 Okay, so English sorry, I didn't say that before we've got an absolutely great guy here next on who presents himself as a Tech enthusiast a computer science engineer a web security geek and I discovered something else last night He is top as a as a touristic Counselor Nestle comes from the Canary Islands and he went through the all the details of the Canary Islands last night at the meal So if there's anything you want to know about your next holiday destination, that's going to be the next talk He's going to give a talk about the Canary Islands. So he's got a round one fight I don't know if he's got his boxing gloves at the ready, but we're going to see how we can survive a malicious hacker Have fun. Thank you. I Think it's going to be very easy to follow me because my English is super basic. So Hopefully you're going to understand it very easily So before starting Wrong one fight Make a bell in your mind do someone that remembers your childhood, right street fighter Wrong one. So that's the idea in this presentation My idea is try to explain how cyber security works in WordPress environment using this Here this using this driving thread, right so Let's start Who has played to this game anytime in once time in the in the life. Yeah, more or less That's more that's more normal. Okay, so let me present it myself. I don't know. Okay, I Was thinking about hacking them the organization, but I don't have permission. Okay. No worries I have a CISP certification for those that doesn't know is a security high level Certification from international one I have been working as a web security analyst that go to the security until 2023 That they'll blade off affected me. So at this moment, I'm trying to start this block It's really empty right now, but you can contact from there if you want So my my idea is to develop it a little bit more. So right now I am brand ambassador of patch stack Which is a company Focus in open source security right now is also offering a free vulnerability plugin So you want to just get into them and then the website and also you can find me in Twitter using for In in fact everything that you will find online as far are probably is me is mine because it wasn't a name I invented. I don't know 25 years ago or something like that Okay, first of all cybersecurity is a very tough subject to all of All the people that are not Technical and they are not related with the world. So let me introduce what a security analyst do or what is the security in the in the world of Digital right so what we are doing is just toward this part the information is what is what we have to work We have to protect right so Let me put that for for you So it's surrounding of the three abilities of the information that we have to keep in mind always which is Confidentially integrity and availability One of the talks before talking about about some of them But the important here is that you should get the information you have permission to in the right time and without any Modification so Integrity And about that we have to protect them from these all three fields right communication hardware and software and Above that we have the physical security personal organization that it's it's not the part of this of the cyber security I mean in this level so the important thing Thing that you have to get from this is that the information security is always taking care of Confidentiality integrity and availability as I said is it easier for you the right the information for the right person at the right moment And without any modification. So What do we what do we want to do in this talk is just to create a video game using Then the as a base a street fighter. Okay, so I will try to explain you how security workers works using this So our fourth our castle our Thing to protect is our side and we're preside as well. So here it is We are this guy that is protecting the castle We have to protect from the bad guy the Tucker And we have a life bar up there And that's when we start right so the life Sorry possible opportunities that could be interesting in them in our work precise is all of them users users Database the database itself the content why I differ between between the content and a database because some some people try to Doesn't understand the difference between them. Sometimes we sell things From our website, which is in the content, but it's not in the database. So for example Presets if you are a photographer and you are developing your soul your own presets If there are files that in the content, but it's not in the database So you can be interested of the user database and the database itself in the content Using the infrastructure is also very important for attackers because we can use website to attack others so The the website that has been used as a platform gots all the responsibility of the attack, which is nice You can be into a boat net or also there will reputation is a very value coin in this war, right? For example about the reputation. I don't know if you know who or who you are aware or are Worry about the CEO I mean the search engine optimization to position it in the first position of the of Google and other search engine So you are more or less Worry about that. So do you know that it's easier and cheaper to hire a guy who Who does black had a spam and met put his fun into the your competitors website than Working in the CEO organily It's very cheap, right something like two hundreds back was on 200 euros To hide this kind of their services so We had we will face and it's normal to face that the your Competitors depending of your in the field that you are working in Hide this kind of person to attack your side put your spine in and then remove all the your CEO to put to position it upper than you Okay, so the live bar What is in top of our game represents the capacity of protection of your side? I mean the more bar more probability of winning in a battle again An attacker, okay, it's not that they will have the full bar We're gonna be super protected and how 100% of secure because it doesn't exist Okay, but we have more provide So the idea here is to protect yourself doing this right just With our protection or our ability and so on just diminish the probability that the attack attacker Could affect that so there is some other factors that affect our life the bar and this is super important This is one slide, but this is one of the most important ones So in this game, it's defense category And that you add Will add some points at the maximum at 100% bad If you don't don't update your side, for example, but the time goes Against you always so if you get time updating your side your life are gonna low Okay, by a 5% that's something I I Invented if you add additional admins if you add plugins that are disabled, but not Uninstalled in lowers as well Lowers by month, I mean time always goes against you If you have two points in your life, it doesn't mean that you are hot It's that's mean that even a kitty any guy that just run a script can hug your side, okay? So we have more or less this scenario we have there for WordPress the life bar Now let's talk about the characters in the characters of our story We always have one kind of one man that we always call hacker depending of the culture some of some of the cultures use hacker Wily I mean hacker for everything and I always want to To express to all the people that have what they we understand as a hacker is a curious person who loves to go Beyond limits that curious person like for example any of these guys that probably doesn't sounds you but They did some kind of interesting things in their life, right? Women and men whenever we want So what is what we talk an attacker is a computer hugger whose intention is to always Enrich himself in a set of some game Why I say set of some game situation because What they would they gain you lose? Okay, that's the That's the idea of a situation of this kind of games. It's not that it's not a hacker It's not that I get someone that gains money, but you gains also as well, right? If you're in money, but also using your website orders in money, that's not an attack so Let me talk about the good guys in this game always real Ken and other ones. So Our teams in this our mates in this team It would be white hot huckers blue red purple teams security analysts Take no technical supports of hosting providers That's important because morally more or less the 80% of the security issues can be easily Solved by the technical support of the hosting provider security plugins are also in the good part And this and let's put this character as Luca Do not use the same number name That the people that have played this in this game. So look at gonna be our good hacker What happened with Luca that yeah, there are some other companies or those other copies of Lucas out there that could find Good enough, but they are not Accurate they are not good and so on so keep in mind that this is a Market full of people that try to imitate things, but doesn't really They are really they are not really good about this. Okay, so we have hackers on their own What do we say in Spanish is something like a subola? In their house and so all lonely wolf. So you have in this group great hot hackers and hack TV's for example What's the difference from the white hot hackers and the great hot hackers that normally they do good things using? I legal methods, okay For example, Anika is our freelance hacker same we can we can We can spot a lot of people out there that says we are a super good super big Hacker a super good one, but they are not okay And then we have the bad guys bad guys are bad guys and they are not all the imitation that by the guys They are the black hot hackers Cyberterrorists quick kiddies quick kiddies, you know what the script kiddies are. Yes, so any people that Download a malware Code or something like that that they run over as a website without any information and any Knowledge about the code itself. It's a quick kitty, you know more Teenagers that are the testing things and at home or something like that. Okay long wolf that Want to be want to do bad things, but also organize the teams and inside of organized teams are state-paid teams, okay, so let's separate our characters in Kami, which is a script kitty with 20 to 30 points of life bar Then we have brews, which is a professional black hot hacker with 50 70 points and then we have the general the boss which is 100 points in their life bar So you can imagine more or less the difficult different difficult to Defend yourself or defer your website against these guys. So in every fighting Game you have normally The characters the scenario, but also the move right every character has their specific moves, right? So it's important right now to explain how our precise can be infected. It's important to a specific key to specify That the infections are not in the air. Okay, so there should be a vulnerability And the reality is the whole where we just put into a exploit for using that vulnerability In a bad way and then this is when the injection happen The injection can be a final code. I mean spam Changing it something in the website like for example the payment account That's very typical. For example, you pay you get paid by PayPal or Stripe or whatever just changing the account where the page are going to Or anything in the final code, but if I insert a back a backdoor even if I plug the vulnerability Attackers can be can have access to your website. Okay, so that's the bad the worst the scenario This is a general scheme of how a website loading works. Okay, so let me Give a little a little Work around so we are this person who use a device And when we use a browser and we open at any domain is in Spanish, but you probably Can relate in English when we just type of a domain we go to through a DNS Servers the DNS servers says us. Okay, this domain has this IP and then you see this IP We connect to the specific server and the server say how you need this website. Okay, this website is in this folder and this folder I have PHP code and inside the PHP code that we say that the we load some database things and then we Return the information to the browser, which is HTML CSS Yes, and media media is sounds picture or whatever. So any of you can spot which is the Any of the part of this that can be attacked Yeah, someone someone valiant All of them that's the correct answer all of them are possible Points for an attacker and the weakest one That's that's true. The way the user is the weakest one. Okay, so there is something like social engineering, which is the Most of I have used it way of attacking anything right and easy the cheaper one You can invest a lot of money to protect anything any infrastructure you have that the people that operate inside of the company is the Way to get in without spending much there much money. Okay, I don't know you remember Famous nuclear station and that was Huckett just throwing up and drive into the Into the the place because he's super protected with a lot of security them that they throw up and drive Use of a stick Into the place and someone just got it and connected into a PC inside of the nuclear station got Huck super easy and We can mention a lot of example like you were last year and some of them okay, so It's important that everything we need where you use is has to be protected for example in this in this Scheme again, it's not also the person but also the device can be hug the connection can be hug if you don't have SSL Certificate and so on we're gonna go through these attacks or some of them at least so the first one Fishing and Spang as I said is super easy. So kami our script kitty is the level of this one and the description is injection some kind of Misinformation or whatever inside of your website. So even for capturing information from your website So your reputation or even information could be leaked sorry So for example in this case, we have a website website which the attacker who managed to put some plugins to some some fake plugins like low-end wall or whatever and the Jooms yes What kind of something related with Joomla could be inside our press. So inside of the June GS Plug-in you can see that there is a mimicking of a kismet plugin, but there are some others a fake A malware installed like here, okay So those that puts up suspected and also there are those that have numbers are bad So I invite you to check your plugins folder from time to time because if you find any of these They are super fresh because we have seen a lot in the last year if you have any of these probably have been hacked Okay, the BP LAC random charts task controller course top core engine BPC all plugins inside of the blinds The same in themes cell theme classic all themes within the themes themes Folder is because you probably have been hacked in any way of the span and fishing way, okay Another attack brute force and dictionary this happens when you use password super weak password or you reduce your password from other sites What is the most typical way of getting inside of our website? Just get into the dark net by bundle of website of website login password things that are there because of the leaks and dropbox in Adobe in Any of these services and then test all of them in the website you want to attack in a 30% of the cases you can get a hit 30% So I invite you to check in the Wikipedia the 10,000 most common password thing So you will be surprised that there is a lot of the past there that you have been used So it's based on the one you use and so on also. I recommend you to check there have I been found website where you can put your your email address and See if that email address has been involved in any of the most interesting most important leak in the last years so if it is if there is a heat in that website of Using your your login Address I recommend to change them the passwords as soon as possible Okay Excesses attacks at the end it's represented as a redirection you when you get into our website You will see something like you have win something or you can win an iPad just answering a stupid question Or maybe it's asking you for allowing any kind of control in your browser to check that you are not Robot and so on so this attack it Should be neat a little bit more Expertise right is using Any kind of exploitation in your website that they can introduce for example JavaScript code inside of your database or your code It's just that easy something like okay So we load the index PHP file, but also there is a file at the end of the file That says something like load this JavaScript code and this JavaScript code have a redirection to a porn site or a viagra selling whatever and thing so New vulnerabilities discovering new vulnerabilities is not at the hand of everyone so it needs a lot of Level of skills To protect it from there. We're gonna talk After so man in the middle is one of the classical probably most most of you knows this attack is when you are communicating with a server or with a Service and there is another one that is interfering all your packets of communication from you to the service So what happens if the communication is not encrypted that the other person has the information that you are transferring to a service, right? So that's why SSL certificates are important because SSL certificate guarantees that if there is a man in the middle Which is something that we can't control doesn't understand anything of what is being Transferred right so affects mainly to the communications We can see here a Little scheme of how it how it works, right? So you think that you are connecting to the web application, but in fact it is not you are connecting through a service in the middle, right? This happens also in the way of Dnes poisoning, right? So you are asking to a Dnes for a direction and instead of giving the real direction It is giving another different direction. So you At the at the end you are just being directed to a fake website a website instead of the good one SSL certificates helps a lot here Okay, DDOs or DOS Disabled service, right? The negation of service attacks. This is not easy because normally you need a lot of connections to Affecate a website. I don't know if you you know why it's a DOS attack. No, okay Let me go directly to the graphical Explanation is you don't understand, right? So DDOs attack Attacks normally just is how over fluid of the service you want to Put down, right? So in 2016 this happened with a little service in in in San Francisco All of them are little devices around the world attacking just one side So the site got overload and got down these affected to Netflix was Facebook all of their service because that service was used by all of them But it was a little service. It was around about Dynamic DDS something. I don't remember exactly This also was called the first DOS attack using Internet of things because the origin of all the attacks were CCTVs cameras out there that were manufactured by a specific Taiwan company that Haven't protected their their control. So the hackers may or the attackers might Might be able to inject a Saturday infection in all these cameras. So all the cameras loads and a specific date this website just putting it down Okay SQL injection SQL like the injection at the end WordPress depends of SQL because they they use it Now there are some projects interesting products that are trying to use as SQL elite, but at the end SQL is the Language of the database, right? So anything that we can manage to inject in the database is an insecure injection this can be done by People with some kind of skills is not easy because at the end you have to be inside of the site to do this but It's not that difficult anywhere so ransomware ransomware you probably have Heard about this when we sequestrate the information and we ask for a payment for that Okay, it can be done by a professional one Correcto mining is when we use we inject something in your website that mines Any crypto using the users visiting? I don't know if you have Happened that you visit a website and suddenly your laptop they started to flow a lot of air They start to be slow and you were trying to Scroll down and it was super slow and if you was Curious enough you can open the the task manager and you can see that CPU wasn't 100% and so on right So that's probably because there is a criteria mining a JavaScript inside of that So the idea here is use any user that visits their website to mine crypto And the boat note and the boat note is just come transfer a website in a note in your In your network, so you can attack others like videos attack or whatever last year and Geneva I made a Talk about favicons using favicons to transfer a website in a boat note Okay, about note is like this I have a bone master you have a lot of WordPress infected just like a With a little favicon in your website that you don't know and then you can use it in any way Fine and the last one cross-site contamination. That's super typical as well How many of you here in the in the room have in a hosting provider the three or four five for WordPress sites or different sites in the same account Probably all of you are more or less more you so keep in mind that if you get one of them attacked all of them for and known Wolf known firewall gonna detect it because it's an internal infection, okay So it's important. I mean, I I'm aware that it's not it's not easy if you are a little agency or whatever to make an account for every Site but I recommend to isolate any of them in a different Virtual machine or in a different account and a different server whatever Okay, I invite you to visit this website, and I don't have to hear Wasp sir or wasp Project I haven't put it here have a top 10 Top 10 attacks that are famous in every five years, I think over every four So as you can see here in the 2017 it was the injection The most abused one second the broken authentication and so on And some of them merged in some others, right? I would like to some of them I have we have commented right now But I would like to mention the broken access control, which is what I mentioned before of reducing user password that has been leaked in other services and Security misconfiguration, this is important But it's something that you may not be aware of of that because you are not an expert of this insecure design and This one the a6 Components outdated So it's so important that you update And what about chat GPT any of the tools that we have right now? What about efficient intelligence? So in our world we say that is an artificial intelligence conundrum I mean every tool you can use to attack my side. I have the same tool to protect my side So there's no issue at all What's the problem the faster you are in applying this kind of tools inside of your website? Okay? So we have been the attacks we have go now through defense as More or less the gift represents is a matter of experience normally, okay? so We always laugh with the joke in a cybersecurity that cybersecurity or security itself And backups are the typical things that you remember about when you already have been hacked Okay For fishing and spam the best defense Some ability I mean some knowledge what this is why what we are doing right now I'm a front-end monitor front-end monitor like for example. I don't have here side-check from Sukuri is a front-end the monitor that you can put your domain there and I Will I will put that in later in the in other in others like That can give you an idea of what is happening in the front-end, okay? brute force or dictionary attacks having a waft will help with this help a lot, so Only also having a limited login planning will help a lot Having a waft is like it going out when when it's raining without an umbrella. So if you don't have an umbrella, it's Stupid right so having a waft is the normal situation that you should have in your website when you put it online If you put online a website and you don't have a waft you are Doing something stupid from a point of view a waft. I have I haven't mentioned before it's a website Application firewall. I mean it's not the firewall that the hosting providers sells to you because it's not a waft That's a server waft. Okay a Waft is a specific firewall for web applications. For example, this is a typical A cloud framework cloud firewall because there are two types inside of the website or outside of the website So this is a cloud framework, which is outside of your website all the traffic come from the left To the firewall not to your server to this firewall the firewall just analyze the connection Has a lot of knowledge inside and if they find that it's Dangerous, they drop it and if they find that it's okay, they then hit your server Okay, so they clean a lot your your connection if you have an internal waft the program if that the visitor or attacker Already hit at your server. Okay. That's the that's when the waft pops up and say, okay Let's see if you your intentions are late and then you can get into the work site But you are using the resources of your your your server. Okay Attacks excess attacks just the waft service a lot, but also something that the Is not very well known has a very bad reputation But it's at the critical tool for that is files integrity scanner file integrity scanner is a scanner that says hey This file has changed it in two bites or something like that Okay, so it can make very it can be very noisy a lot of files change from time to time Especially if you are doing an update or something like that, but this a scanner Will clean the typical ones and try to show you how which of the changes are really important But it's important to have for example plugins like warf and so items. They have files integrity scanners new remedy important is the waft because at the waft is Getting all the knowledge of the previous attacks and maintenance Mind the middle as a cell as I mentioned before Since you have a cell any data that adept or if dropping a guy with any kind of intention can Can be protected again can be rejected, I mean communication If you have a VPN happens the same but not with a connection of a service with the whole okay, thank you with the whole With the whole process process of navigating, okay Did you also talk the waft this is going to injection waft and check in the logs that's something change Run somewhere. I mean I'm going a little bit Speedy right now because all of this is gonna be online so you can download and Study separately run somewhere. The only protection from ransomware is backups. It's the only with the guarantee Backups So if you did have a backup, I don't know three days ago You will find this in this situation You probably have seen this movie and you have the same problems You can go back try to fix something, but you missed all the things that happened after that And you have to go back and you don't know when you have to back to go back You don't know exactly the point when you inside got infected. So you have the same problem as this Movie field, but it's important run somewhere. There is no doubt there. There's no the Protection about that. There are a lot of tools out there that say hey we protect about ransomware So why but the only one that right now is effective is backups Okay, okay to mining just checking logs and open channels to hear your users because if your users are there The target your user should be how she'll have a any way of contacting you, right both nodes same What often logs cross-site contamination as I said before there's no other way of detecting an Infection an internal infection Than the file integrity scanner something change it You don't know you check the file and what's this then you know that there is an infection, but there is no what there is no Maybe the logs but the logs will be a very noisy the maintenance anything, right? Okay, let me summarize the fence list category, right as We said we saw what is very important in the mostly all of them of the attacks So I give 40 points Monitoring just logging a scanner triggers 10 points Backups you having a good a good strategy even it is super important for example for ransomware I give it 10 points as a cell certificates then another points Maintenance hardening and so on it's important having someone or a company in charge of these 20 Points and the expert is your knowledge that the way the human expert in say instead of I mean Automatic things 10 points if you sum up all of them are 100 points So having any of the of your measure of the defense in any of these categories is important so the final part of Any fighting game is the combos. There's not only the That you know how to attack and how to defense but also the combination of some of them can make a most for more powerful Things but it's important that we take in keeping mind this formula this formula is one of the things that are most important here in warpress It says something like each cost of a web down Will be always less that the each cost of a web hack It means the cheaper recovery of a web hacker will be always always always much more Expensive that any cost that you can get from a work a web down because an update or something like that Okay, so always a hack in your website will be more expensive It's also important Sorry, it's also important that them your website is like in this isometric image It's everything that you built from there to rain up So if you build about building you with if you build a lot of work a site like a like little houses And so on is in your liability in your responsibility of the site owner So they have that information security of the site I mean is you are the responsible that means that if you have a leak and the leaking includes some Sensitive information of users and so on you will be The one who be fine But the GDP are by the DPA whatever Less than that Below that there is the hosting provider. It's the platform where you start building right and that's the the the company that's A Responsible of the network hardware, so operating system and so on right If you want you can check what is the word press doing in security matter It's important that the word press is super aware that is one of the most attack Cms and they are doing great in this part So you can check this This website to know what is what they are doing. It's important also to know that word press out of the box It's super secure. The point is is that it's super easy to make an unsecured word press after it, okay? And that is on you my combo I Recommend to have a cloud WAF CDN You can use Sukuri or clover which are the most famous ones security plugins with the second factor of the indication You can use war friends in the free tier I think security I Recommend to have fail to ban or log in limit logging attempts, which is a plugin that limits The quantity of times you can get try to log in their website and any kind of Capture a plugin I recommend capture for BP, but you can use any of them It's important also to have monitoring Solutions Sukuri provides some of them, but also patch stack is a It's like a plug-in vulnerability Dashboard that helps a lot with the vulnerabilities and have an internal WAF if you pay for it It's important also to pay attention to the hosting where you or your website is Because they gonna provide you by using this. I mean the SSL certificate the support Gonna help you in a bad day if they made backups There are a lot of hosting providers there that provide backups So you can you have you can be covered in that way. Also, there are some Hosting that provides managed plans. Okay, which is something like, okay I don't have to take care about anything about plugins or about whatever so they do I only have to focus in my job or in the things I want. I like and backups for backups I recommend if you want to do that ball press using jetpack Block bolt updraft or if you are expertise enough just Develop yourself your your own solution My I have three slides more The important of updating is important because it's a security patches and the security patches always come after the exploit So if there is a security patch it because someone is using is abusing the vulnerability that it covers It's important also because of the this third point Overwrite your code with trustworthy code when every time you update you don't change Every little thing that changes from the previous version You just remove the plug-in remove the WordPress core or remove the team and put the new one So that's a that will help you to assure that the code now is clean or at least that code and More or less 70% of the of the tags actually attack. It happens because of the outdated plugins and themes About passwords just only to say that the factors there are a lot of factors of dedication Normally, there are three something you are something you have and say, you know the problem is that the more factors More secure but more complex something that you have to think about and that's all with this come You can do the key all And when they battle game over Thank you That's all I Think we've got a couple of minutes before we go for lunch. So if there are any questions in the hall there's one over there Hello, I just would like to make sure that if we spoke about SSL, I think you mean TLS, huh? cause I mean of obviously right now then the Certificate the SSL new version is the TLS, but there are some other some a lot of legacy and connection is still So I normally say SSL, but of course SSL and TLS because I think it's important to Understand that SSL is de-grabbed it till as one Dot zero one dot one also. So you have to make sure that you use TLS at least one dot two That's all my decision, but I agree Noted. Thank you Are the questions? Or are you all too hungry for questions? I hope I haven't bored you enough Another one. Hello This is a kind of more technical question From my point of view, you should always prefer an external service for a web application firewall than installing a security plugin such as Word fans or anything else as you mentioned because of the same source So the load on the server will be the same and we always have in my opinion quite big Performance impact in the normal situation as well. So what's your opinion and generally when would you use? plugins such as security firewall word fans or whatever Because it seems to me. This is just like if you're not able like to do Let's quote it Real security on a on the right level. It's better to have such kind of plug-in, but it's Not like that the proper solution if you can do it. Otherwise, is that could you say I would question because From a point of view they are Compatible so at the end you have for the external waft So you don't consume your own new resources and you clean the traffic that hits your website But at the same time it good to have in there inside of the workers because some of the attacks can be through can Can go through they were in the firewall the end the firewall Sam uses the knowledge of the previous attack to detect the new one. So maybe new ones Are not detected, but maybe something triggers Anything in the in the internal waft the internal waft will have less work to do if you have a external one So the resources are not going to be so impacted for example near videos attack an internal waft will make your say your site You know an available because it will try to analyze every connection and so on the resources will be Will go high and then you'll get it down So having the external one can filter that and then the connections inside can be analyzed within a normal range of You know performance so for in your opinion an optimal setup would be to use both. Yeah, but depends of depends of The target the website to protect it There is a maximum inside office of cyber security is don't invest much more money in Security seeing something than the value of their website, right? So if you have a blog a personal blog and then internally you don't have too much content and so on with Internal waft is okay. Keep in mind also that External waft will need that you made some some modifications in the in the Dnes, right? So making this is not also For some of some of this Stacks, you know, especially if you have a company that have an IPA We have some other products inside of their website Depending, right? So in a general status if you can afford it and The content worth to you is better to have to both Thank you very much Any further questions? The most dangerous instrument seems to be the man and In psychology, there is Kind of science profiling Do you do also profiling against the bad guys from North Korea from China from Russia? Yes, there is there a psychology of bad guys That's a that's a good point. I mean, I'm super fun of psychology and I'm super fun I'm not a psychologist, but I love it and I love to make profiles by myself There is nothing I mean at my level. There is nothing Official that makes that the group's effort to make these kind of things, okay, but it should be I mean from a part of you I Invite you to get into if you are a psychologist You know someone to to get into this part because it's super funny. I have a talk in Spanish that is talks about How to identify who is behind an attack just based in the way they attacked and it's funny because you can Identificate in the code if it is a script kitty if it is a organizer team if it is a lonely world it is was from China Russia or some of them. They are some clues that After a lot of years check in these kind of things you can train your eye and your mentality to understand More or less who is behind but it's super interesting field Okay, I suggest we leave it at that. I'm sure there is another question. Sorry Yeah, your combo shows this CDN as I don't understand now right now what is the benefit for using a CDN for The security of the website That's a good point. I mean CDN is not It's nothing related with security dearly. I mean even in some Situation it can be something bad because you change something in your website But until the CDN is not updated you will find your side still Infector or Vulnerable But the the main point of that is that's why I put in the interview brackets Is because it's something that makes your website a speed or more speedy and not available on you at the global level Right and it's normally attached with a WAF at all. So that's why I put in brackets But the good part is the WAF not the CDN Okay, I suggest if you have further questions this tool is going to be around today We've got a one and a half hour lunch break now the restaurant you've got to go out of this building and Just walk opposite. It's the building opposite and as said The fish announcement this morning was in April the first joke. So there was a view who've announced The first one Thank you very much