 So it's now my pleasure to introduce to you Joy Muniz, Amir Akhani. Hey guys, you can be the number one ghost hunter in the world because there's no such thing as ghosts. So it's like, it works out fine. All right. Hey, so this is like the fifth year we've been here, right? So, man, I definitely feel, feel old now. And I think that's a little bit of the title of this talk is like, you know, old tech versus new adversaries. You know, I was, I was talking to Joy and we're, you know, we're just chatting on the phone and we're talking about like all the new techniques adversaries are using. You know, now, I don't know if you guys have seen there's like deep, deep voice, deep fake where people are using AI to bypass like facial recognition voice systems. They're kind of using the best techniques and technology is always trying to like stay one step ahead, right? They're always trying to like move up one point after another point. And we're like, that's cool. But what about if we go opposite? What about if we go completely old school and try and get the most oldest operating systems we can find and actually put critical services on them, critical information on them? And we're like, yeah, that sounds good. But you know, like, how do we make it real world? So we actually like spoke to some of our customers. We spoke to other places and we're like, let's actually take some critical services, put them on the internet where you can actually like lose money, like actually have a problem if these things get hacked and see what the hell happens if we actually like do this. And I'll let Joey kind of fill in the rest of it. All right. So that's really the gist of what we're going to talk about now is old tech. Old tech is going to be various types of operating systems. To be clear, it's not going to be things like a, I don't know, like a PlayStation or some old thing that you can't use. It has to have like some usability to it. Like we actually chose operating systems that have capabilities. Before we go into more details of the talk, who are we? So again, I'm Joey. I work at Cisco. I'm an architect cover America, South America and Canada, like security stuff. I got my blog, play soccer, et cetera, and my esteemed colleague. We used to work together years ago. All right. So I'm a researcher. I actually do a lot of exploit writing, a lot of zero day research, do forensics, instant response, kind of all over the place. I blog like with Joey. We have a lot of things together as well. So me and Joey do a lot of independent research together. We do independent books, but we worked on a number of projects. This is just a couple of them. Of course, we've done our own stuff. But like I said, we do a number of projects together, including our Raspberry Pi book, our web app book. We just last year wrote a book on forensics and that was great, Joey. At 49, I can't really promote a Cisco Press book. So that was a little difficult, but that's okay. So that's us and Joey. Yep. So these are the four things that we've done together. We're actually looking at doing another one next year as well. All right. So hypothesis, as was said, take an old technology and trying new malware against it. Like again, cat and mouse game, well, if the changes have happened so much, would the latest ransomware be able to respond to like Windows 3 or something? It's kind of the idea. Some interesting things with this is people would think, well, how did you test this? How did you use technology to identify the threats? Why don't you use a sandbox? Well, sandboxes have to have templates. So most templates, if you talk to any vendor like Fortinet, like Fortabox? Fortisunbox. It's always Fort or something. Yeah, or at Cisco, it's ThreatGrid, but they're always trying to keep the latest image. So what was funny was we're like, well, I wonder if we could ask the manufacturer, you know, the vendor, if we can have a template for like Windows 3 or for MS-DOS and that's the way to get punched in the face. Like imagine going to the, hey guys, I know you're really busy developing the latest Windows, but why are you in your roadmap? Do you mind kind of building a Windows 3 and they're like, what the fuck are you talking about? So there's no real sandbox you can really do for this. So think about testing around the old operating system. So using snort signatures, basically things around it to actually see if the systems are infected, changes on the operating system, et cetera, but there's no traditional sandbox because we're using really old stuff. Not to mention it was a pain in the ass and he'll be crying about that in the next five minutes about how painful it was building these images. A lot of these images don't have the current technology that we have today, obviously. So trying to VMize these things is a pretty big challenge. I don't know if we're going to give away the images. I think that was kind of the plan eventually, but we may give away these images if you want them, but you're going to find in some cases you don't want the images because they were not worth using like immediately going online. They were pretty much raped, but this is basically the hardware that was used. A handful of stuff testing around it. So again, we can't use a sandbox. We're testing around it to try to identify if it's been breached. The images we chose for this research project, again, we could choose Commodore 64 or PlayStation, but there's no usability of this stuff. These are the ones that actually have usability. So basically MS-DOS, like old version of Apple or OS2, and then some older versions of Windows. And the idea is which of these would actually be usable. For those that have to go early, this is basically the winner. So we'll talk about how awesome actually OS2 really is. And surprisingly, we'll even talk about how some people are actually still using this today with knowing they're using it because they're knowing it's actually somewhat secure. As was mentioned, there's a ton of challenges. I'll let you kind of cry about this, but here's the challenges of actually building this. All right. So like, you know, when we first started building this, we're like, oh man, it would be cool to like get an STP server or like working on an NES classic, right? And that just didn't really turn out to be any useful stuff. So we started off with networking. And MS-DOS, like, it was just like a week before my time, okay? I'm not that young, but it was, like I said, I never realized how freaking awful it is to get MS-DOS working in any usable way. So I had no idea MS-DOS didn't have like a TCP stack. So you get that little black screen with the C colon on you, and then you're like, ping, no ping found, no apps found. And so I had to go through all this documentation. I found this thing called Landtastic. I don't know if you've used that. Like when I told like all my buddies about it, they're like, oh yeah, we had to go through that. It was like documentation sucked on it. It's no better now than it is. We found other places like Docsbox and some other places where it was already virtualized, but we wanted to make changes to it. So it really didn't help us that, you know, there was like, you know, like computer archives or archives.com that had some of these things already on there, especially since we wanted to put our own things on their own apps on there. When we had it, you know, when we had it running, the first thing is, it's like, oh, please enter date. And so of course, you know, you know, 07, 11, you know, 2019. It's like, please enter date. I was like, I was like, that shit was actually real. Like I thought they were all lying to us. Like I didn't matter. You have to do a date before 1999. It did ask for a four digit date, but it had to be before 1999. And so we'll go get into a little bit of it here. But I will tell you, like after we got all this like time spending, putting it on, actually got it running on a VMware and, you know, I was like cussing you out so many times. I was like, I was like, like, putting this on. I was like, F you, Joey, like, because, you know, just when you, when you put it, when you put the software in, it crashes because the process is too fast. So you have to manipulate that. And then you, you read all these articles, you read all these blog sites and they tell you about 99% of the information and you get to that last 1% and the shit doesn't work. None of it like worked until you kind of figure it out on your own. But once we actually got it working and then we actually put some usable software like SSH, not SSH servers, FTP servers, a web server, you know, a Talonet server on it. About, about six hours afterwards, people were like finding out it was MS-DOS manipulating with it and adding files, adding malware files to it. So I was like, who's going to figure this out? So it'd be so secure. Everyone's going to be like, end map scan, have no idea what it is. No, only six hours later, it only took them six hours to actually infect their device. Well, it depends on the model. Yeah, yeah. We'll start with it. Yeah, so again, it depends on what we're talking about here. Like, again, OS-2, Windows XP, the different operating systems acted differently, but the first one we'll talk about is MS-DOS. So MS-DOS basically, you know, it has a ton of malware that's still out there, but the malware is very old and it's still surprisingly heavily out on the Internet. Well, like we said, in six hours, we start to get these infections from really old malware, even though we would think that, oh, maybe the stuff would not find it, no, it found it. So that's MS-DOS. This is actually it booting up in a VM system. Again, we may give some of these away, but the first one we saw within a few hours, I think it was about the six-hour mark, was this casino malware. And basically, the interesting thing we found about this is the malware in the past is not like malware now. All it does is screw with you. It's all like it has no real big purpose. It's not like ransomware or some tactical thing. Like the second one, this LED one we'll show you here. All it does is this. Oops, let's see if it actually shows a video here. Oh, so we can play the video. Oh, I'll play the video in a second, but basically it just like flies around the screen. And like it's actually pretty clever the way they did it. They're actually able to like manipulate the visual and turn your screen into this big ass color thing or so. The virus nadir, I wonder if that one actually works. Hey, I may have to run this again here here. Yeah, at the very end I'll show you some of the videos. The virus nadir is like, starts talking about like, like Terminator, it's like, I am the virus nadir. I am a happy virus. I'm now going to go away. Thank you. It's just like annoyingware. That's all really it is. So all this like crazy ass annoyingware kept hitting the computer, which again, a particular about six hours, we basically ran a few different images, put them online, see what would happen. And yeah, the casino one, the Terminator version of it, all of those pretty much came up. And did it stain? Right. So one of the things that I'll add is like, you know, first of all, you know, people are pretty smart enough. They figured out right away, this is MS-DOS. In fact, it didn't take them long at all. And this thing is about MS-DOS, I didn't really realize. So first of all, it has no real such thing as user permissions or file permissions. So first of all, if you're actually in an FTP system, you can do like CD, space base, whatever, and you're in any directory you want to be. It won't stop. You'll be like, go ahead, be in any directory you want to be. And of course, people were going into like our CD directory and like deleting the startup file, auto-exec bat, whatever they wanted to do. So that wasn't fun. The other thing that they were doing or what we found out is pretty much if you just mash your keyboard along password, the software doesn't care, it just crashes. It says, oh yeah, thank you, a great username and password. Love you, get in, do anything you want. So there's really no, as expected, there's no real security on that. Now, one of the interesting things about this and this could have been a false positive. We don't know really what was going on. In fact, I had a friend that actually thought that sometimes, and I messed up one time, but sometimes I was actually, I was mostly using like cloud-based servers or throw away IPs and I put my IP address on and the showdown actually saw the correct ports open but it classified it as CentOS. And I started saying, wow, this is not a really great CentOS box. It actually sucks for CentOS, right? But it could be like, it started making us think like, well, how is the classification? If you guys have done any type of OS fingerprinting, especially with M-Map or anything, it's okay. I mean, it works most of the time on most of the new stuff but I never really tried it against the MS-DOS and we're finding out that the stuff doesn't really work too well. So maybe showdown was having some issues or maybe it was just cash from something else. I don't know, but it makes you think on how accurate some of the stuff is out there. Maybe showdown just doesn't know old stuff. Yeah. I mean, it just can't accurate. So it's like, I guess one benefit of using old stuff. Yeah. You can trick showdown. Yeah. So the next operating system I had never really used. Has anyone never used OS 2 before? Like, you haven't used OS 2, man. Like, all right. Change well. Yeah. So OS 2, man. I had never really used it before but it is actually a pretty bad-ass operating system, surprisingly. Can't believe I was saying that. It has some pretty cool things built in. So built-in networking TCP stack right away. Actually, I had built-in DNS and I had built-in dynamic DNS, DDNS. At least something that we couldn't recognize would be shown as modern-day DDNS. It had support for a whole bunch of servers. Granted, you have to have the right operating system on there. It had an FTP server. It had a web server. It had a web designer that you could actually interact with some e-commerce stuff on it. But what really, really sucked, okay? When you try and install OS 2, you'll find an ISO image out there. It doesn't work. That shit does not work, okay? So what you do is you find this archive of like 50 different disks. And I don't know if you have ever tried to install disk-based images. So first of all, you have to use DD if you find the actual physical disk. Create an IMG file. And then what you have to do in your VM Fusion or whatever is you make sure you have to have an A drive because it doesn't work. So you actually have to create an floppy drive. And then while this thing is installing, like you have to go to the settings and select a new image. And you would think it would go disk 1, disk 2, disk 3. No, no, that would be too easy, right? No, it goes disk 1, disk 2. Please install and set up disk. Please install disk 5. Go to disk 1, disk 3. And like 15 hours later, it feels like basically living in hell. You finally get it installed. Yeah, yeah. So here's the interesting thing. This is kind of the, I guess, the research behind all this is when OS 2 came out, there wasn't like Apple didn't have the market share it had today. So like malware developers didn't really attack it. So there really wasn't a lot of malware that we found that actually even exists to go after this operating system. Not to mention that the system again is pretty impressively secure. So, you know, we were kind of like, wow, this is, you know, thanks for coming out. Use, use OS 2. But the challenge of that is, as we mentioned before, there's no like sandbox for OS 2. There's no way to truly test the process level and stuff. So it's possible that some stuff is still happening on there. But to what we can see in the time that we ran it, it was pretty damn secure. And what was funny was that's where like Amer was talking to somebody. We can't name the bank, but there are actually some banks. There are actually some people still intentionally running OS 2 because of that reason. It's like they're kept a little secret of, yeah, there's no malware out there because later on Apple got popular and that's when malware developers took notice to it. But in this window of time, there was really no malware forward and it's somewhat secure and it supports a whole lot of features that they need for like basic IoT devices. Let's use this. So some people, there are manufacturers intentionally using this. And to be clear, this is not like, I talked to a lot of manufacturers that have like old saw mill systems that cut wood. And like they're forced to use old operating systems because there's nobody manufacturing those saws anymore. So they just basically isolate those systems, don't put them online and just let them run old shit. I'm saying people are actually intentionally using this because it actually has security around being very old and obscure. So security when obscurity kept a thing. So again, OS 2 was surprisingly, once you can go through the pain of the ass of doing it, it was actually surprisingly secure. But to have fun, we'll go back to Windows and you can talk about Windows 3. Yeah. And yes, yes, I know Windows 3 is actually DOS like sitting on top of it. So all this DOS stuff like works out fine. It basically is DOS, right? I mean, so there's a basically a win.exe file and like see when that like runs this old ass awful operating system as well. And like kind of the same exact same problems of installing OS 2 with Windows as well. It just seems like those like just more default services turn on with Windows that are just easier to attack. And then once again, like I said, anyone can do this and that's no fun. So that's why we gave this to actual like customers or willing participants that, you know, they had services, you know, they had things like and don't worry, they didn't break any laws of putting anyone's money in danger, but they were putting things like ATM machines as touch beds or web servers or some IoT devices or controllers and they were putting in some critical applications on these that were on the internet and like, ah, let's see how it gets hacked. They're like, this got hacked. This really had hacked your theory sucked that no one would attack old school stuff because it's all out there. And not only is it all out there, like what we found is just some of the basic things how people like do reconnaissance on machines, you know, like doing end map scans, doing just, you know, some deeper scans. These boxes don't even survive that. They pretty much die on any type of denial of service attack and not only, you know, volume metric but any type of application denial of service attack or anything as well. And then I'm kind of like you. Got to be clear, yeah, like protocol-based denial of service like people think volume mystic. I'm talking like like slow Lauren or something like that where you're just basically doing open handshakes. It will, it will die within one laptop. Yeah, apparently a ping is like very, very ineffective to crash like Windows 3. Yeah, yeah. So, you know, again, virus wise, we had a ton of viruses come out there. But again, interesting enough, the viruses at this time were all like annoying where they weren't actually like real viruses. Let's see if this, these videos aren't playing. I'd like to like select them now. You don't play? All right, let's do that. No, that's extra. Oh, yeah, look at that. You're so nice. There you go. Hey, look at that, there's the virus. So that's an example of a Windows 3 virus. So what you don't hear, what was kind of cool about this virus was it was playing like the, like made in the USSR song like an old 8-bit since it was either, it was kind of had some pretty cool music in it. And it just like goes a little crazy. Now at the time of Windows 3, Lord of the Rings was coming out, like the movies and stuff. And yeah, basically we had this like Gollum virus come out and hit this one as well. So it's like, you know, basically, you know, having quotes from the Hobbit and stuff. But again, all these viruses are just like annoying where it was, it's really interesting. Actually, I'll go back. I probably can show the old viruses too. So here's this one. Let's see if this plays now. Yeah, so select that. Why is it? Yeah, well, that was interesting. It's kind of all the stuff in pop culture that we just think about today, like Lord of the Rings or like Terminator and stuff. I guess that was like, I just happened to pick a time on with these operating systems when that was popular back then too. So all those viruses are like reference to like Terminator or Lord of the Rings or LSD, which is still popular today. There's the LSD one. Imagine a computer becoming that. So you try to scroll around everything. It's actually pretty creative that they can do that with the type of technology and turn your computer into that. So that's a mirror like scrolling around. He's just like, damn, this sucks. Here's the Terminator one. See Terminator message. Don't be afraid. I am a very kind virus. You have to do many works today. Probably not American or based in the US. So I will let your computer slow down. Have a nice day. So that's the kind of viruses we're seeing with DOS and Windows. So what's funny about this is also when we have these things online, I told you it was about like for MS-DOS, it was about six hours before we had the first infection. The first infection I think we actually got was the Gaul and Virus. But it was like the guy that first connected to us. Like within minutes, he's like, oh, I have this virus. So someone just think about it, had that virus, ready to go on their hard drive, ready to upload to our FTP server, right? Wow, that's like how many MS-DOS boxes does he actually get run into, right? And he goes like, that's it, right? And then like, you know, like 10 minutes later, the Skynet virus gets uploaded. And same thing, it wasn't the guy who was connected and he waited for a little bit to find something. It was like, he connected, like did a scan and maybe like 10 seconds later, you see this thing being uploaded, right? And then he was even leaving messages. I was like, so like, I just really want to know. I'm more interested in knowing like, why did you have this like ready to go to upload, right? Yeah, well, there was another notice. You can talk about this as well as your ISP, because your ISP flagged it. So, you know, ISPs have security in some fashion. Well, his ISP at least was able to detect as well as like code writers. Yeah, so that was, so most of the time when I did this, I was actually doing cloud-based services. I had like VM systems on different hosting providers that I was remoteed into. But like every good malware researcher, there's a time where you say, oh, fuck it, I'm not gonna launch that VM or whatever. Everything will be fine if I do it on my machine, right? And it's, come on, it's MS-DOS viruses. So it wasn't like, I wasn't really too worried about it. This was actually an ISP issue. But then my ISP calls me up and they're like, hey, you know, we have this machine that no one really knows about. It's like maybe Bob in the corner who's about to retire next month. But we put in the IPS system, an intrusion prevention system to detect code red. Like, why the hell do you have code red running on your network? And so I was talking to them. Apparently it was a really big deal. When it came out, it actually slowed down their systems. It like took them down. They actually went through several like acquisitions and mergers as ISP did. But they detected code red and it like actually hit their systems and they were wondering what the hell I was doing. So that was interesting. Well, they actually said it was one box. It's like, we have one box left with decommissioned still looking for code red. And now you give us a reason to keep it back up because you triggered code red. We thought we could shut this damn thing down. Yeah, I try to have them to actually take a picture of that box because they said it was like literally hanging on the wall like suspended by like the power cable and no one really knew what it was until they like found the one guy in the basement, I guess. It's probably a pix from Cisco here. All right, so last one is Windows XP. Now this one's actually been around for some time and it's actually surprisingly still used. So without any big shocker, this one got nailed pretty big. But it was interesting again, like a lot of these older attacks are still out there. You know, your code red, your conflicker as we were talking about and even ISPs because of how bad it was years ago still have sensors on their network. And that's where that call came to your ISP, not mine. And yeah, we were just like, really you guys are still looking for that. So we're doing a lot of research on the side and like on the Fortinet side and he found some of from his research side kind of the stats of what's still out there. And surprisingly, like there's a boat ton of still old stuff out there. So the old saying like once it's up online, it's up there for good still applies and that mentality should have you think about while old technology versus new threats, putting stuff online, you're not really worried about the new threats. You're worried about the old threats because the old threats still exist. The same concept applies to like ransomware. We started talking about ransomware in like 2014, 15, but ransomware has been around since like 1990. Like some of you may not know that, but like ransomware has been around. It just wasn't a thing until like basically cryptocurrency came out. So you can actually get the ransom and not be like, yeah, mail me a check. Let me give him my address and you can send the police to me or you know, the whole idea of exploit kits which allows you to massively hit a bunch of people. The idea of dark networks where you can do the asymmetric handshake and have the asymmetric key somewhere that you can't blacklist. These are the things that allowed ransomware to actually become a thing. But prior to that, there's old ransomware. So I bring this point up because if you run an old operating system, you may find some version of a 2004 ransomware that doesn't do like the actual like Bitcoin thing, but it's still ransomware and it'll encrypt your hard drive and threaten you. So the old threats are still out there and really in our findings, the big thing was looking at like all the operating systems and find like a sweet window like this, the OS 2.1 where people just weren't paying attention to it. Like outside of that, like windows, windows has always been a target. Like you need to update your windows. There's no old windows that's going to be secure. Like maybe some obscure operating system will work, but any old version of windows will find that old version of ransomware or malware or whatever it is it's going to be. And surprisingly enough, well, the other interesting part was a lot of the ISPs even still are looking at this and even a lot of the research companies are still looking at this saying, wow, there's still rampant amounts of malware. Like Tomara's point, I'll be interested to know like what servers out there are still hosting this old malware? Like that was the interesting part and we were trying to find some of that, but it's very difficult to phone back and figure out where the hell the stuff's coming from. Anything to add? Yeah, no, so that's a good point. It's also like the type of operating system. So even with XP, when we put in XP, like the first thing I did was a download a firm from like MSDN, right? And it's a 64 bit operating system you download from MSDN, nothing works on it and including the applications we were running. We're like, okay, well, that's not realistic. Let us find this 32 bit version of XP. And then once we ran that, we're like, okay, this thing is really, really old and it's infected. Just to go back to like this slide, you got to remember this is active. This is like basically as of like December and January of this year, people are still using zero access. People are still using like NJRat. In fact, I was actually talking to some researchers and they're like, yeah, we see hits on NJRat all the time. I'm like, wow, that's like, like why would someone use that? Apparently it still works. And then same thing like out here is like, like this stuff has been around for a while. Some of the libraries have been updated but pretty much to taking the port from MSDOS and making a work on your current systems and most of it still works still on MSDOS or Windows 3.1 or wherever it is. So, you know, as Joey was saying is how we detected most of these is we pretty much had these systems like logically at least the external interface of these systems with a public IP address and then usually had them on like some sort of switch or hub where we were copying the traffic. We're doing some sort of PCAP capture as fan port traffic capture. And then we were running like tools like, so a lot of vendor tools what we found out is they're not really detecting any of the old stuff but they do have like cloud lookups or some sort of lookup service and then they'll start detecting that. But then what happens is for a lot of vendors is once they detect something like being hit all the time then they put it into their active databases. So even at my work they were like, hey, like what are you doing? Like all of a sudden we have all this old shit like they're like rising to the top and of course they excluded all my serial numbers so I wouldn't like mess with the numbers or anything but we found out what a lot of other vendors were doing that as well. So at first it wasn't detecting anything then it started detecting a little attacks. So yeah, you guys just to be clear like IPS, IDS 101 you realize you can't search for everything so basically when you go to a vendor any vendor out there doesn't matter who it is they don't know your network so like they're giving you this like watch out for these 40,000 bad things but those 40,000 things let's say this lady here works at Walmart let's say you work out like the military you work at Sam's Hot Car Lot all three of different businesses so how could a vendor in general if I have an IPS say here's 40,000 things that match your exact network you can't do it, it's impossible. So the idea is you're going to have some stuff from Walmart, you're going to have some stuff from Sam's Hot Car Lot that's turned on that has nothing to do with your network. You got to tune these things. This is the whole reason why we do tuning in the industry like there's Fortinet, Cisco, Palo Alto, any vendor unless you do a vulnerability scan and then look at what you're defending and then tune the IPS it has no idea. I bring this point up because if you use the old stuff what we're talking about all of the signatures by default are not going to be turned on for the old stuff and that was kind of our point is we have to kind of magically guess or know what we're going to be seeing because the signatures you get from these default products have no idea about old stuff and the same concept applies to like your network like kind of going on a side thing here but I always preach about like do vulnerability scans find your vulnerabilities and then tune the IPS never set and forget like green is a safe kind of thing because again half of the signatures you usually have nothing to do with your network because you're basically relying on a vendor saying watch out for these 40,000 things that all my customers Walmart, Sam's Hot Car Lot, whoever all of our customers are using so that was a big challenge for us as well because those 40,000 signatures none of those are protecting MS-DOS or Windows 3 or anything like that so essentially we have this default IPS and we're just randomly picking signatures that we think is old shit that may fire may not but that's why we're saying we think nothing hit OS2 we basically highlighted a bunch of old OS2 signatures and hope and watch to see if they got triggered and none of them got triggered other than behavior analysis but from a signature perspective that's the challenge with using old technology with like a current IPS or someone's doing a whole bunch of like ATM jacking and on those OS2 systems and making a lot of money so we have no idea about it it was interesting we also had like people when we FTP was like one of the main services we use when we did this we had people like leaving like FTP messages like you guys are idiots running MS-DOS thinking like no one's going to catch what you're doing so I thought that was kind of interesting as well so you know the new malware results right pretty much there's a lot of malware written for XP that started coming out written for XP any of this old malware written for XP pretty much works right after XP as well you know as long as it's like the right you know sort of do beta 64 bit malware whatever it is the old malware is infecting like old systems when it's connected online but you know there is that gap right pretty much if you're XP you're from a malware standpoint you're running a modern operating system it doesn't matter how old it is from most malware that started on XP will run today even on Windows 10 obviously there's caveats there what we also found is that NMAP and this is why we were a little confused about the show dancing is NMAP did at least for the most part fingerprint to OS is correctly if they didn't fingerprint to OS is correctly we got like generic OS or generic Windows like it didn't or generic DOS sometimes which I hadn't seen before and but we had all the ports and everything open as well remember on the old operating systems no real concept of like users or anything so like everything's stored in one place anyone can access anything they want once a user breaks into your system and they essentially jailbreak out of the directories their root directories they can pretty much go anywhere and even if you have any other week week like security settings on this on these FTP software on the talent software they can pretty much do like overrun on it they can just like put in a command so long it doesn't understand it and just goes right past it alright so to kind of wrap up this talk here you know we actually thought that OS 2 is cool you know again we found that some IOT people are still using this if if you wanted to take away any value of what the research to say oh I can actually do something with this it's basically maybe you can use this operating system all the other Windows stuff pretty much the old saying of upgrade your Windows system you definitely want to do that there's no way of securing those like those operating systems are dead that's why the newer versions came out all the old malware is going to find it the old malware is going to hit it if you want as we mentioned we may publish some of these images but the only one that's really worth doing is probably the OS 2.1 all the other MS-DOS images they're fun to have if you want to like put them up and watch people abuse them you know so be it but other than that there really isn't a lot of value like there is there's a all the old stuff we'll find it we'll hit it maybe like shown as we mentioned maybe we'll get fingerprinted to kind of offer so but that doesn't stop old malware from knocking it down I guess the one thing is like if you when you walk away from from DEF CON and when you walk outside reporters ask you what did you learn and from DEF CON tell them OS 2 is a shit and just see what they say right so OS 2 is a shit and upgrade your Windows and upgrade Windows so that's like I said it was it was just like a side project like we wanted to do we wanted to see we actually we actually had a very different theory when we when we ended up we were like having fun like oh this is going to be so awesome no one's going to guess what we're doing like all these systems are going to be safe and no it still sucks I guess anything from Microsoft sucks no I didn't say that I might need a job for them one day or something but but no just like I said as Joey said upgrades the systems there's a reason why upgrades are there my patches are there and and have fun I guess you want to add anything that's it all right we'll be here if you have questions thank you all right thanks a lot guys