The importance of keeping calm in trying circumstances: Zero Trust World 2026

The final day of ThreatLocker's annual Zero Trust World conference in Orlando, Florida, began Friday (March 6) with a presentation by Linus Sebastian and Luke Lafreniere of the YouTube channel Linus Tech Tips, which was famously hacked and taken offline by an attack in March 2023.

"Just because you're tech-savvy, it doesn't mean you're impervious," Sebastian told the audience. "As embarrassing as it is, you should talk about the times you got bamboozled."

Lafreniere explained that someone had emailed their company, Linus Media Group, a PDF that when opened launched an infostealer that took screenshots and captured browser cookies, then sent them to a remote server.

Using this information, the attacker captured credentials and took over the main Linus Tech Tips channel and two others, changing the content to promoting cryptocurrencies.

"There's footage of me buck-ass naked sprinting down the stairs in the middle of the night during the attack," said Sebastian. "Our video editor had to blur some things."

Linus Media Group had multi-factor authentication (MFA) enabled for its accounts, Sebastian said, and he initially assumed an MFA factor like an one-time passcode transmitted via SMS or an authenticator app had been compromised.

But none were. Instead, the attackers had captured session tokens to logged-in accounts, bypassing MFA completely and granting access to the company's YouTube channels. Lafreniere said he figured that out only because he'd been hearing chatter about similar attacks.

"Through a solid amount of luck, I was able to pin it down pretty quickly," Lafreniere said. "Because I'm part of these [cybersecurity] circles, I kind of knew what was going on."

Sebastian related another time when he lost control of his Twitter account because the attack hit him in the middle of a pool party.

"Often you're susceptible when you're groggy or distracted," he said. "I got an email that said my Twitter account had been hacked."

"It looked pretty legit. But all I did was go, 'Oh no, I'm in the middle of flipping burgers and I've got two dozen people in my yard,'" Sebastian said. "Under any other circumstances I would have seen that email and said 'yeah, right' and gone over to the website myself. But I had meat on the grill, and it was in danger of burning."

Lafreniere and Sebastian stressed that these incidents, and others they related, showed that no amount of training or technical know-how can prevent every attack.

They touted ThreatLocker, which they implemented after the 2023 channel takedown, as being the sort of security program that makes sure ordinary human error doesn't lead to catastrophe.

"I have to accept that I'm not perfect and the people I work with are not perfect," said Sebastian. "We need to build systems that will protect us from our users and from ourselves."

What MythBusters couldn't show you

The last keynote of the conference featured Adam Savage, co-host of the long-missed science TV show MythBusters, who discussed what the show's team decided not to broadcast for various reasons.

In one show, the MythBusters team was able to completely destroy the pressurized fuselage of a commercial airliner, which they hadn't expected. They had unintentionally placed a shaped charge at the weakest spot in the fuselage — and the FAA asked them not to reveal it.

"So we edited the video so that you couldn't tell where we put it," Savage said.

Another show tested the myth that some common household products could be used to create powerful explosives. For one particular combination of materials, the myth proved to be very true. The resulting explosion was "so energetic," as Savage put it, that the local bomb squad was contacted.

"Everyone was safe, but the bomb squad confirmed that [the chemical combination] was something they knew about," Savage said. "They were very glad that we decided to scrap that part of the episode."

Then there was the notorious "cannonball incident," in which a cannon shot a ball through a collection of water-filled garbage tanks and into a hillside beyond, which was supposed to absorb the blow.

"We had fired cannonballs into a hill of clay before," Savage explained. "But this time there had been a drought for years and the clay was hard as rock."

The cannonball instead bounced up the hill, traveled nearly half a mile through the air, bounced off a suburban street, traveled upwards through two stories of a house, soared over a four-lane road, bounced off another house's roof, and finally ended its voyage in the front seat of a parked car.

"Our initial impulse was to make everyone whole and apologize," Savage said, but the Discovery Channel's lawyers warned against that.

The MythBusters team did so anyway, visiting the damaged houses the next day and setting up a press conference in the neighborhood.

"We told the press that we would take care of this, explained what happened, and that we would make people whole," he said. "And the story disappeared the next day. It showed the value of transparency."

Rubber ducky, you're the one

One unique thing about Zero Trust World is that it offers short, informal training sessions in the form of "hacking labs" that you don't have to pay extra for.

We tried out a few of these training sessions and were impressed to see that the test beds were hundreds of brand-new Microsoft Surface laptops that, with 1 TB SSDs and 32 GB of RAM, retailed for about $2,000 apiece.

One hacking lab taught us how to use a "Rubber Ducky" penetration-testing tool that looks like a regular USB drive, but is actually a tiny computer that executes PowerShell scripts when plugged into a Windows PC.

We learned how to activate the Rubber Ducky by taking it apart, how to generate and load scripts onto it, and how to run the scripts on a virtual machine. We even got to take the Rubber Ducky home with us.

Another lab showed us how to get large language models like ChatGPT or Microsoft Copilot to code basic information-stealing malware for us.

In this case, a custom LLM called Gemma was used, but it threw up the same warnings about malicious usage that any LLM would — and then wrote malicious PowerShell scripts anyway for "educational purposes." We tested several different infostealers on a virtual machine and they worked.

Closing words

At the end of the show Friday afternoon, ThreatLocker CEO Danny Jenkins and COO Sami Jenkins came out on the mainstage to close the session and donate the proceeds from the conference swag store — $122,036 — to the Ronald McDonald House Charities of Central Florida. (Ronald McDonald Houses house and feed families that must travel to specialized pediatric hospitals for children's medical treatment.)

ThreatLocker CEO Danny Jenkins, at left, presents officials of Ronald McDonald House of Central Florida with a donation as ThreatLocker executives, including COO Sami Jenkins, third from right, look on at the Zero Trust World conference in Orlando, Florida, March 6, 2026. Credit: Paul Wagenseil/SC Media

Danny Jenkins ran through what he said were the essential system-protection methods he had learned and that ThreatLocker provided:

Block untrusted software.
Limit what even approved applications can do -- ThreatLocker calls this "ringfencing."
Close down internal SMB (server message block) ports.
Limit access to SaaS applications to only trusted IP addresses.
Configure auto-response policies to lock down administrative tools.
Use Zero Trust cloud access and Zero Trust network access, two new ThreatLocker features.
Use ThreatLocker's Defense Against Configurations tool to properly configure applications and services.