2024-11-25 - Discordgate

Jason

I get. I get a lot of people asking me to play guitar all the time. I'm like, I don't think you want to watch that, honestly, because I'm just gonna mess around a lot.

Ryan

Oh, that's gonna be such a stretch for this crowd.

Jason

Yeah, stretching.

Corey

Yeah. I don't like stretching. It hurts.

Ryan

Oh, messing, messing, messing.

Corey

Am I drunk? Where's the freaking live chat? How do I. I want to see.

Jason

The people collapsed it into the. So that you get a live casts chat.

Wade

Where?

Corey

Where? Live casts. I'm scrolling.

Wade

Yeah, I just see Restream on the right hand is. It disappeared. You got to press the add button.

Ellie

Webcast Live cast chat and then find the chat for the news inside of.

Corey

There and then make sure you don't see that.

Wade

Where does it say live cast chat?

Corey

Yeah, I don't have livecast chat.

Ellie

I pinged you find your ping.

Wade

I don't see a subject.

Corey

You pinged me What?

Ellie

The ping's not working in the sub.

Corey

Forum chats and now it's just under this magical thing called suggested. Yeah, what the heck? I don't know.

Wade

Did you have to turn it on in settings or something?

Corey

I don't know. I didn't do anything. Ryan pinged me and then it magically popped up, but it was not there before.

Wade

Ping. Ping me.

Ellie

It's like a nested chat.

Corey

It's super nice. All we have to do is just notify the entire audience one by one. Individually.

Wade

I see like restream messages from audience will display here and then like chat on us. With Discord, it's not tested.

Ellie

You have to go to. You have to go to the Discord specifically now because.

Corey

Go to what? Browse channels.

Ellie

Cheeses have moved and the Restream bot won't connect to this new.

Wade

I was looking in. Ok, I was looking in Restream, not in Discord.

Corey

Even in Discord, I still don't see it other than just in suggested, which I don't know what that means.

Wade

But you go to infosec. Weblast Live chat. Yeah, I got that.

Corey

Infosec. What?

Wade

Webcast, Infosec, Webcast and streams. And then there's live chat.

Corey

All I see into that is private webcast help. I see nothing else.

Wade

You want me to share my screen?

Corey

No, send me your computer. Just ship.

Wade

All right.

Jason

He's going to send you a link.

Wade

Don't worry.

Jason

Just click on that and then.

Corey

Well, let me just say whoever's idea this is, it was a bad idea and I don't like change. I'd like to vote against this. Whoever did it, I don't like it. I will say I cannot see that.

Jason

This is so fun to watch what.

Corey

Char posted or chair. I don't see that. Maybe it's because I'm magical role or something, but I don't. Yeah.

Ellie

Anyway, see where that posting is?

Wade

It's in the live webcast and chat.

Corey

I sucks. I want to go back undo you.

Jason

Trying to control Z. That there.

Corey

Who do I have to yell at now? Should I just generically complain about the world?

Jason

Jason said. I think he said we're going to give this like three months.

Corey

Three months of me not having discord.

Wade

No, I understand. It's organization. It makes sense because like there's the need you do.

Corey

Because it's invisible.

Wade

It's not organized at all. I can see it.

Corey

I don't know why your eyes all organized.

Wade

Turn discord off and on again. All right.

Ryan

Get it to actually just expand out.

Jason

So when it pops up, there's a.

Corey

Contract for that title and it'll infosec webcast. Good. Is it good?

Ellie

The little Morse code dots and then webcasts and streams.

Corey

Yeah, I don't see that.

Jason

Follow this chat or something like that. Yeah.

Ryan

Okay. I'm going on record. I do not like this change.

Wade

No, it's two extra clicks, Jason.

Corey

Right now.

Ryan

No, it's. It's too thoroughly hidden.

Corey

Dear Jason, this webcast is confusing.

Wade

Sincerely, I wonder. I'm. I'm wondering if you don't have like the. You don't have access to it. Because if you're not.

Corey

I'm not. No, I don't have the permissions.

Ryan

Oh my.

Corey

That sucks.

Ellie

That's weird though, because you have the staff roll. You'll have to file.

Corey

I'm here. I can see it, but I can't see it. This is the only place I see it. Right here. Suggested. Which this is just a magical button that appears and if I close this button, it just comes back. So I guess I'm just like, get him.

Wade

No, I'm in.

Corey

I'm in. I just. You. I cannot.

Ryan

Oh, there you go.

Corey

It doesn't magically appear in suggested. I can't get back here. It's like I'm in a ephemeral state. Like someone had to like teleport me here.

Ellie

That little category with the red dot that says live cast chat, you can't click on that to see anything.

Corey

I can click on it, but it's not its own section. It's just called suggested. What is suggested? And I have no options.

Wade

Suggested.

Corey

I'm just going to delete it. I just deleted it and now it's gone forever. But then if someone. But then if someone tags me, it'll come back.

Jason

Wow.

Corey

None of the chat shows up on YouTube.

Ellie

Yeah, that. That doesn't work anymore. Because of this change.

Wade

Freaking. Oh, because of this change.

Corey

I've already.

Ellie

Because connect to this forum.

Corey

It will. I don't know what it's actually called.

Ellie

But it's a forum chat.

Corey

The audience is specifically told me to send you this message. Also they said, we hope you don't slip on a banana.

Wade

How about. How about all the. All the webcasts can go in this cool forum. But the news, the news gets its own special. We want these channels.

Ellie

We might create our own channel just for the news.

Corey

Because we are special.

Wade

Yeah, we're award nominated.

Corey

Okay, there you go.

Ellie

We make a difference.

Corey

So now we just don't. Do I have to go to also to YouTube to see what the fun YouTube people say? And I also have to go to. So I have to watch myself to get the chat. Okay, YouTube.

Wade

You're going to open the YouTubes too?

Corey

Yeah, I want to see what the people say. People say funny things on all the channels.

Ellie

For what it's worth, you can pop out the YouTube chat in its own thing, can't you? You still have to do that.

Ryan

And I will have multiple devices.

Corey

YouTube people. We're not forgetting about you. I'm going to have your chat right here and now. I can see these fun emojis I couldn't see before.

Wade

Oh, YouTube chat. YouTube chat comes up in the chat thing in the right hand side.

Corey

Yeah, YouTube chat. We can see you, Discord. We can't see you.

Ryan

It's that I will say.

Corey

I can tell you right now, this is a failure because no one's in here. Our audience isn't here. Like, where is all the people sending the memes of the guy saying what the blank. And it's like the guy with the blonde hair.

Ryan

We need our audience. We need our hecklers.

Corey

This. I'm just going to keep sending angry messages. I'm just stacking him up. He's not even online. Like, he's not even here. And I'm just sending more messages. We don't have an audience anymore. I'm just gonna say that.

Ryan

Well, we gotta take it and actually pay attention to the news.

Corey

J. Fox. I see you, J. Fox. Thank you for messaging me, everyone. Okay, we can put those on the screen.

Wade

Maybe it's time we. We just abandoned Discord. We're going full YouTube now. Know it. That's the thing.

Corey

Yeah. All right. That's how it is.

Ryan

Yeah, whatever.

Corey

We still get LinkedIn because for some reason I launched it and. But then it's funny because YouTube, like, if I post on YouTube, then everyone knows my YouTube username. And then it's like this playlist I created in 2007 with, like, Halo, no scopes in it, is going to be out there for everyone.

Wade

Why aren't you sharing that? I want to see that.

Corey

I mean, it has a lot of Linkin Park.

Jason

Say that.

Wade

Like speaking my language.

Ellie

All right, well, they're back now, so.

Jason

I love a Michael Bay movie just as much as any anybody else.

Corey

All right, well, I guess let's roll the finger. There's three of us here and no audience. Which finger?

Wade

Which.

Corey

Get ready.

Wade

We don't know which finger he's going to roll.

Ryan

Three of us.

Corey

It's too much. Well, look in the audience. It says hack it. Three. There's literally three people.

Wade

Oh, I need to get my hack.

Corey

And there's seven people offline.

Ryan

Okay, it's finger time.

Ellie

I see 80 people watching on my stats. So there's that.

Wade

That's what it says.

Ellie

They just don't know how to chat with us.

Corey

All the funny people.

Ryan

We had everything working. Why. Why did they try to fix something.

Wade

That they wanted to organize the chats based on streams? Because, like, the, like, we're. There's so many different things. It's. It's. They're testing it, right? I was an attempt. I was organization, right?

Corey

Let me engage my inner old man.

Wade

Right?

Corey

Like, it's gonna get, like, change.

Jason

It's gonna get crazy. At first you're gonna make a giant mess, but then when you get everything organized, you're gonna be like, this is awesome. That's the idea anyway.

Corey

All right, I'm gonna.

Wade

No one cares about discord.

Ryan

Looking forward to the. It's awesome.

Wade

Andy K. Coming out with fire. I don't see anyone.

Ryan

That is Starbucks.

Wade

No ransom.

Ellie

Let's.

Corey

Let's roll the finger.

Ellie

Get on with it.

Corey

Let's do this podcast. Where do we spend 10 minutes complaining.

Wade

That'S just talking about news?

Corey

Hello and welcome to Black Hills Information securities. Talking about news. It's December. Wait, it's not December. It's November 25, 2024. This is kind of the Turkey Day edition for the US Based people. Everyone's got their recipes googled, getting fire hazards ready to deep fry, all that good stuff.

Wade

My turkey is currently deep frosting right now.

Corey

I'm doing a. Did you say your goose is cooked?

Wade

Goose is cooked.

Corey

Everyone's goose is about to be cooked. Do you know what I mean?

Ellie

Just how much do you trust a recipe that you get from chat gtp?

Corey

Well, I do put glue in my pizza sauce, so I think that's a nice. I think that adds texture, adds flavor. If you aren't putting Elmer's glue in your sauce, then you aren't really making a chat GPT pizza.

Jason

At least he's not sniffing it anymore.

Corey

That's, that's the Elmer's glue. Has a nice flavor to it. I think a lot of high end elementary school restaurants are making stuff with that.

Wade

The aroma it gives off as it's cooking is like no other.

Corey

It really is. And then if you want, you don't want the cheese to fall off. It will not fall off.

Ellie

No.

Corey

All right, so let's get into some, let's get into some articles. I read the news this morning. I read every single thing that happened. And I mean, I don't know. I just don't know anymore. I'm scared. Everything's different. I don't know. I don't see the discord. But we're pushing on Google Antitrust. Let's talk about this. I think this is like the. Okay, yeah, so this is the headline. Yeah, basically, I mean this is one of many headlines but oh, Google antitrust, the doj, Department of Justice for your non Americans, which the Department of Justice is. Well, I don't even know how to explain it but basically they ruled or like preliminary basically said, here's what we're planning on making you do. And the high level plan is to force them to sell Google Chrome, which I'm like, who's going to buy it? Is this going to go to auction? Is Elon going to buy it? I don't know what's going to happen. I'm scared. They're potentially forcing them to sell Google Chrome and then also forcing them to prompt users to choose their search engine instead of having it default to Google, preventing them from accepting payments for setting the search engine. It's kind of a pretty big deal, I will say. Like, I'm assuming the dog is kind of gunning for the outfield here. They probably won't actually get this and the hearing isn't scheduled until April, so it's not like this is happening tomorrow. The other funny thing is Google posted this little blog post which is very short and is very salty and very funny. Or in my opinion, it's kind of just, it's basically like, this is unfair. You can't do this. And it's like it's super short. It just says, we wish we were kidding or sorry. We wish we were making this up. Shockingly, the company that's being ruled against by the DOJ is against the DOJ's ruling. And I mean, I guess we'll see how it shakes down. We have till. It's not going to happen till April. But I mean some of the changes they list in the Google posts are kind of, I guess seem mildly annoying to me, but not like from an outsider's perspective, not that big of a deal. I don't know. It is funny though. They call out Mozilla. They're like, this would screw over Mozilla. It's like I feel like they were. They wouldn't have. I feel like they wouldn't have really bought it. They'd be like, don't put us in your blog post, dude.

Wade

I think you're. I think your question is I saw some like speculations on how much it would cost, right. And it was in the billions. So like no, no one would be able to afford to buy this. Like who would actually.

Corey

To buy Google? Chrome.

Wade

Yeah, to buy Chrome. Who would able to buy Chrome? And the only person that sadly comes to mind of course is Musk right off the bat.

Corey

I mean I feel like Microsoft buy it, right?

Wade

I don't. Well then that doesn't that just create the same problem if Microsoft buys it though? Like they don't have their searches isn't as prominent, but it still just shifts the problem to the left. Then they own Chrome and Edge. Dear God, no.

Ryan

No, that would. There is no way that would fly up the whole. If the whole purpose is antitrust and breaking up a monopoly, then Microsoft and Google getting together and becoming a super. No, that, that would not go. Because now this of course is assuming that the DOJ is going to have teeth to enforce this kind of antitrust.

Wade

Yeah, I mean it is the doj.

Corey

They definitely have the teeth.

Jason

So they broke. Sorry. My question becomes like, how does that affect it and cybersecurity specifically? Like what is going to be the major fallout or just paradigm shifts when it comes to if this does take place, is this gonna change how I do business? I guess it does. Depending on the type of business I have, how much I rely on Google Ads and maybe even Chrome or Android. They were saying that they wanted them to maybe even start selling Android as well or something.

Corey

Yeah, they leave the door open for that. They don't they specifically say we're gonna make you sell Chrome, we might make you sell Android too.

Jason

But how does that affect us as far as like it and cybersecurity goes? Like on your opinions, my, my first.

Wade

Thought is if you couple away Chrome away from Google, right. Depending on who takes it over, do they have the security chops in order to secure it and keep it secured? Because Google has a bunch of money, they have mandiant, they got a bunch of security stuff. Yeah, that stuff bubbles up every now and then but hopefully the next company actually cares about that and moves forward with it.

Corey

Right? Yeah. I mean I will say my gut here is that it's like a lot of things where if you take away the corporate funding the gets worse but it gets more privacy focused. A company pouring billions of dollars into a browser is not going to happen unless they can profit off of it. Unless they can like make money from either selling ads, selling the rights to the browser or selling the data that they're collecting out of it from telemetry. I don't see like an open source browser is not ever going to equip like be equivalent in features and like you said security to just like a company pouring billions of dollars into this product which they, I think they, I don't know how, I mean who knows how much they've actually spent developing Chrome, but it seems to be one of their flagship products, so probably a lot.

Wade

The Onion. All right, I'm calling it now. The Onion buys Chrome.

Jason

I'll buy it, sure, why not?

Corey

Sure. It's only a billion dollars. I mean I think that's the same with, that's the same with Android. Like who's going to buy it? It's just going to be another monopoly. The only companies that are just bopping around with a billion dollars in cash are other monopolies. Like it's not, you know, like it's either going to be who's going to buy it? Samsung, Microsoft or like, you know, another one of these top Exxon huge Oracle. Exxon. Try Exxon Chrome.

Jason

Exxon Chrome.

Wade

I would really like Disney to come in and purchase it.

Corey

Like no, no, I don't want to.

Wade

Be imagineers at Chrome. How can they make it funner?

Ryan

The Mickey Mafia would be better at policing inappropriate content.

Wade

Oh, you wouldn't be able to download anything then. Man, I'm. Never mind.

Jason

And for signing up.

Wade

You downloaded Chrome, you lost the right to sue us.

Jason

That's right.

Corey

Someone on YouTube said the Chrome estimated price is 20 billion, which is even. I mean that's like, I, I believe that though. I mean, it's at least what, it's a majority of the browsing market. It's something like 50 something percent so. Or even higher. I don't know. If you look at Chrome derivatives, it's definitely higher, but I don't know. Anyway, that won't be decided until April. We'll see how it goes. Obviously, DOJ is going to go hard. Google's going to go hard. I'm thinking back to things like Microsoft. It'll probably end up with a consent decree with very minor changes of like, hey, you can't do this, you can't do that. Probably not.

Jason

Yeah, I vaguely remember that Microsoft takes. I was, I was a bit younger when that happened, but I fairly remember it taking quite a while before they came down to a decision on how they were going to figure it out and break it up. Yeah, it's not going to happen tomorrow.

Corey

Nope. Yeah, Chrome is safe for now. And all the Chrome derivatives. Although I will say there have been some weird changes to Chrome that they're talking about. Oh, we'll just get rid of cookies. It's like, whoa, hold on, dude.

Jason

Well, they wanted to do some weird, like, we'll do cookies for you and that way your privacy never gets out to the, to the entity that's trying to collect. We'll handle that and we'll take all that information. Weren't they talking about that also?

Corey

Do you want to save your password? You want to save your password? Please just give me your password. Just save it. Just save it. Yeah. Anyway, let's move on. I just listed a bunch of articles I thought was interesting. Does anyone have one? They're like, oh my God, I want to talk about this so bad.

Wade

The stunt hack.

Corey

What stunt hack?

Ryan

I am kind of curious.

Jason

Wi fi, nearest neighborhood, the impact of.

Ryan

The outage with Microsoft and all. Oh, that's how many people in our audience. I'm just curious, how much pain are they experiencing today because of that.

Wade

That said, it couldn't hear.

Corey

If you're having Microsoft days, just let us know.

Ellie

Yeah, the stress hustle is probably down because you're not getting any emails.

Jason

I mean, he's not wrong.

Corey

I mean, I don't even.

Wade

Okay, so the nearest favorite thing is worth talking about.

Corey

So. Okay, so I don't actually think this is stunt hacking. I don't think this is stun hacking at all.

Wade

Yeah, it's not. I think it's definitely real world hacking. I just say stunt hacking because it's actually something cool that we don't get to hear a lot, but it's actually cool.

Corey

Stunt hacking is like, oh, we did something that's. Anyway, basically this. This is being dubbed the nearest neighbor attack, which I think is a great description of how it works and how it's cool. So basically there's a Russian apt. Gruesome launch or Gruesome Larch or whatever. Not really one I've heard of, but probably the same one as before. This is an investigation conducted by Velexity, which. That sounds vaguely familiar, but I'm not personally familiar. Volatility. Okay, there you go. Forensics firm. Basically, the apt was hacking into the neighbors of their target organization. And they would hack into the neighbors and then they would connect from the neighbor's computer to the wifi of the target organization using stolen credentials. So basically, kind of. I joked with my team that it's the world's most complicated MFA bypass because it's basically like, you know, we have these credentials, we don't have a way to use them because they're appropriately protected. With mfa, which we find that a lot in penetration testing, at least on my team, we get credentials a lot. Can't really use them for anything impactful beyond like cloud enumeration and other things. So basically they would connect to, you know, hacked computers that were near enough. My biggest question is, how do you do that? Do they just hack thousands of computers and hope one of them is nearby? Or do they actually, like, they figured out the company.

Wade

They figured out the company who. I think they said they attacked two companies.

Jason

They said there were multiple companies that were close enough in vicinity to get WiFi access to their system.

Corey

Right now, you know, is a company based in a city.

Wade

Yeah, I think it's dc.

Corey

Yeah. So I listened to this.

Wade

I listened to this talk why I stream Cyber War Con, which is where they talked about this, which was really, really cool. So they originally came in, they used OSAN to figure out the. That were around their initial target. They had less security, hacked them, looked for a computer that was physically plugged into the network with an ethernet cable.

Corey

Yep.

Wade

And that had their wifi open, then scanned the wifi, saw the wifi, connected in, and then did a bunch of other stuff too. I will admit, once they were in, though, they did do a couple, like, lesser, Lesser crazy attacks, like the reg save stuff. If you. If you guys scroll down a little bit more, which is super easy to detect and like, obviously screams bad things. But that initial infection was pretty cool, I will admit.

Corey

Yeah. I mean, I was immediately Thinking how can we emulate this in antisoc? Like I was like, do we mail? I was like, we just mail drop devices to their corporate offices and like have them be in the mail room with like a Raspberry PI and a battery and like use that because there, like I said, we encountered the scenario a lot where we have good credentials but they're protected by MFA and we can't get internal Access. MFA on WiFi seems kind of unheard of. So using that.

Wade

Yeah, I was thinking I haven't locked so I haven't logged into a wifi in years. Like corporation. Like my host just automatically logs in and I figured it was through certificates and stuff like that. And I like, I was like, okay, how. How does that work? I had to do a bunch of research and I'm like, I don't think having log in wifi with creds should even. Should even be set up right. Oh, it's definitely confusing. Yeah. Yeah. Like how and. But it is also is something that.

Corey

The normal implementation like did you dig into your own implementation? How is it set up in my.

Wade

I don't, I don't know. I haven't been to my home office in long enough where. But as a, as a SOC analyst, like the wifi stuff because of course we have. Usually you have your private wifi and then there's almost always a guest wifi within the network and the guest wifi is just randomly people connecting and there's usually false positive alerts coming through there all the time. You try to track it back down to a Mac address and maybe ban them. But like most of the time stuff connecting into wifi is not a very good alert. So seeing this, it does scare me. Like how. How would I build a detection based off of this?

Corey

I mean I think it'd be a good. I think you're right that there are probably a lot of gotchas along the way of like 802.11x, you know that kind of stuff or 821x but like you know, nac ish stuff, certificate based auth. But I will say I do think a lot of wireless authentication will fail backed like two cred off.

Wade

I think that makes sense.

Corey

I just want to try it to see how it works because it sounds difficult but unlike true stunt hacking actually worth trying in my opinion as a cool MFA bypass. And I guess arguably wifi is MFA because it requires certificates.

Wade

If it does, I still say it's.

Ryan

A lot of effort to go through to try and make attribution more Difficult.

Corey

No, it's not for that. It's to. It's not. Not for attribution. It's literally.

Ryan

I think it was initial affection coming out from sideways.

Corey

Yeah, I think it's more about getting access to an account than it is about attribution. But anyway, there's more. Palo Alto zero days, as always, shocker. I don't even know if they're really worth talking about because I think we already kind of talked about them. But basically, Palo Alto Networks is kind of panicking and running around trying to fix people's firewalls. That one might be old.

Jason

This was an update from last week because last week they said they had a zero day that they were unsure of how it was being exploited. And then this week this came out, and I think this was a. Oh, we figured it out. Here's a patch or here's a.

Corey

They're basically highly advising people to patch because that's the world we live in, where you just beg people to patch and hope they do it. Please.

Wade

We all know that.

Jason

Please, sir. I'll do anything if you just patch your systems. It would be amazing.

Corey

Please. God bless us. Every patch.

Jason

You want me to patch, I'll never patch. You can't do anything to make me patch this system. I'd rather die in a hole.

Corey

Let me. Let me counter that with one. With two words. Zero day, you shit.

Wade

Oh, this is.

Corey

All right, let's.

Ellie

Okay, pause you guys. For a real time follow up on the Discord Gate. We have a new. We have a new Discord Chat channel set up already.

Corey

What?

Ellie

We have a new channel called the News Chat.

Corey

Oh, Restream's working, though. As long as Restream's working because it's plugged into that.

Ellie

Because it's the old style chat channel.

Corey

Which Restream works with.

Ellie

The old style chat channel.

Corey

All right, we're back. Everything's normal. No one's patching, though. Just to be clear, we're not patching anything. Did everyone read the Scissor Red Team write up?

Jason

I really like some of it. It was pretty interesting that they were unable to get in through normal means, like through password spraying or credential stuffing or whatever. But. Oh, look at this. There's a web shell from when we did another vulnerability scan of some kind or assessment. We'll just use that. I thought that was pretty interesting that that was still lurking around. Not. I mean, you guys doing pen tests every day kind of points out the. I mean, how. How often or how hard do you go after your Teams to say so we're cleaning up. Right. We're doing a really good job of removing artifacts. Right, Right. We don't want.

Wade

As a blue teamer that is the hardest thing to do. And I hate all the red teamers because they never do it well.

Corey

Okay. So yeah, I will say like I did see this and I was like oh my goodness, that's so bad. But I also noticed that they also, they still deployed their own web shell. Like they deployed their own web shell. Then they found someone else's web shell and we're like eh, we'll just use that. Which by the way reading between the lines, I'm betting money it was Teleric. Like that's. I packed Telerik so much. I'm like I bet you it was Teleric. But yeah. So basically cleanup is an important part of pen testing. I would say also if not cleanup, securing the web shell like it shouldn't just be. Even if you leave it there, it should at least be password protected. But I guess I would say theoretically the organization would have known that the pen testers did this. The pen testers might not have had the permissions to be able to clean up their own web shell. Sometimes you can deploy things but you can't delete them. So I guess I would say like it's kind of a dual responsibility. The pen tester should clearly report, here's a list of artifacts to clean up. But also the company should be reading the pen test report and saying hey, they deployed this web shell on this web server. We need to make sure we go and find that and delete it.

Wade

I will say just looking at the graph of this report alone, the web shell front, the web shell then go into a misconfigured NFS share. There is a really really easy detection for that that is super high credibility where you're just looking for a Linux server mounting a web mounting that share and it never almost, at least in several networks I've seen it never happens and highly suggests anybody.

Corey

Well it says it already was mounted.

Wade

And oh was it already. Oh, the Ms. Basically never mind.

Corey

Well I mean I'm assuming but they configured the options to have no root squash, which you would need.

Wade

Yeah, mounted on Linux.

Corey

Never mind file system options.

Jason

The article also says the assessed organization discovered evidence of the Red team's initial activity but failed to act promptly regarding the malicious network traffic through its DMZ or challenge the Red team's presence in the organization's Windows environment. So they did detect them and they were just like whatever, what Are you.

Corey

Going to do well? There was a whole cat and mouse throughout the whole write up. That was really interesting. That was like they were detected and then they were like partially removed and they had to fall back to like one or two Windows servers. But then they were to re. They were able to reestablish access everywhere else. So like I also reading between the lines on this one, which I did a lot of, they're like we told the client about this critical vulnerability and then they started patching things or you know, remediating things immediately. And then like they came back like it was a whole fun like reading between the lines of the interaction with the client and the small pieces they put in the pen test. I think overall it's a pretty strong pen test report. It's a pretty strong write up. I think it's a good read if you're interested in pen testing. I also like that they specifically say commercial. It was interesting. They said they were using domain fronting. I was like, I think we got rid of domain fronting a long time ago. Maybe they're just talking about using a.

Wade

CDN team use domain fronting to disguise outbound traffic.

Corey

I know, I'm like, they use domain fronting. Domain fronting is been like not a thing for a long time.

Wade

But I don't know. I've seen it tried by other red teams.

Corey

I'm like, is it back? Are we back to domain fronting? Like, like, I don't. Anyway, it could be like a pen test from like seven years ago. They're just now publishing like I genuinely do think that the, the rules for the government in pen testing and publishing a pen test result like this have got to be, there's got to be a lot of red tape. Also the sun is just shining directly on my face right now. There we go. I can't see anything.

Wade

With that angle of sun, we should be able to tell exactly Corey's location and by the side. Now we can't look. I have to look at the angle.

Corey

Coming in the hands for security reasons. I'm gonna have to ask the sun to promptly turn off, please. I'm gonna need to patch the sun.

Wade

All right.

Corey

So did you read, did you read.

Wade

The attack on Finstra? This one kind of gets close to home for me.

Corey

I didn't, I didn't. Run me through it. Give me that.

Wade

All right, so there isn't a lot of data on it just so far, but we do know that they have experience to breach and there was a post on breach forums, I believe of some leaked data already. Right.

Corey

So sf, what does it move it again?

Wade

So we have one of our. Alex actually chimed into chat and he believes it was like an IBM something IBM server. I didn't do a gnarly amount of research on it because I don't have to do that anymore. IBM is this.

Corey

Dealers. Did someone leak in post? Dealers?

Wade

No, it's believed to. Alex believed it affected an IBM Aspira being the tool that. For exploration. Ah, maybe not. Anyways, the crazy part thing though is like Finch does being a fintech. Well, a lot of people don't realize is there's a bunch of these little companies that really connect the whole financial organization and allow banks to transfer from one to another. You think banks all have the same format, right. And they're able to transfer money and none of them do. All of them have completely different formats. None of them can talk to each other. There's stuff like Swift that allows some transfers like that.

Corey

Right.

Wade

That is heavily regulated. But most banks need a middleman or like Finster or the. There's organizations who will then hire Finstra to in order to connect all of their bank accounts. So think about what was the Intuit like personal money tracker that closed down?

Corey

Mint. Mint.

Wade

Mint. Think about Mint for corporations that have like 50 bank accounts across nations. Right. So they're able to transfer and look at money at all of these different bank accounts and easily go through. So that's what Finstra kind of does and is able to transfer. So seeing something like a breach like this is kind of weird because they're not an up phrase upfront company. There's a little bit in the background providing this service.

Corey

It says. Yeah, so it says the data is from their esb. What the heck is an esb? Is that like a. Should I not have said that on the news? Does that mean something bad? Extra special box? Is that what it is?

Wade

It was an unpatched IBM business process manager that made the initial compromise creds so much worse. That's. That's a quote from Alex. Alex Bellevue, if you don't know. Beloved. So Alex does work for a lot for a fintech company and I know probably had to research this during the attack, so I would. Too bad he can't be on here because he got in a car crash.

Corey

But someone really explained that a little bit.

Ellie

One in four deers. Yeah, but he's fine.

Ryan

A little achieved but he's taken care of.

Wade

He'll be okay.

Corey

Yeah, I mean obviously this would have been solved if I'm Segueing. This would have easily been solved if they were regulatory compliant with. I can't find the article. The cfpb. The cfpb. Everyone knows the consumer financial protection bureaucracy will keep you safe from all hacks. The article I'm talking about is the digital banking apps like the digital payment apps like Cash app and Venmo. Apparently the cfpb, which I didn't know they existed until this article came out, they finalized a role to supervise the largest non bank companies offering digital funds transfer. I guess it's not really new, but it's basically them saying, we are going to start enforcing things on these apps, including basically fraud, privacy. The other one that was funny is they call it debanking, which I've never heard that term before, but I thought was pretty funny. It's like you are being debanked, which apparently is like, you know, locking out someone from their app or preventing someone from accessing the app could have like financial impacts to them. So was that.

Wade

Was there any mention of. There's like a bit. There was a. There was a recent financial tech organization that failed and a bunch of people lost money. I know Coffeezilla reported on it. Do you know what I'm talking about now?

Corey

I don't know what you're talking about, but theoretically, I don't know. It would like. It does say they issued a report about how funds are not protected by federal deposit insurance and advise consumers to regularly move their funds to an insured account. Basically they're just kind of imposing their vibe on digital banking apps and basically turning them into regular banking apps.

Jason

Isn't. Isn't Zelle or something? Isn't that like Wells Fargo isn't. Don't they have that app?

Corey

I always. So this is like become a thing in my personal life because everyone's like, do you have Venmo? And I'm like, no, because why would I use an app to send people money when it's already built into your bank? It's called Zelle. And they're like, I don't have Zell. And I'm like, everyone has Zelle. Like you do have Zelle, you just don't know it. So I mean, I don't know. I did a lot of research back in the day on like scraping Venmo because for a while Venmo's default setting for all transactions was visible to the public. So for a long time back in the day, I was scraping Venmo and you could. People would post ridiculously specific things on their transactions. They'd be like rent for. And then enter the address of their house they're paying rent for on Venmo. It's like, oh, that's great. From a privacy perspective, basically. You know, these digital banking apps have a history of bad privacy. You know, bad. They don't. They're not insured. And the Consumer Financial Protection Bureau is kind of, you know, cracking down on them. So I guess that's probably a good thing. But maybe it'll make it Venmo less cool if it's, you know, just a regular bank.

Wade

So the company I was talking about was called Synops, Synops, synapse. Synapse, right. So they're fintech synapse. Damn, dude, now I can't read. I just read lines. I don't read words like these purple crayons.

Jason

They are delicious.

Wade

So I read about this a while back and pretty much it was a financial organization where you'd like store all your money with them and then they would lend your money out to banks in order to make you more money. That was the overall how I absorbed it. And pretty much they went on, they went under. And was it them or was it yada that went under? They went under and a bunch of people lost like hundreds of thousands of dollars because no one kept track of their books.

Corey

Yeah.

Wade

So I'm definitely guess that this is around that.

Corey

It is kind of crazy to me. Like, I don't even understand the model. Like, what is the tech bro pitch? We're sitting at a very expensive bar in Palo Alto and you're going to make a digital banking app. What is the pitch we're going to lose? How do you even make money by selling the transaction, like, the data? Like, I truly do not understand how you can just be like, yeah, we're a payments app. I guess you can collect money. Who can you even collect money from? If someone's taking commercial payments using the app, all of them are free. People won't use it unless it's free. I don't get how these apps even make money other than, I guess, selling the data.

Wade

I'm surprised they weren't regulated beforehand.

Jason

There are transaction fees. Like I'm looking at Venmo. It says Venmo makes money through a variety of methods, including transaction fees. Venmo charges a fee for transactions made with a credit card or business, typically around 1.9 to 2.9 of the transaction amount.

Corey

So it's normal bank stuff. That's just every bank, it's like, oh, we take Venmo for payments. Well, do you also take Visa? Like it's this. I don't know. I don't really get it. Anyway, chat, what's next?

Wade

Good description on this.

Corey

We talked about nearest neighbor we could talk about. Let's see.

Wade

We.

Corey

I guess there's follow up for T Mobile.

Wade

Oh yeah, they caught one.

Corey

Yeah. So I feel like this almost is following like this weird villain arc of T Mobile where somehow they managed to publish this news article that just says T Mobile managed to throw out a data breach before it occurred. It's like, okay, so they've gotten breached nine times in a row, but they also didn't get breached one time in a row.

Jason

They need to win.

Wade

Okay, yeah, I was about to. This has definitely got the feel of like a blue teamer. Like everyone talks about the times we were breached. No one talks about the times we protected from the breach, but T Mobile's.

Corey

PR is going to talk about the times they prevented a breach. So basically, Bloomberg published a news article saying T Mobile was able to detect suspicious activity within its infrastructure early, with hackers only gaining access to a limited number of devices. So they still got hacked. And it was just part of reconnaissance activity. So they still got hacked. Here's how I'm reading between the lines. And this is all speculation and my opinions represent my own and not that of Blackhouse Information Security, but here's what happened. They got hacked again. And the CEO of T Mobile called up the CEO of Bloomberg and said, listen, we're going golfing tomorrow. I'm going to take you out for a round at whatever fancy golf club I belong to, and then you're going to publish an article about how we didn't get hacked because I swear we didn't get hacked again. And then now there's an article about it.

Jason

Seems reasonable.

Ryan

Plausible. Definitely plausible.

Corey

I feel like there's a few articles in here that are talking about hacking home routers or like, not just home routers, but what is it? Zycel or Zy? I don't even know how to pronounce it. Zycel Dytel routers. There's one. The D link 1 is an article that's actually in the list. So D Link is basically warning consumers, which I feel like I should be scared. If D link starts talking to me. Like in my head, they don't talk. Like, when does D Link ever talk to anyone? Has anyone ever talked to D Link? In my mind, they don't have a lot of public posts. They just exist and no one messes with them. And you know, they don't say anything, but apparently D link is now warning customers, replace your end of life VPN routers. There's a critical RCE vulnerability that is discovered and is not going to be fixed. Basically it doesn't have a CVE yet, but it affects DSR150, DSR150N. Let's Google that. I bet you everyone knows exactly what that looks like. Just in your head. Yep, that looks exactly like it's not.

Wade

Going to be fixed.

Corey

They said that it's not going to be fixed.

Jason

Is it end of life product or something?

Corey

Yeah, all they've been end of Life as of May 2024. It affects this legacy router which have reached their end of life. You know, we're not going to. We're not supported. They do say third party open firmware, AKA DD WRT is may exist, but we don't officially support or recommend this and using it voids a warranty, which I don't know how there's a warranty with no security updates.

Jason

Well, you don't support the product anymore anyway, right? It's end of life.

Corey

I know. I do think it's funny that they did throw that shout out to install. I'm assuming it's DD wrt. It might be something else. At least. When I was installing alternate router firmwares, that was the kind of leading one.

Wade

Tomato.

Jason

What was it? Tomato was another one.

Corey

Oh yeah, tomato. That one was good too. This is back in the days of like everyone had the same SSID and it was linksys. Everyone was linksys.

Jason

It was great obfuscation though. Yeah. Which one is my ssid?

Corey

I don't know. It was anonymous. Now it's like you can tell someone's exact location based on their WI FI network.

Jason

You just write FBI Van.

Corey

FBI Van is probably the next version of LinkedIn or Linksys. If we're being honest. That is like the next most highly used ssid.

Jason

Let's name mine Cox or T Mobile or something.

Corey

But then they have like random.

Wade

With a random stream.

Corey

Yeah, you have to pick a random id. Just go pick whatever your neighbor says. That won't get confusing at all. Just merge your two networks into one network. No one will know who is Apple TV Kids. All right, so on a good news, I guess I'd never heard of this cybercrime website, Popeye Tools, but it was seized by the US this week. They also unsealed charges against three of the admins, Abdul Ghaffar, Abdul Sami and Javed Mirza, or Jab J. I don't know how to say that name. I'm sorry. They've also confiscated $283,000 worth of crypto. This was, I guess, a marketplace for cybercrime, basically breach forums, but not very, very early sales.

Wade

I was very surprised. I had never heard of this one either. And for it being up so long, I think what they say since 2017.

Corey

Was that what it was that. And also that it had an estimated revenue of $1.7 million.

Wade

So they. I feel like that isn't a lot, but maybe I'm wrong.

Corey

I guess that's only like one bitcoin nowadays.

Wade

Right? They kept under the radar for a while. If they've been up since 2016.

Corey

Yeah. I don't know. I mean, basically it was a clear Net site, though. It was just Popeye tools.com and Popeye tools.uk so basically these were just like. You didn't have to go to the Dark Web. You could just go to this. I also think it's hilarious that they called it Operation Shipwrecked.

Jason

Because of Popeye.

Corey

Yep. And they put like, the little Popeye behind bars. Is Popeye public domain or does Disney somehow still.

Jason

Here's what I want to know. I want to be in that. That get together and, like, we're gonna name our stuff. What should we do? I mean, we've got like, Flaming Dragon. Nah, that's not right. How about, you know, I don't know, like, Space Popeye? That's where it's at. Popeye's a badass.

Corey

Oh, you mean why they named the site?

Jason

Yeah, it's just a weird name to call it Popeye. What was happening in their lives that. That was the thing they came up with.

Corey

They should have just called it Cali Linux. No, I'm just kidding.

Wade

They're all big fans of spinach. That's why they're all.

Corey

Yeah, they're. Well, they're from Pakistan, so I don't know. You know, there is some pretty good spinach dishes in that region. But I mean, I don't know, I feel like. Like following threat actors on online for a while. They do come up with the funniest names and sometimes I just can't help but laugh. There's a certain, like, it's like that old school Internet swagger that just makes me laugh. It's like, you know, their name is like Daddylicious or whatever. They hacked the FBI or something.

Wade

The DOD one. What was the dod?

Corey

Oh, usdod.

Wade

The USD. Yeah.

Corey

Yeah. And it's hilarious. Like, you Go on. Breach forms, and it's like US DoD breached the site, and it's like their logo is literally like the DOD logo. You're like, how do you paint a target on your back? Hold my beer. Or. Sorry, hold my false energy drink. Yeah. These kids are all like, 12.

Jason

What's funny is somebody from Popeyes Chicken is trying to, like, I gotta buy some tools to. For my kitchen here. What the hell is this?

Ryan

What?

Corey

No. Our deep fryers have been seized by the Department of Justice.

Jason

What's happening?

Corey

I just wanted a spatula. Daniel. Yeah.

Jason

Damn you doj.

Corey

Yeah, that's pretty funny.

Ellie

Speaking of crypto, you gotta talk about the razor.

Corey

Talk about the. Talk about the what?

Ellie

The Raz.

Corey

The Raz just hit us with an article. Hit us. Oh, no. Razzle Khan's going to prison.

Wade

Oh, man.

Corey

The gator of Wall Street. Or the crocodile of Wall street or whatever. Yeah. So, I mean, this is a long follow up. This Heather Morgan was sentenced, which, if you haven't seen the. She makes really good music. If you haven't seen it on YouTube, I highly recommend it. Yeah, just search Razalkhan on YouTube. I apologize in advance. I would recommend muting halfway through the video and not even halfway, maybe 10 seconds in. Anyway, basically, these are the people her and her partner stole. Who did they hack? Was it Bitfinex? I think it was Bitfinex. Yeah, it was Bitfinex.

Wade

Good call.

Corey

They stole. They. So basically, the story was they hacked Bitfinex and they stole a ridiculous amount of money. Like, I don't know, 200 million or some insane amount. Then they kept the private key where all the money was. Guess what? They kept it. Google Drive, as you do. That's the safest place for private key with $200 million on it. And then I guess they were, you know, hacked or figured out, indicted, and then now they've been charged. What was her.

Wade

18 months.

Ellie

18 months.

Corey

18 months.

Wade

Eighteen months for stealing 71 million at the time. Here's the crazy part. That 71 million at the time is now worth almost 11 billion, though. That's the freaking crazy part. But only 18 months. So if you're trying to be a cybercriminal, kids, just steal bitcoin. It's less time if you get.

Corey

I will say it was multiple people that perpetrated the hack. I don't know if her partner has been sentenced yet, but I think he was kind of the mastermind and she was more the rapper. But, I mean, I could be wrong. Basically, 18 months is only long enough to get more street cred as a rapper. So, yeah, let's hope our music gets significantly better over the next 18 months.

Wade

They both pled guilty. Yeah, he's serving five years.

Corey

Yeah, there you go. So I think. Yeah, five years. And I will say they had all the money. They really got nowhere from it. And of course, we joked about it years ago, but, yeah, they sold the rights to Netflix and they probably made more money off selling the rights to Netflix than they.

Wade

I thought there's. I thought there's some legal thing where if you committed a crime, you are not allowed to make money off said crime.

Corey

What?

Wade

Yeah, like, so, like, if there's. If there's like a. If you're a murderer, right, and you're in prison, you cannot make money off your story. There's really something.

Jason

Certain crime.

Wade

Yeah, there's.

Corey

I didn't know that.

Wade

I swear. There's a law behind that.

Corey

There should be. No, I don't know if there is or maybe it only applies to certain crimes, but there definitely should be because this almost seems like an insurance policy against getting caught. It's like, okay, as long as we're interested enough or interesting enough to be a documentary, we can. That's our insurance policy to pay our legal fees and our, you know, restitution and all that stuff.

Wade

The Son of Sam law.

Corey

Son of Sam? Isn't that a video game? No, that was serious Sam.

Jason

Yeah. Sam Berkowitz was the 44th.

Wade

Aims to ensure that criminals do not financially benefit from their notoriety of their offense, such. Such as through a book, deals, movie rights, or paid interviews. Thank you.

Corey

Clearly it doesn't either. Okay. Either they didn't make money off of it, or this somehow doesn't apply to this crime because they are.

Wade

I don't know, maybe it's their llc.

Corey

Right?

Wade

Like, they pulled it.

Corey

Crime Consulting LLC is profiting handsomely, but not them.

Jason

It's like the Pirates Bay. No one's really running it. It's just running itself.

Corey

Yeah, it's fine. Although people did go to jail for that one.

Jason

But anyway, they did.

Corey

Let's talk about Defender. So this is like a weird article that I kind of felt like I was getting drunk while reading it because it's kind of like. So the article is, Microsoft Defender is not enough anymore. This malware gets around it. But then the article seeks goes on and basically just explains why they were actually using the ordinance or, sorry, they were actually using Malware Bytes. And I'm like, wait, what is it? Defender malwarebytes. They also mentioned Bitdefender it's not really that big of an article, but I guess is the public perception. The reason I want to talk about it is because I want to talk about like the public. Do the regular people in the world think that Defender is blocking them from all security threats or malware bytes? Like, do people actually think if you download free malwarebytes that it's going to block all malware?

Wade

I believe so. From what I have talked to people, right? Like most of them do not know that Microsoft Defender is at least halfway decent. Like, I think it's pretty good. It's blocked.

Corey

It's like 10 years old. The perception is old.

Wade

Yeah, yeah, the perception of it's old. So like my mom like, should I install Norton? And I'm like, no, I won't ever be able to get it off. We'll just reinstall the os. No, but yeah, I still think that is a very common thing of definitely that past generation of having to install an antivirus. It's still there and it's still fresh. Especially there's a lot of ads and stuff around it now too. At least on the Internet, right? Like all the AVs and stuff like that.

Corey

I don't know. It's super weird to me, number one, that consumer AV is even a thing that exists because every product, every popular operating system comes with a built in native or antivirus program that tends to work pretty well. I feel like I've been telling people for years to just use Defender, not that it can't be bypassed. I mean, I feel like that's also, you know, something you tell people when you give them this information. You say just use Defender, but also think before you click.

Ryan

Well, yeah, I was surprised when I started working at VHIS and they, well, we were using Nav in addition to Defender and then got an upgrade and I said, okay, so we used to use this. Do I need to install? They go, nope, nope, Defender's fine. Like, are you sure? Cause I mean I grew up in the days when you had to have a third party av. You had to have something because operating systems didn't come with protection back then.

Wade

I thought was like, I thought all these AVs were free because the, the AV companies were collecting telemetry, right? And then being able to create better signatures or at least have better information.

Corey

But that's Defender now.

Wade

Defender has Defender now. Yeah, Ultimate.

Corey

They have the biggest data set of anyone on the planet.

Wade

They also are plugged into the OS probably a little bit more than everybody else, right? As we saw with CrowdStrike, I would imagine defenders developers have a better understanding because they are directly connected to Microsoft at least.

Corey

I mean, I don't know. I mean, I think, like, it was an interesting article. I don't want to discredit the researcher at all, but basically a YouTuber put together a thing that, like, runs through the malware itself. The malware itself was kind of cool. It actually did persistence via a Chrome extension, which I thought was kind of neat. But what I would say is, like, they did, like, the person installed a software that they got from Telegram. There's so many red flags here. Like, they installed a software they got on Telegram and then it was from.

Jason

A.Ru they like, what's the problem?

Corey

It's fine.

Jason

It's amazing.

Corey

Adobe Acrobat Pro. I mean, what's the problem?

Jason

Oh, it's so crazy. Every now and then you'll see those news articles that are like, oh, so many people are getting hit with malware through, you know, they're trying to download a Photoshop for free, you know, some pirated version of Photoshop, and lo and behold, it has malware in it. Crazy, surprising.

Corey

Piracy. Even in the world of, Even in the world of, like, Infosec, we see a lot of people at home that download that get into piracy and then end up infecting themselves with Infose dealers. Even, like contractors, like, like code or other. Like, contractors of like, enterprise companies will have the same problem because, like, if you're a contractor and you need Photoshop, every dollar you pay for Photoshop, which it's ridiculously expensive, comes out of your salary, right? So I don't know.

Wade

Chrome's pretty good at like, blocking downloads if you have it properly set up. Like, there's been multiple times where I just have to completely turn off all the security functions in Chrome and then everything else in order to get some cool samples or something like that.

Corey

Yeah, I didn't, I don't remember off the top of my head the specifics of how this one was deployed, but I don't think it was. I think it was like, obtained from Telegram. Like, I think, I think they got the binary from Telegram.

Wade

Was source Telegram installed on their computer?

Ryan

The binary program, the.ru domain for the download, which, by the way, are we going to talk about the request Microsoft has made to have Trump push it harder against Russian attacks?

Wade

I don't know if we're allowed to talk about that one.

Corey

I mean, we can, we can talk about it. It's in the political section. I mean, I will say, like, okay, they're not. Are they specifically asking Trump? It's not like Microsoft made a post that says dear Lord Trump. Like, basically this is, I guess Brad Smith, who's Microsoft's vice chair and top legal officer, told the Financial Times, which we're talking about the Financial Times here, here's what they said. I hope that the Trump administration will push harder against nation state cyber attacks. So it's not like they said, dear Trump from Microsoft.

Ryan

This is what I get.

Wade

He didn't even ask Trump. He told that.

Corey

Yeah, literally all he said was, I hope Trump pushes harder against nation state cyber attacks. We should not tolerate the level of attacks we're seeing today. I guess you could take a political spin on this and be like, what? Oh, we should not tolerate. Are you saying Biden tolerated these attacks? But like, I don't know, I think it's, I think it's more just Microsoft being like, hey, nation state bad. You know, like, it's the way they're.

Wade

Going to protect us from like North Korean remote workers is I heard they're going to bring everyone. They're going to remove remote work, right? They're bringing.

Corey

Return to office.

Wade

Return to office to protect against North Korean workers.

Corey

Well, I will say that Trump's going to have a real problem when he has to return from Mar A Lago to the White House. But anyway, yeah, that's, that's as close as we're going to get to politics. But yeah. So the other one I wanted to talk about was the leak on the Andrew Tate site. So basically someone breached Andrew Tate, which if you don't know who that is, good for you. I'm glad. He's basically kind of a self described misogynist and I'm not joking, that's how he describes himself. But basically someone hacked his online university where people were paying monthly $50 a month to be a misogynist, apparently, which seems like something you could just do for free. But I guess the reason I'm like, I think it's interesting is it's hacktivism motivated. I feel like the risk here is to the people who are usernames who have accounts, who have like, I guess like it's such a personalized thing of like you're now you. Let's hope people use their burner emails or whatever. But it's just, I don't know, like nothing is safe. You should assume this kind of stuff gets breached.

Wade

Like this becomes the new Ashley Madison, right? Were you Andrew Breen thing?

Corey

Yeah, yeah, yeah, something like that.

Jason

What's you guys take on like signing up, forget Andrew Tate or Ashley. Master all this stuff. Just regular. You got to sign up for a bunch of different stuff. And some people like, you know, they're very much about the privacy or security and say I just create a new email address for every registration. What's your take on that? You think that's an effective method or.

Corey

Yeah, that's an awesome method. I highly recommend that. There's a couple of tools that let you do it really easily. The ones I recommend are Simple Mail or was it Simple?

Ryan

Is it Simple Login?

Corey

Simple Login, that's what it is. Proton has a product that will do it that's included with their like premium subscription. Apple iCloud does it for free, I think. Or maybe no, you have to have an ICLOUD subscription. But you can use. They call it Hide My Email if you have an icloud account. I have like 500 emails in that thing. They all redirect back to my main email. But it's pretty nice. I think duck.com does it for free. For free. If you do like DuckDuckGo or whatever they do privacy based email addresses, I mean there's Gorilla mail, that's an old one. Shark, Lasers and all that.

Ryan

They don't hate, they don't take those domains. I mean I get refused on Simple Login and whenever I get refused on the Simple Login domain, I try one of the alternates and they're all blacklisted.

Corey

If iCloud has a pretty good success rate also. Yeah, you can put your own domain in Simple Login. Is that where you're going with that?

Wade

I was going to say, can't you just put your own domain? Put a wild card in, right?

Corey

Yes.

Wade

And then when I sign up for stuff, I just, I use that company's name at my domain and then when they do get breached or something comes up like, oh, that's where it came from.

Corey

Cool. But that isn't anonymous. You should know.

Wade

That's a good point. That's a good point. It's more of me checking them.

Corey

Yeah, the Hide My Email has been the best hit rate for me. I very rarely see someone doesn't allow icloud.com because the Apple ones, they use icloud.com so that's like the, you know, if you don't allow signups with iCloud.com, you're basically blocking Apple's version of Gmail. So. Well, yes, Simple Login stuff is cool. Hide My Email is cool. I mean I think that's a good, you know, if you are going to sign up for Andrew Tate's online university, use a fake name and a fake email. Like also don't do it. Donate that to a animal shelter or something.

Ryan

But yeah, donate it to an animal shelter anyway.

Corey

Yeah. Any other final articles before we close out? Oh, there's a 7zip vulnerability. That's an interesting one we should probably talk about. That's your seven zips. No, this is actually I actually see seven zip in corporate environments a decent amount because companies are like we want to have encrypted file transfers. Right. So basically the 7zip app doesn't have a built in native updater, it doesn't update itself and there's currently a memory corruption style vulnerability that allows I think privilege elevation. Or I guess it wouldn't be privilege elevation, it would just be code execution basically. You know that binary payload that Defender didn't block? Now it can exploit seven zip. So I guess update your seven zips. I don't know what platform it affects or if it's all platforms. There's not a lot of details in the article or a cve but either way update your seven zips.

Wade

Any other articles if you don't have any news? No, I have a. I have a plug. Oh, go. What do you got?

Corey

I forgot about that. Phishing as a service one. So basically Microsoft took down the phishing as a service Onyx, which is like adversary in the middle. The funny bit in this is in the PDF of the like unsealed document they have the list of all the domains that the attackers were using. And I found reading through the list of domains hilarious. Some highlights that made it into our group chat were there's some pretty funny ones. There's outlorclive.com I don't use Outlook, I use Outlorc. Yeah, there's like 280 domains in the list. A lot of them are really good. There is, you know there's so many Microsoft. There's one that's just like Microsoft and then just like a keyboard bash. There's so many verify SharePoint files with the one us. Mike Lowsoft outlorc. Like I think outlorc might be my favorite one. There were some. If you are logging into outlorc.com you might be getting hacked.

Jason

I just thought that was really good. 90s sci fi.

Ryan

Yeah, well they even, they even had Biz vip. They had a whole bunch of tlds.

Corey

There's a lot of tlds. I know they're Spending a lot on domain registrations. Huh?

Ryan

You don't spend money to make money in bulk.

Corey

It's true. So as a service you gotta be able to scale. Come on.

Ryan

Yep, yep.

Wade

All right.

Corey

That's all. That's the only one there is the Scattered Spider one too, which is like a quick. I just want to throw this in. So Scattered Spider is a threat actor. We covered a lot on this show in the past. They were really active ransomware group between September 2021 and April 2023. They also did SMS, phishing, cryptocurrency stuff. The five people were charged. But I think the shocking part about this is almost all of them are based in the U.S. so like four, you know, we've got Texas, we got Florida, another Texas, North Carolina. It's kind of interesting, like, you know, just to have that, you know, it's rare to see a threat group or, you know, an apt or whatever we're calling them, ransomware group be based mostly in the U.S. but this one was one that was mostly in the us so it's kind of interesting. We do see that every now and again.

Wade

At least they were block China. Right?

Ryan

They were all in their 20s.

Wade

They were pretty good.

Jason

I think there was like they were pretty good 16 year old in the UK. That was a part of the. The group.

Corey

Yep.

Wade

Yeah, that was the one who got caught early on.

Jason

Yeah, yeah.

Corey

So you can't just block China and say no more hacks, I guess, is the moral of the story.

Ryan

Kitty Ryan.

Ellie

Sorry, I was muted so you couldn't hear all the noises, but. This is Ellie.

Ryan

Hi, Ellie.

Ellie

She's desperately trying to get my attention.

Corey

Wade, what's your plug?

Wade

Oh, I was going to plug the Secure Code Summit that is going on.

Corey

Is it written in rust?

Wade

Only the whole con is written in Rust.

Corey

The whole con better be written in Rust.

Wade

The whole con. You have to actually SFTP and then you get this. Rust.

Corey

No usftp. No. I'll message you on telegram, Wade, and I will send you a Rust binary that will give you access to the Secure Code Summit and then you get going.

Wade

No, the Anti Siphon Secure Code Summit. Right. It happens on. It's on December 4th. I know. There's also a bunch of training to go along with it. I'm one of the trainings. I'm teaching my CTI 101 course. It's only a one day, but this is also probably going to be the last time. It's only a one day. I'm gonna push it to A two coming up next year if it's still there but just have everyone check it out Something to do during the week.

Corey

Get some live training, get some knowledge write everything in Rust it's the only option all right thanks everyone for coming.

Ryan

So many programming languages sorry thanks everyone.

Corey

Yeah we fixed the live chat thanks for bearing with us I see I see like the normal people starting to post again so I'm very happy Char was with us though Char just follows us around knows how to hack the discord Shout out to Char for just knowing where things are I couldn't even find it but yeah we'll see you all next week actually yeah we will Right, we're back next week yeah we.

Ellie

Should be back next week yeah yeah.

Corey

Have a good turkey day everyone or if you're outside the US have a good not anyone responding to emails for.

Ellie

Two days have a good Monday slash.

Corey

Tuesday Bye bye I.