Just wait until you get to that season where he is talking to Daryl from the office the whole time. They lost me on that one. Did not make sense.
Yes, but in reality you need way more preparation, figure out what software they use, which weak points it might have and how to take advantage of it.
Yep through data center bonfires all things are possible
Very plausible in theory, but also dramatized.
TLDR; kali linux - 1337 h4x0r
IIRC a lot of them involved hacking the user to get to the system which seems legit.
i'm sure you've seen this by now
But not many modern (work) pc should let you execute code off a usb or cd-rom (!) drive.
Get the user on their personal compy though, then find something to blackmail more info out of them. I think they do that too.
maybe-spoiler
Crucially he was still able to be some sort of admin on some of the main hacks - this is also plausible.
Did they do like a Reichstag fire to get him elevated emergency powers, and appear like a hero to the target?
This was a long time ago for me.
One of the show’s tech consultants addressed that in this interview:
What are some of the challenges faced in presenting hacking and cybersecurity in both a realistic and an entertaining manner?
I think the biggest challenge is time. We are only given seconds to demonstrate a hack that could take hours. While we are accurate about the details of the hack, we must fudge the time element.
Yeah, when the show came out it was very well regarded as being pretty accurate.
Obviously it’s a TV show, but most of the hacks were real or based on real hacks and techniques. From what I recall most of the hacks were social engineering (dropping the USB drives trying to get someone to plug them in, using physical access to install a raspberry-pi on the network, etc.).
Realistically, I think that raspberry-pi would be found pretty quickly today. And those USB sticks would probably now trigger a visit from IT (everything you do on your corporate computer is logged. If you plug in a USB stick your admins can/will know about it, I had a friend who’s employer threatened to sue them because they downloaded personal documents off their computer using a USB, and the employer threatened to sue them over stealing trade secrets, which sounds dumb, but it was basically blackmail to try and stop him from getting another job).
I remember being pleasantly surprised with it being appropriately “entertainment accurate”. Normie’s watching it see all the stuff and think hackerman. But for people who know anything about tech, it was good enough that you weren’t sitting there in agony knowing “that’s not how that works!”.
I think they were just trying to fire your friend without paying UI, which is standard practice in the US. You can be fired at any time without cause, but then the employer is on the hook to pay your unemployment. As long as they can find some “cause”, then you’re fired and ineligible for unemployment benefits.
As long as they can find some “cause”, then you’re fired and ineligible for unemployment benefits.
This is a common misconception, and everyone should apply for unemployment if they lose their job for any reason, including if they quit because they felt pressured to leave (constructive dismissal).
They need an actual good cause, like actual damages to the company or something, and they need to be willing and able to back up their claim that you are ineligible, or the unemployment offices will side with you and award it anyway. They generally favor employees over employers in decisions, because they know the bullshit companies do to not pay out.
Lose your job? Apply. You have literally nothing to lose.
But he was quitting. They sure hassled him though.
I pentest regularly and people plug those usb drives in, devices get ignored.
Trying to remember a bit more of it, but wasn’t the usb stick a rubber ducky? I mean it could possibly trigger some alarms, but to note that I don’t think it would register as a flash drive. In short you can program them and make them appear to the computer however you want. (IE it could appear as a keyboard, and rather than copying a file from storage, and rather than copying a script off of itself, it could say open cmd or powershell and effectively run the commands itself (as if they are being typed really fast, rather than actually a script). Companies typically don’t log keyboards being plugged in.
IIRC, there was a plot where Elliot needed to break his drug dealer out of jail, and they left USB sticks in the parking lot of the police station, but when the cop plugged it in, it was obvious that it was malicious (command prompt pop up) because they didn’t have time to make it hidden, so that thread didn’t end up working out.
They even mentioned metasploit
Amazing show, enjoy.
