A

Research into that.

B

Like which one? The browser one?

A

Yeah, yeah, just about like what I could get from a browser. A browser, right.

B

It's a lot, but it's also not a lot. You know what I mean? It's like, it's like on, I don't

A

know, it's one of those.

B

On some level it's not that sensitive that you're using, you know, the Grammarly add on or whatever. But at scale, at scale, that's where

A

I was gonna go. Yeah. As soon as you get like the big enough then, then you can sell it, right?

B

Like, yeah, you can sell it. You can say, oh, I can tell you exactly who, what other. Like you know, one password all. By the way, you also use your, you also use bit warden or like did you know 70% of your users also have a VPN app or I don't know, something like that. You know, like, I don't know, something. There's so many insights you could gain for sure.

A

Yeah, I think that was really what I kind of came from that. Right. But.

C

All right, so there's.

B

It's 4:20. Let's smoke some weed.

A

Yeah, it's so high. We're never gonna come back like, or

B

actually take an edible because who smokes weed these days? And we have all this technology at our.

A

Isn't an edible like twice as potent though?

B

Oh, no, it just depends.

C

It depends.

B

It you can get it, there's no going back. That is the downside of edible. Once, once you commit, you're, you're there for the ride.

D

Y' all are six hours about this on record.

B

I wish it was six hours. No, it can be up to like 48 hours if you do bad badly enough.

D

48 hours.

B

What the.

C

Yeah, yeah, that if, if, if it takes you 48 hours to come down off of a high like that, you've

B

eaten more than you, trust me. So the thing about this culture is that it's a high tolerance building drug. And so the people who actually are chronic users need these absurd doses of edibles. And so if you're friends with someone who's a chronic user and they offer you an edible and it's like a 50 milligram edible. Yeah. You're going to be gone for a couple days. Yes, you're going to be gone for a while and you can't come back. Yeah, it depends. It also depends on people's metabolisms and stuff.

C

But yeah, when it, when it comes to chemical uptake, inhalation is always the fastest. Liquid is faster. Solid will take A little bit longer and then suppository.

B

The true fastest.

A

Yeah.

C

Oh, I was gonna go there, but hey, it's you.

B

Damn.

C

It's you, Corey.

B

I gotcha. I'll go there. I know.

A

We know. That's how Corey gets. Gets stuff done fast. Right?

D

That's it. That's all I have to do.

B

The AI summary is going to be like, this is now for adults only.

A

Exactly. Speaking of, speaking of big companies wanting to moderate this, at this point, they're definitely putting us in the mature audience only category on.

C

Yeah, I still can't get over it. I mean, I grew up in the day when it was the devil's lettuce. Whatever. And walking into a dispensary and being able to legally buy stuff is still a trip.

B

Yeah.

D

There is a dispensary walking distance from my house and it's across the street from the police shooting range.

C

Well, that's way to keep people mellow when they're using firearms.

B

Yeah. I mean, I live in Portland, which is like the most drug focused city that I know. It's like the greenest city known to man. Yeah, there's like, there's like Billboard ads that are, that are so funny. They're just like, you know, 90s fonts and it'll just be like good weed. It's like no other context. I gotta say though, there's like no differentiating. I like from my perspective. There's no different. I. I can't. I don't know if anyone else can tell the difference, but I'm like, okay, there's like 17, 000 variants of the same. I don't know.

C

So to those of you who participate. Happy 420. And for those of you who don't, just watch out for the brownies.

B

Okay? Stay home, don't drive. It's the same. Stay home, don't go anywhere. Don't try to operate under the influence. Definitely don't use Cobalt Strike under the influence. It's basically impossible.

A

Yes, pretty much.

C

Wow, that's a first.

B

Am I the only one who didn't hear the awesome metal music?

A

Yeah, no.

B

If you're an audio listener, pretend like there was a really cool metal intro done by Bo himself. All right.

D

I don't know if they heard it.

B

Welcome. It's April 20, 4, 2020 26. This is Black Hills Information securities talking about news. I don't remember how to podcast now that I didn't hear the intro. So I am confused.

D

They heard the music.

C

They heard the music.

B

So I'm glad I'm glad. I'm glad. Anyway, that's what's important.

C

If they hear the music, we do.

B

That's all that matters. So today we've got. We're living in a post mythos world here, people. So everyone get your cves ready, get your CVSS scores, add one to them, as John said last week. And we're going to talk about the Vercel breach. We're going to talk about webinar TV scraping, zoom recordings. We're going to talk about cookies, all kinds of cookies. And if you're here for 4, 20, you know what kind of cookies we're about to talk about. And I think. I don't know, just some fun. Some fun things happening. So I guess let's start with Vercel. That seems like the highest profile thing. Wade, you said you've been working this one just in it. Is it. Is it bad? How bad is it?

D

Just throw me out there. Gosh, no. Like we weren't affected. I don't know if I'm allowed to say that on stream, but.

A

Well, I think you just did.

B

Okay, more importantly, what is Vercel, Wade? What is Vercel?

A

What does it do?

D

Yeah, that's what took me a while to figure out too. I think Ralph knows what Vercel better than I do. But I do know secrets can be stored in Vercel. And secrets now must be rotated that were in Vercel. There was a flag in Vercel that said if it was sensitive, you were cool. If it wasn't sensitive, you weren't cool. You needed enterprise level Vercel in order to have logging, which is a recent thing.

C

So wait, Vercel is a cloud AI company?

A

Well, no, hold on, hold on.

B

So everyone's a cloud AI company according to them.

A

Okay, yes, Bronwyn, you are correct. Everyone is a cloud AI company. 100%.

C

Well, no, no. I went to vercel.com and right away it says build into.

B

Okay, okay, but that's the thing.

C

AI. Cl. Come on.

B

That's the same thing it says on Allbirds Shoes dot com.

C

Anyway, yeah, but that's only because they. They shifted over from Shoes to AI, which makes no sense whatsoever.

D

I can't wait till Sketchers does it too.

A

What Vercel is, is essentially it's a. It's a hosting service for front end platform.

B

As a service.

A

Yeah, yeah, right. They're hosting service for front end frameworks. Right? So if you have a website and you want to. You could host it on Vercel. We personally Use Vercel for my front end. Right. So they host the front end of the website and then the back end, which is the API, is hosted totally somewhere else. Right. So when you. Now that's not how everyone does it. If you have a node based application, you could have the front end and the back end in the same application and Vercel will gladly host that for you as well as many other services that can do that, including cloudflare, just to mention a few. But Vercel is one of the most popular for doing it. There's also a couple other ones out there that are pretty popular for these deployments. But where the security side comes in is that you can obviously upload environment variables. Now those environment variables can be used within your front end application, they can be used within your backend application, however, you know it pieces in there. Vercel does more than just website hosting, if that. I'm like using air quotes here because it's a bit more complex, but they also do a lot of other things. But the idea is, is that when you do deploy one of these web applications or one of these web frameworks, that you're probably going to have some environment variables that you want to access in real time. And if you didn't mark them as secret, then they could have been exposed in this particular breach, according to Vercel.

B

So sensitive is technically what they say, not secret. But yeah, basically it does. Interestingly enough on the write up it says that it originated from the compromise of Context AI, a third party AI tool used by a Vercel employee. So this is like that AI supply chain thing that everyone's paranoid about. Rightfully so is if you use these sketchy third party AIs. Does anyone know anything about context AI? Is this just like some random. Is this reputable or is it like if you just go on the Google Chrome extension store and search AI, it's like the third like.

D

So it's going to, it's going to, it's going to work back to one of our favorite things. But so Context AI got, got hit. They then pivoted to that user who then they escalated privileges via Google Workspace and then we're able to do stuff. Right. If you go look at some stealer logs and there's some Context AI creds that got taken a picture of. Yeah, so there's a couple of pictures of that. Yeah.

B

So it also could be next js I guess. I. I mean who knows? There's been so many supply chain type compromises. So it's a reputable company, but they aren't appropriately doing AI or they aren't appropriately doing credential management stuff with info stealers. It looks like Hudson Rock actually said that. Like they're. Which if. For those who don't know, Hudson Rock is a commercial info stealer provider similar to Flare, it looks like they actually said publicly that, you know, they, they think it was Steeler somehow. Roblox Auto Farm Scripts. So it's like, okay, here's the supply chain. An employee at Complexity AI was apparently doing Roblox hacking on his work machine bro man or on his home computer. On his home computer with his credentials synced. So that's bad. Then we have the employee at Vercel was using Complexity or Context AI, which I guess is that Was he or were they allowed to be doing that? We don't know. But my assumption is most companies that are small and Vercel is probably small aren't really controlling what third party AI tools people employees are using. And that has supply chain risk associated with it. So yeah, if you're a CISO listening to this, don't let your employees install whatever AI tools they want. No matter how much they beg, scream and cry. If.

D

And then if you're working this as an IR person, they do allow you to pull down logs for 90 days in a CSV. All the audit logs and then you can work it from there. Good old, good old grep.

B

Good old grep. You gotta wait for those logs.

A

If you are gonna put environment variables, save them as sensitive. Make sure you're marking any ikes as sensitive or secure or whatever they call them. Every platform has got different ones.

B

Don't use environment variables. Don't do it. There's tools out there. People have been asking me this question a lot. They're basically like, okay, so when use you have to use environment variables sometimes. There's a lot of cases where they make sense. But basically in security we deal with the trust boundary. Environment variables are only good on one computer for one trust like that is like everyone on the computer can now read those environment variables. So if there's any untrusted programs running on that same computer, they're compromised. Right. So like you just have to keep that in mind. And you don't put sensitive things in environment variables wherever you possibly can. There's like, there's tools like 1Password and other secrets managers that can dynamically pull credentials from without storing them. Environment variables. Yes.

A

So I want to push back on that because there's a couple things that when you actually implement that you still have to have that key somewhere on the host in an environment variable, even with one password or whatever you want. Right. You could dynamically pull them all you want. The, the, the hope or the benefit is that you can rotate them. That's really more important.

B

You can rotate them and you can audit who's accessed them, by the way.

A

Well, somewhat, yes. But either way the, the, the idea that if I have all of my secrets in a password manager that they can't be compromised. That they can't be compromised. Yeah, that's not true. And like not to, not to. I'm pushing back on the idea that like environment variables are the only inherently bad.

B

Yeah, no they're not. They're not inherently bad.

A

Inherently bad. But the better ways to do it right where you are actually do implement. Because I've had to think about this in process flow about like using 1Password to pull environment variables in to keep it the most sensitive as possible. The thing is, is that key for 1Password does have to exist somewhere on that remote host.

B

Yeah, yeah, yeah. Programmatic access you have to facilitate and

A

that key is going to have to get scoped to the specific amount of variables that are required. Just a minimum required for the application. Well, if as an attacker I have access to that key, I totally can retrieve those variables on demand. Right. From 1Password. Right. So it doesn't necessarily stop that attack path. But what it does allow you to do, hope and benefit is that you can revoke those faster without having to go into Vercel and change every damn one of those environment variables over and over again. Right. So it allows you to one click essentially rotate all your keys without having to go fight across all of your.

D

All right, all right. Ralph, doesn't bitwarden or someone else have that too? Okay, just stop saying one pass.

B

Well, actually, so actually if you, if you want to know what is kind of the real standard for this, it's actually HashiCorp Vault. That's the one that most people use. Like no offense to 1Password but like in most deployments people are rolling their own HCV instances or using hashtag.

A

Yeah, well, actually so 1Password's offering is pretty good. They have actually have two different ways to access that you can use CLI and then they have a full API based setup where you can actually essentially like dove out a special server that would only be accessed through maybe a specific kind of network. So it's not even just through one password and it has a whole token management system to Allow you to kind of like, do a middle piece in there so you can broker that access to one password while not actually even exposing the interface that is required to access that key.

B

So I want it on the record, I was hoping. I feel like we've crossed over into where Ralph knows more about 1Password than Wade does at this point.

D

Oh, without a doubt, without a doubt. I definitely know op. Right. Like, I have it set up in several places, but, like, I'm over here defending things, not setting engineering.

B

Yeah, yeah, totally fair, dude. If you ask me to run the socket bhis, I don't know how the heck to do that. Someone else can figure that out anyway. Yeah, I think the. From my perspective, the. The IR and Patterson. Feel free to jump in here. Rolling secrets. This is going to be the, like, number one most used IR playbook of 2026. Right. Like. Like, is there anything, any advice you'd have, Wade or Patterson on how people can get in the practice of being better at rolling these secrets? And, like, is there any tips you guys have that could help, like, with this IR process?

E

Wow, that's a loaded question. Yeah. Make a plan before you. Before you're in the midst of crisis. That would be priority one. That's such a sprawling, sort of unique, snowflakey. I mean, listen to us argue about our process moments ago. My. Yeah. My most significant recommendation is. I totally agree. Rotation of credentials is, you know, it's. It's playbook.

A

I don't know.

E

I think last year maybe it was playbook number two, but I think you're right. The forthcoming. It'll be playbook number one and sleuth out where your creds live, have a programmatic way to rotate them quickly and efficiently. And once you accomplish that, of course, you should test it. And then you're. You're golden. Well, you're not golden, but you're much better off.

B

You're ready to react quickly instead of just being like, what credentials were compromised? Where do they live? What do they do if we roll them? How much of our production environment breaks Exactly.

D

Yeah, that's the thing.

B

Right.

A

I was gonna say a lot of credentials are moving to. To like a mandatory expiration date as well.

B

Yes.

A

So that you.

B

Everything should be. Honestly, that's like. That's a good thing. You can say set now before a breach happens is just set everything to expire every three to six months or whatever interval you choose. And then you have to get in the practice. Practice of rolling.

A

You're gonna figure out how to automate Your way out of that.

B

Yeah, exactly. Yeah. It's like, you know, if. If you have users that are getting breached, which you do, and you have password expiration, you have mfa and you have like, you basically have to set yourself up in a place where, guess what? Your developers are putting your API keys into chat, GPT, into anthropic, into context, AI cursor, freaking deep seek, whatever it is. And so you have to. It's. You're better off just assuming those credentials are breached all the time, monitoring them for suspicious activity and rolling them on a regular basis versus being like, no, this is the secret break glass key that lives in the, you know, secret place and no one can ever access it. Like, yeah, yeah.

A

I do think the playbook, a really good one, is, is to honestly just design rotation into your implementation. And I think you really help yourself out, you know, when they do get exposed. So.

D

And by the way, variables, right, it's easier to do that because all your passwords are going to be in a centralized location and usually you can. You can interact with them programmatically. So.

B

Yeah. And also setting limited scopes, like basically Secrets Management is. If you do it well, it's going to be a pathway to the end of 2026 without a whole lot of P. If you do it poorly, you're going to get popped.

E

Like it.

B

It's. This is not the first and it won't be the last. Where environment variables are leaked and blah, blah, blah. There's all the other ways that environment variables can leak, by the way, or be exposed. You know, we're talking about like browser harvesting and program harvesting. Like, just assume any program running on your computer can read your environment variables and there's a lot of programs running on your computer and they. So like, just keep that in mind. Anytime you export something, it's.

A

Yeah, this is the Steeler Logs playbook, right? Or. Or the, you know, NPM malleable pack, malware package, whatever, you know.

B

Yeah, sure, totally. All right, what else happened? I guess we can talk about a certain teenager who. The guy. The guy who compromised Power School. This is a breach we talked about when it happened, but there's this pretty interesting long article in ABC News about his experience. And I don't know, it's kind of like, I feel like it's been a while since we've had these. A high. A big, deep dive into the character of a hacker. And it's kind of interesting. I mean, we don't have to go through the whole article, but it's worth A read. I think it, it basically for me really reiterates how much these online hacking communities impact these young kids. Right. Like they basically take over their world and really suck them in and make them think and feel that they're, you know, living a very glamorous, rewarding life when in reality they're just kind of the fall guy for a big cybercrime situation. So this person, his name is, what is it? Matt Lane?

D

Matthew.

B

So he. Yeah, so he's. He, he got sentenced to four years in prison and basically on his way to prison, I guess he'd already done six more months and this was a sentencing hearing, but essentially he did an interview with ABC News kind of talking about what the life was like and what he did. And he sounds, at least in the article, he sounds very remorseful and like, you know, he's the kind of funny thing which we'll talk about at the end is he's like, I hope I get a cyber security job. Maybe he will, maybe he won't. I guess we'll see. Please submit your resume to BHIS and we'll, we'll interview you.

D

But the Darknet Diaries episode will be out shortly, I'm sure.

B

Yeah. Wait, really?

D

No, that's a guess. I'm get if he's willing to talk to ABC News. There's no.

B

That's fair.

D

Yeah. Which unheard of. Like, usually we don't hear like, this almost seems like a play for. Right. At least for me to, to make him look good. Which he, he does seem honest and truthful. But you don't hear about this too often about them.

B

No. These are rare. These are super.

D

And then like, it's just like we've talked about before and like in the uk, right. These kids have been picked up over and over again, but they're, they, they keep it a secret and like.

B

Hush.

D

Put them away. Yeah. Identities completely. Which is also pretty cool, I think. But without a doubt he's going to get a job. Like.

B

Yeah.

D

And of course. Where did he start? Roblox.

B

Roblox.

D

Roblox.

B

I mean, I think it's. I don't know. I think it's really just a matter of people who feel like outsiders tend to look for communities where they fit in, regardless of whether it's cyber security or, you know, terrorism, whatever. Pick a, pick a. It could be just a lot of people fall into sports or into, you know, like, things that are more normal ways of fitting in, I guess. But in this case, you know, he got sucked into a community that was Kind of pushing him in a bad way. I mean, this is the same thing that happens for most kids who end up as criminals is they get sucked in with people who are older than them and kind of take advantage of them in a lot of ways.

A

I think one of the big differences in this case too is that most people typically don't get caught.

B

Right.

A

He was just used as a scapegoat, or not scapegoat, but a. Essentially like a patsy and this. Right. They just used him to, to not get caught. Right. And so I think we're going to see more being made an example of. Yeah, yeah. And I think we're going to see more and more of this though. Right. Because essentially what happens is, is that MGM or whoever gets hacked, right. MGM was mentioned in this article as well. Right. They want a lever to pull. They're not going to go to, you know, North Korea to get it, so they're, they're going to take it out on the US Assets that were used to leverage that attack. Right. And so I think we'll see.

B

So, right. It. The. One of the interesting kind of notes from this is like, the impact is definitely higher. So with the Power School thing, we talked about it in the. I think on this show, like the. There was an initial breach and they actually did a ransom demand and they got the ransom payment of $3 million. But then there was another ransom demand sent to all of the individual schools. So basically, like in this scenario, someone gained access to whatever server they exfilled all the data to. You know, whether it was someone trusted or not, we don't know. But essentially they like got the data, a copy of the ransomware data set. And so, you know, it's kind of a poster child for why you shouldn't pay the ransom because there's no guarantee that someone else hasn't accessed that data and can use it to continue to extort and do bad things. I mean, on some level, obviously there's credibility lost. But it is like kind of interesting sort of sub plot is like the fact that they, he, unfortunately, other people, even if he like has remorse and feels bad, other people have the data too and can continue to sort of drive impact from it. Even if he doesn't want to do that, other people still can. It looks like they're looking for someone else. You know, they're looking for other people in connection with these crimes in addition to him.

D

Yeah.

A

The example piece too is to stop that from happening again. Right. From other people being like, oh, think about this. But I will also flip the coin one more time and just say that his age, right. Being young and just impressionable and willing to do these things. I mean people at a young age, including myself, have done stupid things that maybe you either regret or maybe it was just unsafe. Right. And this is one of those examples, you know, at a younger age taking, taking advantage of people who are younger, you know, to.

B

Yeah, 15 year old and like unfortunately, yeah, when I was 15, you could have convinced me to do probably.

C

And unfortunately, Roblox has been a known resource for radicalizing young people, especially young males. And not just, not just for hacking. It's. It's used for radicalizing young men for all kinds of unfortunate and sometimes violent purposes. I mean, yeah, they only went into acting. Yeah, he may get a career out of it someday when he gets out of prison.

B

But yeah, they, they talk about that in the news in the ABC article too that like Roblox is basically there's a couple uplifting parts. The article like one, there's a couple programs that actually go out and try to, you know, recruit people into a community that's, you know, fostering positive things instead of, you know, kind of similar to what our community does. Obviously we don't go out and recruit people on Roblox, but there's something called the hacking games that's like, you know, basically Roblox based, positive version of this community. The other thing that they mentioned is that Roblox specifically says they've hired several young people to help secure their systems after they participated in similar programs. So like the, if you're out there listening to this or you know, watching and reading the article, realize that there is a pathway to use your skills for good and to get paid for it. Right? Like, you know, you might get a job at Roblox, you might get a hacker one bug bounty payout. Like Go the Go the.

C

If they ever resume bug bounty payouts.

B

Well, no, they're, they're still doing payouts, they're just not taking submissions. So.

C

Ah, okay.

B

Well if they ever, when they resume. Well, you could still submit directly, but yeah. Anyway, basically the concept is there is a good and an evil version of this story. I think four years is fair to me. Like that's like enough time that he'll definitely have, you know, hopefully some time to think about what he did. But also not like 10 years which is just like a criminal graduate program where you just go and learn how to be a really good criminal. So I don't know, we'll see what happens. But he does have $14 million in restitution to pay to victims. So when he goes to get his first cybersecurity job, he'll be like, my salary demands are quite high, because my restitution demands are also quite high. I gotta make $14 million a month. Sorry. So we'll see how that goes.

A

Salary is kind of high, but, you

B

know, salary's kind of high, but it's only one month. And then he goes back to prison.

D

You have to pay interest on that.

B

I'd probably. Dude, I'm assuming the system is set up to completely block anyone from actually being reformed and just put them into a cycle of re reinfracting.

A

This bankruptcy apply here? Can, like, does bankruptcy not apply to restitution? I don't know.

B

I don't know.

D

I don't.

B

We need.

D

We need to get it under a different.

B

These are adult questions, dude. This isn't that kind of show.

A

Yeah, fair enough.

B

All right, so next we can talk about Mythos. I mean, I don't know. For me, we. I guess we talked about it last week. Like, I've still had a lot of customers asking me questions about it. John did a big LinkedIn post about it, which we'll link to if you guys. If anyone didn't see it. But basically, it's kind of the sentiments that we echoed last. Last week on the news. I think the answer to Mythos is basically twofold. One, it's definitely hype. It's. It's. You know, there is some hype tied into this. Anthropics trying to maintain their relevancy, and that's just part of this. But also piece number two is the. Some of the claims and things are real. And I've been telling customers, you have to assume something like this is going to exist in the next, you know, short future. We don't know when or how. But if they're basically advertising this capability, that means all the other AI companies are short. Are close behind, and that includes Deep Seek. Right? Like, what was the. What was the distance between the, like, GPT4O release and deep Seek release? Like, does anyone know that off the top of their head? It was probably, like, was it three months, six months? Like, I forget.

A

Timeline's so small for all of them right now.

B

It's shorter than you think, basically, is what I've been telling clients. Like, this kind of a vulnerability. Crusher AI will exist in the next three to six months and publicly. So. So basically, get ready for that.

A

And so I. I guess the other follow on Article to this is that anthropic did release Opus4.7, which, yes, has.

B

Well, okay, so, yeah, the Opus4.7 release is actually really interesting, specifically because Opus4.7 now has specific gateways and gatekeeper stuff built in for cybersecurity abuse. So basically, Opus 4. 6. If you just told me you were an authorized. If you just told me you were an authorized pen tester, it'd be like, oh, all right. What are we doing? Are we hacking China? Let's go. Opus 4. 7 supposedly has better. More gateways built in that will basically force you, hey, you know, this seems like you're doing something unauthorized. And it has its own verification model at the account level. So there's also anthropic drama where they're requiring identity verification for their accounts, which we don't. I don't know if we have an article source for that. Someone could probably find it. But they're acquiring KYC verification for all their accounts. And in Opus 4. 7, you'll hit that limiter more often of it being like, hey, it seems like you're trying to do bad stuff for us at Black Hills. If anyone's curious, you can get authorized. So you can basically tell Anthropic here I'm. We're a pen test company. We're authorized. And they will allow. Well, they'll take down those gateways, but I feel like that's a pretty good way to reduce abuse. Obviously, it's kind of a moot point at this point because you could just use four. Six, right? Like, you could just be like, all right. And 4.

A

6 is actually better in some ways, in some regards. But the point.

B

Yes, if. If you go back up to the table, Megan, it. It shows technically, Opus4.7 is actually worse for cyber security by, like, 0.3% or whatever. So if you look, it says there's one for. What is it? Cyber security vulnerability. Reproduction4.6 was 73.8 and 47 is 73.1. So it's 0.7% worse.

A

Yeah, they did it on purpose. They nerfed it a little bit. I watched a bunch of, like, people essentially digest the numbers here. But the one thing going back to what you said, Corey, is that we are still on the continual march of improvement.

B

Yes, numbers. It's gonna happen better. And it's like.

A

It's so fast and that, like, you know, when is. You know, I keep thinking about, like, when is Opus 5.0 gonna come out? And, like, honestly, it could be four months. And that could be, like, on the extreme version of it. And ChatGPT could come out with something even faster. And you know that. Yeah. So it just keeps going. It's like a steady march. I do wanna say one last thing though, about the. Essentially the gatekeeping of cybersecurity. OpenAI was a lot worse. Like if you asked it to do something, be like, no, I can't do that, I can't do that. Like it really gate kept a lot more than anthropic and now anthropic is kind of catching up. Even though arguably sometimes it gets super annoying. Even if you're not trying to do something malicious. Right. Just kind of do something related. Eventually it gets to the point where it's just like, I'm going to not help you with this stuff. And you know what's going to happen in that case? Models are going to show up that will help you with that.

B

Correct. There's going to be obliterated models and Hugging face models and Deep Seek and Mistral and all these other Quen and there's Chinese models.

A

There's no way. But my point is, and is that there's no way Anthropic or OpenAI, no matter how great their frontier model is, is going to stop what is coming, Right?

B

Yes, a hundred percent. They are upfront.

A

That's all. Yeah.

B

No, 100%. I link to the verification program, if anyone's curious in Discord and the next article we can kind of dovetail in is the KYC verification anthropics requiring this. It's not super clear when they're going to start requiring this or what the rollout's going to look like. They. They basically just posted this and now everyone's salty. But essentially the bummer here is that they're going to use Persona, which is a company that has taken on a lot of investment from Palantir and Peter Thiel and those sorts of shady folks. And Persona has also had issues with cybersecurity in the past. I will say I think the issues they've had are very overblown, like people's concern. Like, you know, they had some issues with them exposing the source code, I believe, for one of their government identity verification systems and like the way that the authentication worked and stuff. To my knowledge, they haven't actually had any exposure of like the identities themselves yet. And it should be noted that this company, Persona, is also. They seem to be kind of the standard in Silicon Valley. That's what Discord is using. That seems to be what most companies are using. So it's not really out of band also, by the way, OpenAI is doing this too.

A

Yeah.

B

If our parents are, you know, if our parents are open AI and anthropic, they're both doing it and so we probably just have to roll with it.

A

I would say get ready for kyc. Across the whole Internet it seems like that stuff is coming across different pieces, different, different market and mainly different laws. Right. In different states. It's all kind of moving that direction. And most of these companies, they're in a business shocker to make money. If KYC is what they have to do to stay in business, that's what they're going to do. Right.

B

It's just a huge bummer that we can't have a government backed. Yeah, like actual state run KYC that like uses the. Like. They already have my passport, dude. I already like, you know, answered a bunch of questions and gave my fingerprints away and some guy touched my. But no, I'm just kidding. But yeah, I'm already a US citizen.

C

I don't need that.

B

Well, listen, okay, I went to an appointment and like whatever happened, it was

A

way cheaper than normal.

B

That's what. Yes, it was discounted.

C

Now we know why.

B

It's a. It's a benefit of my credit card. All right, so basically, I mean the point is the government already knows who I am, has my identification documents. They like, can they not just give me like an SSH public key or whatever?

D

Yeah, that's that. Right, like some private, private public key system or like why, why hasn't there any been any blockchain, like blockchain technology behind it is pretty cool and can track things. Why aren't we using that in the like more production?

B

It's a bummer.

A

That would be perfect.

B

Dude, let's.

D

Are we about to make a company again? Another one here?

B

No, no, no, no. We've already, we've already made one company. We don't need to make another. The. I think like, I think there are companies or countries. What is it? Estonia? I want to say off the top of my head that like has like a full digital identity system that's nationalized and has like voting based on that system. Like, I don't know, it's one of these like small countries that you've never heard of, but they have like 10 gig Internet and really good tech.

C

I don't know, it's easier to do at a smaller scale.

B

I mean totally.

C

They.

A

Yeah.

C

And they probably have a lot fewer than what, 360 or 400,000 million citizens. Whatever. We're up to these days.

B

Yeah, I. I mean, you're not wrong. But still, that arguably also means we have immense amounts of resources available to create systems like this.

C

Yeah. If we, if we have the will.

D

Yeah, we got break.

C

That's the bottom line, you know.

B

But breaking news, we got breaking news, breaking news, breaking news. We got Tim Apple stepping down at Apple. So now he's just changing his name to what? Tim. Tim what? Tim Apple. Tim Cook is stepping down after more than a decade. It's probably because he asked Siri whether he should leave and she was like, yes, leave.

C

Yeah, she was, she was. Don't let the door hit you in

B

the ass on the way out, honestly. So word on the street is they're

A

finally going to come out with a new Siri this year.

B

I mean, okay, that's just powered by ChatGPT.

A

Yeah.

D

Yes.

B

So. Well, no, no, no. So, okay, hold on, hold on. So first of all, for those that have been on Living Under a Rock, it does seem that he's. We don't know, but Apple hasn't been doing super well in AI to the point that I know several people in my personal life who have like, seriously considered switching to Android just because of how bad Siri is. And that's totally valid and fair. Hold on. And he's been unable to correct that. What did you say about Alexa?

A

Not. Not to. Not to. Not to say that. What? Everything you said about Siri is not correct. Because all of those things are correct.

B

Is Alexa just as bad or is it.

A

It's worse.

B

It's like worse.

D

Yes.

A

And they came out with an AI version and whatever. Right. I think it's. It's tough for the non AI to like, companies that came out with those original, like voice assistants to like have to move into it.

D

They just pushed Gemini to Google or to the Audi Auto. What Auto? Google Auto.

B

Oh, yeah.

D

And it could not play any of my songs. I was like, Alexa or Google Play Toy story storyteller on YouTube as I'm driving. And then it plays like some random thing and I'm like, over and over again I'm like, you know what? I'm just gonna do this myself and hopefully don't get in a car crash.

B

But yeah, well, okay, so. And by the way, before, you know, obviously we haven't even read the whole article about Tim Apple stepping down, but they did actually partner with Google. That's who they chose as their AI partner. So in iOS 26, which was last year's release, they have like chat GPT integration and as an iPhone user, I always use it, but it also ties. Not in. It doesn't tie into anything. But every time I use it, I'm like, ask ChatGPT basic question and it can answer it. That's as far integrated as it is it. That. That's pretty lame. So they did partner with Google to get a Gemini model to basically hopefully correct some of the issues they have. Who's John Ternus? That's the person they chose as the replacement or tent turnist. I don't know how to pronounce that.

D

You Google him. He says he's an engineer and an executive, which.

B

So he's. He's VP of hardware engineering. And then he's right.

D

Which sounds pretty cool, to tell you the truth. Like, if someone were to shake.

B

I will say their hardware might be their strongest department. Honestly, like the. You. You really. If you're comparing the iPhone hardware to other companies, that's what everyone sets the bar at is like the actual physical characteristics. And if you look at the laptops, it's kind of the same thing. They were super pioneering when it came to the Apple silicon stuff. So I think it's a reasonable there.

A

So just to. Just to put it out. So AI is cool and awesome, but the hardware is how we interface with it. And Apple definitely dominates that market space, especially from the handheld. They're over.

B

Oh yeah.

A

The US and all this other fun stuff. So they're not going anywhere anytime soon, regardless of how crappy Siri is or maybe that it proves to be. But yeah, they're definitely a dominant piece in the. In the. In the glass that we get to see, right?

B

Totally. Yeah. And that's not going to change. I think there was an interesting video the other week about like, how Windows laptops are kind of in a weird spot right now where like, you have Windows, which is Microsoft, then you have like Copilot, which is also Microsoft, and then you have like a bunch of laptop manufacturers that have to figure out how to work with Copilot and Microsoft or else they're not really included in the whole party these days because, like, Windows now requires you to have all these copilot ties. You have to have a Copilot keyboard. You have to have a copilot button on your keyboard. So basically, Windows computer. Yeah, just to be a Windows computer. So like, basically for a Windows laptop to be really good, all these companies have to work together and do well. For an Apple laptop to be good, it just has to be one product from one company. So I don't Know, we'll see. While we're speaking about Windows, we can talk about new concerns with cybersecurity around Windows Recall, which for those that don't know is the coolest feature they ever added.

A

I can't wait.

B

Yeah, well, so recall. So Recall was a really cool feature that was designed like with the release. Was it Windows 11 or Windows.

A

It was like in, it was in one of the Updates for Windows 11.

B

Because this is years ago. Yeah, years ago. This is September 2024. Wow, that feels like 10 years ago in the world of AI.

C

It does.

B

That was, that was so long ago. But basically it was a feature that would essentially record your screen and let you go back to a previous state. Yeah, all the time. So as you could imagine, they rolled it in an incredibly insecure fashion at first and everyone was like, please, no, can you not do that. And there was a, you know, people were publishing tools that would extract all the data from it. It was fun little time and now I guess they're trying to re release it. I, I assume. And not all the security vulnerabilities have been fixed. That's my assumption.

A

What about the whole thing being just one big vulnerability?

B

Like that's everything that there is that

A

sending it off to.

D

I don't know who, like who would use this? Who's the primary user of this?

A

That one person who's like screen and let Chachi BT look at it too.

D

Well, maybe that's it. Maybe it's from the AI perspective that the AI destroyed your laptop so much that you gotta rec back to a time beforehand.

C

Yeah.

B

The new version of Windows Restore, it's just one prompt. It's an AI prompt that restores all the files. It's just a markdown file that says this file lives here. This file lives here.

D

I, I don't even know anyone who uses backups personally, like in their personal setups like backup. I will not. I don't know any data.

C

I don't backup.

D

I don't know any like non techie people. We'll say that. Like normal normies.

C

Yeah, that's.

D

I can't see anyone. I can't see anyone using this. And then from a corporate perspective, like I understand it, I'm wondering if this could be used forensically. But why. You wouldn't need it, right? It could, but like would you even need it if you, if you have access to it? Would you?

C

If you're a decent forensicator? I would think not.

D

I don't think you would need it though. You would just like run Your normal like end case or anything to pull everything off of it. You wouldn't have to use Recall.

B

So yeah, thinking, I mean it is, it could give you a ton of insight into like, it's basically a screen recording of everything the user was doing. Right. So it could give you way more insight than any of those forensic. Oh yeah. Flat out.

C

They say Recall stores messages, things on your screen, emails, documents, browser history. If you're using the computer and you've got Recall on it, it's recording everything

D

with the right DLP software, though. Like, I have all that too. That's the thing.

B

It's just, that's fair. But like, I, I think the biggest thing is just this. No one asked for this. No one actually needs this.

A

No one wanted this.

B

Like, okay, right now everyone's fighting the battle of all their employees want AI and they have to figure out how to get AI into their company without screwing up security. None of their employees are like, can I get Microsoft Recall? No one wants that.

D

My, my favorite use of this is when someone calls in and says their mouse was moving by itself. And I'm like, all right, let's go check it out and recall and be like, no, it's not moving. You're moving. We can see.

B

Your use for it is just proving people are dumb. There's way better tools for that, man.

D

Yeah, but if it's a recording, we could prove it to them.

A

Don't move my icons. That's exactly how I like it.

B

My icon. That's an oldie. An oldie but a goodie. Yeah. Speaking of creepy recording of things that shouldn't be recorded, 404 Media published an article about this company called Webinar TV, which their M.O. and this is just as a business model, insanely creepy. Their MO is to enter publicly accessible zooms using a bot and then record them and transcribe them for whatever reason they're doing this at scale. I don't think anyone really knows why. The article doesn't really cover why. I, I can't really imagine why. But here it is basically, of course, because public zooms are public, some of the information in there probably shouldn't be public. And you know, they give some examples in the article like Graves Disease and Thyroid foundation patients support groups for like one of the funny ones is like nudist support group. It's like, oh, you have to wear clothes, guys.

C

It sucks.

B

Like, basically it's recording this data. It's not super clear why it is, but it's claims that they've hosted over 200, 000 webinars. I don't really know what their business model is, but it feels like from a privacy perspective, like do they have any lawyers that have ever even thought about this for more than 10 seconds? Like I cannot imagine the amount of phi and pii. I mean I think the biggest thing is like if you're going to some of these webinars, just assume it is, you know, being recorded. Yeah. Being recorded by someone. Change your name to something anonymous. Maybe hide your face or don't show yourself on camera, I don't know. Or just. It sucks because it's like the companies that are putting on these webinars aren't really trying to do this. They're not trying to make it, you know, cybersecurity problem. But they are.

A

Yeah.

B

And so yeah, then basically they're also, interestingly enough, the, the webinar will actually like register. They can registrate or they, they have people that are registering for these sorts of things and like actually submitting like forms and things to get into some of these webinars. So it's like, I don't know, it's basically super creepy. I don't know what this company is,

D

but maybe they're pulling all the data to feed AI.

C

Well, okay. One of the things, one of the things covered in the article too is that some of these public meetings or, or publicly listed meetings are things like recovery groups or face faith based conversations. They kind of have to be public in order to serve the population they're trying to reach. Which is like if it's, if it's a 12 step group, that's always been an open meeting format. It's always been anybody can show up. Why would it be any different in a digital form than it is in a physical form? So with webinar TV going and scraping all of this stuff. Yeah, this is a huge deal. And you know who thought this was a good idea? The only thing, the only thing I can figure in terms of how they're making money is by advertising.

B

Advertising or like you said, selling the data to AI, right. Like that it, it's, at the end of the day, this is data mining. Like that's basically what this company does.

C

Yeah.

B

On some level, like you could argue, oh it's YouTube, but it's like it's not YouTube because none of these people, the goal of this meeting wasn't to create content. Like that's not, you know, that, that's not how it works. That people were just going to the meeting to Be at a meeting, not to create content for someone else. So I don't know how this is legal. I don't know where they're based. I hope they go away. But on their website, there's 221,000 webinars. And searching. I did search for Black Hills. I didn't see any infosec. Like, they haven't been in ours. They're not, they're not in with us right now that I know of. I'm looking around. But yeah, if you, if you do a free webinar, definitely kick these, kick these bots out.

A

Freeze. Not free.

B

Free is not free. So we're kind of, we're kind of quick firing, but the cookie article is pretty interesting. So this is an article Again, we're 404 Media, basically a company called.

C

I wasn't laughing at you, Corey.

B

Sorry, Web X Ray. You can laugh at me. It's okay. Web X Ray published a report where they basically claim that all the big tech companies are not enforcing cookie tracking properly. Essentially the. Like, from a technical perspective, Google's. You ask Google not to track you and it's like, here's a cookie, I'm tracking you anyway, basically.

A

And have a cookie, you're gonna love it.

B

You don't want me to track you. Here you go, have a cookie. And so essentially all these companies have disputed. They're like, oh, no, it's not, it's fine. It's totally tracking. I think the, you know. Yeah, the GIFs and results in the chat are basically exactly how we all felt before the show, which is basically like, are you telling me these big companies are potentially willing to take on fines just to track people? Because it's more valuable to just take the fines and, you know, get the data versus not ever getting the data. So basically, we'll see how this plays out. There are some pretty aggressive privacy laws in states like California that will lead to them in court incurring fines for this sort of behavior.

C

But unfortunately, the fines are just a slap on the wrist for them. I mean, you know what, Google earns more than a hundred thousand dollars in interest in an hour. So even if it's multiple millions of dollars of fine, there's no incentive for them to stop their behavior.

B

Yeah, they probably will. I mean, I'm not a lawyer, but I'm assuming they'll be able to hire fancy enough lawyers to get out of this one. And I'm assuming they already hired the lawyers before they did this to make sure they could get away with it before they Actually did it so they don't have to pay retroactive fines. Basically. This is specific to California, but essentially there's different regulations for businesses versus service providers. Ad vendors like Google and Meta and other people, they contract as service providers, not as businesses. And so they're exempt from a lot of these privacy things, I guess. But basically, again, kind of depressing and a lot of data mining, tracking.

D

I got, I got a good article.

C

Well, I was going to say the good news is France is ditching Windows for Linux.

B

Another one bites the dust, eh? That are. It's like, it's like the, at least the fourth or fifth European country that's stitching Windows. So that's funny. All right. What you got, Wade?

C

What you have, Wade?

D

All right. All right. You guys ready for prompt injection pizza ordering?

B

Oh, I've been ready, dude.

C

I remember.

D

Go ahead, Little Caesar. Little Caesars. Starting on the 16th. You can now order a pizza straight out of Chat GPT.

A

Nice.

D

Oh, no, I'm not saying this is a bad idea or a good idea, but like, this is an idea for sure. So you can just, you can have it order you whatever you want. We recognize this. The, the, the, the comment from the executive is great. Today's consumers are turning to Gen AI as part of how they search for everything, including where they get their next meal.

C

Okay, so I can see it now. OpenAI is going to buy Grubhub.

B

The joke is, does this, does it come with glue? Does the pizza come with glue? Who is it?

A

Wendy's? Wendy's. Little chat bot, I guess. It uses anthropic and people were injecting in it to get it to do other tasks, write code for it, all kinds of other fun stuff.

C

Yep.

B

Sir, this is a Wendy's. But that being said, I will code you a fully functional act.

A

Exactly. But totally. Let me, let me take on that task that you've given me here.

B

You know, now that you wait for

C

your food, let's help build that website.

A

I want to, I just want to prompt in J to see if I can get free coupon codes or other things like that. Like fake a scenario that was really bad and see if they give you a coupon code.

B

Be like, you won't believe this. It was late again.

A

It didn't make it again. I need another, like, free order of this, you know? Yes.

B

I feel like you're gonna have to wave through a lot of agreements before you actually buy anything.

D

Like, let's see, let's see. Right now I'm gonna buy a five Dollar hot and ready. Are they still five dollars? I don't know.

B

No, not inflation, not in this economy.

D

Those were the days.

A

I mean, you couldn't drive there for less than $5 in gas, man.

B

That's probably true. Wade's gonna order some drunken pizza and he'll get back to starting.

D

It's starting. It's looking little Caesar's. $5 hot and ready. Yeah, they're not $5 anymore.

C

Darn.

B

So, couple other quickfire articles before we close. There's a lot of articles today. NIST published a blog or like a news update that they're basically going to start enriching. I don't really know what that means, but enriching certain CVEs. And I, I'm assuming the writing, the reading between the lines part of this is not enriching most CVEs. So essentially they're basically saying we get so many submissions for our CVE database that we can't handle updates and tracking on all of them. And so basically what they're saying here, and this is my interpretation, I could be wrong, is that they are essentially choosing a select subset of CVEs to kind of track and like update and actually keep track of. And other CVEs will not be as enriched as they previously would have been. So the gateways they're using for this are CISA's, KEV catalog CVEs for software used within the federal government, which is, you know, probably a lot more than you would think, but not as many as, you know, random Joomla. CVEs or whatever, and then also CISA or, sorry, CVEs for critical software as defined by an executive order. So basically it's kind of a bummer in a way that like, they're basically, they're kind of waving the flag that hacker1 did, which is like, there's too many CVEs, we can't handle them all. So basically, I guess the other reading between the lines here is if you're a. If you're a security researcher, you want a CVE to put on your resume or for whatever other purpose, you should probably focus on the software that is in this list that's like, that's used within the government, that is in the CISA KV catalog and is, you know, software important, Critical software. Well, I will say no, it's all you.

C

Oh, I was going to say, I mean, according to this article, they're saying that the CVE submissions increase by 263% between 20, 20 and 2025, that's got to be directly related to AI implementation. Definitely.

A

Yeah.

C

And you know, that's even, even before AI, the, the CVE system was struggling because we don't the kind of support for analyzing and patching problems. And we, we mentioned last week about how, you know, HackerOne had the bug bounty program, but do we have a remediation bounty program? And we don't. So. But the, the combination of this. Yeah, this. Sorry, this sucks. I don't have a positive spin on this.

B

It's kind of a bummer of a week.

D

The remediation bounty is you have a job and you don't get

B

the bounty. Honestly though, I feel like cybersecurity was like such a wave to be riding for the last like 10 years. And then I feel like in the last couple of years it kind of slowed down where we were like, nah, AI is going to replace everyone. And I feel like my hope is that this year that really swings back in the other direction. And everyone's like, never mind. AI is just creating problems and we need to find people to solve those problems, like now or actually more like yesterday.

C

Yeah, it's like, okay, great. It's a nice idea that all of these AIs can possibly replace cybersecurity experts, but the reality is that the increased influx of exploits and the increased accessibility of being able to attack systems has wiped out any net gain that would have been received. Patterson, you can speak to this better than I can because you're seeing how it's hitting our SOC services already. Whatever it is that these companies think that they're going to save by firing all of their cybersecurity people, I'm going to, I'm just going to say it out loud. I think they're idiots. Because there's no way possible that AI as it exists today can, can ever address all of the things that face any organization that has a profile that could possibly be attacked by malicious actors. And if you're cutting your people and you're thinking that an AI can do it, well, AIs are great at tasks, but you need people, human butts in seats who are doing jobs to organize and coordinate those tasks because there's too much. I don't know, Bronwyn, we're developing tomorrow.

B

I think you're way off, Bronwyn. I have an AI that'll solve all the problems by just deleting the whole company. It's easy. You could solve all cybersecurity problems.

C

That is one solution. Yeah, you know, unplugging and living under a rock is another solution.

B

I, I mean, I totally agree with you. I think the, the key thing that's still, at least as of today is still true, is that AI is going to do something. Some things are going to be smart and some things are going to be incredibly dumb and you need someone skilled to do make the decision about which is which.

C

They're like drunk interns. They have really good hits and really bad misses, but you've got to supervise them and that's what you need the humans for. I also think, and I was thinking about this because I wound up talking to a lot of friends over the weekend about AI and prompt engineering and where things are going. And I think that in the long run we're going to be seeing the ability to work with AI, prompt engineering, machine learning, data science, all of those things. These are going to be not just nice to have skills, they're going to be required skills in.

B

Yeah, it's the same thing as like Microsoft. It's like the same thing as putting Microsoft Office on your resume. It's like it's not really getting you anywhere but like you do need to know it like that. Really.

C

It's table stakes.

B

It's table stakes 100. That's a good point. All right, so let's do our plugs real quick before we close. Patterson has an upcoming. Wait, what do you got to.

D

It's at the bot. If you scroll to the bottom of the news there, all the.

B

I can't read. All right, so here's the plugs kind

C

of thing you want to admit in public. Corey, come on.

B

Patterson is teaching a pay what you can workshop next week. Rapid endpoint investigations for Linux and Mac. Important in the world of supply chains and developers and all these people getting compromised using AI tools they weren't supposed to be using. Patterson, do you have any other things you want to plug about it? That's pretty exciting.

E

That was an excellent summary. Yeah, super excited about it. Webcast this week on the subject for our pay what you can workshop next week. Just practical, practical tactical skills for Linux and Mac investigations. So love to see you there.

B

Nice. That's exciting. Yeah, I mean we, we've increasingly seen more and more clients asking us to do red teams on Mac and not so much on Linux. I'm assuming Linux is more like server based stuff, not endpoints, but. Or I guess it does say nix endpoints. So for those Linux people out there, you can really probably harden your system a lot by following the pick up some French.

A

You'll be doing some clients on Linux too, real soon.

B

Oh, good point. If you're doing government work in Europe, you're going to need no Linux endpoints in the next, like, very shortly. Oh, yeah, and then, Wade, you also have a workshop coming up. Not until May, but you're profiling. Know your enemy.

C

What are you talking about?

D

Yeah, I have a talk and a workshop. I don't. I don't remember when the talk was. It's on the calendar. But the talk is like how to read the news, which I find.

B

Oh, I. I definitely should go to that.

D

You should. Well, you. You should if you want a guest star in it. Because I know you. You can't secretly come in. We can just argue and yell at things then. Yeah, I have 25.

B

Ralph and I.

D

I do have the. The 25 workshop on threat actor profiling. That is a full four. Four hours, which will be super fun. And then I am teaching at the Threat hunting summit, my CTI 101 class. But now it's two days instead of one day. Yes.

B

So twice the value.

D

Twice. Twice the fun, twice the value. Yeah, I'm sure it'll be cool.

B

That's awesome. Yeah, it is crazy. You can get some of this stuff for $25 or like, you know, even cheaper. That's insane. That's such a good deal. I'm also doing a webcast. I think it's next week. Next Wednesday maybe. I'm not sure when it is, but I'm going on as a guest to Natalia's webcast and we're going to be talking about some burnout stuff. I did a burnout webcast when I first started at Black hills back in 2021. If you go back and look at it, I didn't have a beard, I had short hair. It's kind of terrible. So obviously have to kind of re up the ante and get back in the modern world of burnout.

A

And there's a CTF where you have to find Corey's face in that photo.

B

Am I actually in there? No, I'm not in there, am I? Maybe I am.

A

I mean, that's. That's the ctf, man.

B

That's the ctf. I'm the robot. Oh, no. Yeah. So see you all next week.

C

As long as you're not the walrus.

B

Hopefully not. Although you never know. I'm just hoping it's not just like some kind of weird therapy thing where then I'm just like crying at the end of it. I'm like, I'm so Burned out. This is terrible. We'll see. I might have to role play someone else. I'll role play Wade. I'll be like, I'm a new dad. I got terabytes of logs coming in. I can't wade through them all.

D

Dude, that's me to a T. That's it. That's all you need to know.

A

I can't wait.

B

All right.

C

I told you. You're not gonna sleep for the first.

D

Oh, no, I'm already sleeping. I'm fine. Like, six hours. Baby's already sleeping, like, six hour shifts. It's pretty nice.

B

I'll use that in my. I'll use that in my. That is my webcast.

A

I'll use that.

B

I'll be like, nah, sleep. Honestly, sleep is very important.

D

I have a. I. I upgraded as a dad and got a garage fridge recently, and it's full of Red Bulls, so I'm. I'm good to go.

B

You don't need that slow.

A

That's so much sugar. I just. Honestly, I. I got d. I have Celsius, too.

D

The Celsius just make me feel weird. Like, I don't. I don't know.

B

Like.

A

Yeah.

B

Yeah, it's too much. I think Celsius is too much. That's for a person. Like, I don't know. That's the thousand milligram edible of energy drinks.

A

Yeah, I could.

B

Anyway. All right, so I think that's all we got. Thanks all for coming. We'll see you next week. Have a good week.

A

Later, guys.

B

Bye. Bye.

C

Bye.

D

Bye, Sam.