Industry sign banking massachusetts moving checklist computer
and look it is a little thing because it's telling it starting then I mash just hit over here it'll tell me the stream health premium content and then it's gonna confirm live and we are not we are live Alexander at the button hey where do I have visa coming from some ad on YouTube buy some hat on YouTube alright nice yeah you know they got you with the good ad action you know yeah yeah yeah alright we are live how they got hacked episode seven seven seven seven lucky number seven yeah I see someone already arty people jumping in a live stream here and yes I'm gonna we have it set up so we can cut between things so you don't have to look at us the whole time you even cut back and forth nice so I got that and so Tom Lawrence Xavier D Johnson more recession all right so we got that covered so it's live it's working a six people already here we're gonna do regular show and we're actually if this works out well we're gonna do it live all the time is because it seems like a really good idea one tell us if the audio is working everything looks like it's working but I've never hooked up microphones to a live stream so someone comment on there if it's not right or if you have the video just hit play on it and see if it does it anyways so I make sure is audio I'm using some remote Oh system so he can't do it didn't even listen to my we have people saying we're all good so now we can actually get into the content to this awesome hold on before they acts yes I am using two laptops one hack top has a fan problem it has died on me but it has all the cool stickers so I just put that on display for you guys while I use my other you know anybody wants to fix a fan problem we don't for it yeah we may or may not be down for a fan fix yeah um actually someone said the cameras off is it too dark cuz I'm actually looking at the screen and see and it's too dark these are all those first time we did a live questions and I'm looking back for some audience feedback here I actually think I can step the brightness up one say I'll do that you guys can keep talking because we got all kinds of fun stuff on the apt hack woo yes people know apt means hey you can learn today good old apt hacks yeah I'm not a fan of fixing fans either mark Remus no but I mean sometimes you have to if you don't want to buy a new computer which I'm definitely all have to do because I don't that looks way better I can do this computer alright look at this okay all right maybe not level know that it's well I think it's I don't know I'm not gonna worry about the level that is beyond me we're crooked today so the first thing I'll bring up is uh the Microsoft hack do you guys see this the Microsoft hackers compromised support agents credentials to access customer email accounts and it was kind of an obvious like if you this is a TechCrunch article and it's seven hundred seventy three hundred million emails passwords dumped blah blah blah you know lots of excitement here but the reality is it sounds like it was just a really targeted phishing attack against the support side of Outlook calm so this is not exactly a Microsoft compromise and I think I've talked about it before Microsoft does a really good job of operational security I've actually watched some of the Microsoft even been to at their conference how they do things it's it's tight there's a reason you know you're not seeing Asha to as your data center hack and things like that I mean they do tight operational security and so it's a little surprising because I know this is an arm of Microsoft but then again this is the consumer support so we're probably gonna say some of them may have been outsourced or something like or maybe somebody opened up a you know a word doc or something like that yeah I don't know is much like how related this is to Microsoft in terms of is this the same internal teams you know I mean this is probably someone different but it's still a a really one of those things that you're gonna have that you're gonna get those it's sad but we use free email services this is some of the risk that comes with it they don't maybe they don't put their best and brightest on it what do you think and so one of those guys click the thing and then got in there and it doesn't sound like they could read emails but they did have the ability reset passwords if I does that believe this what the article said reference it again hello I can just press a button we're sharin so you have to look at us all the time so we can jump to the screen Microsoft did full disclosure we're gonna see because they are complying with GDP our EU data protection did respond so they have entire like all the different divisions Microsoft's doing everything by the book covering one the breach happen they have all the different threat fishing stuff so it's just interesting though that a phishing attack is the part that confuses me that maybe I don't understand is to factor like how do they get around it I mean did they put their two factor in is that how they got into the support people I I don't think I've seen that in the article here of exactly how they got in so that's a hopefully more details will be released but yeah that formally crazy that I haven't I Microsoft they're not someone I associate with that level of attack so ah scary stuff there yeah it's not really a good sign but it shows the persistence on there and from that we'll dive into the deeper topic is this one here is the Taj Mahal if you haven't seen this this is I don't know how upset is your stomach behavior so this is this goes back to what we've been saying about you know detective controls detective controls guys you have to be able to detect if people are in and that's not necessarily easy but I think it's a must because how long do you guys think enough for like five years like five years yes so and this is so the Taj Mahal Kaspersky discovered it and we started to talk a little bit before the show it on my Colin let's hit the live button the stock bought this in the show one thing about you know Kaspersky Russia you banned in the u.s. etc et-cetera we're all a lot of us have spent any time with them we're aware of that but now we have Kaspersky you know doing some really days whose hack we talked about last time the Taj Mahal this is advanced persistent threat everything about it is so advanced this is not like some amateur created thing this has plugins this has its own encrypted file system this was undetected for five years that they found signatures on here so you're talking about a just a major super advanced system here it means see if I can zoom in on this page here like it's just it's just crazy I am just blown away at the level of everything nation state for sure it's safe to say that this is action state stuff and you know it's always so fun digging into some of these nation's nation's state advanced persistent threat it is yeah of attacks because you learn stuff right like who me personally as a red teamer oh I can't fathom being an assistant for five years me me there that's a long time coming in and I'm trying to get out yeah quickly as quietly as possible so you have the moduli TV framework thing you have the initial attack that is so unknown they don't know how they got them there the modules the backdoor pot PowerShell scripts CNC command remains in the victim as a backup 80 modules encrypted vault filesystem plug in libraries configuration hunt Stockton's visual audio files website cookies can also take printer q burn cds and reinstalled sticks now this is what's crazy if they they can gather lists look at those lists on the USB stick and wait and then put a command and control say hey when I see that file that says the you know those the list of secrets whatever the file is they're looking for when it finds that file a second time then exfiltrate it and this is how you go and radar because there's been a lot of times when you have hacks and what these hacks are exposed by is mass exfiltration of data so all of a sudden you're like wow my outbound bandwidth is completely peaked and I can't even stream YouTube because I don't have enough bandwidth to stream it something appears to be dumping data there was there was a breach it was like face palming there was a company that did medical imaging the breach the reason they found about the breach was because not their security team by the way which loosely will call them security team only in title not even in spirit their team that ran their operations at the data center was getting all these complaints and customer tickets open for slow access to the imaging systems it was because they were actual trading at full BAM without like they were moving terabytes of data of all these medical images out and it was only when the customers complained that it was going slow that they go wonder why it soldiers not even that many users using it but there is a pipe going out to where somewhere it shouldn't somewhere so yeah that's one of those things - it's like it it's just well those things like you you've got to have this monitoring on there you've got to be able to watch it and but even then this company knew or whoever put this together knew how to fly under the radar they're only looking for the files are not actual trading them so they're doing that really it's really low bandwidth of a couple kilobytes couple kilobytes nothing even trip your anybody to be aware of a couple kilobytes here oh I got that fireless I don't want to extract all the files and sort them out that would be great that's like red team grab them all figure out what's important grab them all why you have the time while you're in before you get caught this is that really slow persistence and wow it's it's a scary hack it's so advanced and it's methodical and it has to be nation state oh man that is really really deep and so do we understand like what they were that's well and this is what goes a step further when you dive into it I'm going to show the link over here when you dig into the framework of it it has an entire encrypted file system so even with Kaspersky's knowledge they have of it in discovering it they can't get inside of it because it's got its own encrypted file system and when you think about that so you're you're covering your tracks really well with this so there's so much thought that went on there the good news is the best news is you know and because unfortunately security is very signature based we have signatures we've identified it so we can find it the hashes are out there and it's like it said hats off to Kaspersky again for doing this level of security research and identifying these files creating the hashes and putting it out there so are all of our different tools can be updated and start finding out if you know we've been poned as well indicators are compromised I don't know yeah so it's really it's really tricky but definitely wow this is some good security research here really happy and it's one of those you didn't know how you're hacked but then again these people flying under the radar would you as an individual even be a target with your personal computer not as likely your company well here's a question does your company do government contracts or have something they want they probably only and this is one of those things they do to keep this under the radar they're only doing it on those targeted companies because they don't want it discovered exactly yeah and oh my god I just had this conversation with a few friends inside of the mi SEC slack channel and they're like whenever you ever seen any of these attacks I'm like good I've worked at General Motors in General Electric like they're government contractors I see these kinds of attacks all the time like they're actually people who are dropping thumb drives at their instance like it's happening yeah this is going on on an absolute persistent basis so yeah it's out there it's not it's not just you know some Chinese visitor former logo or that which I'm still kind of fuzzy on the details I keep hearing conflicting stories I want the Secret Service thought that they watch this show but if you are completing they may we want to know was plugging the USB in procedure because it was an analytics opportunity or was that up oh yeah that's unusual behavior that's unusual behavior because that's what it said in the testimony no fuzzy I don't know I I don't want to think badly of government because I've know the government has put together some really you know follow darknet Diaries actually episode operation bayonet the government did some of the you read that one yes that's a great episode of darknet Diaries operation bayonet is outstandingly detailed on what the government did on a two and a half years like if you're impressed on the government side they read a took down bad guys so it's not like you're mad at them for you know falsely accusing someone they did take down bad guys which is it what you want them to do and yeah they they were very clever they were sophisticated as the attack they were performing so the government does have operational security and at levels that are quite impressive they're not the fuddy-duddy amateurs that were when anonymous happened and the government themselves got pwned trying to pawn anonymous like that was a joke back then yeah they are the US government has really stepped it up so I want to think that there's some cyber security training going on at the higher levels in the Secret Service that is much better than plugged it in but then again this was he's the guy that like I don't I don't know how this works in tears at the serious like it was he's just the guy that they're like look you you wave the wand around people make sure there's like no metal detector it should just be a rule that you don't plug in a thumb drive like person that you fix so it's like is he the guy that just drives a golf cart like he's new he's plug in thumb drive some plug-in thumb drives don't go work for the Secret Service if you want to put thumb drives in the computer that's just like because now that could have been the plan the whole time to get caught and get my thumb drive inspect it right by them and deliver my page that's an attack factory you know what do you mean get it on the network hit it I do what's in here I don't know it's a check bags all right well thumb drive you have to misdirection all right something else could have taken place while we detected now we're ah yes I like the point I said he unplugged it quickly after he noticed it started sending commands to his computer as soon as he plugged it up yeah let you know it was a live computer it wasn't a forensic computer that's usually offline yeah cuz you know Spurs especially when you're Danna lysing these forensically because of even with Bab USB even a Linux computer can be at risk but you take an offline computer Linux is a little bit safer because most these are going to be targeted towards a Windows computer with autorun and it you know kind of the expected Windows 10 maybe less secure cell well then xu likes doesn't auto run and it doesn't run Windows executables natively therefore when you plug it in excluding things like bad USB where you you know maybe could figure out an angle for firmware you would you can forensic ly control the USB port and watch it step by step like you can lock it down and you would obviously just an offline detached computer to do that analysis on there so you you know you're doing in a very controlled because that's not what they're expecting is a controlled environment and even then your air gap so you don't really completely poem that whatever computer cool so yeah such a thing ah CEO cheese's hilarious why is he hiding his mack behind the other laptop it's okay little fellow you probably weren't here when I explained it yes I do have two laptops my other hack top has a fan problem and so it died on me I would on display while I use my other hack top shut about the nacho-cheese cuz that's a dope-ass name but I knew someone was gonna notice but thank you for noticing that's the best part of all live I feel loved it throw a wrench in there real quick mmm throw it in there so it's the Dexter you want to jump on the WIPO hack oh my god we're on we broke oh my god we promised some bad
tuff going on here so let's go ahead and pull I had to pull up crebbs latest yeah what's really interesting is that this was targeted at not only repro but other people that are you know consulting agencies like cognizant and yeah you know mm-hmm that this is this is interesting so it Krebbs and security has a lot of breakdowns and I'm not gonna play it in fear of some type of getting flagged on YouTube but Brian Krebs even has interviews and a phone call with them and you got to start with the title how not to acknowledge a data breach so yeah there's a lot that goes on here now what the thing I really want to talk I'm not gonna read the whole Krebs article but trust me Krebs is hands down one the best security researchers out there a very very thorough with this blog it steps you through the entirety of what happened but what's interesting why Pro is an outsourced IT company and Krebs also breaks down some of the other details that's important so I think something was going on because they're being sued I think it's Nebraska sued them for a botched IT install there's a whole lot of fumbling around that why Pro did and this is where I'll go a little bit not fact but at least interesting basis there's a few commenters in red said I worked there and they just were not solid with operational security they let things go kind of loose and this is hugely important because I work as the N MSP I work as outsource IT for other companies and companies like my mind is pretty small and I don't have any DoD clients so probably I'm less of a target but these companies do they do specifically outsource government work over in India so and you can't crack the government because they hey they have a solid system they don't have easy systems get into they're well supported but then you crack the people that support them and that gets you you're in you go where the passwords are why do you rob the bank because that's where the money's at well you can't get the money out of these companies but you go to the bank you go to the bank a password you go to this white Pro go to the sysadmin because he has root access and you know even peel op is is not necessarily the best practice there because you know or principle of least privilege for all those that will peel out means because as the madman I need admin rights I need star dot star I need s you would be able to do my job so if I get pwned and you have my keys and I don't have the correct detective controls set up to be able to say hey I know somebody is now connecting from the computer that they generally don't connect from like game over yeah zero-sum so this is it likes it because why Pro has their fingers inside these companies that's where things get really deep they're very they are doing the admin work out sourced and this is also why you know one of my friends works well you you take jobs but one of the things the hospital did locally here one of the big ones they decided not to use any outside contractors because they they posed a risk that they just couldn't mitigate they're like wow because ultimately you as the business owner if you own a business you are responsible if you hire an outside firm where you have an internal security team you are the one who pays the fine and the hospitals some of them have gone through a ruling of no contractors they decided everyone has to be internal and that's it that's their rules because they don't want any persistent access by an outside IT firm unless they feel they can trust that outside IT firm and and this is exactly what happened here so this hack and this is also where we'll relook from Krebs here Bob from also claimed his corporation was hit by a zero-day attack actual zero day vulnerabilities involves someone infrequent and quite dangerous weaknesses in software and/or hardware and I thought about but this is what really is probably not true this is what Krebs is talk about how nonsensical is a breach they don't think it was a zero d'etat sounds like it was just a basic phishing attack Adam so that's where these guys are trying to play it off but now what's happened think about the the bigger perspective here this company gets hacked they have all these government contracts one after another after another you know how many compromises now are in question all these companies so how long were they in in hold on you got caught with a phishing attack and you're an IT company that we were relying on to build infrastructure mm-hmm how long were they there and this is where we don't have a lot of answers at all but Wow think about all the government contracts that now have to go through and all these places going all right who uses Y Pro and there's like you know 50 different people at Evans at States raise your hand across America going oh yeah they were kind of a preferred government contractor for outsourced IT so now every one of those companies has a big question was one of these apt threats was the Taj Mahal did it come from India from an outsource Indian IT company that's a great question where did this come from our white pros been around for a while this is just a disaster I mean this is top to bottom this is bigger than a lot of like I don't see it giving the news press but because I think it's a hard thing to explain I'm on your typical mainstream media because this is a hard thing to to register with consumers it's not something that they don't it's not a media dark out Bob Loblaw it's not a conspiracy it's just this is a really hard thing to understand but as a domino effect is really my point you know once the IT vendor has been compromised every project every project they touch much you get at least we know it's been for a few months it could have been even for longer every project they touch is going to be brought into question they stood up a lot of government infrastructure that all has to be audited all of it you already were under such a mess for hire you already under such capacitors like set such a low with regard to capacity that you felt that you need to outsource this so now you're on a you know hire people to come in and like you know comb over everything that the last dudes did and then also what if those last duties are still working on something where they maybe 60% of the way through with with something that they were working on and they didn't have good documentation and you're ready to counsel the contract and you may be losing where it may be a black box what if they litter cuz a lot of consultants I know a lot of consultants I used to be at this object we thrive on black boxes here you know you wanted you to take it out of the source code in the box but when you can't run and call me all right like we Pro could be in that exact same situation where they've just been handed over black boxes because that's what companies like to receive and consultants like to give so this gets really icky really fast and it seems like there's gonna be some opportunities open and you shortly ya know if you're in the market you should be for long yeah and the government's gotta you know now they have to think about that and this is you know this goes back to and were you ever in the market in the early 2000s when outsourcing became a big deal for a lot of coat outsourcing and things like that I was I worked in when I worked in corporate that was a big concern and there was a this is before there's regular data breach and I don't know what the statute is so I won't say all the company names I was involved with but this is the kind of stupidity that went on when we were working in corporate you may be if someone's going Millington and maybe make some assumptions here but I'm not confirming any of this maybe you have a large database that you check with customers for credit maybe you know and thought about this in around Oh 2002 when you're first building online credit application stuff to check for so your customers can buy things from you and maybe you took the production database and gave it to the outsource firm in India and you don't think to even redact anything out of it social security number and all the other pieces of in for personal information and maybe then they started using it differently because they realized they the low bid they had to do it the more lucrative was we're not governed by laws that don't exist yet here in India so now we can start using this data for I don't know you know fake credit cards and everything else because it's more lucrative than actually doing the contract and it turned into a big disaster outsourcing has been a big pain in a but especially when you go to how do the laws apply to a third party company that's external why pro is big enough that they probably have a u.s. division two for legalities and signing contracts they actually probably have to have some type of presence here for legal clawback but yeah so this is this is very just gets to be a disaster it's a really bad one and it makes it I don't know it kind of it kind of excites me because as far as far as I can remember we Pro isn't like an american-based company no no no they're India this is I don't want to sound this way right at the risk of sounding this one live I'm pretty excited as an American engineer who potentially could be picking up some of this work rights you're gonna trust me a little bit more than you would some offshore guy just because of this exact instance I mean not saying that that just because I'm unsure it makes me less you know shady but in reality when someone isn't under the same scrutiny laws as youths it's harder to sue them it's harder to bankrupt them it becomes much more lucrative and much more yeah that was it and I you know I doubled that she owns about two years ago someone has spent a lot of money they but they went with lowest bidder they went overseas and they were buried because the project wasn't going well and they just trying to you know they contacted us and I said well this is kind of a mess and it was a wet development project now it's like I can't really like you just has to be recoded they were using two years it was like two years ago that we were working on a project with it the outsource company was using really old PHP code to stay and all this up I'm like this is all deprecated code here like these are some major security problems you have with this I can't recover it I mean they had like Global's turned on and it was a few years ago I know they a global variable start on everything I'm like this is just poor coding but when you go to some of these third-party you know it's it's not anything about particular because it's India but when you're trying to find the cheapest and there's a bunch of people trying to do it for the cheapest that doesn't necessary you get the best yeah I know that's what happens with some of these it's just unfortunate it's not that I think there's some brilliant people there in India but I bet they're not the lowest bidder all the time yeah so that's my thoughts on the way pro one like I said and I worry about it a lot as my company I see constant attacks on the software we use I had my own little panic the other day which was a false positive yeah why so sericata got tripped and it was a worrisome thing but it turned out Steve was cool it was Steve's computer that tripped sericata and it locks some things out and but it turned out completely to be the rudia was seamless China solve a security problem with a customer they had just had a bunch of shady websites registered and stuff like that but while I was doing that I had also looked at some of these logs and I thought the two were related its money putting a relationship together it didn't there was a series of hex requests push requests coming in and one of my remote servers they were just hammering it just coincidental at the same time these two things are happening this is one of the reasons you know I pull up pfSense you do correlation real quick I also you know I've talked about I am another video any of security any chart Chinese there any correlation between these connections in this connection it wasn't any in detective controls yeah and then and then Steve I messaged Steven Yeun the message me back right away because it was in the because of the timing because we still do in support with the client any messaging back oh yeah everything's fine I the client was that website you sent me was because the client had all this stuff registered and we're gonna details of the client in case they're watching and I'm not I don't share any client details but still they had done some bad not bad not good things whoever set their stuff up before we took it over was not set up right so they were using some weird sites and enough to trip's terra-cotta at least this way but this will think that's why I have those tools on there and it's also I tell people who wanna run stare cuts Erica is not a set it and forget it because if you said it forget it just blocks and locks out or in a very good things and it's also you have to kind of still do analysis on it humans still have to get involved I'm gonna be covering and we do use even we use our own tools that we sell like conscious labs that's well loaded on the computer that Steve was using to do the admin which by the way I'm setting up an interview for them so so we he's a hacker so the guy who is good that's gonna be I'm excited about that coming up so I want to address the question and actually came through um from Robert Odom that says if you could give advice for those and IT Help Desk grows that may want to go into security I was thinking about cloud security Sturtevant early I'll give my two cents I'm always happy to try and drive people into a cyber security so I would say practice capture the flag you know join hack the box heck the box that you use yeah pack the box ID you I'm gonna type that in here um virtual hacking labs comm I don't get paid by the ADIZ people so I'm not giving out like promos or referral codes or anything weird like that though those two I can tell you immediately will take you from 0 to 1 if you want to go from 1 to 2 I will recommend going for your OS CP or your Jeep in you know and the Jeep in is not really cheap so if you're working on IT Help Desk role it may be beneficial for you to go ahead and try and get your osep after you've done enough CTF to feel comfortable all right beyond that you know get involved with your local community come out to DC 3 1 3 or DC enter your at your zip code or the area code here alright so you know go to these conferences meet people don't be ashamed to say that you don't understand things and and keep that that curiosity and you know alive and actually exercise it alright so there's ways to get in is it's hard especially depending on where you are in your in your journey right so IT Help Desk to go straight to security you're gonna have to really show some some really some some cool moves I guess it's the best but I mean to get into a row maybe that's less directly you know going straight after pen testing or bugs or something like that maybe moving from you know help desk to may be sock engineer right ask us the engineer where you're starting to you know start to do incident response and and they may be moving in a threat hunting and kind of understanding a life cycle of you know the life cycle of a vulnerability I think is is something that would be super important to someone who is looking to get into cybersecurity in general so those are my two cents mo I've been actually mentoring and getting more involved in cyber security so he has a really good perspectives on it so I'll give him the floor I mean I've been using Hector box EU it's been a it's pretty good you know learning system to teach you how to not only get into machines but navigate through them VHL I'm using in preparation to take the osep it's a pretty good program also it I definitely will recommend VHL for anyone who may not have as much prior experience to routing machines it has great course work it is very thorough and I'm not getting paid by them either so this is just from my experience the opposite so yeah I would definitely that's great advice I would try those two to get you in a direction like always get involved with the community with the security c
mmunity and just network and meet people yeah you you know one of the things in this is one things our passion was sharing all the knowledge we have on here someone said I think the last one knew we were pompous or something like that are full of ourselves but honestly I don't think that's the right perspective like we love sharing knowledge I like sharing knowledge evident my YouTube channel has like almost 800 videos on of me just dumping knowledge on YouTube we like sharing this you come to DC 3 1 3 you know it's funny I brought my son for a few minutes last one first thing Xavier sees my son he hands him a lock-picking kit like that's how we all are we want everyone to learn we want people to get better at this when I'm at the end of the day he picked the lock and when I'm song the day when I walk in he goes I know you you gave me a lot to play yeah exactly that's that's the attitude you'll find in the hacking community it's why it's a community that I always spend the most comfortable in the Linux community hacking Muse there's a big crossover there because I get this question as comes up in the forums like hey what conferences do you go to and honestly IT conferences interest me very very little because they're always business and they're always like oh yeah sign up for my service resell my brand and you know I'll go to my training class for 2995 buy my book and blah blah versus hackers like what can I dump in you know what knowledge can I dump want to see this cool thing I'm working on you get this very less formal very open community and if you say you're new or like where do you want to start you want to pick a lock you want to hack a cloud that's the community is very open and sharing and I were part of it and we enjoy it it's where you know and that's what this is all about this whole videos and things we put out there's we want to share all this with people so that's and I will throw out there that I didn't mention I think there's it's live overflow I think it's they may have his name right his videos are great he walks you through some of the hack the box ups and things like that so I can he pee sick as well as another one and does a lot of hack the box right at the moment that they retire the box he puts his videos up like yep that's the videos before they even retire the boxes yeah so there's there's a couple youtubers out there that are very like narrowed down will walk you through so go through their previous hacks exactly how they step through things um and it's a time investment you know I mean you got to put some time and effort in watching or sometimes I watch them at like 2x but dude I'll sit there and watch those for judge my wife fence washer for like hours on this stuff and it says I want to get better I don't know everything I mean I granted we're all gonna brag a little because we've spent so many hours doing these things and firewalls stuff like that so you get excited you want to brag you don't put your name on stuff so yeah we're gonna be a little braggadocious of uh stuff but honestly we're all about sharing the knowledge it's not like we aren't we don't want to eliminate anyone from their matter of fact if you can learn everything we know and then get better at a school where we always hats off to those people we love meeting those people that was like I got a guy in the corner over here that like I just met a few weeks ago IDC three one three and I'll talk to daily and he teaches me stuff all the time Yeah right he thinks that I'm senior to him and I think he's that senior to me like it's not necessarily about who was better or who's worse really it's just about being able to accept what you do and do not know so I know things that he may not know right when it comes to corporate policy and you know corporate politics and he knows stuff that I don't know like privilege escalation in finding zero days and in the latest Linux kernel all right so um be willing to go okay I just did ctrl C on a reverse show and I made a mistake and killed the show and he goes oh yeah you just do you know ctrl Z and then you know TTY or ptty and this is how it all works right and you're like oh well thank you right so and I you know I think that there's there's something to be said there with regard to cyber security because the domain is so large that you should have a specific part of the cyber security domain in which you should just be an expert at like mouth security how security expert here willing to say it but like on print I've never done in print I can't tell you how your data center should be laid out what controls you should have in place for your data centers how about this I've never been in a data center I'm a kid that grew up on cloud he's dealt with lossy physical infrastructure that's like when you put together you get your companies you need teams of people you need experts based on what it is even some of the consulting work we do so people ask us those questions are like ok we you have to we have to have an expert on this particular thing I will help find help with some of my clients find an expert and a contractor on that the security onion stuff you know I I'm I'm not an expert on it so in some companies says I need a bigger implantation I reached directly out security onion trap and made the connections going these are the people that stand up security onions in large environments and build sensors at 47 locations for you that you need that is I I'm not the expert that that's what this purchase matter of fact that person doesn't all the time therefore they're the best qualified to do with it security Aegon team the product free but they do have a team help stand it up that's how some of these business models work and so the that's what their expertise is not even debating about hiring them like I've got it so much stood up and I made after I do the basics may contract them myself to help integrate it more tightly into my network you know review I'm not I'm not so proud that I say no I think I'm right no I lost one review my work I mean when you even like look at the panel people that sit here we're gonna go out to topic pretty sure yeah like he does something drastically different than what I do and he has a skill set drastically different than what I do like how much cloth stuff are you working on on a day-to-day not very much almost cause the fur you working on no but I don't talk to humans how many people do you deal with on a day to day I do a lot you still people know all that well how many security questions are you collecting from social media I'm doing none of that right so more than you may want to ask your if you're if you're you know if you're 23 and one of the security questions is where were you you know January 1st 2000 we know you were at your mom's house yeah my mom's house or aunties house yeah there's things yeah there's different aspects to it and it takes you know you watch a red team definitely call them red team's is you not the red guy if the red team breaching it a red gal whatever it's it's usually a coordinated effort to do security Sugar Company I mean we had that speaker a few months ago at DC through and 3 but it's not like he just works in a vacuum it's a coordinated out for it are you're gonna go ahead and give me the the social engineering aspect so I can have some you know some intel on the people involved so then we go from there and it is just a series of steps that get in there Oh three hack Security equals threat mitigation yep it's all best effort I I say it all time a security as soon as I hear a sales guy telling me I'll guarantee security no you won't get the hell out like you're full of it you're full of eh I'll tell me something all right let's jump to the next topic and it's good app 34 hacking angles unique so people may or may not have downloaded that allegedly allegedly the best through there's a password flow that's a good password yeah yeah I highlighted it regular that's it oh that's good entropy yeah I'm honest I'm gonna be happy with that they you know like slow password generator but this is there's a lot here so Wow and my understanding is some of these as of this show right now might still be live so yeah I want to speak a little bit maybe someone who may or may not have downloaded it so basically I'm not someone who may or may have not actually I'm neither one of those but I can say that you know usually when these kind of dumps come out carnage ensues remember eternal blue oh yeah we have yardstick 1 because of the NSA playbook we have rubber ducky I feel like because of the NSA playbook what's the other one um Great Scott gadgets hack hack RF because of that playbook when these types of things come out us as people who like to make things end up digging into it and starting to spread it right and so this is the time or if you're watching this you need to get aware of it look at what the compromised ends up looking like and going and you can put together some kind of threat hunting to be able to do and indicator a compromise compromise writing today right now before the FBI comes to your house or to your job in it so let's dig a little deeper if you didn't recognize the name from I think your very first episode we talked about the Iranian cyber espionage because they're the ones in decision khaki this is basically a dump of a lot of their stuff but unfortunately they didn't dump the tools used by the hacking group they dumped the some of the logins have been compromised it sounds like so basically what you have is you command and control server ting you have the hacking group they have their command control service and then those command control service then talk to the companies that they have pwned well they dump the logins for their tools and CNCs and everything so yeah very much confirmed and so they have the details like it's like if you're the good and bad is there's gonna be better tools the good is also they've now created signatures once again so people who may not know they were pwned by these tools have it so if only if only this would have been dumped oh I don't know how long ago - citric skip pause only a month ago seventh episode so yeah if citric sort of only had this signature information looking for it didn't you know no real details will come out I don't know when the debrief or the citric stuff is gonna come out but that's that come in fact you know from episode one here we episode 7 talking you know about the white bro but it's the same concepts a tooling company that provides I mean Citrix is huge in the government space as well and I think that's a lot of what was exited and here's the you know the hacking group now the other thing that's going on here behind the scenes is going to be whoever dumped all this you know something angered them you probably with this and they have a lot of information that they were holding down yeah because they got down to the nitty gritty of identifying humans yeah this isn't right this is someone just you know WikiLeaks leaking the tools you know because WikiLeaks didn't go oh yeah and by the way Xavier D Johnson it's the guy right when we've seen vault seven we don't we didn't have any authors of it we suspected obviously it was NSA but we didn't know even who or what contractors or what hackers the NSA had hired to write the persistence tools and this is very detailed this is someone had a grudge and someone wanted to stir up the industry so yeah steer clear of these this is the insider or someone with a very strong this those admin I'm telling you man like Systems admins you gotta be careful what does that man types man I used to be a Linux s admin and I know some of the water cooler talk bro like you can't piss those dudes off you gotta be careful in because it's honestly the hackers a lot of them this back to knowledge-sharing I'm sticking her name on something that means a lot more than a bunch of money like when a lot of the times hackers have a day job that pays pretty good software engineering or whatever the things they do are the the real thrill comes and it's a and this is one of the darknet diary ups is actually my friend Phil said he really didn't like it but it was the hacker Giraffe one I like that episode because it's one of the least clever hacking that happened but the hacker draf if you remember he was the one that did all the pudy pie stuff and it's stupid stupid foreigner hacks and things like that like literally what we would you know would have called script kiddies in a day they're very low hanging fruit hacks taking over chromecast and things you know really dumb stuff but what he really talks about in a very personal interview he still has remained anonymous of actually who the hacker draft isn't he shut down the account but he got thrilled the rush the rush of doing it the rush of coming up with a pseudo name the hacker giraffe and then having your name in the news all the news like you know all these chromecast that he sent stupid pudy pie videos to all these printers I mean thousands of printers that he sent print jobs to all with his name on it there's an excitement level and he talks about that like there is a thrill for it it's nefarious it's childish I know it's to the artist it's like a graffiti artist when they do something you gotta get up gotta get up that's like the number one goal it's like let's get the highest point in the city and write something on it yeah it's the same mentality of it and you know just want your name in lights so that some of those hackers are driven by that so that's also why they can be scary to burn because they're they don't care they probably could have sold this data for a ton of money they could have handed over whatever ap app 34 has they could have probably called it one of the brokers that inappropriate in this data and like hey I saw all these command and control servers and things like that they would have paid a fortune for it yeah put holes for sales look like that thing that's sold on the dark web all the time they go nah internet you can have it screw whoever was made me mad today I don't care burned em bridges light it on fire set it all ablaze anarchist so yeah yeah so that's a interesting how all that broke down and we were fascinated by it and but I think that's that's what we have for today is there any questions the audio 114 people have for us I'm really gonna skip over the Weather Channel Oh God howdy nines do they have now we have to talk about the weather here's a challenge for you I want you to go and calculate how many nines now The Weather Channel have in comparative to this time last year because I guarantee you won't be 5 mm-hmm not what the 90 minute service outage we are referring to uptime obviously if you that didn't catch that oh yeah sorry yeah yeah well channel so I seen it and hold on it's pretty rough it's a rough one right um so so when this first happened it was interesting because you know in today's society when when things go offline randomly that they aren't supposed to people panic ensues all right so when I first found out about this it was on it was on Facebook but it was a live feed from a helicopter that was just looking at the Weather Channel in like 20 or 30 minutes later I'm like what's happening at the Weather Channel like why is this helicopter just hovering outside of it and I go to the look and it's like yeah Weather Channel it's been offline for 90 minutes and I'm like oh look what I did did you get the trash file from the Gibson you know I'm laughing because I think one of my favorite reddit comments is do they click on weather and crappy ads because they do have some that's actually pretty good right now yeah ah yeah who takes it I don't know I don't watch The Weather Channel at all but still I only watched her Weather Channel during hurricanes and I'm guilty of this because I want to see people get blown around okay that's when I check it yeah there's definitely some yeah I'm finally good I'll admit there's so much I like watching people fall on ice but that's there you go that's a youtube compilation so versus ice people versus ice I guess there's always a child running since its inception yeah so to go out for 90 minutes that's a pretty big service outage for television TV stations h
ve s LA's that they typically stick to and I believe it's in between 5:00 seven I'm sorry excuse me five nines it's kind of just like the standard the fact of which you don't want to go minion I think that 90 minutes used up about at least one of their nights like this is a big problem for them because like well if if I was sree a site reliability engineer or a DevOps guy hmm you know like where's my disaster recovery where's my fell over like where's my warm standby like where's my high availability what happened I don't have enough insight as to what happened but these are the things that are rolled through my bryant in my brain if i'm the CTO because it could have very well not been a security incident but but then again from what we heard it was a security incident so integrated into a lot of products you know The Weather Channel it's interesting I have a special connection with the Weather Channel it was the second thing that I ever not hacked thing that I never interface with in the first API I ever used and there was XML based it was 2004 I learned how to use XML so I think is was what is considered not think a lot of those little soap driven but and the Weather Channel's API may still be so far as we know but this is just a weird like long you know long way about of a connection but oh my god like how I don't know I don't know much about the heck yeah there's no it doesn't seem to be a ton of information it was this like a distributed denial-of-service was this a ransomware was this a network miss configuration that you know might be a 14-year old script Kitty might be a 14-year old script Kitty yeah it's someone typed admin Abin and it worked that's still a thing yeah um Weather Bug there is a question someone asked they said they want to know how many people how many businesses are you securing and well here's the thing and we don't know and I say that because here's an example of the client we're doing some consulting with NDA I they will not talk about what they stood up in their stack and a lot of companies do that and let me tell you why when you know what a company uses especially a large company and their stack becomes very public you also you gain an edge you know re they're using this and then you find out you're doing your testing like my goals attack ABC company here and I know this is cutie sack they use so you stand up that same security tool and you see what pokes through it you're like I found the thing that goes through it so now you have an attack vector so you never really get because of that edge model you don't always get a public listing of what those companies are using so we don't have good stats on how many companies are using Cisco ice security onion alienvault we don't know what tools a lot of companies use and even when I do consulting work with some of them I'd never mention a man decline one they have that rule in place when we do consulting work just flat-out there's in you undoubtably done the same thing some of the backend that yep I actually it's very interesting so General Electric I can openly speak about this because we made our home we literally made our own enterprise since sir grid and it consisted of more tools than the security onion has and some of the tools that security alien eyes and so you'll you'll go from environment to environment which people have rode their own and for better or worse right so I definitely want to make sure that you guys are aware of that like when you talk about large enterprise you know sometimes those people have the resources and the know-how right the seat the C cell is like you know I want to make my own I don't want to do a security I can then you have like you know medium on the way to large businesses that maybe make willing to make that investment so but yeah what tom says it's very valid right that when I find out I want to find out as much as I possibly can about my target I'm we're gonna go buy hardware this is one great thing I learned from Chris Roberts you know go on eBay if you want to learn how to a katraine go on eBay because trains are getting decommissioned every single day and you can just go and get you know those same parts from Honeywell that you need all right or just go get it you know go get a documentation to understand how the system that you're trying to penetrate actually works and call the companies that make the stuff right it's very easy to hop on the phone with anyone that won't go I need a part XYZ I'm working for this contractor and they're like okay cool whatever it cost X amount it's into my analyst in the part the I'll go also is you know when it comes to the operational security you've your personal so I have some friends that are DevOps engineers they keep their flight plan secret they make sure that there are family spouses things like that do not post on social media where they're traveling to they keep it very very quiet very much on purpose they don't some of them because of where the locations of the data centers that they travel to because if you may know where they work but you won't know when their travel schedule is and where they land at those data centers because they just keep things very very tight it's one of those things no edges in there because of the secrets that they keep and the dev ops level of security that they keep they just want to make sure site is well things it's like it's not super-secret what they do as much as is like we don't want to go many edge we don't even want an opportunity so I never posted hey guess what guess why I'm in Utah today visiting a data center swapping out rack number two like there's nothing about that even take his phone Los Angeles at the hotel so it's not even like he's really there's a lot that goes into it to keep you keep you scare so those things you may not know how many people running security onion or a tooling they use companies are realizing it's not a bragging point to say we bought the bust Kaspersky package or whatever package anymore it's better to say no we keep it tight and secure and I probably even myself give out too much knowledge of you know you know I run sericata you know some of the other things in my stack they me there's a couple things I don't tell you but I probably tell you too much but be nice be nice I don't want to see us yeah you nice if Tom's hair is on fire that cool point oh ponytail Power Man with finger blessing is a that made you freak out hammering on my stuff even alone it happens I have a list of banned IP addresses I would love to get that list and just go troll them good troll them go well you know what so I've traced back a few of them and I think I talked about it one of my vlog Thursdays but some of them are one of them's not counting off as only because I seen what's on their RDP sessions one of them's accounting office there's probably been poned I don't know if I can call them but like their servers are doing some things so they're just a jumping point so rolling back you're not rolling back at the hacker your des trolling back other jump point to jump point some accounting firm that's been poned so yeah media which can too to tell them and then they always tell you they're not hacked and good luck with that that's that's a different problem I think we talked about that before you get these people knowledgeable that they died to computers there are you're already dead you just don't know it part of the bunch is part of the botnet man mm-hmm what are you gonna do and the other questions we've been going for an hour and I used to go forever but at some point we all had a lot of stuff to do someplace there's beers we should be cracking it's nine o'clock throw money at us and things like that my shirts throw donations maybe we should set up out how they got hacked patreon so if people can you know just throw it out there or hire us and all that fun stuff you know we'll do weird things for money like eat hot sauce but it's one of you like hundreds of dollars right like if you give me $500 I'll heat some of that hot ass hot sauce that's on his wall but only for 500 because oh my god my stomach is gonna die Oh nacho cheese wants to know if there's a mastodon or discord of future my problem with live chat and it's the reason I run forums instead of live chat I love the forum's I self host all our forums that way I can you know control the data on my own servers and everything else and other worry about them going away but I don't always have time for real-time interaction but I do check a couple numerous times throughout the day my forums so I always you know maybe I'm old school but I love the forums where you post in a forum I reply there's a lot of people I think there's like 1,200 maybe 15 maybe long I haven't looked at maybe 2000 people sign up for our forums so feel free to post in there it's free to join I don't have any thing on there there's no no ask I don't gather your email address or whatever user every million I don't care I'm not looking at them I just want open discussion on there so forums are a place for that so I don't really plan on discord or mastodons I just kind of like things we discussed SML are there if you want suggestions or things you want us to cover you know what I'll do is I will work on this week I'll make it how they got hacked specifically section in our forums we have an SMR section for my podcast so I can make that too but just there's plenty of different categories post in there I try to reply for all those people I don't know what SML are is the Sunday morning what Sunday morning Linux reviews so yeah sweet yeah yeah I'm on the forums awesome yeah there's the I do it can't I likes the chats really hard for me um I don't know I don't know if I want to go through the trouble because I'm not I wouldn't be in there often enough so yeah that's the I participate in chat channels I don't have to manage one because then the other problem is it's real time and if someone gets in there and is all nasty and here like want me to boot them like I'm busy working I had a client I'm not gonna be out in the chat going oh cool you know this but know how to return yeah someone has to moderate it and it becomes a constant you know but I'm accessible on Twitter I reply to my tweets if you want tagged me and things or whatever don't DM me on Twitter sorry I don't always accept those I look and decide that there's too many people are like what do you think which pfSense I should get I said that's a public discussion that's not a DM don't ask me just post it in public and I'll explain in public that way because guess what you're not the only person I thirty people ask you think question do I get the X 50 100 or do I go for the 1,700 everyone asked me the same question post it in the forums or matter of fact if you google it you'll even find a result in forums for people asking that question already so someone threw beer funds man your funds absolutely maybe what we'll do we'll do live shows we'll get the beers and the shots and we'll do shots as people throw money at us oh my god three hours I'll tell you another thing about security all right yeah you got a run a V it's already same by innovative really no way to give up her own pastors by yeah right what version of das should I run five five that was the best one man 6.2 wasn't really there in 6.2 so you see that's really started integrating the the compression thing and that's it whole you know Bill Gates is being shady and took took the code for this well no he took the code from that one company that made the compression tool and screwed them over that that was I mean this is goes back I I would do we were we're talking about a penguin con if you don't know penguin cons coming up some people as I tweeted it I'm gonna be speaking there and we make it an old school admin panel together a bunch of us old school admins and talk about the good old days and reminisce while we drink [Laughter] remember when we used to do those x.25 networks back in 1992 it's never a morris worm so all right I think we're gonna but I like XIV you press the little button with a animates in that cool oh yeah that's awesome that's it cool so I'm gonna post it and it sends the stream when he hits a little button on this little thing here it ends a stream see you episode 8 episode 8 it's been nice nice
