1 00:00:01,079 --> 00:00:02,679 Corey I was talking about when you weren't 2 00:00:02,679 --> 00:00:04,599 on the news, how, like, I listened to 3 00:00:04,599 --> 00:00:05,799 the news for the first time. 4 00:00:06,759 --> 00:00:08,451 Yeah. It was our ice cream show when 5 00:00:08,451 --> 00:00:09,805 we talked about ice cream, and I was 6 00:00:09,805 --> 00:00:11,558 like, why does anybody listen to this? Like, 7 00:00:11,717 --> 00:00:13,630 we're absolute mad men. Like, 8 00:00:14,347 --> 00:00:15,781 wait. I don't remember. Oh, you mean the 9 00:00:15,781 --> 00:00:16,577 ice cream machines? 10 00:00:17,215 --> 00:00:20,173 Ice the ice cream the I made machines. 11 00:00:20,650 --> 00:00:22,559 No Mcdonald's thing. No. We're talking about, like, 12 00:00:22,639 --> 00:00:23,991 how I went to an ice cream, 13 00:00:25,438 --> 00:00:27,665 convention. Convention. Right? And then, like, the first 14 00:00:27,665 --> 00:00:29,756 we were talking about midnight blizzard. And then, 15 00:00:29,892 --> 00:00:31,244 like, it was like, what would we... Like, 16 00:00:31,403 --> 00:00:32,437 that sounds like a good ice cream game. 17 00:00:32,517 --> 00:00:33,887 And I'm like Wouldn't listen to this, and 18 00:00:33,967 --> 00:00:35,324 I turned the podcast off and my alright. 19 00:00:35,484 --> 00:00:36,043 I'm out here. 20 00:00:36,921 --> 00:00:38,438 That was the first time Ever listened to 21 00:00:38,438 --> 00:00:40,354 us. But well, at least 1 that I 22 00:00:40,354 --> 00:00:41,711 was on to tell the truth. 23 00:00:42,604 --> 00:00:44,434 So I guess. I I think some of 24 00:00:44,434 --> 00:00:47,140 us listen... Some people listen to us because 25 00:00:47,140 --> 00:00:48,732 we are so wack off the wall. 26 00:00:50,164 --> 00:00:52,568 Let's just hope let's just hope it. Most 27 00:00:52,568 --> 00:00:54,005 of the people I will say, like, to 28 00:00:54,005 --> 00:00:56,000 get serious for a second, most of the 29 00:00:56,000 --> 00:00:58,394 people I talk to that watch or listen, 30 00:00:58,714 --> 00:01:00,070 do it while they're doing something else. 31 00:01:00,803 --> 00:01:02,717 And they have it on in on their 32 00:01:02,717 --> 00:01:04,312 commute or they have it on on their 33 00:01:04,312 --> 00:01:06,545 in the background, while they're working or they're, 34 00:01:06,705 --> 00:01:08,539 you know, doing something else. So it's not 35 00:01:08,539 --> 00:01:09,735 like people are just sitting here being, like, 36 00:01:10,148 --> 00:01:11,340 What are they gonna say next? 37 00:01:11,976 --> 00:01:13,486 Tell us about the ice east cream. Like, 38 00:01:13,645 --> 00:01:16,268 you know, is fine. Plus, I mean it's 39 00:01:16,268 --> 00:01:18,673 a podcast. Just hit that, 30 second skip 40 00:01:18,673 --> 00:01:20,831 if we start wandering into a topic you'd 41 00:01:20,831 --> 00:01:23,308 rather not hear about just Hi. Who doesn't 42 00:01:23,308 --> 00:01:24,587 1 hear about it? Or you can do, 43 00:01:24,747 --> 00:01:26,105 like, I don't know if anyone's ever done 44 00:01:26,105 --> 00:01:26,265 this. 45 00:01:26,999 --> 00:01:29,556 You can listen to books and podcasts at 46 00:01:29,556 --> 00:01:31,793 like 2 x. Knew your... I hate that. 47 00:01:32,033 --> 00:01:33,472 My wife does it? I'm like, how do 48 00:01:33,472 --> 00:01:35,642 you, like, enjoy the book like this? Like 49 00:01:35,642 --> 00:01:37,711 this is not. It depends on the reader. 50 00:01:38,108 --> 00:01:40,336 Some some of the readers, some of the 51 00:01:40,336 --> 00:01:42,999 people they speak, so. Slowly. 52 00:01:43,853 --> 00:01:45,445 That you bump it up to a minute 53 00:01:45,445 --> 00:01:47,994 and a half, at your 1.5 speed, and 54 00:01:47,994 --> 00:01:50,941 now it's a reasonable amount of... Totally. 55 00:01:51,434 --> 00:01:52,630 Don't throughput, you know? 56 00:01:53,348 --> 00:01:53,848 Also 57 00:01:54,704 --> 00:01:56,459 overcast, which is the podcast app that I 58 00:01:56,459 --> 00:01:58,373 use. It has this thing called smart speed 59 00:01:58,373 --> 00:02:00,447 where it doesn't change the speed, but it 60 00:02:00,447 --> 00:02:01,085 cuts out gap. 61 00:02:01,898 --> 00:02:04,052 So, like... It cuts out pauses and, like, 62 00:02:04,212 --> 00:02:06,606 timing and, like, so everything is quick. That's 63 00:02:06,606 --> 00:02:08,840 what I mean... That's impressive. Let's Braun wins. 64 00:02:09,653 --> 00:02:12,044 Everybody needs to talk like Walter Cro kite. 65 00:02:13,081 --> 00:02:15,472 I miss Walter. How the cookie crumble. 66 00:02:16,190 --> 00:02:17,306 I miss Walter. 67 00:02:18,277 --> 00:02:21,646 I remember, you know, when when reporters did 68 00:02:21,704 --> 00:02:22,921 actual real journalism 69 00:02:23,377 --> 00:02:24,811 and they recorded the news. 70 00:02:25,464 --> 00:02:27,782 But I'm old. Too bad. We don't report 71 00:02:27,782 --> 00:02:28,181 this this. 72 00:02:44,653 --> 00:02:47,361 Hello, and welcome to Black Hills information securities 73 00:02:47,361 --> 00:02:50,468 talking about news. It's 07/15/2024. 74 00:02:51,185 --> 00:02:53,336 Today, we're gonna talk about At and T. 75 00:02:53,987 --> 00:02:56,214 Being breached. We're gonna talk about Sis doing 76 00:02:56,214 --> 00:02:57,885 a red team roughly in a year and 77 00:02:57,885 --> 00:02:59,396 a half ago and now just getting the 78 00:02:59,396 --> 00:03:01,884 report out. We're gonna talk about a heritage 79 00:03:02,433 --> 00:03:04,896 in foundations hack. There's all kinds of hacks. 80 00:03:05,054 --> 00:03:06,167 We got hacks on hacks, 81 00:03:06,881 --> 00:03:08,732 and we're gonna submit fraudulent, 82 00:03:09,662 --> 00:03:11,806 identifying documents using Ai. 83 00:03:12,378 --> 00:03:13,253 As part of the show. 84 00:03:13,890 --> 00:03:15,083 So let's go. 85 00:03:16,197 --> 00:03:16,833 Very cool. 86 00:03:18,663 --> 00:03:18,902 Alright. 87 00:03:19,554 --> 00:03:21,072 So feel like we gotta go At and 88 00:03:21,232 --> 00:03:23,310 T first. Right. Well I john right tire. 89 00:03:23,470 --> 00:03:24,588 I thought we're gonna talk about the class. 90 00:03:24,828 --> 00:03:26,586 There's something. We wanna talk about the free 91 00:03:26,586 --> 00:03:28,998 cool shit real quick? Oh, yeah. Pretty good. 92 00:03:29,238 --> 00:03:32,135 Cool. Yeah. I those words. So 93 00:03:32,994 --> 00:03:34,112 I think Ryan's got it up. 94 00:03:34,831 --> 00:03:36,564 So this is a project that 95 00:03:37,082 --> 00:03:39,074 Ben and Joe to whoever interns this summer. 96 00:03:39,234 --> 00:03:39,951 Just got working. 97 00:03:41,066 --> 00:03:42,660 You can get the link. We're gonna post 98 00:03:42,660 --> 00:03:45,210 it out there, but it's it's basically a 99 00:03:45,289 --> 00:03:48,730 Github repository to or tool called Wi forge. 100 00:03:49,288 --> 00:03:51,518 So if you wanna learn wireless hacking and 101 00:03:51,518 --> 00:03:53,372 wireless hacker type things 102 00:03:53,685 --> 00:03:55,284 1 of the big problems about trying to 103 00:03:55,284 --> 00:03:58,564 learn it is it requires you to have 104 00:03:58,564 --> 00:04:00,085 gear, like you have to have an access 105 00:04:00,085 --> 00:04:02,337 point, you can do enterprise stuff. You have 106 00:04:02,337 --> 00:04:04,169 to have the right wireless card, you have 107 00:04:04,169 --> 00:04:05,602 to set up all these different things. 108 00:04:06,319 --> 00:04:07,536 And this 109 00:04:07,991 --> 00:04:10,164 allows you to completely emulate. 110 00:04:10,872 --> 00:04:12,379 A full wireless setup, 111 00:04:13,489 --> 00:04:16,027 and run all of your hacking tools directly 112 00:04:16,027 --> 00:04:18,326 from Ka on this wireless network, 113 00:04:18,977 --> 00:04:20,805 it's project called mini net that we had 114 00:04:20,805 --> 00:04:23,111 to update... Actually, we fork Mini that completely, 115 00:04:23,508 --> 00:04:25,813 which is wireless simulation suite, and then we 116 00:04:25,813 --> 00:04:27,244 had to update a bunch of the headers 117 00:04:27,244 --> 00:04:29,913 and everything. But it allows you to completely 118 00:04:30,292 --> 00:04:33,168 emulate an entire wireless lab where you can 119 00:04:33,168 --> 00:04:35,805 learn all of the wireless lab hack type 120 00:04:35,805 --> 00:04:36,045 things, 121 00:04:37,015 --> 00:04:39,475 that you would ever want to do, and 122 00:04:39,475 --> 00:04:41,062 we have... I have a list of all 123 00:04:41,062 --> 00:04:43,125 the labs that are part of it right 124 00:04:43,125 --> 00:04:43,363 now, 125 00:04:44,813 --> 00:04:46,651 Wifi F forge is set up so you 126 00:04:46,651 --> 00:04:48,968 can do better cap attacks. You can do 127 00:04:49,127 --> 00:04:50,086 Wifi authentication. 128 00:04:50,805 --> 00:04:51,205 Capture, 129 00:04:52,178 --> 00:04:54,336 you can do packet capture to Hcc P 130 00:04:54,336 --> 00:04:56,413 x conversion and hashtag cracking, 131 00:04:56,972 --> 00:04:58,810 Air suite tools where you can get pre 132 00:04:58,810 --> 00:05:00,925 shared. Key recovery, cracking Wpa 133 00:05:01,305 --> 00:05:01,805 handshakes 134 00:05:02,185 --> 00:05:03,705 with crack and g, 135 00:05:04,345 --> 00:05:06,345 Eric Get, denial of service attacks, 136 00:05:06,918 --> 00:05:10,252 capture active directory credentials with evil twin, cracking 137 00:05:10,252 --> 00:05:12,713 at net Nt credentials with John The ripper, 138 00:05:13,110 --> 00:05:16,068 and then Rogue with Wifi Fisher and then 139 00:05:16,546 --> 00:05:18,878 Wps exploitation and web key cracking 140 00:05:19,254 --> 00:05:21,405 as well. So this is all 3, 141 00:05:21,978 --> 00:05:23,492 like I said, Ben and Joe are the 142 00:05:23,492 --> 00:05:25,883 main people behind it. But this is just 143 00:05:25,883 --> 00:05:27,318 the kind of thing that we're trying to 144 00:05:27,318 --> 00:05:29,884 do at anti sip and security training. To 145 00:05:29,884 --> 00:05:32,045 release as many resources out there to the 146 00:05:32,045 --> 00:05:33,404 public as we possibly can. 147 00:05:34,285 --> 00:05:34,605 And 148 00:05:35,245 --> 00:05:37,415 full step by step instructions get the docker 149 00:05:37,415 --> 00:05:38,847 instance set up and get it running quickly 150 00:05:38,847 --> 00:05:40,438 in your environment. You don't have to have 151 00:05:40,438 --> 00:05:42,427 any specialized hardware just set to a system 152 00:05:42,427 --> 00:05:44,514 that can run the docker container. And you're 153 00:05:44,514 --> 00:05:46,535 off to the race is learning about wireless 154 00:05:46,595 --> 00:05:47,394 attacks. So, 155 00:05:48,194 --> 00:05:50,435 check it out. Pretty excited about that. There 156 00:05:50,435 --> 00:05:52,766 will be a full webcast. Doing a walk 157 00:05:52,766 --> 00:05:55,475 through. We will eventually probably have... This many 158 00:05:55,475 --> 00:05:57,387 labs probably is gonna be able which you 159 00:05:57,387 --> 00:06:00,893 can't class out there as well. So take 160 00:06:00,893 --> 00:06:01,531 a look at it. Y'all? 161 00:06:03,142 --> 00:06:04,499 I wanted to start actually with some good 162 00:06:04,499 --> 00:06:06,974 news. It's been kind of a past few 163 00:06:06,974 --> 00:06:07,793 days. So 164 00:06:08,251 --> 00:06:10,088 I figured we'd start with that. Just some 165 00:06:10,088 --> 00:06:11,285 shit you guys can play with. 166 00:06:14,251 --> 00:06:16,644 Trees like, Wifi f training was always a 167 00:06:16,644 --> 00:06:18,797 tough thing, like, for a company that has 168 00:06:18,797 --> 00:06:20,312 pen testing. It's like, okay. We need to 169 00:06:20,312 --> 00:06:22,480 train you up on Wi f stuff. I 170 00:06:22,480 --> 00:06:24,314 guess you're gonna fly somewhere and just watch 171 00:06:24,314 --> 00:06:25,909 someone else do it. Like, it's out of 172 00:06:25,909 --> 00:06:27,583 the wall. No. It's kind of a long 173 00:06:27,583 --> 00:06:29,816 process. How do We can send you a 174 00:06:29,816 --> 00:06:31,902 kit. With all of the attack stuff in 175 00:06:31,902 --> 00:06:33,278 it. And that's 176 00:06:33,654 --> 00:06:35,644 it's a tough thing to learn to get 177 00:06:35,644 --> 00:06:36,680 the right gear to be able to learn 178 00:06:36,680 --> 00:06:37,874 it. But does should make it a lot 179 00:06:37,874 --> 00:06:38,772 easier for people 180 00:06:39,245 --> 00:06:40,444 Remember having to buy the 181 00:06:41,245 --> 00:06:43,165 like, you actually issuing out k. Like, here's 182 00:06:43,165 --> 00:06:45,004 the exact Wi f adapter to buy it. 183 00:06:45,324 --> 00:06:47,324 And then I wouldn't bought it. Serial number? 184 00:06:47,564 --> 00:06:49,094 Yeah. And then I bought it, and then 185 00:06:49,094 --> 00:06:50,208 they they shipped it to me, and it 186 00:06:50,208 --> 00:06:51,721 was the wrong 1, and I'm like, well, 187 00:06:51,880 --> 00:06:53,074 it looks like I'm just gonna watch the 188 00:06:53,153 --> 00:06:55,143 Wifi F stuff. So Yeah. This is perfect. 189 00:06:55,780 --> 00:06:57,310 Yeah. Well, that was 1 of those things 190 00:06:57,390 --> 00:06:58,746 I like about some of the classes like 191 00:06:58,746 --> 00:07:00,740 at Black hat and at the previous organization 192 00:07:00,899 --> 00:07:03,053 I used to teach at. They used to 193 00:07:03,053 --> 00:07:04,967 have stores where you could go and buy 194 00:07:04,967 --> 00:07:05,605 all of that gear. 195 00:07:06,736 --> 00:07:08,250 And there were people that weren't even taking 196 00:07:08,250 --> 00:07:09,843 the wireless classes and they would go and 197 00:07:09,843 --> 00:07:11,197 buy as many of the many of the 198 00:07:11,197 --> 00:07:13,109 different beer sets that they could possibly get 199 00:07:13,109 --> 00:07:14,463 because that was the only place you could 200 00:07:14,463 --> 00:07:15,021 get some of them. 201 00:07:15,833 --> 00:07:17,110 Yeah. Like I said, this makes it all 202 00:07:17,110 --> 00:07:18,547 a lot easier. You don't need to have 203 00:07:18,547 --> 00:07:20,165 a specific alpha adapter 204 00:07:21,181 --> 00:07:22,857 and set up your own infrastructure to do 205 00:07:22,857 --> 00:07:25,025 the hacking. It's all there. So yeah on 206 00:07:25,025 --> 00:07:26,536 the lookout, it'll be a webcast. And by 207 00:07:26,536 --> 00:07:28,684 the way, we have more cool stuff that 208 00:07:28,684 --> 00:07:30,036 we're working on we're gonna to be releasing 209 00:07:30,036 --> 00:07:30,911 the public as well. 210 00:07:32,524 --> 00:07:32,845 Cool. 211 00:07:33,404 --> 00:07:34,764 Now let's get all doom and gloom and 212 00:07:34,764 --> 00:07:36,604 talk about breaches for, like, half an hour. 213 00:07:36,764 --> 00:07:36,845 Oh. 214 00:07:37,884 --> 00:07:39,644 Okay. We could also start with the Sis 215 00:07:39,644 --> 00:07:41,732 thing. No. I mean, this is kind of 216 00:07:41,732 --> 00:07:44,041 uplifting. Let's start with Sis. Let's do. The. 217 00:07:44,360 --> 00:07:47,545 Okay. Sis report review process takes roughly a 218 00:07:47,545 --> 00:07:48,182 year and a half. 219 00:07:49,152 --> 00:07:51,303 What we've learned? What recommend for what the 220 00:07:51,303 --> 00:07:54,010 red team will sell Basically, Cis posted, 221 00:07:54,568 --> 00:07:56,399 the title of the blog is a little 222 00:07:56,399 --> 00:07:57,195 bit of a mouthful. 223 00:07:57,769 --> 00:07:59,067 Ci Red Team's 224 00:07:59,604 --> 00:08:03,435 operations against a federal civilian executive branch organization 225 00:08:03,435 --> 00:08:06,003 highlights the necessity of Defense and Depth. Oh, 226 00:08:07,198 --> 00:08:08,814 which got homes. And 227 00:08:09,270 --> 00:08:10,705 their own... They're kinda toot their own horn 228 00:08:10,705 --> 00:08:11,900 and saying, we do red teaming, 229 00:08:12,697 --> 00:08:15,021 calling it silent shield in all caps, which 230 00:08:15,101 --> 00:08:16,931 I still think anti suck is core than 231 00:08:16,931 --> 00:08:18,443 silent shield but is biased. 232 00:08:19,716 --> 00:08:21,149 Yeah. Basically, they're talking about a Pen test. 233 00:08:21,388 --> 00:08:22,661 In early 20 23, 234 00:08:23,634 --> 00:08:25,391 it's kind of a cool little read if 235 00:08:25,391 --> 00:08:27,868 you're into pen testing, which if you aren't 236 00:08:27,868 --> 00:08:29,706 into independent testing, I'm very confused as to 237 00:08:29,706 --> 00:08:30,480 why you're here, but 238 00:08:31,639 --> 00:08:31,720 Yeah. 239 00:08:32,759 --> 00:08:34,279 You know, they have some lessons learned. They 240 00:08:34,279 --> 00:08:36,040 have a little bit of an executive summary, 241 00:08:36,200 --> 00:08:36,519 you know, 242 00:08:37,160 --> 00:08:39,412 They actually didn't get in. That was kind 243 00:08:39,412 --> 00:08:40,688 of interesting. They kind of said that. They 244 00:08:40,688 --> 00:08:42,282 were like, we tried to get in from 245 00:08:42,282 --> 00:08:43,636 the outside. We didn't get in, 246 00:08:44,593 --> 00:08:45,948 but then we started from the inside and 247 00:08:45,948 --> 00:08:46,506 we kind of... 248 00:08:47,240 --> 00:08:49,399 Connected back to where we had established access. 249 00:08:49,559 --> 00:08:49,720 So, 250 00:08:50,759 --> 00:08:52,759 overall, it's a pretty good read. You know, 251 00:08:52,919 --> 00:08:54,840 I don't really know. Does anyone know what 252 00:08:54,840 --> 00:08:55,340 the 253 00:08:55,653 --> 00:08:57,505 the villain executive branch 254 00:08:58,039 --> 00:08:58,277 is... 255 00:08:58,993 --> 00:09:00,424 I have no idea what that is. Does 256 00:09:00,424 --> 00:09:02,572 is anyone know what? It would be underneath 257 00:09:02,572 --> 00:09:03,231 the presidency, 258 00:09:03,764 --> 00:09:04,719 the executive branch. 259 00:09:05,609 --> 00:09:08,422 Right. But but it's 1 to really exist 260 00:09:08,799 --> 00:09:10,314 agencies is so fast. Though that's the... Yeah. 261 00:09:10,474 --> 00:09:11,909 Like, think about it as, like Department of 262 00:09:12,149 --> 00:09:13,504 Interior, Department of Transport, 263 00:09:14,701 --> 00:09:14,781 okay. 264 00:09:15,514 --> 00:09:16,952 Could be the Epa or something like that. 265 00:09:17,192 --> 00:09:19,030 Yeah. Yes. I have a little gotcha. I 266 00:09:19,030 --> 00:09:20,548 have a list. Do you want it? No. 267 00:09:20,788 --> 00:09:21,826 God. No. Please don't. 268 00:09:23,598 --> 00:09:25,426 Is it just a random list of every 269 00:09:25,426 --> 00:09:28,048 3 letter algorithm There's some 4 letters in 270 00:09:28,048 --> 00:09:31,702 here We're fours? Maybe some fives. AACUS. 271 00:09:32,274 --> 00:09:34,019 Okay. There's actually not that many. There's actually 272 00:09:34,019 --> 00:09:35,922 not that. Oh, there's there's some long ones. 273 00:09:36,160 --> 00:09:38,778 There's ones that d the DFB. 274 00:09:38,936 --> 00:09:40,126 You don't know who that is. You know 275 00:09:40,126 --> 00:09:42,127 that. The... Do you think this a fancy 276 00:09:42,127 --> 00:09:45,701 color facility safe that's right. Everyone in chat 277 00:09:45,701 --> 00:09:47,924 goes look at the list and see what 278 00:09:47,924 --> 00:09:49,532 who you think were targeting with the Pen 279 00:09:49,532 --> 00:09:51,049 test because there's some pretty funny ones in 280 00:09:51,049 --> 00:09:51,208 here. 281 00:09:52,406 --> 00:09:52,964 Fine art. 282 00:09:54,082 --> 00:09:55,779 I hope it was them. I hope there's 283 00:09:56,237 --> 00:09:58,406 just stellar. They What is that? It's like, 284 00:09:58,566 --> 00:10:00,001 oh, yeah. We have a is it fresh? 285 00:10:00,240 --> 00:10:01,995 Like, the what's the goal of the Pent 286 00:10:01,995 --> 00:10:03,670 test? The steal the mona Lisa Like I 287 00:10:03,670 --> 00:10:05,505 don't know. Anyway. Is definitely the marine mammal. 288 00:10:05,744 --> 00:10:07,100 We don't have the mona lisa. 289 00:10:07,832 --> 00:10:09,664 Is not... Visits every once in a while, 290 00:10:09,744 --> 00:10:11,974 bro. Yes. That's why it's it... That's that's 291 00:10:11,974 --> 00:10:12,213 why. 292 00:10:13,329 --> 00:10:14,285 Yeah yeah anyway. 293 00:10:15,019 --> 00:10:16,537 So... But this brings up a couple of 294 00:10:16,537 --> 00:10:18,215 different things that are kind of frustrating for 295 00:10:18,215 --> 00:10:19,414 me, and I'm gonna try not to get 296 00:10:19,414 --> 00:10:20,713 too rant, but 297 00:10:21,172 --> 00:10:23,010 why is just a doing pen testing of 298 00:10:23,010 --> 00:10:25,654 any kind? Like... And we we see this 299 00:10:25,654 --> 00:10:27,563 from time to time. There's organizations that we 300 00:10:27,563 --> 00:10:29,233 work with where Sis comes in, whether it's 301 00:10:29,233 --> 00:10:30,665 on the soccer on the Pent test side. 302 00:10:31,158 --> 00:10:32,512 Where are we hear it's like, well Sis 303 00:10:32,512 --> 00:10:33,786 was hear a month ago and they did 304 00:10:33,786 --> 00:10:35,936 our pen test? Why is a government agency 305 00:10:35,936 --> 00:10:37,767 doing pen testing? I don't know. I like 306 00:10:37,767 --> 00:10:39,280 it. I like it. You don't like it? 307 00:10:39,772 --> 00:10:41,758 No. I don't. I because I I like 308 00:10:41,758 --> 00:10:43,688 it because it's like, it's just the baseline 309 00:10:43,823 --> 00:10:45,491 pen test. Yeah. But they still call it 310 00:10:45,491 --> 00:10:47,159 a pen test, and a lot of times 311 00:10:47,159 --> 00:10:49,404 well, wait. I've seen some Ci pen tests 312 00:10:49,404 --> 00:10:50,201 that are pretty solid. 313 00:10:50,839 --> 00:10:52,115 But I've also seen a bunch of them 314 00:10:52,115 --> 00:10:54,268 that are literally ness results. And No No. 315 00:10:54,507 --> 00:10:56,660 That's. Whoa. Whoa. No. You're you're talking about. 316 00:10:56,914 --> 00:10:59,149 Showdown results there. That's this to be way 317 00:10:59,149 --> 00:11:01,783 too india. Yeah. I'm not even joking. Ci 318 00:11:01,783 --> 00:11:03,779 has that is the standard Ci test. It 319 00:11:03,779 --> 00:11:05,295 is we looked at Showdown and you are 320 00:11:05,295 --> 00:11:08,362 screwed. Which is genuinely, like, I would argue 321 00:11:08,500 --> 00:11:10,653 like, I tell Pen or just like, if 322 00:11:10,653 --> 00:11:12,088 you're not doing that, you weren't doing a 323 00:11:12,088 --> 00:11:13,842 good job. Like, you need to... Your first 324 00:11:13,842 --> 00:11:14,400 thing should be, 325 00:11:15,214 --> 00:11:17,691 obvious stuff. Right? Like, I I think they're 326 00:11:17,691 --> 00:11:19,848 actually kind of... I don't know. I'm... Maybe 327 00:11:20,008 --> 00:11:21,287 I'm biased. I don't know why I'm coming 328 00:11:21,287 --> 00:11:22,805 out in support of Si, but I am 329 00:11:22,805 --> 00:11:25,607 because I think, like, Right doing a baseline 330 00:11:25,607 --> 00:11:28,473 pen test, and also from my perspective, gives 331 00:11:28,473 --> 00:11:30,144 us a chance to say, oh, you had 332 00:11:30,144 --> 00:11:31,993 a cis pen test. We're about to blow 333 00:11:31,993 --> 00:11:34,548 your mind. Right? Like, we're about to 02:10, 334 00:11:34,707 --> 00:11:36,005 like, you know what I needed 335 00:11:37,342 --> 00:11:40,136 expectation. Yeah. So you're there it's free the 336 00:11:40,136 --> 00:11:42,539 market free. I got it. Yeah. They they 337 00:11:42,539 --> 00:11:44,767 are free. So I'm I'm... I definitely support 338 00:11:44,767 --> 00:11:46,357 the government giving out free Pent tests. Of 339 00:11:46,357 --> 00:11:47,764 all the things they could give out. And 340 00:11:48,044 --> 00:11:49,718 Like, to the people who can't afford vent 341 00:11:49,718 --> 00:11:51,234 test or don't know how or whatever. 342 00:11:51,792 --> 00:11:53,227 I'm here for it. I need a Test. 343 00:11:53,387 --> 00:11:54,822 I'm gonna go ask them. I will say 344 00:11:54,822 --> 00:11:56,816 they're defense. It's a pretty nice report they 345 00:11:56,816 --> 00:11:58,901 published. Like, the actual blog post. It's got, 346 00:11:58,981 --> 00:12:00,653 like, something a good rundown of what they 347 00:12:00,653 --> 00:12:02,802 did. I... And and all of my testers 348 00:12:02,802 --> 00:12:04,314 at phi I are, like, hey, could we 349 00:12:04,314 --> 00:12:06,080 have a year and a half? Submit our 350 00:12:06,080 --> 00:12:06,239 reports. 351 00:12:08,785 --> 00:12:11,730 I'll I'll I'll give them anytime someone actually 352 00:12:11,730 --> 00:12:13,560 has a attack T in there and then 353 00:12:13,560 --> 00:12:15,570 links off to them. For some reason, that's 354 00:12:15,570 --> 00:12:17,730 just not common knowledge, but that's literally my 355 00:12:17,730 --> 00:12:19,570 favorite thing. Like, I 1 time got a 356 00:12:19,570 --> 00:12:20,309 text message 357 00:12:20,690 --> 00:12:22,129 from a red team, and they had the 358 00:12:22,129 --> 00:12:24,049 attack. Like, the the miter codes and I 359 00:12:24,049 --> 00:12:25,660 was like, I love you so much. This 360 00:12:25,660 --> 00:12:28,372 is the best. Yeah. No. I mean, it's 361 00:12:28,452 --> 00:12:30,127 Ci. So you... You know, the... I guess, 362 00:12:30,526 --> 00:12:32,201 how I see it is, I actually kind 363 00:12:32,201 --> 00:12:35,087 of like having a government level standard for, 364 00:12:35,167 --> 00:12:37,160 like, what is a Pen test? What is 365 00:12:37,160 --> 00:12:39,313 a Pen test report? Like, I think it's, 366 00:12:39,472 --> 00:12:40,509 you know, I don't want it to be, 367 00:12:40,589 --> 00:12:41,705 like, we have to do it this way, 368 00:12:41,785 --> 00:12:43,061 but I think it's cool to see, like, 369 00:12:43,554 --> 00:12:46,511 to base to benchmark yourself. Arguably, like, the 370 00:12:46,511 --> 00:12:48,210 government is... Should be the most transparent 371 00:12:49,068 --> 00:12:50,986 organization. Right? So, like, yeah We're not we're 372 00:12:50,986 --> 00:12:53,000 not gonna see Pen test reports from you 373 00:12:53,000 --> 00:12:55,559 know, trusted sec or black hills or other 374 00:12:55,559 --> 00:12:57,480 industry leaders, but no, we'll probably see it 375 00:12:57,480 --> 00:13:00,691 from Z. There was a, a website a 376 00:13:00,771 --> 00:13:02,944 Github repository that had a whole bunch 377 00:13:03,559 --> 00:13:04,059 of 378 00:13:04,674 --> 00:13:06,666 Pen test reports from different companies. Now a 379 00:13:06,666 --> 00:13:08,418 lot of more sample reports. I can't remember 380 00:13:08,418 --> 00:13:09,056 what was that? 381 00:13:10,187 --> 00:13:12,261 I remember. But those are all super old. 382 00:13:12,500 --> 00:13:14,095 Like, that's a Github repo, and those are 383 00:13:14,095 --> 00:13:14,653 all... They're... 384 00:13:15,451 --> 00:13:17,126 I don't know... I'm not a huge fan 385 00:13:17,126 --> 00:13:18,801 of those. I think this is actually more 386 00:13:18,801 --> 00:13:20,966 realistic. Of, like, what... Where things are at 387 00:13:20,966 --> 00:13:22,955 now. Yeah. Here we go. I don't know. 388 00:13:23,274 --> 00:13:24,092 Cool. And, 389 00:13:24,785 --> 00:13:26,059 Scott it. I've got it right here. I 390 00:13:26,059 --> 00:13:27,906 can share that there are some sources out 391 00:13:27,906 --> 00:13:30,219 there and updated in a while. You're. It's 392 00:13:30,219 --> 00:13:31,175 not holy moly. 393 00:13:32,132 --> 00:13:33,568 This is 1 of those things. There isn't 394 00:13:33,568 --> 00:13:35,800 anything that I would recommend someone actually look 395 00:13:35,800 --> 00:13:37,406 at. I mean, there... We actually do, by 396 00:13:37,406 --> 00:13:37,724 the way. 397 00:13:38,519 --> 00:13:41,223 We have a published sample report from Fernando. 398 00:13:41,382 --> 00:13:43,131 Right? That we've... That we share out, which 399 00:13:43,131 --> 00:13:43,926 is really awesome. 400 00:13:44,499 --> 00:13:44,999 But 401 00:13:45,776 --> 00:13:47,373 it's based on the cyber range. It's not 402 00:13:47,373 --> 00:13:49,549 based on a real op. It's not a 403 00:13:49,687 --> 00:13:52,322 6 months ago. Okay. It's not that. There's 404 00:13:52,322 --> 00:13:54,567 still stuff out there. These are... Yeah. These 405 00:13:54,567 --> 00:13:54,726 are... 406 00:13:55,681 --> 00:13:56,897 I guess, yeah. There's some 407 00:13:57,590 --> 00:14:00,317 more is better. When we're talking about reference 408 00:14:00,374 --> 00:14:01,646 material for a pen test. 409 00:14:02,379 --> 00:14:05,252 More is better. I mean, we'll leave shit. 410 00:14:05,492 --> 00:14:06,050 We're not here. 411 00:14:06,769 --> 00:14:08,365 Oh, man. No We're not. 412 00:14:09,722 --> 00:14:10,361 Fuck the? 413 00:14:11,653 --> 00:14:13,248 Get what no We're not because we don't 414 00:14:13,248 --> 00:14:15,401 publish our pen test reports because people paid 415 00:14:15,401 --> 00:14:17,656 good money for... Oh, we do have stamps 416 00:14:17,794 --> 00:14:18,613 samples. I 417 00:14:19,150 --> 00:14:21,796 I've redacted a bunch of samples reports. Oh, 418 00:14:21,955 --> 00:14:23,229 well, then we try out. 419 00:14:23,707 --> 00:14:25,538 Alright. I'll make a pull request after this. 420 00:14:27,210 --> 00:14:29,693 But... Yeah. I mean... Basically, I think First 421 00:14:29,693 --> 00:14:31,602 of all, I support the government red teaming 422 00:14:31,602 --> 00:14:33,511 agencies that probably otherwise are never gonna pay 423 00:14:33,511 --> 00:14:34,148 for a Bend test. 424 00:14:34,864 --> 00:14:36,136 Like the commission of Fine arts. 425 00:14:36,710 --> 00:14:39,350 I also support them publishing their results, not 426 00:14:39,350 --> 00:14:41,590 like the Test results, but the overall, like, 427 00:14:41,830 --> 00:14:43,610 here's how it says a red teams because 428 00:14:43,925 --> 00:14:45,524 While, we might read this and say, well, 429 00:14:45,684 --> 00:14:46,965 we already do all this stuff and more. 430 00:14:47,285 --> 00:14:49,045 A lot of Test shops are gonna say 431 00:14:49,045 --> 00:14:50,245 this is a lot of good ideas that 432 00:14:50,245 --> 00:14:51,858 we aren't doing. This is a lot of 433 00:14:51,858 --> 00:14:53,294 stuff that we aren't doing and they have 434 00:14:53,294 --> 00:14:55,050 now... They can go to their bosses and 435 00:14:55,050 --> 00:14:56,566 say, we need to do better at pen 436 00:14:56,566 --> 00:14:59,040 testing, Scissors is doing better pen tests than 437 00:14:59,040 --> 00:15:02,007 us. Alright. Like that is... So. I'd like 438 00:15:02,007 --> 00:15:03,522 a little bit more information like, how you 439 00:15:03,522 --> 00:15:05,516 said on who they actually tested. So then 440 00:15:05,516 --> 00:15:07,191 we can use this as, like the end 441 00:15:07,191 --> 00:15:08,866 of the year report for Ci. Be like, 442 00:15:08,946 --> 00:15:10,951 hey, here's all the pen testing we did. 443 00:15:11,110 --> 00:15:13,337 There's this number of people. Not... They don't 444 00:15:13,337 --> 00:15:15,008 have to give us the exact names. And 445 00:15:15,008 --> 00:15:17,410 here's the most common like, a tax we 446 00:15:17,410 --> 00:15:20,756 see. Like governor... Dvr. Yeah. Exactly. Exactly. Exactly. 447 00:15:20,915 --> 00:15:23,145 A Dvr from. I agree. I would love 448 00:15:23,145 --> 00:15:24,340 to move away from 449 00:15:24,738 --> 00:15:27,318 private company. Doing the Db. Db, 450 00:15:28,166 --> 00:15:30,331 it's good, but they gotta just 451 00:15:31,179 --> 00:15:33,081 swallow the pill and start using minor attack. 452 00:15:33,494 --> 00:15:35,246 Alright. Like, no more of this versus stuff. 453 00:15:35,406 --> 00:15:37,795 Like, we... Everyone else is switched. That's that's 454 00:15:37,795 --> 00:15:39,946 my 2. But the problem with the Dvr 455 00:15:39,946 --> 00:15:42,353 is... Well, there's many problems. The biggest about 456 00:15:42,353 --> 00:15:44,209 my thing is they just make up categories 457 00:15:44,267 --> 00:15:46,101 and then they build graphs in those categories. 458 00:15:46,341 --> 00:15:47,776 It's almost as bad as wearing a Mca 459 00:15:47,776 --> 00:15:49,371 t shirt. You know? Like, it's just right 460 00:15:49,371 --> 00:15:49,531 there. 461 00:15:50,342 --> 00:15:52,728 I don't really talking about. No No god. 462 00:15:53,047 --> 00:15:54,558 I'm not gonna go full back and be. 463 00:15:54,717 --> 00:15:55,910 It's fine. It's fine. 464 00:15:57,199 --> 00:15:58,953 Yeah. I think 1 1 notable item that 465 00:15:59,112 --> 00:16:01,824 I saw from this, Cis is the... You 466 00:16:01,824 --> 00:16:03,737 know, they they called out that they found, 467 00:16:03,817 --> 00:16:06,622 like, these cross organizational tag paths. So they 468 00:16:06,622 --> 00:16:09,165 found all these different partner organizations. And normally, 469 00:16:09,562 --> 00:16:11,390 on Pan test, you would go, oh, that's 470 00:16:11,390 --> 00:16:14,188 a... That's a partner organization like Stop. Like 471 00:16:14,188 --> 00:16:16,023 that is bet his time out do not 472 00:16:16,023 --> 00:16:18,336 attack the partner organization. And so it was 473 00:16:18,336 --> 00:16:19,293 like, well, actually, 474 00:16:19,851 --> 00:16:22,085 like, we have the authorization to, like, go 475 00:16:22,085 --> 00:16:24,992 after them too. So they did pivot into, 476 00:16:25,608 --> 00:16:26,427 these other, 477 00:16:27,362 --> 00:16:28,398 cross organizational, 478 00:16:29,355 --> 00:16:31,347 yeah, you know, partners. And I think that 479 00:16:31,347 --> 00:16:31,847 yielded 480 00:16:32,319 --> 00:16:34,629 a bit more insight because that's something that's 481 00:16:34,629 --> 00:16:37,121 unique that you don't go, hey, I compromised 482 00:16:37,258 --> 00:16:37,896 1 host, 483 00:16:38,931 --> 00:16:40,684 and, hey, there's a... It it has a 484 00:16:40,684 --> 00:16:43,434 trusted relationship with this partner. Let's let's compromise 485 00:16:43,495 --> 00:16:45,654 them. And then okay, from there, let's comp... 486 00:16:46,055 --> 00:16:48,535 You know, start chaining these partners because that's 487 00:16:48,535 --> 00:16:50,704 what attackers do. Partner is they're not going 488 00:16:50,704 --> 00:16:51,975 to sit there and go, Oh. Wait a 489 00:16:51,975 --> 00:16:54,040 minute. I got into 1 domain. This is 490 00:16:54,040 --> 00:16:56,741 some entirely different target altogether. No. No. No. 491 00:16:56,900 --> 00:16:57,933 We're gonna... We're we're... 492 00:16:59,059 --> 00:17:00,727 Threat actors, we have morals. We're not going 493 00:17:00,727 --> 00:17:02,236 to go after this other partner no matter 494 00:17:02,236 --> 00:17:03,586 how you so they are. No they're going 495 00:17:03,586 --> 00:17:04,697 to go after that other partner. 496 00:17:05,333 --> 00:17:07,318 Totally. Yeah. I mean, I I think that, 497 00:17:07,477 --> 00:17:08,930 like, I guess the way I I see 498 00:17:08,930 --> 00:17:10,369 it is in the industry a lot. I 499 00:17:10,369 --> 00:17:11,970 struggle with what what is a red team? 500 00:17:12,529 --> 00:17:14,529 I mean, like, you could ask 10 different 501 00:17:14,529 --> 00:17:15,890 people, what a red team is, and they 502 00:17:15,890 --> 00:17:17,663 would have 10 different definitions, but in my 503 00:17:17,663 --> 00:17:17,982 mind, 504 00:17:18,540 --> 00:17:19,816 this is what red team is. 505 00:17:20,534 --> 00:17:23,645 No scope or broad scope, including, like, just 506 00:17:23,645 --> 00:17:25,080 asking the company if you can hack 1 507 00:17:25,080 --> 00:17:27,049 of their vendors or their partners like, in 508 00:17:27,170 --> 00:17:29,490 them being like, yeah, sure. They're like, that 509 00:17:29,490 --> 00:17:30,850 is what a bread team should be. It 510 00:17:30,850 --> 00:17:31,509 should be 511 00:17:31,809 --> 00:17:34,610 broad scope. It should be opportunistic, and it 512 00:17:34,610 --> 00:17:36,458 should be long running. Right? Like that is... 513 00:17:36,696 --> 00:17:38,442 I I think it's... Well, it's not like 514 00:17:38,442 --> 00:17:40,822 a red team which is, oh, well, you 515 00:17:40,822 --> 00:17:42,410 know, we fished, and then we just didn't 516 00:17:42,410 --> 00:17:45,127 assume compromise. Like, it's actually. So you're saying 517 00:17:45,206 --> 00:17:47,279 Have no more 2 week engagements or a 518 00:17:47,279 --> 00:17:48,953 red. Yeah. That's kind of what we're trying 519 00:17:48,953 --> 00:17:51,504 to get away from. Right? Yeah They're, you 520 00:17:51,504 --> 00:17:53,193 know, red to the red tape books. Supposed 521 00:17:53,193 --> 00:17:55,267 to emulate what the attackers are doing, and 522 00:17:55,267 --> 00:17:57,043 this goes back to Corey coming to me 523 00:17:57,102 --> 00:17:58,458 couple what is a year and a half 524 00:17:58,458 --> 00:17:58,617 ago. 525 00:17:59,335 --> 00:18:00,691 And, like, you look at all the problems 526 00:18:00,691 --> 00:18:02,286 of red teaming. Like, you get a very 527 00:18:02,286 --> 00:18:04,608 tight scope and time. And that's the biggest 528 00:18:04,608 --> 00:18:05,585 limiting factor 529 00:18:06,038 --> 00:18:07,708 is the time is so tight. Like, 2 530 00:18:07,708 --> 00:18:09,559 weeks or 1 month, Like, an... And that 531 00:18:09,615 --> 00:18:11,761 adversary is not going to do that. Right? 532 00:18:12,000 --> 00:18:13,602 Scope They're gonna come in low and slow. 533 00:18:14,078 --> 00:18:15,904 It's like a customer says, hey, we want 534 00:18:15,904 --> 00:18:17,412 you guys to hack us like a real 535 00:18:17,412 --> 00:18:18,523 adversary wouldn't and we want you to do 536 00:18:18,523 --> 00:18:19,237 it in 1 week. 537 00:18:19,889 --> 00:18:21,967 And immediately, they pick up your password spray. 538 00:18:22,127 --> 00:18:24,124 Whenever an attacker will run the password spray 539 00:18:24,124 --> 00:18:26,122 over a month. You know, those are the 540 00:18:26,122 --> 00:18:27,800 types of things that you should be doing. 541 00:18:27,960 --> 00:18:30,124 Or The 1 that we talked about, Corey 542 00:18:30,124 --> 00:18:31,795 was a lot of times an attacker will 543 00:18:31,795 --> 00:18:35,056 sit and wait on a network, like, until 544 00:18:35,056 --> 00:18:37,223 an ect exploit comes available and then immediately 545 00:18:37,223 --> 00:18:38,737 they take advantage of that exploit. 546 00:18:39,375 --> 00:18:42,404 So totally, it's kinda you because I think 547 00:18:42,404 --> 00:18:44,093 it all started Corey with wix were all 548 00:18:44,093 --> 00:18:46,007 walking around and like, hey, red teaming sucks. 549 00:18:46,167 --> 00:18:47,363 We're not doing it the way it should 550 00:18:47,363 --> 00:18:49,357 be done in the industry, and we wanted 551 00:18:49,357 --> 00:18:51,829 to do something different, Continuous pump testing. Absolutely. 552 00:18:52,467 --> 00:18:54,238 I mean, I'm biased. But, like, you know, 553 00:18:54,477 --> 00:18:55,834 as an example right now, I'm just in 554 00:18:55,834 --> 00:18:57,989 1 of my customers ticketing systems just waiting 555 00:18:57,989 --> 00:18:59,825 for a good ticket. I'm just waiting for 556 00:18:59,825 --> 00:19:02,035 a ticket, I can. I... With either with 557 00:19:02,233 --> 00:19:03,902 either with credentials in it that I could 558 00:19:03,902 --> 00:19:05,491 just piggyback straight on or I'll just, like, 559 00:19:05,968 --> 00:19:07,716 inject a document where it really shouldn't be. 560 00:19:07,875 --> 00:19:10,417 Like that's that's Apt thinking. Right? I'm just, 561 00:19:10,497 --> 00:19:10,576 like, 562 00:19:11,389 --> 00:19:13,227 eventually, there be a ticket with Juicy info, 563 00:19:13,387 --> 00:19:15,624 and I will strike when the opportunity. But 564 00:19:15,624 --> 00:19:16,663 if you're doing a pen test, like, what 565 00:19:16,663 --> 00:19:17,862 do you do? You can't wait for a 566 00:19:17,862 --> 00:19:19,300 good jira a ticket to roll in. You 567 00:19:19,300 --> 00:19:21,385 gotta, like, know, you gotta you gotta get 568 00:19:21,385 --> 00:19:22,977 out. I wanna Wanna play a little bit 569 00:19:22,977 --> 00:19:24,886 of devil's advocate here if From the blue 570 00:19:24,886 --> 00:19:27,989 team side. Most red teams that we do 571 00:19:27,989 --> 00:19:29,618 go through. You know aren't 572 00:19:30,154 --> 00:19:33,102 very good at reporting or confirming that that 573 00:19:33,102 --> 00:19:33,841 is them 574 00:19:34,217 --> 00:19:36,859 when we find it. So we have to 575 00:19:36,859 --> 00:19:38,922 go in full instant response. Like, no 1... 576 00:19:39,161 --> 00:19:41,462 Like, no one's good. No one's good as 577 00:19:41,462 --> 00:19:43,446 you guys at, like, actually writing a report 578 00:19:43,446 --> 00:19:45,686 or giving that information. So when I'm out 579 00:19:45,686 --> 00:19:48,556 there building detection, and I come across some 580 00:19:48,556 --> 00:19:50,628 obviously blatant bad stuff, and I press the 581 00:19:50,628 --> 00:19:52,700 shit alarm. And then, like, oh, no, that's 582 00:19:52,700 --> 00:19:54,385 like, the actual red team that we're having, 583 00:19:54,544 --> 00:19:55,895 but we forgot to tell you about and 584 00:19:55,895 --> 00:19:57,722 forgot to report it because like, the team 585 00:19:57,722 --> 00:19:59,709 x y and z. Like, for the those... 586 00:19:59,868 --> 00:20:00,606 Those larger 587 00:20:00,981 --> 00:20:02,987 organizations, the communicate... That the red team is 588 00:20:02,987 --> 00:20:05,542 continuous. Like, I... I'm sure you guys have 589 00:20:05,542 --> 00:20:07,618 it down, but I haven't found anyone else 590 00:20:07,618 --> 00:20:09,773 who's communication. Is that great? Better for a 591 00:20:09,773 --> 00:20:12,124 days. So that all funny it's mentioned That'll... 592 00:20:12,741 --> 00:20:14,017 1 of the... Yeah, That's a feature of 593 00:20:14,017 --> 00:20:16,250 the continuous right team. Right? Like, we aren't 594 00:20:16,250 --> 00:20:18,005 showing up W Bam. Thank you, ma'am. We'll 595 00:20:18,005 --> 00:20:19,201 see you next year maybe. 596 00:20:20,158 --> 00:20:21,217 It... It's literally 597 00:20:21,769 --> 00:20:24,961 Corey can't run. Like, you know, we're doing 598 00:20:24,961 --> 00:20:26,957 those types of things. It's a year long 599 00:20:26,957 --> 00:20:28,973 contract. He can't just smoke bomb and. 600 00:20:30,722 --> 00:20:31,620 It's suit 601 00:20:32,314 --> 00:20:34,145 a literally. And then also the way that... 602 00:20:34,384 --> 00:20:36,056 And I've seen some other firms that kinda 603 00:20:36,056 --> 00:20:37,569 do this too? Like, I know I'm working 604 00:20:37,569 --> 00:20:40,295 with red siege. On a continuous red team 605 00:20:40,295 --> 00:20:41,652 and that's something that they're doing as well, 606 00:20:41,971 --> 00:20:43,727 wanna do shout out for other firms that 607 00:20:43,727 --> 00:20:46,734 are doing this. But when we're doing it 608 00:20:46,934 --> 00:20:49,568 the integration with the ticketing system. So if 609 00:20:49,568 --> 00:20:52,283 somebody like, hey, is Phi running an attack 610 00:20:52,283 --> 00:20:54,358 at the moment, there's somebody in that environment 611 00:20:54,358 --> 00:20:56,089 that can go into the ticketing system and 612 00:20:56,209 --> 00:20:58,367 see what our team is doing. Like. Yes. 613 00:20:58,607 --> 00:21:00,445 This is the other side of that, which 614 00:21:00,445 --> 00:21:02,123 brings back to kind of the big thing, 615 00:21:02,683 --> 00:21:04,201 Why the hell are we still reporting this 616 00:21:04,201 --> 00:21:06,530 crap in word team Like, 617 00:21:07,324 --> 00:21:08,990 III love the way that we do reporting 618 00:21:08,990 --> 00:21:11,529 at B. I think it's great. I... It's 619 00:21:11,529 --> 00:21:12,029 wonderful, 620 00:21:12,401 --> 00:21:14,306 but it all goes back to years ago. 621 00:21:14,639 --> 00:21:16,553 When we first started doing pen testing, when 622 00:21:16,633 --> 00:21:18,547 I first started doing it in, like, 2002, 623 00:21:18,707 --> 00:21:19,504 2003, 624 00:21:20,222 --> 00:21:21,817 it was literally if we hacked you, we 625 00:21:21,817 --> 00:21:23,731 got Shell, we were done. We're, like Got 626 00:21:23,731 --> 00:21:25,822 shell out you know, that was kind of 627 00:21:25,822 --> 00:21:26,561 the sole 628 00:21:27,259 --> 00:21:28,776 determination of whether or not we were successful. 629 00:21:29,334 --> 00:21:32,128 And when Ed kind of developed the new 630 00:21:32,128 --> 00:21:33,565 kind of way of doing reporting, 631 00:21:34,299 --> 00:21:36,220 wanna say 2006, 2007, 632 00:21:36,619 --> 00:21:37,740 a lot of it was to try to 633 00:21:37,740 --> 00:21:39,660 show value, but also to show that the 634 00:21:39,660 --> 00:21:41,259 people were putting in a good 40 hours 635 00:21:41,259 --> 00:21:43,273 of work in a week. So it's almost 636 00:21:43,273 --> 00:21:45,269 like that Gilbert cartoon. It's like, we wanna 637 00:21:45,269 --> 00:21:47,105 make sure that you're miserable in what you're 638 00:21:47,105 --> 00:21:49,580 doing and producing this workout, but hence the 639 00:21:49,580 --> 00:21:52,547 word document Pen test report was born. So 640 00:21:52,547 --> 00:21:54,055 now a customer can get this and be 641 00:21:54,055 --> 00:21:56,437 like, yes. This looks like 80 hours of 642 00:21:56,437 --> 00:21:56,913 work here. 643 00:21:58,183 --> 00:22:00,327 But it almost always had to be chopped 644 00:22:00,327 --> 00:22:02,335 up in the little bite. And then converted 645 00:22:02,335 --> 00:22:05,214 over into tickets for actual work items to 646 00:22:05,214 --> 00:22:06,974 get done. So it's kind of like at 647 00:22:06,974 --> 00:22:08,974 some point, the industry has gotta start skipping 648 00:22:08,974 --> 00:22:10,982 that step. It's and just start integrating with 649 00:22:10,982 --> 00:22:13,051 customers ticketing systems so that the work... The 650 00:22:13,051 --> 00:22:14,722 work items can get done faster. 651 00:22:15,199 --> 00:22:16,472 I I thought you're gonna go full blown. 652 00:22:16,631 --> 00:22:19,193 We're going as a an ad for. City 653 00:22:19,193 --> 00:22:20,969 or or. No. No. 654 00:22:21,665 --> 00:22:23,899 No. We're not using word. We're using notion 655 00:22:23,899 --> 00:22:26,291 from here out. No. No. I mean. Full 656 00:22:26,291 --> 00:22:28,365 disclosure. I, like, I we... I kinda derail 657 00:22:28,365 --> 00:22:30,631 the whole podcast, but pull disclosure did. And 658 00:22:30,689 --> 00:22:33,179 continuous spend testing uses Jira. We do not 659 00:22:33,236 --> 00:22:34,907 do a word doc. The word doc just 660 00:22:34,907 --> 00:22:36,992 says you got a Pen test. Whole Congrats. 661 00:22:37,311 --> 00:22:39,064 Now here's all the findings are in Jira. 662 00:22:39,542 --> 00:22:41,614 Yeah. Anyway, let's talk about At and T. 663 00:22:41,853 --> 00:22:43,686 Let's talk about breach. Yeah. Let's move on 664 00:22:43,686 --> 00:22:46,008 that. Let's let's let's talk about. So At 665 00:22:46,008 --> 00:22:47,677 and T, people might have heard of it. 666 00:22:47,995 --> 00:22:50,699 Large telecom company, a hundred and 10000000 customers 667 00:22:50,699 --> 00:22:51,891 had their records disclosed. 668 00:22:53,021 --> 00:22:54,535 I guess does anyone know is this tied 669 00:22:54,535 --> 00:22:56,288 to snowflake? I feel like yeah got it. 670 00:22:56,447 --> 00:22:58,996 You know, sounds like it is. Got it. 671 00:22:59,235 --> 00:23:01,466 What what what Keeps saying about it is 672 00:23:01,466 --> 00:23:03,705 that. Is that this is At and T, 673 00:23:03,943 --> 00:23:05,768 and if it's the same way that all 674 00:23:05,768 --> 00:23:07,990 these other snowflakes were they didn't have multi 675 00:23:07,990 --> 00:23:09,102 factor on their data lake. 676 00:23:09,991 --> 00:23:12,139 Absolutely. Yeah. What is At and T doing? 677 00:23:12,298 --> 00:23:14,685 I mean, this is At and T that 678 00:23:14,685 --> 00:23:17,868 spout security that spout, we are the best 679 00:23:17,868 --> 00:23:18,368 and 680 00:23:18,998 --> 00:23:21,793 No security on their back end data at 681 00:23:21,793 --> 00:23:24,268 all. Well, it's the third party risk management. 682 00:23:24,427 --> 00:23:25,625 Right? We talked about it at the beginning 683 00:23:25,625 --> 00:23:27,301 of the year as being the Cis is 684 00:23:27,301 --> 00:23:29,707 worst nightmare and it's totally expanding on that. 685 00:23:29,945 --> 00:23:32,332 Like, it's all about third party, and I 686 00:23:32,332 --> 00:23:34,161 will say, I've been talking about this to 687 00:23:34,161 --> 00:23:35,593 a few different people. And I think it's 688 00:23:35,593 --> 00:23:38,073 1 of those cases where, like, the business 689 00:23:38,073 --> 00:23:40,060 teams at a lot of these companies have 690 00:23:40,060 --> 00:23:42,841 huge sway. Right? Of like, Yeah. We we 691 00:23:42,841 --> 00:23:45,163 are the ones who get paid. So give 692 00:23:45,163 --> 00:23:46,917 us the tools we need to get paid. 693 00:23:47,236 --> 00:23:48,375 And I think snowflake 694 00:23:48,752 --> 00:23:50,905 oftentimes was the solution to that problem of, 695 00:23:51,384 --> 00:23:52,899 we need to have better... You know, I 696 00:23:52,899 --> 00:23:55,148 don't know, whatever pick your business thing. Better 697 00:23:55,148 --> 00:23:58,341 turnover, better, you know, marketing, better whatever. I 698 00:23:58,341 --> 00:24:00,656 think Snowflake was the solution to a business 699 00:24:00,656 --> 00:24:02,892 problem, and it the security team might have 700 00:24:02,892 --> 00:24:05,614 been cut out of that gus altogether. I'm 701 00:24:05,614 --> 00:24:07,442 just speculating here. I don't know specifically about 702 00:24:07,522 --> 00:24:09,270 At and T, but I think when the 703 00:24:09,270 --> 00:24:11,417 business team goes asking, a lot of the 704 00:24:11,417 --> 00:24:13,897 time the answer is yes, and it doesn't 705 00:24:13,897 --> 00:24:16,044 go through security. It's just... Oh, you guys 706 00:24:16,044 --> 00:24:17,635 need a data lake. Well Snowflakes gonna work. 707 00:24:17,953 --> 00:24:20,260 Okay. Cool. Like the thing you get with... 708 00:24:22,191 --> 00:24:23,947 There's the front doesn't go through security. The 709 00:24:23,947 --> 00:24:25,224 other thing that it kind of just screams 710 00:24:25,224 --> 00:24:26,661 to me is, like, what is the ongoing 711 00:24:26,661 --> 00:24:28,758 process for managing third party risk in those 712 00:24:28,817 --> 00:24:31,066 organizations? Because things are gonna get messed upfront, 713 00:24:31,225 --> 00:24:32,980 whether it's third party or whether it's something 714 00:24:32,980 --> 00:24:34,894 internally developed. And so, like, you've gotta have 715 00:24:34,894 --> 00:24:36,250 the 2 pieces of that. You've gotta have 716 00:24:36,250 --> 00:24:38,085 that initial piece, you know, early in your 717 00:24:38,085 --> 00:24:40,252 your deployment cycle. You've also gotta have some 718 00:24:40,252 --> 00:24:41,071 kind of a 719 00:24:41,608 --> 00:24:43,601 review process an audit process or whatever. 720 00:24:44,398 --> 00:24:45,354 You know, if he gets miss the front, 721 00:24:45,593 --> 00:24:47,427 hopefully within a year, somebody like, hey, we've 722 00:24:47,427 --> 00:24:48,039 got this 723 00:24:48,399 --> 00:24:51,355 data... This provider we're using for our our 724 00:24:51,355 --> 00:24:53,512 our cloud storage. How how do we connect 725 00:24:53,512 --> 00:24:55,131 to them? And like that 726 00:24:55,761 --> 00:24:58,248 actually come up somewhere for any of you 727 00:24:58,781 --> 00:25:00,076 more it's getting something 728 00:25:00,529 --> 00:25:00,768 worth. 729 00:25:01,880 --> 00:25:03,166 I don't think it's getting swept under the 730 00:25:03,166 --> 00:25:05,072 rug. I just think that the It infrastructures 731 00:25:05,072 --> 00:25:07,454 with all these Saas services, past services, Nas 732 00:25:07,454 --> 00:25:10,313 services, das services, whatever Ass server might be 733 00:25:10,313 --> 00:25:12,565 using swept I tell you about ad services? 734 00:25:12,805 --> 00:25:14,644 Saas services. That's what they are now for 735 00:25:14,644 --> 00:25:16,565 me. That's what they mean to me. I 736 00:25:16,565 --> 00:25:18,325 don't think that a lot of people... 737 00:25:18,818 --> 00:25:20,883 Like, whenever we're working with organizations, they had 738 00:25:20,883 --> 00:25:23,108 no idea, like, security teams or like, we're 739 00:25:23,108 --> 00:25:25,332 using snowflake, what the hell is snowflake. 740 00:25:25,888 --> 00:25:27,318 And it's not that it's getting swept under 741 00:25:27,318 --> 00:25:28,453 the rug, it's just 742 00:25:28,843 --> 00:25:30,513 somebody at some part of the company needed 743 00:25:30,513 --> 00:25:33,081 a thing, and they bop that thing, and 744 00:25:33,138 --> 00:25:35,604 dot It. A shadow It, and there's not 745 00:25:35,604 --> 00:25:37,845 a lot. Oh god. Help me. There needs 746 00:25:37,845 --> 00:25:40,618 to be more correlation between the accounts payable 747 00:25:40,618 --> 00:25:44,027 departments at organizations and the security where accounts 748 00:25:44,027 --> 00:25:46,035 payable away. Here's all the shit we're paying 749 00:25:46,035 --> 00:25:48,434 for and insecurities like, oh, snowflake? What the 750 00:25:48,434 --> 00:25:48,914 hell is that? 751 00:25:50,434 --> 00:25:52,355 I mean, honestly, that's funny because from the 752 00:25:52,355 --> 00:25:54,528 owner's perspective of a company that makes... Perfect 753 00:25:54,528 --> 00:25:55,804 sense. Like I never would think of like, 754 00:25:55,963 --> 00:25:57,478 oh, just look at accounts payable, like, who 755 00:25:57,478 --> 00:25:58,036 are we? 756 00:25:58,753 --> 00:26:00,587 I I do it all the time. I 757 00:26:00,587 --> 00:26:02,420 do it monthly. Erica sits down with me. 758 00:26:02,833 --> 00:26:04,920 It's my least favorite part of the month 759 00:26:04,976 --> 00:26:07,039 where Erica is just like, John, we need 760 00:26:07,039 --> 00:26:08,547 to talk about this and my god. It's 761 00:26:08,547 --> 00:26:10,872 the time the month again. And it's down. 762 00:26:11,419 --> 00:26:13,254 And she did start going through. She's like, 763 00:26:13,653 --> 00:26:15,168 do you know what this is? And I'm 764 00:26:15,168 --> 00:26:17,641 like, no. I don't 70000 dollars worth of 765 00:26:17,641 --> 00:26:19,475 stickers. Know what this rate. And it's like, 766 00:26:19,794 --> 00:26:20,990 I knew know what thought is. 767 00:26:21,803 --> 00:26:23,799 Why did we spend 75000 768 00:26:23,799 --> 00:26:26,513 dollars on, like, you know, inflatable monkeys? I'm 769 00:26:26,513 --> 00:26:29,088 like, I don't know Go ask Jason. I 770 00:26:29,546 --> 00:26:30,185 plan for that. 771 00:26:31,238 --> 00:26:33,792 But we do that and it's important because 772 00:26:33,792 --> 00:26:36,288 we have literally found those types of services 773 00:26:36,586 --> 00:26:39,300 where some random person at Black Hills information 774 00:26:39,300 --> 00:26:41,553 security. Paid for a service with their own 775 00:26:41,553 --> 00:26:44,589 credit card, it's registered under their personal email 776 00:26:44,589 --> 00:26:45,409 or their B 777 00:26:45,788 --> 00:26:48,265 email. Systems has no awareness of what it 778 00:26:48,265 --> 00:26:50,594 is, and literally, there's a whole bunch of 779 00:26:50,594 --> 00:26:53,088 data in there that's like super sensitive. And 780 00:26:53,306 --> 00:26:54,821 we're a small company of like a hundred 781 00:26:54,821 --> 00:26:57,214 and 50 people. I can only imagine how 782 00:26:57,214 --> 00:26:59,143 bad that is at At and T. Yeah. 783 00:26:59,303 --> 00:27:00,978 Well, the other thing, I would say from 784 00:27:00,978 --> 00:27:02,892 a security Team's perspective, I'm so sick of 785 00:27:02,892 --> 00:27:04,407 talking about sierra logs, but I'm gonna do 786 00:27:04,407 --> 00:27:06,401 it again. Oh, go. Oh, my god. It's 787 00:27:06,401 --> 00:27:09,605 not hard. It's not that hard. Like, okay. 788 00:27:10,242 --> 00:27:12,812 It's not that hard to just monitor the 789 00:27:12,870 --> 00:27:15,338 credentials that come over the wire. Like, you 790 00:27:15,338 --> 00:27:16,930 might not know you have snowflake, but if 791 00:27:16,930 --> 00:27:19,581 a... At at t t dot com email 792 00:27:19,581 --> 00:27:21,978 pops in a s log. You gotta go 793 00:27:21,978 --> 00:27:24,548 remediate it. Like, it's not... It's just not 794 00:27:24,548 --> 00:27:26,060 not horrible. I I was gonna say 1 795 00:27:26,060 --> 00:27:28,926 of my worst fears. Right? Is not, like, 796 00:27:29,404 --> 00:27:31,974 go going dark web stuff. Right? Seeing your 797 00:27:32,031 --> 00:27:34,273 credentials. Are from your company on the Dark 798 00:27:34,273 --> 00:27:36,898 web, but it's nobody who works at your 799 00:27:36,898 --> 00:27:39,442 site. So it's that third party person. So 800 00:27:39,442 --> 00:27:41,845 you got a new credentials Well, dude, I've 801 00:27:42,004 --> 00:27:43,142 I've seen it at different 802 00:27:43,678 --> 00:27:45,988 organizations, and sometimes they're like just nuke nuke 803 00:27:45,988 --> 00:27:47,661 their credentials right away? Like, okay, what did 804 00:27:47,661 --> 00:27:49,493 they have access to? And then they realize 805 00:27:49,493 --> 00:27:51,182 we have no clue. We don't even know, 806 00:27:51,421 --> 00:27:52,855 like, we know the login portal, but we 807 00:27:52,855 --> 00:27:54,609 don't know how Deep it goes. And now 808 00:27:54,609 --> 00:27:56,203 we have to, like, do a full investigation 809 00:27:56,203 --> 00:27:57,877 has someone already logged in. Where do they 810 00:27:57,877 --> 00:27:59,888 log in? We have to figure out that 811 00:27:59,888 --> 00:28:01,965 whole third party vendor, tell them to nuke 812 00:28:01,965 --> 00:28:04,361 everything they got. It's... Oh, that's the part. 813 00:28:04,601 --> 00:28:06,372 Right? If you're not. Let's say you're not 814 00:28:06,372 --> 00:28:07,647 gonna a new call the credentials you get 815 00:28:07,647 --> 00:28:09,800 in steal logs, which you should. You should 816 00:28:09,800 --> 00:28:11,018 at least have immediately. 817 00:28:13,228 --> 00:28:13,627 Monitor. 818 00:28:14,759 --> 00:28:17,156 I'm dying. You'll be okay with you okay. 819 00:28:19,554 --> 00:28:22,351 So what do you think about the 370000 820 00:28:22,351 --> 00:28:24,681 dollars that they paid to have it what 821 00:28:24,681 --> 00:28:26,453 supposedly deleted. What 822 00:28:26,987 --> 00:28:30,328 supposedly. Yeah. Cheap... We've deleted this copy. 823 00:28:31,218 --> 00:28:32,170 Yeah. We deleted this. 824 00:28:33,678 --> 00:28:35,820 My my my my my thinking on it 825 00:28:35,820 --> 00:28:38,121 is, what a dumb criminal if they're only 826 00:28:38,121 --> 00:28:39,644 asking 370000. 827 00:28:39,882 --> 00:28:42,660 That's what I on Twitter and stuff. It's 828 00:28:42,660 --> 00:28:45,439 just like, how was it that cheap? Unless 829 00:28:45,439 --> 00:28:46,947 have been, like, someone ill. 830 00:28:47,439 --> 00:28:49,434 An inexperienced who got lucky with the Cr 831 00:28:49,434 --> 00:28:51,690 and they're like, alright. I'll just take just 832 00:28:51,908 --> 00:28:54,462 instant payout. Just real quick getting out. 833 00:28:55,340 --> 00:28:56,795 Like Well, they did get paid. Right? 834 00:28:58,234 --> 00:28:58,734 Apparently, 835 00:28:59,355 --> 00:28:59,855 that 836 00:29:00,234 --> 00:29:02,075 hey, and even in that that bio line 837 00:29:02,075 --> 00:29:04,075 that has touch wiggle room in there that... 838 00:29:04,409 --> 00:29:05,387 The researcher 839 00:29:06,243 --> 00:29:09,035 says he believes the only copy. Like, that 840 00:29:09,035 --> 00:29:09,194 is... 841 00:29:09,912 --> 00:29:12,066 That is complete legally Wiggle room there. Like, 842 00:29:12,146 --> 00:29:14,060 well, I believe is the only copy. Like, 843 00:29:14,948 --> 00:29:17,010 being only hobby. We could be back here 844 00:29:17,010 --> 00:29:18,516 in like, you know, 3 bunk being like, 845 00:29:18,754 --> 00:29:20,975 hey. Guess what? Like, the... Here's all the 846 00:29:20,975 --> 00:29:21,609 information that was... 847 00:29:22,658 --> 00:29:24,731 Supposedly deleted. That's not out there. The security 848 00:29:24,731 --> 00:29:25,768 research you can be like, wow, you know 849 00:29:25,847 --> 00:29:27,942 I said, I believe the only copy 850 00:29:28,319 --> 00:29:28,819 was 851 00:29:29,356 --> 00:29:32,635 deleted. Yeah. IIII 852 00:29:32,635 --> 00:29:34,540 think that that's funny, but, I don't know. 853 00:29:34,699 --> 00:29:35,652 Honestly, like... 854 00:29:36,446 --> 00:29:38,589 So do we trust what At and T 855 00:29:38,589 --> 00:29:40,257 is saying was stolen? Like, 856 00:29:40,828 --> 00:29:43,137 it was just call history, text history, 857 00:29:43,535 --> 00:29:45,229 not actual contents, 858 00:29:45,923 --> 00:29:47,196 or do we think that there might be 859 00:29:47,196 --> 00:29:50,179 more in this. Like, I don't get nervous 860 00:29:50,714 --> 00:29:50,794 more. 861 00:29:51,829 --> 00:29:52,068 It is. 862 00:29:53,023 --> 00:29:54,775 Even if it is just what they say, 863 00:29:55,014 --> 00:29:56,606 it's still plenty enough data. 864 00:29:57,178 --> 00:29:57,678 Or 865 00:29:58,448 --> 00:30:00,274 anybody to go and do bad with it? 866 00:30:00,989 --> 00:30:02,918 Come on. I mean, how many years 867 00:30:03,688 --> 00:30:06,326 years ago All I needed was your last 868 00:30:06,326 --> 00:30:09,030 name and your Zip code. Yep. And I 869 00:30:09,030 --> 00:30:11,178 can go in and get everything else. Come 870 00:30:11,178 --> 00:30:13,760 on. Yeah. Yeah. I mean, I think they 871 00:30:13,816 --> 00:30:16,120 argue like, why even have the data lake 872 00:30:16,120 --> 00:30:18,107 at this... Like, what is the... III don't 873 00:30:18,107 --> 00:30:18,663 know. I mean... 874 00:30:19,473 --> 00:30:20,988 1 of the... I feel like data lakes 875 00:30:20,988 --> 00:30:22,900 are kind of just like the graveyard of 876 00:30:22,900 --> 00:30:25,530 bit data? Like, they're... How many companies are 877 00:30:25,530 --> 00:30:27,774 actually doing something with it. I just think 878 00:30:27,774 --> 00:30:29,681 they like collecting data. I think it sounds 879 00:30:29,681 --> 00:30:32,620 badass whenever you're like, whoa, or data lake 880 00:30:32,620 --> 00:30:35,241 has 64 pet of logs in it. It 881 00:30:35,241 --> 00:30:38,204 just... Sounds cool. It it's not really useful. 882 00:30:39,479 --> 00:30:42,347 Auditor It's it's... Audits. All the... It's say 883 00:30:42,347 --> 00:30:44,578 it's huge of. Right? In a huge matter 884 00:30:44,578 --> 00:30:47,061 of. But it's badass ass. It's like those 885 00:30:47,061 --> 00:30:48,414 cars that they try to get as low 886 00:30:48,414 --> 00:30:50,642 to the ground as they possibly end. No. 887 00:30:50,960 --> 00:30:53,444 Think it sound... They think it's cool. It's 888 00:30:53,444 --> 00:30:56,721 really not, and it's absolutely not useful. That's 889 00:30:56,721 --> 00:30:58,798 what a data lake is. And I also 890 00:30:58,798 --> 00:31:00,477 think that we're moving away from data lakes. 891 00:31:00,717 --> 00:31:02,395 I'm still waiting for someone that comes up 892 00:31:02,395 --> 00:31:04,589 with a data ocean. We're late. 893 00:31:06,890 --> 00:31:10,089 It's way salty. It is so. So salty. 894 00:31:10,344 --> 00:31:12,659 So so. Years ago, years ago, John, I 895 00:31:12,659 --> 00:31:14,814 worked with a guy. I worked for a 896 00:31:14,814 --> 00:31:17,048 company, and the owner of the company was 897 00:31:17,048 --> 00:31:20,037 so proud of the fact. That our data 898 00:31:20,095 --> 00:31:21,632 retention policy would save 899 00:31:22,009 --> 00:31:22,509 everything. 900 00:31:22,966 --> 00:31:24,025 So we had 901 00:31:24,801 --> 00:31:28,151 millions of records in in the main production 902 00:31:28,151 --> 00:31:31,861 database and probably 3 quarters of those records 903 00:31:32,160 --> 00:31:34,897 had not been touched or accessed in 904 00:31:35,356 --> 00:31:35,856 years. 905 00:31:36,568 --> 00:31:38,715 Yeah. Years and years. And and lawyers are 906 00:31:38,715 --> 00:31:41,021 like, I'm sorry. What? You have what? 907 00:31:42,135 --> 00:31:43,964 Just post it out. I just went through 908 00:31:43,964 --> 00:31:46,325 real fast. It said hoard. The the It 909 00:31:47,002 --> 00:31:49,154 that show. Yeah. Where, like, why are you... 910 00:31:49,553 --> 00:31:51,306 Why are you... The... And that you could 911 00:31:51,306 --> 00:31:53,298 just see these people get excited about Microsoft 912 00:31:53,538 --> 00:31:55,229 Recall. They're, like, This is what I've been 913 00:31:55,229 --> 00:31:55,948 waiting for my whole line. 914 00:31:57,466 --> 00:31:59,544 Yeah. I mean, it's like, it's the whole 915 00:31:59,544 --> 00:32:01,382 data science thing, like, okay. Let's say you're 916 00:32:01,382 --> 00:32:02,661 handed this dataset. 917 00:32:03,060 --> 00:32:05,306 Like... What are you gonna do? Like, did 918 00:32:05,306 --> 00:32:07,694 you know that 14 percent of people call 919 00:32:07,694 --> 00:32:10,479 everyone after 9PM. It's like, great. I don't 920 00:32:10,479 --> 00:32:11,298 care. Hey 921 00:32:12,151 --> 00:32:15,274 Okay. Like, thank you. They never my how? 922 00:32:15,912 --> 00:32:18,145 Yeah. Yeah. I don't know. I mean, I 923 00:32:18,145 --> 00:32:19,204 but 1 of the 924 00:32:19,740 --> 00:32:21,814 Here's the. Here's the thought with that sort 925 00:32:21,814 --> 00:32:22,771 of data though. 926 00:32:23,743 --> 00:32:26,453 This number got texted by this number and 927 00:32:26,453 --> 00:32:29,084 replied back to it. This number texted this 928 00:32:29,084 --> 00:32:30,837 number got a call from this number and 929 00:32:30,837 --> 00:32:31,156 answered it. 930 00:32:31,969 --> 00:32:34,361 If that data is out there with how 931 00:32:34,361 --> 00:32:36,036 easy it is to spoof numbers. 932 00:32:36,914 --> 00:32:38,929 Wouldn't that allow for easier 933 00:32:40,184 --> 00:32:40,822 whatever is 934 00:32:41,380 --> 00:32:43,715 Doing out there. Yeah. III think you're absolutely 935 00:32:43,715 --> 00:32:46,355 right, but also think about, like, every divorce 936 00:32:46,355 --> 00:32:48,755 or almost every divorce that's being processed right 937 00:32:48,755 --> 00:32:50,599 now. Where all of a sudden you have 938 00:32:50,599 --> 00:32:53,134 that, like, the records of text numbers and, 939 00:32:53,293 --> 00:32:53,451 like, 940 00:32:54,481 --> 00:32:56,383 Yeah. Yeah. Or you're a reporter. 941 00:32:57,114 --> 00:32:59,189 And you're trying to figure out which political 942 00:32:59,189 --> 00:33:01,504 person talking with another political person. I mean, 943 00:33:01,664 --> 00:33:04,000 there is a yeah. The privacy the privacy 944 00:33:04,378 --> 00:33:05,575 implications here are really bad. 945 00:33:06,469 --> 00:33:07,907 Believe were you gonna say something about that? 946 00:33:08,307 --> 00:33:10,225 Gonna say, basically the same. Like, you could 947 00:33:10,225 --> 00:33:11,823 look up with those cold records, and you 948 00:33:11,823 --> 00:33:13,981 could find, like, z phone number that John 949 00:33:14,141 --> 00:33:16,233 Str will answer that will take a call 950 00:33:16,233 --> 00:33:17,911 from. When he's on the air. Like, there 951 00:33:17,911 --> 00:33:20,148 are some phone numbers that John will go... 952 00:33:20,468 --> 00:33:21,826 He'll he'll drop from the call and go, 953 00:33:21,986 --> 00:33:23,838 I gotta take this call right now, And 954 00:33:23,838 --> 00:33:25,031 then it it turns out to be a, 955 00:33:25,111 --> 00:33:26,145 hey hate we've been trying to reach you 956 00:33:26,145 --> 00:33:28,849 about your card extended warranty. And that would 957 00:33:28,849 --> 00:33:29,247 be good. 958 00:33:30,932 --> 00:33:32,360 But but you could. You could look up 959 00:33:32,360 --> 00:33:35,003 that dataset and be able to get through. 960 00:33:35,931 --> 00:33:38,391 Yeah. So Ryan just linked to a super 961 00:33:38,391 --> 00:33:40,952 relevant, I think, article, which is the whole 962 00:33:40,952 --> 00:33:42,387 concept of dark patterns. 963 00:33:42,944 --> 00:33:44,697 This is actually what we're talking about. We 964 00:33:44,697 --> 00:33:46,291 just don't know what we're talking about. It's 965 00:33:46,291 --> 00:33:49,090 like the concept of dark patterns ryan a 966 00:33:49,090 --> 00:33:52,215 link the article, but essentially, it's like behavior 967 00:33:52,272 --> 00:33:52,590 mining, 968 00:33:53,625 --> 00:33:56,025 and kind of like trying to know, the 969 00:33:56,025 --> 00:33:57,612 the... I think the example that gives in 970 00:33:57,612 --> 00:33:59,278 the thing is, like, how hard it is 971 00:33:59,278 --> 00:34:01,182 to cancel Amazon Prime, Like, I don't know 972 00:34:01,182 --> 00:34:02,214 if it's a meme or if it's true, 973 00:34:02,373 --> 00:34:04,137 but you I've heard that at 1 point 974 00:34:04,137 --> 00:34:06,046 the code name for canceling prime was 975 00:34:06,682 --> 00:34:07,477 operation labyrinth. 976 00:34:08,830 --> 00:34:09,546 Oh, wow. 977 00:34:10,679 --> 00:34:12,280 About all you gotta say to get him 978 00:34:12,280 --> 00:34:14,780 to cancel. No. No. They was that their 979 00:34:15,000 --> 00:34:18,232 code name. Yeah. Internal code name was... Labyrinth 980 00:34:18,446 --> 00:34:20,931 because it was very difficult to cancel 981 00:34:21,860 --> 00:34:24,242 Puts you the customer in the labyrinth. Yes. 982 00:34:24,559 --> 00:34:27,038 You are going through the Labyrinth. So Basically, 983 00:34:27,198 --> 00:34:30,072 this is about pattern mining of, like... And 984 00:34:30,231 --> 00:34:32,865 I think we see this transparent with things 985 00:34:32,865 --> 00:34:35,181 like subscription services. Right? Like, Yeah. 986 00:34:35,992 --> 00:34:37,047 Most companies 987 00:34:37,419 --> 00:34:39,244 would rather take, you know, 988 00:34:40,037 --> 00:34:42,416 7 99 a month in a 30 days 989 00:34:42,416 --> 00:34:43,606 versus 7 99, 990 00:34:43,939 --> 00:34:45,932 or a month now with no renewal. Right? 991 00:34:46,092 --> 00:34:48,564 Like, everyone would rather give you a trial 992 00:34:48,564 --> 00:34:50,477 and give you a permanent subscription that you 993 00:34:50,477 --> 00:34:52,232 then forget about because that's 1 of the 994 00:34:52,232 --> 00:34:52,732 behaviors 995 00:34:53,203 --> 00:34:54,956 forgetting about subscriptions that we have. 996 00:34:56,231 --> 00:34:58,144 And, you know, or just, like, that's a 997 00:34:58,144 --> 00:34:59,738 great example of, like... But I think there's 998 00:34:59,738 --> 00:35:01,821 a lot more Right? And maybe At and 999 00:35:01,980 --> 00:35:03,568 T was going after some of that data 1000 00:35:03,568 --> 00:35:05,394 of, like, well, what, you know, 1001 00:35:06,268 --> 00:35:08,570 things get people to engage more or use 1002 00:35:08,570 --> 00:35:10,653 their phones more with things... Like, how can 1003 00:35:10,653 --> 00:35:13,686 we prevent people from switching providers or I 1004 00:35:13,686 --> 00:35:14,963 don't know, like, what, I don't know what 1005 00:35:14,963 --> 00:35:17,039 their, like, business goals would be, but... If 1006 00:35:17,039 --> 00:35:19,049 we just sponsoring my rocket money? That's... Be 1007 00:35:19,049 --> 00:35:19,608 the perfect time. 1008 00:35:20,564 --> 00:35:22,478 I mean, I can see someone doing some 1009 00:35:22,478 --> 00:35:24,711 serious analysis and being able to get that, 1010 00:35:24,871 --> 00:35:27,183 but but in terms of dark patterns, I 1011 00:35:27,183 --> 00:35:29,592 really think it's just. Be people being greedy 1012 00:35:29,592 --> 00:35:31,188 and wanting to make sure that it's as 1013 00:35:31,188 --> 00:35:33,900 hard as possible. I mean, I've I've had 1014 00:35:33,900 --> 00:35:34,400 to 1015 00:35:35,257 --> 00:35:35,996 go through 1016 00:35:36,470 --> 00:35:38,150 make a phone call, 1017 00:35:38,789 --> 00:35:41,369 go through the voicemail mail 1018 00:35:42,150 --> 00:35:44,550 navigation thing in order to finally get to 1019 00:35:44,550 --> 00:35:47,284 a human to cancel something that was a 1020 00:35:47,284 --> 00:35:49,065 200 dollars a year 1021 00:35:49,605 --> 00:35:50,105 subscription 1022 00:35:50,565 --> 00:35:53,465 that I could not cancel any other way 1023 00:35:53,778 --> 00:35:55,211 That sounds easy though. They didn't even make 1024 00:35:55,211 --> 00:35:57,839 you send an sole an envelope in written 1025 00:35:57,839 --> 00:36:00,307 in a written communication via snail mail or 1026 00:36:00,307 --> 00:36:02,954 something. No. I mean. I will say I 1027 00:36:02,954 --> 00:36:04,715 know for a fact. My life, I will 1028 00:36:04,715 --> 00:36:05,675 never get bad. 1029 00:36:06,315 --> 00:36:08,255 Well, I know for a fact that California 1030 00:36:08,555 --> 00:36:11,250 passed consumer protection laws that basically make it 1031 00:36:11,369 --> 00:36:12,327 so you have to be able to, like, 1032 00:36:12,487 --> 00:36:15,121 1 click cancel most services. That I don't 1033 00:36:15,121 --> 00:36:16,340 know if there were making 1034 00:36:16,798 --> 00:36:19,672 that the vendor is going to comply with 1035 00:36:19,672 --> 00:36:22,899 those laws. It's True. And Sure a car. 1036 00:36:23,515 --> 00:36:25,668 You gotta start Somewhere. Right? I mean, true. 1037 00:36:26,066 --> 00:36:28,219 You you gotta start somewhere. I I agree 1038 00:36:28,219 --> 00:36:29,907 with both of. I like that. Know, being 1039 00:36:29,907 --> 00:36:31,418 able to cancel things out quickly and easily. 1040 00:36:31,577 --> 00:36:33,009 And I also agree that the vendor gonna 1041 00:36:33,009 --> 00:36:34,520 be like, f that. We're gonna do that 1042 00:36:34,520 --> 00:36:36,405 until we get sued by the Ftc. You 1043 00:36:36,762 --> 00:36:37,001 Yes. 1044 00:36:37,637 --> 00:36:39,387 Because that's the way things work now. Like 1045 00:36:39,387 --> 00:36:41,933 like the bigger 1? This new story? I'm 1046 00:36:41,933 --> 00:36:43,699 lost. Where do we start? Was this still 1047 00:36:43,699 --> 00:36:44,199 like. 1048 00:36:46,260 --> 00:36:48,179 It's tech crunch. After c study really good. 1049 00:36:48,339 --> 00:36:49,480 They did the Ftc 1050 00:36:49,780 --> 00:36:52,753 published a study that talks about dark patterns, 1051 00:36:53,152 --> 00:36:56,109 manipulative design techniques. Oh, that put users privacy 1052 00:36:56,109 --> 00:36:58,846 at risk. So they analyze 600 websites offering 1053 00:36:59,065 --> 00:36:59,725 subscription services 1054 00:37:01,077 --> 00:37:02,913 So... Yeah, Like, basically, that... There is an 1055 00:37:02,913 --> 00:37:03,152 article. 1056 00:37:03,791 --> 00:37:05,865 Check out the Ftc report if you're interested. 1057 00:37:06,105 --> 00:37:08,100 But, essentially, it's just basically... 1058 00:37:08,593 --> 00:37:10,838 Saying, hey, this is rampant. This is used 1059 00:37:11,369 --> 00:37:12,662 widely, and 1060 00:37:13,114 --> 00:37:13,352 you know, 1061 00:37:14,066 --> 00:37:14,566 it's 1062 00:37:14,938 --> 00:37:16,549 potentially impacting not only people's 1063 00:37:17,018 --> 00:37:18,932 consumer, you know, like, I can't cancel my... 1064 00:37:19,172 --> 00:37:21,166 Like, Ron 1 said, that experience is horrible, 1065 00:37:21,485 --> 00:37:24,037 but also there's privacy implications as well of, 1066 00:37:24,117 --> 00:37:25,712 like, hey, you know, 1067 00:37:27,082 --> 00:37:28,673 sneaking or they they they have these fun 1068 00:37:28,673 --> 00:37:29,708 little names for all of them, 1069 00:37:30,822 --> 00:37:33,368 which are, like, remind me of, like, gas 1070 00:37:33,368 --> 00:37:35,675 light, gatekeeper, you know, girl boss or whatever, 1071 00:37:36,327 --> 00:37:37,782 you know, they have obstruction 1072 00:37:38,157 --> 00:37:39,271 sneaking. Nagging. 1073 00:37:39,669 --> 00:37:40,863 Like it's really funny. 1074 00:37:41,818 --> 00:37:42,693 Yeah. I mean, like, 1075 00:37:43,504 --> 00:37:45,899 As an example, they call about obstruction is, 1076 00:37:46,857 --> 00:37:48,613 making it more difficult or tedious to take 1077 00:37:48,613 --> 00:37:51,109 a certain action like canceling a subscription or 1078 00:37:51,168 --> 00:37:53,098 bypassing the sign up for free trial. Or 1079 00:37:53,098 --> 00:37:55,013 the x to close is grayed out and 1080 00:37:55,013 --> 00:37:56,927 hidden from view. So it's like all those 1081 00:37:56,927 --> 00:37:57,246 tactics. 1082 00:37:57,804 --> 00:37:59,639 We're all used to them because the Internet 1083 00:37:59,639 --> 00:38:01,713 sucks, but the Ftc is actually giving them 1084 00:38:01,713 --> 00:38:04,521 names and saying, Hey. Let's not do this 1085 00:38:04,521 --> 00:38:06,437 or let's at least expose what people are 1086 00:38:06,437 --> 00:38:08,932 doing to make it more transparent. So 1087 00:38:09,710 --> 00:38:12,025 can they do this, like, 04:01 providers? 1088 00:38:12,519 --> 00:38:14,114 You know, like, they they... Oh, god. They 1089 00:38:14,114 --> 00:38:16,188 don't they don't transfer that you... They have 1090 00:38:16,188 --> 00:38:17,783 to mail you a check, and then you 1091 00:38:17,783 --> 00:38:19,378 have to send it to the next 04:01 1092 00:38:19,378 --> 00:38:20,974 k people. Like, I was like, what kind 1093 00:38:20,974 --> 00:38:23,302 of madness is this? Please do not send 1094 00:38:23,302 --> 00:38:24,658 me a check for that large amount of 1095 00:38:24,658 --> 00:38:27,072 money, like, you can't just move it, but 1096 00:38:27,131 --> 00:38:28,886 so I think that would definitely fall under 1097 00:38:28,886 --> 00:38:30,253 this. And I mean, 1098 00:38:31,046 --> 00:38:33,187 yeah. It's not technical. Right, but it's definitely, 1099 00:38:33,266 --> 00:38:35,170 like, they have they have the ability. That's... 1100 00:38:35,407 --> 00:38:36,914 Probably on the other side though where they 1101 00:38:36,914 --> 00:38:38,920 do it that... Way because they either have 1102 00:38:38,920 --> 00:38:40,196 to or they're not willing to take on 1103 00:38:40,196 --> 00:38:41,393 the risk to just send it to your 1104 00:38:41,393 --> 00:38:43,626 bank account? That's a good. They probably would 1105 00:38:43,626 --> 00:38:45,221 be, like, sorry. Whose bank account are we 1106 00:38:45,221 --> 00:38:46,817 sending this to? Or, you know, I don't 1107 00:38:46,817 --> 00:38:46,896 know. 1108 00:38:49,062 --> 00:38:51,132 Alright. He guys another article. There's so many 1109 00:38:51,132 --> 00:38:53,043 hacks. I would definitely keep talking about hacks. 1110 00:38:53,361 --> 00:38:54,874 Do the first. Yeah. We need to keep 1111 00:38:54,874 --> 00:38:56,965 on that. I loved. Siege sec. I'm so 1112 00:38:56,965 --> 00:38:58,085 sad that they dis banned. 1113 00:38:59,284 --> 00:39:00,724 Hey. What about club penguin? 1114 00:39:01,844 --> 00:39:03,605 Club penguin is pretty good too though. 1115 00:39:04,244 --> 00:39:06,734 So... Okay. So basically, 1116 00:39:07,132 --> 00:39:08,567 yeah. Which 1 are we talking about? Both? 1117 00:39:09,523 --> 00:39:11,514 But, do we the stripe club penguin 1 1118 00:39:11,514 --> 00:39:13,915 at the the was? Story. Okay. Let's talk 1119 00:39:13,915 --> 00:39:16,398 about club. That's where people are going. So 1120 00:39:16,930 --> 00:39:19,016 does anyone... It's a picture of the? 1121 00:39:19,389 --> 00:39:21,866 It's further down. It's in bigger the the 1122 00:39:21,866 --> 00:39:23,377 good way. When is... I feel like John's 1123 00:39:23,377 --> 00:39:24,889 at the age were, like, he were doing 1124 00:39:24,889 --> 00:39:27,195 club for someone is, like Mickey Mouse club 1125 00:39:27,195 --> 00:39:29,741 for, like, kids of really geek parents. 1126 00:39:30,473 --> 00:39:32,306 No. No No. Club penguin is like, 1127 00:39:33,262 --> 00:39:33,762 firefly. 1128 00:39:34,298 --> 00:39:36,051 It got... It like, it was cut down 1129 00:39:36,051 --> 00:39:37,860 and it's Prime. It was too soon or 1130 00:39:39,897 --> 00:39:40,397 basically... 1131 00:39:40,856 --> 00:39:41,356 So 1132 00:39:42,054 --> 00:39:43,732 who's like a club penguin fan? I am 1133 00:39:43,732 --> 00:39:46,560 not. But from my understanding, Club Penguin 1134 00:39:46,932 --> 00:39:49,627 was acquired or was it originally Disney or 1135 00:39:49,627 --> 00:39:50,340 was it acquired? 1136 00:39:51,688 --> 00:39:53,923 I I don't... I never got. Down. I 1137 00:39:54,082 --> 00:39:55,909 I remember playing... Yeah. See It was originally 1138 00:39:55,909 --> 00:39:58,371 created by new Horizon Interactive, which disney later 1139 00:39:58,371 --> 00:40:00,992 like, virtual world. It's like world aircraft, but 1140 00:40:00,992 --> 00:40:03,085 not or but you're a lot about childhood. 1141 00:40:03,324 --> 00:40:05,085 Sure with people's... Yeah. Yeah. It was people's 1142 00:40:05,085 --> 00:40:07,244 word a warcraft or People's ruins scape or 1143 00:40:07,244 --> 00:40:09,804 whatever. Like, it was an Mmo from 2005 1144 00:40:09,804 --> 00:40:10,864 2018 1145 00:40:11,972 --> 00:40:14,436 you know, it I never was super it, 1146 00:40:14,595 --> 00:40:16,422 But the people who are into it as 1147 00:40:16,422 --> 00:40:18,807 you'd imagine, just like my little pony or 1148 00:40:18,807 --> 00:40:19,863 whatever, were 1149 00:40:20,175 --> 00:40:21,135 extremely into it. 1150 00:40:22,094 --> 00:40:24,414 To the point where they decided to... 1151 00:40:25,135 --> 00:40:27,295 They, you know, they have posted them to 1152 00:40:27,295 --> 00:40:29,701 4 and said, I no longer need these 1153 00:40:29,701 --> 00:40:32,985 smiley face, linking to a bunch of internal 1154 00:40:33,360 --> 00:40:36,781 documents that they packed from Disney's confluence server. 1155 00:40:38,151 --> 00:40:40,065 Oh, they got into Disney's confluence server. I 1156 00:40:40,065 --> 00:40:41,523 don't know, but I'm gonna go for 1157 00:40:42,219 --> 00:40:45,090 logs? Because it... What everything is. Is this 1158 00:40:45,090 --> 00:40:46,468 directly linked to the Disney 1159 00:40:47,179 --> 00:40:47,498 Slack. 1160 00:40:48,853 --> 00:40:51,643 Breach? Did You see that? Disney had their 1161 00:40:51,643 --> 00:40:54,113 tires black breach was huge. Disney had their 1162 00:40:54,113 --> 00:40:54,831 entire Slack, 1163 00:40:55,882 --> 00:40:57,398 A little bit. All of it all of. 1164 00:40:57,557 --> 00:41:00,189 Yeah. It doesn't say what... It just says 1165 00:41:00,189 --> 00:41:02,343 according to an anonymous source disease compliments were 1166 00:41:02,343 --> 00:41:04,416 breach using previously exposed credentials, which to me 1167 00:41:04,416 --> 00:41:05,110 means steele. 1168 00:41:05,469 --> 00:41:06,984 But it could also be related to the 1169 00:41:06,984 --> 00:41:07,702 previous breach. 1170 00:41:08,500 --> 00:41:10,813 And, yeah, it's basically internal documents about, you 1171 00:41:10,813 --> 00:41:13,205 know, how they... Where their at 3 buckets 1172 00:41:13,205 --> 00:41:15,061 are, all that good stuff. So 1173 00:41:15,373 --> 00:41:15,611 I mean, 1174 00:41:16,564 --> 00:41:18,868 honestly, the penguin. The real thing here is 1175 00:41:18,868 --> 00:41:21,092 that the Mmo lasted for 13 years. Like, 1176 00:41:21,251 --> 00:41:22,760 if you know Mmo, that's a long time 1177 00:41:22,760 --> 00:41:23,078 for an. 1178 00:41:23,729 --> 00:41:25,795 Oh, yeah. This a big deal. I mean, 1179 00:41:26,193 --> 00:41:28,418 I don't know. I mean justifies everything. Alright. 1180 00:41:28,657 --> 00:41:29,054 Thanks. Wade. 1181 00:41:30,008 --> 00:41:31,677 It's too much of a meme not to 1182 00:41:31,677 --> 00:41:33,362 talk about it, but, I mean, honestly, it's 1183 00:41:33,362 --> 00:41:34,794 kind of a non story. Like, basically, they 1184 00:41:34,794 --> 00:41:36,863 just leaked a bunch of documents and, like, 1185 00:41:37,261 --> 00:41:39,091 it's been shut down for, like, 5 years 1186 00:41:39,091 --> 00:41:40,340 so whatever. But honestly 1187 00:41:41,019 --> 00:41:42,700 I don't know. It's kinda funny. Just people... 1188 00:41:42,940 --> 00:41:43,920 Basically fans 1189 00:41:44,860 --> 00:41:45,660 fans are gonna fan. 1190 00:41:48,071 --> 00:41:50,298 Talk about for fan, you realize. 1191 00:41:51,412 --> 00:41:53,401 Yeah. Well, let's talk about 1192 00:41:53,958 --> 00:41:56,433 Fe. You know, dangerous topic, but it's been 1193 00:41:56,433 --> 00:41:58,258 a while. It's Ben a while since we 1194 00:41:58,258 --> 00:42:01,193 talked about fur here. So the heritage Foundation, 1195 00:42:01,590 --> 00:42:02,463 kind of a big deal. 1196 00:42:03,034 --> 00:42:05,734 I I mean, oh, they're they're kind of 1197 00:42:05,734 --> 00:42:07,084 well known. I mean, I don't wanna get 1198 00:42:07,084 --> 00:42:09,943 too political, but they are... The heritage Foundation 1199 00:42:09,943 --> 00:42:10,976 is a significant... 1200 00:42:11,388 --> 00:42:14,431 And notable right wing think tank that does 1201 00:42:14,647 --> 00:42:14,885 stuff. 1202 00:42:16,634 --> 00:42:17,110 Essentially, 1203 00:42:18,065 --> 00:42:18,565 hackers 1204 00:42:19,592 --> 00:42:22,461 specifically Gay furry hackers. Self described. I didn't 1205 00:42:22,461 --> 00:42:22,940 make that up. 1206 00:42:25,331 --> 00:42:26,846 Kind... They released some data, 1207 00:42:27,739 --> 00:42:28,719 and then they also 1208 00:42:29,099 --> 00:42:31,099 kind of... There was an exchange back and 1209 00:42:31,099 --> 00:42:33,179 forth between a couple of the high profile 1210 00:42:33,179 --> 00:42:34,139 people on both sides. 1211 00:42:35,755 --> 00:42:36,255 And 1212 00:42:36,954 --> 00:42:37,514 I guess, like, 1213 00:42:38,714 --> 00:42:40,474 this... They've hit... They were also... Cg tech 1214 00:42:40,474 --> 00:42:42,234 was the same that was going after, 1215 00:42:43,289 --> 00:42:45,068 they're they were going after the 1216 00:42:46,007 --> 00:42:48,324 Idaho National lab to get to convince them 1217 00:42:48,324 --> 00:42:50,642 to make cat human hybrids or... Yeah. That 1218 00:42:50,642 --> 00:42:53,793 was a lab demanding app demanding didn't really 1219 00:42:54,169 --> 00:42:57,057 the credibility too well now. As as the. 1220 00:42:57,513 --> 00:42:59,765 Yeah. That's just stop seeker. They didn't tell 1221 00:42:59,902 --> 00:43:02,309 the that ability was the goal. No. The 1222 00:43:02,309 --> 00:43:03,530 it this is totally. 1223 00:43:03,909 --> 00:43:05,609 This is the definition of chaotic 1224 00:43:06,389 --> 00:43:07,609 neutral. It is just 1225 00:43:07,909 --> 00:43:10,389 we have our specific thing that we care 1226 00:43:10,389 --> 00:43:12,722 about. We're gonna push that agenda forward in 1227 00:43:12,722 --> 00:43:14,001 the public eye through hacking, 1228 00:43:14,640 --> 00:43:17,037 activism. Right? They don't like the heritage foundation. 1229 00:43:17,357 --> 00:43:19,195 They don't like the whole project 20 25 1230 00:43:19,195 --> 00:43:22,791 thing. Man So they're not on board. You're 1231 00:43:22,791 --> 00:43:25,018 saying gay furry hackers are not on board 1232 00:43:25,018 --> 00:43:27,562 with the heritage Foundation. Who would have thought? 1233 00:43:28,039 --> 00:43:29,073 Who would thought? Not? 1234 00:43:29,884 --> 00:43:32,118 Who would have thought. But so they hacked 1235 00:43:32,118 --> 00:43:33,177 them and 1236 00:43:33,634 --> 00:43:34,134 they 1237 00:43:34,512 --> 00:43:36,506 disclosed a bunch of data, And then they, 1238 00:43:36,666 --> 00:43:39,302 I guess really I thought it was all 1239 00:43:39,302 --> 00:43:42,159 the data. Like, IIII think they they they 1240 00:43:42,159 --> 00:43:43,667 got a yeah lots of data from their 1241 00:43:43,667 --> 00:43:45,571 heritage to correct. Well the data heritage? 1242 00:43:46,384 --> 00:43:48,860 Foundation claim that it was old data that 1243 00:43:48,860 --> 00:43:50,937 it wasn't current that it was something thrown. 1244 00:43:51,257 --> 00:43:53,749 Was relative. It's all. Yes. You're not sure 1245 00:43:53,749 --> 00:43:55,267 they claimed a lot of things. The question 1246 00:43:55,267 --> 00:43:57,984 is do you believe it? Yeah. Correct. I 1247 00:43:57,984 --> 00:43:59,742 mean, both sides in this case. 1 of 1248 00:43:59,742 --> 00:44:01,660 them is wearing a kangaroo costume and the 1249 00:44:01,660 --> 00:44:03,742 other 1 is... A right wing think tank. 1250 00:44:03,979 --> 00:44:06,675 So I mean, like, you choose who you 1251 00:44:06,675 --> 00:44:08,975 believe. I love. I'll love these types of 1252 00:44:08,975 --> 00:44:09,213 pipe, 1253 00:44:09,927 --> 00:44:11,775 just I I'm something reminded of the meme 1254 00:44:11,775 --> 00:44:13,609 of the guy with the 2 buttons. And 1255 00:44:13,609 --> 00:44:16,401 it's like, you know, during know wing think 1256 00:44:16,401 --> 00:44:18,474 tank, gay furry hackers, and it's you the 1257 00:44:18,474 --> 00:44:19,432 which 1. Yeah. Like, 1258 00:44:20,404 --> 00:44:21,920 pick you pick this. 1259 00:44:23,036 --> 00:44:24,631 You pick the side you support. 1260 00:44:25,668 --> 00:44:27,742 But I mean, I... All I gotta say 1261 00:44:27,742 --> 00:44:29,975 is, I wanna... From my Romeo and Juliet, 1262 00:44:30,308 --> 00:44:32,606 I'm gonna go to, like, Kat G, and 1263 00:44:32,685 --> 00:44:34,507 I wanna a Romeo on Juliet story. I 1264 00:44:34,507 --> 00:44:36,275 have a gay hacker, Mary 1265 00:44:36,726 --> 00:44:37,202 from harry. 1266 00:44:37,854 --> 00:44:38,014 Foundation. 1267 00:44:38,892 --> 00:44:42,567 That was great. Family it's support that's... And 1268 00:44:42,567 --> 00:44:44,325 no. What what would their family names be? 1269 00:44:44,659 --> 00:44:46,500 I don't know, but we've need this to 1270 00:44:46,500 --> 00:44:48,920 happen. This needs to be an Ai generated 1271 00:44:49,059 --> 00:44:51,239 script today. There are no winners 1272 00:44:51,619 --> 00:44:53,059 everyone's a winner in this article. I would 1273 00:44:53,059 --> 00:44:54,914 say everyone's a winner in this case. You 1274 00:44:54,914 --> 00:44:55,713 have not. 1275 00:44:56,672 --> 00:44:58,589 I will say the 1 the 1 kind 1276 00:44:58,589 --> 00:45:00,347 of, like thing, a little bit of sub 1277 00:45:00,347 --> 00:45:02,025 that I'm gonna point out without trying to 1278 00:45:02,025 --> 00:45:02,505 get political. 1279 00:45:03,079 --> 00:45:06,032 So on the the main guy of the 1280 00:45:06,032 --> 00:45:08,665 heritage foundation was he like Mike Howell or 1281 00:45:08,665 --> 00:45:11,392 something. If you go to... He which There 1282 00:45:11,392 --> 00:45:13,956 was a very public and very nasty exchange 1283 00:45:14,012 --> 00:45:16,972 between siege second Him posted to Twitter. But 1284 00:45:17,028 --> 00:45:18,139 the funny thing is if you go to 1285 00:45:18,139 --> 00:45:21,017 his page on the Heritage Foundation, the article, 1286 00:45:21,575 --> 00:45:23,410 the the last article he wrote for the 1287 00:45:23,410 --> 00:45:26,282 heritage foundation was how do we d disarm 1288 00:45:26,282 --> 00:45:27,000 the Fbi? 1289 00:45:27,493 --> 00:45:28,845 And now he's gonna have to go to 1290 00:45:28,845 --> 00:45:30,993 the Fbi say, Could you catch these day 1291 00:45:30,993 --> 00:45:31,630 furry hackers? 1292 00:45:32,345 --> 00:45:34,667 I... That's gonna be an awkward meeting. Guys, 1293 00:45:34,827 --> 00:45:36,498 we really need your help with this. Ball. 1294 00:45:36,657 --> 00:45:38,010 The the guy that wants to def fund 1295 00:45:38,010 --> 00:45:38,726 us right? 1296 00:45:41,273 --> 00:45:43,343 Yeah. So go with your pro. Coming to 1297 00:45:43,422 --> 00:45:45,983 Netflix. Soon. I yeah. I I don't know. 1298 00:45:46,222 --> 00:45:48,052 I'm just throwing that kind of subject out 1299 00:45:48,052 --> 00:45:49,802 at least. Laugh at the absurdity of this, 1300 00:45:49,881 --> 00:45:51,648 like, all of the horrible shifts that's happened 1301 00:45:51,648 --> 00:45:53,482 over the past 48 hours. Like, can we 1302 00:45:53,482 --> 00:45:55,636 all, like, come together and be, like, this 1303 00:45:55,636 --> 00:45:57,651 is funny. Yeah. I'm so 1304 00:45:58,667 --> 00:46:01,391 political sides? Like, all the way. Correct. Yes. 1305 00:46:01,788 --> 00:46:02,526 I mean, hack... 1306 00:46:03,851 --> 00:46:05,596 Why does the story just put a vision 1307 00:46:05,596 --> 00:46:07,341 of, like a Benny Hill skit? 1308 00:46:08,470 --> 00:46:10,550 Can seconds running and you see the fur 1309 00:46:10,550 --> 00:46:12,710 running 1 way leonard its foundation running the 1310 00:46:12,710 --> 00:46:12,950 other? 1311 00:46:13,910 --> 00:46:15,829 All I gotta say is berries are clearly 1312 00:46:15,829 --> 00:46:17,997 up. There with, like, Apt t's for being 1313 00:46:17,997 --> 00:46:20,648 insanely good hackers because they've taken down some 1314 00:46:20,866 --> 00:46:22,699 big targets. Do you think they hack in 1315 00:46:22,699 --> 00:46:25,263 in full gear? I hope they do, like, 1316 00:46:25,343 --> 00:46:27,971 big keyboards too Big If if they don't, 1317 00:46:28,210 --> 00:46:30,122 I would be so disappointed. I want them 1318 00:46:30,122 --> 00:46:32,273 to have furry suits for their computers as 1319 00:46:32,273 --> 00:46:32,512 well. 1320 00:46:33,325 --> 00:46:35,244 Like, yeah. This... I've been... I've been trying 1321 00:46:35,244 --> 00:46:37,485 to think about commercials for Black Hills information 1322 00:46:37,485 --> 00:46:39,085 security, and this might be 1 that we've 1323 00:46:39,085 --> 00:46:41,500 got a workshop where It's like, we just 1324 00:46:41,500 --> 00:46:43,420 have a furry hacker hacking away with a 1325 00:46:43,420 --> 00:46:46,219 hoodie and he's, like, AAAAA 1326 00:46:46,219 --> 00:46:47,099 box or something. 1327 00:46:47,579 --> 00:46:49,420 And we already have that with Beverages? Was 1328 00:46:49,420 --> 00:46:51,989 the fries say? I own your data. Bro 1329 00:46:51,989 --> 00:46:53,583 so, I don't know. I'm just workshop and 1330 00:46:53,663 --> 00:46:56,054 Folks work with me here. The ironic part 1331 00:46:56,054 --> 00:46:57,967 is though that, like, I would never pitch 1332 00:46:57,967 --> 00:46:58,605 this to our customer. 1333 00:46:59,259 --> 00:47:01,677 Because our customers would never get targeted by 1334 00:47:02,535 --> 00:47:03,035 activists. 1335 00:47:04,133 --> 00:47:06,371 Oh, I think but some of them would. 1336 00:47:06,690 --> 00:47:08,061 I don't know. I guess it's It is... 1337 00:47:08,220 --> 00:47:09,570 It's easy to end up on the other 1338 00:47:09,570 --> 00:47:11,000 side of the 8 ball. Right? It's easy 1339 00:47:11,000 --> 00:47:13,621 to be... Yeah. Like, if someone gets upset 1340 00:47:13,621 --> 00:47:15,686 about some on state files Nixon and you 1341 00:47:15,686 --> 00:47:17,449 know, furry hackers are coming off. To you. 1342 00:47:17,688 --> 00:47:19,997 Right? Like 1 bird. Oh, white cyber duck, 1343 00:47:20,157 --> 00:47:21,670 I think has the best comment right now. 1344 00:47:21,988 --> 00:47:23,820 They talked to the Fbi agent who agrees 1345 00:47:23,820 --> 00:47:25,572 to help them as the Fbi agent walks 1346 00:47:25,572 --> 00:47:27,501 away the heritage foundation Man sees the tail 1347 00:47:27,501 --> 00:47:28,160 of the. 1348 00:47:33,642 --> 00:47:35,955 Oh, like, what of those... If you know. 1349 00:47:36,685 --> 00:47:39,302 You know, commercial. Right? I then there's just 1350 00:47:39,302 --> 00:47:42,949 this sinking feeling of, like, UUI 1351 00:47:42,949 --> 00:47:44,952 think we're in trouble in this 1. I 1352 00:47:44,952 --> 00:47:46,547 don't think we're gonna get top notch federal 1353 00:47:46,547 --> 00:47:49,260 government assistance in this breach. Yeah. First it's 1354 00:47:49,260 --> 00:47:51,095 do give you plus 5 hacking, but... Okay. 1355 00:47:51,255 --> 00:47:53,017 It's Go ahead, 1. So we wanna go 1356 00:47:53,017 --> 00:47:54,128 to the the next, 1357 00:47:55,399 --> 00:47:57,328 hard to believe thing where we've got 1358 00:47:57,702 --> 00:48:00,163 Japan finally giving up floppy disks. 1359 00:48:00,894 --> 00:48:02,335 And Germany, Japan? 1360 00:48:02,974 --> 00:48:04,994 Was Germany. Yeah. And 1361 00:48:05,375 --> 00:48:05,775 Germany... 1362 00:48:07,934 --> 00:48:08,494 As well. 1363 00:48:09,629 --> 00:48:11,146 Well, I know for a fact that, like, 1364 00:48:11,306 --> 00:48:13,380 the, I I know that also all the 1365 00:48:13,380 --> 00:48:15,057 bunker and John strands and neck of the 1366 00:48:15,057 --> 00:48:16,972 woods are all running on flop. We gotta 1367 00:48:16,972 --> 00:48:17,770 call something. 1368 00:48:18,424 --> 00:48:20,579 Yeah. Minute men are all run on floppy 1369 00:48:20,579 --> 00:48:22,894 discs. I mean, what's wrong with... What's wrong 1370 00:48:22,894 --> 00:48:25,050 with the floppy disc? So this shows you 1371 00:48:25,050 --> 00:48:27,285 just how far behind these tech like, 1372 00:48:27,935 --> 00:48:30,154 I remember, like, whenever I first went into 1373 00:48:30,154 --> 00:48:32,452 a, like, cleared space, and they're like, yeah, 1374 00:48:32,610 --> 00:48:34,353 Those were a bunch of Spark 8 systems. 1375 00:48:34,923 --> 00:48:36,673 And I was like, good god. And they're 1376 00:48:36,673 --> 00:48:38,662 like, oh, no. We have way older shit 1377 00:48:38,662 --> 00:48:40,810 than that. And I'm like, what. And that 1378 00:48:40,810 --> 00:48:44,009 isn't just Dod, like banks and like, The 1379 00:48:44,009 --> 00:48:46,806 amount of, like, legacy crazy technology that's out 1380 00:48:46,806 --> 00:48:49,283 there is pretty frightening, But I will tell 1381 00:48:49,283 --> 00:48:50,641 you if you have a bunch of your 1382 00:48:50,641 --> 00:48:52,240 systems are running on floppy disks, 1383 00:48:52,891 --> 00:48:55,114 I can guarantee you that the gay furry 1384 00:48:55,114 --> 00:48:57,202 hackers will be horribly confused 1385 00:48:57,814 --> 00:49:00,298 about how that's things breach off 1386 00:49:00,689 --> 00:49:03,004 It's a genuine problem they have when they 1387 00:49:03,004 --> 00:49:04,920 replace this kind of old stuff is, like, 1388 00:49:05,239 --> 00:49:06,995 you have to replace it with modern tech 1389 00:49:06,995 --> 00:49:08,672 and modern tech is a lot easier to 1390 00:49:08,672 --> 00:49:09,310 hack. Like, 1391 00:49:10,285 --> 00:49:11,644 or are not easier to hack but at 1392 00:49:11,644 --> 00:49:13,565 least. Yeah. Well, it's well known. 1393 00:49:14,364 --> 00:49:16,684 Like, this, you know, talking about something like 1394 00:49:16,684 --> 00:49:18,451 this. Right? Now they have to build an 1395 00:49:18,451 --> 00:49:19,960 emulator that emulate a floppy disk. 1396 00:49:21,152 --> 00:49:23,296 Now there's could be vulnerabilities in the emulator 1397 00:49:23,296 --> 00:49:25,520 whereas, like, a piece of spinning magnet, like, 1398 00:49:26,170 --> 00:49:28,787 doesn't really have any vulnerabilities. So Mh. I 1399 00:49:28,787 --> 00:49:30,929 don't know. It's kind of interesting to think 1400 00:49:30,929 --> 00:49:32,302 about all the different 1401 00:49:32,929 --> 00:49:35,349 you know, flop What's? What's more sensitive? 1402 00:49:35,969 --> 00:49:38,529 A Cd or Dvd or a Usb drive 1403 00:49:38,529 --> 00:49:40,769 versus a floppy disc. Like, I'm thinking physical 1404 00:49:40,769 --> 00:49:42,862 media, what Oh, the floppy disc, it would 1405 00:49:42,862 --> 00:49:45,019 take people a week or 2 to get 1406 00:49:45,019 --> 00:49:47,097 a drive that could read it. Right? Like, 1407 00:49:47,336 --> 00:49:49,908 so Mh. Cases security through security at least. 1408 00:49:50,148 --> 00:49:52,704 In this. Yeah. Yeah. They probably have rotary 1409 00:49:52,704 --> 00:49:55,181 phones too. Oh, was out years ago. A 1410 00:49:55,181 --> 00:49:57,112 couple years ago I was at... Con and 1411 00:49:57,112 --> 00:49:59,209 1 of the vendors was giving out 1412 00:49:59,666 --> 00:50:02,162 3 and a half inch floppy disks as 1413 00:50:02,540 --> 00:50:04,535 something for for people to go in in 1414 00:50:04,535 --> 00:50:07,182 half. Was there area real life save buttons? 1415 00:50:07,661 --> 00:50:08,538 That would be awesome. 1416 00:50:09,016 --> 00:50:11,329 That would be awesome because nearly it's been 1417 00:50:11,329 --> 00:50:12,286 the commander team. 1418 00:50:13,402 --> 00:50:13,641 So... 1419 00:50:14,612 --> 00:50:16,443 Man. Yeah. I mean, 1420 00:50:17,000 --> 00:50:18,751 I don't know. I I guess, while we're 1421 00:50:18,751 --> 00:50:21,219 talking government stuff, should we talk about Nsa 1422 00:50:21,219 --> 00:50:21,697 data leak? 1423 00:50:22,269 --> 00:50:24,607 The Disney the Disney 1 is cold. The 1424 00:50:24,666 --> 00:50:25,385 is good. I want... 1425 00:50:26,104 --> 00:50:28,181 Did you look that up at all? What's 1426 00:50:28,181 --> 00:50:30,584 not just slack? No. Yeah. This... You want 1427 00:50:30,584 --> 00:50:33,601 you're prioritizing that over Nsa. We talk about 1428 00:50:33,601 --> 00:50:36,221 nsa every other week. It says massive though. 1429 00:50:36,617 --> 00:50:38,705 It's... It it is funny it says. I 1430 00:50:38,705 --> 00:50:41,178 through the. Through the. Well, it says massive, 1431 00:50:41,338 --> 00:50:43,172 but it says 1.4 gigs. Like I'm like, 1432 00:50:43,411 --> 00:50:45,497 massive in the floppy disk now. That's yeah. 1433 00:50:45,735 --> 00:50:48,599 Not a lot floppy. That's like massive as 1434 00:50:48,599 --> 00:50:50,292 in what? Like, is it really heavy 1435 00:50:50,826 --> 00:50:52,576 6 200 and press enter to continue. 1436 00:50:53,385 --> 00:50:53,624 Yeah. 1437 00:50:54,418 --> 00:50:56,563 Yeah. I mean, I guess my... The reason 1438 00:50:56,643 --> 00:50:58,175 I bring it up because I'm curious 1439 00:50:59,106 --> 00:51:01,903 is, like... Is this another in regard? Is 1440 00:51:01,903 --> 00:51:03,039 this actual 1441 00:51:03,812 --> 00:51:06,039 Nsa data? Is this a third party? I 1442 00:51:06,198 --> 00:51:08,107 I mean, does anyone know anything else about 1443 00:51:08,107 --> 00:51:09,713 this? Because seems kind of like a bold 1444 00:51:09,713 --> 00:51:11,224 claim, but then it turns out it's just 1445 00:51:11,224 --> 00:51:13,054 a Csv with, like, nothing in it. So... 1446 00:51:13,371 --> 00:51:15,440 Yeah. I don't know. So what it seems 1447 00:51:15,440 --> 00:51:17,683 like. Looks like a database. Seems It also 1448 00:51:17,683 --> 00:51:19,437 looks like it's third a third party breach. 1449 00:51:19,676 --> 00:51:20,415 Full the, 1450 00:51:21,589 --> 00:51:23,423 numbers, There's like, a lot of things that 1451 00:51:23,423 --> 00:51:25,257 come out with the Nsa stuff. It's like... 1452 00:51:26,068 --> 00:51:28,608 It says on it. Yeah. Yeah. Yeah. It 1453 00:51:28,608 --> 00:51:30,353 just says Nsa on it. And it's like, 1454 00:51:30,829 --> 00:51:30,987 okay. 1455 00:51:31,781 --> 00:51:33,550 It's the first thing that all the Gay 1456 00:51:33,685 --> 00:51:36,409 control f. When they get in. Yeah. Nsa. 1457 00:51:38,085 --> 00:51:39,203 Secret top secret. 1458 00:51:40,081 --> 00:51:42,530 Let's Google what Acuity Inc does. Let's let's 1459 00:51:42,728 --> 00:51:43,862 let's see. They probably 1460 00:51:44,947 --> 00:51:45,447 technology 1461 00:51:45,899 --> 00:51:48,515 consulting. So I mean, this... Rough poof. 1462 00:51:49,308 --> 00:51:51,469 Not anymore. Yeah know. I I do... They 1463 00:51:51,469 --> 00:51:53,780 probably set up a snowflake cluster for the 1464 00:51:53,780 --> 00:51:53,939 nsa. 1465 00:51:55,931 --> 00:51:57,525 It does seem like a lot of operation 1466 00:51:57,525 --> 00:51:59,516 names are being red redacted in this too 1467 00:51:59,516 --> 00:52:01,598 because if you look at the the the 1468 00:52:01,598 --> 00:52:03,346 data set. What 1 of the things they 1469 00:52:03,346 --> 00:52:05,514 have un redacted is this like 1470 00:52:05,888 --> 00:52:09,400 tick mark Doj slash opt at And then 1471 00:52:09,400 --> 00:52:11,070 the next thing that's red redacted is an 1472 00:52:11,070 --> 00:52:14,093 n tick mark and then red redacted itself. 1473 00:52:14,570 --> 00:52:16,081 So Yeah. There are probably a lot of, 1474 00:52:16,161 --> 00:52:19,223 you know, operational names, some names that are 1475 00:52:19,281 --> 00:52:21,113 being... That are in here. So when they 1476 00:52:21,113 --> 00:52:22,171 say, you know, classified 1477 00:52:23,184 --> 00:52:25,972 data, and it's a Csv, they may have. 1478 00:52:26,610 --> 00:52:29,411 Names you know, information on there for. Yeah. 1479 00:52:29,808 --> 00:52:31,718 It could definitely be in the part that 1480 00:52:31,718 --> 00:52:33,867 for social engineering. Like, you know, you just 1481 00:52:33,867 --> 00:52:35,398 call up although, I feel like calling up 1482 00:52:35,398 --> 00:52:37,395 an Agent being, like, hi. This is The 1483 00:52:37,635 --> 00:52:39,813 Nsa It help desk, I would need to 1484 00:52:39,871 --> 00:52:40,830 reset your password. 1485 00:52:41,883 --> 00:52:43,635 I can tell by all those by all 1486 00:52:43,635 --> 00:52:45,569 those domains. Those are all executive branches 1487 00:52:46,184 --> 00:52:48,335 under the civil executive brand that's outside. True. 1488 00:52:51,469 --> 00:52:52,349 It's getting scary. 1489 00:52:53,070 --> 00:52:54,590 Getting scared. The other fun did to the 1490 00:52:54,590 --> 00:52:55,550 data there. If you take a look. You 1491 00:52:55,550 --> 00:52:57,070 know, just that that those are all copy 1492 00:52:57,070 --> 00:52:57,869 record from Dev. 1493 00:52:58,682 --> 00:53:00,378 Was it o 08:30 16 1494 00:53:00,915 --> 00:53:02,988 dot sql? That that just tells me there's 1495 00:53:02,988 --> 00:53:05,300 some very interesting practices going on there, if 1496 00:53:05,300 --> 00:53:06,416 that's the name of the script file. 1497 00:53:07,466 --> 00:53:09,453 Yeah. That this actually is a build file. 1498 00:53:09,612 --> 00:53:11,519 Isn't it? Like, it's got insert 1499 00:53:11,996 --> 00:53:12,632 into statements? 1500 00:53:13,268 --> 00:53:14,063 Looks like a like... 1501 00:53:14,873 --> 00:53:17,425 Like, know record or a transaction log actually. 1502 00:53:18,542 --> 00:53:19,978 Yeah. It could be a transaction line 1503 00:53:20,775 --> 00:53:22,689 Insert. Yeah. Role. Looks like it's all it's 1504 00:53:22,689 --> 00:53:24,539 a series of 1 line inserts that coming 1505 00:53:24,539 --> 00:53:26,617 off of this sequel file they're referencing there, 1506 00:53:26,777 --> 00:53:28,055 which it looks like it's a dated instance. 1507 00:53:28,215 --> 00:53:29,973 So this looks like the sort I I've 1508 00:53:29,973 --> 00:53:32,211 seen this on on in professionally before where 1509 00:53:32,211 --> 00:53:33,583 you've got the thing that was coming pack 1510 00:53:33,583 --> 00:53:35,655 together to deal with the incident on XYZ 1511 00:53:35,655 --> 00:53:35,814 date. 1512 00:53:36,531 --> 00:53:38,603 And like, that then somehow becomes your main 1513 00:53:38,603 --> 00:53:40,356 production thing. Which it. This looks like that. 1514 00:53:40,689 --> 00:53:42,434 Is this this reminds me just how much 1515 00:53:42,593 --> 00:53:43,466 I hate, like, 1516 00:53:44,101 --> 00:53:46,878 sequel build statements that do, like, we're gonna 1517 00:53:46,878 --> 00:53:50,072 insert into, which table name, column column column, 1518 00:53:50,231 --> 00:53:52,061 column values, and you gotta get them lined 1519 00:53:52,061 --> 00:53:53,970 up just right? Oh, I hate that so 1520 00:53:53,970 --> 00:53:54,129 much. 1521 00:53:55,259 --> 00:53:55,418 So... 1522 00:53:57,015 --> 00:53:59,330 Alright. Yeah. Wait action long. Take us into 1523 00:53:59,490 --> 00:54:01,485 Disney. Take. Take us... Are we going straight. 1524 00:54:01,725 --> 00:54:03,641 Let's get sued by a mouse. Let's get 1525 00:54:03,641 --> 00:54:04,280 sued by a mouse. 1526 00:54:04,931 --> 00:54:07,653 Okay. So, group called No budge 1527 00:54:08,265 --> 00:54:11,463 published on Friday that they got 1.1 terabytes. 1528 00:54:12,329 --> 00:54:14,966 Of Disney Slack, internal archive of Disney. 1529 00:54:15,605 --> 00:54:17,682 Floppy disks. Oh my god. You use this. 1530 00:54:18,402 --> 00:54:20,572 They actually had to buy every floppy in 1531 00:54:20,572 --> 00:54:21,367 the United States. 1532 00:54:22,481 --> 00:54:24,390 Us fall and Canada. Yeah. 1533 00:54:25,345 --> 00:54:26,164 Head Canada. 1534 00:54:26,539 --> 00:54:29,413 So so 10000 messages Right? The normal stuff, 1535 00:54:29,572 --> 00:54:32,271 it has images, login credentials, links to internal 1536 00:54:32,271 --> 00:54:33,541 websites. So would have to be more than 1537 00:54:33,541 --> 00:54:34,890 10001 1538 00:54:34,890 --> 00:54:35,842 sure. I'm sure it was. 1539 00:54:36,414 --> 00:54:37,927 Right? I the... There's a couple of things 1540 00:54:37,927 --> 00:54:39,202 if you scroll all the way to the 1541 00:54:39,202 --> 00:54:41,592 bottom, the second paragraph, which I find pretty 1542 00:54:41,592 --> 00:54:43,344 funny that you don't see a lot of 1543 00:54:43,344 --> 00:54:45,256 people doing is No no bulge. 1544 00:54:45,909 --> 00:54:48,329 Also posted what appears to be a detailed 1545 00:54:48,549 --> 00:54:51,349 information about the individual who is seemingly providing 1546 00:54:51,349 --> 00:54:51,849 the 1547 00:54:52,710 --> 00:54:53,670 identity of that person. 1548 00:54:54,962 --> 00:54:57,775 The they also leaked medical records, personal 1549 00:54:58,392 --> 00:55:02,319 identification, and 1 pass passwords manager. Yeah. They 1550 00:55:02,319 --> 00:55:03,940 completely docs the completely 1551 00:55:04,239 --> 00:55:06,559 did everything. Yeah. So they had an internal 1552 00:55:06,559 --> 00:55:08,880 source, then the internal store stopped listening to 1553 00:55:08,880 --> 00:55:10,239 them. Got. And then they just... 1554 00:55:10,973 --> 00:55:13,447 Completely docs them? So so what what do 1555 00:55:13,447 --> 00:55:15,282 they have on that internal source? Right? What 1556 00:55:15,282 --> 00:55:16,957 did they get paid it off? Did they 1557 00:55:16,957 --> 00:55:18,963 get blackmail or ever is my first. They 1558 00:55:18,963 --> 00:55:21,111 literally just did this in retaliation from front 1559 00:55:21,111 --> 00:55:23,259 them off. The the second thing I'm thinking 1560 00:55:23,259 --> 00:55:25,896 about is why like, ever I forget who 1561 00:55:25,896 --> 00:55:27,349 it was. I think it was either Uber 1562 00:55:27,404 --> 00:55:29,888 or is it was someone that lapses hacked 1563 00:55:30,261 --> 00:55:32,007 that they got into Slack and then they 1564 00:55:32,007 --> 00:55:34,169 just searched Slack for password. And then boom 1565 00:55:34,249 --> 00:55:36,965 Yeah. Passwords. Right? This is 1 reason why 1566 00:55:36,965 --> 00:55:39,282 any dev... Any type of dev tickets or 1567 00:55:39,282 --> 00:55:41,453 stuff like that super super regular that if 1568 00:55:41,453 --> 00:55:43,447 something incident or some type of dev ticket 1569 00:55:43,447 --> 00:55:46,478 happens, a Slack channel gets automatically made, and 1570 00:55:46,478 --> 00:55:48,393 then the right people get added. Right? And 1571 00:55:48,393 --> 00:55:50,546 then it's open for anyone to join and 1572 00:55:50,546 --> 00:55:53,025 search. So this is why you make those 1573 00:55:53,025 --> 00:55:55,407 channels completely private to only the people who 1574 00:55:55,407 --> 00:55:56,201 are in that channel. 1575 00:55:56,915 --> 00:55:58,900 Or in that lockdown down, like, no 1 1576 00:55:58,900 --> 00:56:01,460 should be hard exchange. Credential. Don't exchange. Yeah. 1577 00:56:01,698 --> 00:56:03,371 But that's not gonna not happen. Right? You 1578 00:56:03,371 --> 00:56:05,203 gotta you gotta just predict to, like, the 1579 00:56:05,203 --> 00:56:08,629 lowest. You're saying just app. Just to right. 1580 00:56:08,788 --> 00:56:10,075 I don't wanna hear that Right. 1581 00:56:11,184 --> 00:56:12,848 The... What I'm kind of interested in to 1582 00:56:12,848 --> 00:56:14,275 tell you the truth is I'm sure there's 1583 00:56:14,275 --> 00:56:15,329 some, like juicy 1584 00:56:15,780 --> 00:56:18,585 executive talk. Or like movie talk and stuff 1585 00:56:18,585 --> 00:56:20,264 like that because if you remember when Sony 1586 00:56:20,264 --> 00:56:20,664 got hacked. 1587 00:56:21,224 --> 00:56:21,784 Right? Like, 1588 00:56:22,505 --> 00:56:24,359 they... And they released the emails of all 1589 00:56:24,359 --> 00:56:27,076 the executives just talking crap about certain movie 1590 00:56:27,076 --> 00:56:29,174 stars and stuff like that. That would pretty. 1591 00:56:29,473 --> 00:56:31,391 Right. Right. So I'm sure there's some of 1592 00:56:31,391 --> 00:56:33,562 that in here. Like, at or at least, 1593 00:56:33,721 --> 00:56:35,475 maybe the executives learned and have moved to 1594 00:56:35,475 --> 00:56:36,432 signal. But 1595 00:56:37,230 --> 00:56:38,904 do you think they have, like, a mouse 1596 00:56:38,904 --> 00:56:40,977 counteract team? Do they do they have, like, 1597 00:56:41,057 --> 00:56:43,858 a counteract? Team, Like, with Disney... Like, of 1598 00:56:43,858 --> 00:56:45,925 capital crew I would tell you... I I 1599 00:56:45,925 --> 00:56:47,119 don't know if it's like that today, but 1600 00:56:47,278 --> 00:56:49,042 I've had friends that have worked there. And 1601 00:56:49,042 --> 00:56:51,742 those conversations have come up like cyber deception 1602 00:56:51,742 --> 00:56:53,806 and all of this stuff. But I don't 1603 00:56:53,806 --> 00:56:55,473 know if anything ever came of it. It's 1604 00:56:55,473 --> 00:56:57,617 like a lot of things like, when doing 1605 00:56:57,617 --> 00:56:59,459 stuff... Communicating with Disney over the years. There's 1606 00:56:59,459 --> 00:57:00,572 a lot of hurry up and wait. 1607 00:57:01,207 --> 00:57:01,605 And 1608 00:57:02,320 --> 00:57:04,068 I have no idea if they've actually stand 1609 00:57:04,068 --> 00:57:06,158 up. It stood up, like, a deception counter 1610 00:57:06,214 --> 00:57:08,381 team at all. I'd imagine like Disney teams 1611 00:57:08,381 --> 00:57:10,616 have really cool code names. Right. Oh they 1612 00:57:10,616 --> 00:57:12,133 do. They do it. Like, that's some the 1613 00:57:12,133 --> 00:57:13,590 best. Yeah. And 1614 00:57:14,447 --> 00:57:17,577 for. Yeah. Whatever. The the industrial as as 1615 00:57:17,577 --> 00:57:18,077 fan 1616 00:57:18,456 --> 00:57:20,773 that industrial is aspect. 1617 00:57:21,732 --> 00:57:21,972 Yeah. 1618 00:57:22,691 --> 00:57:22,931 That's... 1619 00:57:24,382 --> 00:57:24,701 Yeah. 1620 00:57:25,657 --> 00:57:27,809 Anyway. I mean, you're not wrong, But I 1621 00:57:27,809 --> 00:57:29,484 guess... Is it... It... Like, the question... Yeah. 1622 00:57:29,643 --> 00:57:31,317 Honestly, that's the biggest question I have is 1623 00:57:31,317 --> 00:57:31,715 why? 1624 00:57:32,447 --> 00:57:33,797 Why even go after all this? 1625 00:57:34,909 --> 00:57:36,338 Like, what is it... What is the angle? 1626 00:57:36,498 --> 00:57:38,086 Are they trying to get money for people 1627 00:57:38,086 --> 00:57:40,707 to buy like, oh, toy story 5 spoilers. 1628 00:57:40,945 --> 00:57:42,945 Oh, that's worth 10 bit bitcoin like... Alright. 1629 00:57:43,105 --> 00:57:44,614 So 1 of the the... 1 of the 1630 00:57:44,614 --> 00:57:46,202 paragraphs that Noel said, 1631 00:57:46,838 --> 00:57:49,879 site says that it is a active hack 1632 00:57:50,014 --> 00:57:53,952 group protecting artist. Right? Rights and ensuring fair 1633 00:57:54,169 --> 00:57:55,922 compensation for their work. The group claims it 1634 00:57:55,922 --> 00:57:58,233 only hacks targets that violate 1 of the 1635 00:57:58,233 --> 00:57:58,791 3 sins. 1636 00:57:59,364 --> 00:58:02,386 First, we do not condone any form of 1637 00:58:02,386 --> 00:58:05,409 promotion of cryptocurrencies or crypto related products or 1638 00:58:05,409 --> 00:58:05,807 services. 1639 00:58:06,459 --> 00:58:08,854 Second, we believe an Ai gender artwork harms 1640 00:58:08,854 --> 00:58:11,968 the creative industry and should be discouraged and 1641 00:58:11,968 --> 00:58:15,081 third, any set theft from patrons, other supportive 1642 00:58:15,081 --> 00:58:17,901 artist platforms, or artist in general. That's also 1643 00:58:18,035 --> 00:58:19,010 the weird hacker. 1644 00:58:19,461 --> 00:58:21,838 Right. Right like the art the arts are 1645 00:58:21,838 --> 00:58:24,235 getting in on this stuff. There's definitely some 1646 00:58:24,235 --> 00:58:26,090 overlap with the fur in here. I'm I'm. 1647 00:58:26,307 --> 00:58:27,980 They have a very good job. 1648 00:58:28,538 --> 00:58:31,180 Let's join Is a hacking group. These are 1649 00:58:31,180 --> 00:58:33,110 the people who are gonna hack the culinary 1650 00:58:33,246 --> 00:58:36,423 arts executive group, the the executive team from 1651 00:58:36,423 --> 00:58:38,194 that without you covered first 1652 00:58:41,448 --> 00:58:42,487 That's why It says I had to give 1653 00:58:42,487 --> 00:58:44,485 a pen test to the commission of fine 1654 00:58:44,485 --> 00:58:46,642 ben... I know No bulge is coming for 1655 00:58:46,642 --> 00:58:48,001 them. They're like, we gotta get on this. 1656 00:58:49,373 --> 00:58:51,123 I mean, this is crazy that this actually 1657 00:58:51,123 --> 00:58:52,077 does. You know how it's was saying, like, 1658 00:58:52,156 --> 00:58:53,508 not a lot of our customers could be 1659 00:58:53,508 --> 00:58:54,780 targeted by that kind of activist, 1660 00:58:55,257 --> 00:58:57,086 but this is, like, perfect proof that, like... 1661 00:58:57,500 --> 00:58:59,840 Activists. They can come up with some weird 1662 00:59:00,300 --> 00:59:02,780 justification for why they would, you know, go 1663 00:59:02,780 --> 00:59:04,860 after some. Yeah. Well, I think they can 1664 00:59:04,860 --> 00:59:06,953 always find that justification. I think you know, 1665 00:59:07,113 --> 00:59:08,628 and a lot of the hack groups that, 1666 00:59:08,708 --> 00:59:10,383 you know, worked with law enforcement over the 1667 00:59:10,383 --> 00:59:12,377 years to actually bring down. A lot of 1668 00:59:12,377 --> 00:59:15,328 them have these manifesto and these belief systems. 1669 00:59:15,488 --> 00:59:16,365 But at the end of the day, they're 1670 00:59:16,365 --> 00:59:18,688 just from the mole. And they're trying to 1671 00:59:18,688 --> 00:59:20,540 show at the end of the day. And 1672 00:59:20,597 --> 00:59:22,744 that's... Of not all of them, Not all 1673 00:59:22,744 --> 00:59:25,304 of them from the furry hackers. They're pretty 1674 00:59:25,304 --> 00:59:25,622 awesome. 1675 00:59:26,259 --> 00:59:26,759 But 1676 00:59:27,292 --> 00:59:28,883 but no, seriously, a lot of times they 1677 00:59:28,883 --> 00:59:30,394 come up with these big manifesto and they 1678 00:59:30,394 --> 00:59:32,317 come up with these big ideals, but they're 1679 00:59:32,317 --> 00:59:35,095 just trying to steal personally identifiable information for 1680 00:59:35,095 --> 00:59:37,953 fraud or trying to steal financial information, And 1681 00:59:37,953 --> 00:59:40,373 that's that's how most of them are. Some 1682 00:59:40,983 --> 00:59:42,726 just for fun, come work at a real 1683 00:59:42,726 --> 00:59:44,233 company. You can do the same thing and 1684 00:59:44,233 --> 00:59:44,733 not 1685 00:59:45,104 --> 00:59:47,418 understand. Like there's so many legit outlets. For 1686 00:59:47,418 --> 00:59:49,165 you to do this and get paid to 1687 00:59:49,165 --> 00:59:52,048 do it. Like, yeah. Like, I don't understand 1688 00:59:52,263 --> 00:59:54,328 being an Apt. We can protect... Like, you 1689 00:59:54,328 --> 00:59:55,598 can be on my team and I'll let 1690 00:59:55,598 --> 00:59:57,281 you be the guy who's super for focused 1691 00:59:57,281 --> 00:59:59,186 on trying to compromise companies who use Ai, 1692 00:59:59,345 --> 01:00:02,282 like, as what? That's every company. So... Yeah 1693 01:00:02,282 --> 01:00:03,076 goes. Yeah. 1694 01:00:03,631 --> 01:00:04,981 But not now. I mean, after you do 1695 01:00:04,981 --> 01:00:06,903 something like that. You're preclude from working at 1696 01:00:06,903 --> 01:00:08,596 people. Yeah. Have to be here on 1697 01:00:09,051 --> 01:00:11,460 they can't be convicted. Okay? You gotta be 1698 01:00:11,517 --> 01:00:14,594 notice John wanna, like, anchor the bur. Kinda 1699 01:00:14,793 --> 01:00:16,622 How no I don't wanna anger the fur? 1700 01:00:16,781 --> 01:00:18,371 Why would I want to do that by 1701 01:00:18,371 --> 01:00:20,677 is Okay. What what I'm worried about is? 1702 01:00:20,915 --> 01:00:22,824 Okay. So if all the fur in seed 1703 01:00:22,824 --> 01:00:24,749 second up getting caught? Do they... Does that 1704 01:00:24,749 --> 01:00:26,108 just mean the Internet? I down in the 1705 01:00:26,347 --> 01:00:28,105 Us? I was gonna say, look at speech 1706 01:00:28,105 --> 01:00:30,582 sex T and overlap them with an old 1707 01:00:30,582 --> 01:00:32,660 bulge T of Might be surprised? 1708 01:00:33,785 --> 01:00:36,321 Some Cci. Go better. You can go to 1709 01:00:36,321 --> 01:00:38,382 all those pen test reports from those legit 1710 01:00:38,382 --> 01:00:39,412 pen come... Testing. 1711 01:00:40,459 --> 01:00:42,537 And we can find out which firm at 1712 01:00:42,537 --> 01:00:46,693 that github repository is actually the the gay 1713 01:00:46,693 --> 01:00:49,190 or the K bottle. You imagine being contacted 1714 01:00:49,250 --> 01:00:51,025 by someone that says we ran an Ai 1715 01:00:51,025 --> 01:00:53,265 analysis on your report and you write reports 1716 01:00:53,265 --> 01:00:55,585 similar to seed sack. Well, 1717 01:00:56,224 --> 01:00:58,385 I'm gonna tell you. So years ago when 1718 01:00:58,385 --> 01:01:01,271 the... 1HB Gary hat happened, and it was 1719 01:01:01,271 --> 01:01:03,422 all released like, the step by step by 1720 01:01:03,422 --> 01:01:03,661 step. 1721 01:01:04,857 --> 01:01:06,530 I remember Had Scott has called me up, 1722 01:01:07,023 --> 01:01:08,775 And he's looking at the port numbers and 1723 01:01:08,775 --> 01:01:10,606 the commands that they used, and he's like, 1724 01:01:12,278 --> 01:01:14,826 these people clearly went through San 05:04 and 1725 01:01:14,826 --> 01:01:17,153 5. 6. Like... Yeah. Like, they're using port 1726 01:01:17,153 --> 01:01:18,110 2222. 1727 01:01:18,429 --> 01:01:20,663 They're doing... Like, it's literally step by step, 1728 01:01:20,822 --> 01:01:22,736 like, straight from the labs and we're like, 1729 01:01:22,816 --> 01:01:24,012 oh, jeez. Okay. 1730 01:01:24,731 --> 01:01:26,416 Yeah. That was that was a that was 1731 01:01:26,416 --> 01:01:26,973 a fun day. 1732 01:01:27,689 --> 01:01:29,757 Yeah. No. I mean, I've... Now that we 1733 01:01:29,757 --> 01:01:31,587 have, you know, doing some dark web stuff, 1734 01:01:31,746 --> 01:01:33,835 like, I search for V all the time. 1735 01:01:34,154 --> 01:01:35,590 And there's people all the time in chat 1736 01:01:35,590 --> 01:01:37,745 rooms being, like, you know, it's like, you 1737 01:01:37,745 --> 01:01:38,724 know, some 1738 01:01:39,181 --> 01:01:39,581 Apt, 1739 01:01:40,153 --> 01:01:41,981 fake Apt chat room and they're like, oh, 1740 01:01:42,140 --> 01:01:43,412 check out this training for how to do 1741 01:01:43,412 --> 01:01:45,161 this or like, 1 person was even like, 1742 01:01:45,399 --> 01:01:46,829 I think this ransom from our group took 1743 01:01:46,909 --> 01:01:48,598 Phi is trading for this. And 1744 01:01:50,276 --> 01:01:51,096 That's some. 1745 01:01:51,554 --> 01:01:51,714 Go. 1746 01:01:53,072 --> 01:01:55,883 Is that good?? Like is it's hey. What 1747 01:01:55,883 --> 01:01:57,798 you can. I mean, yeah. You know you've 1748 01:01:57,798 --> 01:01:59,554 made it when your when your training gets 1749 01:01:59,554 --> 01:02:01,548 leaked onto the dark web and people are 1750 01:02:01,548 --> 01:02:03,317 looking for it Right? That is fun. That 1751 01:02:03,317 --> 01:02:04,664 is fun. I had that happen to 1 1752 01:02:04,664 --> 01:02:06,250 of my classes and somebody called me out 1753 01:02:06,250 --> 01:02:07,835 on it. They were like, yeah. I totally 1754 01:02:07,835 --> 01:02:09,499 got your trading. It's all out here. All 1755 01:02:09,499 --> 01:02:11,582 the video. I'm like dude it's pay what 1756 01:02:11,582 --> 01:02:12,460 you can. Like, 1757 01:02:14,057 --> 01:02:17,090 official asshole are you till I think that, 1758 01:02:17,170 --> 01:02:18,527 you know, got John. 1759 01:02:19,819 --> 01:02:22,134 It's all free, man, like, you went through 1760 01:02:22,134 --> 01:02:23,970 way too many steps to actually make that 1761 01:02:23,970 --> 01:02:26,764 happen, But it did go it. Wade. It 1762 01:02:26,764 --> 01:02:28,600 did. Right. I've arrived. 1763 01:02:29,094 --> 01:02:31,732 So IIII recently found an article that clearly 1764 01:02:31,732 --> 01:02:33,570 pla 1 of my talks, and Like, I'm 1765 01:02:33,570 --> 01:02:34,469 not, like, this. 1766 01:02:34,849 --> 01:02:37,166 Right? On my finally. Not even mad finally. 1767 01:02:37,406 --> 01:02:38,445 Yep. Exactly. 1768 01:02:39,018 --> 01:02:41,007 I still feel bad, like, well, 1 last 1769 01:02:41,007 --> 01:02:42,678 thing before we, like, bring the Crooked finger 1770 01:02:42,678 --> 01:02:42,757 in. 1771 01:02:43,553 --> 01:02:45,861 There was a guy in San reading room 1772 01:02:45,861 --> 01:02:47,293 that did a full write up of the 1773 01:02:47,373 --> 01:02:50,416 Dan convince. Dns attack, and he did a 1774 01:02:50,416 --> 01:02:52,671 full write up in his entire gold paper 1775 01:02:52,809 --> 01:02:55,121 was how to exactly do the Dan Ka, 1776 01:02:55,360 --> 01:02:58,399 Dns cash poisoning attack, step by step by 1777 01:02:58,399 --> 01:03:00,645 step, and he was, like, 2 years 1778 01:03:01,018 --> 01:03:03,399 before Dan Ka ever released it. And I 1779 01:03:03,399 --> 01:03:04,987 felt bad for that guy because, like, Dan 1780 01:03:05,066 --> 01:03:07,388 Ka got, like, crazy Matt props, 1781 01:03:08,185 --> 01:03:10,177 you know, black hat talks. It was a 1782 01:03:10,177 --> 01:03:11,451 national news. Like this just guy, you can 1783 01:03:11,451 --> 01:03:13,522 take over the internet. And some poor guy 1784 01:03:13,522 --> 01:03:15,688 for his, like, g gold paper came up 1785 01:03:15,688 --> 01:03:16,960 with. Was like I'll just sit over here 1786 01:03:16,960 --> 01:03:19,505 and my dying hole. No 1 recognizes me 1787 01:03:19,505 --> 01:03:21,972 as a security researcher, but that was pretty 1788 01:03:21,972 --> 01:03:22,051 cool. 1789 01:03:22,860 --> 01:03:24,527 Alright. So with that, let's bring out the 1790 01:03:24,606 --> 01:03:25,797 Crooked finger everybody. 1791 01:03:26,590 --> 01:03:27,725 Bye haven't