Simple misreading of numbers can lead to unexpected consequences.
Mistakenly hacking into the wrong network can sometimes lead to positive outcomes.
Deep dives
Unexpected Encounter in a High School Sleepover
During a high school sleepover, a group of friends had a terrifying experience when a stranger entered their house. Initially, a woman walked in without any explanation, causing confusion and fear among the friends. Moments later, three more strangers entered their living room, mistaking them for someone else. The friends realized that the strangers had mistaken their house for the neighbor's due to a mix-up in addresses. Although the incident was frightening at the time, they could laugh about it later, recognizing the unexpected consequences of a simple misreading of numbers.
Rob Fuller, a cybersecurity professional known as Mubiks, recalls a memorable incident during a penetration testing engagement. While attempting to hack into a client's systems, he gained access to the wrong company's network due to a typographical error in the provided IP range. Not realizing the mistake at first, he and his team continued their attack, successfully penetrating the target network and accessing a significant number of systems. Eventually, they discovered their error and promptly contacted the client, expecting potential legal and financial consequences. However, the client was surprisingly understanding, as they had been wanting a penetration test but had been unable to secure the necessary support internally. The incident resulted in a positive outcome for Mubiks and his team, gaining a new client who appreciated their expertise.
Hacking Wind Turbines for Cryptocurrency Mining
Snow, a social engineer, recalls an assessment where she was tasked with testing the security of wind turbines. Unable to gather sufficient information through online research due to the newness of the building, Snow decided to visit the site and blend in as an investor relations manager. With a forged document presenting herself as an official representative, she managed to gain access to the building and experienced the exhilarating rush of success. During her assessment, she discovered vulnerabilities including unlocked doors and lax entry procedures. Her findings highlighted potential threats to physical security and the need for better access control measures.
Snow's Journey into Social Engineering
Snow shares her journey into the world of social engineering, which began reluctantly with a request to accompany her husband to a hacker conference. After witnessing lockpicking and social engineering demonstrations, she became captivated by the field. Growing her skills over multiple years, Snow eventually won a social engineering contest at DEFCON, earning her the coveted black badge. She transitioned into a career as a social engineering consultant, helping companies identify vulnerabilities and educating employees on security awareness. By exploiting human weaknesses, she raises awareness of the importance of social engineering in cybersecurity.
Three stories in one! In this episode we hear about a penetration test from Mubix that he'll never forget, a incident response from Robert M. Lee which completely stunned him, and a social engineering mission from Snow.
