What Does a Former Black Hat Hacker Carry Everyday?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Bryce case Jr in the flesh so doing a quick warmup before we do our episode and we're going to go over some of the stuff in there but dude hackers hackers I love so we do an EDC pocket dump I don't know every other show or something but we had Ryan Montgomery here and that dude had just a whole different type of everyday carry and it's just fascinating what you guys got so if you don't mind I'd love to see some of the stuff you carry is a every day is a hacker uh well I have the The Flipper without the attachment that I think Ryan uh showcased on this show obviously this device has a ton of different Wireless functionality but it's uh and infrared it's mainly a a toy though I think a lot of it is geared that way as well uh you can extend it and make it a little bit more robust I suppose but for the most part it's uh it's just for funsies um a lot of the the stock firmware and stuff that's available for it is a little bit dumbed down but hackers have gone ahead and rejiggered the firmware and uh sort of extended a lot of the capabilities of this device out of the box and there's a ton of things even Ryan contributed to uh for his Lamborghini for instance I think his Remote open I think he contributed to the repository but uh yeah there's a obviously a wealth of fun you can have with that uh the more uh adult version of The Flipper is this the procs mark what do you mean adult version well this is the one that I think a lot of more serious penetration testers probably employ when they're doing any kind of nearfield communication uh modific anything like with 125 khz or 1356 uh smart card type or uh nearfield communication type stuff so you know Hotel Keys apartment fobs uh this will you know scan passports uh your that'll scan passports yeah should I demo that actually that's probably something we should we could do we'll do it on the show okay um we could prob blur out all my information um but uh yeah I might have to I'm going have to set that up uh the uh also another thing that's in every toolkit is the uh hack RF with the this has a porta pack on it um I should I that's I'm saying I should probably like power these up at least you can kind of see what's going on it's all good we'll power them up during the episode what does that do so this is a software defined radio uh what that means is you can basically these have bands that they operate on you know pretty much the electromagnetic spectrum the whole the whole wave but I mean anything from fmm Radio to you know your 900 MHz public band 2.4 GHz uh stuff that Wireless Communications runs off Bluetooth uh but this allows you to analyze receive and transmit uh I think that Ryan had showed uh the adsb like airport or airplane Communications uh showed you know call signs and and uh distance and stuff but again this is just if you think about just like a radio would accept that pretty much all Wireless communication is is radio so so anything that's a wireless communication which is pretty much everything today you can intercept it with that thing correct so you have uh like p25 is a coded trunk radio that like the police use that's encoded and so if you have the uh the key Keys you know if you're able to dump the keys off of like let's an Astros saber or something that you know what the police using or you know what we probably use in the military uh that you could use those keys to decrypt traffic that's on that network uh so again pretty much for everything so police scanner but um futuristic uh I guess this is a oblisk one phone um it's actually employed they have a contract with NSA and it's an Android phone but it's completely hardened uh meaning that the internals and everything have been modified to where hackers where nation state hackers and stuff have a lot harder time you know getting into these things so I don't know if you've heard of the Pegasus spyware um so there's a group called NSO group they're an Israeli Security Group and they develop uh malware for iPhones and Androids that uh allows people to spy on them and so the Jamal kogi the um the reporter who got who got killed um that was a pegasus op uh they target usually you know journalists diplomats politicians uh and what it is is it gains persistence on your phone and you basically have somebody that can read all your conversations and kind of do anything with your phone so these phones are designed specifically to try to make them as anti-hack as humanly possible uh how do I get one of these my buddy uh he makes them they're it's called obsidian intelligence group uh um but uh yeah they're based off of the OnePlus uh phone but they run an entire uh Suite of kind of hacker software there's a software defined radio attachment that can go on this phone uh so you can kind of do the same a little bit Junior version but the the same type of thing you can do with the device like this uh it also runs a full Suite of like penetration testing and network testing yeah the penetration testing and network testing software uh so you could basically have a your your phone you know be a complete hack station the same way that your your PC would be this is your buddy that makes these yeah yeah he's a he's a character he's uh he's probably about to s about 100,000 of these phones after this goes out they're a little pricey but uh yeah I said it's it's worth it I use it internationally because one of the advantages to it is the the back hul is all like no matter what cell tower you're on it's all encrypted traffic and it goes uh basically it works anywhere in the world and so when I'm traveling internationally I usually use it for a hot spot and I can tunnel all my traffic through it and it's just as good as a VPN but it also has a static IP address so um that means that it the IP address never changes so I it's predictable and deterministic so I know if I I can connect to this machine like if I open it up and and uh you know so if I want to Ingress any traffic to the device then I know exactly like where it's going to be and and stuff but uh yeah again I said just internationally it's been a godsend just cuz you know you're not having to switch out Sims and everything like that all the time what is what does that cost I think 3500 is the list price for the um but uh there's a new operating system that he just released um that uh I'm trying to think of all the features that it has again I I know that it's in use by I think they're using it in Ukraine right now for uh uh SDR cap software defined radio captures uh but yeah his Client List is pretty eclectic but I said people like myself that aren't really you know we don't I guess I have a threat profile but you know it's usually people again that are in danger of you know I said journalist would be a good one or there you Goan Ryan uh yeah yeah there you go you're the target audience I'm assuming um this here uh this is a an oem uh Apple charging cable that uh you know you get with your iPhone uh and then this is a cable that my buddy manufacturers called the OMG cable his name is mikee Grover but uh they look identical uh so you can inspect them you know pretty much scrutinize them as much as humanly possible and you wouldn't be able to tell the difference between these two but functionally this charges uh devices but you know in the tip here is basically a fully-fledged computer with wireless capability that you can use if you just gave this to somebody and said can I charge my phone or charge my um airpods or whatever then using this device you can plug it into the side of a computer and it would basically it acts as a a keyboard a human interface device and you can manipulate this to download payloads to the machine that this is plugged into you can just basically control anything it's just like being sitting at the computer but you can do it remotely from your phone and it has a ton of other neat features too like Geo fencing to where it'll only activate itself if it's within range of certain networks uh so it's a good covert manipulation tool use it in red team operations uh which is they're more like physical pen tests like when you walk into a data center or a business say a bank and uh you know the groups will it comes from the military actually the red team blue team stuff but the uh red teaming is the act of uh usually you're employed by the company sort of like the movie sneakers to go in there and test the vulnerabilities of the yeah of the uh System Red Cell operations Red Cell oper yeah so that cable you plug that in you plug that into a phone and charge it or a laptop or whatever you put that into and you basically have full access to the entire everything and can control it it's exactly as if you were sitting at the machine itself should I demo it on the computer here or let's demo it let's demo it on the show on the show yeah I had to mark it with this little yellow thing or the orange thing so I knew that uh this is this is the bad one the evil cable yeah I I took a look at those and they dude you cannot there's no difference it's I mean there is a difference but you can't tell it visually well the and that's uh the NSA developed these cables quite a few years ago but it was in I believe it was snowden's leaks that that that's where this came to light uh but these cables ran the taxpayers $20,000 a piece uh but that's under $200 the cables there's different uh devices that he manufactures have you ever seen the big hit do you remember that movie no oh there was this this whole sequence in there where they talk about the trace Buster and the trace Buster Buster and the trace Buster Buster but um that every you know the kind of Newton's Laws of things every action required an equal and opposite reaction the uh that they also manufacture these devices which detect their malicious cable detectors so should you run up on you know you you serve the problem and then you also serve the Cure in a sense and so these devices here will basically detect if one of these is plugged into your system and so you sort of it's kind of a condom you can run it through and then make sure that uh yeah that whatever plug you're plugging in isn't isn't bad so so for the ultra paranoid Among Us uh safe penetration only right exactly safe computer sex always uh but yeah does that does that cover it that can do it that's the daily carry that is what do you use the most probably The Flipper just uh the utilitarian part of it most of these things are just specific you know obviously if I'm on a an engage M you know physical engagement then you know the cables are something that I would be using uh but and to do wireless site surveys and stuff I would use the the hack RF um but yeah the The Flipper just because it has the IR the neari communication The Smart Card the um you know just and it's cute I think is the only reason I I probably carry this a lot around in my pocket a lot more what is that thing actually made for the The Flipper I mean it is a it's a wireless penetration testing tool and it was marketed initially to the computer security Community uh it was a kickstarted project I'm pretty sure and um I said I had like one of the first runs of it but uh yeah it's it's designed and it's gamified it's cute that you know there's a picture of a dolphin that's always talking it's kind of like a tamagachi those little toys yeah so it's just very it's a fun kind kind of tool to does all these uh just an all-in-one kind of tool but they you know just like once you sort of spread out in utility you know kind of go wide and not deep that's part of the the issue with it is that for the the heavy more heavy lifting um you know obviously you want kind of more of a specialized tool for whatever the job is can you buy all this stuff just on the open market all of this stuff is off the shelf I think the phone that there is a little bit of uh vetting that uh Brian likes to do to make sure that it's uh that you know you're because depending on who's getting a hold of it like if they try to reverse engineer it or whatever it increases the tax service but I everything else I think is pretty much yeah just you can get it off the shelf if you know where to look man there's two there's two interviews I just that I want to do now just off your ADC pocket dump one's the guy that invented that phone and the other guys the other one is the guy that invented that cable the guy that invented the phone he's he's in Bali right now and I don't know if he's going to come back to the US I don't blame him I'm sure he's having a real good time over there the guy that made the cable is uh he actually uh he was actually a member of my Forum as well um the same one that Ryan was a part of and he was in Information Technology had no desire to get into computer security and then uh just after kind of interacting with everybody on on my board then he started to really get into hacking and stuff and now he's made this insane name for himself uh you know in the information security Community developing those but it's crazy cuz he he started out and he was basically fixing printers and all that that type of work and then he just got infatuated with this and now he's making just killer killer stuff good for him man super proud of he's got more more products oh yeah yeah he's they're all kind of in the same van he he manufactures the um the the detector he has ones that are more this actually The Flipper does this too where if you plug the flipper into a computer you can also send keyword payload keyboard payloads the same way as you can with this but this it's the inconspicuous kind of nature of these cables that makes it a lot more yeah uh attractive U but yeah he also makes implants that do similar things um but yeah it's this is pretty much the series that he's known for have you have you have you guys done penetration testing on that phone on this one on the phone itself yeah yeah yeah like it's there's a lot of basically how it's locked down just from a from a network level there's obviously when you are an administrator the human element of all hacking is the stupid part that's the weakest link in the chain and so there are obviously things that you could do to screw up the phone you know you could you could run malware as an administrator and then basically screw it up but there's segmented execution so there's a user land and then kind of an administrator land uh in the in the phone itself and so it's it's segmented one shall not meet the other type thing uh but yeah that the the phone itself said there obviously the operator error is going to be the largest kind I guess barrier to to security uh but just as it's uh hardened because that said the network is it's completely locked down like just to say typical firewall type stuff application Level uh like uh like execution permissions and stuff so it makes it a little bit said it's it's not impossible nothing's impossible to have but yeah it's just it's just very very hardened more so than you would get with like an off-the-shelf Android or iPhone what would be harder to hack just off the shelf an Android an Android or an iPhone personally I find that iPhones because Apple tends to have a the supply chain figured out end to end where they make the software specifically iOS runs on Apple hardware and so there's a lot more uh customization I Apple's just really good about that kind of and and controlling things and you know back in the day with Windows and uh Mac OS it was the same type of thing that Windows needs to run on a variety of different Hardware because manufacturers are putting in you know different chipsets some of them are all very similar there are some there are some similarity between the uh the types of components that computers using but with Android you have so many different manufacturers that are you know Samsung Huawei LG you know all these different manufacturers sometimes aren't using the same internals and so the operating system has to work with all those types of things and you know you'll find now there's operating systems that live inside of the chips themselves like for instance the the wireless radio that configures Bluetooth and 80211 Wi-Fi and all that is it has like a mini operating system and firmware of all of its own and so sometimes those components even in them wind up having vulnerabilities and so you might be able to attack the wireless chip and then if you can get you can Bridge it over to the CPU somehow then you know you're able to take control of the of the device itself uh Pegasus um the Mau that I was talking about earlier they uh they specialize in finding bugs in apple there was one that they surfaced in the latest release of Apple not the the newest one they patched against it but there's always these kind of sandbox escapes that are going to exist cuz software runs in a system context some of it does and so the biggest uh the biggest threat is what's called zero click exploits which is where you don't have to do anything like somebody I can just send an image to your phone and then when your phone tries to process that image render it somehow then it will basically exploit the the the phone itself um so with no interaction so all i' have to know is your phone number and then I can send you this message uh so that's where the danger kind of comes in these zero click exploit and stuff but generally Apple's really really good about patching those when they find them in the wild uh but meanwhile Android has all sorts of different versions and uh you know you different hardware and so it's a little bit harder to maintain the ecosystem just your tax servic is larger makes sense so you used to be a black hat hacker uh well yes uh yeah yeah I mean that's probably the best way to put gray hat is more of the I said about Pro term I think that there's a there's a spectrum of a gray scale Spectrum uh what shade of gray are you dark gray I I was I was pretty dark gray for a while uh but there's just these uh there's these honor among Thieves these principles I believe that everyone in my group pretty much adhered to and again they don't mess with children you don't mess with old people and also like the more there was strong no snitching policy kind of like the mafia and uh I think I was explaining this at at dinner but that there is also this component called swatting um which uh is something that we never did uh but yeah that you man's got to have a code I guess is the is the big thing and so there are certain actions obviously that I wasn't really keen on taking um and the way that hacking is evolved now it's a little bit different it's higher Stakes there's a lot more kind of human element impact that is really you can really mess people's lives up if uh if you're not careful and so that's like I I wasn't into credit card fraud uh you know again that's one of those great areas you know people you could make the assertion that credit card companies have insurance and they'll you know you can charge it off or whatever but it's still the hassle I mean if you I don't know if you've ever had to argue with your credit card company about identity theft but yeah it takes time out of your day and time is valuable and that's time you could be living so uh yeah I I would say just the older you get my friend Doo has this saying uh kind of appropriated from The Dark Knight but you either die a black hat or you live long enough to become an absec engineer and largely a lot of us that were really really on kind of that side of the law have all matured and now we just have a lot of fun keeping kids like ourselves out of the out of the systems and you know they'll surprise and impress us every once in a while but it's just the Natural Evolution of things I believe yeah that's cool man well reason I was asking was you have to have some enemies out there if you were uh dabbling towards the black hat side so what do you do you carry anything to protect protect yourself on a daily basis uh I I used to carry a gun like just uh for whatever uh but not so much like I I also I have there's crazy people in everybody's life I think and I haven't really had I mean I weird stalkers there's been all maners of things and the hold on what what kind of C did you carry uh XDM 40 right on yeah why did you start carrying that ah well I had an identity crisis as a teenager where I was a little bit of a gangster too and just uh was this for offense or defense uh the back then it was probably more a little bit of both but yeah now it was more yeah defensive I don't think that I'm very proun I'm very uh I think that you know I think an armed populace is a is a smart populace you know I'm that you know you're I think that the it's the there's a reality of the world and then there's this utopian kind of fantasy that we live in and stuff and you know it's the same thing with computers like there's guys that apply this knowledge for you know good uh there's people that you know eventually grow up and kind of do these things but it's the same thing out there like you know you for every 10,000 good people you know you have that one bad egg that does a mass shooting or something like that it's like yeah I don't I just don't want to get caught slipping in most cases cuz you know you never know and I probably get that from my father he's you know life member NRA he's I said I grew up kind of shooting Firearms learning how to respect them and you know cleaning guns every time you shoot you know field stripping everything we have you know just kind of like Legos just going over that it was good bonding experience but well uh I got a buddy over at Sig and he wanted me to he got super excited exed that you were coming on the show and uh he's into this he's into the hacking stuff too his name's Jason he wanted me to show you this uhhuh I think he's got something very similar to send you there's a business card in there don't show it on the camera but no way yeah man so go ahead hold it up so that's the newest Sig p365 uh-huh it's got an optic on it oops on having problems all good man there we go there you go I cleared and saved it already but um yeah so that's the updated version that's like the I mean in my opinion that's the that is the best carry gun on the market now what's so nuts is I think my buddy just bought one of these did he really yeah we shot it in Florida I was just down there like that is so crazy so they design the gun the weapon around the magazine so I think it holds 17 rounds Plus plus 11 18 rounds us more than I mean that's a sub compact a compact will hold 15 yep you know and so they've really innovated the sub compact Market that's sick and then they got an optic up there there's actually an updated optic that they just came out with now so when you get in touch with Jason make sure you let them know you want that updated optic should I uh pocket this the business card then I would if I was you okay done done that is so awesome but but yeah that's that's my ADC yeah yeah perfect a little bit more boring than yours but not at all real ultimate power well let's get on with the episode you ready let's do it hey everybody I'm Shawn Ryan click here to subscribe to the Shawn Ryan Show YouTube channel for the hottest and most compelling interviews that you will not see anywhere else I've also made a playlist of all the previous s RS episodes so they're easy to find you can find that right here

Info

Channel: Shawn Ryan Show

Views: 389,169

Rating: undefined out of 5

Keywords: vigilance elite, shawn ryan, shawn ryan show, the shawn ryan show, shawn ryan podcast, podcast, srs, hacker, hackers, hacking, hacks, everyday carry, edc, navy seal, flipper tool, hacking tools, hacker tools, cyber security, cybersecurity, did you know, sig sauer, story telling, story time, talk show, tips, tips and tricks, learning

Id: 7MIoFxwawc0

Channel Id: undefined

Length: 27min 4sec (1624 seconds)

Published: Fri Nov 24 2023