A

All right good morning everybody welcome to the party if you are looking to stay colonel in the top cyber threat news of the day while having acronyms spelled out and complex terms simplified so it's easy to digest and absolutely take action on this information whether you're a senior practitioner looking to drive cyber risk down for your business stakeholders or you're somebody looking to break into the industry and just understand what it is that we have going on here you are going to get value from the show welcome to simply cyber's daily cyber threat brief i am your host doctor gerald oer this is episode ten fifty it's january twentieth twenty twenty five we're off and running giddy up get your coffee and let's get cook yes yes good morning everybody hope everybody is having a wonderful tuesday so far and that your monday went splendid i am super pumped to be here got a whole pot of coffee cooking in my my gut right now it is it is the semester so i am teaching at the citadel which means if i'm wearing a collared shirt good chance i have to go out in public i do want to share with everybody a little early tidbits tuesday so every day of the week has a special segment and tuesdays is tidbits tuesday where i share a little bit about myself i'll go ahead and give you a little taster of what you can expect i i have two computers a laptop for work work and travel and then the main you know the main battle station for streaming and yesterday i got an update for a stream deck on my laptop and i said sure no problem applied it works fine i'm like okay i came into the studio and as i'm getting loaded up it's like hey your stream deck needs update i was like sure let's let it ride fool i am a fool do not like i might as well have just applied patches on friday at four o' clock because yes the update applied but my stream decks broke now so i'll be doing let's see i i do have access to sound effects but controlling the podcast will not happen so i might even i might even punish myself with manual sound effects today the pup is good they actually went to the groomers this morning to get their hair cut so they are up and running sleeping back in the crate thank you for asking tj definitely appreciate that guys every single episode yeah you got to patch it ah you gotta patch it yeah got to patch it unless you're about to go live guys i got to tell you every single episode of the daily cyber threat brief we go through eight stories they're the top stories of the day i do not know what they are haven't researched or prepped for any of them do you know why mary ellen kennel's daughter knows why ain't nobody got time for that ain't nobody got time for that we're up here trying to reduce cyber risk not research and prep for shows come on bro all right i'll just i'll do manual sound effects for the first half of the show space tacos okay so if you're new here drop a hashtag first timer in chat excuse me blood sweat and rage sneaking in to the stream at work thank you very much blood sweat and rage guys listen if today's your first episode drop a hashtag first timer in chat control hashtag first timer in chat bw five thousand five hundred forty two just did a buffer overflow on my brain guys we have a special sound effect a special emote for our first timers and we'd love to welcome him in yeah i'm sorry space tacos it's so easy for me to push the sound effect button it's almost second nature at this point i'm coming to you live from the buffer oer flow studio bringing the simply cyber's daily cyber threat brief and let me tell you not only am i live but i'm handing out cpes like they're tic tacs you get a cpe you get a cpe let me tell you every episode including episode ten fifty today is worth half a cpe so say what's up in chat grab a screenshot file it away on your desktop in a folder count up those screenshots once a year and divide by two that's how many cpes you get so if you have a cyber security certification that requires maintenance through continuing professional education which i know sounds like a lot of words i just said there's and i'm i am talking quickly so i mean i guess watch on replay at half speed and i probably sound normal go ahead get those cpes all you gotta do is say what's up in chat it'll show up right here grab a screenshot the name of the episode has today's date and unique identifier in at ten fifty that's not a coincidence it's literally deliberate christopher icia knows what's cracking see right there says good morning all one twenty twenty six cpe that's right all right so get your cpes here we got our first timers we got our cpes i told you you're going to be getting cooked on the news which is perfect educate educated guesser says watching this on my second day of my position as the info sick systems engineer all thanks to that podcast hold the phone ladies and gentlemen can we agree and educated guesser wrecking ball hell yeah man educated hey if you got a new job recently share it in chat i my favorite thing to click is the wrecking ball i'll tell you what that's what we're all about here yeah robert hendrick if it has a caller i'm teaching that day i used to wear college shirts every day i have like four hundred of these type of shirts never wear them anymore i wear cyber t shirts now that's my jam all right guys real quick the show is not possible without the patronage okay all right all right code brews right i gave it like a wrecking ball all right wrecking ball should be the real sound effect okay it's not fair for someone who got a job to listen listen to me wrecking ball it guys the show's not possible without the patronage and support of our stream sponsors please be kind if you like the show support the show you don't have to financially support the show but go check out the stream sponsors that is how you can support the show and support me bringing this show to you so i'm gonna put a url right here in the pin comments go ahead click on that while you listen to the adrian yo leadership they're at work demanding ai automation you can't go to a conference without ai slapping you in the face you can't have a conversation with somebody in our industry without ai slapping you in the face your employees are using it you know shadow ai is sprawling across your organization sales is using one thing marketing's using another no one knows anything you don't even know what data is going in to those systems you're one security incident or audit failure away from it costing you dearly we could have ip theft regulatory fines competitive positioning you could get fired honestly but what if ai became an advantage instead of your biggest risk what if teams could innovate faster while staying secure that's the dream well guess what it doesn't have to be a dream any longer because area is got you covered it's a unified platform that combines ai security governance and orchestration so you don't have to choose between innovation and protection have your cake eat it too right get the best of both worlds take control today turn your ai stress into ai success embrace enterprise ai let it wash over you in an awesome wave go to simply cyber io ai r i a to check out area thank you very much area they're actually going to be coming on for a firesides later in february so you can get to ask these folks these questions if you'd like who's taking john strand's active defense and cyber deception this course is going on this week yesterday was the first day i'd love to know if anyone in chat has taken it and how the first day went anti siphon training is disrupting the traditional cyber security training industry by offering high quality cutting edge education to everyone regardless of financial position now they bring all sorts of wonderful speakers into the talks and i gotta tell you michelle khan guys this michelle is a good friend of mine i really like michelle khan if you know michelle you know how great a person he is he's the good stalker as he self proclaims you can check him out for free tomorrow january twenty first from noon to one pm eastern time you can learn to oint like a hacker this is phenomenal you can uncover secrets hidden in plain sight michelle is dino might right he's like jj walker dino might drink that's a real deep cut that's a seventies cut space tacos i just want to let everyone know for real though if you like michelle khan go to anti siphon training dot com register for the webcast but i also want you to know look at this michelle khan is going to be we're doing something little fun this year on simply cyber it's not just me making produce videos michelle khan's got a video dropping on simply cyber on sunday this week so just six days away five days away from now so if you want all of that get some michelle khan tomorrow get some michelle khan on sunday you get a mashal khan you get a mashaw khan get your opry what's cooking for that go to anti siphon training dot com i'll drop a link to this webcast i'm telling you you will get value from michelle kh's talks i promise you of course we've got threat locker i'll be at zero trust world twenty twenty six i'll be at zero trust world twenty twenty six doing the daily cyber threat brief live from the show floor that'll be a fun experience so come check it out but let's hear from threat locker longtime sponsor of the channel and i i i really do think that they have a special product like it's very effective i want to give some love to the daily cyber threat brief sponsor threat locker do zero day exploits in supply chain attacks keep you up at night but worry no more you can harden your security with threat locker worldwide companies like jetblue trust threat locker to secure their data and keep their business operations flying high threat locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance onboarding and operation is fully supported by their us based cyber hero support team get a free thirty day trial and link learn more about how threat locker can help prevent ransomware and ensure compliance visit threatlocker dot com dailycyber all right we got to get cooking really quickly i see uni three hundred ninety five in chat uni three hundred ninety five saying where's the link i i did mention several resources so you'll have to be more specific i'll get you the link but i just don't know what you're talking about specifically and i don't want to just throw links at you like that meme of the hot dogs you know what i'm saying like let's do this all right hey everybody do me a favor sit back relax space tacos spicy and let's let the cool sounds of the hot news wash over all of us in an awesome wave i will see you guys at the mid roll let's cook from the.

B

Ciso series it's cybersecurity headlines these are the cybersecurity headlines for tuesday january twentieth twenty twenty six i'm sarah lane gemini prompt injection flaw exposes calendar info mego security found a prompt injection issue in google gemini that lets attackers hide instructions inside calendar invites when users asked gemini basic scheduling questions the model copied private meeting details into a new calendar event visible to the attacker google patched the issue after disclosure researchers say ai native workflows broaden the attack surface as other labs recently demonstrated similar data exfiltration and privilege escalation paths across copilot vertex ai agents and multiple ai coding ides hacker admits to leaking stolen supreme all right.

A

Hey so check it out first of all this infographic dark mode with a little pop of color very nice very nice okay so check it out google gemini google is got all of their tooling in one ecosystem very similar to like the apple ecosystem all right gemini is their ai tool you have google calendar google mail you know google like google all the things right google drive you know so apparently this is straightforward a malicious user can it says malicious invite but it's not like they're detonating malware on your computer my understanding is the impact again really quickly i like to give you additional insights and value in this show not just read the news to you like you're you're all adults here like you don't need me to read the slide to you but you know i want to give you value right that's why you should show up as a risk professional right as a grc person or just as a cybersecurity professional in general when i hear something like this my immediate thought is so what like so what is what what is the impact like it could be the coolest thing ever and if it's not really impactful you know i've got other things to you know cook on so what's the impact here the attacker can see the contents of your calendar invite now you know i don't know about you but i don't i'm not storing secrets in a calendar invite i mean a lot of times i forget to even put like a description in there unless i'm meeting with somebody for the first time and the meeting is like more than a week away i'll put something in the description simply to remind me of what i'm about to have a meeting about so you know it depends on your speed right like maybe you're maybe you are putting secrets inside of it at the end of the day an attacker is able to use gemini to create a new calendar invite that has information from another calendar invite therefore giving like a breach of confidentiality of whatever that calendar invite was to the attacker and the victim cannot control that is my understanding of course the problem here is that gemini as an ai tool as a non human what do they call it nhi non human what hold on there's an acronym that's getting thrown around now nhi hold on one second nhi ai agents no it's non human something non human identities put that on your bingo card for twenty twenty six you know these non human identities are getting very wide permissions because we want the ai tool to be able to do all the things and unfortunately this you know basically right click permissions for everyone is causing it to you know touch things that it shouldn't necessarily be touching and obviously cause problems i would say while you know this particular attack does not give me pause for concern around impact it is an indicator that the gemini ai tool does have greater permissions or it's not really the permissions it's like the semantic guard rails of when it should right i should be able to ask gemini about my own calendar invites and it should be able to read the contents of my calendar invites to be able to give me insights like oh hey gemini tell me about my week this week coming and what should i do to prepare for it and it looks directly at all the bits of a meeting invite on tuesday and says hey you got a really important meeting on tuesday with these three people would you like me to prepare a bio or background on the most important person in the room so you can be prepared yes that would be phenomenal thank you so there is utility in having it read the contents of your calendar so don't don't don't this is not a don't let it read it it's let it read it within the conditional access of who is asking and that is a more complicated problem to solve and it's one that you know all the ai platforms are going to have to solve because like i said this indicates that the gemini can reach in so here here's another one my calendar not a big deal but what if the attacker says hey create a calendar invite like do this thing but also look inside the emails for anyone who sent an email from whoever is currently invited to that meeting and add that to the contents of the description of the meeting that would be a huge calendar description but it doesn't matter because now the attacker can see sensitive emails and now we've got ourselves a problem so keep your mind open i do want to say holla and what's up to first timer k four thousand three hundred thirty three welcome to the party pal welcome to the party hold on and it looks like we have a deb wiggly sighting ladies and gentlemen deb wiggly sighting welcome to the party deb welcome to the party pal court data.

B

Twenty four year old nicholas moore of springfield tennessee pleaded guilty to hacking the us supreme court's electronic filing system more than twenty five times in twenty twenty three using stolen credentials then posting screenshots to an instagram account to show off the breach prosecutors say he also accessed americorps and va systems with stolen logins leaking personal and health data from victims he faces up to a year in prison and a one hundred thousand dollars fine what an idiot uncovered oh my.

A

God you are so dumb you are really dumb for real all right so like listen you and i are like worried about next level hackers and you know sophisticated attacks and chaining vulnerability exploits together this dude just steals some creds and dumps data from the supreme court you fool all right so twenty four year old dude this guy is more than lucky that he's only going to get a year of prison time oh okay so he used stolen credentials first of all stolen credentials can be you know got many different ways i'm sure the us supreme court like he didn't hack one of the supreme court justices right i'm sure he hacked somebody who just works there right like carl in accounting the supreme court is an institution but it's also an organization so it need like the supreme court justices get paychecks the person who like makes sure the audio visual works in the room where they hold court gets a paycheck the person who is a stenographer gets a paycheck it's a business man so all of them have access to things they definitely have it support and this guy got somebody's creds now number one i want to rage please if you can we got i gotta add a red hulk i have to add a red hulk emote to the tray here for the squad members ah this is how i feel do you know why because this guy used stolen creds do you know what doesn't work if you have multi factor authentication enabled at the supreme court if you have multi factor authentication enabled this twenty four year old gets stopped at the gate with his stolen credentials and asked can i see your second factor and then he's like i don't have one okay so they didn't have mfa in place which is absolutely unacceptable absolutely unacceptable it is possible that someone reused credentials but it doesn't even matter dude not having mfa for the supreme court in twenty twenty six is ridiculous it is absolutely it's egregious okay now this guy took it to the next level and i i i just i'm i'm like borderline beside myself right now i am be i am be smacked he started an instagram account called i hacked the government where he posted his data leaks most people who don't go to jail for being idiots will drop these things on the dark web or on telegram behind sock puppet accounts this guy did it on facebook basically there's no question this guy would get caught do you think for a second the government doesn't have a relationship with facebook or meta or whatever to ask them for the whoever this is tennessee come on tennessee all right he stole creds from a marine corps veteran to access the department of veteran affairs my health vet online and leaked that guy's information nice job jesus criminy this is a garden variety like hey for you youngs all right so if you have gray in your hair or you know if if you use just for men or just for women i don't even know what they call just for women but if you are supposed to have gray in your hair you remember the nineties this was like this was a thing you would do in the nineties because your only crime is curiosity in twenty twenty six they have the receipts they have the logs they have the law enforcement relationships you're gonna get caught you donkey anyways if this is you put multi factor authentication in place.

B

Pdf cider malware pdf cider is a newly documented backdoor malware delivered via dll sideloading in spear phishing zip files security firm resecurity says it uses a fake pdf twenty four executable to evade av and edr runs commands in memory over an aes encrypted cpu c two channel and includes anti vm checks dns exfiltration and decoy intelligence docs researchers describe it as an apt style tooling focused on stealth and long term access rather than mass infection acting sisa chief sought out.

A

All right pdf cider malware long term covert access so if if your neck hurts it's probably from the whiplash you're suffering between this fool who steals creds and just dumps data like you know like a like a a rookie right to this sophisticated likely nation state threat actor developing a you know low and slow rotisserie malware that is long term persistence okay it's got a dll for side loading so really quickly if you didn't know the the microsoft windows operating system there are files called dll's you've probably gotten an error message at some point in your life where there's a missing dll and the program won't work or you just see dll's an exe file an executable right like calc exe command exe winword exe those are executables right you double click them and they launch an application very familiar with them it is a pe file portable executable file that's what you call it in you know it world or or in malware research or reverse engineering or software exploitation whatever they're called pe files but they're the executables a dll dynamic linked library are also portable executable files you just don't double click them to launch them now the reason i want to bring this up is because you'll hear side side loading dll's or dll bring your own driver type stuff so i want to explain what the hell these things are in the world of windows there's a lot of functionality that you would just normally need access to writing to disk opening network connections doing certain things that are repetitive if dll's didn't exist then every application you have on your machine would require all of the functionality to be there which would be these giant monolithic applications and it would be unwieldy and software developers would take a long time because they'd all have to be developing their own crap so what happens is think of it as like modular i write calc exe or yeah calc exe and i know as a developer for windows applications that windows operating system will come prepackaged with all of these dll's and i can call those dll's and use them they're like they're like python imported libraries or you know something like that that's what dll's are they allow developers to write windows applications faster more consistent more stable because they're not writing their own freaking drivers to do silly things that are already done by microsoft microsoft developers okay so that's what dll's are the problem is the problem is when you side like when a hacker does this they overwrite that dll file the application that you know whatever calc exe doesn't know that that dll is malicious it just knows it's going to reach out and call that dll so it calls that dll and boom now you got malware running all up in your face all right so that's what's up and that's why dll side loading attacks happen the the main application is loading the dll into memory to execute and and the the malware researcher has either replaced it renamed it whatever so that's what's up this is this is why like you know what do they call it like cert like certification of software software certification can be done because then side loading it won't have the cert jesus man it won't have the certification because it'll be a different file right you can also use hashem that's not really a thing all right so check it out infection chain there's got to be an infographic on this one right there's got to be let's go all right campaign begins with a spearfish email containing a zip archive well there's your first step columbo drink columbo is a detective from the eighties all right i guess i can use matlock right kathy bates brought matlock back if you get it like listen if you get an email with a zip attached to it no no we're good here delete all right so inside of it is a digitally signed executable labeled pdf twenty four app okay so digitally signed is what i was saying before when i was saying certificate or certified it's it's signed with the certificate so this app is signed called pdf app twenty four and it impersonates a known pdf creation software bro just pay for adobe when executed the file shows no visible interface but immediately starts running in the background okay assuming it can create a pdf this would be a trojan malware attackers exploit weaknesses in the legitimate app to trigger dll sidelong a malicious crypt based dll is placed alongside the executable causing the program to load it instead of the genuine system library so you can see here this is exactly what i'm saying like they're they're saying how the attack works it's i just went deeper into it and because of this you are able to bypass many antivirus edr controls okay i mean good edr controls are looking at processes behaviors not necessarily you know when the when the executable loads okay once it loads it opens network components gathers details and opens the back door and then sends to a c two there's got to be an infograph on this thing no what a missed opportunity all right it uses aes two hundred fifty six for c two here's the deal yeah i mean any any c two worth a damn is going to you know try to mask or hide or encrypt its data so you don't see it so you know i wouldn't i wouldn't get too frothy around aes two hundred fifty six although that is unbreakable so way to go threat actors commands are executed via cmd exe here's what i'm saying really quickly mad destroyer with five gifted subs thanks mad destroyer hey adrien silver indeed busting justin zero x three security and outstanding serious you can thank mad destroyer for the gifted subs thank you very much mad destroyer appreciate it did we just become best friends yep okay so here's the deal i'm going to save everybody a lot of trouble number one it educate your end users not to open zip archives to run basically you know freemium pdf creation tools number two if you h like configure detections in your sim see how it says it uses cmd exe with no visible console if you're seeing pdf cider like spawn child processes of cmd exe that's an indicator of compromise you may want to investigate that all right data excel via dns yeah it you should be looking at dns for data excel now i will say it is encrypted traffic but here's the reality if you're looking at your dns traffic and you see all sorts of data like dns is going to look like dns if you see all sorts of additional data whether it's encrypted or not that is an indicator of compromise so watch your dns it's very easy if dns is being used as a communication vehicle for c two traffic it's very easy to detect if you're looking at it all.

B

Right let's cook of cio political sources say acting cisa director madhu godamakala moved to push out the agency's chief information officer robert costello last week issuing a rapid reassignment that would have forced costello to resign or transfer within the department of homeland security senior political appointees reportedly objected and dhs halted the move costello is viewed by many as one of sisa's strongest technical leaders sources say costello and garmacala previously clashed on contracting and.

A

Policy decisions oh my god like this week on game of thrones u s federal government edition ciso tries to oust cio in rapid ejection and it looks like the cio was able to defend their defend their their position okay hold on not ciso chief the ceases acting director basically tried to fire the cio this is straight politics bro robert like basically this guy's boss tried to fire him and he was able to defend and get some top cover from political appointees to to get this sorted out hey qkb three thousand one hundred twenty eight is asking is anyone from pennsylvania here yeah there's a lot of people from pennsylvania here so if you're from pennsylvania sound off in the chat qkb three thousand one hundred twenty eight is questioning yeah sisa is a little bit of a clown show right now sadly i'm not going to get political i think that there's a lot of there's a lot of stuff going on you know even outside of s so cease's executive assistant director for cyber was not given a decision ahead of time and wanted to know what the heck's going on hey here's the deal guys i mean i've seen enough like made for tv dramas i saw succession if you're gonna try a power move to get someone fired you really should make sure you have all the votes you got all the top cover you got all the things because it's not going to work out i i don't know what's going to happen here but i guarantee you madhu guta makula the guy who's in charge of sisa and robert costello the c the cio dude what's it like those guys bumping into each other in the break room getting coffee like he literally tried to get him fired wow both career staff and even fellow trump appointees grew alarmed by the director here who is the former cio of south dakota over his handling of a failed polygraph exam at least six staff who sceduled the test were suspended what hold on six career staff who helped schedule the test were suspended with pay after the exam hold on so this guy this guy's the acting director of cesa he failed the polygraph exam and the people who scheduled the exam got suspended because it was on so he shouldn't have taken the poly why would you even dude i am i am like i don't even understand what's going on there's like so much political infighting and game of thrones stuff going on up in the top it's insane dude tldr this doesn't affect you and your work today you're not going to be driving cyber risk reduction based on this story this is just if you like soapy drama you know get your popcorn and everything and get it get it get sorted out here let me let me see if i can like do this really quick here we go this like hey look it i this is interesting i'm actually getting a live hold on hold on yes yes this is coming in right now from the field let me take you live to sisa headquarters yep here we go we've got a live look in right now at sisa headquarters thank you johnny on the spot reporter from reporting live directly from cesa on what is actually going on there the cio and the acting director having a conversation here in real time ridiculous man be professional huge thanks to.

B

Our sponsor drop zone ai it's two am an alert fires possible data exfiltration your on call analyst is three time zones away half asleep context switching between tools by the time they piece together the evidence forty five minutes have passed was it a real threat or another false positive the clock is ticking tomorrow we'll tell you how three hundred enterprises solved this exact problem but if you can't wait head on over to dropzone ai to learn more malware broker alrighty.

A

Let'S do this really quickly all right guys hey i want to say thank you all so very much for being here definitely appreciate it i hope you get value from the show if you do not only hit the like and subscribe but tell a friend we we're doing something very cool over here and i don't want to hoard it i don't want to keep it for us and not them okay let's let's share the love all right guys i do want to say speaking of sharing the love thank you to the stream sponsors threat locker anti siphon area and flare guys go to simply cyber io flare i'm telling you not only do the sponsors help support the channel but they do a lot of really fun cool stuff now flare is a cyber threat intelligence platform which i have made a video about and really really find as valuable but flare's doing something else entirely called flare academy where they bring industry pros in for webinars and and educational opportunities january twenty ninth eleven am to one pm i am going to this i'm hosting an unofficial watch party i i have i have spoke to flair about it they are actually loving the idea that i'm doing this so sometimes it's better to ask for forgiveness than permission i'm hosting a watch party it's going to be super dope inside the life of a ransomware operator guys i do not want to put on waiters and and wade out into pluff mud to figure out what cyber cd criminal underbellies look like i'd rather have somebody who's come back gone through the pressure washer and been cleaned up and then they could share their lessons learned you don't have to get first first you know level experience sometimes to learn get get it from someone who's been there okay i don't want to live on an oil rig but i'll certainly sit down for twenty minutes with someone who lived on an oil rig to talk about their experiences same thing with this i don't want a ransomware threat actor knowing anything about me or my family but i would certainly like to know about them so come on down january twenty ninth eleven am to one pm eastern time learn and also get the the watch party action going yes i can i don't know yes all right so anyways every single day of the week has a like justin gold just buffer overflowed me every single day of the week has a special segment tuesdays is tidbits tuesday where i share a little bit about myself and you know see if we can vibe on it i'm not i i didn't have anything prepared today but i guess i'll just share if you didn't know i am a new england patriots fan i'm originally from the boston area which is why i can drive very well and i get angry instantly but then get cooled down instantly that's classic bostonian type stuff but yeah new england patriots they are in the afc championship for the you know football nfl uh i'm a pro football fan i live in college football country i i don't even watch college football i think the championship game was on last night possibly i don't know but yeah if you're a pro football fan holla we got that in common and i know by the way i'm well aware that a lot of people hate me because i like the patriots i get it i get it it's lonely at the top you know what i'm saying gangstar said that all right guys if you got a pro team drop it off in chat let me know if you're a college football fan let me know in chat and if you don't like sports let me know in chat we'll see if we vibe on it all right let's go we got twenty eighteen minutes and then i got to go to work work where.

B

Broker set for sentencing jordanian national faras khalil ahmad al bashidi pleaded guilty to acting as an initial access broker selling network access and malware to an undercover fbi agent in twenty twenty three prosecutors say al bashidi operating as riz that's r one z facilitated attacks against at least fifty us companies and sold an edr disabling tool that ultimately exposed his ip address and tied him to a fifty million dollars ransomware incident he was extradited in twenty twenty four and faces sentencing in may with up to ten years in prison and a two hundred fifty thousand dollars fine ingram micro says.

A

Attack i don't know here's my thing okay so first of all reg all right so hey win for the fbi win for law enforcement loss for the bad guys i hate like okay so this guy was selling malware and he got caught in a sting operation and he's gonna go to jail for ten years after only making only after making twenty thousand dollars in sales to an undercover agent okay this dude's forty he lived in georgia his alias was riz which is hilarious because he's forty i don't know if this guy was thinking he was going to like pin this on justin gold and be like oh hey what's up young or whatever casually joseph he's like oh it's the rizzler it must be a young all right so not a good look on that this guy was advertising access to companies that all used one or two different firewall products the fbi got in and made the purchase and selling an edr bypass tool okay so people are doing this all the time let me see really quickly okay so this is awesome this is awesome oh my god what a fool okay okay so check it out here we go check it out this is insane i love this i love it i love it i love it so sometimes these news stories don't give us a lot of detail this one gives us all the tea like or all the receipts or whatever use your thing now like look at me look at me look at me i'm the rizzler now dude this is sick okay so check it out if you are taking john's if you if you're taking john strand's active defense and cyber deception class this week this is something that you may learn okay this is something you may learn remember when you connect to a computer when you have a network communication between two endpoints the endpoints need to know the ip address of the system that's how it's like sending a letter in the mail i can't send you a letter unless you give me your mailing address and once you give me your mailing address i can go there physically and do you know if it's your endpoint it's like in your house if it's a mailing address i can go there and like let's say it's a vpn i can go there and then request the vpn company give me the ip address connecting in for that account okay this guy dude this guy made so many mistakes like in the world of cyber security and criminal threat actors they are making millions of dollars selling malware on the dark web this dude lives in georgia so you you don't even need extradition he like literally lives in the united states which is your first mistake if you're going to become a cyber criminal number two he is selling to the fbi which is fine i'm glad the fbi is mucking around in cyber criminal underground but he connects to an fbi controlled server to demonstrate how the tool works and basically gives up his identity by making that connection what you should have done is have a demo video and provide the demo video to your customers not do a live demo not to mention live demos fail all the time you got to have that stuff recorded and just play it in real time thirdly this dude when he made that connection the ip address pinned he had all sorts of google pay i don't know if the fbi was making payments to him through the google pay but all of his accounts are tied to google pay this guy had horrible operational security it would appear among other things he's going to jail for ten years meanwhile the kid who broke into the supreme court's going to jail for one year i hope that i hope that this serves as a warning for threat actors who are you know dealing in cyber crime to you know think twice about it because this guy is going to jail for quite a while undercover agents fbi thank you for doing the hard stuff that you do and not to mention this guy was selling it for like five thousand dollars like again if so if i sold something for five grand that'd be great i would love to sell something for five grand but if you're going to be taking risks like this i don't know i don't know whatever good win for.

B

The good guys affected forty two k plus people ingram micro disclosed updated details from its july twenty twenty five ransomware incident confirming stolen data affected more than forty two thousand people including social security numbers and job applicant records the attack caused a days long outage work from home orders and three point five terabytes of documents stolen while the company still hasn't formally attributed the breach safepay claimed responsibility last summer and has since become one of the more active ransomware crews filling gaps left by lockbit and black.

A

Hat yeah tp link okay so i mean i hadn't heard of this group here safepay i haven't heard of the safe pay ransom group but as far as you know the reporting goes this is the new you know bully on the street so i guess you know put safe pay on your you know your your murder board and keep your eyes open i will say that anytime there's a prolific threat actor in ransom ransomware like if it's conti black bosta alpha v black cat whatever when they get taken down or they implode on themselves it's just like cyber criminal marketplaces there will be another one who fills the void because there's just too much money to be made great cash homie so i guess put safe pay on your board black bosta they got arrested it was reported yesterday and the the leader of black boston is on the run so you know you can expect not to be a problem anytime soon you know whatever ingram micro got hit just like any other company did we just become best friends yep oh space tacos letting me know what's up hold on one second this is georgia the country ah he was extradited from georgia okay well then i give this guy a little bit more credit for not being a complete clown so he was in georgia the country not georgia the state i thought this guy was doing it from like augusta he's like oh it's the masters next weekend i'll just commit some cyber crime this is george of the country so way to go fbi going the extra mile bringing this guy down although this guy seems like the riz seems like a lone operator i mean i don't want anyone doing anything but the it's more about these cyber criminal organizations like the common that need to be taken down all right all i would say for this story you can read the story yourself but look into safe pay ransomware group and put them on your board as far as somebody to keep an eye out for io for any threat actor group i always like to go directly to miter attack and just see if they are in here they are not in miter attacks framework yet which i mean i again i'm not i'm just one professional but i hadn't heard of them until this news story so if they are turning into like the the hotness for threat actor groups they're they're just on the come right now patches vigi.

B

Camera vulnerability tp link pushed fixes for a high severity off bypass in more than thirty two vigi and vigi insight surveillance camera models retinand co founder arco dar says attackers can reset admin passwords and take full control including video feeds when he found the bug back in october he says he counted more than twenty five hundred exposed cameras online the cameras are widely deployed globally and previous tp link flaws have been abused in the wild making patching urgent windows eleven.

A

Shutdown bug okay hold on one second tp link which has been you know tp link is one of these more consumer level networking company or you know network device companies usually you pay for what you get right so you'll see a lot of bugs and stuff for tp link netgear fortinet qnap zyxel they commonly have bugs not to say that like palo alto and cisco don't have bugs but they have less let's see james mcquiggins and cozumel very nice james mcquiggin it's my feet i don't have socks on right now my feet hurt because it's so cold in the buffer osier flow studio all right tp link had they patched it well first of all you got to patch it ah you got to patch it all right an authentication bypass law affecting password recovery in the camera's local web interface here's my thing like are these cameras tp link devices let me that's what i need to know here tp link viji fiji viji okay yeah so they make their own cameras but i mean network device camera it doesn't matter it's still the same company with the same level of i guess developer production stuff so if you're right here's the thing if you're running these vgs cameras and they have internet publicly routable ip addresses right they're they're internet facing essentially you gotta patch it and again what's the impact though right what's the impact here.

C

It.

A

Allows an attacker on the lan to reset the admin password without verification by manipulating client side state so essentially a threat actor can lock you out of your camera i think the bigger concern here is that they they can get on your lan now if you have listen they say on the lan which is local area network but if you have done network segmentation and you have your cameras on a separate network segment which is not uncommon or you know you have like a physical security network segment or you have an iot device segment it depends on what your speed is this may not even result in like that big a risk right now obviously if a threat actor changes the admin password on the on the camera you have to physically go there and do a hard reset you know like reset the factories defaults so you can do it so it's annoying and if it's at some remote location like a you know a power substation or some you know something out in the field that is really inconvenient but eh in fact here eric taylor's in in the green room he's going to be doing jawjacking he's released an update to his tool here let's use let's just see how bad the cvss is i don't think it's that bad look at four hundredths of one percent of a chance that you're going to get hit in the next thirty days with it cvss score of eight seven which is just high it's cool it's cool you should pat don't forget to patch your iot devices or set them to auto patch but this is not i'm not kicking in the cio's door today and being like oh my god oh my god you gotta hear about the tp link fidget camera vulnerabilities oh my god that's.

B

Not happening forces microsoft into out of band damage control microsoft issued an out of band windows eleven update on january seventeenth to fix shutdown restart and hibernation issues caused by january's patch tuesday the problem affected systems with system guard secure launch enabled preventing proper shutdowns and causing laptops and desktops to drain power the update also addresses a remote desktop authentication bug while a separate outlook pop issue remains unresolved microsoft urges affected users to install kb fifty seven seven thousand seven seven nine seven reminding us that security updates can create unexpected side effects all.

A

Right i mean this is pretty straightforward listen if microsoft sends out an out of band patch an emergency update you should apply it right they're not they don't do this for lulls they don't do it so people don't forget about them right don't you forget about me like windows microsoft doesn't give a crap about that this is directly related to the urgency of having this patch applied to your systems so get with your it counterparts because you're not patching it they are patching it patch your own machine for sure but get get this applied period full stop and remember with patch management you're not going to get all the machines you have machines that haven't phoned in you've got a salesman like a you got carl the sales engineer who's on a flight right now you got all these things so you're very likely you're gonna apply all the patches and then you'll have like twenty ten to twenty percent of systems that either can't take the patch or or they they haven't they're like off the network and they're not receiving failed for whatever reason you you'll deal with some of these instances but just look through what is the what's the concern of not having that patch applied and if it if it's a you know willingness or it's a it's a risk you're willing to accept fine if not then work through it with the end user of that endpoint to get it sorted out okay foreign that's gonna do it for january twentieth twenty twenty six episode ten fifty of your simply cyber daily cyber threat brief i was your host doctor gerald ozer live from the buffer osier flow studio again shout out and thank you to the stream sponsors threat locker anti siphon flare in area if you want to support the channel click the links in the description check out the sponsors see what they're all about don't go anywhere because we're going to be doing jawjacking in just a hot minute i have to go teach at the citadel military college but every single day from nine am to nine thirty am eastern time we do something called jawjacking which is a and ask me anything so if you have any questions about career certs industry etc drop them in chat with a queue up front eric taylor is going to be coming on he has agreed to answer your question so thank you for your time eric and your experience answering those questions have a good one everybody i'll see you later tomorrow tomorrow tomorrow yeah and just reminder this thursday a lot of people in twenty twenty six are thinking about setting up their own side hustle or starting their own business altogether i've done it eric taylor runs his own business kathy chambers launched her business you know cairo sec tyler ramsby's doing it a lot of people are doing it so what what do we do about that i go get my friend bryson bort who has started sold ron successfully many businesses and he's a legend cyber security professional is going to come on and talk about starting and running your own business so get get that's appointment viewing as always you can go to simply cyber dot hold on as always you can go to luma doc i'm gonna have to make a quick redirect for this one but you can go to luma dot com simply cyber luma l dash u m a dot com simply cyber and let me pin this in chat and for all the upcoming things you can get a calendar invite it's very much a game changer so if you have missed the jawjacking a firesides a daily brief a webinar if you've missed anything simply cyber because you forgot about it that's what this solves we are addressing it by putting something on your calendar i'm jerry from simply cyber my feet are cold but my takes are hot i'll see you guys tomorrow cheers ever wonder what it takes to break into cyber security join us every weekday for jawjacking where industry experts answer your burning questions about the cyber security field live unfiltered and totally free let's level up together it's time for some jawjacking.

C

What is going on you beautiful beautiful people stick around we're going to have some talks we're going to have some conversations let's start up some music i don't this so ai generated we still have christmas well i do still like some christmas music i actually celebrate it so here we always try to do tidbits tuesday i am one of those people that you must complete a holiday before you start the next one don't give me christmas before thanksgiving this year or well technically last year i was a little different i'm like you know what is the world the the environment has been awful this year i need a little bit extra christmas cheer so in the middle of november i was like bring on bring it all on bring bring all the christmas cheer give it to me give it to me like fan in me or whatever like i just need to cool down i just need to cool down i need some christmas cheer in my life so last year i did accept christmas a little bit sooner than i typically do let's try some lounge music doctor gerald ozer said my name is eric taylor i am the owner chief forensic operator here at barricade cyber and i'm here to answer your questions jerry has just confirmed in chat that we do not have a nine thirty i do have a hard stop at the top of the hour so i will stick around and answer as many questions and just shoot the trash with you as much as we can why because i honestly freaking enjoy hanging out with you ladies and gentlemen i really do you know we get so in our world we get so heads down focusing on the forensics on the hunting the evil or patching or whatever it's good just to take a few minutes once a week hang out with you ladies and gentlemen and be able to do that i'm gonna let you guys in on a little a little tidbit so y' all been seeing i've been working on the epss school version i kind of leaked it last week during jawjacking and i put a little video a little image out on linkedin if you're following me there barricade has hard stops makes sense yeah but for you simply cyber folks i'm going to let you in on a little secret we launched epss lookup tool version two point five it is now mclivey live so i'm going to show it to you the official release is out on getting posted on linkedin later today or in about two hours actually but if you are looking to have an inside scoop into some of this we're just using this old cve as a precursor for it we did minimize the the cooldown from ten seconds to three seconds we do have a recent section here so that was one of the big things even i had where it's like crap i'm searching multiple cve's and i can't remember so i did we did build in a recent so as you're searching more and more cve's this thing will populate i think i set the limit to thirteen if you don't want the tool to track it we do have an stop history search here so you can click on that and it will you'll see that it'll disable so one thing is the if you refresh it these results do show as cached so if you just refresh it then you'll be able to get what you need but you know we added more detail to the cisa kev you know when the remediation date was who the vendor you know the cwes what's correlated to it are ransomware threat actors known for this and yes it is known so so required actions for you the lev analysis that was being part of the nist framework you can actually go through this and this is the biggest thing that took me so so so long it's the calculations are freaking ridiculous it really is but lev essentially is the likelihood for exploitable vulnerability so you're taking your cve you're taking your eps and you're taking your lev to creating a lev score likelihood of exploit vulnerability and this is what this is right so you got that n and and it's always good to know what threat actors actually have are looking at this cve you know this one china apt forty one we got dragon force that was exploiting it we got we had monty things like that and we also put in here for the actual some of the newer ransomware group names and this is also good for botnets so like trickbot is actually going after this ice i iced id cobalt strike silver marathi metatrapreter all that stuff right so it still has all the published information information that you want any of the references that we always had you still got your your heat map breakdown we've also added the epss score thread or score trend and this actually looks at the api like how where did the epss score trend over the last thirty days we do see where epss scores will change over the last thirty days so we do put that and if you're wondering like this will get more populated because this is a brand new release but if you want to know who how many times this cve has been searched on the epss lookup tool alone then this shows the last thirty days naturally it's got to get more granular information so that is eps epsslookuptool dot com or epsslookup dot com we did buy lev lookup and levlookuptool dot com so we'll get we'll get all the domains you know redirected and pointed and all the all that fun stuff but if you want to capture that and just kind of go in there and take a look at that feel free to do as such we are i am already planning version three point zero which will probably lease right around valentine's day that one will be a paid version so we'll we're going to be building the back end of it and the basic premise for the paid version which is going to be cheap i just don't know what cheap ninety nine looks like yet but basically your infosec and you need to research a ton of cve's at one time that's where the paid version is going to come in you're going to be able to bulk search a bunch of cve's that you want to and it's going to prioritize it's going to give you all the results and it's going to do the math for the priority proprietary proprietary can't talk prioritize it for you and it'll be multiple things i want to i want to prioritize off of my epss score and then i'll prioritize in that now i want to do my cvs score it'll prioritize off of that i want to prioritize off of the kev you know give me date like the oldest to newest stuff that's in kevin so i can go get compliant with cisa kev in a orderly fashion it's going to do that so there's going to be a couple things that we're going to be looking at to make it that way and easily what i the way i'm going to price it in to be completely honest and transparent with you it's we'll probably offer it free for like thirty or ninety days or something like that but the pricing is going to just be like help me offset the server cost plus a little bit like a dollar or something right make it a make it quote unquote profitable right but you know this thing is running on a very very small server and it's very very fast so the the server costs are going to be minimal so i'm kicking around four point nine nine a month five point nine nine a month i don't know we'll see right so let me seriously in all seriousness when the post comes out on barricade cyber at eleven oh three am kick it around please i'm begging you kick it around and see what what's what in there and let me know what features we're missing i think outside of sorting the priority and doing bulk cve i think this tool is pretty much done i think i think i think but if i'm missing something that's a viable legitimate offer oh and i do have the copy to your text so that way you can do that right gonna figure out some sort of reporting but we don't we also have i met with the marketing yesterday in our weekly huddle and we have a lot of tools coming out this year a lot of stuff that i've been on the back burner with i'm like we need to get this stuff done so there we go so anyway again when it if you're not following us on linkedin let me get that please follow us at barricade cyber so you get all the information and i do see a couple questions that came in and i will get to those in just a moment let's see view as a member how do i how do i how do i i think it's just that yep so definitely go over there follow us on linkedin that's where we do all the stuff all the stuff primarily everything we do is published out on linkedin i mean we're on twitter and stuff like that but that's not a primary market for information all right i am very again i am very interested to see what you guys and gals come up with and in terms of features feedback all that stuff let's see let's see from cryptic roses how would you recommend how would you recommend remembering info as i feel my networking knowledge etc is slowly degrading why apply to jobs dude real facts right there don't want to be on an interview slack job when i used to know the info being asked to be honest with you we all real talk seriously cryptic roses we all forget crap you know i am at an age now where i'm like i have probably forgotten more than you will learn proverbially that's what our old that's what the old used to say when i was growing up and in some ways i for i feel that i honestly as a as an owner there are certain things in a role and we'll just say digital forensics no matter how long you've been in the industry there's like five seven things that i should be able to ask you and you always remember you always remember it like what is the srum database what does that do where are the windows event logs stored where are linux logs stored doesn't matter what distro it's all stored in the same spot even esxi and vcenters typically are stored in the same spot unless you modify it so there there's certain truths no matter what job you're looking at where it's just part of your daily cadence right you know where the stuff is little nuances like how do you make a configuration change to a fortigate to allow an application in through a firewall policy if you haven't messed with a fortigate in about six months you might forget and take out fortigate for palo alto cisco asa whatever the product name is right did you get the the nuances right it's like and just be honest with them it's like man i swear i know this one i'm deeply sorry i don't have that answer for you i i promise you if you can if you have a gui a test box it would take me two seconds to take a look at it and instantly remember where this thing is but i haven't touched it in six months i've i've honestly forgot because it's not it's not in the top of mind unfortunately and most of the time people like okay he's he's being honest you know the the biggest thing that i could ever stress to you as an owner is just don't bs us if you're honest we're cool with it just don't bs us because we start seeing through that crap it's like we're not going to hire you all right how do you respond to a ransomware attack do you try to deploy agents via gpo if possible yeah because we want to get containment as fast as possible and if a gpo if we can get a gpo to function in a ransomware situation then yes that's what we do we've also got powershell scripts to inject gpo code into active directory so that way we can potentially deploy it as fast as possible because a lot of times the gui is just messed up so but ad response if that doesn't work we do have jump boxes that we typically ship out so you know we have lenovo i got three of them i got to reprovision right now and a lot of times we'll put the active directory module in there and then connect to there and then we got a fresh gui that will work to make the power of the gpo changes that we need up yeah that is just one tactic yes there are many many tactics that you can do just really it is a case by case scenario going for iam analyst engineer have a cyber degree congratulations sec plus and the sc nine hundred going for sc three hundred what do you recommend for the next vendor specific certification i should take dude i don't know if you really need one honestly i honestly don't think you need one the only thing i can think of real talk the only thing that i think you would probably need is that there is a specific certification for the organization that you're going to be working for they want x y or z but from a thirty thousand foot view i would say go rock it if you really want to make yourself more certified go on linkedin looked at the five five top companies that you'd want to work for and see what certs that they're going for they're they're wanting in that type of stuff and you know you can kind of go that route but to me i think you got what you need outside of a company specific requirements i honestly think you got what you need right now there should be literally nothing holding you back i would think at least from a certification standpoint anyone going to the london tech expo in march going to plan to go and now now that i'm a graduate would love to see more friendly faces connect so there you go if you guys are guys and gals are in london and or going to the london text expo in march not really a question but there you go you know definitely connect with cryptic roses would love a meet and greet john burns starting with python courses today and digital forensics tomorrow okay any tips for either course before i start just keep an open mind i'm not a huge python person i can read most of it you know i can analyze the python script like okay that it's it's doing this it's doing this i i may not know what this is and then i may have to ask rock or chat gpt like what exactly is this if you've been around for a while i'm a huge powershell person i i will make modules and you know everything in powershell as much as i possibly can it's just something that makes sense to me and it's really easy to get powershell on all three platforms mac os linux windows so my i always do a tip of the hat to the python people because it's just something i can't do and that's my limitation and that's my burden to bear or my cross the bear just kidding but anytime i go into any class any like i've had instructors tell me like why the hell are you in this class you know way more than everybody else in this class and i'm not boasting by any means it's just whatever and i'm flattered by it but the way that i always take these classes like there's always a nugget to learn even if i am senior in it right like soon i'm gonna go back through the sans for five hundred the basic windows forensics now it's going to have windows eleven and some other newer stuff in there and there's a lot of new stuff in windows eleven from an artifact standpoint that's really really cool but when i'm in those classes i'm looking to learn from other people remember things that i may have forgot learn a new perspective on an artifact like oh i didn't think about that and parsing that with this making my job easier so there's always always something to learn ladies always something to learn that's the biggest thing i wish people would pride themselves on willingness to learn willingness to know you don't know everything there's always a different way a different tactic a different ideology there there's always something so always go into these things with an open mind willing to learn and sean burns you will do well in my personal humble opinion cti job interview this afternoon any advice thanks in advance well chris young best of luck to you yeah cti is definitely i mean we do a fair amount of cti here i i would say in your interview understanding who their client base is who are they reporting to what what is your or what is the company stance on notifications to either upstream vendors or downstream clients knowing their business operations and i always use the especially in these type of roles you know what does success look like to you in this role in the next thirty sixty and ninety days that way i know i'm meeting my marks with you and just go rock it out hung out with you several times chris i know you can do it just stay gazelle intense stay gazelle intense good sir you will get it from brian coyote what is your favorite distro of linux to use i only use ubuntu there's another one that was just released hold on hold on hold on hold on was it be quiet i didn't watch let's see if i can quickly find it if not i'm may have to post it in the generals for discord i want to say rob lee talked about it i think i think might have been somebody else i'm just doing a quick search on another window bear with me one second ladies and gentlemen no it was definitely somebody else yeah because i'm going back a month and i'm not even seeing anything about it okay chucks oh well i know there was a new privacy one that just got an update i know a lot of people who are in heavy privacy focused are into i think it's parrot os i haven't messed with it that much most of my stuff is built meant and built for production environments so i just know the ubuntu commands and to be honest with you i'm getting to be almost fifty it's like i'm not one of the tinkerers of the industry anymore it's like that's one of the reasons why i switched over to iphone a couple years ago one was for simplicity of communicating with my family and stuff like that especially when i travel in a lot of ways i still miss my android devices but sometimes just get to a point you're just like i just need the crap to work i'm tired of tinkering i'm tired of messing with it all that i just need the crap to work that's probably why i don't do the oh what's that app that you put on your fire sticks for extended trailer watching cootie cody cody like i just use apple tv nowadays and i mean i have plex as well but everybody knows how to work youtube and youtube tv it just freaking works and sometimes you just need stuff that just works especially when you've been in the industry for so long you're just like there's things like the the tech people will tinker with like we'll mess with stuff we'll do cody and you know we don't mind clicking thirty links to find out which link works and all that stuff like we're okay with that but when you're dealing with your family and they're not tech savvy and all that you're just like i just need something to really just freaking work it's simple i don't have to do a bunch of tech support and everybody just understands it and is willing to use it and adopt it to be honest with you that's just the way it goes so and i almost tried to install java the hard way on my keypad let's see foreign ask what is your take on renewing certifications they can be quite expensive yes they can i have the casp sec plus ceh and azure thank you for thank you as always for what you do so your miles may vary but i had a ceh was never was never asked to prove that i had my ceh is the renewal of certifications i think is an industry by industry slash company by company standard i say that to say most of the small and medium businesses won't give two freaking rips if you have it or not like you got it at one time you can show it on your resume but just show that it's expired you're like okay you got it at one time we're cool with that even working in a job since then that's daily using the azure stack we're fine right some smb and medium based clients will have clients and prospects that will mandate that their staff have a certain certification so you'll have that one off right but it is it really is a industry by industry and company by company conversation but yes it can be quite expensive and that's where you would kind of talk to your business and be like the business that you're working for or you're getting ready to come into or whatever the case is like look you want me to have all this stuff here's how what this is my yearly cost to upkeep it these renewals how can we work together to make sure that we i am staying compliant with what you want me to be and i'm getting what looks like my video just glitched up put yes in chat if you can see and hear me it looks like it's working but everything just flickered on me for some reason could just be a restream issue but yeah to be an efficient hacker should one be a very good it guy i would say having a basic understanding of technology would be beneficial like being able to understand networking stacks and stuff like that but i know a lot of hackers that aren't i like they're not it admins at all they can just they just have the act the knack for looking at what's being generated and looking at source code and just being able to rip it apart so you know each of our pals are different right like mine was when i was early on it was i mean i had some high t experience and stuff like that but i mean that's back when we were in fifty six k modem days and stuff i mean the experience was a loose term like i knew how to rip apart my give me a second i'm just stepping away to get something i knew how to rip apart you know my computer i knew how to build new computers you know i knew how to do the the cutting edge stuff of the day as it were right so technology was a lot different back then so and it was easier in my opinion to be a hacker back then right you because you don't have or we didn't have ten thousand different technology things to deal with but on the same mindset maybe that was harder and today is easier because you have so many people focus on so many different things that nobody's focusing on you know specializing on one so it's really easy i don't know i mean i can see both sides of the coin but i don't know give me one second i just gotta turn on oh so if y' all don't have this thing so i go through canned air like there's nobody's business and this is not a sponsored ad but i recently found this little device called wolf box it's got several different nozzles and stuff and i'm gonna mute myself for a second because it's gonna get really loud but i gotta blow out some of the the the failed attempt to install java on my keyboard but this is a really cool freaking blower did it not mute oh my gosh i'm sorry if i just blew out i thought it muted oh my gosh so sorry about that but yeah it's fully rechargeable got on amazon for like sixty bucks i think it's got several attachments and stuff really really cool tool so if you have been looking for a possible new tool to use for blowing out your keyboards and your computers and stuff definitely check out this this guy here really cool anyway and the battery lasts a really really long time too that's another good thing because you'll be in there blowing out your dust out of your computer and you know that the the compressed air is going away right so you're just like trying to hurry you know getting real close just to get that last stuff but yeah it's this one's pretty cool i like it maybe we should get to the sponsor the sickly cyber wolf box blow out your computer it goes over all the crud is blow it out all right let's see what any questions any hardware you would recommend for home labbing was looking at into nooks but ram prices have made ebay searching painful yeah if you can i don't know how i've heard rumors that it's harder to do it these days so but definitely test it out i would say try to get a developer license for azure or aws or whatever platform you feel comfortable with and use their vms for you know labbing things up to be honest with you i was taking a hard look at ansible at one time but just never bit the bit the bullet on that but a second oh boy okay just getting caught up on some emails here it's gonna be a fun interesting day today ladies and gentlemen from neckbeard seven hundred and seventy seven do you think it's better to be really good at one specific thing or to be okay at everything depends on how long you are in your journey.

A

Yeah.

C

When you're starting out let's just take the one thing i always talk about is being a doctor it's very easily to relate when you're going through the process of specialization as a doctor you become a general doctor and then you go through specializations cardiac pediatric cardiology you go through all whatever it is right but when you're a doctor you are the jack of all trades so to speak you're looking you're able to know a little bit about everything your teeth your bones your this or that all that you have a general understanding of everything and then they tap the specialist for further insight so i mean you can't just go right in and be a cardiac surgeon right you got to go through the processes so you got to go through the jack of all trades the generalization before you become the specialist i think long term specialization is the absolute way to go right that's what i would recommend be a specialist your value is not the right word but hopefully you get what i'm saying that your your input and your value and perception in the organization i think holds more weight when you have a specialization in something than a journalist or generalist practitioner or a jack of all trades have you heard of vanta or dranta yes i have heard of vanta follow good question that was a i'm gonna look at getting into some of the cisco switches and messing with those from a home lab i'm making i like the azure yeah so i think if i'm not mistaken in azure or aws i mean i can't share my well i'm not sure if i can can share my screen just yet give me a second let me actually get into the marketplace i want to say they have let's see cisco let's do that as a general close identity service meraki yeah i can share this hold.

B

On.

C

Not sure anything too sensitive by any means so i just did in the marketplace just do cisco you got identity services i mean meraki if you're into that you got your catalyst edge switches your routers everything like that so i mean you could spin up everything you need in there to start messing with the command lines and stuff like that so that's what i thought so i'm pretty sure aws is the exact same way right so what is your thought about vanta or dranta solution would it be useful i don't have any insight on either one of them of those i heard the ad on the i don't think it was a simply cyber i don't think they were ever a sponsor on this platform but it was the ciso series they were sponsored for many many or about a year or two maybe they still are but i have no i personally have never used either either one of the products and being able to properly advise on either one on its pros or cons i'm not a i'm not a good resource for that because i don't have any insight you should update your browser yeah i should to be honest with you i just ran through all the updates for january too even just installed the one that was being talked about earlier the out of band patch and edge that's why it's not red or whatever because the update just came out like yesterday or something like that and i've got five vm for it right now processing stuff so i can't be in the middle of shutting that down so yeah i'll i'll get to a stopping point and reboot yet once again this would be like five reboots this month just for patching on my workstation i don't know december i got behind or something and i'm trying to the system is trying to catch up or i don't know but i've definitely had an excessive amount of patching reboots especially last week i feel like i had four all right any other questions let me open up my chat let's see answer that one answer that one haircut fish has been posting stuff in my chat what have you ever seen a speculative cv any advice on how to do this what advice to use when i went to a career advisor have you ever seen a speculative cv yeah so cryptic rose asked this and i'll let me see if i can find hers thank you so much here for putting that in there i my search did not find that here we are have you ever have you ever sent a speculative oh if i ever sent one no i have never sent one i have seen them and immediately properly sorted them where they needed to be filed my perception is a cv or resume needs to be a fact file finding this is the who what when where why of me it's not space for conjecture or conjecture yeah i think i have them all answered and we are getting to the top of the hour and i do have another call to prep for let's see what's everybody talking about exactly nightbot if you have you're getting any value please take three seconds to smack that like button it helps the youtube algorithm and do us a favor if you think anybody else would benefit from this jawjacking the daily cyber stuff we're talking about all the news recommend us to somebody like hey caught a great episode over here jerry was ranting about x y and z and then jawjacking host you know eric or tyler or whoever was talking about this this and this and this you know it was a really good day bring people in we do want to grow this platform this year we want to make twenty twenty six the best year for simply cyber yet don't do it a trillion times because just because when you hit twice it just takes away your first and you hit your third then it's like your first then your fourth is just like your second where it's just gone again just do it once but however maybe share it a trillion times share it a trillion times all right y' all i see y' all head now the numbers are dropping i do see people saying have a great day thank you so much for find the true too good to see you with that we are going to do the the sea shanty because we have a few moments and then we'll close it out i will probably not be here for the panel on friday i've been really really heads down got a lot of work going on right now a lot of tools to build we have many many things we're working on this year so i've been gazelle intense on everything so i will probably miss that but thank you all so much for hanging in here thanks for tuning in i do greatly appreciate you all until next time stay curious there once was a kid whose passwords laid across all sites they were the same a criminal then found their fame by taking that data to go soon.

A

May a criminal come to steal your pictures and data and run one day.

C

When the crime is done they'll steal.

A

Your account and go.

C

All right crypto cruises real quick if you can put in chat real quick i'll answer it because we're coming up to the top i'll stick around i see you crazy rose are you still here i know the video is delayed real quick while i'm waiting on that how long should you stick with the home with a lab before moving forward until you're you know inside and out backwards and forward huh hold on hold on i'm looking for all of your messages cryptic roses oh i see it now the reason i didn't see it because technical issue but yeah no worries there wasn't a space but whatever anyone else got issues with logging into job hack like a hacker seems like the redeem code for twenty twenty five even though receipt is out for today so this is not the chat for that cryptic roses that is black hills information security specifically jason blanchard go on linkedin look up jason blanchard send him a message or post something tagging him in that with maybe an image to your issue and tagging him on that and he should be able to get back to you but simply cyber you know us mod teams and stuff like that you know we don't have any control again that's all jason blanchard black hills information security so go get with them and you know be able to get that sorted out all right with that thank you so much and see y' all next week take care.

A

Hey everybody i hope you enjoyed that content keep the cyber security train going by connecting with the other simply cyber community resources we have the discord server that's lively and always keeps the conversation going you can connect with me directly on linkedin and also every single weekday morning on the simply cyber channel we're doing live daily cyber threat briefings eight am eastern time as well as thursday at four thirty pm we're doing live stream interviews with industry experts and we produce videos that we push out every wednesday morning i'm jerry from simply cyber i hope you enjoyed the content and we'll see you in the next one.