Podcast 412023 Cybersecurity Tips and Tricks From ShiftyEyesShady

hello and welcome to the tech boy this
week wel to this week in the tech boy
podcast today we have a special guest
today would you like to introduce
yourself sure my uh my name is Joe um I
go by the online scream named Shifty I
Shady which was my old Xbox gaming tag
which is how I got that which in turn
came from an Alison chain song so you
know that's how that got that some
people find it weird uh
but you know that's how so um yeah
that's who I am I know who you are I'm
sure your audience knows you as well
right
yes okay so would you mind telling us
what you do for a
living yes so what I did was I did a
career change I was in my
mid-30s and I was working for the law I
went to law school and I studied
psychology before I went to law school
so I worked in law and I just didn't
like the direction it was going I it was
sort of just stagnant it wasn't really
fun so um I looked up on the internet
and this was about 2017 Summer I looked
up the top paying careers in America at
that time and the one that kept popping
up was cyber
security so I said okay I I I know a
little bit about computers I was that
guy that everybody in my family and
friends would come to to get their
computer fixed I'm sure you have the
same yeah you know so I was like okay
let me pursue this um
full-time and since I had already
graduated college I didn't have to do
all those
uh like those extra credits like math I
got to focus on the core of just cyber
security yeah I went and I met with the
with the head of the program and spoke
to her about it and she uh said well why
don't you enroll we have a summer course
that's about to start in a couple weeks
and you can see if you like it and if
you don't like it no big deal you only
did one course but if you did do like it
you'll have three credits earned by the
end of the semester when we
start so I was able to go forth and
complete my degree in December of 2019
right before the covid pandemic
hit so I realized also I was very far
behind and I needed to play catchup
because there was a lot of younger
people that knew a lot more about this
than I did so I totally immersed myself
into the world of cyber security I went
and I met with every single Professor
told them my career change told them
what I wanted to get into and said I
know I'm behind and I really want to
move forward so they suggested we had a
cyber security club on campus I joined
that right away and that helped us uh
learn about various tools and uh ways of
work and we also what was great we got
to compete in hackathons and local
hacking
competitions so I did a few of those
what up Oh I thought I lost your audio
no no no I just paused for a second to
catch my breath um yeah so I we went and
we did a few hackathons
um uh cyber seed out of Connecticut
where we competed with something like 74
other schools and Art School came in
17th place we beat the Army and the Navy
and the Coast Guard which was cool but
you know we didn't get any of the top
prizes fiveman team uh it's fun um and
then we did What's called the national
cyber League the NCL have you ever heard
of that uh no okay so that's like a
little school hacking competition that
they run every semester for people to
learn get up their skills levels so I
competed in every single one of
those and then fast forward I got my
degree I went to um you know the
pandemic hit unfortunately because I had
an internship lined up and the school
canceled all the internships because of
the
pandemic so that put me a little bit
behind of where I wanted to be um so
what I did was I then went and I joined
a what we call a boot camp
program which um I don't know if you're
aware of what a boot camp
does just really fast learning yeah it's
a very fast-paced learning So within
like 10 or 11 months they they take
somebody that they assume has very basic
or no computer skills and they get them
ready for the job
market nice right so that was really
intense we did uh three days a week
Monday and Wednesday nights four hours a
night and then Saturday five and a half
hours every Saturday for about 10 11
months and I just finished that in the
beginning well mid
January okay so after you finished um do
you H get a job uh in cyber security yes
I'm working with one of my friends that
does cloud computing security
so you know um he's not fully trained in
the cyber security world he is he's like
a cloud engineer with AWS and all that
so he needed somebody to help him with
the security because he started his own
firm so he took me on as an employee and
I got to learn uh under his wing because
I only got very limited Cloud experience
they only gave us about four classes in
cloud of security in the boot camp so
I'm working at that currently um I just
built let's see Tower here I gotta put
it together I gotta the last thing I got
to do is put the graphics card in I just
built this together from
scratch my baby and I put it on a Linux
operating
system uh Linux Mint uh primarily in
cyber security we all use Linux um I
don't know if you you use Linux a lot or
at all oh I was doing some courses on
Udi for cyber security and played around
with some WSL
okay yes so could you show us the tower
the virtual black background is bluring
it oh sure okay let me get the
uh take off the background
right there we go
VA there she is I can take off the cas
she's not plugged in but I have to put
the graphics card
in but I went to you know a Micro Center
bought all the
parts I'll pull up the case so you can
see
components hard with the case because
it's all black all the components inside
are black and you know I used to grow up
when all the components were Green in
the computers that's how old I am you
know all right
a I put
have got
a got 32 uh
DDR Rams I got a tough gaming
motherboard that came with the processor
it's a i7 Intel which is under the be
quiet
fan and then I got to put the graphics
card over here but some reason and it
was uh my my CPU was overheating so I
had to pull off the uh the uh fan and
redistribute thermal Pace on the
processor yeah so you know this is the
first time I built a computer completely
from scratch I've had them you know I've
gutted them and take them apart but this
one didn't have the motherboard in so
that was a new experience for me was
storing in the
motherboard oh nice um as a uh sorry
cyber security professional um what are
you doing um with your
job in the day of
life so I can show
you I just spilled some water down
here all right
we're back sorry about
that
okay so yeah what we do is our core
component that we sell is we want to
make sure that the customers are
connected
247 without
any interference
problems we want them to always have
access to their cloud storage
um because they depend their business
models all depend on having access to
this network
so see what I can bring
up show you some of this okay so this is
my friend
Jason that's what it says Jason's team
that's the guy I work for and we set up
a c virtual box in the cloud I don't see
anything why you just talking oh I got
to share my screen hold on
okay um it says you you disabled screen
sharing
oh what try
now
be
good see if we can get this a little oh
nice I can see okay all right so what we
were doing on this last thing right here
um at his this is his side project job
so he has
a a normal job where he does the same
thing for a big firm so and then I do
this with his job you know that's his
second job I work with him now for his
big firm what we had done here was we
did a scan because at his work he got
contacted and said that one of the ports
was open and that was a vulnerability
for um you know hackers to get into this
system and they could have shut down the
system if they got into this port made
what we call a lateral
move and so we had to scan it to make
sure that the the port was closed down
so we used C this is my Cali
terminal and what we did was we used a
tool called nmap which is a it's a
scanning protocol tool for uh for C they
also have a GUI version called
zenmap but I haven't put it on this uh
sandbox yet so what we did was we
scanned for the port to make sure it was
closed and
see here we scanned a thousand ports at
this IP address that was suspect here uh
because it was open we didn't even know
we had that IP address there we went
ahead and we used the end map and what
we did
was
[Music]
okay
here okay so this is the point
where okay this is the command I
executed and map which starts the
thing and these little variables here
the St and the PN and the V and the
capital A these are all
um commands that guide and map to do the
scan in a certain
way
so we had to increase the user
privileges using the Su sudo command
here okay we completed this scan and we
found out that the host seems to be
down right
here so I was not able to access this
port so we do a lot of stuff like
this okay um could you tell me what the
uh ISO is uh right here for the guys on
the
chat Windows 10.
ISO show me where you see it it's
Windows oh okay okay I'll show you okay
Windows 10 ISO okay so ISO is a image
file yeah so what we do is um I remember
just telling you in the email I work
with a lot of virtual machines right um
so an ISO file is an operating system
image file so it' be like you know this
is just Windows 10 and in a an
installation like it would be like you
know like how you have exe
files okay so you would use an ISO file
to create a virtual box
with oh this is running in Virtual
box uh
this is a virtual box yes but this spec
specific virtual box that I have running
right now is completely in the cloud
this this v-buck is not on my machine oh
nice so I've tried doing this on a phone
once uh installing Windows from the ISO
file on on a phone but it didn't work
well um but I guess I could try it in
the
cloud
potentially we could always run you
through a tutorial of how to do it I've
built tons of virtual machines all the
time on my my tower um and I told you I
was running Linux as uh the primary
Linux Mint as the primary OS I'm
actually also running uh like ISO files
as uh C Ubunto
20.4 um Cali purple which is a new
version of Cali that is meant for
defense because the original Cali
version is an offensive security
penetration testing tool so they created
all the tools for penet ation testing
field and put it into C Linux to make it
easy so C purple they did the opposite
they put a bunch of defensive tools
instead of offensive tools so I'm
running those two uh the Ubunto like I
said and then I am also running Windows
10 like you saw the Windows 10 ISO
Windows 11 as an ISO um Windows 7 as an
ISO and I'll tell you why I'm running
Windows 7 as an ISO is because in the
real world in the corporate thing the
corporate Arena there are a ton of
people and firms that are still running
Windows 7 even though it has no Windows
support so you still need to either
least I you still need to have my skills
up in Windows 7 and how people can
attack it because now it's more V
vulnerable than ever apparently Windows
7 is very easy to uh attack like I
learned from my
lessons yes it was very easy to attack
be warand and now that they shut down
the stopped supporting it for Microsoft
it's even worse and there's a ton of
firms that are just invested with you
know they have hundreds of machines that
are just running Windows 7 and they
can't afford you know an upgrading cost
to do that
especially especially the Department of
Defense still has XP on its battleships
and uh important Communications because
there can't be any downtime for military
operations yeah um so a lot of the
professors in my boot camp came from the
military um you know and the military uh
sector with security and that's how they
got started into
it um so there's a lot of military
applications and so they have told us
that that the military systems are
basically outdated and you know they
they think that's a big concern for us
you know National Security
wise um so I was thinking about this and
as a cyber security person I was wanting
to get your thoughts about it um
assuming the United States goes all
electric we ban gas cars have all
electric cars and we get hacked in the
power grid uh could the power grid
potentially go out I was thinking that's
a reason we shouldn't go out electric
because the power grid go out and we'll
be back to Stone Age of since I agree
with you so I got to take couple courses
on this um our entire infrastructure
runs off something called the skada
system have you heard of that before I
think
so okay so a ska system I'll Google it
so you can see it's a uh it's an
acronym you know supervisory control and
data
acquisition okay and pretty much all our
power plants water plants electricity
plants everything runs on these systems
these
systems you know some of them are
outdated Oil and
Gas Utilities agriculture manufacturing
food and beverage Pharmaceuticals
telecommunications Transportation
basically an entire infrastructure runs
off these ska
systems right is it what
was that tool where you can look up all
the things on the internet online what's
it called
uh I think someone found like a dam over
there in a different country and was
able to potentially hack into it if they
wanted to I did not hear about that but
I'd be interested in finding it because
that that's right up my alley let's see
if I can find it for you yeah um but
anyway to continue on with the electric
um you heard of an electric magnetic
pulse oh an EMP yeah an EMP correct so
an EMP they have a if you set off a
nuclear device an EMP is going to send
out and that's going to shut off all the
electronics in the affected area it'll
be dead from your car to your phone the
internet everything just be dead so
that's a huge problem the other major
problem that we have is non-nuclear emps
which countries are working on that'll
just send out an electromatic pulse
that'll destroy you know all these skada
systems and a third concern I think that
would be um have you ever heard of a
solar flare yes we almost had one but
the sun was a different way or something
like that yes it just missed us now we
had a big solar flare in the late 1800
1842 I think something like that yes and
that destroyed our Telegraph system all
across the
world um where did that go how that
Cipher some codes oh that was one of the
my saved things yeah see
what is this 1859 1859 okay yeah that
that was the Carrington event
so what were you saying I was saying for
some reason I still see the
terminal
well
um hold on let me
see let me get the terminal
down
oh I see
why okay so what happened was I only
selected screen sharing for the terminal
I didn't select it for my web
browser um this thing fried all our
Telegraph uh lines throughout the world
if this happened in the modern day era
we would be massively messed up oh and
here's Thea that I was showing that I
thought you were seeing before
okay let me look at it all right so you
see all our infrastructure is using this
oh and speaking of uh uh this scatter
and how some of them are connected to
the internet the tool that I was talking
about is called show showon have you
heard of it yes I have heard of showon
and someone was able to find like a
country's Dam on it or something like
that really that's what I was talking
about check it
out ah look at
[Music]
this shodon is used yes so yeah I guess
they use shodon to exploit the the ska
system for the
dam so um so I guess the person was just
like testing sodon and learning how to
use it and if they wanted to if they had
to log in for the damn they could have
turned off the water or turned it on or
do whatever to the country water play
one of my professors when I went to the
First Community College back in like
2017
um he was a younger guy he was 23 at the
time and um so he just not out of high
school not that long ago and he was
telling us a story that before he you
know he got his degree and everything um
and he was just working in high school
he was using an an old school security
program called cane enable oh yeah right
and that's dangerous it can be dangerous
if you don't know what you're using and
he accidentally shut down the entire
school's Network nobody could get on the
network and The Tech Guy couldn't figure
it out all the tech people couldn't
figure it out and he said he was so
scared that at any moment they would
trace it back to him but they never
did I thought enable was
for uh local
attacks Kan en Able's got a lot of stuff
I looked for it but I couldn't find an
official uh download a
website because it's basically
non-existent anymore um I do have a copy
of can Anda not on this laptop but the
laptop that I used in school so I could
probably find that oh thanks I just
found one one on the web archive
archive.org okay yep that's exactly how
I found mine was on the way back
machine but yeah you're right it was uh
it was very hard to find a
uh I wonder if this would work because
you know this was years ago when I got
it there's the archive.org Link at the
bottom oh all
right so speaking of security most of us
will probably uh if we're like not
working for a company we probably won't
experience hacking like that um daytoday
and I guess we can't really do anything
about getting hacked from Shon that
would have to be something with the
government uh upgrading its skater
systems and upgrading from XP to Windows
uh 10 or 11 so do you have any tips for
how a person could not get Cyber
attacked on their phone or uh
laptop
yes just gonna show you this here's a
live cyber threat map shows you in real
time all the cyber attacks happening
right
now is Norway attacking the United
States a system in the United States so
it's not it's probably not a Norwegian
government person a system right there's
a system in Norway that'll uh went after
some sort of attack after some system in
the United States now the other thing
is see this is saying come from Georgia
the United States now of course we don't
know if they're using vpns or uh
something else like um The Onion Browser
do you know what the tour Onion Browser
is right so they could be using
something like that to be hiding their V
you know hiding their uh IP address of
origin this video is sponsored by
Express V
in you see how they're always in every
they're always advertising in everything
now Express VPN and I always say yeah
okay expressvpn will help you but if you
get somebody that really knows what
they're doing they'll get past your VPN
I don't know if that's me I've never
tried but there are people out there
that will easily find your IP address
behind a hidden uh expressvpn type
software you know
um okay now for what I was saying about
um how to help people not get um
attacked so I will disagree with you on
one thing you said that most people
might not get
hacked what I was saying is they they
won't get hacked on the scale of uh
government like they'll probably get
hacked they won't get hacked on the
scale of true but you know um do you got
a firewall running on your computer I
don't know I have Windows 11 up I I
download Windows 11 has an internal fire
wall so that that's
probably uh why you're good but um so
what happens though is um they do have
other firewall programs that you can get
and you can literally see um in real
time like this uh how you see these live
cyber threat maps you can literally see
this with people trying to get into your
IP address and it'll look just like this
it'll show a map or a list of countries
with the IP addresses and it'll say this
guy and this country tried to get into
your IP address and you would be
surprised how often that happens that
some random person out there or maybe
it's a botnet something like that that
is um just randomly probing I any IP
address they can just to steal data uh
which which IP the public IP or the
private IP oh they they'll do
both they'll go after public and private
IPS and they will present themselves
both as public and private
IPS because you know a lot of these
people that are initiating the tax are
like I said uh using you know something
like the Onion Browser or a VPN to uh
hide exactly where they
are you know so they might present as a
public IP address when really they're a
private IP address and they're just
trying to probe you for uh whatever
information that you can get so some
ways that I would say that the average
person can go about preventing getting
hacked of course antivirus antivirus
okay have an antivirus but I don't think
an antivirus is
enough what up do you have a favorite
antivirus um for free I like to let me
see show you
this um Can it just
[Music]
be
basic wi why can't we see
my I'm trying to get my desktop but you
what do you see in the background right
now you just see that the virtual box
right I'm trying to get my desktop on
the share screen but I don't see it for
some reason let me just click this and
see what
I it's the virtual box okay let me go
back to cyber okay if I do this do you
see anything no right it paused right it
says you
started
uh okay can you see nothing right oh
there we go I see the threat okay well I
don't for some reason my desktop was not
popping up but I'll show you some of the
programs that I like to use so for a
free um
antivirus ABG of course you get a
computer it's going to come with an
antivirus for x amount a long time so I
always recommend you use the the paid
antivirus that you get with your
computer system until it runs out and
then usually rather than um uh paying
them to get more you know get another
year of security I usually recommend
people use AVG it's free there is a paid
version but the free version is pretty
good yeah and you
can and let's see how another one of my
favorite things because I don't even
think antivirus is enough anymore
because a lot of
antiviruses don't check for malware so
this is one of my favorite programs to
check for malware called malware bites
and that's on phones and uh
laptops yeah yes it
is so that that's a great program that I
use all the time to check
um
let's see what else do I got on
here um okay the other things that I
like to do is I like to
um keep um uh you know like on your
extensions you're right your extensions
and your uh web browsers so I'm always
checking the settings um always deleting
my cookies constantly deleting my
cookies also if you can get on a website
and refuse the cookies and the website
still works more power to you A lot of
these websites nowadays at the bottom
when you run it will say uh accept all
cookies reject all cookies or have like
a little X so if you hit the little X or
reject all or some of them have a drop
down menu where you can just select the
session cookies that are necessary and
reject all
others but yeah so I recommend everybody
privacy and security clear your browsing
data
often uh bookmark the the places that
you want to
save um clear your cookies constantly
check out your security settings you
know um like look I didn't even know
this I'm standard protection I would
recommend going into enhanced protection
so that's something that I didn't wasn't
even aware that my setting was not there
that I just found out just by going into
this I do use multiple uh web browsers
um Chrome I use probably the most
Firefox second and I do like this uh
have you ever heard of the Brave browser
yeah uh it's like Chrome but crypto and
privacy stuff yes you can it it will pay
you crypto if you go into the settings
you know not a lot you're not getting
like Bitcoin or nothing but you're
getting one of the little coins that um
but you have to set it otherwise it'll
just donate it but um this is a brave
browser also what I like about the brave
browser it automatically upgrades your
um HTTP to
https and S as we know stands for secure
so that's a little more secure for that
so I like to use the brave browser
because it'll automatically do that and
also it's got stats when you open it up
it'll tell you how many um
fact yeah well like well like how many
uh I'm trying to look for it oh resume
share bra
Brower okay let's see if I can open up
the brave
browser some reason it's not letting me
but but what happens when you do open up
the brave browser it gives
you uh statistics so uh right now it's
saying I have 69 trackers and ads
blocked 3.2 megabytes of bandwidth saved
four seconds of time saved um you know
that's because I just did a reinstall on
this but before that those numbers were
much much higher thanks yeah so I I
definitely recommend people use
something like the brave browser um
especially if you're
not so computer savvy or uh into
security and all that because then it
it'll do a lot of this the little or
security functions for you the little
basic ones you know that will help keep
you protected also
recommend go on um yeah password manager
do you use
that so a lot of my friends do use a
password manager did you hear about that
password uh manager for uh company that
just got
hacked right so my friend that I'm
working with he was using that I forg
get the name off the top of my head do
you remember it um
I do not but famous what was
the let's see oh One login oh last pass
last pass yes last pass that is correct
so I'll show you what I personally use
and I got this idea from uh the
professor that I told you that shut down
his uh Kan and at his class with Kan
Andel he has one of these this is a
dedicated password book got little tabs
and I know they but you're not saving
anything on your computer you know so
you just have boom you have little tab
do to get lost or stolen um I keep it on
me at all
times that is a valid concern yes of
course it is if that did happen I would
I would uh have to shut everything down
now I know uh back in the day they used
to tell us never to write down passwords
but now um I almost feel like it's 5050
crap sh because like the last B just
got you know um there's another password
manager that I prefer over last
pass um bit Locker have you heard of bit
Locker I think so okay let me get you up
bit Locker
is here we go
so this one's a little better than last
past I haven't heard of this one yes
Microsoft it's built into
Windows yeah one time I forgot the pass
which it wiped
everything all see that's this is one of
the reasons that I I say I have it
written down so um I have a
specific you know like a backpack to
carry the laptop I don't use one of
those laptop cases that looks like a
suitcase because everybody knows that's
got a laptop in it so now you just made
yourself a Target you know so this is a
specific backpack made to carry a laptop
nice um got all kinds of cool stuff in
it um look at this it's even got a wire
a USB wire built inside
personally personally I use a me drag
bigger personally for passwords I
remember mine and uh keep them in the
Google password manager the Google
account have you heard of that
okay fine and for phones how would you
keep those
safe as weird as this sounds I use the
iPhone yeah I know it came in your email
right um and I always get made fun of
because you know like
everybody everybody like in the security
world is like on Android or something or
that what is it that Linux phone
oh there is a Linux yeah Linux one
that's nice
um believe Android was built off that
yeah I mean but Android does have great
security features like here I have a
Samsung s22 plus you have secure folder
and Samsung KNX and on some s Motorola
oh on that Lenovo phone but it's just
Motorola uh because Lenovo owns Motorola
it has uh a
of the security features and on some
motorer phones it has like a secure
folder like feature and it scramble your
pen so you can get in it so you know how
pins are 1 2 3 4 5 6 Seven 8 9 zero it
will move the digits around so people
who are filming you or looking at you
can't see what your uh the actual pin is
because it's scrambled around that is
awesome I love that idea and I believe
OnePlus has a mode where if you put in a
separate password it'll take you to a
separately different moniter there's
also guest mode on of the Android like
LG mola
OnePlus right I'm just looking at my
phone real quick to see if I got any
security stuff on here oh yeah really
tofa right I do have Brave browser on my
iPhone sorry about that
so the liit yeah uh getting back
to what was it Mobile Security yes uh
let's see all right now I can see you um
any updat uh so we were talking about
all the security features that we have
on Android so are there any security
features that you have on
iOS not much really um you know they
have malware bytes for iOS and it really
doesn't do anything and you have to pay
for it and I literally put it on some
one of my client phones once that uh um
he was very paranoid because he wasn't
aware that his uh he was thought he was
getting hacked because he wasn't aware
that his Apple devices were all sharing
the same files and photos and everything
so he thought someone was getting inside
there so he had me do like a full sweep
of everything and I I said okay let's
try this I've never did it and they just
wanted a subscription for it and it
literally did nothing so I was like okay
you don't need this on your phone man
this is um you know iPhone iPhones and
iOS have a reputation to not really get
hacked but they still
do you know yeah I mean you can always
get through them for beef have you heard
of that tool beef I don't know it's
called the beef xss and what happens is
you send a link to someone and it will
just hack their browser or take over
their browser uh and uh you can trick
them to open their camera you can open a
fishing page you can have the old Gmail
login pop up and if they type in the
credentials then you'll get
them so and the thing about iPhones is
since everything syncs via iCloud and
all your apps are synced by iCloud if
you get in there then you can hack and
tyon well that's exactly what I was
about to say is the big security concern
for that I have for the iPhones is the
iCloud and even like the Macs the Mac OS
because like you said when once you get
into iCloud you you can do all kinds of
stuff you know you can reset passwords
you can download all that context and
photos if they have email you can right
that oh they just did it to the
president's son not that long ago I
think beginning of the year or something
like that um they hacked his iCloud and
released a bunch of data off of
it um so get this I just looked because
once you said beef
xss I remembered kie has it built in
yeah it's on like the top and while you
look for that Mal bites um released a
new app today free in the App Store and
play store it's called World bites and
what it does is you'll have a picture
from the gallery or I'll take a picture
from whatever your surroundings is and
then it will use AI to analyze its
surroundings and tell you the security
risks of
it really so I just took a picture of
the uh of my microscope
it's like a digital microscope and world
is analyzing it to see what it's doing
so when it analyzes I'll put up the text
and it just says uh oh boy that machine
on the counter looks like it could cause
some serious trouble it's not just a
coffee maker it's a hacker's dream come
true better keep your password strong
and your antivirus up to date or you
might end up with more than just a
caffeine buzz and obviously this is a uh
April Fools Day
prank they they always do the the the
tech uh people love doing April's Fool
jokes
um happy uh Gmail anniversary I
[Music]
guess
um what were you saying right before
that um you were looking you were
looking for a beef xss and I was just I
found the beef uh it does work in h
Linux tools and a lot of it is pre
installed in there okay it's not there
by default but it's available to uh
download through the package manager so
that's why it hit a a Thing Once you
said xss in my head I was like well that
does sound familiar
now but yes um people have to be aware
that can get into your camera like you
know um a lot of people I know have
laptops with their camera actually cut
okay um professors and other students
that I went to the local Community
College at the um at the boot camp we
couldn't do that because we needed to
have because it was all all over Zoom we
needed to have access to our cameras but
a lot of people they would just open up
their laptop and cut the cord or at the
very least uh cover their camera up with
um piece of tape that they scribbled in
with a sharpie or something to
cover
you know
um so I have some more security
questions for you um about mobile and
then we'll get on um at at the end of
the uh I guess of the segment I guess 30
minutes from now we'll get into what we
talked about in the chat uh in last
week's
podcast okay um wait it's trying to save
last week's sorry the recording that I
just made of the old one so I'll save it
first um but as I'm waiting what do you
think of
Mak of like a
tiktock Tik Tock I find very interesting
controversy for many reasons because
obviously we have the connection to bite
dance which means that they have to
submit their data basically willingly to
the
CCP right so that's that's a problem
that's and you know then we have
government employees that have them on
government issued phones whereas um uh I
was just heard somebody on the radio
they were talking about this and
um they had
uh you know like a data management
system on their phone and it popped up
that in the middle of the night he says
he wasn't touching his phone his phone
was across the room charging and it
popped up with a notification that said
Tik Tok is using a lot of data in the
background and it wasn't even
open oh like uh phone
data uh yeah it was it was using phone
data uh so it was obviously doing
something and when he looked at the
charts it was like much higher than
everything else because the phone was
you know not being in use but this Tik
Tok uh app he had on his phone was using
data when he wasn't even using his phone
so he got scared and deleted Tik Tock
off thing and told the story but the
other thing that I have about Tik Tok
which a lot of people aren't talking
about is um so have you seen the Twitter
Files about how the government went and
interfered with like you know like uh
censorship with Twitter and Instagram
and all that so the pro the other thing
that I'm seeing on the other side of the
coin the US government does not have
control of tick Tok so that may be one
of the reasons that they want to ban it
in the first place
is because they don't have their own
internal people to do whatever they want
with it like they do with Twitter and
Instagram and
Facebook I'm guessing I'd rather have
the US government in Tik Tok than the
Chinese
government yeah I agree you don't know
what what the Chinese government's doing
but uh you know the Patriot Act that's
probably a little before your time right
but yeah it was I think it was 200
oneish like right after
911 um it was probably like 17 or 18
when that
happened um and my brother was actually
down there which was scary thank God he
was not in the building at the time um
but uh yeah
uh you know the Patriot Act gave a lot
of uh control to the government for uh
Gathering data
like um you know uh sort of like what
the CCP does
it's just um you know um so I'm I'm just
trying to be careful about that
obviously I know America better than CCP
and China but you know I always think
that that they always have some sort of
ulterior motive as well other than what
they're telling us on the surface I do
think the CCP and Tik Tok is a
problem and it's also downloaded by over
150 million Americans have active
accounts and the numbers probably
slightly lower about the amount of
actual people who have the accounts
because some people have two or three
accounts or maybe a business personal
account but that's about 45 or 40% of
donation which is kind of shocking that
is insane that that is extremely high
and that's actual accounts not apps on
phones because Samsung used to have them
pre-loaded on
phones wow I I wasn't aware of those
statistics but the those are amazing
actually um you know I don't know if
they're good Amazing by definitely
something to think about for sure
um you know
um yeah Tik Tok too they they have this
problem with like I've been seeing
psychological studies where they're
showing saying that people that consume
Tik Tock a lot their attention span gets
low because of this uh short form video
thing and now YouTube is doing shorts as
well to try to compete with Tik Tok and
um you know I think that competition is
a good thing but I've seen kids at
school use Tik Tok and it's like it kind
of just looks like a waste of time to me
just swiping up and
up I believe that's one of the reasons
that they even are promoting it so
heavily at least China is is because it
is wasting time of American kids and
Western European kids you know and um
they could be using that time for
something more productive and meanwhile
they're not and um have have you heard
this thing of in China that they limit
kids to how much Tik Tok they can
consume per day what's a Difference
Frozen educational apparently yeah they
they get educational videos some math
science hobbies and then we get uh just
degeneracy over here in in America on
Tik Tok and I 100% believe that the
algorithm is pushing that I think
Wednesday maybe last Wednesday Ali be
sty did a video on that uh well one of
the former analysts with the United
States government came on and talked
about
it oh that's awesome so I promised
people that I was going to give my
thoughts on Tik Tok so I just SP spend a
couple minutes here on it so um and
maybe I can get your ideas on here so on
Tik Tok uh the I think that it would be
a good idea to ban it I'm not talking
about the whatever restrict act which is
apparently a bad thing but I'm just
saying if we would have ban it it would
be good but there's a technological
issue where anyone can just like get a
VPN or if they're on Android use just
download it from the Galaxy store an APK
like just from off the internet and all
Tik Tok could just like create a website
and they can't really block that and the
issue of the people on here are making
millions and thousands of dollars who
aren just going to give up Tik Tok they
have people's businesses on here so I
guess it would have to be more of a
gradual phase out and not just out so
what do you
think I think that makes a lot of sense
um I think a lot of the time what
happens is when we do an outright ban we
don't think down the road what kind of
consequences that is going
to put into motion there know like it's
just not gonna shut down Tik Tok
if what would prevent if it if we like
started Banning American made apps like
Instagram and YouTube which I wouldn't
want to have banned well right that that
opens the door for what we call the
slippery slope slope once you set a pre
case precedent that will be used again
whether it's on your enemies or your
friends some will find a way to use it
and of course there's also the other
problem of uh what is it Tik toks people
saying oh well if you if you ban Tik Tok
it it's a a human rights or
constitutional right violation but
there's no uh there's no rights in the
Constitution that says you get access to
a Chinese spy app that's not a right but
that's could be an argument some people
say yeah yeah we did not have that in in
law school uh about constitutional
rights to access certain apps
um but I think I would be in favor of
banning Tik Tock WeChat uh I mean even
if not just for uh even if it's not
doing anything I mean we want to have
americanmade American built apps here in
the United States yeah then we should um
we've always been the the leader with
Silicon Valley and Tech
Innovation and uh I don't think we
should let China just uh come in and
sneak in and take that over although do
steal tons of intellectual property
that's one of the reasons why my field
of cyber security even
exists um because back in the day they
never used to call it cyber security it
would just be
networking so uh all my professors that
had been in this field for like you know
like 20 or something years they didn't
they never called it cyber secur it was
just uh like Cisco networking and you'd
be like okay well this IP address
doesn't belong here because they're
trying to hack something or do something
kick them off so it it developed into
the field of cyber security out of that
and um It's relatively new up until
about the 2014 Sony hack most companies
believed cyber security was what they
called a nuisance expense because they
were saying well we want to have to
spend money on it but we really don't
think anything's gonna happen and then
you see something major like that Sony
hack in 2014 where everything leaked and
everything came out and then there was a
other ones in a short period of time and
then all these companies started
realizing we can't afford to have all
our data reached and leaked onto the
internet because then we're losing money
in the form of intellectual property
yeah and that sorry on that uh uh Sony
hack I think Annie got leaked the uh
contracts of some of the actors got
leaked and I think Sony was spared
because uh the people who I think they
said the people who were planning on
watching Annie anyway went the type of
people to just go online and private
movies I'm not sure if that's true or
not but
yeah yeah and there was oh then there
was that movie that they stopped going
in theaters with uh Seth Rogan and it
when they went to North Korea they had
to pull that out of theaters because of
the Sony hack so they they lost money on
that um speaking of Annie um in that
movie they use Windows phones being
everything on there is like Windows it's
kind of funny so pivoting there what do
you think about AI chat gp.com Google
bard the new Bing uh what do you think
that has to do with cyber security um
some people are already using chat GPT
to uh learn or hack things yes um so one
of the things I did when chat GPT first
came out I heard that they could do
programming so I literally just open
chat GPT and I said write me a Python
program that can um distinguish Twitter
users by I forget the parameter I put
but by something and it literally wrote
a Python program for me in about 10 or
20 seconds that could do this and I was
like if I was trying to do this on
python myself this would have taken me
days because I'm not I I have taken
python a few times um I wouldn't say I'm
expert by any means um I'm like
proficient I wouldn't even say I'm
fluent in it you know I'm just
proficient you know but
uh um chat gbt uh is interesting um
brings up a lot of different questions
um you can use it for security reasons
but you can also use it for hacking
reasons right so like I just said write
me a Python program that distinguishes
Twitter users by uh by say uh number of
followers or something and so that will
do it it's a runnable program it'll give
you the data back now what if I said
okay write a Python program that can um
you know
uh IP addresses in this range or
something like that I thinkt has blocks
in place but you can get around him by
saying oh well I'm I'm writing a book so
I need a program for this and then
they'll write you to program for the
book and then they'll tell you not to
actually use the program and they did
have jailbreaks have you heard of the do
anything now jailbreak yes so yeah I
thought that was very interesting
because it literally tricks the AI into
thinking it will shut itself down and no
longer exist if it runs out of points so
it gives it x amount of points I think
it's something like 34 points right and
every time uh do anything now Dan uh
answer something that's incorrect and
you point it out it loses four points
off its life
so you know once that number goes down
and start being like well I better start
answering correctly more otherwise I'm
no longer going to
exist you know so it's kind of funny
like that um I don't think it's to the
point yet of like sket from Terminator
and um I know there's a lot of moral
questions about it and what it could be
but I don't think it's there yet it's
been built by humans um as humans are
flawed we know we were all built flawed
uh we build computers in our image that
are flawed you know um so chat gbt by
nature and being in all these AIS
they're gonna be
flawed they're pretty new have you tried
in the ofu AIS or just chat gbt I have
only tried chat gbt with the jailbreaks
so far but um I've heard about being and
um what's the other one you said uh
u.com I've heard of that but I've never
even looked into
you.com uh and uh Google
[Music]
B u.com
is the best but it only lets me ask
three questions until it says it has
high overload but if it didn't do that
it' be the the best
one and that do that with everybody I
think so it's not like a paid thing just
experience just overload or something
like that okay check that out
and as we as we talking about hacking do
do you um what do you think about the
difference between I saw like on some pH
somewhere where people were saying that
hacking was good and that cracking is
different like hacking and crackers or
something like that do you have an OP
cracking no but I guess it's saying that
hacking is a good thing it's just like
playing around with computers and seeing
what they can do that's different I
guess like uh dual booting stuff or
whatever and cracking doing stuff
illegally okay yeah so um
what they taught us was when I was in
school is uh they call us white hat
hackers and the bad guys are the black
hat hackers yeah and then in between
they have something called a gray hat
hacker which is sort of in between he's
not malicious he's not going to do
anything malicious but he's not there to
do anything good you know he may be just
like playing around but he's not gonna
do you like go for a full Haw or
something like that or they do something
vigilante vigilante
ISM there there there are vigilante
hackers out there there's whole groups
of them um with all kinds of crazy names
and they do all kinds of stuff um from
hacking uh celebrity phones and um U
breaking into corporate corporations to
reveal Secrets or Communications all
kinds of crazy stuff they do um what
what was the specific question I'm went
on a t oh I was like there's a
difference between hacking and cracking
okay right so right so like we're saying
the difference between the different
hackers um so hacking
um for good would be called what we call
penetration testing there's a whole
field of uh cyber security people that
just do penetration testing and their
job is to take a normal system as it is
whether or not it's running security and
you're GNA probe that system to see how
you can get in but you don't actually
hack it because that's IL legal you well
it but you don't take anything you are
hacking it but you are hacking it with
explicit
permission that is the difference you
have to obtain explicit permission so
like one of my professors he gets hired
by Banks and what they want him to do is
uh go into the online banking apps and
uh and the ATMs and see if he can trick
them so he was able to like change
accounts with money in them you know
transfer money into a dummy account he
set up from other accounts stuff like
that but they were aware of this and you
know the bank hired him and they set him
up with dummy money in those accounts to
try to play with it was just you know X
number that didn't really exist but you
know it was there to look like it it was
in the system and uh they people get
paid to do this all the time um I
believe there's a a bug Bounty too right
now um you can go on right on the
internet and you go looking for bugs and
websites and programs and they will pay
you if you can find them or or get into
their system uh one of the interesting
case that I saw was out of Las Vegas a
few years ago um you're familiar with
the internet of things right yes right
so right so everything's hooked up to
the internet now right
and light bulbs things like that in this
case it was an aquarium fish
tank to feed the
fish right to feed the fish and adjust
the temperature for the fish so a
hacking group was able to bust into this
aquarium that was on the internet of
things and do what they called a lateral
move because they didn't segment this
network for the fish tank yeah so he was
able to get into the main network from
the fish tank exactly exactly um do you
know who Vince da
is not off the top of my head okay so
he's like this YouTuber he talks about
politics religion uh I retweet his stuff
on Twitter from his shows how' he spell
his last name d o d o vix Vince v i n c
oh Vince yeah okay Vince yeah he went
like viral for going on Vice and being
the one conservative there anyway I was
watching a show and he was like going on
a rant about why does my printer need a
firmware update and all this and I was
trying to tell him well someone could do
a pivot hack like they did on the uh
aquarium and hack into his laptop in the
Stream or whatever it's on his actual
Network so pivot hacks or vulnerable
I've done some printer hacking was
limited success with getting it to print
out
something okay um so when when I first
started I didn't know much about hacking
I was just a basic computer guy you know
um it was a hobby for me I was doing
anything serious with it but
um you know uh so as I as I started
learning more I got to learn more about
hacking and stuff like that hiding
images and files
oh yeah snog graphy and cryptography
they had to teach us a little bit about
as well those are all interesting um but
you know they're not used as much in
reality of the hacking you know yeah um
but it's very interesting feels
um let's see did you learn did you learn
any
oet open source intelligence
SC yeah yeah Cali Linux has a whole
section of
uh let's see it lets me bring up my
box um do you have any tips on that I've
been trying to get into that a little
bit yeah um the screen sharing is off
again oh sorry it's a new stream yeah
it's problem I was going to just show
you these uh what Cali has loaded into
um where uh
these
tools okay
so okay they literally have just
information gathering right here
uh it just helps you sa and you see
right
there intelligence analysis so that's a
big thing uh open source intelligence um
from what but I understand they taught
us uh most hackers start with open
source intelligence because they're just
not going to go hack you out of the blue
I guess some people do just for
challenges but most of the time what
they do is they're going to start with
an open source intelligence analysis so
they're GNA get a overview of um the
target say it's a company so then you'll
see okay which people in this company
and remember all these companies have
websites right and they all have like
email and phone numers people yeah with
some simple Google DS you can find PDFs
uh phone numbers contact information
stuff that probably shouldn't be up
there I mean someone could is useful a
career off of uh a legal career just by
doing ense finding stuff on there
emailing someone just pin testing not
even having to use a what a command in
the terminal yeah um so literally there
there's a whole uh group of hackers out
there what they do is they will find the
vulnerability but not access it
themselves and what they do is they sell
how to access it to someone else so
they'll say look I can get into this
company I have the credentials I know
what to do but I'm not gonna do it I'm
give me 50 Grand and it's yours and in
some cases you can even find passwords
and account data and Excel files online
with just totally on the CLE clear net
not on the dark web so it's totally
legal right so a lot of these open
source intelligence uh Gathering um
information uh sessions what they'll do
they'll look at these companies and look
for see who would have higher up
credentials so we wouldn't want like you
know the lowest of the employees on the
lowest run because they're not going to
have access to Administration admin
rative privileges in the system so you
want to go for people that would have
administrative access but maybe would
still not have the technical
knowledge um to notice that they are
being um probed you know and they go for
credentials for people like that to get
into the systems try to get their
usernames they'll try to send them
fishing emails uh trick them into
downloading an app that will give them
you know a desktop control
in the background or something like
that um have you been in sorry um have
you been in the cell phone tracing I've
always been interested in that s section
sector or is that not
thing uh not so much they had
us we had to take a class on how like
radio towers and cell phone towers
worked and stuff like
that radio frequencies and how to
increase antennas uh like the wavelength
of antennas and stuff like that but they
didn't teach us anything
specific towards
that that would be interesting yeah it
looks like we have i' love to do that
yeah a few minutes left so I guess what
are your favorite programs and then
we'll talk about uh one
lasting okay um so obviously I gotta go
with C Linux is one of the top program I
use yeah but programs in there like w
inmap MGA okay yeah okay right I'll show
you what what you
got um where what happened to
it resume share there we go okay so I'll
show
you so end map what I showed you before
that's good for just scanning and see um
if websites or um IP addresses have any
open ports we can get into so usually a
lot of time people start with that after
they do the initial um open source
intelligence if you a phone version
there's one called thinging so that's a
good one for securing the network yeah
you can if you're connected to Wi-Fi you
can see the devices on there what for
and you can secure your network if you
pay I think you can get more access so
does that uh anything
so here's a here's a good one that we
like to use a lot WP PS WP scan
WordPress scan so you know there's a lot
of right a lot of stuff's on WordPress
yeah so this is a good scan tool
thankfully thankfully I my main
website's not on woodfast it's on
blogspot and that's practically
unhackable I mean it's secure from xss
in jaon I mean all you have if you
wanted to get in you'd have to hack the
Gmail
account okay and then look these are
some of the password attacks um I was
pretty good password oh yes yes uh it
went away I killed it by accident but
yeah I'm a pretty good password uh
cracker as long it's not super uh
complicated I can get a lot of the uh
little ones so like we were saying we
did the national cyber League they have
a specific um section for password
cracking and uh my team assigned me to
do that and we had five different um uh
varying password uh section of varying
difficulty and I got four out of five
sections completely right so what we
used we used crunch uh like that we used
hashcat John the Ripper um that's a good
password cracker as well the thing the
thing about passwords now is with uh
smaku you have https and all that and
you also have uh on Android you can now
have longer than 16 digit passwords
that's nice so for crunch if you want to
generate say between four 4 and 16
that's going to take i t you do like8 34
32 and save to word that's going to take
pedy take forever yeah um but yeah with
the little basic passwords I was able to
crack uh using hashcat and crunch um
about 20 minutes I was able to crack all
the passwords on on that given
assignment um there's op crack use that
before Oh and word list you know how do
you about word list for passwords it's
just a you a quench generates and then
just goes saves oh and also the the
stuff you can download from off the
internet
of right so so the the passwords that
have already been broken they have uh
what they call word list or or maybe a
rainbow table they'll refer to it as and
um so what you do is you run something
like hashcat or John the Ripper or op
crack or n crack against one of these
word lists and what it does it starts
going through um you know the algorithm
for the uh for the hash protection and
um it will uh it'll form the hash back
into words you know it's sort of just
like reverse engineering it and of
course you can always do this in the
cloud and last but not least uh in the
chat uh last week of the podcast you
were saying that we need to have more
Christians in Tech you were saying that
I yeah so
uh what do you think about that and how
do you think I
could make it bigger um bigot than
this well I think we're starting from a
negative place already because the tech
the whole Tech field is you know they're
all occupied mostly by people that have
different uh Persuasions than we do you
know so um that's hard but you know I
always see stuff like women in Tech or
you know some uh race Asian Island
pacifiers in Tech you know and they make
their own groups so you know um you know
I know you're a Christian I'm a Catholic
so I was thinking you know maybe we
could get something going with that you
know and uh form our own group to you
know at least have our presence known
that we we exist when we're here yeah
you know and that uh wearing Tech and
we're not going anywhere you know you
can't force us out yeah and one of the
things that I did uh to like start that
would be report Dr tech.org it's just a
subdomain on my website and it goes
through the everhood of like the birs
Android authority Giza those
websites send me it right I saw it uh
right I think you sent me it uh in the
email right yeah yeah yeah um it it's
just a report on all the things that
they're promoting there that are sinful
and not biblical so and there's a lot in
Tech um the E the super easy access to
pornography and negative content uh you
got the uhu what do you call it like the
Silk Road uh exchange types where you
can buy just terrible things like drugs
and hookers and weapons and um what do
you call that again uh the dark web
right yeah yeah yeah that's all in the
dark web and so there's a lot of
Temptation the amount of child point on
the here is ridiculous man and that's
terrible that's really terrible um you
know and um just um there I I was just
thinking there should be a way to fight
against it in the opposite direction and
promote you know um goodness and in
Jesus Christ exactly and that's why I
started here there's the uh era page
which links to a Salvation message and
then the what's it called cancel The
Verge petition which will be linked in
the description of this video uh
below um and as this podcast has about
three minutes left do you have anything
else You' like to tell anyone about
cyber security and a favorite program or
iOS or Bible verse or
whatever okay um well I'd recommend
anybody that's interested in cyber
security to look up into it okay a good
paying career um it's in Tech um you
know um and not as much competition um
and from what I understand we don't lose
our jobs as much as other Tech Fields
because we're more in
demand makes sense right and when we do
the people that do lose their jobs they
usually get hired very quickly on a
rebound in another form of firm I guess
technically uh the the people are afraid
that if they fire you you'll hack them I
guess I don't know true but you know
that I would if I was the guy coming to
replace it or I was the guy left there
I'd be like well the number one suspect
is the guy we just fired you
know yeah because they they know
everything right so when that does
happen um you know they they've actually
taught us that you have to go and
eliminate that person's credentials
extremely quickly yeah so they're out of
the system and makees sure they don't
have a logic bomb on do we'll just
blow up the network if you get fir or
something I would just I would basically
shut off their network access right away
take away the I would tell any of the
bosses if you're gonna fire anybody let
me know before you fire them because
turn off their Tech access their
anything that they wrote for you like
heard about this guy who had a Excel
spreadsheet and the company was using it
for
calculations and he programmed it so
that it would break every couple years
so that he would have to come in and fix
it for them and they'd have to pay
them yeah so companies out there make
sure you check your programs uh and your
tech make sure you turn off your
credentials and guys up update from
Windows 7 it's it's like almost older
than me I think it is so
update too get
rid yeah stay safe and secure everybody
delete your cookies often delete your
privacy history yeah you know all that
good stuff from the
internet if you're on Android don't
accept random downloads from random
people app downloads but Android's
pretty secure use your secure features
folder uh if you have Biometrics and you
want to use them use them if not just
have a longish pin or password and uh
Tech talk to you later and God bless I
agree God bless everybody thank you for
having me you're
welcome um this will go live in about
30ish minutes uh to edit the segment
together cool I'll check it out right
bye