Well I don't know, the email chain pretty much shows that they are
A: trying to treat it as a cyberattack B:everyone is after my job C:nobody actually has any proof other than what I said I did(port scanning).
I'm worried they are going to call DHS.
Andrew Thomas
You sold yourself out OP is this bait? You admitted to doing it to IT. What happened to >Hey what is the wifi ? >You can't use it >Ok thanks Wow a fucking revelation.
Xavier Price
>I'm not even IT, but I have superuser AD access
why
Liam Bennett
I'm lucky I learned not to do this shit in high school
Just say you weren't doing anything malicious and find all of the proof you can gather to support your claims. but seriously why the FUCK would you run a noisy port scan on a network that isn't yours knowing honeypots and intrusion detectors are there... you problably lost your job at least and hope to god they don't ACTUALLY get hacked within the next year or you're gonna be the first one they come after
Jack Stewart
if you are in British sovereign territory (or any of their dependencies like the US, Canada, Japan, Hong Kong etc.) you are fucked. If you Are inside the EU then just tell them the truth. They have to prove you malicious intent and malicious activities and not you having to prove your innocence. If you Are in a German speaking country (especially any of those that isn't actually Germany or Switzerland) just go and laugh at them
Tyler Ward
Tell them the truth and then tell them to thank you for exposing a major security issue as a result of their lacking security team. DESU you should be given a promotion and free steak dinners everyday. How could they be so autistic? Also tell them you downloaded all the ip and payroll information and that if you don't receive a multimillion dollar stipend and a private plane ride to antartica where there is a newly built home and a statue in your honor that you'll send the information to our enemies overseas
Tyler Thomas
LAWYER UP AND TELL THEM WHAT HAPPENED, DO NOT GO THERE AND TELL THEM THE TRUTH YOU WILL GET FUCKED. IT IS NOT TRUE THAT "ONLY CRIMINALS" NEED A LAWYER. BETTER SAFE THAN SORRY. DON'T FUCK THIS OP, GET A LAWYER
Nathan Brooks
if it was serious they'd have called the cops on you, not have you meet with the CEO/CTO several days later
Lucas Cook
>I think we might be a government subcontractor >I think Did you sign an ITAR agreement? Did you have an ITAR orientation? I am not familiar with unknowingly working as a government contractor - definitely not at my former employer that was a contractor.
See I think because they are a government subcontractor but don't adhere to the required data security etc etc that they won't call anyone. No I did not. Well I did have to do a bit of this and a bit of that to get the perms I have. They have a really incompetent IT department, which is what made me do it in the first place. I wanted to see how bad it really was.
It's pretty laughable anons.
I was honestly thinking of asking them if they're gonna give me a network admin job.
I could've really fucked their shit if I wanted to.
Still could, considering they dont even have 2fa on the vpn and any device can be used.
Mason Carter
Nah they didnt find out, thats the thing. I told a guy who mentioned it in passing and thats the way it turned. Nobody actually has any proof of what "happened" other than my own admission. All they think I did was get my laptop on the enterprise network by spoofing the MAC/IP, then did a port scan.
They don't actually know one iota of what actually happened.
Blake Stewart
>they didnt find >I told a guy
the thing they don't tell you in hacker camp is that in order to run a quiet port scan you have to not tell anyone
Andrew Phillips
This this this
Colton White
>but don't adhere to the required data security I would be asking about this. Once the established protocols are reviewed and authorized by the federal government auditors, the protocols take the force of federal law. This is a real potential for shitfest. If this is true then I would quit and report them. You can go to the guard shack at the gate of any military base and tell them that you have an ITAR problem. They will send someone from the base to talk to you. Any place that runs like this will be looking for scapegoats when the shit gets heavy.
See I was thinking I'd have them sign a waiver and invoice them as a penetration testing contractor before I discussed anything at all.
That way I could tell them the truth and be legally in the clear, as well as get some money in my pocket.
Worst case scenario is they say no, I tell them I can't say anything, then they fire me.
Anthony Thomas
Please install a deadman's switch to inform us when you eventually get v& to guantanamo
Benjamin Adams
>See I was thinking I'd have them sign a waiver and invoice them as a penetration testing contractor before I discussed anything at all. If they really need compliance then you are asking them to commit a violation by forging a document regarding a potentially non-compliant act. >That way I could tell them the truth and be legally in the clear, as well as get some money in my pocket. They likely will not do it - there is no way they are going to pay you. >Worst case scenario is they say no, I tell them I can't say anything, then they fire me. Worst case is that they record the interaction with you asking them to create a forgery train to support your illegal activity. I almost never post anything directly insulting. I am sincere when I say that you are either larping or retarded.
Brayden Ramirez
It's a federal crime you know. Stop talking to people if the out look doesn't feel right and hire a lawyer.
Wyatt Barnes
Network Architect here. Literally do not care if you portscan shit on my network. If you can scan shit, it's our fault for not locking you down with DACL or a firewall.
You're dealing with stupid windows sysadmins. They're the biggest retards in IT.
Levi Cook
Well looking into it deeper, we have probably never had compliance, nor could this company afford a potential violation of any kind.
Ergo, by informing anyone about ITAR non-compliance, the company could go bankrupt overnight.
We have unregistered foreign nationals working here and thats enough to bankrupt the company with penalties on its own.
I just looked into it.
It's not a forgery if I'm paid to do the pen testing right? Or if my role in the company changes over to network administration, then I'd be legally in the clear.
Isaac Ortiz
Say you have an interest in cyber security and wanted to learn howt he company is setup to protect itself. Mention that you may be willing to do that kind of work in the future and this was just you trying to expand your skills for the company.
Austin Turner
you are aware both of those countries are UK dependencies? Japan is since it is US occupied and since US is a UK crown territory so is Japan.
Nathan Watson
>US is a UK crown territory Please tell me this is trolling.
Dominic Stewart
>It's not a forgery if I'm paid to do the pen testing right? The document is a forgery if it is backdated for the purpose of changing the nature of a violation activity to a compliant activity. If you needed compliance then there should have been classes for you on this topic. Without disclosing the product, how spooky do you think your product is? There is the possibility that I am off base.
Aaron Baker
>since US is a UK crown territory is this what britbongs actually believe?
Angel Butler
The product is not spooky, but it's used in fucking everything.
Think materials science and you'll get a good idea.
We have hundreds of IPs,(from our customers and internally)and the odds that our product is NOT used in some kind of defense product is pretty much slim to none.
And how did you do this port scan? `nmap 192.168.1.0/24 -sS --min-rate=90000`?
Aaron Allen
OP I feel like you're ignoring me after I told you, YOU telling someone is proof. That's all they need. Your word against a full time employee... oh look we got a hot-shot networking architect here boys, guess what he didn't portscan your faggot ass bitch he port-scanned the wrong people. Thanks for the reassuring talk about you being such a big bag network architect who's a cool dude about port scans.
Dylan Brooks
I'm not sure. I might have enough cash to get to a non-extradition country, but I don't have a passport. I'll probably have to figure out a way just in case. I'll see emails beforehand and that'll give me decent warning.
I really hope they dont call the feds.
Jaxson Barnes
I am a full time employee, but I feel like the potential consequences of them coming down on me might weigh higher on the scale in general than them just letting it ride, you know?
Blake Watson
From what you've told me I'm really considering tripling down and gaining a massive amount of leverage going into the meeting, that way I have all my bases covered 100%.
I mean with my current access I might as well go all the way, rather than go halfway and get nothing while going to prison.
Gavin Evans
I mean then again it's just a portscan, why are they mad about it and why would they make a wild assumption? I'm just saying no matter how stupid or little or non-offense it is, it's the fact that you're not IT and you told someone. I don't know what else you could do.
Andrew Green
>meeting with the CEO/CTO on Friday You have to keep in mind, these people are not technical enough to understand nmap. In your meeting, they will not be evaluating your technical actions. Rather, they will evaluate your attitude. They are going to feel you out and try to determine whether you are a member of the team, or whether you are a rebel who is acting against the company.
It's important to not take an adversarial stance. You don't want to be sullen, anxious, or upset. When you talk to them, don't focus on the port scan, and if it comes up, minimize it and try to move on to the next topic quickly.
Camden Perez
Maybe you hit a Honeypot or IDS. in that case, no point in lying. Being a government subcontractor probably doesn't matter beyond their level of auditing, network schema, and how often they perform internal scans. Then again they could also be required to inform the government of potential rogue employees.
I would say worst case scenario you'll get suspended and they'll have a forensic investigator look through audit logs of the computer. Don't delete or hide anything! Unless they are extremely retarded you shouldn't to to court.
Best case scenario you'll get written up. Much more likely if you actually do show up to the meeting. I would elaborate about how retarded you feel and that you were a curious cat.
Alexander Morgan
It's not just a port scan though, thats the thing.
Bunch of crap about port scans when the issue (that they dont yet know), is that I have active directory access with an admin account, despite the fact that I'm not even supposed to have an AD account in the first place, much less an admin account.
The way our network is set up is such that with full control of AD I can do anything I want.
I just did port scans because I wanted to see how secure the backend stuff was, then I made the mistake of mentioning it to someone.
Carson Stewart
If you have admin on a Domain Controller then that is someone else's fault, whoever gave it to you. not yours.
Adam Myers
>Well I did have to do a bit of this and a bit of that to get the perms I have yeah, you're probably fucked (deservedly)
Kayden Harris
Wouldn't bother leaving the country over this. You would already be in jail, fired, your network credentials removed, and the production environment being audited tooth and nail by a forensic team.
Christopher Russell
>>Say you have an interest in cyber security and wanted to learn >>Mention that you may be willing to do that kind of work in the future Sounds like a guaranteed way to get yourself in a lot of trouble if you aren't actually well-versed in cyber security.
People get trained pretty heavily in this field, it's not like a hotdog stand where you could just take on the job after cooking a few hotdogs at home.
Jason Gutierrez
What you do is login to your account
Then disable all the vowels on everyone's keyboards simultaneously
Then repeatedly open and close their optical drive trays
Ryder Smith
OP this isn't just port scanning and you know it. The problem is you didn't just settle for wifi access or probing the backend (I'm nowhere near mature enough to handle that sentence), but that you gave yourself full admin privileges for no reason.
Here's my story: I'm a consultant for the auto industry and work both with the manufacturers and with their dealerships. Last week I went to one such dealership to help a guy out with a problem in the salesmen CRM. I arrived in a Hawaiian shirt with no badge, told the dude I was there to help with the computer and he landed me his notebook and walked away. He had the passwords for EVERYTHING saved on Chrome on a machine that didn't have a password: dealership's online banking, credentials for all programs relating to employee payment and sales money, you name it.
You know what I did? I fixed his problem with the CRM and left. Didn't tell him, the owner of the dealership nor my own boss about any of this, because it's not my job to know about it and because no interaction beginning with "hey boss, so I got into ALL of your stuff yesterday" will ever end well. Pray you don't get fired for this and try to learn something from it
Oliver Nguyen
Do you have proof to the contrary?
Elijah Harris
this
The way security actually works IRL is if you show someone they left their door unlocked they accuse you of break and enter and you go to jail with no proof of wrongdoing
Jacob Perez
But why do people do this in the first place?
If nobody ever makes it their responsibility to actually promote secure practices, and point out obviously unsecure ones, how would we get anywhere?
Answer: we don't, and then when someone ransomwares everything and loots payroll the employees are left holding the bag and the company goes under.
Jaxson Butler
>but that you gave yourself full admin privileges for no reason.
Yup, agreed. Thats what they are talking about in regards to system intrusion.
It makes a huge fool out of everyone above OP, especially the IT guy he told.
The IT guy is like: "wait, you did WHAT??? and on my watch!!?? Better go tell the Vice president so this doesn't come down on my ass!"
Goes to vice president: "He hacked us wtf"
Vice president goes: " Yeah, what the hell is this?"
Now OP has a meeting with the CEO, they will probably fire him after they find out what he knows and why he did it. I think a best case scenario is he gets "suspended" and a week later gets a call that hes been fired.
Liam Adams
yeah best bet is that you were doing pentesting and found several exploits. pentesting without permission is still bad tho
Ian Flores
Here's the thing, there is a person whose responsibility is the security of the company's data: the data security guy (or the IT guy for most places).
I'm not that guy, I'm an outside contractor whose job is marketing consulting. The dealership doesn't even have an IT guy for me to report this to, otherwise I wouldn't need to drive 60 miles to another town to open chrome and click "forget" on the credentials of the previous employee that used that computer.
Believe me, I'm all for trying to help with security awareness anywhere I can. I teach employees about phishing, ransomware and all that shit when I get the chance. What I don't do is go around doing proof of concept for those things.
Yup. I like picking locks. For a very brief moment I considered making myself available for old ladies from my building (they lose their keys A LOT). Then I realized I'd be accused of every petty theft or door left open in all 18 floors
Daniel Ross
Just threaten to crash their entire database if they fuck with you, demand a promotion.
Kayden Lopez
And be sent to jail when the company contacts the FBI? I dont think so.... he said they were govt contractors.....
Samuel Wright
And? They're violating their government contract, if they decide to flex on him he literally can crash their bankrupt them. Any actual disagreement is about power projection, and stacking the deck in your favor.
Thomas Lee
They pretty much can't fire me as they have the good sense to know if their network is totally compromised I could completely fuck their shit in every single hole, and that would give me casus belli for war. I think I'm fairly safe from being fired. Yeah I'm split between this route, denying it ever happened, asking for proof outside of my own admission, or playing dumb. If I go in hot with everything I know maybe I'll get promoted from my shit tier position into a role that I can actually make some cash. And what if that guy is an incompetent drooling geriatric who has no clue how to keep data secure in the 21st century? Should I wait for the chinese to come along and bankrupt our company?
Julian Hughes
Thats what I'm thinking, I think I've got them by the balls unless I'm arrested on the spot, and if I write a decent deadman script then I could skullfuck them anyway.
Eli Rodriguez
The meeting is probably to fire you. I wouldn't argue or admit anything.
John Mitchell
> And what if that guy is an incompetent drooling geriatric who has no clue how to keep data secure in the 21st century? Should I wait for the chinese to come along and bankrupt our company? If you are not even in the IT area of the company, that's exactly what you should do. Perhaps start sending out resumes for positions in other companies if you feel that the Chinese are coming.
Also get the "I'll pwn them if they fire me, I'm untouchable!" thing outta your head. If you so much as hint at this to them you're suddenly looking at charges for blackmailing an institution that has way more money for lawyers than you. If they are connect to the government you can even count on a nice visit by the DHS. Don't try to probe anymore to gather data as leverage or other shit like that, if they reported this to someone actually competent you'll just dig your grave deeper. Be honest dude, tell them you did something really fucking dumb and that you meant no harm by it. Trying to get a promotion or a compliment for this will blow up in your face
William Wilson
If I were you, I'd go into that meeting and try to negotiate. Tell them what you intended to do; that you were just curious and that you're sorry if it violated any company policy. Keep it as vague as you can. Then tell them that they have a serious security vulnerability that you could help them fix if they don't fire you. If they decide they're going to fire you anyway, offer your services as a security contractor since you already know what the problem is.
In the meantime, maybe go find the cocksucker who sold you out and hit him in the face with a brick.
Logan Reed
he is correct tough. after all it is pax Britannica and nothing else.
though to be precise actually both US and UK are German puppet states. The UK because literally all of it's ruling families have been German since 500 years and the US because it is a UK colony AND because by far most “white Americans “ are assimilated Germans. just reading lists of “American names“ and then seeing shit like Schneider, Zuckerberg, Schmidt, etc etc. And yes nearly all of the “Jewish “ names on the US are actually just German
Zachary Rogers
Isnt that like the #1 hacker rule? Dont be a faggot and tell people of your deeds.
Leo Lee
Well thanks for the help Jow Forums, I think I've got a good idea of how to handle things now.
Sebastian Sanders
>then I started port scanning because I wanted to check out what all I actually had access to. That was dumb. You could play it a hijinx but >I mentioned in passing to one of the IT guys that I had port scanned the other night that's just fucking stupid. I'm guessing you were trying to brag and really - you'll get whatever you deserve.
>t. ASD contract (no I'm not providing proof) and you aren't likely to go to jail (unless you try to brag that you put a worm in an email to the cfo or something as stupid) but I'd be surprised if you aren't collecting the dole by Fri arvo.
Silence is golden user.
John Nelson
So if you wanted to use the company wifi, why didn't you just ask the IT guys for access?
Sebastian Gomez
Because asking is for losers and I'm autistic. I think I'll be fine, the IT department can't even reasonably diagnose things, and management doesn't even understand these things in the first place, so I've just gotta present myself correctly.
Brayden Ortiz
I'd throw muhself on the mercy of the court.
You're getting called into a meeting of your bosses, bosses boss... When it come to discipline - that's not a gud thing.
If you were a bit more savvy (I've read a bit of the bread) you could probably play the >I was pentesting to reveal a vulnerability card but from what I've read so far you may not be able to back it up with know how and techspertise (not meaning to be rude just straightforward)
how the fuck did you gain admin rights to ad anyway?
Lucas Brooks
>How fucked am I? Uh... you're not? You have nothing to worry about, just tell them what you told us. If they don't believe you well, too bad. If after tyat they still hate tour guts you'll have to find another job. It's not your fault, they seem like dumb retards.
Nathaniel Young
Just tell them you're autistic and get an emergency note from your psychiatrist.
>You're dealing with stupid windows sysadmins. They're the biggest retards in IT. t. windows sysadmin
Luke Butler
I'm being coy on purpose, if that isn't obvious. Someone might have put a guest wifi network in place of the real guest network, with identical captive portal pages, then taken the real guest network offline temporarily. Since AD perms are required to get on guest, all it requires is the right person to get on the fake network,especially since they dont have required password resets.
After you get the right persons AD creds, then you're golden.
Same for really anything you want to get.
There is a little bit more legwork involved, but it's not even that hard when people are as ignorant as they are, and there are a million different ways to do it that are only limited to your creativity. Not OP.
Nicholas Williams
So you did a dodgy. And got caught because you bragged about it.
You're fucked.
If it was me I'd throw the heaviest book I could find at you.
Wyatt Gonzalez
port scanning is a legitimate network security activity. Tell them you were making sure the network was secure. Tell them you read some shit online about cryptocurrency malware and that you were scanning to see if the ports in question were exposed.
Sebastian Johnson
Remember, I can see their emails, they don't know any of this,nor do they have evidence that anything actually occurred.
All they have is word of mouth that I may have spoofed a mac address to get on my computer at work, then scanned some ports.
They dont even have logs of that either.
Isaac Perez
top fucking kek
Jaxon Hernandez
>i mentioned that I had port scanned Without any sort of context? Did whoever you were talking to ask what you port scanned? Did you just bulldoze over that conversation?
I'd probably report it as well. Seems like something a malicious actor would do when they slip.
Samuel Smith
You phished an admin's password with a fake guest wifi?
Nathaniel Butler
To be fair, it isnt the only way.
Network admins should really start with a premise of "My network is unsecure, what level of security will my users tolerate that also meets compliance."
There are a lot of minimums that most companies refuse to meet due to laziness or a lack of willingness to spend money.
Nathan Lewis
You are a fucking maniac if you think they won't pursue this. You'll be fired at best. I smell legal action.
John Bailey
How the fuck did you get admin on the DC when you arent even supposed to have an account. Also what the fuck do you mean you just wanted the wifi? Why dont you, an employee, have Wi-Fi access?
Bentley Thompson
OP is just here for the (you)s obviously its a fake story.
Nicholas Phillips
Well, we dont have access because factory people don't get access or ad accounts due to the high turnover rate.
Ryan Lopez
And how did you get the account?
Elijah Campbell
He said how he did it here
Asher Cooper
oh right, I should read. >MITM attacked his own company Why are you so hung up on the fucking port scan OP? You should be shitting yourself about them finding out about this, this is literally an insider cyber attack and they will fuck your life for this.
Isaac Ortiz
>(I'm nowhere near mature enough to handle that sentence), you are a cringelord and i stopped reading here
Hudson Myers
lmao this if it isn't a larp and they find out what happened your done for OP better get everything on a flash drive and get out of the country, then sell that shit to their competitors
Cameron Smith
imagine being this retarded
Brody Peterson
How fucked, exactly? That's what I'm trying to figure out. Everything I've researched doesn't exactly come up with clear results.
Julian Barnes
reddit must be down or something because this thread is full of retard spacing