A

All right good morning everybody welcome to the party today is monday january twelfth twenty twenty six episode one zero four four of your simply cyber daily cyber threat pre podcast listen if you are looking to stay up to date on the top current cyber news of the day while being entertained educated and dealing with massive amounts of good times and good people well then you come to the right place because that's what we're doing every single weekday morning today is no different we're off and running on a beautiful monday morning let's go.

B

All.

A

Right yes good morning everybody i hope you had a wonderful weekend and i hope you wake up today feeling wonderful if you're out in australia i hope you go to bed tonight feeling wonderful guys every single episode of the daily cyber threat brings you the hottest cyber security news threat intelligence of the day i have twenty plus years of experience i like to go beyond the headlines and give additional insights additional value special out all the acronyms and make sure that you can be the absolute most awesome cyber security professional that i have any ability to influence or help i have the hat on not the pj's we're still dealing with we're still dealing with a puppy situation he does get his staples out tomorrow which will will switch over into a less of a high maintenance mode but yes dj b said calling me out in mod chat guys good morning hey if today's your first episode welcome to the party pal drop a hashtag first timer in chat we have a special sound effect we have a special emote and we just have a very special way of welcoming newcomers into the circle and if today's your first episode or you're coming over from spotify and today's your first video episode whatever it is definitely would love to recognize you now every single episode of the daily cyber threat brief has two special elements to it number one is there's eight stories and i have no clue what they are in fact i actually just realizing i didn't even i didn't even bring them up so i'm gonna have to do that like live on stream as well but i didn't research or prep for any of these you know why because ain't nobody got time for that ain't nobody got time for that so let me just do this live in front of you right now also every single episode of the daily cyber threat is worth half a cpe so say what's up in chat grab a screenshot make sure that screenshot includes the episode title right there on linkedin or youtube because it has episode ten forty four in it it has today's date november january twelfth two thousand twenty twenty six it's all the evidence that you need in order to prove that you are here and get that cp it just makes it easier for you we do have a a first timer tony from chicago hashtag first timer welcome to the party tony welcome to the party yes sir christopher i see us says he was robbed of his first timer sound effect well let's let's fix that shall we welcome to the party pal welcome to the party pal all right yes that is john mclean i do plan on this week getting refreshing the emotes and the sound effects we will have a drink sound effect and a drink emote since that's turned into a a bit of a running joke that we have here what do we got here we got cpes first timers all the good things before we get into it let me give you a quick shout out to the stream sponsors those who enable me to bring this show to you whether i'm grizzled with a big old beard where i'm looking so fresh and so clean clean coming to you from the dungeon atl if you know what i'm talking about drink and if you don't know what i'm talking about go check out aquaman i or at aliens you'll thank me for it guys listen really quickly simply cyber io slash area you're going to want to check this out i'm pinning the chat right now oh you know what hey it's monday we're kicking it can i do this how do i do this oh i wanted to give i want to give some gifted subs there we go yes sir there we go there we go gifted subs you get a gifted sub you get a gifted sub why not cyber rob j brock eight thousand three hundred seventy seven tammy cyber fit nick yes sir samson george welcome to the party pal emmanuel knows what's up with outcast all right guys check it out we're dealing with a real problem in today's day and age basically ai sprawl right jesus dj b sec member forty one months thanks dj b sec as always your leadership team guys you're probably hearing this all over the place at work your leadership team is demanding ai automation you can't go to a cyber conference without ai slapping you in the face everybody's using it your employees are using it and not just tools that are known or approved you got shadow ai sprawling across your organization vulnerabilities compliance risk your data governance out the window your sales team using one ai tool marketing using another you have no clue your one security incident or audit failure away from costing you everything thanks very much sean sailors fourteen months love it dude you could be dealing with ip theft regulatory fines competitive positioning issues it's gonna dude at the end of the day all this ai sprawl people are moving like recklessly fast and it's gonna fall on us if there's a problem but areas got you covered what if ai could become an advantage instead of a risk what if your teams could innovate while being secure well that's what area does the unified platform that combines ai security governance and orchestration so you don't have to choose between innovation and protection you can have both get your cake and then eat it take control today turn your ai stress into ai success embrace enterprise ai correctly visit area at simply cyber io ai simply cyber io ai r i a as always guys it helps the channel out if you go check it out i think it's cool product a lot of wysiwyg type stuff we also got flare academy here dude flare academy bringing all sorts of wonderful speakers to bear on the community i'm gonna go to simply cyber io flair check this out january twenty ninth syndicate inside the life of a ransomware operator guys you can't get this type of insight any other way unless you want to put a like spend months on a sock puppet and then infiltrate a dark web underground marketplace not for me i'd rather just attend this two hour webinar and i've already registered for it i'm doing like a watch party so go to simply cyber io flare register it costs nothing and you can come hang out i'm gonna learn quite a bit i know i am and would love to be kicking it with you in the chat as well let me know if you're gonna be there let me know if you're gonna be in there simply cyber io flair james mcquiggin at thirty five zero zero zero feet with the gifted subs thanks james mcquiggin i trying to figure out where the watch party is i know tj is going to be part of the watch party it's either going to be in flare's discord server or our discord server or in the youtubes i haven't i haven't got all the details yet but we will get that sorted out all right quick note from threat locker i'll be at zero trust world in march if anyone's going to that pretty good conference let's go to zero threat locker and then i'm gonna melt your face with news hot takes i want to give some love to the daily cyber threat brief sponsor threat locker do zero day exploits and supply chain attacks keep you up at night worry no more you can harden your security with threat locker worldwide companies like jetblue trust threat locker to secure their data and keep their business operations flying high threat locker takes a deny by default approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance onboarding and operation is fully supported by their us based cyber hero support team get a free thirty day trial and learn more about how threatlocker can help prevent ransomware and ensure compliance visit threatlocker dot com dailycyber all right everybody do me a favor yeah patriots if you're a patriots fan last night was a good one last night was a good one i don't know if we got super bowl on the horizon but certainly a a lot a lot better than the past five years i can't stand mac jones okay just so we're we're all on the same page all right do me a favor everyone sit back relax and let's let the cool sounds of the hot news wash over all of us in an awesome wave i'll see you guys at the mid roll let's cook huh from the ciso series it's cyber security headlines.

B

These are the cyber security headlines for monday january twelfth twenty twenty six i'm steve prentiss breach forums hacking forum database leaked the latest iteration of the notorious breach forum's hacking forum has suffered a data leak that has exposed more than three hundred thousand user accounts and has revealed internal details such as display names registration dates and ip addresses although most of the leaked ip's map to local loopback addresses roughly seventy thousand records include public ip's posing security risk for its users and of potential value to law enforcement or researchers the breached archive also included a pgp private key used by breach forum's administrators though it remains passphrase protected breach forum's current admin claims the leak stems from an old backup exposed briefly during a twenty twenty five restoration and is not a fresh breach a website named after the shiny hunters gang released an archive named breachedforum seven z but a shiny hunters representative denied any.

A

Affiliation instagram all right so breach forms well known dark web marketplace or dark web data sharing site right it's it's well known it's the one that the fbi or several law enforcement agencies took down maybe in the summer of twenty twenty five you remember i when they did it i had i had suggested that some of the law enforcement people were younger like twenty five years old or so because the avatars for the two admins for breach forms had been added to the the splash page that department of justice puts on saying that this site has been seized and it had their avatars behind bars so someone had to like custom make graphics for this splash page it's not just you know your standard issue this site's been seized so that was that now there's two things i want to tell you number one for any dark web marketplace i don't care if it's you know alphabay and they're selling drugs you know or whatever i don't care if it's a breach form where they're selling you know hack data info steal data it doesn't matter it doesn't matter any dark web marketplace that generates money if it is taken down by law enforcement because they are committing crime another one will crop up almost immediately all right so that or or there's one that already exists that will now become the bees knees just think about it okay people want this there there is a market demand i mean it's criminal but it's still there's a market demand for it so when one goes down there's still a market demand and people just move on to the next the the the easiest parallel to this is imagine that you know when you drive to work or you drive to drop your kids off at school or whatever you you probably almost always go to the same gas station because you like that gas station or it's convenient for where you are near your neighborhood or whatever right you typically it's i'm not saying you're exclusive to that gas station right you're not boyfriend girlfriend in tenth grade with this gas station right you're allowed to go to other gas stations but for the most part you probably go to the same one now imagine that gas station goes out of business you won't even think twice to just start going to a new gas station and that be like your new regular it's the same thing with these dark web marketplaces the the consumers at these dark web marketplaces don't give a damn they're not loyal to the to the brand of breach forms they're loyal to getting access to the data or drugs or whatever illicit material it is that they want and as soon as you know the first one doesn't work they just move on to the next one so because of that there's going to be always you know another one that pops up now the second thing i want to point out is just because these are illegal underground web marketplaces doesn't mean that it's not a website it doesn't mean it doesn't have it infrastructure and it doesn't mean it can't get hacked okay so just think about it for a second on its surface breach forums is a forum right like think of you know whatever like nineteen ninety eight called and you know its forums or he wants its forums back just a website maybe a back end database model view controller design paradigm right so if it doesn't pat if they don't patch it ah you gotta patch it if they you know don't have great governance around controlling it if they have misconfigurations all those things they're going to get hacked and that's basically what happened here now they did say it was an older breach that came out so whatever but just know yeah breach forms gets breached lol just know listen doesn't matter what you do doesn't matter the intent of your it infrastructure you have to secure it criminals need cyber security too i'm sorry hey breach forms go check out cis eighteen implementation guidance one get you started right we'll build you a nice little framework build you up brick by.

B

Brick and breach exposes user data and creates password reset panic researchers at malwarebytes labs set the online world on edge this past weekend with news of a data breach at instagram they warned that usernames physical addresses phone numbers and email addresses of seventeen point five million users had been leaked this prompted a flurry of password reset emails the researchers had found the database for sale on a cybercrime forum and although the stolen data wasn't exclusive to instagram and contained data from external databases such as marketing lists and other leaked customer records this together allowed online identities to be linked to physical addresses thus magnifying the personal danger experts recommend that instagram users update their passwords and add two fa to their accounts but to do so directly of course and not by clicking through a warning email which itself might be spam as of this recording instagram parent company meta has yet to make a statement.

A

All right hold on i'm i'm trying to understand this and mods are the fishing is are these password reset emails coming from instagram because their account was compromised or is this the threat actor is this the threat actor sending a phishing email all right seventeen million records all right all right so if you have instagram which many people do don't click on reset emails i guess they are phishing emails hold on i'm actually going to text my wife my wife is like a pretty heavy instagram user i'm just going to this is one of those ones where know you got to protect fyi massive uptick in instagram password reset phishing emails f don't click okay i just sent my wife a text message awareness training in real time listen anybody you know that's using i instagram gotta be careful with that especially if you're using it as part of your business ooh man last thing you want is having a threat actor get your business one okay so dj bsek is saying you can actually go on instagram and see if you were actually sent an email to reset your password on your account or not here's the deal this is kind of fun i mean not fun but like kind of interesting they're saying that the emails or the the user accounts on instagram were not compromised they're saying that basically threat actors kind of either scraped the user accounts or they were able to tie an email address to a user account and then crosswalking it with data based breach you know repositories kind of map together your account so again if you're reusing passwords this is why you don't reuse passwords because oh what's the big deal who cares if my linkedin password's the same as my instagram password i use i have one password for my social media what's the big deal jerry well the big deal is all your accounts are going to get frigging compromised because it just takes one of those sites to have a data breach and now your password's out there use a password vault please all right also if you're not using multi factor authentication use multi factor authentication please please please yeah but instagram's a big one a lot of people use instagram obviously so if you wanted to be the hero at work you may want to send out this hey just real quick for everybody because this is one of those ones where okay let me take a hot minute and talk about end user awareness training if you are only educating your workforce about work related things it's going to be a little tone deaf one of the best ways that you can modify someone's behavior to be more secure and take less risky actions is to personalize things and help them out as an individual this is a perfect example tons of people at least seventeen million use instagram so what i would recommend is fire out an email hey good monday morning everybody welcome to the party pal welcome back to work after the weekend quick note everyone if you get a password reset email from instagram it could be a fish threat actor there's a massive uptick in instagram phishing right now make sure you have multi factor authentication enabled on your instagram account and you may want to consider changing your password thank you see you at the company picnic a lot of people in chat right now sharing their personal experiences with instagram right abimbola saying they got several messages to reset their account yep james and quiggin one hundred james quick insane don't treat end user awareness training like santa claus or easter bunny once a year yeah you gotta dude you have to make it there's so much benefit to doing awareness training frequently and very very you know bite sized awareness training also also very important if you're sending out regular messages hey what's up it's jerry instagram watch out hey what's up it's jerry password vaults what's up hey what's up it's jerry patch your stuff guess what when someone clicks on something and does something dumb they know jerry is the person that they should call they they got a guy or you know a girl or a lady whatever be be the face of infosec for your business and that way people will call you i'm telling you i do it in every position i've ever had and i regularly get phone calls from people who i've never even spoken to hey what's up this is tony okay tony what's up yeah hey i think i clicked on something weird because this happened i just i don't know i don't know but i thought i'd tell you yeah let's look into it first line of defense man i will tell you though it's a double edged sword because then you'll get calls for like personal things like i've had people call and say hey what's up this isn't work related but like my aunt is definitely dating a romance scam person and there's no amount of us telling her that it's a fake that is convincing her and she's giving all her money to this person what do you think we should do so you'll get you'll get situations like that but if you like helping people you know it's.

B

Right up your alley uk government exempts self from flagship cyber law the uk's new cyber security and resilience bill aims to update outdated cyber regulations and boost protections for critical infrastructure however it excludes central and local government bodies from its legal requirements drawing criticism even as public sector cyber attacks rise opponents in parliament argue that excluding government weakens accountability and creates a double standard while ministers say government departments will meet equivalent standards via a separate government cyber action plan critics remain unconvinced without binding legal duties some suggest future or separate legislation could address public sector security but there is at the moment skepticism about the government's commitment.

A

Awesome microsoft hey really quickly hold on let me share this with my wife i'm sorry this is this is big breaking news yay i got breaking news right now cool all right hey let me just share this with you live this is this is breaking news i just texted it to my wife so we're good there the vet called we had the lesion sent to a a pathologist it's a benign lesion no cancer puppy's gonna be good all right ripley win your winner chicken dinner okay so what's this all about the government is saying do what i say not what i do all right this seems to be very like trendy in twenty twenty six where the government government's doing what it wants okay current shadow deputy pm oh what so roswell uk are you in chat right now bro like the uk has a role called shadow deputy pm is that is palpatine in that role right now do it like like seriously here's a here's a live look in at shadow deputy pm do it all right listen whatever i guess but the uk has been getting pretty serious about cyber security they they recently started that new like department it's like a cyber security division they were involved in operation kronos which was like a massive takedown of several threat actors including i believe lockbit was involved in that you guys remember when lockbit was literally tearing apart everybody so they've been getting quite serious now the united states government has fisma regulations and provides nist and this cyber security framework which is a voluntary based framework what they're proposing is that managed service providers which is like outsourced it services be pulled into these things people are criticizing it because they're like oh why are you coming up with all these problem all this government leg regulation but then the government doesn't have to comply with it and they're saying oh no no we comply with other things i don't know enough about the uk and you know how that they handle cyber security at the federal level versus the private sector level i don't know honestly this seems so british to me like with all due respect to the to the uk citizens it just seems so british where they like being very very polite but at the same time not not being nice all right so what what do we do here if you work in the uk or you have uk offices there's any part of your business that fall united kingdom this legislation may impact you and you may want to look into it you know that that's it you know basically roswell uk is in chat right now he's our you know guy on the ground in the uk national audit office recently reviewed fifty eight of the uk's seventy two most critical government systems and found a litany of security flaws with progress in fixing them described as staggering slow and the ncsc which is that new department in the uk around cybersecurity reported that forty eight percent of managed attacks already target public sector a figure expected to rise as government services become increasingly digital yeah sure you know what he says staggering slow let me tell you that i've worked in the federal it space a lot even the dod frankly which is you know got access to all the cool new tech the federal government is gigantic and i get doge came in and gutted a whole bunch of stuff for the for the benefits of efficiency but getting things changed getting things fixed getting things updated in the federal government is glacially slow decisions are made slowly the innovation is like it's the opposite of innovation in the federal government so i would assume that the united united kingdom's federal government operates at the same kind of pace as the us federal government so just be aware of that governments they move slow.

B

May soon allow it admins to uninstall copilot a new policy that allows it administrators to uninstall copilot on managed devices is now being tested the new remove microsoft copilot app policy started rolling out on friday to systems in some development and beta insider channels if furthered the new policy will apply to devices where the microsoft three hundred sixty five copilot and microsoft copilot are both installed and that the microsoft copilot app was not installed by the user end quote.

A

All right so you know obviously this is coming from somewhere microsoft wants you to have copilot installed believe that okay so the fact that they're testing a way to allow you to remove it from managed endpoints that's got to be coming from somewhere somewhere someone is complaining loudly that they don't want copilot all up in their business all right so you would need let's see it's only in the dev and beta insider channel so you won't see this available in the main the main oh my god what's the word i'm looking for the main build until it gets tested and everything because the last thing you want is this thing breaking something but uses intune or sccm to uninstall it i will tell you like dude my this tv back here right this tv this lg tv they conveniently installed co pilot on it the other day i was like what are we doing here like i don't want co pilot on my television let's see the new policy will apply to devices where copilot are both installed and the microsoft copilot app was not installed by the user and it was not launched in the last twenty eight days so look at this they are adding some caveats here so it's not just a blanket uninstall copilot period it has to be not installed by a human and it has to have not been used in the last twenty eight days so if you act you know if carl clicked on it out of curiosity or whatever guess what it's not going to get uninstalled i do wonder if this is like an ongoing thing so if you went twenty eight days without using it it would make it removed if you do want to enable this in your environment go to group policy editor and user config admin templates windows ai remove microsoft copilot app okay oof it does fix an issue where file explorer was crashing gross all right here's my thing real quick okay you can be here i i this is something that i guess i feel like when you get old you think about okay so check it out just because you can uninstall copilot does not mean you should stop the stream and just go and be like uninstall uninstall uninstall no like think through it does it make sense to uninstall it does it align with whatever your company's policies are are there issues with having it are there issues with not having it is someone using it have you deliberately given it a shot and tried it or is it just yolo ai sprawl is a very real thing right now we have people using ai tools all over the place some people are using tools that they don't even know are ai tools co pilot's just another one microsoft is ham fisting co pilot into everybody's face so yes you can uninstall it but i would just say do it with intent right i'm not saying copilot's good or bad i don't use copilot i don't have a a dog in the fight but with this tool or any other tool just because you have the ability to remove it now does not mean you should just go ham on it and remove it for the sake of removing it because you can also remember it's not going to remove it from everywhere because if people are using it say you have a policy or we're not going to use copilot here no one's allowed to use copilot we're going to uninstall copilot we win just know if anybody used copilot in the last month then you're not going to be able to remove it from their computer so you're not going to get one hundred percent okay huge thanks.

B

To our sponsor threat locker want real zero trust training zero trust world twenty twenty six delivers hands on labs and workshops that show cisos exactly how to implement and maintain zero trust in real environments join us march fourth through six in orlando plus a live ciso series episode on march sixth you can get two hundred off with the code ztw ciso twenty six at ztw dot com.

A

To that point i will be at zero trust world everybody that conference they're just talking about great conference we'll be doing the show the daily cyber threat brief live from the conference floor so if you want to see the show in real life in person come on down it's a cool conference plus the the food is amazing on top of it all right so check this out all right halahala hala hala hey guys i say i want to say thank you we are at the mid roll thank you to the stream sponsors threat locker who you just heard from flair we're doing the watch party on the twenty ninth together i hope you can join area big fan of area helping with that ai sprawl and also wait for it anti siphon training look at this beautiful man john strand himself john strand is offering the active defense and cyber deception course next week monday january nineteenth through the twenty third four days four hours a day sixteen hour course i've taken this class personally i loved this class so much that i made a youtube video for like you know fifteen minute video deep diving what the class is why it's awesome you can take this class for zero dollars they do have it they do ask for a minimum of twenty five but there's a way to pay zero dollars if you are financially strapped and still want to train if you are currently in between jobs this is a great opportunity this class is very fun you get hands on labs john also covers a lot of like ethics of hacking back of you know is it ethical for you to stick basically a landmine in your environment and a threat actor trip over and blow up is it okay is it okay to have a threat actor download malware from your environment and infect themselves is it okay for you to have them beacon where they are and then you go attack them john answers those questions as as well as showing you what's up so go to anti siphone training dot com and check this out active defense and cyber deception with john strand very cool course definitely appreciate it he only teaches it a few times a year so don't be the guy who's like too late too late because that'll be your cry when the man with the active defense and cyber deception course passes you by every single day of the week has a special segment you know i hate when i click on something and it closes the tab every single day of the week has what the what is this every single day of the week has a special segment in mondays is simply cyber's community member of the week sponsored by threat locker yes threat locker sponsors this particular segment meaning that the community member of the week that i recognize not only do we get to celebrate but also because threat locker takes a deny by default approach to application security we take e we take a it takes a village approach to community and because of that i get to give this person a hundred dollar amazon gift card or simply cyber merch which by the way really quickly if you don't know this adidas hoodie is awesome where's my right my adidas hoodie they don't make these anymore so if you're if you own one of these right now i know jesse johnson owns one i know a couple people own one they don't make these anymore so exclusive i i guess but let me introduce you to this week's simply cyber community member of the week you guys know him he's in chat thankfully ladies and gentlemen he's been the member before but i want to recognize him dj b ben cheryl houston's own ghetto boys dj bac now dj bac if you if you didn't know he covered the simply cyber daily cyber threat brief in december during the week of christmas while i was out and i genuinely appreciate it i was willing to i was willing to just cancel the show for two weeks and b sec was like dude come on man i've been out i've been out i i've been super busy i've been traveling i i missed the show let me do the show and i said all right bro and he did it and i didn't check in but people told me he crushed it so you know thank you dj b sec for all you do i appreciate it i will get with you and get you your prize whether it's merch or an amazon gift card you are an amazing person all right guys let's keep cooking shall we.

B

Nsa cyber directorate gets new leadership the national security agency has a new leadership roster david imbordino an nsa senior executive who is currently serving as the directorate's deputy chief will work in an acting capacity as head of the cybersecurity directorate within the nsa second in command within that directorate will be holly baroody a senior official at the agency currently based in the united kingdom tim kosiba has been officially appointed as the deputy director of the nsa the agency's second in command and is expected to start that role in the coming days the director of the nsa its overall leader remains william j hartman also in an acting capacity all right i.

A

Mean i okay like i don't know i don't know anything about either of these people but it is great to see that the nsa cyber directorate is getting leadership guys you can't these organizations do need you know guidance and leadership there needs to be someone at the helm right i mean you can have a boat out at sea with nobody sitting in the pilot's chair and the boat will float right but if you put someone in the captain's chair now you've got direction you've got control you've got leadership that's what's up this guy david imbordino is already the directorate's deputy chief and he's basically getting promoted chances are this dude was already doing the job i mean guys tell me that tell me if this vibes with you you ever already been doing the job for like a year and then they finally promote you but all promoting is is like actually recognizing that you've been doing the job already there you go also shout out to this lady right here what's her name holly that holly holly baroodi who's going to be the number two the nsa cyber directorate's number two apparently this is the nsa is not confirming or denying that either of these things are true but obviously it's being reported quick shout out let's go it's nice to see people are getting the jobs based on their competency right shout out to professionals this doesn't listen nsa directorate you could replace both of these people with two other people and it makes no difference to me as a cyber professional helping protect businesses okay like this is interesting and forgettable at the same time okay like i hate to say it like i'm sure both of these people have put in decades of experience and you know sacrifices to get where they've gotten in their career and i celebrate them but for me this this like i literally later today you could ask me either of their names and i wouldn't be able to tell you and in a week i would probably forget this story even happened so it's great but in the in the in the scheme of like practitioner and what to do and is this valuable this is just a footnote as.

B

Far as i'm concerned cisa sunsets ten directives due to evolution of exploited vulnerabilities catalog yeah ten emergency directives that had been issued by the agency have been retired after officials determined quote they were redundant thanks in part to the widely used known exploited vulnerabilities catalog end quote the ten directives were issued between twenty nineteen and twenty twenty four and the agency credits cisa's commitment to operational collaboration across the federal enterpr for their removal six of these are related to microsoft with the others related to vmware f five and cisco a list of the microsoft vulnerabilities is available in the show notes to this episode all right north.

A

Korea so i okay two things here number one ceases known exploited vulnerability catalog has value okay if you didn't know about it the kev or known exploited vulnerability catalog by cisa which is the cybersecurity and infrastructure security agency remember i'm trying to in twenty twenty six i'm trying to spell out all the acronyms because i heard a lot of people complain not complain but a lot of people not in our industry highlighted that acronym it's like they get overwhelmed and confused by all the acronyms so cesa issues these emergency directives like basically like hey breaking news get your crap fixed hey breaking news vmware is being exploited hey breaking news progress is move it software is being exploited fix it right i don't know is anyone hearing static in my microphone i don't know we'll have to look into it and now they're retiring them here's my thing i here's my thing guys in cyber security things move incredibly fast okay like so fast that when you have a you know a compromise or something in your environment chances are you just fix the problem like reimage the user's machine or you know verify like change their password whatever and then you keep on going no one is doing deep dive reverse engineering of malware on on an asset that they found in their environment unless you like work for you know recorded future or something like that sorry about the static everybody wait here i'll just take the microphone further away from my face how's that i don't know i didn't touch anything all right i'll just speak like this okay we'll get it sorted so when they are retiring emergency directives these directives are from twenty twenty and twenty twenty one guys in all reality i am not thinking about emergency directives from twenty twenty i'm not thinking about emergency directives from twenty twenty four you get your things sorted out and you keep on moving that is how it really works in real life so i mean it's i don't know man here's my thing okay there's so many vulnerabilities that haven't even been classified or qualified it was like a big deal remember when doge was cutting things and like the nist cvd was going to lose funding and people were like and it was like going to be publicly sourced and then europe was going to manage the vulnerability catalog and then all of a sudden the eleventh hour money came from somewhere like we have those problems yet someone somewhere had the bandwidth to go through five year old emergency directives to determine if they should be retired or not i don't know again not my dog not my fight but as someone who has had to deal with making a dollar out of fifteen cents and stitching a pork chop to a chicken wing in order to make an entire meal work for somebody i am not spending my time or directing anyone in my you know under my management to go look at these things and retire them there's bigger fish to fry there's bigger problems to look at again maybe maybe you want to disagree with me i don't know but like here's i guess here's my thing no one gets into a job no one gets into a job right and they're like oh man hey i'm super excited to be here first thing i'm going to do let's look at these five year old emergency directives and see if these apply to our environment yeah no one's doing that so to me i don't know man it just seems like a waste of energy.

B

All right quishing attacks on the rise no a warning from the fbi about the north korea linked apt group kim suki continuing to target governments think tanks and academic institutions with quishing attacks which is the use of spear phishing emails containing malicious qr codes hence the term quishing these qr images often arrive as email attachments or as embedded graphics which evade url inspection mfa and sandboxing their goal is to trick victims into visiting fake websites or downloading malware russian all right i wasn't.

A

Even listening to this as soon as i see the word quishing i'm out i'm okay i think these guys are using wireless keyboards too all right kim suki is targeting governments of course with quishing attacks a quishing is the qr code looks like this do i have a qr code there we go see the top left qr code there we go there we go and we can do this one we got qr codes all over the place okay you can't see what a qr code all a qr code is is basically a url because you can't see the url you could accidentally scan it and fall fall for an attack now josh mason is very passionate about how falling for a quish does not compromise your endpoint it just sends you to a website and he he's passionate that like there is no instance of like you scan something and you're owned all right so a bunch of people are being sent emails with qr codes all right so once they scan it they're routed through attacker controlled redirectors that collect device and identity attributes like user agent os ip address et cetera et cetera and then they send you specially optimized credential harvesting pages impersonating microsoft three hundred sixty five so this is the deal you scan something it does a profile on the device that scanned it and then it sends you to a phishing landing page where they're going to try to harvest your credentials multi factor authentication is not bulletproof here but obviously you should have microsoft three hundred sixty five you should have multi factor authentication enabled to help when they get your password that it doesn't result in you being compromised or other being compromised here's the deal educate your end users tell them to not scan qr codes that they get in email that's it if you're not sure don't scan it especially if you work at government a government facility a think tank i don't know if there's a way like i don't know if there is a way for email security gateways to scan emails to see if there is a qr code in the email itself like as an image but chances are they're probably attached attachments that you know you open up and then there's the qr code just the nice thing is the nice thing is qr codes have become very popular especially at restaurants to scan the menu so you know your non technical audience is going to know what a qr code is please don't use the word quishing with them just tell them hey don't scan a qr code that you get an email you can see here one specific example of how they're doing it is a fake conference invitation so hey academic hey i read your paper on whatever hey i read your dissertation on information security risk at small health care institutions in the state of south carolina we would love for you to present at our conference hey wild west hack infest denver is around the corner and we had a late cancellation would you like to come speak at the conference scan here so they are using the carrot not the stick in order to lure victims into scanning it just make them aware yeah you can see here the email contained a qr code that sent them to a registration landing page that had a button to register when they click the registration button it sends into a fake google login page where they give their creds up so i mean it's dude it's basically straight up classic phishing attack here's a phishing email here's a landing page i like i literally teach this to my students at the citadel in week three you can use dave kennedy's or trusted sex social engineering toolkit to execute this attack this tool kit has been around forever right right here social and if you're if you're listening on spotify i've brought up the social engineering toolkit github page you can see dave kennedy from trusted sec dave kennedy is like an og legend really great guy too but this tool is very full featured and it's exactly what it sounds like it's a social engineering toolkit but you can use this to stand up a fake malicious infrastructure and do credential.

B

Harvesting credential stealing campaign targets energy and policy organizations russian state sponsored threat actors from the apt twenty eight group have been linked to new credential harvesting attacks this time targeting quote individuals associated with a turkish energy and nuclear research agency as well as staff affiliated with a european think tank and organizations in north macedonia and uzbekistan apt twenty eight is associated with the main directorate of the general staff of the armed forces of the russian federation also known as gru this attack though localized is of interest for everyone because of the fact that unsuspecting users are redirected to legitimate sites after the credentials are entered on the bogus landing pages thereby avoiding any red flags end quote.

A

Yeah really quickly kishan infosec says set is old the social engineering toolkit i just talked about in the last story this is true it's been around for years and years and years i do want to point out i'm looking at the github repo right now and the last commit was two years ago so i don't know if it's still i don't think it's being maintained any longer but it does it does work still all right so russian apt twenty eight doing fake landing pages and stealing credentials this is literally the same exact thing that we just saw in the north korean story except they're targeting energy and policy organizations okay whatever your bag is who whatever organization or you know individual you want to compromise this is how they do it you send them an email you tell them hey you know you're going to lose access to whatever or click here to get free money or free tickets to the masters or would you like to go to the super bowl drake may wants to talk to you online too whatever it is and they get you to click through and give up your credentials and then they own you it's as simple as that now there are more advanced techniques so you can't assume you you know what a phishing landing page looks like and in this one after you put in the wrong credentials they will redirect you to the correct page so you're less likely to detect something wrong right have you ever typed in a password incorrectly and the page just refreshes and then you're like oh i must have typed it in wrong let me type it again that's that's basically it right so you put in your username and password you give it up to the russians then it redirects you to the correct page you're like oh i must have typed in my password incorrectly you type it incorrectly and then you're logged into the system and you're off and running no big deal it's like it's kind of like getting a trojanized piece of malware where the calculator app still calculates and does math but you're also running some type of info stealer or something apt twenty eight is a nation state based threat actor in russia they've been around for quite a while i think they're fancy bear let's take a look i'm going to go to miter attack framework miter attack framework i'm going to click in here i'm going to go to the top i'm going to go to cti groups and then i'm going to look up apt twenty eight you can see i'm right here i've done it and they are also known as fancy bear did i say fancy bear or cozy bear i can't remember they've been around for quite a while yeah you can see they're the ones who are responsible for compromising the democratic national committee in twenty sixteen and getting hillary clinton's emails you remember the whole hillary email thing that was apt twenty eight okay so apt twenty eight is all about getting access to things info stealing credentials that that type of stuff cozy bear and sand worm they're the ones who are responsible for like executing cyber missions okay so apt twenty eight this this story is basically like if anything this story is just a reminder okay that apt twenty eight is out there it's twenty twenty six the hillary email you know drama was ten years ago what do you want like dude russia's very good at misinformation disinformation as well as stealing creds and and really quickly just to not be xenophobic or something the united states is also very good at cyber and i guarantee you we're really good at stealing creds because this is a standard practice in the cyber kill chain you want to access something get creds to it how you going to get creds trick someone into giving them to you period full stop all right ooh nine am on the dot someone called nick barker you guys remember nick barker haven't seen him in a minute paula all right guys i do want to say thank you all so very much for being here shout out to dj b our simply cyber community member of the week i will get with him and get him his prize i hope you had a great show today i certainly did big fan good news coming in on the puppers across the wire is breaking news i'm jerry from simply cyber if you got to get out of here we'll see you tomorrow at eight am eastern time otherwise stay tuned for jawjacking also i want to remind everybody if you didn't know i have produced videos dropping every sunday at four pm eastern time for the entire year of twenty twenty six and we just dropped another banger grc job interviews there's jesse johnson erica mcduffie guys if you are interviewing for jobs listen nobody gets feedback from the interview hey sorry we went with a different candidate i'm okay how was my interview did you like my answers sorry we can't give you any information that's a bunch of bull crap so if you want legit feedback on how to interview like an absolute legend check this video series out i've done people are loving it and i'm super pumped too because i think it adds value watch here i'm going to drop a link to it watch this doink i'm going to pin this all right i'm jerry from simply cyber until next time stay secure don't go anywhere i'm going to answer all your questions ever wonder what it takes to break into cyber security join us every weekday for jawjacking where industry experts answer your burning questions about the cyber security field field live unfiltered and totally free let's level up together it's time for some jawjacking what's up everybody welcome to the party my name's jerry guy coming at your face we are killing it today this is jawjacking a thirty minute ask me anything show you ask me a question i'll give you an answer if i don't have the answer i will try to get you the answer because i don't know everything ain't nobody got time for that ain't nobody got time for that we are going to be joined by two hundred plus simply cyber community members in chat you see i got the chat over there all about good times let me know what you guys let me know what you guys want to talk about questions about cyber questions about anything i'm here zach hill from it career questions has a grc video coming out soon zach let me know when that's available let's look up zach here there he is this beautiful baby i'm looking at zach's videos i do not see a grc video yet so we'll have to figure out what's going on with that let's do a quick shout out really quickly if you guys didn't know this is zach hill's it career question two hundred ninety three thousand subs lot of people getting a lot of help from zach's youtube channel i also want to remind everybody oh yeah while we're here did you know you can go to luma dot com simply cyber luma l u m a luma dot com simply cyber tomorrow at one pm me and mike miller are doing a one hour personal branding live stream helping you turn your linkedin into an actual tool that can actually help you get hired make network connections all about good times go to luma dot com slash simply cyber and sign up it's literally free i hope you can make it at one pm tomorrow all right let's see what questions we got coming in here what's the least stressful job in cyber security spam musubi asking the question let me think about this really quickly least stressful job researcher i think security researcher is probably the least stressful job we just become best friends yep rob cooper coming in simply cyber jerry i got hit by a really good vishing attack on friday the guy said he was from my bank's fraud determine banks fraud determine banks fraud department very convincing interesting rob how did you how did you how did you discover it was a fraud guys be on the lookout thanks for the super chat too by the way rob soul shine asks how did you find jason rebels my friend gary ruddle actually is friends with jason and said hey you should talk to jason so i called jason and then we had a nice conversation and then he's actually going to be my guest on thursday for simply cyber firesides yeah he's a really cool guy jason rebels pocket pixie says how can i get into purple team quickly get good at sock work and pen testing work and have a really good foundation on i t purple taming is not something you with all due respect pocket pixie purple teaming is not an entry level thing it's it's like it's kind of like an evolution past blue anybody know if wgo does labs for skill building i do not know but when casually joseph gets up he can answer that question anybody anybody in chat wgu right owls can answer this question from the velvet bandit the velvet bandit please tag the velvet bandit next question how do you feel about unsecured network of cameras watching your driveway for the russians and chinese like a group of birds snitching on your country to its adversaries what how do you feel about unsecure network of cameras watching your driveway this feels like a very specific question darth looper i'm not maybe i don't know like can you i guess provide some more context i mean i guess if i had a bunch of cameras on a telephone pole looking at my driveway and the russians were watching it i mean i wouldn't feel great about it phil stafford says jason's a cool dude yeah he's actually working on an ai startup we might be talking to him about all right continuing to look at chat if you have any questions drop them in chat code brew says he'd rather the cameras be on the driveway instead of the bedroom one hundred with you there buddy ah the flock cameras i didn't know that the flock cameras were russian and chinese spy networks a anonymous linkedin user wants to know how to integrate cyber resilience in the company to put kpi's in place to see evolution yeah so what you want to do is you want to put together a not a formal but like you want to have a cyber security framework right so something that is very easy to communicate something that you can have a project plan or a program plan to execute against and that's where you can start seeing improvements in trend data right what how many controls do we have implemented how many systems do we have patched how much visibility do we have how many domain admins accounts do we have like how long does it take us to detect a compromise how long does it take us to patch a vulnerable system what's our internet facing attack surface look like if if you're just playing whack a mole that's not good you have to have a cybersecurity framework even if it's something basic like cis eighteen something basic because it allows you to measure today and then you can measure with the same measuring stick tomorrow the next day the next day and that will show you apples to apples comparison rob cooper says he asked for a one time password that was going to be used to authenticate a pay later application instead of canceling it okay there you go jerry how long was the puppy sick thanks for asking space tacos so it's really interesting so for those who don't know i have two dogs they're brothers and we took i took one of the dogs in to get their medicine updated or whatever you want to call it and the other one had like a like a weird growth on them that i was like oh while i'm here can you just look at this and they're like oh geez we got to get that off immediately so they surgically removed it not instantly we had to schedule the surgery it was like two days later and they removed it but it was a massive incision that had to get like stitched and then stapled and all this other stuff and that was friday so like ten days ago space tacos so he gets the staples out tomorrow so we've been really we've been right on top of him because they don't want him to lick where his wound is obviously because of infection and whatnot so we've been like misses and i have been like taking turns sleeping on the couch so we can be with him and make sure he's not doing these things sierra montgomery is asking for a dog update we got a text message from the vet the the growth that they removed from him is confirmed benign woo w all right thanks for asking everybody we love our dogs we're big dog family all right k sula says i was asked by my vp to talk about malicious injection versus ransomware what what would have been your quick response to this well my response would be like what what do you mean versus malicious injection versus ransomware malicious injection is like an attack technique ransomware is a like a malware variant so i guess so hey jerry talk about malicious injection versus ransomware i'd say okay like you know they're kind of not i i guess the first thing i would say is yeah as far as ransomware goes it's definitely the number one threat that we should be mindful of depending on what industry you're in you could quickly reference well known victim organizations so say you're working in healthcare you could say yeah you know that change healthcare was a massive problem in twenty twenty four early twenty five we definitely don't want that here are the things that we can do to reduce our risk of ransomware now as far as malicious injection goes now we're talking more i mean are you talking about ai prompt injection are you talking about cross site scripting do we have web apps are we are you a tech company developing software so i don't know what they're the vp of but i don't think that they're the vp of information security because that question seems i don't know man that question seems like someone who knows some buzzwords and threw them at you not someone who understands what they mean all right dog update no i already did that thank you sierra question from net setup if paulo altogether puts a site in a dns sinkhole for a threat what would be the sop to find out the risks and get a good evaluation what would be the standard procedure to find out the risks and get a good eval i mean i don't know if there's necessarily a standard procedure so i guess net setup are you saying that you're running apollo as your firewall and they've determined a website is malicious so you can no longer access it through your apollo firewall and you want to analyze it for the risks again this is one of those ones where like you can do this okay all you have to do is get a get a get on a network that doesn't go through your apollo and then it won't be sinkholed anymore now it's a malicious website confirmed by paulo so i don't know if you want to go poking around in it but if it were me i would what i like to do you know the ultimate prophylactic i would go into amazon aws i'd spin up a machine then i would use that machine to go access this site and do whatever it is i want to do i do have in aws i do have like it's it's not a full flare vm but it's you know got some tools on it for me personally because then i can just burn that machine down the machine isn't connected to my home network in any way but i said this earlier during the daily cyber threat brief in the in the reality of at least in my professional experience if i'm paying for apollo firewall and they sinkhole a website because it's deemed malicious good thank you for do like thank you for protecting me without me having to spend time energy and effort on it that's why i'm paying you palo alto i'm gonna go on and take care of the next fire that i have to take care of i'm not gonna go poke around a website that you've already determined is malicious for for whatever reason so that's what i would say net setup that's how you go do it and then in practice you're not like at least for me in practice i'm not going to go spend time doing it the only the only reason i would ever go look at this website is if one of my users fell for it before the sinkhole got implemented and by the way if you're wondering what dns sinkhole is because that's just a term that you've never hear when you go like dns is domain naming service right it basically allows you to type in simply cyber io and it translates the domain name the thing that you and i talk about out loud to an ip address because every web server on the internet has an ip address this is how basic computers work it's how the internet works okay so dns sync holing is saying let's say simply cyber io is actually a malicious website right so when you go to simply cyber io instead of the ip address for the website resolving and delivering your web browser experience to that malicious website the sinkhole says whoa no no no no no we're going to direct you to a different website that way or just not even render a website period a better user experience is to send you somewhere else and say no the a common way that many of you have probably seen this is if you try if you're on some network like school network or wherever and you try to go to a website that's not okay or company network you try to go to like a porn site for whatever reason or you know some type of like illegal download site or something right and you get a splash page that says your it administration or your web server or whatever like your company policy says you cannot go to this website you get that st nice standard splash page that says you can't go here that's essentially like dns sinkholing what do you do on your first day of a new job as a cyber manager well i got two things for you number one good question it's such a good question that i made a video for it what are we doing here can we go to youtube dot com please why is my internet slow okay well for whatever reason the internet is slow right now which is super annoying so you can go to simply cyber's youtube channel and there is a video called crush your first ninety days at work and it answers this question but alpha since you asked the question i'm going to just answer it anyways the very first week what i like to do is two things these are your two number one things you should do number one what's up mike vito number one go to your boss and ask them what their top three priorities that you want them to tackle is right you're not going to solve it today but ask your boss the top three things what are their most pressing things that they want you to work on right you got hired because there was a a need at your work right your boss you're there to help your boss right so your boss is going to know where their biggest pain points are look like a champion to your boss by figuring out what's important to them and then starting figuring out a solution to it so when you meet with your boss next week or whatever frequency you meet with your boss you already have a few ideas on how to solve their biggest problems that's going to go a long long way number two i strongly encourage you set up fifteen minute meet and greet meetings with everybody that reports to you manager one on ones all right one on ones meet and greet fifteen minute meetings hey what's up you know i'm the new cyber manager just wanted to introduce myself who are you what do you do what are you into right do that with everybody that reports to you number one number two depending on the size of your organization meet with key people that you will be dealing with people that work in it people that work on firewalls people that work on endpoints people that work in legal people that work in finance people that work in research and development set up those meetings right introduce yourself hey what's up i just wanted to introduce myself i'm i just got hired i'm the cyber manager i'm over this this and this just wanted to introduce myself and get to understand how you work here so you start developing relationships because when crap hits the fan and you need to pick up the phone that is not the first time you want to be speaking to this person you want to be speaking to them beforehand so you start establishing a relationship and they know who you are and you're not just like the big bad calling okay or if they discover something bad they will know who to call because they've already established a relationship with you all right does anyone does anyone know how to stop or mitigate threat actors from spoofing your org's phone number nope nope there is no way to do that phone number spoofing is not illegal and there's plenty of reasons why think about you know a doctor calls you for a checkup hey i know you just had surgery i'm calling just to see how you're doing the doctor does not want to have their personal cell phone number show up on all their patients right because then their phone's going to blow up at like two in the morning so having it show up as like the main front desk at the hospital is a good reason right so these are reasons why spoofing unfortunately threat actors know this all right space taco say and her best friend just lost her puppy yeah i we've had to put our dog down in the past it's horrible it is absolutely horrible horrible roswell uk says what's a dns sinkhole i did i did explain that already so i'll assume that that question was answered luke canfield said what happened to my beautiful face i think he's talking about how i shaved i still hey listen when i i never shaved my face smooth i do have like stubble here and also i do it myself i don't know if you guys can see but do you see how i accidentally like snipped you see how it's at like an angle this side not so much i will tell you when i was younger that would have been oh scary the older you get the less f's you give about like things i was like ah i mean obviously i don't want to look like an idiot but like it's fine all right continuing to look through chat if you are getting value hit the like button for sure hit the guys i will tell you hit the subscribe button it does go a long way obviously i also want to remind everybody i sent a note out on the discord server but if you are on the discord server many discord servers will ping everyone every time they release a video i don't do that there is an sc notify role that you can opt into to be notified when when new videos drop and we're dropping videos i promise you every sunday four pm i have all the videos like through february lined up so kingdom wakanda says please talk about how to integrate oh i already told you i already answered that question all right all right looks like we are caught up yeah spoofing a phone number with malicious intent is illegal i'm just saying you can't stop spoofing because there is legitimate reasons it's it's like a denial of service attack like stressor services are a legit service all right it's nine twenty three we got seven minutes and i am you know open to answering all your questions all right all right guys solid weekend i don't know if anyone here is big into the nfl but patriots playoffs it was great if you have a team in the playoffs i wish you the best very entertaining i went to bed at halftime when the green bay game because i was tired and chicago made the comeback very reminded me very much of twenty eight to three atlanta falcons and if you are an atlanta falcons fan i'm sure it's too soon all right what are some good networking groups for cyber to join hello well simply cyber is a good one so if you go to simply cyber io discord simply cyber io discord in a web browser justin you can join the simply cyber community very healthy active discord community anti siphon or black hills is another great community look in your local area mad destroyer my man mad destroyer have you played any of those decks you've been working on oh my god mad destroyer i am addicted to building commander decks now i've got the the bug i actually got mishra's burners banner yesterday as a late christmas gift and i've i've been cranking on those no i i haven't i haven't had a chance to play any of them although i i've play tested my decks and i feel very good about them i will tell you this is for a small subset of the community this friday i'm going to i think grand line in monk's corner and competing in a lauren eclipsed tournament i'm very excited about that great to see you mad destroyer citadel starts back up this week mad destroyer so i'll be downtown maybe we can get together after a class one day and do some do some coffee and magic someone wanted to get into security research where would they start good question you could start anywhere i mean i would let's see where would you start well see for security research you have to have so you could do research on like on applications right like reverse engineer and binary analysis software exploitation that you could get really into that you could also get into like at the network layer like you know like some of these ip cameras right like people are complaining that i think it's tp link is you know china's selling them super cheap because they're doing all sorts of nonsense with them or tick tock right oh the tick tock app is stealing whatever you could set those up and look at the network layer and analyze the data going into the packets you could reverse engineer binaries you could also do web application bug bounty type stuff if you want to call that security research i mean as far as getting started i mean honestly i would just download an android apk and reverse it or download a firmware like some type of iot devices firmware use bin walk which is a great tool to explode the file system of the iot device and then go look at it do some research like that so if anyone's got some other thoughts on it i mean that's how i would do it i will say that like security research is not necessarily like step one like you should understand how networks work you should understand a little bit about software honestly if you really want to get good at security research you may want to learn assembly which is i mean that's not trivial and assembly should not be your first programming language either you should definitely have like an understanding of how programming works like pick up python or something and then you can look at assembly all right you keep asking this question kingdom wakanda i answered this question already so if you go back i bring the questions up so you can if you're watching on replay you can skim to wherever i bring something up and see the question oh here yeah kyle kyle actually also sharing on the security research learn assembly c plus it it c plus plus is what he meant to write java network protocols i wouldn't learn java i wouldn't learn java but kyle kyle says security research is going to be his pre retirement gig travel around and speak that's a great idea that's a good idea that's a fun one real kyle kyle yeah i i had a tough time with assembly you know if you want to learn assembly let me show you this hold on one second i've got a great resource for helping you learn assembly get to see my don't look don't look at my don't look at my my youtube back don't look at my youtube history that's how confident i am guys seriously like your google history your youtube history look at all these things there it's almost all magic stuff okay cyber yeti my my good friend doctor josh stroshine so josh and i went through our phd together at dakota state he's such a nice guy i love i'm a huge huge josh stroshine fan okay now if you go to his youtube and go to his playlist he's got this one right here guess what assembly hasn't changed much in the last decade okay assembly's assembly if you would like to take an entire course from zero to hero on learning assembly you can do it for zero dollars right here give that a shot you will not be disappointed so if you take the money away then it becomes do you have the actual commitment oh my god jerry you are such a magic nerd i am i am i love it dude you know why i love magic the gathering magic the gathering i love magic the gathering because i love analysis i love analysis okay and with magic the gathering there's like thirty zero zero zero cards and if just as a quick primer when you play magic you put together a deck comprised of either sixty or one hundred of these thirty thousand cards and if you just grabbed one hundred random cards it would not make any sense you have to pick cards that complement each other and drive towards some type of like you know cohesive goal and that is where you begin to analyze and with thirty thousand cards there is no shortage of analysis oh my god it's so fun oh it's definitely nerdy it's not even that it's like dungeons and dragons and orcs and goblins like that doesn't even matter it's it's the interactions of the cards with each other sean burns had a simic deck blue green all right foreign we are at nine thirty two oh yeah luke canfield demir commander deck hell yeah i will tell you i will be traveling i'm gonna get going here but just for everybody's information i will be traveling with magic decks so if you see me at zero trust world black hat defcon wild west hack infest simply cybercon this year twenty twenty six those are the conferences i'm definitely going to possibly rsa i'll have a commander deck on me believe that and mad destroyer we gotta get together bro all right guys i'm jerry from simply cyber thank you all so very much i'm gonna go hug my dog and kiss my wife guys be well until next time stay secure we'll see you tomorrow at eight am eastern time.