Ralph May

All right, we ready to go here? I think we're ready.

Corey

We're always ready. Show us that guy with the broken finger.

Ralph May

Welcome to Black Hills Information Security. Talking about the news. I'm your host today, Ralph May. I'm in my bitcoin mining rig warehouse warehouse mining some bitcoin. But irrelevant to that, we have some news today. We also have a large cast of new host or co host here. We have.

Wade

Geez.

Ralph May

We have Wade, we got Tim, we got Alex, and we got Blake. That's it. Yeah. So anywho. No, I'm just joking, Cory.

Corey

No further questions.

Ralph May

You're on.

Corey

The government's going to come in and be like, who's using all the electricity?

Ralph May

Not me. You know what, here's the deal. I got into it after they shut it down in China. You know, we're the only ones allowed to still do it. And so, you know, I'm taking over. I've actually get a shipment of Chinese rigs every. Every week.

Corey

That makes sense, dude. Yeah, because China has much stricter environmental laws than we do. Right.

Ralph May

It's weird, right?

Tim

Yeah.

Ralph May

That was subtle humor. It's so backwards.

So what do we have to talk about on this amazing president's.

Corey

Well, happy birthday, George Washington. I guess apparently first.

Ralph May

First and foremost, what president say is.

Alex

Yeah, I did not know that.

Ralph May

I think it was George Washington's birthday.

Corey

It's George Washington's birthday. Also we found out today that in 1970 something that Congress passed a law to like move a bunch of holidays to Mondays. So like it didn't use. I don't think it's not actually his birthday. It's just like some random day.

Alex

They're just looking out for us to get those banking holidays off.

Ralph May

Yeah, it's the day that the federal government has officially chosen for us to be off in what celebration of president's or George Washington's birthday.

Corey

It's the day that everyone wants to cannibalize to turn into voting day and.

Ralph May

Just move it into the.

Corey

In September. People are like, wouldn't George Washington want that?

Ralph May

Yeah, hey, I'm all for voting holidays, but anyhow, I'm for that.

Yeah, that's not on the news day. We got some ransomware. Talk about that. Well, in relation to World War 3. So if you're haven't been living under a rock. So there's been cyber attacks. Ukraine. The registry's got an article about cyber attacks taking out Ukraine. Military and big bank websites are now offline. I'm not really surprised about this. It seems like the fsb, you know, tactic here, Russia just shuts down.

Whoa, whoa.

Corey

There's got to be at least be a false flag, right? North Korea or someone.

Ralph May

I don't know. I feel like at this point they're just like. Well, we have a hundred thousand tanks on the border, so I guess we're not over there. Yeah, right.

Corey

Like, this is like, what, the 10th time this has happened in the last three years?

Tim

Probably.

Ralph May

Yeah. They're just literally throwing rockets from like a cyber.

Corey

So imaginative.

Ralph May

I know, I know.

Tim

Oh, you know, flipping through the playbook of like.

Ransomware.

Wade

It's the junior tester running through, starting the playbook from the beginning all the way through.

Corey

It's just a script that they forgot they left running.

They were like, oh, wait, we actually didn't cancel that cron job.

Wade

It was a logon script.

Corey

Oh, it was on logon. It just triggers a detox.

Wade

Nasty.

Ralph May

The Russian equivalent of like auto pone. Except for, you know, it's just taking down stuff via, you know, DDoS and whatever it is.

Corey

Who is in these botnets anymore?

Blake

Come on.

Wade

Speaking of botnets, whatever happened to the low orbit or high orbit ion cannon? Does anybody anything about is still a thing?

Corey

Oh, for sure.

Ralph May

It has to. Okay. Yeah. I don't know.

Corey

So just to translate that into Russian.

Wade

Duh.

Ralph May

Yes. So I guess one of the banks suffered a DDoS attack. We had.

Corey

We have like a expose article on the FSB. The elite hackers of the FSB. Which is funny because we're talking about DDoS. But I guess it hasn't technically been attributed, right? I mean, it might not be.

Wade

Yeah, I mean, when I saw this logo, I thought that Cobra Kai had a new season coming out, but I.

Ralph May

Gotta read it again.

Wade

I said that's not the storyline.

Alex

Are those backdoors and breaches cards up in the top left hand corner?

Corey

I think they are. I think you're right about that.

Ralph May

I gotta give it to them. This site is very, very interesting.

Corey

Yeah. Wow, they really did. They spent a lot of money on. Oh, wow. It zooms in.

Wade

Enhance.

Ralph May

Yeah, dude, this is wild, dude.

Wade

Enhance.

Corey

So wait, what game is this? Does anyone know? What is this based around?

Ralph May

Can I buy this?

Tim

Seems like some sort of like, Metal.

Ralph May

Gear Solid, Berserk, Bear, nerdy on whatever it is.

Corey

Please help us.

Alex

What's in the top left hand corner?

Wade

Man, this is wild. It looks like carbon fiber.

Corey

This is a total rip off. Yes, because backdoors and breaches is a completely original idea. It doesn't have anything to do with any Other games.

Ralph May

That's right. It does. Exactly.

Wade

I never played that one before.

Ralph May

Oh, wow. This is pretty interesting. But. So they've been operating for a while.

Corey

Someone basically was like, I miss going into offices and having, like, cork boards with things on them. Was like, let's make a web version of that. Hilarious.

Wade

Oh, that's really.

Tim

There.

Wade

There's a sticky note with a password, a username.

Corey

This guy was going to. HTTPs, colon, slash, slash, dub, dub, dub.

Ralph May

Oh, the worst.

Corey

Confirmed hacker confirmed.

Ralph May

I mean, are we.

Alex

We're more obsessed with the core board than we are with the article.

Corey

I was going to say, should we actually read that? I guess. Here's the moral of the story. Read this on your own. It's kind of cool. It's linked in the chat. It's interactive.

Wade

That is cool.

Ralph May

That's. That's why you should read it now. I mean, obviously Russia's been, you know, conducting these attacks for a while, right?

Corey

Who's vlad?

Who is interact.de does anyone know who. This site actually.

This is actually a fish propaganda JavaScript minor. Like, why is my.

Wade

Don't scan the QR code. Don't scan it.

Alex

Can we go into this, into VR and then, like, put the strings and.

Corey

Like, connect things on our idea.

Alex

The always funny meme.

Corey

It's like the professor who is Peppa Silvia. But yeah, yeah, it's like you were saying, you know that professor that used the half life Alex whiteboard.

Alex

Oh, yeah, yeah, right.

Corey

They're like. All right, everyone, get to the war room, put on your goggles, we'll be there in 10 minutes. Steve, why is your attribute a giant chicken? Oh, sorry, I was playing another game.

Ralph May

I think we could all probably agree that there's going to be more attacks from Russia to Ukraine.

Corey

Okay. Someone smart in chat said it's. This site is a German news agency. Tv.

Alex

German tv.

Corey

Okay, so it's semi legit.

Ralph May

Okay. Someone also said that this looked like the DoD cyber awareness training, which is definitely true.

Corey

So one more. One more World War War III article. Ralph, The FBI is bracing brace for attack.

Wade

Oh, I thought you were going to talk about NFTs.

Ralph May

Oh, yeah, no, those are happening too, I guess, whether we like it or not, but. So this article is from Newsweek and the FBI. Braces for Russian cyber attacks.

Corey

How do they break? What do they do? Do they unplug computers?

Ralph May

No, they get like, particle board and, like, put it up and just like hold it back. You know, kind of like when hurricanes are coming, you know, put it over the windows.

Corey

They just, like, put things on their ethernet jack so they can't have things plugged into them.

Ralph May

Yes. They're like bracing cable. Yeah. They prevent ddos. I'm not sure exactly how it works, but it's good stuff.

Corey

It says it's engaging in efforts to support the US Response and to secure the homeland from any Russian actions.

Ralph May

Yeah, now we're calling it the homeland.

Wade

Does that mean spying on people or is that code for that?

Tim

Or.

Ralph May

You know what's funny? There was another article which we don't have in here, and it was about US Contractors getting compromised. Right. Targeted. They're. Yeah, targeted specifically. And so the contractors don't. They. They're not, you know, able to take over a contractor's network, for example, like a government contractor, and then access, like, classified networks. But there's a lot of unclassified data that is, you know, valuable. Relevant. Yeah, yeah. Relevant to technology that's in use. Yeah, the different programs and where they are in the lifecycle and where they are in the development life cycle, for that matter.

Wade

Right.

Ralph May

So there's a.

Wade

Components, things like that as well that could be leveraged against someone if you're, you know, trying to find a weakness and, you know, let's say a built, you know, you have buildings that have the same H VAC system. Right. And how can you degrade that or erode that?

Ralph May

Well, read this.

Wade

You know, unclassified plants.

Ralph May

Yeah.

Corey

So it turns out this article is just surrounding the FBI and CIA and whoever posted a thing that's like, there's a threat of advanced Russian apts while tensions are elevated. I guess it's just like, hey, warning again, but for real this time. Listen.

Wade

Right. But for real, we mean it.

Ralph May

Like, please.

Corey

Yeah. And the article or the thing they posted is just pleading with companies. Like, we've seen it before. It's happening now. It's real.

Wade

Don't be the guy forwarding remote desktop through your router to the external world.

Corey

Please stop exposing SMB version 1. I don't care what vendors say.

Ralph May

Right. Oh, my God. The attacks to. They keep happening and they're. They're taking over these organizations to try to get breadcrumbs of intel either with. Through the government or whatever it is. Right. But the bigger question is, and this is something I was thinking about this weekend, is that like, you know, will the next war, which I feel like is true, have a. A huge cyber component to it?

Corey

And I think that, I mean, dude, it's already happening.

Alex

Yeah, absolutely.

Wade

Right. Whether it's reconnaissance or intelligence gathering or even, you know, if they compromise vehicles or systems and do forensics on those systems, you know, it's still cyber techniques and you know, leveraging. It's definitely, you know, a different battlefront nowadays, technology.

Alex

And what would you then define war as then though? Right? Because you can almost argue that we're just in an ongoing war forever now. Just it's all cyber and.

Ralph May

Yeah, you could argue that about like the Cold War. Right.

Corey

So the, the, the precedent, and this is the initial and interesting thing, is that the precedent is basically that there has never been an active. At least that I know of. There's never been an active war that was declared an act of war that was attributed to a cyber attack that I, that I know of at least. Like in 2000, I forget when it was, I think 2020, it was Ukraine. They took down their power grid for like three hours and that was not 15 and 17. Yeah, like it's happened multiple times and they've, and they've never been like, oh, that was an act of war. Because if Ukraine gets. They're part of, Are they part of NATO? They're like part of NATO enough to what we're supposed to.

Ralph May

No, they're not.

Alex

That's why, that's why all this is about to happen.

Ralph May

It's because they want to be all about.

Wade

Yeah, right.

Corey

So like the theory is that has never been like attributed as a hot war, but a cyber attack. So they're just doing it for free, basically.

Alex

The US still hasn't been to war since World War II.

So.

Corey

Right, yeah, like, exactly.

Alex

I think the definition of war is like out the window from.

Corey

Right.

Alex

Nowadays.

Corey

Like that's true. Yeah. And I think your, your thing about like, oh, we're just always at war is true. I mean, we're. Cyber warfare is a ongoing, constant thing. Like you could argue easily that like anytime a US Company leaks data from a Russian threat actor, that's like an act of war, theoretically.

Alex

Right.

Corey

Or it's to some degree.

Alex

I would, you know, I would even say disinformation. Disinformation campaigns. Right. Like Russia on the social media and stuff like that. That's military grade weaponry attacking public individuals.

Wade

I agree 100%.

Corey

They address it through like sanctions and things like that. Like, it's addressed through like diplomatic, not like military. Right. It's, it's those, the repercussions of those are addressed to like diplomatic, like sanctions. Like they sanctioned the specific people from Sandworm. They sanction like other random Chinese threat actors. Like, you know, they, they've like, you know, those People can never get a job in the US basically, which is like, or any other NATO country, which is like, I don't know, not that big of a deal. But it is an economic thing, which I guess that's how wars are fought, right? Their economic wars, which I think is why Russia probably wants Ukraine in the first place, is because of the, you know, their economy. So.

Wade

Well, isn't this a lot like the storyline from the movie the Saint? Right. We have a Russian oligarch who is hoarding all the resources and the Saint, the gentleman had all the fuel from the fuel oil from the city was underneath his palace and you know, they were trying to, you know, frees people out. Right. Once the people have, don't have heat, they don't have food, they're struggling, they lose faith in their leadership. Right. So when you're, you know, doing that, that warfare, that mental warfare campaign disinformation, having cyber events happen on all the major US holiday weekends, right. Since 4th of July last year.

Ralph May

Right.

Wade

So now your tensions are rising and every time that same scenario comes around, you're going to be reactive instead of proactive. Right. So now you might make hasty decisions, you might overlook something that's a long time tack. It's an intelligence tactic to a raid and degrade and erode faith and leadership and communications. And overall, that's Russia's like main thing with you.

Corey

They try to make it look like ineptitude on their part. Like, Exactly. Anytime there's an outage or hack or anything like that, they make it look like, oh, we suck at our jobs and can't secure things. But really they're gonna hit with like the crazy, you know, stuff that is hard to defend against in the first place.

Wade

Especially when you're a small business, it's hard to defend, you know, DDoS.

Corey

Like, yeah, how are you going to defend against.

Wade

You don't have, unless you have business class support, you can't call up Comcast or level three and say, hey, can you throttle traffic on my, on my egress point, they, you don't have the connections or even paying the service agreements that allow you to have a phone call to fix a DDoS. Right. Whereas if like you're a, a major provider on the, on the web, you have a lot more backing behind you. Right. So it's.

Corey

Yeah. And the whole country doesn't have big pipes anyway, so you can just take the whole thing offline.

Wade

Exactly, exactly.

Corey

Well, that was depressing.

Ralph May

Yes, that was so depressing.

Corey

So, so I guess what we learned is we're all at war all the time. And that's just what we, how we live now.

Alex

Just remember like the great Abraham Lincoln quote, right? Never believe anything you read on the Internet. So it's. You're good.

Corey

That was Einstein. Are you sure that was.

Ralph May

No, no, I read it on the Internet. That was, that was definitely Einstein.

Corey

That was Einstein. My bad.

Ralph May

Yeah.

Tim

For cyber war, you just, you just have a lot of companies that I think just have it in their, their playbooks that if we get attacked by like a nation state, you just kind of deal with it and hope insurance covers it. Which then also slides into that argument back and forth as to cyber attacks, if they're acts of war or not. When it comes to the insurance realm, I think there was some, some news on that or discussion on it recently.

Corey

Yeah. Oh, yeah. Because it wouldn't be covered if it was an act of war. So like, if you, if you lost all your data and it was deemed an active war, you could be like dropped or your insurance carrier wouldn't cover it.

Ralph May

Yeah, got to get that extra act of war coverage. You know what I mean?

Corey

I don't think you can get that, dude. I don't think that's a thing.

Tim

How do you prep for defending against act of war? If you go, our insurance isn't going to cover it and we can't, you know, like Blake was saying, you can't, you know, have those, you know, high tier support, levels of support. So what do you do? You just sit there and say, okay, I guess we're under attack by a foreign country and we're losing business and not going to get covered for it.

Alex

No, you hack them back just like that guy.

Corey

Well, that's. So that's, that's exactly what Russia wants people to do is just roll over, right? And be like, we can't defend against this. So we're not going to be. Have our office in the Ukraine or something, you know, whatever.

Wade

Right.

Tim

You know, or get someone to cross that line with kinetic response. I don't think anybody's responded kinetically to a cyber attack. And maybe Russia is looking for somebody to do that and say, how much can we knock offline before, you know, before you respond kinetically.

Blake

Right?

Corey

Yeah, they'll, they'll do it. That's, that would be their best case scenario for Ukraine to respond kinetically to a cyber attacks and they can just roll over the border with a, you know, it's, it's tough. I mean, this is the new war, right? Like, this is how it is no one knows who's pulling the triggers really. It's just like, like that whole, you know, plane getting shot down thing. It's like, wait, what happened? Who shot, you know, this plane down? Who gave these people missiles in the first place? Were they rebels? Were they? You know, it's like eventually we figured it out but like at the day it happened, it's like what is going on is this war is like what is happening?

Ralph May

So well, moving on from the Ukraine and Russia, which I'm sure we're going to have more articles on, we can come back to the US and talk about Microsoft. They did something pretty interesting recently. Microsoft Defender is now going to start blocking access to LSAs by default. And so this has kind of been around for a little while, but not in the way that they're doing it now. Pretty much was just turned on. So in essence they're going to Prevent access to LSAs through credential guard. And Microsoft is enabling this by default now with Microsoft's Defender ASR, which is the Attack Surface reduction rule. And even as an administrator you won't be able to dump lsass. Now further research has kind of popped up. As soon as, you know, people were on their Windows 10 box, like what? I can't just right click with Defender stopping LSAs. And there are some exclusions to this ASR rules, so there are some ways to kind of bypass it. But as a Defender this is great. As a red teamer this is kind of, well, shoot, you know, finally a lot of EDRs are already detecting any, any process that hooks into LSAs. Right. So it's kind of become a harder target as it were. But it still is a very juicy target if you are able to extract any of the in memory credentials from LSAs, even if they're just the NTLM. Right. So last thing on this is that if you disable Windows Defender and use a third party antivirus, you will lose this rule. So it won't stop.

Corey

So let's just go ahead and say if you live in Ukraine, have Defender and have it on with ASR. It's not that hard, people. Oh like just, just PM me. I'll send you a key.

All of Ukraine.

Alex

Yeah, Corey's in box about this.

Ralph May

Rip.

Corey

I'll be like John, I was helping Ukraine not to get hacked. I'd be like Corey, why did you submit a twenty thousand dollar Windows keys expense? I bought keys for half of Ukraine, John.

Alex

I'm fighting them lone army.

Ralph May

Yeah. So I don't know. I feel like the Days of mimikats are not numbered per se. But the days of accessing LSAs without either one. Directly. Yeah, directly. Without some kind of indicator, you know, alert being triggered is. Is. Is coming, right? And it is rising nowadays.

Corey

It's still rising.

Ralph May

Yeah, it's just. It's just becoming a more hard target. But yeah, I mean, for a long time, you know, get on a system, get administrative access, dump LSAs and spread. So, you know, this should be the first thing that you should be locking down. And it took a while to kind of even for Microsoft to be like, yeah, no, that's a good idea. We should do that. So by default.

Corey

Well, it took them a while to roll it out of their commercial product that they make you pay for into their free product that they don't make for.

Wade

Right.

Corey

Trickle down. Man, it's like those carbon ceramic brakes.

Ralph May

So expensive.

Corey

I can't wait till Defender gets crypto miners.

Ralph May

Oh, my God.

Wade

Oh, don't say that.

Ralph May

That'll be the best telemetry data.

Wade

It's telemetry data. We swear.

Ralph May

Telemetry mining. Telemetry mining.

Corey

When does Defender scanned your wallets two times since the last scan.

Ralph May

No, it'll be some kind of threat intelligence network powered by blockchain. So you have to mine to get intelligence, right? So like you do, the more intelligence you get. Yeah, yeah, yeah.

Corey

I like this. Sign me up. Where do I send my wallet keys?

Ralph May

So the more. The more you mine, the. The more you get. Yeah. So anyways, Microsoft, good on you. But like Corey said, I thought you.

Corey

Were going to say they had paid out a bug bounty more than $3.

Ralph May

But I guess we're still waiting on that happened. Yeah, we're still holding our breath.

Corey

It still makes you more money to publish the Microsoft zero day to get Hub than it does give it to them.

Ralph May

Oh my God. Anyhow, what else we got today?

Alex

The dad one's kind of funny. It's not like super crazy, but.

Ralph May

Which one?

Wade

I've got a funny story related to that. If once we go over that. If you want to go over that dad one.

Ralph May

Yeah. Talk about it. Wade.

Alex

The A dad set up pretty much a radio jammer in order to block his teens from going on the Internet. But also took out the entire town's Internet as well.

It says signal jammer, but transmitting radio waves on the same frequency as mobile device. It's like the next little paragraph down, but.

Ralph May

So he was jamming cell phone like 4G, 5G LTE probably.

Alex

It didn't even. I didn't get that far, 850 MHz.

Corey

I don't know if that's exactly what they, that would be like, maybe that's.

Wade

Just a random screen. That's like a handheld radio, like a Motorola radio.

Corey

That's like a random screen cap they just put in there for funsies.

Ralph May

Yeah.

Corey

So yeah, it doesn't say what exactly he was jamming, but it does say specifically targeting mobile devices. Not like 802.11.

Alex

He said the jammer seized by the agency. So that, that's it right there.

Corey

There's a picture of it.

Ralph May

After consulting forums on the Internet.

Tim

You wonder if someone was trying to troll them and be like, yeah, just buy a signal jammer. And.

Wade

Depending on the frequency and the power, those radio waves will just bleed out like in a horizontal line, depending on the strength of the device. So he could have just caused a lot of interference that, that, you know, interfered with the WI FI channels.

Corey

Well, it was, it was.

Wade

Seems to be like the town's Internet.

Corey

It seems like it was an off the shelf product designed to be a jammer. It is.

Blake

I've seen them on Alibaba and stuff. I'm not saying I've looked at owning one. Historically, owning one is legal.

Corey

I think it's usually.

Blake

But they're, they're surprisingly cheap and, and if you get them off the Chinese marketplaces and things like that, like I, I guarantee if you went and looked for like signal jammer on Alibaba, that's the picture that's going to show up.

Alex

You want to block out your whole town's Internet. This guy already did it. Let's go.

Corey

He's now there.

Wade

That was their salesperson, their first testimonial.

Ralph May

The YouTube review video comes up next. It works great. So this was in France. It wasn't in the US but yeah.

Corey

But this has happened in the us. Not this exact thing, but there have been many instances. There was the guy who was sick of people talking on their cell phones while he was driving.

For years he was jamming all those signals. I think he ended up getting fined like 250 grand by the FCC or whatever.

Ralph May

So if you do this, they will eventually figure it out because you know, the cell phone carriers, they. You could pull up a spectrum. This is not hard, right. You can pull up a spectrum analyzer and see someone just bleeding out your carrier.

Wade

Right.

Ralph May

And then all you have to do at that point is using an antenna, the same spectrum analyzer, which coincidentally aren't that inexpensive, but okay. So then you just drive around and looking for this signal to increase until you get close. Now, you have to realize that the more powerful the signal, like, the further the range, the easier it's going to be able to find that antenna. Right. Because it needs a lot more power. But as you know, you can imagine, people probably report. They drive around, and then when the cell phone provider figures out that it's you, they're not going to do anything. They're going to call the FCC immediately, and you're going down, dude. Like, it's going to be a whole thing. So it'll be bad.

Corey

I'm not a radio expert, but what I understand is this is the equivalent of just yelling really loud. So hard to find someone who's yelling really loud. Yeah, that's like, what does that sound? Let me just listen around and find it. Like, you know, it's.

Tim

I've heard enough stories that hell hath no fury. Like board ham radio operators.

Ralph May

Yes.

Tim

They will find you. If you do something wrong on the channels, they will find you. They have a lot. They have a lot of spare time and passion for ham radios.

Ralph May

I know the FCC is not part of the doj, so. But somebody from the doj, FBI, whoever is going to show up, some federal enforcement law officer is going to show up to.

Corey

I think FCC has their own party vans, dude.

Ralph May

Really?

Corey

I'm pretty sure. Yeah. No, I remember in West Virginia, there's this place called the Green bank dead zone, where it's like a radio dead zone because there's this radio telescope there, and they have, like. I mean, they have, like, party vans. They're not like government, but they're like, for that telescope. Because if someone so much as turns on, like, a router, like a WI FI router, it'll block out the signal from, like, every star in the solar system. That's how sensitive the equipment is. So they have those party bands and they drive around, they're like, hey, dude, your pacemaker. You got to turn it off.

Ralph May

Just kidding. But I got this little battery.

Wade

It'll short circuit it right here.

Ralph May

A magnet and a battery.

Corey

Seriously. You know, some of those things are Bluetooth now. Like, you'd have to be careful if you're living in that dead zone, you have to be careful. What?

Ralph May

In case you're wondering, why does the FCC care so much? Simple. Money. Lots and lots.

Corey

Because they sell frequencies to Timo.

Ralph May

You license the spectrum for billions of dollars. Right. It's a huge deal. That's part of what you get the exclusivity. Yes.

Wade

Yeah.

Corey

You get the party. Party van Going to your neighbor's house if they try to take down the whole Internet.

Ralph May

So rule number one, don't do this. And because when you do get caught, which you will, it's going to be pricey and you'll be on the party van list where they're going to go to check first. So this.

Corey

The jammer was the best solution, he said. So he basically, his screw.

Alex

They wouldn't let me install apps on their phone. So I bought this jammer and knocked out the whole time.

Corey

I will say, I mean, $30,000 is the starting fine in France. I think you could buy a lot of aluminum foil for that and maybe just wrap your kid's room in aluminum foil.

Alex

Build a Faraday cage around.

Ralph May

I have to say, the explanation is just very French. Like, this was the best solution.

Alex

That's.

Ralph May

It is what it is.

Corey

It's like, yeah, we had. We got tax. So the best solution was to run.

Ralph May

Yes.

Oh, my gosh. Yeah. So don't do this. Guys. What else we got today? Oh, aka Akamai acquired Linode for 900 million, which is kind of an interesting acquisition. $900 million million dollars.

Corey

That's a lot of money, dude.

Ralph May

It's a lot of scratch.

Corey

I didn't realize. I didn't realize Leonard was that, like, big. I always kind of viewed them as an underdog, but wow, maybe they have.

Ralph May

A lot of servers.

Corey

I guess they do. I mean, 900 million, dude.

Wade

It was ever since Jack Reciter started doing advertisements on his podcast, Darknet Diaries.

Ralph May

Maybe you heard of it.

Wade

Talking about Lenode.

Corey

Yeah, he was. I hope he was cut into the steel then.

Ralph May

They've been around for a long time.

Corey

Yeah, I know they've been around. I just always kind of viewed them as a minor player. But maybe. I mean, I guess any cloud provider that has a customer base is. It's like buying an apartment building. It's already rented out, right?

Ralph May

Like, yeah. So for anyone who doesn't realize.

Wade

Goal right there. Right? Exactly.

Ralph May

Akamai is a CDN provider and Linode is kind of a VPS provider, I guess you could argue cloud provider. They're not like one of the big three cloud providers. Aws, tcp, Google Cloud, and Azure. But they still are one of the more established cloud or VPS providers out there. And so they have a lot of customers and a lot of resources, stuff like that. So this merger, obviously, now Akamai can use that for expanding their PB and J baby.

Alex

There's been a couple interesting big mergers, or at least alleged mergers coming up. Like the whole Microsoft mandiant, as well as Cisco and Splunk.

Ralph May

So we'll see. Whoa.

Blake

I saw something on Reddit the other day was. So the offer is like $20 billion for Cisco. Are they actually trying to acquire Splunk or just renew their license?

Corey

It's so true though, dude. So the real question is, are they going to become the official company of using outdated technology to do crazy things?

Ralph May

Classic. Classic.

Corey

With Python 2 and iOS combined, we can all conquer the world.

Ralph May

That's an actual Fact right there.

Corey

Python 2, that would be interesting. Honestly, I feel like at this point, Splunk might be bigger than Cisco. Are they? Or are they, like, is it close?

Ralph May

Cisco's all right. So Cisco's a pretty big company. They have their arms in a lot of things, right? Lots and lots and lots of things.

Corey

So I feel like they've kind of fallen off the map from my perspective at least. Like, everyone now has like, next gen firewalls and like, there's all like the. I guess they have. They probably bought all those companies, so it doesn't really matter.

Ralph May

But yeah, actually, historically, Cisco's bought all the products, like their router switch and the firewalls. Were all companies that were purchased by Cisco. Now additionally, they also have a lot of a very large service segment on top of their hardware stuff. So, yeah, they're. They're a bit bigger than you may realize.

Corey

I mean, dude, think about 2020. Their revenue was 49 million.

Wade

What?

Alex

Splunk. Splunk was only 2.2.3. So, yeah, Cisco, huge. Yeah, that's the first thing I looked up was revenue.

Corey

That is crazy. How is Cisco. I guess, like you said, they. They just have their hands in a lot of different stuff.

Wade

Space, government contracts.

Ralph May

They do a lot of government work.

Blake

I was about to say Cisco is. Is in bed with the government. And so, like, they. They basically write their own checks, right?

Ralph May

Yeah, they literally write documents.

Blake

They acquire the company and offer it to the public as well, and they're able to cash in on both sides.

Wade

Hey, you'd think with all the dough that they're making that Cisco would get rid of RC4 from tactics, right? It's like 22 years old and still using RC4 for encryption.

Ralph May

But hey, no, that's. That's why. That's why the government. That's why the government buys Cisco stuff. Because you get like the equivalent of like a Mac truck of features that you only need like, three, but, like, you know that, like, if you happen to need that feature, it'll be there Right.

Wade

So trying to drive a Mac truck through a narrow canyon. Right. You might fit through there and you.

Ralph May

Might just also get stuck. Yeah.

Corey

So, yeah, their services, like, pretty good. So, yeah. Their total product revenue was 39 billion. Then services were 12 billion. So still a lot of firewalls or. I probably switches.

Ralph May

Did you say 12 billion?

Corey

12 billion from services in 2020.

Tim

Okay.

Corey

Or this 2019.

Ralph May

Okay.

Alex

All right.

Ralph May

I just. Thinking about.

Corey

Basically it's like whatever that percentage is. Like it's like 30ish comes from services, which is surprising. Anyway, I'll take off. Let me go delete all these spreadsheets. Hold on.

Ralph May

Taking up all the memory. What else happened this week, guys?

Wade

The Olympics. Well, that's not cyber security, but there was no major cyber incident at these.

Corey

Olympics caused by Russia flag to North Korea.

Ralph May

Yeah. False flag to North Korea. Attack on China. Aren't China and Russia kind of close?

Wade

I don't know. I'm not the best global theater person.

Ralph May

Yeah.

Alex

There they had some stuff where both of them were uniting further with the Ukraine stuff and like they were putting on a unified front against the US which isn't norm. Isn't. Not Isn't unheard of. It's normal for them to be pretty close in some things. But remember like Russia and China did. Or Russia when Russia was going to Japan, they had to go through China and they were trying to take over Japan. That's more history stuff with them working together and stuff like that. But. Well, a few months ago, I'll say something wrong.

Blake

A few months ago we talked about China actually using some of the Russian ransomware gangs and stuff like that to. To leverage their attack. So there's definitely a strong relationship there between those two.

Ralph May

Yeah, we were just talking about mergers, I guess my was. It looks like Microsoft was looking to acquire Mandiant.

Alex

Yeah, yeah, yeah, that was. That was a while ago.

Corey

Wade's on top of all the mergers, dude, just ask.

Ralph May

Yeah, I'll give you.

Alex

I'll give you.

Wade

Hello.

Alex

If you look at my LinkedIn, I worked for Mandiant for a little bit, so that's. That's why I saw that one. I'm like, ah, man, I left. But yeah, I'm on top of those.

Corey

So is it not going to be.

Blake

Microsoft, Mandy at FireEye?

Ralph May

Well, three M's. Oh, no.

Corey

Is that SMF?

Ralph May

Mmf.

Tim

Yeah.

Ralph May

Real talk, though, about Microsoft and their security products. Right. So their advanced threat protection, ATP or whatever at whatever they're calling it nowadays, which is like, I think it's. I think it's Defender for Endpoint, which is their, like e99 license that you can get to monitor your systems. But if you do get that, it is a very, very effective product. So it sounds like they're trying to expand their portfolios to.

Corey

I would guess it's an expansion into the services field.

Wade

Right.

Corey

Because I don't think Microsoft does a lot of services. And that's like all Mandiant does, right? A service.

Ralph May

Yeah. So we will advise you on how you secure your stuff now.

Corey

Well, yeah, it's like, it's. It's integration. It's vertical integration or whatever they call it.

Wade

Could anyone who's dealt with Microsoft support, which can have improvements. Right. Or you have a long running ticket, you're trying to get a hold of someone and you give them a time window to call you. Could you imagine having, you know, a contract to have an incident commander on staff and they call you, you know, they call you outside the window that you're expecting. They just call you to tell you that they're going to assign it to another person on another shift and then there's no notes. And could you imagine doing that? They really have a lot of things to button up if they expect to do that deal and have it be a viable product, in my opinion.

Ralph May

I have Microsoft call me all the time. They're always asking for me to use this remote desktop client. And then, yeah, I always have viruses.

Corey

Yeah, dude.

Tax return last year they were like, hey, this is Microsoft. Your tax return looks a little weird.

Alex

One thing to think about is Mandiant has all these services, right? And they just got rid of all FireEye. And so they just have a bunch of people who do services and no hardware or software behind it yet, no.

Wade

Product to support with it.

Alex

Exactly. So.

It'S easy. Just. You just took the services out of FireEye and you just put them on top of the Microsoft.

Ralph May

Oh, yeah.

Corey

Let's just hope that Mandiant teaches Microsoft how to do services and not the other way around.

Wade

Oh, please.

Please, please.

Corey

Otherwise they're gonna be like, to get a response, this incident response ticket, you're gonna need to upgrade your subscription. Only one. Only one hack per year is included with your subscription.

Wade

You don't have the right licensing and there's no SKU for this license. Because what you really want you to do is go to E7. And in E7, what we do is take 20% of your company's net revenue and then you get all the services.

20% flash 20 of net, and that's for the E7. But if you don't get that package.

Corey

It'S only one hack a year.

Ralph May

Yeah.

Corey

What are you gonna do?

Blake

They carry over.

Tim

Yeah.

Corey

You know, I don't.

Alex

And they ask you.

Ralph May

That's right.

Wade

Which is the mandiant way, right?

Blake

All right. It's December 31st. We're gonna lose this benefit if we don't.

Corey

RDP to the Internet. RDP to the Internet. Open those ports. Come on, let's go.

Blake

Let's go.

Alex

Cool. Didn't Noah suggest that sometime earlier this month if you want to practice IR training, just open your domain controller to the Internet and you'll get some experience real quick?

Corey

Yeah, Noah totally said that. Let's make it up.

Ralph May

That he said. That's interesting.

Corey

I mean, it's a consolidation, right? There's only three companies that make airplanes or whatever. It's inevitable in a lot of fields. Although financial is one that always blows my mind. I think I've done pen tests for about 3,000 banks. Like, how are there so many banks? I don't even know.

Alex

Oh, dude, you don't even. I work for a Treasury as a service company. So we like merge all the banks together. Oh, my God, I didn't realize how many. There's more than you think. And then internationally, it gets even crazier.

Corey

Oh, yeah.

Alex

No, with how many different types of. And none of them use the same format. Like you'd think there'd be one banking format. No, there's not. There's just tons of.

Corey

It's interesting to see it happen to us though, because we sign up. A lot of us probably view security as like a small, tight knit industry. But then you have like these 20 billion dollar deals. You're like, wait, hold on. What?

I remember when splunk was a new thing that I like, you need a SIM. People are like, no, we don't need a SIM, we just have IDS. It's fine now. It's like a $20 billion product or whatever.

Ralph May

Oh, my gosh. There was another article today that I.

Corey

Thought, there's a lot of new, like, threat. There's a. There's a lot of new, like, threat actor groups and campaigns discovered.

Alex

Yeah.

Corey

There's also an article that just says, if the cloud is more secure, then why is everything still broken?

Which I'm not sure where they came to that conclusion. Like, what do they mean, everything's still broken? Like, I kind of agree, but also, like, I do use the Internet a lot and it does technically work.

Ralph May

So, like, I mean, I guess it still works. I mean, Is it still broken? Like I don't, how does it sound broken?

Corey

I guess.

Ralph May

Yeah, yeah. And how, how is cloud supposed to have solved all the problems? Right? Like I don't think cloud was really meant to solve all the problems. I think it was just another movement to like that's not what the sales guy said.

Wade

Problems.

Corey

The author, the author has sort of dropped a lot of fun statistics into this article. It says sysdig data shows that 48% of organizations don't have MFA enabled on their most privileged account.

Ralph May

So what does that have to do with the cloud?

Corey

I don't know. Also 20, 27% use this account every day.

Tim

So.

Ralph May

I'm still confused. I mean look, we're shifting where stuff's at, but the security problems don't stop, don't change, right?

Blake

Well that's the thing is we haven't, we haven't fixed it. Whether it's on prem or in the.

Ralph May

Cloud, it doesn't matter.

Blake

If we're not actually doing the right things, it's going to be broken, but it's not the fault of the cloud itself. You know there's some definitely different paradigms and different things that you have to take into consideration within the cloud. But at the end of the day, if you know you're baselining your security, you're doing those, the things that you should be doing like securing your privileged accounts, multi factor authentication stuff, it shouldn't matter where it's at whether it's on prem or on the cloud.

Corey

I would say that the cloud overall is like a net zero effect on security. Right. Because you lose a lot of the traditional security threats. You lose a lot of like availability threats and like other things. Like you lose like your disk on your web server isn't probably going to fail and take down your web server. Like it's, you lose some of those issues like availability wise you're not, the pipes aren't going to, you know, like there's plenty of bandwidth, there's plenty like disks are redundant. Everything's built redundant pretty much in the cloud. But then you gain a lot of these like permissions like oh, you're using IAM roles, are you sure you lock those down or can your Amazon IAM role could just read every other role in your company. You know, there's a lot of other like issues you introduce and also you don't, you get less of a choice. Like if you're using Office365 you are vulnerable to user enumeration and you don't have a choice like you are. That is like, it's a service from Microsoft. So like that, you know, you kind of lose a lot of the choices. But yeah, you do have to. But turns out you have to like actually still pay attention to security. It's not just a silver bullet with like risk, zero trust dream still.

Alex

How big is. How big is physical security in like the risk factor? Like, I'm not a risk person or anything like that, but like that whenever I think cloud, the first thing I think is all physical is gone. You don't have to worry about closing it off anymore. You don't have to worry about positioning guards. Those people.

Ralph May

You don't have to worry about.

Alex

Well, the. Well, I'm talking about like, yes, definitely endpoints. But I'm thinking all your servers and stuff. That's a risk, right?

Wade

Your data center is no longer physical. It's all virtual.

Alex

Yeah, right. Yeah, yeah.

Corey

But you're also a bigger vector because I can log into a web interface. Right click delete. Delete. Right click delete. Right click delete. And you never had any servers.

I guess. You know, it's like a. It's an example. It's not a physical vector, but like the. You are open and there have been companies that. What was it? Code spaces or whatever. There was a company that, their AWS account got hacked and they.

Blake

Yeah, 2014.

Corey

The attacker just basically went in and they. I don't even think they asked for a ransom, but they basically just deleted everything out of their account. That's all they did. They just went and right click terminate instance for every single instance. And that they. They shut down as a company completely. They had like. Everything was in aws, everything was online. Everything was like, here's our backups. They're an S3. Here's our. You know, everything was like online and not, you know, physical redundancy. No physical redundancy, exactly. So it's like that's potentially worse because if someone does compromise the admin console, you know, I can me in a server room, I can pull drives out of your servers or, you know, cause chaos, but it's. You know, there's still physical remnants of those attacks. So I don't know. I mean, it is not surprising. I mean, this article is like written by Captain Obvious. So.

Ralph May

He'S just missing the photo, right? Geez. I want to talk about this other article I saw. It was this one hits close to home. Bishop Fox wrote an article and the title was Never ever Ever use Pixel. Pixelization for Redacting Text. Right.

Corey

I have so Many opinions about this.

Ralph May

I know, I know. And I'm super curious.

Corey

Happened before. I really want to see a tool that actually does it reliably. So.

Ralph May

All right, so this is the cool part. There is a tool and it's open source that will supposedly redact any and all pixelation. So let's try it. I kind of want to try it. Right, but okay, so here's like the gist, right? The gist is. And there, there is some more sound than just, hey, you know, this will definitely redact, right?

Corey

It's not just, yeah, they, they have, they've come in hot with data. They're not just like, we have an opinion.

Ralph May

Yeah, no, it's not. We have an opinion. But what. In the article they talk about kind of the different issues that comes with, you know, pics or supposedly masking the data.

Wade

Right.

Ralph May

And you know, there's character bleed over problem, there's the white space problem. There's a bunch here they go into the details of how to pull it back. Now this is going to be more like cracking a password in a way. The question is how hard is it to crack the password and how reliable is it? Typically with recovering the plaintext for a hash, we know when we've succeeded with this, it's not, I don't think quite as black and white.

Corey

I'm going to give this a shot because there's a lot of logical leak you make along the way when you're like, yeah, if you do this and you use this font and then you do this and use this font because like that whole DPIX tool, I tried that. But like you have to train it. Like it's actually really like crazy. It works like really well with certain fonts and not badly with other.

Wade

It's like a Pokemon, right? You got to train it.

Ralph May

Yeah, you got to find them all. So what I think is interesting about this is two things, right? Is that if you train the right model, you can probably start getting consistency. But, but you could also use a, that you could start changing.

How you're actually redacting the data to make it.

Wade

Even harder to get right.

Ralph May

It's kind of like using a different hash, right. And so you could continue to make it more difficult. Now how difficult could you make it? I'm not sure, like, you know, where, where does it end? Where it's just like, ah, this isn't really possible anymore.

Corey

Right. I think it's, I feel like it's. I mean my hot take on it is really, it's someone trying to Raise awareness about something that no one really needs. Like, no one's like, like, this must be pixelated. If it's any other kind of redaction, I'm out. Like, really, like, we can all just use this and not like it. You know, it doesn't cost us anything to redact things in different ways. Yeah, so, yeah, so, you know, it is. It's more of like an awareness thing than it is like a practical attack. I don't think anyone is like, how did I get da? I downloaded the last pen test report, unpixelated all the pen test results. And that's because you didn't change the.

Wade

Password from the last time.

Ralph May

Yeah, I think this is funny because I think it's more of like an internal, like a red team thing, because I know on a lot of our reports we'll mask out stuff so you can't use the report, you know, as an attack method, like Corey was mentioning. And the question is, how secure is that? And, you know, this is what this article is trying to prove, that it's not secure. But, you know, you could easily just make a black box and then I guess try to unpixelate that. Also in Word, if you don't actually paste the picture, you could have just put a black box and then if you have the original, you just remove the black box.

Corey

So, right, the, like the official standard at vhis, there is like a push to not use pixelization to just black it out or, you know, white it out, depending on what the color of the background is. But yeah, I mean, the attack surface.

Ralph May

Is, you know, expanding. I got. Yeah, I got into your infrastructure, got the old report, and then that's how I made it to da.

Corey

So, yeah, so that's actually an interesting. And I spent all weekend, I'm working on a new tool that's I'm trying to write basically like the snaffler for the Internet, which is a terrible idea. But basically, like, I was thinking about, okay, well, how what is like the pipelines of the sensitive information? Like, where are images that are pixelated getting posted? Like, where is that? Like, I don't know where that pipeline is. What is the attack surface of pixelated info? Right? Like, are there companies that are like, oh, dude, we actually just back up our LSAs. We just pixelate it and post it to Imgur. Like, no, like. Like, where is this? I think it's, you know, Bishop Fox is a pen testing company. So it's.

Ralph May

Yes.

Corey

They're trying to push the industry to more Secure standards in pen testing reports, I assume.

Ralph May

Yes.

Corey

But like, if you think about it on the other side, like, are there companies that are depending on pixelization for security?

I don't know, maybe.

Alex

Security through pixelization?

Corey

Yeah. Are there companies that are like, yeah, we just post our web configs to Imgur, but we pixelate it.

Ralph May

We definitely mask our sensitive data with pixelization instead of encryption. It's actually way, way easier. Right. So, yeah.

Alex

Can I use this to unpixel people's faces and like cops?

Ralph May

Is that a yes? No, no.

Corey

I don't think you want. That's a good point.

Ralph May

I think Corey kind of brought up the one thing about this is that we. You have to make a bunch of assumptions. Right. And those assumptions can sometimes be what causes you to get back the answer. Or it could also cause it just not to work at all because you're assuming you're using this font or something. Right. So you're, you're. You know, this is, this is not what I would say.

Corey

I will. I'll give this a shot on my own, I would guess. I mean, there's. There's also a lot of edge. I mean, I've done a decent testing with, like, ML and stuff, and there's so many edge cases with this kind of stuff. Like, assuming they're using ML, like, I'm assuming they're using TensorFlow or something like that. I would guess it's just JavaScript. Okay. Okay. But just kidding.

Ralph May

I'm just kidding. I have no idea. That's a good question.

Corey

How does it actually. Right. I don't know how it's doing what it's doing.

Ralph May

But yes.

Corey

What if I sensor out, like, six lines as one block? Like, you know what I mean? There's a lot of, like, edge cases where, like, I didn't just censor one line, I censored like, six lines all in a block.

Wade

What if you do multiple layers of pixelation?

Alex

Right.

Corey

Or, like, how big is the pixel.

Wade

Size and what are the tolerances that can be calculated to calculate that? Right.

Alex

Yeah.

Ralph May

I mean, this is definitely one of those things where, like, you should take what you're normally using and try it out just for fun. And I think, honestly, to Corey's point, as pen testers, we're probably the most curious because we do this all the time. But, like, other companies are like, we never redact data like this at all.

Corey

Yeah. Again, like I said, like, someone please prove me wrong. Like, send me an example of a company that relies on pixelization for security.

Tim

So Here's a thought that I had because I've recently done. This is the. Whenever you look up information on a person and sometimes it goes, okay, well we'll show you, like the first two letters of their email address and then pixelate the rest. Could you use this tool to basically unpixelate what they are wanting you to pay for?

Corey

If you just hit F12, you probably see what they want.

You know? But yeah, I mean, maybe like, I feel like more common, like how credit cards are massive just with asterisks or dots. Right. No one like pixelates their credit cards.

Ralph May

So funny.

Corey

No one is like, hey, Internet, here's a picture of my credit card, but I pixelated it. Maybe some people are. I mean, obviously, if it's, you know, just sheer based on numbers, someone has done that.

Ralph May

Yes, absolutely. I'm sure someone's on it. I don't know, just kind of cool. But I've seen these before.

Corey

If I. Yeah, it's cool. It's. It's definitely a cool tool. No, I have no ill will towards the developers. It's an awesome tool and I will try.

Ralph May

Yes, I will definitely try it as well.

Corey

Whether it works or not, it's cool. But yeah, we can all also agree to stop using pixelization just in general. We could just use black block.

Ralph May

Yeah, I mean, the government's been doing it for years, right? That's. That's Sharpie.

Corey

Yeah, exactly, dude. Yeah, you just take some Sharpie and.

Ralph May

Go to your screen, Go to town.

Corey

Just color on your screen.

Ralph May

On your screen. That way it's permanent. Right.

Wade

And if you want to take a nice little break, you've been working hard, covering up scandals and all these things, you just go and take that marker, take a nice big sniff and get right back to work.

Corey

That's what I always do.

Wade

Wow. Wow.

Corey

Always get high on your own supplier.

Ralph May

Yeah, the ways of security.

Corey

That's what we do during pen test reports. We spend hours redacting. It's totally not like four seconds when we take the screenshot at all. We write the whole report with all the sensitive data, then we redact it later. We have actually a censorship.

Wade

Okay.

Yes.

Alex

I mean, you're not using like the machine learning algorithms to just recognize passwords that auto redact it for you. I thought that was totally a thing at Song.

Corey

I wish that was the thing. I would use that so hard. If there was machine learning to identify passwords reliably, I would be Summer.

I hate regex so much.

Ralph May

Hilarious. Yeah, there's always a case to miss too, because you could have images and all kinds of other data sources, different types of files that aren't searched for. Right. And they're not looked for in strings. I mean, you're looking for like entropy really, you know, and that doesn't always even equate to a password because they could just use a name and a number or something. So it's like, how much entropy. And you know, there should be like a scoring card. I don't know.

Wade

Whatever.

Corey

Oh, I know, dude. This is why.

Yeah. You want to know what, actually, what real developers do. Pass W. Star, Match string, Regex, Compile. Done.

Ralph May

Yep, done. That's. Somewhere in there someone's using the word password. Yeah.

All right, guys, it is, I think, time for us to go. It's 5:30. Unless anyone else had any other good articles that they wanted to talk about.

Corey

A way for Noah to cover all these new campaigns and things. Stellar particle, whatever that is.

Ralph May

Yeah, there's. There's some more attack.

Corey

I mean, I don't know anything about threat.

Ralph May

Yeah, there's a lot of threat actors out there. They're doing things, I guess, and they're causing chaos.

Corey

Yeah, I thought we specifically said stop doing.

Ralph May

I know it was last. It was last show, but this show they kept on. So we'll. We'll talk about that next time. And maybe John will be back. I think he's off traveling the world. I think he's in an airplane right now somewhere high in the sky. But yeah, thanks for joining us.

Corey

Looking down on all of us.

Ralph May

Yeah, looking down. Thanks for joining us today. It was fun. And thanks for everyone else jumping on and chitchatting with us. So we will see you guys next time.

Corey

Like my favorite story. I don't know if this is still true, but I went to go buy a Metamask T shirt that wouldn't. That wouldn't take crypto. I was like, are you kidding me? It's literally the company that makes the wallet.

Ralph May

I know. I had the same experience for some other crypto stuff. And they like third party it out and they're like, no, we only take credit cards.

Wade

I'm like, what? What?

Ralph May

This is like not accepting. You don't even eat your own dog food. I don't get this.

Corey

It's like, you talk to your contractor, that stuff?

Tim

Yeah.

Corey

He's like, oh, I don't work on my own house. No. No way. I don't do good enough work for that. Oh, God, I need to find someone else.