A

All right, what's up, everybody? Good Monday morning. This is Monday, November 24, 2025 holiday week. Thanksgiving's Thursday here in the United States. If you're looking to stay current on the top cyber security news stories of the day while engaging with an amazing community of like minded, supportive professionals in the industry, staying current on the top news, delivering value, learning tips, tricks, techniques, getting leveled up like an absolute boss, then you're in the right place because this is simply Cyber's daily cyber threat brief podcast episode 1004. Hold on. 1000 what? Hold on. 1012. And we're off and running. It's a beautiful day. Let's get cooking, people. That's right. Good morning, everybody. I hope you had a wonderful weekend. I certainly did here in the low country. Let's go Patriots, huh? 10 and 2. Who doesn't like that? Guys, I am super excited. We are going to go through eight cyber stories. I haven't seen or researched any of them. I don't even know what. Well, I do know based on the headlines what they're going to be because I had to queue up this thing right here. Computer, show them the thing. I queued up earlier. There we go. See this thing? So this is the extent of my knowledge. I don't research a prep. You know why? Ain't nobody got time for that. Seriously, ain't nobody got time for that. But you know what I do have time for? I have time for you to help level up, provide a community, provide a spot on the Internet for you to get together, get your cup of coffee. Hot, hot. Got the French press French roast going this morning. Hey, Soul Shine, Code brew, all the regulars, Jetty Housley, Jesse Johnson, Jay Gold, Norman, my man, Elliot Matais, Gary Sergios. Guys, I hope you got a great week lined up. Spending time with some family, it does feel like holiday. I was talking with Jenny Housley before. The show does feel like holiday. I personally feel like this week's work is going to be grindy, but I'm gonna lean into it. Yeah. Guys, every single episode of the daily cyber threat brief, including episode 1012, is worth half a CPE. So say what's up in chat, grab a screenshot. It's right above me here. And all you got to do is file it away once a year, count those screenshots, divide by two because it's half a CPE. Count them up. You get that many CPEs a year, you can get up to 120. Thank you, Kayla Sturgeon, as always, for crunching those numbers and when you take the screenshot, include the episode title because the title has the episode unique number, 1012 and it has the date marked November 24th. Right, easy as that. I do want to say if today's your first episode, thanks for checking us out and welcome to the party, pal. I hope you enjoy the show. I hope some of the newcomers that we caught, what was it? Dr. Garfield and uh, Dr. Garfield and uh. Jesus. There was another one last week, I can't remember on Friday. But anyways, I hope you came back. Say what's up? If today's your first episode, drop a hashtag first timer in chat. Hashtag first timer in chat. The squad here right above us will welcome you very well. Zemif's up in here. I love it. Mary Ellen Kennel kids off? Are the kids off? Mary Ellen, are you driving to school right now? Every single day of the week here at Simply Cybers Daily Cyber Threat Brief has a special segment And Mondays, I'm very proud to tell you, is Simply Cyber's community member of the Week. Where we recognize one community member and we have an absolute rock star to share with you today. This is sponsored by Threat Locker. Threat Locker. Those who bring the application security denied by default appsec approach to your business. I get to give a hundred dollar Amazon gift card or Simply Cyber Merch to this person and I'll. I'll tip my hand a little bit. I hope she is in chat this morning, I really, really do because I'm super excited to share with you why I have made her the Simply Cyber community member of the week. All right guys, before we get into it, let me pay the bills please. Simply Cyber Daily Cyber Threat Brief is sponsored and we appreciate the sponsor. Starting with Flare Academy, go to Simply Cyber IO Flare. This is very, very timely. What's up? What is up DJ B? Good to see you in chat. Go to Flare Academy. Okay, right here. I dropped the link. It's in chat. Go to Flare Academy. Here's why. Literally today at 11am there's still time. There's still time. Oh Justin Gold. There is still time to register for this training. Guys, Being cyber security professionals is great but it is important to understand how it works to be able to do cyber correctly. This is why Cyber is often seen as not an entry level position. There are junior level roles but you do have to have some prerequisite knowledge and it specifically around Active Directory and Azure. Active Directory, lovingly called Entra ID by Microsoft is super valuable. So how do you get that knowledge? Well here's here's one way to do it for absolutely $0. Go to simply cyber IO flare. Check this out. It's free to register. Get it on your calendar for today at 11. I don't know what you're doing. I gotta tell you what, I have a couple things that I have to get done today but like I said, it's pretty grindy today. This would be a perfect Monday of Thanksgiving week. Two hour activity to fill the, fill the schedule, deliver some value and also kind of be a light lift from a effort perspective. If you want to explore key active directory attack techniques like Kerber Roasting, DC Sync and more, they're not only going to explain it to you, they're going to demonstrate how it works. This is amazing. Go to Simply Cyber IO Flare. I also want to tell everybody, just shout out to Flare. It looks like they're going to become a renewal for sponsoring Simply Cybers daily Cyber threat brief for 2026. But like they're, they're increasing their level of commit so they're going to be a regular sponsor the way that like Barricade and Anti Siphon is. So thank you to Flare for doing that and I enjoy working with you. I love having sponsors that I like, enjoy and would work with. I also want to say anti Siphon training. Here's another one that you talk about good people. Anti Siphon training is disrupting the traditional cyber security training industry by offering high quality, cutting edge education to everyone regardless of financial position. And I believe John Strand's got a training coming up here pretty soon. Most people are taking it easy this week, right? How about next month? Get yourself queued up for December. Yes sir. Getting started in Infosec with John Strand. Black Hills Miter Attack Guys, if you don't know what Miter Attack is, this is an absolute no brainer to sign up for. It's 16 hours. It starts December 2nd, four hours a day. So you can still check your email, get your crap done while taking training during the week. Love that they do that. In fact we've modeled that at Simply Cyber Academy for next year based on that same thing. John Strand himself is amazing. Go to antisaventraining.com check it out. This is. He does these trainings a couple times a year. Do not miss this. It's not like you just get the next. This isn't like a bus where you'll just catch the next one next week. No, no, no, no. He does these a couple times a year. So scoop it up if you're. If your schedule allows right Maybe you recently got laid off. I don't know, maybe, you know, you mix it into your, your day, right? Get up, have some coffee, check some emails, do some training, play some Monster Hunter, do some more training. Get frustrated with the tutorial on Monster Hunter and uninstall it. Then do some more training. You know these things. I love it, I love it, I love it. All right, let's just hear quickly from Threat Locker and then we're off and running into the news. I want to give some love to the daily Cyber threat brief sponsor Threat Locker do zero day exploits and supply chain attacks. Keep you up at night. Worry no more. You can harden your security with Threat Locker. Worldwide companies like JetBlue Trust Threat Locker to secure their data and keep their business operations flying high. Threat Locker takes a deny by default approach to cyber security and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation is fully supported by their US based Cyber Hero support team. Get a free 30 day trial and learn more about about how Threat Locker can help prevent ransomware and Ensure compliance. Visit threatlocker.com Daily Cyber. All right friends, do me a favor, sit back, relax and let's let the cool sounds of the hot news wash over all of us in an awesome wave. I will see you guys. Phil Stafford, Elliot Mati at the mid roll. Let's go from the CISO series it's cyber security headlines.

B

These are the cyber security Give us the Chiron 11-24-2025 thank you, I'm Steve Prentice. CrowdStrike catches insider feeding information to hackers CrowdStrike has now confirmed that quote, an insider shared screenshots taken on internal systems, end quote. This after the images were leaked on Telegram. CrowdStrike emphasized that its systems were not breached as a result of this incident and that customers data was not compromised. They did not however specify the threat group responsible for the image taking incident. Spanish era.

A

All right, I mean that was a pretty like, that was just a little bit more than reading the headline, the amount of reporting that was done there. All right, so CrowdStrike very well known EDR solution. I would say, I would say CrowdStrike's the number one EDR in the market as far as like revenue goes. If that's how you want to measure it. Hold on, I'm actually kind of curious. CrowdStrike revenue, it's them or Sentinel One, right? Or, or Microsoft Defender. But that's not fair because Microsoft Defender has, you know, Azure, it kind of mixed into it. All right, so Crowdstrike's total revenue for the last 12 months of July to July is $4 billion. Okay, is that good? Is that, is that something we like, bro? Why, why, why sentinel 1 revenue. Let's just check really quick, Come on. Can you beat 4 billion? Nope. Oh my God. Sentinel One's only 900 million, so 25 the size of CrowdStrike. So as, as I said confidently, but then Trust but verify, CrowdStrike is the number one EDR solution in the market. This is why when you go to Black Hat, they have the biggest giant in your face, obnoxious booth with like a transformer, like, you know, a life size transformer, like, you know, 25ft tall in there. When you have a lot of people working there, guys, you have insider threat. Hey, one thing that I do promise you, and I tell the, the regulars on the regular, but if you're new here, one thing that I. Yeah, you can read this story yourself. You don't have to come here to read this story or hear this in your feeds. But what I like to do is go beyond the headlines. I've got 20 plus years of experience and I like to give you additional value that you don't get from this. Okay, so here we go. Number one, this is insider threat all day long. Okay? Tech companies definitely need to worry about insider threat. Tesla, Microsoft, CrowdStrike. Right. And when it is a security technology company, it's even more important because threat actors definitely would love to get their hands on some source code, understand what's going on so they can circumvent the security of those toolings. And with CrowdStrike being a $4 billion business, you know, they've got high end clients, large deployments. I heard that this person received $25,000 from the threat actors to do this. They obviously got fired. So, you know, definitely not a Good, good move. CrowdStrike turned it over to law enforcement agencies, so potentially applying that $25,000 to lawyer fees when they have to go to jail. Yeah, here's the $25,000. So the threat actors got single sign on off cookies from the insider. But then the suspected insider had already been detected by CrowdStrike. Okay, so here we go. Number one, you can trust your employees. Okay? You could say, oh, we love you, we love our employees. We're a family here. Yes, absolutely, 100%. Celebrate and treat your employees well. However, you have to be real that an employee at any moment can be compromised. This is why we do recurring polygraphs for people who hold the most sensitive security clearances in The US Federal government. It's because, yes, today I am. And I'll put myself in this. Right, listen, this is how insider threats can really manifest and why you need to put detections on, on abnormal behavior sensitive information, have threat intelligence coming in all the time so you can see when things get leaked. Nick Escoli was my guest on Simply Cyber Firesides on Thursday last week, and all we did was talk about this literally before this happened. Okay, so we weren't talking about CrowdStrike, we're talking about insider threats and using threat intel to stay ahead of the curve. They found out about this, very likely because CrowdStrike has people doing threat intelligence or who are embedded in those groups undercover. Right. And, and, and get, find out, oh, this information's coming in. Listen, here is a real scenario, okay? I have absolutely no desire, like, let's pretend I work at CrowdStrike. I have absolutely no desire to be a threat, okay? I'm working, I'm trying to climb that corporate ladder. I'm trying to level up, I'm trying to make a, a dollar out, you know, and pay my bills. Live the American dream, right? That social contract that the United States has made with its citizens of go to work nine to five, you know, get your Dunkin Donuts, coffee, do your thing, go home, eat dinner with your family and watch football and dick around. Oh, sorry. And mess around on the weekends, right? This is kind of the social contract. However, let's pretend for a second that my kid, one of them, has contracted a serious medical concern or serious medical condition, which the medicine costs lots of money, okay? Let's say I get hit by a car, okay? And my, my medical bills are all racked up and, and messed up. Let's say I get addicted to opioids because that car accident screws me up and now I'm, I'm like, for better or worse, addicted to opioids, right? Let's say I, I get on FanDuel because ESPN's jamming the friggin FanDuel in my face all the time and now all of a sudden I get addicted to gambling. Like these things happen. And sometimes it's not because you're a bad person, it's just because of circumstance. And now you need access to money quickly. You can't go to your boss and ask for a hundred thousand dollar raise because you have medical bills. What are you gonna do, start selling organs? Maybe, but maybe you get reached out to by a threat actor and they're like, hey, listen, all you have to do, all you have to do is install this on your computer. That's it. I'll wire you $25,000. All you got to do is give me your cookies. We won't even tell anyone you did it, okay? This is how insider threats can be. This is why you can be a family and everyone can love everyone at work. And Jan's cookies are the best. And, oh, my God, I. I'm so happy it's the holidays because Phil Stafford's wife makes these peanut butter cookie bars, and he brings them on the. Brings them in the day before Thanksgiving. But at the end of the day, guys, you've got to put detections in place. You've got to use honey pots and honey tokens. You have got to be watching the wire, so if something anomalous does happen, you can objectively and dispassionately follow up on it. Oh, Phil. Geez, Phil, I'm really. I really don't know how to talk to you about this, Phil, but it looks like. It looks like someone's running around with your credentials. Just know, Phil, you accessed this file. Ex. Can you explain it? All right, so CrowdStrike. Big ups to CrowdStrike for taking care of it ASAP. I love that. There's a reason that they are a Fortune 500 Super Trooper, you know? Company line.

B

Iberia suffers breach and data leak. The company says this occurred as a result of unauthorized access to a supplier's systems. The compromised data is alleged to consist of names and surnames of customers, along with the email address and Iberia club loyalty card identification numbers. The airline says customers Iberia account login credentials and passwords were not compromised, nor was any banking or payment card information accessed. The company is warning customers to be vigilant for suspicious communications.

A

Okay, I'm glad I went long on the CrowdStrike story, because this is a day that ends in y story. Okay? So I'm gonna make this. All right. So if you work at Iberia, you already know about this. If you are, if you fly Iberia, we do. Worldwide. Wednesday. On Wednesday, very, very seldomly do we have someone from Spain in here. So I don't think the story really maps too well. I will make this more applicable. Okay. Company that has customers discloses customer data leak after third party security breach. Okay. This is the world we live in. Supply chain is a thing. Then you know Iberia is using some third party to do something for them. Could be payroll, it could be CRM, it could be marketing. Doesn't matter. They suffered a breach. Iberia owns it. Guys, this is one of these. So when we talk about the impact in cyber security. GRC Mafia, where you at? When we talk about impact on. In cyber security, we often talk about financial impact, right? But there is reputational harm and it's kind of like, I don't know, the, the, the. It's not given the same level of respect as financial harm because people are like, what's the big deal? Well, this is one of these situations where even though Iberia isn't the one who had the problem, they're the ones whose names in it. It doesn't say the company that actually had the data breach, it just says Iberia. So this, this is one of those ones where it sucks that company X has a problem and then you have to own it. Okay, this, this is nothing, dude. Customer's name, email address and loyalty card number. It's honestly, it's crazy that they even have to disclose this. I don't even know that. I don't know if this is like a GDPR disclosure, but.

B

So AI is too risky to insure, say, insurers.

A

There you go. Phil Stafford.

B

According to the Financial Times news outlet, major insurers such as AIG, Great American and W.R. barclay are quote, asking U.S. regulators for permission to exclude AI related liabilities from corporate policies, end quote. These liabilities are described by one underwriter as, quote, too much of a black box, end quote. The fear, they say, is of thousands of simultaneous claims when a widely used AI model makes a mistake. The article quotes one executive from the insurance company Aon saying insurers can handle a $400 million loss to one company. What they can't handle is an agentic AI mishap that triggers 10,000 losses at once. The Financial Times article cites examples of the types of events that are spooking insurers. These include Google's AI Overview falsely accusing a solar company of legal Troubles, triggering a $110 million lawsuit back in March. Air Canada being forced to honor a discount invented by its chatbot, and the infamous $25 million deepfake heist that happened to the London based design engineering firm ARUP last year in Hong Kong.

A

All right, this, now this is a story. Okay, with all due respect, I'm sure the people at Iberia are upset about data breach, but this is a story. Okay, now for those who don't know, really quickly, shall we play a game? Thank you, Sierra Montgomery. I love myself some. Some cyber insurance. Okay, it. That is as much as reputational harm is an obscure impact for GRC risk calculations. Cyber insurance is even more obscure. GRC Mafia people, like, I'll tell you this, I like cyber insurance. And even like other GRC people, like, will turn their nose up at me and be like, oh, Jerry. So, like, within the GRC discipline, insurance gets a wrap. A bad rap. Okay, but this is crazy interesting. So number one, insurers for in like 2014, 2015, insurers were like, it looked like, oh, my God, what's that Tom Cruise movie? It was like entirely too long. It was like four hours long. And it was like, about him like Oklahoma, land settling. And it was Nicole Kidman. It was like that phase where Tom Cruise and Nicole Kidman were in like every movie together. Oklahoma, Oklahoma movie. Let's see what it is. Far and away. Okay, so check this out. Completely obscure reference. 1992 Space Tacos drink. This movie was about basically Oklahoma land settling, where you could just like, way back in the day, you could just like run and stick a stick in the ground and like, it was your land if you agree to like farm it and stuff like that. This is how the. The United States moved west. All right. Yes. Oh, yeah. Days of Thunder. Much better for sure. But in 2014, 2015, cyber insurers were going bananas writing cyber insurance policies. Companies were like, oh, man, this is like free money, right? They were adding cyber riders to existing business insurance claims. O M would then include cyber and all that. And then things happen, like, not Petya. And ransomware started exploding, right? Because 2014, 2015 was pre ransomware explosion. 2017, WannaCry North Korea. That is when ransomware, like, showed up on the map. Okay? And then cyber insurers were like, oh, my God, we're getting absolutely pounded. Like, we gotta pull it back on this one. They learn from that lesson because now they're saying that AI kind of like with cyber, it's. It's too risky to ensure. We will see where this plays out. My. My thoughts on this one. Okay, guys, AI is in everything. Go to any conference and you will see every vendor booth with some freaking AI now installed or now with AI and all it is is a chat GPT wrapper. But. But it's AI all over the place. We got AI, AI, AI bots, AI Chad, AI DevOps, you know, whatever. So how are you going to not ensure. I get it. You're not going to ensure AI if anything, okay, I think that this is cyber insurance. I mean, just insurance companies are about to get paid out. Because if everything has AI in it, whenever you have a claim, can't they Just be like AI is not covered. Like if any. To me, I swear to God, it seems like they're trying to like set themselves up for an out. I and I agree with him by the way, man. Like AI is risky to ensure it. No one understands how it comes to its conclusions. I know it's like statistical analysis and stuff like that, but this is. This is wild, man. You're not going to be able to insure it and you're gonna have to take on that risk. You're going to have to take on that risk. And I tell you right now, we've already had a couple companies have major issues because of AI. One one airline company last year had an AI chat bot that was like just giving refunds away. And you know, that was a small potato kind of thing. But it, it does, you know, go to show you how these things can be manipulated or. Or not act the way that you'd want them to. So for me personally, I actually am absolutely going to be following this story. In fact, this is juicy enough that I would love to get a. A. I. Excuse me, somebody from the insurance industry to come on and talk about what the current discussions are with this. I might reach out into my Rolodex. Rolodex and see if I can't get. Get someone to come on and talk about this. Let me know. Hold on. Let me actually start a poll. Actually, let me start a poll. Do you care? Would you want a insurer, insurance person to fireside on AI impact? All right, answer honestly. For real though, like, because. Answer honestly because I don't want to do this if. If, like the majority of you don't want it. All right, let's keep going.

B

Salesforce warns of data breach after third party activity this warning was released last Wednesday evening after the company discovered unusual activity related to a third party application called Gain Site, a platform designed to help customers track sales data and customer information. Salesforce emphasized that there was no indication that the issue resulted from any vulnerability in the Salesforce platform. Instead, the company says the activity appears to be related to the app's external connection to Salesforce. Although the actors behind this have not yet been confirmed, it appears that this may be yet another attack by affiliates of the Scattered Spider Shiny Hunters group.

A

What? Why would they attack Salesforce again? Didn't they just like dump everything? All right, so Gain Site is a platform. That's the one that got hit. Let's see. May have enabled unauthorized access to certain customers data through the apps connection. Okay, So this isn't a technical Exploit. It looks like the threat actors got access to credentials, tokens, session cookies. I don't know, man. Here's the thing. Salesforce just suffered a massive data breach. So you would imagine I don't work at Salesforce, but you would imagine that they are like everyone is on red alert. Like it's like Metal Gear and you've been detected by the soldiers. It's like, right. I. I used to have that sound effect on the board here. You've been detected. Right. So everybody's like on high alert looking. So of course they discovered this quickly. Yeah. So I mean basically threat actors are trying to get this data, customer data, CRM data is very valuable. Salesforce is like a sales and marketing tool. What's so great about that is you can see what customers, I. E. What businesses have money or have spent money, revenue projections, all this. And it basically gives the threat actors the scattered spider lapses, shiny hunters, threat group. Kind of a. Not a punch list, but like it's intelligence for them to be able to target their next high value target. Because, like, think about it, guys. Like, I hate to be. So I don't, I don't promote or support any of this cyber criminal behavior. Okay. But let's think like cyber criminal for a second. Okay? Flaming donkey Styles. Carrie. Carrie wants to know, where can I find your video on cyber insurance? Go to simply cyber YouTube channel and type in insurance. I only did the one video to like the thumbnails like me, like looking at a clock. It says two minutes. It's a two minute video. I literally tried to make the insurance video as short as possible so people would want to watch it. Spoiler alert, it's my least viewed video on the channel. If you're a threat actor and you're trying to make money. Right. Cash homie. And you can attack me, Marcus Kyler, Sierra Montgomery, you can attack the three of us. Okay, which one would you pick? You could pick one at random. Sure. But if you could hack into our financials, I. E. Like, you know, the Salesforce stuff or all this revenue, and you find out that I have $1, Marcus Kyler has $2, and Sierra Montgomery has $10,000. Well then if it takes the same amount of effort to hack me, to hack Marcus, to hack Sierra, which one would you do? Obviously, right? So this, to me, this is what they're doing. They're fueling their pipeline. This is like the recon phase of their kill chain of making it worth their while. As I've predicted multiple times on the channel, I do think that shiny hunters lapses and scattered spider teaming up is going to make them too big a target. And I would suspect that they will have a law enforcement intervention in 2026.

B

Huge thanks to our sponsor, KnowBe4. Cybersecurity isn't just a tech problem, it's a human one. That's why KnowBe4's human risk management platform allows you to measure, quantify and actually reduce human risk across your organization. With AI powered risk scoring and automated coaching and reporting, HRM plus helps you surface your highest risk users and reduce the risk of data breaches and cyber attacks. Proactively ready to move from awareness to action? Request a demo of HRM plus today@knowbefore.com that is K, N O W B.

A

E and the number4.com all right, 92% of you, 92% of you want.

B

An.

A

Insurance person to come on and talk about cyber insurance with AI. I will do it. You've got to show up though. I swear to God if I. If I put this firesides together, no one shows up. I'm be like bruh bra Bra. All right, we're at the mid roll. Where's my warm chocolate? There it is. All right, holla at you guys. Hey, thank you so very much for being here. We are at the mid roll. I hope you're getting value from the show. Didn't see any first timers in chat, but if you're secretly here for the first time and not wanting to say anything. Welcome to the party pal. I hope you guys are having a good time. I want to say again thank you to the stream sponsors Flare, Anti Siphon Threat Locker and Barricade Cyber Solutions. Guys, Barricade Cyber Solutions continues their webinar series Fortify 365. If you're looking how to properly secure and understand management of an M365 environment specifically around SharePoint and OneDrive this Wednesday come check it out. December 26th Fortify365 webinar with Eric Taylor at Barricade Cyber. You are going to learn in one hour for free how you can set external sharing defaults or new and existing guests. You can reduce risk by having expiration on guest access and anyone sharing links restricting OneDrive access. Guys, every single user in your environment when they get licensed for an email they also get OneDrive and SharePoint access and so much other. This is Attack Surface so if you don't know how to properly configure it, you're taking on risk you don't need. Come check it out go to webinars.barricadecyber.com for this Wednesday at 1pm right before Thanksgiving. You know guys, you know it's gonna be slow as all get out. It's gonna be like molasses in January. So slow at work on Wednesday. Come hang out. Eric Taylor. Learn a little bit. Push into that Wednesday night before Thanksgiving. You know most people, if you like to drink though, I feel like the Wednesday before Thanksgiving is like the unofficial like really getting after at night more than New Year's Eve. There we are. Hello, Camera Gonzalez or Shamira Gonzalez. Good morning. 27 months blue badge. Looking good on you guys. Every single day of the week has a special segment and Mondays is Simply Cybers Community member of the week sponsored by Threat Locker. Threat Locker takes an app application security denied by default approach and they are killing it by the way. Way to go Threat Locker. And because of that, I am able to award the Simply Cyber Community member. Not just recognize them, but because it's sponsored, I'm able to give them a prize. $100Amazon gift card or a hundred dollar ish worth of simply Cyber merch. And I would like to recognize Shamir. Shamir Gonzalez. There she is. Guys, check this out. Shimira Gonzalez, a longtime Simply Cyber community member, United States Air Force veteran. Awesome. She not only is she participating in a video series I'm working on for 2026, but let me drop this bomb on you, Shamaria Gonzalez, on the Simply Cyber Discord server. We have a women's only channel now. I, I literally, I have permissions to go everywhere on the server. Obviously I'm, I'm like admin, but I literally do not ever go into the women's only forum on the Simply Cyber Discord server because I don't think it's appropriate. Okay. I want it to space for these women. Shira has taken it upon herself to set up like monthly like coffee meetings or whatever with the women of Simply Cyber. So I didn't even know this a month ago last week I was talking with her and she's like, oh yeah, we just got off of the monthly women's virtual meeting session. I was like, what are you talking about? And she told me, I guess it's been going on for a few months. So that is what I'm talking about. Shamaria, thank you so much for being such an amazing Simply Cyber Community member. And I'm so happy to be able to recognize you this week as, as the special community member. And if you are a woman and you would like to participate in this women's only subgroup go on the Discord server and I. I don't even know what the name of the channel is. I think it's women only or. Or women. But yeah, anyways, holler. You're simply cyber community member of the week. Great work. Thank you Shamira, for all you do. All right, let's keep cooking.

B

Sonic Wall identifies SSL VPN floor allowing firewall crashes. This is a high severity buffer overflow flaw in Sonic OS SSL VPN that lets attackers crash Gen 7 and Gen 8 firewalls with a CVE number and a CVSS score of 7.5. The issue comes from a stack based buffer overflow that can trigger a denial of service condition on vulnerable devices. Sonicwall is urging all customers to apply patches immediately. The flaw only impacts the Sonic OS SSL VPN interface or service if enabled on the firewall and Sonicwall is not aware of attacks in the wild exploiting this vulnerability.

A

Bruise and hacks. What needs a wrecking ball? Let me know. Okay, so check it out. Sonic Wall. Oh my God. Sonic Wall. One of the revolving doors of, you know like some companies will have security research blog posts come out regularly as their news story. Sonic Wall, Fortinet, qnap, zxel, they just have like vulnerability news reports on the regular. So if you are a mid sized business, good chance you are running Sonic Wall. Yeah. And it's on the SSL VPN which is basically a security appliance. Right. So you to me, you always want to be like okay, so Internet facing assets for sure. You want to be careful with Internet facing security products, bruh. You need to shut it down like John Taffer and patch it. Ah, you gotta patch it. Okay, now they did say that this CVA CVE has a low CVSS score. I'm gonna go to EPSSLOOKUP.com actually you know what I'm going to go. I'm going to go to DJ B Sex. What's your. Hold on? We'll mix it up. DJ B Sex got a tool too, right? Let's look at his tool. We're going to get results fetching. See B Sex one takes a moment. You got to like have a sip of coffee. The cbss score isn't that high. I think they said it's like seven seven something which isn't high. But that's not really how you want to handle these things. You want to look at the EPSS score. They said that there's no reports of a POC out there or that it's Being actively exploited, which is great. That means you've got a head start. You have time to get in front of it. How do I, bro? All right, we'll go to epsslookup.com I'm gonna drop a link in here. And honestly, guys, this is kind of surprising. So 75, which is a medium criticality. 300ths of 1%. 300ths of 1% chance of getting exploited in the next 30 days. So technically it's not awful. Plus the impact is just a denial of service attack, which obviously it's an SSL vpn, so your workforce wouldn't be able to remotely log in. It's a holiday week. Workforce is actually kind of limited. So for. For various reasons, you know, and this is me, like kind of doing back in the napkin. Gut my guts. Thoughts on it? I. You want to patch this, but I wouldn't like, prioritize this as you got to like, you know, pull everything down and get it fixed right now at a minimum. Right? You can turn off the service if you don't even need it. So then it's not even an issue. There's a lot of ways to address this risk. So GRC Mafia people, this is a great. If you're an aspiring GRC professional, this is a great one. Oh, This is a great one for you to see how not all vulnerabilities are treated equal. Okay. And how we handle them. Because, guys, we. At any point, as GRC people, we can run it up the flagpole and be like, hey, we've got to shut this down. But that takes political capital and you do not want to spend those credits if you don't need to. And how you do the analysis on whether or not you need to, you know, light a fire under someone's butt is. Is through that analysis. So this is what we got to know about. Sorry, everybody. The. The Nelson laugh. DJ B Second Jesse Johnson and Mod Chat had a bit of a. Cox.

B

Enterprises discloses Oracle E business suite data Breach.

A

Oh, my God.

B

The telecommunications giant is notifying impacted individuals of a data breach that exposed their personal data. The hackers breached the company network in August after exploiting a zero day flaw in Oracle E business suite. The company, however, did not detect the intrusion until late September following an internal investigation. No attackers have been named, but the Clock Gang has taken credit for exploiting a CVE numbered zero day vulnerability long before Oracle released a patch on October 5th. Cox Enterprises has not specified what types of data were exposed.

A

Bro. Like it. Okay, so a couple things. One, I was gonna Lose my mind if this company had been breached recently because the Oracle EBS vulnerability and active exploitation of it has been in the news for a while. For what it's worth, they were hacked in August. Didn't find out till September. Which tells me that their incident response program is like meh, You know, and, and you know, they got hit. I mean, that's all it is to it. I mean, I guess at a minimum they're lucky that they got data exiled and not ransomware encrypted files. Doesn't sound like they've had any impact to their operations, like their ability to deliver service and basically make money. I hate when they do this. Though the company has not named the attackers. Okay, literally on the Clop Ransomware extortion portal, they've published that they have it and are showing it. So like it's always, to me, it's always so cheeky that usually these large enterprises like Cox Enterprise has 55000 employees, $23 billion in revenue. Like that size company, they have like a friggin army of lawyers who say what you can and cannot say. And they definitely have been advised. We, we're advising you not to say who the threat actor was. Why, like, why are you being so cheeky? Everybody knows it's Clop. I know it's Clop. You know it's Clop. Clop knows it's Clop. Clip, Clop. Clop, Clop, clip, Clop. Flaming donkey nose. Okay, so I mean, whatever, there's, there's really nothing here for, for us as practitioners, I say, I guess the one thing I could say is, I mean, it's played out right? But do tabletop exercises for ransomware incidents, Talk through management on what you would do. Like treat this as an example, pretend this was your company. Okay. Hey executives, we've just been notified that Clop Ransomware, you know, instead of it saying Cox Enterprises, it says your business dot com. We've just been notified that Clop Ransomware has put 70 gigs worth of data on their extortion portal and has emailed us saying they would like us to give them a hundred thousand, two hundred thousand, one million, ten million, whatever. Like choose the number. My advice would be to select 3% of your annual revenue as a number to make it, you know, put a little skin in the game for the executives. But this is a nothing story. I mean, this is a company that was hacked by something from months ago and they're just digging out. I will say that this is classic Clop ransomware activity. Clop they usually get a huge whale of a hit, meaning many, many, many large businesses. And then it takes months to dig out all of the data. But they are meticulous, they are consistent, and they're vigilant, man.

B

Law enforcement agencies in Oklahoma and Massachusetts respond to cyber incidents.

A

Nice. Tell your mom I said hi.

B

County Sheriff's office, just south of Oklahoma City announced on Thursday that it was facing a ransomware attack affecting parts of its internal computer system. Officials confirmed that there was no interruption to public safety services or 911-service. Meanwhile, the Massachusetts city of Attleborough also reported a cyber attack impacting the local government and the police department, affecting phone lines to the city of Attleborough and Attleborough Police Department, as well as municipal email service. Citywide online bill payments are also temporarily unavailable. Wind farm.

A

All right. Regulators, mauna. All right, couple things. One, like, local law enforcement are not equipped to handle cybersecurity. All right? And I don't mean that, you know, in a dunk type way, but like, dude, incident response, cybersecurity, these are specialized skills. And again, no disrespect to police officers, but they're often dealing with much more physical related incidents. Trespassing, armed, whatever, you know, not conflict, but oh my God, you know, like, like disputes and stuff like that. I would argue, But these local, local governments are being hit by cyber attacks. This isn't surprising, guys. Law, state and local are regularly getting hit. Again, I've said it a million times. They're un, they're non profits, right? So they by design don't have a lot of resources. They typically don't have dedicated infosec people. They have IT people that are basically told to also be cyber security, who are also spread thin, right? Like three, three IT people serving an entire county. As always, the emergency services are typically on a separate system. So you don't have that issue or you don't have that get compromised, which is great. You want to be able to call 911 and get support immediately, not be like 911 and it's like, you know, the number you called is not in service. You're like, okay, Yeah, but I mean, whatever. Adelboro, Mass. Cleveland, Oklahoma. It doesn't matter, guys. It doesn't matter what your politics are, what state you live in. These, these IT systems are out there. I would say, You know, if you do work in, in state or local, you know, my hat's off to you. You've got an uphill battle. I would definitely, if it were me, if I was in charge if. If the CIO of Dorchester county called me right now and was like, jerry, I'll pay you whatever. I want you to be in charge of cyber security for the county. You know what? Like, literally one of the first things I would do would be like, okay, like let's like show me your external Internet facing IP range or your external attack surface. Not what cloud services you use, what assets are Internet facing to our, you know, internal, or do we even have an internal IT infrastructure? Right, Probably. What's the attack surface look like? Let's start hardening that. Let's see what. Basically, let's see what the criminals see and then work from there and start buttoning that up. But.

B

Worker turns turbines into a crypto mine. From the. When you're a hammer, everything looks like a nail.

A

Oh, there we go.

B

Another insider threat manager at the Dutch wind farm operator Nordex has been sentenced to 120 hours of community service after it was discovered that he had secretly installed cryptocurrency mining rigs at two wind farm sites just as the company was recovering from a Conti ransomware attack. The unnamed employee, who is in his 40s, used the turbines to power the cryptocurrency mining operation at two of the company's sites. As Graham Cluley writes, this is not an isolated case. And he cites a 2018 instance in which several scientists at a top secret Russian nuclear warhead facility in Sarov were arrested for attempting to use one of the country's most powerful supercomputers to mine Bitcoin. And in China, a school headmaster was arrested for stealing his school's electricity to power a 24 hour a day cryptocurrency mining rig. Do you want to know more? Okay.

A

All right. This is funny. I mean funny, but not funny to me. Like, this is freaking hilarious. Okay, they are going back into the archives here though. They mentioned. Yeah, but Phil Staffer, they said a criminal in his 40s, but then they mentioned that the company was recovering from Conti Conti. The Conti gang imploded in March 2022. Okay. It's almost 2026, so I don't know why they've been sitting on this story, but whatever. The Conti ransomware gang implosion is like, it's not like I just memorized when threat actor gangs implode. It's just, it's kind of a well known story. One half of the gang was Ukrainian, one half was Russian. And you might remember what happened in like February, March of 2022. It tore the group apart. Guys, here's the deal. Justin Gold will tell you there's a reason that Jay Gold. His name is not Jay Gold. That's his dad's name. His name is Jay. Crypto. Gold is for the old. Crypto is for the youngs. Okay? So Jay crypto will tell you that the thing with crypto is you gotta mine it. And it's a massive power drain. And the cost of energy, the cost of energy is less than what you would make, which is why everybody's not doing it right. But if you can have someone else pay for the energy. Huh? Huh? Well, then it's all profit for you. We. I haven't seen this in a while. For a while there was crypto jackers, right? So having you mine in your browser or, or having these like dedicated rigs that you just plug in and honestly, guys, I gotta tell you, there's probably a lot more of this happening than you would realize. If you can have a dedicated mining rig and all you gotta do is plug it into a router or, you know, I mean like plug it in wherever. You're not paying for the power anymore. Whoever's paying that utility bill, I bet you there's tons of places where in a. In a supply closet somewhere, there's a miner plugged in, just working. It's the. The. The crime isn't the mining. That's not the crime. The crime is stealing, basically power. That's the crime. It's not even really a cyber security story, frankly. It's more of just straight up fraud. But I gotta tell you, this guy's an idiot for plugging it in directly into the wind turbine after a cyber attack. Buddy, as we saw with the Salesforce story earlier, whenever a company has suffered a cyber attack, I'm telling you, I've lived this. Everybody is on high alert. Nobody wants to sit on a thumbtack again. So everybody's on high alert. That's when you choose to do something stupid. What? Like what are you doing? What are you doing? Like, trying to earn a Darwin Award. Like, buddy headmaster, plugging it in at work. This guy plugging it in at work. Some Russian guy plugging it in at. At a nuclear facility. Guys, it doesn't matter. Like the nuclear facility having nuclear power, that doesn't make it mine faster. Like, you know what I mean? It's not the amount of power determines how fast you mine. It's the friggin. The minor rig you build determines it. So plug it in. Let it go. If you do find these things, it is fraud. It is theft. I mean, I don't know if this guy. This guy's got sentenced to 120 hours of community service, basically three weeks, right? So you can see the level of burden, right? So I honestly, if this guy, if this guy made any amount of money, wouldn't it be worth 120 hours, right, if he got one bitcoin? Jay, crypto. What's bitcoin trading for right now? 100 grand. 120 grand. $86,000. Here's my thing. If that guy mined one bitcoin, would you do three weeks of work for $86,000? I would. Okay. And that's. That's if you get caught, right? I mean, there's a chance you don't even get caught. Again, I'm not promoting crime. I'm not suggesting anyone do that, Okay? But I will tell you, in. In my career, I have worked in environments where I've detected crypto miners on browsers, and I don't even do anything about it, okay? And it's not because I don't care. And it's not because I'm like in cahoots with the threat actor doing the mining. It's because I literally had more important things to take care of. I had bigger threats to take care of. I had bigger issues I was handling than going and having someone reboot their computer. You know what I mean? So let's go. All right, guys, I hope everyone has had a great show. We are here every single day. Like I said, I gotta tell you guys, I started the show. I was kind of like, oh my God, like, I want to be here. I love serving this community, but it doesn't. You know, some days you come to work, you're just like, oh man, like, this is gonna be a grind. Not. Not the stream, but like my day and you guys have lit my fire. It's like you guys took like a torch and like, threw it into a big like, Viking style pyre. I am lit up right now and ready to crush work, which is exciting because we are gonna go do jawjacking right now. 30 minute AMA show. Super excited. I got a meeting at 9:35 with one Brandon pool. But this has been episode 1012 of Simply Cyrus Daily Cyber Threat brief. Again, thank you to barricade anti siphon threat locker and Flare for their support. Thank you to all of you for being here and being awesome. Shout out to Shamira Gonzalez for being the Simply Cyber Community member of the week. Shamira, please reach out to me or I'll reach out to you and get you your prize. I'm Jerry from Simply Cyber. Don't go anywhere because we're about to party like Weezer. I can't stop partying. Partying. All right, let's go. I'll see you in a hot minute. If you got to get out of here, be well. Have a great day. We'll see you tomorrow. Otherwise, let's do this. Where's my Jawjack? In segment. There it is. Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered, and totally free. Let's level up together. It's time for some Jawjacking. What's up, everybody? Welcome to Jawjacking. I'm your host, Jerry Guy, coming at you live on this Monday, November 24th. Thanksgiving week, we're gonna straight crush it like a bunch of bosses coming off of the daily Cyber threat brief. You got questions, I got answers. Yes, sir. If you've already started your vacation week and you're raging, you're just here to party, then, like, lean into it. All right, I love it. We've got Simply defensive at 9:30am I love it. Josh Mason, Wade Wells. Wade Wells's mustache. Three of them going hard into the paint. All right, so do me a favor, everyone, drop it in chat. What do you got? What do you got? Drop your questions. I'm super excited. We got a ton of things to go through. We've got updates on Simply Cybercon, if that's your vibe. Let me put on some lo fi so I can relax. Yeah, you guys like that? Oh, man, I love to party. Come on, now. Let me get some more coffee. Mara Levy knows that deep cut. Have a good one. Jesse Johnson. All right, guys, what's the questions? I'm ready for him. Let's do it. Hey, Kathy Chambers is in the house. Love it. All right. Hey, hey, just a fun question for everyone. What's your favorite Thanksgiving side dish? What's your favorite Thanksgiving side dish? I'll start. My aunt back when I used to go to my answer Thanksgiving before. Before we were. Before that stopped. She makes like. I know this is gonna sound disgusting, but it's actually wicked good. She makes a Jello that has, like, real fruit in it and pecans. It works. It just works. All right, guys, looking for questions. All right. Bruising hacks in those Weezers. Awesome. Looking for questions. How come my messages don't show up on stream of my band? I don't know. Adult filmmaker I don't know. I don't think you're banned because I'm seeing your shots right now. All right, Looking, looking, looking for chat. See you later. Okay, so I'm back here. This is good. Shout out to all of you. Great to have Kathy Chambers back. What's your favorite pie? Oh, you know, guys, I like pumpkin pie. I like pumpkin pie. Pecan pie is a close second, but, yeah, I like pumpkin pie. I do like raspberry pie, but you don't see it very often. What's a Thanksgiving asking for an entire country? Roswell, uk. I appreciate it. All right. Thanksgiving is a. It's a conspiracy put on by big turkey. All right? Marcus Kyler likes the dressing. I love it. People like the cornbread. Here we go. Chop the Chop the. Joy says. Thinking of handing out my resume in purple to people outside offices in Boston. Any tips? Yeah, I mean, if you're gonna do that chop, Dejoy, you have to. To me, I. I would think you'd have to make it. You'd have to make something about it. Like, think about when you're walking down the street and someone's handing out sales flyers, right? Do you want to take one of those? Maybe, maybe not. So I'm trying to think of a way to make it interesting. I mean, like, really quick. Just coming to mind, you could have. I was thinking, like, give them a piece of candy with your resume, but then you're like a stranger giving candy out. I don't know. I don't know. I don't know how. How well it's going to play. You know what I mean? I. I don't think I would do it. I'm just thinking because of the return on investment. But, but I would say you do have to have some type of. Some type of, like, element to incentivize people to want to take it. Kishan Infosec says, anyone want to hire this nerd? Lol. Love it, love it, love it. Okay, so DJ B dunking on me because I hate sour cream, but I. I like jello with nuts in it. Okay. All right. Who's your favorite family member outside your wife and kiddos? I mean, that's a tough one, right? All my family members have certain, Certain things I love. You know, I have a lot of, like, aunts that like, teamed up and kind of were like mother figures to me. So that, That's. That's a pretty good one. What's your favorite side? Yep, that was a question I asked earlier, and I said the jello one. Rustic apple tart Damn, that sounds good. All right. Hey. So Zach Hill says hi. Harold. Chelsea says hi. Really quick. Zach Hill is married and his wife's name is not Chelsea. And I know it's not Chelsea, but last year in Vegas at the Simply Cyber super meetup, which if you're at defcon, this year, I host a massive meetup on Friday of defcon. Just come on out. I cover the tab. But I walked up very confidently and said, how's it going, Chelsea? And her name's not Chelsea. Okay? And now I forever have to own that. Just like I called Jason Blanchard Brandon for some stupid ass reason. All right, what's AI risk assessment? Soul Shine. I mean, that's a very vague, very generic question. What I would say is, I mean, you can assess the risk of implementing AI in your workflows. You can implement the risk of AI attacking you. The value of AI hallucinating, like, depending on. There's a lot of context that needs to be included. Soul Shine in that question to answer it. What does a threat actor. Okay, here we go. Goat in the machine. What does a threat actor bring to a Thanksgiving potluck? I don't know if there's a question. I mean, if this is a joke or not, but I would have to say. Something. Malware, mal. I don't know. That's a good one. I think James the quicken at 35,000ft should be able to answer that one in a fun way. Zach Hill. I was DM and Zach Hill a lot this weekend on magic Stuff. Mara Levy says cranberry sauce using the whole cranberries. Okay. So I actually think that this is a hotly contested topic. Okay, we're gonna run a poll right now. Cranberry sauce. Okay. Where are. Where. Where you stand. Can shaped real cranberry or. I don't care. I feel like I'm gonna. I just started a poll. I feel like this is a real thing. Okay. On cranberry sauce. I feel like this is a hotly divided topic, but I did include an I don't care in here. So people can vote if they don't care about this. Let's see. Pumpkin pie, Sweet potato souffle. Very nice. Give out. Clam chowder. All right, what do you think about sites that use AI to apply for jobs for you? I have a lot of people using it. Really? Eve's bite. I did not know about that. I think it's fine, dude. If AI can enable you to be more productive and move faster. I personally applying to jobs sucks. Like, dude, nothing's worse than, like, fill out a form, drop your resume, and then it asks you to put, like, all your experience and all your. It's like, dude, just look at my resume, man. Like, I hate this. So, yeah, I'm. I'm fine for it. I mean, you do run the risk of the AI not doing a great job of it, right? Making a mistake, overlooking something, not including something. Including something that's not true. Oh, my God. Okay, hey, so really quickly, I don't know if I don't know if the joke was made or Dan Reardon made this joke, but I see it in chat right now. What does a threat actor bring to Thanksgiving? They bring credential stuffing. That is awesome. Yeah. So Eve's bite. I'm fine with AI as long as it's true. You know what I mean? 07 says Jello with nuts is devious. Okay, Kitchen infosec. Do you have any plans for the weekend? We don't. Hey, by the way, we do not have a show on Thanksgiving Thursday. Okay? There is a show on Friday. I have made a commitment to you guys to do a show on Friday, but there will. No. There will be no show on Thursday. Okay, hold on one second. Has anyone ordered Popeyes Cajun turkey for Thanksgiving? Let us know in chat. Spay at spam wants to know. I'll tell you guys, I had Popeyes chicken for the first time back in June. Holy crap. That might be the best chicken I've ever had from a fast food place. Like, the Spice Profile is on point. All right, Gibbons. Oh, Gibbons was the other first timer. Gibbons was the other first timer. I love it. Thanks, Givens. What's a good path for someone who's been in the sock space, but no clear next step? Well, Gibbons, two things. Number one, if you've been in the sock, you already work in cyber. As far as clear next step, I mean, that really is. Depends on you. Okay. Because you. This is one of the great things about cyber security. You can pivot in many different directions. Okay, so let's just. You said been in the sock space, so let's assume that you've been a SOC analyst for two years. You can become sock tier two, sock tier three, doing those harder cases. You can become a manager of a sock and get into management and do SOC analyst stuff. You can pivot over to the offensive side and start doing, like, more like lean into purple teaming instead of incident response and working with pen testers and IT or security architecture people in order to implement controls and configurations much quicker, and then eventually Pivot into being the offensive side of things. If it's an in house sock, you could even start leaning into penetration testing yourself and become that side of the purple team for internal purple teaming. You could get into the GRC because you understand what controls will have real impact and reduce risk based on reality of the threats that you're seeing at your business. You can get into cyber threat intelligence because you understand what threat intel is the most beneficial for effective sock and blue team and detection engineering. I mean the literally, the world's your oyster, man. Gibbons, you're in a great place. Go get it. As far as clear next steps that, I mean you. You're all on it, man. Giddy up on it. I do want to tell everybody really quickly. We do have a live stream at. Hold on one second. We do have a live stream at 9:30am and I'm. I'm going to ask you guys for a little bit of help, please. Again, choose your own adventure. You don't have to do this. You could do this. I have a produced video coming out on. I have a produced video coming out on today, okay? I have this produced video coming out today since Gibbons mentioned sock, okay? This is a video that's going to drop today, all right? So if you see it, check it out in your feeds, share it with your friends, share it with your network. I'm excited about it. I literally melt your face in this video. I tell you how to get experience without having a job. I tell you resume bullets that you can put on your resume based on the experience. I tell you. And then I tell you how to go find a soc analyst job using the resume bullets that I give you using the content from the video I give you. This is a triple threat video. Why? Because I like dropping knowledge. Also, in full disclosure, it is a sponsored video with let's defend. But the whole thing isn't just a pump on let's defend. It does. It does share them though. All right. Let's keep cooking. Kishan said, do you have plans for the weekend? Oh, man, I am gonna. We're gonna set the Christmas stuff up here at the house. We celebrate Christmas. We're gonna get the house all Christmas fied. I'm gonna Clark Griswold be outside of my house with lights. And then I'm hoping I'm gonna play a munch of magic on spell table with Zach Hill and anyone else who wants to play it and possibly hell divers too. I'm gonna look into this game that my my friend group likes to play. Although I was hoping for Battlefield 6. No one's into that right now. And I'm gonna watch the Patriots. All right. Oh, my. Who does jello with nuts? I know, I know. I'm telling you, people, don't. Don't be. Don't hate on it. See, neck beard, neck beard, neck beard. Oh, my God, I love that. Sorry, the regulators was a misfire. All right, so, hey, really quickly, looking at the cranberry sauce poll, most people don't care. All right, so apparently cranberry sauce as a divisive plot point is not. The majority of people don't actually care. All right, no Black Friday shopping for you. I'll do a little bit. I'll do a little bit. I mean, honestly, Amish brain guys, at this point, Black Friday is like. It's like Black November. You know what I mean? Like, like the deals don't happen on Friday anymore. No one's doing door busting anymore. It's like everyone's been everything. Also, hey, really quickly, thanks for reminding me. If you guys didn't know, if you didn't know, I. I'm terrible about marketing Simply Cyber Academy. If you didn't know, I run and own Simply Cyber Academy. We have GRC stuff in there, offensive security stuff, OSINT stuff, and Michelle Khan. We're running a Black Friday deal all week. All week. If you use the code BF30. So Bravo FOXTROT30. At checkout, you get 30 off anything. So all the courses. And since you have forever, you have, you buy it once. It's not subscription based. So once you buy it, you have access to it. So if you're thinking about doing one of the courses, you can buy it now and take. Take it whenever you want. So that is my marketing minute with you guys here. 30% off. Black Friday 30 code. There you go. So if you're interested, I know many of you enjoy the GRC analyst master class. That's been doing pretty well. Again, share that with friends. You know, I struggle between marketing services and not trying to market services. Okay, continuing to look at chat here. Simply Cyber Con updates. Did you shout out the killer? Oh, thank you. Sierra Montgomery, Simply Cybercon Updates. Yeah, so we've got it. Kimberly can fix. It's updating the website. I want to share with everybody. This, this is kind of a big deal. I'll set up a thing for everybody, like a event reminder. But if you didn't know, if you didn't know, there's actually a state of Simply Cyber live stream on December 19th. So my very last day before I go on two week vacation, I'm gonna host a live stream and I'm gonna tell you everything about simply cyber 2025 retrospective and more importantly, what you can see in 2026. We have some huge, huge things coming to Simply cyber in 2026. And as soon as I get back from vacation, I'll tell you what, Sierra, we're gonna go gangbusters on Simply CyberCon. A lot of people want to volunteer. I am prepared and ready this year to actually, actually, I'm seriously ready. Simply Cyber Con. Have people help me. Okay. Tons of stuff. So many activities. There's so much room for activities. Dan says, would a network admin be considered a cyber position or leverage for moving to more cyber positions? So a network administrator is not considered a cyber security professional, but you can. I mean, if you're doing firewalls and, and stuff like that, you could definitely have security related responsibilities on your resume. And I will tell you, a network admin has a huge leg up on transitioning into cyber because basically understanding how networking works, that's a huge thing around understanding how to protect organizations. Right. Attack paths. So, yeah, Dan, if you want to get into cyber, you're in a great spot. If you're a network admin, as Cole says, try Cajun Sparkle next time you're at Popeyes. It's a sauce packet. Oh, guys, just talking about Popeyes is making me hungry. We have a Popeyes here in the low country, but it's downtown, which is like, I don't know, too far. All right. A lot of people are getting frothed up about Popeyes and their, their sauces. I love it. Don't get Popeyes before they close. Apparently, that's dodgy. All right, Soul Shane says, what are the. What are some new things for the next year? What are some new things to look for next year in the community? Oh, well, that's great. So, I mean, I can tell you right now, Soul Shine, one of the big things that we're doing in 2026 is every month we're gonna have a two workshops. One is going to be a one hour webinar. Right. So mad value picking up practical skills. And then we'll have another professional skills workshop that'll be like multiple hours that will be paid. The webinars will not be paid. And those will be open to everybody. The workshops will be longer form deeper dives, more value. So that's one thing that's going on. Obviously, we have the meetups. What else we got from a community? I'm open to ideas. If people have ideas and want to do things. I know that the locals groups are doing meetups. I saw Ms. Julian with a Simply Cyber flag for her meetup. Some people have been asking for flags that they can get so they can run their own meetups. So we can definitely do that. So thanks. Soul Shine. Where can I learn more about identity and access management? Jazzy Jazz well, I mean the immediate answer, Jazzy Jazz, if I may, is literally at 11am today. At 11am today. So two hours from now, hour and a half from now, still time to register. If you go to Simply Cyber IO Flare, this is free. This is a two hour session from an identity and access management expert. And you dude, you'll literally learn about how to set up conditional access to strengthen authentication, how to harden active directory, how Kerber Roasting and DC Sync attacks work. I mean this is right here. This is an amazing learning opportunity all into itself. So there's one way to go. Good to see you Jazzy Jazz. All right. Have you played Arc Raiders yet? No, I have not. Jay Crypto was talking about Arc Raiders yesterday. Dude, I don't know the difference between Arc Raiders, Helldivers 2. I just got Battlefield 6 and I'm trying to play that and no one like I thought we were gonna like have Simply Cyber groups playing in Battlefield 6 and I haven't seen anyone. If someone hasn't indulged in the GRC Master class, take this promotion. Oh, okay. Thank you. Chris Young I have had Popeyes Turkey. It's good. Oh good. Does a newbie need CIS admin experience prior entering the sock? No, you don't need it. It would be helpful, but you don't need it. Sean Saylor says if I don't plan to get into oh my God. What show the comment. If I don't plan on getting into Red teaming necessarily would be beneficial to learn and get the Pen Test plus. So I yes, I think it would be beneficial because basically you don't. Here's the thing. Knowledge is power. The more this is why I loved getting advanced degrees even though I didn't need them to do my job or get more money or anything like that. If you do, if you understand pen test+ right, it does go through the entire kill chain and gives you perspective on how pen testing is as a job and how to do it technically. If you get those skills, whether you get the certification or not, just getting the skills, Sean, that allows you to be better informed on how to defend from those attacks so you can be better SOC Analyst. You can answer questions in a more grounded, practical way. You can do GRC work better because you can understand where configurations need to be made, what hardening looks like, where to spend your val, your resources to harden environments. Yes, 100%. I. I love it. I would love to get. I would love to take Daniel Lowry's Pen Test plus course. I might do it. I might do it during my vacation. Don't tell anyone. I really need to not work during vacation. But learn. You got to be a lifelong learner. I'm excited about it. Any Updates are simply CyberCon 2026. Shamira Gonzalez, simply Cyber Community Member of the Week. Yeah, what I would say is. Here, let me see if Kimberly fixed it. Simply Cybercon.org is the official website, right? So the website hasn't been updated yet. It will be November 8th and 9th is when it's happening simply. Besides Charleston is happening November 7th. Simply CyberCon is happening November 8th and 9th. We have booked the venue. It's the Tides Hotel at Folly Beach. We have a room block if you would like to stay at the hotel itself. It's going to be awesome. I will also let you know that Elliot Matice has already developed the badges for simply CyberCon 2026. I will tell you yesterday, I actually, one of the cool things about Simply cybercon is that it's going to be a lot of activities. Like, lot of. A lot of activities. A lot of community. Right? We talked about community earlier. Check this out. I am so excited. This is going to look like a freaking very difficult to look at. But just hear me out. This is a mind map of what the. Why can't I, bro? How do I. How do I. Oh, there it is. This is a mind map of all the work that I did last year. And I know it's hard to see on mobile, but this is how we're going to do simply CyberCon 2026. But one of the things I want to call your attention to, we actually need to find a new MC, which is James McQuiggin is the activities. Now, not all of these activities are going to happen, Shamira, but we're certainly looking into it. Magic the Gathering Tournament. I've made a custom card for it. Back Doors and Breaches the Pain did it the other day. Open Mic night. That's something people wanted. CTFS Resume Reviews Karaoke Photo Booth Tattoos Pub Trivia, Pictionary, Texas Hold Them Torrent Silent Poet wants to do that. Lock Pick Village Shamiri is gonna maybe have a women's meetup while we're there, guys. It is out of control. What's going on. Pop up workshops, I'm telling you. And by the way, by the way, we are actually going to have a hard headcount at this event. So I'm not, like, tickets are not available yet, so I'm not trying to freak everybody out yet, but we will have a hard stop at a certain amount of people. So last year people were like, oh, can I just show up? Like, oh, like I didn't buy a ticket. Can I show up? And I was like, sure, go ahead. It won't be like that because we do have a hard head count at the tides. Oh, cool. Jay. Crypto wants to get on the tick. As soon as we get the website fixed, we can, we can unlock all of this. Okay. All right. Continuing to look. Thank you for the question. And guys, thank you, all of you. Just thank you so much. It's so good. Robert Hendrickson for pen Testing a new piece of equipment. What do you normally start? Where do you normally start looking? Well, normally I, I, before I even get the equipment, I actually pull the specs from the vendor and see what, what's what. Depends on what the equipment is and what my goal is. Right. So normally one of the first things I want to know is how is it accessed? Like, who can access it? What are the roles? What are the users? Is it remotely accessed? Do you have to physically be there? Can it integrate with AD for, you know, single sign on, federated authentication type stuff? That's typically where I want to look. If you, I mean, depends on what you're trying to accomplish. I mean, if you can get a copy of the firmware and dump that, Reverse it, flip it, spin it, rub it down. Oh, yeah. But no, seriously, if you can reverse the firmware, if you really want to get into it, normally in corporate environments, you don't have time. It would be great to reverse firmwares and find secret accounts and weird behaviors, but no one's got time for that in real life. Okay, so for me, who needs to access it? What does it need to access? What does it need? Access to what data and then go from there? Good question. All right, we got, We have what is today November 24th. There we go. We have this premiere coming up in just a minute. 60 seconds. Hold on one second. This is going to be our RAID target. What? Who's drinking what? Oh, oh. Because I did the Missy Elliott. Here we go. I dropped the RAID button here. Oh, Nerman, my friend become best friends.

B

Yep.

A

I love Norman. Thanks. Nerman. Nerman is another Simply Cyber long time, super supportive community member, and he's definitely, definitely all in on Simply Cybercon. Guys, we've got Simply Defensive coming up in just a minute. I hope I got your questions answered. I know we kind of didn't do just career stuff. We hung out quite a bit. Thank you all so very much for being here. If you guys want. I'm telling you, it's gonna be slow this week. Maybe we can get some, like, raids. There's a games channel on the Discord server. Maybe we can get in there and do Battlefield 6 clans. Or do Arc Raiders or Helldivers, too. I don't know. I'll defer to Dan Reardon and Jay Crypto for helping with that. But, dude, if you guys are interested, let's do it. Let's party, and let's have, like, meetups. Marcus, ke, what are you telling Nadine? What are you talking about? Are you talking about the song Matching Tattoos? Maybe I'll get a tattoo. I have several tattoos, if you didn't know. Most people think I don't have tattoos. If you've been a longtime member of the Simply Cyber community. We did a tattoo episode, and I showed all my tattoos. This was years ago. All right, ZMF's in for Battlefield 6. Let's go. Code brews ready for Battlefield 6. Let's go. All right, guys, I'm Jerry from Simply Cyber. Go out. Let's raid this. Remember, please, if you can, as I asked earlier, if you see this. If you see the video on. If you see this video come across your feed, please check it out. I. I put a lot of work into it. I think it's a good video. I think it can help people. All right, let's go. Raid. Wade and Josh Mason. I'm Jerry from Simply Cyber and, hey, Sierra Montgomery. Don't give away the secret sauce. Oh, oh, oh. Yes, yes, yes. I will be on vacation for real. I'm Jerry from Simply Cyber. Until next time. We'll see you tomorrow morning. Everybody be well. Thank you so very much. And stay secure.