C (10:52)

It's cybersecurity headlines. These are the cybersecurity headlines for Tuesday, Dec. 16, 2020.

A (11:02)

Like casually Joseph's gaming mouse US turns.

C (11:06)

To private firms in cyber offensive Late last week, Bloomberg sources say that the US administration is preparing a new national cyber strategy that would enlist private companies to help carry out offensive cyber operations against criminal and and state backed attackers. The plan would expand the government's cyber capacity, but raises legal and security risks since private firms currently lack clear authority to conduct attacks and could become targets themselves. The strategy also calls for streamlining cyber regulations, modernizing federal systems and accelerating post quantum security with more details expected through an executive order or legislation.

A (11:50)

Micro okay, this is awesome. Like if I had a, if I was in the conductor seat on a locomotive, I would reach up and grab that handle and go, let it fly dude. Full send this thing. So DJB said not dealing on private firms. Listen, one of the biggest challenges in you know, cybersecurity frankly is that you can get paid a lot, but not if you work for the government. Yes, there's a righteous mission and you can get all sorts of training, but it's pretty common to do all the things that you need to learn in the NSA for just to name the obvious one, the TAO Group of the nsa and then leave the government and go down a mile to a strip mall, open a, you know, rent one of the units out, don't even put a sign up. You're like next to a local gaming store, right? You're like the green dragons on the left and a subways on the right. And then this like nondescript office is in the middle of a strip mall. And in there there's like five former NSA cyber professionals cranking out exploits, cranking out zero days doing the work. However, they are able to be paid as contractors, which means straight cash only. Great cash, homie. Right? So this is what's up. Okay. This has been going on for years now. That has always been on developing tooling for the government to use as weapons. Right. Essentially think of as like, like, I don't even fly fish. But for some reason this just came into my mind, like fly fishing. Like you have like this diesel fly, you know, group of guys down the street who can make like sick little lures. And you just go down there and then buy these sick lures and then you go fly fishing with them, right? So that's, that's what's been happening. So it's always been the United States doing the attacking and then the weaponry comes from them. What they're saying here is that they're just outsourcing wholesale the attacking piece of it too. So the, the government. Listen, I'm gonna, I'm gonna comment on DJ B. Sexy comments here as well, because he's got a hot take here and I agree with him. This is definitely, you know, you got to be careful here. But, but one of the big problems is that, and I've said this for years, governments move at glacial speed, Especially the U. S. Federal government, right? It is so slow. So this is, you know, a way to exercise this is almost like calling in the national Guard or like local militia. If the year was 1750, like, oh, like local militia, let's turn it up. So yes, now on the surface, it's as easy as that, right? Like if this was a video game like Civilization 7 or whatever, you could just like draw a circle around a group of citizens, right Click and say you're cyber pros now. And then they just start going whole hog into it. The challenge here is that, let's say, well, hold on, let me read DJ B sex thing here. A private firm. If I was a private firm, I'd be scared of nation states coming after me. And those firms better have government backup because you don't want a firm going down because like basically hung out to dry. So here's my thing, here's my thing with this. I don't think that this is going to be like, this isn't going to be like a bulletin board in the wild west with like wanted Lazarus group. Okay, hold on. This isn't going to be a bulletin board. Like, hey guys, looks like, I don't know, shiny hunters has been a real problem. Put a hope like a wanted dead or alive poster, right? Anybody go get them, unleash the whole, the whole hog. So now you got like 15 year olds who are trying to like, you know, put together some money so they can buy an electric motorbike, a Sharon motorbike or whatever, and you got them going after them and then you have actual, you know, nation State good OPSEC threat cyber professionals going for it. I don't think it's going to be like that. If I had to guess, all this is doing is going to activate known capabilities that are former NSA trained operators or you know, like that level of training operators to basically be a private army that can complement the United States. And, and the reason that I'm on board with this, frankly, is because there is a lot they do the, the China and Russia, for lack of a better term, like say what you want, but like they do a lot of cyber operations around on the United States or U.S. friendlies. Right. And we just don't have the bandwidth to properly address this now. Now the final thing I'll say is as far as like offensive operations, I would be like less inclined for initial offensive operations like, like the way that, you know, certain countries will just break into Sony Pictures and nuke their databases like that. That's like an initial offensive operation. If this is like cyber offensive in the words of hacking back or what, they have a new term. Is it Ford hunting? I think forward hunting is a term that the government coined a couple six months ago. Ford hunting, Cyber government. Hunt Forward. Yeah, it's called Hunt Forward Operations. You can see here, this is the 960 Cyberspace Wing. Hunt forward operations. This is published 2022. This was a new kind of initiative where it's basically like being defensive by being offensive. If that's the case, awesome. If this is just to have a private army that goes full like mercenary for you and does what you want, that's. That's a little less cool. Yeah. I mean, here's the deal. If you're concerned about you personally, like Jerry Ozier, who works for a private firm that's got a government contract that does offensive operations and you attack, you know, let's pick a Djibouti, right? Just to pick a country that's like kind of not polarizing. You attack Djibouti, which is also a fun country to say, then the Djibouti Army, Djibouti government, they could technically come back for Jerry Osia. Right. Regardless of the fact that you are attacking. But that's the case with like anything like CIA undercover operators, they're operating on behalf of the US Government, but still, if you as a CIA operator do something that pisses off a country, there's no reason they can't come back for you or your family. You know, so it's always been the rub. The only thing I would say about this is I would be unhappy if I worked at a company and we took on one of these contracts and I didn't know I wasn't like in on the fact that we were doing offensive ops on nation states. So huge story. Very huge story. Okay.

C (19:34)

Microsoft updates cause queuing failures Microsoft said its latest patch Tuesday updates introduced a breaking change to the message queuing or MSMQ security model, causing enterprise apps and some sites to fail on Windows 10 22H2 and Windows Server 2016 and 2019. The updates altered NTFS permissions on a core MSMQ system folder, requiring write access normally limited to administrators, which can trigger misleading resource errors and disrupt clustered environments. Admins now face rolling back the patches or leaving systems exposed. MSMQ has a history of critical remote code execution flaws.

A (20:20)

Oh my God.

C (20:21)

Russian.

A (20:22)

Hey, so just really quick, like pour a little eggnog out for your IT admins. So December security updates break message queuing, which is called MSMQ if you see it. But it affects enterprise apps and IIS websites. Now, personally, I don't see a lot of IIS websites in my day. I see them as like trials or templates or old SharePoint interfaces. So I don't know how much IIS is still out there. But the TLDR is you're going to apply this patch because the vulnerability management analyst asked you to do it, and then you're going to brick something and then you're going to have to fix it. Unwind the patch. By the way, patches aren't going to go through. Typically, patches aren't going to go through change control because they're patches and they happen every month. So you won't find out this is broken until you get to work and then it's December 16th. You're trying to take the last two weeks of the month off because you told your wife for three years in a row that you're going to do it. And then you promised this year you would. And then you show up on Tuesday and they're like, ah, the website's down. And you're like, oh my God, I got to get this sorted out before it's too late. Right? So I was going to, I was going to do some Christmas shopping at lunchtime. Guess not. So for those reasons, pour a little out for your IT admins because this sucks. This is just, this isn't even a cyber story. This is just like, this is the crap of working in it. Ah, you gotta patch it. I hate eggnog. Haircut fish. Did you do that on purpose? Eggnog falls into that same Category of like, sour cream and mayonnaise and cottage cheese Eggnog. Whoa. Oh, I can't even. Do you drink eggnog or do you eat eggnog? That's the question. Oh, all right. So DJ B Sec. DJ B Sec, who's like quietly co hosting the show from Mod Chat, chimes in on this story. He said patches should be going through change control. And then he says, I. E. Patchering. Okay, so when I say change control, I'm thinking of like change control board, right? Like you meet weekly, you talk about changes, they get approved, socialize, communicated out. Patch rings is just how you approach vulnerability management and patch management, which to me, I guess you could argue is change control because you're controlling how you're applying the patches through the environment. But to me, if a random person walked up to me and said, change control, I would be not thinking of patch rings. So again, it's not fair that I dunk on DJ B Sec here. But that, to me, change control isn't exactly that. But yes, you shouldn't just be hitting apply all to your patches and walking away, going and getting your eggnog, bruh. Listen, I know that there's a huge contingent of eggnog lovers. One of my good friends loves some eggnog, drops a little bourbon in it. I. I understand. Not a bourbon guy myself. I'm not. I'm not a hard liquor guy, but whatever. If you want some eggnog, have some eggnog. Just don't. No need to bring it over as a gift to me. Unless you're going to drink it while you're there.

C (23:51)

Phishing campaign delivers Phantom Stealer. Researchers at socrite Labs have identified a Russian linked phishing campaign dubbed Operation Money Mount ISO that delivers phantom stealer malware using ISO files to bypass email security controls. The attack uses fake payment confirmation emails in Russian, luring finance related staff into opening a zip file that contains a malicious ISO which mounts a disguised executable and injects the stealer directly into memory. Phantom Stealer harvests browser credentials, financial and crypto data, keystrokes and tokens, exfiltrating the information via Telegram, Discord and FTP Jaguar.

A (24:36)

Hold on. Jesus, slow down. This. This should have a graphic, by the way. If this doesn't have a graphic, this story begs for a graphic. It's an attack kill chain. All right, so I guess I'll describe a graphic. You have one inappropriate picture on Instagram with a saxophone, and all of a sudden nobody puts process graphs in cyber stories. I'm joking. All right, so. Oh, okay, so the idea here is this is around bypassing email security controls. And Russia's pretty good at it. China's good attitude. US is good at it, too, but we don't typically report on it. They use a zip archive containing an ISO file that mounts as a virtual drive when opened. And inside that virtual drive is a disguise executable that ultimately deploys Phantom Stealer in memory. Eric Taylor's coming on. I just see him jumped in the back room. As your jawjacking host today. May, Eric, if you have time, maybe comment on how this attack actually looks in practice to the victim. Because to me, here's the thing, you're getting a zip archive. So first of all, you can email a zip archive, but more likely it's going to be a link to a, like a Download, right? Like OneDrive, Google Drive Type thing. Okay, Dropbox, whatever. So then you get it and you write some compelling phishing email that, like, you've got to. You've got to look at what's in here. So then they unencrypt it, and there's an ISO file on it. So the ISO file isn't going to auto mount, I wouldn't imagine, because it's just a static file on the operating system you like. So you'd have to. Here's my thing. You'd have to go download something, which is fine, right? Like, not that that's fine, but like, victims do it all the time. Then you have to unpack it as an archive, okay? So there's one level of friction. Then you have to mount the ISO as a virtual drive. It says. It says the ISO file mounts as virtual drive when open. So you have to open the ISO drive, which is just bizarre. And then within there, you get the phantom stealer, which I don't even know if that auto executes or not. It just. I don't know, man. Seems like a lot of. Seems like a lot of steps for a victim to fall for. Again, I'm not victim shaming here. It's just. It's clearly working. I just don't understand what's up. All right, so, hey, the secret is, here's how the attack works. You know how they say, like, this email could, like, this meeting could have been handled in an email. Like this entire news story could have been handled in an infographic, all right? Formal Russian business language, and has the subject line confirmation of bank transfer, urging the recipient to review an attached document. All right, so that makes sense. I get an email from my bank saying that there's like a huge, you know, whatever, $50,000 transfer and they're confirming it. That would get me concerned. All right, the zip archive gets open, the ISO auto mounts and displays an executable masquerading as a payment confirmation which then I have to execute and it triggers a stage payload. So I guess they're just, they're just jumping on people being emotionally distracted here and, and going after it. You know, at the end of the day, obviously this is targeting Russian, Russians, right? Because it's written in Russian. You know what's weird to me though? Hold on one second. What's weird to me is rushing fishing campaign. So when I saw this, I thought it was Russian backed phishing campaign. This is actually targeting Russians in a phishing campaign. So that, that is interesting. Again, I don't, I don't really see it all that often, but if you are responsible for Russian businesses or Russian VIPs or whatever, you know, educate them, right? This is honestly, to me, this is a perfect example. This will probably, for Americans, this would probably fall flat at your organization because it feels like it's too far away. But like, this is a great example where I like, okay, so in my experience, like when I've been responsible for information security at organizations like running the show, I would maybe once a month meet with the finance team, like the CFO and his team during the, like their, they would have a weekly meeting, but I would only go once a month, right. And I get the first five minutes of their meeting. And this would be an example where I would, I would show it. Although again, this is Russian, so they're going to feel like, oh, that can't be me. But definitely don't. You should, you should as a practitioner. And you can use this in a job interview. You can use this in a job interview too. Like you should elevate the finance office as a prioritized department, right? So like yes, you know, sales and marketing and operations and engineering, they're all important. And you should educate and help level up the risk awareness for all of the employees in those departments. But the finance department has the ability to execute payment out of the business. And this is where business email compromise goes to live. And this is where threat actors get after it. And if they can steal credentials to any of the banking systems that your business uses, they'll get it through an attack like this. So anyways, I guess the TLDR is for awareness training. It's not once a year crap. It's targeted, it's specific, it's relatable to those individuals and the CFO and their team is definitely one that I'd like to. I prioritize, and I would suggest you do, too.

C (31:12)

Land Rover PAYROLL DATA stolen. Jaguar Land Rover disclosed that the cyber attack that shut down its factories back in August also included theft of sensitive payroll data belonging to thousands of current and former employees, including bank details and tax information. JLR says there's no evidence of misuse so far, but has warned staff to watch for fraud and phishing. The attack is attributed to the Scattered Lapses Hunters group and has already cost JLR around £1.5 billion in lost sales and has been classified as a systemic event that could cost the UK economy more than 2 billion pounds.

A (31:53)

Okay, yes, shiny Hunters has been attributed to this and it did run $1.5 billion in damage. But I just want to, like, obviously I'm not. I'm not supporting Shiny Hunters and what they did or whatever, but part of Jaguar's issue was their inability to recover. They. They dealt with the threat actor, but their environment was so complicated internationally that my understanding is they were having a difficult time restoring the environment because of all sorts of dependencies. Right? So you stand something up and you realize, oh, crap, this doesn't work unless this other thing is up. So let's go turn the other thing up. Like, turn this down. Turn the other thing up. All right. Oh, crap, we can't do this one until this one. Right? So, you know, the fallout continues to go if Roswell UK is in chat, you tell me. Like, they say that this could shake the UK economy. I mean, in 2008, we had the banks can't fail. They let Lehman Brothers die, but they saved, whatever, another super wealthy hedge fund, right? So I don't know if Jaguar is considered too big to fail. Kind of one of those things. All right, well, this should be episode 1025. Robert. Thank you. Let me see what's up. Yeah, it looks like there was a mistake made. That's okay. We'll get it sorted out. The good news is the storyline should include the date too, which should, you know, make sure it's uniquely different. All right, so Shiny Hunters, not only did they wreck wreck stuff, but they also stole a bunch of payroll data of thousands of employees. Here's my thing, dudes. Okay? Like, yes, you should be on the lookout, especially if you're a high paid individual at Jaguar, because I say this all the time. Anita Sailors. Are you saying I'm not enthusiast? I can't tell if that's sarcasm or not. But listen, here's the deal. If I, if I steal payroll data hypothetically from a business, I'm going to stick it in a spreadsheet and sort by value highest to lowest. I'm not going to spend my time attacking the person who gets paid the least. I'm going to spend my time attacking the five people at the top. It's just an economy of scale thing. Like why would you spend. It's going to take you one hour of time to do something. Why not spend it with your highest return on investment? It's basic economics. So this payroll data that's got stolen, I'm going to step back and go macro level on this one. Shiny Hunters is getting like. I mean, hold on one second. Shiny Hunters, I. I don't even know how to search this revenue. Like. They make an estimated 40 to $70,000 in monthly revenue from selling. Just become best friends. Yep. Tal462 with a super chat. Thank you for the support and contribution to the community. Thank you for your support and contribution to the community. So nice. They said it twice. Thank you so much. Tal 462. Dude, Shiny Hunters is doing like $500,000 payments, $370,000 payments they've made. Someone who got arrested was ordered to repay $5 million. So why am I telling you all this? Because like, here's my thing guys. If I'm Shiny Hunters and I can like hit a business and make a million dollars, $2 million, you know, $750,000, like why would I bother picking peanuts out of elephant poop if I can just go hit the. Hit the. The big dog, you know what I mean? This is like playing a role playing game and trying to grind through like the level 1 enemies in the field and just getting like 3 XP per hit. When you're like a diesel character, you're like a level 60 paladin, just go take out the big boss at the end and get 40,000 XP and move on. All right. So yes, it's concerning. I don't want them to have my payroll data. But at the same time now they could sell the payroll data downstream to some feeder threat actor who's not quite as sophisticated. So there is concern for that. But at the end of the day you should have been. You should be mindful of social engineering and threat actor attacks and stuff like that going forward.

C (36:43)

Huge thanks to our sponsor.

A (36:45)

Adapt really quickly. I do want to say on the story that I flipped out about this story, the Russian one, how it didn't have an infographic DJ B literally put the story into ChatGPT and said give me a kill chain graphic for this story. AI we're cooked. Everybody look at right here. DJ B Sec made this in five seconds. Okay, Phishing email malicious attachment. Now they got the attachment wrong. It says exe. It was not. It was a zip to an ISO. I mean this is a basic actually this. If anything, this is just the kill chain in general. But having said that, DJ B SEC gets the Saxophone award.

C (37:39)

Adaptive Security this episode is brought to you by adaptive security, the first cyber security company backed by OpenAI. Attackers don't need malware anymore. They need trust. TIP. Set a simple passphrase for high risk actions like wire requests or urgency account recovery, especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs Deep fake and phishing simulations so employees practice this before it is real. Learn more@adaptive security.com.

A (38:16)

All right, let's do warm chocolate Foreign guys Hey hey hey. Holla holla, holla. I want to say thank you all for being here today. I hope you're getting value from the stream. Happy Holidays. Shout out to the stream sponsors guys, Threat Locker, Delete Me, Anti Siphon and Barricade Cyber Solutions. Barricade Cyber Solutions. Not only do they do digital forensics and incident response for businesses, but they are also running the Fortify 365 webinar series to level everyone up. This webinar series is absolutely free to attend. It's bi weekly and the next One is on December 17th tomorrow at 1:00pm Eastern Time. What can you get from this? Well, GRC Mafia, be ready to bask in the glow. You're gonna go super say on in GRC mode here as Eric Taylor rips into M365 compliance settings. It's only a one hour webinar, but you're going to cover a boatload of information in here, including enabling the Unified Audit Log, configuring retention policies across all the elements of Microsoft 365, figuring out how DLP works in there, and allowing or configuring do not forward or at least labeling for do not forward and many other compliance related tasks. So if you're working in GRC or or you want to learn more about compliance in Microsoft 365, there isn't a lot of information out there, but there's this. You have to attend to get it. It's free. To sign up, go to webinars.barricade cyber.com and you'll see it. It's session nine. I'm going to actually manually type this into chat right now. Webinars.barricade cyber.com. go giddy up on that. Like, seriously, right now, Right now, like, pop open your calendar really quick. Look at tomorrow, 1pm Eastern Time. If it's blank, sign up for the webinar. You don't have to go. It's not like Eric isn't going to show up at your doorstep and be like, I saw you register but didn't show up. What's up? Right? It's just get it on your calendar.

B (40:34)

You're.

A (40:35)

It's nice to have it and not use it than it is to want it and not have it. You know what I mean? All right, guys, again, shout out to the sponsors. I appreciate that. Go check them out links in the description below for all of them. Every single day of the week has a special segment. And Tuesdays is Tidbits Tuesday. I've been dealing with a little bit of a crud in my throat. If you were here yesterday, you heard me, I sounded like death. I'm death light today. So what I like to do on Tuesdays is just share a little bit about myself. See if you guys vibe on it, we can have a little conversation about a fun thing. We were talking about eggnog and the holidays earlier. This is my last Tidbits Tuesday of the year, so maybe I'll do a double shot, actually. Okay, so here's. Here's one. I was going to talk about how I treat myself when I'm sick with. With teas and stuff, but ain't nobody got time for that. I gotta tell you guys, Tidbits Tuesday. I hate. I, I'm sorry that I'm like, I feel like I'm like, socially like a loser here because I've been telling people I've gone to a couple, like, holiday parties and a couple, like, you know, I was in Austin and like, you know, you get talking. I'm like, oh, I'm very excited. I'm taking two weeks off. The last two weeks of the year. Every single person's immediate reply to that is, where are you going? What are you doing? Ooh, two weeks. That's a long time to go on an adventure. And I'm like, like, I'm sorry. Like, I am legitimately excited to do nothing. I. I don't, like, if not only my house, that's okay. Like, like, I mean, I'd like to take my wife out on a date. That would be nice. But, like, like, I, I don't want to do anything. I'm, like, blown out. I haven't taken a vacation, like, a legit vacation in 16 years. So I don't know about you guys, but, like, when you take time off, I mean, again, I don't know if this is isolated because I'm a psychopath or if this is, like, a more common thing, but if anyone wants to know what I'm doing for my vacation, I am not doing anything. I'm, like, looking forward to sleeping in Battlefield 6, playing with my magic cards, like, that's it. You know, cooking good food. I bought a rib roast yesterday. I'm dry brining it right now. Giddy up, giddy up, giddy up. So, yeah, anyways, if anyone's interested, that's what I'll be doing. It's nice to, like, I don't know, be free of responsibility. I mean, not responsibility, but just be free for a minute. You know what I mean? Like, for. For me personally, like, I like when. Especially when I'm running, I will get, like, interesting ideas or, like, thoughts that come to me. I'm like, oh, that's fun. Like, let me look into that. But when I'm like, you know, heads down, I. I don't get that right. All right, so a lot of people saying some interesting thing in here. Josiah, Colleen saying, I travel more than most people. Yeah, that's true. You know, it's funny. I didn't actually think. I didn't think I traveled that much, but my neighbor the other day was like, hey, you guys got any travel coming up? And I'm like, no, we don't really travel much. My Nadine was like, you travel every month. And I'm like, no, I don't. And she's like, you went to South Dakota. You went to Las Vegas. You went to Austin, you went to Atlanta, you went to D.C. and I'm like, okay, okay, okay, okay. You went to Greenville. You went to Colombia. Like, I'm like, okay, okay, okay. So anyways, yeah. All about good times. Let's get back into the news, shall we? Thank you for letting my. Letting me share a little bit about myself.

C (44:24)

SISA adds Apple and gladonet center stack and Trio Fox flaws to exploits. The US Cybersecurity and Infrastructure Security Agency, known as cisa, added two vulnerabilities to its known exploited catalog. A use after free flaw and Apple's WebKit affecting iOS, iPadOS and macOS, which we told you about yesterday. And a hardcoded AES key issue in Gladdenet center stack and trio Fox. Both have been actively targeted, including in sophisticated attacks against high value individuals. Federal agencies are required to remediate these flaws by January 5th. Private organizations should review and patch affected systems to prevent exploitation.

A (45:14)

All right, so this is not a news story. This is not a news story. I mean this is a news story. Not a news story. This was reported yesterday. Apple sent this patch out. If you're not on iOS 26. Two, you might want to get on it again. Very, very sophisticated threat actors are targeting this very, very specific vulnerability. Obviously Apple's not going to just patch the upper crust, 1% of society, they're going to, they're going to make it available to everybody. So I don't know if you necessarily need to freak out today, we can look up the epss in a second. But if you're running gladdenet Center Stack or Trio Fox, which are file transfer solutions, I'm pretty sure you definitely got to patch it. Ah, you gotta patch it. The problem with the gladonet center stack and Trial Fox is that there's a hard coded crypto key in there which means that the threat actor can take it, that it can then use it to create things, authenticate things, et cetera. So you should have known about that already, honestly. This one came out last week, the Apple one was yesterday. This one, my understanding is it's not a, it's not a trivial vulnerability to exploit, however sophisticated threat actors are doing it. A lot of VIPs, business people, non tech people, politicians put a lot of faith in Apple devices. I almost, hey, like gather round kids, you're about to hear a Wayback Machine. Space Tacos is going to feel it in the like 90s, in the 90s and early 2000s there was like a movement or something that like Linux was unhackable. Like you like, oh, you're using Windows, that's gonna be a problem. I like, I use Linux. Linux doesn't get exploited or you know, or Linux isn't vulnerable to attacks and stuff. Like it's like no, it's just threat act. Again, economy of scale. Like if a threat actor is going to spend 10 hours making a vulnerability exploit when they make one that works on 80,000 machines instead of like 2,000 machines. Right? Again those numbers are just swags. But anyways, I feel like there's a common belief here that a lot of people feel like Apple devices are just like unhackable, like oh don't worry, I've got an iPhone, we're good here. And because of that I don't Want to say they let their guard down, but, like, they just don't have as much caution. And of course, you know, we're standing in the back banging a drum, talking about, always be vigilant. You're always under attack. And they're like, oh, my God, guy who invited him to the holiday parties. Always talking about threat actors, compromise. Like, just negative Nancy over there. And we're. And just like. And you wonder why. And you wonder why cyber professionals have a dark sense of humor Anyways. Tldr. Patrick. Patrick. Crap. Ah, you got a Patrick.

C (48:31)

Texas says background checks missed flags before insider breach. US Federal contractor OPEXUS admits it failed to identify red flags when hiring twin brothers Munib and Sohai.

A (48:45)

Really quick because again, I don't research or prep these stories, but I know this story. I hope they say what the red flags are. This is ridiculous.

C (48:56)

Actor who had pleaded guilty to cyber crimes in 2015. Back in February of this year, minutes after being fired, Muneeb allegedly deleted 96 U.S. government databases and stole sensitive records from the DHS, IRS, and EEOC op. Exis has acknowledged errors in hiring, termination, and access controls and has enhanced background checks to 10 years. The brothers face up to 45 years in prison for computer fraud, data theft, and aggravated identity theft.

A (49:31)

This annoys me, okay? Just like North Koreans can get IT jobs and like, you, you know, you and I, like proverbial. You and I are struggling, applying to 500 jobs, not getting callbacks, but somehow, like, North Korean IT ops get them and they can't have that job. These two guys literally went to jail for felony. And then they get out, and then they immediately get like, basically clearance and a government job again. And then do something terrible like, dude, I got a. I got a US Federal clearance and I don't. I have some, you know, whatever, I guess pretty mundane skeletons in my closet. But I felt like an absolute deplorable reject when I got interviewed by federal investigators back in the day. These two dudes, like convicted felons, claims background chicks, checks, missed red flags. What were you doing? Oh, Pexus, here's my thing. The U.S. federal. Of any place, the U.S. federal government. Government is the one that is the most stringent with clearances and investigations and stuff. Like in this instance, opexus, you have one job. One job. Background check. People you don't have. It's not comp. I mean, it's complicated in the sense that you have to run everything down, but it's pretty straightforward. Call their former employers. Call the people they used to Live around call like look into their drug history, their financial history, their criminal history. Hello. So like I. This OPEX company, the thing that they do is they fully acknowledge and they will be better next time. Like no punishment, no, no, nothing. Within five minutes of being fired, he deleted approximately 96 databases storing US government information. So it looks like opexus is actually the company itself, not the background investigation company. So chances are I would opexis, maybe outsource that the individual is responsible. Oh wait, here's an interesting one. The individuals responsible for hiring the twins are no longer employed by opexes and they've since. So whatever. I mean, I guess large businesses are going to have challenge like this. But basically whoever got, whoever hired these two dudes has been fired. So the problem has been solved. We fired the problem, we got rid of the bad apple. Listen, I don't have any insight into this story or whatever, but can you imagine someone coming to you and being like, listen, I'll give you 300,000, 500,000, $1,000,000, whatever. If you just push these guys through the hiring process, you'll probably get fired, but I'm going to give you five years worth of salary. What do you say? I feel like a lot of people would be like, not even guaranteed that I get fired. I don't know. This is gross to me. This is gross. I don't know what kind of like adjudication I want for this. I'd have to think about it and not just be like shooting from the hip, but to me, this, these two guys are going to go to jail. Which is great, but I don't know, just what's the.

B (53:12)

I don't know.

C (53:13)

Chrome extension intercepts AI chats Chrome extension urban VPN proxy which has 6 million users was found intercepting all prompts and responses from AI chatbots like ChatGPT, Claude, Copilot, Gemini and Meta AI. The extension was updated back in July and collects this data through injected JavaScript and sends it to two servers. The company shares raw data with its affiliated ad intelligence firm by Science, which also owns Urban Cybersecurity. Similar harvesting was observed in three other extensions from the same publisher, Google.

A (53:53)

All right, dude, listen, I don't know what to tell you like VPNs. For some reason, VPNs always continue to be like a minefield. This particular one does a man in the middle, adversary in the middle attack on your AI chats. So if you're using a browser to interface with Chat GPT or open AI or Claude or whatever, whatever you type in it, makes a copy of it. Now I don't know why they're doing that or what they're using it for. The only thing I could think of is, you know, I don't know, like my immediate thought goes to like extortion or something like that, but whatever. It's urban VPN proxy, so get rid of that if you can. Surprise. They lie and say that they protect your online identity, but they don't. They steal your information. Surprise, right? Like they get your full, your full conversation, what you put in, what they get back, timestamps, metadata, whatever. I don't know why they're doing this. Honestly, that seems like a lot of data to save off and I don't know what they would do with it, So. Oh, nice. They have the actual source code of showing the data being basically copied off and sent back to the urban VPN servers. Appreciate the screenshot. Koi Security. All right, so the company that owns this VPN tool, Urban Cybersecurity, was also called out earlier this year for collecting users browsing history. So Urban Cybersecurity is just collecting all of the data on users web experience. All right, so I guess here's my, here's my thoughts. This is all about money. Here's the deal. They probably offer this VPN for free because they're stealing your information and your session information and then selling it to big data companies so they can aggregate. And then. Because they know it was you, right? Because they, it's not, it's not anonymized. Right. They know that your session is this unique identifier and you put in these things. They know what you're into or what you're asking about. Then they can sell it, they can start marketing to you. You can start doing targeted social engineering. There's a lot of reasons for this. And at the end of the day, data is so freaking valuable in 2025, 2026 that this doesn't surprise me. Like I said, they probably gave it away for free. Straight cash, homie. Now not, not a sponsor, although I would love for them to be a sponsor. I do use Proton VPN. I like Proton VPN. I think ProtonVPN is good. So that's, that's a product I use, you know, for my VPN needs.

C (57:10)

Shutters Dark Web tool. Google emailed users that on February 16th it is shutting down its Dark Web Report tool, which monitored email addresses on the Dark Web. Dark Web scans will end on January 15th and all data will be deleted on the shutdown date. Google said feedback Claimed it didn't provide helpful next steps. And it plans to focus on tools going forward offering actionable guidance like security checkup, password Manager, passkeys and two step verification. CISO's first appearance.

A (57:45)

All right, for the sake of time I'll speed run this story first. Like don't, don't lose the, don't lose the, the main headline of this story. Okay, so Google has been offering a dark web report which basically would just notify you if your email showed up on the dark web. Okay, no one's paying, you're not paying for this. This is, this is the lead to me. Google is making an effort to help individuals be a little bit more secure, both from a protection perspective. Just like Google Mail has automatic phishing screening and you know, it's like a built in email security gateway as well as detection, like telling you your emails on the dark web. Now they don't always get it right and as they said in the story, it doesn't have follow up action. So like if you're looking at the cyber kill chain or you're looking at the cyber security framework, right, you have protect detect, they got those covered. And then respond, the problem is the response, you know, you're not going to have my aunt Orthea if we find out her emails on the Dark Web. My aunt Dorothy is not going to go like strap in like that. You know that montage sequence where Arnold Schwarzenegger in the movie Commando starts like lashing down like grenades and bandoliers and weapons and he gets the square rocket launcher. Such a baller scene. Like my aunt Dorothea is not gearing up for war to get her email off the dark web. So for those reasons I could see where, you know, there, it's cool to know but like at what, you know, to what end? So they're getting rid of it so they can focus on other security features. So well done. I like it. Mod chat. If you guys want to try to find that Arnold like gear up routine, that would be kind of cool in.

C (59:45)

The C suite more than 30 years ago.

A (59:48)

All right, all right, that's that. All right, let's do this. All right, hold on everybody. I'm, I'm like so hell bent on this Arnold scene and this is an absolute drink. Oh yeah, look at this. This is my Aunt Dorothea getting ready to take on threat actors who got their email on the Dark web. Yes. Load up. Maybe you got the camo. All right, all right, I digress. By the way, my aunt Dorothea has no idea about any of this. I Never. I don't even tell her about any of it. She's awesome, though. All right, guys. Hey, this has been episode one. This has been episode 1025 of the Simply Cybers Daily Cyber Threat Brief. I was your host, Two thumbs, all smiles, light cough, Dr. Gerald Ozier. Guys, if you want the best thing you can do to. If you enjoy the show, first timers, long timers, if you enjoy the show, do me a solid and share the show with one person. You know what I mean? Let's see if we can expand this. I've got some, like, metric goals for 2026. We've had a slow decline over the last six months in attendance. And I. I don't know if that's because the show is, like, getting crusty or we're getting people jobs and they're not coming back. I don't know. But I would love to get back to our, you know, normal numbers of, like, 500 people per episode, live in chat. It's always fun to have people and, you know, engage and share wins with each other and stuff like that. So I'm gonna start asking you guys if you. If you got value, share it with one person. I know it is the holidays and things are slow. When will Andrew Best Friends.

B (61:50)

Yep.

A (61:51)

When will Andrea be on Simply Cyber? That's so funny. Space Tacos. I will. I will share a real story with you guys really quickly, since it's Tidbits Tuesday, and then we're gonna go to Jawjacking, so don't go anywhere. We got 30 minutes of jawjacking with Eric Taylor. He's going to answer all your questions, and it'll be a good time. True story. Space Tacos and Community. My Aunt Dorothea called me. This is like a year ago. She called me, and he's like, hey, I just had the weirdest experience. And I'm like, what? And she's like, some guy called me and he said that I had, like, like, virus on my computer, and I needed to. I needed him to log in to fix it. And. And. But she's like, it didn't make any sense because I don't own a computer. And he couldn't understand that I don't own a computer. So, like, we argued for a while, and then he hung up on me. She's like, what does that mean? I'm like, oh, my God, like, basically a scam center called you. And because the only computer you own is the iPhone you're calling me on right now, you're a terrible target. And she's like, oh, all right, all right. So, like, my aunt Dorothea actually has really solid cyber security defensive posture because she just did risk avoidance. Right? Just become best friends. Yep. That's so funny. What scams are your friends seen? I love it. Yeah, we can definitely do some fireside stuff. I love it. All right, guys, I'm Jerry from Simply Cyber. Don't go anywhere. Like I said, we got Jawjacking coming up in a hot minute with Eric Taylor. Till next time. See you tomorrow. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cybersecurity field. Live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking.

B (63:50)

Has it really been a week since we talked? The week has been flowing by fast in so many ways, and yet so many ways is drug on. If you work in cyber, you kind of understand the pain, right? So drinking some water? Love everybody here. How's everybody doing? If you are new, my name is Eric. Pleasure to meet you. I run Barricade cyber and here for 30 minutes or longer. If we don't have a show and there's plenty of questions to support, it will run a little bit long Again, if there's not a 9:30 call, I didn't have a chance to check. I'm sure mods and or Jerry will yell at me if there are and kind of answer your questions as we get started. The thing that I want to know from people as we're going through, you know, kind of piggybacking off of Jerry, we, you know, if you've been catching the past couple weeks, you've seen where we are. I've been asking the. The questions of, you know, how long have you been in here? And like, what kind of industry or how many long years have you been in the industry and what industry are you in? You know, I'm using it all not only for me, for, you know, jawjacking, to make sure I'm catering, you know, my conversations to the audience. So I don't feel like I'm speaking down and making people feel annoyed. But Jerry's gonna be able to use this information as well as we go into 2026 and make sure we're, you know, talking to the proper people. The other question I want to know, I know a lot of people use AI in a lot of different facets, whether it's on your phone, in your browser, whatever. How many people are actually building out your local AI or local LLM Digital Forensics. We, we're, we're, we're going down that rabbit hole as an industry and even myself included, right, where I'm using a local ALAMA driver and using a couple different models and I'm learning about command system prompts and user prompts and command injections and all that stuff. So definitely going down that rabbit hole. It's been, it took me about three weeks to really, really start to understand it. And I'm now getting ready to. Now I'm able to start building out like research markdown files and stuff like that to put into my CTI things of that nature. And I would love to know if you're using a local LLM. It doesn't matter what it is, but what are you using it for again? Right now I'm just using it for threat research. I plan on tying into what's called an MCP soon. Those who know we're massive crowdstrike people and finally got some API issues that I was having fixed and because of my own stupidity. So, all right, we'll go down a rabbit hole. And those are in chat. Thank you so much. I do see the questions coming in. If you do have a question for me, sorry, forgot to mention this, but put a Q colon mark in the very beginning there. That way I can see your question. And when I do my control F and I'm looking, I literally type in Q colon so I can find your, your question so I can answer it. The. We manage a ton of tenants as you can probably imagine, right? I'm not going to oent and say how much we do, but the, the API that I had set up for our parent tenant was limited to an older IP address that we had. So like I can make the API call in and then go into my child tenants, but for some reason I couldn't authenticate to the main tenant. I'm like, there's a problem with my computer, there's a problem with my API coding, there's a problem here, there's a problem there. We're going rounds and rounds with support. Can't figure it the freak out. And then there was a comment that was made in one of the support sessions and got me thinking, oh my API restrictions. So I went in, remove or added our new office and got that put in. And then the API started working, which is really weird because I'm like, you know, when you do API, those who work with APIs, you would think, you know, if you have a multi tenant or hierarchy parent, child relationship, if the API at your parent is not allowing you to authenticate. Why the f are you able to authenticate to the children as well? I'm like what is this garbage? So that took me down some major, major rabbit holes for about close to a month. So that that's kind of been my world to some degree. Unfortunately I just happened to see this1 hello Mr. Taylor. Mr. I'm doing well. Hope you're doing well. Birthday is tomorrow. Happy early birthday to you. So excited for that. Are are your Microsoft training webinars able to view afterwards if you miss it live? Thank you. Yes. So if you go to YouTube.barricadecyber.com go to the playlist. There's the ransomware, monthly roll ups, there's a couple other ones but there is a playlist for the Fortify 365. It comes out about two weeks after the webinar I believe, maybe three weeks. I forget there is some dwell time so and Kim had to wait for me on one episode because I had to reshoot it a couple times because of my VM issues. Question from Nathan have you ever seen the SSID ATT WI Fi man in the middle popped up. Yes, I have seen that it's placed near it's placed there by AT&T carrier and looks like you you can't rip it out of iOS. Yes. So it's not malicious. But what at and t literally start I don't quote me on this, but if I remember correctly, AT&T is copying what Comcast is doing where you are able. If you have a Comcast account you can go anywhere and see the Comcast free WI Fi that's available. So if you have a subscript residential subscription and you're using their modems and stuff like that, they also broadcast another SSID for general Comcast users. So like when you're traveling you don't have to allow them onto your network. They can be on that guest network by authenticating into their Comcast account or signing up for to their email for like an hour or two or something like that. A free guest WI fi or some crowd. And when you put your devices into bridge mode that got rid of it. I haven't seen I don't know the back end of AT&T that one if you put it into bridge mode, if it gets rid of that SSID or not. But I know Comcast was doing it. Back when I worked for them many many years ago. I don't know now that they are they're still Comcast, but it's Still, Xfinity and their mo their new modems are just hot mess express from what I've heard. So I don't know. But yeah, it's not malicious in nature, but it could be easily become malicious because users will get very used to it. And if I'm at a hotel or a coffee shop or whatever, and I spin up, you know, a honey pot in there, a WI fi pineapple or something, and I just start using those known SSIDs and you know, just mimic the page and then you can start getting credentials. Right? So. Let's see. I asked Jerry this yesterday, but worded it badly. How could you recommend someone earn money with their cyber knowledge? As a graduate, applying or jobs at the moment has not been going well. How would you recommend someone earning money with their cyber knowledge? The two things that immediately come to mind are YouTube videos and training. You can start off at the quote unquote on the bottom and using was it Udemy or something like that? There's a couple training platforms out there where you, they can host your stuff and you just sell it for like five, ten bucks or something. If it's really, really. If you could, if you spend some time and curate it and put like say two or three demo videos, like short demo videos together, you may be able to pitch with even Jerry or TCM or you know, Black Hills or something like that. Like, hey, here's a couple sample videos of some trainings that we're putting together. Would this be. Would you be interested in allowing to partner for our. Our training so something you can do? What do you add on top of Olama? So okay, the. We're using Open Web UI and that's brokering in. So that sits on top of the ollama and I've got workspaces I'm building on knowledge bases, all that stuff in the Open Web UI platform crawl from. I just built a integration or spun up a docker for Crawl for AI which will take a bunch of sites and help me put everything together into markdown. All right, so. Let's see. What other questions do we have? Come on, ladies and gentlemen, I know you got questions from Dom. I finally got my Security plus certified. Congratulations. But I'm having a hard time getting to an interview stage with applying to a job. Any tips for how to get a good. Oh, dude, Dom, you are asking literally the million dollar question. You really, really are. And unfortunately I don't have that answer. I really, really don't. Businesses right now, quite honestly at least everybody that I'm talking to you know, they're trying to slim down, they're leveraging AI tools like I'm doing to some degree at least for research purposes. And I'm using AI a lot more for research. Like I want to throw 30 websites at this AI and I want you to digest it now by making it put out a specific format in a markdown file. For me, I know it's going through and then I can easily cross reference it and it'll tell me because I have it in the prompt to say, you know, when you put together like the Miter attacks, which what are your sources for those Miter attacks? And I could quickly go and cross reference them, verify them, things of that nature. So, you know, being able to bring in threat intel from multiple sources and then creating that knowledge in like web ui, you know, we can now say, I can now tag that existing knowledge file or files and say, enrich this data with this new report that's been put out. It's always right now it's still a massive trust but verify. But when small companies like ours, and I'm sure larger companies as well, that's kind of why I pose up the question in the beginning. What are people doing with AI right now? Like, are you building a local so that way you keep it truly private and what are you using it for? Again, right now, that's what I'm using it for. And I plan on integrating it a little bit more as I get more comfortable, more aware and feeling with this. I just don't want to blindly trust this thing. But long story short, you know, kind of going back to even getting the money for the, the former question, you're really going to have to stand out somehow. And even we, we're facing that, you know, as a business owner, you know, we're trying to attract new clients and there's new DFIR firms being spun up all the time. And you know, we're competing against the larger people. And this is the conversation that we're having. Like, how do we stand out? You know, when you, when you are in a sea of 300 forensic firms across the country, how do you stand out? You know, you got AIs and you got, you know, tools that will literally blast resumes for you. You've got to figure out a way to stand out. And that's something that literally is the million dollar question. I don't even have an answer. Like, we're literally trying to figure it out, even for our organization. Like, how do we stand out in the sea of everybody saying we do in forensics and everybody, you know, we all, most of us all go to the same training to some degree. You know we all do like 13 cubes. We do Sans, we do you know a new, a couple other things or you're just self taught, whatever the case is. So you know, it's just saying you got GX certifications, does that really stand up? No, I, I personally don't think so anymore. I mean I'm still not going to stop saying we're GX certified. But how, how do you achieve that? I don't know. Let me know what you think about what I think in the comments. All right, let me go here. I'm just going to pin the ones that I've already answered. Okay. Sorry. Getting pinged. Ladies and gentlemen, bear with me one second. Client reminded me something about something I forgot to do. Oh yeah, Good, good. Shout out. Sierra Montgomery. You know I honestly forgot about Jason Blanchard's course. So you know he's on YouTube. I don't, can't remember if he's on YouTube doing it or if it's just the discord. I'm pretty sure it's a YouTube as well. Can't imagine that they would leave that metric out. But yeah, Jason Blanchard does at least a monthly, you know, video of how to do job hunting and stuff of that nature. And I've heard a lot of people find it very, very beneficial. How do you feel about the RAM prices rising? Kind of killed my homeland dreams at the moment. Yeah. So if you don't know one of the major chip manufacturers and I forget the name of them but they pretty much said yeah, we're done with consumer market. And if I'm not mistaken, they, they were generating like 60 or 70, maybe even up to 80% of the consumer market. So it's a problem. Where can I go get the jack wagon T shirt? Asking a friend. And that friend is also merch.barricade cyber.com merch.barricade cyber.Com takes you right over to our Bonfire store because we just don't do Shopify because I'm not stocking items. So those, if you don't know, Bonfire is a ad hoc printing service, uses a bunch of subcontractors from across the country. So when you put an order they have their people that will, you know, have the shirts and the colors and all that and they get, you know, they get the stencil sent to them and they print it and they ship it it to you. Right. If you're using anybody with shopify from my understanding that is our own internal stock and no offense why I do love my merch gear it's we don't sell enough for the warrant me to take on yet another task. From Phil Stanford. What particular models are you using? So let me actually bring that up and I know I'm going to butcher the name on it so I'll spell it for you. I Right now I am bouncing between Mistral M I S T r a l the 7B and the large. I literally have a MacBook Studio here with more memory than humanly needed but I wanted to make sure I had enough Runway to do what I needed to do and as this thing advances and you know we start looking to bring on more people and bring on potentially automations with like Nathan or N8N or however you want to pronounce it. I'm not sure we're going to use N8N or code red. I mean it's going to be in its own segregated enclave so and I find Node Red even though I hate JavaScript, I find Node Red a lot easier to work with when you're trying to leverage local system programs like local PowerShell, local executables and things of that nature. I find Node Red to be a lot better. The only thing I don't like about Node Red and it could be my own lack of understanding and knowledge on the topic, is there's no way to. Like there's no way to enforce an authentication method. So like we have, I have a Node Red server sitting in production, sitting in Azure and I've got it so locked down on IP restrictions and ports and everything just because you know, I spend like three hours trying to figure out how to even just put in, you know, require a user to enter a username and password and there just wasn't one. Right. So I'm like all right. And for there's a lot of stuff that I'm trying to do in the pre processing as forensic information comes in because it does take time. So you know if we can have some automations at least doing pre processing of files then that would be very, very beneficial. But that's what I've got the particular models for that and then yeah but yeah, the, the Mr. Large, Mistral Large or whatever it's called does take a long time to process but I do find even though it takes so long for it to go through its processes I find it being more accurate and I know it's going through and doing more reasoning and more this and more that and Everything of that nature. But I am playing with both of those just to see what comes back. At least now that I have my user prompt working pretty well to where I want it. Now I'm going to switch it back to 7B and see if I'm getting the same reports back in just a faster fashion. Because you know, if it's going to give me the same information then perfect, right? Any sources from the rich, any resources for someone to learn. Active Directory I have a working knowledge of personal devices, but servers are something I haven't got my hands on. I would like to get this into auditing systems. I would say if you don't have the technical resources, AKA you know, horsepower, ram, whatever the case is, sorry I cut the trash out of myself over here somehow in a home lab then I would say try to go to Azure and set up for a developer account. And a lot of times if you do that, they'll give you the resources you need to spin up a small home lab, AKA Home lab Virtual lab in Azure and that way you can be able to do what you need to do. All right, let's see what other questions we got. Yep. As Sunshine said. Yep. Make sure so this person is asking. Let me see if I can find that one. Ask Magic. Any recommendations for him on other search or training to get Trying to remember which question that was referring to. But in, in terms of certs and training in general in the broad spectrum for anything cyber related, I would honestly say if you have the ability, take a look at say the top five companies in the field of cyber you want to go to, whether it's forensics, if it's Threat intel, if it's this, it's that or whatever, look at the job postings that they're looking for for some of their more senior people and that will tell you exactly what search to start going after. Right? Because that means that industry, at least for the the big people are looking for those type of certs and training metrics. So say hypothetically you want to go into Threat Intel. I will look at what sentinel one's looking at. CrowdStrike, Red Canary, Whiz, maybe Microsoft. You know, what are those five companies looking at in terms of Threat intel professionals from a more either a mid to high level or senior level perspective. That way you just kind of knows like okay, I know what I need to be to be admit I know what I need to get to be high. And if I want to become senior in this industry, this is what they're looking at. Knowing that that goal post can and will change, but, you know, at least they'll give you a trajectory and know what kind of overlapping and stuff like that. So hopefully that. That answers some of your questions. What are some good ways to earn money while gaining practical cyber security experience through freelancing in traditional jobs or volunteer workers are not an option? What are some good ways to earn money? I don't. Cryptic roses. I don't understand your question because it. I'm probably a thousand percent overthinking this, okay? And forgive me, because I probably am. But if I take your. If I take your question and you're saying, okay, how do I earn money while gaining practical experience through freelancing, you're. If you're freelancing, you're already making money because you're a contractor. A freelancer is a contractor in the broadest sense of terms. And while you're doing that, you're gaining experience because you're doing the job. You see what I mean? Again, I'm probably overthinking your question, and I'm sorry that I am, but when I digest your question like that, that's what is coming to me. I mean, what are the best ways to earn money while gaining practical cyber security experience through freelancing? I mean, you answered your question. Again, maybe it's that badly worded. I think I'm just overthinking your question. Maybe pivot your question in a different fashion, please, Because I think I'm overthinking your question is my assumption at the moment. Okay. When using Windows Server for DNS, my firewall alerts the IP on the dc. Oh, I think I know where you're going. When using Windows Server for your DNS. Okay, my firewall alerts that the IP on the DNS rather than the device that actually went to the site. What's the best way to see what devices actually went to the site? Oh, so, yeah, very, very common. Common problem. So don't do that. I know. That is the traditional way. Right? There is. Hold on, let me. Let me pull this up, because I don't remember it off the top of my head. Exactly. Depending on the firewall you have. Let's see. And I know I'm off screen. You can't see what I'm typing. Dhcp option. All right, 44. Okay, so the. There's two things depending on the firewall that you have. Some of them will give you the WINS W I N S IP address. And that way you can set your D. Your AD server. Okay. Or DNA your domain Controller and I'm assuming you're using Active Directory for this. Otherwise if you're. If you're not using Active Directory, don't use this DNS on the server. Just use your firewall. Okay. The. If it. If your firewall has the WINS option available to put it in, put that as into your DHCP server server in the firewall and. And. Or your Windows server. If you're running DHCP there, then it definitely has the WINS option. But put DNS to the firewall because your, your firewall is not lying. Right. It is literally a relay. So your devices literally come to the server says hey, what is Google? Server says what's Google? Comes back, here's Google.

A (94:34)

And then it goes.

B (94:35)

Goes out. So the entire DNS is nerfed in that particular way. If you don't have the WINS option inside of your FireWall, then use DHCP option 44 to get and put the IP address of the WINS server in there, which is your domain controller. I'm studying for both the Network plus and Security plus.

C (95:07)

Okay.

B (95:08)

Are there any tips you would give me to understand and grasp the information better? Labs, Honestly, if you're. Yeah, I would say labs. Yeah, I'm. I do believe hack the box or try hack me. If not, both of them have labs built around this very topic. Nobody can get a lot of the technical knowledge. Or again, like I mentioned before, if you can try to set up for a Microsoft developer account that way they'll spit up VMs and apply you know what you're messing with into some VMs and be able to go through that. Thank you. Yep, sure. Oh, that's for the. The merch. Okay, Question us LLM Studio but always get stuck with what LLM hugging ACE model is the best to generate accurate cyber data sets. Yeah, that's literally the testing. Quite honestly. It really, really is. So what the mindset you honestly have to take is okay. And there's no real hugging face has a ton of data sets that are out there, but a lot of them don't ingest the data. The data sets. Like, like maybe LLM Studio does, but I know the Open web UI doesn't use data sets. At least if they do, I haven't figured out how to do that yet. Again, I'm a noob. I'm still learning a lot of this though. The. Quite honestly, I mean you could take a look at the data sets that are on hugging face and kind of rip them apart and then adjust them right. To meet your specific needs. And a lot of times you could even drop those data sets into Grok or something of that nature and, you know, help it or have it help you discern a lot of the information, you know, catering it to what you need. Question. What do you think about the model Gemma 3? I'm playing with it on Nvidia and Jetson Orion. Super. Okay. I haven't played with it much. I did Mess with the QN3 and it just didn't work very well with the data sets that I was putting in there. This thing will, for us will probably advance into a platform called vanilla AI that will leverage, you know, SQL, local SQL databases and things of that nature. So that's where I think all of our stuff is going to end up heading to. But as you guys are learning, you know, in anything cyber, you, we really need to understand the basics. And it's kind of what I talk about when people say I want to get into cyber, but you know, I want to get into forensics. And I tell you, you got to do net, you got to do sysadmin, you got to do network admin, stuff like that. Before I go advanced with some crazy vanilla AI platform, I got to go down these paths and say, okay, this is what this is. This is how this works. This is how it integrates with an mcp. You know, doing some of the basic groundwork before I go down a rabbit hole because of a major over. I mean, do I have the technical ability to go down it? I'm sure. But I want to understand the core principles of a lot of these things. So if I run into Roblox, I run into technical issues, I've overcome these hurdles messing with the basic things, which I'm coming up with hurdles all over the place. Just like using mcp, like it's becoming a problem and you know, I'm hoping to overcome these hurdles. And then that way when I go to the more advanced solutions and I'm coupling in even more technology, then I've already understand the basics of a lot of how this local LLM crap works. And I really got a good handle on the foundations. Right, so. What is the name of the YouTube channel that you mentioned that hosts monthly job search? So it is John Blanton. Right. Let me B H I S John Job hunt. Like a hacker. I remember correctly. Yep. So I'll put the YouTube link here. This was from. Looks like a week ago. So it is podcast by Bhis, so definitely take a look at that. Where was that question? And I think I need to step away for a minute. I just get an update from one of my vendors. Let's see. All right, so I answered that question. Why do people want to be seeso's? I want to, but as I learned from her and watch, it seems like a scapegoat position with Goupe. And those who qualify want a challenge. Honestly, that's a good question and I don't have an answer. I would say come back tomorrow and ask Jerry why did he want to be a ciso? I can't imagine a world where I would ever want to be a ciso because at least for me, on the outside looking in, not saying this is the way it. But they don't get any of the credit when things go right. They get all the blame when everything goes wrong, whether the executive team listens to anything they said or not. You know you've been denying by funding for a new firewall for three years because I didn't like Sonic Wall and I want you to go to Palo Alto or fortigate or something else and Sonic Wall had a zero day and now we've been ransomware because you didn't want to listen to me. Right. So I don't know why people want to be a CISO like you actually have in a lot of organizations. You need to have your own insurance policy now when you're a ciso because you're just setting yourself up. So ask Jerry would be my recommendation because again, I don't, I don't understand why. Sounds like you need an mcb MCP scanning tool, perhaps backed by a multi agent database swarm maybe. I mean here in the. In Q1, I'll be starting to integrate our EDR MCP and a couple other MCP tools. Again, I'm not sure exactly where the dust is going to settle, but again, just doing. Learning the basics, even as people senior in the years sometimes need to just go back to the basics and relearn things right from the sunshine. Any good? Any good recommendations, books or otherwise on the philosophically of scammers and social engineering? Not recently. There's not a lot of books or podcasts that come up to the top of my mind. Well, no, I guess. Gosh, what was that one guy? I'm having a massive brain fart. Dark something. Dark something. Hold on. I'm so far behind on my podcast, it's nowhere near funny. Darknet Diaries, they do a pretty. He does a pretty good job of going down, you know, doing a lot of interviews and then, you know, you'll understand the mentality and the psychology around a Lot of these people who do a lot of crazy stuff. So I would say, you know, that's the only one that comes to mind is Darknet Diaries and they've got a episode that comes out once a month, I believe. Question. That was a seamless plug. I released the demo version of the conference and on my repo. Oh, for your mcp. Okay, Phil, if you've got an mcp, send it over to me privately and Discord and I'll check it out. Like I said, I'm. I'm looking at it for. In Q1. Yeah. Catch it up on chat. A lot of people are, you know, mentioning Darknet Diaries. Always Darknet Diaries. Jack Resider. Yeah, It's a. It's a good show. Answered that question, but good to be able to kind of go through and just have some ad hoc conversations with everybody. Not having a 9:30 show right now is nice. I think I have everything answered. Yep. Anything new in chat? What book have you read this year that made an impact on your life or mindset in any way? Disclaimer we're about to get Biblical. Disclaimer we're about to get biblical. I got turned on to a book that downloaded on Audible, and I haven't gone all the way through this, but so far it's been very, very good. I've. I've enjoyed listening to it. It's called the Case for Christmas. The Case for Christmas by Lee Strobel. It goes through a lot of the birth of Jesus and, you know, a lot of the biblical things has definitely changed the way that I look at some stuff so far, especially with the Old English and the way that things are being translated. Something I learned through the past 30 days is that that maybe goes down too much to a biblical conversation for this one. Yeah, I'll hold off on that one. There's a lot of things I did that I've been reading, but yeah, that's go. Trying to adopt my faith more is definitely something that I've been doing. I haven't read like a technology book or anything like that recently, but getting more biblical is definitely changing my mindset in a lot of ways. That's why I bring it up. All right, y', all, I think we've got everything taken care of. Kind of goes going through, making sure. Yeah, it looks like it. Well, 152 of y' all beautiful, beautiful, sexy mofos. Thank you all for tuning in. I do greatly appreciate and hanging out for so freaking long. It's been awesome, Been amazing. Like I said, I do enjoy spending a little extra time. Like I said a moment ago, I got a vendor that I've got to deal with and I got a situation with two clients that I forgot about I gotta go take care of. So I'm going to dive part. I will play she and the closing messages and I will see y' all next week. Until then, stay curious my friends. Take care. There once was a kid whose passwords laid across all sites.

A (110:46)

They were the same.

B (110:47)

A criminal then found their fame by taking that data to go.

A (110:54)

Soon may a criminal come to steal.

B (110:57)

Your your pictures and data and run.

A (111:00)

One day when the crime is done.

B (111:02)

They'Ll steal your account and go.

A (111:10)

Hey everybody, I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn and also also every single weekday morning on the Simply Cyber channel, we're doing live daily cyber threat briefings 8:00am Eastern time as well as Thursday at 4:30pm we're doing live stream interviews with industry experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.