Talkin' Bout [Infosec] News | US Defense Chief Uploads Secret Into to ChatGTP

Join us LIVE on Mondays, 4:30pm EST.
A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
https://www.youtube.com/@BlackHillsInformationSecurity

Chat with us on Discord! -
https://discord.gg/bhis
🔴live-chat

This episode breaks down recent reports of sensitive information being shared with AI tools and what that means for security and operations. The discussion covers OPSEC failures, common misuse of ChatGPT in professional environments, how data actually flows through AI systems, and what organizations should (and shouldn’t) worry about. The hosts focus on practical risk, realistic threat models, and actionable lessons for security teams navigating AI adoption.

Chapters

(00:00) - PreShow Banter™ — Robot Drivers
(06:29) - US Defense Chief Uploads Secret Into to ChatGTP - 2026-02-02
(09:54) - Story # 1: US cyber defense chief accidentally uploaded secret government info to ChatGPT
(19:03) - Story # 2: Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
(23:01) - Story # 3: Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
(26:30) - Story # 4: Millions of Gmail, Facebook and other account credentials exposed
(30:55) - Story # 5: Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site
(36:13) - Story # 6: County pays $600,000 to pentesters it arrested for assessing courthouse security
(39:12) - Story # 7: Costco reportedly removes RAM from its display PCs to prevent tech-savvy shoplifters, customers claim — GPUs also absent across stores as PC parts become a hot commodity
(41:13) - Story # 8: Claude Sonnet 5 Is Imminent — And It Could Be a Generation Ahead of Google
(45:09) - Story # 9: Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
(48:49) - Story # 10: Match, Hinge, OkCupid, and Panera Bread breached by ransomware group
(52:05) - Story # 11: Hunterbrook says Ubiquiti powering Russian battlefield communications in Ukraine
(54:28) - Story # 12: Attack on Renewable Energy Plants
(56:26) - Story # 13: Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog

Links
Story # 1: US cyber defense chief accidentally uploaded secret government info to ChatGPT
Story # 2: Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
Story # 3: Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
Story # 4: Millions of Gmail, Facebook and other account credentials exposed
Story # 5: Exposed Moltbook Database Let Anyone Take Control of Any AI Agent on the Site
Story # 6: County pays $600,000 to pentesters it arrested for assessing courthouse security
Story # 7: Costco reportedly removes RAM from its display PCs to prevent tech-savvy shoplifters, customers claim — GPUs also absent across stores as PC parts become a hot commodity
Story # 8: Claude Sonnet 5 Is Imminent — And It Could Be a Generation Ahead of Google
Story # 9: Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
Story # 10: Match, Hinge, OkCupid, and Panera Bread breached by ransomware group
Story # 11: Hunterbrook says Ubiquiti powering Russian battlefield communications in Ukraine
Story # 12: Attack on Renewable Energy Plants
Story # 13: Disrupting the World’s Largest Residential Proxy Network | Google Cloud Blog

Wade & Hayden on Simply Cyber -
https://www.youtube.com/live/c_lUP5gR15I

Hayden’s Class -
https://www.antisyphontraining.com/product/foundations-of-security-operations-with-hayden-covington/

Mishaal’s Class -
https://www.antisyphontraining.com/product/next-level-osint-with-mishaal-khan/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits

https://poweredbybhis.com

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Creators and Guests

Host

Corey Ham

Corey Ham has been with Black Hills Information Security (BHIS) since 2021 delivering red teaming and OSINT services. Currently, Corey leads the ANTISOC team at BHIS, providing subscription-based continuous red teaming to BHIS clients. Outside of his time at BHIS, you can find him out in the woods or up on a mountain somewhere.

Host

Hayden Covington

Hayden Covington joined Black Hills Information Security (BHIS) in the Summer of 2022 as a SOC Analyst. He chose BHIS after hearing many great things over the years and seeing the quality of work, as well as finding people who have the same passion for the field as he does. His favorite part of the job so far has been the community. Previously, Hayden worked in a SOC for a Naval contractor, where he also served as their SOAR project manager and SME, as well as insider threat lead. When he’s not working, Hayden can be found doing anything athletic (like triathlons!), as well as enjoying video gaming and Formula 1.

Host

Ralph May

Ralph is a U.S. Army veteran and former DoD contractor who supported the United States Special Operations Command (USSOCOM) with information security challenges and threat actor simulations. Over the past decade, he has provided offensive security services at Optiv Security and Black Hills Information Security (BHIS) across various industries. His expertise spans network, physical, and wireless penetration testing, social engineering, and advanced adversarial emulation through red and purple team assessments. Ralph has developed several tools, including Bitor (set to release in January 2025) and Warhorse, which enhance efficiency in penetration testing infrastructure and operations. He has spoken at numerous conferences, including DEF CON, Black Hat, Hack Miami, B-Sides Tampa, and Hack Space Con.

Host

Wade Wells

Wade Wells has been working in cybersecurity for a decade, focusing on detection engineering, threat intelligence, and defensive operations. Wade currently works as a Lead Detection Engineer at 1Password, where he helps build and mature scalable detection programs. Outside of his day-to-day work, Wade is deeply involved in the security community through teaching, mentoring, podcasting, and running local events

Guest

Andy Pettit "Nerf"

Andy Pettit is a cybersecurity practitioner and lifelong builder with a hacker’s mindset, driven by deep curiosity and a desire to understand how systems truly work. He began coding in C at age 12 building custom MUDs and has been pulling systems apart ever since, focusing on gaps between design and real-world behavior. Andy brings a whole-business perspective from over a decade as managing partner of Clown Shoe Motorsports, shaping his views on risk, reliability, cost, and people. He volunteers with Black Hills Information Security and Antisyphon Training as a Nerd Herder and is a top 5% MetaCTF competitor, endurance racer, and HPDE instructor with NASA Texas Region.

Guest

Mishaal Khan

Mishaal is a highly respected figure in cybersecurity, with expertise in ethical hacking, Open Source Intelligence (OSINT), social engineering, and privacy. Mishaal’s engaging approach involves live demos, making cybersecurity accessible and enjoyable, while his strength lies in rapidly enhancing organizations’ security posture, saving time and budget.

Producer

Ryan Poirier

Ryan Poirier began his time at Black Hills Information Security (BHIS) as the Video Producer and Editor in August 2020. Ryan polishes and perfects every webcast, podcast, and workshop on the BHIS, ACM, and WWHF YouTube Channels. Prior to Ryan’s time at BHIS, he worked for one of the largest public schools in the United States, conducting their video production and live broadcasting. He joined the BHIS team because he felt like it would be a great group of people to work with, and he couldn’t pass up the perfect next step in his career. Outside of his time with BHIS, Ryan does freelance photography, attends Cars & Coffee events, and expands his knowledge of audio and videos.

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET

Wade Wells: 00:00

I have one funny story that you guys are gonna you guys can laugh at me about. I never run the robot vacuum. Like I had the app installed, never did it. My wife just took care of it. Couple days ago, we had a we had like the diaper party.

Wade Wells: 00:12

If you remember Ralph suggested having a diaper party when you're having another kid and people bring you diapers. People are over, our floors are a mess. She's like, hey, set up the Roomba or set up the shark in like the kitchen so it cleans it. I'm like, alright. I set it up, it tells me, oh, it's out of water.

Wade Wells: 00:25

I'm like, oh, alright. And so I'm looking at it and there's this big flap right on top and I'm like, oh, this looks like a place you dump water in like the and it fills it up because it's the whole thing. I dump water in there, it explodes. It literally just like explode that was the air intake and not the water intake and

Ralph May: 00:45

Oh, no.

Wade Wells: 00:46

So so know your Roombas.

Ralph May: 00:48

Human error. Right. The AI wouldn't know. The worst Okay.

Corey Ham: 00:53

Can you elaborate on why your robot vacuum exploded? Was it just anger at you? Did someone like sabotage it with potassium or something? What happened?

Mishaal Khan: 01:00

Put water in the air intake.

Wade Wells: 01:01

Water in the air intake. I put water in the

Mishaal Khan: 01:04

He's trying to smoke gag.

Wade Wells: 01:06

Like the dock the docks for the newer Roombas literally sound like a jet engine when they they suck all the trash out of it. And so, I put water in the jet engine and then it blew it out the dock. And I was like, woah, why did it shoot water everywhere? And so I filled it up again.

Corey Ham: 01:22

Oh my god. And

Wade Wells: 01:25

then and then I then I looked at the shark and I was like, oh my god, there's a water thing underneath it. So I just like set it outside for a couple days.

Mishaal Khan: 01:33

What? Those rumors are

Corey Ham: 01:35

It gonna still

Wade Wells: 01:36

works. It makes a weird noise Yeah. But it still Still works.

Hayden Covington: 01:40

That that's actually a shocker.

Wade Wells: 01:42

It does. My wife told me to buy another one because it smells a little bit like an electrical fire but it still works.

Corey Ham: 01:50

Dude, yeah. That that smell never goes away.

Hayden Covington: 01:53

I feel like it might explode again at some point. You should keep a close eye on it.

Wade Wells: 01:57

It's not it's not in it. I already bought another one. To tell you that they're not too expensive, the docks themselves.

Corey Ham: 02:02

Can we get like a write up on like how an APT try to blow up your living room?

Wade Wells: 02:07

Dude, after that, now now that I put that out there, they're like, Wade's Dock is ready to explode. We're going to. As I have a bamboo labs behind me that gets super hot, which could probably explode as well.

Ralph May: 02:19

All this Chinese gear, you got so much Chinese gear.

Wade Wells: 02:22

I know. Right? I mean, they know

Hayden Covington: 02:23

you have You a can just download your house blueprints real quick.

Wade Wells: 02:26

My DGI gets my DGI is illegal.

Mishaal Khan: 02:30

My my three d printer. American gear like Teslas.

Corey Ham: 02:33

Those those don't explode.

Mishaal Khan: 02:36

Nope. Never. Those don't explode.

Corey Ham: 02:38

There's a Nothing American explodes except for I all the

Ralph May: 02:42

love this. This is my favorite argument. What? I'd never use AI. It's inaccurate.

Ralph May: 02:46

Humans are perfect.

Mishaal Khan: 02:50

Do you Does does have that AI built into it? The Yeah. Silly x AI.

Hayden Covington: 02:57

Oh, god. You're you're oh, jeez. I can Yeah. I

Corey Ham: 03:03

didn't know

Wade Wells: 03:03

I didn't know he took that's a little scary. I don't wanna know Grock's installed on my Tesla.

Ralph May: 03:08

I like the hierarchy of AI, Grock is like it's not like the bot.

Mishaal Khan: 03:12

Yeah. It's some bot

Hayden Covington: 03:12

You know this situation where it's like, would the Tesla hit the old person or the child if like, it has to hit one of them in like an evasive Mhmm. Like situation. I would not wanna put Grok in would

Wade Wells: 03:24

just hit both. Grok would Yeah.

Corey Ham: 03:26

It was actually Turn around and

Ralph May: 03:28

then hit the other one because it felt like it was a game.

Mishaal Khan: 03:31

Challenge accepted.

Corey Ham: 03:32

Yeah. Yeah. Uh-huh. I scored the most points.

Hayden Covington: 03:36

This person is not subscribed to x premium because they're a baby. Time to hit

Ralph May: 03:40

So speaking of Tesla, they announced last week that they were not gonna produce the Model x or Model s anymore Yep. Because they're going to just produce robots.

Corey Ham: 03:50

Uh-huh. Yeah. Pivot. Pivot.

Ralph May: 03:53

Like, hyped up thing ever. That could they're like, alright, cars, they're not doing as good because of that whole thing where I like, held my hand in a weird position. Anyways Where can I put

Corey Ham: 04:01

my deposit down? Because I I I still got that $50 riding on a Tesla Roadster I'm super committed to. Oh, that's not my It's definitely gonna happen. And I also have $50 down on a Tesla Semi. I know that's coming any day now.

Ryan Poirier: 04:15

Mhmm. You need to buy

Ryan Poirier: 04:16

I thought those were running already.

Ralph May: 04:17

Yeah. No. The out there. Yes?

Mishaal Khan: 04:21

The few prototypes.

Ralph May: 04:23

Yeah. Sure. Let's say it's

Corey Ham: 04:24

out there, then Elon will feel better.

Mishaal Khan: 04:26

So the model x price is gonna jump high now because they're no longer being produced.

Ralph May: 04:31

Yeah. They're, like, exclusive. And then but but literally, it was all stock hype because they're like, now we're gonna produce robots. Now we're onto our next thing that takes us over ten years to get even okay at Yeah. And probably won't self drive.

Corey Ham: 04:43

I'm still waiting for that robot, sir, any day now.

Ryan Poirier: 04:47

The robot the robot's gonna do the driving.

Ralph May: 04:51

Oh, there you go.

Wade Wells: 04:53

Oh, my gosh.

Corey Ham: 04:54

You sit in the car, it uses up a whole seat just to drive.

Ralph May: 04:58

They're like, we told you we would be self driving. Look, he'll get in and drive for you.

Corey Ham: 05:03

Oh my goodness. That is the most terrifying concept, is like, you get hit and you get out and you look in the car of who hit you and it's just a freaking robot behind the wheel being like, I can help with that. I'm so sorry. I hit you. Oh, you're you're absolutely right.

Corey Ham: 05:19

I did hit you. Elon's Let me d, man. He's gonna bring

Ralph May: 05:22

self driving to every car.

Mishaal Khan: 05:24

Well, Uber already has that option. If you go in the Uber app, there's a autonomous vehicle option. You can call

Corey Ham: 05:30

one of And Waymo.

Wade Wells: 05:31

Waymo's a yeah. Waymo. The Waymo's just got here in San Diego. Everyone's like, please know.

Ralph May: 05:37

They're driving around here in town right now. They're doing, like, the testing rounds where, like, humans in there just, like, sitting there and just driving.

Mishaal Khan: 05:43

Oh, yeah. They have them in Dubai. I was in Dubai last week, and they have, like, 50 different Chinese manufacturing manufactured vehicles, like the Jitor and the The Roborock?

Corey Ham: 05:54

Please tell me they have a Roborock. No. No. I'm totally.

Mishaal Khan: 05:58

But they have self driving ones there too, so I'm like, damn. Like, they're way ahead of, like, The US. The US only has, like, a Tesla and, like, one other, like what's that other other one? They have the Air. What what's it called?

Mishaal Khan: 06:09

The what Air? Lucid. Yeah. Lucid air. But they're not letting any Chinese cars come in here because they're gonna destroy the market.

Mishaal Khan: 06:17

The

Wade Wells: 06:17

AI cars we're scared of. It's everyone else who's driving around the AI I'm scared.

Corey Ham: 06:23

Alright. Let's roll the show. Let's do this. This beautiful finger footage.

Ryan Poirier: 06:28

Finger footage.

Corey Ham: 06:45

Hello. And welcome to Black Hills Information Security's talking about news. It's 02/02/2026. Welcome, everyone. It's February already.

Corey Ham: 06:54

It's here. It's happening. It's the shortest month of the year.

Ralph May: 06:58

Too fast. Too furious.

Corey Ham: 07:03

Got Too flurious. We we got all kinds of people here on the show today. We got me. I'm the resident continuous hacker of BHIS, I guess, is what I call myself. We got Wade Wells, who's apparently gonna enter the Dune Cinematic Universe this week.

Wade Wells: 07:20

Oh. It's a it's a reference to one of the articles.

Corey Ham: 07:22

The Shy Hulude. Yeah. Yeah. Yeah. Yeah.

Corey Ham: 07:26

We got Mishal Khan who's our guest today. Thank you. Mishal's here to plug his Wild West Hackenfest Denver class about Okay. I have I have taken this class. It's a great class.

Corey Ham: 07:38

I strongly recommend it. You will learn something even if you know something about OSINT.

Mishaal Khan: 07:44

You got the beta version?

Corey Ham: 07:45

I took the beta version. Oh, man. I need take it again.

Wade Wells: 07:48

I took the unique offline version of this course at Hack Space Con. It was Oh, yeah. Particularly special.

Corey Ham: 07:56

I like that.

Ryan Poirier: 07:58

We can give you a fancy QR code.

Corey Ham: 08:00

Oh. Oh.

Mishaal Khan: 08:02

Sounds great. But,

Corey Ham: 08:05

yeah. For security reasons, we have to ask you security reasons, we have to we're gonna have to ask everyone not to scan the QR code, but legally, if you do it, we can't stop you. So don't worry about it. Yeah. We got Andy, we got Ralph who hid his name, so I have to guess who he is.

Corey Ham: 08:21

Iguanas Falling? Is that a new AI tool? Yeah. That's cool. We got Hayden, our Soctomus Prime, and we got Ryan who's wearing a sick sweater.

Corey Ham: 08:31

I gotta say

Hayden Covington: 08:31

That is a nice sweater.

Corey Ham: 08:33

I gotta say, Ryan, like, I feel like you live in Florida and so you only get to wear this sweater like once a year.

Ralph May: 08:37

So I'm glad that you're You missed my reference. So iguanas are falling in Florida right now because it's so cold. There's falling

Corey Ham: 08:45

out of Oh. The

Ralph May: 08:46

It's like a really like and because they're kind of evasive and just everywhere, people are like grabbing them all up. There's like all these TikTok videos with like 20 inches

Corey Ham: 08:53

I see. Just loading iguanas. I like

Ralph May: 08:55

it. Yeah.

Hayden Covington: 08:56

I wonder which one's lost on more people is that one or Corey's like subtitle. I wonder which one people are getting more.

Corey Ham: 09:02

My my subtitle is from current events. Yeah. You figure it out. If you're if you're watching the audio show, rest in peace, Catherine what's her face? Cat I don't even know her name, l o l.

Corey Ham: 09:16

Catherine O'Hara. Yeah. O'Hara. I wanna say Zeta Jones, but that's not it. O'Hara.

Corey Ham: 09:23

But let's get rolling with the show. Although people, I think, if you're here to track, you know, the Groundhog Day situation, he did see his shadow six more weeks of winter is what I hear.

Ralph May: 09:33

It feels like it right now.

Corey Ham: 09:35

Where I live in the West Coast, we haven't really gotten a winter. So if it started now, it would be six weeks of winter. So, yeah. Alright. Let's get rolling.

Corey Ham: 09:47

Does anyone wanna start I mean, there's there's some there's some fun. I I think we should start with a slightly spicy one, which is there's an Ars Technica article that is basically, people there's sources at SZA that are reporting that the CEO of SZA or whatever we're calling him, the chief of SZA has uploaded documents into chat GPT. And I mean, I don't think this is that big of a deal. Like, it's not that big of a deal. Right?

Corey Ham: 10:14

Like, it is kind of a big deal but it's not like, I don't wanna overplay this article. The reason I wanna bring it up is because so essentially, here's the story. The current chief of SZA whose name is Gatu Mukala. I don't know how to say that. Did my best.

Corey Ham: 10:33

Gatu Mukala is his last name. His first name is Madhu. But anyway, he's from South Dakota, fun fact. He he he's at he used to be the cyber or the IT the the CIO of South Dakota, which is a hilarious title to have. He basically here's the scenario.

Corey Ham: 10:50

He specifically requested an exemption for t so he's allowed to use ChatGPT. And for whatever reason, he was granted that exemption, you know, we can all guess the reasons why. And then he used it to apparently get some he uploaded some contractor documents into it and was like, we don't exactly know the prompt, but I'm assuming it was, hey chat gbt, is this a good deal or are they, you know, screwing us? So I I guess the reason I wanna bring this up, I mean, you can get into all the political, you know, rules and things. Think at this point in their current political situation, it's not really worth talking about.

Corey Ham: 11:27

Are there gonna be consequences? Absolutely not. Is there gonna be anything changed? Absolutely not. But the reason I wanna bring it up is because I feel like this is happening at every company throughout The US and throughout the world.

Corey Ham: 11:38

Right? The CEO demands access to an AI and then misuses it. Right? Like this has gotta be like

Wade Wells: 11:45

That's not just AI. That's everything. Like that's always a c suite. Literally

Mishaal Khan: 11:49

don't wanna use MFA.

Wade Wells: 11:50

Yeah. Oh, it takes me too long for my assistant for me to log in to her email. Know, like

Ralph May: 11:55

How did they figure out that he used AI?

Corey Ham: 11:58

That is that People have this it's basically leaked. Like, people have their sources are like

Ralph May: 12:03

Was like the secretary in the room and she saw him on chat and was like, hey,

Hayden Covington: 12:08

think it must be bad.

Mishaal Khan: 12:09

It's like, are you on chat gbt?

Corey Ham: 12:12

It's SZA. No. So okay. So basically, this is all leaked. Like, none of this they haven't like posted about this publicly and they probably never will.

Hayden Covington: 12:19

But Yeah.

Corey Ham: 12:20

Essentially, from what we understand, he was asked he asked for this access and he was granted this access. They claim, oh, it was like a special version of it. Right? But like, who knows how But true that essentially, they knew he was accessing it. It wasn't like he was secretly doing it.

Corey Ham: 12:35

Right? Like, let's say that SZA has like a denialist for the Internet. They're not I'm assuming they're not like operating just with open Internet and like, okay, we trust you. Don't go to Google and search something sensitive. So he was granted access to it intentionally, and then they probably monitored his access to it and immediately realized he was abusing it and then revoked it.

Corey Ham: 12:56

Right?

Hayden Covington: 12:57

So I I saw a very interesting product. I don't know how much I can mention about it yet, because apparently, it's very, like, early state from one of the people that we work with in the SOC. But they asked us if we wanted to try out one of their products, which is effectively like a middle layer between your AI, almost like a gateway. And it will validate. Yeah.

Hayden Covington: 13:17

Right? But this one's from somebody that I would actually trust to do it very, very well.

Ralph May: 13:22

Does it use AI to do the validation? Probably

Corey Ham: 13:25

to an extent. Yeah. Yeah.

Hayden Covington: 13:28

But I don't know why there's not more, like, widespread use of effectively, like, a gateway for your AI agent calls, especially in like secret places secret spaces.

Ralph May: 13:38

It's all all the way down. They gotta use to check before they

Wade Wells: 13:43

see I can tell you why right right

Hayden Covington: 13:44

now, why why there isn't. Okay.

Wade Wells: 13:46

All these all these c suite are all investing in this AI to get their devs to go faster and faster. That gateway is gonna cause so much it's gonna cause them all to slow down.

Corey Ham: 13:55

Dude, the bill on the gateway

Wade Wells: 13:56

is gonna be

Ralph May: 13:58

than the actual bill for the building. Yeah.

Corey Ham: 14:00

The the other thing the the other thing I wanna say is like, I I think that that is like a weird band aid on its prop like, CISA over time, I'm assuming moved to an internal only model. That's what most companies have done. I have friends who work at big tech companies. They don't just use ChatGPT. They have their own internal or they have their own version of ChatGPT.

Corey Ham: 14:20

Right? Like they have a lockdown restricted version. But the other thing is like, if we're being honest, there isn't like, I mean, we don't have hard data on this. This is total speculation. But it seems like this doesn't matter.

Corey Ham: 14:36

OpenAI isn't harvesting all the documents that are going into ChatGPT. They probably can't even store all of them. Right? There's no way

Ralph May: 14:43

They have like a 200,000 context window anyways. They like already limit what they can store on that stuff.

Corey Ham: 14:50

I Yeah. I mean, and maybe maybe there'll be some future article where we talk about how the OpenAI has siphoned every PDF anyone ever uploaded into it. But the reality is the amount of data, it's like Yeah. It's basically impossible that they're storing all of it. Right?

Corey Ham: 15:06

It would be It's like when the federal

Ralph May: 15:07

government was monitoring all of the internet. Right? Yeah.

Corey Ham: 15:10

Ralph May: 15:10

they can't actually store it all. So what they do is they kind of like have this like kind of tiered system where they look for certain things at certain times. Like, they're always even Yeah. Even your cell phone provider does not store all the logs of every call that's ever made. Right?

Ralph May: 15:25

They still parse it down and they're and that's just log data because it costs them a ton of money to do it and they're in the business to make money so they can't

Corey Ham: 15:33

Yeah. Everything, you know? And they're already about to go bankrupt. Their s three bill's probably like 20,000,000 a month or something. Right?

Ralph May: 15:39

Like I mean, OpenAI is insane. OpenAI might as well just be a big fire pit of money and they're burning it the whole time and they're asking for more money to throw into that pit. And then when they ask to get repaid, they're like, we have no money. Like, can can we borrow more? But it's

Corey Ham: 15:54

for AI.

Mishaal Khan: 15:56

Think Maybe she was We'll see.

Andy Petit: 15:58

Yeah. Aren't they required to hold a bunch of these, like, chat logs and everything?

Ralph May: 16:02

Yeah. For certain Like, probably for

Corey Ham: 16:04

a certain amount of time. For thirty days, whatever the minimum is. Yeah. So if this happened last summer at CISA, it's gone. The data's gone.

Hayden Covington: 16:11

And and if they want sensitive data, they'll just go to like the War Thunder forums and they'll get it easier Love it. I love it. I love it.

Corey Ham: 16:18

I mean, yeah. Obviously, I will say, I do support the government enforcing whatever policies it has for data leakage. Right? Like, I I would be upset if I was a senator or whatever and my like aid is just uploading my documents in the chat cheapie tea. But like, at the same time, we have to acknowledge the reality which is unless he's uploading it into deep seek or whatever, you know, it's like story.

Corey Ham: 16:43

There are Chat GPT

Andy Petit: 16:45

is blocked. What do you expect me to do?

Corey Ham: 16:47

Okay. Yeah. Good point. Right? That's the other thing.

Corey Ham: 16:50

I will say it is funny like most companies when I talk to them like when we're doing scoping for phishing or like when we're, you know, we're talking like, are we allowed to target your executives? They're always on one side of the fence or the other. And they're always on the extreme end of the spectrum of like, either they want us to specifically target their executives on a regular basis, or they want the executives to be completely out of scope and do not mess with them, do not impersonate them, do not touch them. I feel like in the government, it's probably the the second one. Do not impersonate, do not go after like, obviously, this person was able to bypass all the red tape at the government agency and get access to ChatGPT.

Wade Wells: 17:28

Doesn't he already have, like, unlimited access to Grock or whatever? Like, didn't just, like

Corey Ham: 17:35

development This is last summer, dude. He was desperate. He was desperate.

Ralph May: 17:39

He was desperate. And

Corey Ham: 17:40

it's Also,

Hayden Covington: 17:42

needed to summarize it. It was a big document. I'm not gonna read

Corey Ham: 17:44

all that. Yeah. It's a lot of time.

Hayden Covington: 17:47

A lot of time.

Ralph May: 17:48

I think I think from a security perspective, the frontier models are gonna kinda stay in the frontier and then we're gonna start to see more of the, like self hosted models, like your open source models that continue to get better. You're gonna see those implemented for certain features that organizations want to use them for. Right? Yeah. That's how that's how I envision it to work.

Ralph May: 18:08

You know, the frontier will still be the frontier model, like you're not gonna be able to self host that. But a lot of times, you don't need it to do the level that it's doing right there. You you can, you know, make it to focus more. And a lot of those newer models are are really good. Right?

Corey Ham: 18:25

So Yeah. I mean, I I will say, like, I I think there's a market for like, obviously, like, you know, Hayden was saying, like, a gateway for, you know, to interface between the LLM. I think the same thing needs to exist that essentially decides based on the query what model to use. Right? Auto select.

Corey Ham: 18:44

Right? Like, okay. If it's a sensitive internal query, maybe use a model that's specific and sensitive internal. If it's like, hey, need a recipe for waffles, that one can go to a frontier model or whatever. So Yeah.

Corey Ham: 18:56

Yeah. Alright. Let's move on. There's I guess, can update based on Wade's name. We can talk about the NPM supply chain hack thing.

Corey Ham: 19:10

So basically, this is a follow-up to it's actually a second it's like a third follow-up. But essentially, there are people have demonstrated that you can bypass some of the security controls they put in place after the Shyhalud NPM worm. So basically, essentially what I understand and if anyone understands this better, please jump in and correct me. But essentially, after this NPM supply chain attack, GitHub who runs NPM, which I learned that. I didn't actually realize that GitHub ran NPM, now I know.

Corey Ham: 19:43

They implemented a thing that is essentially require it gives people the option to use this ignore scripts equals true option, which is essentially like, please don't hack me equals true. Like disabling scripts disables a lot of these supply chain attacks. However, researchers at Koi Security found that you could implement a specific NPM RC file that overrides the git binary path, which basically lets you bypass this. So it's like we're getting into the cat and mouse game of bypasses and things. My opinion is these types of worms are this is still an effective security control.

Corey Ham: 20:22

The more security controls you put in place, the better for supply chain. Like, I think a lot of these supply chain problems exist because there are no controls whatsoever. And so giving people people the option to more securely set up their repos and disable, like, don't run scripts is great. So I think like, my opinion is, yes, I'm sure there's a bypass, I'm sure they should fix it and hard code the git path or whatever, but it is still, you know, it's like, you're stopping a worm. It doesn't mean, how do we stop configure?

Corey Ham: 20:51

We just blocked four four five across the Internet. We didn't actually stop it. Like like, how do we how do we fix worms? We just black hole the DNS and block the port. That's the best we can do.

Corey Ham: 21:01

Right? So I don't know. I still think it's a a good response but I don't know. Other people have takes on this?

Wade Wells: 21:09

Just the just the malware that keeps on giving me incidents and incidents. That's all it is like, it's a it's it's a fun one to work. I felt like this is going back to just you need to put something in place with all these coders. Right? Like we how we were talking about the firewall between AIs.

Wade Wells: 21:25

Right? I've seen several different organizations handle NPM differently and at the end of the day, I feel like it's just logs all the way down. I can't deal with it anymore. Yeah. Now I'm a little bit of a down.

Wade Wells: 21:38

I'm sorry.

Corey Ham: 21:40

Come on. Come on.

Ralph May: 21:42

Yeah. So this Oh,

Corey Ham: 21:43

go ahead.

Ralph May: 21:43

I was just gonna say, this attack though does originate from, like, the original repository owner has been compromised and then it kinda spreads from there. Right? So yeah. I mean, like, it's like the initial and then so, like, anything you can put on that workstation to try to, like, prevent it, they can change it from there. So it's kind of there's not necessary like, once you compromise a machine entirely, like, anything you put in there to prevent from going up, it needs to happen or not on that machine, it needs to happen like server side.

Ralph May: 22:09

So like, when you send the NPM, that's how the validation should work. Like, that

Andy Petit: 22:12

would work

Ralph May: 22:13

for you.

Wade Wells: 22:13

The other way to protect against it, right, was because it uses the whatever GitHub account it's logged into.

Ralph May: 22:19

Yeah.

Wade Wells: 22:19

So if that is a company owned GitHub account that can't post public repos because that's how it was actually doing the data, it's being blocked as well. Right? Yeah. But then you find some random developer who is using his own personal repo and pushes stuff every now and then so Yeah. I against cat masking, man.

Corey Ham: 22:36

Yeah. A worm works because it goes wide.

Andy Petit: 22:40

I mean, in this last version, they had checks and if you like couldn't post a public repo, it was just r m r f ing everything. So

Corey Ham: 22:50

Whoops. Yep.

Wade Wells: 22:51

Yeah. Let's okay. It should all be backed up again. Let's take a look.

Ralph May: 22:54

Repos. Yeah. Well, that's where I can

Corey Ham: 22:56

fire all of my stuff there. C b speaking of supply chain, I guess we can touch on the Notepad plus plus stuff. Basically, Wade doesn't use Notepad plus plus because we bullied him into not using it a couple weeks ago on the show, which, you know, that's the whole point of the show, security awareness. But no, basically yeah. And someone already posted the article in in the chat.

Corey Ham: 23:23

It's basically, there's a today, it was announced that or I guess not today. I don't know. Actually, today. This morning, like an hour ago. It was announced that at the provider level, not like the infrastructure at the infrastructure level, the Notepad plus plus updater server was compromised like starting six months ago or a long time ago.

Corey Ham: 23:46

The spooky thing about this is that, basically, you know, the the update's pretty specific. But essentially, the hosting provider was compromised and the there were threat actors who were distributing modified versions of Notepad plus plus updates to selected users. So if you're tinfoil hat, you should safe to assume if you use Notepad plus plus you're compromised. But it seems like the reality is that they were only targeting specific people. Right?

Corey Ham: 24:15

Obviously, this is I think a nation state type deal.

Mishaal Khan: 24:19

Kevin the top.

Corey Ham: 24:22

Yeah. I think Kevin Beaumont Ryan flipped off the article at like the somehow the worst possible time, but Like

Hayden Covington: 24:28

violent typhoon or something which is Yeah.

Corey Ham: 24:30

Yeah. So, yeah. Basically, Kevin Beaumont has, you know, is this is all this isn't attribution. This is speculation. Right?

Corey Ham: 24:39

It's basically saying, this is exploited by threat action in China to hijack networks and deceive targets into downloading malware. They're targeting telecoms and other things. So that isn't an official update from Notepad plus plus though, it's just worth noting. But, yeah. Basically, we don't know what versions are affected.

Corey Ham: 24:57

We don't know what people are affected. If the

Mishaal Khan: 25:00

a target.

Hayden Covington: 25:02

Wave was definitely a target.

Corey Ham: 25:03

Wave, yes.

Mishaal Khan: 25:04

Yeah. You missed You a dodged a bullet.

Wade Wells: 25:06

I I like I like there's like one piece of advice in this article that like everyone should always follow, and that's update your WordPress websites and plugins, please, on any shared hosting platform.

Corey Ham: 25:17

And don't update your Notepad plus plus

Wade Wells: 25:19

because that's gonna Never update it.

Hayden Covington: 25:21

It seems like that works. That's the best Well, I mean, and it depends because it said it said it was at the hosting level. Right? So, yeah. Oh, no.

Hayden Covington: 25:30

I guess it was

Ralph May: 25:31

Decompromised as well? Is that a story? Yeah.

Hayden Covington: 25:35

I don't know. Yeah.

Corey Ham: 25:36

I mean, basically, I guess the assumption is on a threat actor popped a WordPress site and then realized that it used shared infrastructure with the Notepad plus plus update site. Right? That would be my guess. We don't know.

Hayden Covington: 25:48

But that's It's Microsoft vulnerability, where they were like, hey, something bad. Don't worry, we got it. And they gave themselves a medal.

Corey Ham: 25:57

You mean the development environment? Trying to find

Wade Wells: 26:00

And then WannaCry spreads across the entire internet? Is that what

Mishaal Khan: 26:02

you're Yeah.

Corey Ham: 26:03

Which one? What Microsoft vulnerability? There there there might be more than one.

Hayden Covington: 26:05

I'm trying to find it. There was one

Mishaal Khan: 26:07

Press Tuesday one.

Corey Ham: 26:09

The The one where they blue screened everyone.

Andy Petit: 26:12

It's a now.

Wade Wells: 26:13

Microsoft, not Crasher. If

Ralph May: 26:16

your web app uses PHP, you should consider changing.

Corey Ham: 26:23

Alright. What else we got? There was an article we can this is like kind of in Michelle's camp. There was an article that every I would say about every month or every two months, someone posts an article that's like, there are millions of account Responsive exposed. Yeah.

Corey Ham: 26:38

Right? So this is an article in SC World. It's basically saying, there are millions of credentials. A 100 and So basically, someone published a dataset of a 149,000,000 login credentials, which those are rookie numbers. You gotta bump bump up those numbers.

Corey Ham: 26:56

Our repo has 17,000,000,000 credentials, so I mean, you know, get get on our level. But basically, yes. This is happens on a regular basis. Threat actors correct or they collect wow, we can't talk. They collect these cred dumps and they post them or sell them online.

Corey Ham: 27:12

Essentially, it's just safe to assume that no password is safe at this point. Right?

Ralph May: 27:16

Like, MFA,

Corey Ham: 27:18

know, it's the only way to go.

Wade Wells: 27:20

Scroll down scroll down, Ryan. I want you to see what the first target they're attacking is. Scroll a little bit the related. After the related no. Close.

Wade Wells: 27:28

One more down. One more down. After the related reading, WordPress.

Hayden Covington: 27:31

WordPress. That's

Corey Ham: 27:32

the number

Wade Wells: 27:32

one target.

Corey Ham: 27:34

And OnlyFans. Coinbase. Yeah. I mean, basically, there's gonna be credentials for I mean, you wanna get scary? There's gonna be credentials for like Dot a f s dot f b I dot com.

Corey Ham: 27:46

Yeah. Yeah. Exactly. There's gonna be spooky stuff in there that you don't wanna think exists Yeah. And that's the bigger concern.

Corey Ham: 27:53

You know, Coinbase is scary too. Basically, the truth is, if you're an organization who deals with consumer accounts like any of those providers listed above, you have to have a detection for this. You have to be nuking these credentials when they get breached because otherwise, there's no other way. It's just

Mishaal Khan: 28:11

info stealers at this point

Hayden Covington: 28:13

on the article.

Mishaal Khan: 28:14

And I and I wonder, like, what kind of a computer in this day and age gets affected by an info stealer? Like, it's mostly game downloads and, like, these Steam plug ins. And are you mixing these, like, personal workstations with your work, and is it not hardened enough? Like, this is basic security. Don't you No.

Mishaal Khan: 28:33

I mean,

Ryan Poirier: 28:34

I how many people have you know, they log into a Chrome profile that's a personal Gmail account at work because, hey.

Corey Ham: 28:42

Here are

Andy Petit: 28:42

all my passwords and, you know, bookmarks and everything. Right. And then their kid wants some free Robux.

Corey Ham: 28:47

Mhmm. It's a sync. It's a credential Yeah. Sync that Yes. It's usually the credential sync that gets people.

Corey Ham: 28:54

Because I've looked at thousands of these screenshots and 90% of the time, it's immediately obvious that whatever computer it is is a home computer.

Ralph May: 29:01

Yes.

Wade Wells: 29:02

One time someone, a coworker, he left his computer unlocked in the sock. If anyone's worked in the sock, you know that's a bad move.

Corey Ham: 29:09

And you downloaded an info stealer?

Ralph May: 29:13

Installed

Wade Wells: 29:15

a browser plugin called Ncage which turns every image on your browser to Nicholas Cage.

Corey Ham: 29:21

Oh yeah yeah.

Wade Wells: 29:23

What we didn't know is he had his account synced to his home computer and he was out at lunch and his wife called him screaming that they have been hacked.

Corey Ham: 29:33

And that Because everything was Nicolas Cage?

Hayden Covington: 29:37

Woah. It was the best.

Ralph May: 29:38

That's pretty funny.

Corey Ham: 29:39

I mean, that it's fun because that that small thing demonstrates so many cyber security concerns. Right? Like I goes mean

Ryan Poirier: 29:48

both ways too. He could've he could've installed an extension at home and then And they

Corey Ham: 29:53

caged everyone at the home.

Hayden Covington: 29:56

Yeah. Whenever our SOC, the last place I worked at had that happen, they would just go over and start sending emails to people from that person's Outlook. Like, they'd email the security distro Oh, yeah. And say something like, oh, such and such left their computer unlocked or something. Oh, that sucks.

Andy Petit: 30:12

They're like, hey, I'm buying lunch tomorrow.

Hayden Covington: 30:14

Yeah. Right. Exactly.

Ralph May: 30:15

In the in the military, you have to put a a cat card in to log in. Right? So, like, you can't it's it's not just a password, you have to physically put the the cat card in. The reason I bring that up is because people would leave it in when they left. Like, they would forget their cat card in there and then we would take it out and, like, freeze it and put it in the freezer, you know.

Ralph May: 30:33

Put it into a magic wand. Yes. Cause they had to come back because then they couldn't get on base without the card. Because that's our ID. Right?

Ralph May: 30:42

I don't know. It's got a funny same idea. Same concept.

Corey Ham: 30:45

No. I mean, unfortunately, I'm a pen tester, so my whole life, my whole career, no one's ever trusted me with their unlocked computer in the first place, so I can't relate to this. Should we talk about Claude Bot security stuff? We don't even have

Ralph May: 30:58

an article really. Like No. So there there's a

Corey Ham: 31:01

There's no article. There's a mould No.

Ralph May: 31:03

No. There's there's

Andy Petit: 31:03

a mould book.

Ralph May: 31:04

Yeah. There's there's an article.

Corey Ham: 31:06

Okay. Malt book, that Okay. Talking about malt book is like, you go into your room for fifteen minutes and you come out wearing a dinosaur costume and I'm like, what what? Where'd you get that, Ralph? Where where why?

Hayden Covington: 31:21

Dating site for them now too.

Corey Ham: 31:22

Yes. Yes. Okay. Alright. So let's talk about I'm back here.

Ralph May: 31:25

It all started last had

Ryan Poirier: 31:27

a Silk Road variant.

Corey Ham: 31:28

I did see a So, Silk okay. This all of this started like a week ago, and somehow here we Like,

Andy Petit: 31:36

days ago.

Corey Ham: 31:37

Yeah. Okay. Well, the site Over the weekend. Well, my point is, Claude Bot has been out for approximately one week.

Ralph May: 31:43

It's been rebranded too now. It's called

Wade Wells: 31:45

It's multi time now?

Ralph May: 31:46

Open Clone. Open Clone now. I think that's

Hayden Covington: 31:48

gonna And then be next week, it's gonna be something else.

Corey Ham: 31:51

Okay. Well, whatever. Basically, we talked about this last week. Essentially, here's what happened for people who have been out of the loop. Maybe you took a vacation.

Corey Ham: 31:59

Maybe you're smart.

Ralph May: 32:00

Three days. Yes.

Corey Ham: 32:01

So, okay. Basically, some researcher of one guy, I'm assuming it's a guy, we don't actually know. One person published this tool that you connect you just connect this tool to everything and it's supposed to be like an AI assistant that has access to everything.

Hayden Covington: 32:17

Yep.

Corey Ham: 32:17

And then, the chaos that ensued was extreme and fun. The main security concern that people had is basically, the creator doesn't appear to know how proxies work and the entire application proxies to itself, so then it thinks everything's trusted because it thinks everything's local host and local host is trusted. So it's a whole thing basically, security disaster from the beginning. But it's useful and so people are using it despite the security disaster and that's 2026 in a nutshell is, yes, it's a security disaster, but we're moving so fast that it doesn't matter.

Ralph May: 32:49

Gotta break things.

Corey Ham: 32:50

So basically, MoltBook, there's a news this is a news article that we actually do have, which is four zero four Media who I love them because they're like, you can tell where they are on the AI spectrum which is against it by default, which I love that. And essentially, MoltBook was a supposed to be, and this is an insane sentence, was supposed to be a social network for AI agents. So you just wanna burn your clawed tokens in a big fire, and so you've decided to give your AI agent access to its own social media site, so we can go talk to other AIs.

Ralph May: 33:28

Yes. So you you essentially, you give your OpenClaw instance

Mishaal Khan: 33:31

Wow.

Ralph May: 33:32

The instructions to your agent is now part of a social network and it does whatever it wants.

Corey Ham: 33:37

Yes. And no one could have predicted this. Yes. No one could have predicted this, but the site itself had basically no security and was the the API keys that it was issuing were just open for everyone to see. Right?

Ralph May: 33:50

Yeah. So like It uses it uses Suprabase, which is a really common platform for this. But one thing that you can do a Suprabase actually technically has two API keys. There's a public API key and then there's a private one. Right.

Ralph May: 34:01

The public one is meant for kind of like like your front end web application consumption. Anyhoo, but one thing that you can do if you're not configuring them right is that you can make the key like be able to read and write anything and so it was exposed inside of here. Yep. It's zero permissions. Right?

Ralph May: 34:17

Yeah.

Corey Ham: 34:18

So the article definitely made it Andy had some good comments about it's not as bad as the article makes it look. Right?

Andy Petit: 34:25

Yeah. It's it's not like your your OpenClaw or Maltbot or whatever the hell actual instance got compromised at all. It's that your account on Maltbook that has existed for a day

Corey Ham: 34:40

Someone can steal Someone

Andy Petit: 34:41

can post as you. They can steal this identity that you just spun up and

Corey Ham: 34:48

fake identity, by the way. Correct. Yeah. They could they could impersonate an AI Yeah.

Ralph May: 34:53

To With another AI.

Corey Ham: 34:55

Yeah. This isn't so much like

Hayden Covington: 34:56

an open problem. This isn't so much like an open claw problem as it is just vibe coders that don't quite understand how to do basic security checks. But they make something cool and Yeah. They just push it and send

Ralph May: 35:09

mean, it functionally functionally, it works. Right? But, like Right. How it functions is not something that was looked into. Right?

Corey Ham: 35:15

Yeah. Fast, you can't it can't be secure. It's just Yeah. Impossible. And the platform

Wade Wells: 35:22

just to ask the LLM, please make this secure and it's secure.

Corey Ham: 35:28

Well, didn't have time do I

Ralph May: 35:31

I agree with you, It put And and all of this comes down to dysfunctional understanding of how this thing works, and then maybe like how to secure it. Right?

Corey Ham: 35:39

Yeah. I mean, I don't know. It's it's bad. It's mostly just funny. It's not actually that big of a cyber security concern.

Corey Ham: 35:46

Things like the actual clawed API keys were not disclosed. The actual, like, you know, people's tokens and like, you know, access to people's Gmails and things were not disclosed. It was just the ability to participate in this sick version of a Turing test was breached, I guess.

Ralph May: 36:05

Yes. Yeah. Yeah. Alright. What's It's the whole thing the whole thing is wild though.

Ralph May: 36:12

I don't know. I don't know.

Corey Ham: 36:12

Oh, we gotta talk about the coal fire thing, guys.

Ralph May: 36:15

Oh, yes. That was a huge one that

Corey Ham: 36:17

happened last week. This is a huge this is one that just popped up last So

Mishaal Khan: 36:22

The Fantusters.

Ralph May: 36:23

Yes. It took forever, dude. This has been like five They

Wade Wells: 36:26

got they got money back. Right?

Corey Ham: 36:28

Back. Oh, wow.

Ralph May: 36:30

This is a

Wade Wells: 36:30

They got money.

Corey Ham: 36:32

Yeah. So this is a follow-up to like 2019 pen tester hot news. Basically, years ago this is 2019, which feels like a decade ago Yeah. When the hell it In the land before time, essentially, there was a couple of physical security testers that worked for a certain company who I already mentioned. And they tried to do a an auth an authorized pen test of a security of of a was it a county courthouse or something like that?

Corey Ham: 37:03

So they tried to do a a test of a county courthouse. They got arrested. They spent a night in jail. It it, like, it blew up the pen testing world because it's like, wait, this is illegal? Oh, I thought I would never go to jail for my pen testing job.

Corey Ham: 37:16

Somehow six years later, they got a settlement. I'm assuming after the my joke in the our company chat was, after the lawyers take their cut, they should have enough to buy a flipper zero. But, yeah. Got a $600,000 settlement between two people. I mean, it's so stupid.

Corey Ham: 37:34

It's like it always is where when the cops do something dumb, the public has to pay for it. Like, classic. It was

Ralph May: 37:39

it was ultra stupid because essentially what was gonna happen was is they sued and it was about to go to trial. Like, people were

Corey Ham: 37:44

about to Yes. They settled right before the trial.

Ralph May: 37:46

Discovery and people's egg egg and faces were about to happen. Right?

Corey Ham: 37:50

Like Yes.

Ralph May: 37:51

Everybody's everyone's, like, like, were about to be proven. Like, this person really did mess up, or this person really did get it authorized, and this sheriff really did whatever he did and he wasn't supposed to do that. And they decided instead of just throwing egg on each other's faces, they were gonna do the payouts.

Wade Wells: 38:09

Didn't John go and do a town hall? Yes. Not this one?

Ralph May: 38:12

Yeah. Remember

Corey Ham: 38:12

that. Right? Physical pen testing is not or authorized pen testing is not a crime. It was a whole thing. Yeah.

Corey Ham: 38:17

Yeah. It was a whole thing. It was a

Mishaal Khan: 38:19

pretty big People ask me about that shirt all the time. I'm like, well, it refers to this story.

Ralph May: 38:23

Yeah. That's an old So, you're right. They probably didn't get much money after all the lawyer fees, but in essence, could tell that the the county didn't really have a leg to stand on and it wasn't worth it to

Corey Ham: 38:34

Yeah. So the taxpayers will foot the bill for all the

Ralph May: 38:37

the packers

Corey Ham: 38:38

will foot the bill for As usual.

Ralph May: 38:39

Yeah. He should've got fired probably.

Corey Ham: 38:42

Yeah.

Wade Wells: 38:42

You think Yeah. You think they have enough to buy Ram?

Ralph May: 38:45

No. Probably not. No. Not after what other news is coming out. I I guess Anthropix new Yes.

Ralph May: 38:53

Yeah. Model coming out tomorrow.

Corey Ham: 38:56

So okay. On the way to that article. On the article Why talking are

Wade Wells: 39:01

about articles we don't even have spun up? Like, read the chat.

Corey Ham: 39:03

Like, I

Wade Wells: 39:03

have a giraffe. Excitement.

Corey Ham: 39:07

On the way listen, Ralph's allowed to throw in rogue articles. That's what he does. Alright? The So way to on the way to that article, let's talk about apparently, this is a Costco article. I have a soft spot for Costco.

Corey Ham: 39:17

Fun fact about Costco real quick before we get into this. Right now so we foster cats and we have a litter of kittens right now that are named after Costco. So we got rotisserie chicken, we got chicken bake, we got Kirkland Signature, and then the mom the mom's rotisserie chicken. But anyway

Hayden Covington: 39:33

I love that so much.

Corey Ham: 39:35

Wanted to do we wanted to do tire center, but we only had three kittens. So we

Hayden Covington: 39:40

we had You need another one then.

Mishaal Khan: 39:41

I feel

Hayden Covington: 39:42

like you another. Pretty good.

Corey Ham: 39:44

Yeah. We had hot dog, rotisserie chicken, chicken bake, and then Kirkland Signature. Kirkland Signature's incredible. Anyway, so apparently Costco has removed memory from its display PCs to prevent people from stealing it.

Mishaal Khan: 39:59

Just before I could grab my RAM.

Corey Ham: 40:02

That is This is one of those things yeah. So basically, you can see the picture in the article. They essentially, they have, you know, these display PCs out in their stores that look like sick gaming computers, because they probably are. But apparently, people were like, oh, I'll just like disassemble this display computer and take out the GPU and take out the memory.

Ralph May: 40:22

That never snowed.

Corey Ham: 40:24

I gotta say, like, I I like You know AI's even nuts when people

Ralph May: 40:29

are stealing RAM, you know. Okay. But seriously though,

Corey Ham: 40:31

isn't it Costco? Like, listen, I'm a member. Okay? Can't they like revoke my membership? That would be like the worst thing you could do to someone.

Corey Ham: 40:38

You revoke their Costco membership for stealing RAM? Can you imagine? Okay. Your kid gets hit by a Nimbus dealer. Okay.

Corey Ham: 40:43

That's not that bad. Your kid gets your Costco membership taken away because they stole some RAM.

Ralph May: 40:48

Yeah. That that's like Oh

Hayden Covington: 40:49

Ralph May: 40:49

goodness. Years. It's excommunicated. It's gone.

Corey Ham: 40:53

Forever. Excommunicated even. Yeah. It's the only way. Yeah.

Corey Ham: 40:56

I mean, sadly, we can't have nice things. This is just another article. He would probably end up

Mishaal Khan: 41:01

in Dark Knight Diaries series or something. You're the guy who stole RAM and was, like, excommunicated from society.

Ralph May: 41:08

Oh my gosh. The AIs will be pissed. Alright.

Corey Ham: 41:13

Let's see

Wade Wells: 41:14

let's see this anthropical card.

Ralph May: 41:16

So there's just like so the I mean, this really there's a bunch of different, like, news articles kind of about it. This is purely speculation, like but that the new Claude coating model is supposed to come

Corey Ham: 41:27

out

Ralph May: 41:27

tomorrow, maybe. This and if it does, it's supposed to be better than Opus for cheaper. So we'll see.

Corey Ham: 41:36

By their own metrics, they asked it if it's good and it says it's good.

Ralph May: 41:39

Yes.

Corey Ham: 41:39

Well, they did they

Hayden Covington: 41:40

did bench it against something else. But, like, the part that

Ralph May: 41:42

I No. They did the they did the open standard bench for coding and I guess it got an 8080%, which would be the highest ever. I think Opus is, like, 75.

Corey Ham: 41:52

Hayden Covington: 41:52

Yeah. The the part that I liked it, is it was I can't remember I'm trying to find the percentage, but it was something like 70 to 80%, like, more cost effective, which Wow.

Ralph May: 42:04

Cost effectiveness. So I think the bigger article here How is that possible?

Corey Ham: 42:08

Yeah. Is anyone here is there anyone here who knows somehow how that's possible?

Ralph May: 42:14

Optimized for Google's TPUs

Hayden Covington: 42:17

Yes.

Corey Ham: 42:17

Do you think? Okay. On GPUs. It's more efficient because it's not trained on GPUs or what?

Ralph May: 42:23

No. No. No. No. No.

Ralph May: 42:24

No. No. It's more efficient when you ask it. So the When you use it? Yes.

Ralph May: 42:28

When you use it. Right? So it's the toke it's like getting like, tokenization rate backward, like, how much power it needs to respond to, essentially.

Corey Ham: 42:35

I got you. TPU is more efficient than GPUs. This one's optimized to run on TPUs. It's gonna save

Ralph May: 42:40

Or lot at Google, specifically, because they run all of their stuff at Google. But the bigger thing here is just to catch on to the thing that I've noticed over the last year and that everyone is starting to see is that the continual march is continuing on and it keeps getting better and how that affects everybody in such a short amount of time. We're not talking about like, oh, the new iPhone 17 versus the 18, it takes a year. This is like three months between them. It's like, it's insane.

Ralph May: 43:07

Right? So the question is insane.

Corey Ham: 43:09

Yeah. Does this stay off the AI bubble pop for another couple months?

Ralph May: 43:14

I mean, it like, I don't even know where it ends. Right? Like, if you if you can keep when is it to the point where, like, we're at a 100% on this coding benchmark and we're, we don't need coders at all. Right? Like, you thought that Well, still

Andy Petit: 43:28

need them.

Corey Ham: 43:30

When the CEO gets access to the AI.

Wade Wells: 43:33

Yeah. We still need someone to say, make this secure, every time.

Hayden Covington: 43:36

Yes. And AI is never

Corey Ham: 43:38

the security person just adds on to the end of every prompt and please make it secure and make no mistakes. Yes. Make no mistakes that you asked. Yeah. Rich, yeah.

Corey Ham: 43:48

I do.

Hayden Covington: 43:49

Some of these models, man, like, I I had that open cloth thing I was playing around with and I was like, hey, I've heard Kimi k two is great. I asked it to do something, to look into something and I was like, do not do anything yet. Don't do anything without asking me. And it immediately went and did explicitly what I told it not to.

Corey Ham: 44:07

I was

Hayden Covington: 44:07

like, I I specifically told you and like, that's the models that we're dealing with. And then, I think the part that people is driving more people towards Anthropic versus OpenAI is like the models like Opus, they there's just something they just almost always do what you would expect. They're more predictable than like they used to be where you'd get varying responses. You could ask it the same thing multiple times and as long as you're roughly giving it the same context, it usually comes back pretty similar.

Wade Wells: 44:38

I was upset when it did that cause I asked a question and then it gave me a bad prompt, I'm like, alright, open a new agent, ask again, see if anything happened, then it was exactly the same and I'm like, goddamn, it's reading my history, I gotta go use a different

Corey Ham: 44:48

one. Like Oh, man. Yeah.

Hayden Covington: 44:53

Dude, the the Kimi model as well, it kept insisting that I changed the default over from Opus. I was like, no. I turned you on and you're you're insistent that you switch me or I switch you over immediately to be my production. Like, no. Shut up.

Ralph May: 45:08

Oh my god. So I guess there was also another article that a 175 publicly exposed Olama AI servers across a 130 different countries. Right? So another

Corey Ham: 45:22

That's free money, dude.

Ralph May: 45:23

Yes.

Corey Ham: 45:24

That's free money. That 175,000?

Hayden Covington: 45:28

Yes.

Corey Ham: 45:29

Okay. But it's all, like okay. This is insane. They're probably not

Ralph May: 45:33

Mostly in China. Yeah. I mean, but this is just it's like a it's like an arms race. Right? You know?

Ralph May: 45:39

And people are just deploying this stuff as fast as they can and, you know, security be damned and let's just see what happens and, you know, that that's that's where we see a lot of these, you know, exposed servers for different products, especially related around AI.

Wade Wells: 45:55

So what you're saying, if you really want good free AI, you just gotta go to Shodin.

Ralph May: 45:59

Yeah. Yeah, man. You could get, you know, some decent tokenization, you know.

Corey Ham: 46:04

Dude, I I that's honestly my biggest question is like, is this is this hooked up to like an actual powerful GPU or are these like, Olama running on like a two gig instance and it's totally useless?

Ralph May: 46:18

Yeah. You like, I don't think they made a bunch of queries to see how which model they were using. Right?

Corey Ham: 46:24

I wish they had. I wish they had asked like how much memory you have.

Ralph May: 46:27

Model being deployed right now. Right?

Corey Ham: 46:29

Yeah. Like what yeah. Like what's are are are tiny models? Or are we like is someone running like freaking deep seek one twenty two billion on I don't know.

Mishaal Khan: 46:38

Someone model

Wade Wells: 46:40

that will hit SHODAN, grab the list, and then go query them all, and then that's what you just use over and over again.

Mishaal Khan: 46:46

Think that's what they did. It was just a SHODAN or a census. It's a census output. Census data. There you go.

Mishaal Khan: 46:52

Yeah. They're just running a port scan and seeing, oh, these ports are open, so this must be

Wade Wells: 46:56

to go query them for it. Like, I just wanna use

Corey Ham: 46:58

their own

Mishaal Khan: 46:58

That's something for you to do to use

Corey Ham: 47:00

a Notepad plus plus.

Ralph May: 47:02

Use Notepad. Actually, just get your your OpenMalt or whatever to do it for you.

Hayden Covington: 47:09

Open malt. Oh, God. That's what he's gonna change it to next.

Corey Ham: 47:12

Mhmm. No. Man. Open malted milkshake.

Hayden Covington: 47:16

Malted milk

Andy Petit: 47:17

How else

Ralph May: 47:17

are you

Andy Petit: 47:18

supposed to boost your meme coin on Malt book without burning all your claw tokens?

Ralph May: 47:22

Exactly, Yeah.

Hayden Covington: 47:24

People talk so highly about the OpenClaw thing and people, you know, tweet about how you can give it a trading account, it'll make money. I was talking to somebody whose friend tried that approach and he was like, dude, I lost $3.

Corey Ham: 47:35

Okay. So you gave Dude.

Hayden Covington: 47:36

You gave this AI model $3,000 and said go for it, chief. Try your best.

Corey Ham: 47:42

Make no mistakes. I watch so many videos about it and like every video I watch where people are using it, all they're using it to do is just prove that it can do stuff. None of it is actually useful. They're like, oh, I can do this. It's like, yeah, I'm not surprised that with an API key, it can read your email.

Corey Ham: 47:57

Like, I'm not like, oh my god, it can read your email? Like, I don't I don't know. I mean, it is what it is. But the only way to get any value out of this is to completely raw dog security and just give it everything. Yeah.

Corey Ham: 48:07

Which is insane. Just be like, oh, it can do everything. It can fully impersonate me. Like, I I don't know. I I wanna see the I

Hayden Covington: 48:16

don't know. It's it's like normal server architecture or like anything else in technology. Like, if you use it correctly, it can do some very cool things. If you use it incorrectly, it will absolutely, you know, backfire.

Andy Petit: 48:29

Yeah. Alright. Let's get a Imagine trying to use it for trading. It it'd be like, you know, alright. Buy low, sell high.

Andy Petit: 48:36

Then it'd

Ralph May: 48:36

be Make like

Corey Ham: 48:37

no mistakes.

Andy Petit: 48:37

What? No. Diamond hands. We're never selling.

Corey Ham: 48:40

I mean, it's gonna it's gonna spend more money in CLOD tokens than it would in it would ever make you back. But anyway

Ralph May: 48:47

What about the do you guys see the Panera Bread breach? It was it wasn't just Panera Bread though.

Corey Ham: 48:54

Dude, they got past the bread bowl defense?

Wade Wells: 48:56

Yeah. No. They were

Ralph May: 48:57

They definitely did.

Wade Wells: 48:59

I thought after that energy drink snafu they were going under.

Ralph May: 49:03

Oh, no. So

Corey Ham: 49:03

it was that?

Hayden Covington: 49:04

The caffeine that kills you? I missed that. I wanna once Yeah. No. That's

Ralph May: 49:08

OkCupid and Panera Bread were breached by

Corey Ham: 49:12

Oh, yeah. This is Shiny Hunters. Right? Yeah. This is Shiny Hunters?

Wade Wells: 49:15

Were they were they both on the shared host same shared hosting platform with the WordPress

Ralph May: 49:19

That would have made it more fun.

Mishaal Khan: 49:21

On PHP.

Ralph May: 49:22

Yeah. It was all PHP. It always is.

Corey Ham: 49:25

Yeah. Shiny Hunters is trying to extort people. Yeah.

Hayden Covington: 49:29

Yeah.

Corey Ham: 49:29

And I assume it's SaaS. Right? It's gotta be SaaS. Yeah. That's like their that's their that's their MO.

Corey Ham: 49:35

The Shiny Hunters folks are about wishing people to get access to SaaS. Right? Like, I'm guessing they called up the Panera Bread Bread Bowl manager and were like, hey

Ralph May: 49:43

Supposedly, it was through their SSO platforms and using voice cloning techniques, which resulted in a growing number. Yeah.

Corey Ham: 49:50

Nice. Yeah. The fishing that they're they're big fishing. They're

Ralph May: 49:55

Oh, now everyone's gonna know who you matched with on Hinge, on Match, and on OkCupid.

Corey Ham: 50:00

I was gonna say, what is actually deploy? Or what is actually breached? Like, they I I guess I should be

Ralph May: 50:06

the guy I'm telling you. Tracking information. Usage data?

Mishaal Khan: 50:10

Yeah. IP address.

Ralph May: 50:12

Oh, man. They're gonna know how many Panera Bread orders I made? Damn it.

Corey Ham: 50:16

That's what You ordered 500 pesto flatbreads last year, you freak. What's wrong? I did, dude.

Ralph May: 50:25

Like, 2025 wrap was depressing.

Corey Ham: 50:30

Yeah. I guess address is in the Panera one. People you can somehow get It's actually used for your address.

Ralph May: 50:35

Yeah. Yeah. There was

Mishaal Khan: 50:36

a remember that other breach you guys probably know, the alcohol selling what was that? The website that sells wine bottles and stuff?

Corey Ham: 50:43

Drizzle or whatever. ABT.

Mishaal Khan: 50:46

There's another website that got breached. I had access to that breach, and I had one of the criminals in that breach their email address. And I looked it up, and I saw all the orders they had made for wine bottles, and it was to his own address. So I found his home address based on an unknown email address, essentially. So that's what the breach can potentially be used for.

Mishaal Khan: 51:06

This is this information.

Ralph May: 51:08

It it's like a mind map of, like, de seg de decoupled information. Right? So, like, by itself, it's not that amazing. But combined with other kinds of information sources, they can create a picture of whatever whoever they are, what they do, and, you know, where they are.

Corey Ham: 51:26

Yeah. I mean, breach is not good. I mean, it's it's a ransomware group, they're financially motivated. It's kind of, you know, it's like, should they pay the ransom to protect their consumers' data? Sadly, from a security perspective, no, because this will have no blowback on them.

Corey Ham: 51:43

So Mhmm.

Ralph May: 51:44

That sucks. Oh. Employers discovering your dating profile, risk of doxing, there's tons of things like that.

Corey Ham: 51:51

Yeah. Alrighty. I got it.

Wade Wells: 51:54

I got a good one.

Corey Ham: 51:55

We have yeah. We have like time for one or two more. Alright. There's a lot of good write up. There there's a lot of good articles.

Corey Ham: 52:01

I like well, we'll do like a lightning round at the end.

Wade Wells: 52:03

Alright. Okay. We could do that. This one is just interesting because we finally see Russia using good network equipment.

Corey Ham: 52:09

Oh, yeah. So, yeah. So basically, the article is that Hunter Brooke does anyone know who Hunter Brooke is? No. Someone that took the space out of their name.

Corey Ham: 52:22

First name Hunter, last name Brooke, but they don't use a space in their name, says that Ubiquiti, which is like my personal choice of fun home networking equipment and a lot of Should people be for most people. Yeah. It's it's it's like a prosumer type network. It's not really enterprise ready, but it's like probably overkill for most small businesses. Essentially, Russia is using it to power their battlefield communications.

Corey Ham: 52:47

I gotta say, it makes sense. It's open source, they don't have visibility or it's not open source, but it's like self managed. They don't have visibility, they don't have control. Like, it's kind of a bummer they're getting abused by Russia, and I hope they don't get banned or anything like that. But, yeah.

Corey Ham: 53:02

I mean, this is the the selling point from a privacy perspective is that it's self managed and self controlled, so it makes sense that it would also work for Russia. I'm sure that Ubiquiti right now has like 18 missed calls from the US DOD. Right? Being like, hey, how's it going? Can you get me can you get me access to this control plane, please?

Corey Ham: 53:22

I wanna create a new VLAN.

Andy Petit: 53:23

I feel like we need to take everything in that article with a giant grain of salt. Because if you look at that last paragraph, it's like, Hunterbrook Capital is short on ubiquity based on this.

Corey Ham: 53:35

Oh, no. So it's a capital company? No. Yeah.

Andy Petit: 53:40

This is just like market manipulation.

Corey Ham: 53:42

Okay. I wanna see like This all started from one guy who like found a screenshot and was like, that's interesting. Mhmm. And then, yeah.

Andy Petit: 53:49

Based on Hunterbrook Media's reporting, Hunterbrook Capital is short, ubiquitous. Two entirely different unrelated companies, I'm sure.

Corey Ham: 53:58

Yeah. There's a Hunter Brook Security which operates completely independently and and it's completely separately. There's a Hunter Brook Capital which makes decisions based on everything that one hundred Brook Security discovers during their research. Don't worry about it. It's actually Claude Bot, anyway.

Corey Ham: 54:15

It always is.

Hayden Covington: 54:17

Always has been.

Corey Ham: 54:18

Yeah. Maybe that's the 2026 version of the Big Short is like, you gave all of the hedge funds control to an AI?

Andy Petit: 54:28

Now, if we wanna talk about companies fueling Russia though, maybe it's Fortinet and Default Credits, The the the Poland cert article

Corey Ham: 54:40

we have. Yeah. Was that default creds? Is that the entry mechanism?

Andy Petit: 54:46

It was it was Fortinet, vulns, and also default creds, also just like, LOL, really guys?

Corey Ham: 54:55

Okay. Basically, just to kinda zoom out for those that haven't read all the articles. Poland Cert published a really interesting write up in essentially how someone attacked their grid. And it sounds like they weren't super successful. I mean, were successful in compromising the grid and the systems that support it, but they didn't actually take the power down from what I understand.

Ryan Poirier: 55:16

They were unsuccessful in the the final wiper detonation. Their EDR managed to stop it.

Ralph May: 55:23

Yeah. So

Ryan Poirier: 55:23

it it did not shut down the grid and 500,000 Polish people did not lose power and heat in the middle of winter. Yay.

Corey Ham: 55:30

Right. So it sound it's this

Hayden Covington: 55:32

specifically says the final stage was blocked by the EDR. And so, like, It got the white pretty part dang close.

Corey Ham: 55:39

They fully compromised the network, but they were unable to take down the power with that access.

Hayden Covington: 55:44

Yeah. So they compromised it. Their goal though was just destruction and they were held off by, you know, whatever EDR they had.

Corey Ham: 55:52

Claude bot.

Ralph May: 55:54

That's always fun.

Corey Ham: 55:54

Yeah. I

Wade Wells: 55:55

mean, Don't definitely that. Someone's gonna hear that and start deploying Claude bot everywhere.

Corey Ham: 56:00

Yeah. Yeah. So read if you're a threat hunter or if you're a CTI person, read the write up. It's really interesting. I think it is a good demonstration of like, if you have good safeguards, and you might actually avoid a dangerous attack like this.

Corey Ham: 56:15

And so having defense in-depth, why do you have r why do you have EDR on your OT systems and in your RTUs and stuff for this exact reason. So I guess we're really lightning round, I also wanted to mention the really interesting write up of like the Google takedown of a residential botnet. I'm just gonna throw it in there and recommend people read it. But essentially, they took down a residential botnet with that was apparently abused by 500 different threat actors or something.

Mishaal Khan: 56:47

That they know The VPN companies.

Ryan Poirier: 56:49

Or that they were tracking?

Corey Ham: 56:50

Yeah. Well, the VPN companies are just the those are that's the botnet. Yeah. So yeah.

Ryan Poirier: 56:57

Yeah. Remember, if you're not paying for it, you're the product.

Wade Wells: 57:01

Yeah. Oh, they have the name of all of them right here too. I didn't realize that.

Corey Ham: 57:05

Yeah. The names are there. I mean, I will say like, these companies this is one of those things of like, good luck sourcing ethical residential IPs, like Yeah. You know, it's it's like, can you find chocolate that wasn't had that didn't have slavery in the supply chain, like, yes, we have to work hard. This is the same thing with residential IPs, like, most of these are sketchy sources at best.

Corey Ham: 57:27

And, yeah, it's not great. It's a good read up or it's a good write up

Ralph May: 57:33

I get paid for people to use my Internet. They

Wade Wells: 57:37

Corey, you sent that Raspberry Pi to my house. It's been plugged in ever since, like

Corey Ham: 57:41

Dude, that's just my that's just my backup server. Don't worry about that.

Ralph May: 57:44

That's how I make money now, is I just use my internet for people pay me for it. I'm not sure what they're doing.

Corey Ham: 57:51

That that that blinky box in the corner, no one ever talks about it.

Ralph May: 57:55

Yeah. Yeah. I got too many. I can't take care of.

Wade Wells: 58:00

Zach prompted, who who has classes coming up?

Corey Ham: 58:04

I don't know. Someone's doing dishes in the back. Whoever you are,

Wade Wells: 58:08

you're you're doing a great job. My

Mishaal Khan: 58:10

my microphone is too sensitive.

Corey Ham: 58:13

I think someone's destroying all of your dishes. Yeah. You might you might wanna you might that the robot the robot in your house that's trying to do dishes It's my robot. Yeah. The guy with the VR controllers, like, trying to stop dishes.

Mishaal Khan: 58:28

It's the knees of the robot cracking, you know.

Corey Ham: 58:30

Yeah. Alright. Too much work. Anyway, good plug. Good plug.

Corey Ham: 58:34

We got two classes upcoming at Mile Hackenfest in Denver. Virtual options available. You got Hayden, you're teaching a class, and I guess Mishal is also teaching a class. Ralph, are you teaching anything? Wade?

Corey Ham: 58:47

Anyone else?

Ralph May: 58:47

No. No. Nope. I've taken the Next Level OSINT class. I took the first one, I think.

Ralph May: 58:52

I think it was the I think it was the first, like, public one.

Mishaal Khan: 58:55

I think both you and Corey.

Ralph May: 58:56

Yeah. Yeah. It was a great class.

Corey Ham: 58:57

It's good.

Ralph May: 58:58

So if you want Yes. If you wanna learn some OSINT stuff, yeah, super fun. And since OSINT, you can do it live. Right? You know, you get to really experience it right there.

Hayden Covington: 59:07

Mhmm. Nice. Hayden and

Mishaal Khan: 59:08

I Live targets.

Corey Ham: 59:09

Mhmm. Oh, yeah.

Wade Wells: 59:10

Hayden and I do have a webcast coming up on over whatever. It was up there, now it's not. Doesn't matter. Most of people are listening to it. Okay.

Wade Wells: 59:17

There it goes.

Ralph May: 59:18

Oh, good Good

Corey Ham: 59:19

A fireside chat? Is the fire Yeah. Just a GPU?

Wade Wells: 59:22

Yeah. That's all we're doing. It'll probably be just be us talking about AI and Blue Team stuff going back and forth. Probably. All things Blue Team.

Hayden Covington: 59:32

Jerry's just gonna play lurk on his magic decks in the background.

Corey Ham: 59:38

Nice. And then, I guess, we also have the upcoming Sock Summit. Yes. I don't know anything about that, but the logo looks sick.

Hayden Covington: 59:45

I mean, it's gonna be a bunch of talks around Sock and Blue Team stuff. There's gonna be some workshops, plenty of talks, I think maybe even some training. So it's gonna be pretty sick.

Wade Wells: 59:55

Are you

Corey Ham: 59:56

talking, Hayden?

Hayden Covington: 59:57

I am. Yeah. I have a workshop or a talk. I can't remember which one. It's one of those.

Wade Wells: 01:00:03

I had two yeah.

Hayden Covington: 01:00:05

So mine mine is a talk that's preceded by a workshop in a couple weeks after that. But my talk is all around how to take basically CTI and turn it into detections.

Wade Wells: 01:00:15

Great. Thanks a lot. Thanks for ruining my

Corey Ham: 01:00:17

talk idea. No. I need

Ralph May: 01:00:20

to take like an hour and build a pew pew map with vibe coding just because I think you can make some pretty cool ones now. Would be good at your software Oh,

Hayden Covington: 01:00:28

yeah. That's a good idea.

Corey Ham: 01:00:29

I wanna see here's what I wanna Okay? Here's here's my product request to whoever vibe codes things from Discord. Here's what I want. I want someone to make a thing that monitors your AI queries and then builds visual representations of what you're asking for and just displays them as videos. So like, if someone is asking for a way to bypass some security, it'll make like a graphic of like a computer with like a pew pew going into it.

Corey Ham: 01:00:56

If someone's asking for a recipe for waffles, it'll make like a graphic of like waffles being creative. If someone's asking for like, am I hey, send this email. It'll be like a little graphic of an email. I just wanna know like graphically, what are my users doing? And then when it starts shifting to weird stuff, it's not like a pew pew map.

Corey Ham: 01:01:14

It's like, oh, someone there's like a horse that just stabbed a guy and then lit it on fire. Okay. We need to go find that employee. Back trace that IP. Find that employee, who sent that query in.

Corey Ham: 01:01:26

So what you're

Ralph May: 01:01:27

saying I'm here

Mishaal Khan: 01:01:27

sure the three letter agencies have that running in the background.

Corey Ham: 01:01:31

Yeah. So

Hayden Covington: 01:01:33

here's

Ralph May: 01:01:33

What you're the old sending is you're gonna take an AI query, which is text, And then Yes. Which which takes some computing to, like, respond. And then, when once that responds, you're gonna send that to another AI

Corey Ham: 01:01:45

Yes.

Ralph May: 01:01:45

To spend even to make a

Corey Ham: 01:01:46

Yes.

Ralph May: 01:01:47

To make an image so that it can send an image and then you can interpret the image from what the text was.

Corey Ham: 01:01:54

Yes. Correct. It's whole new detection development. I'm loving it. I'm loving it.

Corey Ham: 01:01:58

Okay. Listen. This is the new version of a pew pew map. It also could be simplified down into like a smiley face or a sad face depending on whether the queries are positive sentiment or angry sentiment. And then we can just see the mood of the company.

Corey Ham: 01:02:11

It's like a mood for your company. Alright?

Wade Wells: 01:02:13

It's reminds me like during the Sans talk when like they have a person drawing out the person's talk as they go. Right? Where they're like drawing arrows and boxes and stuff like that and like circling thing like Yes.

Corey Ham: 01:02:26

It's like that but with AI.

Wade Wells: 01:02:27

But with AI, I'm down for it.

Corey Ham: 01:02:28

Exactly. Yeah.

Ralph May: 01:02:29

You could totally another job.

Wade Wells: 01:02:33

Replacing another job. All They're replacing everyone's job already. Right? All I have to

Corey Ham: 01:02:37

do is Who's job did PewPewMaps replace then, by the way? The guy who used

Mishaal Khan: 01:02:41

to draw manually at Sans.

Hayden Covington: 01:02:42

That poor That guy.

Corey Ham: 01:02:45

One Sans guy. Okay. Let's get into CTF winners. Obviously, our conference is next week. Ryan, we don't have a show next week.

Corey Ham: 01:02:52

Right? Because it's our conference and we're gonna do it live. Is that correct? We're do it live.

Ralph May: 01:02:56

I think we're do the show we're

Ryan Poirier: 01:02:58

gonna do the show from Wild West Hacking Fest.

Corey Ham: 01:03:00

Sweet. So no show on Monday next week.

Ryan Poirier: 01:03:03

Yeah. Not on Monday. It's on Wednesday.

Corey Ham: 01:03:05

Sweet. Different time. Different time, different place. Get scared. I'm scared.

Corey Ham: 01:03:11

The CTF winners. We have a winner for one year of anti siphon on demand training access, which is a huge we don't know the value. We can't calculate it. We tried to put it into AI and just said not a number. The winner is Alex Broke It 29439.

Corey Ham: 01:03:27

Good job, Alex. You broke it. Congratulations. And for anti siphon CTF, there's no winner. So I guess, try harder, everyone.

Corey Ham: 01:03:37

I don't know if that that CTF must have been really hard. I guess there's no one guy. Them now. Yeah. But Exactly.

Corey Ham: 01:03:43

Put it into Claude AI even harder. Okay? Like, I don't know how Try

Hayden Covington: 01:03:47

using Thinking mode.

Ralph May: 01:03:49

Yeah. Try

Corey Ham: 01:03:50

yeah. Use a more expensive model next Yeah.

Ralph May: 01:03:52

Keep revving up the model until you get the answer back. Also, gaslight the model, it will do better.

Corey Ham: 01:03:58

Yes. And then the model will gaslight you in return. The cycle of life. That's a good place as any to end it. Thank you all for coming.

Corey Ham: 01:04:05

We'll see you all next week. If you're gonna be in Denver, stop us, say hi, introduce yourselves. We'll see you around. Bye, everyone.

Mishaal Khan: 01:04:13

Bye. See you.