C (11:32)

These are the cyber security headlines for Thursday, January 15, 2026. I'm Sarah Lane, U.S. way's private companies cyber warfare roles the U.S. administration is considering a policy shift that would let private companies play a more direct role in offensive cyber operations. According to former senior officials speaking with the New York Times, the move would expand the current model where firms can build tools but not conduct attacks, and would require changes to federal law plus congressional approval. The idea is expected to surface during the confirmation hearing for NSA and U.S. cyber Command nominee Lt. Gen. Joshua Rudd, raising open legal and operational questions about outsourcing cyber warfare to the private sector.

A (12:25)

China said, dude, this is like such, this is a problem. I, I honestly feel like this is going to be kind of like the, not the biggest but like a very large kind of non technical storyline and topic of discussion for CyberSecurity Professionals in 2026. This is, this is wild. So listen what the United States. There's a lot to unpack here. Okay. We could do an entire simply cyber firesides on this topic alone and bring in, I'd almost want to bring in someone who's for it and someone who's wildly against it and have like a proper debate. But dude, basically what's happening here is the United States federal government has the NSA TAO operators, right? And that is the National Security Agency tactical Access, operations, operator. But basically their tip of the spear. Very, very effective. All offensive security hackers. That's what they do. They get deployed with different teams. Delta Six and whatever. Or is it Delta? No, isn't Delta Six drugs, Seal Team Six, Delta Force, whatever. Chuck Norris and all him. But we only have so many really, really good cyber professionals in the government now. It's important to note the US Federal government doesn't pay very well. If you didn't know that. Surprise, spoiler alert. The US Federal government doesn't pay really well. So what ends up happening is these really good operators will leave the government and go start up their own business and then get contracted back to the government. But there's, but a lot of them will also go to Deloitte. Booz Allen, I worked at Booz Allen for a number of years just to, you know, point it out. But like lar, these large wicked professional consulting firms, and then they'll get 3,4x their salary, right? So say you're in the government, you're making $70,000 working as a in operator or whatever. You can go work at Booz Allen and get like 280 thousand dollars, right? Because you're sick and they can sell you, right? Not sick sick, but like Boston sick. Like wicked sick. All right, so there is an entire pool of talent that can help the United States be more offensive in their cyber capability and make their cyber warfare capability better. That's, that's, that's what they're looking at. They're like, dude, there's so much, there's so much talent out there. We could do this. Okay, that's number one. Number two, think about this. Russia kind of does this already, except with, and China does too, with the cyber threat actors, but we call them threat actors because they're attacking us. It is roundly believed that Sand Worm, which is a nasty, nastily effective Russian threat actor group, is not a Russian government group. Are a private sector Russian group that, you know, basically their one client is the Russian government. You know what I'm saying? And they get deployed like a, like a ninja squad. Like Mission impossible to do. These hard things. Go look up Sand Worm. Andy Greenberg wrote a book on it. They're wicked effective. Okay, so China does this too. So it's been demonstrated. Now here is the rub and here's why we're like, wait a minute, maybe we shouldn't do this. Okay, here's the rubber. When you start having private sector companies attack other countries, well now it gets a little dicey, right? North Korea attacked Sony Pictures back in whatever, 2017 for the movie, the interview. And we didn't do anything. But you can imagine it being an act of war, right? So where a foreign government would want the United States to turn around and punish that private sector company for attacking them. But it's warranted, it's authorized, right? Because the US Government's enabling this. For me, the, the rub is, you know, I'm, I'm Johnny Hothead who's like, just got hired as a junior analyst somewhere at Booz Allen. And I'm like, yeah, like I'm super political. I'm very divisive. I lean ultra left or I lean ultra right, okay? And I'm like, hey, I've been approved to attack Russia or I've been approved to attack the Netherlands or whatever. Like we are doing this. And I take it upon myself, because I don't understand the law, to just fire off, tooling, fire off targets, do ransomware, do, do just nasty operations and all under the guise of patriotism. And now we get into this like massive, you know, cluster train wreck of, of accountability, liability damage. And by the way, this isn't just like walking over and kicking like somebody's Nintendo and hitting the reset button. You could cause, you could cause death, frankly, right? You could cause patient harm, you could cause civil upheaval and civil unrest. You could cause all sorts of challenges and problems if left to your own devices. So for me, I hope I've conveyed all this. The story is that the US is evaluating what it means to allow private sector to do this. So thankfully, it's good to see that they're actually taking a minute to analyze and think through what does this look like in practice instead of just hit hitting like, let's do it and, and figure it out on the way. But this is incredibly complicated with several just international geopolitical ramifications to give consideration to. So I will tell you, unfortunately, or fortunately, depending on how you want to look at it, there is a lot of money in here. I tell my students all the time, I'll tell you guys all the time, follow the money. Yes, from it. From an American military capability. It's great to have more cyber operators we can deploy. But think about this. Booz Allen, Deloitte, Accenture, Cap Gemini, kpmg, Lockheed Martin, SAIC Insert consulting firm here they are salivating at the opportunity to get these contracts. It's, this is money. This is straight cash, homie. Straight cash, homie. So you know that they're going to be all in on it. Right. Regardless. Because whether it's safe, not safe, whatever it is, a lot of money, okay? So just be mindful of that. I'm concerned. And even myself, I am not ready to. If someone were to ask me in chat. Don't, don't ask me because I'm just doing a straw man argument. If you were to ask me in chat, where do I stand on this particular issue, I cannot give an answer right now. I cannot agree with it, nor disagree with it, because this is something that I want a lot of information on and understanding on what this practically will look like. Who's authorized to say what, when, where is there oversight? Is there accountability? Is there ramifications if you violate those terms of agreement? Right. And then I'll be able to give you the answer. All right, let's keep cooking.

C (19:34)

Stop using US and Israeli cyber security software. Reuter sources say the Chinese government has instructed Chinese companies to stop using Cyclops cybersecurity products from around a dozen US And Israeli vendors, citing national security risks. The banned products include software from VMware, Palo Alto Networks, Fortinet and Check Point. This is part of a broader push to replace Western tech with domestic alternatives amid escalating US China tech tensions and ahead of the US President's expected visit to Beijing in April. Deadlock you.

A (20:14)

All right, so a couple things here. Anytime China says we're not going to spend money, businesses around the world shudder. Okay? Like look no further than Hollywood in the United States. They will bend the knee to China in a hot minute to get a, a movie deployed into China. Go look at Top Gun Maverick. Look at John Cena's apology. Look at what's some other ones. There's a bunch of examples anyways, Beijing telling this. Beijing tells Chinese firms, basically the Chinese government is telling Chinese companies to stop using US And Israeli based cyber software. Now they're saying it because they believe that, you know, the United States and Israel who are tightly aligned right now, would weaponize that software in order to have espionage capabilities, information stealing capabilities, the capability to push additional payloads, the capability to do denial of service attacks. Honestly, China's telling the the private sector to stop using that technology from US and Israel for the same reason. By the way, I guess we're gonna. Hold on one second. I guess we're going to be doing big picture stuff today for the same reason that the United States is like, don't use tick tock citizens. The same reason the United States is like don't buy TP link. The same reason the United States Banned Kaspersky antivirus software for federal IT systems. It's the same reason, dude. So if you, if you didn't have a problem with us banning those things here at the US then you should be comfortable with this. Now what sucks is China has huge, huge buying power, right? They have, you know, tons and tons of citizens, tons and tons of businesses. They are innovating the crap out of technology over there. Look at their cars, look at their robots, look at their AI stuff. And you know, the reality is that China is, I, I don't know if it's classified as an authoritative regime.

C (22:26)

I don't know.

A (22:26)

I think it's a tradition. I think it's classically defined as communist. But effectively, if the, if the Chinese government says you will stop using this technology, you better believe you're going to stop using it or your CEO is going to disappear, or you're going to lose government contracts, or you're going to become Persona non grata like John Wick in the second Wick movie, and you're going to be running around with your business, not making any money, which, long story short, it is how you go out of business. Now look at these big players getting hosed here. Paulo Alto CrowdStrike, two of the biggest names in cyber security. Mandiant, which is not a, a big deal, right? Because Mandiant, they do freaking incident response and reverse engineering for like every Fortune 500 company. So like Mandy, it's not losing any love here. Whiz, which is basically another Google company, Sentinel 1, Rapid 7. So I will tell you, these are a lot of, these are a lot of the big names in cybersecurity. So for China to ban it means one of two things. Either China has. Come on. John Wick isn't a drink, right? The Youngs know what John Wick is if you're 19 years old in chat. And let me know if you know what John Wick is. Space talk, because you're really making me feel old now. So there's two things happening. Either China has these capabilities in house already. Vulnerability scanning, endpoint detection and response capabilities, firewall engines, identity engines. Like they have to have those or China has decided to go YOLO and hack naked and just like see where the chips fall. Believe me, China is a first world power. China's in the United States are direct adversaries. There is no way in any reality, like tap into the multiverse, get doctor Strange online too. And let's look at the multiverse. There's no version of reality where China is gonna Just open the gates and let anyone attack them without any defensive capabilities because they don't want to use US based technology. Which means the only option is that they still have it. I am really.

B (24:39)

Oops.

A (24:39)

I am really interesting. I always look at the money Palo Alto stock. I'm just going to look at a couple and see like my thing is, does, does this Chinese ban impact the pricing? So on January 2nd, they took a little bit of a haircut. Looks like they took about a 5% haircut. That's not, that's not really anything bad. When, when did this story break? January 14th. Okay, so palo Alto is fine. Let's look at a smaller company. Like Google's not going to be impacted. They have a diversified portfolio. But Rapid7 coming on this news. So look at this as a smaller company. Like I said, right? Rap. Google's going to be fine. Google has money coming from like every single orifice on their body. Rapid7 does not. Okay, Rapid7, they're taking a look at this. I mean look at the six months they've just been kind of slowly declining. So that's, that's interesting. But right here on, on November 3rd, they took a huge dip. I'd be curious if there can mods. Was there a story did Rapid seven get punched in the mouth around early November, but you could just see the slow decline. So I don't think it has to do with this Chinese situation, but Rapid7 certainly looking like they're, you know, listing at sea.

C (26:01)

The smart contracts to hide Work Group IV. Researchers say the deadlock ransomware crew first spotted in mid-2025, is using Polygon smart contracts to hide its command and control infrastructure. Instead of double extortion, deadlock encrypts systems and threatens to sell stolen data on underground markets. Its smart contract system rotates proxy addresses, complicating blocking efforts and mirroring tactics recently seen in North Korean campaigns. Access vectors aren't clear, but earlier Cisco Talos reporting linked deadlock to BYO VD techniques and EDR kill exploits.

A (26:44)

All right. Hey, really quick. I didn't. You'll have to grant me some grace. This is a live show and I'm a bit of a lunatic. I didn't listen to this story at all because I read Roswell UK's message in chat and it got me thinking. It's great. Point. He said suddenly new. He says JVs. I don't know what JVs are, but I'm thinking new companies spring up here like Whiz Vanessouch. Palo alto sang for 10 cent rapid seven. So basically he is saying forks of businesses stand up just to serve the Chinese businesses. And honestly, that is a solid. That's a solid hot take. Roswell UK. I absolutely could see that. I don't know if Rapid7 could pull it off or, I mean, maybe Rapid7, but some of the smaller companies. But like, I mean, Google's already done it with Google search. Go look at, go look at Google's history around when they got rid of their slogan. You youngs in chat will never know this, but Google's slogan when it first got started was do like do no evil. And then they realized that they had to like censor and filter and do all sorts of things to their search queries before delivering them to Chinese citizens. And they had a choice, either do no evil or make tons of money. And guess what? Their slogan is not do no evil anymore. True story. Go look at it. All right. Imagination, the limit. Deadlock. Ransomware is all up in this mother trucker. Smart contracts to hide their work. All right, we're using blockchain to evade defenses. Oh my God. Guys, I gotta tell you right now, do you remember 2021? Do you remember like smart contracts, blockchain NFTs, Jay Gold. Like it was so, so in everybody's face. And for what it's worth, we tried to make it, we tried to make it work. I still own two NFTs that are worth absolutely nothing on purpose. I bought the NFT so I could understand what the heck was going on with, with this NFT thing. And you know, I lost my money, of course, but I still own the nft. So if you ever want to, you know, get some of that. All right, so Group IB researchers, I've been talking about Group ib, pretty classy operation. I think they're out of Europe and they are using blockchain based or they're, they've discovered blockchain based anti detection methods. So what does this look like? How are we using the blockchain as a threat actor? Double extortion has been abandoned. Double extortion is they steal your money and they steal your data. I mean, they encrypt your data and steal your data so they can sell you the crypto key and sell you your data back or sell it to a competitor. They don't use a data leak site. Okay, all right, So what are they using blockchain for, buddy? Okay, so they, they're using blockchain for C2. All right, whatever.

B (29:57)

Woo.

A (30:03)

All right, All right. They're using smart contracts to store the all right, so whatever. This is fine. This is fine. Listen, a threat actor group is using smart contracts as a C2. That. That's. Or. Yeah, for C2. Listen, C2 is command and control. And in modern threat actor operations, modern cyber operations, you. You can infect the machine, but you don't just, like, sit on the machine. Right? Imagine if you will. Zmif and Brown Coyote are a. They're like Demolition from the wwf, okay? Before it was called wwe. They're a tag team and they're getting after it. Those two guys in chat, ZMF and Brown Coyote, they attack. I don't know. Let's pick a company. They attack. I don't know. I don't know why I'm struggling. They attack Condition one, which is the company that makes the hard travel cases. They're like a competitor to Pelican, right? They make these things right here. See condition one. All right? So they attack Condition one, and they get several end points and they're moving laterally and. And they get domain admin creds and they take over active directory. So they own like nine boxes. They're not going to just have, like nine windows open. They're going to have some type of, like, interface showing all the machines they've hit. And the machines are going to be reaching out to some predetermined location to get updates and they'll be beaconing. So like every five minutes, every ten minutes, every hundred minutes, whatever it is, to get an update from Zmeth for Brown Coyote. What am I doing now? Okay, this is called persistence, and it allows a threat actor to control without having this, like, active connection to the endpoint. Also, if the threat actor, if the victim discovers it and they reboot the machine or something like that, those persistence mechanisms through different options, like a scheduled task or something, will fire back up and reach back out, which allows a modular infrastructure. So then the payloads can be updated in the C2. Now, what is the C2? Where do you put it? You can do C2 any which way you want, as long as there is a way for the victim endpoint to send data out to the Internet somewhere and receive data from the Internet from somewhere. Then you've got command and control. And we've seen command and control in the classic way where you just have a server on the Internet that you've stood up and it gets an IP address and whatever. We've seen it pushed through DNS domain naming service, which is a great way to do C2 traffic. It's very easy to Detect if you're looking at DNS, but it's not, but it's a very effective way if you're not looking at DNS. Okay, all these guys are doing deadlock ransomware. All they're using is blockchain and smart contracts and they're sticking their C2 in there. So they tell the victims, machines, right? All the machines that they take over, yo, go to this smart contract and look up whatever is there. And what they're doing is they're updating the domain names there. Again, it's just modular infrastructure. This is, this is clever and, and novel. But the actual paradigm of what deadlock ransomware is doing here is nothing new. This is how threat actors are control the, the end points that they have compromised. It's through C2. Go look at, I mean, for crying out loud, check this out. I'm looking up cyber kill chain, which I show often here. Like this is, you know, this is, you should understand this. Like whatever job you're going to take in cyber security, you should understand the cyber kill chain. And if you look at it right here, you'll notice in the cyber kill chain down here there's literally a command and control option or not option step, right? This isn't like occasionally you do it. This is part of the workflows for any operation and they're using smart contracts. Okay, so good stuff. Here's the deal. If you don't want to get hit with deadlock ransomware, smart contracts has nothing to do with it for you, okay. What you need to do is, is make sure you do all the basic stuff, cyber hygiene stuff, good passwords, not reusing mfa, all the things detection, engineering. To find these things you, if you want to get a little bit more clever, you like, if your infosec program is mature, you could actually go look at deadlocks, ttps and then look in your environment for that. Go threat hunting all these things. But like, this is, you know, this is fine.

C (34:57)

Microsoft disrupts RedVDS cybercrime platform Microsoft and international law enforcement disrupted RedVDS, a cybercrime subscription platform used to run large scale payment diversion scams. RedVDS rented disposable Windows RDP servers for as low as $24 per month, allowing phishing, mailbox hijacking and impersonation campaigns that contributed to more than $40 million in U.S. fraud losses. Microsoft seized domains and servers and filed civil suits after tracing more than 191,000 compromised email accounts and 3,700 impersonation domains to the service real estate Transactions were hit especially hard.

A (35:46)

All right, Microsoft doing. Microsoft does. So Red vds was a subscription service. Everybody nowadays has a SAS product, and threat actors do too. Let's see, Microsoft took them down. But my thing is, was it hosted in Azure? All right, so virtual computers that make fraud, cheap, scalable, whatever. All right. Microsoft worked with law enforcement. Way to go, law enforcement, regulators. All right. Honestly, it's kind of funny because German law enforcement was involved. Red vds definitely sounds German. I don't know why. It just maybe. Maybe I'm making that up or I'm being biased, but, like, it feels very German. I just don't understand how Microsoft got involved. Microsoft must have been seen. Telemetry. I'm just looking at chat right now. Really. I mean, not chat. I'm reading the story. I don't research or prep for these stories. So it's just weird to me, like, why Microsoft would be involved unless it was in the Azure infrastructure. So Microsoft, which does have Microsoft Defender for Endpoint, which means that they can have visibility over assets that are getting bombarded from the Internet and start having, like, aggregated insights based on, you know, just the sheer volume of logs that they have. They saw 2600 different virtual machines send an average of a million phishing messages a day to Microsoft customers. Okay, so Microsoft has the visibility into Microsoft Exchange or Exchange Online, which, by the way, is interesting. Which means. I'm not saying that they're. Okay, so Microsoft is reading your emails, Right? I don't hear anyone flipping out or freaking out about that, but just. Just to point out, like, they have to, to be able to determine if it's a fish and see where it's coming from and everything. Again, one, one solid thing to point out really quickly. In cyber security, we as practitioners, we have the ability to read everybody's email. I don't have time for that, nor do I care. So anytime you get an end user who's like, oh, you want me to install this multi factor authenticator on my phone so you can read my text messages, it's like, listen, Clint, I don't care about your text messages. I don't have time to care about your text messages. Just install the MFA app and let's get back to work. All right, this seems like a pretty big, pretty big story here. Red vds causing, you know, tens of millions of dollars in crime, which means obviously victims paying it. Payment diversion fraud, also known as business email compromise. I haven't heard the term payment diversion fraud, but let me just give you a little extra value okay, I'm running behind on time, which is not good for me, but a little extra value. Guys, everybody, we talk about ransomware every single day. Remember business email compromise, which is a category of attack. It can happen many, many different ways. It basically tricks a company into giving a threat actor money through the finance office and it is the sleeping quiet giant in the room. Business email compromise is like the number two threat that you should be thinking about. And I got to tell you, meeting with the finance team, talking to the cfo, they will be very receptive to anything you can do to help prevent that type of attack. And you know, I've worked at several businesses where they've had successfully been compromised by business email compromise. And it's usually to the tune of like 50, 60, $70,000, which to me is a lot of money. But to a business that's making 10, you know, tens of millions of dollars, it sucks. But it's like a mosquito bite, right? You don't like it and you itch at it, but you're not going to like, you're not going to go inside from the barbecue because you got bit one time by a mosquito. But they will know about it. Chances are they've seen it. So when you come talk to them about how to prevent it, it will be much more germane to them to want to listen.

C (40:26)

Huge thanks to our sponsor, Threat Locker. Want real zero trust training. Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando, Florida, plus a live CISO series episode on March 6th. Get $200 off with ZTW CISO 26@ZTW.com all right.

A (41:00)

Hey, really quick, before we get into it, this red VDS story is much bigger than I even gave it the time for. I would recommend reading the Microsoft Security blog. Justin Gold put it in chat and I was looking at it. Guys, this is here. I'm going to drop this link in chat. This. Unfortunately, this link might be too long for the. Oh no, it's not. There's the link. Go check that out. There is an infographic in here to end all infographics. This is a like the one ring. Oh my God, look at that. Oh, stop. Be still my heart. Oh, maps. With. With heat maps. Okay, really quickly if you're a first timer here. Sorry, not sorry, but we got to do this. We got to do this. Oh, I have an unhealthy obsession with infographics. Oh, My God, that, that color scheme, those icons, the flow. Oh, man, that's good stuff. Good God. I might have to call out to the Citadel. I might need a minute. All right, all right, all right. Enough of the. Enough of the silliness, Guys. I want to say thank you all to being here. Thanks for having a good time. I hope you got a smile on your face and I hope you're enjoying your morning. Whether you're dropping the kids off at school, getting your your eggs and bacon ready, all those things. I definitely appreciate you and I strive to make this show entertaining as well as educational. That is my underlying drive. I do want to say shout out to all of you and thank you to the sponsors again. Remember guys, the sponsors pay the bills, right? That at the end of the day, I know we're having a fun time here and anyone can start up a podcast, but to be able to do it every single day and make that commitment, have all the fun stuff, it costs money. So the stream sponsors instead of me, pay gating the podcast, which by the way, fun fact, I actually had a business approach me to buy the show, except they were gonna pay wallet and I was like, yeah, we're good here. So hey, shout out to the sponsors. Threat Locker, Anti siphon area and Flare. Want to let everybody know that if you go to simply cyber IO flare, you can register for this absolutely free 2 hour webinar on Inside the life of a ransomware operator. Guys, I would never go into a dark web CD underbelly criminal gang to figure out what it's like, but this is a once, this is a one of one opportunity to get real insights on the actual human behind the keyboard that we're dealing with and preventing from attacking our businesses for two hours. I'm so excited about this. Not only did I register, but I like unofficially am hosting a watch party. So register, sign up if you want to hang out and chit chat while it's going on. Share, you know, hot takes and whatnot. Whatnot. It's all free. It's going to be fun. January 29th, 11am to 1pm Every single day of the week has a special Every single day of the day of the week has a special segment. And Thursdays is what's your meme? Where Dan Reardon, AKA the Haircut Fish Dan Reardon, AKA the Haircut Fish makes a custom meme and it's a good one. So ladies and gentlemen, you may know if you're a regular here. I, I love mfa. I actually have a special T shirt for tomorrow that I'm gonna unveil. And Dan Reardon took that as guidance. So you might not know this meme, but here we go. Ladies and gentlemen, this is your meme of the week. Would you look at that? No mfa. As I'm looking to buy a used car. There we go. So there we go. That is your custom meme of the week. We are running way behind schedule, but that's okay because we're having fun. All right, guys, let's keep cooking and we'll get Zach Hill logged in right now, hopefully as Zach hasn't even accepted permissions to log into the platform. So we'll get that sorted out, too.

C (45:30)

Predator spyware dodges researchers. Jamf Threat Labs found Predator spyware can diagnose failed infections and detect when security tools are present. Using error codes like 304 to signal active analysis, the intellect made tool can spot utilities such as Frida and even Netstat, aborting deployment to avoid scrutiny, while also suppressing crash logs to limit forensic evidence. JAMF says Predators troubleshooting and anti analysis features outclass other commercial software following recent research that highlighted similar differentiators.

A (46:10)

All right, so couple things here. Number one, Predator spyware is kind of like the Scotty Pippen of spyware. And, and by the way, drink. So Pegasus is Michael Jordan, okay? Pegasus is the Michael Jordan of spyware. Predator Scottie Pippen. And if you don't know what I'm talking about, watch the Michael Jordan documentary on Netflix, you youngs. I'm sure that's recent enough and it's on Netflix, so that's kind of in your vibe. Predator is wicked effective. Spyware is a whole thing. Zero click spyware. Sending it to someone's phone, being able to read their text messages, their call logs, look at their photos. All those things is legit. Predator guys, they're making a ton of money off Predator. Straight cash, homie. So do you know what happens when you have a piece of software that's making unbelievable amounts of money? You continue to make it better, you refine it, you listen to your customers. It's no different. The fact that it's used for crime doesn't matter.

C (47:10)

It's.

A (47:11)

It's just any piece of tech right now. What they're saying here is they're basically adding capabilities that make it difficult to analyze or detect. Two things. One, I've said this on the regular anytime. There's anti analysis capabilities built into a piece of technology that is going beyond the sheer capability of the, of the malicious function of it. The, the info Stealing capability of it or the payload and the ransomware encrypting data capability. Right? Like it does the bad thing, but then when you add extra value, when you put more time, energy and effort into it, you, you can make it feature rich, like having it detonate itself, delete itself, have it appear to do something else entirely. So it, it's very difficult. And that's what this predator spyware is doing. That's all they're noting here. I do want to point out, I do want to point out something super awesome and if you didn't catch this, go back and listen. It's not written in the story, but the reporter did say it, she mentioned that it has capabilities to kind of thwart detection from rita. Now, if you don't know what RITA is, and it's the first time I've ever heard it spoken about in, like, mainstream media. RITA is a tool for detecting beaconing traffic, or C2 command and control traffic. But it's a free tool and it's developed by none other than Black Hills Information Security. And RITA is actually named after John's mum. And it's, it's a free tool. It's awesome, by the way, just because. Hold on, where is it? RITA does one thing and it does it well. It detects beaconing of traffic because computers, the way computers work on networks, looks way different than the way humans do. There it is. There's John's mom. And also I can't get to it because I'm, I got an ear plugin, but just a quick shout out, a quick shout out to me since only because RITA came up, if you didn't know. I was the inaugural winner of the RITA Award at Wild west hack and Fest 2 three years ago. And it's basically a one, it's, it's an award given to one person a year for their contributions to the cyber security community. So everything we're doing here, if you didn't know, I got recognized with a pretty amazing award from, I guess, Black Hills Information Security from John. John Hammond has also won it and Tanya Janka won it this year passed. So anyway, super excited. One of my favorite professional accomplishments to date. All right, let's keep cooking.

C (49:52)

France finds free mobile over 2024 data breach. France's data protection authority CNIL find Free Mobile and parent company free. A cumulative 42 million euros for GDPR violations tied to an October 2024 breach that exposed data on nearly 23 million subscribers. CNIL cited weak VPN authentication, poor anomaly detection, vague breach notifications and Excessive retention of former customer data. The agency ordered security improvements within three months and data deletion within six months.

A (50:33)

All right, just for the sake of. Just for the sake of time, some. We don't even have anyone in here from France. As far as I know this company f around and find out that's what happened here. GDPR has real teeth. GDPR looks like a great white shirt shark, right? This isn't like a elderly person with dentures. Gdpr, which is the. I don't even know what that acronym stands for. It's like General Direction Privacy Regulation or something like. Or General Data Privacy Regulation. Whatever it is, it's basically European Union's privacy law. And they don't mess around when it comes to civil rights around privacy of individual information. They will find you to the moon. Look at. Just look at this.

C (51:18)

Google.

A (51:19)

GDPR finds. Meta. Amazon, Google, it's like billions of dollars. And this French company, they did a. A, you know, kind of a. A boot. A booty job of protecting their app, their environment, and their data, and they got breached. And it was so egregious that they got punched in the mouth. What do we got here? General Data Protection Regulation. Thank you, Team Scott, again, for sake of time. I'm just gonna scoot on this one. I do have to get to the Citadel early. It's the first day of the semester. I always get there early on the first day, and then I show up late every other day and repels cyber.

C (51:57)

Attack on power grid. Poland says it stopped a cyber attack on its power grid in late December that officials warned came very close to a blackout. The intrusion targeted communications between renewable installations like solar and wind sites and distribution operators, but not large plants. Government ministers called it the most serious energy sector incident in years and said the motives suggest coordinated Russian sabotage, though no formal attribution has been made.

A (52:28)

Of course, like, so obviously Russia is attacking Ukraine, and then there's proxy wars going on. European Union, like, if you come to the aid of NATO or Ukraine, obviously you become a target of Russia and their alliance. So Poland getting punched but being able to defend themselves from it, attacked on the energy infrastructure. So Ukraine got hit. Their energy infrastructure has been hit multiple times by Russia with effectiveness. There's actually like a really great vice documentary, vice News documentary on YouTube around the Russia taking out Ukraine's energy sector. What they did here was. Let's see how they did it. All right. Okay. So it's a deliberate attempt to cut off power to Polish citizens. Again, this is. Russia's done this before, so it's not like they don't want to attribute it. I don't know why they don't want to attribute it, honestly. All right. They declined to provide technical details. Very likely an OT ICS attack. They probably got in through some type of IT phishing campaign or info stealer campaign and then pivoted across the environment. There's a lot of IT OT integrations going on because it allows you to remotely manage, you know, substations and power plants and stuff like that, but it also allows network traffic to get over there. You do have to understand OT and ICS type stuff. This could be a good one to bring in Don Weber or Joe Marshall to have a conversation on if we, if we have time. Yeah, you could see here they do talk about how Russia just absolutely dummied up Ukraine in 2022 and even 2017 around their energy sector. This story is interesting. Just it's more fuel to the fire of like what's going on in Europe right now with Russia and the Ukraine war. But there's no details here. They don't tell you how the attack happened and they certainly don't tell you how Poland defended itself from it. So if anything, I'm not calling this propaganda, but this is like basically a very public way for Poland to, you know, like issue a double middle finger to Russia, letting them know that their operation failed in the very public zeitgeist.

C (54:56)

Linux malware targets the cloud, steals creds and vanishes.

A (55:00)

Oh, by the way, hold on really quickly. I saw Mad Max in chat ask for short version on how Pegasus software does zero click. Basically they find zero day vulnerabilities in Apple's iOS and they don't publicly disclose it. They weaponize it and then they make a tool that can exploit that vulnerability and install malware and then they sell it to their client base for a million dollars a bullet basically. And that's what's up. So if they publicly told us how they did it, they would go out of business and then there would be all sorts of people doing all sorts of bad things.

C (55:35)

At Checkpoint detailed a new Linux cloud focused malware framework dubbed voidlink. Written in Zig and reportedly developed in a Chinese environment, Void Link bundles more than 30 plugins for reconnaissance, credential theft, lateral movement, kubernetes, docker discovery assistance and anti forensics. It also includes multiple kernel rootkits, Cobalt strike style APIs and self deletion if analysis is detected. Oh yeah, no real world infections have been noted, but cloud provider detection like those from AWS gcp, Azure, Alibaba and Tencent and Long Term Access Design suggest a professional threat actor tool.

A (56:19)

Yeah, I mean this is a great one in the world of malware. I mean this one is a double fisted situation. If you're picking up what I'm putting down, it's called Void Link. This thing's got all the hallmarks. This sounds like it was made by like not AI, but like AI. Somebody asked AI to come up with like the most op version of malware and it was like oh yeah, it can steal creds, it works in the cloud, it can hide itself, it can avoid analysis, it does all the things and it runs on Linux. Okay, so two things. Number one, Linux is just an operating system and malware can be written for it. So don't think that your Linux is running, you know, without harm. Threat actors are doing it. This one does target the. It targets more cloud based Linux systems. It sounds like so TLDR put Ed put Endpoint Detection and Response or EDR solutions on your Linux servers. Do not think Linux is bulletproof. Usually Linux is actually running more sensitive systems in a, in a traditional IT infrastructure. So make sure you're capturing all that stuff. This one I would look for IOCs. Dude, it's got tons of root kits on it, which is pretty nasty business. Let me see void link IOCs. Let's just see if there are IOCs for you to put in here. It doesn't even look like there's much information out here on this already, so that's, that's pretty bad. Who's doing the. Is Checkpoint doing this? Yeah, Checkpoint Research discovered it written in Zig. That's a programming language I've never heard of. Let me know in chat. Have you ever heard of zig? Never heard of that one. And it looks like it's Chinese based. So I guess China's getting after does seem advanced. All I would say is if you have Linux systems in your environment, this is one that you should not just make a footnote of but you should actually go look at. Because when you have a very sophisticated piece of malware, it it's someone took the time, energy and money to develop it. They're not going to put it on the shelf. It was not. This is not a college dissertation thesis project. This isn't a capstone project. This was developed with intent to be weaponized and get return on investment. So believe that. All right, we are at time. Let me do this really quickly. I want to say Hala, Hala Hala Holla at all Y', all, thank you so, Mary Mitt, so very much for being here. Shout out to the stream sponsors. Definitely appreciate the support. Guys, don't go anywhere. Take a minute, get your coffee. Thanks to Dan Reardon for the meme of the week. Absolutely. Would you look at that? No mfa guys, I'm Jerry from Simply Cyber. Don't go anywhere because we have a 30 minute program piping hot ready to load for you. Just sit right there. You are about to be delighted by one Zach Hill, good friend of mine. Many of you in the community know him. If you don't, you're about to get to know him. He is a treasure. Zach, thank you so very much for being here and doing Jawjacking on Thursdays. I'm Jerry from Simply Cyber. Until next time, stay secure. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some Jawjacking.

B (60:01)

Yo, what is going on? Simply Cyber. I want to say a huge thank you to that huge nerd, Dr. Gerald Oer, for letting me come on the show today and do the, the jawjacking with you all. So again, my name, Zach Hill. I am coming to you from anti siphon training and I do this little YouTube channel that Jerry, he likes to talk about. It's called IT Career Questions. I've been helping people with all of their IT career questions for like the last 11 years. And I've been working in IT for over 20 years now at this point. So many years of experience working in the field and then a lot of his years of experience of just providing advice and helping people and jawjacking myself, if you will. So I'm here to help you all out, to answer your questions. That's the, the whole purpose of Jawjacking is to give back to the community. And you know, that's, that's one thing that I absolutely love about the Simply Cyber community and all of you here, everybody is so welcoming and so helpful and you never, you never see that in all of the different industries that are out there. So Simply Cyber and cyber security in general, like these communities coming together, helping each other out, that's what it's all about. Like, that's, that's what these, that's what this, this industry is all about, helping each other. So that's what I am here to do with y' all today. So if y' all have questions, you can throw them in the chat. And I'd be more than happy to answer if I can, but. Hello, sunshine. Hello, Sages. You love the, the Run CMD poster in the back. Thank you. Heck yeah. Love running command. I'm a huge Windows nerd, so I'm all about the windows jaw zacking. I'm, I'm down for the Jaws acting. We can do that. Enable mfa. Yes, I, I enable the mfa. I, I may not be as huge into the MFA as Jerry, but I love me some MFA for sure. What's up? The real Kyle. Kyle, you met me. Well then apparently I met you. Good to see y'. All. What's going on? Brown Coyote, Phil Stafford. What's going on, friend? Question from Darth Looper. White Hat west reported an increase of organized physical crime using cyberspace to target and extort victims. With real world of violence. What can companies do to protect their people from muggings? Yeah. Wow. Now we're getting more in depth like into. Yeah, the, the physical aspect of security when it comes, when it's coming from the world of cyberspace. Something I think that may be inevitable in, in some ways. But it's a great question and I'm, I love to open up all questions to the community as well. So if there's anybody out there in the community joining us right now who has a good answer for Darth Looper, please do not hesitate to help out and answer questions with me again. That's what this community is all about. Right. But yeah, how do, how can companies protect their people from muggings? I mean, if it's like on campus, if you will, like companies might have to hire additional security and things like that, like additional physical security on site to help their employees. Outside of being like on physical campus, if you will, it's going to be incredibly difficult for people to, or companies to protect their employees. The best thing, like I would suggest for people who may be concerned about this, if you're working for an organizations that could be a target, potentially take off your badge. If you wear like a badge to go into work or wear any type of clothing that, you know, has that, the company logo on there, when you're leaving work, change out of that immediately. You know, put a coat on that covers up any type of logos or colors and things like that that may be representative of that organization, but you're, you're going to do have to do a little bit of a due diligence on, on your own end to protect yourself. I don't think it's going to be completely up to the companies to. To protect you. But yeah, that's a. Interesting question. Thank you. Darth Looper. Kishan Infosec. I am doing well. It's good to see you. Lucky number seven. What's up with Anti Siphon? I don't know. What, what's up with Anti Siphon? What? What you wanted to know about Anti Siphon and I have great things to say about Anti Siphon. But that's, you know, only because I work there. Not. Not only because I work there. I shouldn't say it that way. I. I love what we do there. But happy to answer any questions that you might have about Anti Siphon. DJ B sec, how are you doing, sir? Good to see you. Let's kick this off. How's it going and what have I been working on lately? I have been working on a new webcast for Anti Siphon and Black Hills that's actually going to have to do with business email compromise, which is something that was just talked about on the show with Jerry. So it's going to be like a two hour long webcast where it's going to be very much like Dungeons and Dragons, like where we're going to bring in the community and get as much community involvement as we can as we go through like a business email compromise scenario. And yeah, we'll go through like different challenges and things like that. We'll be like rolling dice to figure out like the levels of challenges and things like that. It's going to be a lot of fun. That's like something that I'm working on that I'm very excited about. So yeah, it'll be different. I'm trying to think of like other stuff that I'm working on that would be as fun as that. But I'm just getting ready for Wild west hack infest in Denver. That's coming up. So that should be fun as well. Yeah. Let's see. Real Kyle privacy, situational awareness. You're an advocate for dark web monitoring. You have a lot of cameras and law enforcement presence. Join InfraGard, partner with Law enforcement. Sign up for security bulletins. Cool. Lucky number seven. You want me to tell you about Anti Siphon training? I could do that. Let me grab a link for you. So Anti Siphon training is the tring training organization that was created by John Strand. John Strand is the owner CEO of Black Hills Information Security. I'll start with Black Hills. So Black Hills, if you're not familiar with Black Hills Information Security, they do consulting, you know, like pen testing. They do like sock services, AI pen testing and things like that. Now, John Strand has been an ethical hacker penetration tester for 20 plus years, I think, at this point. And he was also an instructor for an organization called sans. SANS Institute is very well known organization, training organization, very expensive, very, very expensive, but very, very well known. And they, John Strand was a teacher there for many years and he got kind of tired of the way the SANS model was working with how they were charging for training. Well, specifically how much they were charging for training. And he was like, I, I don't want to do this anymore. I want to provide affordable training to everybody. And that's where he started Anti Siphon training. And when he first started Anti Siphon training, he, his classes were all pay what you can. And he still has pay what you can classes. We do a bunch of pay what you can classes that start at $0 or $25. But that was John's huge mission with Anti Siphon is creating affordable training for everybody. So if you check out Anti Siphon training, John has again three classes. They're all pay what you can start at $0. And they're all very much hands on. You know, they get, you get your hands on the keyboard, so you're actually doing the thing. You know, you're not just like listening to methodology. You're not just following PowerPoints. You're putting your hands on the keyboards and you're doing the thing. And that's, that's huge. It's incredible. And again, you could, you could pay zero dollars to do that. That's Anti Siphon training. That's like literally the best way that I could put it. So you have, you know, John Strand, who is a former SANS instructor, we have I think of like six or seven. I didn't mean to do those numbers. I apologize. Please don't yell at me. But we have like eight or so former SANS instructors who are now instructors at Anti Siphon training as well. So you get, you know, the same quality of training that you would get at another organization for literally like, I don't know, it's like 90 or like 10 of the price. I don't know. Sans charges like $10,000 for a class. And Anti Siphon, if you want one of our paid full classes where it's 16 hours long, it's live, you get access to the recording, you access to the labs, that's like 500 bucks. I'm sorry, Jerry, I, I didn't mean to do like a whole ad on Anti Siphon, but I was asked I delivered. Thank you, Jay Gold, for providing the link to the YouTube. Grab a drink here. All right, Sage the Professor, thoughts on the massive outage yesterday? Given the response and lack of technical details, do you believe this was more than just a configuration management issue? I mean, we could speculate all day, right? I. I have not heard much about the. The details myself either. That was something I was hoping that we would hear more about today. But this one is a little bit interesting just because I feel like there wasn't as much info put out about it, but it might not have been as widespread as maybe we had thought. But I don't have any initial thoughts that I could, you know, provide to you that would be, I don't know, fun or exciting to chat about. Do I think it was more than a configuration management issue, though? No, I don't. I don't know. I think if it was any bigger, we probably there we would hear about it in some way for sure. Ad Tech 247 any. Any Windows 11 tools that can help to minimize the footprint of the OS and remove necessary services? That's a great question for the chat out there because I just upgraded to Windows 11 about a month and a half ago. I'm not, I'm not enjoying it myself, but I have not noticed any issues with the footprint. Are you trying to like create like smaller images or something like that? What's, what's your purpose? And then maybe we can get some. Some better answers out there for you, friend. Berlin Dab. What is. Oh, Jay. Jay Gold. Thank you. They provided the, the link to that. Yeah, just it. Career questions on the YouTube. Keith Sloan. What's going on, brother? Good morning, Mr. Hill. You have an infosec meeting today. What would be a good question to pop it off? Oh, man. To pop off an infosec meeting, I would ask how many of them have their passwords written on a sticky note under their keyboard? I don't know. I. That's like. I would honestly like, I'd love to start off meetings with like random jokes and things like that. So that's where I would be looking to, to start a meeting. But man, you're like, that's a good question. Anybody have any suggestions for Keith? Yeah, all right. I, I also can. I'm very good at straight face. Like, I could do like complete straight face, like serious mess with people type of thing. So, you know, I go into a meeting, be like, so it looks like your email was compromised today. You know, it's a. Whoever's in the meeting, you know, Just, just mess with them, just play around with them, see what happens. Right? I love doing stuff like that. And then now I'm scrolling through the chat, y', all, so try to grab the questions. If you do have questions, you can put them into the chat. We'll try to get them queued up for you if we can. Thank you all for joining Jawjacking. Just a reminder, my name is Zach Hill and Jerry asked me to come and guest host today, which I'm super stoked about. 4 is that 4lk for IK? I don't know. What do you think of companies that have a solar solo runner in charge of cyber SEC operations and do not provide training and heavily rely on security through obscurity? So quite honestly, you are going to find this everywhere out in the real world, right? This happens so, so often. There's so many organizations out there who maybe don't even have like a specific like security person in charge. They have a network administrator who just so happened to absorb all of the cyber security, you know, tasks as well or you know, have like a system administrator where it's the same thing or an IT director where they absorb not only everything cybersecurity related, but they absorb all the network duties and all of the sysadmin duties as well. You'll always run across organizations where you have one person who's in charge of maybe just one specific thing and you know, within that organization you need multiple people to support that, but you just don't often get the funding for the staff that's required to support all the different services and things like that. So it's very typical in IT where you just, you're kind of like short staffed in a way or you just don't have the specific people that you need. That's I guess that part of it that's industry like that. You're just always going to see that. The rest of your question, however, they're not providing training. That's definitely a concern. There are tons of organizations out there that do believe in training and for as many organizations out there that you know, believe in training, there's probably like twice as many that just don't think it's necessary. They don't want to put the funding towards it, they don't want to have employees take the time to do it. That's a very frustrating aspect of the industry. There are organizations out there that will provide the training for you though. So that's like a red flag for me. Like that's a frustrating thing, right? That would be Something where if I was experiencing something like that day in, day out, where maybe I'm already frustrated that I'm the solo person in charge of something and I'm not getting the training that I need, I'd be looking for a new position. So I guess off the bat, those are concerns that I would have. So where I would be at mentally is I would be preparing myself to find something that's going to really fit, you know, what it is that I'm looking to do better and maybe give me a little bit more peace of mind and reassurance. Right. That would be, I guess, where I'm at with that. And then for your last part with them, relying heavily on security through obscurity. When you have a solo person in charge of cyber security, you're very limited on what your options are to protect your organization. So if they're going, you know, the, like, cyber deception route, if you will, because that's really kind of where I would see security through obscurity. That might be your only option that you have. That might be the only option that you're able to roll with. That's within your budget. And that's just what it is. So it's another thing. It's just like, that just could be what it is. If you're able to get more money to, you know, support new products or different products, things like that, where you're not solely relying on deception, that'd be fantastic. But again, that you're more than likely working within your budget to. To manage whatever security you're able to within that organization. So hopefully that all makes sense. And thank you for the question.

A (77:02)

And.

B (77:29)

Hello. Sorry, I'm not sure what happened there. It showed that I. I got disconnected. That was interesting. My fault. I had to re. Add myself. We should be good now. I'm back it. Yeah, we're good. We're good. It was apparently my Internet. Maybe it was Verizon going out. Who knows? My bad, y'. All. All right, let's still. Still going through the chat. Is that tiny or was that cup massive? It's a pretty big cup. Rural Internets, you are not wrong. I definitely live in the middle of nowhere, so very much rural Internet. Following back up on the Verizon question earlier, DJ B Sec says on the Verizon issue. No, this was. It was not an issue with E Sims. It was a provisioning issue. Thank you. DJ B Sec, you heard for J. Jost. Sorry. Josh says they heard Verizon hired Carl yesterday morning. I'm gonna have to get Jerry's sound bite. Soundboard so I can do all his fun little clips. Do our Carl sound bite. Jim Wales, you are welcome. I helped you when you're getting started. It's crazy. Glad I could have helped in any way. What's a dumb password idea? Oh, gosh, that's a great question. And just reminder, if you have questions, you can throw them in the chat. I'm scrolling through all of the chat right now, trying to keep up with you all, but y', all, y' all are on fire today. But it's good to see a lot of you here. So many familiar faces or familiar names. This one from Reverend Have I ever heard of AI detecting humans with only WI fi signals behind walls? Not. I don't know if it was specifically like, AI, but I have seen there's like a TED Talk where somebody. I believe it was a TED Talk where somebody was showing how they could map out a room using WI fi signals. And that was pretty cool. I don't know. I don't think, like, AI was involved with it at the time. Like, this was a couple years ago, so it could have been like, when. When like a, like, you know, AI was like, really becoming, like, a thing a couple years ago in that. When I saw that video. But I have seen, like, room mapping with the. With WI fi signals and things like that, which is. That's just wild. This is so crazy to me. Oh, here we go from Jay Gold. It's not just WI fi, but yes, it's real. The creator of Oculus VR is now working in tandem with US Military. Develop some pretty wild stuff. Yeah, it's fun. Rabbit hole, for sure. Oh, it looks like I'm about caught up with the chat, I think so. David. David B. The truth. Zach is the man. The most humble and super cool dude. Can't wait to hang out with you again, sir. And good morning. Good morning to you. Question from Jerry. Good idea to start a cyber YouTube channel in 2026 for personal branding. It's always, oh, I'll keep that up. It's always a good idea, I think. And, you know, this is a. It's a good question. And I don't like it at the same time. Right? Because I don't want. I. I say that I don't like it. I say it's a good question. I don't like it at the same time because I don't ever want to encourage people to be a YouTuber or a content creator or a quote unquote influencer. That is never the point. That I would like or stance that I would take to tell somebody to create a YouTube channel or to create content. The whole purpose is for personal branding. Quite honestly, the purpose of creating the content is to put yourself out there. Because nowadays in 2026, you know, the whole entire job market, the whole entire job industry has changed dramatically and it's not as easy to obtain employment as it once was. You know, like we all know, you can't just go into a physical location and ask for, you know, like a job application. You can't just ask to talk to a manager and things like that. And you know, now even with the, the whatever, like huge development, if you will, not even whatever, but of how easy it is to apply for jobs like LinkedIn, like one click apply and all that crap, right? Like you could just go and spray and pray, you know, hundreds of job applications at one time and that's not going to do anything for you. Honestly, there's so much success these days, especially within the information technology industry as a whole, with personal branding, with putting yourself out there. So having a YouTube channel is fantastic. It's a fantastic way of just putting out content that shows off what it is that you're capable of doing. It can show off like the, your knowledge base, you know, so you could be putting out projects that you've done, you could be putting out a video, talking about, you know, whatever it is that you experience in the industry so far. You could do like a day in the life of a college student, you could do a day in the life of somebody who's learning XYZ about, you know, it, right? There's so many different things that you could do with this, but the whole point of it is to get people to kind of see what it, who it is that you are, what it is that you're doing, and have basically an idea of the person you are, right? Anytime you're applying for a job and you're getting any type of movement, movement in that job application process, as soon as your application hits somebody's eyeballs, a real person's eyeballs, and they can see on your resume that you know you've done projects, you have a website, you have a GitHub, you have a YouTube channel, you know, your own, like I said website or whatever, right? Blog, all the, those things, like they're going to be looking at those things, they're going to be looking those things up, right? Immediately I do. Anytime an application comes across my, my desk for an interview, I'm immediately looking that person up online. And seeing all the things that they're doing outside of that, right outside of just like the, the one off chance where you maybe fill out an application, you get interview and those things. The personal branding aspect of this, putting yourself out there, getting on YouTube and LinkedIn and all those things, networking network with your peers. Everybody who's joining us right now. You are part of the simpler, simply cyber community. There are so many amazing communities out there in the cyber security world and you have find them and join them and be part of them, participate in them. The more that you participate, the more that you actively become part of the community, the more that the community as a whole recognizes you, they see you, they remember you. And the more that you are participating in a specific area of this, like a specific niche of it, if you will, the more that those people again will recognize like hey, you know, so and so is very, very good with mfa and we need somebody in our organization that can manage MFA all day. And that person, they talk about it all the time. Let's go see what they're up to. Let's see if they need a job. Might sound like, oh that like crazy but this happens all of the time. Every single day. Every single day I'm on LinkedIn. I think I feel like I see somebody new making a post about like what they did such and such thing and somebody reached out to them. It's probably not every day. Like that's like a little bit of an over, over exaggeration but it is weekly, I, I can promise you that. So yes, it is a good idea to start a YouTube channel or a blog even. The real Kyle, Kyle who's going to be at B sides Tampa in May. Oops, I will not be there. I don't think my mom might be there. My mom went to, to B side not Tampa. Wait, did, was it Tampa? I don't know. Mom, are you in the chat? Did you go. I think she went to B Sides Tampa last year and she met John Hammond and that was really cool. That was so funny. She, she sent me a text message of a picture of her and John Hammond and I about died. I thought that was like one of the funniest things ever. Alex COHEN Predictions for 2026 from a threat intel perspective. You know predictions are so hard to make when in it. And I, I, I say this because I remember asking this question to somebody. Gosh, it had to be like eight years, seven or eight years ago. And they actually they were from it Pro tv. Who? My, my cup is from Rip. Rip it pro tv. But yeah, I asked basically a very similar question of like, hey, you know, looking into the future, like what do you think is going to happen? And this person, their name was Adam Gordon. He's like Zach. And you know the last X amount of years that you've been working in it, how, how often have things changed? I was like, all the time. Like it seems like they change every day. He's like, yeah, change every day. Things are constantly moving, things are constantly evolving. Think about that question that you just asked me. Could you honestly look into the future and think about like what could possibly happen in it? I was like, I mean I think I could, I was like, I could think about some things that would potentially happen. But yeah, I guess, I guess you're right. I can't ultimately like predict like the future maybe what would change. And I'm really stressing this because this was before AI like in chat GPT exploded. Since then, I don't, I, I hate trying to make any type of prediction because I never saw chat GPT coming. A lot of people never saw Chad JPT coming. Right. And it made a drastic change within the industry as a whole. So that's for me to like saying or answering your question. I don't know. Right. Like AI is changing a lot of things, making a lot of things better. Making a lot of things maybe not better, but specifically with Threat intel you're, I mean we're gonna, we're going to see probably things change in that side of the industry. More specifically like leaning with AI into that. Right. Like that's where my, I guess initial always concerns are going to be as we're looking, trying to predict the future is what impact is AI going to have on this? So that's, that's where my head is. Like what a, what impact will AI have on Threat Intel? And I don't know the answer to that question but that, that's ultimately like where my headspace would be in this is looking at in what ways AI might have some type of impact on that, that type, that area of the industry. If anybody else out there has any other suggestions for Alex or anything with that, please throw your answers into the chat. Here's another one from different Alex, what would be good training for Sock team lead, maybe half managerial and half technical. A new appointed team lead though? Oh, I don't know that there's going to be any specific trip training out there that relates to the manager portion of this quite honestly. And again throwing this one out to the chat, if you know of anything that specifically leans into the managerial portion of it. Let me know that you're probably looking at more like training that's going to specifically relate to manager training. I don't think you're going to have anything that's going to mix it up in any way. But as far as sock team lead, what type of environment are you in? You know, like what, what tools, things are being used there? Because there's lots of really good sock training out there. But I know a lot of it leans into some of the different tools and things like that. You know, whether that's like elastic or splunk, things like that. Right. Anti siphon training has a lot of really good sock training. I'll grab this link. Here's anti siphon training. Hayden Covington, though, would be my suggestion. I'll pull up his list of classes for you. It's actually this one right here. So Foundations of Security Operations. That might be a good one for you. It's not. Again, it's not leaning into the managerial portion of it. It's going to be a lot more technical, but it's going to provide a lot more information for you on not well setting up kind of like the sock and what you would need to. To do there. I forgot how he explained this to me the other day. It was really good explanation. I did like a interview with them. Yeah, it basically like really gets you in depth with like the sim and things like that though. But it's a. It's a really good class. That might be up your alley though. Jerry is one of your favorite influencers. Jerry's the. The ultimate influencer for sure. Oh, we are at 8:30, so I think we go to do a half hour of this and then we cut it. Is that correct, David? You're saying the audio is silencing me. I don't want to take up everybody's time today. So I think we got through a bunch of the questions. Appreciate y' all joining. I'll get confirmation from everybody. If I didn't get to your question today. Jerry does the jawjacking every morning at the same time, same place. So you can come back tomorrow and he can answer your questions. Or if you want to come back next Thursday, I'll be here. Oh, I'm good to finish up at my own pace. Solid. Yeah. So I mean, I will wind it down here with you guys. It's a great first day. Super stoked to be here with y'. All. I'll be back next Thursday again. Love doing this. I love doing amas and I love helping out the community. So thank you all for, for being here with me and thank you so much for sharing your time with us. Thank you to Jerry Ozer for letting me do the the Jawjack and such a such a cool experience. If y' all need anything from me, you can find me over at Anti Siphon Training. You can find me on the IT Career Questions YouTube channel. Otherwise, I hope to see y' all next week and see you guys in the chat tomorrow. Have a great day and take care everybody. See you all later. Bye Bye.