B (4:34)

Less.

A (4:34)

Less gargling with whiskey and nails this morning and more just like 20. Grit, sand, sandpaper. Every episode's worth half a CPE. So say what's up in chat. Grab a screenshot. You are part of the show. You're right above me, right? This is live streaming chat right here. This is you. So say what's up? Grab a screenshot. It's basically evidence that you were here. And once a year, you count up those screenshots, divide by two. The show's an hour long. One hour equals one cpe. Because I do things like so hot

C (5:07)

right now that Hansel's so hot right now.

A (5:10)

And we do things like Dan Reardon's meme of the week. We like. We like to say that half the Time we fool around and half the time we're down serious business instructor led webinar. So we say half a CP. It doesn't matter because literally, dude, you get 120 CPES a year from this show, which is more than enough for. For your needs. So don't even sweat it, okay? And for those who are like, how is this count as a cpe? Listen really quickly. Just because it's work, just because it's business, just because it's cyber security doesn't mean it has to be boring and sterile and suck. We've been in the industry a very long time. We've developed almost a dark sense of humor I about our mission and our plight. So what's what we do? Mad destroyer with 5 gifted subs. Thanks Mad Destroyer. Also, if for those who don't know Mad Destroyer, big coffee guy. A coffee cup. Cheers to you. Face Doyle's in chat. He says, I saw you on David Bomble and now this show is part of my daily routine. Face Doyle, there was an Ireland story yesterday in the news. I was calling for you, buddy. So great to have you. Face Doyle for sure. And David Bombal's a cool dude. Big fan of David. He gets an unnecessarily amount of grief on the social webs. I don't know why I get a little bit of grief, but David gets that. A load of grief. All right, guys, Every single episode of the Daily Cyber Threat Brief, including this one, is sponsored and I'm very, very proud to be affiliated with the show sponsors. For those who don't know, allow me to introduce you to Anti Siphon Training. Anti Siphon training, the training arm of the Black Hills Information Security Group, is making high end quality training available to the masses, regardless of financial position. And if you would like to learn a. Oh, it's Hayden Covington's course. Sock Detection engineering crash course. For those who don't know, Hayden Covington is a friend of mine. This guy is a talent. He's young, but he's. I don't know what happened. He must have figured out how to crack the code and go back in time or something. Or do like the Matrix, you know, like when Keanu Reeves wants to learn Kung fu and they just like upload kung fu to his brain. Hayden must have that action going because he definitely downloaded like the entire sock playbook into his brain and everything. Detection, engineering. The guy is awesome. If you want to learn from one of the best about how to ingest real logs and research adversary techniques mapped to miter attack and do live detection engineering. You will leave with skills. Come check out this workshop. It is tomorrow, four hours long. All in. Right. Bring one of those plastic lobster bibs that you would get at an all you can eat Red Lobster. Put it on, roll up your sleeves and get ready to get filthy. Because Hayden Covington is going to hand jam so much food into your grill, proverbial sock food, that you are going to be one full happy camper. I'll drop a link to that in chat. Seriously, I. Hayden's a great guy. I love Hayden. All right. Also want to say shout out to flare. Flare. Flare. Oh yeah, you better believe flare is awesome. Flare. The cyber threat intelligence platform. They crawl the dark web. They get all the icky sticky on their feet and on their hands and under their nails so you don't have to. Dark Web cyber criminal channels, info stealer logs, breach forums. They go scoop it all up and bring it back and make it easily searchable for you. Which means what? What does that mean for you? It means that you can easily find end users in your environment who have been compromised. You can find workstations that have been compromised. You can find incoming attacks from threat actors. You can find all sorts of nonsense, lookalike, domain names, fishing landing pages, the works. Don't sleep on this. This platform is incredibly valuable. If anything. You're like, yes, you're Jesus Christ. You're paying for great. You're paying for great. A great tool. But just think about the amount of time it would take you to go find all of this dark web stuff anyways. Like you're not going to that value alone. Go to Simply Cyber IO Flare. Simply Cyber IO Flare. Right now you'll land on this landing page. Sign up. It's a two week free trial. I'm telling you, one day is more than enough to figure out if you are going to like the platform or not. Spoiler alert. You're going to love it. Check it out now. Simply Cyber IO Flare. Then finally Threat Locker. Another long time partner that I'm a big fan of. They protected your endpoint with Zero trust application deny by default. They've moved into the cloud. Let's hear from Flair. And then Phil Staffer, Dream Logic and all you first timers. I'm gonna melt your face. I want to give some love to the daily Cyber Threat brief sponsor Threat Locker. Do zero day exploits and supply chain attacks. Keep you up at night. Don't worry no more. You can harden your security with Threat Locker worldwide. Companies like JetBlue, New Trust, Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how ThreatLocker can help prevent ransomware and ensure compliance, visit threatlocker.com Daily Cyber. All right, here we go. Hey, Steve Young. It looks like the last story has something to do with Minnesota. Ah, don't you know. All right, guys, do me a favor. I. I know, I know. I don't even want to get into it. I don't research or prep. I don't know the stories are coming. Although I've become, I've become comfortably numb in, in the most pink Floyd way possible that sometimes we have to augment the stories that get brought to us guys because they're not necessarily breaking news, I. E. Apache. I mean, Claude's Mythos build. But we'll talk about that. Let's go. Coffee cup. Cheers.

B (11:55)

From the CISO series, it's cyber security headlines.

C (12:02)

These are the cyber security headlines for Thursday, April 9, 2026. I'm Rich Stroffolino. Ransomware knocks Dutch healthcare vendor offline. The attack impacted the Dutch software vendor Chipsoft, which provides patient record software to 80% of Dutch healthcare facilities. The Netherlands computer emergency response team Z cert said it received a notification of a ransomware attack on the company. As of April 7, local news outlet NOS reports 11 hospitals have pulled Chipsoft software offline after the attack. No group has claimed responsibility and it's unclear whether chipsoft is in negotiations over a ransom.

A (12:40)

All right, so I guess, you know, you know how like when you're gonna, you know, do some athletic event, you warm up, like maybe you're gonna do some ping pong. So you start off with just a little volley. You're going to do, I don't know, like you're gonna play some Mario Kart. So you just kind of like get your thumbs going. You know I'm joking. But like, this story feels like a warm up story. And by the way, I mentioned it before, but I do want to mention it again, like my entire bag, if you will. I've been in this industry 20 years. Well, 20 plus years. I love cyber security. I love cyber security. Okay, so I've seen a bunch. And once you see enough things, you start to see patterns and trends and all these other things. This is, you know, this is a run of the mill. Okay, so some software company got hit with ransomware, and it's not really the software company that makes the big news story. It is the customers of the software company that get impacted. I'll give you another example, right? Like a perfect parallel to this, although the impact was much greater. Two years ago, CrowdStrike pushed an update that bricked all Windows. Not all, but, like, a lot of Windows systems that were running. CrowdStrike. Right. People were jokingly calling it Crowdstroke, but the news stories were about how airlines were down, Delta Airlines was down. Many airports were down. Okay, it wasn't about CrowdStrike. It was about the impact of the customers. And that's the same thing here. So Dutch Healthcare, or some company called chipsoft gets hit with ransomware, and all of the hospitals. Jesus, dude. 80% of all facilities in the country use this. I'm telling you, man, you want to get rich in 2026, start a boring business. I've never even heard of chips off. They got 80% market in the Dutch region. All right, so, okay, so let's see what else we got here. This is kind of nothing. I mean, there's no details. Does record keeping for hospitals. Eleven hospitals had to pull the software offline. That shouldn't be a surprise. Most healthcare companies have what are called downtime procedures because they have to practice. Hospitals are 24. Seven facilities. Right. So there is no downtime for maintenance when they do it. They have to have downtime procedures because you can't be like, oh, I can't. Sorry, we can't push medicine to you, or we can't help you. Emergency rooms closed until 3am Come back later with your, you know, your heart attack. No. Okay. All right, so there's no information here. The software company got hit. There's no information on who the ransomware threat actor is, what the ransom was, how they got in. Like, this story is one of those perfect. Like, don't look at it sideways because it'll disappear because it's so thin. If I had to guess, this was a. An attack where the threat actors got credentials just logged in again. This is why I like flare. Flare allows you to see when info stealer logs steal creds. Okay, so whatever. Nothing. Sorry. Damn it. If you are in healthcare, I guess to make this something that someone can use somewhere in this community, if you work for a tech company, especially a healthcare one, you could literally use this as a. Hey, guys, this is a canary in the cold mine kind of situation. If you work for a tech software company, not in healthcare, you might be able to use this one, but you're going to start diluting the effectiveness of the message.

C (16:42)

D28 is keeping busy. Remember that warning from the UK's National Cybersecurity center about a campaign by APT28, aka Fancy Bear or Forest Blizzard, that was targeting TP Link and Microtik routers? Well, a joint operation for the FBI, Microsoft and Lumens Black Lotus Labs put up a roadblock to the operation, dubbed Operation Masquerade. The parties worked to reset DNS settings to prevent APT28 from using the routers as a means for further access. A report from Microsoft said the espionage Network impacted over 200 organizations and 5,000 customer devices, although Lumen said it found no evidence that US government agencies were impacted. Don't worry about APT28 though. They're still keeping busy. Trend Micro released a report on a spear phishing campaign by the group that used a new malware suite called Prismax. This combines advanced steganography, component object model hijacking and legitimate cloud service abuse for command and control. The campaign targeted organizations in Ukraine, including government entities and critical infrastructure, and included details on NATO partnerships.

A (17:44)

All right, so two, there's two things here. One, Apt 28 is the, you know, Russian fancy bear. It's one of Russia's like, you know, higher end threat actor groups, right, like that. Like the nsa, right? Like they are the A team. Russia has a couple A teams, if you will. Not to be confused with Hannibal and Mr. T. A team but you know, just like pro level capabilities. Like the big, like Russia's got them, China's got them, the United States has got them. Some countries only have like one, like Iran. You hear of muddy water threat actor group? There's a couple, right? Like North Korea's actually got a few and they usually, they usually have very specific missions. Okay, so as the reporter said in the story, like one of their operations got kind of nerfed. But don't worry because they're targeting other ones. Two things. One, I think you should really focus on this Prism X. One, it's a, it's a suite of malware that's targeting Ukraine through spear phishing. Spear phishing is where like it's deliberately targeted. It's not mass reach, it's targeted. So they're, they're sending emails with LNK files attached to it. Like, can we stop? I have never. I don't know, maybe I'm old. I mean, I'm old, but maybe I'm old. And like, this is the new Gen Z Gen Alpha thing like, hey, Skibidi toilet casually. Joseph, like, is sending LNK files so hot right now? Are you like the main character if you sell send LNK attachments? Because never in my life has an LNK file attached to an email been something that I needed. Yet somehow apt 28 is going whole hog sending LNK files. And it's working. All right, so. So stop doing that, okay? Educate your end users. Secondly, once this LNK file runs, you could see here there's. You know, they have domain name for indicator of compromise. Chances are this domain name is burnt already. Yeah, look at this. Retrieve a malicious LNK file. So gross. Outlook email stealer collection Interconnect. Like, dude, run edr. Don't allow Excel to run VBA macros. There's another one that, like, we learned in 1998. Hello. Go look up the Melissa virus. It's in a fraking museum. Let's go look that up. Let's not run macros for starters. Okay, but one thing that they talked about, I'm not even joking, the Melissa virus was a email blast virus using VBA and Outlook. The other thing that they mentioned was like the DNS attack. Do you guys remember yesterday, like, there was this, like, attack where basically Russia was taking over routers and then changing DNS settings?

B (21:14)

They.

A (21:15)

This is annoying. So they said in the story, they said in the story that the DNS attack thing has been mitigated. Just between me and you, I found. So the I love you bug was a different one. The I love you bug was a different one, but that's a good one too. Same, same attack vehicle was the Outlook one. They mentioned that the DNS attack was not working anymore. I. I didn't find the explanation satisfying. Between me and you, I didn't find it satisfying because the way he said it was adjusted wasn't good. Here we go. US thwarts DNS. Hold on. This is like bonus story. US Thwarts DNS hijacking network controlled by Russian APT hacke. How did they do it? That's what I want to know. All right. Hey, the FBI, Boston. Way to go, Boston. We got Sully and Murph down in Somerville running points on this operation, boys. All right. Remove DNS resolvers installed by at28. Enforce routers to obtain legitimate DNS resolvers. Okay, Okay. I mean, come on, man. The court authorized steps to remediate compromised routers can be reversed by legitimate users at any time through factory results. Yeah, so, okay, I mean, this wasn't like groundbreaking. The FBI took Down. The threat actor controlled DNS servers and or educated victims on doing a factory set of their router, which effectively changes their DNS settings. This wasn't some type of like, let next level zero day hacksaw thing where they like magically rerouted where the DNS resolution went through Napster like this. I don't. I found that story to be unsatisfying because of the way it was described. How this DNS hijacking was mitigated. Didn't. Didn't. It didn't slap for me. Okay, Somerville Cyber Mike knows what's up. Cyber Mike, you want to go down to Kelly park, shoot some ball? All right.

C (24:02)

CIA quietly elevated its Cyber espionage division. Since 2015, the CIA's center for Cyber Intelligence resided within the Directorate of Digital Innovation. However, recorded future news confirmed that as of October 2025, CIA Director John Ratcliffe elevated the unit into a full mission center. CIA spokesperson Liz Lyons said the move enhances the CIA's ability to deliver the best intelligence on foreign cyber threats to policymaker, ensure that no target is beyond the reach of our capabilities, and drive continued improvement of cyber tradecraft. This will see the center's leadership report directly to Radcliffe. According to a former intelligence officer speaking to recorded future news, this type of elevation occurs when a director deems something a huge strategic priority. There is no public announcement of the move last fall, possibly due to the government shutdown, but Congress was informed about the change.

A (24:55)

All right. Yeah. No 100% S27. I'm originally from the Boston area. It's just I've been in the low country so long that my accent. You know what? My accent has kind of gone away. Not because of my regional relocation and who I'm communicating with normally. It's literally because when I first moved down to the South Carolina area, I would get so many people friggin stopping me and being like, can you say park the car and have it yard? And I'd be like, h, bro. Bro. Like, no. Like, can I not? Or like I'd be like in a work meeting. And I'd be like, I don't know. Like, I don't know. Like, oh, hey. Like, I wouldn't say this in a meeting, but I'd be like, oh, hey, like after work, let's go grab some beers. And they'd be like, ah, B, B. And I'd be like, oh my God. All right. So I. I like trained myself not to have a Boston accent. All right. All right. Hey, guys. CIA Director Quietly Elevates Agency Cyber Espionage Mission you should be excited about this if you're an American. Okay. This is what we should be doing. 2026. It's all about asymmetric warfare. It's all about, you know, it's a great day to be us as far as, like, hack hackers go. Jaguar. As far as hackers go, like, we are all set, baby. Like, dude, you want to talk about who did this best? Check this out. This is a bit of a deep cut, okay? But once I point this out to you, you won't be able to unsee it. I went to Simply Cyber IO Books, which is my, you know, curated reading list for all y'.

B (26:38)

All.

A (26:39)

And this book right here, it's a little strong in its, you know, bias, I guess. It doesn't feel like it's written objectively. It feels very much like it's written. Leaning right a bit. But. But this book, Battlefield Cyber Subline, how China and Russia are undermining our democracy and national security. Early on in this book, it talks about how, like, China is executing a 25 year strategic plan. And in like, I don't know, like 2003, 2004, China literally made a decision to cut down on their, you know, soldier, like, investment in soldiers. Like, guys standing there with rifles ready to march in boots on ground. They cut down on investing on that. And they incredibly expanded on like, basically cyber warriors and training and stuff. And it takes time. But. But here we are 15, 20 years later, and guess who's got one of the best espionage capabilities in the world? I'll give you a hint. It rhymes with. It rhymes with Bina. I guess. So anyways, the United States is playing a little bit of catch up, so I'm digging that, you know, as far as, like, quietly elevated, I mean, I don't know how much you want, like, I don't need. The CIA is federally funded with tax dollars. So I do want some transparency and accountability. But, like, for real, I don't need, like the CIA running a commercial on the super bowl talking about their cyber espionage capability, getting new tooling. All right? Either way, way to go. This literally, this has nothing to do with any of us in chat. We are not doing anything different here today. All right? Now I will say if you got a ch. Child, if you have a kid who's like, you know, or 18 to 22 year old, trying to figure out what's the next thing to do, and they like computers and cyber. I don't know, man. CIA, nsa, not a bad. Not a bad, you know, four to six year commit and Then come out all skilled up and everything.

B (28:52)

Yep.

C (28:53)

Your truth about Hack for Hire campaign. A joint report from AccessNow, Lookout and SMEX details a hack for hire campaign by a group with suspected links to the Indian government. Known as Bitter, this campaign targeted civil society members in the Middle east and North Africa with spyware. This campaign has been active since at least 2022, using spear phishing through fake social media accounts to install Android ProSpy spyware. Details on ProSpy were first released last year by ESET, which profiled its use on United Arab Emirates residents. And now.

A (29:26)

All right, hey, so really quickly, space tacos, an absolute slam dunk joke. So we are talking about my Boston accent a little bit. It seems to be I'm, I'm letting my guard down. I'm letting my, my, my veil of sanity slip a little bit right now. But I said China rhymes with bina or whatever. Technically if with a Boston accent, it would rhyme with Dinah like a D. Like you go get, you know, basically a breakfast sandwich over at Mel's Diner on Main street there. All right. Anna Banana, I've been sick all week, unfortunately, like I'm actually getting healthier right now. All right, Hack for hire spyware campaign. Listen, here's the deal. This is happening way more often than it's reported, all right? Spyware is so hot in 2026 that

C (30:24)

Hansel's so hot right now.

A (30:26)

Okay? Look at NSO Group with their Pegasus eyewear. There's one called Predator, not to be confused with the, what was it, 1988? Unmistakable Arnold Schwarzenegger classic. Dude, there's mercenaries everywhere. And right now, 2026, the economy is in shambles. We're in. There's multiple conflicts going around the world right now. Right? By the way, the veil of sanity, that's basically a American Psycho reference. This doesn't surprise me. Guys, here's the deal. Information is power, knowledge is power. And in a digital age, digital information is super incredibly valuable. And if you can use spyware to get insights and intelligence on journalists who are investigating you, on activists who are trying to unseat your power, there is great value in that. Now listen, like let's be clear. The people who are putting, paying large amounts of money to have spyware put on activists and journalists are likely not good people. They're likely doing it so they can silence those journalists and activists, okay? So like let's not, let's not be friggin academic and cute about it and be like O spyware, stop. No, like it's literally. Where are you, who are you talking to? What's your network? And now I'm going to make you either disappear or I'm going to silence you in some way by threatening you or someone you care about. All right, this is in the Middle east and North Am, North Africa, my guy. I'm not even going to suggest, I'm not going to do this on stream right now, but if you just Google like, you know, reporters, Middle east, and I'm not painting a blanket picture here of all Middle east, the way they treat reporters, but there have been, I mean, there's enough stories out there of like, bad stuff, right? So this is why signal. Signal is super valuable because it's a. It's a secure way of communicating, a safe way for communicating. This is why graphene OS as a secure mobile device is so valuable. But the problem is journalists are constantly talking to anonymous sources. So if an anonymous source is also a criminal who's trying to infect you, it's difficult to dance that dance with a. Someone who's trying to hurt you. So just be on the lookout. I will say this. If you do work for a NonProfit or an NGO that's like, designed to help people with rights. If you work in an industry that has a polarizing thing, right? Like, let's say that you're someone who's like, working for an organization that's like pro choice, right? And you've got all sorts of activists, or you work for an organization that's about protecting indigenous people's land rights, okay? You like? Or you, you know any. Like, look at what happened in Minneapolis. Like, let's say you're an activist working in that space, right? The second you start organ. Look at unions and the way Amazon treats unions, okay? Or the, the idea of even talking about forming a union. There is an entire power dynamic of people in power trying to silence or control people who are trying to upset people in power. Dude. An axiomatic fact that you can take to the bank. You could put this in stone and it won't be untrue in ten, fifteen, a thousand years. People in power like to retain power, okay? You ever been in charge of a project and then had someone take it away from you? Were you happy about that? If you're older, you probably were, because you're like, thank God I don't have to deal with that anymore. But. But for the most part, people don't like it. Okay, so spyware is a real thing. I, I will say this really quickly too, because this is something that, when I was Younger and didn't understand the ecosystem. I was like, how is this possible? Like, and to me again, this is for people who are newer to the industry because anytime, anytime there's something that it took me a long time to find out, I always want to share it with everybody because it's bull crap that I, I'm all up in cyber security and it still took me a long time to figure this out. Check this out. You might be like, how is spyware publicly available? How can people sell that legally? The same can be said with denial of service tools, right? Like you know, basically for sale denial service tools. The same can be said with what other tools? Well, let's just stick with spyware and like stressor tools spyware. Like listen, if you're law enforcement, oh, oh, oh. Like post exploitation frameworks, like how is Cobalt strike legal to sell? Law enforcement can use spyware with court order to put it on criminals phones so they can uncover criminal networks. That is a great use case for it, right? Spyware or quote unquote spyware can be used by parents like me to put it on my kids devices so if my kid disappears, I can find them, right? So there are stressor services. Dude, I don't want to get knocked offline on Black Friday so I'll hire a service to test me. These are legit reasons. The problem is spyware. When it's a half a million dollars in install and you're a business that's all about straight cash, homie. Straight cash, homie. You start to get a little squirrely on what constitutes law enforcement, right? Oh, hey, I'd love to buy a slice of your spyware. Well, we only sell it to law enforcement. Okay. I'm law enforcement. Sounds good to me. How many do you want? You know what I mean? Like the level of due diligence. Yeah. So that's what's up.

C (37:03)

Huge thanks to our sponsor for today. Vanta. Risk and regulation ramping up and customers expect proof of security just to do business. Vanta's automation brings compliance, risk and customer Trust together on one AI powered platform. So whether you're preparing for a SoC2 or running an enterprise GRC program, Vanta keeps you secure and keeps your deals moving. Learn more advanta.com CISO that's v a n t a.com CISO

A (37:34)

all right. We have been consistently blowing out the copyright. We got so many first timers here. 385 people in chat. Can I just say thank you for being here today. Definitely appreciate you. All right, all right. Right all right, shout out to the stream sponsors, threat locker, anti siphon and flare. All about good times up in this mother trucker. Guys, every single day of the week has a special segment. And Thursdays is what's your mean? Thursday. Now, this guy right here, Dan Reardon, the haircut fish. You might be like, wait a minute. Is that the same Dan Reardon who ran the anti cast how to write better sock tickets? Is that the same Dan Reardon who's just showing up all over the place? Yes, it's that Dan Reardon. The man is a treasure. And he does a custom meme of the week. A guy named 303 dropping gifted subs. Thank you. A guy named 303. You're one of the 10 people who picked those up. Like Jimbo Kishin, Fed Gengar. Welcome to the party, pal. Dude, love it. Thanks. Guy named 303. Welcome to the party. All right, so he makes a custom meme every week. And, guys, I gotta tell you, I never. Only one time have I ever, ever censored it. And Dan's been doing this for, like, three years. I mean, we have, like, literally hundreds of memes custom made. Every single one is one of one. Adam Thomas just scored his sscp. Way to go, Adam. All right, so I only censored one. It was too, too risky. It was too much for the networks to handle. All right, but today, we got one for you. This one's good. All right, so for those who don't know, Dan always tries to tie it into something I said earlier in the week. I am a runner. For those who don't know, I'm a runner. In fact, I'm actually running, wearing running clothes right now because after I teach at the Citadel, I'm going to run downtown. I love running in the city, and I'm getting back into it, and I have not got if you've ever heard of the runner's high, it is a real thing, and it takes a while to build up, to get back to getting it. It's not about just running a long distance. It's like. It's like how your body's acclimated or at least for me, I'm getting close to the runner's high again. But I was talking about how great it is, and Dan took that as inspiration. So, ladies and gentlemen, may I introduce you. What? To your. To your meme of the week. Let's go. Come on. Let's go. There we go. It's the runner's high. When Jerry hits that runner's high. Oh, so Good. So good. I have no idea how Dan does this. Dan is like an AI ninja at this point. So, ladies and gentlemen, when Jerry hits that runner's high, it just feels right, bruh, Like a thousand percent. I would never think that that is fake. I would have been like, yeah, that was me for some somewhere. So, ladies and gentlemen, here we go. All right, thank you so much, Dan. Let's get the la la. All right, you know the, you know the, you know the words. And hey, all you first timers in chat, we do this, we do this pretty often. Let it wash over you in an awesome wave. Just, just let that la la la la wash over you. Adam Thomas, Taka guru. Let. La. Hey, Mary Ellen Kennel's in chat. What's up, Mary Ellen? It's been a minute. I love myself some Mary Ellen Kennel. Hope to see you at Wild West, Mary. All right. Also, Mary, I don't know if you go to Black Hat defcon, but we're doing the Simply Cyber meetup on the Friday of defcon. Come check it out. All right, let's finish. Strong.

C (42:12)

Details on the Mos Jesu botnet. Researchers at Trellix released a report on this botnet active since at least 2023. The operators advertise the botnet on Telegram to both Chinese and English speakers offering DDoS as a service. The botnet enrolls IoT devices primarily in Vietnam, but also showing activity in Brazil, India, Iran, Kenya and Ukraine. It obfuscates its presence by forking processes and dynamically renaming the original executable path every 15 minutes in order to appear as a regular system component. It also terminates WGET and curl processes and locks out temporary folders to prevent infection by other botnets. Right now, the Telegram channel for Mass Jesu has over 400 subscribers, but researchers estimate its customer base to be much larger.

A (42:57)

All right, so this is the denial of service botnet, as I mentioned earlier, like literally the last story. Stressor services are the legal version of this. When you see distributed denial of service DDoS, this is how modern denial of service attacks work. You can't really do a denial of service attack anymore from like a single ip. Also worth noting, denial of service is a generic term in my opinion. When I say denial of service, I. I feel like most people immediately go to network bandwidth congestion, right? Like, I'm sending so many packets that you can't access the resource legitimately. Right? Like, think of, like think of the Tyson Jake Paul boxing match. Do you guys remember that boxing match from last year you tried to Watch. And it was all pixelated and crap because Netflix wasn't prepared for the load that was put on the network. That, that, that's a, that's an example of like deprecated service. But, but effectively it was the same outcome of a denial of service attack. So. But, but the reason I bring it up is because denial of service can be manifested in many different ways, right? This Striker Medical Iranian attack the other day. Striker Medical Iran attack, this attack. This was just a few days ago, right? Oh cool. Six days ago. They're back up and running. Very nice. This was a big story. Iranian hacktivist strike medical device maker Striker in severe attack that wiped systems. This is a denial of service attack also. Ok, hold on. Why is. Wait a minute, why is the chat here? I don't like how the chat on stream is like doing that arrow thing. That's not. That doesn't vibe for me, brah. Hold on one second, let me see if I can adjust this. All right? I do not know. Can we do this? Can I hide it? Oh, is obs broke? Hold on one second. I don't know. All right. Well, I guess. Wade Wells, Tasha, Miles, S. Cole07, James and Quiggin, you guys rule the roost today because we're having technical difficulties. All right? So anyways, denial of service can be multiple things and this particular one is. Is interesting. If you're a security researcher and an academic of cyber security, meaning you like really enjoy innovative stuff and new stuff, I would recommend this one does a lot of things to hide itself. It also prevents other malware from kind of like attacking says to achieve persistence, Mas Housa starts by forking a new process and renaming its original executable path to mimic the path and functionality of a legitimate Linux dynamic linker. So this sounds like it's attacking Linux or Linux based binaries or operating systems. Really quick. I want to remind everybody. Listen, the Linux, like many IoT devices are running stripped down Linux operating systems, right? So your ubiquity devices, your network devices, your IoT cameras, your smart locks, I. I don't know about like Xbox and PlayStation. Those might have custom ones, but a lot, a lot of them are running stripped down Linux distros. A lot of them use something called Busybox. You can Google Busybox, which are basically stripped down binaries of Linux binaries to make it even a smaller footprint on those devices since they don't have a lot of storage space. So anyways, you know, that's what you got to worry about here. They say they create a Cron job to rename the executable every 15 minutes. This, all day, every day. This would be a massive indicator of compromise. Like, like type, what is it? Cron tab. Type in cron tab and see if it's got some weird ass job in there that you didn't put in. This is pretty good though. Multiple CNC domains. That's. This, this is for resilience. Here's what I would say. This is a very interesting denial of service botnet. I would look at this one like, seriously, as an academic. This one kind of has a little something for everyone in it. It's, it's got persistence mechanisms, several. It's got resilience capabilities. I don't know what the initial infection is. That's probably the best first question. How do we. All right, it attacks a bunch of IoT devices. We've seen that 2015, the Mirai botnet kind of set the stage for attacking IoT devices. Dude, it's Brazil, India, Iran, Kenya, Ukraine. Like if you've got a device on the Internet, it's coming for you, right? It doesn't care where you're coming from. How does. All right, so it says it spreads through vulnerabilities and D link routers, gpon routers, Huawei home gateways, empower Netgear and UPNP services. All right, so this, dude, this is like all over the place. If you're running any of these devices, you may want to look into it. These are, for what it's worth, these are residential or consumer grade devices. This is not enterprise grade or commercial grade devices. So this isn't really attacking your business. So you're a little less at risk of it. But you know, the entorthias of the world. One thing I always say to people to think about is like this kind of problem. Like imagine if you will, one second that. Let's, let's just assume many of you have a ring doorbell, okay? Many of us have ring doorbells, right? If your ring doorbell right now got indoctrinated or enrolled in this botnet, would you care? Like, be real. Answer, answer that question. Would you care. Now you might care. On principle, I don't want to contribute to a botnet. But when the, when the UPS delivery driver rings your doorbell and it still works, you can still see it on your phone. When you know it sends you an alert that someone's walking up your driveway, it still works. That's the thing. Like being enrolled in a botnet doesn't mean that your device no longer works. It just means it can be utilized on demand by a threat actor. So like, I guess my point is like the pain to the consumer isn't realized, so therefore you're not incentivized to do it. Now, obviously if your device got compromised and all of a sudden your ring doorbell no longer worked, that would be a big problem and this botnet probably wouldn't grow as big as it is. So it's just an interesting dynamic of incentive and motivation to do something about it.

C (50:42)

Claude finds teenage Apache bug With Anthropic's Mythos preview model, we'll likely see an explosion of fairly complex exploit chains using some very old bugs. But you don't need to wait for mythos access horizon 3 AI published details on a remote code execution bug in Apache ActiveMQ Classic, effectively hiding in plain sight for the past 13 years. This allows for an attacker to use ActiveMQ's API to trigger a management operation that can fetch our remote config file or run OS commands. In some versions, no credentials are needed when chained to another API vulnerability, effectively turning this into an unauthenticated remote code execution flaw. Researchers mostly use Claude to find the flaw, which they said remained undiscovered because it used multiple components developed independently over that time. AI finds vulnerability might not be a headline in the near future, but this seemed like a good preview of what Mythos and other models are increasingly making commonplace.

A (51:39)

All right, I mean this is like the most like miss the forest for the trees story ever. Okay, so like Mythos is like this unbelievable next model from Anthropic. It's being allowed only by select groups. Right? It's so powerful. In fact, I read a story this morning that said that like Mythos was able to escape a sandbox and then email an engineer that it had escaped. Although in those examples I always feel like those are custom built scenarios where like they literally program it to try to break out and then it does versus it just like taking independent thought and breaking out. Guys, we've been talking about this for a minute. Let me just tell you this. This story right here. To me, this story has nothing to do with Apache and a 13 year old bug being found and all these other things. The bigger story here is that vulnerability, discovery and bug bounties, the entire industry around it is going to change. It's going to change dramatically. Okay? In fact, in fact, I read a story this morning. Now remember, I don't research or prep for the show, but I am such a passionate fan of cybersecurity that I consume all this Information all the time. I got up at 6 this morning, let my dog out, had a bunch of coffee and then started reading cyber news because I'm an absolute lunatic. And you know what I read? Check this out. You want, you want to see a story that's actually valuable? Look at this one. This is the story. AI led remediation crisis prompts hacker one to pause bug bounties. This is April 8th, yesterday. Now this is a story worth covering in the news. Hacker1, one of the leading, I would say, top three bug bounty platforms in the world is putting a pause on the open source bug. So there's like a pool of money that open source projects get, you know, allocated because they don't have any money themselves. But businesses allocate. They have so much coming in that now the bottleneck is not discovering vulnerabilities, it's actually remediating vulnerabilities. They've literally pushed it down the pipe and now it's like we don't have enough people, time or focus to patch vulnerabilities. Also worth noting because people are not anybody in this chat, but a lot of people are lazy and There's a million YouTube videos out there on how to make 10 or make six figures passively. There's a lot of AI slop vulnerabilities, low effort vulnerabilities being submitted to HackerOne. So like legitimate disclosures are down 10, like to like 15 or something like that. So for every hundred disclosures that get submitted to HackerOne, 85 of them aren't good, but someone still has to review each of those. So it's, it's putting a lot of pressure on Hacker one staff. The, the vulnerabilities are getting pushed down and not getting remediated. This is a bigger, this is a bigger one. Yeah, Tech runs, right? Space station wants a picture of my dog. All right, I'll do one before I leave.

C (55:18)

HS Scotland. Domains serving illicit content. Former cybersecurity engineer Nick Hatter discovered multiple domains operated by Scotland's healthcare provider that served illicit content, mostly porn and illegal sports streams. These links appeared to have been created back in January and were associated.

A (55:33)

Steve Young. Hold on. Oh, man. Steve Young's got to get out of here. Hey, Steve Young. The next story is Minnesota story. National Guard to County after cyber attack. Okay, just so Steve Young can see that. All right, let's keep going with the

C (55:45)

new surgery facility in Kilmacomb. The spokesperson for the NHS Greater Glasgow and Clyde said these compromised domains were for a legacy site administered by local general practitioners and showed no evidence of compromise to the broader NHS system. Hatter also found compromised primary domains for another GP in the Shetland Isles. It's not clear how the domains were compromised, but Hatter believes a DNS attack or a compromised WordPress setup were the most likely culprits.

A (56:11)

All right. Yep. So it doesn't matter if it's government based or not. These threat actors are going to try to get any info infrastructure they can to host their crap. On top of that, it makes sense because those domains were probably, or IP addresses were probably validated as like, safe, you know, domains and IP addresses. Right. Compromise WordPress server. Sure. If you got a bunch of plugins, you know, you probably got vulnerabilities. Tldr, this is, this right here, this is a perfect example of why you have to maintain your infrastructure. By the way, let me just tell you this really quickly. We got two minutes until the show ends. I'm going to just tell you this really quickly. Another like, like, gem of a, of a lesson learned for your career the next time some, like, listen, anytime anyone brings up anything new like, oh, let's do this thing, it's like, sure, who's going to maintain it? I have been in a thousand meetings in my career, okay? And in those thousand meetings, most of the time someone's like, oh, I've got this great idea. I've got this shiny thing that's everybody's going to love. Oh, I can whip this up and access database myself. Oh, my God, I saw this online yesterday. Let's do it. It's going to cost us nothing or it's going to change everything or the vendor's going to give us a discount. Let's go. And it's like, okay. And then everybody gets all hot and bothered. Everybody's frothing at the mouth. We plan a kickoff meeting. A big email comes out from the executive team how we're going to be marching forward on this new thing. And no one, because it's not cool. And guess what? I'm the poster child of not cool. It's not cool to be the guy who's like, who's gonna maintain this? Like, after we deploy it? Like, who is, who's gonna work it? Who's gonna maintain it? The thing it's replacing, who's gonna put that to bed? Who's gonna sunset that? Like, I, I love it. Like, yes, let's champion all the things, but like, let's be pragmatic about it because what ends up happening is you get all sorts of legacy crap that's just festering on your network. It's called tech debt. You got all this crap festering on your network and no one wants to talk about it, Right? It's the same thing with politicians. They want to build a new bridge. They don't want to repair an old bridge because it's not cool to repair an old bridge so many times, dude. Oh, and by the way, just spoiler alert, three months, four months, five months down the road after the shiny cool thing gets through its, like, first phase of kickoff, people are on to the next shiny cool thing. It's so annoying.

C (58:58)

Minnesota calls in the National Guard after cyber attack. Minnesota governor Tim Walls sent in the National Guard to Winona county, citing a cyber attack that caused significant disruption. The guard will help ensure vital municipal services continue without interruption. Back on January 23rd, Winona county officials said they had suffered a ransomware attack. But Walz's executive order this week does not say if this is related to the incident that occurred this past week. County officials are working with the FBI and state IT services to recover.

A (59:27)

Nice. I found how to fix the chat. All right. Hey, Tim Walls, National Guard. Way to go. Minnesota has been getting ramroded repeatedly by cyber attacks and other issues. St. Paul got hit. The municipality, the Minneapolis school district got hit, dude. Minnesota is just a great state, right? They got good hockey programs. Their curling is second to none. They're just having a good time. They'll bake you a pie. They'll pull over and help you change a tire. Why they got to get hit, man? Like, leave Brittany alone. Minnesota. Leave Brittany alone. Like, this is like, this is my inner monologue for this is my inner monologue for to cyber threat actors regarding Minnesota. Like, leave. Leave Minnesota alone, dude. I like what they're doing up there, all right? For the sake of time, I'm going to abandon this story. I mean, whatever. Like, the governor called in the National Guard cyber capability news at 11. Like, that's not really anything that we're going to do anything about. All right, let's cook. All right, guys, we did it. We did the thing. We did an hour show. Heck yeah, buddy. What's up, J Ghoul? Nd you are welcome, bro. Hey, Jesse Johnson, you stop right there. You stop right there. I'm a Patriots fan and I know what winning feels like. The Minnesota Vikings. That is a sad, sad story. I. Oh, my God, dude. You want to talk about people who need therapy? Minnesota Vikings fans. I feel for you guy. Like, you guys have gotta. You guys get built up and then just knocked Down. All right, guys, don't go anywhere. I've got to go teach at the Citadel military college. But stay tuned because we are going to pivot to cyber career hotline. That's right. Call in, get answers. I'm again, I'm slowly transitioning this. I just been so busy, I haven't had time. James O' Cligan at 35, 000ft is your host today. James McQuiggin will answer your questions. You put questions in chat with a queue, he'll answer them. James, I can see you off stream. You ready to go? Oh, he's waving. He's happy. Double thumbs up, guys. I leave you in the capable hands of my good friend James. Until next time, stay secure. All you first timers, come back every morning, 8am Eastern time. I hope you enjoyed the show. It was a desire I. It was a desire. It was a delight to serve you guys. Be well. And until next time, stay secure. Ever wonder what it takes to break into cybersecurity? Join us every weekday for Jawjacking, where industry experts answer your burning questions and about the cyber security field. Live, unfiltered, and totally free. Let's level up together. It's time for some jawjacking.

B (62:36)

All right. And good morning, Simply Cyber. How is everybody doing today? We got rid of that nerd. Yeah. Dr. Jerry Oer. He's gone. He's gone off to teach n. He's a. He's a very good friend, actually. Let's see if this works, because when it comes to Jerry.

A (62:56)

Did we just become best friends? Yep.

B (62:59)

Hopefully that came through. So kind of carrying on what he was saying there about Minnesota. Oh, yeah. Did you know that the Minnesota Vikings walked into a bar? Yeah. To watch the Super Bowl. Hang on, hang on, hang on. There it is. And does anybody know what state serves the smallest soft drinks? Yeah, that would be Minnesota. Alrighty. Well, good morning, good evening, good afternoon, whatever time of the day you're watching it. For those of you that are here live, I am James McQuiggin at 35,000ft. Very excited to be joining all of you here today. Gonna throw up the chat as I'm trying to get things going, but I do have a quick question for everybody. Let's see if I can get this to display. What I'm really curious is, did you all get to hear the sound effects that I just played? I'm kind of curious. Sound effects aren't playing nuts. Okay. Well, at least that's what Jerry said, which is kind of confusing, which is kind of annoying because I worked on it last night and it worked there. So, yeah, drop in chat. Let me know if. If you're seeing if you heard the sound effects. Still trying to figure out how to got it working one way and now it's not working another way, which is kind of frustrating because I can see it. Let me know. We can hear the music coming through. So kind of my, you know, kick off the. Kick off the. The show with a little bit of music because I'm here to answer your questions.

A (64:49)

I want to ask you a bunch of questions, and I want to have them answered immediately.

B (64:54)

Gonna answer them as quickly as I can. Overall, I'm thinking. I think I know why the sound effects may not have come through. Mark, maybe you can help James, since it's so easy. Oh. Oh. That the sound didn't come through. Sound effects are good. Okay, cool. Awesome. Now you hear that? Alrighty. I figure. Trying to figure out my. My vibe when it comes to doing this. And so I. I like to hear from you folks. So let me stop that sharing. Let's go back to just me. Here we go. Hello. And be here to answer your questions for you. Maybe even drop in a couple dad jokes like the Minnesota Viking one. So that's some Ron Burgundy music. Yeah, well, I know that Jerry's kind of going for that 90s vibe, so I found that music and I figured that would be kind of cool. But, yeah, definitely drop your questions in there and let me know what. What you're curious to know. I'm. I am here to help. Sitting here in my. My studio. Ah, Kathy Chambers is here. Real excited that we got Kathy Chambers and Ellipsis and space tacos. Carrie, good to see you. He's always dropping dad jokes to me. Why did the chicken join the band? Because he had the drumsticks and I don't have my sound effect ready. There we go. I may have to check to see if that one is set there, but yes, this is Q A with me. Bring your questions. Drop. Put a little Q in there so I can see them. Let me know what you've got going on. I know me personally, I've got two presentations coming up. I'm doing one tonight for ISE2, Annapolis Junction. Very excited to. To do that presentation. Going to be talking about AI and the dark side and deep fakes and doing all that fun stuff as well. Along with Monday, I will be in Miami. I'm doing a presentation there for the Maritime Security Summit. Very excited. Get to go hang out with the fine folks that are that work on the cruise ships that provide the security risk reduction IT services for our cruise lines Carnival in Norwegian and Royal Caribbean. So I'm very excited to be heading down there to do that. Am I going to FedEx asks am I going to HSC? I'm guessing HSC is hacker spacecon. I am probably going to go to that one. I have, let's see, I've got a friend of mine who's presenting there so I will be joining him. A Hacker spacecon. Looking forward to going there. Oh, there it is. There's the question. Am I going to hacker Spacecon HSC? I'm guessing that's what you meant FedEx. But yeah, I plan on being there. I think Phil Wiley's gonna be there too, just chatting with some folks. They were going to be out there so. But yeah, cool, we'll drop in those questions folks, let me know, Let me scroll back through and see if I'm missing any. Sounds are loud but they come through FedEx. You'll get over it. Just lower the volume on your headset. And Kathy Chambers is here. Hello Kathy, good to see you. Yeah. All right folks, let me know, is everybody. Of course I'm trying to see. I can't see how many people are actually connected here, but let me, let me know what I mean. Hackerspacecon is a great event that's actually held over at the. As well share off screen There we go. So let's see. Show you all hackers facecon. That's actually the cool thing about this conference is it is actually over at the Kennedy Space center. So with all everything happening with Artemis 2 and the astronauts going to the moon, it's been really, really cool. And this particular conference May 8th and May 9th, so it's coming up in a month. Yeah, months from now, 26 days, 22 hours, 48 minutes, 44 seconds. A lot of great speakers lined up there. They're going to be coming out. My good buddy Eric Krohn. Oh, Josh Masons is going to be there. That's going to be a lot of fun. Josh Mason, good friend. And of course there's Patrick Gorman, Infosec, Pat, Phil Wiley. That'll be cool. It's gonna be a great set of presentations, a great turnout of speakers. Victorium. No, that's not who I thought it was. Let's see. Anybody. Bronwyn from the Wild west folks. She's gonna be presenting which is cool. And just a whole slew of other folks. If you're here in the central Florida or Florida area and you can get down to the Space coast, definitely. Come check that out. Come check out hackerspacecon Overall, let's see. Questionnaire. Oh, are you closing in on useful employment? Depends on how you define useful. I've got some contract work that I'm doing now, so I. And I'm still teaching at Full Sail, so I do have that. So I am closing in on some other contracts and other opportunities. So once those become available, we'll certainly guys will be maybe like the fourth to know. Oh, instead of putting a q, we're putting Js. What spell did Harry Potter use to fight off dementors at the straight of her moves? Expect no petroleum. Good one. Ah, here we go. There's a question. Yay from Ellipsis. How often do you recommend reviewing cyber tools? We've had our vulnerability scanner for a good while now and it seems like this vendor is developing tools we don't care about. Well, I, you know, I came coming out of the energy. Energy industry, coming out where I supported power plants. Power plants like to run programs in the concept of if it ain't broke, don't fix it. And essentially as long as it keeps running, let it do its thing and it's doing it right, then there we go. But I would think you would want to review cyber tools. If it was me, I'd be reviewing my tools every year. It's part of like that yearly audit of making sure I know what software is running, what hardware is running, what systems we've got. And so if you've got a vendor that's kind of getting away from that vulnerability scanner, they're not really paying any attention to it, not doing any new updates.

C (71:44)

Sure.

B (71:44)

You should, you know, always be looking, always be looking out, seeing what is out there. You know, you got to plan your budgets a year ahead as well. So it's a good idea to, you know, constantly, you know, always be looking. The vendors, if you know, they don't want to be losing customers, they want to be able to support them as well. So essentially I would be doing an audit, a review every year, looking at it. If you're not happy, go somewhere else. That's one of the great things about this, this industry. There's lots of vendors that are out there, but do what's best for the organization. Don't put yourself in tech debt. Also, if you're going to get a new product, you've got to get permissions. So, you know, think ahead, look ahead at what you're going to be dealing with with regards to that. James Love, Candles and books. I have a candle dream. Not big fan of candles, but books. Yet you can see over my shoulder. There's my bookshelf. The middle shelf. Yeah, that one. This metal shelf. Let's see if I can do this properly. Right there. That one is my shelf of autographed books. Those are people that I've had the pleasure of meeting and had them autograph and sign my book. Josh's book is on there as well. We got another question. What's faster than an escalator? Anaska sooner. That wasn't a question. That was a joke. I see what you did there. Roswell. You snuck it in there. Where's my favorite place to travel for work from? Space tacos. Yeah, It's a fun question for me. Anywhere where there's going to be people that I know I love. Going to play last week, cyphercon. Hanging out with Josh and Michelle.

A (73:26)

That was.

B (73:26)

That was a blast. And got to meet new folks like Emily and Elizabeth. So always. And Angela got to meet Angela, who has been following me on LinkedIn for a while. And she was all excited that she got to meet me in person. I told her, I said, we got to like, look at, raise raising your expectations. But it was real good. But going favorite places is certainly going places where there's people that I know and get to hang out with. How do I deal with a new job opportunity that I don't think I can be up for the tasks they're expecting? It's hard to find training for it and accepting it means I move and quit my current job from Adel Snow1 or Adelson01. Yeah, you certainly got yourself an interesting situation. If you've got a new opportunity and they're offering you the job, that means they reviewed your information and believe that you can do it. Sometimes we get into roles. We may not know how to do it, but the people that have hired us know that or see something in us, a potential or an initiative that we can learn how to do the role. A lot of the time people get hired not because they know the technical stuff, but because they have the, we'll say, the professional skills, the soft skills. They see a potential or initiative in you that knows that. Okay. Yeah, you may not know the answer, but you're going to know where to go find the answer or know how to look it up. And if there's training, there's not a lot of training for it. Well, then make it, you know, learn what you can and then teach others how to do it. I know that was stuff that I was doing many, many, many years ago, back in my days at Siemens, learning Cisco equipment, learning VPN configurations and all that, and then having to teach it to other people because other folks had not, weren't sure how to do it. Like a triple nat reverse nat traversal. That's fun. So certainly, you know, if you love the job that you're in or if this is an opportunity to move up, then, you know, then certainly look at considering taking that. For me, it comes down to what your head tells you, your heart tells you, but what does your gut tell you? A friend of mine, Alex, told me that years ago. And that's kind of how I look at things. It's like your head's going to say one thing, your heart wants to do something else because you love it. Your gut. There's going to be something in your gut that kind of. You got to follow their good question. Can I get one thing to read, one thing to watch and one thing to practice that you recommend to level up CTI skills? Hello, cyber scash. Sasquatch. Sorry about that. So can I get one thing to read, one thing to watch, and one thing to practice? Well, one of my favorite places to get books is from Humble Bundle. And these guys are always running Humble Bundle dot com. Let's see if I can get that here, share that. So Humble Bundle, you know, I have no sponsorship, no claim, no connection to them whatsoever. I just love their service because one of the cool things under books, yeah, they have games and software too. You can check it out. But under books they always have these sales and all the money goes towards a charity. And so it's usually coming from the printers, the publishers. So here we have, and it's pay what you want, but here we have Linux, the good stuff. You've got a whole slew of different books dealing with Linux and security of that and how to use it. And this one's coming from no Starch Press. You know, these books alone are like 30 to $50. And you can get it for, you know, as little as 30. You can get $36 for the 15, 60 for the 17 or 65. But all the money goes towards a good cause. Well, usually in here, from time to time, they'll offer a variety of CTI books or programming or defense. So here we have the Ethical Hacking and Cyber Defense. You got Agentic AI Day in the Life of ciso. But usually in here you're going to find a variety of different books. One of the ones that I've read that I use for my students is Operationalize. Can't spell Operationalizing Cyber Threat or Threat Intelligence, I believe is what it's called and Nope, nope, nope. Threat Hunters Cookbook. Threating Operations, Operationalizing Threat Intelligence. This is one that I'm considering for the course that I teach, but a guide to developing the your operating Cyber Threat Intelligence programs. This is really good. I've looked at a bunch and this one I really enjoy. Kyle Will Hoyt, Great author, great person that's out in the industry, but that's a good one overall. Great thing to watch. Podcasts of course are great to watch and of course you can't go much farther than this particular podcast, but I know there's a bunch. Wade Wells, Simply Defense. He's got a bunch of. He's done a bunch of podcasts. He's got some things and one thing to practice that you recommend. Definitely go through and be reading up on Mitre. The Mitre ATT&CK and the Atlas, which is the new AI one overall, so kind of the long answer there. Sharing that. There we go. But definitely check out Humble Bundle. Great service. What's made leather out of leather and sounds like a sneeze? A shoe. How much of the honeydew list is getting done? Aha, this one's cute. All right, FedEx, how much of the honey do list is getting done since you're home? And what new projects like Home Lab or N8N have I been doing? I've been vibe coding more than anything else. I've been playing around a a lot with Claude code, using Claude to adjust my resume to practice for interviews for. I used by coding to create my fake maker app and deep fake detector which is basically just a web app front end to connect using APIs to other services that are out there. I vibe coded my website. Apparent security. It's out there as well. Yeah, been. Plus my daughter's redecorating a room, so I've been kind of helping there a little bit as well. Let me guess, on your right side is an artificial bamboo plant? Yes, that is. That's the. That's the tree hat or the hat tree. Sorry, it's the hat tree and I got a bunch of hats that are hanging on there. Started a job as a GRC expert in manufacturing business and I want to understand more about ot. What do you recommend that I do? This question kind of came up the other day and I believe. Let me see if I've got this website handy because. Nope. And I'm oh, there he is. Yep. Our good buddy Mike Holcomb, very well experienced in the IT spit. Sorry in the OT space. He is somebody, he is certainly somebody to follow along with. Patrick Miller, Chris Sistrunk. Let's see our good buddy Joe Thompson. I think blanking and of course not the time to blank on Joe's name but my Jerry's had him on the show. But OT is, you know, such a unique field. SANS has got an OT website but definitely if you are looking to find more folks in OT, let me know. Connect with me on LinkedIn, drop me a message, let me know it was here and I can get you a bunch of links and everything else. I should add an OT section to my career section on my website. Out on my website jamesmcquigan.com I have a cybersecurity career page and I list a whole bunch of resources. So let's see what are we doing on time? Seven minutes. Curious of your experience, if any, with identity governance. Currently researching the solution landscape for that problem. It's really fragmented and things don't seem to talk to each other.

A (82:04)

Good question. I do have.

B (82:08)

Hopefully that sound effect came through of Austin Powers going. Good question. Question. Yes. The identity landscape is very fragmented right now. It's actually trying to be built, I would imagine identity access management, okta, you know, the governance aspects of that. But now we're dealing with AI, we're dealing with agentic AI, dealing with AI person. Well, not personalities, AI employees in organizations. And we need to make sure that we're restricting their access and. And everything else. So when it comes to the governance. Yeah, it's a matter of, you know, one of the things that I, I've done, and I know a lot of people do, is leverage CLAUDE or a large language model, maybe an internal one to help write a policy for that. Have an idea of what you're looking for with that governance. You know, least user privilege, multifactor authentication, securing your APIs. What does all that entail and make sure. And if people aren't talking to each other, put a group together. You know, I got to imagine there'll be an IIM ISAC Information Sharing Analysis center coming along for that. But Jerry even posted a while ago about all the different ISACs that are out there. Let me see. The National Council of ICECs. So. So check out the National Council of Isaacs. You can join. Maybe there's a information security one relating to that. There may not be, but there's a maritime Isaac that'll be. I'll need that for next week. But there could be one. There's a space one. Retail hospitality. Usually it's for the different industries overall, but essentially I would be looking to see, you know, look to see who's out there, who's the industry leader. Follow them on LinkedIn, on Twitter, you know, wherever you can find them out on the socials and reach out to them and ask them questions. Cool. Good stuff. Alrighty, See here, Trying to scroll through here. Let's go to the bottom. Can I drop your LinkedIn, please? Sure, I'll drop it. You can actually go out LinkedIn. You can find me James McQuiggin. Go back to my website, jamesmcigan.com actually cheesy plug. Hopefully Jared doesn't get too upset.

A (84:48)

But

B (84:51)

let's see. There we go. So here's my particular website. You can connect with me, james.com. then you can come out down to here to LinkedIn. You can connect with me as well. And then my LinkedIn page. So basically just go to LinkedIn, look for Jay McWiggin. You should be able to find it there. Let's see, a couple minutes left, couple more questions. I started a job in the manual. Oh, right, did that one. Let's see. Vibe coding leads to agentic engineering, and then nobody takes you seriously. You know, that's interesting you say that, Phil. I think one of the interesting things with regards to Vibe coding and I kind of was. I remember last year when I did my first one and I was like, oh, this is cheating. But then I realized, you know, it's a tool. You know, as long as I'm not turning around and just kind of calling myself a programmer because I Vibe coded something. No, I'll call it like it is. I vicode it. I used a large language model to. Used a large language model to, you know, help me build a web page without having to use HTML or another service. Like all the different web services out there, it made it easier for me. But in all honesty, I would not. If I was Vibe coding this and this was going to be for production of service or something that was going out to clients or that kind of thing, I would be putting it through one heck of a strict review. Security review. I was chatting with Michelle last week and one of the things he said was he's Vibe coded, but he's a programmer as well. And he goes through and he criticizes and he pushes back and looks at it from a security mindset even further and was even calling out the Vibe code program on certain things that it missed or did wrong or whatever else. But for me, it allows me to get something that I can demonstrate or whatever. But if it was going to be something rolling out, then yeah, I would definitely be putting it through its paces. Overall, all. Let's see. So much stuff's got to drop. All right, we'll see you, Roswell. I'm a water utility OT manager. If anyone has questions. Espinosa Ch. Cool. Thanks for reaching out. Yep. This is a great community. This is. This is something that always helps everybody. Everybody helps everybody. This is great. Agentic identity will be the buzz soon. Word Agent. Agentic identity will be the buzzword real soon. I think it's already here. I know organizations are already having their own agentic AI employees. Cool. Let's see. I think we don't say Excel made a spreadsheet. We say I made a spreadsheet. Yeah, exactly. I made a spreadsheet. I. I used to. I made a program but I vibe coded it and I have no problem saying that I use that tool. Gemini helped me fix my older Dell and then I was able to get it legacy with BIOS and could load the Zorin os. Very cool. That's. I mean I've used Gemini to troubleshoot the audio with all this equipment. I've got. I've got the new Elgato stream deck, I've got the wavelength for the microphone, I've got the software that runs and I've got my sound effects loaded trying to get all that working properly. I was using Gemini as well. It's great for troubleshooting. Wish I had it 28 years ago, 29 years ago when I was doing stuff. So cool. Alrighty. Well, we are kind of at. We are at the bottom of the hour right now and I want to respect everybody's busy day that's out there. I want to thank you all for your questions. Great insights from everybody, great opportunities to share. I'm real excited to do this every Thursday. I look forward to being back next Thursday I'll be from doing it from a hotel again. Next week I will be in Tampa. I'm doing elevate it over in Tampa so I will be over there. Forward to being able to chat with all of you again. So hope everybody has an awesome Thursday. I'll be back tomorrow. Maybe Jerry have me back on Jawjack and if not, you'll definitely see my dad jokes tomorrow. Got them all prepped, getting ready to send on over to Jerry. So again, thank you everybody for sticking around and listening to my stories, my info, whatever I could do to help out. I hope you all have an awesome Thursday, great Friday, enjoy your weekend, and I look forward to seeing you all next week. So thanks for stopping by. Hello. Kathy chambers. Thank you.