 There we go broadcast is live got turned down a little bit though So don't get like this echo thing going right here because there's a lot of things to cover and Yes, I'm definitely I have a drink for this one because I was sitting here and Doing my thing testing servers and I don't usually play video games I was thinking maybe I should play video games to sit now I'll test some servers and of course while you're testing servers and running benchmarks you go through and Read the news and the latest Twitter and occasionally it it makes you go what? What happened? What is what is this thing going on right now? No, there's not a file called and Let me pull the name up exactly so we can read it together Because let's make sure this works. There we go. Okay. I'm in desktop Yeah, so Right here We're gonna go down to what Mimi just kind of Cringe a little bit Was the file I should have had this pulled up I this is very impromptu, but I figured all of you want to join in and read the news with me about this Oh essentially what they found was a why this I do not like the way tech crunch has this weird come on back there we go There we go, so public screenshot viewing octa's internal apps and systems really admitted blah blah blah This is where things get a little bit crazy because they basically had dumped right here domain admins Domain admins dash last pass top XLS Really? That's a great file name. I would have thought this to be oh I don't know like a some type of ransomware canary to detect someone in your network But no no notice. This is not this is not that this is What they had found actually let me split the screens a little bit differently here for people, but I'm scratching my head over all this is Um, but I figured I have a lot to say but let me get my Screen sharing setup one day soon Tom will have an Entire team of people that does this. I don't know when that day is If anyone's looking to be like the heart person to help me do this I don't know what that title is media co-producer So good evening, I see we have a few people in there, but you know domain admins last pass dot XLS Doesn't seem like something you want, you know on the screen right there. It would be that way from I think where do you see it? Um Let's break down and kind of all the things that happened and the things that led up to this event Because this is not the only event. This is we'll rewind a little bit just a little bit here and Share this tab because yes, they made some arrests. Well, they did leak some source code now This is just me being smart You know kind of a smart alec here laughs this hackers leak 37 gig of Microsoft for Ledge source code. It was being they leaked being It's it's not I don't really think a lot of people care about leaking being It's definitely proof you were there you you captured the Attention of people because you were inside of there, but it was being that's part of the problem Then this Here we go is the arrests and seven suspected members of lapses hacker gang arrested ages 16 to 21 now, let's break down a couple of the other just kind of broader topics regarding this and essentially You have the lapses group and they have been Getting more and more brazen really Diving into this whole hacking thing and you know I will admit to having partaked and shared in the memes because we didn't know a lot about lapses We know they were in some big companies. They got into the biggest names And of course discovering that they were a bunch of younger kids is one of those wow moments where you go, you know It's the billion-dollar company, you know octa Microsoft and a list of others, you know these not just average companies not big companies But the biggest companies that they've gotten into and this is really interesting from that standpoint Because you have especially after the arrest what turns out to be some teenagers so you have a billion dollars of Cyber security human to be spread across these companies probably who knows exactly how much they spend but they're big they have big budgets they have big teams of security people and these teenagers got in and Made a mess of things but there's a few things that were underestimated and this is the part that takes them from being the hackers of mischievous kids to Going beyond what security people expected them to be and this is kind of where that mistake has been made It is Like so it's someone said there be selective don't get a mediocre media co-producer. You're right That's why I am selective and that's why I keep doing things myself Nonetheless, so The whole problem really comes down to and I'm gonna hold up by little security keys like I have right here We get myself my UB key one set up is with Fido off and here is a Trust key also has Fido off if you haven't seen them. They look just about the same as a UB key it's a touch one I'm doing videos on these coming soon and This is even something Microsoft in their debrief mentioned is the use of these keys being probably where they have to go Going forward and the underestimation of the adversary is where the threat modeling was not done They decided that we're going to use a phone So phones are backups. This is the thing we're gonna text message a phone as a backup for people's security and This to me is an underestimation of their adversary your Microsoft your octa your very large companies and having phones as a backup is really probably not the best idea because the Adversary was willing to go further than you expected and what I mean by that is they were willing to in Krebs on security points this out and I think he did probably the best on it and when you go down here and we'll go to share this tab and add the stream so Krebs dives into this topic and They talk about just how much they're willing to offer and Let me scroll in to make this plenty big enough for everyone to read offering employees at AT&T T-Mobile Verizon up to $20,000 a week to perform inside jobs This is the underestimating of the adversary when you have an adversary that's willing to pay Employees not one person. They don't got one twenty thousand dollars like no, no We're gonna put you on a payroll for twenty thousand a week who all of you that say yes, essentially The kind of money they're playing with allowed them to buy insider access at a pretty unprecedented level So it's not just some hacking skills that they had it's a little bit more than that It's the fact that they have the means the Monetary means especially to gain a level of insider access that you wouldn't Normally put on your risk tolerance like oh, yeah, it's really hard to swim swap the phone. We we know Generally speaking there's a simplicity level to it But also it takes a person who is willing to spend that kind of money now If you're an average person, are they going to go after you? Well, how much money do you have? What is the value? Are they willing to spend twenty thousand dollars to get into your email and you know bypass your 2fa and hack your phone? For someone who doesn't have a lot of money probably not there's not a good return on investment unless they're just after the person But when you go in and you have an adversary that's willing to spend that kind of money And of course they are because your company is the size of Microsoft and octa and there's been plenty of others that these people have been involved in so it is Really really tough to threat model against that because there's always people want to push these You know little security keys and saying hey, this is probably a better way to do it if we use these little Hardware tokens, but then there's someone else pushing back because we the IT people who implement security Were the enemies of convenience according to the end users to have to deal with the policies we set forth and They're not wrong. We are trying to make it inconvenient but not for you the end user but for the external threats that want to take over and this is where there's such a You know rethinking gonna probably happen And I think this is probably what's gonna come out a lot of this is this is big enough news that they're gonna go All right, if these kids can do it How many other people did it maybe for an espionage and the espionage is much scarier because they go in and they're silent They're just there to take data. That's it. So they generally will go from a much quieter standpoint the lapses group they're there to make noise and Well extort money and they have their own ends that they're trying to do on this So yes, and you're not wrong. This is so much It's like Veronica says here. It's way above script kiddies. You are not wrong at all and Cody here says sim swapping can make a lot of people money. Just listen Dark Knight Diaries episode about it Specifically the Dark Knight Diaries episode about it. It's called dirty comms and the dirty comms episode Jack reciter Dives into and I should probably leave this in the links as well is Direction of Diaries Dirty comms. We'll pull this up and throw it up Lincoln here. This is a Great episode and dives into Exactly this the sim swapping what they're willing to do and this is including and not gonna spoil it too much for you But the sim swapping includes smashing grabbing so they have people who literally run in and grab the tablet that can do this from a Cell phone store and that's included in this Dark Knight Diaries episode, you know, it's episode 112 dirty comms highly recommend listening to it It's not specifically about lapses. It's about thinking about the threat model as it applies to the way lapses Performed this and that's where it becomes so you know, absolutely kind of scary and It's always, you know, if you really dive into and have had teams Red teamers that I've met and talks. I've gone to in any red team It's always a joke like me and Xavier my friend who's hands of the enterprise offensive security his company where he does red teaming He does offensive security testing and he kind of jokes, you know, hey red teams always win and It's at what cost and this is where scope comes in of what are you trying to protect against? You know, one of the really interesting talks They went to was someone who was military in their background. So they're not just a pen tester but someone who Had been involved in the military and high levels of pen testing matter of fact, they're crazy A pen system pen testing stories were done overseas specifically in even some of the war zone areas And it's a question of how far you'll take it and what you're mitigating against Obviously, if you're talking about a wartime or military the stakes are high Therefore the security that comes with it is very high But go back to domestic here and talking about businesses This is a lot to think about from that standpoint and understanding your adversary and what they are doing And this is where the adversary the lapses group in this particular case, but they were underestimated They didn't think they would go that far, but they did and of course The shenanigans that we'll get to in a moment here is where the bigger part is Let's see what I'll reach some of the comments here, so Team a team mobile employees about 20 years ago to do something similar wondering if it's different. Yeah, they've there's a lot of We just don't have all the details yet. That's gonna start coming out and It's just it's kind of a mess now the other part Now that we've kind of talked about the adversary talked about the Underestimating of the adversary and how they did this. Let's talk a little bit about the Details that came up. This is the more octa stuff that we'll dive into now. We're gonna take this with a bit of Where is the one I'm looking for this one right here, we're gonna share this tab throw it back up on the screen here so This is something and this is from Twitter. I was tweeting this as well. This is the one. It really got me now This part's very very new So I don't know a lot of the details of this particular part and let me explain This is just tweeted and I'm always a little skeptical when you see Someone tweeting out something that maybe they shouldn't have You know an independent security researcher has posted a purported detailed timeline for the lapsus breach I'll be third-party octa provider in January now I don't know exactly but bill has his name here and bill is standing by that this new Documents and he covers this and this is where we learned some more details of what's going on now Octa has made one misstep after another on this because we weren't breached nothing to see here Nothing going on. You know the usual Terrible PR. There's nothing nothing like Microsoft and you know if we look at What Microsoft did? They did they said we got owned and here's what happened matter of fact, this is Microsoft was very clear and this is where you say it's not that this gives a sympathy for Microsoft But we appreciate the honesty paying employees the targeted organization suppliers and business partners for access and credentials to MFA Microsoft came clean. That's how this happened because they were varying, you know, right straightforward is Pot it is You know straight up This is what happened here and they even post one of the things of we recruit employees and insiders and Microsoft saying hey This is a really hard threat to fight against because well as I said it was kind of underestimating But where this gets a little bit more confusing over here though is the whole timeline of What's going on over here with them with octa It's like the more we learn about octa we do more like guys you you're caning News by trying to stay out of it by trying to tell us there was nothing there Every news story becomes a bigger news story of another lie that octa was caught and that's where I am just like They're detailing it all out and this is all on Twitter. This is all linked by the way This is in the description I put all these articles with the exception of dark nantairies I'll add later are currently in the description of this video if you want to read deeper on any of them but yeah, just I Don't I just can't believe They're their willingness to keep going beyond and diving into this and of course, I'll actually jump to The Twitter itself here so we can see the document a little better They're breaking down some of this now one of the other things that was in here that was interesting too You know, like I said all the documents everything the all directly on Twitter But the other piece that was in here that I found interesting was Where is the? Right here we go. This is this is where I just said are you're getting a drink and turn this into there All right lapses did not begin investigating to confirm my system until January 19th Time I posted on that day threat actor did a being shirt for privilege escalations and With little regards for Opsec. They were logged in searching on being they the irony of that is funny Like they're they're on I guess being probably searches GitHub pretty well, you know, Microsoft homes GitHub I don't know and This is they're searching for things like hey, how do we do bypass on this and then? You know fire I how'd they bypass the security on this thing? How do you get something like Mimi cats running if you have end point security on there? Bypass the fire I endpoint engine by terminating it. Oh Good that wasn't protected because they there and then they simply downloaded the official version of Mimi cats a pop-up credential A popular credential dumping utility from its repository. Mmm. Yeah, that's not good And then they know this is common. We even see this even in a small attacks when we've gone through stuff This is really common the attack to create a backdoor with users within site tells environment and finished off their attack by creating a malicious email transport rule to Forward all mail within their environment to their own accounts. This is actually a pretty common tactic They they will set up the email and if you're not familiar with how office 365 in the boxes are set up You don't know what to look for This is something you should be triggering on if you're in security like triggering on a change because when that change happens Something happen. Matter of fact, this is when you take over an organization one of the challenges is making sure that you looked for this and The organization you're taking over doesn't already have this in place because this is often a frequent when they get in This is a step they take before they finish off the attack that is That is just a big piece of it the other thing that was really annoying about just a methodology that octa Especially their first post on this was about was octa's Not didn't just downplay it They also said something that was the best double-speak ever that I actually kind of laughed It's not I'll think everyone really caught the nuance of what they said They said they didn't have any more privilege than the engineering laptop. Oh, yeah And I mean we're privileged in the engineering laptop. What privilege does an engineering laptop have you seem to have overlooked this little detail? Like we don't know how much privilege an engineering laptop has but mean it seems quite dismissive It's only an engineering laptop. So that the whole Breach thing and everything else is kind of a mess now. Let's take some questions here in there Did they publish private keys for customers SSO not that I am aware of basically the engineering as we have somehow come to understand without the best clarity from octa the Ability they had would have been to reset passwords and reset MFA now. They downplayed that but if you put together like the Krebs and the Microsoft report talking about octa and their involvement in sim swapping and applying employees at major telcos That's all they needed if they have access to an engineering level System at octa that allows for password reset and they're able to control the phones of the people that they're after Well, those are the two pieces of things you need to get where you want to be They're going to use this engineering level to issue a password and octa's thinking. Hey, no sweat No problem. It's just gonna prompt that user for on their phone except for it's not their phone anymore when they get sim Swapped it belongs to the threat actor. So now the octa has the ability to finish off the attack and get where they want to be So that I know they didn't do any SSO stealing. I don't know of any compromises related that but it all seems More related to the fact that they Using a phone as a backup These zero-day security vendors need to explain why they keep missing anomalous behaviors associated with the hacks Well, this is a big piece of it It's They had a lot of tools there obviously were aware of the breach they just downplayed it and didn't take action a Lot of their failure wasn't in not knowing as much as it was in not doing so having the knowledge that an event occurred and Taking action on set event and the proper action and reporting is where a big failure on octa's part was and why there's so much more in the news Now than they were before Short and quick. Do we need to stop using octa for the time being? Honestly, I think octa once you have companies like mandian involved. They're gonna go through a better security audit There's also no easy way to just stop using octa Octa's not like the biggest security vendor and there's like someone right behind them Octa is absolutely massive and for some organizations It's not an easy thing to say. Oh, we're gonna stop using octa because there's not a drop-in replacement There's a lot of people I know and they have all of their authentication across a Thousand two thousand users and deep integrations into their platforms all with octa That's not something we can just flip a switch and turn off and switch to someone else Conceptually, yeah, it's just a drop-in. We're gonna use a different SSO vendor reality is getting someone set up with an SSO vendor when they have a thousand users or two thousand or ten thousand users is No small task because these integrations are not simple to get deployed and they're not simple to unwind and switch to a Different version of authentication. So I think they've contacted all the people involved They said at first nobody was affected last I heard from octa was two point five percent of customers affected So there was a very specific target group of customers So they know they had proper logging to know what happened. So those customers have been contacted by the way all this octa Breach stuff was done and closed in five days in January. So it didn't persist on So that's a yeah, I don't necessarily say stop using octa Do you want to look for an alternative as a project? Sure. It's just not practical to say just stop using it It's fun explaining to CEOs why they can't just auto-forward all their work email for personal emails anymore. Yeah It is it is fun to explain. It's them. That is for sure Is there anything that a next-generation firewall would have for dented no no they were using Standard levels of access. There's nothing that a next-gen firewall. This is not something they were Yeah, this is not really at the firewall level. This is all at the sign-on level. Oh, let's see It's time to go back 30 years and do things the old way it worked and we didn't have issues. Well, I'm sorry but that isn't how things work, um, that's not how we're going and the Good old days are a myth. This is simple as that. We uh We are all easily deceived by the charitable gifts of nostalgia. It's just the way our brain works the Nostalgia brings you back to only the good times. It's a function of human memory The reality is things were very difficult then things were getting hacked Then it was just a really small thing because there was no money in it. You can't just rewind and go back That's not the solution either What's amazing is companies keep making the same mistake even after seeing the results without our companies doing the exact same thing That is a real puzzle and I think it's the myth that just because a company reaches a $26 billion market cap. They are somehow different than me or you just because of their scale and scope that the Human beings in charge are somehow different somehow better advised and what you learn as you climb the ladder of success And you create different circles of you know, maybe friends that you have that work at these large companies You realize they still do some of the same dumb things They did when you knew them 20 years ago despite the bigger payroll They're generally more rounded and more educated But there's still occasional human nature things that come into play and they are not immune from going It didn't happen because my reputation matters I Always wonder wondered how eSIM would change a sim swapping good or bad So sim swapping is a real problem. It really comes down to the phone is not the ideal place for this Turning off support access unless you need to have them have access when possible. Yeah, that's probably make sense there Secure on ex would have detected the anomaly. I don't know I don't really think That they didn't it's not a not knowing thing. It's a problem. They knew Matter of fact the indicators are all there. It's their failure to take action on them That one right there where you sit with This is the exact phrase it probably is really a there were certainly a number of indicators of compromise They should have been paying attention. Yes, that's the real problem They're failure to take action on the things they had when you have the intel and you don't take deep action on it It is just Where a lot of the problem is the other thing there's there's obviously there's undoubtably in these large organizations a bunch of people dangling These little security keys around going hey, you know what Fido would have solved this problem You know, there's someone pushing for this right now And there was something pushing for it before but someone said they're not gonna go and take over Cell phones. They're not going to pay off People who work at these phone companies not gonna happen and Thoroughly as it did happen. So this is where things got a lot about You know, I we're gonna start seeing slowly and oddly was driving the small business market for In my opinion the big driver right now in a small business market when it comes to changes in security has Everything to do with the insurance companies requiring it like MFA is not an option You can't get insurance without it and you need insurance So it's not like there's some policy or some guy with random live streams on Monday night saying use more security Changing the bind to small business owners matter of fact, the majority of my audience are probably more like me work in a level of Ciss admin where we are the ones pounding our Little security keys and yelling. Why aren't you using this little cool device because Fido's great Fido? Is much much harder to get a hold of I mean you could say well now they got to come and take it from you But that's a little bit harder to do. That's a another level I'm just not saying you can't come take my Fido key and then acquire my passwords and then get in I'm just saying that raises the bar a little bit higher to do something like that Also, I have these different Fido keys as I mentioned earlier because I'm doing some videos talking about Fido I was working on them before octa and I got sidetracked with a few other things and This seems really relevant for me to rant about very soon Fido is your friend Yes, yes Yes, I know when Travis is in the same the Travis is among the IT people that We know we're always trying to get people to be more secure and things like that. It is very very tricky Ranting on yes a little bit Ranting on having a drink just wanted to share all this with all of you I didn't there's no time limit. I specifically set on this other than it won't be all night I just wanted to get a few of these things on here I didn't feel like taking the time to really compose a video So I just said live stream rant about what I've been reading because it was aggravating me well, no what was actually aggravating me was setting up a server and I'm sorting out a problem with a ZFS on it that I created on the lab So I'm going I'm sorting out a lab idea. I had to try to make it work properly So that was annoying me and then the news hit me like all right, let's let's rant The problem with large companies and logs a huge amount of information being generated and having a clean process Is key in achieving? Yes, but it's completely possible my friend I've mentioned a couple of things before one of my friends works for a very large company He manages a hundred and seventy eight thousand end points as the head of the sock They have really good filtering systems and they do full logging and full packet capture of everything They know what went where when and they know that for quite a bit of time going backwards so it's not that it can't be done and It's a company you've never heard of they have managed to stay out of the news Because they spend a lot of time engineering things properly to not be in there you can filter logs You can parse logs you can look for very specific things and then you set triggers on those specific things That's the important part the cell phones, especially SMS SMS is very insecure. They shouldn't ever be using securing critical systems I agree with that I It took I was took forever for some of these companies to stop using my phone as the backup it was annoying it was why do they do it this way and You know, I I don't know but I feel and I'm not this is not a challenge by any means by which people should test this I feel when people say hey Who do you use your cell phone service and I'm like well? I use Google Fi and that is Because I believe Google does a little bit better a job than maybe AT&T and T-Mobile and Verizon at protecting numbers I don't know that to be absolutely true But I do feel that they are the best my bigger goal is always always to just not have My cell phone be the second factor of authentication any number that can be ported any number that can be sim swapped Just seems like a bad idea because you're at that mercy TOTP authentication is good vital authentication as I bring up with these keys right here I think is good the authentication methods That were used and obviously in these recent breaches proved Beyond any shadow of a doubt that at these large companies They're gonna just have to stop relying on this because you can't expect AT&T to get better or Verizon to get better I don't think that will ever happen. That is that is not what I would make my security. Yeah The so glad I got my Ubiqui key. Yeah, I also want to bring up It's not just Ubico Fido Alliance keys such as this trust key is a good choice This is not a Ubiqui, but it is the same thing is good Fido hardware token What's in the glass we'll talk about that in a minute? No pizza tonight. No pizza tonight. No Can't wait to see your next Fido video. Yes. I did a Fido video regarding Fido with SSH. I'll be covering Fido with Jack Daniels and Put a little in there For those wondering what's in the glass The only thing this is this is your This is I should just put on here in case of another breach emergency. Just grab this Cybersecurity backup plan You keep switching to a bank accounts until you find that you keep switching bank accounts until you find a company that actually Allows for something other than stupid cell phones Yeah, I Try not to use text to factor. I like a good authenticator. Is that something you advise over us? Yes, TOTP authentication is great Didn't RSS get hacked and associated with the tokens leaked RSS. I'm not clear what you're asking I'm not tested the nitro key The trust key is part of the Fido Alliance and I tried this I don't know if the trust key that I mean the Nitro key has gone through verification. I haven't looked up I've been looking these up and I ordered this one because it was cheap on Amazon As long as they're part of the Fido trust Alliance, they should be good And these keys and you be he being the leader in this market They go through their own testing just like anything else. They validate that these keys have been Properly vetted to make sure that they do the thing they say they're gonna do and there's not some Attack on these keys that would somehow unwind them or compromise them in a way that would well allow them to be not good Not a jump server. It's a drunk server. Yeah, maybe I Don't drink that much black hat bottle. Yes Cyber security backup plan is backup your resume RSA tokens what RSA tokens were compromised That I'm unclear on what you're asking still Didn't Google roll out 80k UB keys before making their own Titan key. Yeah, I'm fuzzy on I have a feeling there's a business deal that we're unclear on that Why they started with UB key and switched to Titan? Obviously besides being their own key And I it's not a cost thing with Google I don't I really don't picture it going. Hey, we can't make the deal we want There's probably something more to it that we don't understand About the deal that was made bit why they switched a Titan key, but yeah, so I Spent the last 16 years working Working with and not for AT&T. They are indeed a mess. Yes It Look, it's all they're good at like you said as being a dumb pipe We have certainly had our own interactions with them that have been less than less than wonderful will just say in matter of fact I believe I Met I think we've met in person MO EL MOE LAS US I think we've met in person. Have we I don't know I'm curious So I think I know who you are Which is funny is what she we said you've been working with AT&T. I think we had drinks together a long time ago Maybe I'm wrong The worst thing about my UB key is if a key gets lost I have to remember everywhere that I use that particular key This is a challenge, but not an insurmountable one and one of the reasons I have two keys When you're setting up keys you set both of them up So the Fido spec does not require multiple Fido slots, but it's encouraged and bit wardens an easy example So when I log in a bit warden, there's I think you can have up to six Fido slots So you just have to pains taking Lee Register two keys for each system that you do or some get some systems have TOTP or Fido And they allow you to choose which one you want so you can have both registered at the same time So having the Fido for your convenience and security, but then having to OTP as a backup There's an option as well You be key or Fido been looking to use but haven't got there. I like the Fido implementation better I like the way the Fido system works really well It's taking a lot of time for me to get a deeper understanding of it I'm making sure I I've been reading through a lot of like all the technical specs of exactly how Fido auth works all the details Because that's how I make my videos I spend a lot of time reading on some of these authentication methods make sure I understand them so I can explain them and the most concise way possible and of course accurate way possible matters a lot and Yeah Fido I like well one because you can use more than just you be key and it's just a well thought out protocol It's got a lot of good support Yep, okay. I know exactly who you are We yes adding night a couple years back. Cheers This is it when you said the AT&T thing I'm like, oh, I remember our talks And in a yes for sure I should if we I don't know sometime we should In our travels, maybe we'll connect again, but in the meantime, it's nice to see you online So I accidentally wipe my to TP from a UB key it was a pain fixing that smooth move I don't put my to TP on my UB key. I've talked about this before I use an application called ages Ages works really well, I don't know I could probably filter I have a demo one in here, but Nope or no. Oh, there we go. I've no I already forgot what this server is Ages works really well for to TP. So I have this demo server You can see the numbers rolling on here ages by default when you open it Close it If you go back over here, it won't even unlock without a Password to unlock the vault. That's an important aspect of the way it works So it's not like someone could even just take the phone. They you know have to Unlock the vault and I'll get in it's an extra step of protection. I've encrypted the vault on here I don't have it backing up. I manually back it up when I add to TP keys I don't add them that often. So those are just those extra steps you take to It's inconvenient. I won't lie, but it also Helps you sleep at night. It helps you not constantly worry that that aspect is covered There's always gonna be some other aspect There's gonna be a firewall rule you forgot a thing you opened up. There's lots of risks you take But at least I've put a password on this if someone wanders off with my phone, you know If first you got the password to my phone then second you need the password, which is not the same, of course To the application on there, so Any tips are getting switched to the app-based versus coaches and SMS Explain is Concisely as you can how these companies get hacked the problem is the counter you frequently run into the the objection is going to be Oh, I'm not Microsoft. I'm not as big as opt-out. I'm not a 26 billion dollar a year company They're not going to target me the reality is the small businesses are low-hanging fruit and are targeted Probably statistic. I mean just because there's more of them. There's more targets So they are hit all the time you just don't hear about it and because it's not newsworthy If a small company with 10 employees loses $20,000 to some scam or some hack that you know was able to get into their systems and do a wire transfer It's not gonna make the news local company loses 20 grand Nobody nobody really writes the articles for that and by the way It's not usually reported because the last unit company wants to do is talk about losing 20 grand They're not they they may have to report to authorities They may have to if they're in a regulated industry and maybe in the future because it seems like a lot more companies fall under Regulated industry policy that's going to be passed. So it's hard to convince people, but it does happen. It's just a it's a hard sell Yes, looks around and that is the thing here When you're looking at like the trust key the trust key is a lot less expensive, but feels well built I don't see come on focus There we go. It's very much very close in size to the UB key but not Really that much different from it. So yeah, I like it I so far I haven't found I don't know a flaw with it in More and more things are supporting Fido. So these seem pretty good matter of fact It's a good excuse to buy two of them because you can buy two of them for what you can buy for one of these Keys right here. So Hey, no problem glad I was able to help on that. So I have more UB keys. They're in a drawer over here Where'd they go? Maybe they're in this drawer. Yeah, more of them Because I get all these for my staff too, so I got these for my staff I got a few for me. I program them. I rewrote this one. I was changing how the key works I want to do a deep dive into some of the weird things about the way these keys They're great. Nothing bad in terms when I say we're just understanding the technology not so much Anything else like not not anything that I know of any security problem speaking of that. That's a good question How do you know Fido key doesn't have a backdoor? That's where they are vetted by the Fido Alliance and the design has been Thoroughly looked through that these themselves are not a backdoor These are not emulating a keyboard and you kind of know that when you plug it in You know if it's going to emulate a device beyond what its capabilities are supposed to be there's an indicator But other than that the Fido back doors would be really hard because of the way you authenticate things with Fido This is why Fido is such a good Protocol is the level of back and forth that has to go through in order to sign something Essentially and it do the exchange of security information. So yes, it's um It it's gonna be part of what I have to explain you can go over and understand what the Fido Alliance means I think it says in the back of this. This is a Fido Alliance key. It's right on the back They go through they go through testing so it's a valid question It's also why I wouldn't buy one that hasn't gone through the testing of the Fido Alliance I think that's I don't know if I can even get it to display Somewhere on the back here. You can kind of read it. It says Try to make the camera focus right Why don't we go to the website because that's probably easier to messing with the camera? I mean we could always We could keep messing with the camera, but we'll type in trust key and Pull this up. These are good questions. I mean absolutely don't don't take don't trust it because some guy drinking whiskey on YouTube said to trust it That's definitely not good advice Fido level two certified They have we don't want the fingerprint one. This is the one I have right here is the T120 I'm sorry T110 because it doesn't have the USB-C. These are Inexpensive Fido U2 and OTP sort Fido to certified You can look up the Fido to certified process and that's how you can go through the testing on there What's more fun is to look up how if we find where's the there we go Where is a good okay find Share this tab you can look up a lot about how it works and how the registration works begins These are approval new key created public key cryptography the Fido login process login challenge Key selected public key cryptography the back and forth on there These the way Fido works is a little bit different and it's actually what makes Fido so cool The way it incorporates your authentication in here, so it's you can read a lot about it There's plenty of documentation on it. There's nothing. It's it's a well vetted protocol. That is for sure the Hard hard problem with Fido is adoption of it trying to get more places to use it This is really where the challenge comes in and I've talked to a lot of security vendors And they're just like we don't we would spend the money and embedding it But you know, we don't think there would be much user adoption and when you have companies the size of Microsoft and octa not using it Across the board. You're right. You're trying to get smaller business to use it is a hard not not an easy task at all So definitely a problem It'll talk a little bit about the use the UB key personalization tool This is where there's definitely some confusion because you can rewrite the keys and there's reasons You may not want to rewrite the keys and this is where sometimes people have some confusion about rewriting the keys So, yes, that's definitely a a problem Oh Travis only trust people who are drinking whiskey on Monday nights and ranting on YouTube. Oh fair enough. Oh Let's see. How does the system is our standard security employee combat the onset of imposter syndrome and the company you work for on and Oh, if the company they work for may have been breached. I don't know how to combat easily the imposter syndrome There's always that um in over your head feeling you get quite a bit I Will tell you it's a feeling I've been in a lot of circles and I sometimes like wow How am I saying next at this person and like I'm I feel that way sometimes too There's not it's just something you work through when you're over. There's not an easy answer I think what helps is the fact that we have a word for it imposter syndrome because this is not something I knew in the 90s when I started working in tech. Yes, the 90s 20 plus years ago We just kind of just felt like I don't know you're just figuring it out But somehow this person next to you knows more than you and there's not really a word now Let me have a word for it. We understand the shared experience that imposter syndrome is I think that's helpful because it's not just you we don't have a word for it because you are going through it We have a word for it because all of us majority of us have some feelings at some levels of imposter syndrome So it's something you just kind of work through and get over so Do NFC enable models open a potential weak point well kind of NFC in general opens a weak point because someone can be within your proximity and if this is not shielded and They bring something within NFC proximity to you. They may read what's in this So for example someone mentioned you can store inside of a UB key your TOTP So if you can store your TOTP within your UB key and someone is within NFC range of your UB key Then you have a problem. They can pull your TOTP But you can also set your TOTP to be protected by a password so they can't just pull it without putting in password so there are extra mitigations you have but yeah, that is a Problem per se if you have the NFC. It's it's a proximity problem So it's not as likely to be an issue, but it is More it is there it exists at some level. I should say I wouldn't it's not my You know, do I worry that someone's gonna come in proximity me? I actually keep these I have an RFID shielded wallet It has a shielding on it. So these won't work through it That's one of my solutions if I'm transporting these outside of here I don't worry as much not to say it couldn't happen that someone would break in my house and steal them. I mean, it's hopefully They won't You know what not a challenge. Can you get into Tom's house? You can get any house if you're determined enough. I mean So it is a risk, but it's not the highest level of risk I'm gonna wind this down. We've been going we'll give it a few more minutes I'll answer a few more questions, but I actually at some point I do have to go to sleep. I don't Maybe I'll pour a little more but it's about time to wander off And uh, go do whatever it is I do. Well, eventually I do sleep. I usually watch some TV Yeah, the shielding is um, I have this on a lanyard. So I don't lose it But it is not my usual methodology of carrying it. Matter of fact, this is my demo one This is not my demo one This is the one I have things on and I identify it by not having it on Something that dangles because if I put it on something and it dangles like that It doesn't fit in my wallet that I close it up in Where it can't be scanned So that's spend my simple solution and there's more of them I gotta I gotta get uh christ from cross talk solutions posted stickers And I bought some one of my employees ordered some of those stickers and skins that go on these so I gotta get some of those so I can identify These are all my lab ones that I've been playing with Do you use the usb c conversion fc with your phone? Um, I'm using the fc with my phone when I do much But I don't really do anything nfc and the ubi key with my phone right now. Um It's not been something I'm using as much most of the stuff I log into is Um Web interface that's where I've got it all used. I don't I actually don't have is everything logged in on my phone Because I don't need it It's always a good practice of um Your principles of least privilege. What do you need things logged into and don't log into them if you don't need them? That's it's a really really simple um policy, but you know, I'll look at right here. I have um A tablet that's password protected. That's a chrome tablet But I only have one account and a limited amount of things. I don't log in everything on here I only need it for a couple of specific use cases So I minimize what I've even logged into on this tablet to only the things it needs and no more Um, it's all about keeping restrictions. It's You know kind of boring matter of fact I I laughed when it moxie marlin spike if you're not familiar developer signal head of security for dental law security research Look up moxie marlin spike. Um really brilliant cryptographer But he's talked about someone said can we follow you around to see what you do all day? And he's like not really you'll you'll be pretty bored that it bothers him But you know, he still writes a lot of things down. He's very restrictive on how he keeps things There's just different you you'll find people who work in this Um industry you just start and I've always thought about this from a long time ago And this comes up to it's actually almost an anniversary of 20 years ago It was probably the first time I went to a big hacker conference. So that was like 2002 Um, you think differently when you've spent that much time hanging out with a bunch of hackers Like I did in the late 90s and early 2000s You just learned things differently of everything that can go wrong or all the mischievous things you do when you're Young and you're like wow. I should always think about how to protect myself from those things Six feet for cyber security with nfc. Yeah Bit warden and usbc on phones what I carry around now. I don't have bit warden on my phone That's actually another thing like people have asked about that. I just don't put bit warden on my phone I don't need it on my phone. Um, so and by the way, my 2fa is on my phone Therefore bit warden and 2fa on my phone seems like a the combination of things that I don't want on my phone So that's why they're separate from each other Going back to security for one sec. How does one has ps s playing that don't insurance companies recommend security hardware and software No, they They want you they don't specify devices. So you can use your um You can use your pf sense within there. So that's definitely um It's not really a factor. We've you know, we're insured. We use pf sense It's not something that's going to really play into the insurance side of it By the form you need based on devices you use. Yeah, that's a good advice right there Depending on your level of insurance You may have to have third party auditors come in that that comes down to um Whatever policies you're getting and what your mitigation risks are there's There's there's really interesting to me that there's some new insurance companies. Um, I I don't I don't love this idea, but I think there's A mix there's there's a happy middle that I don't know where it is yet But think about this there are insurance companies. There's a startup insurance company One of the things that insurance companies are doing instead of listening and validating They're getting involved and what I mean by that is there's insurance companies And I'm not 100 clear on how they work But essentially they're talking about having agents that confirm Things are going having log collectors to confirm your 2fa Confirm you're doing something not trusting you to fill out a form to say you're doing something And they'll adjust your insurance based on you allowing them to give your logs Now this is directly Like the equivalent that you have in the car industry where we called it the tattletail device It is a device insurance companies would plug into your car to see if you did hard breaking They want to know if you're a safe driver They're limited amount of data versus it's almost intrusive to have this much data being read by the insurance companies But it's also interesting for them to go through your logs And actually confirm you're doing the things that when you filled out the form for your Risk that you're doing so I I think we're gonna see a lot more about that Yeah, our insurance company asked do you have a hardware firewall? Yes, and that's all they wanted It's they focused now The insurance companies are getting smarter about this The reality is Where does the bad stuff happen? It's the end points. There's a reason people focus on the end points There's a reason I focus on the end points because Once you focused on the end point, what happens what look through differ reports If you're not familiar with differ reports, these are the debriefs for cyber security incidents And you'll notice all these talks specifically the one we started this entire live stream with what are we talking about here? We're talking about everything that happened on the end point The sock team and the full monitoring and full packet captures are all Rewind events of all right. We see this event on the end point We see it reaching out to the c2 server How long has it been reaching out to c2 server is the question we're going to ask the sock team? The sock team goes that ip address started beaconing and this time. Well, cool By the way, sock team didn't alert you on this c2 because they didn't know it was a c2 solar winds was a The incident that occurred with solar winds or ryan think about how many Companies use this how many companies were asleep at the wheel that all had sock teams all of them They all seen the data flowing being exfiltrated. What did the sock teams do? They were great. They were excellent help once we discovered the solar winds or ryan hack and Rewinding how long they had been in the network, but they didn't alert us to them being in the network Think about that and this is played out over and over again So much of this has to do with you start with the end point because that's where the action is Then it's great to have all that logging and be able to put an ip address into your log server and go When did this ip address start having interactions with this end point? But almost always that investigation not a hundred percent But most of the time that investigation is started at the end point It is started by I see the end point doing something unusual based on some behaviors I see based on the tools we have based on security research something with this end point Why is it reaching out to this ip address and then you'll go through your logs and figure it out So That is why you spend so much time you focus that Oh, yes, once a year you have to fill out a 20 plus page q&a for said insurance company It's a two hours a day, but it's only once a year. You're not wrong and it is tedious for sure Yeah, that's uh definitely true here I love the idea of explaining my customers that logs being collected a sense of people I don't even know for insurance folks Yeah, what could go wrong if an insurance company Was now collecting all the logs and has more information I Man one of my favorite things and I have to go through unfortunately. It's kind of I know where it is But I'm too lazy to go through and find this When we were doing with me and a couple of my friends that work in security We're doing how they got hacked another channel we had started and for now It's all on pause never say it's over because we always like to revisit things eventually anyways One of our favorite stories we covered that we were just blown away by and the links are buried within there was a group of hackers that instead of going through And contacting the companies they had hacked they reached out directly to their insurance companies So when these companies realized they had been breached or ransomware They call their insurance company insurance companies goes. We're already on it. We're already negotiating And this is how brazen some of the threat actors have gotten is to the point where they were Well interacting with the insurance companies because that's you know, why why waste time? We already know who's going to put the dollars on and who's not so they would call the insurance companies because Yes yes Oh ray excel sheet name domain passage really I mean Here's the problem You always you've heard truth is stranger than fiction That's because people writing fiction have to strict to narratives that they think you will believe the truth is well reality in general does not have such narrative restrictions as Something you think would be really dumb and happening therefore truth is always stranger than fiction in case you didn't know Right, right. Yes Excel sheet name domain passwords. Well, of course it was named domain passwords. How else will we find it ray? I got nothing on that. I mean convenient. That's my favorite part 30 years ago, if you wanted to hack a net uh network server, you just booted in the DOS Yes, they did require physical access and if they had yeah Yeah, if you have physical access, I mean we we only in more recent years thought a lot more about encryption at rest Is IBC Becoming a big topic. It's one of the reasons we take the time to encrypt our VMs And someone asked me like well tom if you encrypt your VMs, they're harder to boot because you got to put a password in I'm like That's the point But tom that's really inconvenient and I'm like it sure is and like I don't know where to go from here because there's If you want to make sure not only your backups are encrypted But if you take the time to encrypt a bootable setup so your VMs if someone were to somehow Breakthrough layers of encryption to grab said backups the VM itself does not boot without the password These are just inconveniences, but encrypting data at rest is how you mitigate someone physically taking your servers It is a very real threat model. Um, you know, I I think deeply about this Being a youtuber who talks about security. There is absolutely someone painting a target on my back going that guy He makes me mad. So they go after you. It's kind of how it works ah there is Yes, uh Yep, yeah, I see. Thank you. Ray just uh, ray had just sent me that. That's my phone going up. Ah, yes just I know it is Ah crazy crazy crazy Um, if you look ray too is I retweeted that as well. So thank you. Um, you're not wrong And for those who don't know me and ray talked about the octahack. Uh, he's there's a video I tweeted just a couple days ago. You can find a link to it. Uh, I've shared it on linkedin Uh, ray is a personal friend of mine and also a person who's well versed in tech and security been in it I think about as long as I have raised somewhere around my age Uh, please don't open me that xls with a better better name. You're not wrong Um Network canaries, they're pretty neat. I don't I have my own stuff set up. Um For that I've talked very little about it on purpose But yes number canaries thinks canary being the leader in that particular market. Yes Um Pop with drive encrypt You know what ray This seeing that tweet is what brought the whiskey out. So we're not gonna lie, man. This is uh There's I seen that I'm like, of course they called it domain and I was just like ranting about it And I was like, that's how this whole thing started. That's how this silliness began. So Uh Have people targeted me? Yes. Yes. I've been trolled and targeted more than once. So That is uh, that is a thing for sure and thank you for the donation Uh Do you put your arm in on your personal computer? Um Not exactly because of being a linux desktop, but yes, we use We We use our tools I'll uh, we aren't uh hypocrites in that nature Well, we use linux and we generally push windows to people because linux is impractical to use for a lot of our clients But that's a different topic That's that has nothing to do with I I mean if I could get everybody on linux because it's Supported their line of business applications are certainly some advantages there, but yes You know, there's a I I do keep um as well Strong separation. I do play some video games, but not on the same Um, you know, it's not the same computer. You're not like, oh, I'm mixing this matter of fact Uh, I have a bit warden personal account for my personal computer And I have a bit warden business account for my business computer and never Shell the two meet that's an important aspect of keeping things separate. Oh, let's see Uh, pop o s. Let's go absolutely big pop o s fan here See you guys, uh simple things like disabling road access things like firewalls so you cannot turn them off Rotely would go a long way to stopping this. Um No The octahack was a lot more than that people work remotely. That's an accepted thing um The fact that they have password reset methodologies that use phone is pretty much the center around a lot of this so Yeah, all all good security has definitely some inconveniences here. There is undoubtedly You know thing that uh something we for sure. Um Let's see It i'll leave him it right here And I agree with this a lot. This is even this is microsoft's remediation talks and we'll bring this up real quick and Switch to This is right for microsoft recommendations Uh, oh crap it went to the top Leverage more secure implementations Fido tokens reduce risk and user experience issues associated with passwords From microsoft From the people that got hacked getting you know what we should do We should probably do that fido thing Whoever wrote this was probably a big advocate and they're just like Just punched it away at these keys smiling go and told you guys you should be using this You know, there's there's that person no one wants them to be right, but they are so here we are talking about it So yes, that's a um Ah, that is the thing Well, let's see Hello, let's see Can you have the article on fido? Um It's just fido alliance.org. I'll throw it in the chat here Nothing too special The other one is just me matching it from microsoft, but it's uh The how fido works is on fido alliance.org. You can it's well No good protocol should be secret the um Um Security has to be transparent. You have to completely trust it. You have to understand well, you don't have to necessarily understand the math But someone has to understand the math someone has to vet the math and a more transparent security is going to lead to a better security This is just a absolute given for any of this It's funny. I think 20 minutes ago. I said I'd go 10 more minutes, but I don't know here I am I guess as long as people are asking me questions or I have something to talk about I will continue with what I'm doing Uh, hopefully that helps the fido stuff. So Is there any more questions people have before I eventually wind on down? uh security through obscurity is bad and Yes rdp on 33 90 is not any better. Yeah, we just added instead of 33 89 It's on 33 90 No one will guess that no one really looks at the protocol that responds on the port Oh, there we go people who think closed source is more secure because you can't see the insecure code Ah, yes, if if only that was really true Then microsoft wouldn't be in the predicament they are in with all their security vulnerabilities. I mean most So much other security stuff is just a mess. You know, I can rant to I um Duo authentication that we that I was having a really good conversation With a client, but also duo authentication. The fact that they default to fail open Um, there was that right up on the I don't remember the name of the NGO But one of the NGOs um non-government organizations that was hacked was using duo How do they bypass duo? How do they get by their security? Well two things This is really interesting right up. So the two things they did to bypass duo was one A account had become unregistered from duo So they had a old credential that was not registered to duo that got them access Because upon access it asked them to register to duo. Oh, no problem. They just registered to duo so now they have duo access but The next thing you need to do is privilege escalate to A more high level account. How do you do that? Well, those high level accounts have duo How do you bypass it? Well, if you followed the duo next? Yes next yes install instructions You installed duo with its default parameter of fail open Well, the reason that fails open is if it cannot contact the server It fails open now the problem with that is, you know duo does a really good job of servers I don't even know if I've ever found duo to be down duo has an uptime That's amazing because they have redundant servers So if one duo server isn't up one of the other duo servers is up So fail open doesn't seem that bad unless unless you go into the settings of said server and you re um You create a host entry for duo so it fails close fails because it can't resolve it So they added a host entry for duo allowing it to fail Therefore fail open and now all I needed was the credential to get in and uh, that was just one of those things like Don't set it to fail open so just just just don't just don't so um GRC squirrels a great idea Adoption is the hard idea. So I think it's great. I think it's cool, but yeah, it's just Yeah, um, I don't think anyone will adopt it It's always cns Yeah, it's always cns mm-hmm Semi off topic getting a dash cam for my truck because I went down the youtube and have a whole uh cams personal security, um I I thought about getting one for my truck because I like the fact that I have it built into my tesla It's great because my tesla records everything. Um, but yeah, I I don't I I've gone down the rabbit hole too. I don't know what the best one is They're not a bad idea though. Hey, thanks for uh sharing information. I learned a lot watching the videos and greatly enjoying Awesome. Glad you were here doing that. So Yeah Fail open is a failed idea. Yes It's always dns, especially when you set it to be dns Uh Notepad and host attacks are classic. It's all you need a little notepad a little host entry a little fail open Wish companies would have a mindset of pf sense where installs most secure settings by default um Yeah I have no validation of this but someone did say that the v-fold cams are great. Um, you know, I uh I don't really know enough about the camera. So I really have a deep comment on that. So Coding while watching your favorite firewall teacher. Awesome. I I assume you mean me Going on a limb here. I'm guessing I need more questions before time wanders off And wanders off means I turn my chair exactly this many degrees. That's how I that's how I wander off I'll I'll reply to some messages Send a few emails and then I'll go to bed. That's um And then and after a couple hours, you'll find me back over here again Didn't know Kessa's had cameras on the sides the cars until they started watching some videos Hey speaking of watching some videos Who wants to watch a video of Tom's car get hit? This is fun let me switch um I I even posted this this has all been resolved But my car did get hit. So that's the thing Um, it's in my library, right? Or is it in my videos? I don't even know Yeah, so let me uh share this tab. I don't know how this will play. Let's We can find out This is uh Tom's car getting hit last year So they drive by And then they come up and uh they turn around and This is while my car's parked. Actually I'm in the restaurant and thunk whack Hit my car And this is the part you're gonna laugh the most about for so they hit my car And then He doesn't think he hit my car. She's very aware he hit my car Watch the reaction she has when she gets out of the car He jumped to that part You can see that she is unhappy. He doesn't look he looks clueless. She's like you hit a tesla She's looking at the car. He's like what? now Where this gets even funnier And this is not in the camera part here. I didn't record this. That's a dog in the in the car They don't leave the dog in the car. The dog is fine Uh They come in the bar And that i'm at and then I see their dog and i'm like, oh you have a really cute dog So I actually passed and interacted with them briefly So there's that and and then when I got outside it was raining a lot and Uh, I didn't know someone had bumped into my car. So Yeah, that's uh, that's that incident. So yes, they do have cameras Ah Yeah, it sucked But the other side it was um, the only thing they did was they hit my wheel and they took off my wrap So all they did was damage to the wrap so I just had to get the wrap re done and it was no damage to the body underneath so It took them my uh friend owns the company that did my wrap and well, they're my client too Uh, I took the car in the morning like I don't know eight in the morning and I picked it up at noon That's how quick they've refixed my wrap. So uh four hour repair time to get my wrap re done They rubbed it with the wheel and it just peeled all the wrap off the car Um, they're insurance paid. Uh, they're insurance paid. So that's it As a matter of fact, the funny part is because I didn't have a deductible on this because they hit me. Um And that's a wrap. Yes How do you not feel the bump of another car? I well she obviously was aware of it I wasn't in the car. My car was parked at the time. I was in the bar with my friends. So Is wrapping worth it been considering it? I am just gonna say Yes, I mean I think wrapping's worth it one. I have had to fix my wrap twice in Two years three years now of having my car wrapped I've had to fix it but I mean to me Let me find a good picture of it. I love the way it looks So the um We're way off topic now, right because we're looking at tom's car. I love the way my wrap looks I think it's worth it. You can't tell this is after that was hit Um, you can't tell that it was hit you can't see the damage anymore because When they peel a wrap off they could just replace a section at a time So you can't tell that there are two sections of wrap here that have been replaced. It's um It's one of those things you may not notice on the car when they replace any section, but the nose um Was actually redone and you there's no difference in it when you look at it So I think the wraps are really cool if you care about preserving the paint It really comes down to one. I wanted my car to look different That was the number one reason I wrapped it the bonus is the fact that my car has a cool wrap on it Um, then as it's gotten scratched up I've just redone sections of the wrap like that I've had to redo the nose because it got so beat up over Um, a bunch of rocks and shit hit it So when a bunch of rocks and knocked my wrap with little pits in it I just replaced the front nose of the wrap didn't cost me much at all. So there's um That to me is a big advantage of it, especially michigan, you know, we have winters and salt You're you're not in michigan. You don't have that problem. It still looks cool though I will admit too matt black looks pretty cool. There's a lot of cool colors you can do with it too Um, let me find another look It also, um, it's probably a bit deceiving, but we'll Let's go ahead and uh That's what the car looks when you're actually moving around it So it's not just one color. It's a shifting of colors as you walk around my car Get you an idea. So yeah, I think it looks pretty cool. There's no doubt about that Uh, yeah, he drove over there. He drove over there too. Yes Oh, let's see Uh, Florida has sun and salt ocean is great. Yeah, I never park. I never park in the garage. So Hmm. Yeah Rgb tesla I just I just got here. That's tom's car. Yes, that is tom's car Uh top conferences I'd recommend going to that's not easy. Um I guess you have to start with what are you what are you trying to gain before we can answer the question of what conference you should go to I mean myself I like linux conferences and hacker conferences Those are interesting to me if you're more into business growth then channel partner conferences and in it nation and other it related conferences may be better for you so The conference you go to is a direct answer to what your goal is when you're doing it. So uh, if you're interested in doing this to your mock e it is a Uh The color is called 3m flip psychedelic Surprise that's legal. Yeah, maybe I don't know Defcon now if you're into hacking defcon black hat, um, you know, we're on the topic of security so we can even talk about, um there is the, uh This is coming up this year is a hope conference the hackers on planet earth I mean if you're talking cyber security. Yeah, there's Cyber security conferences that are out there I team andrew enjoy it related conferences. Yeah, there's I mean I don't go do as many as I probably should so Talks about conferences grabs under a dream. So, uh In this is one you'd be interested in probably bronica's ohio linux fest is pretty big Um, it's been a couple years since I've been I I truly enjoyed the ohio linux fest. I like I I've been to Specifically I in 2020 I went to I was at defcon the Let's get real specific. I was at the defcon Safe mode the car hacking village Which was a lot of fun. So if we When was I there somewhere? There's a picture of tom At one of these things because that's what tom does. Oh, yeah, there we go so there's tom at the Yes, we were hacking teslas because that's the thing Me and me and some of the friends. This is at the defcon car hacking village We actually did a live stream right from the defcon hacking village These are some infamous car hackers that I'm hanging out with so definitely definitely a lot of fun Oh, yes, the roads are rough the roads are rough. That's for sure You missed a few minutes on tom's car. Yes There's um That's definitely Can we keep sharing photos of here? There's We won't just scroll through tom's photos all the time. Uh Oh, yeah, hey here we we can this one's definitely we're sharing because It's tom's car again with the defcon flag hanging out in front of the car hacking place we're at so Matter of fact, I think for a while this if you follow me on facebook This is still I think the top picture on my facebook or something. I don't know. I just thought it was cool Um, because I I got the defcon flag there and I like the defcon logo for that year. So yeah, if you um I tell you the the hacking conferences are definitely awesome that you'll meet the coolest people there all the time I think that's where I learned the most is those it's just I don't know it's just an environment where you really get to Engage with people at a different level. So um I'm a big fan of any of the hacker conferences So the uh, Ohio linux fest is probably the the big local one if you're into linux But this is something I learned today is Did you know and uh linux foundation Not this one Hold on linux foundation event Detroit I am excited about this. This is actually pretty cool. Can I find the linux foundation link? There we go There's all those stupid links. I want the linux foundation link This is um Coming to Detroit. This is by the linux foundation and uh, this is pretty cool It's in detroit. We have an event a tech event in detroit. I'm excited I I just we I haven't seen a tech event in detroit in so long I always have to travel if I want to go somewhere but right here is the cloud native computing foundation and I'm I don't care. It's in detroit. So I'm going even though. I'm not a kubernetes user I'm going to have fun there because I'm gonna go meet with some of the people I know Uh, my friend And a few of them work for the linux foundation. So I'm excited about that too. So, uh, yes We actually have an an event coming on here. So Now gherkan is another thing that does happen here and roughly it's in michigan at least that's not our hacking event Funny information from the grand rapids area. I've been uh, all the things open source Love to get involved with blue red linux conferences around the area I I think we need to and maybe I'm bad. I'm not an organizer of people I don't think that's a skill I have to organize an event But my desire for an event means I would I would back someone and promote someone who's willing to organize a linux event around here. So I will be at, um uh Penguin con You will find me at this conference I might even be speaking there because I've spoke there a few times. Um So ping a con 2022 is on and so I will be at this to to call this your usual Do your usual conference would be very unusual? Um, it's not it is a mishmash of things Um, that's the best way I can describe the way ping a con works. They've had a amazing array of special guests. My friend, Nuri Um Nuri's awesome. I'm happy to see him back there The but it's kind of a sci-fi conference combined with linux people combined with writers and literature And cosplayers and everything. Uh, it's a weird weird nerd event. So Not exactly, uh something Um that I would say is for everyone unless you're really into geek culture and I'm oddly less Into all the geek culture, but I love the linux and the people there jay from learn linux tv That's how I know him many of my friends including the ones that work at the linux foundation That's how I met them my friend who works and does some very interesting cyber security work I've met them them all of those people I met at ping a con. Uh, and it's a little Um, if you're a ping con, you also get to see wendell from level one text All right, I'll let you guys a little secret me and wendell already messaged I'll be hanging out with wendell from level one text That was that was the deciding factor because I wasn't sure if I was going to ping con and right away I messaged wendell. Hey wendell you're gonna go to ping a con this year soon He said yes, I was like, all right. I'm in Count me in because you know wendell wendell's awesome. He's the uh, I I've um last time I seen wendell at ping a con was probably about ah Three years ago four years ago. It's been it's been a minute because uh ping a con because of the pandemic has been a minute You know, we started this as a cyber security topic and we're 30 minutes off of that so Love watching ctf breakdowns great learning material and how systems are compromised. Yes, my friend John Hammond Who works for huntress and we use huntress as one of our cyber security tools is absolutely does a great job and all of that so Super cool. I'm not even sure which you're super cooling too Because we covered a lot of topics I'm assuming some of the linux stuff on there and the uh ping a con stuff, but yeah, I have uh Ping a con is definitely an interesting I've sponsored the event a couple times my well, I should say I but my company has my But I own the company. So yes, I sponsored it. Um, I used to help them with a few things I'm my goal this year is to get back involved with ping and con um Because I thought their tech track was less than it should have been Therefore, I never here's a simple rule. I have I don't complain about things I don't have intention to change so I don't complain that I don't think there's enough tech things at ping and con Unless I'm going to try to take an active role in making more tech things at ping and con So my goal this year we submitted b and j submitted. Um three talks to do We don't know if our submissions have been accepted but if they are accepted awesome and um I want to meet the new people involved because I know some of the other there's been some changing of people and get involved again in pushing the Pink pushing ping and con to the tech areas that I think it should be I don't want to detract at all from the other areas people enjoy such as literature But I would like to see some good dives into and ping and con has always been a big advocate And so the people there for open source I don't mind giving more talks and as I have in the past on a lot of open source things and topics So yeah, that's kind of my goal for ping and con all right Now we're an hour and 32 minutes in I think it's time for me to wander off and uh fall asleep for at least three or four hours I will stop doing this We're tightening the cap not listening in case anyone's wondering just make sure it's on tight I do not leave this down here. This this goes into my cabinet with my things Um Oh, let's see Is Xavier joining you in any of these conferences not that well I'm waiting to hear back from Xavier if he wants to go to hope Um, if I have a few people I know that plan to go to hope the hackers on planet earth I'll go I haven't decided if I'm going I'm waiting to see if it's someone I know because I have not been to the hope conferences before so If someone's going and I know at least one person So I'm not a feeling completely a stranger as much as I seem like a social person I don't do well in social situations. They're not places of comfort for me. Um, I usually have to know someone so Uh, so that's definitely a uh, if someone's going I may go with Xavier I don't know what Schwann's Xavier is going to Xavier goes to def con that's much I can tell you So you can if you're wondering where you can find Xavier. He'll be among the thousands of people attending def con Uh, are we at sky talk? Lots of fun. All right now that I've wandered and killed off the audience. I'm watching the numbers go down Thank you for everyone who took the time to join in Thank you for listening me rant about security. It was definitely a lot of fun in the beginning Um, if you made it this far watching it in post awesome, you've really listened me rant quite a bit so Uh, something gave me a little bit of a hiccup there, but uh, it is time for me to fall asleep. I guess I uh, Eventually there's there's a time where my energy levels will probably wander down And I gotta start this over again in the morning because I have more things to do anyways as always Thank you everyone and see you later