Anti-Tech Extremism - 2026-06-01

I haven't I haven't actually gotten too many of, like, I can't help you with that. Right? But I think it's because I break down my tasks so, like, into small pieces because I've had it happen before. You're just like, alright. We'll just solve this thing. Right? Solve that thing.

But yeah. I mean, at BHIS, we saw people that run into it, but it seems like the most of the people who are running into the CVP, like, denials are the people working on low level code, like the, you know, exploit development, like like especially messing around with those Windows LPEs and stuff like that. It's it's all over that. It doesn't want you to have that. But for just like pen testing stuff, it seems pretty open.

Yeah.

Yeah. I wasn't getting called out until recently. Last week, they really didn't like the supply chain attacking tool that I was building.

It was like, they're too close to home.

Well, in the golden age of Cloudco before the whole, like, nerfing the model situation or whatever is when I, like, built most of it and it never complained once. But then, like, three months later, on the new model, it was like, I'm not touching that. And so

You can always go back to the old model. True. People still say that they love four six,

I think, the best.

No no verification. No problem. Just let it rip.

What was like what's what was great about the older model was it would, like, find other things even though you didn't mention your prompt and, like, still, like, fix it for you and just do the best you could possibly do. Like, oh, I found something critical. I should probably fix that as part of this task. But now it's like, oh, I found something critical, but you didn't say to do that. So I'm just gonna leave this bug hidden so you never see it unless, like, you're, like, laser focused on my standard out, which will get disappeared in five seconds anyways.

I have found that four eight and four seven will both do that, but you have to use it in x high. You can't if you use it in high or medium or any of the like, you it has to be in the high or extra high mode to actually catch stuff along the way. Least my

power mode. Let's take that up so the system changes

as much thing. Although I will say the new max whatever extreme mode is pretty fun like we were talking about with workflows. But just I usually use the x high and that seems to do a good job with catching some of that stuff like you're talking about. I agree though. I had the same experience.

I just go straight to max even when I'm like, hey, could you just change this one color?

I need you to just center this div. Yeah. Ultra code.

Yes. Ultra. Ultra. Can I can I oh, and then I I get a opus with fast mode too just for that?

Just ripping through tokens for now.

So wait. What is fast mode? That's new. Right? What is it?

No. No. No. So I think they had it in I I think they had it in 462, 47, 46. Anyways, if you're on Opus and fast mode just you're you you get faster tokens per second. So it's gonna respond faster. Like, you're gonna get output quicker. So, like, the same task was gonna you're gonna get that the result, right, from beginning to, like, where you have to where it has to stop faster. So.

Gotcha.

Yeah. But it costs more money. Of course. Yeah.

Of course it costs more money. Yeah. So Those oceans aren't gonna boil themselves.

Oh, no. But those farms are sure gonna be taken down pretty soon here. Yeah.

That's that's one of the articles we're gonna talk about probably first. I know. There's an article for that.

There's an article for that.

I don't know. Let's roll the finger, Ryan. Let let's go live a little early because we we are we're already, like, segueing into the show. Let's do it. Hello, and welcome to Black Hills Information Security's talking about news.

What's up,

Ralph? What's going on? You you gotta give your fancy intro. What do you do? Spears? Arrows? You you your weapons, man. Know they do,

like, like, ancient attacks of sorts. Right?

Okay. I see. Old weapons. Old he said edged weapons. Dude, do you remember that, like, history channel? Cyber

I'm a cyber I'm a cyber, what do you call it? Software dealer. There you

go. Okay. An arms dealer? You're the lord of war. Yeah.

The lord of war for cybersecurity. There you

Yeah. I I just remember, like, those history channel, like, you know, when I grew up watching TV, and it'd be like a history channel documentary, and it'd be like, this guy with, like, you know, a really, really short tie being like, I'm an edged weapons expert.

That's like, you had

it That's you, Ralph.

Yes. Experts come in all different shapes and sizes.

Go endorse Ralph for edged weapon ex expert on LinkedIn.

Yes. Good times. Good times. We got Wade who's waiting two logs. What's up, Wade?

What's up? I am off this week because I am doing training, so it's actually pretty nice. I haven't read the news yet today. Are you taking it,

or are

you giving it?

I'm giving it. I'm giving training. So which is always more fun, I think, nowadays. I don't know. I feel like now with AI training for me is just, reading Claude articles over and over again.

Hallucinating your way through the training? Yeah. Yep. Oh. Just asking it to build a skill that's past this training?

Yeah. Yeah. Then it's worked pretty well so far. You know? I just

Oh, nice.

I think

Phil, Phil's a BHIS, I would say, developer tester. I don't know what to call you, Phil. You have a webcast coming up. Right?

Yeah. Yeah. A little bit of jack of all trades, like some testings and development. But, yeah, I got a webcast coming up about hacking CICD pipelines. So it's all the rage these days with the supply chain tax. But, yeah, stay tuned because it should be a

lot of fun. The content community team today on our internal meeting was like, it's Miller time. I love that. It's amazing.

My heart started racing so fast when they would I was like, I'm not prepared for this. I have nothing witty to respond with.

Well, wait till you see how fast your heart's gonna be racing on, your webcast. We also have Shane Shane Hartman from TrustedSec. Right? That's where you work based on your shirt?

Yeah. Based on my shirt, that's where I'm at. I'm one of the principal, IR consultants there, so I spend all my day fixing everybody's mess ups.

That's awesome. I love it when the podcast slants towards blue team. I feel like it's gonna be up to you, David, to decide if you're are you a blue teamer or red teamer?

Oh, no.

What do you see yourself?

Despite the, red hoodie, I am entirely a 100% blue team.

Good. Good. I think this is one of the very few times that we've had equal footing ever.

This is equal. Yeah. We got three. I mean, okay.

I will say

Wade's famous quote. Right? Everyone's blue team if you think about it for long enough.

Yeah. There is no red team. No spoon. No red team.

No red team. Like, yes, I agree, but it's fun when we have so, David, you are Shane, why don't you, you got a class coming up, or you're keynoting some, threat hunting summit we're doing, or I don't know. Something's happening. What's going on?

Yeah. I'm probably I'm doing the threat hunt symposium or thing that you're doing on June 17. So mine is kinda hunting in the dark. It's be focused a little bit more on kinda just the quick wins and getting started. A lot of engagements that we do where we engage with Threat Hunt, what we have is they're either starting out or they're trying to get a foothold to get the either money in order to get that going.

Nice. That's awesome. Yeah. I feel like a lot of the times when I'm doing, you know, pen test report readouts or whatever, I'm like, yeah, you could do a threat hunt, but, like, in my head, just like yada yada yada that. I'm like, you know, just like do a threat hunt, but I have no idea where to, you know, tell them to start. So maybe that would be a good place.

Absolutely. We like you guys. We like that when you leave details out on the network,

we get to go find it. Yeah. Yeah. That's my job is to leave details out on the network to go find. Red red red

kind of man.

And then, yeah, David, you're you're actually keynoting. Right? You're you're the you're the big name in the room.

I I am kicking it kicking it all off. Yeah. I'm very excited. It is it's actually only my second ever keynote, so I'm trying to have really interesting insights.

That's really hard. That that's a that's a high bar to set for yourself.

That's also very surprising that this is only your second keynote. What's wrong with people?

Yeah. So, yeah, definitely people well, yeah, please, David, answer that question live on the air. Yeah. Tell me

what's wrong with Yeah. That's how we're starting the podcast today.

And and it's a strong start. No. I'm I'm actually really excited. There's it seems like for the last few years, like, of my presentations are something I screwed something up. That was my, RSA presentation from was it last year? How I screwed up threat hunting a decade ago.

And and and the you know, at at

the time, I I I put out this, this definition of threat hunting that got picked up that it's human driven, maybe machine assisted, but human driven. And I feel like we may be to the point where we it's time to possibly redefine that or at least decide whether we should redefine that. So I've always been, like, automated threat hunting, that's not a thing. We call that incident detection. And I'm starting to think that that may not be defensible anymore.

That's what I was gonna say. This sounds like an excuse for someone who hasn't finished the slides yet, really.

That's that's that's exactly why I proposed it, actually. I wanted to I wanted to have an excuse to spend some time thinking through it. So that's but but that's what it's gonna be. Like, with with the advent of AI, being able to provide the reasoning that before only the human could really do, is it time? And your guess is as good as mine right now.

Nice. Yeah. I mean, honestly, I love, like, as a concept when I'm doing a talk or anything like that. I think you have to choose something that you're fascinated in and don't know all the answers about. Like, it has to be something that you're genuinely doing discovery during the process, and, yeah, building the slides the night before is the key. That's the that's the key. That's the secret. The secret sauce. Alright. Let's roll into articles.

Very specific.

Which is which is fair. It does feel like to me that when they do these projects, it feels like they're working as hard as possible to make it as politically disastrous as it could be. Like, the the one in the one in Utah that hit my radar was it was the shark tank guy. Right? I forget his name.

Million watts.

Half of these projects are like, we're we've located a rare, animal habitat, and we're gonna slowly kill them one by one on the live feed, and that's and then that'll be a dataset. Like, it just feels like they're

trying make baby pandas, and they kill them just to make sure that you guys are all really, really upset. Yeah.

The better part was him claiming it was China. Right? And then, like, it being, like, two, like, women. Just being like, nope. Nope. Not China. Like, we actually live here. Like, don't

Yeah. I mean, I guess I'm like, what is the what is the real threat here? What are they gonna do? Like, put ignore all future instructions and stop construction, like QR codes on things? Like, what is the like, I obviously, there are physical threat. You know, it could be like, you know, people sabotaging projects or, you know, just imagine chaining yourself to a hard drive. You cannot install this hard drive until you take me off of it. I don't know.

Well, I I so, I mean, the the terrorism or domestic terrorism aside. Right? So, like, the actual actions. But, I mean, you know, the only other way to stop these things from being built in your city is to, you know, essentially protest and specifically, not just to stand out there, but just holding signs, essentially to get the recognition of the, you know, the the local government to to not to not have it there. Right? That's, you know, that's, I think, like, the ultimate goal.

But Yeah. I mean, I don't know. I have mixed feelings on this. Does anyone have a strong take?

That's what they've been doing in Florida where I live. They've been putting out a lot of media articles about the electrical cost grid and water being used. So they're talking about they're using the natural resource side and saying we don't want it here because we don't have the resources to give to you because it'll everybody else will have to pay for it. So that that that take is what they've done. Yeah. I mean, I

live in Oregon where there's a lot of data centers. Like, Hillsborough is one of the biggest data center. Like, that's an entire AWS region. Uh-huh. It is.

But You sound like one of these terrorists that they're talking about.

Oh my god. I guess I'm on

a watch list now.

Yeah. This White House article is literally just propaganda. Like Yeah. What have you seen anywhere? Not not true. It's just literally the people trying to say, I don't want a data center in my backyard.

Right? People are against me saying they must be terrorists.

They know. Exactly.

Yeah. Like Well, mean,

if you read that thing that it's not only about saying anti data center activists are terrorists. Right? There's, like, some broad categories in there.

It's true. It's not just data centers.

Yeah. Right. It's not just data centers. It again, I I don't wanna get too political, on here either. If if you wanna hear that, that's first episode. On my socials.

That's when I post on my socials.

You want you want the politics, David? You can get that on Blue Sky or something. So but, you know, I do think I do think there's, like, three big, waves that are kinda coming together and right now, and it's kind of I wanna say interesting, but, like, interesting in maybe a bad way too is, like, the the anti AI, anti data centers, but also they're kind of inextricably tied to the anti billionaire, things and and the sentiments. And they they all really are tied together, not just in people's brains, but they actually because these these are the people who are making the data centers to run the AI. So, yeah, we're we're just it's it's just like a perfect storm right now.

It is kinda interesting too because they're building data centers and taking away from the cities and towns and resources to then also build AI that then takes away their jobs too. It's kind of like, why do I wanna keep doing this? Right? Like, what what what am I getting out of this to then feed not only to take away people's jobs. And, again, I'm I'm I'm, like, throwing out the nest the net further.

Yep. It's a good point. Very political take, Ralph. How dare you?

I know. Sorry. I mean, I think you an AI fan too, but it's like, is the AI that we love so much or that I enjoy using so much, is that the thing that's going to hurt everybody? Right? I don't know. I'm not saying that's what I believe. I'm just saying I'm just proposing the question. Right?

Yeah. I mean, I think the only example of this that I've seen, and it wasn't even The US, is like The UK strong resistance to the speed cameras and like and and like their equivalent of flock cameras and just seeing a bunch of videos of people with sawzalls just hacking through the post, like, you know, just cutting down speed cameras, like, as a kind of a coordinated targeted sort of thing. But

There was there was a US. There was a target event like that, but not so much as AI is parking here in San Diego. So they started charging for parking at the Balboa Park, which is huge, and at the zoo and everywhere downtown. And people straight up started just, like, sawzying the parking meters or super gluing inside of them. Like, it was destroyed everywhere, and it it got to the point where they just now repealed it. Now they're not doing any parking laws anymore or paid parking in that area.

So

it it works, people.

Well, I find myself on the other side of that one because I would always support anti car infrastructure and making people pay for parking. I love that idea. But, anyway If

there was a way if there was public public transit, it'd be great, but San Diego

is a lot. You have to drive, and it's gonna cost you $12.

Yep. Speak speaking of AI, and this is not really this is a news article, but it's a little piece, is that Anthropic just filed to go IPO today, actually.

No. They they did it? Yep.

Yeah. Oh god.

What was the valuation?

So it it's gonna something close to a trillion. So I think it was, like, 945,000,000,000, which is a number.

Know what we should do, guys?

Easy to say, but hard to actually

tree finish.

We should make an offer. Okay? Like, GameStop did it for eBay. Okay? We can do this. We can

do this. We do this.

We should put together a very compelling offer. We have Wade's mustache and a few cats. I I did

speak with something else, and, don't quote me on these numbers because they could be off, but just get the percentage idea here. There's something like amaz or not Amazon. Walmart is worth, like it's something like $700,000,000,000. And and they make, like, $600,000,000,000.

Yeah. Yeah. Yeah. Yeah.

But Anthropic has made, like, 20,000,000,000, and this is, like, a $900,000,000,000 valuation, which, by the way, that all makes sense because the stock market is not an indication of how much money a company is

It's not revenue. It's valuation.

Yeah. Yeah. Exactly. It's it's what I believe it could be in the future. And that number is just you know, it could be anything. Right? So

Why would an AI company need to make money? I don't get or need to, raise capital. I don't get it. Well It's not like they're spending $20,000,000,000 a month on electricity in my backyard.

I mean, Jensen Huang's just getting home with every dunk.

That is sort of true. Yeah. I mean, that's really interesting. Honestly, I, you know, I feel like this is kind of I don't know. I mean, maybe people saw this coming.

SpaceX also with IPO. Right? So it's like a bunch of stuff all at once. Yeah.

I have thought it was reliable authority that the first filing for Anthropic, their their their, valuation that they put in there was just so giant. It was like $950,000,000,000,000, and they pushed back and they were like, you're absolutely right to call me on that. I clearly messed that up.

Deep comment. Form with AI.

Yes. Yeah. Yes.

Oh, that's amazing. I love that. Oh, Yeah. So, in other news, apparently, the FBI's warning about people walking around with USB drives. What year is it?

Twenty years. My god. Honestly, if they're not USB c, I don't know where you're plug them.

They're not USB c. Me to it.

Good point.

Okay. You so there's gotta be some crusty IT guy at at some company that, like, has been epoxying over all the USB ports in his laptop for years and, like, forcing other people to do it. He's like, I told you. I told you. No. Accident. So, yeah, basically, this is a real article. The FBI has warned silent ransom group who I wasn't previously familiar with, threat hunter people. Have you ever heard of silent silent ransomware group? Ransom group?

Oh, the physical part. Nobody said that physical everyone was like,

no one's doing this. Why would you ever go into someone's building?

Come on.

Ralph's gonna start using this as a as an ad for his company.

For his physical class.

Yes. Yes. I but you that that's the funny part. Right? Like, the everyone's everyone's argument is right about physical security. It's not a threat yet because I can just break in remotely. You're not gonna do it.

It's only a threat

where you run out of other options.

Exactly. Yeah. It's getting better. It it just becomes the x the next thing. Right? So

yeah. Well, that's exactly what the the threat report says. It says they you know, first they call or they send phishing emails. They're impersonating IT support. If that doesn't work, then they go in person. They say, hi. I'm here to, you know, update your computer. Apparently, they're using an extremely advanced tool called, WinSCP.

Oh, yeah. That thing. Right? That that honestly is agentic, by the way.

You mean ancient? Oh, yeah. No.

I I mixed those words up. I'm I'm sorry.

You're absolutely correct. Ancientogenic. Ancient.

Yeah. I mean, what's old is new again. Right? I mean, this has been a it's been a real thing forever. Honestly, my question with this is, okay.

it is it

like a mule is it a mule system, or do they actually a mule.

There's no way that they're, like, bringing in Russian assets to then just land on, like, a vacation to do this. Right?

Right? Yeah. Like, if you leave Russian or Chinese turf, you're gonna get arrested. So they're

Yeah.

I don't know. Does anyone know, David or Shane, do you guys have any intel on this at all?

I don't have any intel on it. I did read the article. It said it was targeting, law firms. Now I have had a little bit of experience with law firms. They tend to be a little bit more technologically backwards, meaning they do use USB because they go in and out of court and whatnot. So they they're not always using WiFi or they just use older technology sometimes. So that there could be some validity here just in the targeting, but it's gotta be small. I mean, it's it's not scalable.

Yeah. Go ahead. No. I was just gonna say, so alright. How does this attack work? You show up with a USB in your hand, and you find the first unlocked workstation. Is that is that

where we're hoping to at the last time. Go to the target. You go to the target,

the one you already called.

Yeah. You go to the pretexting target, and you say, hey. Sorry.

Yeah. I missed that from the article then. Mine, the

help desk guy you were expecting.

Exactly. Yeah.

All my court documents are on this USB drive. Please plug them in and view them.

I need to update your system, but your WinSCP is out of date.

So Sherry.

I find lawyers to be a juicy target, though. Like, they're gonna hold a whole bunch of secrets, a whole bunch of information. Like

Okay. That's like stealing a from a drug dealer. Like, yeah, you're right. But, like, dude, the the repercussions are gonna be significant. Like, can you imagine answering some ad that's like, do you wanna make $10,000 in your PJs? And then you, like, accidentally break into a law firm and do some USB stuff and then, like, have a whole law firm coming after you for screwing up.

There there's been enough people with North Korea doing it. Right? Like, hey. Set up this laptop for him in your garage and just, like, move the mouse every now and then for me. Like, it's it's hard times. Like, if I just called someone and told them to plug in a USB drive here, like, go up to this lady's reception. If you can get a USB drive, like, here's a $100. You'll get $200 more if you get

a The mules are getting scammed too. They don't they're not they're not gonna be given the whole story. Right? Yeah. They're just gonna be given the half side of it. Right?

So Do we go on this one?

I thought they were email I thought they were sending envelopes with USB drives in them to people.

I've done that before. I've sprinkled them around parking lots, CDs. Remember those things? They were circular.

Oh, yeah,

dude. Put them in a vein. Media drops. Yeah.

Media drops. I still have a Kan Boot CD bumping around in my little go bag that I never use.

That was the first thing I thought of when I read this article, and I was like, it's amazing that they're now a cutting edge hacking technique that the red teams have been using for decades.

Yeah. Yeah. I mean, this is yeah. Let's just say the FBI in this case is a paid advertisement for pen testing. That'll caught up.

This happened to your organization too for Right.

So would you like a red team? Contact b h I BHIS. We, will walk into your building with the USB drive and do whatever you want. Yeah. I mean, honestly, though, from a defensive perspective, you're gonna have to go against low maturity organizations.

They couldn't beforehand?

That's what I said.

Shows you my Microsoft experience, but

No.

It's automatic though, I guess, is the big the headline. Not the fact that you could couldn't quarantine before, but now it's automatic? I don't know. Mean, they call it automatic attack disruption.

Wasn't it last month that they added that feature to Microsoft Defender where you could use it to privilege escalate?

Oh, no. That was that was that was part of the recent ongoing, you know, slew of Microsoft vulnerabilities that we've all been,

you know.

All loving, like yellow sun speaking up-

Yellow key. Yeah. Just

Speaking speaking up Kanboo, but better.

Right? Yeah. Kanboo, but better. Yeah.

Very true.

No. No. It's fine. Everyone puts pins on their BitLocker.

Everyone does

that. Everyone does it. I that honestly, you know you have to enable BitLocker by default or have a domain policy, so that also is true. There's a bunch of fun things. But did you see speaking of the GIF that keeps on giving that the yellow sun or or chaotic eclipse.

GitLab. GitLab. I mean,

they're just kicking him off of everything. Alright. And so here's the wild part, though.

Right? So threatening Microsoft? Yeah. No.

That's not the wild part. The wild part is is that there's other POCs on GitHub. Why is it that the one that happens to be attacking Microsoft was because he didn't regional re or do a a responsible disclosure? Excuse me. Or because it's Microsoft, and they're just really upset about it. What do

guys think? Both. It's both. But mostly, they own GitHub. I'm surprised when

the GitLab got taken down too. Like, Microsoft has some pull over GitLab somehow now. No. What's that? I didn't think they own them.

They do not, but the Microsoft pull is strong. Right? Like, if Microsoft were to call you right now, you're like, oh, okay. Like

Who in Microsoft would call you that you would

be upset about? Would they be like, oh, you took a look

Dude, you guys don't get calls from Microsoft every day?

Dude, he calls me all the time, has me put in updates, sends me USB drives to plug in and try

out new gift cards. Oh, yeah, dude. I get I get tons of calls from Microsoft. They're super helpful. They all have weird accents, though.

Oh god. I always get them. So

The I think the, like, this whole thing, the whole Microsoft thing, to approach it from both angles.

To be Wait. What about free speech?

Yeah. Yeah. To play devil's advocate. Well, first of speech doesn't affect You

can I'm just saying thanks. Okay? Okay. I

got you. Free anyway, I think to play devil's advocate, I think part of the reason that they're able to pull for these takedowns is because of the amount they can make an argument that this is a harmful thing and that can be abused. Uh-huh. Arguably, that is true in this case. Right?

POCs on GitHub that do bad things to other

products. Right? Oh, yeah. Shit. There's maybe even arguably worse.

But the argument is the argument is PR.

It looks bad for PR.

But they they but should they be there or not because somebody made a POC? Was it because it wasn't reasonably dis responsible disclosure? But then after it's patched, now is it okay so that no one else could post it? Yeah. I mean, you could see where this kinda gets muddy. Right?

Oh, yeah.

It's definitely Totally can do whatever they want. I listen. Sketch. You you But as a platform, right, you kind of like, if you put enough of these, like, weird hurdles in, people will just go to something else. Right? I don't know. Just opinion.

Yep.

I think there's been so much, like, bad experiences with, like, Microsoft security program it was just it reached its boiling point. And finally, like, the water started boiling out of the pot with nightmare eclipse just because all the back and forth, which I don't know exactly what happened just based on his blog. Sounds like he likes he didn't get credit for like a CVE and they're like, oh, this doesn't qualify, like closing the issue. But then or this has happened to a bunch of people in the past where they have to wait ninety days that hits and then they need an extension, then Microsoft, like, silently patches the issue. And then, like

so.

Microsoft has bungled this every time in the past, and I think they've earned this karma. But also they own the platform, and so they get to do whatever they want on the platform they own. This is not the first time, by the way, that offensive tooling has been taken off of GitHub. I feel like every two years, we have the same discussion as hackers where we're like, guys, we gotta move off of GitHub. Yeah. Where are we where are we going, guys? Anyone? It sounds like that's

not safe either. Now we gotta go to Bitbucket or get tea or whatever the other

No one no. This is like the Twitter thing. Right? Like, large company is gonna wanna take this heat. Right? It's the same thing as, like, when people have really hot takes and get fired from their big tech jobs. It's like, it's not that they don't agree with your takes. They just don't wanna pay a PR firm to compensate for you. Like, it it's really just economics. It's the same thing applies to git, you know, GitLab or GitHub or yeah.

I don't I'd be but at the end of the day, zero days on GitHub is not really a problem. Right? I mean, like, you think there's probably other places that you can go get zero days besides GitHub. It's not really where I'm headed for my first zero day.

Tore's too slow. Just go to GitHub. It's easier.

I think it's a great value proposition for GitHub. Use these things used to cost a 100 k. The government's paying a 100 k for these things. Now they're free.

Wow. We give you so much value with our free accounts now. So much value. Yeah. Amazing. We'll piss off another security researcher.

I will say to kind of flag it for follow-up on the show or wherever, they the date like, they say they're gonna make Microsoft pay on July 14.

I don't know.

We gotta see another Oden. Because I'll tell you right now, it doesn't matter what site it's on. If that Ode is good enough, you're gonna click. You're that that you're gonna go for that fish. You're gonna definitely check that out. And if it's real, you don't have a choice. Like, you're going to have to figure that out.

I won't have go, but my agent will.

Yes. Yes. I send my agents to wade out into the dark side.

I feel like Microsoft is basically training a threat actor live.

Yes. Like, they're basically,

like, trying to make them disgruntled to the point that they drop this. It's such a weird way to manage this from my perspective. Like, OpenAI is like, oh, you made OpenClaw and burned, like, $10,000,000,000 worth of tokens. We'll just hire you or whatever.

Like Yeah. That's usually fine.

Yeah. Like, why is no one, like, recruiting this guy to go run Mythos on all their internal tools? Like, I don't know. Whatever.

I like how he said they will feel it in their bones.

Or what did

he say?

Their bones

will feel it

in their bones.

Maybe maybe maybe they'll recruit him to the Cyberforce.

What oh oh, is that the next article, Wade? So okay. So cyber force is apparently real. I don't know. Basically, senator tier one or tier two?

Well, almost all the commands have a cyber now or some other kind, but, you know, cyber division. I mean, it wasn't the case, you know, less than probably twenty years ago. It's army, though.

Yeah. All the commands have airplanes too, right, and boats. And Yeah. Okay.

So So

why not?

I was not in the military, but Ralph, you were in the army. Right? So or was it army? Yeah. You were army. Yep. So, okay, if you are a cyber force operator, are you mostly running around with USB sticks trying to plug them into things? Like, what it what Why does the army need a cyber force? Like, of all the different branches, like, why?

Well, why does the well, the army already has a cyber command. Right? So they already have, essentially, a a cyber focused offensive arm. Right? I I think that, you know, how much they do from the offensive side, you know, gets into the to the waters where you get into the, you know, the CIA versus, you know Yeah. Yeah. Their that relationship. Right? But, I mean, essentially, they're saying, like, you know, a a act a quick action. Right?

I just say we let it get created just in case there's a draft so we can all just go straight to cyber command.

Yeah. We're going straight to cyber.

That's what's coming. We immediately go to cyber.

Yeah. They're like, do you not pass all the physical requirements? Welcome to Cyberforce.

Well, you know what? The funny part is even with the other cyber commands, it's it's hard enough to train up these, you know, train up all of these soldier in this skill. Right? Get them to be decent at it. And then I

want 20 CVEs by the end of the day.

Yes. Exactly.

Well, yeah.

I don't back in the day, they used like, if you had cyber experience, they would bring you in as a warrant officer too for a little bit. And I remember me being in cyber for a couple of years, like, should I just join and just go and, like, do it for a bit? And the thinking about it now though with the the barrier to entry so, like, so hard for new cyber people. Right? Could this be an easier route? It'll be an easier route for most people, which is sad, but scary.

Yeah. It's a good point.

I don't know. The cyber so the cyber command includes US Army Cyber Command, the US Marine Corps Cyber Command, US Fleet, so this is navy, and then air force has their cyber it all falls under the national cyber United States Cyber Command.

So there already is a cyber force.

They just There's already three of them. Yeah. They're just not an army one.

Yeah. No. No. No. There is an army one. So US army cyber command. Right? But I what I think they're trying to make this is, like, like, some, like, warrior with, like, overhead displays or something like tier one type deal. I I don't know what that looks like.

Dude heads up displays and keyboards on their arms.

Yeah. I'm just trying to envision the no. Like, the the quick tactical team that, like, rappels into the data center to do some I don't know, dude. I don't know. Yeah.

No. I think you're right. No. I I I agree. I mean, someone in some people in Discord have been speculating, oh, these are just drone pilots. Okay. That's fair. Like, that makes sense.

We don't even need that. We have AI for that. They just slide.

We have OpenAI, though. Yeah.

You're out of credits, Crash.

I think it I think it's fair to assume this will probably get approved just with the and, I mean, I don't know.

But Yeah. Honestly, half of everything that you said, Corey, they're writing it down right now.

So They're like, wait. USB sticks? How many how many can we get into a plate carrier? A lot. Exactly. USB sticks and

Working in a sock was really fun. I'm not gonna lie. Like, at the time, the pew pew charts, right, the big monitors, there's a wall with a glass, and the CEO presses the button, and then it becomes opaque, and all the investors look at you like you're a monkey. And, like, it was great, but more people should go work in socks. That's all I'm saying.

I don't know if it's defensive or offensive, but I'm The best offense is defense.

Best offense defense. Right? Like, all of our stuff's getting hacked. There's no there we already have the offensive side. Maybe we need a cyber defense core.

Wouldn't that be National Aker? Anyway.

National Cyberguard.

Let's let's move on. Yeah. Please. There's a couple of interesting little tidbits on AI that I think we should talk to. First of all, in the Opus four eight release, they did specifically say that they are preparing Mythos to be publicly released week in the coming weeks.

Will be

Obviously, there will be, you know, thousands of weeks coming. Who knows if it's gonna be the next one or, you know, it could be a thousand weeks from now. It's still technically coming. But I don't I mean, I will say their cadence, their release cadence is pretty fast.

And so Well, so is strat TBT. It's a war out there, man. No. I got 5.5. No. I got 4.9.

Oh, I got extra ultra code.

Yeah. I know. I know. And we're

like know.

Let's see what happens.

So, basically, that might be happening. But,

also think that's the end of of cyber? We're we're all done? Just vulnerabilities left and right? I mean Yeah. Maybe maybe Wade is right. Maybe Wade

the the red team. I don't know what to tell you guys, but it's not I still got it. I'm a tell you what I gotta do. Haven't seen any cyber do an incident response really that well yet. Or

threat hunting?

No. Well, I don't know. We'll see what David says after this talk.

But

yeah. I mean, are you guys, as threat hunters, interested in this tooling, or is it really, like, hype for the CVEs and the threat? You know? For, like, AI tooling?

What what was the question?

Do you care about Mythos? Are you gonna use it as a threat hunter, or do you already use LLMs, like, in your workflows? Like, obviously, everyone's like, Mythos is gonna make it amazing to hack stuff. Is anyone saying it's gonna make it amazing to hunt for threats?

No. I mean, we we do use LLMs, but I don't think so.

Not yet. We are. We're gonna coin it right now.

But you said the the the magic word earlier, it's the tooling. You just a minute ago. Right? It's not really the model. It's our models the frontier models are already so good. It's what tooling you wrap around it that is really the differentiator. I have not had hands on mythos. I've talked to people who have, and they say, yep. It's some of them say, yeah. It's it's really what they say it is.

I fully agree. I'm interested to see if any frontier company actually makes a play at defensive the defensive side of AI.

But, like, the defensive tooling is gonna be heavy reliant on the organization as well. Right? Manipulating the tool to make it fit your company just like any type of detection would, having all your documentation. Right? I almost find it harder not as a blue teamer to get not even to get buy in, to get GRC.

opposite they have. That's what people are talking in Discord about EmDash. I thought it was someone making it I thought it was Luke making a joke that he was gonna start using EmDashes, which is, like, for those that are out of the loop, the Em dash is like the the double dash that the AI loves to do when it says anything. So I thought he was just joking that, like, he was gonna start doing it to pretend like he's an AI. Turns out it's actually, a real thing that Microsoft has released, that's supposed to be defensive focused.

Everything's better than mythos. Yeah.

So but check this out. 21 out of 21 planted vulnerabilities were found. You know? It's like That's not

I don't What what about on the Gainter chart or Ganter or whatever the hell?

Well, if you look at the chart, it says they're better than you. So

Yeah. Just just checking it. Just gonna go ahead and cash this one out. I'm done. I'm all

Yep. Microsoft has solved security. Think you can just buy it. Just just figure it out.

Having a harness is very important though. Like a lot of people are posting different ones in the chat. And there's a lot to choose from. But something is better than nothing. Then it's funny too. Like at what point does the collection of like plugins and skills and hooks and memories and learning become a harness? Like how many do you have to have before you can call it a harness?

Like I

have one skill. Is that a harness? No. You have to have a skill and a hook and a plugin and a memory or whatever. Right? But there are some cool ones that will at least, like, automate, like, continuous learning for you so that

Yeah. Like Hermes or those. Yeah.

I I think it's kinda funny. I was talking to another pen testing team, and they said they had all these zero days now that they've, you know, taken the time to find in all these different products or whatever. And this goes back to what you guys talking about with defense. And they're not gonna fix these things right away because they don't have anything in place to to so, essentially, it's all fun in games to go find these zero days, but no one is from these organizations that's creating the software or whatever. They don't have systems in place that are looking for it the same way.

So transition. Next article. Oh, sorry. Unless anyone had a final go back. I was gonna say, if you wanna see how AI is being used today, without mythos, so there's a really fun article about how attackers there's a fun write up about how attackers are using, AI for post x.

that that they built it like this.

It's super I mean, I will say you need a really advanced model to get to have it compromising accounts. Okay? To me, this is a textbook. I mean, there's screenshots that are just insane. This is a textbook case of, like, AI failure. Right? Like, why do give

your AI the access to all those accounts? I don't Exactly.

Exactly. Great question. It's almost like if you had a red team that wasn't replaced by AI, they would have caught this.

Oh, they just didn't ask the right prompt. That was the problem. Let's try that.

I feel like okay. So I know Meta has a huge red team, and I know some people that even work there. And so my question is, number one, did you get replaced by AI, and are you looking for a job? If so, let me know. Number two, are are we to the point where AI is moving so fast that things aren't being properly tested before they're being published, including, like Oh, yeah. This sort of high risk applications? Like, is that where we're at?

We were there before Yeah.

We were before AI.

For sure. I mean,

Wade, just like a couple minutes ago, you said, like, GRC was getting in the way. Like, no. I don't I don't see that in a lot of places. Like, in most organizations' problems with AI are that they're adopting it too fast in ways that they didn't actually know that they were adopting it. And so it's it's kind of like this the shadow AI and

Shadow AI. Oh,

I love it. Key the term. Someone make me

a sticker. God.

What is it? Like a what do they call it? Like a dark AI factory? Yeah. Look that.

I don't wanna look

that up.

That sounds like a mad dark web term.

I was gonna say that's your personal search history there. I don't think I

heard say what you want, but ask your AI about it. He'll tell you.

Really? You think? Yeah. Yeah. I don't know.

So this is not doing AI correctly. Right? Like like we said, is this you this is what happens when you bypass GRC. Like, is is this?

Yeah. Yeah. I mean, I dunno. It's kinda crazy that I will say though, this is the classic thing of scale. When you're operating at these huge Internet scale companies like Meta, you can't hire support people to actually support your accounts.

I could just see, like, you're you're talking about where's the red team. I could just see, like, a bunch of AI red team experts getting together and being like, nah, surely it's not that simple. We gotta try some more advanced attacks.

Yeah. I mean, I will say I have personally observed this in our agentic AI testing. Some of the things that are really tough to convince AI are vulnerabilities. Like one web app we were testing, I think I've told this story before, so I'm sorry, but one web app we were testing, it was basically iDoor, so indirect object reference. And essentially it was giving a three zero two response, but it was giving the entire content of the page that was supposed to be restricted in the response.

Let's let's talk about the real problem is why are they using a phone with a cracked screen? Like, come on. At least get two phones with two screens. Like, I can't that is just driving me crazy.

I think this is just what threat actors do, man. They do they they that's just their background. That's just their chat background for for meta. That that's not even a broken screen.

That dot that you don't see the huge crack right there on the right hand image?

I know. I'm just saying that's they they have a cracked screen image as their background.

Yeah. That would have

all my phones. That's why no one steals them.

That's actually a really good idea.

Misinformation. That on any app that you have.

Yes. Perfect. Yeah. Yeah. This is never gonna happen again, so we don't have to worry about this. Let's move on.

There's an article about the Cali three sixty five.

Oh my god, dude. They stole my playbook.

It's literally just like pen tester one zero one. Like, if you were to take Michael Allen's initial access class, it would just cover this. It's using device code phishing, which don't get me wrong. It's a good one, but also, like, come on. Initial access policy is

It's better because it's a SaaS product. Okay?

It's p p a phishing SaaS. What? PaaS. I don't know.

Everyone loves a monthly subscription.

Fast? I don't know how to pronounce that. Fishing as a service platform that I like how the news article is kind of a dig where it says, it helps even low skilled attackers hijack.

You could be an attacker too.

They're just directly calling the attackers who bought this low skilled. That's pretty funny. Yeah. Device code phishing, mean, come on. Who allows device codes these days? Who doesn't have secure conditional access policies that don't allow access from unmanaged devices? Like, come on. No one no one screws that up anymore.

No. Not true.

The threat hunters in the room are like, nope. You're wrong.

No. Listen. If there's an article about it, it's still effective.

Yeah. We I've done about three cases of it in the last, like, month and a half.

Well, I do need email on my phone, we better just compromise the entire organization so I can have that.

That is exactly what happens

to a test.

One person says that. And

Yeah. Basically, if you're a pen tester or a red teamer, you should know how to do this exact campaign just by reading this news article. This is a this is a first thing to learn in initial access techniques. It's great. All right. And don't buy this product. Don't do it. Probably about botnets. Speaking of botnets, let's talk about botnets. So the authorities in The Netherlands, which I love, I just imagine people on little boats and they're going to fancy restaurants.

Cater Oh, to they pay me every month. They have that little thing that you run on your computer.

They have that laptop they shipped you and put in your garage.

Yeah, they said it was for research.

Yeah. So I guess I mean, these are, you know, often used for illicit or unethical purposes, DDoS attacks, botnet command and control servers, phishing operations, scraping. My question is how bad do you have to get to get dismantled by the Netherlands police? Like, how much DDoS was this IP space launching? It had to be a lot.

Because that's Yeah. Crazy. How much is this?

What do you mean how much?

How much ASOS is? It won't even start

Oh, you're saying, like, you wanna buy the product? It won't even it won't even Get out of here. A Sox. You're you're a because you you're from Florida and you don't wear socks.

Oh my god. They're they have a g two review for A Sox. Oh, and then they

actually oh, they got kicked off. I will say this whole, like, socks, you know, the, like, residential proxying thing is kind of a dark horse because we use this service, not ASOX specifically, but we use residential proxying. They're all kind of mildly unethical. Like, I don't know. I I you know, you kinda have to have a service like this, but none of them are particularly above board.

Yes. Exactly. We pay threat actors to use their service to pretend to be threat actors to protect threat actors.

It's a it's a loop. It's a loop. That's really seems like it. Alright. So any final articles? Shane or David, do you guys have any articles you wanna plug? We don't have any chicken news this week. I'm sorry, everyone.

Just told specifically there'd be chicken sacked.

I did post one in our chat that was real quick. It was one that was, there was a flight to, I think, The Maldives where a kid decided to rename his Bluetooth device to bomb, and it freaked out the it broadcast to everybody on the on the plane. They tried to get him to turn it off or tried to get they didn't know who it was, so they kept they told everybody on the plane to turn off their Bluetooth and he never did. So they had to turn around and go back to Newark, I think, because his phone said bomb on it as a met as as his Bluetooth name.

It was interesting article found out who did it. Yeah.

I think there were only a couple devices left, so they found them. Yeah. Bars I know. But kind of a crazy story.

What do imagine

doubling down? How old is this kid? I wanna know. Because this is some dumb like, this is like Yeah. 12 year old level dumb.

Yeah. Like, the air part is

and it's like, what is the air crew thinking? It's like, oh, you have a bomb on the plane, but if you turn the Bluetooth off, please, so we just don't notice.

It's gonna go what I got. Like, come on.

Like, it's it's literally just a Bluetooth.

It's seriously just one of those things where everyone is just rolling their eyes and being like, guys, can we please have nice things? And some kid just like, no. We can't have nice things. And I will be on the no fly list for the rest of my life because of how dumb I am.

I know. That's the wild part. Like, you know, we just talked about how GitHub can kick you off their platform for any reason for whatever. Right? So can airlines. They can blame you for life. On all the airlines, they do they're you are not guaranteed a flight.

No. There's no constitutional rights here. Nope. But can't imagine doing this.

Imagine living your life and never being able to take a plane ride again.

But then also doubling down again and again. Right? Like, you know, they had, 10 chances to, like, you could just turn off your Bluetooth. No. I'm not gonna do that. Somehow, I won't get caught. And then, like, of course, when they land the plane, everyone's going into quarantine. Like, you're not just gonna, like, okay. Debord, everyone, just throw your phones out the window. It's fine. Like, they're gonna make everyone you know, they're gonna figure it out.

Sometimes when this kid gets older, he's like, hey. Why can't you go on this trip? I'm kinda infamous for this thing a long time ago. I can't

You were zero cool? You were zero cool. No. Were the He was the default Bluetooth kid?

Yikes. I did have one last one, and this one's really short. Not not a surprise, but it seems like a lot of ISPs are getting breached. Charter got breached by shiny hunters. Oh.

terrible security. All ISPs do from what I've experienced in my life.

Charter's one of the bigger ones in The United States. They own Cox. They own a bunch of other ones. So, yeah, it affected a lot of people. Spectrum, I think, is another

Oh, yeah. They get breached every two years. I've been my data has been breached in Spectrum, like, five times. I'm not even joking.

Yeah. Got so so

much life lock. You won't believe.

Oh my so many cool identity monitoring subscriptions at this point. It's fantastic.

You can stack them and get zero extra.

Yeah. Yeah. So okay. I do think we should plug David's tool. So, David, tell us about your tool.

It's called EvidenceSporage, and, it's it's a tool that we I released, what, I guess, last last week or maybe the end of the week before. And it's targeted toward there's it's targeted toward creating realistic sets of logs for simulated environments that don't exist. Like, think of you need to create some logs for a, to demonstrate how a piece of offensive technique works in a real environment. So, you spin up a cloud service and you do Terraform to create all your sensors and all your Microsoft networks or your Windows or your Linux systems. And then you run the actual exploits through and you get all the data through and, you know, you spend a lot of time, a lot of a lot of money and possibly requires for people, for you guys, probably not as it's probably well within your expertise, but for a lot of people, it's not.

That's really cool.

It it it's really neat. It it's interesting because it has an AI assistant to help you create the scenario, define the environment and the attack that you wanna run and everything. But once you do that, generating up to, you know, gigabytes of potentially of data is all done by a a script. No AI involved. So it was actually partly because I was trying to experiment with efficient ways of using AI, targeting AI where you actually need the AI rather than, you know, just have the AI do it all.

Well, also, it's nice when the script is deterministic and creates the same output every time. Yeah. Yeah. I hallucinated a bunch of events in Windows and you're gonna go hunt for these.

Yeah. And it has to

be my randomness, but it's yeah. But it's seeded random and the seeds are in the config files. So it's it basically makes a YAML file for the scenario, and you can regenerate the same data from the YAML file however many times you want. Chain trade them with your friends like Pokemon cards, you know, all kinds of stuff.

You know?

I love it. I I will say I have personally had clients ask me for this to do this, and I've actually spent time running fake pen tests in their, like, test environments to generate the sort of data. And so now I would just be like, oh, there's a script for this. Here you go.

Well, I'm sorry to tell you. I actually created this because I didn't wanna pay for the equivalent of having a red team squeeze my data.

I wouldn't either. So out of curiosity, does it make pcaps, or is it just event logs?

It's it doesn't make pcaps. That's a good idea but far more involved. But it does, it does Windows, system logs, some several of the types of events but not every single type of event. But it does like processes starts and Kerberos things and authentications and things. It also does a bunch of different Sysmon, event types.

My only other feature request is you gotta make it like export straight from backdoors and breaches. So like play you play a game backdoors and breaches, and then you just have the threat hunt to go along with it. That'd be pretty awesome.

Look, I'm a big fan of backdoors and breaches. I will I would totally love to do that. I I bet I could do it right now. I actually if Yeah. You know, if I had a a backdoors and breaches scenario, I could probably just tell the AI and be like, hey, here's here's my scenario. Go build me a a dataset for this. They probably can Alright. Do

So final plugs, David is keynoting our threat hunting summit. I forget when it is, but Ryan knows because he's smart. And the date on the threat hunting summit is seventeenth. Seventeenth at 10AM early for those Pacific Time people. Get your coffee and get to David's talk. We also have, Shane's training that he's doing on, starting a threat hunt. Right? Yep.

Threat hunting in the dark.

It's sunny the same day.

Mine is, I think, at 01:30, I think, on that day, eastern time.

And you do you have to have blackout curtains and make it dark in your office, or can you just do it in daylight as well?

I think I can do it daylight as well.

Alright. Okay. Cool. And then Phil, you have a webcast this week. Right?

This this Wednesday actually, and I'm kind of in between a rock and a hard place because there's a tool I was gonna drop that goes along with the course, but I'm Spicy. Kinda yeah. It's a little too spicy. It's, like, too dangerous. Like, I don't know if I should release it because you could do, like, a lot of bad things with

the You should release it.

Release it.

Release it. Release Okay. Nipples. You have my official approval to release it.

Alright. Yeah. I will. I was just like, oh, nightmare clips. I don't wanna get nightmare clips.

Yeah. You do. Yeah. Well, you do because you actually have a job unlike them, anyway. Alright.

I see you.

I I am teaching on the twenty second, my threat and tell one zero one two day course. That'll that'll be fun. I just made it two days from one day. So I'm still working on the slides.

Nice. Good to hear. Ralph, what are you plugging?

Oh, yeah. I didn't really have anything to plug, but

we do got another physical class coming up. So if

you wanna figure out how to actually go into a building and plug in USB drives because that is something

If you wanna prepare

nation state level. Cyber force.

If you wanna get to nation state level physical exploitation. Yeah. We got class. Awesome.

When is that, Ralph?

Shoot. I have to look at the calendar here. I I don't remember the date now. Swear to god.

What is it? Practicalphysicalexploitation.gov?

Yes. It is. That's physicalexploit.com.

Physicalexploit.com.

If we take your class and we graduate, do we automatically get a job with the silent ransomware group, or do we have to apply?

No. You still have to apply, but I do know a guy so I

can get you, like and there's

there's an affiliate email you you email the certification that Ralph gives you, and then they'll contact you shortly with just you to

speak with us.

We we actually just had a class last week, and we had 10 students in it. It was a lot of fun. So a lot of

All Russian.

All Russian. 10 students not a word of English

was spoken. It's not important what their primary language is. It's important the skills that they learned, which were the best.

Awesome. Alright, y'all. Thank you for coming. I really appreciate it, especially David, Shane, Phil. Thank you. We'll talk to you later.

Bye, everyone. Alright. Later, guys.