Got a chance to tell a story on with Jack Rhysider.

Ep 36: Jeremy from Marketing

"A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned."

You can listen to it here:

@m4iler - The reports of my death are greatly exaggerated.

@tinker to be fair it'll be very difficult for anyone engineering minded to pose as a marketing person of all things o_o

@polychrome - I blent in fine, I think.

I’ve held many jobs and roles in my time. Draw on those experiences as I need.

@tinker Great story man, Listened to in on my way to work.

@superruserr - Yeah?! Let me know what you thought! (Or lie to me if you thought it was bad...)

@tinker It's very interesting! And relateable (as in, I can learn from it and apply)

@tinker One of the red flags was finance running Powershell.. did the IT team ever do monitoring on their side for PowerShell instances (ie "if EventIDs for PowerShell come up from Finance computer, pop an alert")

@superruserr @tinker

In all seriousness, I always post VPA try to advise them to look into endpoint defense systems that can manage threats like these more or less automatically, most environments do a bad job of attenuating powershell based attacks...

well, any attacks really...

@superruserr @tinker

Yeah, sort of...

Plenty of places implement and monitor EDR for clients.

We do.

@superruserr - I’m not certain. This was blackbox from my side. I only got a bit of information from them at the end. I imagine they did do monitoring, though. Not sure the extent.


Best background music to go with the narrative.

@superruserr - Yeah, Jack’s production quality is very good!

@tinker I love when you talk Physical Pen Testing, it's less about the "cool story" and always about teaching (but still with a cool story or two...). I've got this one queued up at the top of my list!


Got it bookmarked for later. Looking forward to hearing about you in action.


I gave it a listen yesterday. A terrific story, especially the oh @#$% moment when you got caught.

I'm glad to see your improv chops are still strong.

Okay, I'm definitely going to listen to this one. :blobpopcorn:

@tinker Hey, that was a hilarious episode! Especially the part at the end with the old lady - HIM! THERE!


When I listen to these stories, I always assume they're gonna left ports open, repeated passwords, website pages that are available through manually typed URLs and stuff...

and then you tell everything that went wrong FOR the red team... oh boy. That was hilarious.

Thanks for sharing. :blobthumbsup:

P.S. I envy your job.

@rick_777 - Cheers! Yeah, I like talking about when I get my ass kicked. Its nice to know what works.

And I like my job. Took a while to get here, but it’s awesome.

This episode kept me on the edge of my seat the whole time. Was also pretty educational since most of my knowledge is on the Linux side which isn't that helpful for securing corporate networks.

@tinker That was amazing ! Thanks for sharing that story with us !😍

@tinker Your Darknet Diaries story was awesome! It was one of the first episodes I listened to and now I've spent the whole day listening to a dozen more.


Your interview makes me happy inside. Well done! 👏🏻

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.