 Welcome back to Enterpreneurship Tuesday. Thank you for staying tuned for Season 7 another time from we're in our second hour Remember try to fit for channel is where you can find us across all social media platform at Michel's Shire is where you can reach out to me So head on to our Facebook page. We have a question for you So the question is which business do you think is just a waste of time and will make losses? Oh Zero profits anyway, so I like to hear from you and what are your thoughts? So head on to our Facebook page. That is at Y 2 5 4 channel for me across all my social media platform. That is at white Oh, sorry So our next composition is matters pertaining cyber attack, okay cyber attack and many organizations simply think when they install the the most recent technologies just to to cab You know cyber security, then they are all upset well good and they can go on with their businesses and that might not be true Today we're talking about ethical hacking and in studio. I have some will silo whiskey who be speaking more on this So no further do I'll let him introduce himself. So, hi, my name is Samuel siloski. I'm an ethical hacker Basically just hack systems Tell us what is all about ethical hacking because you know hackers and there's always negative energy when we hear Electronic fraud all around stories Actually flight around and we have no reason to unwrap. It's happening in Kambu We're actually the three people who have done an electronic fraud like simply just you know There's always negative energy when you speak about hacking. Let's talk about ethical hacking man. What's ethical hacking? Basically is just hacking but with authorizations All right, so before we we have a system We have to get authorization from the company that is straight so that they can give us access to their system And basically is just detecting their flaw their security flaws The most security flaws they have the more huckers the other huckers the black huckers can be able to sabotage the whole company Oh, really? Yeah. Okay. So who is eligible or credible enough to conduct a pen test Which is simple same thing with ethical hacking. Yes, basically people who study that he let me know Let me say generally because I realize you can't just study if you call hacking you can study hacking It's something you can't you can go to school. You can do your things, but the problem is there's no unit But you can't explain the class Environment with the world environment okay, because in the world environment you'll have so many antiviruses the programs But you have to actually bypass it in school. You just talk it theoretically. So you don't actually have the practical ability of it so in general, okay a Hacker the best the person who can actually do each right. Let me say it's not a newbie It's not a newbie number. It's not a newbie But somebody who has a bit of experience in systems in window system linear system all environments Okay, so we have one of the greatest hackers of all time Kevin Mitz mitznik Yes, so so there was a question that he was that's an in spite of having easy access to credit cards Social security numbers and property software So he never never tried to steal anybody cool. He was in that position So I'd like to find out have you been in that position where you these easy access? Yes, easy access that you can just walk away with all this all this money, you know like and from there You've just made it in life. Honestly. Yes. Have you been in that situation? Yes Like a hundred times a funny thing. I realized that we don't actually have secure systems All systems can be hacked Even if you create a new one today, it's still going to be hacked in the next after me like zoom zoom was created in a Secure environment a few months later. It was bridged. I think I have over a million a Million plus user accounts for zoom. It's all listed in the dark web. So getting is actually easy So basically, there's no secure systems. For example a banking system You can you can create a duplicate of the original That people may click on it you can get their username the password you log in you to draw their funds and you're good to go Okay, so I would like to find out Because you first when you started off you mentioned there's no any Secure system secure system and then you earlier on is mentioned that there's no education per se like about ethical hacking It's something that comes out of interest. Well, I find out where did the hacking aspect? How did you get? Curious, how did you get interested in hacking because you studied it? Oh? My curiosity started going in high school. Let me say We want to give an access to Wi-Fi. So it got me curious. I really needed that Wi-Fi So I started googling doing a thing structurally discover ways to actually get the Wi-Fi because I used to have a phone I guess I think that's illegal to say I used to have a phone So but their classes that are legit Without ethical class in practicability. That's OCP. That is offensive security Blah blah blah and a few others but the main thing is My curiosity started then in high school and I wanted to get access to the wife teachers Wi-Fi Okay, and here comes you you went to uni studied IT and then somewhere You come up with with your own consultancy firm slow escape. This is almost low escape. It's sky family sky family Yes, so it does okay, so it's two combination of your names. Okay, so What does your company offer now my company? What does it? Give back to the society your clients. What does it all entail? I'll giving back to the community first. We have a YouTube channel whereby we teach hacking It's still sky family to consultancy. We teach ethical hacking from basics from a newbie perspective for information gathering and then When it comes to the company, it's all business. Okay, it's all business Our work is to test your security if you're secure enough Well, I'm going to give you a report if you're not secure. We're going to give you a report of all the loopholes we've discovered Yeah, don't you feel the is there any regulation because Some people can use that for for the wrong reasons because we've mentioned that we're actually Teaching guys on YouTube channel. Don't you feel like I'm a corner there regulation? Yes, we always give a question Okay, question that whatever you say do not use it for illegal means, but find a good way to use it So there's some pen testing companies which give Representation of the actual services that they offer they'll say that they provide the penetration test and they actually give the you know The vulnerability scan. So what is the difference of the two penetration test and vulnerability in vulnerability? It's like using a software to just find it won't dig in for penetration testing. You actually physically do it Okay, no step-by-step and you actually find the loopholes but in vulnerability. There's a total cold nurses This is just scans. It's just kind of like an activity It scans your system for any loopholes and then gives you a feedback. Okay, so all the company or if On my own, you know, my laptop or using my own software, why would I go for penetration testing? Well, yeah, I may be in a comfortable situation I'm like, I'll just use the most, you know, resent deploy later security technologies First of all, it's all in the it's all in. Let me sit all in the mind As in it's all in the mind. Everybody thinks they're secure until they act So I everyone everyone things like for instance, we actually offer in we actually offer in a Breached kind of thing. We are telling people to call us. We check if they have username their passwords have been Bridged yeah, so if you give us a username your email, you can actually check if it has been bridged and we give you the report Oh, really? Yes. My my password is not just enough. It's not just enough Honestly because for instance For me a few months ago. I discovered I was bridged through a company called canvas So immediately had to change my password look for ways I can be able to remove my username on the dark web so that I can be secure So then what what are the measures to ensure there's maximum security? There's maximum privacy when it comes to my own email email account or just even my phone Number one, okay, I hope this one Let's handle the email part. Yes. I hope this one won't come out wrongly, but I believe Google monitors everything When I say everything it literally monitors everything There's no way I can be anonymous There is but not with google Let me just put it out there, but not with google Google monitors your home your office and that's why when you get home you can actually get a beep on your phone Like uh, should we set this as homework or home? Oh, yes So it monitors everything so as as much as you want to be anonymous Google is not the way Secondly for an email you need to put a really I tell people to write a sentence as their password A sentence plus hashes Full stops the exclamation mark the quotes. So like my my wife I pass what I can actually give it It's actually I love my wife so much But inside that statement there's a o for an art. Everything is actually kind of like a code Wow A whole statement. Yes. Okay. Okay. That goes well that goes well. So what what happens to the phone? What about all on like phones? How do you show like we are not like This maximum privacy like no one can track you like where you are. What are the submissions? So just uh, Just give us Some of the missions we can take the first measure is always use a vpn connecting to the internet A vpn is just what is a vpn. It's a virtual private network Okay, so if you if you're using it at a bundle there you can log in through the private network and gives you access anonymously So your ip address can be like you're in kenya, but when you're browsing it detects that you're in russia or in your us or in china So there won't be any dns leaks. So the more dns leaks leaks there are the more unsafe you are Okay, because right now during the kobi 19, uh, hackers are idle. Let me just say that They are so idle and the more idle they are the more And people are actually right now learning how To do the work just to get the money Like right now every link you find on the web written discover kobi 19 isn't actually the actual link It's just a phishing page for you to actually click to give them the information So so every advert you see is not just an advert. There's something behind the advert So guys, you know just click on any do not just click on anything be sure in everything you're clicking Okay, that is a lot of information to just Consume much once so we spoke about vpn on our mobile phones now any other on any other way to cap that Just trying to find uh An antivirus, let me say it doesn't help that much per se, but it tries It really tries so that in in a form if somebody sent you a root kit or a malware You can the antivirus can be able to detect after detecting it will tell you There's a hacker trying to access your system and you'll be able to click no or switch off your phone Yeah, okay So what are some of the things to consider to to get the most out of Security testing for instance for a company or someone who's just going to secure their work and they're working from home The most important actually is data the more sensitive data you have The more necessities for you to do to run up nutrition testing If you if your data deals with clients clients, uh, I mean Let me let me give an instance for a bunker A bank contains users People they are passwords. They are money meaning the three category Actually tells you that we need a security team Or in the background in front line or even just you just hire another company to just continue doing the penetration testing because Just having a security team in your company doesn't mean you're safe At the same time hacking is not just in technicality. It also informs of the way we speak Oh, really? Yes, like for example, like I can tell you because I didn't do anything wrong Yeah There's a day I saw a picture on the net somebody just placed a picture with your work ID So what I did I just took a photo of it. I created my own ID How See you just print a new edit using a photo shop. Oh, okay. It's as simple as that and then The the next day try to see if the reception is so the people around can actually detect that I'm not part So I just walked in and I was like I'm a new guy And the people were like, oh, they open the door everything and I was in And then I went and told the admin. I'm sorry, but I'm a part of your team I'm sorry, but I just wanted to try if you saw me with this you can actually give me access And the IT guy was actually or he was actually good. He was like Buddha you have done everything just come he He actually gave me a contract and then told me to walk away Yeah It's not just in it's actually been in our conversation. I can't I can get a lot of things from the way we speak By what you love I can detect the your browser history by all that Okay, so it goes just beyond just sitting behind the computer Okay, so what would be the advice for any company that looks Coming to you of seeking for help. What are the measures that you start off by giving to them like the process? Oh, the first one is not all the first the first thing I tell them is not all penetration testing Is actually good as in in terms of carefulness You can try to hack a system and it's going to damage their system So that's the number one rule Secondly when you're doing the services, we will have to find a time whereby people are not working Like for instance, like right now people at home in the weekends at night We just find a loophole the keyword is just finding a loophole whereby we can damage them with the system But at the same time we can actually be able to test the system Yeah, so but we have two workflows. We have uh have have my assistant is called freddy quango Is from coaster for him. He's a black hacker. That one you can't lie. He's a what he's a black hacker. Who is that? He's just a he's my assistant. We work with him. No the the title the black hacker. Yes He used to let me say he used to but right now he's changed He used to just go into system for the fun of it just for the fun of it right now He he does it for for the community to give back to the community So for him he works with the administrators the best that There are two there are two type of testing we do. There's the backbook testing and the white book testing the white But white box testing is whereby uh my team works with a system Admin of the company slowly by slowly while in the black book I'm actually outside the company trying my own way to get into the system So we do like two type of tests me outside him inside with administrator So it gets harder when they're patching the system. Well, I'm trying to hack it So the more I'm trying to hack it gets harder for me So it gives an assurance of good security All right, so uh when it comes to different Careers for instance for my for my like my career like I'll show my portfolio my previous work and everything So when it comes to you I'm so sure you've worked for so many other clients But I have a this scenario here. Have you ever been in a situation whereby you decided like, you know what? I'm going to hack this company and then I'm going to come back and tell you like, you know Your system they are very weak. So you guys should hire me and I'll be fixing things here I've been tempted but no I've been tempted but no because number one is um, there is low concern in it And I have a beautiful family. I can't just leave my beautiful family to go to g you know So I need to think over a lot of scenarios, you know, I can't just live off my family So um, it's either I be patient. I call them if I see a flaw like the small for I will usually call them I don't do anything. I'm like, hi. I think you have a flaw in this area So please fix it or somebody will fix it for you As simple as that and then I just if they want to call me again, it's okay if they don't want to call me I'm not trying to do marketing at that perspective. You're that credible enough. Yes. I can't I can't cause I understand If I if I go to jail is no point I can earn money in white when white hacking than in black box But still different I get you not desperate measures like kind of decision. This way. So let's look at like the time frame how long they Approximately like time frame when you're working on a particular Company when looking at their cyber security How long does he take like a time frame? Oh, it depends with their system. Okay. Let me just say like For the last one I don't want to to mention the company the last one you are handling with They were using windows 7 windows 7 has been compromised. So it won't even take me An hour if just take me 30 seconds and I don't 30 minutes and I'll be in their systems You know, so it depends with the kind of system and measures they've placed All right, I have a question before we wind this up and probably give us more information And now people can reach out to you in a situation where but we have had so numerous cases of electric electric fraud and If you are to like getting involved and sought out issues, is there a situation whereby you can Identify who actually did the the cyber the cyber-linear attack. Oh, yeah, I have I have I have somebody else who can do that It's forensic Okay, so it's different investigation. It's it's part of it, but it's kind of different But there are two perspectives. There is the forensic and there is there is reverse reverse engineering Reverse engineering is whereby whatever was placed you can be able to take it look at the code try to find out who actually created it Okay So at the end of the at the end of you told just go back to the person actually And just three points because most of them actually carry the MAC addresses and the ip address So it will be actually easy to locate them. Okay, all the vast you will all those terminologies mean, but we'll be taking a long day here That is why two five four channel I don't know facebook page. You have a question for you there Make sure you you give me your thoughts pertaining that question at michelashira is where you can find me across all my social media platforms So right now somewhere I like to find out how people can get to you reach out to you and Across all social media platform your website also You can get to us through facebook. It's sky family lady consultancy limited Also on twitter sky family lady consultancy and on youtube sky family lady consultancy. It's still the same generally still the same And if you want to check if your if your emails have been bridged Email us through the website or through facebook. Okay. Oh, so we have to okay. It's okay We will limit it. We will reach out to you. We need to find out because I was thinking like password Password is just enough. It happens. It's it's not so guys back at home Make sure you stay tuned another interview becoming your way and this time round we'll be heading to The food sector. So it's all about Yummy yummy meals coming away. So we're talking about the food industry So make sure you stay tuned because you don't want to touch that right now. We're going to a musical break But we'll be right back