Exposing Weakness Before It’s Exploited with Jayson E. Street - a podcast by Chris Parker

from 2021-08-11T10:00

:: ::

There are many ways your network can be accessed, not just remotely but physically. How equipped are you and your coworkers to prevent intrusions? Today’s guest is Jayson E. Street.

Jayson is the author of Dissecting the Hack: The F0rb1dd3n Network Series. He is the DEFCON Groups Global Ambassador and the VP of InfoSec for SphereNY. He has also spoken at DEFCON, DerbyCon, GRRCon, and at several other cons and colleges on a variety of Information Security topics. Jayson was also featured in The National Geographic series Breakthrough Cyber Terror.

Show Notes:

  • [1:00] - Jayson explains how he hacks to help.
  • [1:59] - People want to see how Jayson can get into their facility and rob them.
  • [3:39] - Jayson shares how “being the bad guy” can get the information needed to educate users and clients on preventing more.
  • [4:51] - Jayson has been known to rob banks and shares the story about how he robbed the wrong bank because he had to go to the bathroom.
  • [7:24] - The devices Jayson uses emulate keyboards and code. 
  • [9:03] - Some employees for big companies like Microsoft have posted their badge on social media from which Jayson prints and uses as his own.
  • [10:08] - How did Jayson get caught in robbing the wrong bank?
  • [13:21] - He found out later that the bank he robbed by mistake wound up wiping their machines which cost them a lot of money even though Jayson’s procedure was harmless.
  • [16:01] - Jayson has a 100% success rate which shows how employees trust anyone who looks official.
  • [17:13] - What is the yellow method and why does Jayson use it?
  • [18:18] - Jayson describes the facility that took the longest amount of time to get into in Jamaica.
  • [20:17] - In one instance, Jayson did not go back to talk to the client after conducting the pen test for a charity.
  • [22:30] - When these tests happen, it isn’t about winning and losing. Jayson makes sure he is caught so he can provide education and training.
  • [25:08] - “The biggest thing that people can do to protect themselves is to listen to the voice in the back of your head saying that something is odd or unusual. Realize when you’re at work, part of your job and responsibility is to think that something bad may happen.”
  • [26:25] - Companies need to give a proper avenue for employees to feel comfortable in reporting something strange.
  • [28:39] - Jayson shares some of the techniques he uses that have a 100% success rate in penetrating the company’s network.
  • [30:06] - At events, oftentimes there are company USB drives loaded with giveaway items. These could be dangerous to use.
  • [31:39] - There is no way to completely eliminate threats. The important piece is how you respond to a threat.
  • [33:10] - Network security is great, but physical security of a network is just as important.
  • [35:01] - Jayson explains that the users of the programs in a network are the people that need to have the proper education.
  • [37:45] - Jayson has a program where he gamifies security education.
  • [39:50] - Many people don’t realize how easy it is for an official looking badge to be recreated.
  • [41:41] - Jayson describes his most boring and simple robbery he completed in 15 seconds.
  • [42:29] - What was Jayson’s most successful interaction?
  • [43:51] - After obliterating a company one year, management took the lessons to heart, educated their team, and had him come back the next year.
  • [46:19] - If pen testers are not rooting for the client, they are in the wrong business.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. 

Links and Resources:

Further episodes of Easy Prey

Further podcasts by Chris Parker

Website of Chris Parker