DEF CON Comedy Inception

DEF CON Comedy Inception
Speaker Bios: Larry Pesce is a Senior Security Analyst with InGuardians. His recent experience includes providing penetration assessment, architecture review, hardware security assessment, wireless/radio analysis, and policy and procedure development for a wide range of industries including those in the financial, retail, and healthcare verticals. Larry is an accomplished speaker, having presented numerous times at industry conferences as well as the co-host of the long running multi-award winning Security Podcast, Paul's Security Weekly. and is a certified instructor with the SANS Institute. Larry is a graduate of Roger Williams University. In his spare time he likes to tinker with all things electronic and wireless. Larry is an amateur radio operator holding his Extra class license and is regularly involved in emergency communications activities. Amanda Berlin is a Network Security Engineer at Hurricane Labs. She is most well known for being a breaker of hearts, knees, and SJW's. Bringing "Jack of All Trades" back to being sexy, she has worked her fingers to the bone securing ISPs, Healthcare facilities, Artificial Insemination factories, and brothels. Amanda managed the internal phishing campaign at a medium size healthcare facility to promote user education about phishing and hacking through an awards based reporting program. She is a lead organizer for CircleCityCon, volunteers at many other conferences, and enjoys writing and teaching others. Twitter: @InfoSystir Chris Blow is a Senior Technical Advisor with Rook Security. His most recent experience includes: penetration testing, social engineering, red team exercises, policy and procedure guidance focused on HIPAA and PCI DSS, developing security awareness programs, performing HIPAA assessments and serving as a Qualified Security Assessor for the Payment Card Industry. @b10w In reality, his primary duties are to be told by various clients that "security is hard" and to just "accept the risk." He's also well-versed in being told to keep vulnerable assets and people "out of scope." Chris is a graduate of Purdue University in West Lafayette, IN. Besides trying to keep up with all-things-InfoSec, Chris enjoys playing guitar, singing, and DJing. Twitter: @b10w illwill is a rogue blackhat as fuck subcontractor for top secret global governments. He spends his off time enjoying bubble baths, recovering from a debilitating injury as infosystir's former bean fluffer and hand carves realistic thrones made from discarded dildos found dumpster diving behind a porn store in Los Angeles. Dan Tentler likes to break things. He's also an expert on failure. Ask him about it. But ask with scotch. Twitter: @viss
all right let's do this all right so I am a former panelist for what was known as the DEFCON Comedy Jam otherwise affectionately known as the fail panel this is not the fail panel it's really close though so the fail panel went away we decided it was time for it to go away but I wanted to carry the torch so now the panelist has become the moderator hence inception we're working towards inception we've gone one level deep so analyst is now the moderator and we've got a bunch of folks that I thought when when I was going to submit the CFP that would make some really great part of the resurrected formerly what was known as the fail panel now the DEFCON comedy inception we'll see what we start calling this potentially as we go through but we're going to have lots of fun not much has changed we're here to poke fun at the industry poke fun at ourselves and troll everyone while we're here right so to my right in no particular order we have Dan tent ler Amanda Berlin Krista's dream yeah Krista's drunk not yet right okay Chris blow yeah we'll ill will Jenna VC and yours truly Larry Pesci now there are a couple of our panelists that this is their first time on stage at Def Con so it's time to drink okay cyber I brought the good stuff okay Amanda into the mic great all right okay good get it close to your face just like at the rest area okay all right so uh Chris Amanda will and Chris well because technically you spoke earlier at this con but this is the first time here so drink up dan would you be so kind as to pass those down now see ya I wouldn't ask you guys to do anything that I wouldn't do and we'll get back to that okay so cheers to fail that's different moving along bit okay so while we're here we're going to be soliciting solicit ated yes soliciting donations for charity okay and in whose charity I will get there okay which charity whose charity we're no charities out on the strip somewhere soliciting already okay this thing yeah all right so in previous iterations of this panel we've made waffles on stage and all sorts of other shenanigans we want to come up with something different because we're in fact different so we are in fact doing a hot sauce tasting for charity I've got two varieties of hot sauce we'll get to that in a minute okay so consider that that we're going to do hot sauce tasting for charity please if you're going to try some hot sauce you donate something for charity but some of the stuff is really hot consider the value of the antidote okay if you can't handle it hell we've got four gallons of milk and four loaves of bread okay so we got you covered okay now that said I won't ask you guys to do anything I wouldn't do all right so we when we initially talked about doing this panel we talked about doing donations for the electronic Foundation Frontier Foundation and hackers for charity as panel as moderator we've changed our mind and I made the executive decision a little bit earlier so we've changed the charity that we're going to donate to how many
of you guys know this guy okay this is a DJ Rance he's been in our community for many years DJ he does lots of lots of fun things for us on stage spinning all sorts of music and he absolutely loves this community and in fact the community loves him Rance are you here no well that's okay because I talked to DJ Rance last night and we're rancis in an interesting position I would consider Rance a good friend even though I don't know him that well just because he's a member of our family as hackers and rants was recently diagnosed with pancreatic cancer he's undergoing multiple rounds of chemo I talked to Rance he says this is okay to say to say because the environment is all about learning and sharing information he puts it that this is just sharing a different kind of information so Rance has been diagnosed with pancreatic cancer and as some of you may know that this is often a death sentence there are people that do survive and we really hope that wrasses is one of those people so in honor of all that Rance does for our community and to show our love for for DJ Rance we are going to in fact collect donations for pan-con org
the pancreatic cancer research Network I've done some work for these folks in the past and they work with all of our legal folks and all of our other chatter of little our nation our organizations to help fund pancreatic cancer research and or some either cure or some ability to prolong and or better the life for those who have been diagnosed so I bring this on a downer right to begin with but we really do love rants you know me purchased personally and no not like that okay except for that one time at Derby con when he forgave him and I first-ever White Russian made in a hotel room so they had rants you know this one's for you buddy
alright so here's the blanket statement tasting this hot sauce is at your own risk I'm not going to make you sign a waiver don't be dumb please this stuff is hot we have one that is a ridiculous amount of skull units we have toothpicks why because some of these you may want just a little okay and then again I said I wouldn't ask you guys to do anything that I wouldn't do myself so bear with me for one second here's where you guys been don't die ya know die bro don't die bro all right so we have two versions of hot sauce this is a homemade green zombie hot sauce from our garden last season made from green tomatoes as well as a bunch of other secret stuff this is the hot one figures I should open the toothpicks first right don't spill it bro don't fuck it up hey I fucked that up keep it no that's the other one all right audience participation stick your dick in it that's the not hot one you can ding that whenever you want that's not hot one baby I'll ding you all day I can't run with him character's name was his name that doesn't help okay freaky bad well no the dude with the bowl the dude with the Belafonte Hector Hector dr. ding ding ding ding ding so this is the really hot one you will note this is the cap this is not the bottle yeah there's a little bit on there damn there's someone there right yeah that stuff yeah good and for those of you that don't know Dan makes yeah his own zone pepper stuff that's amazing yeah that's good this is ha this is not fuck around huh yeah this is oh my god no put the top back on that so by the way yeah if you get that stuff on your hands don't touch your private areas or deals adventure or anyone elses Russia rhetoric unless you hate them we don't judge yeah we don't judge you to hell alright but if you do let us know whoo yeah all right so it's time for the kick so we can go get started with all this fun stuff and hopefully get you guys to laugh don't forget to drink and while these guys are starting to talk I'm gonna get the hot sauce and all the other fun stuff ready for you guys so I'll be down on the far end of the stage and have a place for you guys to give us some donations and try some hot sauce and have a good time so with that let's get in the van let's go get ready to jump off the bridge and who wants to go first I think we elected Dan to go we think we elected Dan to go first you're pissed off I know there's gonna be that kind of party I'd stuck my dick in the mashed potatoes Jesus all right so Dan I guess you're up you're you're coming up here buddy he is vastly under oh did we neglect to tell you that okay somebody else you go for right don't fuck it up oh I plan on it Oh so Dan like did you not know we're doing like a panel and stuff like you need a laptop for this is the part where we troll you oh shit Amanda what is this pink thing you have in front of you higher higher let this yeah that this is
my sexist ban hammer of doom do I want to know if there's there's a vulva on one side and a dick on the other you can you can be knighted as sexist I mean now you did this those gonna be knighted in 30 seconds hey I actually found this at gherkin in the hotel room when we checked in it's it's made it through four cons was it decorated as it was it was not I pretty sure I just ruined some little girls or something we're pretty pretty princess but now it's my pretty pretty princess and with it with a dong and abalone which are both pierced yes there's a lot more detail involved than there is on the building there is the vein the vein work is nice time the vein work is not uh very very crooked hopeful does it work it does it does it do there's how much it really uh it is right so you got Miami first oh this is gonna be the best train script no boiler people brought helmets cuz you're gonna need them I'm gonna do my best to channel George Carlin 150 fuck anybody go to Bruce Potter's talk this morning oh yeah yeah I'm gonna do that yeah it's gonna be that um so yeah so Larry comes to me while ago and he says we want y'all on this panel I'm like all right cool what's a panel he says as a fail panel and I should know if I have the perfect thing so for folks that are aren't aware of the research I've done which I suspect almost everyone in the room I have made a habitual problem of going and finding stupid bullshit on the internet that shouldn't be on the Internet and ranting about it at conferences for something like the last three or four years it'll happen that's DEFCON whatever that's why I came in with a mask and stuff right um right so over the last four years or so I've done a series of talks at various a variety of different conferences where I poke fun at the different things I found connected to the Internet and believe me there are things online that you you will do the whole like Jackie Chan what the fuck meme face over and over and over again so the title of my component of this panel is literally 115 batshit stupid things you can put on the internet and as fast as I can go somebody get me a drink with your host me about me nobody cares thank you sir
Cheers so big question if we if there can be a thing and you can put a web server on the thing should you put a web server on the thing yes yes let me introduce you to tonight's fucking mascot coach mcgoats shooting
put a web server on the thing don't mug out fuck yeah let's do it fuck it we'll do it live so um some of
you may remember my 2014 Twitter rampage pirate ninja baby command about a nine thousand one when I did at Def Con 20 my firehose show Dan talk where I basically did stuff like this we'll just get right into it so why the fuck is a TV station
online and I can get to it why would you give me control of a fucking television station why would you do that who is high and why aren't there sharing
something German I don't know it's VNC what the fuck drink Windows EE why us what are you
doing does that say washing that's my stuff take it off the fucking Internet oh my god asterisk anybody want to make
some phone calls I bet we can get guessed the password or fuck it let's
fuck with Korea right they're generating power let's go for those guys that's not my stuff right you know press somebody's watching the Austria why not right oh look it's a really fucking boring Mac
desktop on VNC oh who gives a fuck that's my binding what am i Mac desktop
oh wait a minute I wasn't the first one here I wasn't the
first one here either but it looks like you can get some SSH keys off of this guy that's gonna cool chai neck bjn why to host o3 source oh hey that's fun anybody been to the dentist lately
because we can go back we can learn things about drilling people in the skull you can write some Python if you
feel like it you know if that's if that's your saying I write likes Python really really angry Python it makes real developers upset um this just hurt my
face I don't know what to say about it I can't speak language why all right VNC that's cool there's some what love stage
where enhance and Hank apparently I can't read is this not CSI cyber I don't know my brain is melting I'm gonna go second
column third one down love stage stage bang bang well Claud oh yeah should we use SERP the mascot that's what who she said um you can go to
college here if you want 702 believe I'm actually seven to two is this area code isn't it shit I didn't notice that before 702 is a Las Vegas that may also be the love stage bang bang right anybody know what happens if skate equipment takes a selfie correct might look like that
maybe right a picture of the building in which the SCADA system exists can awesome now I can just find it on Google Maps make those guys shoot their pants like
another post on the same College why this one was lonely um HTTP load testers
alright that's cool give the public access to test things HTTP server being different this thing is pre-configured to denial-of-service Bing well done good job I mean don't they do that themselves
already uh maybe um so you can find solar bullshit's on the Internet why I mean this could be cool I'm not sure I haven't spent a lot of time playing with
it but grain silos seem like kind of fun like it's not something that you so you didn't spend a lot of time playing with it oh yeah probably way too much many many many mornings until 5:00 a.m. but this guy
probably spent a lot more time playing with it like setting up MATLAB the track sports bowl okay that's cool however you if you travel to Sydney any time in the
future there's a desert place I can recommend well there's no place you can
buy some squid that's cool squid on the Internet why is there fuckin squid on the Internet oh shit that's right the fucking love that oh god what was that oh my god amazing you guys are amazing this is good crowdsourcing the fuckery if you
want to buy some avocados I know a place um or if you want to really piss off
some dude uh right so this goes on from there are certain times I wouldn't want the lights to automatically come on there's some of these buttons are ridiculous like he's got a guest room and TV room and a game room and hearth I want those problems yeah I guess what is that like a chest of drawers why would you automate it oh it even better a fireplace on the internet that's fucking smart oh my god it's okay so full disclosure who knows Dave Maynard Dave Manor dude router yeah okay one oh shit one guy so me and that guy and dave manor had what we called a show to head race on the internet either earlier this year like late last year i forget it was a while ago um we're and you're gonna love this and um was it CSI cyber their Twitter account posited a question to the Twitterverse asking can you set a fire using the internet to which several of us no shit jumped out of our chairs and said I'll take that fucking challenge okay really chose accepted and then we began basically a Twitter race where we found for the next like three hours just the most batshit random crap you could find we're using shorten at the time which by the way if John is here everybody should point to John and tell him how amazing is because without him we wouldn't be able to do half of this stuff yes um so yeah John Matheny um yeah so dannegan yup don't forget he's got a hot sauce up here and we're taking get don't stick your dick in it you can cuz if you stick your dick in it'll pay you've got all of it okay they should John should have just named it showed an tint ler right people people think that I'm the guy that made it because I'm Dan and it's show Dan and they just sort of put two and two together and I have to tell them calmly like no I'm I wish I was that clever with the code I just make people like Paul I'm angry I hear collusion things happening but I'm gonna keep going and really if you want to give us money still you don't have to have hot sauce is that's not really giving us money no no I'm out you give a man rands you want to give me all your money also but we should we should invest in rancis cyber pancreas yes hype right that's by a cyber pancreas and on that note here's a
cyber carwash why why alright that's cool oil tanks
that's great yeah that's fuckin smart somebody had sat down and decided I need my oil tanks on the Internet it's the future this is this is how it must be who knows where right here is anybody I
don't know I didn't look it up but apparently there's some stations on the internet it's cool right Pete it's illogical this one I've posted before
does anybody remember this one the friendliest skater on the Internet's this is a this is a caviar cannery that I think it's in Sweden and this one made news in Sweden and in other various components of England in England sorry Europe sorry England England you're up same thing whatever I only have two firing neurons and they're making me drink you're behind so yes fun times oh this way we'll make sure it stays warm for you as any can anybody read
what I think is Swedish coz all I hear is like work bork bork bork bork bork it's something it involves temperatures and pumps that's cool this is cooler
though it's a coal mine why would you why why would you let me play with a coal mine what's better than playing with coal mines I can think of a lot of
things better than playing potato technology this was told to maxint so this was part of my like pirate baby canet Cabana battle 2014 crazy batshit rage-fueled silliness on Twitter after my panel with Paula Amanda rata Rob last year we scan the internet live on stage and we had like 36,000 JPEGs of random crap we found on VNC and then I spent four days going through all 36,000 photos and pick got the interesting stuff and flinging it on to Twitter and I got a lot of attention this was one of them and I had no idea what it was until some random on Twitter told me that's um actually potato climate control well now you can be very comfortable counting the potato right um so here's an Italian
hydroelectric plant that's generating some thing one point I don't gene one Italian sadly but there's one line there that says it's generated a thousand 87 kilowatt hours which is a megawatt if I'm not mistaken 1.21 jigowatts almost at one point oh eight seven gigawatts yeah didn't mean to see your thumb this
one is kind of the same thing but this is in Swedish I think Swedish or maybe Dutch it looks like an electrical relay station same kind of deal why in the fuck would you let me into your electrical relay station over the Internet like is that how Univision logo on the bottom Univision but we don't know anything to dinned or emerge that it indoor energy control hey Dan uh if you got in and would you know about what to do with it when you got in it hey Dan doesn't visit you will never knows what to do and get in hence why he doesn't know what to do with it I know nothing why did you even let me up here what are you doing - prank caller prank caller conference
anybody you can schedule a meeting apparently this is a port training project at 8:00 a.m. rad this was fun who is it shmoocon in the last two years anybody you remember mspaint as a service because you can do it over the Internet
this is a hotel lobby sign directly connected to the Internet that's accessible to the public what if we made it say something like Ebola outbreak how many shat pants would there be then all riots oh all of hands um I am NOT a ham radio
like ultra nerd I know a little bit I know enough to make a few real ham radio cards angry but apparently you can run a d-star I guess this is a repeater off a Raspberry Pi and then you put it on the internet with VNC I that's cool um I see Brendan shaking his head
yeah yes yeah right here's another one another wonderful office it's same thing like a hotel lobby but it's an office directory that's kind of cool a same sort of deal um whose pants do you want to make brown today what can Brown do for you um anybody familiar
with Jenkins the fun one that has groovy script with like remote remote code execution yeah that but with VNC on top of things that's kind of cool you can track boats too if you really
want um I'm not a boat guy myself but you know some of you guys might be you
can watch people day trade this is this is right so like you want to get some insider information from some guy who's broadcasting everything to the world or
you can watch his solar system capture power that's kind of cool yeah yay power low this all I'm not sure what kind of evil stuff you can do with the solar power system except maybe like fuck with the lipo batteries if there are lipo batteries but I'm not an electrician I'd be that be very sorry dude the dude in the pink helmet can help you there back to the starting the fires holy shit a guy brought a helmet they just don't of me like I was like I hope you all have helmets and one guy puts on a helmet my dudes prepared right another what is this I feel left out um
more hotel lobbies oh no I'm sorry this is an office office building Lobby you know another like let's blue next Oh God all right so the Echoplex is going to have a bad time at some point also for
the sake of convenience you'll see people that will put their security workstation like the type of place you will walk into there has like dudes working the counter that have security stuff happening with em and all the cameras and the badge readers say again you can or you can watch them on VNC because it's fucking publicly-accessible or you you really I
don't know of it I'm not a redditor but there might be other editors in the room here's somebody who can mess with as a dude on reddit that's broadcasting his desktop to the Internet have fun guy so I have a funny
story about these massive diesel generators that also have fucking VNC on them for some reason a friend of mine did a security audit for a power generation company a while back and realize that these things for the sake of emissions compliance have urea pumped into the exhaust area I don't know if it's his manifold sounds like they make a cream for that well I'm going somewhere with this and you're gonna love it what do you say with your urea that's what I thought you serious right and and similar to another slide I'm going to have later you can open the valve and fill the exhaust manifold with urea which drowns the generator urea is the key component in urine and you can literally blast it with piss right so fortunately a weekend or you can
actually make it rain at least for people that are really short um sprinklers sprinklers on the end oh I did forget one thing there was the curtains I didn't put on here they're gay you can find curtains on the Internet to like that's fiendish I'm sure no no functioning curtains that open and close like computer-controlled fucking curtains on the internet so you could open the curtains and then switch to manual mode yeah right um but there's
this other cool Japanese ham radio chatting that I found apparently you can like have I don't know if they're using ham radio is the backhaul for all the networking but I guess um I was scratching my head a lot I sadly can't read cool what does it do it lets holy-shit a thing in Japan that lets nerds talk to each other over the Internet hold who do fucking thought maybe maybe Travis
thought about it I don't know man but like I guess as AVG is cool like it didn't find any threats dudes sweet ride and he does some cool so I ask again did anybody go to Bruce's talk this morning about risk cuz like no threats no your virus clear that's totally cool I can look at all your pictures of Kiera and somebody else alright also dick um I don't know if
this was on purpose or if this was because like management people need to watch Indians shopping for massive like networking equipment but there's that on the internet you that's pretty cool I also I don't know what an oil seller is
but I think it might be kind of important and you may not want to tell the world about them or where they are or how much oil they have and things like that but you know to make anybody did anybody do med sec here medical stuff work on SCADA so the one guy check this out
yeah fun shit right and you're gonna think you're gonna say but uh I'll then all of the fuckin naysayers in the room oh no but it's fucking it's a fucking demo this what are you doing this is bullshit it's a fucking demo do you see that little thing a little top corner over there on the right it's a demo it's a demo this fuck you I've had a real one
with 16 live Hospital people like all right come at me bro like why why and you know what the fucked-up part about this one is is this was RDP not VNC so like slightly off tangent this was the background on the desktop you know when you already peed into some hosts it gives you a login window over the background and you can just drag the background you drag a login window off the screen and you see this full frame so this was like you didn't even have to authenticate to the box you just could sit here and watch that's good HIPPA yeah cuz right and this is another one fun fact tell me these guys weren't compliant right tell me you to spend million dollars a year on auditors come in and like fix this shit maybe pick back up one slide what that one yeah now
is it a hospital bed or is it a fucking hospital bed ask Amanda heartrate I'll tell you well the heart well her hands on the person what is that please spoil everything for me right traceview woo so um this is cool I
can't tell if it's a giant lipo battery but apparently you can control it from your old iPhone that's gonna need and a little icon in the bottom right hand a little the little door this means it's a it's a touch panel you can V&C and there's a lot of these things on the internet all the somatic HMI stuff all the stuff chris is going to get into some of it is mine it is a is all weird bullshit touch panel stuff these touch panels people buy and put on walls to control things you can VNC into with the default credential sometimes no credential fun fact so this is another
what appears to be really boring Mac VNC desktop except not I need this one cuz
and the foot fits the same fucking guy if you look at that if you look at the name look it's the same fucking guy right so now we're getting into thread and does it where's threat but threat but I need you something a personal problem yeah no that is a personal problem that
is a fucking personal problem what are you doing well I worked at weight this is Christmas light I'm gonna disclose Chris's his first slide is a Back to the Future slide that's the first thing that came to mind I'm like we're time traveling much doesn't say windows 98 oh just wait just wait I got you better someone does not eat but it's witty words oh it's number two it's face-slapping Lee dumber what no just just wait um there's more cameras - so geo vision is
a system that does like coax those those dome camera type deals you see that's fun that's cool but these cameras are really boring so you can get to this guy
as XBMC install and watch movies on his dab his tab instead or if you're really bored you can go to this Israeli
pharmacy and order a bunch of crazy drugs and get high that's fun right and then when you're done and you're having a shitty time you have aqua power
flushing Cheers right net coffee sounds cool
laughter you I done up for that I mean I don't know what it does but it's got my attention there's a really counter-strike holy holy shit Counter Strike one six nice well spotted right um obviously Poros Lost Boys hermanos
anybody Breaking Bad fans right good time yeah and the speaking of like crazy drug-dealing people here's three hundred
thousand dollars right on what's cool and then here's an Italian something I
don't know I don't speak Italian I actually stared at this thing and squinted it for a good 15 minutes I have no fucking idea what this thing is um maybe we can tap Chris with it I know Chris isn't paying attention but that's cool what hahaha other Chris we're busy scissoring oh there to be scissoring this I mean over here sorry and my cameras over there you didn't fucking wait goddammit get counted you people for anything can i right thank you
there's that the Spanish minecraft sound cuz we have Spanish minecraft um Phil is
going to have a bad time um but I don't know like I I i don't know I don't know don't you're just gonna make you you make me drink right but then again you know you can feel better if you just watch them Ender's
Game that's cool too
the Italians like letting their what is it TeamViewer licenses lapse on there um 408 kilowatt hydroelectric generating facility but you know maybe you can forget about that by fucking with this
guy sprinklers so and if you're bored
with that dude there's another hotel this one's in Oakland if anybody if anybody's from the Bay Area right voltage sensors are cool I'm not sure
what they're connected to sadly maybe there's a camera somewhere I could find that has something like that or maybe I
can print some circuit boards because I'd be cool who wants to hack some shit you guys want to hack some shit get some who needs O'Day right you wait with those an attribution talk that happened right did anybody go to Morgan Morgan and Morgan did the presentation with another lady earlier today talking about attribution well we can give them a bad
time if you want because there's like Callie on VNC publicly accessible the Internet you can fuck some shit up that way and send Morgan for a throw right yeah um or you can make some Spanish
copies of stuff so like all the people that were like oh god 98 witness 98 Windows 95 no windows 2000 right Windows 2000 somebody else was like oh no the windows 98 is bad
welcome to my world it gets worse it gets worse wait for it wait oh it's
the same fucking guy again can you point out the mistakes he made in his evil evil hacks and his nefarious plot to overthrow the Internet's know anybody when was last time you saw system32 on dos del EQ Eko open some IP address blah 7 blah blah blah I explorer.exe on dass really this is this is what we call our threat landscape alright this is what we're up against right here I'm gonna try and open ie on fucking dass and we'll really bake your noodle is why the fuck is dass available via VNC how did you sort that shit out it's an SSH tunnel through time what the fuck I don't know I'm just gonna I'm
just gonna print off a bunch of porn on whatever this giant ceramic printer is and that'll make me feel better I don't know umm providential adjectives
occurring at a favorable time you can't make this shit up I love it you can't it's good whoo this one's good too
same guy I think I think yep same guy on a Japanese system except McAfee is catching his shit if you if you I don't know if you can can you read it I probably just want to read yeah that's McAfee catching some kid some skid doing some stuff and I think this might
actually be the same Korean power generation plan so obviously I need to drink huh um I at this point I don't even this
is like number four I don't like so when people go home after con there's going to be a lot of shit to play with right
especially like more blind skiddy derp I don't know who White team is but they're dumb either that or they have scripts that are just blindly pasting shit into every open VNC place they possibly can because that sort of looks like it's happening um
Cubs win I guess I don't know why would you okay sure this it's like I said a lot of like shouty arm-waving why what the hell it's colorful times but there's big
German reservoirs West server boring gum this is why germans don't play scrabble I can't pronounce that I'm just gonna be right yeah this one does something I don't know if it's agua para flushing but I guess we can check but then
there's also ordinary regular ordinary swedish meal time with what also appears to be it's a show man you didn't you don't know about regular ordinary swedish meal time it's good for you it's it's good for ya but you know if that
distract you you can just go back to the day traders again cuz apparently they're really happy publishing all their shit to the internet in public something if
you guys got something I got nothing it's measuring it in meters squared I won't is it bits polish that's cool this log is in English
I don't even know this I got I got
nothing it isn't that Apple man right it's a yes to that it's Apple box no it's a fucking potato like it's a perhaps bad whoo potato I will see your potato and I will
raise you a hot parlor wash is there a happy ending yes okay how many fans of BSD are there in the room BSD people yeah how many people think BSD is like the gnarliest strongest almost awesome operating system that's the most secure yeah here's a hint what
about now good job guys single user mode no creds security nothing VNC right what
about now punch it um anybody lactose intolerant
because we can have you have a really bad time here's dairy plant this one does something involving cows wait what but they're milking horses won't someone think of the children see the really really interesting shit I think I think Chris I'm not the horse before a really interesting shit is I had no idea that was there I didn't notice it because when I find the shit it's like 4:00 in the morning and I haven't slept it's like look at this batshit insane stuff and then I get on stage and I have like all of you guys to point out all the stuff that I never noticed the first time around and it's like version 2 for me like this is amazing why the fuck is there a horse setting on the dairy milk plant is there a bowl setting the high I think I think it's still considered milk no cannibal says that it's hides and I thought knows where your children's milk comes from in their school I said dog or betta standardized testing that's what that shit was all about no wonder they were pissed just what the mall kid I think piss too if they wanted to milk my kids at school thank you um user Jen you I don't know whoever
whoever's French in the room can help me pronounce that but Elite 3 1 3 3 7 X that's yeah good good job what is it Jen yo mmm no um yeah right no rag rats yeah so one easy way to catch skids is to leave VNC open an open notepad because they will blindly shove whatever the fuck they have into notepad and then you can have it it's like an ultra poor man's honey who knew that notepad could be a honey pot this is no shit this is a notepad honey pod holy fuck right there's how much you got left uh I can go faster well faster let's go faster after he's a TV station hasn't
fucking updated their TeamViewer license here's another fucking TV station here's
a goddamn ATM why the fuck is our camera on a goddamn ATM
why is there why can I tell into a fucking hydrogen fuel-cell mario is
gonna shit his goddamn pants when he sees this he's gonna fucking confessed to Luigi that he's been fucking taking shrooms the entire goddamn time then
he's going to go turn off the goddamn libres and all the data centers are gonna go down right either Chris speed then the entire down the entire city of
downtown Copenhagen give or take a play the few places we can shut off for fun there's an ice rink here think you can defrost if you have the minerals for it
the ice rink is under there right um webcams too expensive cheap cell phones
better shady cops tracking you what the
fuck pips autoplay google it scary shit why are they doing that I don't know the e FF is investigating I found a
hydroelectric plant created s breathe no I don't need to breathe it's too bad Anthony's not here I'm a cup of them he was he was earlier well no I'm just till the gut there's a story with this picture I'll try and tell it really quickly I found this I put it on Twitter some guy said Michael talker who I don't know if he's in the rumor an hour even here's Mayor Michael talker who I didn't know at the time I was like oh no that's totally legit I said no look at that fucking art man this is a defacement some skid did some mspaint bullshit on some skater and now this his own and he was like no no no you can look the job a run and I said dude this is your job and you want shells on my shit no he said no no I promise it's okay so I spun up a VM and I ran the Java and it said megawatts I went oh fuck so I put this picture on Twitter and then the next morning the DHS called me like no shoot it was like that this guy was like I'm gonna have some interesting people call you I'm like a long cool story bro Twitter yeah whatever 8:30 in the morning next morning ring ring hi my name is Anthony and calling from the DHS I'm like it was bad right this plant stayed online for like a year like I was driving I have a distinct memory of driving somewhere at least six months after doing this presentation the first time like three or four years ago and and math John Maithili is texting the Araneta he's on dealing me on Twitter he's saying that fucking plant is still up and I'm like what which which one and he's like that the female one I'm like oh no way and he links me to it and it rendered on my phone and I want no good you can't what we have a am in your country that has flooded if you google for barrage day female you'll find news articles about how this dam has flooded people in the past they just don't care they literally were like huh or on vacation fuck off like no shit they were on vacation I didn't want to fix it so like responsible disclosure kind of works responsible disclosure works if if you disclose to places that give a fuck and this place did not give a fuck this place I didn't even bother
you know disclosing to because god damnit oh and then neither did this
place right so we're up to three now and
then there's a switching station that is involved so were up to four so like the Sprint's and I give up fuck it car
washes yeah it's true there's also speakers which is really
fun because you can just send a rickroll mp3 straight to them and it plays that's good but how rich do you have to be to
have a fridge just for the champagne and have the champagne have an alarm right I want those problems I don't want these
problems that's CERN to be fair they fixed it this is like two years old I reported like 200 some of these two there's their cert Department and at first I didn't really shit they were like no but we're this big open system and we're like you know for academics and things like that and like that's cool but like no I shouldn't be able to
see this and they're like I cool that's fun so they fixed it it was really cool yeah CERN and then I found a bunch of
ski lifts and this key links in particular is really fuckin funny cuz it's a gondola you can open the doors turn on the alarm and and I think I can't remember I can't read you know French shout at people through the PA so you can you can send people up in a gondola stop the gondola open the doors it's like a fuck out right why would you let me do this why right but this one is cool I a personal interest in this one I
found a fishery in the Oxford covered market in England so I went there and I actually put my hand on it that was really cool to find some random bullshit on the Internet and then go touch it in meatspace but then I saw something there's so many Joe
servus these lobsters you can fucking
control the temperature of lobsters over the Internet there's also swimming pools that have
acid tanks that you can control over the Internet what the why would you do that I'm going to take a breath I will I will exercise George Carlin and I would like you all
to consider the following stop putting
shit on the internet or perhaps sake at least count to 10 before you decide to do it right I'm out
next thing ding holy shit you baby Gophers I knew we should have one last goddamnit why did I just burn me yeah audio I need audio audio yes see how fast you go 330 I look better than everything well we didn't eat you guys have to like door slide doesn't shit like that I don't like you know you give a giant something
I have a fat head I'm through 137 slides Christian where goes it goes right there baby my hammer don't forget we got hot sauce worth yeah we're at 300 bucks only 300 this room is not really full but still come on all
right my name is Chris Sistrunk get back in
here don't leave and I follow this guy if anybody could float I think he could like just hover around with all the energy that he has let your engineer skated dude Chris is drunk let's get
cyber-physical oh hey hey hey yeah if you don't recognize that guy that's a Ralph Lochner of the Stuxnet guy love you Ralph yeah yeah if you read the the
report on the bat reverse engineering of Stuxnet he did it very smart guy let's
talk about top ten cyber physical stunts first side dragon want to make planes go sideways then Charlie and Chris made a
car so go sideways okay what's next
DB Nolan and sergeant Howard Payne makin
elevators go sideways yes this is the great glass wonkavator
shavelev a it's a wonkavator an elevator
can only go up and down but the wonkavator can go sideways and slantways and long ways in back ways and square ways in front ways in any other ways that you can think of it can take you to
any room in the whole factory just by pressing one of these buttons any of these buttons just press the button in thing you're off and up until now let's press them all except one don't press
anything this this way go ahead charlie me don't click share' charlie
all right no seriously there's an elevator that goes sideways from thyssen krupp so don't touch it if you find one
all right number nine physical security fail oh this is like it is he proved this is at a substation right and this happens all over the place also we I've seen where you have all the substations that might have the same lock well a substation had a homeless guy living in it and he had a key
we have relays in substations and that's a picture of one all around the world in America there's a picture of an attempt to do port security using a lead meter seal yeah that's real secure there's a
substation that got shot Metcalfe and Keo in Arkansas they got set on fire you know that's what Metcalf that's well no that was a different one sorry that was in Los Angeles yeah pretty serious stuff so physical
security is a pretty big fail Jesus pretty big pretty big fail
I'm gonna keep all right here here here
take don't you it's dangerous to go alone take this what is this a raspberry beer oh you've got a fancy look I think that's fancy okay scams equals attacks there's a couple reports that came out in the news where scans from Iran to these company centers and honey pots and they call them attacks and then a colleague of mine with scanning honey pots to test his new NSC nmap script and he was from Chattanooga and there's no there's a nation-state in Chattanooga his name is uh to the hilt so we have PP you as our
industrial control system threat but there with a see report coming out of his book number seven and he kind of
touched on this a little bit smart smartphone apps that you can control control systems with what could possibly and go wrong oh well I have stories I have stories of things your honor a colleague of mine said that they had to go reimage all these machines at a glass plant and what happened was is the owner got a new iPad for Christmas and decided to put one of these siemens apps on there and decided to configure maybe optimize some of the PLC settings in the in the glass plant and then everything quit working with and so she had to go reimage all of the machines back to like three years ago because that was the last image they had and I've also seen a hospital you know every hospital has a generator and they have water plant and I seen the hospital a plant operator have control over the water plant with a smartphone so I'm not a great idea at all what could possibly
go wrong yeah number six anonymous FTP first one me and a couple other guys we we do this in our spare time we search anonymous FTP s we found a skate engineer like me but not as dumb as me maybe what dumber he he backed up his entire work laptop on his home terabyte hard drive and so what we did was he called him on an anonymous google voice number and called him is it dude you got your work laptop backed up on the internet you should probably take it off and he was like what who are you you had one job yeah that's right you had one job don't bring it at home and don't put it on your anonymous FTP backup and then we also found a city in Florida backed up their entire SCADA system for their electric grid and all the configurations and all the drawings and everything else on their anonymous FTP login and this is all found with Google ok so we called I see a certain we called them and they finally take it took it down but it was pretty serious also we found engineering companies had schematics projects all these different control systems prison control system where you could you know let the the control system for the doors open we also found the Air Force bases and we also found like this gift like the top secret room where they meet we found all the plans for those and we reported those in that was pretty wild there's all kind of things you can find on an anonymous FTP kind of like what he does with scanning the internet so we had
this thing on Twitter called we are the artillery so all of us been finding these things in our own time and trying to get them taken down
poor architecture any any rules anybody there's lots of those in the hole and gas and yeah cissp certified yes yes exactly right so we have lots of problems in industrial control systems not in the electric sector for these but they still have some failures too also oil and gas in water they have flat
networks not a very good idea at all and
then number four they're squirrels that's the number three cause of power
outages in some areas I give an awesome picture no it's not number one number one is acts of godlike weather don't listen to Jericho okay that cyber score one and then there's my large squirrel follow those both on Twitter and they'll tell you all the power outages that's caused by squirrels rabbits birds snakes I have a picture of a of a very nasty fried squirrel like took down our entire data center okay I'll go faster vendor
excuses risk is accepted so there's a
Twitter account that a friend of mine and I run so let's let you read some of these and these are actual real excuses that we've gotten from vendors after we found vulnerabilities and their stuff we received were vulnerable T report and decided that the best course of action is just to continue this product we
reviewed the proof of concept frame you submitted but our engineer says the valid end point wouldn't send that
the bug wasn't ours but it was an open-source project we use and do not fund or contribute to in any way a
backdoor password was discovered in our firmware we've changed it thank you and there's a whole treasure trove of those that we put up on vendor excuses you can actually send your own vendor excuses too we have the email set up and then we
have this guy he already gave this part of the talk I see us on the internet when someone asks how your control system was breached so we found this
sorry yeah why I found more but I'm not
going to go through all these I've got this just a few slides left man let's distribution substations pretty cool oh yeah we found wind turbines today yeah I'm telling you we found a Houston SCADA can data control center where you could go and look at their webcam and then you could move their webcam and then someone moved it back and busted yeah and then they had like dnp3 and Modbus talking from them so you know is a real control system and we called them and told them to take that stuff offline
I don't always connect my control system to the Internet but when I do I use ipv6 that'll that'll say that that's safe right and then the number one skater
hackers that's Jack Daniel if you don't recognize the guy his beard is in Iowa
we had 15,000 SCADA hackers at Def Con last year and they went to the ICS village I don't know if you how many people in here have been to ICS village yet okay great that's awesome well we had a whole bunch of people last year what do they use to attack this stuff burp suite that just means that they're not using any of the control system protocols at all they were trying to attack things that really didn't exist or anything like that so let's get them
on the mod but let's take you guys down to the ICS village and we even have a cartoon and I
don't know if you follow Robert Emily on Twitter has little Bobby talking about Modbus dnp3 I see CP so we were teaching
these people about the protocols so we wrote a script called mod turnt and at youth and it turns on the lights turn up and then you turn down for what and you turn the lights off so that's all we
have I have some shoutouts to Adam Krane cynic pone to the hilt reverse ICS Robert Emily a Killian Mike Tucker and DA 667 all my skater brothers and then my wife who's somewhere here I don't know where she is there she is I love her
let me just go up there Larry okay good hurry faster that's what she said oh holy shit this is terrifying alright so anyways hello any time now doo doo doo doo dee dee dee this is great what the hell Larry this is awesome son during the failed bail for me will you please anybody good with computers where you're not hopes I'm trying the computer there we go yeah I fixed my shit anyways so um when Larry I got a drink again okay oh that was my original drink okay so yes totally so as you can see my tie top-of-mind back to the failure thanks to ill-will for making this slide for me I really appreciate it one thing I forgot though was you know it still says Steven Spielberg and shit and I don't really Photoshop at all so I just you know cross dolphin there there's my name so along with my name so Kris Pilon
because that is really my last name I'm
a senior technical advisor for Brook security in Indianapolis Indiana I consider myself an InfoSec nobody I have no Oh day I don't do anything really cool but I love the profession that I do certifications I have none so we'll just skip over that I have no relation to Joe Blow or Kurtis Blow I just want to get that part out of the way right now if you do want to follow me on twitter feel free and go ahead however you get to see stupid pictures of me wearing a wizard hat which goes great with Dan's robe you see pictures of my
dog or you see pictures of stuff I make food wise or you see me drink usually
drink so you know feel free to follow me if you want them let's talk about
firewalls though before I talk about
that though let's talk about Dan's talk that he gave it layer one this year because it kind of lates to what I'm going to talk about at least in my next slide so it's actually a really good talk about failure so if you want to see even more failure after this I don't think you can get any more failure than me talking up here but you know if you want to go go check it out it's great and honestly I think it's another fail because I think that link actually goes to the certain time lucky there to you know go so you get to see this picture of this like this if you go to be wonderful yeah more Dan as if you didn't take up enough fucking time up here so
anyways somebody had to say it come on just give me my yeah that's all right he did that was like early 90s how old are you no sorry anyways anyways um let's get into some fails I'm really going to talk about a lot of fails that I've encountered myself over the past ten years um probably more like last five years but a lot of these different failures are you know ten plus years old so you know going back to Dan's bit we're talking about international call center here that's all they do call centers all over the world they wanted a typical pci-dss version 2.2 pen test and pen testers and quotes for one good reason that usually means we want you to run and map or Asus give us a custom report look into what Jack that looks like you did actually more than what was really done really means don't touch any of our stuff but you know go ahead and scan it with necess and give us a report and show us that you know we're great and that we passed for the year so as we continue on
you know I find out that these firewalls are running in over ninety percent saturation I don't feel really comfortable talking you know when I'm talking to these guys saying we're on a scoping call and I'm like hey you do you really want me to do this during the day and they're like yeah it's fine we do this every year go ahead it's fine saturated like moist ok great I talk fast with them okay so you know we got this 90 percent saturation going on and then I do a firewall review on these guys and find out that their OS is at least eight years old if not older so between that I took down an entire International College Center by using an map that was great I dropped over 3,000 calls they were really pissed off and I'm like you told me to scan during the day and you know they I'm on this call with all these executive people and they're like what did you do and I'm like I ran an map and everyone just went silent it was great what could possibly go wrong with that but they had logging and you know they had alerts that were set up to look at things like you know if a firewall was running over 70% saturation all of those were disabled so then we get to the external pen test and we find out they've got open RDP so that was fun they also had ms/ms oh uh 867 oh and they had absolutely no deal in the zine so with all that being said I mean admin credentials were pretty easy to find they are very angry with me still so moving on let's talk about social
engineering so when I think a social engineering I think of a social engineering toolkit thanks Dave Kennedy and all the folks at trusted SEC I mean that wholeheartedly I love that tool with all my heart and I love what Dave's done with that over the years um Dave
Kennedy he's a great guy he's awesome and you get to see him all the time but
but I think a Dave Kennedy most the time
I usually think of clowns I really wish he was in the room because he would be shitting his pants right now and right now at the door but unfortunately he's not now what's funny about this is I needed to get that that image of the box of social engineering toolkit from its site so quick sidenote this is what
happens when I go and grab that image from his site and if you want a little
more detail on it you know it's like oh look this stuff's militia you know there's been malicious things that come from the side or whatever but you know I downloaded anyways because Yolo second you needed to do that so are you using
IE yeah what okay so um so for this next one let's talk about a financial institution when it comes to social engineering so they wanted me to come into an email phone social engineering deal with them that was cool um they bragged a lot about how they had a bunch of InfoSec training had a bunch of instant response training they were set to go there nothing was going to get past them so we start talking about the scope of the engagement they're like so you're gonna do like you know just set up like a hey get a free itunes giftcard email and stuff right and so you know they're like yeah come at me bro and I'm like I'm like uh by the time we actually got to what I was going to do they were like holy shit you can't do that and I'm like well you want a real test or not I feel really sorry for the person transcribing this right now yeah I'm really sorry for whoever that is behind the keyboard I don't know that I won't talk back this is a real person right I will discuss that earlier and that was a person's
talking anyways I'm really sorry when I use the word shit and fuck a lot anyways so keeping going so do a little bit of research and find out that their their sslvpn is just sitting there right out in the open nice little check point sslvpn nothing special about it and so I am the place where this happened was happening it was they had a bunch of current weather events going on that was like you know snow storms and ice storms and everything else so I decided to put that in an email and put that through a relay and be like so due to recent weather events you know we're going to start having more people work from home click on this link download the new VPN software 78% rate hit that was awesome the best part was not only did I get current passwords I got their entire password history because people didn't think it worked right what could possibly go what could possibly go wrong ok I got nine slides left I'm gonna be quick there really is isn't there ok so let's talk about my favorite subject it's really not but let's talk about PCI so you know PCI
it's great I just put this slide together it's a whole bunch of shit on the screen there but you know you've got Windows XP because that's pretty much all it is and apparently you can get the certificate of compliance with PCI and that's kind of fun too yeah that's a whole field keep hitting that button just do this whole PCI thing we have a winner let's talk about that's
my Corgi by the way for the top four responses to non-compliance number one it's too hard I can't put that in your report number two write a compensating control for it I cannot write a compensating control for the fact that you have a lockout duration of 20 oh it takes 28 failed attempts before it'll actually lockout your account I can't find anything up about that I'm sorry about it the fact you do that is really fucking stupid so then I get you know oak USA last year said it was good that's great I'm not that qsa I'm really sorry but you know I can't accept the fact that whatever this mess is a report that I'm reviewing actually you know passed so then they're like we'll just accept the risk and I'm like that's great too but I really can't do anything about that so that's always fun so
anyways let's talk about um let's look a little can I help you I do not need to drink right now I'm sorry talk a million miles a minute here I'm trying to keep going then so let's talk about a rental car company a very big rental car company well I had to be lee technical qsa which by the way those don't really exist that's Billy which is really fun so I'm going through all of these credit card or you know they've got all these credit card applications one of them is this terminal they've got and I'm like that's cool I need all these tea logs I need all these application logs this logs etc so you know I find credit card numbers in the logs and I tell the developer hey I've got credit card numbers here and he goes no that can't be right well it's there like that can't be right we don't store credit card numbers that's great I've got them right here so then we get a little farther and I'm like oh by the way that's actually track one data in your logs and I'm like this is a big problem they like we don't store credit card data that can't be right I'm like I don't know what to tell you but you got him in there so just to prove his point I was like how recently these logs he goes how much from the past you know like a couple two or three days it's like okay hold on so I get a credit card scanner out of my bag connected to my laptop swipe it same one that I used it was my track data that I found in those logs so not only was my track data in those logs but we you know we go back and it turns out there was this poor q8 trains control process so those had been it been storing track data for a couple months before they actually shut it off it took going past a vice president before they would actually admit that they had accidentally stored data and it was something where they had implemented a new version they forgot to turn off the debug log function so that was awesome I'm going so I got to two
more things to talk about here so let's talk about a logistics company and we're talking about people that do self assessments people love doing self assessments because you can just go through take this checklist to twelve items and be like dun dun dun we're good so they declined to do any kind of PCI data discovery workshop that was always fun so I'm like okay well we're going to have to go off what'd you say they say we've only got six in scope applications okay great 24 hours later we find out they've got at least 15 and then they got angry when we're like we need a change order so we can actually assess your guys's stuff it's always great but there was credit card numbers for everybody and it was all over the place and it was a notepad it was in the notes on some of these apps it was fantastic so okay last
couple slides talking about red teaming red teaming is definitely in quotes because every time I do a red team and engagement it is never a true red teaming engagement so let's uh let's get
past doc here come on okay so we got a retail chain they want to do a red team exercise performed on some of the retail stores that was fun and doing a little bit of Austin find out that they've got this huge party list that they do for the Christmas party every year and it's got manager named store numbers etc however a lot of that didn't really help because as a lot of us know be tail can be a point revolving door so um I had no clue what to do for this and I walk in I'm just like oh leg affair for mushi's I'm gonna be a VeriFone guy so I go in there but you know I mean like polo and khakis or whatever and I'm like hey I'm very fun guy I'm here to check on your new systems and data and you know I thought
I was in the door so I'm like rock and roll let's keep going so you know we
keep I keep going through stuff I've got a wonderful Pony Express power strip and a couple other things in my backpack I'm like I just need to replace the UPS so you guys have under your desk do you mind if I go behind registers there and connect stuff in there like sure no problem well the problem was that place was a cellular dead spot in the certain mall that I was at I couldn't get a teeny Verizon you name it I couldn't get a single cell phone signal to save my life so that was great however I did find a mobile terminal those are fun they're even more fun when the passcode of the store number which I'm sure nobody a shocked out so as I keep going back and changing out all the cellular car eventually the not calls me and they're like well they call the store and they say that all their POS is were going down and coming back up going down coming back up what's going on and they decide to talk and say that a fairphone guy was on site who was being very friendly and helping out and that's when I started to cry and you know it was like well this might be game over I got out of there without having to show the little get out of jail free card but still that kind of sucked so last two
slides um and I really can't make this shit up because this is a failure not only on the company's part but more so on my own so I went to go do some work for an auction company do a lot of stuff with automobiles pretty much anything with a motor do a lot of stuff memorabilia anything like that and the best part was I couldn't get in the front door the woman there I went in there as that picture shows as an exterminator and she's like we've been using XYZ exterminator for 30 years who the hell are you I was like shit this has never failed before I didn't really wasn't expecting that so um I ended up I made up this big story about you know I'm a contractor that are done you know we kept going on back on and on and they never let me in but I went around to the back door that was open and you know just kind of went wherever I wanted from there I did that to all three sites so PII was everywhere and I'm not talking I never even had to plug a computer in they had photocopies of drivers licenses photocopies of car registrations photocopies of people's credit and debit cards photocopies of cheques photocopies of anything you could imagine now granted I would have to take a large duffel bag in there in order to get this shit out but it was very easily accessible and no one would have been the wiser um the bad part was when I got to the debrief and that was the next week and I was like hey you know look at this I owned all this shit man didn't have to even connection computer data and they were like wait go back to that first one for a second did you make it to the second floor and I'm like no no that was right behind the receptionist desk and she won't let me and they're like our office is on the second floor you just owned one of our one of our competitors companies it took every ounce of weed not to say that we have fuck on that phone call so um you know not only is their failure still in you know info ii in general but I'm still dumbass myself so getting off the stage
here but um you know if you guys I guess I want follow me on Twitter go right ahead you have any questions or whatever feel free to email me thank you very much
we don't have to dance right information music depending on how much money you put up in this charity yard is there an unventilated can of varnish somewhere near Chris you know he's always like that well I'll dance well oh he dances for no
money how much money have we raised not enough come on six hundred and fifty dollars you are late let's get it to a thousand come on dancer for fuck's sake come on why is everybody leaving what
the fuck don't leave come back come on I swear my part will be way better than theirs music come on stay we know how to computer kind of who told you you could eat my cookies that's some hot stuff I can smell it all the way over here
do I need some more information music every few every good note I'm tempted to make fart noises I ready alright
so originally when I Larry got me to do this talk he said it was gonna be no holds barred type of talk but we could just talk shit about everyone and then I found a couple special snowflakes that kind of shot me down so I'm just going to tone it down a little bit originally I was going to do like a an offshoot of the joke the aristocrats to start off with I feel so bad that Amanda is following this and I hear you can't speak unless you like drop a note a onstage where is that black hat might be so originally the the first line of the joke when a gender-fluid social justice warrior on name Caitlyn walks into iron geeks office and asked for a raise and I was going to snowball it from there boo so I am Emil will professional IRC
troll IT consultant and I also run a non-profit hackerspace I don't have any certs cuz fucks dirts yeah and I'm black hat is fuck whoo so um when I started off with computers I liked to had fun me my crew we we used to roll around we brought you the world of Paris Hilton and I'm sorry for that because it's like opening Pandora's box if Pandora's box smelled like herpes Larry we also brought you the world of Fredersen Oh face if you can burn that image out of your mind that was you I thought that was you too so unfortunately that brings a lot of attention to yourself so I did get in some trouble at some point when you do get in trouble you get arrested and you think it's fame and fortune and you can talk about bullshit stuff like Mitnick all day but you just get a shitty movie made after you so um so basically this is going to be talking about daxing so one of the famous fuck-ups was like rust from Silk Road who got caught because he basically posted on Bitcoin forums and some other shit with his own email address and then decided to start up Silk Road not scrubbing all this shit after the time because everything that goes on the internet stays on the Internet tell me about it another fuck up is this big snitch Sabu he was doing pretty good until he logged onto IRC using his own IP address forgetting to turn on tour in effect getting this guy in trouble so he had pretty good OPSEC unfortunately trusted a snitch and also his password for his computer was chewy 1 2 3 so you have all the encryption in the world the tour but if you fuck it up with a character password you're fucked
PowerPoint dot exe you scram plump wall
there we go so raise your hand if you think your email address is in this dump wait how many of you people shit when you heard that one out um yes yes but not for that reason yeah so basically you know there's 50 million users on there if you break it down there's a couple thousand federal state employees FBI agent and I saw a employers that all have nudes all the girls that they're talking to and so when that shit gets leaked you don't want it to leave iCloud was another
another big one over the past year you know from all the celebrities over the past years that were hacked into and they still don't learn to trust the cloud with all their nudes
normal people fuck up too so this this goes this isn't a celebrity stuff this is just stuff I come across my day-to-day job come across um let's see if I can get this thing to play just wait for the audio huggens not playing oops
describe it for us well tell it to us in Braille yeah we can we can probably uh oh oh let's see you Olenna me uh let me
get the audio now if any of you can
recognize this sound please shout it out berries constipated this was you pal kid was phone this afternoon in the lobby no and this wasn't the Bally's pool last night either that was actually I was working on a science laptop they had brought it in to me it was in standby mode and it's still going in the background they brought it in it was lock didn't give me a password I'm working in an office full of a bunch of people and that goes off I had no way to shut it down other than shutting it down another
object failed when you bring your computer into somebody to fix do not have a folder Lane labeled my escort site on top and in the other folder classroom material for kids fail so I had this other his other lady bringing a laptop she had brought it in to me I had powder all over the the laptop the keyboard everything thought it was a weird thing she had a user profile that was messed up fixed it she said her kid had messed it up so I I said okay well I'll turn on the guest account and that way your kid can't mess it up she brings it back two days later it's messed up again fix it she's complaining that she shouldn't have to pay again because it was broken so about three days later I get an ass dial at 3:00 in the morning from a phone number so me being curious I googled it the Google search had pulled up her phone number which led to an adult baby service and it wasn't actually her kid it was her adult baby diaper guy so if you're gonna you're gonna use the phone numbers for all that stuff don't leave it anywhere baby it's a thing it's a thing it's a thing it's it so bad google image that shit Amanda's into it you can just talk to her after this oh nice what the hell fuck dude so so the last thing is going to be like health care um for my my wife's mother-in-law had bought a laptop at a at a flea market for 50 bucks she called me up and said hey I need a password removed from it I just bought this laptop so me being curious I booted it up and it tried to log on to a major healthcare provider for the provider itself as you know you can get the MS cash password and kind of logins and stuff so instead of just removing the password and to decide to crack it that led me to to get onto the the Citrix framework for them to log in to their server they're courteous enough to to basically let me get on to their main domain controller from a link on the desktop so of course me being curious as I am I had on my hacker mask and started searching around not only were they curious enough to leave the remote desktop link on their desktop they were also courteous enough to leave an Excel spreadsheet with every single user password every single Wi-Fi password on the box now I did that in 2003 I checked again about 10 years later and I was still able to log in with the same username and password and all the same stuff was there I did I did see somebody at b-sides Boston last year that actually worked there and I let him know that I had owned his own network and I gave him all the information gave him my card I checked again right before today
and everything's still not changed so
this is just a shout-out to one of my buddies here of course when I got in trouble for OPSEC there was there's somebody that contacted me a few months ago that got me into all this stuff so I just wanted to say hi to Dan if he's in the audience crickets jonno and also if you're any type of a
CSI the CSI IPR CSSP like Boris last time I seen him I don't know if he's here last time I seen him at the the queer cotton pool sweat and vodka but just to let you know everything that you put on the Internet stays on the Internet and someone's going to find it eventually so I had to rush through this
because we only have like 10 minutes left so I'm good to go they're supposed to just work right can you see it hey you did better man sweet all right I'd like 30 seconds so this is gonna be awesome first time speaking at Def Con I don't have a drink so I'm not sure how that works John no hmm I hate beer that's horrible all right so a little bit about myself I'm gonna talk some about a health care provider that I worked at and ISP that I worked at and a little small time that I spent in education whoo I'm sick I'm sick though
not beer alcohol you're gonna get comfort right it's self-sterilizing it's alcohol very good Oh perfect so my name is Amanda Berlin info sister um I have my fan club like in the first couple rows so mm-hmm yes I've been doing blue team stuff for a long long time worked in health care for a while windows admin that kind of stuff fixed a lot of shit next yeah so Kent still
doing um some hot sauce for charity that isn't charity as far as I know um so get up here and give some money to those who've given already that's awesome and a little bit about me I'll
belt supervision required if you hung out with me at any point in time these guys can probably vouch for that yes run it otherwise I wouldn't be up
here on this panel this is one of my favorite kids movies I have three little boys at home not getting so little anymore but this kind of explains pretty much Blue Team and Red Team yeah red team's just cooler but fucking I've been doing Red Team for ten years it's a lot of fun so just wait for that yeah wait for the next slide the cover your ears you cover your eyes if you're squeamish that's amore that's a thing
that is yeah that's what you have to do to get your CI ASSP I think describe this CIA triangle he can't afford a little bit of process everything that I mentioned has been fixed already so don't try and go fuck up my previous employer because I really still do like them it was one of the best jobs I've ever had got a lot of experience wouldn't be where I am today without them so imagine walking into an environment that there's there's absolutely no help the network engineer has been there for you know 10 20 years a complete asshole didn't know anything he took an MC se course just to get up the ladder the the the network grew with him you know they they switch to an EMR they completely digitized everything and he had no other knowledge other than the one-week mcse boot camp that they took and they knew things were bad he was so I'm I'm I'm a self-proclaimed sexist but he was really bad so not really involving InfoSec fail but I was pregnant when I was working there and this dude came up and said every time that I see you you're eating you must have an oral fetish or affixed a oral fixation with me ah fuck off huh so he got fired surprisingly but they actually were scared to fire him because he knew he supposedly knew so much about their infrastructure that they didn't want to fire him because they weren't sure what exactly what happened if he left I got there we started out with everybody in the entire department as a domain admin 40 40 or so people anywhere from help desk to directors to software administrators to the people that actually needed it and actually knew what the fuck domain admins were and it just we dove in and we finally realized what exactly was happening so a couple things that we didn't have didn't have
in our virus not anything servers workstations nothing welcome to my world what could possibly go wrong um had no W sauce so we had Windows 2000 servers that hadn't been patched in for years you know no big deal 15 years like wouldn't didn't it doesn't that get into like windows 2003 server territory we had a couple Server 2003 yeah I got it it was in 2008 no biggie um we had a decent data center there were water lines pipe above them for the fire fire suppression system for our entire data center yeah we had open ports everywhere in the hospital we had no idea what was in our environment
this was after we spent about 40 hours cleaning it up we had this is a really info sack but holy shit like just cable fail we're up to 700 by
the way everybody yes nice yes keep coming come on it's just gonna get hit come on come on I'm trying man thank you faster sorry I have like ten like I'm have to I'm halfway done okay come by
gods first look every we know Larry can go in two minutes yeah all right so we had no backups at all we we were running a fucking Hospital 500 beds you know two thousand employees no backups at all had no DMZ not only did we not have a DMZ our production website was on a Windows mm Reeboks who is dual honed one ax ax one one had a public IP address to the Internet just straight plugged into it the other IP address went to our internal network because the it had to have access to that because the sequel back-end was on our domain controller oh we just accepted the risk yeah we accepted the risk it was fine possibly goes fine we were complying with great sep dear um not not only not only was that on our on our domain controller we also had the our public Wi-Fi actually that's where the DHCP came from that wife I had no password actually had a lady call me up when I still worked in the helpdesk saying that her internet wasn't working um down the road so some some old lady just called up she thought for some reason it was our helpdesk we had like a splash page up to call the helpdesk she called us let us know her internet wasn't working I'm sorry this kinda be your internet but it was she had no idea cyber cyber um so if
anybody's in health care this is a calf lab this is one of my fav is one of my favorite stories yeah yeah so on they do some stuff with like heart calf things where they open you up and do and do certain things um yeah right they actually had are you gonna pull me offstage good get the fuck out of here go go go I'm done almost gone I swear to God next time I'm going first fuck this so um we hit her we had our operator call away about about massively fast locking out extra directory accounts we actually had a write a script that would Rhian lock the active directory accounts because the cath lab vendor shipped us something guess what was on it root huh dogs and reprise admin Shell's um the porn that Co 100 a variety of colorful dicks configure configure Edgar welcome to my world forerunner technology so so they see I so they shipped us with configure it completely we got a really we got a really good discount on this software really good discount because we swore we would never say what their name was when they shipped it to us a second time oh sorry
okay whoever's transcribing this and so
suffice all right so we also have SMS oh eight oh six seven everywhere configure which I already mentioned and with us 2000 and XP no big deal this was
actually a water fountain in that wasn't supposed to be a water fountain was I actually attached to our boiler something happened with our power the squirrel that I mentioned earlier took out power to our entire data center see I told you and and I'm really scared the students behind me he's gonna fucking throw me off stage he's Canadian he's Canadian he's like five million lire literally I walked in it like 9 p.m. at night there was a five fuckin foot water spout coming up in the where are where are where tournament like where our fiber terminated every I mean it had our core switches it had everything it was it I had a daisy-chain a UPS and actually put it on that ladder so it didn't didn't get fried by the water that was spouting up in the corner best
alerting assistance system ever had that's a learning system ever we had no monitoring so that's when we're best alerting system ever was our a pcs any time you didn't end the map scan it would just send us an email for every single fucking one I'm gonna skip
that one so I have some for personal
fails yeah sorry not I don't have any
personal massager fails that's a another talk I um if you masks can
afford Annette it's a really bad idea I colorful it is very colorful kind of takes down in the entire school system yep and everybody that you manage so and and checkpoints which I probably shouldn't say because I kind of yeah yeah next-gen erases great so last slide
thank God I actually did a fishing at some exercise to train the users in the in hospital I was working at what really well I have a whole nother talk on it this one was amazing because as soon as I sent this out I got I mean a little bit later I had a lady contact us and let us know that she really didn't appreciate it because she had to cancel her PayPal and Kohl's card I felt really big so I actually sent this out as a fish and I've done I'm done I'm done great sorry