B (7:11)

All right.

A (7:13)

All right, guys. I'm loving it. We're almost off and running. I'm feeling good. You'll notice that I am wearing a button down shirt, which means only one thing. I will be going to teach at the Citadel where I am adjunct faculty. So you'll be having Jawjacking, which is a 30 minute AMA show right after the show with Daniel Lowry. Great guy, author of the Pen Test plus course over at Simply Cyber Academy and just an absolute treasure for our community. Let's hear from Threat Locker really quick and then we're gonna slide into the news like it's the electric Boogaloo. Let's go. I want to give some love to the Daily Cyber Threat Brief sponsor Threat Locker. Do zero day exploits and supply chain attacks keep you up at night. Don't worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about how Threat Locker can help prevent ransomware and ensure compliance. Visit threatlocker.com dailycyber. All right, here we go. Yeah. Do me a favor, Tony Jack 84 sit back, relax. Rhonda Rummerfield. Reach down with your left hand and pull that recline lover. Marcus Kyler. Lean back and count. Luke Tanfield. Let's let the cool sounds of the hot news wash over us all in an awesome wave. Give me the headlines, please. There they are. Let's cook foreign.

C (9:11)

From the CISO series, it's cybersecurity Headlines. These are the cybersecurity headlines for Thursday, November 20, 2025. I'm Lauren Verno. Cloudflare blames database Cloudflare's worst outage since 2019 knocked major websites offline for hours on and the company now says it wasn't a cyber attack like originally thought, but an internal configuration error. A database permissions change caused Cloudflare's bot management system to generate an oversized feature file that repeatedly crashed its core proxy, leading to widespread 5xx errors across the network. And as I'm sure you're likely aware this the outage impacted major companies like X Uber, Canva and Chachi BT with traffic back to normal by mid afternoon and Cloudflare's CEO apologizing for the disruption.

A (10:19)

Yeah, I mean, okay, so it was not a cyber attack. Honestly, I never. I don't know about you guys but like maybe I'm just old and curmudgeony. I. This didn't feel like a cyber attack. Just like when Crowdstrike happened. That didn't feel like a cyber attack. You know, occasionally Meta will do a BGP update. There was one recently. What was the one? There was one recently too. I. I can't remember. It was like in the last month that just. I don't know how to explain it and I hate to be like a gatekeeper but like, I don't know man, I just like cyber attacks have a different vibe. Okay. And, but this is, dude, supply chain. When you have a very complicated system that has multiple dependencies on all of, you know, all sorts of dimensions, one break in the chain can cause like the whole thing to collapse. Right? And this is, you know, honestly this is one of those ones. Cloudflare is a preeminent proxy provider essentially. Like they, they are definitely used to thwart or mitigate down denial of service attacks, but they're also used for other types of like load balancing and other services. And many, many, many businesses depend on it. And I'll give you an example. Like Kairos. Kairos is a fast food, like I guess fast food, like Greek restaurant. And if you don't have a Kairos in your area, you're missing out man, because it's not, it's weird. It's not even like it's fast food because you walk in and just get the food, but the food's wicked delicious anyways. They're one of these ones that has the board like the, the menu up on the, the display just like you know, McDonald's and Burger King. Now the displays are all like digital outputs. Kairos is in like, oh yes, we use Cloudflare. Kairos probably signs up with some company that specializes in food menu delivery services and they depend on some aws, which depends on Cloud Flare. Right? So supply chain security is important and third party risk is a thing. Now having said that, nobody, nobody is going to be like, we're not using Cloud Flare. That's stupid. Like that's like saying like, we're not going to use Google, we're not going to use Microsoft. Like good luck dude. Like it is saturated and ubiquitous in the Internet and tech stacks. Like your chance of not using them is pretty low. Now there may be a Cloud Flare competitor out there, but you're going to be making some serious trade offs and probably paying more. So yeah, you should always have a, I mean with a situation like this, it's almost like you can hide in the noise because everybody is down, not just you. So it's kind of like, okay, we're all screwed right now. They said it was a database. Permissions were updated by cl. Caused Cloud Flare's bot management system to generate an oversized config file with duplicate entries which exceeded the built in size limits, causing software to crash. Okay, so basically this was like a, like not a buffer overflow in the true sense of it, but basically they didn't do a Validation of file size before creating the config file which led to a cascading problem. A couple things. Number one, again, I'm old. Back in my day you really didn't change database permissions that often. Like I don't know what they're doing here with routine database permission updates, but yeah, the good thing is they found it. I'm sure they're going to. Do an after action report and fix it. The database permission changes doubles the feature file from approx. Approximately 60 features to 200 exceeding the system's hard coded 200 feature limit. So this is another one where dude, when you hard code values into code as security controls, you got to think through the use cases where it exceeds that. Now I will say that this actually wasn't the problem, right? The hard coded value did what it was supposed to do. It was the writing and duplicating of the file that was the problem. Okay, what's an rfo? Really quick, DJ B offering up some insights. He said and this is for everybody. This is more for IT people. But you as a cyber security person could be the, the superhero that comes into the to rescue. DJ B is saying if you turn the proxy services off while they were down, it would just be normal DNS provider. So you could have, you could have basically carved out Cloud Flare from your tech stack or from your data flow. And obviously if you carve Cloudflare out then the outage no longer impacts you. Having said that, I do think business like Kairos for example again using them they're not gonna be able to cut Cloudflare out. It's like whoever their upstream third party provider is of menu software would have to cut it out again. I just want to mind will show you guys, I know you know what this looks like but it is interesting because you know, hold on one second. You can see here it's kind of hard with the, the glare but you know the menu is up on one, come on up on one side and cloud flare outage on the other. So there was, you know, it was like business continuity, some resiliency even in an example like that you, you technically if you worked in cyber security for Kairos, you might be like hey, just as you know we wouldn't have done this ever before. But as a lesson learned, how about we take a screenshot of the menu and if this happens we can just put a PNG or a JPEG or a GIF up until we get this network issue resolved, right? I don't know, just thinking outside the box here really Quickly, we have a first timer in chat. Hello, Mara Levy, letting us know that T H A B a n thaban amasukumu 6903 welcome to the party. Welcome to the party. I'm gonna go ahead and put it up here. Yes, yes. All right. And since I'm a squad member, I get access to the cool emotes, which includes the John McLean emote. Welcome to the party, pal.

C (17:13)

Crypto HEIST TAKEDOWN A California man pleaded guilty to laundering at least 25 million in a massive 230 million cryptocurrency heist. The scheme, carried out between October of 2023 and March of this year, involved a network of mostly young hackers who gained access to victims crypto accounts and laundered funds through mixers, heel chains, shell companies and other blockchain techniques. WhatsApp flaw.

A (17:47)

Is that it? Okay, that was short. All right, here we go. All righty. A, a young, spry, 45 year old man. Now that I'm 46, this guy doesn't know what it was like back in my day. All right, 45 year old, massive money laundering. Laundering at least 25 million dollars in a 230 million dollar crypto ICE. This guy known as Papa or Shrek. Hilarious. Is the eighth defendant to plead guilty. All right, so this is one of those ones where they got a fish and they squeezed the fish and the fish gave up other people and then they kept getting more people and more people. So doj, we're gonna do a double shot of regulators.

B (18:36)

Regulators.

A (18:40)

All right, so social engineering, they get access to victims, crypto wallets between 2023 and 2025. So quite a while. And there's straight rob them. Okay, A lot of young people, 18 to 20 year old. Crypto bros, probably, yeah. And this guy just acted like a, the accountant basically. So, basically it sounds like there's a bunch of young kids and this guy was like the grease man to, you know, oh, you steal it and I'll clean it. I do wonder how he got wrapped up in them. I wonder if it was one of his kids or something. All right, look at all these guys. So the question is, to me, the question is what, what's the punishment going to be? Right? These, these guys right here ruined people's lives. Okay? They straight up robbed and stole up to $230 million of crypto. So you know, these, these attacks, yeah, they're, they're bank robberies if you will. But these impact real people. Real people's lives are messed up because of this And I think, you know, you get to be like, oh well they're, it's 19 year old. We all make mistakes, right? Stole 4100 Bitcoin from a one victim worth. Holy crap. That was one victim. Oh my God. All right, crypto laundering is already not legal. There's tons of these mixers that are.

B (20:08)

On.

A (20:10)

Department of Treasury sanction lists. Yeah, this guy was complicated. He had multiple banks, shell companies.

B (20:26)

And.

A (20:26)

This guy would take 10 fee, which is why he had $25 million. Okay, this is what I'm talking about. Okay? This 18 to 20 year old, they were living lavish lifestyles, spending money. They had private jets, rentals, 28 luxury cars, private security guards, designer handbags. They're Gucci. Okay, like here's my thing. If you don't take swift action and make in my opinion like examples of this, this is incredibly like, especially in like the social media norms that we live in right now. I'm sure these guys were like flaunting it. Right? Look what we do, it, it encourages this behavior. As always, don't reply to calls, emails or texts to request personal information. Sure, sure. I do want to point out really quickly they were converting it to Monero. Monero is like the private crypto. But I'm glad that they're doing this. I also, you know what, also I'll just share this because I, I messed around with crypto a little bit during like the NFT rage because I wanted to understand it. I knew I was going to lose money. I lost probably, I don't know, four or five hundred bucks or. I shouldn't say I lost it. I own some really sweet NFTs that are worth $0 now. But there is a norm in the crypto community that like, if you haven't been scammed before, you haven't like it's like a rite of passage. Like it's disgusting that the criminals have like normalized that you're supposed to get rug pulled and ripped off at least once. Like you've made it. No, it's gross, dude. The whole crypto thing, like people hide behind this, this banner that crypto is like, you know, decentralized and for everyone. But in reality, there's a lot of criminals that have weaponized it, exposed billions.

C (22:22)

Researchers in Austria discovered a flaw in WhatsApp that allowed them to collect personal data from over 3.5 billion users. Yes, billions. Including names, phone numbers and profile images, potentially creating a massive reverse phone book. The flaw exploited WhatsApp's user lookup by phone number without effective Rate limiting. Though the collected data has now been securely deleted and no evidence of malicious use was found.

A (22:55)

Okay, all right. So good news is this is a post mortem. This risk is not a current risk. Okay? This is not an issue anymore. The developers of WhatsApp. What the hell? The developers of WhatsApp have. Sorry, my. I have, like, an earpiece that's plugged into my soundboard, and I also wear a pocket knife, and the. The cord gets caught on the little tab thing here every once in a while, and then it, like, rips on my ear. It's a pain. All right, this is a postmortem, so you don't have to worry about that. Okay? So everybody continue to be relaxed sitting in the. In the Recliner, okay? Basically, WhatsApp is a messaging app, okay? And it uses API calls like every other major web service or web app. And researchers discovered that there was no rate limiting on an API call to be able to enumerate accounts using phone numbers. Since phone numbers are, you know, a finite set, right? You know, like in the United States, it's one and then it's three number, area code and then seven digits, right? Like you can enumerate one and this is stupid, but it would be easy. 0, 0, 0, 0, 0,. 0, 0, 0, 0. 0 and then 0, 0, 0,0, 1, 1. And you could just run through that because they didn't have rate limiting. You could move as fast as you want and scan that. Like, basically query that API, which means that you could do it at computer speed, which means they could dump all of the users pulling that. Now, these researchers did that. They got the data set to prove it, and then they told WhatsApp in a very responsible disclosure. I hope they got paid, honestly. Let's take a look for the dollar symbol. Okay, so I'm searching for the dollar symbol on the story, and somehow there's 10 instances of it, but my computer refuses to jump to it. Gross. Where's the. Is there. They should have got paid for this. They better have gotten paid for this. Honestly, I don't see anything about getting paid. That sucks. Hopefully they did. Anyways, what I want to tell you is, number one, this is cool, right? You learned about rate limiting. Oh, yeah. By the way, one of the things I like to do here is to go beyond the headlines and give you additional insights, right? You can read this story. But so what, I want to tell you a couple things. Number one, if you do work for a company that does, like a tech company, software company, you have web apps, you have APIs, make sure that rate limiting is there if you, if you're, you know, querying sensitive information. Right. Number one. Number two, if you're bug bounty, you know, security researcher, vulnerability person, offensive person, don't fall for the trap that, oh, WhatsApp is part of Meta. It's a multi billion dollar company. They probably have hundreds of developers working on it. It's probably secure. They're not going to have a vulnerable API. I won't look there, I'll just go somewhere else. No, software is very dynamic. Software is written by humans and, and you know, these apps are getting updated many, many, many times a day, right? CICD, pipelines, DevOps like bugs happen, man. And even something as big and as ubiquitous as WhatsApp can have bugs. So don't get, don't get discouraged by that.

C (26:39)

Iran's cyber enabled kinetic attacks. Amazon researchers documented cases where Iranian linked to threat actors used hacking to enable physical strikes. A tactic they call cyber enabled kinetic targeting. In one case, Imperial Kitten compromise a ship's AIs and CCTV systems over several years, preceding a missile strike by Houthi forces in February of 2024. A second case involved muddy water accessing live CCTV feeds in Jerusalem to gather intelligence before a June 2025 missile attack. Amazon warns this combination of digital reconnaissance and, and kinetic operations is likely to become more common.

A (27:33)

Yeah, okay, so Iran's doing this, guys, hold on, let me update this thing in 2025. This is how military works. Like, I mean, this is pretty cool. Amazon Threat intelligence has been in the news a lot lately. I'm sure that this is a really well written report. I would, I would recommend checking it out. But the deal is, think about it. If you were of the belief, as I was, that the next global war would be fought on the Internet, it would be a cyber battlefield. I thought, you know, everybody's got tech. The Internet is ubiquitous. It's easy to attack an enemy without sending physical troops. You can disrupt, you know, communications, energy, transportation. You can really mess things up over the Internet. But in reality, as we've seen in both Russia's invasion of Ukraine as well as the Israel Palestine situation, cyber is a component of a war, not the exclusive battleground of the war. We saw it with the pagers in Israel. We saw this Samsung backdoor thing. We're seeing denial of service attacks on the Russian stock market to cause terror. We saw it. The Ukrainian Internet got taken out right at the beginning of the invasion, which is why Elon flew a Starlink over Ukraine as a contingency plan. What's up, cybersec mech? Thanks for joining the squad. So this is, this is part of the playbook, guys. And you know, dude, as drones become more and more the deal, right? I mean, you can put a munition payload, a detonating payload on a drone and throw it. As Luke Canfield, our resident drone expert, Cyber is just providing insights, greater detail, higher fidelity on targets and action on objective. That's it. Okay, let's see what else we got here. Oh, Amazon was able to piece together a two year timeline. Muddy water has been in the news quite a bit. I am curious, like, where's the actual. I want the actual Amazon report. That's what I want. I need the Amazon report because it's a two year timeline, which for all intents and purposes, should have an infographic. Bruh. Where is it? Dude, all these links link back to Security Week. Like they link back to their own website. Oh, here we go. You always got to dig deep into the story to find the actual link back to the report because the websites don't want you to go off the platform. All right, here we go. Show me. Show me a histogram. All right. Damn it. No, they just have it listed as a timeline. It's too bad, man. There's a real opportunity here for an infographic. Missed opportunity. Let's go. I'll drop a link to the Amazon blog post that links huge.

C (30:53)

Thanks to Today's episode sponsor, Nob4. Your email gateway isn't catching everything and cybercriminals know it. That's why there's no befores. Cloud email security platform. It's not just another filter. It's a dynamic AI powered layer of defense that detects and stops advanced threats before they reach your user's inbox. Request a demo of Know before cloud email security@nobe4.com that's k n o w b e4 dot com. Or visit them this week at Microsoft ignite booth number 5523. Again, that's 5523.

A (31:51)

All right. Hey y'. All, we are at the mid roll. I want to say thank you all so very much for being here. We're gonna do a little Simple Minds. Let me save the sponsors and then we'll do. I have a question for you. And then we'll do the meme of the week. Okay, guys, thank you for being here. We don't always do simple minds, but when we do, we do it right. I want to say shout out to Alpha Sierra Marcus Kyler, everybody here that misses the simple minds. I miss it too. I want to say thank you to the stream sponsors, Delete Me, Anti Siphon Threat Locker and Barricade Cyber. Barricade Cyber. Quick update on them, go to webinars.barricadecyber.com they are running this Fortify 365 series now. They had one yesterday, but wait, wait, wait. They actually had a programming change and were unable to do it last week. Which means next, if you missed it, you're in luck because there's an opportunity to catch that SharePoint and OneDrive Secure Configuration webinar one hour free LED by Eric Taylor over at Barricade Cyber. And you'll get practical skills like on how to set external sharing defaults for new and existing guests, how to enforce expiration on guest access, making sure you restrict that one drive sync. Dude, there's so much opportunity here for you to help secure your M365 environment or get educated on best practices like actual in the weeds details, the things that hiring managers want to hear. Go to webinars.barricadecyber.com now and scoop it up. All right. Holla. All right. Hey, really quick. I do want to get your thoughts on this. I'm gonna drop your thoughts if you want. I'm noticing right now we have 328 people live. 328, which is amazing. I love this community. I do want to point out that a year ago we were probably rolling around 450, 475. There's been a kind of a slow decline. I, I think honestly a lot of people get jobs because they're part of the Simply Cyber community. And then they no longer can attend the live because now their job conflicts with it. But I'm just wondering if anyone has any thoughts. I mean, is it the programming? Is it me? If you have any constructive feedback. I'm just a little concerned that our, our, our community is slowly shrinking. And I want to do everything I can to help this community. And if there's something I can do to make it better or whatever, please let me know. Because you know, if, if you show up, that's, that's like, that's a, that's a testament to you like it. If you believe that means you don't like it, right? Or you're not getting value or something. So let me know. All right? Every single day of the week has a special segment. And guys, Thursday is. What's your meme Thursday. Now, some of you guessed what you thought it was. Let's see if you were right. Haircut Fish. Here we go. And I'll explain this in a second. There it is. So on Tuesday, I went and got my hair cut. But for a hot minute there, I was Teen Wolf. I was a madman. My hair took on its own personality and identity. I didn't know what to do. And you can see here, and if you don't know, Teen Wolf was a movie. They made a sequel with Jason bateman. In the 90s or in the 80s, somehow it was accepted that one of the kids in the high school was also a werewolf. It was not weird. He basically had like superpowers, which made him really good at sports, but at the same time there was some conflict. Classic 80s style high school drama. So I want to say thank you to Haircut Fish for recognizing it. All right, let's go. Let's get our La la, la's on. You know the words. Do it, do it.

B (35:58)

La.

A (36:26)

All right, thank you and thanks everybody for providing your thoughts on this. Cheddar Bob. I see Keith Sloan Abdullah. I appreciate that. AAS4391 says I want to watch the girls because I'm a girl, but they don't recap the news. They just talk about the job. I'm not sure what you're talking about, but I am super pumped. I looked at the metrics yesterday. 26% of Simply Cyber viewership is female, which is exceedingly high for the IT and cyberspace. All right, let's keep cooking, everybody, and thank you for your thoughts. I appreciate it. It takes a village. Guys, I. I'm not up here pretending I know the answer to everything.

C (37:06)

Russian Ransomware Hosting sanctioned in a multi country takedown. The U.S. united Kingdom and Australia announced sanctions against Russian bulletproof hosting, or bph, providers that support ransomware gangs and other cybercrime operations. The infrastructure backed ransomware groups like Lockbit, Black Suit and Play and was used to facilitate malware campaigns and DDoS attacks against US companies and critical infrastructure. The sanctions freeze all assets in the three countries and warn that anyone continuing to provide services to these providers risk legal and financial ramifications of their own.

A (37:50)

Yeah. All right, so a couple, couple things here for everybody's experience. Number one, I've never heard the acronym bph. Literally. Everybody I know says bulletproof hosting. Bulletproof hosting. Okay, like I've never heard. So let me know in chat if you ever heard someone say, oh, yeah, no, it's bph. No, I mean, at least I haven't. Okay, so first of All I'm gonna just throw that out there. And the reason I bring it up is because maybe it is a normal thing that I don't know about, but I also don't if no one's saying it, because I, I, I, I live and breathe cyber security. It is my lifestyle, and I've never heard anyone say that. So I don't want you to be in a job interview and be like, oh, yeah, bph. They're gonna be like, what the hell are you talking about? All right, so bulletproof hosting. Here's the deal. You might be like, how can threat actors host malware as a service? Phishing as a service? It has to be. It has to be hosted somewhere, right? Infrastructure, somewhere. Who would allow this? Well, guess what? If you operate in Eastern Europe and you don't attack Russian businesses or the Russian country, then Russia turns a blind eye. Okay? Basically, this is why the, the, this is why so many Eastern Europeans represent cyber criminal operations, right? And, you know, if you're attacking adversaries, enemies of Russia, even more reason to look the other way. Okay, so that's why these businesses can operate. Now, this is an absolute radioactive death knell that. Oh, like if you get on the Department of Treasury's OFAC list, that isn't good. Okay, so Media Land is the company that's on the list, and they're the ones who have definitively provided bulletproof hosting for these notorious threat actor groups. Okay, so what does this mean? This means that if your company was. First of all, no one's allowed to work with Media Land. If you work with Media Land, the, the depart. You're gonna. The Department of Treasury is gonna, like, blacklist you too. Like, that's the deal. It's basically like saying, and I'll pick Elliot Matice for a second. Elliot, please understand, this is, for example, purposes only. If I'm like, Elliot is not allowed inside the club, okay? The club is where everybody's, you know, hanging and chilling and, you know, drinking, whatever, and having fun and dancing and open mic nights, right? But Elliot's not allowed in, and anyone that's friends with Elliot is also not allowed in. So then everybody's like, she's. I'm not friends with Elliot. I want to get in behind that velvet rope. Let me in. Let me in. I don't know Elliot, okay? So he becomes Persona non grata. Thank you, Elliot. That's not true. Elliot is allowed upstairs behind the velvet rope. You know, open bar for Elliot. Okay? So this is what that OFAC list does. And, dudes, I'm telling you right now, this is a legit list that has mad gravity behind it. So if I had to guess, this will. All right, so this is my hot take on this. Okay. Media Land will probably go down. Okay. I would imagine that they're going to re. Like, like relaunch a new company that gets away from having that sanction on it. Maybe have different people as figureheads on the thing, different infrastructure, whatever, but essentially kind of like rebranding in order to get back up and running. Because they're definitely making. I don't know if my volume got low or not, but they're definitely making tons of money off these threat actors and they are going to want to continue to make it. So that's my thought on this one. So Mickey says, is bulletproof hosting a technical term? No. Bulletproof hosting is, is. It's almost like a colloquialism of a company that allows infrastructure cyber criminals to operate. It's almost like it's more like for the cyber criminals, they want bulletproof hosting. They want infrastructure hosted that will not be taken down or have a less, like, less likelihood of being torn down. And also, you know, like in countries that don't have agreements with the United States Department of Justice. So like you can't get like, they won't be able to set up admin admins on the server or go into the hypervisor and do things like that. That. This is why you don't see cyber criminal operations hosted in the United States on aws. Like, because the United States federal law enforcement would just walk in there and be like, we're taking this now. Thank you. All right.

C (43:04)

Anyway, 55 million in crypto seized. Europol, the EU Intellectual Property Office in Spain's national police coordinated a crackdown on online piracy. The coordinated efforts identified 69 suspect sites, including 25 illicit IPTV services and tracing cryptocurrency flows worth about 47 million euros or US$55 million. Investigators use crypto payments to buy illegal services themselves, enabling them to pinpoint operators and relay findings to exchanges for disruption.

A (43:46)

Okay, dude, it's a good day for law enforcement and crypto regulators. All right, so Europol disrupts a 55 million dollar crypto it well in cryptocurrency for piracy though, this is those services. If you've ever tried to watch like a sporting event, like not in your area, or it's a paid sporting event like UFC, you know what UFC is probably on like 1,400 at this point. But like there's These like pirate streaming services that you can jump on and you know, basically pay a fraction to get in there. You can use crypto so you think you're anonymous and it's a real problem. Now again, like I'm torn personally because I'm like, oh my bleeding heart for like whatever Fox Sports, like they're, they're gonna make a less one less billion dollars. But like you know what dude, it is capitalism. It is a company, they are trying to run it and they own the rights to that media, right? They own the license to that media. So having pirates sell it is not okay. It's illegal, right? So Europol is, is launched this massive operation and basically took down 69 different websites that were delivering pirated material. 25 IPT services, 44 sites were added to the investigation. So they're up to just disrupting a $55 million business, right? They estimated that the 69 sites they took down having an average of 11 million visits a year, which is actually not that big if you think about it. But you know, I'm, I'm excited they did it. I will tell you this though, I hate to be such a cynical prick, but hey Jose Alfredo, I hate to be a cynical prick but I feel like there's money behind this. I eat like. So Europol can only investigate so many crimes, right? Like any law enforcement agency is got limited resources, right? So what makes this pirated services thing rise to the occasion where they need like 50 or 30 different investigators running a multi year investigation and takedown on this pirate? And it makes me think that like you know, the Vox Sports, the HBOs, the whatever, like these conglome Disney, right, these conglomerates with billions of dollars might have their thumb on the scale to be like hey, you know, whatever Chief Wiggum or Commissioner Gordon, right? Sure would be nice if these pirates became a priority for Europole, right? So again I'm, I'm, I'm not saying that I'm not happy that they did it. I am glad. I, I, I don't like crime. Like there's a reason that crime is bad. But it is interesting to me how this rose to the occasion of being a priority tldr. You know, if you have a company that your, your software or your tech stack could be pirated, you know, law enforcement's out there. This is more of an interesting story, kind of a puff piece more than a, anything you're going to do anything with at work today.

C (47:15)

Shiny Spider ransomware emerges A new ransomware as a service called Shiny Spider is being Developed by the Shiny Hunters Group in collaboration with affiliates from Scatter Spider and Lapsus, the ransomware is still in development, but researchers analyzing early builds say it can kill processes that block encryption, overwrite deleted files, delete shadow copies, and spread across local networks. The group claims not to target health care organizations. And we also know victims have three days to start negotiations before the attack is posted publicly.

A (47:57)

All right, so this is not. I mean, we knew this was coming. If you've been paying attention, like, okay, so first of all, this is a story where it highlights the fact that you have to stay current on the news daily. Okay? And again, I tell people this all the time, two things about cyber, right? I want everybody that wants to work into cyber to work in cyber. But you have to understand, number one, you basically have to be a lifelong learner, right? You can't. Some, like, there's no mountain to summit. Like, if you climb the hill and get to the top of it, like, you get a job in cyber, guess what? Look up. There's another hill. It's above you. Okay? That's number one. Lifelong learner. Number two is you got to stay current. That's why this community right here, this is why everybody shows up on the daily. It's because you have to stay current. So if you've been staying current, you know, this isn't news. This is right on track with, with what you would think was happening. Shiny Hunters laps a scattered spider. They are young, braggadocious, and effective, typically using social engineering attacks on help desk to get creds. And then they go in, they detonate malware. They have teamed up as like Voltron to become a more scary, more effective, larger ransomware threat actor group. And they've been working on their own ransomware variant for a minute now. They do ransomware as a service, which means they can have affiliates and send out their ransom as such. I have a couple things. Number one, this new variant does all the things that other variants have done in the past. Delete shadow copies. It probably checks to see if it's being analyzed. Delete, you know, sends a copy of the data before encrypting it, right? This is not. There's nothing innovative here with them. So all the normal things you're supposed to do, educate your end users, tabletop exercise, make sure your backups are good, make sure, you know the order of operations to restore systems, make sure your help desk is educated, make sure you have solid processes and you back your support desk on password resets. So, hey, this is the CEO reset my Password. Well, you're going to have to give me some information. Godamn, I'm the CEO. You're going to be fired if you don't reset my password. Well, guess what? I'm sorry, I don't know what to tell you. Like, the CEO of the company actually put this policy in place that doesn't allow me to do it unless you prove yourself. So I don't know what you want me to do. You need to get. Listen, if you're in leadership, you absolutely have to get the back of your help desk or you are going to get compromised like a mother trucker. All right, hot take central. Number one, Shiny hunters. This group has or shiny spider. This, this conglomerate of shiny hunters. Sorry, Kennedy, swear words. Shiny hunters, lapsis group, scattered spider. They are too big and they're too scary. Now, I suspect in 2026 law enforcement is going to get them. I just, I just think that law enforcement's interested. But as I just mentioned in the Europol story, you only have so many resources to apply and go after something. They were pretty bad individually. Now that they're together, it's going to be worse. Number two, they said they're not going after health care organizations. I got two things for you. Number one is like, I'm sure that they're making that decision public in order to like lessen the heat for them. As I just said, I think law enforcement's going to go after them. They're probably saying we don't go after health care in order to reduce the heat of like how bad they are. Right? So they're, you know, whatever. Like they're got a heart of gold. Number two, regarding that healthcare target, they're a ransomware as a service affiliate, which means the core group that is doing this, maybe they don't want health care, but some jack wagon over in Irvine, California, who gets into the ransomware as a service and signs up as an affiliate could fire one off at healthcare. Right? So what are they going to do? Like, is they have a policy that they will provide the keys for free if you're a healthcare entity. Also define healthcare. Is this clinical care and touching patients? If you're a pharmaceutical company, is that healthcare? If you're a chiropractor, is that healthcare? If you're a third party who offers scheduling software for dermatology clinics, is that healthcare? Okay, again, I, I'm probably getting too into the weeds on this thing, but just, you know, what are we doing here? I, I do also predict that they will have some serious hits before law enforcement gets them.

C (52:54)

Thousands of asus routers hijacked Asus. A new global campaign, Operation Warcraft, has compromised roughly 50,000 Asus WRT routers, mostly outdated or end of life devices, by exploiting six known vulnerabilities. Now, most of the affected IPs are in Taiwan, with others across Southeast Asia, Russia, Central Europe and the U.S. researchers at security Scorecard say the campaign may be linked to the earlier ass hush operation, including a critical issue affecting the AI cloud feature. ASUS has released firmware updates for all vulnerabilities.

A (53:39)

All right, really quick. This splash graph of the spread of these ASUS routers being infected looks like the opening sequence of a zombie apocalypse movie. Like they're gonna show this map and then cut to news reports of people like running and whatever. Anyway, sorry, I digress. Guys, listen, if you're running and the. Okay, I gotta go in a couple directions here. Jerry Hick. Super chat. Become best friends.

B (54:06)

Yep.

A (54:07)

Thanks dude. Appreciate that. Here's the deal. TLDR for everyone in chat. If you're running end of life ASUS routers in your enterprise environment or in your home, replace them. You can't patch it. Ah, you gotta patch it. They're end of life. That's what end of life means. No longer supported. Go get a new one. If you're running these in your corporate environment. Why, why? Again, if you look at the, the. The. You know, the zombie spread chart here, there's a lot in America looks like New York City's hot. San Diego's hot. Miami, Clearview. Gainesville is Clearview. Dan, I can see you off cameras. Clear view of place near Gainesville. Is that a thing? I don't know. I can't hear you though. He doesn't know. I guess I made up Clear View. There's definitely something clear around Gainesville. Anyways. Also, hey, don't sleep on Detroit. Marcus Kyler. Looks like Detroit's got a. A bit of a hot spot there too. So Jost TX says when they're end of life, they are actually pronounced Asus. Hilarious, dude. I love that. All right, I must be making something up. Clear Water. Maybe that's what I was thinking of. TLDR guys don't run end of life stuff. I don't care if it's Asus or if it's TP link or it's Aruba. End of life is not a best practice. Get it replaced, ask for budget. Think three year life cycles. Try to dip into it's budget, but do it in a like in a You know, give like it a little bit of a back rub and then ask for some budget, you know what I mean? Don't just go right in there for the wallet. You gotta replace these things. Dude, they're getting hijacked right now. Okay? The calls coming from inside the house. If you're running these things, you can use Shodan IO to find out if you're running them and then go get them. Final thing, I'll say, I love this. There is a service and this is not a sponsor read. This is just something that I use in my own life. Shodan Monitor. I think this is like 50 bucks a month, which is like, oh my God, Jerry, I don't want to spend 50 bucks a month. Small. Oh, geez. They up there freaking pricing. Good God.

B (56:34)

Huh?

A (56:37)

So this must be just for Shin in general. I don't know. You have to look into it. But basically. Oh yeah, here we are monitoring for 5,000 IP addresses. 69 bucks a month. Okay, this service right here is awesome. Basically what it does is you can put in your I, your external IP range and Shodan will scan it on the regular and then email you or send you like a slack message or what, text, whatever you want to tell you that you have Internet facing assets that are now vulnerable to something or now misconfigured or, you know, open to the Internet or whatever. It's like a really, really great service. It's not necessarily like a canary token, but it's like having. It's kind of like having an engineer monitoring your external attack surface in real time and then notifying you. Any organization that I work for, this is like, dude, it's so cheap. Like, it's not like free, but $69. It was 50 bucks when I last did it. 70 bucks times 12 is less than a thousand dollars a year. Dude, any CIO is going to give you a thousand dollars a year in order to monitor your external attack surface in real time. I'm telling you, 100. It's the easiest money you've ever spent. Obviously, MFA is wicked important. And by the way, this is a monitor. You don't just sign up and then you're secure. Like, this is telemetry and intelligence for you to take action. Not, you know, not something you're like outsourcing. All right, Holla. We did the thing, everybody. I'm Jerry from Simply Cyber. This was episode 1010. Shout out to the first timer, shout out to the long timers. Thanks for the the insights, guys. On, on the show and the format and everything. Like that. I appreciate all of you. I really, really do. I, I, I say it all the time. So hopefully it doesn't feel like I'm, I'm diluting this. But I mean it, it like getting up and serving this community every morning at 8am There's a reason I've been able to do this a thousand, literally a thousand times in a row is because I get up for this community, man. Like, to serve you guys is an absolute honor and a privilege. So thank you for being here. I hope you got value, as always. But remember, the value train isn't done. Like, this tram just pulled up. We're at Dallas Fort Worth. We're in Terminal B. The gates are opening. I'm stepping out. Daniel Lowry is stepping in. And the tram's gonna go on to Terminal C. We're gonna do jawjacking right now. 30 Minute AMA. He's gonna ask your questions. His camera looks sharp. Daniel Lowry is a. I'm Jerry from Simply Cyber. I'm gonna go educate the youth on information warfare and cyber terrorism using Russia and Ukraine as a backdrop. That's the lecture for today, if anyone's wondering. Sometimes people wonder. Until next time, y'. All, I'll see you. Oh, oh, oh. Today's Thursday, guys. Check it out. I have a live this Thursday with Nicoscoli. Guys, I hope you can make it at 4:30pm this guy is an absolute awesome dude. Okay, we're going to be talking about 2025 and wrap up in Cyber Crime Threat Intelligence. This guy is one of the real ones. Okay, guys? Definitely, definitely a solid dude. I can't wait to talk to him. It's been like a year since I, I caught up with him. I hope you can join us at 4:30. Until next time, I'm Jerry. Daniel Lowry will be here in a hot minute. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some jawjacking.

B (60:38)

Hey there, everyone. Welcome. I know you're probably like, whoa, is there a delay or something? No, I'm just having fun. Welcome to Jawjacking. It's your boy Daniel Lowry here today this morning to talk some of that hot sweet cyber to you. That sounded bad the way I came out, but what are you gonna do, right? We're having fun today. Glad to see everybody in the chat this morning. It was nice talking with everybody and Elliot Matisse. I hope you get that, that issue checked out, if you know what I mean. Oh, I got a first question already. And that leads us to what are we doing here? And that is asking questions, getting answers. I'm going to show the chat on the screen because that makes my life happy. And the first question is from Robert Hendrickson. Yeah, at Texas Henderson. Yeah, I think that's right. Says, what camera do you use, Daniel? Larry, I have an old one I am looking to upgrade. I have a Sony A6400. That is what is up right there. And you might be like, Whoa, Daniel, you Mr. Money Bags over here. It's like a between 7 to 900 camera right there. And don't forget the 500 lens that's attached to it. Got the whole shebang. 200 bones. That's what we like to call the deal of a century right there. I, I literally like pray for the Lord to protect my camera every day because I almost, I almost face planted it one time. I caught the, the HDMI cables coming out of it with my foot one time because you know, it's across the room and that's how that stuff works. And I was, anyway, and I, I looked, I was like, oh no. Oh please don't be broken. And it wasn't, thank goodness. I think I did bend. Yeah, I bent the, the, the, the cable. Like the, the connector is like a little, little cockeyed now. It's not perfectly straight anymore, but man, a Testament to the A6004 hundreds. Durability and robustness. And it just looks sweet. It's a great camera. Got a, like I said, a really good deal on that. If it ever breaks, I would absolutely have to go like sell some plasma and a kidney to buy another one. But I would because it's totally worth it. Totally worth it. All right. Am I not coming in? I'm hearing things. People talking about you can't hear me. Can, can you hear me? Is everybody here? I hope so. Goodbye, Jerry. All right, anyway, so there you go. That finger jester was unwarranted, says Phil Stafford. Yeah, well, you know, as Nightbot says, if you have questions for jawjacking, I'll put that up on the screen. Please start your questions with a Q so the questions are easy to find. That way we can answer your questions. Get to. This is an AMA style kind of thing. So I want to make sure we get to questions if you have them. And thanks for everyone. We had a nice small, well, intimate after dark last night. We had no guest. I, I'd Gotten a little lazy. Hadn't scheduled a guest for last night. Next week is, is Thanksgiving. So I won't be doing an After Dark then, because that's, that's the Eve before Thanksgiving. I'll have family and everything. So no After Dark next week. I do have IRL tomorrow, so hope to see you good folks out there for that one as well. But throw your questions in the chat. Somebody's asking me right here. Did you get that? J O B? Still in the interview rounds. That's how it goes. I think the interview went really well. And that's, that's actually a really good thing to talk about. Right. I think, because one of the big focuses of Jerry, Simply Cyber, myself and a lot of people that are associated with the Simply Cyber community, you know, all you ride or dies that are out there, that always show up, we're very concerned with how people are able to get jobs and how that goes. And one of the big issues that can come into play is interviewing well, right? What are the big things? Right? Having a great resume that has amazing stuff on it because you've been doing things, you're showing your work, you're putting on that on the resume. Got a great network so that the resume can get out there, that people can kind of get your name and go, oh, you know who's looking for work in that line is my bud. So. And so he or she is really amazing. I think you should probably give him a shot. And then word of mouth kind of spreads and helps you get work. But you can totes blow it in that interview, right? And I will say that for every job I've ever interviewed for, that I really wanted, I, I, I've, I've typically gotten it. And I think it's because I interview pretty well because I go in there, if, if it's a job I want, I'm excited about it, I'm passionate about it, and I let that passion show. I do not sit back. I do not just, like, come in there like hat in hand. Hopefully you'll give me a job. Please. Oh, amazing. It would be. Of course, it would be awesome. That's why I'm interviewing with the job, because I, I really want it. I think it would be great. I think I would be a good fit for it. But if I don't bring that kind of energy to what it is, and, and that's me. That's the real me. That's how I am. Everybody that's watched me watched me last night. Sometimes you're a little low Energy, sometimes like a chill vibe. And that could be a good way to go. You got to know how to bring it up and down, engage with the person. One of the best things you can do in an interview is when they go, do you have any questions for us? You're like, heck, yeah, I do. I absolutely have questions for you. If you do not have questions for your interviewer, you are shooting yourself in the foot, man. You really need to have that stuff there and ready to rock. Be prepared to have questions for your interviewer because you are interviewing them. And that's not. Not like, oh, you know, well, how much am I gonna make and how much time off do I get that that's not about the job. You want questions about the job. So if, you know, we get through this today and you decide, hey, you're the right person, you're the right fit, let's bring you on. In six months from now, what will you say, looking back would say, would make you say, this was a good idea, this was a good fit. You were a good hire. What would I be doing? What would that look like? Because I want to make sure that I hit your expectations. What is your expectations for me? And not only do I want to hit your expectations, I want to blow them out of the water. I want to. I want to do amazing at this job because I'm really interested in this. I think it would be a, A, a really good experience for me. I'm going to give you 110 as far as work effort goes. I'll do anything you need me to do. If you need me to figure out what it is I need to do, just let me know that that's what that is. Again, expectation setting. See, that's a question. Is this a job that you have a very defined role for, or is there a leeway in it? Do I need to kind of develop? I just. Wow. Somebody is outside with, like, a bus off interrupting me. That came out of nowhere. That was fun. Scared the crap. I thought my computer was breaking. I was like, what's happening here? It is. Somebody sounds like a chainsaw, right? Can y' all hear that? That's crazy. Anyway, yeah, that's how it's going. I haven't got the job yet, but we're still in the interview phases. And that's another thing that's. That's kind of common nowadays, especially in tech, is for multiple rounds of interviews. You know, I've talked with a few people at sccon. I've talked with people online. I've Talked with friends, and that's, you know, my wife, you know, she's having discussion with her friends, and they're like, wow, why do they make them do so many interviews? Welcome to tech. Now, I don't know what that's all about. I mean, I kind of do, right? Because it's really easy to lie on a resume and then get in the job and be like, Well, I completely BS'd my way into this job and now I've got it. And now they're like, why aren't you effective? So they want to kind of cut down on the Mickey Mouse when it comes to that and say, now I've got to fire you, and now I've got to find somebody that actually can do the job. So they're. They're using these multiple rounds of interviews. Now, don't get me wrong. Does it get abused? Of course it does. For them to try to get free work out of people, that does happen. That sucks. So just be on the lookout. Look out for those. Those words, man, it sounds like that dude is in my office. I love when people, like, are right outside my door at 9am That's. That's totally fun. But there you go. There's some tips for getting through the interview process. Make sure you have good questions. Make sure that you are very personable. Bring a good energy, be up and alert. Be excited, but not overly right. Also, know when to bring it down. Have dynamics to the way you're engaged with your audience. You can be funny, but don't try to be funny. If that makes sense, right? If you become too goofy or things of that nature, you want to just be cool and calm and collect and be like, man, I'm excited about this job. I can't wait to get to work. Act as if it's already yours. This is nothing but a. A stepping stone. And if it doesn't happen, that's probably because, man, you just got outgunned. And that happens from time to time, and that does suck. Every now and then that does occur, and you're just like, man, what are you gonna do? You keep going. You keep plotting ahead, and you go, cool. Didn't happen. Who's next on the list? Let's find something. And I know that job market out there is a roof. Trust me, I know I'm in it, right? So just keep that in mind that it's the person that usually, usually the person that never. That doesn't give up is the person standing at the finish line at the end in some way, shape or Form. So hopefully that helps not just me, but everyone else that's looking for work. All right, where am I going here? Oh, man. Lots of conversation had just happened while we got attacked. Oh. Luke Canfield wants to know what lens I'm using. It is a Sigma 56 millimeter, 1.4 prime or 1 to 4. I guess it's 1 colon 4. Yeah, there you go. Yeah, it is a good lens. It's a good lens. I think that's about what it was when I, when I got it. It might be lower in price now. It was. I think it was around 500 bucks. I can hear and see Daniel all the way in Texas. This is Carrie. Funny, funny, funny. Oh, man. Phil Stafford says I had to give my presentation Tuesday using my laptop camera. Ah, that is. That is no bueno right there. And those laptop cameras, they're like, oh, full blah, blah, blah. No, it's not. No, it's not. I don't even care if you're running MacBook Pro, which probably has what a great camera, right? It's still not as good as a DSLR or a. A camera that is specifically for that can hand. See, here's the thing that y' all don't know, right, that you might not be camera people. Let me put it out there. I'll give you a little YouTuber tip on why you should invest in good glass. The glass on this camera is very good, right? It does really well in low light situations because it has a big aperture. That's what that 1.4 means. 1.4 means the aperture opens up larger than a 1.8 or a 2.1 or a 2.3 or a 3.4 if you see those. Or 3, 4. It's a. It's a cola, not a point. If you see those lenses, they're not going to do as well in low light. And guess what? Typically these camera lenses that you have in your laptop and things, they're trying to be a jack of all trades, a master of none, right? This lens is a master of low light. Or it's a really good. It might not be the master of low light, but it is definitely a really good low light lens. I don't have a lot of light in here. Infoset Pat, when he came over to my house so I could hook up with him so we could go to sccon, showed in my studio, he's like, where's your. Where's your lights? I go, it's that light right there. I have one light in here. It's one and it's a softbox and it's not even directly pointed at me. That's how well that camera lens does. So I just sold a bunch of Sigma lenses, I think. Let's see here. Here's a question. Are the GIAC certifications worth the money? I have looked at them, but they are so pricey. They are so pricey. There is definitely a. I, I don't know. So giac, the G sec. I have taught the G sec. When I was teaching it, I think it was like. Or when I taught it, I think it was like 1200 bucks to sit the exam. It's an open book exam. You can take as many books and notes as you can carry in like one arm or something. And it's basically security plus. And I'm like $1200. But it says GIAC on it. I think there was definitely a time and there still is to an extent, especially if you're getting into government, if you want to get into government work, that GIAC holds a lot of weight, right? So this is what I've tried to explain to a lot of people and hopefully I'm, I'm glad you brought this up, Mickey. That value on any certification is in the eye of the beholder, right? We place value on things because they do X, Y or Z. So if you're like, is GIAC valuable? Go start looking at job posts and just type in GIAC as a search parameter and see what you get. And then start looking at the competitors. Do you get more or less? Are they in the same posts as giac? Are there alternatives that are kind of getting pulled in with the same thing, their competitors? That's where you start to go, well, I mean, if I'm basically pulling in the same jobs as a OSCP or even PNPT or other, you know, you know, or just Elearn Security or TCM or COMPTIA or whomever certification body is. If I'm pulling in the same kind of jobs and I can pay a lot less money, do I see the value? It seems that employers see it because they're putting it on their job post, but they also see value in other certifications. This is what makes this very. A complex thing to answer, right? Is the fact that yes, it does have value. Certain people, it's like it's GIAC or nothing. And if you want that job, well, then guess what you're going to have to do. It is absolutely or like, if that job is worth it to you to invest the money to make sure that you have the qualifications so that you are qualified for said job, then yes, it is worth the money if you can go to. If you don't care. If you're just looking for a job that's like that, but you don't care whether or not it's that specific company and you can find a very similar job for a similar pay with similar types of qualifications, duties, benefits, so on and so forth. And they're like, but we take Security Plus. You're like, guess what, I'm getting ready to go get Security Plus. So now Security plus has, has more value than a GIAC GSEC certification or gpen or whatever it is that you're looking at. I'm just using these as example right now. That holds more value to me because it costs less and gives me the same output. So my return on investment is much higher. And that's what we're looking for is the return on the investment. Because that's what you're doing when you take a certification is you are investing in your ability to be marketable in the job market. Right. And to obtain employment. Oh, man, got me going there. Hopefully that helps. It's all about, yes, they are pricey. So really do your cost analysis on those things before you put the money on the barrel head. But if you find that that thing is really going to get you the jobs that you're looking to get, then absolutely, it is worth it, even if it's pricey because that's, that's the ticket to ride. Right. Cool question, though. Great question. Oh, goodness, Carrie, Jason's got a dad joke. Did the weather warm up since there isn't a hood? Oh, it's not that joke. Yes, a little bit actually. A little bit actually. It warmed up quite a bit. It's in the mid-80s right now. So Florida, doing Florida things where it's like, hey, it's freezing outside. Literally it's freezing. And now it's 85. You. Hold on. Are you just telling me we did a 50 degree swing? 52 degree swing in temperature? Yep. In like five hours. Yep. Fun. Super fun. Florida. And then you become allergy man because the plants don't know what to do. And as soon as the worm comes back up, it's like pollen. More pollen for you, pollen for you. Stinking pollen. My nose just starts running uncontrollably. I'm sneezing uncontrollably. My eyes are watering and itchy. It's fun. It's a good time. Apology man. That's what we got here. This one comes From Net Setup received an email from someone on LinkedIn for a cyber job opportunity. Not sure if this is legit. What is your guidance on responding to those emails? Start doing your OSINT, man. Look up that company, look up that recruiter, look up whoever it was that sent you that email. Look for reviews on that. Do some glassdoor stuff. See if there is like anyone that's had any kind of interaction with that organization or that person and whether or not it was positive or negative. You know, you can use some privacy focused things to work with that stuff, which I have done from time to time. Maybe somebody sends me like a PDF, I'm like, I guess this is going in a vm, right? This is going in a sandbox because I don't want to open PDFs on my producer laptop because that ain't, that ain't how I roll. All right, let's see here. Looking for, looking for questions. Looking for questions. Leatherface outside that finally getting to you guys. Talking about people, the, the noise outside my door. Oh, let's see, here's a question. This one comes from Taekwondong Everyday expectations can't be done. Okay, interesting. How does this work for someone who can barely meet expectations? Are they put to the waist side? Not really sure what you're saying there, bud. Everyday expectations can't be done. How does this work for someone who can barely meet expectations? Are you saying, Are you talking in the. Man, it's so hard to have a two way conversation with the delay in the chat and everything. But let me, let me just try to answer it from two perspectives. If you're the hiring manager and you're saying that you can't deliver everyday expectations, you don't really have a job role at that point. You're, you're probably building one or you're just looking for a good team member that could kind of pick up some slack. And that's the everyday expectations. If you are the hiring manager, you should be able to come up with some loose guidance on what the job is going to be. Right? Like, and even if that guidance is, we expect you to just kind of figure out your job role and you make it. Because we got all sorts of things that are happening, we don't have enough manpower to make it happen. So we need your help, we need someone's help. You go, cool, I can do that. I'm good to go on that. Or you're like, I'm not really comfortable with, with doing that. It's all about expectation setting. Whether you are the employee or the Employer. Right. If you're the employee and you're like, I can't give you expectations on what I can do. Bye. Yeah, you're going in file 13. You're going in the round file, like, goodbye. Right. I, I don't want someone that can't tell me that they could do something if I needed them to do it, or at least have the confidence to say, you know, I don't know if I can do that or not like that. I guess say, I, I, I don't have that skill right now, but I can learn that. I can learn anything you need me to learn. I can do anything you need me to do. Might take me a minute to get up to speed on it. But don't worry, I'm, I'm adept. I'm, I'm astute. I have all the a words that are attributed to myself. So, yeah, there you go. So that's, it just depends, I guess so. It's a difficult question to answer. I'm not really sure exactly what it is you're asking. Oh, let's see here. Cool. Punter Joe let me know that no one could hear the loudness. That's great. That means that this microphone is doing a phenomenal job of killing outside noise. It, I, I, I've, I've had other microphones that did not do that.

A (81:44)

Sure, sure.

B (81:46)

I'm sorry. Sorry. Got a little, little something in my throat there. Yeah. Let's see here. What do we got? We're on 22 minutes. Then you got to go to the Cyber Mentors podcast, because that's what's up. Get to that Cyber Mentors podcast. Let me see. Looking for those cues. Oh, I love this bruising Hacks thought it was interesting. This was a very interesting conversation that we had, Bruce and Hacks and I, we were hanging out at the, the lobby bar there at the, at the Marriott, in, at simply cybercon, and I was talking about Active directory, and he said that he had never built an active directory, and yet he has his pen test. Plus, that's absolutely doable. Right? But it was, it was shocking to me that that was the case. And this is something that I found very interesting that we continue to, I guess maybe a good way of putting it, a nice way of putting a standing on the shoulders of giants kind of thing where I don't need to know that anymore. I just need to know this. And it's, that is true. And this, this is where you get people that say, oh, you're gatekeeping or doing whatever. No, what I'M saying is, is that the fact that you've never installed Active Directory before means you don't know as much about Active Directory as you that as somebody else. Right? Because you don't know what it takes to get it installed. You've never worked through it and then dealt with ou's user accounts, computer accounts, setting up updates, things of that nature, working with permissions, group policy objects, all sorts of fun stuff that goes on into that which would make you more effective. And that's why we always kind of say that like the idiom of the best red teamers come from blue team and the best blue teamers come from red team. Right. So eventually one day bruising hacks are probably going to be amazing, blue team, where you're gonna find yourself transitioning over to the blue team because you're like, oh man, yeah, I don't know much about ad, but I straight up, if you do this, this and this, that's gonna bypass all that business right there because I've done it. You just became a tech neck, by the way. Bris and hacks. You are a tech deck, my man. But I thought that was interesting, but pretty cool that he mentioned it in an interview. Yeah. So these are the kind of things that help you stand up. So if, if me and you are up for the same junior pen test position or whatever, you got your pen test plus, I got my pen test plus. But I've installed and worked with Active Directory on the configure. Like even if I've just installed it and you never have and that come that comes up, someone's going to think, well, you know that I know a little bit more about it than you do and that, that sets me apart. And this is why I'm a big proponent of home labbing. We got five minutes. Goodness gracious. It goes fast. So, yeah, go build an ad today, right? Just today. Go spin up a VM with Server 2022 and install the Active Directory role. Suffer through that. It's going to take you, you know, maybe an hour or so to make that happen. But then you can, you can say, oh yeah, I've installed Active Directory, made that happen. I've, I've been down that road, put you a couple of users in it once you get done, right, Add a few groups, make some mistakes in there, create a file share and map the drive, turn on some SMB sign, right? Go do some dumb thing like some normal things and some dumb things that administrators tend to do, right? It's nice that we have game of Active Directory. That's awesome though. We have try Hack Me labs and we've got hack the Box labs and stuff that does that for you. But what's wrong with spending a little time today and going, you know what, I'm going to spin up Active Directory and it's just going to be my 80 that sits around. And then when I want to mess around with Active Directory stuff, I don't have to go in there. I can just kind of spin up my little VM there. Listen, you can do it with, with like two gigs of ram. You're not putting on like a heavy burden, right? Yeah. Will it be like the speediest, most awesome thing in the world? No, but who cares? It's just an experience that you get to do and go, oh, that's interesting. You know, let me, let me mess around with group policy objects. Let's see what that does. Let me see if I can turn off usb, right? No, no, usps. You can do that, right? Let me just. Let me just mess around and futz with this thing a little bit and see what it does. And then now when we are in competition for a job, you get to go, oh, no, no, no. I've done some ad stuff. I messed with that. I got the T shirt. It's cool. And I don't know about it being the right first impression or not. Yeah, you made a final impression with me. I had a great time talking with you. I really enjoyed our. I'm really enjoying it now and I look forward to the next one that we have when we get to meet up again. Let's see here. Hide the message. Hey, Kimberly can fix it. Three minutes. Ah. With. With that lens, you can make out every single beard hair on Daniel's face. This the haircut fish. And it is getting more and more. Look at that. I remember when it was just like, there was just a little tuft of whiteness right there and I am turning into Santa Claus really quickly. All right, let's get to some. Let's get some questions. I'm see if I can speed run the last three minutes. Okay, let's see here. I don't love Nikon. Nope. It's Sony and I used to be a Canon shooter. I still like Canon. Here's one real. Kyle. Kyle, have you seen the new Frankenstein movie? Also, what's the coolest cyber thing you've seen in the show or movie this year? I have not seen the new Frankenstein movie and I can't think of any cool cyber thing. I've seen this Year. Sorry. Infosec Pat is awesome. Agree to agree. He's my boy. He's my man. We're good. We homies. All right, let's see here. Looking for questions. Two minutes. Speed. Running speed. Cissp or nothing. Sticking to comptia for now. That's funny. Yeah, that would. That would suck. Looking for the cues. I. I am literally straight. Here we go. Here we go. There's a queue from Spandex Thunderstorm. I applied for a job and the organization is close to my residence. Should I make a visit and interact with hr? It lead about the position. A friend of mine did that and actually got hired. I mean, that's a. That's not an easy question to answer. Absolutely. Positively. Maybe. Maybe you engineer an interaction with them. Like, oh, I didn't realize. You're right here. How about that? I'm right down the street, man. I can even walk to work. Oh, so how's it going? You know, and maybe something like that. See here. Allergy, man. I am so far behind on questions. Here we go. Oh, my goodness. One minute from the real Bilbo. Going to Miami and Key west for my honeymoon. Am I. Am I going to be cold? Nope. The upload yt you would. How would you navigate wanting to stay loyal to a great employer but wanting to apply to other companies because wanting to jump to a higher pay by 40, man, that's just a career decision right there. You bring it to them, and this is going to have to be the last one because this is not a Speedrun question. I've been in this position. You bring it to them. You say, I've been offered a really good position, but I really enjoy working here. Obviously, the pay bump is very difficult to. To turn down. Is there any way you can meet me? Because I would. I mean, would you take a 20 pay bump at your current job for them to keep you on? Because maybe that's what they've got. Maybe they just don't have the money to keep you on. Right. They can't compete with that, but maybe they can give you a little bit and say, we're going to create you a roadmap and work with them. Say, I want to work with you and show me how I can within the next year get something close to this. Because I like this job. I want to stay here. If you show me loyalty, I'll show you loyalty. Right. I feel like that's something that's a little. I hate this whole, like, that you have to job jump and that it's a higher Fire environment, man, this really, really sucks. I don't like that. I, I think that if you're investing in your, your employees, that we can invest back into you is with loyalty, right? And then if it comes up that there's something, just, you cannot turn it down. And what are they going to do? Going to go, oh, you're the worst person in the world. You're going to go get 50 or 40 more. Pay bump at a job that's going to advance your career is going to help you make more money as you continue to go, man, you're a horrible person. Get out of my sight. They're not going to do that unless they are horrible people. I mean, yeah, I mean that's, that's a non zero possibility. But if they're cool, which I assume because you like working there, then they're going to be like, wow, we're really happy for you. We just can't compete with that. If you want to stay there, you can kind of throw something down. Go. Well, let's negotiate. What can we do? Because I really enjoy working here and if I can, I'd rather stay. Is there anything we can do?

A (90:51)

Right?

B (90:51)

Maybe they get you certification, training, maybe they do something right, I don't know. But if you just need that money or if you that money and that job is going to be a good stepping stone for your career, then it's just a career move. It's. It's not business, it's not personal, it's business. Right? That's, that's why this is happening, Joey. Now just look over there. I tell you about the rabbits. For those of you that get that reference, it is time for you to schedule your colonoscopy. Thank you for joining me on Jawjacking today. Run over now. Go, go, go, go. Raid the Cyber Mentors podcast. Thanks for watching and you know what to do. Stay secure. Let me get rid of this. I got to do all the things. Where is that? I don't know. Ah, I hate the stinking Restream. Restream you are by. Sam.