 Welcome to how they got hacked episode 2 with microphones with microphones featuring microphones featuring microphones We heard you now you can hear us now you can hear us back And Tom Lawrence Xavier Johnson more recent ash. All right, so we are here to talk about how they got hacked We're still figuring out how we're gonna do the show format But we'll jump into it our plans to cover some security topics talk a little bit about them In recent security news because our goals to keep this episode weekly We didn't mention it last time I realized after we're listening to it We didn't see plus one's the next one and I'm like well, I think it's Friday, but someone had to move and you know things happen So we moved it to Sunday, but we're going to try to keep at least a weekly episode out there We were lining up some guests as soon as Tom figures out the technical challenges of doing remote people That's something we don't do very often not in this type of setting So I want and I want to do it right so make sure that they they have good audio too because we don't want to go Hey that remote session couldn't hear the other guy, right? We're doing some testing with that so we can get some guests on But let's just jump into some of the security stuff So we we dropped we just before the show we were you know because it didn't it kind of just came together And then we said hey, did you see six tricks got hacked and all happened the same day We didn't have a lot of information and we still don't have a whole lot But there's some speculation and apparently citrix was pwned for Perhaps much much longer than there Than the fbi knows about So the history is citrix gets hacked apparently I think it was six and a half Does the terabytes was actual change some large number Large number of data. They're claiming six to ten terabytes. Yeah That's a that's a lot to fly out of your data center without someone going. Hey, hey There's a there's a lot of data going by you backing something up. You know someone should have asked a question Citrix also sells the a sim tool by the way um Yeah, someone pointed that out that they have some security tools. Whoops. Good news is citrix is not using your own internal security team Which is good, but uh the speculation so there's a company called uh our security They they made some bold claims, but I don't know how exactly they're backing up There's a back and forth to whether or not these people are just going to get themselves in the news and get noticed And get their name said By making the claim that they claim they told citrix in december that they were honed That and then citrix denied it then citrix There's another person that says they're going to make an announcement about that So we're still speculating a lot about it But um, it's just very interesting because even a company the size of citrix. Trust me. They I don't think that they're inept You know what I mean? I think they do care about security. They do have a knock team. They do have a security team All right, um They think that they had been in there that long, but here's my speculation And what do you guys think when the fbi calls you and says that credential stuffing was used Wait a minute here. How does the fbi know that citrix was honed at all? How does fbi know unless Because citrix is a government contractor and the fbi found their data somewhere that shouldn't have been Or someone made a call say we got this data and the fbi investigates and says Citrix is the person who holds onto those contracts that you seem to have information on that you shouldn't That's a speculation. I have not seen but what do you guys think? Isn't that usually why the fbi calls I would say anytime that the fbi called is because they've Just investigated something right and I'll just leave it at that level and uh somehow some way they want to inform you of your involvement all right, so Uh, yes, it seems as if part of that 10 that six to 10 terabyte data dump had at least Some amount of uh personal data to someone That either a was being investigated by the fbi because hey the fbi could be leveraging this data They may have their channels to be able to get a hold of this data and just feel like it's a courtesy to let you know Citrix know hey, you may have somebody bad in there. Um, or be it could be fbi data that Did get x filled. What do you think mo? Well, the article says that uh, the data that they stole was focused primarily on the aerospace industry Uh, the fbi nasa and saudi arabia state owned oil company and that's from min gadget Yes, there you go. So there's a lot of speculation here But i'm just throwing it out there that when the fbi calls like this So there's some validity to it and it's the challenge of are you pwned Watching the knock even the company my size, which is small. We were looking at some data streams before I got here I'm you know suspicious of everything and Verifying but boy when you talk about the scale how many endpoints or even the job the Xavier does during the day Looking at data. There's a lot going on. It's it it's really tough. That's a Yes, and a lot of the vendors today are taking Interesting angles at um, you know telling you if you have or have not been pwned um, and the data that's there is very, uh It's massive right like there's no way that one human or even a team of humans Can filter through it and so as the the red team are in me. It's like really really giddy about this Uh, but the blue team are in me is like extremely worried in how lacking we are right now in cyber security and our Advancements and comparative to our adversaries and how you know a tool like mimicats Which was used in the citrix breach is still effective Like how like yeah, well, we do you know mimicats was using that one I was at the ibm one because the other one was the star way. Oh, I think yeah, we're gonna cover that next Don't worry. That was starwood starwood. But still mimicats is working with star and the starwood's breach That's very that's just as recent. It's just as recent. It's a it's a serious problem credential stuffing Uh, did did we know how they got their hands on passwords? So this is the part where not they sound like they reuse passwords Which is just a never ever ever reuse passwords matter of fact if you follow me on twitter I had a really great tweet that I don't know who wrote this application It was a screenshot and I got passed on or read it and re-shared a bunch of times But it basically says we may not have taken security very serious Please don't use your banking password in this application And I just think that's a great way every app should say that because that's mentally every times I put a password in something I never use not just my banking, but I just come up with a different password And I can't remember all these so I use last pass not sponsored or endorsed by last pass But just don't out there would like to be but if yeah, if you guys want to sponsor this channel I've done a few videos on last pass people are like, but then you're holding your credentials in one single password manager Yeah, but the worst case is the Citrix breach where someone repeated the same credentials or People come up with password schemas and how many times you took it a password list and seen a schema and go Hey, wait, they they call their their password is password with the capital fb That must be for their facebook one So their google one is probably just a go and so on and so forth people think they come up with clever Look humans aren't designed to come up with high entropy passwords As a social engineer I deal with that a lot weak passwords It's actually in the citrus attack the early attacks were from Weak passwords at the attackers guest. Yeah And it guest or took some of the have I been polled password database list and that has made They refer to it as rainbow tables that has made attacking so much easier I just take these password dumps that you can find you can download the entire torrents of these databases With tons of passwords in there and you just try them and the first hundred often yield a lot of great information Or if you're like me and you don't want to ever have your ip address associated in time with any, uh, You know visitation of said website You just go to vegas the second week of august at def con and you take a few, uh, you know Take a few terabytes and they'll actually just give you password lists bring lots of flash drives when you go there Yes You can get lots of stuff the the data duplication village is extremely interesting if you uh If you ever are interested in getting your hands on data, you may never be able to get elsewhere Yes, and not have an ip address associated But just visiting def con probably get you on a different list. That's a whole different But it's a big list at least right and it's a fun. It's a fun list of fun lists your monk's a lot of friends But related back to the, uh Mini cats in that so this is this is where that gets interesting This is the starwood hotel testimony. By the way, we'll leave show notes below for everything we're talking about here and normally Reading transcripts of government testimony sounds like a arduously boring process But i'll i'll save you the whole read and cover the highlights So Accenture which managed guest reservation database connected that contacted marriott's it team information about guardian alerted on september 7th Now i did not heard of the guardian tool. Uh, apparently it's a cool neat interesting ai system essentially By ibm so it watches databases and watches for actualization And we're actually kind of impressed by this because i didn't know this tool existed And boy, this is a neat tool if you're a company and running a large database Guardian kind of creates a baseline and go this is what the database on the day-to-day looks like these are You know in the case of starwood hotels. These are what's your booking database? It's seen queries being hit against the database that are not the normal queries So it out of baseline which then alerts the person go Let's ask questions wire wire is this and it's not there wasn't a data actualization Command it was a query for a count of table And that's something that normally wasn't needed by the normal database interactions and day-to-day And they contacted one of the developers and he says i didn't do that Well, that's at that point is when the world came unraveled So this actually offers a couple pieces of insight one starwood must care a lot security because they purchased a Device this is also why it's so scary when you purchase from those devices because Have i been pwned i don't think so oh boy this device is gonna Plug it in Yeah, so these are some of those things. This is the same problem with running a knock team and stuff like that Is trying to just establish a baseline and look for those anomalies that pop up and try to find them And uh, this was really cool. So this goes to the me me cats. This is the next part This is under page three section c in early october 2018 investigations found systems evidence of mailware including me me cats And please note that's october of 2018 18 now this tells me That they didn't care as much about security. So someone someone got sold on a big expensive product to buy that Notified is something but uh basic security hygiene would have found me me cats. What do you think? I totally agree. Me me cats is like super low hanging fruit and describe what me me cats does And so me me cats is a tool that will examine memory and be able to pull things out of memory such as passwords Right such as secrets. Uh, so that you can uh, you know further leverage or attack Um, the fact that this was happening and no one uh saw And not to mention that um, you know within an environment Even if you're not moving laterally and you're using a tool and you're just connecting the one machine And you're pulling data off of that machine that data is going over a wire There should be some sort of like I said d-pack an inspection some kind of inspection on that traffic That allows you to be able to see that it matches a signature of what could be you know secrets or That it's you know at a at a time of day that's non You know usually that this type of activity usually doesn't happen in right because You know most of the best attackers in the world Work in the uh the c e t right? So So that that time zone is a few Lots of hours ahead of even the earliest time zone in america, which is the eastern time zone Right and they that's it goes a little step further to that's one of the ways he uh figure out attribution And they're trying to figure out who did this to look at the time zone and go well Who's awake at that time granted that's loose attribution But it's a assumption that might be made but the other thing too is I don't think there's an antivirus out there Even microsoft's antivirus should pick up memecats. I mean it's yes. It's an old tool. It's not like windows defender Windows defender like the very minimum And this is also where there's other tools that and we use ourselves huntress labs Is a ebr system and what they do is huntress labs sees new startups and does a signature on them and go Hey and alerts us of this. This is a tool we run for our clients like there's plenty of tools out there More than the antivirus that starts looking for these things because memecats would have had to run in startups So why aren't you sanitizing what's in the startup on windows? There's only so many places that the application startup could have a list These are the type of security things that need to be looked at like especially when you talk about A developer who has that database level access that many memecats is able to extract the credentials from Dude, you tighten down your developer stuff like really that's that's just good security hygiene is keeping your dev team in check They want all the privileges in the world, but you only give them Least privilege on up principle of a lease privilege Yes, that is uh when you're when your assist admin there is your dev team is uh Just as scary sometimes as the end user because just because they're developers just because they're good at writing code Good at doing databases Does not implicitly mean they think in secure terms all the time They're focused on writing quality code writing. Hopefully secure code writing efficient code But their personal security because they're developers. I mean, they're a strange breed of people who wants to sit on a computer that long So true Yeah, they want to spend 12 hours a day coding But do they do this securely? Um, how do they do that? So It's a lot of things especially because I the ones that work from like a coffee house scare me sometimes Oh, those are my nevermind The social engineer here's going I might have met a few of those Because they're not thinking about someone's shoulder Just shoulder surfing a password and seeing what they're doing and things like that Shoulder surfing is real Yeah, I mean, he'll tell you and how many times you go to these It but I I do like, you know, we got we work We got some of those places, but how much information comes out of we work that you could uh Walk away with out of there. I just need one invoice I just need one invoice and maybe an iCow just so that I know when you're out of office so I can Do what I need to do to scare you if you get what I mean allegedly allegedly Just beware of the guy that keeps getting up coffee. Yeah, just beware of the guy that's outside With the sign that says we'll work for food because he might have a rfid clone or no So be aware every single person you meet Well, and this goes down to and you know, like I said, we don't have this These are the little pieces of information I think would have been more important to testimony It doesn't say, you know, obviously we know it was a dev ops person that maybe catch was able to mimic But were they work from home? Where what are some of those details on those ones we want to do We want to get more information on some of that to cover it because that's going to be very interesting Because this is how they could have prevented it because it comes down to some of the most basic One they have a basic tool on there too This is some basic stuff here if someone Was able to get a hold of laptop while he was at Starbucks waiting on someone to call his name wrong Because he left his laptop open They also have to do is follow the guy around find out what he works for pop in a usb Real quick while he's getting his coffee And he's got me me cats You guys lost an entire database with an untold number of names because one person gets a coffee Some of these hacks are that simple. This is a little bit speculative But it's one of those reasons it's so critical To keep on your dev team and make sure that they're following security practices and you lock down their laptops right And endpoint hardening and endpoint protection is extremely hard, right? And so a lot of organizations, especially small to medium organizations, they're focused on their product They're moving and agile. There's no more waterfall, right? So people are trying to move fast product developers are pushing for new features um, you know, so so you you have this entire Uh, this this quality versus quantity issue where you know, you can knock out a bunch of features But how quality are those features have they been tested once the last time they've been tested You know, what are some of the hygienic processes around Development, right? So uh rotating your secrets. That doesn't mean just passwords. I'm talking about secrets Sometimes certificates need to be changed like right like every every year at least bermanently You should be changing your certificates certain types of certificates I'm sure somebody will meet me in the comment box and correct me and I will learn from you But uh, you know, that's start that's starting to become more of a hard Uh thing to tackle because people are moving away from traditional it Right. Yeah, starting to see more and more MacBooks inside of the uh, the the corporate environment on less and less PCs And you're starting to see more and more remote people where you know, they're connected to the vpn from home The vpn is now, you know, the designed by some guy who you know, maybe worked at another company and has made it flat And so now they can hop from every Network to network every office to office just on one network. Um, and you you'll be amazed at some of the stuff that I've seen Just just from being in this industry, right being able to see Uh, the printer in a completely different country. Yeah, I have no use for this printer in another country Why am I able to route to it? And why is the panel open for me to log in and why is it? Admin password network segmentation. Yeah, that is so important. So probably like spiral into crazy on that But this is uh part of it's leading into the security hygiene of those external people is leading into the story I want to share. So it's sex season There you go. Yeah, and uh, we're going to share a story of an accounting firm that was attacked now How they were attacked is really interesting good solid security on the inner Office and things like that. So but one small mistake was made They had an employee who didn't uh work in the building no more They worked externally and the owner of the company said, yeah, you can work externally This is fine and it was they even got them a laptop Dedicated to working externally because they didn't want them using their own laptop downside is their choice of connection You know just rdp. So there's the first problem No vpn on top of it just rdp But good password so they didn't get in well the person got their personal laptop infected And they were goofing around on yahoo mail and things like that and then they got their Laptop that was given them for work infected, but didn't know it But this is where the small businesses think they they're immune to it and this is where things really go crazy So they're using Commercial paid for license tax software not something you can even download a demo for like you got to buy it. It's uh Made by thompson reuters. This is a commercial enterprise tax product This is not your you know something you bought off the shelf there The medium-sized company will say they it doesn't employees working there Um The person took that remote access information Was on their computer and sat there for a while were Really unclear because they did log wiping to figure out when it got in now Let's go a little further what they did with this they went back and forth and it turned out that the admin Uh privileges were given to this remote user. Why because they used to help manage things internally So they had the admin privileges now the difference between the admin and users actually not a lot They all have access to account information but the admin privileges adds the ability to export the database with about 4 000 customers in there Now the reason I bring up one security hygiene because this person did not Practice any type of security hygiene and was ignoring every pop-up error because they didn't want to tell their boss They were goofing off on the laptop work provided So one the fear of losing their job caused them to be further insecure and just keep closing the pop-ups But needed to get work done so kept logging in Someone was able to copy those credentials They use those credentials to log in they use those admin credentials that they typed in They exported the database the back to being commercial software The person had access to another accounting firm This is where it gets weird took that database Uploaded to another version of this thompson writers the same version imported all the clients in there All the tax information Then went and proceeded to file their taxes of all these people And set the reef change all the bank routing to be one bank. So while the refunds dropped in but let's go much further They didn't just understand how to do this like you me and you could probably figure out how to import export database You know what mean? I don't think any of us near now do this They adjusted every return for the maximum benefit and it's not easy They they did it in a way that the irs wouldn't notice because obviously if I just said maximum everything the irs will flag it Going no no you can't claim all this crap. They tweaked all the returns Individually tweaked them. So it took someone with accounting knowledge To do this tweaked the individual returns to get the maximum return Wow, and then filed it maximum return without raising a flag in the software a software will flag it before the irs Because going no no you made too many claims you made too many things think about that for a second Yeah, that's the level of sophistication that went attack for this small business and it yielded I have so many thoughts right now Yeah, I'm like is this nation state because this sounds nation state right like if you're north korea And you need to poster your economy. This is the kind of things that you engage in right? Yeah, yeah This seems really really advanced for it just to be some dude that's trying to you know stuff Cookies for affiliates marketing right some of the other Deeper parts of this is as the investigation went on It also turned out just talking to the people involved at the security team at the Thomson Reuters and things like that Yeah, there's this is a common problem. They have it. They're like busy. They're like, yeah, this is this is tuesday What's new this which which small accounting firm are you today? That's That's what even was worse like they and I started talking about aren't you guys amazed at this sophistication? They're like no no no this is Tuesday again. This is these guys were like like jaded Wow Like so so there we go. That that's actually something that I can leverage right alert fatigue We as cyber security professionals we get alerted for every little thing this person used to this person is wearing a Vulnerable version of this this box is under attack We get so many alerts that we're starting to consider some of the stuff normal Like when you're coming on to my website and you're doing a denial of service by refreshing it I don't even consider it a denial of service anymore I actually evolved architected my solutions for you to be able to do that and not just consider that a use case Yeah, whereas 10 years ago and I was on-prem. That's a huge problem for me. You're wasting bandwidth. You're costing me money, etc so These huge accounting firms and the people who make the software for them are like seeing misuse and seeing this happen in the industry And they're just like It's just another day. It's almost like today if your credit card got stolen you're like drats It was probably, you know somewhere who cares whatever I'll call the credit card company and they give me another one And that's it's one of the things we're gonna really really see small businesses because they just keep thinking it won't happen I mean, I'm like it's it's not just happening when you find out You know that they provide the software primarily targeted at these smaller accounting firms And they're like, yeah, we got people calling speech all the time. It's it's not uncommon for them And that's just like almost mind-blowing. It's mind-boggling. Yeah, so it's a uh, it's a real threat And that's you know being used taxis and I figured I'd bring this one up. It it happened a while ago But it was for those things like that's a good story. Yeah, and there's opportunity here, right? So like what are some of the things that we can learn from? Yes, this situation first VPN It should have vpn right off the rip that that laptop given to them should have been locked down secure No admin privilege from Debra install software, which would have stopped any type of spying on there Would have helped eliminate phishing tech two factor Any accounting firm that we have now a few of them that rdp into things, but they use duo So duo security, which is a great two factor authentication system It's dead simple to use because accountants turns out not always tech savvy. They're great with the calculator not great with the keyboard They maybe go with the keyboard At least we know we never I don't know if they ever caught the person because this is back to one of those We flip it to the fbi. This is not our this is beyond I'll help you with the technical aspects We'll do the cleanup. You need a lawyer. You need a breach Some of the douche forensics on this There's there's things that I just know because I know there's legal ramifications on here that it's one of those Stops like it's been breached and and and actually you just said something interesting, right? We give it to the fbi and then what does the fbi do? Sometimes the fbi has to pick up the phone and call citrix and go. Hey, yeah by the way by the way You got breached, right? So it all comes full circle Some of these smaller companies being breached may be a direct reflection of another larger company of vendor that they're already using Have been breached now in this incident in this incident This was just this was just lack of knowledge lack of understanding, right? So I have a question for you time You have a lot of uh interesting customers What do you do as a master service provider when your customers insist on making bad practices? Maybe they don't have in-house IT and they know enough just from working with you for a few years to be able to say Oh, I just need to use rdp Or excuse me, uh, microsoft remote desktop because it's not going to say rdp, right, right? So, um, this is actually a big challenge and the Your friend who gave the talk at one of our dc three and three I love his comment on this and it's prudent man. Yeah, no, this is a legal term prudent man is where You reiterate to someone something horribly stupid. They said would be a good way to describe it So they tell you I don't plan to implement like verbally. I I don't want to do this. I don't want to secure this I'm just going to do this. I'm going to open up rdp to the world Then you say I am reiterating because a lot of times you don't get these things in writing But please put them in writing send them a letter Even have them sign it. Uh, there's even the best way to do this I have never gone this far as having to sign it because usually it's enough to get their attention I've printed it. I'll say your check here and here that you're denying any type of security mitigation I'm telling you that this is horrible. Did you put your initial here? And I love when they ask why oh In case this goes to court ever like after your poem if you get bonus saying you will I'm just saying I don't want to be part of your problem And this is where sometimes just simple emails are enough to and have them get reply Say yeah, I acknowledge this and that's what I'll even ask people email like you are doing something horribly wrong And this is one of those it's important to make sure if you're going to be part of something I mean, I whatever we have clients that are doing dumb things at this very moment And we are so we finally it's kind of funny because people like I would run for them as a client I I put them at bay like I put them I've documented it. I see why If you're especially if you're an internal assistant man I bet there's someone at citrix holding to get out a geofreak card that someone came down in his office going Hey, and he's going he's going to hold up his defense going right here guys remember when I sent this Remember when I sent this here. I'm going to hand this to your boss Right because that's how this happens in these internal places There's always someone running around with a piece of paper going see see by the way Related to this in case you work on an internal team. That's how I protect myself externally I have access to my email But if if you are internal systems It and you email back and forth that's wonderful You should you should also see see an external email address on some of these Because what's the first thing you're going to do when they blame you for the world crashing down and them getting Pwned after you told them. Hey, you should have updated the firewall and replaced the security certificate Really easy. They're going to disable your email. You will not have access to your get out of jail free email So make sure if it's critical nature of that you either keep a paper copy some type of evidence BCC your email address. So there's a chain of evidence to this. This is an important CYA You should always be thinking about Whenever this and hell this even goes outside of it when you just like boss if you turn the knob that far It'll probably break. Yeah, and then it's your machine and the boss turns it and it breaks They'll still may blame you so please tell them don't turn the knob like that and buy a new knob over here Right Those are if we can leave you with that of our wisdom we've had from working in systems engineering stuff Yes, very much so and um, you know That was one of the first conversations I had at defcon when I went last year was with the red teamer who we had We had a lot of different interesting conversations But the one that really stuck to me most most was the levels of indemification I didn't realize that there were levels and that even if you indemify yourself You can still be accountable on other arenas, right? So like in other How do I put it areas of business in which you're still conducting? You're still allowing this bad practice to happen You can still be responsible for it. Even though, you know, it's not a best practice and you've documented it So he called that uh, uh Some some sort of levels, right? So um, the idea is that you don't Uh sign a a document that says that okay, I'm going to be attacking a system Um, and I'm going to be using these techniques and this is my MAC address And this is my IP addresses that I'll come from, you know, this this you know that I'm doing this, right? So that if the company gets breached and they see that it that, you know You're in the access logs around that same time of day And then there's other IP addresses and other MAC addresses coming on premises around the same time They can make sure that you're not colluding, right? So that's one layer But then what about, you know, the logs that you may have been removing wholeheartedly that they may have been removing too, right? What about um devices that you may be Um, you know compromising that they may be coming behind you and compromising, right? They may be following all of your footsteps that gets you to another level Where you you are sort of responsible for that not simply because They are they are coming right behind you, right? You get where I'm coming from time Yeah, so there's you have to be very careful on all of that, especially when there's anything that could be a legal matter Document and feel free to reach out to legal counsel. I'm not saying we're authorities any of this We're we're actually recommending if you think things are too questionable It may be worth it because I had a friend involved in some stuff. Um that did reach out. He was fine But it's it's worthwhile To to do that because this is when you start working at these higher level jobs Hey, great. The pay's nice and things like that. But you know any of these big breaches There were people who hit the chopping block at any of these companies I don't know what I don't know the level of innocence But I of course we do laugh a little bit at the Equifax one because they only had a music degree And not that I'm saying degrees or everything but there's nothing about the history of that person It made me think they were security I got lambasted on social media for laughing about the music degree. You don't even have a degree What if we laughed at you? I would just take the joke and keep it moving. All right. Yeah, that's what I would do Yeah, so it's always worth, you know, someone's gonna hit the chopping block. So make sure you're covering all that Um any more thoughts on the accounting from I think that's pretty much like we we covered like the I mean It's that's a problem. Let me attacks are kind of simple Um, but they what they could have done better. We talked about I think that's uh In the same with all these so much of this is security hygiene security hygiene. Don't get calls from the FBI And that's I mean that could be how they got hacked Episode 1000, right? Um, cover your ass Make sure that, you know, you're locking down your firewall. So maybe this is a good opportunity for us to give some Free consulting maybe yeah, so like when we say firewall, we don't mean just at the host level I hope that they don't think that we're talking about the firewall that's in windows. No It's at every level. There you go. And what do we consider that right like depth and defense? Yes, so layers of it. So like oh defense in depth, excuse me So so so basically from my perspective We need a firewall on the host We need a firewall on that part of the land because your land should be segmented Yes, and then we need a firewall above wherever the trunk is happening and at the switching, right? So some kind of at the gateway level. Um, and some people go as far as Uh going beyond that right depends on your network topology Uh, what are some of what are some of the uh topologies you've seen where they've introduced firewalls at different levels? Yeah, and this is where you This is where I've done a few videos on building your network and a lot of the consumers start out And it's a great learning when you're doing it at home segment to your network with things like You put your iot over here You put the random other stuff over here the kids are over there with their playstation and in your network there You know, I've done a few network segmentation videos But that's a lot of the why is the goal is to prevent lateral movements So if they compromise a device inside there, they don't laterally move And that's where these companies a lot of times make mistakes That one admin privilege because of convenience given to one person externally the person wouldn't have had that admin privilege They can only look at every individual account So that that's where we refer to lateral movement How else were they able to leverage one piece of knowledge and find out what that person had and that's where the firewall stopped them You know, so that's that's probably where we'll leave this here because like I said We could we could go in for another hour about this but we're gonna make some more episodes. All right, cool I'll leave it. I'm ready for the next episode. Yeah, we'll leave it We plan some guests and we actually have a couple gray hat topics I want to bring into we're trying to figure it out because we know people have done things But we want to make sure that they can not be in trouble But there's reasons they did them that makes sense from the standpoint Um, and we'll let you be the judge because we already know where the law stands But uh, we're that's what some of the remote guests are going to be in this We're going to make sure we either just share their stories directly Via via proxy. So it's us sharing the story where we're not the ones doing the things So, uh, we'll leave you with that and uh more feedback is good. Hopefully the audio was good We had microphones and everything and we'll see you next time. Awesome. See you guys next week