2 fake resumé's and very awkward job interviews later, we captured an auth attempt on our evil twin that gained us a foothold into their enterprise network, we also dropped a Raspberry Pi on an ethernet port on the way out!

We didn't get the job 😞, but we got domain admin 😁.

#HackingStories 🐺

We browsed to the M365 admin panel and yep, Global Admin privilege.

The password vault icon was also on the desktop. Double-click, punch in creds, straight in! The passwords to all their SaaS platforms were right there.

Sometimes it pays to work late. 🐺

#HackingStories

Simple steps:

1. Win + R.
2. Ctrl + V.
3. Enter.

Nothing felt risky, so they followed along without thinking.

Nothing crashed or popped. Just like that, we got in

#HackingStories #VolkExplains

It took us months, but we're in. And now it's time to pull the trigger. We'll go in fast, hit our goals, and leave. At 7pm no one's around right?

It works! The 6 of us get our goal in an hour. Turns out, no one was "officially" on call. An easy mistake to make🐺

#HackingStories

"G’day, it’s IT. Just hit 'allow' so we can fix that sync error."

Marketing was in a rush and just wanted to be helpful. One click later, we were them.

Who needs fancy exploits or zero-days when the system trusts the user, and the user trusts the attacker? 🐺

#HackingStories

Graphic Novel freaks: What is your favorite hacker graphic novel or other genre of graphic novel? Looking for great new stuff to read. Story > Artwork #graphicnovel #hackingstories #novels #bookrecommendations #recommendations

Would love to combine #hackingstories @MCA_Australia & #thecreativepowerofcopying @statelibrarynsw at #vividideas 2018
@VividSydney 👍🏾👍🏾👍🏾