Cybersecurity Horror Stories That will Shock You!

[00:00:00] We're doing something that has never been done before. You see, on the Tech Certified Podcast,

[00:00:05] we've had some of the biggest tech creators share some incredible stories. And today,

[00:00:10] on our Christmas special, we've put together the most incredible stories from our incredible guests.

[00:00:17] Some of these stories will shock you and leave you thinking, how did this happen? But you'll have

[00:00:23] to see for yourself. But before we get into it, definitely like and subscribe to the channel.

[00:00:27] Let's get right into our first story. And this story comes from our friend, Day. Yes,

[00:00:32] Day Cyberworks. But today we call him the Grinch. Just listen to this.

[00:00:41] This happened when I was a cybersecurity intern, my very first role. Oh man, this was bad. Part of my

[00:00:47] role was like purging like emails because, you know, financial industries are like very susceptible

[00:00:51] to business email compromise, right? So it was December, right? It was December 2020. And there

[00:00:58] was this email about like, you know, Amazon gift card, like, you know, for the whole company and all

[00:01:02] of that. And it was like a widespread email. I was like, oh, this kind of looks weird. Even the

[00:01:05] domain was weird. Like it wasn't from like a, like a approved domain or like a company domain or

[00:01:10] anything. I was like, oh no, this is bad. Like, you know, like this doesn't, it doesn't look good.

[00:01:14] And I didn't really go into deep analysis of it. Like typically when, when we do email analysis,

[00:01:18] we go into the header, like all those details. I think I did that. I did that, but like,

[00:01:22] it just seemed kind of weird to me because it wasn't anything like, like actually like company

[00:01:27] approved or whatever the case is. So I was like, this is bad. So I deleted all, I pushed all the

[00:01:32] emails from everybody's inbox. Right. And then I get a call from my manager on teams and it's like,

[00:01:38] Hey, Dave, did you purge all the Amazon gift card emails from exchange? And I was like, yeah.

[00:01:46] And I was like, oh no. Like that was like the company end of the year, um, gift card to all

[00:01:52] the employees. And like now, like, I think it was like the CIO or somebody was asking like,

[00:01:59] what the heck happened to that? I was like, oh my goodness. I got to ruin Christmas for everybody.

[00:02:04] Like I'm literally the Grinch girl. Like I was like, bro. Cause I think about exchange is like,

[00:02:09] when you purge the emails, like they're gone, they're gone forever. I was like, I was like,

[00:02:13] I'm going to get fired. Like, this is crazy. If you're wondering what happened at the end of the

[00:02:19] story, then you're probably going to have to watch the full video. I'm joking. I'll tell you guys

[00:02:22] what happened. Check this out. I didn't get fired. Um, I didn't become the Grinch of Christmas because

[00:02:28] they, I think they found a way to like, uh, send out those emails again. Okay. So I guess they didn't

[00:02:32] end up becoming the Grinch. This was such a hilarious story. And this came from a mistake that

[00:02:39] Day made at the very early stages of his career when Day was simply an intern, but it is not only

[00:02:46] interns and juniors that make mistakes. Now here's a story from our friend Unix guy about a mistake

[00:02:52] that he made. Just listen to this. I do have a, like a story where I messed up big time. This was in my

[00:03:02] times as a Unix full-time Unix professional, big backend servers. Um, they have so many hard drives

[00:03:08] and, uh, we have something called RAID. So RAID is when you have one hard drive, but we have another

[00:03:14] copy of the same hard drive and it's like sync. We sync them together. So if one of them fail,

[00:03:19] the other one will take over. And you know, there's RAID 10, RAID 0, RAID 1. And I remember I was

[00:03:23] going to this, uh, client, it was an airline company. It's a booking system for an airline.

[00:03:28] And I took a junior engineer with me. And I remember it was like 1 PM, 2 PM, something I haven't eaten

[00:03:33] all day. And this junior engineer was asking me questions nonstop. So as I logged into the server,

[00:03:40] I realized they had one of the hard drives has failed and the primary hard drive failed,

[00:03:45] but the secondary has taken over. That operating system was Sun Solaris and, um, the mechanism or

[00:03:51] the software we used used to be called Veritas Volume Manager. Like I knew these softwares in and

[00:03:56] out. So it could do it with my eyes closed. Now, some of those, uh, Sun, old Sun servers,

[00:04:01] the naming of the hard drive is really dodgy. Like I remember the name is this long as he was asking

[00:04:06] me questions and I'm just running the commands really quick so much. So I wasn't even looking

[00:04:09] at the screen at some point. Uh, what I did is RAID, we need to break it first, remove the old one,

[00:04:16] put a new disc and then sync them. So what I did, I broke the RAID, took the old disc, put the new

[00:04:22] one. And when I ran, there was a set of commands to sync the two discs. And instead of syncing that one

[00:04:28] with the data to the, to the new one, I sent the new one to the active disc. And as soon as I ran this

[00:04:34] command, I saw the server, I knew exactly what happened. And standing next to me was actually the

[00:04:39] database administrator who, um, was working for that company. And his face went yellow. Like I cannot

[00:04:45] describe, but he had a, or stand like me and his face went yellow because he knew exactly what

[00:04:51] happened. I remember I looked at the engine. I'm like, can you please stop talking for five minutes?

[00:04:58] Give me a second to just being experienced. I just took a step back. I messed up. Um,

[00:05:02] that data, the DBA guy, he started getting calls from this company. Like his phone started ringing

[00:05:07] and they start like the application is done because all the branches, they couldn't see the booking

[00:05:11] system. Like it was during working hours. Um, so yeah, immediately I asked him, so where's your backup?

[00:05:16] So I still take backups and I started restoring backup, hoping it was recent. And yeah, it took

[00:05:23] what, what, what, what should have been like half an hour job. It took, I think three hours. And yeah,

[00:05:28] I remember by the time I finished and I walked out, I was like, I didn't realize I was sweating so much.

[00:05:34] Like I wasn't physically nervous, but I think psychologically, I was just so upset for causing

[00:05:39] an outage that was unnecessary. But that's one story I'll never forget.

[00:05:44] I'm so glad we was able to recover from this and they had their backups ready. It could have been

[00:05:49] so much worse, but luckily you found a way to save the day. And speaking of saving the day,

[00:05:54] it is Christmas. Okay. And we've had a couple of horror stories already. Let's switch it up and have

[00:05:59] a hero story this time. And this story comes from our friend, Vinicia, AKA cyber queen. Just listen to this.

[00:06:06] But my one key story comes from when I was actually like, my core focus was threat intelligence.

[00:06:17] And we had at the time, we had a really big incident in the bank. It was a real like movie,

[00:06:27] like hack. One of our sister companies, they had been compromised and we had gotten like this notice

[00:06:35] like that you really have to sit down for. And reading that notice, it's like, okay, fine. I want

[00:06:43] CSI cyber now. We were being held at ransom for a compromise that happened in the sister company and

[00:06:49] the data was going to be published, etc. But my job, which was actually such a small job in that incident

[00:06:57] was one of the biggest jobs, but it was to make sure that I am monitoring the right keywords on all of the

[00:07:06] platforms that these cyber criminals would usually paste it. So if you think ghost bin, paste bin,

[00:07:14] and anyway, so we had these threat intelligence tools and I had to put in any keywords that I deem

[00:07:20] relevant to the data that they might have stolen to get the heads up for the bank if they were planning

[00:07:26] on publishing the data. So the incident went on and it was like days and we hadn't been sleeping and

[00:07:32] they had brought us food and it was like in this whole like kind of war room. And finally, the CEO of

[00:07:40] the company, he went out to the media and he had acknowledged the breach. And when he did that, the

[00:07:47] cyber criminals actually had published the data. But my keywords were so good. We found it and had taken

[00:07:58] down the data within five minutes of the publishing of it. And it was, it was hectic. It was like when he

[00:08:06] went onto the media, I was like refreshing and refreshing and like looking at multiple screens for

[00:08:12] anything that pops up. And the moment that something popped up, it was almost like first

[00:08:17] I blacked out and then I was like something popped up. And then it was, um, it actually saved the day.

[00:08:25] You can have one single small job that you are sitting there thinking, oh, everyone's running around.

[00:08:30] Everyone's deploying stuff. Like I'm just sitting here. But I mean, that was a massive thing. And had I not

[00:08:36] done kind of the correct keywords in the five minutes that I was working on the thing. We would not have picked this up

[00:08:43] like five minutes after they had published it. What a story. Super interesting. I love this story from

[00:08:50] Vinicius. But after spreading a little bit of Christmas cheer, it's time to get back to some of the horror

[00:08:56] stories you're here for. And let's listen to our friend Tech Toby as he shares one of the mistakes that he made

[00:09:01] early in his career. Just listen to this. In the very early days when I moved from desktop support to

[00:09:12] infrastructure engineering, I was in that junior phase of infrastructure. I got given this ticket

[00:09:17] one day, there was a shared drive that was found by the security department that wasn't secured. So

[00:09:22] this is just a normal file share on a windows domain had no permissions on it at all. So anyone could

[00:09:27] go in and read, write to any of these files. And no one knew what it was. And it was a file share that

[00:09:35] was created in 2003. So it was even more alarming that it hasn't been noticed since 2003. And this

[00:09:42] was about six years ago when and when this happened. My job was to secure this. So nobody knew what it

[00:09:48] was. We sent out a ton of communication to ask people. And no one got back to us. So I was kind

[00:09:53] of instructed to just secure it, lock it down, create a group. And whoever shouts about it, shouts about it

[00:10:01] at the end of the day, if they lose access to stuff. Turned out it was a file share that one of

[00:10:06] the main applications for the company was writing files to. And because I secured it, it knocked out

[00:10:12] the use of the application. So thousands of people couldn't use this one application. And the worst part

[00:10:19] about it is if you use windows and you're trying to secure a file share on domain, you have to wait

[00:10:25] until it finishes. And there were so many files in there. So it took about four hours to secure.

[00:10:31] And then I had to unsecure it. So it took over eight hours of bang time until the application was

[00:10:36] back up. And in my mind, I was really young at the time and I was like, oh my god, I've just broken

[00:10:41] this. Like, I'm going to get fired. But thankfully, I had quite good management at the time. And the people

[00:10:45] in the tech department were very much adamant that this isn't really our fault. Someone should have

[00:10:51] done this years ago. So that was a bit more relieving. But that's a good point is that if there

[00:10:58] is a major incident and you cause it, there's always some form of rollback. It may take time,

[00:11:04] but it has happened. You know, look at like a crowd strike, go over like the I-T-I-ish. The

[00:11:08] person who calls that, I bet they had the worst week of their life. That's crazy.

[00:11:11] An amazing story from TechToby about what he faced early in his career. Now, some of these stories

[00:11:18] might give us some nightmares and we do not want nightmares at Christmas. We must hear about some of

[00:11:23] the stories that inspire us and that changed our perspective. And this is a story that is not

[00:11:29] cybersecurity related, but another role. Actually, the role of tech sales. This story comes directly

[00:11:36] from an unreleased episode. Let's listen to our friend William, where he shares one of the stories

[00:11:42] that completely changed his perspective on his career. Just listen to this.

[00:11:52] Anybody that knows door-to-door sales, you know, you're pretty much, you're on the goal, you're

[00:11:56] walking. There's no time to just kind of sit down unless it's your lunch break, right?

[00:12:01] And the only difference is instead of knocking on your door, we were doing it for businesses on

[00:12:05] a street front, on literally a street road. And for me, you know, being very young, enthusiastic and

[00:12:12] wanting to just go out there and make sales, I came across this, I like to call him a wise man.

[00:12:17] You know, Caleb, I know you read the Bible. I like to call him a wise man, right? And I came into his

[00:12:22] store. He had an eyeglass store. And I came in and I was just like, I came in with the enthusiasm

[00:12:28] and I was just kind of looking to get a sale in there. I felt it there. And I came to him and I

[00:12:34] introduced myself, introduced a product like I always do. Right. And he sat there. He listened.

[00:12:42] He didn't say anything. He didn't say anything at all. Another customer came in. He tended to that

[00:12:47] customer. And I was a bit agitated because I was like, Hey, I just kind of came into your store.

[00:12:51] You're not going to acknowledge me yet. He looked at me, but he didn't even say anything.

[00:12:55] He took care of the customer and then the customer went out, but I stayed, I could have left,

[00:13:00] but for some reason I stayed. And he, he told me to sit down on a bench in this store. I sat down on

[00:13:09] the bench and he got some coffee, got some tea, asked me if I wanted coffee or tea. I said, no,

[00:13:14] I don't, I'm here to make a sale. I don't really want any coffee or anything, but he brings his tea.

[00:13:19] He brings his coffee. He sits down next to me and he tells me young man, um, I see the passion and the

[00:13:25] fire in your eyes. You know, I can see that you're good at what you do. Um, but he taught me a very

[00:13:30] important skill and it was to understand that within sales as a whole, and you can apply this

[00:13:36] in life as well. The importance of being a people person, the importance of understanding relationships

[00:13:43] and the importance of understanding dynamics within the relationships that obviously we as human

[00:13:48] beings create. Um, and essentially he went on to tell me his life story about the things that he

[00:13:55] experienced. I just literally sat there in amazement and was just listening to him. And this is why I call

[00:13:59] him a wise man, right? He transformed the way the psychology and the thinking mindset that I had

[00:14:04] around sales. It's not about just always selling someone a product. It's about again, being a people

[00:14:11] person, understanding and listening to what they're saying, listening to what's being told. Yeah. I think

[00:14:16] that to me is the most meaningful kind of moment within my sales career at the end of it, obviously

[00:14:21] after coming back another day, I was able to get the sale eventually, but from that point on, I changed

[00:14:28] my outlook and the thinking I had in regards to sales in general. So that's why I called it my wise man.

[00:14:35] That story was inspirational, but unfortunately we've got to get back to our traumatic horror stories

[00:14:43] and this story might shock you. Let's listen to Kevin as he tells us one of his most devastating

[00:14:49] stories and how he recovered from it. Just listen to this.

[00:14:57] Kevin

[00:14:58] My last, in my last cybersecurity job, I got, I got let go. They had layoffs in my job. I really

[00:15:03] couldn't do much. I literally woke up. I was trying to log into my computer and I was able to log in,

[00:15:07] but then it got like a random email and then I joined the call and then they're like, oh yeah,

[00:15:13] our whole, your whole department has been eliminated. So like they eliminated everyone in our team.

[00:15:17] I really couldn't do much. Just like out of my control, right? I was like, oh shoot, I'm screwed right now.

[00:15:21] And I posted on LinkedIn that I was open for work and I was out of work for a couple of months. The amount of people that reached out to me for a referral was insane.

[00:15:30] Like a lot of people reached out to me to, to, to like give me a reference. Oh yeah, Kevin. Yeah. Go apply for my job.

[00:15:37] Go apply here. And even though I got the referrals, I still couldn't get a job. It was crazy.

[00:15:41] It was like, I could not find a job at all. It was like going south. Everything was not working out for me.

[00:15:45] So it was like, all right, whatever. I can't really do much. Right. And then I re I remember

[00:15:49] I got reached out by one of my buddies, my cyber security buddies. And he asked me if, um,

[00:15:55] if I want to go to Romania, I'm just super random. So he's like, oh, you want to go to Romania and speak?

[00:16:00] You want to go to Romania to do a talk? I'm like, but I'm like, I don't have a job right now.

[00:16:04] And I did a, I did a talk with him by the time I got out of that talk, I found a job.

[00:16:08] So I remember I was doing a talk at Romania and I flew back, we flew back and I already had a job

[00:16:13] lined up for me on Monday morning. So it's just like, as I was struggling for a couple of months,

[00:16:18] not finding, I couldn't find a job. And people were like, how, how can he, how can Kevin not find

[00:16:23] a job? He has all big following. Big following has nothing to do with it. Like kind of all the

[00:16:27] followers in the world, no one's hiring, no one's hiring. What are you going to do? Right.

[00:16:30] Kevin, that was a crazy story. And we hear so much about layoffs and how they affect people.

[00:16:36] We're so glad to see the way you bounced back and we're able to get another role.

[00:16:41] And sometimes it's really hard to be laid off or accept layoffs when you haven't done anything wrong

[00:16:46] or made any mistakes. But speaking of mistakes, let's go to our friend Wally, who tells us how a

[00:16:53] tiny mistake caused this outage. Just listen to this.

[00:17:01] The way we work is we write what they call methods of procedures, which is basically like

[00:17:05] a step-by-step guide of how to configure something. And when you configure it, mainly they do the

[00:17:09] configurations at night. Right. And the reason we do them at night is because there's less traffic

[00:17:14] that time. And if there's an outage, there's less people online at that time. What I did was,

[00:17:19] when I wrote, wrote out this method of procedure, um, I had one small mistake, a very, very small mistake.

[00:17:26] And like, it's almost hard to catch. And what that mistake was is if you guys know what IPv6 address is,

[00:17:32] there's 128 subnets that you can have on that. Right. And the smaller the subnet, the bigger the range of,

[00:17:37] of, of subnets within that. So you were, the big mistake that I made was, you know, if you want to

[00:17:43] do a point to point link on an IPv6 address, um, and you only want two IPs max on the, on two hosts

[00:17:50] IPs on, in one subnet, you'll, you're going to use a, uh, slash 127 address. But when I wrote the method of

[00:17:57] procedure, I dropped the seven. So we're going to become a slash 12. So you go from two hosts

[00:18:04] to basically 2 million hosts. So now any IP within that range, it becomes a duplicate IP. Whenever

[00:18:10] there's a duplicate IP, IP on the network, especially with public IPs, it's just not going to work.

[00:18:14] Then there was a duplicate IP on that network. And in the morning I get, I get a text say, or like a,

[00:18:19] what they call like a, like a, you get ping basically whenever there's like an outage.

[00:18:24] And it says, Oh, there's an outage in this region. I was like, Hmm, I worked on that. Let me check it

[00:18:27] out. And then like, Oh, it's all that same device that I, that I wrote the method of procedure. I

[00:18:31] was like, man, what did I do? You know? Cause you'll, you always have that innate fear. Like

[00:18:35] maybe I just did wrong. So, you know, it ended up causing an outage, um, from a small mistake,

[00:18:41] you know, and this is, these methods of procedures can be long. It can be like a five, six page document

[00:18:46] of a step-by-step guide. And that caused a decent outage. And obviously that's the learning

[00:18:49] lesson. Right. Um, and during that time, obviously, you know, you go through like a

[00:18:53] root cause analysis, you explain how this happened, what could it, you know, how could

[00:18:56] this been prevented? Um, and it was a learning lesson. This was like when I was kind of new to

[00:19:00] industry and you know, my eyes weren't as like, you know, I would say strong enough or I didn't

[00:19:05] have hot guys at that time because obviously when the more, the more you like look at configurations,

[00:19:10] the easier it is to notice things that are incorrect. Right. Um, although I should have

[00:19:15] noticed that, I don't know. I'm surprised I still didn't get that, but, um, it still went through

[00:19:19] like the cracks and it's ended up getting configured. And that was a major learning lesson like that.

[00:19:23] Whenever the outage happened, like I was kind of scared, like, I was like, man, did I, did I mess

[00:19:27] up? Am I done? Like, you know, like you always have that fear, but obviously this company is,

[00:19:32] you know, they, they told me like, you don't worry about it. You know, it's your first one.

[00:19:35] Everyone has like their own outage story. And like I said, it's, it's a learning lesson, right?

[00:19:39] Another incredible horror story, but this time coming from a network engineer. Now,

[00:19:45] since we're talking about different roles in tech, let's talk about the role of a cloud solutions

[00:19:49] architect and how our friend Faiomi became one. Now this is not necessarily a horror story,

[00:19:56] but it is a story of inspiration. Just listen to this. Me and a colleague are working on like a big

[00:20:06] project for the government. It's like a big migration project. And it costs, let's say the cost of this

[00:20:13] project is about 750,000 pounds. And so it's just me and my colleague and my colleague is senior.

[00:20:19] And so, you know, I'm, I'm, I'm just there chilling. Cause I'm like, you know, I'm just,

[00:20:23] I'm the junior guy here. You know, my colleague, he got this. And so me and him, you know, where we're

[00:20:28] going to all the clients meetings, we're gathering the requirements and I'm like, you know, I'm,

[00:20:32] I'm just happy to be there. I'm just happy to help. And, you know, this is a project that was going

[00:20:36] to take like three months and three weeks into the project. The client was like, you know, this,

[00:20:43] this scene, they went to the management was like this colleague that I've been working with. He's

[00:20:47] not quite right for this role. You guys need to get rid of him. And at this point, cause I've been

[00:20:52] the only other person on this project. So my other senior colleague was sort of removed from the

[00:20:57] project. And then all of a sudden now I'm in charge of the project. And so at this point,

[00:21:03] I go from being just like in a background, just chill out. Someone else had now I'm responsible

[00:21:07] for the success of this project. And it's huge. It's like the biggest thing I've ever worked on

[00:21:11] in my career. So now I'm leading all the calls with the key stakeholders. I'm making the architectural

[00:21:17] decisions and I'm, I'm having to like really think about, Oh, what are we going to do? I'm doing all

[00:21:21] the proof of concepts. And it was at this phase where I was like, I don't know what I'm doing. Like

[00:21:27] I'm going to my manager. Like, ah, this is, this is, this is difficult. Like, and, um, but you know,

[00:21:32] they encouraged me. I think they did a really good job. They're like, look, you can do this.

[00:21:36] Maybe they brainstorm some things with me, but like, it was my project. And so, you know,

[00:21:41] one way or the other, you know, you're, you're, you're creating ideas, you're sharing it, you're

[00:21:45] doing proof of concepts, you're sharing it. You're, I'm having conversations with the key stakeholders.

[00:21:50] And I remember at a point I'm like, okay, I feel like I'm actually know, know what I'm doing.

[00:21:56] I feel like there's key stakeholders. And these are very serious, senior people. And, and I must

[00:22:02] have been like, I don't know, like 26 or something. And, and I'm, you know, I'm holding

[00:22:08] meetings and I'm showing them, they ask me questions I'm answering. And I remember we keep going and,

[00:22:12] you know, they're happy. They're like, okay, the project is moving. Whereas before it kind of stalled.

[00:22:17] And one way or the other, I get through the project. I do my final demo of this is how it's

[00:22:24] going to work. All this key stakeholders are happy. Everyone signs off, signs off on it. And, and it's

[00:22:30] good. And that was the moment where I was like, I am no longer just a cloud engineer or like a junior.

[00:22:36] So like I've done, it's almost like a baptism of fire. And I was able to, to sort of successfully

[00:22:42] get that project over the line. And I had to use programming skills. I had to do CI, CD skills.

[00:22:46] I had to use basically every skill I've ever developed. And this was where actually some of

[00:22:52] the projects I was doing on the side, cause I was creating this app that, you know, did stuff.

[00:22:56] And I had to use those technical skills and I had to draw on all the stuff I did outside of work

[00:23:01] to be able to like make this a success. And so, yeah, that was definitely one of the scariest points.

[00:23:05] And luckily I was able to come through the other side. What an incredible story from Faiomi

[00:23:10] about how the challenge he was faced with helped him become the professional that

[00:23:16] he is today. How being thrown into the deep end allowed him to develop the skills that he has now.

[00:23:23] He developed in so many ways, including his communication. But speaking of communication,

[00:23:29] I need you to communicate with me. We have two stories left. And before we hear those two stories,

[00:23:35] I need you to go to the comment section right now and tell us your favorite story so far,

[00:23:41] what are and why. And you must do that now because the next story is one of my very own.

[00:23:47] And this is a horror story that came from one of my most memorable mistakes early on in my career.

[00:23:53] Just listen to this.

[00:23:58] I was working for a company that sends engineers out to small and medium sized companies to work on their

[00:24:06] tech, upgrade their technology, that sort of thing. And I was sent out to a company to upgrade several

[00:24:13] different things. But one of those things was their antivirus. I think they were moving from McAfee to

[00:24:19] something else or something to McAfee. And basically one thing you shouldn't do if you have done before

[00:24:27] is have two antiviruses working on one endpoint on one device. It just doesn't work. But I didn't know this.

[00:24:35] I was sent to do a job. I was given instructions on what to do and that's what I did. And so I went

[00:24:40] around to each individual and got their device installed the new antivirus without taking off the

[00:24:49] old one. Some of them crashed, some of them didn't. The ones that crashed, one of them was the CEO of

[00:24:56] the company and another was a director and both of their devices crashed. It was pretty bad. And I was

[00:25:06] stressing. I was so stressed. I was calling people back at the headquarters or wherever and people

[00:25:13] were just like, did you take off the old one? I was like, no, I wasn't told to do that. Yep, this is a

[00:25:20] true story. I really crashed the director and the CEO's devices. It was a mistake that I learned from

[00:25:26] and I will never make the same mistake again. But clearly, as you've seen from most of these stories,

[00:25:30] these things happen. Now, here is another exclusive story from an unreleased episode. And this one comes

[00:25:38] from our friend, Mr. Fingers. Mr. Fingers walked us through the social engineering aspect of a pen test.

[00:25:46] And if you don't know what a pen test is, you'll understand a little bit more whilst watching this

[00:25:51] video. Just listen to this. While I was still working for my previous company, I was doing a pen test,

[00:26:00] a pen test, but a walk-in pen test. So I have two cars. So one of my cars is a car that you literally,

[00:26:07] you would bluntly just never even think that I drive. So I used to just drive through, before I even came

[00:26:14] into that building, I used to drive past that building just to see the security guys. And I would spend

[00:26:20] maybe two or three hours just to see how the security is. And I saw, okay, security is a bit tight. So I came in as

[00:26:27] a delivery guy with a different car, because obviously if they see that other car, they'll know it's me.

[00:26:33] So I came in with a different car. I was wearing obviously delivery, you know, delivery clothes.

[00:26:40] Told the security guy, I'm here to deliver a certain item for a particular individual. That particular

[00:26:45] individual, obviously I got the name from LinkedIn and I already did my research on this person. I knew

[00:26:53] their Facebook, I knew their Instagram, I know what they like, what they don't like. So I already bought

[00:26:59] a huge box of lent chocolate for that particular individual. And the security guard let me in. But

[00:27:05] while I was going in, I gave the security guard a huge Coca-Cola. I was like, thank you, here's Coca-Cola.

[00:27:13] So what I did, I was building trust for that security guard. Ended up asking him his name, how's your day

[00:27:19] going? And he was like, oh, thank you. You know, telling me everything. Now he started telling me

[00:27:24] stories about this particular individual I'm looking for. And I was like, okay, this is what I want.

[00:27:30] And he told me, go to this building, turn here and look for this person. I got there, receptionist,

[00:27:36] told me, okay, you can leave the package here. And I told him, I can't leave the package here. I need

[00:27:41] to go in and deliver it to her personally. I went in, the particular individual was on lunch.

[00:27:46] I met the cleaning lady. I need people to listen to this because people don't know this.

[00:27:52] Cleaning people, people who clean in buildings are dangerous guys. Do not mess with those people.

[00:27:58] Those people respect them. I ended up speaking with cleaning ladies there. I had a conversation

[00:28:04] with them. I was like, hey, do you know where this particular individual sits? She told me, yes,

[00:28:09] she sits here. She goes to lunch at this time. She gets here at this time. She leaves at this time.

[00:28:15] And I was like, oh, this is the information I needed. Just sparking a conversation. And then I

[00:28:19] ended up obviously giving her again, a thank you gift. I gave her a box of lunch to that cleaning lady.

[00:28:26] Thank you. Then I delivered my package to that lady's desk. She was not there at the desk. Her laptop

[00:28:32] was there. I put in a small rubber ducky USB, plugged it in. I told that cleaning lady, hey, listen,

[00:28:38] there's a USB which I plugged in there. You know that lady's going to come back at that particular time.

[00:28:42] Before she comes back, make sure that you plug up the USB and keep it with you. I'll get it tomorrow.

[00:28:48] But I told her if somebody else in the office leaves the desk, make sure that you plug it

[00:28:54] into each person's desk. She was like, perfect. Don't worry. I'll see you tomorrow. And she asked me

[00:29:00] for a favor. I was like, hey, do you mind getting me food for tomorrow? I was like, perfect. Got there tomorrow.

[00:29:05] Same thing. Delivery guy, friendly guy. Everybody loves me. Security guy now trusts me. He opens for me.

[00:29:12] Hey, do you have something for me? I was like, I've got a Coca-Cola for you. Gave him a Coca-Cola,

[00:29:17] walked in, receptionist, greeted. And I got in, spoke to the cleaning lady. The cleaning lady was like,

[00:29:26] the job is done. Do you have something for me? I gave her what she needed. And from there,

[00:29:31] she gave me my USB bag, which was my rubber ducky. So I was able to infiltrate the environment

[00:29:36] and get all the information that I needed. I was able to call the guys in the office. I was like,

[00:29:41] guys, were you able to get in? The guys were like, we're in. We infiltrated. We took whatever we

[00:29:47] needed to take. And I think a week after we sat down with the CEO, we showed them the work. Okay,

[00:29:54] this is how we were able to do things because of ABC. And it was easy to infiltrate your environment

[00:30:00] because the cleaners were also not part of the training. Every single time you would train your

[00:30:06] users, but not train your cleaners. So you guys undermine the people which I think are low level.

[00:30:12] So we're able to use whatever information we can against you. So with that being said, again,

[00:30:20] people need to be very careful with that. Respect your cleaners because they know what time you do

[00:30:25] something. When do you go for lunch? And when do you leave? If you've come this far in this video,

[00:30:32] I need you to do two things. The first thing is to leave a comment down below saying your biggest horror

[00:30:39] story and how this happened. And the second thing is to click this playlist and watch some of the full

[00:30:46] podcasts of the stories that you've just watched. Go on, hurry up and click it. You know you want to

[00:30:52] watch some of the full episodes. Click this right here. Let's go.