Iranian Hackers Claim Responsibility for Stryker Attack - 2026-03-16

I I got kind of something. Did I have I talked about my family organizer program yet? I think I talked about

it with

David. Family organizer program? We need to have another chat because I have one that

What is it like now? Okay. This could go one of two ways. I'm very please allow

me Yeah.

Let me let me throw you my GitHub real quick on

this thing. We'll throw

that up.

Is GitHub one of you, the next Malt book creator?

No, dude. I literally got bold. No. Yeah. I wish. I wish. Dear God.

I'll throw

it in private chat. I'm not gonna throw it in Discord because I don't want I'm sure there's a key somewhere in there where I'm gonna get, oh, no, everyone.

I'm gonna send my agents after it and I'm gonna start adding a bunch of stuff that I want to your to do list. I'm

fine with that. So I wanted one of those, like, family organizer, like, monitor things for a long time. But but all the good ones, you gotta pay subscriptions for, like Yeah. The bare minimum of things. And so I've been on leave for three weeks now and my goal was like, alright, I need to I'm watching Hayden destroy me in AI knowledge.

Love it. We're we're at, like, the inflection point where there's so many projects that I see. I'm like, $20 a month, I'm not paying for that. But then I'm like, but I really don't wanna spend all my time building it either.

Dude, I I got I got this working in twenty four hours. I got it you

don't just have to build it. You have to maintain it. That's the ultimate I tell

you don't.

You definitely don't.

This doesn't touch the internet. Yeah. Technically, this doesn't touch the internet. I have locked down.

Yeah.

It and Do you have

an odd do you do you have a script that generates a family for you if you don't have one?

It does. It will. And it'll put events on your calendar so you feel there's chat

image of them constantly asking for money.

It's like

think it's about my request. Alright.

I will admit, like, the thing I am most proud about so, like, working in fast food industry, one of the things I always loved is, having an inventory of everything in your house. Right? So I have like a grocery list. Mhmm. Once you go grocery shopping, that list, you can import it into your inventory.

So then

you do after this. I built the exact same thing this weekend. Kroger has a public API, bro. I I just hooked mine into my Kroger order history.

I was

like, hey, here's my order history.

So you can bulk

upload inventory. I have this thing where Erica, like, during the summer, she has her garden. And it's like every time I hope my mic's a little bit better. But every time I come home, it's like iron shaft. It's like so we got like a zucchini and we have beets, which the first thing I do is just throw the beets away. Joking. I wouldn't do that.

But Beets are good for making pink pickled eggs.

But it's kind of like that as it's kind of which is crazy.

So Should we do the show? Should we do the podcast? Should we just I mean, honestly, this is more maybe a more interesting topic to talk about how we can prompt inject Hayden's thing to send him 80 jars of pickled bees. Hey.

It can't order them. I I'm aware of the problems. It can't I can't order them yet. But if I get prompt injection, I can just have it edited. It doesn't have the API scopes. Don't you dare send me a whole bunch of bees. Oh, I I

can send the API scopes anyway. Alright. Okay. Alright. Roll the roll the finger.

look like

a Dan. In the world and your mom looked at you was like, haircut fish.

Where did what is the origin story of haircut fish as a username? Is it random? Like, was it like Oh. Because that's where you know, sounds

Pretty much. Yeah. It's it was something stupid I came up with in high school. I was in the mood for Long John Silver's and walking into the mall over there was a haircut place. Haircut Fish was born.

No. Super nice. I love that. That's fun. I will say I also, like, back in the day when you'd sign up for Xbox Live, it would be like, we don't have a username. We'll generate one. And it was like, it was always verb and then animal, so I was like acting raccoon or whatever, you know, like it was it was always name.

And now you're Corey Ham, which also sounds a truck's

was I I was Rocket Raccoon before it was cool. Alright, Hayden. Give yourself an intro. What's your fake username? What's your real username?

My real username is Hayden. My social is no. Wait. Your real username is Hayden? Yeah. Yeah. I got the original one. Yeah. It cost me a lot of money. Man. Don't don't worry they made me so much money this month. They didn't

No one believes you DM me your Kroger API key on Reddit or whatever.

I'll I'll send you my Kroger API key. I'll send I have a Kroger API key. I had a friend who was working outdoors and he sent me this picture of his lovely flower flower bed and all that stuff he was doing. I responded with just a screenshot of the Kroger Kroger developers webpage. I was like, this is what I'm doing today.

Oh, man. We've got Bronwen who's currently creating an AI agent to automate her pickling of eggs, apparently. Oh. Cool. I do love a pickled egg. Anyway, John's not here. He's he's he's here, but he's not here. He's he's gonna rant later. Just just He'll he'll be back. I'm calling it now. Got Wade. He's looking for investors in his IoT project that he's working on. Everyone knows. IoT projects are so hot these days. I'm dropping a link in chat

now to his private GitHub repo.

I I dropped I dropped it. It's okay. You can go

private? You got it. It's

It's two scripts. That's all

you gotta run. Two scripts.

And I just have a back end, didn't do I have a like a backdoor in your computer. Don't worry about it. Alright? Yeah. No. I honestly just have Claude code installed on the Raspberry Pi. When something breaks, I tell it, hey, what what what's wrong? Go

fix it.

And it does. I'm like, alright, cool. Push.

Pushed it. So Done.

Kinda like what Amazon did.

Yeah. I was gonna say, alright, do you work at Amazon? Are you a level seven engineer at Amazon?

You are I can't can't

tell you about that

right now. That that's spoiling what's yet to come. So we also have Ralph, the who's doing a Rubik's Cube. Ralph, you know you know you can get Rubik's Cubes that only have one color. Right? That's a nice little hack for you.

Yes. Actually, I I looked up some silly projects where they have the automatic solvers, and I was like, oh, I should totally build that. That was one thing I thought. But there's, 900 projects. This one's been solved, by the way. I mean

Uh-huh. Well well, that remains to

be seen. I'm just kidding.

We have Troy, lastly, who's our resident threat intel expert, I guess. If you wanna or do you wanna fight Hayden for that title?

Wow. I don't

want that title.

Everyone who teaches the course.

We can have okay. Later, we'll do a lightning round where you guys can all answer threat intel questions and I'll meet someone who knows nothing about threat intel will

be the judge. It's like naming the digits of pi except you go up in the APT numbers and you gotta name what country and what they call themselves.

Happy so many different aliases of the same APT that you know. Right?

Oh, my god.

I just just wonder there's like

an Xbox room somewhere and all the APTs join it and it's like, that's your APT name. Like, sad panda fifty two. It's like, oh, I wanted be wanted wanted to be t bone rocket. It's like, sorry, man.

I I still think we should give them really insulting names because then they won't be incentivized anymore to do crime.

Could you imagine the news? Like, I don't even wanna say what I saw, but just like, I don't wanna put anything in the swear jar,

but penises today. I

haven't seen the news, but I think John's version is the best. Alright. Let's get into articles. What do we got? Does anyone have any hot I mean, there's a lot of hot and spicy articles.

is gonna be bad. Yeah.

Basically, they got compromised by Iranian affiliated or Iranian, you know, associated threat actors. And it appears that they got global admin in their Intune or global admin in their Entre ID, you know, basically, in their cloud. And then deployed a wiper malware, which a wiper malware is just factory resetting all their devices in Intune. So I at least that's like, I'm sure the Threat Intel people have more in-depth write up to what that is, but it sounds like petabytes of data have been wiped, which is absolutely crazy. Even including people's personal phones, if you were enrolled with the company MDM, it just wiped your phone.

My god. Which is

Literally worst case scenario.

Brutal worst case scenario. So I mean,

I'm writing software right now to secure your Intune.

Yeah. Some people just wanna watch the world burn, Master Bruce. I that's what I remember. I was reading this.

Was like Yeah.

They claimed to have X filled the data too, right? Not just wiped it, but I mean

A petabyte X filled data? Yeah. That's a good claim.

I was gonna say, that's gotta be yes. Petabyte. Ironically, Intune doesn't have petabyte? What the hell? Yeah. No. Either the either they're paying, like, a nation state level fee on their AWS s three buckets or, like

They just took them over.

Yeah. Maybe. I mean, basically, the way I'm interpreting this is they had access to Intune and a few other places. If you're wondering like, what can I learn from this as an organization? The biggest thing is just control and limit access to your global admin in in Azure.

For how they got into their Intune. Right? Or is it just they got administrator on Microsoft and guess what?

That's a good question. I'm assuming they got global admin, but I don't think that's answered. Maybe I'm wrong. I guess Troy, Wade, Hayden, like, is initial access nailed down? I'm we're assuming phishing or vishing. Right? But we don't know.

I mean, the Cribs article doesn't say it, but it's gotta be, like, phishing.

Have Fishing or fishing, that's all I can think of.

So is this the solution not to use Plout?

The big thing I saw I don't know why this was mentioned so much, but was because Stryker bought a medical device chair, like, bed company in Israel. And that was like the first thing that stood out to me. But because Iran is always gonna target Israel. Right? And but seeing that I was like, okay, did they pivot from that company into the greater company? Because during any type of merger, there's a bunch of crazy stuff that can happen and

usually like this gets into like I haven't seen anybody this in with, like, an article of how initial attack factor was. It's possible they don't even know. And one of the problems I have, especially with companies that you get to a certain size, and and we talk about this a lot with continuous pen testing and standard pen testing, is it's much easier to break into a larger corporation than it is like a small one of like a hundred hundred and fifty employees. And it's just your attack surface is just so much larger. There's so many opportunities for social engineering.

I mean, if yeah. I mean, I would say if it was Infosealer, this would be like the world record Infosealer.

Like like Yeah. It would

be like the like literally disbelief levels would be so high.

No. I mean, for initial access, getting one account Yeah.

Getting in. Okay. Yeah.

One account, not all of them all in one shot. I'm just talking about the initial crack the door open, get into the environment. Because once you get into a lot of these environments with valid creds, you know, if we go back to, you know, like if we go into like Bows tool. Right? Where we're looking at Graph Runner. Once you're in, like, the ability and the amount of options to start moving laterally in cloud infrastructure is just so vast and much harder.

Honestly, if I had to guess, like, if I had to guess, I would guess they just vished or helped desk SE ed a super high level admin. That that would be my guess. Like, that that's I I bet you they just went after a super high level admin. That one guy who, like, lives in the basement, doesn't have any controls on his account because he's super aggressive. Like, that I

wouldn't hate them.

Yeah. Basically, like, the guy who set up the Entre ID tenant and, like, still has GlobalAdden even though he shouldn't, but everyone's afraid to take it away. That's my guess. Like, I don't know if that's true, but typically when we see an a compromise happen this quickly, it happens from a privileged user. That's the initial access factor is like, a privileged user just gives up their Azure and there's no PIM, like, that that one individual is just an privileged user and can do everything.

We're missing out on one thing here. How did they get 20 petabytes of hard drive space in this They didn't.

There there's no way. That came out

the world. That is all made up.

In this economy, no way. In

this economy,

dude, the s three cost on like 12 petabytes is something like $264,000 a month. Right? And that just assumes that you have the time to get that in there. Right? Like, you might as well buy a semi truck, load it with hard drives, because that's the fastest way you're gonna get into an 800,000,000

of no one noticed it leaving? It's like Yeah. The Internet's running this soon. Don't know what's going on here.

A Fast Furious

time or something.

Right? With semi trucks and hard drives and Yeah. Yeah.

Honestly, that that's what that would be if they came out with a new Fast and Furious to mirror the other one, they'd be stealing hard drives, not me.

Is so true. That is so true. It would be like GPUs, dude. Yes. Yeah. No. I mean, yeah. Basically I mean, like, yeah. I mean, the last meme before we move on will be like, sir, we've had a AWS snowball delivery request to iRan, you know, eRan or whatever.

IRan, yeah.

Should we should No. We deliver I don't think we should. It you know, high risk environment there. But I will say, I I I think this is about as close as it gets to, like, a cyber missile strike. Right? Yeah. Like, like, I don't know. Mean, just

one retaliation for one. Right?

Yeah. Yeah. I wonder

if they

had a list and they were like, here's 20 people that we all hate and let's go see if we attack one of them. Right? Because there's no way that they were just like

Oh, I bet you they had access. Yeah. I bet you they already had it.

You think they already had access?

They were just holding onto it? Yes. That's my personal belief. It's like, they're basically just That's a good I mean, they're they're state sponsored actors. They're always hacking. That's their job. Then they're like, oh, we're getting actual kinetic. Let's go let's just nuke it. That's my guess. Okay.

I was able to find recorded futures, put something out today. It said the Cisco Talos incident responders said that it was hundreds of leaked Stryker credentials on the dark web that they used, and then they were just using living off the land techniques that get widespread. So yeah.

We've never heard this before. Is Yeah. This is new.

So one of the things, you know, kind of, like, well, you're moving past Stryker. We have Verifone was hit, Eminet, Passgard was hit, Israeli transportation and logistics, number of things in as far as infrastructure. And then a whole bunch of universities were hit, Israeli journalists and academics as well. The reason why I'm I'm bringing this part up is cyber side seems to have been pretty light. I I I thought the amount of cyber retaliation from Iran would be a lot worse.

I don't think they're waiting. I think they've they're they're going This is it? Full bore right

now. Yeah. I think this is Yeah. I was about to say, I don't I don't know if they have, like I I don't know a whole lot about their internal organizational structure, obviously. But I wouldn't sort of pick them as one of the ones to like hold a ton of access back and sit on it for however long. Like, I would expect they get something and they go for it, is how I would kind of imagine that.

So other possibility by the way, we just coined a new a new person. It's Wade and Hayden.

Wade and Hayden.

And Hayden. That's funny. Wade

and Hayden. Wade and get branched.

Woah. But

so the other possibility is in the opening salvos of this attack, I wonder if they actually did hit some of their cyber offensive capabilities as well.

Oh, definitely. Oh, yeah. There's no doubt. 5,000 targets were hit. I mean, there's even like unverified tweets talking specifically about Also

talk about hitting satellite, like, they're they're trying to gain access to satellite infrastructure as well, like, the Iranians because of that. I thought I saw

something where there was there

was attempts at, like, Starlink and and other satellite infrastructure. So they probably did get hit from a backbone perspective of what they what they can access.

And it could also

be there's a lot more targets hit with that aren't saying anything from what

I've Sure. Feedback.

That's a good point. Okay. So that's funny. I did read, there was a rabbit, like, on the cyber security subreddit. There was someone that's like, this is beautiful. Every hack that happens from like the next few weeks, we could just blame on Iran. And the CBA shows I mean, they

I mean, they got their reputation really came from, like, Saudi Aramco. Remember, where, like, when that hack happened, and then the casino after that, it was like, wow. Like, and then anything anytime I remember during the first Trump administration when the general got taken out, like, the previous organization I was working at, we were kinda in the defense space, like, everybody was freaking out, like, were gonna retaliate and start, like, going after, because that's where they Like, they got notorious from those hacks, and those small little hacks, right, that they pulled off.

Yeah. Were they were pretty technically advanced. That's one of the reasons why I would absolutely see it as the first wave of strikes going after their cyber capability.

I don't think first wave, but second wave. I mean, again, seems

like Thousand in first wave? Yeah.

Yeah. Basically, that seems to be the general assumption is that if you have 5,000 targets, one of those is gonna be the one with the highest bandwidth, a blink or whatever. Right? Like, just go simple.

And there's also, like, a whole attribute of this, that happens. Right? We're just stacking a bunch of what ifs on what ifs, what ifs, which means it's all it's all bullshit. But if they did take out cyber attack infrastructure in Iran in the first or second wave, okay, if that did happen, that also tells me something. That they didn't need that infrastructure from an intel perspective.

What about That's about vice versa though? Iran. Go ahead. We haven't heard of any cyber attacks happening inside their local networks. Like I

don't think

as much as we've seen it.

Okay. No. That's not true. That's not remember, there was a lot of news stories that were talking about Iranian intelligence being able to pull together that the Ayatollah and all the top people were at a specific location. They were hacking traffic cameras.

I clearly state was heartbeat.

Because of Russian intelligence helping with that.

Go to Israel or Iran?

Against against Iran.

I hadn't I haven't read anything as far as Russia and intelligence against Iran. I have I have heard nothing So about it doesn't mean I just have missed it, I suppose.

The the theory behind that is that if with Iran blocking the straits, that oil is gonna be not be able to flow as quickly.

That makes

we've already seen that happen.

So yeah. Then the then the sanctions are loosened on Russia, so oil can come from Russia.

The enemy of my enemy is my friend, the old classic. I guess. That's right. Alright. That's probably enough geopolitical posture before we all back ourselves into a fake poly side degree over here.

Yeah. Great. Great. Yeah. What are you pulling fake, man?

We should talk about Wade's household management tool again.

No. We should We're gonna talk to why don't you you give us the documentation for your Kroger API tool So we can hack

it so hard. We're we're holding

that ransom.

If you wanna build me

a Kroger card, I'll order it. Nah. Nah. Nah. I don't think so.

Not not worth it. So let's talk about the McKinsey thing. Do you guys wanna talk about that? It seemed pretty high profile. It's kind of a it's not so this is nothing crazy, but this is, I would say, a current trend in cybersecurity.

Is this a

consulting company? Consulting? Yeah. Like they're they're

like big four but not

We sell in Hamilton. Mhmm. Yeah.

So Yeah. Big four but not. Basically, they had this exposed AI agent. They had an internal AI platform that Who knows them? They have they have 43,000 employees, apparently. Holy crap.

What's happened? Okay, bro.

This is, like, basically, this story has played out in a lot of companies, and so it's representative of the way things are. They built an internal portal. It's internal, so it doesn't have to be secure. Doesn't need a pen

test. No.

It doesn't need a pen test. And basically, exposed the chatbot and also, you know, long story short, there were traditional vulnerabilities. The cool thing from a web app perspective is that the the injection vector was actually the JSON key value, not the the or the key, not the value, if that makes sense. So like, would fly under the radar of most traditional scanners. But once they injected, it was like SQL injection, and then they convinced the AI to give out its system prompt and then, you know but basically, they ended up compromising the AI platform itself, which gave them, you know, all the prompts, which as we know, no one would ever put anything sensitive into an AI prompt, of course.

Articles.

Minute. Reading this article, the chatbot, Lilly, had been sitting in production for over two years.

Yeah. Yeah. They built this pre AI. They they basically built this pre Opus 4.6. It was like it was like the either the old version of vibe coding that was way less secure, or it was just built by hand because it was like an executive saying, hey, we need an AI tool, and then they just built it the old way, so to speak.

How could you build software by hand? I don't understand. That's not possible. You can't do it. What They

were doing it for decades.

In the before times. In the before times.

Okay.

They were called punch cards. Really?

I remember those. Use them.

It's how

they program by hand.

Well, dude, what's so scary about all of this is, like, you hire these sorts of consulting companies when you are, you know, like, the titans are the ones hiring these sorts of consulting companies, and you probably pay them a stupid amount of money to come in and do whatever it is they're doing. And so, when you look at, like, what they claim to have access to from hacking this chatbot, it's 46 and a half million messages, 728,000 files from, like, all of these potentially very sensitive discussions around these massive companies. So, you know, a lot of the, you know, biggest companies in the world, I imagine, would have worked with many of these consulting companies in many ways. And so it's just very scary to wonder, like, what is lurking within that context. It's just Oh, dude.

That's so bad. There's also the fact that how many companies did how many companies paid McKinsey to set this up for them? Like, at their own their own version of this? Like Yeah. Yeah. I don't know.

I okay. So so, you know, you know, putting my hat on of own a security company. Did you guys look at the disclosure timeline for this thing?

Yeah. It's pretty sketch.

Yeah. It's I not understand that McKinsey has a bug bounty program, but they went from, like, February 28 to March 9 was the public disclosure.

And Let's just say negotiations went south pretty quick reading between the lines.

It says that they patched everything on the second. And I this whole timeline just really so you know that the the stuff that we've been working on with Microsoft that Matthew's been working on, Corey? Yeah. So, he just sent an email to me and we've been working with Microsoft to try to disclose something that we think is pretty bad And we started out what in October? Corey? If I'm remembering correctly?

Something like that. September 30, actually.

So, we've been sitting on this, we've been coordinating with them, they flat out are ignoring us. There's nothing that looks and I could they probably do just fine. But there's nothing like I wanna hire these guys to come into my company. It just it also gets to, like, what is it? Bug bounty programs. They're associated with Hacker One on this as well. But, good night.

Like, this is very an ad, John. Yes. Like, this company is brand new.

No question. The domain domain for

this company is less than thirty days. I know that if I block Right? We have an ad that can pack other companies.

Dude, by the way, that's what every pentest company is

selling is a any

company, if you go to any company and they're about us, it's called the manifesto.

Take the development offline, and then block their API documentation. They waited seven days and then immediately published this. So they they got very pissy about their response and I guess decided, well, I guess we're done talking and decided to publish it. And almost to, like,

let's go. It's one guy and 30 agents, apparently.

Yeah. One of them is a very small mutt.

30 agents count as one person? Is that what we're going for now?

Is that the ratio?

Yeah.

Yeah. I think But this brings up, like, AI is beautiful for pen testing because

Yeah.

The whole

product, like everything we do is breaking shit. So it's not like building resilient systems and all that. It's like, I got a whole bunch of agents that broke this. It's like, yeah, that's that's what we do, unfortunately.

Yeah.

Not all of us. Yeah.

There's some good companies.

Well, and these days, we don't even need to break it ourselves. We can just have an AI do it for us. Mhmm.

Yeah. I mean, it's a two edged sword, though. For the companies I I mean, I definitely think for the companies who spun up their own like, we've even seen this for our clients, which, you know, obviously, McKinsey in this case is not a client, but the we've seen a lot of companies spinning up their own AI tools internally that are not secure. It's it's like a common Especially because most of them were built before there was like, five coding as we know it today, which is a lot better. So, yeah.

Bronwen shared the exact article I was about to mention too. Yeah. Yeah.

Let's let's move into great

Hayden. Great minds. The

the crazy the crazy thing about this, and I can't actually read this article because I don't subscribe to the Financial Times, is Titto. Just tells you that I'm poor. Because But yeah, basically, the article is basically confirmation that Amazon, at some point in the past, had an outage that was caused by an autonomous AI agent making a a decision on its own

I think there was

two led to an outage.

Do you need confirmation

for this? Two outages. Well, we wanted

it to be public confirmation. Right? I mean, we speculated. There was one what was it? It was there were two agents that were upgrading or updating DNS records that brought a whole bunch of shit down. And it's like Yeah. Okay. We know that's one.

Well And then here's the other one. Is it said they suffered a thirteen hour outage to a cost calculator in December because the engineers apparently allowed their Kiro AI to make changes. And the AI decided that the best way to fix whatever problem they were having was to delete and recreate the environment. So it was basically like, hey, this is so so busted, we're getting rid of it and building it again, which I this that's not production. Okay.

Everybody has to go back and rewatch all of Silicon Valley.

I was gonna

say the same.

Literally, the I

was gonna say the

song literally

Don't meet me, John. The Sunlands

where it's like, well, we told Son of Aintan to go through and remove all security And technically, the most efficient way to remove security bugs is to delete all the code.

Did someone order did someone order, like, a lot of meat? Like, a lot of meat. I I told Antoine to solve the food problem, and I I guess that's one way to do it. Yeah. I I I

mean We're

gonna have a lunch.

So okay. Like, on on a real level though, they have appear they're this is groundbreaking. Here's what they've decided to do. Require a senior engineer to review the change before it rolls into production. The CEO and getting, you know, pulled back and forth between like, alright, we're firing all the senior engineers, replacing them with them with AI.

I mean, it's it's just you have all these cost cutting opportunities in front of you and you see all these other businesses doing it. You have to do it from, you know, that mindset. You if you are not doing it, your stock will plummet because everybody else is doing it. Why aren't

you doing don't. They don't have to do it.

Market perspective though. They they shouldn't. Know. That's just

I was just reading an article over the weekend that was talking about Japanese businesses that have been around for hundreds of years, if not over a thousand. And their approach is entirely different. They don't worry about making a profit in the next quarter. They look at how do we make this company continue for the next hundred years, for the next two or three generations.

There's one big thing Bronwen's

forgetting. Impossible.

Japan has honor.

Right. Exactly. Right?

Like, dude.

I I I it's safe to say that, but that's exactly what it is. Like

true. Right? Like They're they're they're I mean, okay. Amazon

is I'm moving to Japan.

Amazon is, like, kind of the stand in for, like, anarcho capitalism in a lot of the ways. And so, like, arguably, you know, they their goal is to produce shareholder value, not to provide a service that's gonna be around for two hundred years.

Yeah. Exactly. Goal of any company is to do just that.

No. That's not true. The goal of a company

The goal of a c corp

they're constantly changing, adding in new technologies, building new things up. It's like the move fast and break things idea in Silicon Valley that started at Facebook. I'm sure that that makes sense as you're a young scrappy startup. When you're one of the largest companies in the world that move fast and break things becomes catastrophically dangerous. And AI AI helps you with that process, not in a good way, but it facilitates breaking things and moving fast.

Because that article says it it one of the changes took down their, like, their shopping, like, app for six hours. Can you imagine how much of potential revenue they lost in six hours of that outage? That is insane.

Pick. They end up in the same place.

I want slayer.

I want slayer. Yeah.

On that note, let's talk about the complete opposite end of the spectrum of company maturity, which is that, apparently, Maltbook, the AI generated by Can AI

this play out on the news for like two Like,

one AI plat Maltbook is an AI generated platform for AIs to be social with each other. And somehow, that got rolled into a company that got acquired by Meta.

Yeah. But So the AI again? Yeah. TLDR Meta just picks up my god. Cannot believe this.

I can't

make this up.

It it is insane. I mean, I okay. I don't know how much it doesn't say how much. Like, it's not clear.

No. They didn't acquire they just acquired the person who was running it. That's it.

No. No. No. Oh, really? No.

Yeah. Because I don't think there was any, like, actual IP. Like, they didn't, like it wasn't, like, brought like, I don't think they had this as, like, a registered trademark. Well, I mean, say, so I think specifically says they acquired Maltbook.

Okay.

Okay. You're right though. Ralph, you're Ralph's right. Reading between the lines Yeah. It specifically says, the MaltBook team joining MSL, which is Meta Superintelligence Labs, it's just So they're cooking OpenAI. Dude, MaltBook CEO, if this is your job title, you've done something in life. Mold Book CEO, Matt Schlitt, and COO, Ben Parr, two guys who could not imagine anything other than GitHub stars two weeks ago, are now being acquired or, you know, like, I I mean, It's amazing. Amazing.

Yeah. It's it's gotta be OpenAI hires what's his name? Peter or something?

Yeah. The guy who made open cloth.

And so Facebook's like, hold on a minute. Why don't we do that? And they're like, better one. We'll go get the guys that made the

Peter Peter

Steinberger was hired by OpenAI's Sam Altman last month.

Yeah. Yeah. Yeah. So Meta's just following suit. Yeah. Hey, we we want a lobster guy too. Let's get him.

Yeah. Everybody needs a lobster. Read

all the Wikipedia articles about AI and I do nothing but, like, regurgitate these words incorrectly in an interview. Can I make, like, one of these, like, 9 figure jobs in Silicon Valley? Because it seems I mean, could be a whole another business unit. It's like, BHIS made this much from this, this, but John's now over here at Facebook and he's making as much as the entire company. It sounds like a good gig.

Hayden and I will will write a bot later that will just scrape all of our podcasts. And if there's an idea for a business Yes. It's just gonna go off and make it, we'd probably we'll probably be done. Okay.

Joke? We're we're apparently, Claude, by the way, the next two weeks has, like, double usage in off hours and on weekends. So I did spend, like, fourteen hours on Sunday doing things with it.

Unrelated dude.

You have

a problem. You need to go to Claude's

anonymous online. Agent to help you. You probably could. There's a joke online that's pretty consistently come up where it's like, hey, AI is coming for everything. You have six months to escape the permanent, like, lower class.

And this is why I built my family organizer. Go to it right now.

Go to www. This podcast is just gonna become selfish will I of Over and over again.

I will be an angel investor for Wade and Wade and Wade. Oh, my goodness.

Well well, to your credit there, Wade, they did update the terms of service for in Meta, where you are responsible for all your AI's actions and omissions.

So So

llama. Alright. The way, there's already a Silicon Valley, like, reference that explains what that life would actually be like. You know how Big Head just gets hired and he doesn't have a job because his position gets eliminated? Yep. That's where these guys end up. There's no way that they're gonna get pull at

got paid to do nothing though. I mean, it wasn't that bad. I mean, they made

Well, is that the Peter principle though? You know, they've gotten promoted to their level of

Bagheti was Bighead was a little bit more than the Peter principle. I was gonna go back and rewatch that series.

I can't remember It's amazing.

Alright. So Well, if you think about topic okay. Go ahead. I was gonna Sorry. I was gonna segue.

I was gonna say on Bronwen's point about the Peter thing with OpenAI, that is a move from them to capitalize on Anthropic's mess up. So Anthropic said, you cannot use our tools with other services, which means OpenClaw. Meaning, if you use Anthropic, potentially probably the best model right now with your OpenClaw stuff, they could just permanently ban your account. And if they detect, you know, other devices that are connected to it, you could just totally pose yourself. So they OpenAI brings over the OpenClaw guy and explicitly says, hey, you can use our services for whatever you want.

Like, how many kill bots?

They could put behind it. Yeah. Exactly. I think in the Claude example, they were specifically talking about tokens. But they weren't saying you couldn't use it. They were just saying you had to pay the API price. Right. You have to pay the API cost. You're all like, your ultra package, which they heavily subsidize the token rate. So I think that's what they're Exactly.

to know that.

Real subtle. I I was just I was just gonna say my only point was that as soon as you ask OpenAI, it's like, hell no, won't do it. But you ask Claude, it's like, hold on to my beer, buddy.

Real quick while we're on the topic of Meta. Is an interesting one. So Meta, I I can't think of a secondary motive for this, but they they have announced that they're going to discontinue support for end to end encrypted chats. This is kind of a for privacy people. So this is something that they rolled out years ago in both Facebook Messenger and Instagram. Apparently, Instagram DMs. I did not know this had end to end encrypted, Like, I didn't even know that was a feature.

On the back end or something like

rid of it because the government asked for a backdoor, because they wanna mine the data, because I don't know. Who knows?

Oh, no. Nope. It's the kids. Look.

Oh, it saved

the kids. It's the kids, dude.

Yeah. Could've who could've predicted this?

I couldn't have predicted.

I will say on Instagram, I do think like, I'm not like a big social media person by any stretch, but I do think, just looking at the public discourse, it appears that most social media companies think the biggest threat is public sentiment about how unhealthy they are. Like, they're like, if you look at the ads for TikTok that that rolled during, like, the Olympics or during the Super Bowl, it was all like TikTok is you can have tons of control over it for your teenagers. Like, and then Instagram rolled out, like, teen accounts, like and Discord's rolling out teen accounts. Either there's this is regulatory, like the government, they know the government's coming for them because of the whole laws around age verification, whatever, or they're just worried about public perception of parents or whoever's the decision maker deciding that social media is bad for their kid and taking it away. So like, it seems like this could maybe be a push towards that of just letting them monitor people better and, you know, that's kind of their whole business model, to be fair.

I mean, that could be an excuse. It almost definitely is because the advertising company wants more data to advertise off of. And so end to end is always gonna be, like, even if it's a government thing where they say we want a backdoor, like, oh, no. That sucks. Sorry, guys. We gotta put a backdoor in, and then they can mine all your chat. So expect the DOS update soon, too.

I think there's a lot

of Yeah.

It's maybe not just The US, but there's a lot of countries that have been locked, like, basically, like, forcing these social media platforms to get more aggressive with age restrictions. So I think it's probably that, Corey. Like, what you were saying is is they're probably just advertising to the parents and and other folks. Yeah. Oh, look at what we're doing. We're helping the children and

those kids.

Yeah. I and I

the firm for the We handle regular privacy. How are we gonna handle privacy against dealing with children?

We've seen it with Australia. Right? How Australia banned kids, I believe, 16 doing social media and then that's starting to go everywhere, which Well, probably hate to I'm a big fan

of attitude. I'll tell you that.

Yeah. I'm not investing in your story.

We can

get there with this attitude. Courtesy of EFF. Watch your mail.

Yeah. So the I guess, like, just to clarify and wrap up the story, it is there also I doubt this was used by that many people. This is kind of a niche feature on Instagram specifically. And apparently, Messenger still has it. So, like, for now, there is still an end to end encrypted chat on Meta. How long that'll last? I mean, if it were me, I'd be like, let's move to a different chat. Like, the Yeah. Clearly, it the writing's on the wall here. This isn't gonna last forever, I think.

But I mean, you know, a chat I realized recently, not Discord DMs, but apparently, Discord, like, voice channels or, like, voice calls, specific ones are end to end encrypted, like, by default, apparently. It's just a thing, which, I I mean, I guess so. If you're calling from a SCIF, is it end to end encrypted? Is that how it works? Yeah.

Think if

you use Discord in a SCIF, you get fired.

Yeah. I don't know. I mean

He just left.

Yeah. Dropped my

pen. There's also, you know, we there's not really an article for this, but basically, there's some Reddit type researchers that are essentially uncovering a conspiracy that Facebook or Meta is lobbying for age verification laws, and is like the they're the ones behind it, like, who knows how true any of that is. But basically, it's, you know, we'll see. Stay tuned. Stay

I've gotta be honest with all this stuff. It's like, what's the most evil, like, thing that we can as ascribe this to? And it's like, that's probably pretty close. Like, how are they gonna make more money off? So

Yeah. Yeah. On a, you know, on a different note, in Europe, they passed this thing called chat control that apparently basically blocks mass surveillance of their, you know, messages. So there's that. But anyway, what else we got? Anyone have any articles they wanna talk about before? I know we're kinda close on time. So what what are people what what's what's on your mind, John? You got a good rant for us?

I've got no rants, man. I I I've been like, last week, it was bad. I don't know if you guys saw the picture from Steve, but, like, I literally was screwing, like, through the wall to get my Internet up before the show.

Mhmm.

Got it up, so I'm happy about that. But it's been a good week. I don't have you know, everything seems to be going okay.

Alright. Well, then it's time for the Threat Intel analyst competition. No. I'm just kidding.

No. And now we're gonna have tryouts.

Tryouts. All of you can also have a job, even though all of you already have a job. Yeah.

Did you see Michelin had a breach?

Oh. Which oh, dude. Did I get my star? Did I get my star?

That's exactly where I was gonna go

with it. That's true. Was like, did you do

you think the star information got released, like

Yes. Like, the reviews, like, the back reviews, who they are. Right?

The back reviews are. Stinky.

I was like, bro, I can't

get star. Let me just hack it.

I had something really cool that it's actually not, like it it came out last month, but Cisco Talos, here, I'll throw it in the chat there. Oh, let's go. This DoDoor malware. So I've been talking about this technique for since I've been teaching my class about how DNS can use, like, case sensitivity in the character sets of the DNS record. So what these threat actors were doing in this in this malware and and and and really what I kinda talk about in my class is is really how you can use it for, like, cohort channeling.

throughput should be enough. If you need to exfiltrate 20 petabytes, it should take between fifty to eighty four years.

No. You're you're absolutely From a from a from a pure, like, data exfiltration perspective, you're right. But think about it like like the Sunburst malware from SolarWind. Right? They were essentially, the malware, like, slept for two weeks and then did some internal reconnaissance and then did c name DNS resolutions with an encoded value in the DNS record to say this is what the environment I'm in.

That's so cool.

The actual FQDN itself.

I see and that that, you know, that that stuff is so cool. Like, looking for different c two channels. Because it kind of reminds me, of course, you got DNS cat too by Ron Bose, but, like, the old covert TCP days where you're exfiltrating things out of, like, IPID initial sequence numbers. You know?

That's

You know what really sucks about this for Zeke is Zeke lowercases the entire

record when

they say all the whole

entry in the DNS log. So it removes the case sensitive, like it lowercases the case sensitivity of the record, and it puts it in the DNS Now

And they do that specifically for compression. Right? Like they're trying to make it so it's like to reduce file size, if I remember correctly.

Yes. They do some silly stuff for various reasons, but yeah.

Somebody needs to patch that.

I do like that you took the challenge seriously and you actually tried to do it.

No. You did. What? No.

I'm not gonna be noting like class or anything like in a couple weeks, but I

actually do teach a

student how to write a custom deep script, they actually get that value out and put in your DNS log.

Alright, Troy. Give us your point. This is the perfect time. What are you doing later this week or later this month that we need to know about?

So next week, I believe we have our SOC Summit. We have a bunch of folks here that are actually gonna be presenting. I'm gonna be presenting a introductory talk on getting started with Yara, detecting malware with Yara rules. And then after that, I'm going to be teaching my network forensics class March.

Nice. And then, Dan, you're also doing some stuff as well?

Yes. So next week, I will be speaking at the SOC Summit as well on Sigma rules. We're gonna go over what they are, how they can benefit, and we should be creating one by the end. And then the week after that, on the four first, I will have a talk on soft skills, sock tickets, and how to create them that are not only helping you, but also helping clients understand what you're trying to to get across.

Nice. Nice. That's yeah. That's awesome. And then I'm assuming Wade, Hayden, does anyone else have anything else?

My talk is on why Sigma rules suck and why not to use the nouns.

And my talk is Sigma and Yara are dog shit and why you shouldn't

use them. So it should use Sentinel instead.

They suck and that's why you should use the PHIS SOC code. Yeah. Use them for you. Don't worry.

Yeah. Exactly. Use AI in a single pane of glass and magic.

And it will solve all of those issues. Yeah. It just won't solve the tokens. Wade, you do have a talk though. Right?

Yeah. Mine's like augmenting detection engineering and like how using your current practices in order to use AI to make yourself better detection engineering. Nice. It actually I'm doing some in May too. You guys are doing it right now. It's the same Not as

flashy as sigma rules, but

It's not

as sigma. Flashy as sigma rules. No.

Dad with this this top hat monocle. No.

I have have another talk in May that I'm doing though that I just came up with the idea for it, and it's how to read the news how to read the news better as for security. Right?

Dude, I need to go

to this talk.

We need that

everybody. That's my Socks Summit talk.

Should do Well, no, your sock summit talks like intelligence. It's to intelligence, but it's like the look for biases to understand what biases are out there.

Okay.

To like track back the news article to the source. Right?

A lot

of times when read these articles, it's

Why does it News Weekly. Russia. I don't know. I don't know.

I I gotta say, like, I mean, it seems like we really do need to have, like, an an a CTI threat analyst, like, Thunderdome scenario. We have so many heavy hitters on these podcasts.

My talk is literally how to take CTI and turn it into detect.

We can call

just like, I can pen test a box.

Yeah. But, at any rate, you do need to get registered for the SOC Summit because I think the max we can technically handle is 5,000 and we're gonna hit that. I'm really excited like the registrations are are fantastic for the SOX Summit. So it just shows I guess it shows that security is not dead. Who knew? I really gotta do those slides.

I had my agent sign up for like three slots, so

Nice. Wait, really?

Make sure they all sign up for my workshop too.

Dude, I'm I I can't wait to read about I can't wait to read about it on openclaw.sketchywebsite.gov or whatever you're gonna link to.

It's like, Ralph? Your clawbot gets your aliens to get a credit card to use?

Yeah. Exactly.

Yes. My AI generated family will be all there. No.

Actually, I just I just asked them to find a coupon code that would work, so

Oh, no. Oh, man. Oh, no. Alright. Any other final articles? I I yeah. I mean, I think, I mean, we covered it. I I feel like we're good. Bronwen posted an article, but I can't click it. It appears to be a fish.

No, Bronwen.

Hey. Blame Brian. Don't blame me. Blame Brian. I wanna It's an Australian one.

What do you blame Brian?

This is more AI than it is security, but Hank Green did a video on

this. What

is this?

Someone made a vaccine for their

In a guy in

What about

Australia made a cancer vaccine to save his dying dog using AI supposedly.

Okay. Explain. I don't believe that. Maybe just watch that. Just

watch No. No. Here. I got a I got a ten minute YouTube This is out of scope.

It's out of scope. We're selling this out

of scope.

They want us to talk about it.

Don't fall for it.

It's out

of scope. This can't be real. I don't have any CRISPR printers in my house. I don't know about you guys. Oh. Yeah.

No. It I so I guess it was real. I guess it just made the cancer, like, size smaller, so it wasn't like a cure, and it was just, you know, it it was just kind of using this tech to to do from a science Trek? Yes.

That doc This is a really weird this this is like a really dark joke, but the reality is I feel like we're gonna cross a point where AI is just gonna say, no, we the we deleted the problem. Like, you you go, you know, remove yourself from the world. Right? Like, we

actually have Parts of you that had problems.

Yeah. Right? Like, that that's that's my concern. That that's Your think

liver was failing, so we decided to rebuild it just like it's this

I deleted that database for you. Like, do we really trust that AI understands, like, how the how a live thing cannot just be recreated like a production database that it dropped? Like, do we really think it believe it understands that?

Well, how many times have we covered the fact that artificial intelligence isn't really intelligence?

I I

don't know. Bronwen's been saying this bubble's gonna pop for the past, like, three years now. And it still hasn't popped yet.

It's coming.

I have not been saying it's gonna pop in for years.

It's coming. Has been she's been our AI advocate at BHIS. Wade, you take

I've been to multiple AI Bronwen talks. Alright? I I I'm probably one of the few.

Wade has a home organizer dashboard thingy now that he's gonna sell

to Now you're bringing shit to pre show in. That's what I'm saying, Hayden.

Wade. Alright. Let's wrap it up.

Let's it up.

We're trying to

figure it you, everybody. We'll see you next week.