FAIL-in-Depth

all right how y'all doing i'm marcus carey and um thanks thanks i feel like i'm a support group and i'm mark strain i'm a hacker so uh so anyway so i'm gonna i'm gonna cover uh the the talk the talk is called fail in depth uh what i'm gonna be doing is i'm gonna go through defense in depth and i'm gonna look at it from a from a logical manner as far as i see it and uh there's probably going to be stuff wrong in here so don't totally hate me if it is uh bruce potter uh you know y'all probably know bruce the founder of uh um he has this epic rant where he says don't

believe anything i say and so don't believe anything i say just you know take take forward it's worth and hopefully you can apply some some of it to your situation i like doing defensive talks i do hack a lot but i like talking about defense so uh and so this is a pretty cool thing that banksy posted on on the bank i guess the banksy team there are two rules for success never reveal everything you know so i totally don't i totally don't obey that i pretty much tell everybody everything i know i had a class last night a couple of people in here went to my class last night i'm like really an enthusiast on

just just telling people everything i know that's what that's our role so um every time i get a mic in front of me i want to bust a freestyle i like the poker but i don't i don't because cyber security is serious business right and so what i'm going to do here is i'm going to introduce myself to a little bit about myself uh the one of the things about public speaking is the first thing you must do is establish credibility so i'm going to just go over how i came to where what i am so this is going to be uh people that attended my class last night a little bit of rehab so i'm trying to

go through it real quick so when i was 18 years old uh i was a country boy our country is all outdoors i feel very comfortable here in south carolina this is pretty country place i love it so i joined the us navy and i became a crypto guy cryptography during that i didn't know this when i went went in because the recruiter couldn't tell me what what he what i did he didn't know anything about what what ct's did but i ended up essentially working for nsa for for eight and a half years during that time i did some really cool stuff set up some of the first uh a lot of ideas around fort meade or you

know the nsa's network i also did work at defense intelligence agency and one of the coolest places i worked at was a at dc3 dc3 at the defense cyber crime center they do a lot of investigations i taught a lot of people how to do investigations work for cse big government contractor and one of the funniest things i did i worked at cms uh in baltimore baltimore like the the latest the that latest diehard where they had the fire sale thing and they had the apple guy in it uh that was actually the data center i projected that data center too that's one of the top security dudes there after all this defensive work um

and uh i went to rapid seven i did a little bit of uh some edits and community related stuff there i also wrote some metasploit stuff that's pretty cool and um if you follow me on twitter if you know me on twitter i'm always making fun of most a lot of people because i think people take stuff too serious so this is what this is what most people approach to security is but since i'm a dumbo country boy i like to i like to i like to tone everything down so i can actually consume it myself and so this right here this is an old school bicycle even though it's wooden it's not too much different from any other bicycle

and so that's my approach to information security and i know you've seen talk some other talks today security hasn't changed that much uh the same things we saw 10 years ago we stand today and that's just the facts so you know if that bicep could support me i could probably ride it and i could ride any bicycle just don't bring any of those those those little two wheeled things that chris is riding around here with and i'll be good to go i tried to step on the thing i almost killed myself so uh the big thing is information wants to be free just like water wants to pull and collect i i totally believe information wants to

be free and uh there's like some kind of heck it might even be biblical it talks about whatever's done and dark will come the light so whatever data you have on your network uh whatever emails that you don't want nobody to find out about that stuff is going to be public one day um so something i was talking about last night in my in my course that i thought as i talked about this intrusion methodology and dang that it kind of sucks for viewing it but dang terrible colors are up here this is reconnaissance this is an attack this is entrenchment and over here is abuse and this cycle continues throughout the organization i'll be posting my slides so you can

actually you'll probably be able to see a better view of this but this whole intrusion methodology is a continuation and it goes on all the time so even when somebody gets this entrenchment phase they start recon there and they watch more attacks and all that stuff so this is my the way i explain this also and i'm an old school dude i started my first hardcore internet working with ccna uh back in the day cisco certified network associate or something like that and so what's ccna built on is it built on the osi model and so what i'm going to do here is i'm going to unpack the osi model and talk about attacks because i don't see a lot of people

talking about this and this is how i'm going to do it let's talk about physical air attacks and physical being any anything of that nature and this is what people fail to do so if you just look at the osr model and walk through it you can see what people fail to do so first first thing like it's a network closet like um how many of you you walk by network closes all the day all day and seeing why it open i know i do you know so funny uh funny thing i know this guy let's call him bob that uh it's empty network closet uh guy just went and plugged in wi-fi um a

hotspot and now he has pre-internet for a corporate and a corporate building funny enough and nobody ever checked it the cloud the clause is locked now but the wi-fi still is running and it's in there it's probably going to run forever so uh yeah uh the lock picking piece i i really love lockpick lockpicking because it's practical applications funny thing about lockpicking is my son some of you may know him he's a he's really good at uh software engineering he's 20 now he works for rapid seven he moves he moved to belfast but my son i got him involved in lock picking when he was like 14 years old and so he got really good at picking locks so one

night he was picking all these locks he'd rather pick locks and do homework so i was like all right cool what i'm going to do he was he was he was sitting in his room in his underwear picking locks he love locks and so i was like damn man um i got i got i got something for you follow me so i locked him in our garage outside our house and i told him hey you either you can pick your way back into the door or you can walk outside to the street in the garage and you can walk back around the front door is open so he get he uh he stayed in the garage five minutes

later he turned the lock and he walked back in so i was like wow that's pretty cool and he said dad did you open it for me i'm like nope i didn't so um he he went on to do some pretty cool stuff he's a programmer he didn't go to college he hated he ate at school and he was in work for rapid seven full time since he was 17. so he's kind of obese so but the lock picking piece from a physical aspect uh that actually teaches us a lot i just we we have off we have an office in austin i installed a cypher lock the other day and the first thing i

did was try to circumvent the lock i end up shimmering the lock right after i installed it and so for a normal person normal people don't think that way normal people put it put a lock in place and they just go so i was like i'm determined i'm going to circumvent this lock so i ended up having to go back to lowe's and bind some more parts uh you know i bought this like little thing to keep it from being easily shimmed i bought a deadbolt because thinking like an attacker i think that that's part of what we do and so fiber cuts that's something we're never going to be able to uh that happens all the time especially

back in the day i remember that happening all the time um network taps now people you know like i said that network closet that that uh that that that bob put a wi-fi hot spot in he uh bob could have put a hot put uh he could have put a network tap in there could have been stealing all traffic so and here's a here's a a mandatory lock lock fill right here wow yeah so okay let's go to the data link layer real quick there's a there's traffic sniffing that can can happen if that you can install a physical tab and then you can start snipping traffic all the slides will be available too so mac spoofing that's a popular

technique especially wi-fi and all that stuff so these are things you have to think about and defend right and broadcast broadcast storm uh you can easily disrupt the network by plugging in the switch plugging it into two different things that whole network's done right and you can like you can jam frequencies as far as uh yes you know you can jam you can intercept intercept stuff so there's all kind of things and so what i like to do is i like to think about this in a logical manner so these things are or if somebody wants to disrupt you these are the logical things that they could do at certain levels some of these things you

can't even detect you know until you walk into that network closet and like dang who put this bridge here you know so this is my representation of a broadcast storm

what y'all got the same side again no okay cool i would do because i forgive me all right so networking text there's like ips spoofing uh so i you know what's cool about this like um when you had anybody ever like did ip spoofing and all that stuff uh the the problem with with spoofing ip source addresses is the traffic doesn't normally route back to you but the cool thing is you could spoof a source out of your address and you still can change something on the opposite network you don't sometimes you don't even have to get the packet back you can just send the traffic and up and off it goes right so there's things like that

uh there's routing manipulation uh there's been several cases where all all of a sudden all the traffic on the internet was getting right into china or something like that you know pay no attention to the man behind the curtain doesn't happen there and there's icmp related type of text now i just i heard somebody just release a new tool for icmp taiwan and stuff so these are the kind of things that could happen at that that layer when you go to transport layer attack you can do you know sin flooding uh connect connect scanning uh and some of these are attacks per se but they're definitely tools and things that people fail to prevent and feel they pay

attention to and sometimes there's also possibly a session hijacking there are session layer attacks uh so so i i said last night it's funny i love i'm i like being controversial so last night i was like i don't believe session session uh session doesn't exist right and so somebody pointed out to me hey what about cookies and all that stuff that that keeps some kind of session state like sure i'll add it to my slides then and so uh you know in in the guys the guys were in the class last night we're probably remembering me talking about that and also like token stealing so i would say like okay those are session related and

perhaps you know people can can uh do do stuff with those levels right so so what i'm what i'm saying here is you see that like what when people think about security i don't know if they're thinking about it in a logical methodology like this and so what i'm trying to do is just paint a picture like boom these are the different this is things that could happen at each level uh presentation letter text so uh image we're doing right like there's like a lot of people if you guys do exploit dev a lot of people are trying to shove big images big a bunch of crap and and create some kind of overflow or something

that's what a lot of exploit devs do that's what all this uh people do uh fuzzing and all that stuff and and people are doing this in an automated fashion there's like flash flash and things like that are presenting data mp3 players and stuff like that that are thing and the only thing you can do really is only thing you do about that is patch right so everybody gets a patch for all that stuff there's also application specific stuff walking through the osa model continuing it so you have java related stuff that's another big thing so you know basically that's just how computers work i'm passing packets passing data oh boom it goes all the way up to java and uh it

you you know you could exploit java dns reflection which is interesting because the java piece is usually on a client side as far as like a client side of browser browsers or trying to load some kind of java but then like you have the dns reflection attack which usually servers sitting on the internet are susceptible to but it's still an application level protocol slow layers that that affects web servers and what not stuff like that like ddos type stuff so the only thing you know about those kind of things is you can just log all the things and just you know just yeah that's a lot of loss so um now that that that covers a little bit

of ground here because we're talking about that's like the osr model right and so for each one of those and i and i and i'll offer a little bit of advice on each one of those things but just looking at through it plain and simple what does security entail security kind of entails protecting like really like protecting all that stuff so if you're not if you're just worried about you know web app security which it would be like an application letter right but you're not focusing on your network closet being totally open and people can sniff anything off your network anyway and steal everything then you're failing so we kind of get into employee security what we do is we

like we have squirrel that's squirrel dog dog versus squirrel syndrome where every time a squirrel pop up oh it's not no shiny thing let's look at that look at that but to have a comprehensive security program you have to be you have to excel at all layers of the osr model so speaking of that this is my boy here my boy ed he's the authority on all internet security right now everybody believes everything this guy says so the funny thing about him is uh is i if you follow me i do talk about validating personnel all the time in in validating personnel people can be your weakest link from all kind of ways it could be somebody that steals your

secrets but what if you have an operator in your sock that absolutely for a lack of a better word sucks what if they what if is that person inside a threat this person is terrible at their job i would consider that person a threat to my organization so i think people need to start having a bit a better way of evaluating those people and that includes a lot of different things that even includes stuff like social engineering so what's funny about social engineering i love all my social engineers out there that think that that's a full-time job um i don't think it's like a full-time job i think we all can probably do something related to social engineering and this

is controversial because i know there's whole people dedicated to this kind of stuff but the thing is yes you should definitely be social engineering your people but again you have a seven layer or some model that you need to be protecting as well so don't get so focused on one simple thing right so so i would say social engineer personnel try to you know you have to have mechanisms in place to catch like the edward snowden's and you also have to make sure that the people that that supposed to be applying patches are applying patches right what i see a lot in uh organizations is that there's no uh you can do all the scanning you can use

nessus all day find find some kind of problem but unless you have a process in place to to get that stuff remediated it's never going to happen i mean i know i know in some situations you can find some a year ago and that still ain't patched now you probably have something like that in your organization what's the reason you can't get an amen or congregation so uh so anyway everything's cyber here so i found this gun in hcb local store in texas cyber squirt it's a work this is a little bit this is one of them man but some organizations might buy that thinking it's some kind of protection that's going to get them i'm going to

shoot this at hackers this on my network right

yeah so one of the things i talk i do talk about a lot is like validating the products just because it says it does something doesn't mean it's it's going to do it uh so just because it says cyber squad on her doesn't mean it's going to defend attackers and uh but i see a lot of products with cool names that do that do stuff like that so validate the products you got to have some way to validate the products and so i used to do a lot of bake sales when i was at a that cms place i do a lot we used to i used to bake off i mean whatever i would bring

three different vendors in and we would test it and make sure that we could validate the controls and all that stuff and like nine times that time none of this stuff really worked but they were on the same product they would have the garden of certificate you know gardener magic quadrant but none it didn't work i'm like wow dude seriously so but not only the products but you got to make sure that the process works as well so uh does your information security program look anything like this diagram right here

but it's sad if the organization can't figure it out you know so the processes in many organizations is just not together you know that you know it's uh it's terrible so i i advocate people doing simulations doing doing training doing adversary simulations doing penetration testing but actually allowing the blue team to try to defend against it and i believe that it has to happen on live networks it can't happen in some kind of vacuum you can't go to sends and learning a lot of stuff it sends and then come back and try to implement sans stuff on your network because you don't have the same stuff right so you got to know your stuff you

got to know your process and i say like um you shouldn't be envious of somebody else's program uh you might go see talks and stuff and they talk about this is how we do it at so and so place but i bet if you went to so-and-so's place it wouldn't be that smooth and they're not really doing that so now's out of time not in time with 10 everybody's in the same boat you are everybody's hurting and you have to do what fits you that you know that that you can't you can't listen to what to what these other people say too much you also have to know when when no that's not me it's fair to look kind

of like me though he doesn't have an epic beard so but but but this slide what this represents is people blowing money and losing money and this is what they call it the rapper's called making it rain they like shooting money out of a club some networks are making it rain though with the data loss so you got you got to be able to if you see attackers on your network right now doing this like shooting your credit cards your money whatever off the network you need to understand what's what's popping up with that so i mean that that's dlp that's all kind of different things that you need to be monitoring traffic i advocate full packet captures you

should be able to understand what exactly is going on because you don't want somebody in russia or or latvia or or india they making it rain dollars off your network right now also you got to be aware of a lot of movement anybody see this play yeah the mind i mean it was like they did like they did eight laterals in the last four seconds of the game unfortunately this guy's knees down on this ladder right here and the referee's totally messed up to play the referee we made like three or four errors on this one play at the end of the game right but the thing is like if you're the referee on your network

are you seeing people doing lateral movement over your network they throwing laterals they like they like high-fiving each other it looks like you ever seen uh if you ever been to ccdc the hackers are high-fiving each other's stuff there's somebody in china and russia right now doing that on your network you know they're like oh cool where's michelle shell it's hilarious i mean i feel so bad when i go to ccdc but like then which you notice if somebody's like totally owning your network like that you know i don't know so also you need to be good at doing egress filtering right for some reason most places are villa they're not they're not doing egress uh

egress filtering uh and you're not on camera but so you can be totally truthful and honest with me how many of you guys implement egress filtering on your network or yet so we got i'm going to i'm going to say so we got about less than 10 percent of the room or around 10 of the room that that actively does egress uh filtering so uh of course if you don't know what egress filtering is egress built-in is blocking outbound communications right so i recommend that you do that on a almost like they say when i was at fort meade on a need to know basis like a need to have access basis so primarily the the only ports that

should be going on on your network is 80 443 uh from from a client right and and and so they shouldn't even be sending email without hitting a server inside or anything so i would say like 80 and 443 are the only ports normally that they should be like getting out to the internet for internal communications there's all kind of other ports but like why are we you know i've had friends that that went in to do pin testing and incident response but pin testers will go into a network and they like they get a shell but that's like oh somebody's already here though but they beat me here and they're stealing they don't ftp why

do you have ftp open outside or on your network you know so your network should your network firewall policy outgoing should not shouldn't look like swiss g's that's why we have swiss c's up there there's also several tunneling methods on getting data out of your network service typically or whatever you call it so you know i went to the george w bush school of pronouncing stuff so forgive me so with with this like you know it's dns telling pretty popular and like the guys told me last night there's some kind of icmp tunneling tools supposedly just got released i believe that they're like i'm like there's people that are you know you can send stuff out https

and that's kind of like a form of tunneling because hey you can't see it if it's encrypted right so what i recommend people do is they they i rep just like burp i recommend breaking ssl and i know this is blasphemy in the privacy community i think you should break your ssl internally and you should have air gap before you send it back out uh how many people are doing it on their network huh you having a plan to do it yeah it's kind of rare though i mean it not a lot of people not huh oh he works for security company who do you work for utility utility so we have like two people in the room that are

doing that right now so what that means that and many organizations people are stealing data like crazy and you might not be able to detect it at all so having said that your treasure could be leaving your network uh in one of these different protocols that you can't read there's some email protocols that aren't easy to decipher um and and you can correct me if i'm wrong here uh when i when i was in working in in the government arena microsoft uh their email protocol was you couldn't decry you couldn't uh it was like proprietary just um some of the pure microsoft communications from your workstation to the mail server was was unreadable y'all familiar with

that protocol until now so is it still that way yeah so you can't even remark something you know from from i mean when i was there so what in attackers what are they doing they're going to be extra trading data using email client they're going to be exfoliating data using your web browser that's encrypted so you need to you need to come up with some kind of way to know what's going on is that dlp i mean i really don't know i mean there's tons of solutions that does this but like i said on your network can you tell if somebody's stealing data from your network and a lot of times the answer that is a

resounding no nobody can see it and it's happening every day you don't want the fbi and mandiant be the first people to come to your doorstep the fbi is coming with whatever and mandate is coming with a check that you need to sign

all right so also so commanding control biggening uh this is another thing where it will require an active network monitoring and all that stuff and um so what what's uh this is this is this is gonna require this is going to have to require you maybe having to be creative but whatever you need to do is you need to determine what's good and what's what's bad traffic in your network the same thing with with uh anybody on participating hunt teams or anything like that anybody do that kind of work yeah so the first most important thing about a hunt team type situation i believe is having some kind of gold bill right a gold build meaning you know every

process that's happening on that computer in a normal situation right so by knowing that you can block out like probably 80 percent of your whole machine and so then you just focus on what's abnormal right and you can also know what processes are generating what like web calls and stuff like that should these processes be doing this should these processes be doing that you need to know know that stuff right and and that that i was like is the traffic good this is the traffic piece but also on on the system all the processes are legit and uh one one thing i definitely advocate how many people have internal pin test teams internal princess teams we're we're

getting probably like a 15 to 20 percent uh response on that one so uh your internal you guys y'all actively doing these kind of things trying to do these things to see if i can detect it all right keep it 100 with me keep it real how many people can you say are seeing the traffic on a normal basis based on what your activity and we got a resounding okay cool oh okay we got one elite commando two elite commandos at the house but yeah so it's kind of like people aren't saying it we're failing we're failing at this and people have active active people testing the systems up i got a question like anybody want to

tell me why why is it not working can you give me some feedback you know any any volunteers wh why are people why are people failing at this this is not a priority so so first comment is it's not a priority money so money what does money have to do with it

yeah so is is it okay okay so basically that that response was it's a money thing we people can't afford having penthouses do stuff and they can't afford people responding to princesses it's too expensive let's say lack of understanding and also complacency where people don't think it's going to happen yeah so lack of understanding complacency especially it's cool so i'm a seller

you're a salesman i thought you i thought i had a brother in the house he's a seller so my clients is that something you mentioned here there's too much noise right so even if i'm sitting there looking at stuff i couldn't most of my clients can't tell good from back there's so much junk going on uh across the board um plants bring in so that's it this is too much noise oh so he said that's what target said he's throwing target under the bus people so he's saying there's too much noise i'm saying like they don't know the difference between good traffic and bad traffic what kind of stuff you sell secure okay cool he's a seller for dell secure works

people so uh but yeah so and also like anything that a pinterester should can do i would recommend your own staff be able to do those exact same things big pictures you can't afford if you i mean some people are mandated to do external princess but i would be able to own anything whatever he can do and i would i would put that stuff out of scope on for the pen test i would be able to do that and you can definitely negotiate that be able to do anything they can do that means i don't want you to give me nuts uh handout i don't want you to do this we know about this issue you know

that's how you that's how you should manage your pen test somebody will come in here run a bunch of automated stuff you know like all right cool here's give me give me my money so some way you have to identify your blind spots on the network um and so this is the the classical car blind brought like you can't see out of each windows like last night i was riding with dmz uh y'all know dmz y'all know dmz car truck he got he got an old school volkswagen i felt like i was uh like old school scooby-doo joint right i felt like i was on a safari in the serengeti or something going through the

streets of charleston last night and i don't know how he would see that car because you know like it's funny because each car you get in and this is what i talk about each car you get in it has different blind spots right so i remember when i used to drive a minivan you know i got four kids so we had to get a minivan one the younger well i got two at the house now but i mean every man hates getting that minivan you know but i have to i have to buckle in to get me a minivan so i have to get me something that little mirrors on the side of the minivan so i could

see out how many minivan driving men around here sucks don't it bro so so and it's just like every car you get like every network is different right again like just because you did something it's your last place don't mean it's going to work there so you got to understand what those blind spots are what's important first of all like what's important where my where's my treasure at and how am i going to configure my network and how am i going to put my controls in place to see those blind spots because at the end of the day you only you can prevent forest fires and unsecured bridges so uh that i went pretty quick there

but i am open for i'm open for questions um and i would like to keep the dialogue going for a little bit any questions

and one of the things that i hear a lot is you know we gotta fix everything and the hacker only has to find one thing you know the problem is they end up finding multiple right

yeah so uh what you find from an attacker perspective is uh and and so the question was or the the statement was when dealing with with red team versus build team what you uh what you run into a lot is this my phone one second i'm being rude as a mother sorry about that all right so so uh you have this this whole blue team versus red team or attacker attacker has to be right one time a blue team member has to be right all the time right so uh there's always multiple ways to get in for sure uh attackers are human and they want to find the easiest way to get in right and so uh

the first way they're in they're not going to spend too much more effort they'll spend more time on doing their back doors setting up all that stuff and and i call it the system administration piece of an offense where you make sure you get as many systems as you can as many cribs as you can and all that stuff so they're spending more time on that and that's what's important um i remember when i first first got my show the guy who taught me a lot about hacking stuff was a johnny long he's a good friend of mine and so i remember back in the day i used to get real excited when i got a shell

and he said like slap me like hey dude who cares about that there's so much more stuff to do and all that stuff it kind of reminds me of uh so so the answer is attacker only cares about one thing and then he's trying to he's trying to entrench himself on the system um so so peop attackers don't get excited on how many different ways they could get into the network that that's something they would probably do after that something they can do after the fact and and i would call that more entrenchment so uh yeah from from a blue team perspective uh and when i went through the osi model he's like dang there's so many different

ways that that i could get on the network if you know and um and so what's important about pin testing and having an internal princess team is um the insider threat are going to take gonna be able to attack all these different levels up to like um i mean when i was when i was at fort meade dude it was the craziest thing ever uh and uh what's up brother how you doing uh i'll take this and put it on here thanks so uh so the crazy thing is when i got the ford me it was the most insecure place i've ever seen in my life it was crazy because military bases are really really secure and we're talking

around before 9 11 around 1998 when i because like navy was so serious about security navy had some epic security failures uh you know uh navy had some epic like you know we were turning over we had sailors that were selling data to the russians and all that stuff all right so uh i was like paranoid when i got to fort meade it was hilarious and i know some of you for me you guys are going to be watching this so i love you guys still but it's a lot tighter now uh when i first got there anybody in the world could walk up support me and walk into nsa lobby and i was like oh my god right you know

you know that that tripped me up because in the navy base you'd be shot by marines maybe you tried to walk up to the location so um and and the reason why i'm saying so so basically all that and and i see this cropping up again it really i think people totally ignore all the physical uh people people tend to there there's a very big importance when it comes to doing all the the lower level stuff up to the network the physical and the data links layer stuff it's really important because um most pen tests are are either are skewed one way or the other right there's not no there's there's typically not any chinese people that are going to

be doing physical pen tests uh like they're not going to be walking up to anything they're doing everything they're they're fishing they're doing all that stuff and at the same time sometimes i think the physical people that do physical print tests i think they go over the top you know on what they do you know they're doing ridiculous stuff right and uh and so there needs to be some kind of balance but i would say all the physical stuff and even on the network stuff your own in-house people should be doing that whether you call them fantastic or not and so they should you know and don't be thinking too dang exotic um and you know look for the low-hanging

fruit do it like i broke into the i put a new lock in i broke into the lock you know and like okay cool you know i should go get a deadbolt because when i'm going overnight you know at least you know somebody could still kick in the door but at least they have to kick in the door or if i could shim it it took me like seriously i was like okay cool the locks install shim it i'm in i was like depressed you know you put a new lock in and so like all right cool how what can i do to make this a little bit harder and i think that's what security is

about how can i make it a little bit harder and detect when they get in and that's what we got to do i know it was kind of long but yeah any other questions comments i don't i'm not going to hold here any longer i'm a quick meeting guy i love it if i get an hour meeting i'll get it over in 30 minutes i'm good all day all right so that's that's it i appreciate you coming uh nice to meet some of you in person i know a lot of people online and all that stuff thanks for coming to the talk appreciate you thanks

you