ThreatLocker joins Adam Savage’s Tested
Adam Savage’s Tested explores the intersection of science, pop culture, and emerging technology. In each episode, Savage, a special effects designer, television personality, and educational content creator, invites fellow makers and curious minds into his cave to share ideas and inspiration.
Recently, ThreatLocker CEO Danny Jenkins joined him to investigate everyday tech items and the hidden dangers they possess.
The USB keyboard we're never allowed to plug in
USB keyboards, phone chargers, webcams—each of these everyday items could be hacking devices hiding in plain sight. On ThreatLocker's third visit to the Tested cave, Jenkins shows Savage why you should never trust someone else's phone charger.
Adam Savage's Wi-Fi gets hacked
Jenkins returns to Tested to explore how attackers can hijack your connection, steal your credentials, and gain access to sensitive data—without ever touching your device.
The hidden danger of rogue Wi-Fi
Attackers can deploy devices that mimic trusted networks, broadcasting names that look familiar or even identical to real ones. All it takes is for someone to connect. From there, they may be redirected to a familiar login screen. But behind the scenes, that page is controlled by the attacker and designed to steal credentials. These devices can be placed almost anywhere:
- Coffee shops
- Offices
- Airplanes
- Even from a helicopter outside an office
No malware downloaded or phishing email required. Just a familiar network name.
How Zero Trust stops this
You can’t stop users from connecting to rogue networks or entering their credentials, but you can stop attackers from being able to use those credentials.
Zero Trust—denying by default, allowing by exception—stops attacks before they happen. And when implemented correctly, most users won’t even notice any difference. They can still do their jobs as normal, but anything outside of that is blocked by default.
AI-generated malware is on the rise
The episode also highlights another growing risk: AI-generated malware.
Jenkins demonstrates how trivial it is to manipulate AI into producing malicious code. Attackers no longer need deep technical expertise and coding knowledge. All they need is access to AI. This shows the limits of relying on detection alone—and why proactive Zero Trust controls are becoming increasingly important.
Security needs leadership buy-in
For businesses that have already experienced a cyberattack, the value of stronger controls is obvious. For those that haven’t, it can be harder to justify change. That’s why IT and security teams need leadership support. The best time to take action was yesterday. The second-best time is today.
Why Adam Savage won't trust USB keys
A computer isn't always what most people imagine. There are devices that look like an innocent charging cable or USB storage drive but have a full-fledged computer inside them.
This way, they can steal your data and execute code as soon as you plug them in—even if you block USB storage devices. People store their emails, bank information, and tax returns on their computers, and these devices put all of it at risk.
In this episode, Savage and Jenkins, reviewed three different types of common USB devices and how they can silently steal your keystrokes, files, and even screenshots of your computer every minute.
It doesn’t matter what EDR you have, how fast your response time is, or how well you train your employees. It only takes one mistake from one user, and you’re compromised.
The only way to stop this is to enforce Zero Trust controls to account for the user making those mistakes.
Once you do that, it becomes a lot easier to see what you need to do to protect your environment: Only allow what’s needed and block everything else.
For example, don’t let PowerShell access the internet if it doesn’t need to, and don’t let unknown scripts run when the computer starts up.
That said, users should always be wary of any unexpected emails or calls.
AI has made it incredibly easy to make nearly flawless phishing emails or deep fake voice calls of people.
If your IT department tells you to run some code, do not proceed without first confirming through a second line of communication that you’re speaking to the proper people.
And if you find a random USB drive somewhere, heed Adam's advice—plugging it in is like chewing gum you found on the subway. Just don't do it.
ABOUT THE AUTHOR
Kieran Human is a Lead Cybersecurity Engineer at ThreatLocker. He holds a Master of Science in Cybersecurity and Privacy from the University of Central Florida, where he focused his thesis on cryptocurrency and cybercrime. Kieran applies his deep technical expertise to solve complex client challenges and lead critical product research. A passionate educator, he shares his insights through technical writing, white papers, and webinars.
