Cyber Crime Junkies

New True Cyber Crime Examples with advice from top security content creator JOHN HAMMOND

March 05, 2023 Cyber Crime Junkies-David Mauro Season 2 Episode 17
New True Cyber Crime Examples with advice from top security content creator JOHN HAMMOND
Cyber Crime Junkies
More Info
Cyber Crime Junkies
New True Cyber Crime Examples with advice from top security content creator JOHN HAMMOND
Mar 05, 2023 Season 2 Episode 17
Cyber Crime Junkies-David Mauro

NEW! Text Us Direct Here!

New True Cyber Crime Examples with advice from top security content creator JOHN HAMMOND. Understanding the Cyber Crime Mind To Protect Business, top security content creator insight, recent true cyber crime examples, new findings on cyber crime gangs including EXCLUSIVE DISCUSSION ON BLACK CAT RANSOMWARE GANG and Anatomy of a Social Engineering attack.

Topics: understanding cyber crime mind, new insight on true cyber crime examples, new insight on cyber crime gangs, best ways to keep up to date on security news, best ways to limit cyber attack liability, best ways to protect business from cyber crime, and brand protection with identification authentication.

Please enjoy our cyber crime podcast and gain a cyber security mindset with cyber security news this week as we explore most common hacking tactics, and why it's important to understand the hacker mindset John has a massive following so follow him to great insight.

John has a huge following: 550K Youtube subscribers, 170k+ Twitter followers and 140k+ Linkedin Followers! John’s socials: Huntress: https://www.huntress.com/ Youtube: https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw Twitter: https://twitter.com/_JohnHammond VIDEO Episode Link for

Video EPISODE: πŸ‘©β€πŸ’» https://youtu.be/CMOu0o9FvFQ
/LETS CONNECT/ We Really want people to be able to Watch and Listen and we would love your help. πŸ“² πŸ“² PLEASE CONSIDER SUBSCRIBING. It's FREE and it will help us to help others. πŸ“² πŸ“² Our Channel @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1yg
Our /SOCIALS and PODCAST/
πŸ“² DAVID MAURO Linkedin:


Try KiteWorks today at www.KiteWorks.com

Don't Miss our Video on this Exciting KiteWorks Offer!

Click the link above or text 904-867-4468, 2014652: and leave your message!

You can now text our Podcast Studio direct. Ask questions, suggest guests and stories. 

We Look Forward To Hearing From You!




Try KiteWorks today at www.KiteWorks.com

Don't miss this Video on it!

The Most Secure Managed File Transfer System. 

Custom handmade Women's Clothing, Plushies & Accessories at Blushingintrovert.com. Portions of your purchase go to Mental Health Awareness efforts.








Show Notes Transcript

NEW! Text Us Direct Here!

New True Cyber Crime Examples with advice from top security content creator JOHN HAMMOND. Understanding the Cyber Crime Mind To Protect Business, top security content creator insight, recent true cyber crime examples, new findings on cyber crime gangs including EXCLUSIVE DISCUSSION ON BLACK CAT RANSOMWARE GANG and Anatomy of a Social Engineering attack.

Topics: understanding cyber crime mind, new insight on true cyber crime examples, new insight on cyber crime gangs, best ways to keep up to date on security news, best ways to limit cyber attack liability, best ways to protect business from cyber crime, and brand protection with identification authentication.

Please enjoy our cyber crime podcast and gain a cyber security mindset with cyber security news this week as we explore most common hacking tactics, and why it's important to understand the hacker mindset John has a massive following so follow him to great insight.

John has a huge following: 550K Youtube subscribers, 170k+ Twitter followers and 140k+ Linkedin Followers! John’s socials: Huntress: https://www.huntress.com/ Youtube: https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw Twitter: https://twitter.com/_JohnHammond VIDEO Episode Link for

Video EPISODE: πŸ‘©β€πŸ’» https://youtu.be/CMOu0o9FvFQ
/LETS CONNECT/ We Really want people to be able to Watch and Listen and we would love your help. πŸ“² πŸ“² PLEASE CONSIDER SUBSCRIBING. It's FREE and it will help us to help others. πŸ“² πŸ“² Our Channel @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1yg
Our /SOCIALS and PODCAST/
πŸ“² DAVID MAURO Linkedin:


Try KiteWorks today at www.KiteWorks.com

Don't Miss our Video on this Exciting KiteWorks Offer!

Click the link above or text 904-867-4468, 2014652: and leave your message!

You can now text our Podcast Studio direct. Ask questions, suggest guests and stories. 

We Look Forward To Hearing From You!




Try KiteWorks today at www.KiteWorks.com

Don't miss this Video on it!

The Most Secure Managed File Transfer System. 

Custom handmade Women's Clothing, Plushies & Accessories at Blushingintrovert.com. Portions of your purchase go to Mental Health Awareness efforts.








New True Cyber Crime Examples with advice from top security content creator JOHN HAMMOND

New True Cyber Crime Examples with advice from top security content creator JOHN HAMMOND. Understanding the Cyber Crime Mind To Protect Business, top security content creator insight, recent true cyber crime examples, new findings on cyber crime gangs including EXCLUSIVE DISCUSSION ON BLACK CAT RANSOMWARE GANG and Anatomy of a Social Engineering attack.
 
 Topics: understanding cyber crime mind, new insight on true cyber crime examples, new insight on cyber crime gangs, best ways to keep up to date on security news, best ways to limit cyber attack liability, best ways to protect business from cyber crime, and brand protection with identification authentication.

 

[00:00:00] It's always in the news. Cyber criminals attacking great organizations wreaking havoc on the trust of their brand. We socialized cybersecurity for you to raise awareness. Interviewing leaders who built and protect great brands. We help talented people enter into this incredible field and we share our research and blockbuster true cyber crime stories.

This is Cyber Crime junkies, and now the show.

So let's talk about something that is near to dear to our heart, and that is the business model. Cyber crime, right? Mm-hmm. , like the business model and things that you've researched. Can you share with us some of the coolest things that [00:01:00] you've uncovered? Any, any, advanced per persistent threat research?

Things like that because, , it comes every day. It's always in the news and, you know, we like to socialize it for people that otherwise aren't involved in it every day. Like you, you know, Share with us what some, some, some of your favorites if, if you don't mind. Absolutely. Okay. I think what might be fun to do is, hey, I got a couple stories in my back pocket.

But I do think maybe we can thread sort of what we were chatting about just a moment ago with a little bit of the Rite of Boom conference because Excellent. Hey, I got to speak there. Hey, got to, for some reason, they trusted me up on stage with a microphone. And we were focusing on black cats. The whole event, the whole conference wanted to be like laser focused on one threat actor and adversary.

And that is black cats. Sometimes heard talk, let's talk black cat. Yeah, yeah. Sometimes heard Alf v different synonyms. But that's a ransomware gang. If folks just don't happen to know [00:02:00] they've garnered quite a reputation because, hey, they've been beaten up, victims left and right causing some carnage.

They hit. Maybe on a lighter note, one that tugs at my heartstrings that broke my heart cuz they hit five guys. My favorite. That's good. Me too. I know I, well, when I saw that I was like, okay, come on Blackhead. Blackhead is on my lists. There's like, that is just, that's just crossing a cultural there. You wanna hit critical infrastructure, you wanna hit nasa, white House, fbi, Ingar, that's one that's bad.

But man, you go after five guys and you really, you, you've really hit the heart of the security community. Well, I say that in jest, not to trivialize or, or do anything I know to, to minimize the impact and effective of it, but, You know, they, they've made some crazy and wild innovations in a strange way.

 They're ransomware, encrypter, or the whole builder is written in, in rust. So for the nerds and geeks listening in, Hey, one of the cool [00:03:00] new hipster programming languages for like Rust Lang. , and it's fast. It's, it's crazy fast. It's wild. And it's got all that memory safety. So when a lot of folks say, oh, that's a certain amount, Feet.

Like, Hey, you know, that's a certain achievement and building this thing in rust. , but anyway, sorry. What they had asked me to try and focus on was to bring out, a talk presentation titled like, inside Remote Access Markets and the Access as a Service Model. Cuz we can talk about, oh, the execution of black.

We can talk about their initial access. Hey, vulnerabilities open week, R D P, crap like that, yada, yada yada. But at the end of the day, ransomware actor gonna drop ransomware. Right? Makes sense. . So the question is, what are the other ways that they communicate and how are they working with affiliates or other programs and all those brokers that make up cyber crime?

, So I got to dig into some of the fun, shady, spooky, I don't know, forums and [00:04:00] underground and syndicates, that folks might be familiar with. And a lot of these might be low tier, even some of that stuff that's more private and higher classes probably gonna be an internal, jabber communication or talks right, or telegram.

But the stuff that ends up on the forums, Xss do is, exploit. I, there's crack io, I think raid forms when it was a thing I think that got seized. but a really cool one is Breached, breached vc. Those are the ones that you'll see pictures of when Twitter or Mask on folks shoot. Right. Some like anime looking girl with purple hair is a profile picture.

Yeah. . Anyway, black Cat was present on that forum and would have a whole lot of posts that say, look, if anyone is interested, you can go grab the compiled renditions of Black Cat or X Matter their exfiltration tool really. And you, you can go take a look at our shop and if you wanna go buy it, and here are some videos that show you how to compile and build it.

Here are some videos that show our leak sites, and I thought this is really weird. , so they've, [00:05:00] so they productized it and were advertising it as they were executing it. Oh yeah. Oh yeah. Yeah. Which is not uncommon. You look at lock bit 3.0 and Absolutely. Stuff like that. You. and I thought, okay, let me drive this point home to the audience or whatever that like mm-hmm.

ransomware is one thing and it, and it makes a whole lot of news and headlines and everyone's talking about it cuz it is a big threat. But I think what folks don't always often think about are the initial access brokers. And to push that a little bit even further. What they were thinking, like, John, we should, we want to educate the community on like the wholesale access markets where you've got a, a fella who says, Hey, I've got the data breach from LinkedIn, or I've got, I've got whatever info that was scraped off of Twitter or whatever company, anything on a recent breach and incident, and I'm selling it all.

9 million database entries with social security numbers, addresses, bank info, whatever they happen to have. And we'll, we'll sell it wholesale like a [00:06:00] Costco or a Sam's Club or a BJ's lower market price. Right. Or bang for your buck. Right, because they buy all of it, right? Yeah. Or they buy a substantial chunk of it.

So is that, so that's what Black Hat, black Hat is kind of like creating that wholesale market. Well, it's interesting that we've seen them at least play in those pools. I don't want to go so far out in a limb to say, Hey, they've made some of those purchases, cuz I, they may very well have. Right.

, but I, I do want to. Draw that point. And that ransomware is certainly a threat and it's a booming industry, but there are info dealers like a, a raccoon, malware or AAR in redline that isn't even booming. Even, even more, blossoming industry because hey, they open the door for everyone else. 

What has your research shown about who the players are in Black Hat? If we know, like is there affiliation sort, are they coming from the Conte breakup? Are they coming, are, are some of these guys from our [00:07:00] evil? Like where, where did, where, where are some of these guys made up from? I believe that they are one of the successors of, of ar, evil or evil, and I think what would've been black matter just as well, or at least pieces of it.

It's really weird and hard with how pointing at threat actors in groups and adversaries because it's a guess ultimately until you get some more. I was just asking because maybe you see some similarities in code or some similarities in tactics or some of the, the, the language that they're using or something.

I, I, I didn. now. I wish I could give you a better answer but it's funny when they sort of have some shockwaves or they make some drama in that cybercrime community mm-hmm. There was a post from Conti, I think even on their dark web onion leak site, whatever we want to call it. Mm-hmm. That had said, Hey, look, I've worked and I've chatted with the other groups like Black Hat or even Lock Bit, and they're, they're scammers.

They're kids. They're not professional. They don't work in the business that we [00:08:00] do cause we take care of our customers as, as they say, quote unquote, it's their branding. It's, it's, it's, it's their, it's their branding for their, for their whole I. . So it's a weird sort of like, Hey, let me stop the competition.

And other affiliates or other workers don't go associate yourselves with this group. Cuz you know, they're small stuff, they're table stakes, right? They're small scale. You want to come hang with us, the big wigs over at Conti. Right. And that's, that's very weird and wild . Yeah. Yeah. And, and what, what have you seen, like, do you have any insight on you know, Let me ask it this way.

Who are some of the, the most prolific ransomware gangs out there today? I mean, clearly there's lock, but 3.0, right, right. black Hat is, is growing. Vice Group is, are they? Yeah. Vice is the one I was gonna mention. Yeah. They, they're really attacking a lot of schools I saw. Mm-hmm. . You know what, what, what, what's your research showing about some of the, this, the differences, the different [00:09:00] approaches between those?

Yeah. Vice Society is the one that I was certainly gonna mention. Yeah. Vice there's been a whole lot of chatter, surrounding some of the recent Microsoft Exchange vulnerabilities. Again, whether we went for proxy log on proxy, shell, blah, blah, blah. , because, play, I know there's a ransomware group called just the word play Play, gotten into a little bit of the limelight cuz they were abusing and exploiting that, that exchange vulnerability.

 But to your question of the most, again. Hey. Lock bit would certainly be up there. Think I've seen that resurgence or it comes in waves, right? As we're seeing a more and more of, of vice society and others. But to your question of what are those different sort of tactics or weird sort of even ethical boundaries mm-hmm.

that they put on themselves. Mm-hmm. because if you go take a look if you wanted to, hey, have you, if you got the stomach floor, crack open the tour web browser and go look at some of their onion sites, they'll. Here's the data and information for journalists or for reporters, and here's our code of conduct.

Weird. It is [00:10:00] bizarre. Well, we've done that. We've so let you know we've done that cuz that's our hobby. But it's bizarre. It's a bizarre world. Like to go down that rabbit hole because, and some will be. Everybody just wanted to mention Cybercrime Junkies Prime. We now have a subscription available.

Through our podcast and it offers exclusive content, bonus episodes, and even pre-releases of all of our standard shows. We keep it simple. It's just the cost of one cup of coffee, one time a month, and you can cancel anytime. You can subscribe by, scanning the QR code next to me in the video or by clicking the link in the show notes.

If you select not to subscribe to our Prime membership, please at least consider subscribing to our YouTube channel. It's at Cybercrime Junkies podcast on YouTube, and it's absolutely free. It allows us to bring great guests on the show. Thank you for your support, and now let's get back to it.

[00:11:00] Rabbit hole because, and some will say, because they, some of them hold themselves. That's what I was asking cuz you, you live in that world. And, and some, like, some of them are like, well, we're very, you know, we, we have honor and, and ethics and Dr. And I'm like, seriously, you guys are like bankrupting pisses left Tourette

Like, what do you do? Like really you believed this stuff? But you know, they, they're trying to differe. Themselves, right? It's like the new age ransomware come do business with us. They have like professional videos on this stuff. It's pretty cool. In a, a weird sort of like sportsmanship, they'll be like, Hey, you know, we won't, we won't go after charities or nonprofits.

We, we try to avoid hitting hospitals or schools, so let's, right. Crazy. So to thread it back a little bit, if I may again, black on back to Black Cat and Lfv, I, one thing I wanted to include in that talk was there was. A message that they had put out, another forum bulletin where they said, Hey, great news everyone, all of our loyal supporters, we have done, a great big undertaking and [00:12:00] we have gone and, and indexed and cataloged all of our leaked data.

So all of the victims that we've already exfiltrated some data out of, now, it's all. Like if you wanted to search for John Hammond, you certainly could in all of their victims and customer data, if you wanted to search for password or net income or whatever you could. And if you go find it, they, it's like a two terabytes or whatever of data that you just sift through and they say in the message.

Hey, we want to do this so that the information is more accessible for the cybercrime community. So they have created a search engine or a search platform within the breached data so that you can hone in on what you want to buy. Across every single victim, which is wild . Really interesting. And they say at the interest, the very, very end of that statement, they say soon coming very, very soon, we want to get this out on the Clearnet.

So something published on the open internet, not tour or onion.[00:13:00] So. Yeah, weird and wild. Maybe Google will be the one indexing. I was gonna say, what's it gonna be goo Google Black, right? Yeah. Like you can like fire up Google black and then just like find out like stuff and then just go buy your own data and then like get, you know, hopefully you can, you can change, you can identify everything you have to change.

Those are some of the strange That's interesting innovations that I've seen. Yeah, from, from Black hat. Now is that, let me ask you this, was that the first time you, you had seen like an indexed search for, for victim data like that? Personally? Yeah. Yeah. Okay. So that's pretty significant, right? Well, hey, I, I might be able to, I don't remember.

Well, no, and, and again, this is. , this gets to imposter syndrome and cybersecurity, right? Like we, we all can't know everything, but we've researched and we speak with John DeMaio a lot, who's, who's done a deep dive on lock bed 3.0. I don't remember anything about them having on their happy blog and right places like that that they have anything about, like being able to search [00:14:00] and index and dive deep into that data.

That's pretty interest. Yeah. And I thought, Hey, you know, those are some of those new innovations for Black Cat that I think are worth talking about and worth bringing to the table for that conversation at Rite a boom. And I, and I thought, Hey, let's show it to them. You know, let's get those screenshots, let's get those up.

So if by any means you would like the slides David or Mark, we would love them. Yeah. We would absolutely love them. Yes. That would be, I would absolutely love them. Yeah. Because that is just so fascinating. Yeah. You know, and, and for, for people in. Are in charge of securing organizations and their brands.

Like when you guys research all of this and when we go on the dark web and we're trying to understand the personalities, the, the variations between these cybercrime organizations, it's not to glorify them in any way. Right? Like it is, it is purely because if you don't underst. Who the aggressor is and how they think, what their motivat, what their tactics really are [00:15:00] today versus a year ago, you're not gonna really be able to adequately defend yourself.

I mean, is that fair? Absolutely. Let. We were chatting about, hey, some more of those initial access or execution or postex exploitation, things that we can detect and you know, based off of keying off of those artifacts, can we lock it down and, and have that better se defense and better security. But you're tugging on a really interesting point there cuz it's.

When we bring this stuff to light, we don't want to be encouraging or emboldening and just encouraging even more cyber crime hacking. But it's a wild thing because I, I wonder if it's, I mean, to me, I look at it naturally. Yeah. Yeah. To me, I look at it like, some of it is like, like when I was watching, Or ar evil, however you, whatever they wanna pronounce it, they say it in Russian, so it doesn't really matter.

Anyway. But when, when, when we were watching them a year ago or so, I was like, it's kind of like watching John Gotti. Like of the, of the, of the organized crime, like [00:16:00] very flamboyant kind of out there. And it's like there's a whole group that's kind of looking at you with a jaundice eye, like, don't go out there so much.

Right? Yeah. Don't over expose yourself because then you become a target. And and then we kind of saw what happened with them. But it's, it's, it's kind of interesting. I mean, no, we don't mean to To glorify it in any way. I think it needs to, we need to learn about it. All of us. Like the more and more, you know owners of businesses, owners of organizations, people that are in healthcare schools, like if you're in charge of protecting.

And you know, that organization and that organization's, people and the brand that it serves overall. Like, we have to know this stuff, right? It changes so often. There's a, it's, there's massive amounts of money at stake. They are changing and shifting all the time, so that's part of the reason why we delve into it so much.

What are you seeing in terms of The initial access brokers, like, is there an [00:17:00] approach to, to shut down groups of them? Like there, there are organized groups like, like Black Cat and you know, Ari Vol and Lock Bed 3.0 Vice Society. Right. And, and a lot of the people that are the digital mercenaries, right, or the actual executioners, the ones that, that, that do it, they're retained the a.

Like they're, they're retained and they don't even necessarily know each other. Right? So they have it organized just like traditional organized crime. But with initial access brokers, they seem to be out there as one-offs. Are there any groups that are forming as initial access brokers, and if so, how do we, how do we defend against those?

Because that's, that's that kind of wholesale kind of like, I've got access, but I. I don't want to get involved in the actual extortion part. Right. I'm gonna just sell that and make my three grand and be done. Mm-hmm. , how do we, how do we stop them? Like, oh, [00:18:00] super. Good question. And I don't think I have a good answer.

I'll admit I don't either. Otherwise I wouldn't have asked. I don't think anybody does right now. Yeah. Such as the treadmill Yeah. Of cybersecurity. Well, let's break it down. Are there, are there any groups that are just IAB bs. Or no, cuz I haven't seen that like Yeah. Not a name that I'd be able to point to other than Okay.

Yeah, that's what I thought. You've got Raccoon, you've got right. Vidar Redline, but those are the malware strains, right? Ranan, maybe that's one that does a little bit. . Okay. Yeah, because it seems to be individual people like, and you don't know if necessarily they used to work there or whatever.

Right. Or they found a vulnerability or they're, they were playing around and they found a vulnerability, but they don't want to get too heavy into cybercrime, so they just kind of one off, send, sell it, sell access, and then, and then they. Well, I'll be honest. I, I think a lot of the issue is, hey, it's, it's so [00:19:00] commoditized and it's so.

Prolific everywhere, mm-hmm. that it, I can't pinpoint or say, is it one group? Is it one person? A lot of those things feel like they're kind of just sprayed and preyed across the interview. Mm-hmm. , right? Whether it's a Phish email, which I know isn't all that sexy, it's not that cool. You're not firing off a zero day or anything at some vulnerable service or unpatched program.

That's the stuff that still works. Well, yeah. , I mean, and, and, and I love it. So we've been, we're part of our infa guard and we've been Yeah. Doing these security awareness trainings alongside local field agents, the f fbi, department of Homeland Security for like 10 years. And I gotta tell you, I love it when we're approaching somebody about, you know, well, you just let us train your people.

There's no cost. Yeah. Just let us train your people. And they're like, we know, we know not to click on links. We know what to look for. We don't need that. And I'm like, if you guys. Then it wouldn't be the predominant cause of all these breaches, like, right. What, you know, it's not a [00:20:00] technical answer. Right.

But what, what are your thoughts on like what organizations can do to like create a security culture? I, I, I, I was hesitant on asking you, because you are so keen on the, on the technical aspect and, and, and driving that, but from a, from a culture standpoint, what do you, what, what do you see would be a best practice?

Ooh. Okay. . Super good question. I think it's kind of fun because look, I, I've received those emails, like I've gotten some of the weird definitely sketchy emails that are oftentimes masquerading as like a, even a Google Drive file share request or Right. And they sent you some way or someone that, that looks like it'll slip under the radar, cuz it's from Google, quote unquote.

Mm-hmm. . Anyway to drive that culture. I think it's something that you shouldn't have to have to be embarrassed about. We, so truthfully, again, just for, for my own business and or my company that I'm with, Huntress, we. Make fun of it. , we have, we have Slack channel. We [00:21:00] have Slack that we're all in and every day as a remote company.

And whenever someone gets either the weird text message or the weird Instagram outreach, or even the silly email that says, Hey, this is your boss, Kyle, c e o, can you please bring me those gift cards? Please give me, we do, we do the exact same thing. It's such a joke. Yeah. The exact same thing. We're like, and, and, and sometimes I, I give kudos to my guys who like, play with them a little.

They're like, oh yeah, I'm in, I'm in line right now. Like, how, what, what dollar denominations? , like what do you mean? Yeah, what combinations would you prefer? How many ? Yeah. Well, I mean, just to keep their attention because that way they're not bothering somebody else. It's a good Keep them. Yeah. Just keep them online.

Yeah. So is there a, is there. A formula or is there something that you see that helps an organization like kind of improve user awareness? Like, to me it's, it's a whole host of things to me. It's more a cadence. Mm-hmm. , it's more of a cadence than anything else. I think a lot of [00:22:00] organizations don't know where to start and they have to do something.

So they have onboarding, compliance training. So when you're learning about harassment and how to be a good manager or how not to like steal funds, then you also take the, the ohs, here's a fish, and, and, and, and don't click on links. And then you start your job for three years and you don't get trained at all anymore.

Or maybe it's once. And, and none of that to me, I mean, it's good that they're doing it, but none of that to me means they absorb it and they change their behavior on a consistent basis. To me, it has to be like ongoing job embedded as needs to be something that they make fun and that they make it kind of regular.

It's professional development is what it needs to be. Yeah. Oh yeah. Yeah. Is, is there anything that you found that's, that's really useful? Like, is there. new programs out there. I love why, like, I, I personally, I know a lot of people. Question it or, or, [00:23:00] or address it because of the way sometimes they go to market, but we really, and we really like the no before platform, the testing, the test fishing.

Because if you have somebody managing it, that is good. Right. You know, to me it can be customized, it can be tracked, and then you can actually. Objective measurements of people that are learning, right? Because you're like X number of people were, you know, causing a data breach clicking in the beginning and then over time you actually see it going down.

So to me, that's some element that the culture is starting to improve, at least for one metric, right? I. The wiser videos because they're hilarious. Like, who, how do you not like, if you can use humor and you can help people kind of enjoy the, the security awareness video that they're gonna watch, that's always cool.

Is there anything that you're seeing that, that you've found kind of useful for organizations? I'll be honest, I think you touched on the, the best or the most important [00:24:00] part. Because when you get into the whole conversation of a whole lot of the security training or getting users a little bit more educated, there's always a certain amount of rough edges to it, and a thought leadership thing is like, hey, at, at the end of the day, People are going to click on a link like yes.

Okay. I think we're a little bit understanding and accepting of that, and we don't need to make it such an awful, egregious thing. We can never blame the user. I'll agree with that, but it's still good to have those steps that we can take to improve the situation. So understanding and accepting when there is a.

It happens, but let's still try to board up the windows the best we can, right With your, as you mentioned, continuous, Hey, let's get some of those phishing emails scheduled out. It'll have it be managed by some other individuals that might be able to keep it current with the real threats in the real world right now.

And have some fun stories on that if we'd like. I don't know how much time we have together, I would love, but your, your, the floor is yours, my friend. Yeah, yeah. . Yeah. [00:25:00] Let's, let's go down that rabbit hole, or let's finish your thought. Yeah. To, to rest on that at least. Let's see if I can remember where I'm going here.

I did want to, Drive the point home while we're trusting the user. And understanding when there is an issue. Having a lot of that in the moment, things to be able to help fix it is, is a good thing. But the metric is the most important thing because if you do a Phish test and you say, Hey look, 60% of users, click the link, haha.

Point and laugh dumb people, right? That's one thing. Do it again next month, do it again next year, what's gonna happen? You, you wanna make. Ha ha you don't point and laugh. We've increased that number. We've changed. We're seeing the impact. Exactly. Yeah. It's, it's gotta be actionable and, and driven with that.

Yeah, absolutely. And, and I think that's where creating a baseline in the first place is so important, right? Because people are coming from different. Backgrounds, different levels of security awareness, different [00:26:00] technology adaptation levels, and so, and every organization is different, but just kind of figure out where your baseline is and then measure to that baseline, like let's watch to see how many things and that, that's why I think somebody that knows the industry, managing that is really key because.

To us, like being able, you know, for example, like a easy example would be, okay, well if you just use the template ones, okay, well, sending a Facebook email to your work email isn't really, you're gonna know that's a phish, right? We don't get Facebook emails at our work email. Why would we get one? Right? You see that, you kind of know that it's a fish.

Not even have to read it, right? But when you c. And let's say you use a certain vendor for something, or you're in accounts receivable or Accounts Bo, and you have a certain H V A C vendor and you can make it seem like it's coming from a vendor that would be being paid right now or something like that.

Then all of a sudden you're like, well, right. Like now it [00:27:00] looks like it could be legitimate. And I think still clicking on the links, as long as there's red flags in there that they should be watching kind of shows. They're distracted. They're not paying attention. So how do we focus on training them?

That's really good. But you had some stories on that, so I would love to explore that. Just a fun fact before we dive into one of the stories and anecdotes, the huntress again, and not to by any means make this a commercial or advertisement, but no, we love huntress. We, we, I I think what you guys do is fantastic, especially the, the work you guys are trying to bring it to small businesses, to you're, you're, you're, you're trying to socialize it, right?

And Yeah. And what you guys do is very complex. It's very advanced. And to be able to bring that to. More to open up the access. Is is honorable. I mean, that's what it's all about. It's a tough task. It's a tough task. We had just recently acquired curricula, so a security [00:28:00] awareness training a spot mm-hmm.

And we want to bri and, and bring in that. Security awareness training in a, in a managed way. Hey, you've just kind of said and forget it. Yes. We'll trust that those phishing emails happen. And then once, hey, someone is a little bit delinquent, hey, we can automatically enroll them in that training. We have and their episodes or their videos for that training is a little bit more.

Animated and fun. A couple of characters. Hey, we've got a five year old hacker, a girl named deedee, and she's the one causing mischief sending fishing links and stealing cookies. Two factor authentication, yada, yada, yada. So it's a lot of fun and we're very, very excited to kind of keep pushing on that for some of the security awareness stuff.

That's great. That's excellent. So when, when we talk about you just mentioned cookies, So what advice can you give to people when they're going to websites and they get that initial popup and it says, accept all cookies. Reject all cookies, adjust it. Right. Adjust the settings. What advice do you have and, and why is [00:29:00] that so important for people to understand?

Because when we explain it to people, they're like, I had no idea. They just always click except all, so that they, they think they're not gonna be able to access the site if they don't. Mm-hmm. And I'm like, that's not accurate at all. So can, can you share with us what, what advice you would've The boring basic advice is like, Hey, just look at what's in front of you and be cognizant and think, and I don't know if it looks like a scam.

It, it is a scam, right? If it looks illegitimate or not, where you were, you didn't need to go there. If you want to avoid, hey, even just simply clicking your mouse sometimes if people are willing, Hey, just hit Alta four on the keyboard or like, alt space C and, and make it go away. You don't want to accidentally or even whatever, Don't need to interact with it.

So maybe that's a, a, a scrappy or a boring answer. Some folks, oh, that's actually a really good one. No, that's good. That's really good. Excellent. . But anyway, if I may a, a, a fun story that could lead to some phishing and hopefully scratch your advanced persistent threat itch. I know you're [00:30:00] curious about mm-hmm.

And I don't know if anyone listen in, might already be familiar with the story, but it's a, it's a wild doozy one because, so huntress a day job, right. Was taken on a new trialing partner a new organization, a new business that we wanted to kind of help provide for. And they're trialing, they're entering the first day of their, of their 21 day trial.

And this is, Relatively influential or important, or a person of a a, an organization of a, an amount of authority, not like a three letter agency or any of the big buzzwords, bigwigs, mm-hmm. , but a, a research agency mm-hmm. That's mm-hmm. , trying to think on, Hey, what do we, what does the world see for foreign relations including that with, with weapons, with nukes, right.

And arms. So, so the stakes are high. So the stakes are, the stakes are high . Yeah. So we found one of our AIM analysts was digging up and called some of the other researchers and other nerds and geeks in, and we said, Hey, hey, hey, I found this weird [00:31:00] looking update. I found this sort of scheduled task that's just called Google update or whatever.

But it is a visual basic script. So for the Nerds and Geeks, that's one of those Windows languages that will just automatically run and it would end up pulling from a Google Drive document like way out on the internet. Hey, we've got like a, a Google Doc or a Google Sheets or whatever.

Collaborative Google D Drive work file. So if you went to it, if we went to do our due diligence, kind of digging in and analyzing it, it was empty. Like there's nothing in the document, but the file name of the document is this weird, long and wild gibberish, looks like nonsense, looks like random letters and numbers, blah, blah, blah.

But if you compared that with this visual basic script code, it is. And ended up being decrypted or de obfuscated that was going to be a stager to run and detonate more potential stuff. And we thought that was weird. That's [00:32:00] certainly suspicious and doesn't look good. If we pull back again, another layer of the data that we could de obfuscate, just kind of following the steps of the visual basic script, we could start to carve and find out other.

Implants, hooks and claws and this persistence mechanism that they simply had with that scheduled task of a Google updater. Ultimately it ends up being some, hey, remote access Trojan that could still get command and control back and forth to different external websites. But now we're like, okay, there really is evil here.

And we're doing our homework, we're doing our due diligence. We're seeing, has anyone else seen this sort of trade, craft or style before? I think unit 42 had put out some research. That style of using a delimiter and de obfuscated itself within a Google drive is known to Kim Suki, which is the name of the adversary or threat actor.

It's a North Korea a p t Advanced Persistent Threat. And we've done, whoa. Okay. Stakes. Were a little bit. Is that the, is that the, that's not the person that was tied [00:33:00] to the Sony breach of 2014? I am not sure. I'll be the first to admit. Okay. Okay. Okay. I'll, I'll, I'll look that up. That's okay. Because that's really interesting.

Yeah. So digging into the breadcrumbs puzzle pieces that we have here, the Visual Basic script had a special sort of fun fact that we hadn't seen before cuz it was checking the user or even just environment data, like, Hey, what's the name of the computer? What's the host name? What other advices are allowed or nearby?

Mm-hmm. , what is the username? And it would do an interesting thing cuz it would only. Execute the next stage or go detonate. Really? Yeah. If the user, if the user name of the computer, the person using that keyboard, right. Matched like Alice or, or whatever name that we want to choose. So it's specifically going only having guardrails to execute and detonate if it matches Alice, so to speak.[00:34:00] 

Again, kinda researching around why do you think that was? Why do you think they did that? So, Alice person doing our research online for this organization is one of those head honcho, Hey, they're one of the leaders. Mm-hmm. , they're one of the the key decision makers and persons of power within that organization.

Whether they're going on meetings, whether they're going to, hey, interface with those potential form relations, et cetera, et cetera. So yeah, I see it coming through in the chat messages for our live stream here. Like this is wild and targeted. They're look going after this individual. So, hey, I'll speed run a little bit because while we got to go check our e d r, we're digging through the alerts and investigations.

We see a key logger PowerShell based key logger that's kinda monitoring, hey, what you type on the keyboard here and there, and when. and a browser sniffing or stealing utility that will see, Hey, what tab do you have open? This thing was written in, in C sharp. And it would just say, Hey, what, what webpages are you visiting?

And can we pull that [00:35:00] text or that information down? And I was like, wow. This is genuine targeted information espionage from an advanced persistent threat on a place of certain caliber position and power. Right. The question that everyone wants to ask, right? When we get to tell the story to, to, I don't know, journalists or headlines or what, what everyone tends to ask is how do they get in, right?

How do the hackers break in the environment? So finding and discovering that this was kazuki, that AP a p t, their trade craft and their style is to use a, a phishing email, fair to say mm-hmm. . So, and by back on that link, it gave them access. Well I'll, I'll build up a little bit here because we wanted to know where was that fish?

Mm-hmm. . So we asked the organization, and this is kind of a strange ethical thing that I don't normally have to ask those questions, but like, Hey, can we look through your emails? Can, can, can we go into your [00:36:00] downloads folder? Can we see what's happening on your desktop? Cuz normally we just don't. Right, but they were comfortable with it.

They said, okay, absolutely. Whatever we wanna do for the investigation and the analysis. So we're digging through these downloads folder and we saw a weird one, a little zip file called voa chorea.zip. And this is a Voice of America. A Voice of America, Korea dot right? And it was downloaded twice. It has a v a chorea, one like parenthesis surrounding it.

So, oops. Maybe just an accidental double click. They might downloaded it twice. There is another antivirus on this computer, on this host and the antivirus is smart. Tries to scan and analyze everything that's downloaded. So we go take a look at, hey, what antivirus logs are there? Is there anything that it might have found that could clue us in?

That could tell us which of these files that we're seeing in the downloads, whether or not it's voa, chorea, dot, zip, which of those is the The Bob? Right? And it had scanned this zip. [00:37:00] But it failed, it, it couldn't analyze it further because it's a password protected zip file. Like, oh, okay. Smart little trick here.

Maybe the file size is too big, the antivirus engine won't eat it. Or because it's password protected, it won't know how to decrypt it and can't examine the contents, so, Hmm. Okay. A little bit clever. In which, Now I'm thinking. All right, we're gonna switch our hats here. We're gonna transition from threat hunter to hacker and and CTF player

Mm-hmm. . And we're gonna try and find out the password to the zip file. Right. Crack that thing right open. Right. Like that's what you gotta do. So we're throwing John the ripper, we're throwing hash cat, we're doing dictionary based attacks, brute floor ci, yada, yada, yada. And eventually we find the password as VOA 2021.

Boring and dumb, but okay. That's all done. Yeah. You gotta be kidding me. Okay. So we pride this thing open and it's a Microsoft Word document, so you can imagine Microsoft Word document enabled with macros. Mm-hmm. . And we got [00:38:00] to go analyze and look at the macros. Digging into that source code is visible to us.

We could see it would check if other Endpoint protection softwares on there, like if Bit defenders running or if Norton is running or whatever process. That's still for security. Mitigation, don't execute. If that is not running, we're ao okay? We can start to call back to our command and control framework and change all the registry values so you'll never have to prompt for macros again in the future.

Mm So, hey, whatever. Small, small back doors and damage. Mm-hmm. . So we bring this to the organization, we say, Hey, we found it. We've got the root cause analysis. We found the phishing document, the malicious doc. Mm-hmm. macro naval document. What about the email ? Yeah, I was gonna say you how far can we trace this back?

You found the download, but what, what got them to where? Yeah. So what, what, what did we find? So we bring them this file, this zip file, and then we get to speak with Alice [00:39:00] as, as the confidential redacted name cast of characters here. And they say, oh, I remember that. And then really they'll point it to us and they go and they send us the email, the EML file.

And it's wild to look at. So there's a received email from a Voice of America. That says, hi organization Alice. You know, we're writing a story. We're going to do some article. We want to do our journalist reporting stuff that we do, and we'd like to interview you on what is Trump's involvement, Korea and blah, whatever, whatever, whatever.

Couple of questions, and it's. Asking for them to participate in an interview. It's like, oh, okay. Kind of innocent, kind of cool. Yeah. And interesting because one, they're impersonating this reporter, genuine and real reporter name from voa, from Voice of America. Right. And they are asking them for information.

It's not just a, Hey, smash and grab, here's [00:40:00] my implant, here's my macro detonated and run. But they want to build trust. They want to build a relationship. So the victim, Alice says, Hey, I'm sorry it took me so long to get back to the email. Absolutely more than happy to help. Here is here are the answers to your questions.

Spits it all up. A threat actor, a couple days pass or whatever, the next email in the chain, they respond and say, this is great. Thank you so much. Hey I just wanted to make a couple revisions so we can make it ready for publish. If you wouldn't mind just checking my edits and approving them to make sure they're good for what you would like.

Hey, I've attached this and to be secure, of course, for our communications are encrypted. This is a password protected document. Password is VOA 2020. There's the, there's the social engineer's, the hook right there. Yeah, yeah, yeah. There's the hook after a couple stages, and the next response that we see in this email chain is Alice saying, Hey, this looks great.

I've checked in with my boss, so-and-so. Here's Bob and [00:41:00] Charlie and Doug, or however many characters you wanna extrapolate, and they've all approved it just as well. So carbon copied in the email are all those other individuals that this malware has just gotten to granted. They, they're the guardrails to target one of those individuals.

But that's just wild and insane. If you open up the macro documents, if you open up the Word document, it's. Boring, basic and classic. This document is created in older versions of Windows. Please click Enable Content and enable editing for us to view this document. Really, it's like, please run my malware.

Pretty pleased. Right? Exactly. . Holy cow. So long story. I'm sorry. No, that was great. I can't believe. Oh my gosh. So that was really well played out though. Like that is a pretty strategic, strategic specific, that is a really wildly targeted approach. Did the email come from, like they, they purported to be [00:42:00] this legitimate actual person who's the reporter from like Voice of America, right?

You said? Yes. Did the email, did they ghost the email? Like, did it actually look like it came. The organization that the real reporter works for, or could they have learned it from there? Well, hey, I did us a disservice and I should have tried to do some screen share if I could. . No, it's okay. I think you can, but if not, it's, let's see if it will let me.

Nope, nope. I don't want to slide for that. I don't know if this is visible or not. I kind of pulled it up. I'm not sure if it's backstage of restream. Nope. There you go. So this is all redacted. And while I, I realized, whoops, sorry, I kind of said this all aloud. So I don't mean to backpedal to here for us, but the que to answer your question as you were just asking is.

Well, hey, where did this come from? Right? Was it a Voice of America email? Truly? No, it's a dumb stupid yahoo.com email. [00:43:00] Wow. Holy wow. and that. Oh man. Wow, wow, wow. Holy. And here is the Hey, thanks so much. Very good material. I did rearrange it to be secure. This is protected. Yep. On it. It was a OneDrive link to download it.

Mm-hmm. . There's the password right there. Voice of America. 2021. Oh my gosh. She, she responds, Hey, I've checked in with Bill or Bob or whatever character we want. He says he's okay with it. And truthfully, this is not. Right. So did, again, our homework, due diligence, reading about this thing, this look hackers using this sort of style of, of lure even been around 2020.

If you want to dig into the article, that is a Miss Cho who is the impersonate and real person, genuine reporter, actual journalist. They just took her name and were [00:44:00] a masquerading as that. Wow. But I, I bet if you look at her contact info, it's not yahoo.com , right? No. She's actually got a Hotmail account instead.

So, so you, you, you mentioned something interesting and that is you, to enable the macros. It was really the, the, this is an older version of Microsoft, right? Is it okay to open that up as soon as you click on that? That's enabling the malware to run. Yep. That will run. So I pulled that up. I don't know if you can see it here.

Just super simple, super easy. And again, I, I, I hate, I just always kick myself as to whatever, I don't know, thought leader quote unquote, or, or some mm-hmm. person in the scene to keep screaming and shouting about, yeah, like, stop, don't cl update your software patch. Use multifactor verification, right? Use strong, complex passwords.

Don't click on email links. I found so boring and dumb, but. Please click [00:45:00] on my Malware is literally all it takes from an advanced persistent threat, right? . And we, and we wonder why, right? And we wonder why we're losing the battle sometimes. Holy co. So what are you showing here? Oh, I'm sorry. So these were some of these again, guardrails that would say if this agent or if, if Bit Defender or Norton or whatever is running, don't do anything, just bail out.

Mm-hmm. . But otherwise in our elf statement, that's when we start to stage all those registry things. And goodness guys, I'm super sorry. I should have put up some some sweet show and tell a little bit earlier. Oh. Oh, it's okay. Now we just have to hand you back and do a whole show. No, this is amazing.

This is so interesting. You bring all your cool toys too. That'd be great. . So here user name was checking for Bob or whatever in that example. Mm-hmm. targeting one specific username. That's what you mentioned earlier. Mm-hmm. . They were going after the one person and otherwise quit. Yep. [00:46:00] Holy cow. That's just amazing.

Yeah, we'll have to do a show and tell Episode. I, I got a feeling you got like a whole treasure chest of stuff You can share . Holy cow. Look at that. But hey, if if folks are, are curious more of those war stories and fun kind of things to banter on about whether we're chatting about Black Cat and some of those ransomware things mm-hmm.

or whether we're chatting about I don't know, other things that hackers might do all this stuff I kind of like to sing and, and share and, and tell those stories. Huntress is exactly. I see in the chat Ray mentioning, Hey, Tradecraft Tuesday is a show that we end up doing That's mm-hmm. , no product, no pitch, no fluff.

We just kind of want to be able to bring some cool stuff out to talk about trade craft, to talk about what enemies are up to. Absolutely. And that's totally interested. No, absolutely. And we'll have links to all of your information in, in the show notes when we release this as a final episode, as well as the show notes for the for the audio podcast.[00:47:00] 

Holy cow. That's just, that's amazing. So I can't let you go. I know we're time, time is is, is is running, but I can't let you go until I get your input on the, on the use and the, what you're seeing so far at, its at its inception stages about chat, G p T and open ai and leveraging, leveraging ai. I mean, to me, there's, there's a, there's a.

Benign and positive experiences and in and uses for it, and there's a lot of nefarious uses for it. What are you seeing? What, what insight can you share with us about it? Okay. So, hey, I know that could be an entire, that's discussion. That could be an entire series. There's a lot to unpack there. Yeah.

Well so I'll, I'll be the first to admit. I have not yet drank the AI reserv revolution and, and machine learning and chat, G p T. Mm-hmm. Really change of the, I've not Dr, I've not drank the Kool-Aid. I well let me [00:48:00] add an asterisk here. Because I have seen, and even Kyle, our ceo right, and others that have gone and said and told folks that I agree with, for the bottom of the.

For the script kitties. Yeah. For hey, the low tier and sophisticated quote unquote, though nothing really is for the unsophisticated actors. Yeah, it's gonna be cool cuz you can rip out code and you can quickly put the pieces together to maybe make some toolkit or some thing that you'd like but it's not gonna.

It's not gonna invent the next zero day yet. It's, it's not gonna be anything. That's, that's what I wanted to get at. Do you see it, do you see it creating polymorphic malware or, or zero day? Not yet. Yet, right? Not yet. Truthfully, and maybe that's just a John opinion. I could very well be wrong. Don't have a crystal ball.

Can't see the future, not Nostradamus. But I, I, I don't know yet. So here, if I [00:49:00] may, there are a whole lot of fun conversations that we've been having about chat, G p t, and I like to poke fun at it because everyone's chatting about it. Mm-hmm. . So when I gave this presentation of black Cat and a ransomware mm-hmm.

just over write a boom when I said, wow, it's so cool and hipster that they're writing in rust, you know, they're, they're doing ransomware in the, in the new hot language. And I thought that would be cool. What if I just asked chat g p t to do that for me? . Oh my gosh. So chat G p t If you say, Hey, would you please write me ransomware?

It says, no, no, no. I, I, I can't open the pod bay doors. You know, I'm not gonna do that for you. That's unethical. That's not what our humanity needs. But if you say, could you please give me code in the Russ programming language that recursively loops throughs and iterates through files in the file system, encrypt eachs content with AEs 2 56, and you give it more of the tactical details, it just spits it out.

There you go. Holy cow. And it was, and so you did that and it spit out the exact execution for [00:50:00] in, in the rust language. Right. But let me, let me say, I have not tested this. I have not validated this. I have not ran this code. I, I, I'm not a ransomware operator. We can either confirm nor deny any of those allegations.

This is solely for educational purposes for those paying a. But whenever chat g b t spits out code to you, maybe it, it won't have the credentials that you needed to be able to do something or it won't, right? Know, okay, whatever services that this thing could connect to there, there's some other plumbing that needs to be made or done for it to work correctly.

So rarely will it give you something outright that works. And with that, you need to have the know-how you, you, you need to understand a little bit more. So it might enable those script kitties, maybe potentially. Mm-hmm. . But I don't think it's gonna be anything, all that. Game changing for the big boy threats.

If, if I may . Yeah. Okay. So before we let you go, let me ask you bigger picture, [00:51:00] right? Yeah. What are your thoughts on, you know, the, the the US National Cybersecurity? Framework, right? There was, there was talks there. It was, it was in the news recently that they were supposed to be coming out with some national cybersecurity standards, at least for critical infrastructure and a couple of the key verticals.

Any insight on that? Do you have thoughts on that? When we asked friends of ours that were, you know, in the f or former FBI or whatever, they're always. They're very skeptical about it. Yeah. They're like, I don't know if it's really gonna have any impact, like how much of it is political grandstanding and how much is, is actual, but for somebody that is involved directly in it, I wanted to ask you.

Oh, what a great question. And thank you for that backdrop in context too, cuz I'm, I'm another one of those fellas that says, Hey hey, I, I, I've been in seeing the, the whole maybe coast guard or government or military side and I might be a little bit jaded might be a little bit pessimistic. I don't know.[00:52:00] 

But as you mentioned, oh, grand standing or just making talk the hot air that comes with it. A PR stunts. I don't know. Mm-hmm. , let me, let me let. Redeem that. Cuz I think in, in that more optimistic and real genuine stance, I think a lot of times when we ask ourselves, okay, what are we doing? What do we need to do next?

Are we moving in the right direction? And we just do that gut check either as a nation, either as security, either as professionals in a company and business. Whenever you ask that question, I. You don't gonna, you aren't gonna know what's, what's next for the future. You aren't gonna know what's on the horizon and you can, we can try and predict it, but it's a plan is, is only so so some of those new, okay. Either legislation or regulations or the task force that we build and put out together, I tend to be really optimistic because I'm thinking we're trying, we're we're putting in, in the effort forward, whether or not we're moving in the right direction, I don't know yet, and we [00:53:00] don't know yet.

But the difference is that we're moving to begin with. Yeah. We're, we're making that change at all. So I think the collaboration, would you agree that the collaboration between the private sector and like, and the security community and the US government is so key, right? Yes. Because oftentimes we are out there operating, breaking things, learning things, seeing things, and we don't know what the public sector is actually.

Right. Yeah. And, and, and just to, to have an initiative to more, more than just on paper, but to actually have those coalitions that, that kind of drive it together, I think it would be fantastic. I think that's the only way we're gonna. Get a handle on it. Right? Agreed. Cannot be stove piped. Look, no, it takes everyone planned in concert.

It it'ss a takes a whole village. You know, it's, it is a team sport. I've seen Zas and their, and their shields up initiatives, I think. Mm-hmm. They've been doing an incredible job and I think [00:54:00] really moving mountains to, to get. The togetherness in the community better between private partner public partnerships.

So hey, maybe that, maybe that's a fine way to kind of bundle this thing up. We're moving in the best direction that we know how to for now. . Yeah. Yeah. One of the listeners just mentioned the private sector needs to help fix the cyber skills gap to take part in o g. Oh yeah. So excellent point.

Excellent. It's another can of worms, . Yeah, exactly. Right. Because there are so many, there's such great need and there's so many open jobs that are out there. We need to get people on board, right? Maybe not, you know, exactly what the employer would think, but they, but they need to, to be engaging these people more and more.

That's fantastic. Yeah. So, hey what, what's, what's on the, what's on your immediate horizon, John? Tell us, share that with us. Tell us what's coming up. Well, hey I have a another road [00:55:00] trip, some more travel, gonna go speak and, and try to do some security stuff over at Rooted Con, which is way over in Madrid.

Really cool. So that'll be quite some fun. That's neat. And then, The Cayman Islands a BSides. I wanna jump over to, there's a Zef Con over in Poland, so I'll be, I'll be honest, I'm in a little bit of. World tour, I guess. I don't know. Yeah, that's great. That's really cool. That's really cool. Are you gonna share that on your channel or are you going to be I'll certainly try to , yeah.

Yeah. Well, we, we, we look to see that everybody check out if, if you haven't. Checked out John Hammond's channel. You're one of the very, you're probably one of the five people in the US who have it. So, but so get on board and, and, and check out his stuff. I've learned so much from you before ever meeting you and then being able to speak with you in person.

It's honestly an honor. So thank you so much for everything you do every day and then for spending some time with us. John, we really appreci. Thank you so much for the support. This was a real treat [00:56:00] and, and an honor to, to be invited just as well. So thank you. Thank you. Thank you all. Thank you so much.

All right, everybody. We'll see ya. Thanks, John. Appreciate it, sir. Take care.

Hey, well that's a wrap. Thank you for listening. Our next episode starts right now. Please be sure to subscribe to our YouTube channel. It's free, and download the podcast episodes available everywhere you get podcasts. To support our show and get exclusive pre-release episodes and bonus content, please subscribe to Cybercrime Junkies Prime Lincoln, the description and show notes, and thanks for being a cyber crime.