A

All right. Good morning, everybody. Welcome to the party. Today is June 2nd. It's Tuesday, 2026. This is simply Cyber's daily Cyber Threat brief podcast. I AM your host, Dr. Gerald Ozier, coming to you, all sorts of washed out here in Las Vegas at Cisco Live. Coming to you live from the mobile studio. If you're looking to stay current on the top cyber news stories of the day while being entertained, educated, and leveling up as an absolute community of bosses, well, then you're in the right place. Get your coffee, I've got mine in my travel sippy cup, and let's get to work, shall we? All right, everybody, welcome to the party. Hopefully the audio sounds good. I'm making some assumptions here. Kind of flying a little. A little nakey. Nakey if you will, proverbially speaking. Guys, good morning. I want to say what's up to the squad here. I see Nerman and TJ, Marcus Kyler, Mr. Buddha saw Mary Ellen Kennel sighting in there. So good morning, Mary Ellen. Hope everything's well in your world, guys. As I said, we're going to go through eight stories top cyber news. I'm going to give you the surface level breakdown of those stories, of course, which will give you all the things you need to get into it. And then my favorite part in the proposition I make to you of why you should show up, Aaron, hang out with me every single day is that I'm going to go beyond those headlines. I'm going to dig in. I'm going to give you additional insights. I'm going to give you value that you might not get anywhere else. Based on my 20 years of experience, based on just my pure passion and love for this industry. And ultimately my entire goal is for you to be empowered, to take your career wherever you want, to crush it however you want, and basically, you know, be the CEO of you. I want you to be empowered. DJ B sex says my mic might be the laptop Mike. I'm about to give the old classic super technical, super technical check. You ready, dj? All right, there we go. Just gave that a good swatting, I think. Feel like. Feel like the audio does say that it's coming through my mixing board and my mixing board says it is there, so. Yeah, buddy. All right, well, I just gave it the old hit. Let me know, guys. Is this the right bike? Oh, yeah. Hey, so for those who knew what's up? Yesterday, the. The. The CPE email went out. I'll just break it down really quickly again. If you're here for the first time you're like, why is this guy like wasting time? Just get into the news. It's a whole, it's a whole vibe what we're doing here. Okay? It's an experience. So yesterday, every single episode of the Daily Cyber Threat Brief is worth half a cpe. We have a system here, it's very, very cool in my opinion. If you go to Simply cyberthreat brief, simplyCyberIO, you can see we have a website for this show exclusively. And on the, on the top if you hit cpe, you could see that you can get your CPE for attending. You put in your name and email address. Oh my God. Greg. Aim and email address and then double checkbox here, verify you're human and then on the 1st of the month you'll get an email for the previous month. Now really quickly, yesterday I had some logic flaws in my code where people, some people got just one day of June. So I've corrected that. And then the other thing is basically I have to pay for the back end platform. It had, it had capped at 50 emails and there were 374 people that needed to receive emails. So I had, I have to, I basically, I did it in a super janky way on the free model. Like I had to basically send 50 emails, wait two minutes, send 50 emails, wait two minutesS, send 50 emails. I have to, I have to upgrade it to the paid plan, which is fine, but there's a little bit of. It's not as simple as just upgrading to the paid plan. I have to like migrate something off. You guys don't care. All you want is the cpes. But the good news is everybody got the cpes and hopefully you guys enjoy that. So thanks for being beta testers. Until I migrate the back end environment, I'll still consider the product in beta. If you're here for the first time, welcome to the party, pal. Welcome to the party. I am playing the sound effects off the soundboard today. I can hear them in my ear. Let me know if you hear them also. So if you're here for the first time, drop a hashtag first timer in chat. Hashtag first timer in chat. We love welcoming our first timers. I am here at Cisco Live. So if you're here for the first time, let me let you know that this, this right here is the mobile studio. I do, I do this show every single day, right? So if I'm on travel, if we have company, if I'm at my in laws house, the, the show must go on. So sometimes we're not in the full studio. Sometimes, sometimes we have, we're in hotel rooms that have this kind of artwork going on, which I assure you is not my vibe. So it is what it is. All right guys. Every day of the week has a special segment and Tuesdays is Tidbits Tuesday where I'll share a little bit about myself. I am here at Las Vegas so it'll probably be a thing about Las Vegas on that. The show isn't made possible without the support and contributions of the show sponsors. Let me say thank you to them starting with Flair Flare's Cyber threat intelligence platform. They are taking. Hold on. That is not the right place to go. Hold on one second. If you want to manage the risk of identity compromise and getting ahead. So here's the deal. A lot of information security programs will take identity and look at a lot of protection controls, right? Multi factor authentication verification before giving out credentials, revocation of credentials when people leave inventory and service accounts and stuff like that. And that's all good, like you should be doing that. Okay, but don't stop there. You can add response controls into your information security program around identity specifically being able to detect that identities authenticators have been compromised in intervening, responding prior to those credentials being utilized in exploitation of your environment. So just remember like right now, just for example, right now, if I were to blurt out my password to my user account, that doesn't mean that my user account is instantly compromised, right? Someone would have to take it then they'd have to log in. They, they might have to get the multi factor authentication. So there is a little bit of a gap there. And that gap is the advantage that you have to protect the identity in a platform like Flare. They comb the dark web, they info stealer logs, gross telegram channels, all those things and pull it back into their environment which allows you to, to investigate, query and find out if those creds have been compromised prior to them being utilized. Which is huge, huge, huge, huge. So go check out Flare if you would like simply Cyber IO Flare gives you a two week free trial which is plenty of time to discover the massive value. I love Flare. Guys, I, I don't know if I've, I've said it before, but I'm telling you, I love Flare. If you have used Flare, please drop your honest reactions in chat right here. Also want to say love and support to Anti Siphon training Now. Anti Siphon training is disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone regardless of financial position. They demonstrate this commitment to excellence in many ways. But look at this dude. They're doing a one day, six and a half hour multi speaker virtual conference that costs zero dollars. They've eliminated the pay gate, which means the only reason you don't go, it's on you. Right? Like, I mean obviously if you have prior commitments, that's, that's a thing. But my point is they remove the barriers for you to level up as a practitioner. June 17, 10am Eastern. Come on down, register for the summit. It costs nothing to register, so at minimum get it on your calendar. Who knows, Your plans change, you become available, you'll have something that can help you level up. Also, by the way, great opportunity to make content if you're trying to do your personal branding and whatnot. If you'd like to get some training, they do have several training options including Threat Detection or Cyber Threat Intelligence with Wade Wells, Intro to Network Hunting with John Strand. Agentic AI work. You can get 20 off with Simply Cyber 26 code at checkout. Simply Cyber 26, that is just for the training. The conference itself is free. Go to Anti Siphon training. It'll pop right up on the homepage. I'll drop a link in chat. There we go. All right. Also come on now. Threat Locker Zero Trust platform making it so binaries that are not approved do not run. Which means custom malware, targeted malware, all the malware isn't going to work in your environment. Banger. Let's hear from there really quickly. Hold on, let me mute this thing really quick. Let's hear from them and then we're going to get into the news. Also remember, first timers, drop a hashtag first timer in chat. If you're here, we'd love to welcome you. I want to give some love to the daily Cyber Threat Brief sponsor. Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue, Blue Trust threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure complex line. Visit threatlocker.com Daily Cyber. All right. Hey, really quickly, I saw some feedback from Roswell UK regarding the CPE thing. Again, this is in beta, so I, I do appreciate feedback And I will receive all the feedback with good intentions. He did say here provide an option to download CERT in PDF Roswell uk, if I'm not mistaken. I thought there was a button that allowed you to in the email to print your. Your download. So like you could then. Print to PDF right? If I'm. I'm not mistaken. So did anyone else see that? I thought I put that functionality in there. Let me just do this really quickly while we're getting into it. I do not see my email. So anyways, check that out. I. I'm open to it. I will investigate Kenneth J with the Super Chat. Do we just. Do we just become best friends? Yep. Thank you very much Service J for the Super Chat. He says, love Team SC and Jerry guy. I definitely appreciate that, man. I don't see where those email. I. I don't know. I can't find my own CPE email, so. But I'll look into it when I get a second. I am in Vegas at a work event, so. Yeah, there is an option on the page, the link in the. Yeah, okay, so Code Brew is confirming this. Roswell uk, read the email. There is an option already for PDF. You should be able to use that. I thought I had done that. All right, dudes, do me a favor, everyone. If a first timer comes in here, welcome them, please. If we see someone celebrating a win, let me know. And for everybody else, you know, enjoy the show, sit back, relax. Space tacos. Space tacos. Kind of lowkey. Looking for an Update on the Auditor 2 position, by the way. No pressure everybody. Let's get to work.

B

From the CISO series, it's cyber security headlines. These are the cyber security headlines for Tuesday, June 2, 2026. I'm Sarah Lane. Meta AI hands over Instagram account access. Attackers exploited Meta's AI support chatbot to take over high profile Instagram accounts such as the Obama White House, the Space Force's Chief Master Sergeant and Sephora. Attackers used a VPN to match the target's region, started a password reset, then convinced the chatbot to replace the account's email with one that they controlled, which triggered a reset code and handed them access. Meta appears to have patched the flaw in the last 24 hours. Dutch police dismantled.

A

Sorry, hold on.

B

Huge botnet.

A

All right. Yeah.

C

Dude.

A

Hey, the soundboard's working. I can start and stop the podcast too. All right, so this is great. I mean, it sucks, obviously, but like this is a perfect, A perfect way to demonstrate to non technical people the risk of AI. Okay, A podcast is A little low. Okay, I have it juiced all the way up. Can someone chat? Can we get a. Can we get a. Like, I don't know, like, is the audio need to be turned up? I guess let me say turn up the podcast audio. There we go. I'm running a poll now. All right, so check it out. The OWASP AI LLM, right? This is, you know, prompt injection and model poisoning and stuff like that. And this is it right here, dude. The fact that all they had to do was kind of change their region, it was coming from and as part of the attack is. Is trivial, dude. You can use a VPN very easily to change that. Very, very awesome. Again, you guys know me for a minute. Like, I don't condone cybercrime, but as a, As a, as a student of cyber, as a. As an academic, as someone who's truly passionate, the fact that. The fact that someone was able to hack this is. Is pretty funny. And you know, I don't know if they. Here's the thing. The. They didn't say in the story that it got weaponized, right? It's not like they went on to the White House's official Instagram channel and then put a bitcoin wallet and said, send me, you know, send me a hundred dollars and I'll send you 200 back, like committing fraud. Right? If it's just hacking the accounts and then doing silly stuff like it's 1995, then it's a little bit more enjoyable. All right, so DJ B, we've got 70% of chat saying that the audio is fine. So I'll leave it where it is. And quick aside this website right here, 404 Media, they don't. I feel like 404 Media doesn't break into the mainstream news media, cyber news media, or tech news media. But I love 404 Media. If you don't know Vice Motherboard. If you guys remember Vice, Vice is kind of popular. Vice Motherboard. The. The journalists who were on that actually broke off and started 404 Media as their own independent journal out journalist outlet so they could choose the stories they want. Okay, we got our update from Space Tacos. Everybody be cool. The phone screen went great. Now paperwork in the in person interview for June 16th. Thanks for all the good vibes, Team SC. Hell yeah. Oh, and a super chat Space Tacos. Thank you very much that Hansel's so hot right now. Okay, here we go. So awesome. Space Tacos. Love watching the wins. Okay, so basically the TLDR here is everybody Every executive, every accounting person, every carl in your business knows what Instagram is. The fact that you're able to use AI to basically compromise the account, that's something everybody can wrap their head around. Okay? The. The other thing here is the actual attack itself. Now, they. You could have had multifactor authentication on this account. My understanding is not only did they trick the AI into thinking that they were going to reset the password, but they were able to change the email on file, which means you can do a, I forgot my multifactor or I lost my device, whatever, reset, send the email. So even if you are doing all the things securely, right, all the things securely, you could not have prevented this attack. All right? And I just want to point out, like, yeah, whitehouse.gov like, some of these, you know, Kim Kardashian or whatever, like these higher profile Instagram accounts are, you know, notable for compromise, but some people run their entire business through an Instagram account. So if you compromise that account, you could technically, you know, basically cause a complete catastrophic impact to that business. So again, a lot of businesses use social media as part of their account. Others, it's like, you know, like. Like simply cyber. You know what I mean? Like, if someone were to get my Google account, I could not stream to YouTube. It's not like, you know what I mean? Like, I can't just like, oh, you know, I mean, I'd have to stream somewhere else. But you guys will all be like, where the hell's Jerry? To that point, by the way, guys, I know that this is, like, super nerdy, but. Oh, come on, what is going on? I know it's super nerdy, but let me just tell you my plan. This website right here that you're seeing on screen, and if you're listening on audio only, I'm showing the daily cyber threat brief website, this website on screen right here. I'm actually my contingency plan, because, you know, you got to have a group. A good contingency plan is to set this up where I could just live stream directly to my own website and, and. And disassociate with YouTube if. If I ever need to. YouTube provides great discoverability and great audience reach. So it would be stupid for me to, like, stop streaming on YouTube, but just. Just know if. If I ever do get deplatformed or whatever, the show will go on. It'll be like the mobile studio version, except it'll be like the destination for the streaming. All right, let's keep going.

B

Dutch authorities dismantled a botnet of roughly 17 million infected computers, phones and tablets. After a researcher tipped off the National Cybersecurity Center. Investigators identified around 200 command and control servers and seized several tied to what local reports say was the residential proxy service asocs, which allegedly routed the malicious traffic through compromised consumer devices. This is part of a broader crackdown on botnets used in cyber attacks and phishing and fraud and proxy abuse. And officials are urging people to update devices, secure WI fi networks, and enable multifactor authentication. Red hat.

A

Yeah, I mean, obviously, multi factor authentication, all the things. First of all, I have a limited soundboard right now, so regulators mount up. It was a cold, dark night. It was a hot day, okay? So I. In the instances where I have to do manual sound effects, you will get manual sound effects. That's just how we roll here. The Dutch police just absolutely dropping the hammer. You like to think that these people are all about windmills and tulips, but I got news for you. The Dutch police have been kicking mud holes and cyber criminals butts the last couple of months. They seized these C2 servers that were doing major botnets. Does it say, dude, 17 million botnet? 17 million device botnet. First of all, let me. Let me just kind of like paint a picture for you guys, okay? This is wild. Like, don't. Do not sleep on the number 17 million. All right, in 2014, 2013 time frame when Mirai botnet was out, right? Mirai botnet's like one of the most famous botnets ever. Well, I guess the Moore swarm made a botnet. But anyways, the. The Mirai botnet, right at its Peak, had 600,000 compromised assets inside of its botnet. 600,000. Okay. And at 600,000, the FBI was getting involved like the. The criminals behind it. The. The Rucker students were like losing their mind. The United States government thought that Russia was behind the botnet and it was going to be like a weapon. 600,000. Okay, fast forward to 2026. Criminals say, hold my vodka, hold my beer. And 17 million device botnet. That is a massive freaking botnet, my guy. All right, so let's talk about botnets for a second. Botnets are commonly used in distributed denial service attacks. But I recently took a flare academy training on doing passive, like studying passive DNS records in order to map out illicit criminal networks, which, by the way, they're going to have available on replay. I'm going to be making a LinkedIn post about it. But anyways, fascinating training I took the other day. Some of you were in that training with me. And can attest to it. These botnets are actually used quite, quite more in a quite larger utility than just distributed denial service attacks. They are using them for, like they said, sending phishing emails, sending, like routing text messages to, you know, like the, if you've ever gotten a text message that says you have an outstanding toll, fine, or whatever, or an outstanding, you have a package waiting for you at FedEx or whatever, those text messages are coming oftentimes through that botnet. And part of it is because by using the botnet, it becomes very difficult from a defensive perspective to kind of stop where they're coming from. Right? So definitely interesting. The Dutch are like all set with this type of crime. You can see the botnet consisted of consumer devices reportedly infected with malware. Yeah, here's the problem, guys. Here's the. There's two things going on. Number one, a lot of people who have compromised devices can still use their device. The botnet does not make the device unusable. Like, for example, if I compromised your Xbox or your PlayStation, all right,

C

you

A

could still play Battlefield 6, you could still stream YouTube, okay? Your Xbox, your PlayStation, it will still work. Your ring doorbell is still gonna ring and show you who's at the door, okay? The compromised device just means that the threat actor can also control it to do what they want. And now, of course, if they're utilizing it to do with denial of service attack, then your, your Battlefield 6 game is going to be interrupted. But for the most part, you can cohabitate with a compromised box that a bot, that's part of a botnet, which makes it less likely for a victim to want to take action. Because what do they, I'm not saying what do they care? But like, dude, if my aunt Kathy is able to do a ring doorbell, like, is she going to even know that she's compromised? And if she is, what benefit does she get? If she goes and cleans the device, which is friction and a burden for her, what does she get? Oh, when you're done, you get to use your device. The, the obvious thing is like, I can still use it right now. Like, what, what do I get by putting in this effort? I don't get anything additional, so I'm good here. So anyways, that, that's part of the challenge. The Dutch police taking the head out. I, I love it. If you're into these type of like, coordinated law enforcement takedowns, which I know is a pretty niche sub, sub subset of people, definitely. There's got to be a write up or something. I I've said this before on the channel simply Cyber IO books. This is my book reading list recommendations. This book right here, Tracers in the Dark. This book is a case study on four different case studies on how law enforcement uses, tracks down criminals that are using cryptocurrency for transactions. Some seminal work in here including Silk Road, which is like the, the very first kind of like online dark web marketplace that was using crypto. Also AlphaBay is in this one which was like the successor to Silk Road, guy out of Thailand was using it. But the, the case studies really cover the law enforcement coordination and takedown which is phenomenal. Also, also, and this one's going to get everybody frothed up in chat. If you want another like absolute banger of a story. Darknet Diaries did a two part series. This thing was so awesome, this, that they couldn't even contain it in one story. They. They had to break it out. Golem Fun Part 1. In Golem Fun Part 2, this is of all the Darknet Diaries I've ever listened to. This is like top three for me. It's very difficult for me to like parse out my favorite ones. This one, this one, top two. I'm going to put it in top two. The, the, the one that where the guy was counterfeiting money is my other top two. But anyways, this is. Check it out, man. Darknet Diaries. I feel like, I feel like Jack Resider and Darknet Diaries was like so hot like four or five years ago. I know he continues to put it out and he's still like the number one podcast in Cyber. But like, I haven't heard a lot of people talking about it lately. Maybe it's just the circles I run in. But anyways, as far as Darknet Diaries go, that Hansel so hot right now. All right, let's keep going. Oh, also, by the way, to avoid getting your devices compromised, do me a favor, change the default passwords. That's how these, a lot of these botnets work. They just scan the Internet, look for default passwords. Right. Daniel Lowry is out there scanning the Internet looking. Okay, you got it. You got to harden your devices.

B

Backdoors. A supply chain attack compromised more than 30 npm packages in red Hat's Red Hat Cloud Services namespace, injecting the shy huluudworm during install runs to steal cicd cloud and developer credentials and self replicate by republishing through compromised accounts, including GitHub Actions, systems that installed affected packages should be treated as compromised. Red Hat removed the malicious packages, adding there's no evidence of impact to customer or production environments. Grab.

A

All right, so a couple things. One, normally I would grouse and be like a curmudgeon about the fact that they CISO series ran this story yesterday. So we've already talked about it. But, but one moment. This is a pretty major story, a pretty major attack. Red Hat Linux is a well known, like the, the Red Fedora people know it and for their official NPM account to have been compromised and put a malicious worm into the source code that would steal confidential data is a pretty big attack, pretty big deal. That is a massive supply chain attack. The threat actors took control of at Red Hat Cloud Dash Services, which is the legitimate channel in the NPM repo. So if you did download or update your end your Red Hat packages and got this infection, you've got some real issues. A lot of times Linux servers are used as like the, in my opinion, I've seen Linux servers in enterprise environments used as workhorses. Like I think, I like to think of like, like the Linux servers are like the, I don't know, like the, the Clydesdale horses. Like the, the big beefy workhorses on the farm. And the Windows servers are like minus active directory domain controllers. The Windows servers are like sheep. Like there's a lot of them, there's a lot of them on the farm and they're doing some stuff, but they're not nearly as important as the plow horse. So what's unsettling is they say they still don't understand how the threat actor compromised the official Red Hat Linux name. And again, I just want to point out really quickly, I'm not saying that these two attacks are related, but going back to this first story about hackers were able to use meta AI to unlock and give control of those Instagram accounts, I could imagine a reality where, you know, people are baking in AI for reasons that no one's asking for because it's AI and you're able to get those official repo accounts take control of them. The important thing is the following. Number one, if you're running Red Hat Linux, make sure that you're not running an infected version. Number two, if you do have developers with namespaces in npm or GitHub or anywhere, right? It doesn't have to be npm. It's like this is more of a, this is more of a category of threats and attacks that are happening right now. The open source software supply chain attacks. It's much less about the specific Red Hat Linux. This is Just like today's story. Tomorrow it'll be like something else. Right? Make sure you have MFA make sure you put in conditions for what's allowed to push updates to the official, or, you know, commit official updates to the code base, etc. Because this is really a problem, man. Once the system was infected, it would encrypt the creds and send them through a web request, allowing the malware to publish the encrypted data to a GitHub repo. Okay, so whatever. That's how they would. Would steal the creds. Oh, that's another thing. Not only are you getting a worm inside your Linux instance, but a lot of these open source supply chain software attacks, the first thing the malware does is go to the secrets repository or the secrets bucket and just rip out all of the API keys, all of the secrets, and then share them with the threat actors. So pretty gross. It is pretty gross. Also, Kyle, Kyle says what it's, what's crazy is other companies giving AI control of your account. Yeah, dude. 100. Like, I mean, it's, it's obviously, it's a bit commonplace at this point, but like, dude, people are like, we gotta like, we've got to put AI in. We've got to put AI in. No one's like, stopping. Like, this is like the Jeff Goldblum thing from Jurassic Park. Like, no one's stopping to say, should we put AI in here? It's like, let's race to shove AI into all these things and see what sticks. We got to make that paper, baby. I don't have it straight cash, homie. Right, but, but obviously it's leading to issues, right? Oh, you got to crack a few eggs, Jerry. But make it all. I'm like, yeah, okay, well, can you crack a few eggs with other people's tech? Not mine. Thank you. All right, let's keep going.

B

Navigates data concerns in Taiwan expansion Southeast Asia's ride hailing and delivery giant Grab is facing scrutiny in Taiwan as it expands beyond its current region with regulators and the public raising regulators about its use of a China linked mapping system in its regional operations. The issue could complicate approval for its planned expansion into the Taiwanese market, where data, security and foreign tech dependencies are under increased focus.

A

All right, Okay, so this is one of those news stories that, like, I have to pay a dollar to read the story, which, spoiler alert, I'm not going to. Okay. K Cipher trying to add a little bit of reality to, like, conversations. Hey, can we slow down and think through what we're doing before we do it. No, we don't have any time for that. Move fast, break things. All right, so this story is pretty limited. Grab basically looks like Uber in Taiwan, their ride sharing service and their food delivery service. And essentially it looks like they are using some Huawei based mapping system on the back end to see like, so you know, customers can see where their grab driver is or their Uber driver see where their food is. Very convenient. Right, like, oh, the food's going to be here in a few minutes, I better go downstairs. Oh, like the Uber's 10 minutes away. I have time to like go the bathroom or whatever. Useful apparently. I guess their concern is that China is going to use this mapped system to, for intelligence purposes as part of, I don't know what, like an invasion. Like, they don't go into the details. Like, I'm not saying that their concern over having Huawei based mapping system is unfounded, but like, I don't know. I mean, here's my thing. I feel like this is an example where this company, this, to me this isn't a cyber story. Okay, I'm going to give you a hot take on this one. Can we, can we get the tinfoil hat? I didn't see any first timers here. So you guys all know what the first timer is. Here's my take on this. This company right here makes a lot of money. Okay, so follow, let's follow the money. Company makes a lot of money. It's probably a, a critical service that they have this mapping system or there are competitors who offer a competitive mapping system that costs more money than the Huawei based one. And this company is trying to maximize profits, which for profit companies do. Like, let's be real. So they're asking for deregulation essentially on the ability to use this technology so they can make as much money as possible. Those are my hot takes on this one. The Taiwanese government is getting involved saying no, this is no different than like the United States government saying that like we can't buy TP link devices anymore because of security. We as consumers want to buy TP link devices because they're cheaper than Netgear devices or you know, whatever, Linksys devices. It's, it's, it's all about money, my guy. Okay, so whether Grab feels that there's a risk here or not, I don't know. Again, and I'm not, please don't misunderstand. I'm not trying to marginalize the Taiwanese Chinese relationship and the strains of those two countries interacting with each other or, or depending on. Depending on where you stand, country and state of country. Right? That's a, that's a point of contention. But dude, to me this is like look at any company in the United States. Like deregulation is a thing that they like so they can move fast and do things. Kishin, Infosex doesn't want TP link. That's fine. That's fine. All right, let's keep cooking.

B

Huge. Thanks to our sponsor Vanta, your team just added its 67th AI. Unfortunately also your 67th security blind spot. The good news, the Vanta agent works like a GRC engineering background, finding every app your team uses, scoring the risk and drafting fixes for you. Vanta is the platform used by over 16,000 fast moving companies like Ram Cursor and Harvey who are shaping the future with AI and staying ahead of AI risk. Get started at V SL Headlines.

A

All right, let's do this. We'll get some muzak going here. Let me turn the volume down so I don't blow your ears out. Everybody. All right, here we go. You know what we're about to do. All right, here we go. Everybody getting a second coffee here. And by second I really need third coffee. Gotta, gotta get the coffee. I will say shout out and hello to my wife Mrs. Oer who bought me 24 coffees to bring with me on this trip. 4 days, 24 coffees. About 6 coffees a day average if I want. Is it is true. I'm. I'm heating up some coffee. I'm, I'm out right now, which is a big problem. Guys, thank you so much for being here. I want to say shout out to the stream sponsors Threat Locker, Anti siphon and Flare for continuing to support the channel. I wonder if I can like change the light here, guys. Every single day of the week has a special segment. Oh, by the way, thank you. Thank you guys. Thanks for being here every day. Thanks for sharing part of your day with the Symphony cyber community. Thanks for sharing your wins struggles. It's awesome, you guys. It's awesome. I went to dinner last night with a bunch of people and they all were like, Jerry, your community is so nice. Like you're so nice. Your people are so kind. Like, how do you do it? I'm like just the good people. You know what I mean? It's not like you. I manufactured a kind group of people. Cool people attract cool people. Did anyone not receive their CPE cert email? No. Everybody should have gotten theirs. So every day of the week has a Special segment. And Tuesdays is tidbits. Tuesday, my guy. What is up with this? So want to share a little bit with you.

C

Let me.

A

Let me get this coffee. I can keep talking. So I am in Las Vegas, as many of you are aware. I got to tell you guys, I've come to Vegas. I think, geez, man, this. I've been coming to Black Hat DEFCON for 15 years probably, and there is definitely a noticeable change here on the amount of, like, slot machines, gaming tables. There's just less of it. Like, looks like Vegas is pivoting to entertainment. You know, you got the F1 race. You got all the shows and stuff. I don't gamble really. Like, I mean, if I gamble, like, it's. It's just screwing around. Like, we. We, like, I assume that I'm gonna lose. So, like, I don't think of it as gambling. I think of it as, like, playing games. But it seems like that, you know, people aren't interested in gambling anymore. Also super pumped. Like, Las Vegas is like, the only place you can still smoke indoors. But I'm not even seeing or smelling that, which is phenomenal. So little tidbits. Tuesday. I like the direction Las Vegas is going in. I've never been a big Vegas fan anyways. I guess that's the tidbit. I'm not a big Vegas fan, but I get why they do it here. Also. I have met many locals in Vegas. I have a videographer running around with me out here. He's a local. The people in Vegas are exceptionally nice. Like, I love myself some Vegas locals people. So what are your thoughts? We're gonna get our La la la's on and then finish strong. Here we go. I don't want to blow your ears out here. Let's just bust it to 70. There we go. There we go.

C

There we go.

A

La. All right, all right, all right. Dude, with a solid W, guys. Love it. Love it. Thanks again, everybody. You guys are the best. You know, dude, it's easy to show up. Mobile studio, in the garage, on the road, whatever. It's easy to show it for you guys. Humble student says. Are you attending Cisco Live? Yes, I'm at Cisco Live. I actually have a video coming out today that is, like, really well produced that covers everything I did yesterday. Look for it on the channel or my LinkedIn account. I think you'll like it. I think it's a cool video. I'm just waiting for one more thing on it.

B

WordPress malware lurks in Steam profiles. GoDaddy researchers uncovered a malware campaign compromising nearly 2,000 WordPress sites by hiding command and control data in Steam community comments using invisible Unicode characters. The payload built a malicious URL that delivered JavaScript disguised as legitimate libraries and injected it into WordPress pages before installing a PHP backdoor triggered by specially crafted post requests and an authentication cookie. GoDaddy recommends restoring from a clean backup when possible, or fully removing all malware components since leftover backdoor access can reinfect a site. US Troop.

A

Hold on one second. Jostex adding to the coffee fund. What did we just become veterans? Yep, Jostex. Thank you. Coffee cup. Cheers to you, my guy. All right, so this one is crazy. So like WordPress websites infected by malware where the C2 is on Steam. Comments? All right, so, all right, hold on one second. So, okay, so there's a couple things here. Number one, number one, the. I. I've said this before, but this is a great example. C2 Command and Control. The way for a threat actor to control or push additional payloads or pull data off of compromised assets. They use C2 like C2 is a fundamental term that you should understand if you work in cyber security. I'm not a threat actor. I don't Play 1 on TV. But I need to know what C2 is. You do too. It's command and control. It is literally, it's a fundamental piece of the cyber kill chain. So you got to know it no matter where you are in your career journey. Number two, this is like advanced level day two stuff. Okay? C2 can be done any way that you can send or receive information. A lot of people will use like a server, right? C2 server, that's like, you know, that's fine, you can do that. But dude, you can use Twitter accounts, you can use blockchain, DNS, you can use anything for C2 as long as the compromised endpoint can reach out and pull down stuff it you can use C2. And in this instance, clever threat actors are using Steam community comments. Now, for those who don't know, Steam is basically a PC gaming engine. So think like Xbox, PlayStation if you're. But you could use your PC. And Steam is like one of, if not the most popular, like gaming loader, where you can download games and play them on your computer. So because of that there's a whole community around it. You can leave comments. This game sucks. This game's cool. Watsi, why are you producing trash on arena, right? Like whatever you want. But because those comments are public, that means anyone can reach out and read them. Which means compromised assets can pull down. Now what makes this a little bit more clever is that they're using Unicode to encode those payloads, which means they're not visible on the front end. Which means if you're just like going on Steam and you're curious about buying the new Final Fantasy Tactics Chronicles of Iberia game, which maybe some of us are, I'm waiting for it to go on sale. But if you're Final Fantasy Tactics, by the way, low key sleeper banger that people need to know about, as far as a video game goes, you maybe you want to reread the comments and say, okay, like is this game good? Do people like it? That's fine. You're not going to see the payloads because it is hidden. So even if the comment said nothing, it could be hidden. If the comment said great game and then a bunch of hidden Unicode. The thing is you can scrape that page and the unicode will be there. It just doesn't render on the front end of of the browser display, which means it hides. The one thing to note is you still need initial infection. These WordPress websites had a different problem first. Either crappy WordPress plugin, crappy credentials, compromised endpoints, reuse credentials, whatever it is, these 1900 WordPress websites, probably a zero day by the way, these 1900 websites were already compromised and then C2 was being done through the Steam comments. So just be aware of that. Okay, what can you do? The one thing I would say is if you want, if you're running WordPress and you don't know, you could look in your logs and see if like your file server or your web server is reaching out to Steam's servers. Like I don't know what the Steam IP address ranges are, but I would assume that the servers that are hosting Steam's infrastructure are well established since Steam is like so well established. So basically if you see a web server talking to a Steam server, that's unexpected behavior and an indicator of compromise. So that's what I would do. I know William K99 saying WordPress still being a thing in 2026 is wild. Dude, I'm right there with you. I don't know, I. I don't know what people are up to. Although I think Zach Hill is like a big WordPress champion, so maybe we could have him debate on the side of that.

B

Tracked in active war zones U S Lawmakers say foreign adversaries are using commercially purchased mobile location data to track U S troops in active war zones, revealing movement patterns that could enable Strikes, drone attacks or counterintelligence operations. Senators warn this stems from the Department of Defense's failure to restrict access to sensitive location data and urge stronger cybersecurity protections for service members.

A

Windows Net okay, earlier how I mentioned how I don't piss and moan when the stories are the same because this Red Hat story was big. This story was in the news like last week. So. And there's no new updates on it. So this is not desirable. I'm gonna spend five seconds on this story. Threat like soldiers in military operating theaters have commercial software on their phone that can pinpoint where they are through a GPS location. Find singles in my area. Tinder Ukraine, Russia invasion 2022. There was a whole thing with it. Go Google it. Soldiers should have to turn their phones off if they're in an active war zone. And they, they actually have like a vested interest in their own personal physical safety to do that. Not going to spend any more time because guess what, you can go back and watch four days ago when I spent length of time on this one. Tough, tough, tough. It just whatever. I wish the CISO series didn't do that.

B

Logon in attackers crosshairs. The center for Cybersecurity Belgium is warning that attackers are actively exploiting a critical Microsoft Windows. NET logon flaw which can let unauthenticated attackers send crafted network requests to a domain controller and execute code with system privileges. Microsoft patched the bug back in May, but Belgium's cybersecurity agency says it's now being exploited in the wild and urged organizations to install updates immediately. Net Logon handles authentication across Windows domain networks so successful attacks could give threat actors control of domain controllers and connected machines. Election Fish.

A

Okay, all right, listen, I'm going to be cool, all right? I've only got seven more minutes of this show. I'm wearing. I, you know, I'm on travel, so I only have so many shirts so I can't get all hot and bothered and just sweat through this shirt in a fit of rage. Okay? Unbelievable. Critical Windows Server operating system domain controller vulnerability that allows complete system compromise. You're able to run code on the domain controller as system, which is essentially the God mode account. And this vulnerability was patched in May. Now I, I will say I'm not gonna, I'm not gonna take a, a tuna fish out of the sea and grab it by the tail and slap people across the face with this one because the patch just did come out last month. Now what I want to point out is in large enterprises vulnerability management, patch management it does take time, but the largest organizations may have 17 to 20 domain controllers. Okay, and, and hey, correct me if I'm wrong in chat. Okay, correct me if I'm wrong in chat. Smaller mid sized organizations, they might have three or four, right? You got like the main and then a couple redundancies. Maybe, maybe you got a facility in Puerto Rico that has like up and down network activity because of power. So you just have a DC down there, okay. There isn't thousands of DCs. This is a massive vulnerability. So like it should be, it should be fairly easy to verify if you can patch it. Another thing, patch it and it doesn't impact operations. It's another thing by the way, DC's replicate. So you can patch one and if it's a problem you can, you can. Well I guess the DC schema and metadata replicate, not the operating system. I digress. But, but, but this is not a massive impact, okay? Now if you are running some, some version of Active Directory that's so old that you can't patch, that's a, you've got a whole other problem in your environment. But it's absolutely not cool man, that there are lots of these open and being actively exploited. We saw, listen, we saw the, the reason this pisses me off. We saw this with wannac Cry Eternal Blue got released, right? Who is it? Shadow foundation or whatever, Whoever did the Vault 7 leaks. I forget what the name of that group was like the Shadow brokers think it was. Anyways, Shadow Brokers breaks into the CIA, NSA leaks Eternal Blue, it's an SMB share. Perfect, perfect exploit and vulnerability within exploit package it up. This is in like February of 2017, Microsoft rushes to patch this frigging thing, okay? The patch comes out six weeks later, North Korea launches WannaCry and, and it goes absolutely ham across the, across the planet. Okay? So even when you have the patch and the vendor's done all the things, you still get things like this. Like this is why vulnerability management is important and why you need to prioritize which ones are drop everything and let's get it fixed versus Nah, we'll get to it when we get to it. This sounds like one that is disgusting. And, and by the way people, your active directories, domain controllers, it's a pretty important part of your infrastructure, okay? It's not Carl's WordPress server on some type of dev or research network segment. It's a critical backbone piece of your Windows infrastructure. So you can't treat it, you can't treat these servers as oh it's every server is created equal. No, okay, not every server is created equal. Some have higher priority. Okay, And I'm not trying to be like discriminatory here. I'm just being real. Critical functionality for corporate infrastructures have higher priority servers. Tldr. Go patch your active directory. Go patch your domain controllers. Okay. Thank you for coming to my TED Talk register.

B

Thousands of domains. Checkpoint researchers report that attackers are increasingly targeting US Elections through phishing and impersonation rather than voting systems, registering more than 5,000 election themed domains in two months alongside roughly 17,000 exposed credentials tied to political and government services. The data suggests these domains and leaked logins are being used for scams, misinformation and account takeover with AI further lowering the cost and scale of these campaigns. Also noted voter and election related data circulating on criminal forums ahead of the midterms. The current crop.

A

Yeah, okay, so obviously manipulating elections, election security, all those things. I mean, as they said, hacking voting machines is 2017. A couple of things. Number one, like, hacking voting machines was never a practical attack. Okay? Like, and I love the fact that DEFCON has had a hacking or election security village, whatever they call it, for years. But the reality is if you're going to hack a voting machine, like the, the, the older woman who checked your ID is going to see you open up the machine and tinker inside of it. Yeah, you can hack a voting machine, you just can't practically do it at the election booth. All right, so that whole thing was always over, over, sold as far as I'm concerned. Now registering 5,000 fake domains, like vote, you know, vote-sc.now.gov.com right. Like all these things, you know, it's easy to dupe people. You can. Sick misinformation. You can put disinformation. Hey, voting. Voting locations have changed. Hey, here's some deep fake video of your candidate, you know, punching a baby or whatever. Like, don't vote for them. We can do all this. And like, as AI continues to go, it's getting more, it's getting more crazy out there. Fortunately, I still haven't seen a lot of like, deep fake, really strong, you know, election interference yet again in the United States. For, for those who are out there in other countries looking at the United States, we've got some, we've got some problems in our house. Like there's some division going on, there's some challenges going on. So I could see specifically this coming midterm elections there, there might be a kind of a shift in the overall power dynamics within the United States federal government. So, you know, whatever, we'll see what happens. 5,000 domains, that's a lot of domains. I would imagine that election security, if you, if you've been a big election security person for a number of years, like your super bowl is coming in a few, in a few months. So Jean Devonish is saying the fraud happens before the machines arrive on location. Sure, sure. That, that is definitely something that could be considered. All right, guys, I actually have a meeting here. Let me see. Oh, Jesse is there. That's interesting. I didn't get the audio that Jesse had joined in. I'm sorry, Jesse. All right, let me do this really quickly guys. Stand by. You get to hear me do my little do do do's, all right. I don't even have the Cyber Career Hotline thing. Mobile studio minor fail. Let's do this, guys. We did the thing. I want to say thank you to all of you for being here today. Mobile studio day two here, Las Vegas, Cisco Go live. I had a heck of a show or I had a heck of a time with this show. Definitely enjoyed it. Want to remind everybody at you got Jesse Johnson, AKA the Cosmic Cowboy, the brain behind Slay Cert plus coming on to do Cyber Career Hotline which is a AMA show to help you level up, get your questions answered, hang out. If you have time, you can help mentor from chat at 9:30am Kathy Chambers Media is actually releasing a video with the Daniel Lowry. So two Simply Cyber community members that I care quite a bit about got the cyber security interview. Now what? So if you're a person, space talkers, who's got the interview on the 16th and you want some help, come check out Kathy Chambers, Daniel Lowry, both well known community members share that knowledge. I'm Jerry from Simply Cyber. Thank you all so very much. Jesse, thank you. Until next time, y' all stay secure. I'm Dr. Gerald Osher, this is the Cyber Career Hotline. If you're building a career in cyber security, this show is for you. Let's get into it.

C

Yo, yo, yo. What's up everybody? What are we doing? Welcome to the party, pals. Boys and girls, ladies and germs, 352 of you strong for now. Now that Dr. Jerry Zoer is gone. Thank you. Dr. Rosier returning, over. Welcome to Cyber Career Hotline. Microphones are open, chat is open. Give me a call, drop me a line. How is your journey into cyber security going? A little bit about me. My name is Jesse J. Work in security operations, vulnerability management and I have a mixed background Everything from it, IT administration, all the way to things that are not technical at all. Working in mentorship, playing music full time. I worked in law enforcement as a street cop. So a little bit of world experience, some IT experience and I now work in vulnerability management, security operations, risk management, grc, all that kind of fun stuff and it's a blast. What's up angular 777 good to see you. Good to see you. Hey Roswell uk Good to see you.

A

Look at that.

C

Canada J let's go. Jesse Johnson in the house. Hey tech grunt starts guitar riffing I was during the live stream playing this, Playing this US made telly. We got a while back a pretty fun little tidbit. Tuesday. We go nice little telly. It's got this middle pickup that somebody had put in it. Normally a Telecaster guitar only has these two. So this is my, this is kind of my workhorse. This thing has been all over the place. Got a lot of wear on it from long nights, all that kind of stuff. So yeah, I got some gigging coming up this weekend. All right, some cyber questions. What do I think is a typical career path from help desk to soc analyst? So jt gorman450 so what I've seen in my experience is a very linear. Typically it used to be you'd have no IT experience. Maybe you'd get a help desk job. From the help desk job you would have experience maybe two or three years working at help desk and then within maybe the same company a cyber role would open up or you would have some IT experience and you would be able to get that cyber job. The reality is it is J.T. gorman a little bit different than it was before when it comes to breaking in or getting a job from help desk analyst to SOC analyst. While being a SOC analyst and a help desk analyst has some skills and some tasks that co align, they're not always the same and so there's a little bit of a disconnect for folks trying to break in from one to the other. I would just suggest to do what you're already doing, obviously your help desk work and then home. If you don't have. I mean I guess I need some context. Do you already have SOC experience outside of home lab or not? Home lab, help desk. Have you worked anywhere else? What does your experience look like? Because you'll probably need to do some homelabbing, get some hands on analyst experience when it comes to that interview. I would maybe see what if you have a security team, see if that security team would let you in on the meetings, let you in on maybe some morning coffee with the team, some debriefs, offer to buy them donuts. Just see where maybe you are within your own company before going elsewhere. It's a good question. Jazzy Jazz. I have a friend wanting to set up a home lab. What are must haves? A standing desk, three monitors. How is my setup? My setup is I have undiagnosed severe ADHD and so if I don't stand every little bit, I'll forget that I need to stand and so I'll just sit and work. Plus it's important I'm in my 40s and I gain weight really quickly. So if I don't get up and get stand steps, I seriously go from desk jockey to like hardcore out of shape guy really really quickly. It's just how I was designed. So I need to stand, I need to walk around. I don't think it's a must to have a standing desk. I don't even think three monitors a must.

A

You can.

C

I've seen very successful folks do home labs with just one monitor, a split screen going back and forth through tabs. If you can have a second monitor, it is really nice because maybe you can put your scenario on one screen and have your actual working lab in the other. You can have multiple obvious, you know, up to four tabs. What is some things, you know, I would say make sure you have obviously. Just more than having the right tools. Like as long as you have a laptop that's somewhat competent and a monitor and a keyboard and all the basics stuff, you're going to be fine. Have the drive to learn and to break and restart things there. Obviously the ideal setup would be of course, three monitors with maybe a really big one on top, one vertical monitor for some of your coding and scripting. If you want to look super cool, a motorized standing desk, a nice ergonomic lit atmosphere with some essential oils, all that kind of good stuff. Sure. But at the end of the day you'd have curiosity, a will to break, to rebuild, to try things out. That's what you really need to have more than the monitors and everything. So yeah, two monitors would be nice. Standing desk, sitting desk. As long as you can get the work done, I think that's all that matters. A good mouse, good keyboard, and after that really it's going to be a curiosity and desire to learn. Hey, soap flavored. I appreciate the compliment. I'm sure you tell that to all of the non Jerry folks.

A

Hahaha.

C

Looking for more questions for John Devonishes Try hack me dead. Should I use other learning platforms? That's a fantastic question. Personally speaking, I no longer associate myself with try hack me. I don't know if they're dead or not. I haven't been to their website in ages. I've got some home labs that I've spun up. I enjoy Hack the Box, I enjoy hack smarter. Some of the crew from John Hammond's crew has just hacking training and they've got an awesome defensive course that I work in. Excuse me. So I think it's up to you. I don't know if it's dead, I just haven't heard much about it. Should I use other learning platforms? Use whatever works. Use whatever works for you to get the job done. If you've got a free thing for try hack me and it's still working or somebody's going to purchase it for you, then absolutely. Use whatever it takes to learn. Maybe not submit a bunch of data and understand, you know what's going on. But try hack me if it works for you. Works for you. If it's home labs, if it's hack Smarter, if it's hack the box. Blue team, level one labs. Let's defend whatever works for you. Make that tool do the work, learn and move on. Striving to learn what is the best to get an IT cyber role in a place that doesn't have a strong tech sector. Also, four years prior IT experience and I just earned my WGU bachelor's in cyber security. I love the avatar with the guitar. That's awesome. On your YouTube or your handle picture. And congrats on getting your bachelor's in cyber. What is the what is the best to get an IT cyber role? What is the best, what path certification position to apply for? I think there might be a missing word there. What is the best, what is the best path to get an IT cyber role? Maybe in a place that doesn't have a strong tech sector. You could be the person that kind of heads it up. It might not be the most glorious thing. I'm always spitballing just ideas off top of my head of how to like innovate. So my brain immediately goes, okay, we don't have one here. How do we build one? Have we tried it before? I'd start looking at your C suite, start talking to people in the company, find out why we don't have a strong tech sector, find out why we don't have any kind of controls put into place or whatever it may be. I would look to see if There's a role you can create. Sometimes we need to create ourselves roles. If they don't exist, you create yourself one and then from there if that doesn't work, stay where you're working and continue the, continue the grind of networking. There is a little bit of luck involved so being in the right place at the right time. But really it's building out that professional healthy network, staying skilled up. So when those opportunities come your way, you're ready to speak value into the to the questions that a hiring manager might have. If it's, if you have severe, I don't know if it's severe undiagnosed, then you need to look at diagnosis and support. Well, I'll think about it. I appreciate the insight. I have a awesome supportive family. I've done a ton of research so I feel like I'm well researched. Everyone say I need to get it looked at. All right, all right, maybe I'll, I'll look into it. Hey Gorman. JT Corman if my company does not want to promote from within, how can I best hone my cyber skills to leave for a better position? Hands on experience through building out home labs. Volunteer experience. I mean if you're not gonna, if you're working full time, obviously you can't get a second full time job. Maybe you can. But if you want to build up that hands on skills, it's going to come from spinning up a home home lab. There's countless videos on YouTube. Dr. Ozier has a good home lab. I said this before. Get a Microsoft developer account. Get some free Azure credits or AWS credits. Spin up a home lab in the cloud. Use infrastructure as code to spin up a small corporation. Open it up to the public facing Internet. Make sure you know, do your due diligence. Make sure you're not opening yourself up to tax but within the cloud. Open it up to the Internet. Understand what what I IP looks like. Understand what traffic looks like, understand what suspicious traffic looks like. Do yourself some PCAP, capture some PCAPs, do some network traffic analysis, maybe detonate some malware. Do all of the things that you can on your own to build. Just because it wasn't paid work doesn't mean it wasn't work. Now Phil Stafford makes a great point. Don't go put on your resume. Hey, I worked for NSA as a top tier hacker when all you really did was build up a home lab in Azure on a weekend. But getting volunteer experience and building that home lab out is still working. It is still hands on experience even if it's not paid. So there are ways to channel that and to word that on your resume so it shows that experience. That's the best way for you to hone it is going to be through sandboxing, through labs, through cyber ranges such as hack smarter, hack the box, things of that nature. Hey tech grunt, gotta head out. Work is calling me. Stay classy brother. Space Tacos asked did something happen with try hack me? Yes. I would go watch videos and do some research.

A

Research.

C

I only know tidbits and not enough to speak into the situation. It'll sound like I'm being very disparaging when I know very little about the situation. So I would just do your own research. I don't even want to surmise kind of what happened or what went down because I will word it wrong and insert my emotions and assumptions into it. And I don't think that's fair for anybody that might have been involved with the. With whatever. It's not the platform I use but it's just not my thing. And there's some folks in comment, in the comments too that are informing us. Oh that's cool. Sean Byrne says my prior networking teacher said I could use the Cisco switches setups in the classroom to do some labbing over the summer. Also a bunch of space on Proxmox for VM testing Foreign I'm all about just going out and sounds gonna sound so cringe and cheesy but making your own opportunities. What I mean by that is let's say you have a desire to learn cyber. Nobody's hiring in your I live in a relatively small town. There's not, there's, there are no cyber companies here. Let's say there's no cyber roles. Do you have a tech school? Do you have a A like a local community college? Go there. Ask is there. You know, tell them that you're trying to study. Ask is there any lab equipment? Is there anything that you can do over the summer? Do you do any kind of volunteer work? Is there any on campus work that you can do? Maybe you gotta fill out some applications. Maybe you can become a part time campus employee and part of that would mean that you get access to some of the lab equipment, right? Go audit some classes. Go audits. Maybe you live in a bigger city with it and cyber. Find out if you can audit classes. The way I look at it is I will always ask because what's the worst someone's going to say no. Whatever it is that you're trying to figure out might not happen. I always Ask. And so I'll be the first person. I get a lot of things a that maybe most people don't get or it looks like I have favor when in reality I just asked. I just said, hey, can I try X, Y and Z? And somebody might go, oh, that's really unorthodox. We've never had anybody volunteer to do a cyber assessment at our church before, but go for it. Okay, cool, thanks. Just ask, you never know. Find out, hey, what can I use? Is there anything that I can do to contribute to add value to your organization? And in return, can I use your tool sets? Is there a lab I can use? Is there any computer networking gear that I can use? So you gotta get out there, create those opportunities. They're not gonna always come your way. Easier said than done. And it's not always the same for everybody. And I do realize that gotta be the CEO of you. I see your question. Space Tacos, and I'll, I'll reach out to you on a dm. Everybody's doing pretty well though.

A

Kathy Chambers, Media.

C

I hopefully get to see you here soon. Good morning. Everybody late to the party? Editing away for Dakota. Oh, cool. That's awesome. See y' all at 9:30.

A

Don't forget.

C

Ready? 9:30. Authentically cyber with Kathy Chambers and our, our buddy Daniel. Larry. So you got the initial call. Now what for a cyber role? I cannot tell you. I've been to the final stage of a hiring process multiple times in my career. So much so that we were starting to look at moving companies to like we thought it was that for sure. Internally, people on hiring. Hey, man, it is looking. We just got to get through one more person. But from what I'm hearing, you're the guy. I can't make any promises, but you're the guy. Well, guess what? They got through that one other person. That one other person might have had five, three, two more years experience in a certain specific sector. So I've been so close and been told we didn't think it was going to happen. They went with a different direction. We are terribly sorry, but blah, blah, blah. We're going to keep your application on file, unfortunately. Thank you for your time. Unfortunately, we've decided to move forward with a different candidate. We've all heard it. I've heard it countless times. You've got to be like a duck and that has to be like water and it's going to roll off your back. You just got to keep moving forward. J.T. gorman, over my career. What was my favorite role? My favorite Role probably is the one that I have now. It is, it is the role that I feel like I have the most room to grow and develop. I feel like it's a role so. So vulnerability and security operations. It's one of my favorite roles that I've had within IT and cybersecurity. I've done some, you know, some pen testing. I've done a little bit of, a little bit of everything, both in volunteer and in a paid capacity. And what I'm doing now is really, really enjoyable. It's challenging enough to keep me going, but the pressure also isn't so high that, you know, I can't enjoy life to a certain extent. So my current role right now, vulnerability management, security operations, helping lead teams facilitate both client facing and external facing. I get to spend half my day being really technical in the weeds, documentation behind a keyboard and then a lot of my day I spent in client facing, interviews, board meetings, C suite type things, having conversations about security posture. So, and I never thought I would, that that would be after you kind of get into cyber and you go, maybe it's. Maybe you see the SOC rolls and the pen testing roles. We think grc, risk compliance, vulnerability management, security operations as kind of the snooze stuff. But for me as a person who enjoys teaching, leading, developing, mentoring, having conversations, I really enjoy my role. I couldn't just be behind a keyboard 24 7, nor do I want to be in a boardroom. So it's a nice combination. Oh, soap flavored. I Last week I asked a question about a. About being a professional and privacy meaning answered many answered segmentation. How do you segment your life? Pseudonyms LinkedIn are based on you. Oh. So I, I think what you're asking is your professional life. How do you. Well, so here's something you need to. I think that folks probably need to understand if they're going to become a cyber security professional, they want to do it for the long haul. You've got to maybe accept that privacy and cyber security is a lifestyle for you. What I mean by that is maybe that means you have sock puppet accounts. Now you don't have an actual LinkedIn account or maybe a LinkedIn account for professional purposes only. Maybe now you don't get a Facebook account, an Instagram account and a TikTok account. Maybe now you don't get to post pictures of your kids or your vacation, of all the meals you're eating, of your morning routine, whatever it is. Because you're saying, I am choosing to work in cyber security. I want to keep my life private. So some people create sock puppet accounts, right? Accounts that are not them, just a fake account, but they can still keep up with friends, family, maybe there's a few key people that say, hey, I'm jumping off of Facebook for the time being, but if you get a request from this name, it's going to be me. I just can't be publicly facing anymore. Or you're just incredibly careful about what you post. You, you hire companies like delete me. Look at flare for your external exposure. But for me, I just got off of LinkedIn completely. I have a Facebook account which I stream some Slaycert plus from. I use it to follow up on friends and family that I haven't seen in a long time. I don't have LinkedIn, I'm sorry, I don't have Instagram, I don't have TikTok, like not even on my phone, don't have a login, nothing. So for me, I just pulled myself out, I segmented it kind of, you choose, got to choose kind of the groups you're known by the company you keep. So you know, you look, take a hard look in the mirror. If I'm going to work in cyber security, are you willing to make those compromises and sacrifices in your personal life when it comes around privacy, segmentation, things of that nature? I don't know if that answers the question, but I hope that helps.

A

Foreign.

C

What's up? Any tips on how to implement Copilot into your VM workflows? I've used it to help explain metrics, but I'm struggling to find other ways to use it into my vulnerability management workflows. Any tips on how to. Let me ask you a question. Is it a private license or is it public? Is it just your normal run of the mill out of the 10 copilot? If you don't have your own, I won't say license, but license your own copilot tenant, whatever. For lack of a better terminology, if you've got your own, it's going to be the information. You can put proprietary information in it and, and supposedly it's going to be okay if you're using copilot public, normal copilot. I wouldn't put. I would use it, I mean for building slides, maybe some ideas when it comes to how to communicate risk to people. Obviously I wouldn't put any kind of proprietary data in it. Let me think on how do I use AI in my. I use it mainly really for wording things. I use it like I'll already have a concept and I'll use AI as the force multiplier. Or I'll prompt it. I'll say, okay, here's the data. I need a slide that represents this data. And I'll just put in for email addresses, john doebusiness.com for IP addresses, I just go put 1.1.1.1. And then for any business or client I just put it out and I put corporation.org or.com. so I sanitize data as much as possible, but when I do use it's going to be for slide creation, for coming up with ideas around metrics, how to present things. I don't use it agentically. Currently where I work it's still about having human hands and human eyes check everything. There might be some automation, but the end of the day it's about having that human experience and that human component. So I don't use a ton of it outside of what I do for media creation, slide creation, analyzing metrics, helping me to maybe recognize patterns in something and then put words to it so it might see a trend that I'm not seeing. And then I'm like, well, how can I word that to the C suite on Monday in our meeting? So I use it in that kind of force multiplier. I don't use it for a ton of agentic work or to do anything that doesn't require human interaction. Good morning, Elias Justice. Good to see you, Man. Where can you go to learn how to analyze logs like Active Directory web logs? Anti siphon training, Anti siphon training Anti siphon training Anti siphon training. They have pay what you can classes, so everything from zero up to however much you want to pay them. That would be a great place to learn how to. The anti safe and training crew, which is part of the Black Hills Information suite of products. You can learn how to analyze logs in Active Directory by spinning up your own home lab for free. Right. Even if you only have 16 gigs of RAM or maybe 8 gigs of RAM. Find a. I always forget the word when I have to say it. But a version of Windows where you can just try it out. Right?

A

Right.

C

They're free. You get it for 90 days and then you'll have a watermark on it. Set up your own home lab. I'm telling you, you don't. There's plenty of YouTube videos on how to spin up a home lab. Sure. Just type in Active Directory hacking home Lab and there's a million videos of people spinning one up. It's usually something like this you download the ISOs from Microsoft, you spin up one domain controller and then a couple of client machines and then on the other side you'll spin up a Linux machine. Typically if you just want to do like a single kind of a smaller organization, or you can get really crazy with it, you can have a domain controller, maybe two machines, download yourself a Windows 7 ISO so and have it completely unpatched. So you set up the four machines, you've got the domain controller, let's say the two workstations, pretend they're just workstations in a different branch. Then set yourself up another server, a Windows, some kind of unpatched Windows server. Then in the middle, have yourself some kind of client externally exposed web page. It can be anything, right? But the idea is, is that you're going to start out here on the outside, on your home lab. You're going to compromise the web facing host, right this web facing in the middle and from there you're going to pivot. This is all sound. Hey, it sounds like pent up pen testing and hacking. That's because it is. But that doesn't mean that you're going to be a pen tester or a hacker. We need you to understand how things work. How do attacks work? How do the ones and the zeros on the keyboard translate into what the attack looks like on your site? So you're going to go from nobody to a hacker in the middle. Then you're going to pivot onto the inside of the network and then you're going to use some more enumeration and you're going to scan that network. And after you're all done scanning and you got a lay of the land, and I'm not expecting you to go and compromise the, the domain controller, but once you've at least done some hacking and you know that there's an active directory environment I would pause and then go into, because you're gonna be able to log into your active directory environment. Then go log onto those servers and you don't even need a SIM setup. Just do something as simple as looking at basic Windows event logs. What did you see? What are some things? Can you correlate timestamps? Can you say, oh, I remember when I hit this command or when I tried to log in a billion times. I can see all these login attempts. Look for the network traffic, look at your ip, the natted IP or whatever, look at your IP and then go on in the event viewer, you know, look at the different categories, start sorting through the system events. You can always set up a open source vulnerability scanner and scan your environment. You can open up. You could use something like Ping Castle. So Ping Ping Ping Castle is an awesome tool that can go through your active directory environment and identify vulnerabilities and gaps that you have in in the security of your environment. So all that to answer your question, you don't need to go anywhere. You could stay home, get on YouTube, have a computer, spin up a lab and by the end of the day you could be hacking, sifting and sorting through active directory logs. It might not work the first time. You might have to spin up the lab five times before it talks to each other. And you're going to get frustrated and want to give up. That's the fun stuff. That's where it gets good. That's where you get to like get your your knuckles bloody, right? Your proverbial knuckles bloody. So set up a lab, learn what the information looks like and then rely on places like Anti siphon Training, Black Hills Information, Simply Cyber to get the continued education to continue. Get that hands on experience. I hope, I really hope that helps. I hope you do that today and spin up an environment. I see some questions that I unfortunately cannot answer. This is a great day. I'll get back to them. Hey, I'll be live today, so if you want to join me for some studies. Slay cert plus around 2pm eastern time we'll be streaming live. Listen everybody, I gotta go authentically cyber. I want to crash that party because she just started. Kathy Chambers is our bro. We love her to death. I'm gonna rock out. Hey listen, you guys have been great. Thanks for hanging out for Cyber Career hotline. My name is Jesse J. I'll catch you guys later. Until next time, take care of each other. And most importantly, as the good doctor says, stay secure. See everybod.