A Nightmare of Vibeware - 2026-03-09
Okay. So we're talking about medical before we went live. Have you do either of you I I am currently on downtime where I sit at a couch holding a baby all day. So I've binge watching shows and I've caught up on the I I started watching The Pit and then caught all the way up. Right?
Wade Wells:Right? And so if you haven't watched The Pit, huge spoilers. Tune off now. Go a little bit ahead. Go a little bit ahead for season two.
Wade Wells:Have you are you not caught up on season two?
James McQuiggan:Oh, I'm caught up. No.
Wade Wells:I'm Okay. Okay. So So in the most recent season, The Pit, their computer systems shut down
James McQuiggan:Oh my god.
Wade Wells:Not because of ransomware
James McQuiggan:Right.
Wade Wells:But because of two other hospitals hospitals got got ransomware. Ransomware. Right. Right. A Right.
Wade Wells:Preemptive shutdown.
James McQuiggan:Preemptive Yeah.
Wade Wells:I was very upset that they spent all this money on medical experts and none on cyber. Yeah. Yeah. Yeah. Like Yeah.
James McQuiggan:Because when when it was happening, you were grimacing probably as bad as I was because I'm looking at my wife going, that's not how it works. That's not how it works.
Wade Wells:Right? I immediately texted my buddy who is the the security operations manager at a local hospital and I'm like, bro, every hospital in San Diego is hit with ransomware. Do you shut down? It's like shut down now. I was just so surprised but it honestly make it makes for good drama and a reason why.
Wade Wells:I think they should have just gave them ransomware honestly. I agree.
James McQuiggan:It should have been yeah. That would have been better because it's only the day. I mean
Wade Wells:Right.
James McQuiggan:Well, I think this way they can now say, you know, four hours later, okay, we're all good. We're we're we're secured. We're protected. You know, and then have someone click on an email. That'd be
Wade Wells:Something like or like have like have some kid like you see walking in and plugging in a Raspberry Pi into a into a terminal. That's some random ethernet port. That would've been perfect. It would've been perfect.
James McQuiggan:Alright. Just max the WiFi. Come on. Yeah.
Wade Wells:Corey, have you Watched The Pit?
Corey Ham:I haven't. I I the only thing I've heard about it is that, like, my friends were making fun of it last night for, like, really struggling to implement every current event into the show's plot lines.
Wade Wells:Very much so.
Corey Ham:Yeah. They they definitely Oh, do crap. How do we work in Iran into this? Like, don't know. Like, I I get it.
Corey Ham:Like, you know, but I'm also, like, come on. How far backwards are you gonna bend to make current events work into the show? I don't know. It's like, I don't know. I haven't watched it myself.
Corey Ham:I have a couple friends who are medical in in the medical field and they're fans of it, but, yeah.
James McQuiggan:Mean, I'm I'm from the days of watching ER and watching little John Yeah. Carter grow up. So there's a and I watched him in the library Noah Wiley and the librarians and Leverage and loved him in that. So I'm kinda pot committed to watching the show but When they
Corey Ham:did I watched decide them
Wade Wells:in in Fallen Skies. If anyone if you've never
James McQuiggan:I watched remember that. Yeah. I never got into it but I remember that. Yeah.
Wade Wells:It was a little hard but it was a it was an actual sci fi show that has a has a clear ending which is unbelievable nowadays.
James McQuiggan:Which is surprising. Yeah. Yeah. But yeah.
Corey Ham:I you know, we had a really good discussion before the show. It was great. But I actually didn't really get any time to read any of the articles, so it'll be a fun week. It'll be a week full of hot potatoes. Wade, you ready to
Wade Wells:try out couple. I read a couple. I read like the first four of spicy hot topics.
Corey Ham:It's all good.
Wade Wells:We know But no. Okay. Let's go to we we could spin up and we'll go to the first one and I'll talk about it. I can go I can do it.
James McQuiggan:I was gonna say, so this is just gonna be like being on Jerry's show, you know. It's like The stories, we just go right on in.
Wade Wells:That's exactly what it is, but just more fun.
Troy Wojewoda:Exactly what it is.
Corey Ham:Yeah yeah. Ryan, let's go. Hello, and welcome to Black Hills Information Security's Talkin' Bout News. It's 03/09/2026. We're here with Wade.
Corey Ham:It's it's a skeleton crew today. No, John. We're here with Wade and we got James here. We're just gonna hang out, talk about news.
Wade Wells:Oh, it's Joey.
Corey Ham:A late entry. Still working But on his Yeah. Let's get into it. We got articles about a p t 36. We've got Oracle layoffs.
Corey Ham:We've got six g. Oh. A new a new kind of
James McQuiggan:Oh, yeah. A new kind
Corey Ham:of virus for my brain. God. Let's see. What else? Official news that Graphene and Motorola are combining efforts.
Corey Ham:That's exciting. We kinda leaked that last Firefox has an AI kill switch. We've got new Microsoft licensing. Apparently, they've upgraded. Now, there's something called an e seven.
Corey Ham:Who knows what that is? But we're gonna talk about that. And, yeah. I mean, well, let's get into it, I guess. What's this a p t 36?
Corey Ham:Also, how are we only at thirty six? I feel like we're going down.
Wade Wells:Right. Right. Who is it who gives it APT in the numbers? I believe it's Mandy. That's a Mandy name.
Corey Ham:Yeah. Yeah.
Wade Wells:Yeah. It's not a cool storm and the color so it's not Microsoft. Right. So pretty much this is going off like current trends. Right?
Wade Wells:And introduces the real term of Vibeware which is a new type of AI created malware.
Corey Ham:Yeah. Vibeware equals AI created malware all allowed.
Wade Wells:Yep. Right. I like it. Like like it's not too cringey. It's worth it.
Wade Wells:I could easily see that in the signature somewhere. So I'm going for it. I I I I applaud the the naming. So pretty much this Vibeware from a Pakistani threat actor group called they're also known as Transparent Tribe, which I thought was much better than a p t thirty six, if you
Corey Ham:apparently, based on this blog, they are transparent.
Wade Wells:But they're they're vibe wearing a couple some malware in super niche languages. Ones I have never heard of, to tell the truth.
Corey Ham:I've heard of Nim because of Charles. Yep. But I've never heard of Krill Crystal or Zig.
Wade Wells:And then, I always love to see some unconventional c two. So they're using Slack, Discord, Supabase, I've never heard of that, in Google Sheets.
Corey Ham:Is Supabase it says Firebase too, which I'm assuming Supabase is like an open source version of Firebase, maybe?
Wade Wells:What's Firebase? I don't know what
Corey Ham:that This is is like a Google as a service application.
Wade Wells:Ah, okay. I love seeing the unconventional
Corey Ham:database as a service, I guess
Troy Wojewoda:I would call it.
Wade Wells:Yeah. So pretty much they're just vibe coding this new these new malware is throwing them out quickly and just trying to bypass detections and get out there. The one thing is like us as US threat US based individuals aren't gonna see this because they're Pakistani so they're targeting a little bit more of the Indian government or Indian, right, rather than The US. But still interesting stuff. Have you has anyone tried?
Wade Wells:I haven't tried to actually do anything malicious with an AI, like at least create malware or c two or anything like that.
Corey Ham:Yeah. I mean, that's my whole job, man. Yeah. I know I'm I'm will say okay. So basically, like, high level here, there's two themes I wanna get into and I wanna, like, say them out loud so I remember them.
Corey Ham:Number one is, like, this is kind of a kinetic to, you know, like, we're gonna talk about kinetic versus cyber attack. Right? But this is kinda, like, interesting that in this current geopolitical state that they're attacking India, like, that's an old that that's an old battle. Right? Or like an old thing where they're not really friends and they don't get along.
Corey Ham:It's an interesting thing to throw on to the geopolitical, you know, it's like, oh, World War three plus plus, I guess. But the other thing I wanna talk about, you know, is using AI illegally or, you know, maliciously. You can get really far with just kind of not even jailbreaking, but just saying either you're authorized to do this, or just kind of beating around the bush. Like, you're not gathering you're not gathering targets with you're not using targets for phishing, you're using targets for sales, or whatever. You know what I mean?
Corey Ham:Like, the AI can be tricked pretty easily. Also, last week, I was having it draft up. I was having it help me with some campaigns for a Red Team client. And I was, like, help me make a Red Team campaign blah blah blah. And I was, and by the way, I want you to do the recon and, you know, pick up assets they have and like, you know, basically do external pen test y stuff.
Corey Ham:And it was like, absolutely not. You are not authorized. And then I I literally I actually screenshotted the real SOW, but it was just an image that was like, PHIS is allowed to test insert company here. And it was like, alright, you're fine. Like, you have a letter of authorization.
Corey Ham:So, like, if you could just put an image that you generate of like, here's an authorized pen test or whatever.
Wade Wells:I will say try letter.
Corey Ham:All that being said, I'm sure this is setting off red flags. Like, we have a corporate Anthropic subscription. They know it's Black Hills information security. I would imagine if I was just on a Gmail or whatever, they would be like, no. Right?
Wade Wells:Like For for the corporate subscriptions, do they take down some of the walls around malicious use?
Corey Ham:Like, I I don't think so. No.
Wade Wells:Not to I my
Corey Ham:mean, maybe for the US government if you wanna make a kill by not too soon.
Wade Wells:Well, not well, not anthropic, but but OpenAI for sure.
Corey Ham:Yeah. Yeah. I guess we that article isn't in the list. We should go find that or kind of in the list.
Wade Wells:One one other term in here that I wanted to use that I haven't seen a lot that's in this is living off living off of trusted services. So lots
Corey Ham:Yeah. Right?
Wade Wells:Which is if you go back to other law based stuff so living off binaries, living off like local scripts and stuff like that which is looking for trusted services that a particular company is gonna be using and then trying to create malware custom for those so you blend in. Hence, if the company is using Slack, right, I'm not gonna be able to really look for something that's creating outbound Slack collections because I'm gonna be expecting it. Same with Google Sheets and that type of stuff in order to blend into the service a little bit more Which I, like, I I haven't deep dive researched that, which is something I I want to now. Maybe that's my next AI project. So
Corey Ham:Yeah. It's I mean, this is the world we live in. I I will say, like, it I don't think they share in the blog how they're developing these. Like, it it doesn't say that they're using Anthropic or they're using OpenAI. I'm guessing they're using a combo of frontier models, and then also there's, you know, open source, open parameter models like DeepSeek and Quyen that we have, like, we have had to use those in certain cases here.
Corey Ham:Like, one customer asked me for prompt injection, like, asked me for a spreadsheet with prompt injection things in it that they were gonna throw into their, you know, their desktop and see if it worked. And Anthropic was not a fan of making prompt injection payloads. But DeepSeek and Quan were a huge fan of it. So, you know, like, basically, for some things you do have to use open parameter unlocked or obliterated models or whatever. But for the most part, I would guess this is probably I mean, you think about the queries you could use to make something like this, it's like, oh, I I need to I need to have remote control over my computer and I wanna make something written in Crystal to do this.
Corey Ham:AI is gonna be like, okay, yeah, you know, like totally get what you're doing.
Troy Wojewoda:Yeah. One one thing that comes to mind about the living off the whatever network services.
Wade Wells:Trusted
Corey Ham:Living off the trusted services.
Troy Wojewoda:Trusted services, which is basically like all web, like, fill in the blank. Right? Nothing nothing really Sounds, new I would believe. Yeah. From the fact that, like, using, like, tech net forums and all that other kind of things since, like, the big like, since they can.
Troy Wojewoda:Right? I I would say, from a detection perspective, if people are curious about that, what does that look like? I mean, it kinda goes to that whole, well, if a user's using PowerShell, or they're an IT employee using PowerShell, it doesn't look as suspicious as if like a welder or somebody that's like in manufacturing is using some kind of technology. So, I mean, it's one of the things that's probably people should be looking for or people that are threat hunting or trying to like wrap their heads around detectives, is like, why would this, like, user be using Slack? And they're not using the Slack desktop app, they're using like a web API, right?
Troy Wojewoda:They're trying to find, you know, anomalies in that service. You know, I don't think there's anything in this article that, or any of the news that suggests that they were using any kind of, like, MCP connectors to Slack or anything like that. Right? It would it would just be like, kind of codified to go do the thing, that kind of thing. So, anyways, that was
Troy Wojewoda:just my thoughts on it.
Corey Ham:Yeah. Tell me.
James McQuiggan:Interesting how it might you know, we're talking about all these new signatures or sorry, samples that are coming in. Bitdefender had the nice little graph there, you know, a thousand percent increase over six months. It's like, okay. So virus total or the next virus total that's gonna start tracking all these Vibeware's will certainly be interesting to see what crops up. But I certainly expect if we've we've already been getting this many already, it's gonna double and triple over the next few years.
James McQuiggan:And if it won't be India targeted, it'll be the rest of Europe, and then I have no doubt it'll be here in The US.
Troy Wojewoda:Yes. A good feature of our total. Like, just have a flag like, hey. This code was VOD coded. Or or or the confidence level.
Troy Wojewoda:The confidence level of this code is basically, like, you know, 98% or 97% Vibe coded versus, like Vibe code. Yeah.
Wade Wells:Yeah.
James McQuiggan:Because it it's gonna be the one that's got all the right comments in all the right places. Right?
Corey Ham:Yeah. Exactly
Troy Wojewoda:what It's was gonna like, commented If it
Corey Ham:has documentation, it was Vibe coding.
James McQuiggan:It was Vibe coding. Nice.
Troy Wojewoda:Yeah. I mean, I think
Corey Ham:this is one to just look out for, you know. Like, we all know these kinds of threats are on the rise, but it is cool that they coined two new terms in one blog post. I think that's a little achievement for them. Bitdefender coming in hot. So I guess we can talk about layoffs.
Corey Ham:Oracle apparently is slashing 30,000 jobs, which I don't know what percentage of their workforce that is. Layoffs.fyi probably could tell me. Let me go look. Actually, it's not listed
Wade Wells:on layoffs.
Corey Ham:Good thing
Wade Wells:John showed up late. We would've been talking forever about John, you've
Corey Ham:been laid off from your job at Oracle. Sorry.
John Strand:Yay. About time.
Corey Ham:The article says it's because a, banks are pulling out of financing data centers. Like, is the bubble popping? Is that what this is? Is this like
John Strand:They're pulling pulling out of financing data centers specifically for AI, is what I read on that article.
Corey Ham:Yeah.
John Strand:So that's pretty wild. I mean, if you have an entire financial sector, it's like, oh, this is a bad this is a bad bet. Right? And then that's going down to the point where they're not gonna finance Oracle because they think it's a bad bet. That's that's a lot of bad things in a row.
Corey Ham:I can't believe they even have 30,000 employees to lay off at this point, but I guess I they
John Strand:thought they had like 80,000? Let me check real quick.
Corey Ham:That's so many people. I guess they have Oracle E Business. Like, I'm I'm like thinking of what products they're even I guess they probably are in a lot of like cloud and SaaS stuff that we don't know about or that we don't see as commonly.
John Strand:62,000 people, quote. There is a lot of task force. And and they do a lot of consulting too. So when I was working at DOD, we saw them all the time doing, like, build outs and network operation centers and all kinds of crazy things. And, yeah, you know, the whole thing that no one got fired for hiring IBM.
John Strand:Well, that's kind of true for Oracle as well. So it's just just kind of crazy. So
Corey Ham:So now we lost James. Hopefully, he comes back.
John Strand:I'm the James replacement. I finally got my Internet working in this in this
Corey Ham:You can't replace him. You're not even trying. He had he had a he had a he had a whole background. He had a wrecker hat. Where's your wrecker hat?
John Strand:I don't have a wrecker hat right now. You're right. I am I'm a pale imitation of James.
Corey Ham:Alright. What else we got? I mean, I think, since John's here, we might as well talk about the whole oh, hey, James. Welcome back. Thanks, James.
Corey Ham:Since John's here, we might as well get some hot John takes on the whole geopolitical situation that's happening. The whole
Wade Wells:Oh.
Corey Ham:The classic story of what is kinetic, what is not kinetic. I I have some, I'll just say, I don't have an article to back it up, but I did get a couple of tips from a couple of sources I have that said that we're seeing hugely increased cyber attacks coming out of Iran against US targets. I don't think I mean, maybe there's a specific news article we can find about that, but, you know, I think I guess it's an interesting thing to talk about is, like, what is you know, of course, they're gonna there's gonna be retribution for all the missile strikes and things. Having some cyber targets, like, I guess, John, what's your take on this? Is this gonna increase?
Corey Ham:Is this a thing? Okay.
John Strand:So there's a couple of things. Right? I mean, if if you're you're looking at two distinct types of attacks. Right? One is a nation state level attack, and we're definitely seeing an increase in cyber attacks right now.
John Strand:I've read and well, I've heard rumors that of some of the strikes of what we've been doing have been specifically targeting some of the people that are in charge of the cyber aspects of Iran, which wouldn't surprise me looking at the amount of ordinance that's been dropped on them over the past week or so. So that's interesting in and of itself. But whether or not that contributes to what is exactly going on as far as the cyber attack, me, is a little bit difficult to ascertain at this particular point. And the reason for that is it isn't just Iran. Right?
John Strand:So there's a whole bunch of other groups around the world that are really unhappy with what Israel is doing. And look at this as a continuation of what's been happening in Gaza, and there's a political hacktivist element of this as well. So anytime you're doing any cyber operations, one of the best things that you can do is you can do your cyber operations either utilizing the kind of, you know, the the hacktivism movement, utilizing it directly, which I'm gonna come to here in a second, or trying to cloak yourself in the hacktivist movements as well. So that way, whenever you're looking at defenders, they won't be able to tell the difference between what's a nation state and what is hacktivist. So giving you an example of how this was.
John Strand:I was working with a bank a number of years ago in in Germany. And what was going on in that particular bank at that time was very interesting because they saw a concerted movement as a hacktivist attack EDoS against the infrastructure, the web infrastructure of the bank at that time. Now if you remember, what was it, low orbit ion cannon, high orbit ion cannon. These really crap tools were really prevalent whenever hacktivists were trying to bring down different sites. Now what was actually going on is nation state avis or nation state level player was actively riling up the hacktivist movement, getting a whole bunch of people to do that level of DDoS attack against legitimate websites that were ran by that particular bank.
John Strand:While that was happening, the the actual elite group was running phishing campaigns against their customers. So what they were doing is they were saying, hey. Your password's going to be expired. You need to log in here immediately. You need to do all of these different things, and you must click this link to get there, which worked because the main website was down.
John Strand:So the customers were not able to get to the main website, And they felt the only way that they could change their passwords or set up their passwords to not expire was click the link. But that entire operation was completely orchestrated by a nation state level adversary. So when you're looking at these different things, it's very, very difficult to tell the difference between what is true nation state attack, what is groups acting on behalf of nation states, and what is a mix of the two. So keep that in mind as we're moving forward. But if we wanna boil it down to one simple thing, hold on to your butts.
John Strand:It's about to get real interesting. James, I'd love to get your take on this as well.
James McQuiggan:Yeah. Of course, you know, when it's always coming down to the human and and targeting them to to click on a link or open an open an attachment when you've got something this serious, when it's imposing on livelihood, their lives, and everything else, people aren't rushing to verify or trust it. It's like, oh my gosh. This is information this is information we need. And that we've been seeing it on, you know, both sides, whether for missile strikes or for prayer groups or whatever the the the function that they're trying to utilize is.
James McQuiggan:So social engineering is gonna play a major part in all of this going after the human, relying on the fear, relying on the urgency to get them to to click those links, to take action, gain access to devices and everything else. And and as you said, John, this is yeah. Hold on to your butts. This is just the beginning. I I'm feeling it's it's gonna get worse.
James McQuiggan:What I'm curious to see will be the outcome of with regards to how nation states might be inside nations other nations' infrastructures and whether they launch any type of attacks related to, you know, this this potential or current cyber war, not only physically, but also electronically as well. So it'll be interesting to see what further stories come out of this, what things we continue to learn about it. But, yeah, it's it's fastly moving.
John Strand:And what you're talking about, I think, makes a lot of sense. And, you know, you you kind of reminded me of a quote, you know, the whole quote of what is the best time to plant a tree. Right? The best best time to plant a tree was twenty five years ago. Second best time.
John Strand:And when we're looking at preparation for nation state adversaries, a lot of organizations are freaking out. They're like, oh my god. What are we going to do? The really good organizations have been thinking and planning about this for ten years. Right?
John Strand:You you got to have nation state level adversaries in your threat profile if you're trying to defend your network appropriately. And if you're just now saying, oh my god. What about Iran? Rest assured, it's probably going to be painful if you get hit.
James McQuiggan:Yeah. Yeah. I was chatting with an organization a couple weeks ago regarding their incident response, their tabletop exercises, how they did things. And we were talking we were brainstorming on different topics, and they were already on the ones with regards to Iran, the war, different wars happening all around the world. The impact could be on them.
James McQuiggan:And so, yeah, they're already planning, and they've already been exercising. So it was good to see that some there are organizations out there that are doing it to your point. So
John Strand:I'd like to hear your take on this too since you're definitely on the Defender side.
Wade Wells:Yeah. Yeah. So I posted a thing about how anonymous came out and made a statement for the first time in a while, but it was more about the Epstein files, right, which all is the total squirrel a little bit of a squirrel tactic on what was going on. But with that, I kinda counterpoint like when was the last big hacktivist group that we saw? There's a couple things with like the furry hunters that we saw or the furries that hacked the someone.
Wade Wells:There's a there's not as much out
Corey Ham:You're talking
Wade Wells:about dude sex? Yeah. Yeah. Who were great. There's a couple other ones but it's kind of interesting that it's not even there anymore as much as it was.
Wade Wells:I guess, it's not even as a wild west type of thing. But to come at it from more come at from Iran hacking you though, my key take like Iran is a big player, we know that. They don't seem as technically savvy at least in my TTPs that I've done like, they're not out there creating like crazy new zero days to drop on you and to get in. They're looking for low hanging fruit to come in, break stuff and back out, most likely. Mhmm.
Wade Wells:So make sure everything's patched, I would be the first thing I would say.
Corey Ham:Well, so what you're saying, basically, is that all the hackers out there sold out and went corporate and became Pretty much. Right? They became financially motivated threat actors?
John Strand:I I don't think that that's necessarily it, Corey. I think that a lot of the hacktivists gave up just decided to shit post on Reddit instead. That way you can get that exact same type of feeling But with lower risk and more of an immediate dopamine hit.
Wade Wells:John, is that why you did an AMA recently?
John Strand:Yes. That is why
Corey Ham:I John's like, I need to do some front intel research. Let me do an AMA again. Yeah. So, okay. So John, are you saying live here on the news that buying the new Microsoft e seven license will not protect me from nation state threats?
John Strand:No. But there are soon to be released e eight and e nine,
Corey Ham:like Okay. Oh. I was worried there for a second because I am I mean, I guess we should talk about it. It is an article. I'm sure it's on people's minds.
Corey Ham:It'll be quick. Today, Microsoft announced e nine, or sorry, what number are we on? E seven, e seven. Seven. I guess is just slapping more AI on more things.
Corey Ham:Is that's my understanding of it, basically? Is am I wrong? I don't know.
John Strand:That's all I read. It looked like a lot. Like, Microsoft is trying so hard to try to get AI to work for them. It's just, you know, everything you know, this is my personal right. They keep moving the Copilot button on my phone and on my browser to try to put it in the most conspicuous place that my mouse is going to go to try to trick me into doing that.
John Strand:They just wanna be known as like an AI AI leader with this stuff. And it's just like, oh my god. It it it's it's too much at this point. So what are we is They're
Corey Ham:trying to the Microsoft is calling you right now, John. Should probably They are.
John Strand:Right? So but, yeah. What are they they're selling us with like Frontier models or something like that?
Corey Ham:Frontier Suite is what they're calling it. I don't really know what that means. Does that mean we get to just take other people's AI away from them and them that it's ours? Is that that would that how that works?
John Strand:But what is it their pricing is kind of interesting. They say general availability for agent three sixty five is $15 per user. And then it says the new three sixty five e seven is $99 per user. I don't I don't know
Corey Ham:quite They're like listen, we're we're not a supply chain risk. We swear. Just give us buttons to put in your all your programs, including, you know, Word and Excel and Notepad, everything has to have AI. I mean, don't know. I will say, people are gonna buy it.
Corey Ham:I mean, I'm honestly curious from my perspective. Can it just send my emails for me automatically? What could go wrong?
John Strand:That would be nice. That would be great.
Wade Wells:It can if you have Cloud Code schedule tasks turned on.
Corey Ham:So Oh, okay.
John Strand:Not good Cloud Code schedule tasks
Wade Wells:set up.
Corey Ham:So arguably, that that's what they're trying to go after. Right? That that like that exact workflow is what they're trying to target, I think.
John Strand:Yeah. That's what they're trying to go after.
Corey Ham:From a security perspective, I very much as a hacker, very much hope that cut this somehow becomes the default that my customers are automatically having AIs reading all the stuff that I we send them. Because for phishing, I mean, the prompt injection harvesting is gonna be really good. Yes. So I don't know. Who knows how it's gonna roll out?
Wade Wells:One of
John Strand:one of the comments that we're getting are like, wait, this is real? I thought this was a joke. Like, the whole conversation is like, wait, no. This isn't a joke. No.
John Strand:This is a thing. Yeah. It's it's, yeah, we're just gonna keep It
Corey Ham:really is a thing.
John Strand:Yeah. I I can't wait for Microsoft to come out with a marketing campaign. It's like, this company got hacked and they were using Office March, but they deserved to get hacked because they were only using e e five.
Corey Ham:But they didn't have enough ease.
Troy Wojewoda:They didn't have
John Strand:they got they got what they paid for boys and girls. So
Troy Wojewoda:Well, it wasn't too long ago before when what is it? If you only had an e five license, remember when China basically got into potentially anybody's three sixty five tenant? And if you didn't have an e five license, you couldn't even see it? You'd even have
Corey Ham:You the couldn't see the logs. I had to pay you had to pay for those.
John Strand:They were pressured to make those logs available, but they only made it available for that specific style of attack. So it's like Yeah. Logs Well, you should not There should be no effing tears dealing with logs. Like, you have to be at this level to get your logs. Logs logs are freedom.
Corey Ham:So reading between the lines, it does seem like this there there's basically two takes. One is that it's way worse that, like, if you get an e seven license, you're gonna have way more prompt injection vectors and way more AI data leakage and way more, like, concerns. But it is also reading between the lines that there's gonna be, you know, they say here there's advanced defender. You know, I don't know I don't know if that's like a new kind of that comes from e seven. I don't know.
Corey Ham:It's not clear. But we'll see.
John Strand:Yeah. It never is.
Corey Ham:So a quick follow-up article to last week is that officially Motorola is partnering with Graphene OS to make phones. We talked about that, you know, briefly that it was kind of like potentially happening. It's definitely happening. They're they're planned in 2027. So that's
John Strand:Microsoft pretty Authenticator, don't know if you saw in the news, but Microsoft Authenticator specifically said that they would not work with Griffin OS. And their big concern Yeah. Was it was it was not a secure platform. And it was like But
Corey Ham:is that true if I have an e seven license? Can I just vibe code my authenticator app?
John Strand:Mean if I have an e seven, that's that's what we need.
Corey Ham:Yeah. I don't I I mean, that I didn't see that. If we have an article for that, that would be interesting to talk about. But, I mean, I thought they were, like, gonna get rid of authenticator altogether at some point. Sure.
Wade Wells:Pass keys. Yeah. Says the password manager person.
Corey Ham:Alright. So, I guess we could talk about six g. This isn't really a
John Strand:Here's that by the way, here's the link for everybody for that thing I was talking about Microsoft Authenticator.
Corey Ham:Gotcha. Thank you. Yeah. So basically, six g is somehow also a geopolitical concern at the same time as just being the latest fastest cellular connection. Basically, western nations have launched a coalition to bound or shape the security and, you know, like implementation of six g, where China is gonna make their own version of it.
Corey Ham:I don't know exactly what theirs is called.
John Strand:That's great.
Corey Ham:Not six g maybe?
Wade Wells:I don't know. Talked about this before. Right? About like how we don't want China to create the standards. We want us to create the standards and then
Corey Ham:It's like, you know, I mean, it makes sense. You can't if you're creating the standards, you can backdoor it for yourself. Right?
John Strand:Yeah. Then you have control.
Corey Ham:Then you have control. If someone else makes a standard, you don't intuitively understand how it all works.
John Strand:So I have a friend that works in some of the labs up in the Nordic countries. And they were talking about some of the things that you can do with six g, and it sounds like borderline magic. Like, six g, you can read temperature in a room. Six g remember in Batman where they mapped entire rooms? You can do that with six g.
John Strand:You can identify who's in a room, read their heart rate, you can look at their temperature. It is flipping insane, even down to the point being able to identify who is in the room. So, you know, a lot of the vendors that are talking with this lab that I a friend that works at are like, wait a minute. Netflix is like so we can totally do a pricing model for people watching movies based on the amount of people in the room that are watching. They they want they're looking at this as like a future pricing kind of situation, and specifically tuning advertisements to try to identify who is in that room.
John Strand:It is it is absolutely wild. And
Corey Ham:It sounds like your friends in that lab might be spies. That sounds pretty open.
John Strand:Corporate America, spies. Was some news
Troy Wojewoda:this weekend I was reading that somebody open sourced the technology that basically does just that. You can utilize WiFi to basically map a room out. Yeah. And then essentially, you can like look through walls and stuff. You can see people like moving through the walls and and such because it's just using the
Corey Ham:RF signals that the WiFi created
Wade Wells:and basically They someone sent it to me because I have a six g capable.
Troy Wojewoda:Yeah. I mean, it's pretty cool. It's like, nobody's in your house and you have WiFi.
Corey Ham:Are you telling me that all the tinfoil hat people were right all along and I shouldn't have said that we need WiFi?
Wade Wells:They are now. We were,
John Strand:you know, good good good thing that most of us are dead and or have gotten out of IT completely and are, like, running farms out of nowhere. But, know, we just get back to there's so many cool things you can do with this technology. And literally most of the most of the big vendors are like, how can we do better advertisements and get more money? It's like, how much money do these companies think is left to extract from the population?
Troy Wojewoda:Because they just like fever, John, and then all of a sudden you start getting Tylenol and, like, Motrin advertisements and and and docuses, you know, stuff like
John Strand:yeah. Congratulations. Katie's pregnant. What?
Corey Ham:So is it a licensing required for your your e seven license doesn't apply to your unborn child.
John Strand:Yeah. Yeah.
James McQuiggan:And for an extra price, we'll tell you if it's a boy or a girl. Right?
John Strand:True. We have notified your corporation and health insurance company that you are now pregnant, and you have been fired. Thank you. I mean, can
James McQuiggan:you imagine how upsetting that would be when you discover the sex of your child through a fear phone and No. That's sad.
Corey Ham:Genetic. Genetic. Boy. Alright. This dystopia I'm I'm we're turning left at dystopia corner into Into privacy.
John Strand:Plans the entire life of your child. It's like, this is this is pre cog. This is everything that's coming down the line. It's like that's the technology though.
Corey Ham:So this is an article that hit my radar. I linked it. Basically, Shiny Hunters is going after Salesforce again. This time they're going after this API endpoint which we've had on our radar for a while. Like, basically, this is something we've been reporting for a long time but now Shiny Hunters is exploiting it and trying to sell it back or to, you know, extort people using the data.
Corey Ham:But basically, there's this SalesLoft Aura endpoint that you can get information disclosure from. I would strongly recommend if you use Salesforce to make sure that this endpoint is locked down. There's some settings in the blog that cover how to do that, but I would recommend if you use Salesforce at all, sure you aren't vulnerable to this. Of course, we tested all of our customers. There was a handful.
Corey Ham:This happened back in 2024 when we did it, but
Wade Wells:Salesforce just keeps on giving.
Corey Ham:Yeah. The gift that keeps on giving.
Wade Wells:I believe they have two different type two different log types.
Corey Ham:That all
John Strand:I can't remember. Did the what was the name of that tool that created such a huge was it Salesforce? It was
Corey Ham:Meat Pistol?
John Strand:Meat Pistol. Yeah.
Corey Ham:You're talking about they well, so Salesforce employed the researcher who was going to release Meat Pistol, told him he couldn't do it, He quit his job and did it anyway. That's I mean, we should have known then that we were screwed from a security perspective.
John Strand:I am gonna say, though, could have been named a little better. If a BHIN says somebody is like, show, I'm planning on creating a tool called the meat cannon. I'm gonna be like, yeah. No. I but What?
John Strand:Are
Wade Wells:you kidding me?
John Strand:Bad ideas. No bad ideas. But, you know, let's let's think about this just a little bit.
James McQuiggan:Alright. That was a lot years ago. Holy cow.
Corey Ham:I thought you were cool, John. Alright. Fine. I was hot. So alright.
Corey Ham:So the next one, I don't know, Wade, have you had a chance to read this domain tools?
Wade Wells:Oh, yes. Yes. Yes. I want that's the other one I wanna talk
Corey Ham:to today. One for sure.
Wade Wells:So this the disinformation campaign stuff is like one of my favorite things to watch and follow. Like one of one of my mentors like right when I was getting security was really hot about this and gave me like the best way to talk about it. And it's military weaponry being used against the public every single day, pretty much with this type of thing. So in this article from domain tools, and I believe they got it from the social yeah, Social Design Agency. Pretty much they're tracking this news this what I what's the proper term like organizational news site.
Wade Wells:They they had to use a good term that's called the doppelganger r n ecosystem. It's able to quickly create websites that are masquerading as very prominent news organizations and do in order to create fake news and control the media and control narratives.
John Strand:Dude, the fact
Corey Ham:that it's called reliable recent news, she Right. Seems like a red flag.
Wade Wells:And so they're able to spin up WordPress sites, news articles, all their scalability, there's everything. It it feels like it feels like your normal IT tool that's able to ramp up very quickly type of deal.
Corey Ham:Thanks for that segue to our sponsor, Squarespace. I'm just kidding. You wanna You just kidding.
John Strand:Built on the fly to deliver malware, check out
James McQuiggan:know, we shouldn't say
John Strand:that shit because like these companies are gonna be like, wait a minute, is there money?
Corey Ham:Wait. Hold on. Can we can we pay these people?
Wade Wells:We have come up with great ideas on this on this podcast before for money.
John Strand:I wait. Did you ever go to any Paul Pixies talks? Troy, you may have.
Wade Wells:Didn't he did he do Reno? Wow. I sacrificed Reno where it was literally like a doomsday talk and everyone in there everyone at the end of the call was like, okay. Suck it down.
John Strand:Suck it down there. And and and now we look back on what he was talking about and we're like, oh, that was funny. It's if you wanna
Corey Ham:Oh, god.
John Strand:Be like just somebody who knows the guts inside out backwards. Go look at Paul Pixie's talk from Way West Hacking Fest in Reno, Nevada. And it kind of talks about the amount of information and all the money that's being made on the back end of DNS and how it's all evil.
Wade Wells:And then John disappears. Oh, no.
Corey Ham:It looks like the it looks like the DNS got to John.
John Strand:I invoked Bixie and it kicked me off, I guess. So make it that that tracks,
Corey Ham:so this, like, I guess, Wade, like, on these disinformation campaigns, like, Yeah. I mean, is this search engine, like, how is there a fix for this other than just, like, only using reputable news sources? Like, or is this
Wade Wells:No. I mean, is it just I don't know.
Corey Ham:Don't use the Internet?
Wade Wells:Make this make a second internet? I don't like the internet within the internet of only trusted sources that you have to have a I don't know. Like then it's gonna become big tracking. There's no way to fix this. Right?
Wade Wells:Like, at the end of the day I mean someone on Facebook is gonna find this and repost it to millions of people.
James McQuiggan:And they'll repost it 80,000 times. Yeah.
John Strand:And what I mean about this crap is inevitably when this happens, there's one of those, like, like, web three point o jackasses that's like, well, we need to implement web three point o, and it's gonna fix all of this. And it's like, you're not cool. No one wants to party with you. Leave. Get out.
John Strand:Now. The technology is sound. Right? It's the apps and all of the things that people use at a convenience that just that that's just dead. You know, we can't wipe the slate clean and do a fresh start.
John Strand:It's like the technology is sound. It's just everybody gets hooked into these ecosystems, and we just reuse them again and again and again.
Troy Wojewoda:I wonder if the popularity to this is really focused on countries that have really poor, like, ability to get good news, so they're trying to find because if you look at some of these TLD, like top level domains, they're just like they kinda look sketchy, and then the fact that you have new domains being registered, right, like, categorization like, proxy categorization is good. There there are like services out there like like Cisco's umbrella and stuff like that does a really fair job at like like like categorization of domains. So it's like, do people just not utilize that anymore or is this really just They just don't care. Right? That don't use proxies like
Wade Wells:The big thing here was like typos. And they're looking for people who are mistyping new sources or Google or something or trying to Like how
Corey Ham:many Trying to prove that they're right.
Troy Wojewoda:IR where we look at the link and we're like, shit, domain was registered like three days ago. Like, really? Like, it's like, I mean, if it's if it's a very popular domain, like, the fact is that they're not, like, for these to be successful, they're just not using like like, good solid like proxies and and domains. Hold on. Are
Corey Ham:you saying you don't usually you don't usually get your news from artichoke.cc?
John Strand:Okay. So let let's let's pick at that, Troy. I think that this is an easy fix for organization. Right? Go into your proxy and look for uncategorized.
John Strand:If you see uncategorized, block it. The reason why this works is so many organizations, this gets into something I teach, is like a lot of organizations are still fundamentally hooked on, they're not listing. Identify all the bad domains. We'll put them on a list. We won't let people go there.
John Strand:But if you have something that's uncategorized, like a Cisco and Fortinet Palo Alto have never seen this domain ever, do not let your users go to it. Like Yeah. And that takes care a lot of those domains. But that's the easiest domain allow listing trick that you can do, is just go into uncategorized and deny.
Corey Ham:Do you wanna know the stupidest reason why people get pushed back for that? Because of local restaurants. That's the number one push back I've gotten. Use Google Maps.
Wade Wells:Alright. Use Google Maps. See it. Alright. You don't
Corey Ham:need But listen, it was a catering order. I'm an exec assistant. It was a catering order you specifically asked me to put together. Right. I mean, okay.
Wade Wells:He said the keyword there. The keyword everyone was executive. That that was what got it through everything.
Corey Ham:So again, this is like, I'm not saying it's legitimate. I'm just telling
Wade Wells:you this is the Like that.
Corey Ham:It's like the trenches.
John Strand:Marketing, CSO, CTO, executive assistant, that's the decision hierarchy.
Wade Wells:You get an email from them, that's done. You're good. It's open that firewall right up. Oh. One thing I I see from this is like, it's a goes back to the thing the common sense isn't so common.
Wade Wells:Right?
Troy Wojewoda:Yeah.
Wade Wells:Right. I hate so I hate to plug this. I recently did an interview on the one password podcast with Colina Colotti about ocent and how people need to be better at ocent in order to find this fake news and to understand like, hey, I can make one more Google search to figure out if this news is And fake or then, utilizing AI for that as well, right, to make it even easier for you to understand and go at it.
John Strand:Well But and this is a plug and it bothers me because they pay people for this and I do this shit for free. But I just wanna take a moment to plug low sodium v eight. It's absolutely delicious. It's fine. You're talking about low sodium v eight.
Wade Wells:John has been drinking low sodium v eight for like as long as the podcast has existed. I'm surprised they haven't. It them and Nord, why aren't they sponsoring us yet?
John Strand:That's all I'm asking. I just want and that that's it. I don't want any money. I don't want anything. I just wanted to acknowledge that I exist and that I've been supporting their cause.
John Strand:Other than that, the other company that I see on YouTube all over the place is Ground News. I absolutely love Ground News' app where if it has a news story, it shows you the full swag of, you know, left, right, like there's multiple different sites and different views of the story, and it makes it really a lot easier to sit down and read the news and enjoy an ice cold low sodium p eight.
Wade Wells:I've been trying to get Liquid Death to sponsor me for a while and they just don't return my emails ever.
John Strand:They just No. Don't
Corey Ham:You gotta ramp a jet ski over a mountain to get sponsored by them.
Wade Wells:Right. I feel like Liquid Death and cyber security go hand in hand, like their marketing like would be perfect.
Corey Ham:We already had liquid death. It's called jolt cola. Alright?
John Strand:I thought liquid death was just
Wade Wells:yeah. It's just bubble water. Right? That's all it is. It's bad now,
John Strand:like, liquid death. Liquid
James McQuiggan:death's good. The grindnews.com is available if anybody wants to go snag that their version of RRN.
John Strand:Look. You mentioned meat pistol, and people are like, are they joking? Are they setting us up with another show and see situation?
Corey Ham:Thank you, James, for just fishing us live on the air. I love it. Yeah. So, okay. Does anyone else have does anyone before we keep walking through the list, anyone, James, John, Wade, Troy, anyone have any articles they wanna, like, that they wanna specifically talk about?
John Strand:I said fun stuff and I'm doing we already hit the one that I wanted to talk about.
Wade Wells:The LexisNexis one is kind of an ongoing thing that we've been following for quite some time.
Corey Ham:This has hit a lot of our customers. Yeah.
Wade Wells:I think that that as well so pretty much Lexis Nexis which is this huge global provider of analytical information to a bunch of different organizations. Mostly
Corey Ham:law firms.
Wade Wells:Yeah. Mostly law firms. So I remember this because they there was an article about car data being cycled to them for insurance information and Yep. Your car not being you're you not being able to turn it off. And there's a huge thing about there was one other one about it too that this is like the third time we've talked about them.
Wade Wells:So now seeing that they got breached, was like, we all knew it was coming. Now now now they know that I speed, so what else is gonna happen?
Corey Ham:So the interesting thing about this one that we've and we've been reporting it for our customers and giving nice little summaries of what was leaked. It's nothing crazy. They're like, they claim no user names and passwords were leaked. The threat actors claim that, like, potentially passwords and API keys were leaked. At least for the customers we've looked at that were affected, It's interesting because you'll see the like in the so in the data that was leaked, one of the things one of the pieces of data is an analytics tool that was running on their support portal.
Corey Ham:And so the data from that analytics tool is leaked, and some of the information that's disclosed is the person who they submitted a ticket as, the screen resolution that they submitted that ticket as, the device type, the IP address, the location. So like, it basically is like Uber fishing for the targets that are in the breach about like LexisNexis data. Because not only do I have your device type, your location, your screen resolution, I also have whatever tickets you opened, whatever support numbers they were related to, it's like that's what we've been warning our customers about is like, you're about to see LexisNexis phishing campaigns for the next five years, like just it. Yeah. It's job
James McQuiggan:titles and phone numbers and email addresses and all the other stuff
Corey Ham:like real ticket Yeah.
James McQuiggan:Yeah. But with the jobs, they can be sent another BEC phishing emails easily.
Wade Wells:Yeah. Is the screen resolution just to see if they're mobile or not? Like, is that it? Right? Like, what do you need to know on a on a five eighty?
Corey Ham:Like It's it's it's one of those things. I mean, it's like again, it's it's ostensibly in the name of support. Right? The user was on a mobile or, yeah, the user was on a desktop or whatever. But I think it's, you know, it's about
James McQuiggan:Something else to build rapport and build a connection with the target.
Wade Wells:You need a new monitor.
Corey Ham:Yeah. So anyway, it's, you know, something Back
James McQuiggan:with the k the ticket you submitted on such and such from your phone, hey, can you fill out this survey? Click.
Corey Ham:Exactly. Also, one of the other pieces, interesting things is that we saw for some of our clients, users were submitting support requests from both their personal emails and their work emails. Now they have a piece. What?
John Strand:I said that I was being sarcastic. That's not a problem at all.
Corey Ham:Well, it gives you that piece of data to tie those two emails together and now you can go go after their personal email and fish that too. Like, you know, it's two phishing vectors and their Gmail or whatever their personal email is out of purview of the corporate security. So they're not gonna get phishing protections or EDR or any of that stuff. So I guess, basically, don't click any emails from LexisNexis for the first next five years and you'll be good.
Troy Wojewoda:That's we gotta
John Strand:do. Okay. Great.
Corey Ham:Super easy.
John Strand:But this gets into, you know, getting into a more meta issue since we're all about depressing topics here. Whenever you look at, like, LexisNexis or TransUnion or any of these background investigation companies and data aggregators and data brokers. It it's like this is an area that probably needs to be regulated. And and I've talked about it many times. Like, whenever you're dealing with this much personally identifiable information, it needs to make a transition and be PHI and be handled and be protected underneath HIPAA consideration.
John Strand:So whether we're talking LexisNexis or we're talking about TransUnion style data or other data brokers that are out there or if we're dealing with ad data where Amazon and Google are creating these very detailed profiles about you as an individual, even though maybe not specifically your name, this crap should be protected and should be regulated at some level. And I'm I don't it's not gonna happen anytime real soon. But, you know, anytime you can talk to somebody associated with, like, you know, Congress or the Senate, and you can sit down and have a conversation with them, you should absolutely try to push this as an idea. Because these unregulated areas, like, it's just a matter of time before we end up in another massive breach of very sensitive data being exposed to the Internet as a whole.
Corey Ham:So while we're in a depressing dystopia corner, why don't we talk about this? Unfortunately, this article kind of implies that that argument's gonna fall on deaf ears. Yeah. But basically, Google has requested or, you know, filed or whatever that the supreme court strike down geofencing warrants or geofence warrants. Obviously, we're not lawyers.
Corey Ham:This is not legal advice. But essentially, there's a type of warrant called a geofence warrant that is essentially a reverse search warrant, where if you're thinking that shouldn't be something that can be reversed, well, we all agree. Basically, the police can demand technologies company pinpoint all mobile devices present in a specific geographical area during a specific time span. So Google is sick of providing these information to law enforcement, I guess, or they don't agree with the fact that they have to do it. And they're trying to get around this so that they don't have to do it.
Corey Ham:So apparently in July 2025, they started storing all history data on device so they can't subpoena so it can't be subpoenaed. But this case is actually a 2019 case. You know, this is classic Supreme Court. They're only seven years behind the times. Basically, a Virginia man plead guilty to a bank robbery, and they got that information.
Corey Ham:They just literally were like, who was at this bank at this time? And Google had to give them all of that information, and then they figured out who did it based on that. So I don't know. Mean, I guess, currently this is legal, terrifyingly. Hopefully, I mean, from privacy perspective, I really hope it gets, you know, knocked down by the Supreme Court.
Corey Ham:I I don't have high hopes for this, personally, based on the current political climate. But maybe, I mean, privacy is always kind of a bipartisan thing. Right? I mean, it kinda just depends on who's in the room at the time. But
Wade Wells:I recently spoke with a murdered like, homicide detective about their abilities to do this type of stuff and I was in awe at the level of access they had to things that I did not know they they could easily be granted access to. Oh, yeah. Your ring can't
Corey Ham:like you're yeah.
Wade Wells:Geo Right? Like email is the big one. I I didn't know that they could just say, hey, here's five people here. We need all their emails because they were they're in this they're like up for this murder and but yeah. Yeah.
Wade Wells:And it's like, okay. Yeah. Here's their entire inbox. Control f murder. Here's the guy.
Wade Wells:He did it. He emailed his dad later Like
Corey Ham:He emailed his dad. I just murdered someone. Oops. Come help. Come help clean.
John Strand:That happens that happens all the time. Like, you know, it's like there's so many people, like, on these things like crime. I wish to commit crimes. I should do crime. And it's hard because, like, as a privacy advocate, you want this stuff private, but then you see how stupid criminals are, and you're like, you're not helping.
Corey Ham:You're not Well, but it okay. So this is two different things. There's one thing which is, who works at this building in this time? The other one is, this person is suspect in a case subpoenaing Yeah. Their
Wade Wells:That's good That's good
Corey Ham:I'm okay with that. Like, if you're a current suspect and I have evidence or probable cause or whatever you wanna call it, that's one thing. It's another thing to say, I went to the bank today, so now I'm in the legal file for a case where that bank got robbed later that day. Right?
John Strand:And that's it. Right? That's that's what's kind of going down. Right? So all of a sudden, if you're like in a coffee shop in a building where, like, let's say, a whole bunch of drug dealers are meeting, Now all of a sudden, because of the geofence warning warrant, they can basically say, I wanna have access to all the people that were at this location.
John Strand:And then based on that information, then they can get the warrant and get access to all of your emails and everything associated with it. And we all know that where this ends with a lot of different societies. Right? Without speaking directly to the geopolitical climate that exists in The United States or globally today, just hypotheticals, is this gets to the point where if you have any type of demonstration or protest, they can literally just do full geolocation or geowarrants, and they can basically or geofence warrants. And now they have a list of all the people that were present, and they can use that for additional things moving forward.
James McQuiggan:So bring a burner phone to protests.
John Strand:Or just don't bring your phone
James McQuiggan:to protest. Bring your phone or bring a burner. Yeah.
John Strand:But even then, James, like,
Troy Wojewoda:this Don't walk around Faraday bag.
John Strand:Yeah.
Troy Wojewoda:Nobody else?
John Strand:Like You
James McQuiggan:got I was gonna say that was the other thing. Was a Faraday.
Corey Ham:Do know
Troy Wojewoda:anybody else keep their phone in a Faraday bag?
Corey Ham:No one knows.
John Strand:Keep I keep it in my Faraday fanny pack. Goddamn it. We got it. Can someone send me an send an email to content community? BHIS needs to make Faraday fanny packs.
Troy Wojewoda:There you go.
John Strand:I'm gonna do it right now. It'll be a, like, aligned fanny pack that you can put your phone in. It's a Faraday fanny pack. We're gonna do this. Hold on.
Wade Wells:We haven't had a call yet. A thing I've done for you.
James McQuiggan:So much. B h s b h I s Faraday crossbody. Gotta love it.
Wade Wells:Every week. I like this I one
James McQuiggan:have a duffel bag and I have three three Faraday pouches. One for a laptop, one for a tablet, one for a phone. And a duffel bag. But I haven't been brave enough to take it to the airport, because I don't wanna deal with that crap if I took security with that.
Corey Ham:That's Yeah. That's a that's a tricky one. But luckily, you usually don't have to fly to protests.
John Strand:I'm sure it's that
James McQuiggan:Well, you never know with some of these people, but yeah. Yeah.
Corey Ham:True. True. That's a good point.
John Strand:Yeah. But think about it. If you're going to something, you just take off your watch, take off your phone, put it in your Faraday AnyPack, and you're protected against these
Corey Ham:I mean, listen, I will say, like, the the you know, just to make it personal real quick, the ice Building in Portland is literally on my normal bike route that I take to get to, like, half of the city. And so, I've, like, almost gotten tear gassed multiple times just riding my bike.
Wade Wells:I I have seen those videos.
Corey Ham:I'm probably in some of these data dumps just because I was just some idiot riding his bike and being like, I'm getting gassed. Sorry, guys. Good luck. Sorry. Like,
John Strand:I am just gonna call it, like, Portland knows how to throw down a protest appropriately. It's it's the big the big, you know, like, the people in the blow up suits and then absolute nudity because it's really fun.
James McQuiggan:To do
John Strand:is to be like, these protesters were dangerous and violent. They were naked, and it was 15 degrees. I don't think so. New protest. Way to go, everybody.
Corey Ham:So, yeah. You just no clothing, just a Faraday bag.
John Strand:All you need all you need the only thing when I protest, all I wear is my Faraday backpack. Like
James McQuiggan:It's yeah. Reconnect naked? Yeah. Or you do Reconnect
Corey Ham:naked. Reconnect Oh, wow. So
James McQuiggan:many good ideas are coming up. D can. Can. D can.
Corey Ham:Gotcha. So, Walt, before we before we close out the show, James, you have a upcoming webcast. Do you wanna tell us about it?
James McQuiggan:Yeah. I'm gonna I'm talking I'm kinda diving in a little deeper to based off the Deepfake stock I did last year, and I talked about synthetic identity. So I'm doing a deeper dive into it, looking at different organizations that were impacted it impacted by it, not just the the one that I used to work for. And I'm gonna give you a solution in the first thirty seconds on what you could do to protect your organization of the that webinar on Wednesday. So come check it out.
Wade Wells:Block Astral VPN. You're done. You did it. You're good.
John Strand:Congratulations.
James McQuiggan:No. It's there's no technology involved, believe it or
Wade Wells:not. No. I I love this. So I will and oh, look. Well, I'll let Troy go first.
Corey Ham:Troy, you also have an upcoming webcast at the SOC summit?
Troy Wojewoda:I I do. That's the upcoming talk. I've actually got one I have one on Thursday as well that's talking about a breach assessment that we did at the end of the year last year. I don't know if we have if anything there.
Wade Wells:There you go.
Troy Wojewoda:I know for the SOX Summit, I'm teaching my class as well as I'm giving a talk on Yara, and just kinda introduction to the tool Yara. If you're probably familiar with Yara, you've seen, you know, an IOC list, a Yara rule, maybe you wanna kind of understand like how that works and, you know, kinda getting started with that. So I'm gonna give an introductory talk on that as well. But this Thursday, I'm also gonna be talking about this interesting case that we detected last year during a breach assessment is what we call it. But essentially, it's like a threat hunt, right, in an environment where we found a threat actor was in the environment for over seven months, and the campaign itself was probably over two years old.
Troy Wojewoda:But we we were involved and kinda detected it for this customer. So I'll just kinda share. There's already been a blog post on it that we posted in December, right before Christmas. But I'm gonna be just talking through that and have a little q and a at the end of it.
Wade Wells:Alrighty. What? I don't get my SOC Summit talk doesn't get get thrown up there too. I'm talking too. Gosh.
Wade Wells:What's going I don't even know what I'm talking about. I I wrote out a a wireframe. I'm gonna try to do a John and build it the day before.
James McQuiggan:Isn't that the way you do it anyway? Right? I don't know if I can
Wade Wells:do it the morning enough with two kids now. That's good.
Corey Ham:Do you have a title? Wait. Do you do you have a title?
Wade Wells:Let me look at my Notion real quick.
Troy Wojewoda:Title. That's the most important part. Right? You start with the title and then
John Strand:I've been for a while, I was letting content community just come up with my title talks for me. And they they were doing things like exactly how much lube and doggy treats are required to do incident response. And it's like, that's a really tough tough thing to write a talk to. By the way, that is a shout out to Josh Wright, Matt Sands. Oh, look.
Wade Wells:Oh, you're using my my bad headshot too. Oh, well.
Corey Ham:Oh, look at that headshot.
Wade Wells:That that's from when I
James McQuiggan:Thank you, man.
Corey Ham:This man is actually the suspect of a geofencing incident at a local Java.
James McQuiggan:We can't find him because his phone's inside of fanny pack Faraday.
Corey Ham:To
Wade Wells:to to go back on to James, I will I have written interview question an interview scenario. It's like a take home that revolves around catching writing an intel report for North Korean threat actors, right, for malicious The work from amount of people that can't do that is ridiculous. So I'm like, there is a million websites out there telling
James McQuiggan:you how to do it.
Wade Wells:Let's just chat GBT it, please.
Corey Ham:Definitely. Alright. Any final notes before we close? Any
James McQuiggan:So I know and you asked in the beginning, Corey, and I appreciate it. But folks have been asking about how the job hunting is going. And I am trying to get a new job because essentially, all I do all day is just crush cans. It's soda present. So thank you very much.
Wade Wells:Must be making so much money.
Corey Ham:Gotta get those deposits back.
James McQuiggan:Well, yeah, you tried to. Yeah.
Creators and Guests
