Talkin' Bout [Infosec] News | Iranian Hackers Claim Responsibility for Stryker Attack

This episode covers multiple cybersecurity news stories, including Iranian hackers claiming responsibility for a cyberattack on Stryker, ongoing challenges in attributing nation-state cyber operations, and broader trends in global cyber conflict. The hosts also discuss the reliability of public breach claims, emerging threats targeting critical industries, and how organizations are responding to an increasingly complex threat landscape.

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

Chapters

(00:00) - PreShow Banter™ — Organizing Family Beets
(04:02) - Iranian Hackers Claim Responsibility for Stryker Attack - 2026-06-16
(08:56) - Story # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
(23:38) - Story # 2: How We Hacked McKinsey's AI Platform
(32:30) - Story # 3: Amazon holds engineering meeting following AI-related outages
(39:11) - Story # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platform
(45:24) - Story # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
(50:45) - Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS Attack
(51:08) - Story # 7: New Dohdoor malware campaign targets education and health care
(58:10) - Story # 8: Man's dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchers

Links
Story # 1: Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
Story # 2: How We Hacked McKinsey’s AI Platform
Story # 3: Amazon holds engineering meeting following AI-related outages
Story # 4: Meta gets into social networks for AI agents with acquisition of viral Moltbook platform
Story # 5: Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
Story # 6: Michelin Confirms Data Breach Linked to Oracle EBS Attack
Story # 7: New Dohdoor malware campaign targets education and health care
Story # 8: Man’s dog was riddled with tumors and dying. He used ChatGPT to design a custom cancer vaccine, stunning researchers

Click here to watch this episode on YouTube.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Creators and Guests

Host

Bronwen Aker

Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.

Host

Corey Ham

Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.

Host

Hayden Covington

Hayden Covington joined Black Hills Information Security (BHIS) in the Summer of 2022 as a SOC Analyst. He chose BHIS after hearing many great things over the years and seeing the quality of work, as well as finding people who have the same passion for the field as he does. His favorite part of the job so far has been the community. Previously, Hayden worked in a SOC for a Naval contractor, where he also served as their SOAR project manager and SME, as well as insider threat lead. When he’s not working, Hayden can be found doing anything athletic (like triathlons!), as well as enjoying video gaming and Formula 1.

Host

John Strand

John Strand has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry-shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.

Host

Ralph May

Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.

Host

Wade Wells

Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events

Guest

Dan Rearden (Haircutfish)

Dan Rearden, known in the community as HaircutFish, is an experienced SOC Analyst who transitioned into cybersecurity following a career-changing injury in 2020. Driven by a passion for solving complex puzzles and an exploratory mindset, he evolved from hardware repair into a dedicated Blue Team professional. In his current role, Dan triages high-level security tickets while actively contributing to the community through technical discourse. Dan is dedicated to refining his skills at detection engineering and advancing the field of defensive security.

Producer

Meagan Bentley

Guest

Troy Wojewoda

Troy Wojewoda is a Security Consultant at Black Hills Information Security (BHIS). Prior to joining BHIS, Troy has held roles in application and system administration, host and network intrusion detection, wireless security, penetration testing, digital forensics, malware analysis, threat hunting, and incident response. In addition to earning several professional certifications, Troy has a BS in Computer Engineering and Computer Science. Troy enjoys writing custom tools and developing novel techniques for testing the security posture of an organization. Away from work, Troy enjoys spending time with his family, camping/hiking in the mountains, homebrewing, woodworking, and coaching children in STEM programs.

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET

Wade Wells: 00:01

I I got kind of something. Did I have I talked about my family organizer program yet? I think I talked about

John Strand: 00:07

it with

Hayden Covington: 00:07

David. Family organizer program? We need to have another chat because I have one that

Corey Ham: 00:12

What is it like now? Okay. This could go one of two ways. I'm very please allow

John Strand: 00:18

me Yeah.

Wade Wells: 00:18

Let me let me throw you my GitHub real quick on

Hayden Covington: 00:22

this thing. We'll throw

Dan Rearden: 00:23

that up.

Corey Ham: 00:23

Is GitHub one of you, the next Malt book creator?

Wade Wells: 00:26

No, dude. I literally got bold. No. Yeah. I wish.

Wade Wells: 00:29

I wish. Dear God.

Corey Ham: 00:30

I'll throw

Wade Wells: 00:31

it in private chat. I'm not gonna throw it in Discord because I don't want I'm sure there's a key somewhere in there where I'm gonna get, oh, no, everyone.

Hayden Covington: 00:37

I'm gonna send my agents after it and I'm gonna start adding a bunch of stuff that I want to your to do list. I'm

Wade Wells: 00:43

fine with that. So I wanted one of those, like, family organizer, like, monitor things for a long time. But but all the good ones, you gotta pay subscriptions for, like Yeah. The bare minimum of things. And so I've been on leave for three weeks now and my goal was like, alright, I need to I'm watching Hayden destroy me in AI knowledge.

Wade Wells: 01:04

So I'm like, I need to catch up and build something. So I built a family organizer program from scratch with all of the I've been messing around with all of them. And it pretty much does everything they all do. And I just run it at I run it at home on a Raspberry Pi with a touchscreen monitor and then have tails tail scale installed on it so I can access it anywhere.

Hayden Covington: 01:28

Love it. We're we're at, like, the inflection point where there's so many projects that I see. I'm like, $20 a month, I'm not paying for that. But then I'm like, but I really don't wanna spend all my time building it either.

Wade Wells: 01:39

Dude, I I got I got this working in twenty four hours. I got it you

Bronwen Aker: 01:44

don't just have to build it. You have to maintain it. That's the ultimate I tell

Hayden Covington: 01:49

you don't.

Corey Ham: 01:49

You definitely don't.

Wade Wells: 01:50

This doesn't touch the internet. Yeah. Technically, this doesn't touch the internet. I have locked down.

Hayden Covington: 01:55

Yeah.

Wade Wells: 01:56

It and Do you have

Corey Ham: 01:57

an odd do you do you have a script that generates a family for you if you don't have one?

Wade Wells: 02:01

It does. It will. And it'll put events on your calendar so you feel there's chat

Hayden Covington: 02:05

image of them constantly asking for money.

Troy Wojewoda: 02:10

It's like

Corey Ham: 02:12

think it's about my request. Alright.

Wade Wells: 02:13

I will admit, like, the thing I am most proud about so, like, working in fast food industry, one of the things I always loved is, having an inventory of everything in your house. Right? So I have like a grocery list. Mhmm. Once you go grocery shopping, that list, you can import it into your inventory.

Wade Wells: 02:29

Right? Yeah. You can set low marks and stuff like that. You can look at everything you have in your kitchen. And then if it's low, you can say, hey, add everything that's low to my grocery list so you can go.

Wade Wells: 02:38

Then there's a meal planning functionality that looks at your inventory and you can add recipes to it and will tell you like, hey, here's everything you can make tonight and I I plan on adding like a meal database to it. Mhmm.

John Strand: 02:52

So then

Hayden Covington: 02:52

you do after this. I built the exact same thing this weekend. Kroger has a public API, bro. I I just hooked mine into my Kroger order history.

Corey Ham: 03:00

I was

Hayden Covington: 03:00

like, hey, here's my order history.

Wade Wells: 03:02

So you can bulk

John Strand: 03:04

upload inventory. I have this thing where Erica, like, during the summer, she has her garden. And it's like every time I hope my mic's a little bit better. But every time I come home, it's like iron shaft. It's like so we got like a zucchini and we have beets, which the first thing I do is just throw the beets away.

John Strand: 03:26

Joking. I wouldn't do that.

Bronwen Aker: 03:27

But Beets are good for making pink pickled eggs.

John Strand: 03:32

But it's kind of like that as it's kind of which is crazy.

Corey Ham: 03:37

So Should we do the show? Should we do the podcast? Should we just I mean, honestly, this is more maybe a more interesting topic to talk about how we can prompt inject Hayden's thing to send him 80 jars of pickled bees. Hey.

Hayden Covington: 03:47

It can't order them. I I'm aware of the problems. It can't I can't order them yet. But if I get prompt injection, I can just have it edited. It doesn't have the API scopes.

Hayden Covington: 03:56

Don't you dare send me a whole bunch of bees. Oh, I I

Corey Ham: 03:58

can send the API scopes anyway. Alright. Okay. Alright. Roll the roll the finger.

Corey Ham: 04:02

Let's go. Hello and welcome to Black Hills Information Security's talking about news at 03/16/2026. Let's talk about news. There's a lot First of of all, MoltBook got acquired. No.

Corey Ham: 04:29

I'm just kidding. That's not the most important news. Let let's introduce everyone. We've got Haircut Fish, who's our resident meme expert, meme apparently, real name's Dan. Who would yeah.

Corey Ham: 04:42

I don't

Hayden Covington: 04:42

look like

John Strand: 04:43

a Dan. In the world and your mom looked at you was like, haircut fish.

Corey Ham: 04:47

Where did what is the origin story of haircut fish as a username? Is it random? Like, was it like Oh. Because that's where you know, sounds

Dan Rearden: 04:54

Pretty much. Yeah. It's it was something stupid I came up with in high school. I was in the mood for Long John Silver's and walking into the mall over there was a haircut place. Haircut Fish was born.

Corey Ham: 05:05

No. Super nice. I love that. That's fun. I will say I also, like, back in the day when you'd sign up for Xbox Live, it would be like, we don't have a username.

Corey Ham: 05:14

We'll generate one. And it was like, it was always verb and then animal, so I was like acting raccoon or whatever, you know, like it was it was always name.

Hayden Covington: 05:21

And now you're Corey Ham, which also sounds a truck's

Corey Ham: 05:25

was I I was Rocket Raccoon before it was cool. Alright, Hayden. Give yourself an intro. What's your fake username? What's your real username?

Hayden Covington: 05:33

My real username is Hayden. My social is no. Wait. Your real username is Hayden? Yeah.

Hayden Covington: 05:41

Yeah. I got the original one. Yeah. It cost me a lot of money. Man.

Hayden Covington: 05:46

Don't don't worry they made me so much money this month. They didn't

Corey Ham: 05:50

No one believes you DM me your Kroger API key on Reddit or whatever.

Hayden Covington: 05:54

I'll I'll send you my Kroger API key. I'll send I have a Kroger API key. I had a friend who was working outdoors and he sent me this picture of his lovely flower flower bed and all that stuff he was doing. I responded with just a screenshot of the Kroger Kroger developers webpage. I was like, this is what I'm doing today.

Corey Ham: 06:10

Oh, man. We've got Bronwen who's currently creating an AI agent to automate her pickling of eggs, apparently. Oh. Cool. I do love a pickled egg.

Corey Ham: 06:20

Anyway, John's not here. He's he's he's here, but he's not here. He's he's gonna rant later. Just just He'll he'll be back. I'm calling it now.

Corey Ham: 06:30

Got Wade. He's looking for investors in his IoT project that he's working on. Everyone knows. IoT projects are so hot these days. I'm dropping a link in chat

Hayden Covington: 06:39

now to his private GitHub repo.

Wade Wells: 06:41

I I dropped I dropped it. It's okay. You can go

Corey Ham: 06:44

private? You got it. It's

Wade Wells: 06:46

It's two scripts. That's all

Corey Ham: 06:51

you gotta run. Two scripts.

Wade Wells: 06:52

And I just have a back end, didn't do I have a like a backdoor in your computer. Don't worry about it. Alright? Yeah. No.

Wade Wells: 06:58

I honestly just have Claude code installed on the Raspberry Pi. When something breaks, I tell it, hey, what what what's wrong? Go

John Strand: 07:05

fix it.

Wade Wells: 07:05

And it does. I'm like, alright, cool. Push.

Hayden Covington: 07:08

Pushed it. So Done.

Bronwen Aker: 07:10

Kinda like what Amazon did.

Corey Ham: 07:12

Yeah. I was gonna say, alright, do you work at Amazon? Are you a level seven engineer at Amazon?

John Strand: 07:16

You are I can't can't

Wade Wells: 07:17

tell you about that

Corey Ham: 07:17

right now. That that's spoiling what's yet to come. So we also have Ralph, the who's doing a Rubik's Cube. Ralph, you know you know you can get Rubik's Cubes that only have one color. Right?

Corey Ham: 07:28

That's a nice little hack for you.

Hayden Covington: 07:29

Yes. Actually, I I looked up some silly projects where they have the automatic solvers, and I was like, oh, I should totally build that. That was one thing I thought. But there's, 900 projects. This one's been solved, by the way.

Hayden Covington: 07:40

I mean

Corey Ham: 07:40

Uh-huh. Well well, that remains to

Hayden Covington: 07:42

be seen. I'm just kidding.

Corey Ham: 07:45

We have Troy, lastly, who's our resident threat intel expert, I guess. If you wanna or do you wanna fight Hayden for that title?

John Strand: 07:53

Wow. I don't

Hayden Covington: 07:54

want that title.

Wade Wells: 07:55

Everyone who teaches the course.

Corey Ham: 07:59

We can have okay. Later, we'll do a lightning round where you guys can all answer threat intel questions and I'll meet someone who knows nothing about threat intel will

Hayden Covington: 08:06

be the judge. It's like naming the digits of pi except you go up in the APT numbers and you gotta name what country and what they call themselves.

Troy Wojewoda: 08:13

Happy so many different aliases of the same APT that you know. Right?

John Strand: 08:18

Oh, my god.

Corey Ham: 08:19

I just just wonder there's like

John Strand: 08:20

an Xbox room somewhere and all the APTs join it and it's like, that's your APT name. Like, sad panda fifty two. It's like, oh, I wanted be wanted wanted to be t bone rocket. It's like, sorry, man.

Hayden Covington: 08:34

I I still think we should give them really insulting names because then they won't be incentivized anymore to do crime.

Wade Wells: 08:39

Could you imagine the news? Like, I don't even wanna say what I saw, but just like, I don't wanna put anything in the swear jar,

John Strand: 08:48

but penises today. I

Corey Ham: 08:52

haven't seen the news, but I think John's version is the best. Alright. Let's get into articles. What do we got? Does anyone have any hot I mean, there's a lot of hot and spicy articles.

Corey Ham: 09:00

I think the biggest one we should probably start with is Stryker. That was that happened last That really kind of it blew my mind when it happened. So for those that don't know or or if you live under a rock, Stryker, s t r y k e r, is a medical devices company. They're kind of like med tech, I guess. I have a friend who's a surgeon and he was like, oh god, this

Hayden Covington: 09:20

is gonna be bad. Yeah.

Corey Ham: 09:22

Basically, they got compromised by Iranian affiliated or Iranian, you know, associated threat actors. And it appears that they got global admin in their Intune or global admin in their Entre ID, you know, basically, in their cloud. And then deployed a wiper malware, which a wiper malware is just factory resetting all their devices in Intune. So I at least that's like, I'm sure the Threat Intel people have more in-depth write up to what that is, but it sounds like petabytes of data have been wiped, which is absolutely crazy. Even including people's personal phones, if you were enrolled with the company MDM, it just wiped your phone.

Hayden Covington: 09:58

My god. Which is

Wade Wells: 10:00

Literally worst case scenario.

Corey Ham: 10:01

Brutal worst case scenario. So I mean,

Hayden Covington: 10:04

I'm writing software right now to secure your Intune.

John Strand: 10:08

Yeah. Some people just wanna watch the world burn, Master Bruce. I that's what I remember. I was reading this.

Hayden Covington: 10:13

Was like Yeah.

Troy Wojewoda: 10:15

They claimed to have X filled the data too, right? Not just wiped it, but I mean

Hayden Covington: 10:18

A petabyte X filled data? Yeah. That's a good claim.

Corey Ham: 10:21

I was gonna say, that's gotta be yes. Petabyte. Ironically, Intune doesn't have petabyte? What the hell? Yeah.

Corey Ham: 10:28

No. Either the either they're paying, like, a nation state level fee on their AWS s three buckets or, like

Troy Wojewoda: 10:37

They just took them over.

Corey Ham: 10:39

Yeah. Maybe. I mean, basically, the way I'm interpreting this is they had access to Intune and a few other places. If you're wondering like, what can I learn from this as an organization? The biggest thing is just control and limit access to your global admin in in Azure.

Corey Ham: 10:54

Like, do make sure that that's a lot of doomsday keys that have to get turned to reset that kind of stuff in Intune. And you can also apparently rate limit the speed at which devices can be reset. So that's another control place. Yeah. There there was a pretty interesting write up that someone sent me that has kind of some detection engineering packs and things you can do for detecting it.

Hayden Covington: 11:20

For how they got into their Intune. Right? Or is it just they got administrator on Microsoft and guess what?

Corey Ham: 11:27

That's a good question. I'm assuming they got global admin, but I don't think that's answered. Maybe I'm wrong. I guess Troy, Wade, Hayden, like, is initial access nailed down? I'm we're assuming phishing or vishing.

Corey Ham: 11:37

Right? But we don't know.

Hayden Covington: 11:38

I mean, the Cribs article doesn't say it, but it's gotta be, like, phishing.

Corey Ham: 11:43

Have Fishing or fishing, that's all I can think of.

Hayden Covington: 11:46

So is this the solution not to use Plout?

Wade Wells: 11:49

The big thing I saw I don't know why this was mentioned so much, but was because Stryker bought a medical device chair, like, bed company in Israel. And that was like the first thing that stood out to me. But because Iran is always gonna target Israel. Right? And but seeing that I was like, okay, did they pivot from that company into the greater company?

Wade Wells: 12:11

Because during any type of merger, there's a bunch of crazy stuff that can happen and

John Strand: 12:15

usually like this gets into like I haven't seen anybody this in with, like, an article of how initial attack factor was. It's possible they don't even know. And one of the problems I have, especially with companies that you get to a certain size, and and we talk about this a lot with continuous pen testing and standard pen testing, is it's much easier to break into a larger corporation than it is like a small one of like a hundred hundred and fifty employees. And it's just your attack surface is just so much larger. There's so many opportunities for social engineering.

John Strand: 12:45

There's so much, like, the the attack space for SaaS products and API keys being bled out through the cloud. There's also a much larger attack surface. And Corey, I wanted you to talk talk about this a little bit. As soon as you start implementing Infosecaler logs and you start going in, like, breach databases, your likelihood of having the creds or you know API keys or session tokens all of a sudden starts growing up dramatically once you start getting past like ten, fifteen thousand

Corey Ham: 13:15

I mean, if yeah. I mean, I would say if it was Infosealer, this would be like the world record Infosealer.

Hayden Covington: 13:22

Like like Yeah. It would

Corey Ham: 13:25

be like the like literally disbelief levels would be so high.

John Strand: 13:29

No. I mean, for initial access, getting one account Yeah.

Corey Ham: 13:33

Getting in. Okay. Yeah.

John Strand: 13:34

One account, not all of them all in one shot. I'm just talking about the initial crack the door open, get into the environment. Because once you get into a lot of these environments with valid creds, you know, if we go back to, you know, like if we go into like Bows tool. Right? Where we're looking at Graph Runner.

John Strand: 13:50

Once you're in, like, the ability and the amount of options to start moving laterally in cloud infrastructure is just so vast and much harder.

Corey Ham: 13:59

Honestly, if I had to guess, like, if I had to guess, I would guess they just vished or helped desk SE ed a super high level admin. That that would be my guess. Like, that that's I I bet you they just went after a super high level admin. That one guy who, like, lives in the basement, doesn't have any controls on his account because he's super aggressive. Like, that I

John Strand: 14:18

wouldn't hate them.

Corey Ham: 14:19

Yeah. Basically, like, the guy who set up the Entre ID tenant and, like, still has GlobalAdden even though he shouldn't, but everyone's afraid to take it away. That's my guess. Like, I don't know if that's true, but typically when we see an a compromise happen this quickly, it happens from a privileged user. That's the initial access factor is like, a privileged user just gives up their Azure and there's no PIM, like, that that one individual is just an privileged user and can do everything.

Corey Ham: 14:45

That's my guess. But I mean, that's total speculation.

Wade Wells: 14:48

We're missing out on one thing here. How did they get 20 petabytes of hard drive space in this They didn't.

Corey Ham: 14:54

There there's no way. That came out

John Strand: 14:56

the world. That is all made up.

Corey Ham: 14:57

In this economy, no way. In

John Strand: 14:59

this economy,

Hayden Covington: 14:59

dude, the s three cost on like 12 petabytes is something like $264,000 a month. Right? And that just assumes that you have the time to get that in there. Right? Like, you might as well buy a semi truck, load it with hard drives, because that's the fastest way you're gonna get into an 800,000,000

John Strand: 15:16

of no one noticed it leaving? It's like Yeah. The Internet's running this soon. Don't know what's going on here.

Hayden Covington: 15:23

A Fast Furious

Corey Ham: 15:24

time or something.

Wade Wells: 15:25

Right? With semi trucks and hard drives and Yeah. Yeah.

Hayden Covington: 15:30

Honestly, that that's what that would be if they came out with a new Fast and Furious to mirror the other one, they'd be stealing hard drives, not me.

Corey Ham: 15:37

Is so true. That is so true. It would be like GPUs, dude. Yes. Yeah.

Corey Ham: 15:42

No. I mean, yeah. Basically I mean, like, yeah. I mean, the last meme before we move on will be like, sir, we've had a AWS snowball delivery request to iRan, you know, eRan or whatever.

Hayden Covington: 15:55

IRan, yeah.

Corey Ham: 15:56

Should we should No. We deliver I don't think we should. It you know, high risk environment there. But I will say, I I I think this is about as close as it gets to, like, a cyber missile strike. Right?

Corey Ham: 16:08

Yeah. Like, like, I don't know. Mean, just

Hayden Covington: 16:09

one retaliation for one. Right?

Corey Ham: 16:12

Yeah. Yeah. I wonder

John Strand: 16:13

if they

Hayden Covington: 16:13

had a list and they were like, here's 20 people that we all hate and let's go see if we attack one of them. Right? Because there's no way that they were just like

Corey Ham: 16:21

Oh, I bet you they had access. Yeah. I bet you they already had it.

Hayden Covington: 16:24

You think they already had access?

Corey Ham: 16:25

They were just holding onto it? Yes. That's my personal belief. It's like, they're basically just That's a good I mean, they're they're state sponsored actors. They're always hacking.

Corey Ham: 16:33

That's their job. Then they're like, oh, we're getting actual kinetic. Let's go let's just nuke it. That's my guess. Okay.

Dan Rearden: 16:40

I was able to find recorded futures, put something out today. It said the Cisco Talos incident responders said that it was hundreds of leaked Stryker credentials on the dark web that they used, and then they were just using living off the land techniques that get widespread. So yeah.

Corey Ham: 16:59

We've never heard this before. Is Yeah. This is new.

John Strand: 17:02

So one of the things, you know, kind of, like, well, you're moving past Stryker. We have Verifone was hit, Eminet, Passgard was hit, Israeli transportation and logistics, number of things in as far as infrastructure. And then a whole bunch of universities were hit, Israeli journalists and academics as well. The reason why I'm I'm bringing this part up is cyber side seems to have been pretty light. I I I thought the amount of cyber retaliation from Iran would be a lot worse.

John Strand: 17:34

And I wanted to get especially like Wade and Connors or Wade and Hayden's god. Sorry. Hayden. Wade and Hayden's opinions on this. Why?

John Strand: 17:45

Why has this not been worse from a cyber perspective than it has been so far? Is it because a, they just it's it's a tough nut to crack? Is it b, they're waiting and they're gonna try to, like, stretch this out? Or is there something else that I'm missing?

Wade Wells: 18:01

I don't think they're waiting. I think they've they're they're going This is it? Full bore right

Hayden Covington: 18:05

now. Yeah. I think this is Yeah. I was about to say, I don't I don't know if they have, like I I don't know a whole lot about their internal organizational structure, obviously. But I wouldn't sort of pick them as one of the ones to like hold a ton of access back and sit on it for however long.

Hayden Covington: 18:19

Like, I would expect they get something and they go for it, is how I would kind of imagine that.

John Strand: 18:24

So other possibility by the way, we just coined a new a new person. It's Wade and Hayden.

Hayden Covington: 18:29

Wade and Hayden.

John Strand: 18:31

And Hayden. That's funny. Wade

Corey Ham: 18:35

and Hayden. Wade and get branched.

Hayden Covington: 18:37

Woah. But

John Strand: 18:39

so the other possibility is in the opening salvos of this attack, I wonder if they actually did hit some of their cyber offensive capabilities as well.

Corey Ham: 18:47

Oh, definitely. Oh, yeah. There's no doubt. 5,000 targets were hit. I mean, there's even like unverified tweets talking specifically about Also

Troy Wojewoda: 18:57

talk about hitting satellite, like, they're they're trying to gain access to satellite infrastructure as well, like, the Iranians because of that. I thought I saw

John Strand: 19:04

something where there was there

Troy Wojewoda: 19:06

was attempts at, like, Starlink and and other satellite infrastructure. So they probably did get hit from a backbone perspective of what they what they can access.

Hayden Covington: 19:14

And it could also

Wade Wells: 19:15

be there's a lot more targets hit with that aren't saying anything from what

Hayden Covington: 19:19

I've Sure. Feedback.

John Strand: 19:20

That's a good point. Okay. So that's funny. I did read, there was a rabbit, like, on the cyber security subreddit. There was someone that's like, this is beautiful.

John Strand: 19:28

Every hack that happens from like the next few weeks, we could just blame on Iran. And the CBA shows I mean, they

Troy Wojewoda: 19:36

I mean, they got their reputation really came from, like, Saudi Aramco. Remember, where, like, when that hack happened, and then the casino after that, it was like, wow. Like, and then anything anytime I remember during the first Trump administration when the general got taken out, like, the previous organization I was working at, we were kinda in the defense space, like, everybody was freaking out, like, were gonna retaliate and start, like, going after, because that's where they Like, they got notorious from those hacks, and those small little hacks, right, that they pulled off.

John Strand: 20:06

Yeah. Were they were pretty technically advanced. That's one of the reasons why I would absolutely see it as the first wave of strikes going after their cyber capability.

Corey Ham: 20:15

I don't think first wave, but second wave. I mean, again, seems

John Strand: 20:18

like Thousand in first wave? Yeah.

Corey Ham: 20:22

Yeah. Basically, that seems to be the general assumption is that if you have 5,000 targets, one of those is gonna be the one with the highest bandwidth, a blink or whatever. Right? Like, just go simple.

John Strand: 20:35

And there's also, like, a whole attribute of this, that happens. Right? We're just stacking a bunch of what ifs on what ifs, what ifs, which means it's all it's all bullshit. But if they did take out cyber attack infrastructure in Iran in the first or second wave, okay, if that did happen, that also tells me something. That they didn't need that infrastructure from an intel perspective.

John Strand: 20:56

That tells me that they had some other capability where they were already inside of the comms that they just didn't need to be riding on top of the comms of people that probably got hit first or second wave. So like I said, this is for me, the news story is the cyber attacks haven't been as bad as they could've and should've been. And what does that mean? Because either a, they're sending it back or b, they were absolutely destroyed in the first couple of waves.

Wade Wells: 21:23

What about That's about vice versa though? Iran. Go ahead. We haven't heard of any cyber attacks happening inside their local networks. Like I

Hayden Covington: 21:30

don't think

Wade Wells: 21:31

as much as we've seen it.

John Strand: 21:32

Okay. No. That's not true. That's not remember, there was a lot of news stories that were talking about Iranian intelligence being able to pull together that the Ayatollah and all the top people were at a specific location. They were hacking traffic cameras.

John Strand: 21:47

They were pulling in multiple intel sources to make sure that whenever they were striking that they were gonna hit as many of the high ranking officials as possible. Now, all that being said, they clearly missed that there was an elementary school that hadn't been used for military purposes for almost a decade. So their mileage may vary in that situation. But there were a lot of stories about the level of intelligence that that by the way, that train, not me. That's not my location.

John Strand: 22:13

There was a lot of stories talking about the level of cyber that was used specifically for Israel being able to pull together that all of these people were gonna be together at one place at one time.

Wade Wells: 22:25

I clearly state was heartbeat.

Bronwen Aker: 22:28

Because of Russian intelligence helping with that.

John Strand: 22:33

Go to Israel or Iran?

Bronwen Aker: 22:35

Against against Iran.

John Strand: 22:37

I hadn't I haven't read anything as far as Russia and intelligence against Iran. I have I have heard nothing So about it doesn't mean I just have missed it, I suppose.

Wade Wells: 22:46

The the theory behind that is that if with Iran blocking the straits, that oil is gonna be not be able to flow as quickly.

John Strand: 22:55

That makes

Corey Ham: 22:56

we've already seen that happen.

Wade Wells: 22:58

So yeah. Then the then the sanctions are loosened on Russia, so oil can come from Russia.

Corey Ham: 23:03

The enemy of my enemy is my friend, the old classic. I guess. That's right. Alright. That's probably enough geopolitical posture before we all back ourselves into a fake poly side degree over here.

John Strand: 23:13

Yeah. Great. Great. Yeah. What are you pulling fake, man?

Hayden Covington: 23:18

We should talk about Wade's household management tool again.

Corey Ham: 23:21

No. We should We're gonna talk to why don't you you give us the documentation for your Kroger API tool So we can hack

Hayden Covington: 23:28

it so hard. We're we're holding

John Strand: 23:29

that ransom.

Corey Ham: 23:29

If you wanna build me

Hayden Covington: 23:31

a Kroger card, I'll order it. Nah. Nah. Nah. I don't think so.

Corey Ham: 23:36

Not not worth it. So let's talk about the McKinsey thing. Do you guys wanna talk about that? It seemed pretty high profile. It's kind of a it's not so this is nothing crazy, but this is, I would say, a current trend in cybersecurity.

Corey Ham: 23:49

We're seeing threat actors going after traditional vulnerabilities with, you know, AI, basically, agentic AI. But this one's extra spicy because it also incorporates going against AI at the same time. So basically, McKinsey I don't I think McKinsey I don't even know what they are. What is it

John Strand: 24:10

Is this a

Corey Ham: 24:11

consulting company? Consulting? Yeah. Like they're they're

Hayden Covington: 24:13

like big four but not

John Strand: 24:15

We sell in Hamilton. Mhmm. Yeah.

Corey Ham: 24:16

So Yeah. Big four but not. Basically, they had this exposed AI agent. They had an internal AI platform that Who knows them? They have they have 43,000 employees, apparently.

Corey Ham: 24:29

Holy crap.

Hayden Covington: 24:31

What's happened? Okay, bro.

Corey Ham: 24:32

This is, like, basically, this story has played out in a lot of companies, and so it's representative of the way things are. They built an internal portal. It's internal, so it doesn't have to be secure. Doesn't need a pen

Hayden Covington: 24:43

test. No.

Corey Ham: 24:44

It doesn't need a pen test. And basically, exposed the chatbot and also, you know, long story short, there were traditional vulnerabilities. The cool thing from a web app perspective is that the the injection vector was actually the JSON key value, not the the or the key, not the value, if that makes sense. So like, would fly under the radar of most traditional scanners. But once they injected, it was like SQL injection, and then they convinced the AI to give out its system prompt and then, you know but basically, they ended up compromising the AI platform itself, which gave them, you know, all the prompts, which as we know, no one would ever put anything sensitive into an AI prompt, of course.

Corey Ham: 25:24

No. Never. I'm So I'm sure, you know, that led to a huge I mean, this is like a research write up. Right? Like, so I'm assuming, you know, they, like, were allowed to write this up.

Corey Ham: 25:35

But it I I think it's like, this story is playing out across all this story is playing kinda most big companies. They're like, we need an internal AI portal so that someone can ask where their HR thing is and we can give it a go give them a good answer. We're gonna skip all the security stuff and just roll it, like, not even use Claude to build it because we don't have that yet. Okay.

Hayden Covington: 26:00

Articles.

Bronwen Aker: 26:02

Minute. Reading this article, the chatbot, Lilly, had been sitting in production for over two years.

Corey Ham: 26:10

Yeah. Yeah. They built this pre AI. They they basically built this pre Opus 4.6. It was like it was like the either the old version of vibe coding that was way less secure, or it was just built by hand because it was like an executive saying, hey, we need an AI tool, and then they just built it the old way, so to speak.

Hayden Covington: 26:29

How could you build software by hand? I don't understand. That's not possible. You can't do it. What They

Bronwen Aker: 26:34

were doing it for decades.

Corey Ham: 26:34

In the before times. In the before times.

Hayden Covington: 26:37

Okay.

Troy Wojewoda: 26:37

They were called punch cards. Really?

Bronwen Aker: 26:40

I remember those. Use them.

Corey Ham: 26:43

It's how

Troy Wojewoda: 26:43

they program by hand.

Hayden Covington: 26:44

Well, dude, what's so scary about all of this is, like, you hire these sorts of consulting companies when you are, you know, like, the titans are the ones hiring these sorts of consulting companies, and you probably pay them a stupid amount of money to come in and do whatever it is they're doing. And so, when you look at, like, what they claim to have access to from hacking this chatbot, it's 46 and a half million messages, 728,000 files from, like, all of these potentially very sensitive discussions around these massive companies. So, you know, a lot of the, you know, biggest companies in the world, I imagine, would have worked with many of these consulting companies in many ways. And so it's just very scary to wonder, like, what is lurking within that context. It's just Oh, dude.

Corey Ham: 27:30

That's so bad. There's also the fact that how many companies did how many companies paid McKinsey to set this up for them? Like, at their own their own version of this? Like Yeah. Yeah.

Corey Ham: 27:43

I don't know.

John Strand: 27:43

I okay. So so, you know, you know, putting my hat on of own a security company. Did you guys look at the disclosure timeline for this thing?

Corey Ham: 27:51

Yeah. It's pretty sketch.

John Strand: 27:52

Yeah. It's I not understand that McKinsey has a bug bounty program, but they went from, like, February 28 to March 9 was the public disclosure.

Corey Ham: 28:06

And Let's just say negotiations went south pretty quick reading between the lines.

John Strand: 28:10

It says that they patched everything on the second. And I this whole timeline just really so you know that the the stuff that we've been working on with Microsoft that Matthew's been working on, Corey? Yeah. So, he just sent an email to me and we've been working with Microsoft to try to disclose something that we think is pretty bad And we started out what in October? Corey?

John Strand: 28:37

If I'm remembering correctly?

Corey Ham: 28:38

Something like that. September 30, actually.

John Strand: 28:42

So, we've been sitting on this, we've been coordinating with them, they flat out are ignoring us. There's nothing that looks and I could they probably do just fine. But there's nothing like I wanna hire these guys to come into my company. It just it also gets to, like, what is it? Bug bounty programs.

John Strand: 29:14

They're associated with Hacker One on this as well. But, good night.

Hayden Covington: 29:18

Like, this is very an ad, John. Yes. Like, this company is brand new.

Corey Ham: 29:23

No question. The domain domain for

Hayden Covington: 29:25

this company is less than thirty days. I know that if I block Right? We have an ad that can pack other companies.

Corey Ham: 29:58

Dude, by the way, that's what every pentest company is

Hayden Covington: 30:00

selling is a any

John Strand: 30:02

company, if you go to any company and they're about us, it's called the manifesto.

Hayden Covington: 30:35

Take the development offline, and then block their API documentation. They waited seven days and then immediately published this. So they they got very pissy about their response and I guess decided, well, I guess we're done talking and decided to publish it. And almost to, like,

Corey Ham: 31:19

let's go. It's one guy and 30 agents, apparently.

Hayden Covington: 31:24

Yeah. One of them is a very small mutt.

Wade Wells: 31:26

30 agents count as one person? Is that what we're going for now?

Corey Ham: 31:29

Is that the ratio?

Hayden Covington: 31:30

Yeah.

John Strand: 31:30

Yeah. I think But this brings up, like, AI is beautiful for pen testing because

Corey Ham: 31:35

Yeah.

Wade Wells: 31:36

The whole

John Strand: 31:36

product, like everything we do is breaking shit. So it's not like building resilient systems and all that. It's like, I got a whole bunch of agents that broke this. It's like, yeah, that's that's what we do, unfortunately.

Corey Ham: 31:50

Yeah.

Hayden Covington: 31:50

Not all of us. Yeah.

John Strand: 31:52

There's some good companies.

Bronwen Aker: 31:53

Well, and these days, we don't even need to break it ourselves. We can just have an AI do it for us. Mhmm.

Corey Ham: 32:01

Yeah. I mean, it's a two edged sword, though. For the companies I I mean, I definitely think for the companies who spun up their own like, we've even seen this for our clients, which, you know, obviously, McKinsey in this case is not a client, but the we've seen a lot of companies spinning up their own AI tools internally that are not secure. It's it's like a common Especially because most of them were built before there was like, five coding as we know it today, which is a lot better. So, yeah.

Corey Ham: 32:30

Let's let's move into the Amazon stuff.

Hayden Covington: 32:32

Bronwen shared the exact article I was about to mention too. Yeah. Yeah.

Corey Ham: 32:35

Let's let's move into great

Bronwen Aker: 32:37

Hayden. Great minds. The

Corey Ham: 32:39

the crazy the crazy thing about this, and I can't actually read this article because I don't subscribe to the Financial Times, is Titto. Just tells you that I'm poor. Because But yeah, basically, the article is basically confirmation that Amazon, at some point in the past, had an outage that was caused by an autonomous AI agent making a a decision on its own

John Strand: 33:04

I think there was

Corey Ham: 33:04

two led to an outage.

Hayden Covington: 33:05

Do you need confirmation

Corey Ham: 33:06

for this? Two outages. Well, we wanted

John Strand: 33:09

it to be public confirmation. Right? I mean, we speculated. There was one what was it? It was there were two agents that were upgrading or updating DNS records that brought a whole bunch of shit down.

John Strand: 33:19

And it's like Yeah. Okay. We know that's one.

Hayden Covington: 33:22

Well And then here's the other one. Is it said they suffered a thirteen hour outage to a cost calculator in December because the engineers apparently allowed their Kiro AI to make changes. And the AI decided that the best way to fix whatever problem they were having was to delete and recreate the environment. So it was basically like, hey, this is so so busted, we're getting rid of it and building it again, which I this that's not production. Okay.

John Strand: 33:49

Everybody has to go back and rewatch all of Silicon Valley.

Corey Ham: 33:53

I was gonna

Hayden Covington: 33:53

say the same.

John Strand: 33:54

Literally, the I

Corey Ham: 33:55

was gonna say the

John Strand: 33:55

song literally

Hayden Covington: 33:56

Don't meet me, John. The Sunlands

John Strand: 34:00

where it's like, well, we told Son of Aintan to go through and remove all security And technically, the most efficient way to remove security bugs is to delete all the code.

Hayden Covington: 34:13

Did someone order did someone order, like, a lot of meat? Like, a lot of meat. I I told Antoine to solve the food problem, and I I guess that's one way to do it. Yeah. I I I

Corey Ham: 34:28

mean We're

John Strand: 34:29

gonna have a lunch.

Corey Ham: 34:30

So okay. Like, on on a real level though, they have appear they're this is groundbreaking. Here's what they've decided to do. Require a senior engineer to review the change before it rolls into production. The CEO and getting, you know, pulled back and forth between like, alright, we're firing all the senior engineers, replacing them with them with AI.

Corey Ham: 35:06

Okay. We're hiring all the senior engineers back because the AI decided to just make production breaking changes. Like, how can you walk this line? I don't understand how you can be this shortsighted, but here we are.

Hayden Covington: 35:18

I mean, it's it's just you have all these cost cutting opportunities in front of you and you see all these other businesses doing it. You have to do it from, you know, that mindset. You if you are not doing it, your stock will plummet because everybody else is doing it. Why aren't

Bronwen Aker: 35:32

you doing don't. They don't have to do it.

Hayden Covington: 35:37

Market perspective though. They they shouldn't. Know. That's just

Bronwen Aker: 35:40

I was just reading an article over the weekend that was talking about Japanese businesses that have been around for hundreds of years, if not over a thousand. And their approach is entirely different. They don't worry about making a profit in the next quarter. They look at how do we make this company continue for the next hundred years, for the next two or three generations.

Wade Wells: 36:05

There's one big thing Bronwen's

Bronwen Aker: 36:06

forgetting. Impossible.

Wade Wells: 36:08

Japan has honor.

John Strand: 36:10

Right. Exactly. Right?

Hayden Covington: 36:12

Like, dude.

Wade Wells: 36:12

I I I it's safe to say that, but that's exactly what it is. Like

Corey Ham: 36:17

true. Right? Like They're they're they're I mean, okay. Amazon

Bronwen Aker: 36:21

is I'm moving to Japan.

Corey Ham: 36:23

Amazon is, like, kind of the stand in for, like, anarcho capitalism in a lot of the ways. And so, like, arguably, you know, they their goal is to produce shareholder value, not to provide a service that's gonna be around for two hundred years.

Hayden Covington: 36:39

Yeah. Exactly. Goal of any company is to do just that.

Corey Ham: 36:42

No. That's not true. The goal of a company

Hayden Covington: 36:45

The goal of a c corp

John Strand: 37:28

they're constantly changing, adding in new technologies, building new things up. It's like the move fast and break things idea in Silicon Valley that started at Facebook. I'm sure that that makes sense as you're a young scrappy startup. When you're one of the largest companies in the world that move fast and break things becomes catastrophically dangerous. And AI AI helps you with that process, not in a good way, but it facilitates breaking things and moving fast.

Hayden Covington: 37:55

Because that article says it it one of the changes took down their, like, their shopping, like, app for six hours. Can you imagine how much of potential revenue they lost in six hours of that outage? That is insane.

John Strand: 39:08

Pick. They end up in the same place.

Dan Rearden: 39:10

I want slayer.

John Strand: 39:11

I want slayer. Yeah.

Corey Ham: 39:14

On that note, let's talk about the complete opposite end of the spectrum of company maturity, which is that, apparently, Maltbook, the AI generated by Can AI

Hayden Covington: 39:24

this play out on the news for like two Like,

Corey Ham: 39:27

one AI plat Maltbook is an AI generated platform for AIs to be social with each other. And somehow, that got rolled into a company that got acquired by Meta.

Hayden Covington: 39:40

Yeah. But So the AI again? Yeah. TLDR Meta just picks up my god. Cannot believe this.

Corey Ham: 39:48

I can't

Hayden Covington: 39:49

make this up.

Corey Ham: 39:50

It it is insane. I mean, I okay. I don't know how much it doesn't say how much. Like, it's not clear.

Hayden Covington: 39:56

No. They didn't acquire they just acquired the person who was running it. That's it.

Corey Ham: 39:59

No. No. No. Oh, really? No.

Hayden Covington: 40:02

Yeah. Because I don't think there was any, like, actual IP. Like, they didn't, like it wasn't, like, brought like, I don't think they had this as, like, a registered trademark. Well, I mean, say, so I think specifically says they acquired Maltbook.

John Strand: 40:14

Okay.

Corey Ham: 40:15

Okay. You're right though. Ralph, you're Ralph's right. Reading between the lines Yeah. It specifically says, the MaltBook team joining MSL, which is Meta Superintelligence Labs, it's just So they're cooking OpenAI.

Corey Ham: 40:26

Dude, MaltBook CEO, if this is your job title, you've done something in life. Mold Book CEO, Matt Schlitt, and COO, Ben Parr, two guys who could not imagine anything other than GitHub stars two weeks ago, are now being acquired or, you know, like, I I mean, It's amazing. Amazing.

Hayden Covington: 40:46

Yeah. It's it's gotta be OpenAI hires what's his name? Peter or something?

Corey Ham: 40:50

Yeah. The guy who made open cloth.

Hayden Covington: 40:52

And so Facebook's like, hold on a minute. Why don't we do that? And they're like, better one. We'll go get the guys that made the

Corey Ham: 40:58

Peter Peter

Bronwen Aker: 41:00

Steinberger was hired by OpenAI's Sam Altman last month.

Hayden Covington: 41:05

Yeah. Yeah. Yeah. So Meta's just following suit. Yeah.

Hayden Covington: 41:08

Hey, we we want a lobster guy too. Let's get him.

Troy Wojewoda: 41:10

Yeah. Everybody needs a lobster. Read

John Strand: 41:13

all the Wikipedia articles about AI and I do nothing but, like, regurgitate these words incorrectly in an interview. Can I make, like, one of these, like, 9 figure jobs in Silicon Valley? Because it seems I mean, could be a whole another business unit. It's like, BHIS made this much from this, this, but John's now over here at Facebook and he's making as much as the entire company. It sounds like a good gig.

Wade Wells: 41:38

Hayden and I will will write a bot later that will just scrape all of our podcasts. And if there's an idea for a business Yes. It's just gonna go off and make it, we'd probably we'll probably be done. Okay.

Hayden Covington: 41:50

Joke? We're we're apparently, Claude, by the way, the next two weeks has, like, double usage in off hours and on weekends. So I did spend, like, fourteen hours on Sunday doing things with it.

Corey Ham: 42:00

Unrelated dude.

John Strand: 42:01

You have

Corey Ham: 42:02

a problem. You need to go to Claude's

Hayden Covington: 42:03

anonymous online. Agent to help you. You probably could. There's a joke online that's pretty consistently come up where it's like, hey, AI is coming for everything. You have six months to escape the permanent, like, lower class.

Hayden Covington: 42:19

So go start a company right now or you're forever gonna be poor. Like, there that's that's a joke, but also I could see how some could like almost panic buy into that. Yeah. And then, now with Quad doubling the usage, everybody's like, well, they're trying to help you get out of that permanent underclass. You gotta go build some You get out.

Hayden Covington: 42:37

You gotta go build

Wade Wells: 42:39

And this is why I built my family organizer. Go to it right now.

Corey Ham: 42:42

Go to www. This podcast is just gonna become selfish will I of Over and over again.

John Strand: 42:50

I will be an angel investor for Wade and Wade and Wade. Oh, my goodness.

Dan Rearden: 42:56

Well well, to your credit there, Wade, they did update the terms of service for in Meta, where you are responsible for all your AI's actions and omissions.

John Strand: 43:07

So So

Corey Ham: 43:09

llama. Alright. The way, there's already a Silicon Valley, like, reference that explains what that life would actually be like. You know how Big Head just gets hired and he doesn't have a job because his position gets eliminated? Yep.

Corey Ham: 43:21

That's where these guys end up. There's no way that they're gonna get pull at

Hayden Covington: 43:24

got paid to do nothing though. I mean, it wasn't that bad. I mean, they made

Bronwen Aker: 43:27

Well, is that the Peter principle though? You know, they've gotten promoted to their level of

John Strand: 43:32

Bagheti was Bighead was a little bit more than the Peter principle. I was gonna go back and rewatch that series.

Hayden Covington: 43:38

I can't remember It's amazing.

Corey Ham: 43:41

Alright. So Well, if you think about topic okay. Go ahead. I was gonna Sorry. I was gonna segue.

Hayden Covington: 43:46

I was gonna say on Bronwen's point about the Peter thing with OpenAI, that is a move from them to capitalize on Anthropic's mess up. So Anthropic said, you cannot use our tools with other services, which means OpenClaw. Meaning, if you use Anthropic, potentially probably the best model right now with your OpenClaw stuff, they could just permanently ban your account. And if they detect, you know, other devices that are connected to it, you could just totally pose yourself. So they OpenAI brings over the OpenClaw guy and explicitly says, hey, you can use our services for whatever you want.

Hayden Covington: 44:20

And so I wonder if it was almost like a PR play on their front to see how many users they could steal or

Corey Ham: 44:25

Like, how many kill bots?

Hayden Covington: 44:26

They could put behind it. Yeah. Exactly. I think in the Claude example, they were specifically talking about tokens. But they weren't saying you couldn't use it.

Hayden Covington: 44:33

They were just saying you had to pay the API price. Right. You have to pay the API cost. You're all like, your ultra package, which they heavily subsidize the token rate. So I think that's what they're Exactly.

Hayden Covington: 44:43

And my I asked my agent, like, hey, what would our usage be like on API? And it was, like, yeah, about 20 to 30,000 a month. And I was, like, cool. So I guess I'm not able to do this anymore unless I switched to ChatGPT. I so I'll give you my one thing.

Hayden Covington: 44:58

I asked ChadGPT to create a new c two for me. This is a fun project. It's also called Cloud Bolt Strike, which can be amazing. Wow. Sounds really good.

Hayden Covington: 45:08

I can't wait for the AI generation

Wade Wells: 45:10

to know that.

Hayden Covington: 45:11

Real subtle. I I was just I was just gonna say my only point was that as soon as you ask OpenAI, it's like, hell no, won't do it. But you ask Claude, it's like, hold on to my beer, buddy.

Corey Ham: 45:25

Real quick while we're on the topic of Meta. Is an interesting one. So Meta, I I can't think of a secondary motive for this, but they they have announced that they're going to discontinue support for end to end encrypted chats. This is kind of a for privacy people. So this is something that they rolled out years ago in both Facebook Messenger and Instagram.

Corey Ham: 45:47

Apparently, Instagram DMs. I did not know this had end to end encrypted, Like, I didn't even know that was a feature.

Wade Wells: 45:53

On the back end or something like

Corey Ham: 45:55

rid of it because the government asked for a backdoor, because they wanna mine the data, because I don't know. Who knows?

Hayden Covington: 46:02

Oh, no. Nope. It's the kids. Look.

Corey Ham: 46:04

Oh, it saved

Hayden Covington: 46:05

the kids. It's the kids, dude.

Corey Ham: 46:06

Yeah. Could've who could've predicted this?

Hayden Covington: 46:08

I couldn't have predicted.

Corey Ham: 46:09

I will say on Instagram, I do think like, I'm not like a big social media person by any stretch, but I do think, just looking at the public discourse, it appears that most social media companies think the biggest threat is public sentiment about how unhealthy they are. Like, they're like, if you look at the ads for TikTok that that rolled during, like, the Olympics or during the Super Bowl, it was all like TikTok is you can have tons of control over it for your teenagers. Like, and then Instagram rolled out, like, teen accounts, like and Discord's rolling out teen accounts. Either there's this is regulatory, like the government, they know the government's coming for them because of the whole laws around age verification, whatever, or they're just worried about public perception of parents or whoever's the decision maker deciding that social media is bad for their kid and taking it away. So like, it seems like this could maybe be a push towards that of just letting them monitor people better and, you know, that's kind of their whole business model, to be fair.

Hayden Covington: 47:03

I mean, that could be an excuse. It almost definitely is because the advertising company wants more data to advertise off of. And so end to end is always gonna be, like, even if it's a government thing where they say we want a backdoor, like, oh, no. That sucks. Sorry, guys.

Hayden Covington: 47:18

We gotta put a backdoor in, and then they can mine all your chat. So expect the DOS update soon, too.

Troy Wojewoda: 47:22

I think there's a lot

John Strand: 47:23

of Yeah.

Troy Wojewoda: 47:23

It's maybe not just The US, but there's a lot of countries that have been locked, like, basically, like, forcing these social media platforms to get more aggressive with age restrictions. So I think it's probably that, Corey. Like, what you were saying is is they're probably just advertising to the parents and and other folks. Yeah. Oh, look at what we're doing.

Troy Wojewoda: 47:41

We're helping the children and

Hayden Covington: 47:43

those kids.

Corey Ham: 47:44

Yeah. I and I

Bronwen Aker: 47:44

the firm for the We handle regular privacy. How are we gonna handle privacy against dealing with children?

Wade Wells: 47:51

We've seen it with Australia. Right? How Australia banned kids, I believe, 16 doing social media and then that's starting to go everywhere, which Well, probably hate to I'm a big fan

John Strand: 48:00

of attitude. I'll tell you that.

Corey Ham: 48:02

Yeah. I'm not investing in your story.

Hayden Covington: 48:04

We can

Bronwen Aker: 48:04

get there with this attitude. Courtesy of EFF. Watch your mail.

Corey Ham: 48:14

Yeah. So the I guess, like, just to clarify and wrap up the story, it is there also I doubt this was used by that many people. This is kind of a niche feature on Instagram specifically. And apparently, Messenger still has it. So, like, for now, there is still an end to end encrypted chat on Meta.

Corey Ham: 48:33

How long that'll last? I mean, if it were me, I'd be like, let's move to a different chat. Like, the Yeah. Clearly, it the writing's on the wall here. This isn't gonna last forever, I think.

Hayden Covington: 48:40

But I mean, you know, a chat I realized recently, not Discord DMs, but apparently, Discord, like, voice channels or, like, voice calls, specific ones are end to end encrypted, like, by default, apparently. It's just a thing, which, I I mean, I guess so. If you're calling from a SCIF, is it end to end encrypted? Is that how it works? Yeah.

John Strand: 49:00

Think if

Hayden Covington: 49:00

you use Discord in a SCIF, you get fired.

Corey Ham: 49:04

Yeah. I don't know. I mean

John Strand: 49:06

He just left.

Hayden Covington: 49:07

Yeah. Dropped my

Corey Ham: 49:07

pen. There's also, you know, we there's not really an article for this, but basically, there's some Reddit type researchers that are essentially uncovering a conspiracy that Facebook or Meta is lobbying for age verification laws, and is like the they're the ones behind it, like, who knows how true any of that is. But basically, it's, you know, we'll see. Stay tuned. Stay

John Strand: 49:32

I've gotta be honest with all this stuff. It's like, what's the most evil, like, thing that we can as ascribe this to? And it's like, that's probably pretty close. Like, how are they gonna make more money off? So

Corey Ham: 49:42

Yeah. Yeah. On a, you know, on a different note, in Europe, they passed this thing called chat control that apparently basically blocks mass surveillance of their, you know, messages. So there's that. But anyway, what else we got?

Corey Ham: 50:00

Anyone have any articles they wanna talk about before? I know we're kinda close on time. So what what are people what what's what's on your mind, John? You got a good rant for us?

John Strand: 50:08

I've got no rants, man. I I I've been like, last week, it was bad. I don't know if you guys saw the picture from Steve, but, like, I literally was screwing, like, through the wall to get my Internet up before the show.

Hayden Covington: 50:20

Mhmm.

John Strand: 50:21

Got it up, so I'm happy about that. But it's been a good week. I don't have you know, everything seems to be going okay.

Corey Ham: 50:27

Alright. Well, then it's time for the Threat Intel analyst competition. No. I'm just kidding.

John Strand: 50:32

No. And now we're gonna have tryouts.

Corey Ham: 50:37

Tryouts. All of you can also have a job, even though all of you already have a job. Yeah.

Wade Wells: 50:45

Did you see Michelin had a breach?

Corey Ham: 50:49

Oh. Which oh, dude. Did I get my star? Did I get my star?

Wade Wells: 50:52

That's exactly where I was gonna go

John Strand: 50:54

with it. That's true. Was like, did you do

Wade Wells: 50:56

you think the star information got released, like

Corey Ham: 50:59

Yes. Like, the reviews, like, the back reviews, who they are. Right?

Hayden Covington: 51:03

The back reviews are. Stinky.

John Strand: 51:06

I was like, bro, I can't

Hayden Covington: 51:06

get star. Let me just hack it.

Troy Wojewoda: 51:08

I had something really cool that it's actually not, like it it came out last month, but Cisco Talos, here, I'll throw it in the chat there. Oh, let's go. This DoDoor malware. So I've been talking about this technique for since I've been teaching my class about how DNS can use, like, case sensitivity in the character sets of the DNS record. So what these threat actors were doing in this in this malware and and and and really what I kinda talk about in my class is is really how you can use it for, like, cohort channeling.

Troy Wojewoda: 51:38

But they're not doing that here. But essentially, they're just toggling the case, the capitalization of the, like, the case sensitivity of the DNS record for for a different reason in this article. Right? Like, I mean, for for their tactics here. What I what I was kind of like like, you can kinda use this, which is a really pretty interesting technique that DNS supports because it's a chain protocol.

Troy Wojewoda: 52:01

Like, all the DNS resolvers will keep the case sensitivity of the record as you query it. So you could do base 64, you could do stuff like that, but you could also like like treat like lowercase characters as like zeros and uppercase characters as ones and kinda just keep the same root like domain, so you're not changing the FQDN, but you're toggling the case sensitivity of the DNS record, which is totally supported by DNS. But I've never seen it in the wild before until this article, like, came out last month. I saw The

Corey Ham: 52:29

throughput should be enough. If you need to exfiltrate 20 petabytes, it should take between fifty to eighty four years.

Troy Wojewoda: 52:35

No. You're you're absolutely From a from a from a pure, like, data exfiltration perspective, you're right. But think about it like like the Sunburst malware from SolarWind. Right? They were essentially, the malware, like, slept for two weeks and then did some internal reconnaissance and then did c name DNS resolutions with an encoded value in the DNS record to say this is what the environment I'm in.

Troy Wojewoda: 52:56

I'm waiting for the next command. Right? So think of it as like a malware could essentially, like, toggle the case sensitivity of the character set to let the operators know, like, what stage the malware is in and kind of inform that back. Right? So without actually changing

John Strand: 53:09

That's so cool.

Troy Wojewoda: 53:10

The actual FQDN itself.

John Strand: 53:12

I see and that that, you know, that that stuff is so cool. Like, looking for different c two channels. Because it kind of reminds me, of course, you got DNS cat too by Ron Bose, but, like, the old covert TCP days where you're exfiltrating things out of, like, IPID initial sequence numbers. You know?

Hayden Covington: 53:28

That's

Troy Wojewoda: 53:28

You know what really sucks about this for Zeke is Zeke lowercases the entire

Hayden Covington: 53:33

record when

John Strand: 53:34

they say all the whole

Troy Wojewoda: 53:35

entry in the DNS log. So it removes the case sensitive, like it lowercases the case sensitivity of the record, and it puts it in the DNS Now

John Strand: 53:46

And they do that specifically for compression. Right? Like they're trying to make it so it's like to reduce file size, if I remember correctly.

Troy Wojewoda: 53:53

Yes. They do some silly stuff for various reasons, but yeah.

Bronwen Aker: 53:56

Somebody needs to patch that.

Corey Ham: 53:58

I do like that you took the challenge seriously and you actually tried to do it.

Hayden Covington: 54:03

No. You did. What? No.

Troy Wojewoda: 54:04

I'm not gonna be noting like class or anything like in a couple weeks, but I

John Strand: 54:08

actually do teach a

Troy Wojewoda: 54:09

student how to write a custom deep script, they actually get that value out and put in your DNS log.

Corey Ham: 54:13

Alright, Troy. Give us your point. This is the perfect time. What are you doing later this week or later this month that we need to know about?

Troy Wojewoda: 54:20

So next week, I believe we have our SOC Summit. We have a bunch of folks here that are actually gonna be presenting. I'm gonna be presenting a introductory talk on getting started with Yara, detecting malware with Yara rules. And then after that, I'm going to be teaching my network forensics class March.

Corey Ham: 54:40

Nice. And then, Dan, you're also doing some stuff as well?

Dan Rearden: 54:43

Yes. So next week, I will be speaking at the SOC Summit as well on Sigma rules. We're gonna go over what they are, how they can benefit, and we should be creating one by the end. And then the week after that, on the four first, I will have a talk on soft skills, sock tickets, and how to create them that are not only helping you, but also helping clients understand what you're trying to to get across.

Corey Ham: 55:14

Nice. Nice. That's yeah. That's awesome. And then I'm assuming Wade, Hayden, does anyone else have anything else?

Wade Wells: 55:20

My talk is on why Sigma rules suck and why not to use the nouns.

John Strand: 55:26

And my talk is Sigma and Yara are dog shit and why you shouldn't

Wade Wells: 55:32

use them. So it should use Sentinel instead.

Hayden Covington: 55:35

They suck and that's why you should use the PHIS SOC code. Yeah. Use them for you. Don't worry.

John Strand: 55:40

Yeah. Exactly. Use AI in a single pane of glass and magic.

Hayden Covington: 55:45

And it will solve all of those issues. Yeah. It just won't solve the tokens. Wade, you do have a talk though. Right?

Wade Wells: 55:51

Yeah. Mine's like augmenting detection engineering and like how using your current practices in order to use AI to make yourself better detection engineering. Nice. It actually I'm doing some in May too. You guys are doing it right now.

Wade Wells: 56:04

It's the same Not as

Dan Rearden: 56:05

flashy as sigma rules, but

Wade Wells: 56:07

It's not

Hayden Covington: 56:07

as sigma. Flashy as sigma rules. No.

John Strand: 56:11

Dad with this this top hat monocle. No.

Wade Wells: 56:14

I have have another talk in May that I'm doing though that I just came up with the idea for it, and it's how to read the news how to read the news better as for security. Right?

Corey Ham: 56:24

Dude, I need to go

Hayden Covington: 56:24

to this talk.

John Strand: 56:25

We need that

Hayden Covington: 56:26

everybody. That's my Socks Summit talk.

Wade Wells: 56:28

Should do Well, no, your sock summit talks like intelligence. It's to intelligence, but it's like the look for biases to understand what biases are out there.

Hayden Covington: 56:36

Okay.

Wade Wells: 56:36

To like track back the news article to the source. Right?

John Strand: 56:40

A lot

Wade Wells: 56:40

of times when read these articles, it's

John Strand: 56:42

Why does it News Weekly. Russia. I don't know. I don't know.

Corey Ham: 56:45

I I gotta say, like, I mean, it seems like we really do need to have, like, an an a CTI threat analyst, like, Thunderdome scenario. We have so many heavy hitters on these podcasts.

Hayden Covington: 56:55

My talk is literally how to take CTI and turn it into detect.

Corey Ham: 56:58

We can call

Hayden Covington: 57:01

just like, I can pen test a box.

John Strand: 57:04

Yeah. But, at any rate, you do need to get registered for the SOC Summit because I think the max we can technically handle is 5,000 and we're gonna hit that. I'm really excited like the registrations are are fantastic for the SOX Summit. So it just shows I guess it shows that security is not dead. Who knew?

John Strand: 57:25

I really gotta do those slides.

Hayden Covington: 57:27

I had my agent sign up for like three slots, so

John Strand: 57:30

Nice. Wait, really?

Hayden Covington: 57:31

Make sure they all sign up for my workshop too.

Corey Ham: 57:33

Dude, I'm I I can't wait to read about I can't wait to read about it on openclaw.sketchywebsite.gov or whatever you're gonna link to.

John Strand: 57:43

It's like, Ralph? Your clawbot gets your aliens to get a credit card to use?

Hayden Covington: 57:47

Yeah. Exactly.

Corey Ham: 57:49

Yes. My AI generated family will be all there. No.

Hayden Covington: 57:52

Actually, I just I just asked them to find a coupon code that would work, so

Corey Ham: 57:58

Oh, no. Oh, man. Oh, no. Alright. Any other final articles?

Corey Ham: 58:04

I I yeah. I mean, I think, I mean, we covered it. I I feel like we're good. Bronwen posted an article, but I can't click it. It appears to be a fish.

Corey Ham: 58:13

So Good job, Bronwen. I clicked it.

John Strand: 58:15

No, Bronwen.

Bronwen Aker: 58:16

Hey. Blame Brian. Don't blame me. Blame Brian. I wanna It's an Australian one.

John Strand: 58:21

What do you blame Brian?

Wade Wells: 58:22

This is more AI than it is security, but Hank Green did a video on

Bronwen Aker: 58:27

this. What

Corey Ham: 58:27

is this?

Hayden Covington: 58:29

Someone made a vaccine for their

Bronwen Aker: 58:32

In a guy in

Hayden Covington: 58:34

What about

Bronwen Aker: 58:34

Australia made a cancer vaccine to save his dying dog using AI supposedly.

Corey Ham: 58:40

Okay. Explain. I don't believe that. Maybe just watch that. Just

Wade Wells: 58:44

watch No. No. Here. I got a I got a ten minute YouTube This is out of scope.

Corey Ham: 58:48

It's out of scope. We're selling this out

Bronwen Aker: 58:51

of scope.

Hayden Covington: 58:52

They want us to talk about it.

Corey Ham: 58:53

Don't fall for it.

John Strand: 58:55

It's out

Corey Ham: 58:55

of scope. This can't be real. I don't have any CRISPR printers in my house. I don't know about you guys. Oh.

Corey Ham: 59:01

Yeah.

Hayden Covington: 59:03

No. It I so I guess it was real. I guess it just made the cancer, like, size smaller, so it wasn't like a cure, and it was just, you know, it it was just kind of using this tech to to do from a science Trek? Yes.

Corey Ham: 59:19

That doc This is a really weird this this is like a really dark joke, but the reality is I feel like we're gonna cross a point where AI is just gonna say, no, we the we deleted the problem. Like, you you go, you know, remove yourself from the world. Right? Like, we

Hayden Covington: 59:34

actually have Parts of you that had problems.

Corey Ham: 59:37

Yeah. Right? Like, that that's that's my concern. That that's Your think

Hayden Covington: 59:42

liver was failing, so we decided to rebuild it just like it's this

Corey Ham: 59:45

I deleted that database for you. Like, do we really trust that AI understands, like, how the how a live thing cannot just be recreated like a production database that it dropped? Like, do we really think it believe it understands that?

Bronwen Aker: 01:00:00

Well, how many times have we covered the fact that artificial intelligence isn't really intelligence?

Hayden Covington: 01:00:09

I I

Wade Wells: 01:00:09

don't know. Bronwen's been saying this bubble's gonna pop for the past, like, three years now. And it still hasn't popped yet.

John Strand: 01:00:15

It's coming.

Bronwen Aker: 01:00:15

I have not been saying it's gonna pop in for years.

John Strand: 01:00:17

It's coming. Has been she's been our AI advocate at BHIS. Wade, you take

Wade Wells: 01:00:25

I've been to multiple AI Bronwen talks. Alright? I I I'm probably one of the few.

Hayden Covington: 01:00:30

Wade has a home organizer dashboard thingy now that he's gonna sell

John Strand: 01:00:34

to Now you're bringing shit to pre show in. That's what I'm saying, Hayden.

Bronwen Aker: 01:00:39

Wade. Alright. Let's wrap it up.

John Strand: 01:00:42

Let's it up.

Corey Ham: 01:00:42

We're trying to

John Strand: 01:00:43

figure it you, everybody. We'll see you next week.