost done. I
01:35:43
swear to God. Next time I'm going first. Fuck this. So, um, we had our, we had our operator call about, about massively fast locking out Active Directory accounts. We actually had to write a script that would re-unlock the Active Directory accounts
01:36:01
because the cath lab vendor shipped us something. Guess what was on it? Enterprise admin access. Shells. Um, the porn that the CEO watches. A variety of colorful dicks. Ken
01:36:25
Ficker. Welcome to my world. That's better than a bunch of colorful dicks, only forerunner technology. So, so they, yeah, so they shipped us with Ken Ficker. Um, it completely, we got a really, we got a really good discount on this software. Really good
01:36:41
discount. Because we swore we would never say what their name was, um, when they shipped it to us a second time. Oh, sorry. Oh, okay. Whoever's transcribing this week. I'm so sorry. Alright, so we also had MS08-067 everywhere. Ken Ficker,
01:37:03
which I already mentioned, and Windows 2000 and XP. No big deal. This was actually a water fountain in, it wasn't supposed to be a water fountain, was actually attached to our boiler. Something happened with our power. The squirrel that I mentioned earlier took out power to our entire data center. See, I told you. And, and, I'm
01:37:24
really scared this dude's behind me. He's gonna fucking throw me off stage. He's gonna throw me off stage. 5 am! Literally, I walked in at like 9 pm at night, there was a 5 fucking foot water spout coming up in the, where our, where our, um, uh, where
01:37:44
it, like, where our fiber terminated. Every, I mean, it had our core switches, it had every, I mean, it was, I had to daisy chain a UPS and actually put it on that ladder so it didn't, didn't get fried by the water that was spouting up in the corner.
01:38:01
Best alerting system ever, yeah, best alerting system ever, uh, we had no monitoring, so best alerting system ever was our APCs. Any time you did an end of map scan, it would just send us an email for every single fucking one. Uh, I'm gonna skip that one. So, I have some personal fails. Yeah, sorry, not, I don't have any personal
01:38:25
massager fails, that's a whole other talk. Um, if you mass scan a Fortinet, it's a really bad idea. I've done it. It's colorful. It is very colorful, kind of takes down the entire school system. Yup. And everybody that you manage. Yup. So, and, and
01:38:40
checkpoints, which I probably shouldn't say. Next generation firewall. Next generation, great. So, last slide, thank God, um, I actually did a phishing ex, um, exercise to train the users in the, um, in the hospital I was working at. Went really well, I have a whole other talk on it. This one was amazing because as soon as I sent this out, I got,
01:39:01
I mean, a little bit later, I had a lady contact us and let us know that she really didn't appreciate it because she had to cancel her PayPal and Kohl's card. I felt really bad. So, I actually sent this out as a phish, um, and I'm done. I'm done. I'm done. Great. Sorry.
Recommendations
Series of 85 media
Series of 322 media
Series of 109 media
Series of 112 media
Series of 122 media
Series of 335 media
Series of 93 media
Series of 84 media