A (3:01)

Well, I mean, I just think it's, it's a much better look. If you had to pick one to live with as a society, which crime type would you want? You would certainly want the data extortion stuff as opposed to the stuff that makes hospital computers not work. So, you know, just an interesting report there and we've linked through to it in this week's show. Notes. Now a big story from Reuters this week. I'll read you the headline. It's by Rafael Al Satter and AJ Vi Sens. We've got the headline. Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say. So the story is there was a threat report. I think we actually covered this one, like last week or the week before, there was a threat report about some, you know, Asian threat actor doing a bunch of stuff that really looks quite Chinese. And apparently there was no attribution in the report because the first draft had it in. And then a bunch of executives came down and said, no, we can't have that. This will put our staff in China at risk and, you know, put the company at risk. And, you know, we're just, we're just not going to do it. So they toned it down and released it. I'm not so sure I can, I'm not sure I can really get angry with Palo Alto Networks over this. I mean, if you're at the point where you've already got a presence in China and, you know, you do kind of have to, you do kind of have to think about this stuff. I think really the role, really the organizations that need to be doing these kinds of attributions is probably governments. I also think when you're dropping a report that doesn't name China, but everyone can kind of figure out you're talking about China, does that really matter? Like, is it the role of these, of these private sector vendors to do these attributions? So, Adam, I want to Start with you on that, but I also want you to weigh in on this one, James. So, yeah, Adam, what do you think here?

B (4:40)

I mean, I'm kind of with you on this. The, I mean, the choice about how you deal with adversarial nations is one you kind of have to make pretty early on. And I think like the point of comparison here would be Google, you know, as Google versus China from, you know, when the Aurora hacks happened back in the 2000s, you know, and they made a conscious choice that they're just not going to do business there. And that is, you know, what you have to do. And if you're someone like Palo Alto or Cisco or you know, any of these other big tech giants that, you know, manufacturing in China have business presence, trying to have staff and, and everything there, at that point it is kind of too late. And I think, you know, I was thinking about, you know, we saw some cases where tech firms that had offices in Russia and the Russian government was applying leverage to the local staff there. You know, you're getting into a position where, you know, corporate entity versus sovereign power, you know, it's kind of corporates can't really win other than maybe capitalism generally. So I do have some sympathy for him, but at the same time it does just feel kind of weasel. And you know, if we're all reading between the lines anyway, and I guess the other point is like, I feel like Palo Alto has already gotten consequences from the Chinese government. I mean, they were on the list of western tech vendors that China was discouraging its private sector from using.

A (6:01)

Well, by discouraging, telling them not to use it. Yeah, so look, they were already kind of in trouble there. I just, you know, I don't know that it feels weaselly. And I think if you're a threat researcher and you've leaked this to the press, I mean, I think if I'm a Palo Alto networks executive, I'm thinking, why are we doing this threat research in the first place if all it's getting us is headlines in Reuters calling us a bunch of cowards? James, let's bring you into this. What do you think here?

C (6:27)

Yeah, look, I tend to agree. I was at Apple at the time when we had to create a completely separate version of the icloud infrastructure and hand it over to a Chinese state aligned vendor to run alongside of us. And there was a lot of internal discussions about how we didn't feel that that was the right thing to do. Was it weaseling out? But I think really brings into focus the Realities of this is a private entity. It's a business. They're going to prioritize shareholders, profits, et cetera. And that's the nature of business. I also don't think that the lack of attribution makes a material impact to the value of the research they did. I'm not going to decide whether I act upon it or not based on who it's attributed to.

A (7:04)

Yeah, I mean, that's the thing, right? It is the old line about the responsibility being to shareholders and stuff. All right, well, I actually think we're all on the same page with that one. Let's move on. We've got a write up here from Catalan Kimpanu, our very own Catalyn Kimpanu for the Risky Bulletin newsletter. The Cambodian government, under international pressure, is promising to crack down and dismantle cyber scam networks operating within its borders by April this year. Look, I mean, Catalan's done a really nice write up here about, you know, just the situation and what sort of things we can expect to see. I'm skeptical, right? I am actually skeptical as to whether or not they're going to be able to do anything here. And the reason I'm skeptical is borne out in a Guardian piece from late last year, which I've also included in the, in this week's show notes written by Tess McClure. And really it looks at the idea of like these, you know, scam states, right? Like, just as we had narco states in the, in the 80s in Latin America due to the cocaine trade, we've kind of got a similar situation here with the, with the scam centers and they've got a great chart here which shows that, you know, in Myanmar, you know, the value of these scams is 23% of GDP. In Cambodia it's 30.2% of GDP, and in Laos it's 68.5% of GDP. So as much as the Cambodian government can say, yeah, we're going to completely eliminate this, can you think of any government that is willingly going to destroy economic activity within its borders that contributes 30% of GDP? Like, if they're actually successful in doing this, it's going to hurt the whole economy. Adam, what do you think here?

B (8:45)

I mean, unfortunately, that is the economic reality of it and it's not, it's kind of not very palatable. But I think that is, you know, a very real politic kind of way of thinking about it. Like this stuff is, you know, kind of too big to fail. I mean, the, some of the numbers, like in terms of people involved. Like, I think the Cambodians said that they have that, what, a hundred and ten thousand people have left the country that were working in the, you know, in the scam compounds. Do we think all of those people are going to go home? You know, are they just going to move across to Myanmar, move across to Laos? And as you say, like the, you know, that whole region has the, this kind of problem and there is a bit of fluidity about, you know, if the scam operation worked in Cambodia, it's probably going to work in, in, in LA or Myanmar and, you know, they've got a model for doing it. You know, even if Cambodia is entirely above board, right. Even if they were like, we actually are really going to do this, we're going to do a good job of it and take it seriously. You know, it's not going to change the existence of a very, very large pile of cash and a pool of people that are now experienced at operationalizing it. And as you say, that's, you know, in regions where, you know, there isn't a lot of, you know, 68% of Laos GDP, like that's a, you know, it's a, it's massive. Right. And it's going to be very hard to walk away from that, you know, across that whole region.

A (10:06)

Well, I mean there's, and this is the thing, none of the incentives line up towards making this go away, right. At any level in the government. So you've got the people lower down who get to benefit from being corrupt by being paid to look the other way or being paid not to patrol down that street or being paid not to take reports from people who escape from the compound or whatever it is, you're getting your protection money. And then like at a macro level, if you're the president of a country like this, oh my God, it's bringing in so much money that, you know, is being, I'm guessing a lot of it is going to be spent in the region. Then again, a lot of it's going to be repatriated back towards where the scam owner, scam ring owners operate. And that's China. Right. So I don't know, maybe the economic hit isn't going to be as severe as possible. I do kind of feel like the ultimate solution to this problem is going to have to involve foreign aid. And with the United States not doing that sort of thing at the moment. Yeah, I'm not particularly hopeful. Where did you land on this one, James?

C (11:01)

Yeah, to me, this is straight up supply and demand. It doesn't do anything to address either sides of that equation. You know, the amount of billions and billions of dollars involved here, there's going to be massive demand for that. Someone else will come up and want to set up the next industry around this. But it also doesn't address the supply problem. The fact that there are so many people at fall for these scams, that's a societal problem that, as you said, there's an aid aspect to this, there is a social problem here that needs to be addressed. And just shutting down the venue where the scam compounds can run, I don't think it helps at all. It wouldn't surprise me if it actually puts the Cambodian leadership at risk of a coup because they'll end up in a downturn of the economy and some political upstart will come along and say we're going to make Cambodia great again and bring back the money.

A (11:48)

Well, I don't even know if it's going to be that overt, but when you do have like illicit industries controlling that much money in your country, it can create those sort of risks. So let's see. All right, what else do we have here? The Beyond Trust bug that Adam, you flagged what, a week or two ago as like, you were like, oh, this one is absolutely going to get exploited. Well, turns out it's being exploited.

B (12:14)

Shocking shock and horror, exactly what we expect. It's like, what, CVSS 9 point something something. So, you know, we were, we were expecting it and sure enough, here it is. We've seen some people tracking campaigns to attack it, I think was it Gray Noise were spotting some of it and they said the same group, one of the groups they've seen using it was the group that went against the U.S. treasury Department.

A (12:41)

So, you know Silk Typhoon.

B (12:42)

Yeah, Silk Typhoon, yeah. So they're, you know, there are bugs like this, are in big demand by attackers and of course they're going to be using it and you know, landing in the privileged access component, like in the privileged access manager that has credentials and has access, like, it's such a sweet place to shell that. You know, just. Why wouldn't you?

A (13:00)

I mean, shelling the PAM gear, the PAM gear that is on the Internet for some reason. I mean, I don't know.

B (13:06)

Yeah, I mean, I've done that a bunch of times in my professional career, you know, back at, in the insomnia times. And like landing in the middle of the privilege, remote access, it's just, it's, it's a thing of beauty.

A (13:18)

Yeah, sure is. But, you know, it's okay because I'm sure SIS is on this. Oh, oh, wait. I'm being told we have some news. Yeah, so SISA is kind of caught up in all of this stuff around ice, you know, the, you know, the, the masked paramilitary police in the United States. Yeah. So there's some sort of funding halt on DHS at the moment, and that is spilling over onto CISA apparently something like, you know, 888 of its. Very auspicious, by the way. 888. 888 of its current workforce of 2,341 staff are at their desks without pay. So that's a wonderful situation for them. But you know, they can apparently bring back others if there's, you know, relevance to national security or whatever. Anyway, the CISA's century of humiliation is continuing is basically the vibe here, Adam.

B (14:09)

Yeah, I mean it just. I cannot imagine what morale is like inside that organization at the moment. I mean, you know, they got shredded by staff cuts and they've been kicked around for their election security work, which was great work. But of course now they got punished for it. And then this. There was the previous shutdown of the whole government and now this one against dhs. And of course the irony is that the actual target of this, the ICE part of DHS isn't even funded in this way. And so this shutdown doesn't affect them. It just affects things like the TSA and CISA and so on. So them being partisan, political football being held to ransom. Like, you know, I'm not surprised that, you know, that people are quitting. And I think over in. In the risky bulletin today, we were. There's a story in there about, you know, some high up and CISO announcing his resignation.

A (15:00)

It was the head of like threat hunting, was it an all hands and said, yeah, I'm out. You know, so I mean there's been so many people leave like it just as I said, it's sister's century of humiliation.

B (15:09)

Yeah, no, it really is. And you know, Sissard does such important work and yet, you know, here they are sitting at the desk, not getting. Having to do it anyway and I, you know, I guess my hat's off to the people who are still there at their desks. But you know, boy, but what a. Just what a mess. You know, what a mess.

A (15:25)

I can just imagine the recruiters like the amount of inbound. The average. This a person is dealing with from recruiters at the moment would be insane. You know, they can smell, they can smell Death. They get in there quick. All right, next story here is one from Brian Krebs. He's been writing a lot about this Kim Wolf botnet. This is this residential. It's like a residential proxy IoT botnet thing.

B (15:47)

Yeah.

A (15:48)

But, like, it looks like whoever's, like, running it at the moment just keeps making really dumb mistakes and, like, accidentally losing, like, hundreds of thousands of endpoints in this, in this botnet. The latest thing they've done that was kind of dumb is they're thinking, I know, let's, let's introduce a fallback, like, decentralized C2 channel, and instead of using Tor, we're going to be like anonymity network hipsters, and we're going to use i2p, which I'm guessing a lot of people listening wouldn't have even heard of. I, I have, due to a whole bunch of, like, reasons I won't get into. But i2P is sort of like, was like a tour competitor, but it never really took off. So of course, when they joined like 700,000 boxes to this, like, tiny little anonymity network, it started falling over. So that's the, that's the latest here. And what's crazy about this is you'd think if they had have thought this through, they would have been able to task enough of the bots under their control to actually participate in the i2P network, that it would have scaled the network and it would have worked out okay. But they just didn't do that. They're just like, lol. We'll just throw them all on as, you know, clients, as identities, and here we all are.

B (16:56)

Yeah. I'm not sure what they were really thinking. It looked like they were intending to operate the nodes that they were joining as routers that would also add extra capacity to the network. And maybe they screwed up the configuration or like, maybe there's some reason why it wasn't working, because it seems like they added all these nodes, but then those nodes weren't forwarding traffic correctly. And that's kind of, you know, what made the i2P network itself grind to a halt. It's because all of these extra nodes weren't actually pulling their weight. But it's overall just, you know, it's, it's somewhat comedic, I guess. And, you know, I, I feel like, you know, maybe they could have done this right and it might have worked out for them. But on the other hand, you can't put 700,000 nodes onto a 50,000 mode network and still have anonymity. Right. That's not really how it works. You have to be the crowd, not be the crowd.

A (17:42)

Yeah. I mean, what I'm thinking too is that if you're just one of those i2p hipsters who's been using it forever and like enjoying your little corner of cryptographically anonymous, you know, computing, la de da di da. And then someone comes along and basically makes it toxic. And it's like, now you get this massive benefit of killing this botnet. If you kill I2P. It's like I'd be getting a little bit nervous if I was them. James, what did you think of this? I mean, as someone with a background in engineering and running teams, this must drive you nuts seeing them rack up these own goals. Yeah.

C (18:12)

I think I'd best put it as this is a team that has some coaching opportunities ahead of them. It doesn't seem to be a highly skilled operation. It did make me wonder though, was the choice of i2p not just for cryptographic hipster reasons, but just due to the attention that Tor gets these days. It does feel like law enforcement is generally pretty well skilled at finding and taking down things off Tor, despite the anonymity that should provide. But I don't know, when you weigh that up against just the dumb stuff that they do, I'm hesitant to read too much strategy into this.

A (18:43)

Yeah, so James is going to PIP you guys. You're going to go on James's PIP plan.

C (18:47)

It's a very short plan.

A (18:48)

Yeah. Now we've got a right up here from Elastic. I insisted this one go in just because it's so, you know, this is such an old school type of criming that I just love it. It's the bad IIS kind of global SEO IIS botnet. Someone's going around owning IIS servers and then what they do is they're loading them up with this like bad IIS module that publishes a whole bunch of like SEO spam designed to do like, you know, malicious SEO optimization for casinos and pornography and all sorts of stuff. And it's just such like old school black hattery that I just think it's. I just think it's awesome. It also explains where sometimes you're googling around for some product or something and then you see like Google will spit out a link to some university in New Zealand or something that has a page on it. Like with this product, you know, it's like these, these sort of malicious SEO optimization networks. Like this is how they do it. They take over web servers and they start using them to publish content. The better the domain, the better the reputation. All good. And I just really enjoyed this write up. What do you, what did you take. Take away from this, Adam?

B (19:56)

I mean, it is definitely retro. Like this is the going to the thrift store and getting your, you know, story from, you know, 10 years ago, I guess we would have been covering this maybe 15. I don't know, it seems, it seems pretty retro in that respect. It's kind of funny in a way. I mean, the way they're getting into these boxes is exactly what you'd expect. It's just normal, you know, either web apps or credential stuffing or credential credentials from info stealers, you know, whatever it else, whatever it is, they're getting into.

A (20:23)

The IIS, they've got 1800 IIS boxes and like, that's a pretty decent haul, I reckon.

B (20:28)

Yeah, yeah, that's, you know, that's not too bad. I am surprised that's enough to SEO your way up these days. And maybe it's not. Maybe they're doing SEO because, you know, no one's bothered to update that particular module for 10 years. And it's, you know, the SEO is that old. But yeah, it's. Overall, it's just, it's just kind of funny and, you know, it's kind of heartwarming in a way that someone's still out there doing this. So, you know, in this modern, like, AI agentic world, and here they are putting, you know, SEO spam on people's hacked IIS like it's 2007 AD. So, you know.

A (21:01)

Well, well, well, let's, you know, speaking of old school, let's talk about the next story which really dovetails with this one, which is 500,000 vContact, you know, VK accounts. VK, of course, being Russia's like, Facebook equivalent. Yeah. About half a million accounts have been compromised by malicious Chrome extensions. Which is funny, right? Because we used to do this sort of thing just by going after the browser itself. And now it's like you just go, you just go after the extensions. But it's still doing the same stuff that people would have done with the browser like 10, 15 years ago, which is like harvesting and whatever. Right. So these people have built this botnet that's doing like. And subscribe harvesting on vk. I mean, James, you must have enjoyed this one. I just, I got the feeling that you would have enjoyed this one.

C (21:45)

Yeah, yeah, I love this one. You know, so often when you're going through the malicious extensions it's the same old thing. It's like this extension looks like that extension and if you're silly enough to, to install that, you get owned. But this is just like these extensions were doing kind of exactly what they said on the tin, but just a little bit more. And the two levels of like, you could use this extension to improve your profile, et cetera. And then your profile got owned. But really the chef kiss bit for this was. And you could put in your payment details and get some extra merch as well. And then they snapped your payment details as well. It was just like. It was beautiful.

A (22:17)

Yeah, yeah, it is. I mean, I just think it's funny that like the vector here has changed as in now it's extensions, but they're doing the same stuff as so long ago, right?

C (22:28)

Yeah. Between this one and the other, the one we had just before. It's like as someone who's watching all this AI stuff unfold and feels like everything's changing, everything's moving fast. It's just like sherbet for the nerd soul to see that the same old attacks are doing the same old stuff. And it's still porn and adult toys that end up on the SEO hacked sites and the extensions. It's a relief we're still the same.

A (22:49)

Now we got some dense research to talk about, which is actually really interesting. It brings up a bunch of interesting sort of concepts, I guess. So this is work out of ETH Zurich and also the University of Swiss. Well, God, don't yell at me. Swiss people Svizara Italiana, also in Switzerland. And yeah, so this is research looking at password managers and claims that password managers cannot see what's inside your password vaults. And this researcher said, well, kinda kind of depends. Kind of depends on a few options that people have selected. Kind of depends on the product. And certain bits can be extracted and certain bits can't. I mean, what I found interesting about this research is first of all, how comprehensive it was they went through and they did an awful lot. And second of all, our initial reaction to this, to the write up of this, which was by Dan Gooden over at ours, which was, well, you know, if someone compromises your password manager company, if they supply chain attack the password manager. Well, you kind of. You kind of. It's all over anyway. Or if someone's malicious on the inside. And really though, once you look at this research, you realize that a bunch of it would actually be useful to attackers who may only compromise parts of the password manager infrastructure as opposed to the whole enterprise going Rogue. So in that case, like after we saw, with 1Password, was it 1Password or LastPass or you know, the one that got owned where the theory is a bunch of sort of crypto seed phrases and stuff wound up getting cracked over the next year and whatnot. You know, we have seen compromise, partial compromises of these sort of companies in the past. So I do think this is very interesting research. I don't think it's, it's a dead end thought experiment to go, to go through this stuff. But first of all, James, I know you read the paper here just today, you. I don't, I don't think you probably had a chance to absorb it completely. But what was take on the research here? Can you just describe to us what the research was here?

C (24:51)

Yeah, the research is great. It really goes into the internals of how these, these key vaults work and the crypto around them. And the central sort of, you know, hypothesis putting forward here is that yes, when the password managers claim they can't see your password, it's not entirely true. But, but also it's not like the implementation is bad and it's flawed and actually they're lying to you. They can get access to all of your passwords. Fundamentally these are relatively secure but there's layers and features around them that quickly expose you to problems. And the first one they highlighted was around account recovery is like straight away if there is a means by which you can recover your account if you've lost that master password, that is absolutely an exploit vector as well.

A (25:37)

The reason I'm asking you about this one first is you have some experience with this sort of stuff in your Apple days because ultimately you were discussing these sorts of working on these sorts of trade offs when you were working at Apple.

C (25:51)

Yeah, absolutely. So when I was there we built the essentially 2fa for the masses and then also added onto that the advanced icloud data protection which was just lovingly known as key drop internally because that's essentially what it is. Right. It's a means by which we can drop the keys out of Apple servers and say hey customer, over to you. The keys are only on your devices and they're syncing between the devices. We would have loved to have created that in a way where we could turn that on for everyone and the technology is there and it's entirely possible, it's not a cryptography or an engineering problem that that's all solved. It's actually just a, you know, what is the right trade off here? If we enabled this by default for Everyone. That means that you can ring Apple's help desk as much as you want and they just can't help you, they can't recover your account. And the sort of, the sense was that when you're talking about hundreds of millions or even billions of accounts, that's the wrong trade off. You've got to make it possible for data to be recovered despite the technology, making it possible to make it essentially completely unrecoverable if that main key is lost.

A (26:53)

Yeah, and I'm guessing, like that's the sort of trade off that they bumped into, that these password store companies bumped into. Adam, what did you make of all of this?

B (27:02)

I mean, I guess I found it interesting because at the big picture, like macro point of view, you just have to trust people who write your software. Right? The supply chain aspect of this, like if you're using bit warden or one pass, ultimately you have to trust them to write good software and write software that operates in your interest as a user. And, you know, the actual mechanics of how you leverage that, you know, from a macro point of view don't really matter. Like, you know, if an attacker can compromise the whole company. But then like the point you made, which is that these companies are big, there's many moving parts, as many people you want to defend against as much of these companies that you have to trust as possible. And these architectures let us kind of compartmentalize down who inside the company really matters. Who do we have to actually trust? And that's as we saw in some of the early cloud services, where all staff had access to everybody's data through whatever back end system they had. And that of course ends up getting abused because people are people and help desk or go rummage or whatever else. And so we started to compartmentalize that down a bit. And I think this research is really useful because it validates that choice that we made to start to restrict the blast radius of any individual or part of an organization getting compromised. And so on the one hand, yes, you do got to trust who writes your software. But it is these days just a bit more nuanced than, you know, the sort of cypherpunk idealist version that we would have had in the 90s.

A (28:34)

Yeah, I mean, it's not like your build servers are attached to your customer storage. Right. So like in the case of. And of course LastPass, I just checked, so we don't get sued by 1Password for putting them in that same sentence. But you know, in the last pass thing, I mean, they store, you know, customer backups or whatever. But that doesn't mean that they would have had commit authority in their repos to be able to push a poisoned update to do xyz. Right. So I think like as much as it's the case that you do got to trust your vendor, I also think that this sort of research is actually quite valuable because it wasn't just stuff around account recovery. Like they did find some pretty somewhat exotic stuff there.

B (29:10)

Yeah, and we had some engagements back in the Insomnia times where we got retained by a cloud company and one of the goals was can you go from network edge to our build system. Like we didn't get to the point where you can compromise the stuff that we ship out to end users. You know that what's that attack path look like? And having that explicitly being a goal. Right. To validate those internal controls, you know, that was a really interesting exercise and you know, obviously these were customers that were mature enough to have already implemented some of the segregation and then want to go check like does the active directory reality of this match. And so, you know, those are whether you're doing it academically, you know, looking at the software and crypto protocols, or you're doing it, you know, looking at infrastructure build internally, validating that the segregation works is, you know, super useful work.

A (29:59)

Now we've got a story here from cyberscoop which is looking at a report from Google. There's just cyberscoops write up of a report from Google which has been written by Derry P. Johnson and really it's about how AI, you know, Google has found that AI is going to be useful across every sort of step of offensive operations. It contains this story contains a bunch of comments from John Hultquist over at Google. And he's googiant, right? Yeah, I think he is. Yeah, that's right. Of course he is googiant. And look, I don't know, like he says a bunch of interesting stuff. He says a couple of things I disagree with. So like in this para, they say Hiltqvist said that some state groups, particularly those focused on espionage, may not find the speed and scale advantages of agentic AI useful if it results in louder, more detectable operations. That's a very big if. The if in that sentence is doing a lot of work. But you know, I just think it is interesting that Google is seeing this stuff already pop up in caseloads where it's like, well, they used AI for this bit, they used AI for that bit. I think the, the vibe I'm getting here is that they're still figuring out exactly, you know, attackers are still figuring out exactly how to use this. I do have a feeling they're going to get there quicker than most people think. You know, James, let's bring you in on this. I mean, you know, we were talking about openclaw. What was that? A couple of weeks ago I actually saw some Twitter thread from a guy who plugged openclaw into a bunch of pen testing tools and told it to do stuff and was actually pretty blown away by what it was able to do. And that's just someone's five minute dumb project. You know, you spend your time, a lot of your time with your head in AI. How do you think this is going to play out?

C (31:33)

Yeah, I think the article is interesting insofar as if you think of the framing. A couple of weeks ago, I think on the show you guys talked about the fact that there was early signals and Google or Anthropic was like blocking these things. And it kind of at the time felt like, well, clearly they don't care about getting snapped, so they must be just experimenting with this. And it's like a. We don't mind so much if this is out in the open. I think that has rapidly progressed though to being. Actually, we are using this to figure out a whole bunch of stuff. As it says in the article. It's not like there's like a super defined, really refined way that they're using AI, but the fact that it's getting so much experimentation, I think is telling. It's not just little skunk works anymore. I think this is now probably a bit more mainstream in terms of the priority that's being put on it. This sort of dovetails into a couple of other stories that have come up this week around the fact that. I think the most interesting thing about this is the fact that at the moment Google is able to see this and that turns into these articles. I think that's the bit that's going to rapidly change the visibility of this from a frontier model perspective. That is probably the biggest thorn in the side of a APT or a threat or a threat actor at the moment. And there are rapidly increasing ways in which they might be able to make this invisible in the future.

A (32:46)

Yes. So I mean that's. Yeah, it's exactly that. When people were like, oh, but look, Anthropic's catching them in the act and they can block them and, you know, tune their models and whatever. It's like, yeah, no way they're going to be using their own Models soon, like just look at Deep Seek. They probably just wanted to burn anthropic tokens just because it's what they're used to or whatever. Yes. So 100% agree there. Before we get onto ways in which some of these models might come to be that can be used by attackers. Adam, I just wondered, you know, you're, you're offset, you've spent, you know, decades in offsec. These days you're just working with us, but I imagine you're still in touch with a bunch of your old, you know, offsec people. Where are their heads when it comes to AI in, you know, offensive stuff? Because I'd imagine they're going to be split between the people who see the opportunities and the people who are completely in denial. What's the, what's the vibe out there.

B (33:33)

That I think in my, one of the things that I did a lot when in my hacking times was, you know, writing disposable tools, right. The, you know, if you've got a solid tool chain that you always rely on when that gets burnt or you can't use it for some reason, you're dead in the water. And so being an effective hacker, you know, if you've got the ability to whip up the exact tool that you need in this exact environment, you know, for this exact operating system for whatever problem you're trying to solve, and you can build that quickly, use it and then throw it the hell away, then that tends to be a better trade off than investing in high quality, long term maintainable tools. Now, I'm sure the trade off inside a big organization like an intelligence agency is a little bit different there, but for smaller teams, being able to very rapidly iterate makes sense. And the strength of modern AI dovetails exactly with that. Being able to build exactly what you need when you need it, things like language barriers. Once again, unless you're an intelligence agency with linguists available, then if you're dealing with breaking into something that isn't English, English centric, then relying on those kinds of tools to do very rapid translation to lures for social engineering, but also just reading technical documentation, et cetera, et cetera. We were using Google Translate for that long before Modern LLMs came along. So I feel like that kind of lends itself to use by AI and people I know who are still working in this space lean on it. For those reasons, you can iterate rapidly, move fast, keep ahead of what's going on and adapt to your environment. And I think that makes sense.

A (35:10)

Yeah, I mean, I guess the Reason I picked on John's comment there though, is that I think you can kind of agentically get around some of these issues. Right. So, like what you're talking about, I'll build a unique tool. Like you can pretty much tell Claude to do that for you already if you give it a good description of what you want. Now, does that description need to come from a human operator or can it come from another agent? And this is kind of what I'm thinking. Like you can, you can, once you, you know, build the right agents, get them working together, you can really do some pretty impressive stuff. So I, I feel like, yeah, I feel like this is the year that a lot of it happens, Right. It started kicking off towards the end of last year and I think, yeah, we're just gon so much now. Speaking of the idea that a lot of these threat actors are going to have their own sort of frontier style models or something approximating a frontier model maybe with some of the guardrails removed, which is what they really want. James, we've got a story here at NBC News. Who wrote this one? Yeah, it was Kevin. Hey, Kevin. I know Kevin's a listener. Kevin Collier. So he's looked at another bit of research out of Google which says that someone tried to clone Gemini, right, by doing 100,000, you know, giving it 100,000 prompts, right? And it turns out the number of prompts that you have to give a frontier model to extract a lot of its value, or as I like to say, to extract its soul, right? It's. It's mana, its essence. Not as many as you, as you might expect. So this is something where you've, you've spent a bit of time trying to understand how far this sort of thing can get you. What, you know, what did you find?

C (36:47)

Yeah, look, I remember when DeepSeq sort of broke, I guess that was a year ago now. There was talk at the time that they'd sort of gotten a leg up from doing a lot of these distillation attacks, right. Just endlessly prompting a model, getting the response and using that in training. And at the time I remember thinking, that just doesn't stack up for me, right. You think about a model training, taking petabytes and petabytes of the entire corpse of the Internet. I couldn't understand how possibly just flinging a whole bunch of prompt at a model could possibly result in a new model being trained. Turns out, though, I was wrong and it is actually really meaningful. And so I've been doing some research into this. When you first train a model and give it essentially access to all that data and it goes through its training process. You actually don't end up with something particularly useful. It's kind of like if you sat down and watched all the YouTube videos on how to paint watercolor, you're still going to be pretty useless when you first go to paint your first painting. So it's this combination of what happens after that initial training run that's super valuable. The RLHF, the reinforcement learning with human feedback, the post training that occurs to try to add these skills and reasoning in, that's the valuable thing that they're trying to extract with this distillation. And it turns out there was actually a really good paper on this that said that you could go from Llama, which is an open weights model, to get IT to approach 90% efficiency of Comparable to ChatGPT with just 70,000 of these distillation prompt responses. And so it's definitely possible. And I think this is sort of the tie back to the story that we were talking about before, which is this is how an adversary goes from an open weights, open source model, adds in these prompts, closes the gap of reasoning and the other skills that are required to get a really high quality result, especially working in software engineering and cyber. And if they can get the chips to do that training and the inference for themselves in their own data centers with them, we have completely lost visibility to these attacks.

A (38:42)

Yeah, I mean, I'm sort of like, I think you could get most of this stuff done with something like deep SEQ already, right? And this is just the idea that like, even if the Western models get like a long way ahead, China's always going to be able to extract something that's nearly as good. Just the lazy and cheap way. Right. And if I'm them, that's the way I'm doing it. Adam, the reason, the part that I want to bring you in on is I've been thinking about how the large companies might stop this and I'm coming up completely blank because they're operating at such a scale that you would think that you just need a large number of accounts which you could probably use AI to generate and register and then distribute that through some sort of residential proxy IP service. And you're always going to be able to run enough queries. Although does it need to be, you know, 100,000 sequential prompts or can it be. It doesn't. Okay, so that's the thing, right? Like you can't stop this, you know, what are Your thoughts here, Adam?

B (39:42)

If you have to tie this, you know, to these signals from the network, you know, like originating IP or query load over time, you know, we've got so much experience in bypassing, you know, kind of scraping prevention techniques, we're kind of into a how do you stop web scraping problem at that point. And that was already hard enough. And now we've got a situation where these models are the backends of so many things. Right? I mean, Gemini is used in so many contexts in so many places. The idea that even Google could get to a point where they could have a holistic view of how Gemini was being used, like that seems like a lot of work as well. When it's being used in third party products where there's API calls come from all over the place, there's no reason that you would go and do this directly to Google IT itself. Like, why wouldn't you do it to a chatbot of a travel agent that happens to use Gemini in the back end? Now you've got to kind of try and tie all these things together so they're in a really hard place. Right. And the standard solution for anything involving AI, you know, we want to put controls on it, is to put another AI on the front. But like, you can only bolt so many on and you know, like maybe the ones on the front are the ones that are being, you know, used for distillation attacks. Like it's, it's a crazy ass world.

A (40:54)

Yeah, well, actually, funny you should mention that because another thing that you wanted to talk about this week, James, is that there's been a bunch of like, activity in the commercial world with, you know, proofpoint acquiring a company that's trying to tackle the security risks of agentic AI. Cisco's released a bunch of stuff as well. Sophos has acquired a company. But like, the point you wanted to discuss is that all of these things are basically just like little proxy shims stuffed into the front of these agents. And you're not particularly bullish on the technology.

C (41:28)

I'm not particularly bullish on it. And if anything, it's starting to feel like this is the new version of the pain that we feel when we see the same old bugs in the same old places hitting the same old enterprises. It's just, look, don't get me wrong, there is definitely a new category of products here that will be exciting and I really am excited to see what startups come up with. But what I'm seeing get played out in this merger and acquisition activity is just Things that are kind of like a proxy sitting in between your applications and your models, giving you visibility, making sure that if you're a Gemini house, that no one's using OpenAI just by looking at domain names. And it's like, well, you know, I think the key message here is we have to remember that LLMs and AI, it's not using some new protocol that's suddenly endowed with like cyber telekinesis for extracting data. This is still just plain old HTTP, it's structured JSON flying back and forth, it's conversational stuff in plain text. It's nothing special. Right. It should still be the bread and butter domain of a lot of the existing security tooling. The thing that it really ultimately puts the pressure on is your authentication and access controls. Because at the end of the day, what we're seeing with these agents is it's not that these agents are getting spun up and acting on behalf of the user with a separate identity, although that tends to be the preference in the industry. They're actually just operating as the user. And so even with these acquisitions and putting on the AI sticker and saying, yeah, now we've now got powered by AI or we're an agentic detection company, the end of the day comes down to what's the human got access to? Because now a bot's got access to, and that bot knows a whole lot more about how to exploit those things than the human. That used to only be the only one that could access them.

A (43:08)

Now I should mention too, that we're in the process of spinning up your podcast feed because you're going to have your own podcast feed doing your own stuff. And we've sort of soft launched that already. It's only available as rss, I've got to submit it to the Google Podcast Store and whatever. And we'll be publishing an interview hopefully either late this week or early next week into that feed as well. But the one thing that is published there now is just a solo podcast of you talking about your adventures with openclaw. And the one bit that really got me that relates to this is that, you know, you wanted to get OpenClaw to do something with your Twitter, but you didn't want to give it access to your browser. So it talked you through getting the session cookie for Twitter so that you could just give it to it and then it would go hit the API and just do like, do whatever and pretend to be you. And the point is, yeah, how do you know if that is the agent or James Doing it. And the answer is you don't. And I actually recorded a fairly long conversation yesterday with Josh Devon, formerly the, you know, co founder of Flashpoint, who's now working in a company called Sundera, which is trying to tackle these problems. They've built harnesses to try to control agents. Right. But some of them, there's no way to like hook them. Right. So you just have to do that proxy thing. So they're trying to get away from that, but it's not always possible. And the reason people are using these proxies is because that's the only way to instrument them. I think I made some joke in that interview about how like it took as you're 15 years to get like network taps into the in there and like even then they only half work. So don't know if there's going to be the same sort of situation here. But for those who are interested, you can head over to Risky Biz and subscribe to James's new podcast via rss. It is called Risky Business Features. Not in the itunes store yet or any of the podcast stores, but we're working on that. All right, so moving on, we've got a couple of just small items to finish off with. There's been this crazy story in the United States where an elderly lady who's the mother of a television presenter, a high profile television presenter in the United States, I think her name is Nancy Guthrie, she was, she's like 80 years old or something and was abducted from her home and is being held from love, like for bitcoin ransom. Just a crazy story. But it turns out Dave Kennedy hacking Dave on Twitter, he'd written some sort of Bluetooth scanner. And it got out that the cops over there were using his Bluetooth scanner to look for Bluetooth probes from the ladies pacemaker. So they're flying a helicopter over the city trying to pick up those probes. And I just thought that was like the most awesome cyberpunk story that we just had to include. I mean, Adam, you love this as well, right?

B (45:41)

Yeah, I mean that's it is. It's so cyberpunk dystopic future right there. And yet at the same time also like quite a legitimately good idea. I mean, of course, like if you've got an implanted medical device that, that sends out radio signals of any sort, it's worth going and hunting for those. And so yeah, flying around the helicopter or whatever, some drones looking for Bluetooth beacons coming out of her heart. I mean, hell yeah, that's a, it's a great idea.

A (46:06)

I would just hope that the people on the chopper had full like, you know, steampunk outfits. Right. Kind of need that for this, for this caper. We've also got a report here, it's been picked up in a lot of place. A lot of people making fun of it. But the. There was some Dutch defence official, he's the State Secretary for defence, said something about, I'm going to say something I should never say, but I'll do it anyway. Just like your iPhone, you can jailbreak an F35 and I won't say more about it. Now this of course comes in the wake of people being somewhat concerned by using, you know, Europeans being somewhat concerned about using American defence tech. I just wanted to talk about this because, like what, like even if you could get control of the software of an F35, like it is such a complicated bit of kit that if you are not regularly plugging it in and doing the right things with it and sending data, like, it's just so complicated that unless you're maintaining it properly, it's just a very expensive F16. It's not special anymore. So I just, yeah, felt like I wanted to mention that. But yeah, when you got European officials talking about jailbreaking F35s, like what a world. And finally we've got a piece here from Dorina Antoniouk over at the Record. This is our skateboarding dog this week, Adam, so I'm going to let you take it away.

B (47:27)

Yes. So a 40 year old man in Holland had some evidence of a crime that he wished to share with the police. And like many police agencies, they have a mechanism where you can contact them and say, you know, I've got some video footage or some photos that are relevant to an investigation you've got. The police will provide you with an upload link into whatever their file transfer server, you know, assuming they have one that hasn't already been owned and upload files. The police inadvertently sent this man a download link instead of an upload link and he hits the download link, presumably gets a list of files that other people have uploaded, decides to just help himself download those files, which, you know, clearly he probably shouldn't have. And you know, okay, that would not be ideal. And then when the police figured out what had happened, they asked him very nicely, would you mind deleting them? And he said, no, not unless you pay me. And so no one will ever guess how this went. Of course, the police rolled to his house and arrested him. Who could have forced it.

A (48:22)

I mean, no real surprises there. I mean, it's really. Anyway. Oh, dear. All right, well, that is gonna actually do it for this week's news. Adam Boileau, James Wilson, thank you so much for joining me to talk through it all. Pleasure to see you guys.

B (48:41)

Yeah, thanks, Pat. I will talk to you next week.

C (48:43)

Yeah, see you next week. Thanks, Pat.

A (48:59)

That was Adam Boileau and James Wilson there with a check of the week's security news. Just before we get into this week's sponsor review, here is our colleague Tom Uren telling us about what he spoke about in this week's Between Two Nerds podcast with the Gruk and what he's got planned for tomorrow's Seriously Risky Business newsletter and podcast.

D (49:21)

This week on between two Nerds, the Gruk and I spoke about what we've learned about military use of disruptive cyber operations. We look at a couple of case studies and we wonder, does it really make sense for countries like Australia or other middle powers to invest in those types of capabilities in Seriously Risky Business? I'm writing about the shift in Europe. A whole lot of officials are talking about European countries investing in cyber capabilities for intelligence and for disruption. They want to fight back against Russia. But does that really make sense? I also look at how Both Google and OpenAI are all of a sudden talking about the rise of distillation attacks. These are attacks that basically steal the special source of AI models.

C (50:11)

Why?

D (50:12)

Why are they talking about it all of a sudden? What does it mean? But I'll look at that in Seriously Risky Business as well.

A (50:18)

That was Tom Uren there with a look at what he's been up to this week. And of course, you can subscribe to his work by heading over to the Risky Bulletin podcast feed. So just search for Risky Bulletin in itunes, or you can catch a lot of what he does on YouTube in addition to this podcast that is the Risky media channel on YouTube. See you all there. All right, so it is time for this week's sponsor interview now with Adam Pointon, who is the chief executive of Knock Knock. For those of you who are unfamiliar, Knock Knock is basically a way to instrument firewalls. And that can be like, you know, your Palo Alto or your Fortinet type of firewalls, or it can be like hosts own firewalls, so Windows boxes, Linux boxes or whatever. And the idea is you can set up these systems so that when you're not authenticated via your sso, there are no open ports available to a user. Right. User wants to authenticate, they sign in with sso, they hit a little web app, they hit open up and then bang, it opens up the assets that that user is supposed to have access to. So this is something that's useful for blocking off external attack surface in a lot of instances. But what we're finding is a lot of people are using this internally, right? So they might have a group of machines that they just think are really risky, whether that's, you know, KVM over IP or whether it's a bunch of RDP or jump hosts or whatever. And they use knock knock so that, you know, the average user on that network or an unauthenticated user on that network just can't even access the network. Ports, very popular in OT environments as well. Anyway, they're at the point now where they are building out more and more agents, right? So the big one to be released is a Windows agent. So any version of Windows Back to Windows 2019, you can now use knock knock so that you know, you can put all of that machine's ports in a closed state to everyone bar people who are SSO authenticated. But they've also built some fun agents. Last week I mistakenly said mainframe, I just had a brain snap. They've actually built knock knock agents for Solaris on Spark and HP UX on Risc at the request of a, of a customer. So here is Adam Poynton talking first of all about building those clients because you can't exactly use Golang on Solaris on Spark. So here's him talking about how they built that Solaris on Spark agent in 2026. Enjoy.

E (52:46)

So we've got all these hosts, HPUX on Risc architecture and Solaris on Spark architecture. We want them self defending. They're in a network that doesn't have multiple layers of firewall controls because real time, low latency, et cetera, can these things become self defending. And I was like, oh yeah, Solaris on Spark, that's not old. You know, I'm a huge, I was a huge fan of Spark. No Golang Spark, not a thing. HPU X Risk, not really a thing. And I was like, oh, jump on ebay, get some hardware, you know, we'll be able to work this out. Maybe we can virtualize it. And yeah, it's a little bit more of a challenge than we, than we originally thought. But yeah, that is a use case. The self defending systems that don't have layers of firewalls surrounding them, but they're important assets that do important things.

A (53:32)

Yeah. So I mean, in the end you wound up clauding this one right into C sort of.

E (53:38)

So we knew the natural thing was, well, we're going to have to write it in C. But we were very hesitant, obviously very hesitant in doing that. So we tried Golang first. We could go back to 1.18, not modern version. Then we thought about all the libraries and we're like, let's go down that path. First we kind of had C over here. We're in Golang world and we're like, well, before we go straight over to C and just write it, you know, should we go through another layer? Should we do it in Python and do bytecode? Should we write in another language that's kind of ubiquitous? And then we had the Python version three, version two, we kind of went through this whole thing. I'm like, all right, we're just going to have to do it in C. So what does our attack service look like of the orchestration agent? Let's thin it out. We don't need the thing on hpux managing your Palo Alto, right? Like, it doesn't need to do that, it just needs to do the thing on HP ux. So this kind of very slim intentional agent is the path we went down. And then, yeah, we, you know, we use Claude and other things, but a lot of that was actually automated testing, Fuzzy. Obviously DAST and SAS is part of that from a, you know, static analysis, security perspective, but also testing. So a lot of automation was sort of built using Gen AI to just make sure everything that we wrote would work on all these architectures in a very easy. Actually, I love the ability to automatically test and the scale that we could do that was just nuts compared to, you know, five, six years ago, testing was not an afterthought. But today it's just like you have multiple agents that are just fighting each other to test every single line of code that's written. It's. Yeah, it's great.

A (55:12)

Yeah. So you actually, what, you actually wrote this the old fashioned way, did you?

E (55:16)

A bit of both. So, yeah, it wasn't like we.

A (55:20)

It wasn't just like, you know, here's the go agent, please rewrite this in C, off you go.

E (55:24)

No, no, there's a little bit of like, you know, architecturally we had to really think about because the current Go light source code is complete. Right. It's got all the 40 net, Palo Alto stuff. So we had to really say, you know, this is actually what we're going for and then start to write it the old fashioned way and then augment that with, you know, take our internal protocol, convert that across to C. How are we going to do that? Et cetera. So there was. Was a bit of both. It was kind of hybrid. Right?

A (55:50)

Yeah. But quicker. Right. And I think that's the point is that things have got a lot easier.

E (55:55)

Oh, so much faster. And it wasn't just full vibe code because we had our existing age, we had the existing code, we knew what we wanted. It was intentionally slimmed down. But the real time saver was the ability to test the ability to have multiple architectures, you know, Spark, risc. And yeah, it was. It was a great outcome. So much faster. So much faster.

A (56:15)

But the big thing that you've released now is a Windows agent. I'm guessing it supports all flavors of Windows that you're likely to encounter in a contemporary enterprise.

E (56:26)

It goes back to 2019 and we found golang. Modern golang just doesn't go earlier than that really. So we originally thought 2008, it's going to be in the environment still, and we see it, but we could only go back to 2019 without fundamentally changing the stack.

A (56:43)

Yeah. So what was involved in creating a Windows client that can instrument the sort of Windows native firewall? Was it unruly or. I'd imagine like something like that these days with Go. Probably pretty simple.

E (56:56)

Super simple. Yeah. Dead simple. And it's orchestrating the firewall, not client. So it is a. It's a weird. It's in a weird spot. Right. It's not a client that you need to get access, but instead it manages the Windows firewall. So pretty trivial, really. Like golang, super portable. So it was as easy as we thought it would be, which was quite easy to port it across and make it work.

A (57:17)

Now I'm guessing most people aren't putting their Windows boxes on public IPs just for the whole world to connect to without a firewall. Right. So I'm guessing this is very much targeted at that internal use case.

E (57:31)

Exactly. Yeah. Lots of Windows internally, lots of jump hosts, lots of rdp. I don't even know how much Windows would be on the naked Internet anymore. Not a lot. But, yeah, mostly internal use case. But it's. There's a lot of it. And the progression has been, as you said, external. First they start to use knock, knock and see. Hey, I can have this external thing invisible. Now let's do that internally. Now that I can do it on Windows, let's just do that internally. Why do we have these Windows machines even on the internal network, visible all the time. So set natural progression.

A (58:03)

Yeah. So I mean one thing though is others. So this is sort of turning into a micro segmentation use case. Right. For knock knock internally. But it's a different way I guess of thinking about micro segmentation because normally people think about doing that network wide. Right. So it's like this big project, you're slicing and dicing a network and carving it up into little segments that can't talk to each other or can only talk to each other in certain ways. But this, this is just like that box over there is super vulnerable. Let's protect it. I mean it's more of a, you know, it's like asset by asset, right?

E (58:37)

Yeah. Network segmentation has usually been or traditionally been centralized view of everything, whereas this is self defending hosts, like everything should be self defending and not necessarily relying on something else to make a decision for it. And our approach has been that have the agent on the Windows machine that just then becomes self defending and not reliant on some other recipient of traffic, some routing thing. So yeah, it's a distributed self defending approach instead of more of a centralized control approach.

A (59:11)

Yeah, yeah. But I guess the point is you might not want to make every single host in your internal environment self defending. You might just have like 10 boxes that keep you awake at night. You can just whack this on them.

E (59:22)

Yeah, exactly. It's the critical stuff. Let's start here. Let's make this thing, you know, invisible by default as opposed to kind of this whole arduous like what do I need when? Why? How? It's just that thing. Scary. Let's have it off the network.

A (59:37)

Well, and you could do it port specific. Right. So you could have a Windows box on the network where you know, port 443 is available. So you've got all of your, you know, SSL TLS stuff, you know, being served normally. But RDP is only available to people who've been through that SSO challenge.

E (59:52)

Yeah, exactly.

A (59:53)

It's not like you're in the right group. So people can't even access that port unless they've been through the SSO challenge and are in the right group.

E (60:01)

Yeah, exactly. Which is where, you know, a lot of people start with admins first. Admins have broader access. RDP is a classic. Backup services is another one. You know, backup services that run on weird ports. Like should they be accessible to everybody all the time? No. So that's another thing that is often covered off first.

A (60:19)

Now of course you are very much at the point with this company where the core of it is done and now you're moving out to sort of integrations. Right. So you've got Palo Alto, Fortinet, you know, Checkpoint and all of that. Now you've got Windows firewall, you've got a Windows agent, you've got a Linux agent, like on and on and on. But of course there is the cloud stuff and the SaaS stuff. You've been doing Amazon for a while, but now you're branching out. You've got DigitalOcean, a few other bits and pieces.

E (60:43)

Yeah, so AWS and Azure, anything that's got a firewall. But the other thing that is out there, cloudflare has an IP address allow list that you can manage and that's basically traffic that then goes to the underlying cloudflare protected assets. So we're orchestrating that in conjunction with AWS and Windows and Linux and all the other bits and pieces to kind of give that total view. But that means that Cloudflare sources only trusted cloudflare sources of traffic will be pushed through. So it gives another layer. Rather than just using cloudflare for its WAF and other benefits, it's kind of an allow list list within it in conjunction with all the other platforms.

A (61:23)

And you're doing like stuff like Salesforce as well, right?

E (61:26)

Yeah, well, anything that has an allow list so customer would come to us or you know, we've got Salesforce. How do you handle that? We're like, well actually it's got an allow list so let's, let's get IPs in there. DigitalOcean, which is sort of more similar to AWS and Azure. But yeah, going down the SaaS path, if it's got an allow list and we can orchestrate it, why wouldn't you tie that in? Why wouldn't you remove that tax surface? It's just becomes natural extension when a customer is using it already. They're like, well, I've got this other third party app, it's got an allow list. Can we, can we get you in there? Yeah, we can do that.

A (61:57)

Yeah, sure can we can. All right. Adam Poynton, thank you so much for joining us for that update. Always great to talk to you.

E (62:04)

Thanks. Pleasure to be here.

A (62:06)

That was Adam Pointon from Knock Knock there chatting about some work that they've been doing. Full disclosure, I am a Knock Knock shareholder. I'm also on the board of directors, so that's something you all should know. But that is it for this week's show. I do hope you enjoyed it. I'll be back soon. With more security news and analysis, but until then, I've been Patrick Gray. Thanks for listening. It. Sa.