Keynote: Tim Medin

um with that uh ladies and gentlemen timidine [Applause] a funny story about that that talked for many many years trying to get this this talk um ready get it prepped there were four other Kerberos talks that weekend I'm like please nobody released my technique thrilled wake up the next morning look at my phone Benjamin delpe in France had taken half of my stuff that day with his silver ticket attack and I'm like dude you're French you guys don't work in general it's Saturday like take the day off man what the hell so yeah it's a fun stuff there anyways yeah my name is Tim medin uh I am an instructor with the Sans Institute I

teach the uh an author the pen testing course um I run a cyber security consulting company red Siege stop by the table we had shirts maybe we have some um my guy one of my guys is in Florida and uh he's fortunately okay but all of our swag is still there so we quickly tried to overnight some shirts but they might already be gone uh we have stickers uh stuff like that too um I've been pen testing for uh for a long time here um it's funny I had to come up with a talk title I forgot about the talk title like I put together a bunch of slides and Mark's like hey what's your talk called I'm like

I don't know like did didn't I tell you that already he's like no I'm like oh uh so I try to come up with something edgy and it kind of sucks but anyway let's go through so I want to sort of these Keynotes are a little bit different I like to keep it somewhat technical I like to keep it kind of higher level at the same time but in your career I highly encourage you be a little bit lazy now if there's a parent sitting next to the kid I can already see a couple elbows like don't listen to this guy he's wrong in fact my mom uh Mr Taylor eighth grade we were learning basic

any uh you older folks here know some basic yeah I see lots of gray beards and maybe a little bit of thinning hair yeah yeah I see you but on the wall he had this beautiful side the best programmers are the laziest people and my mom came in for a a parent-teacher conference and she came home Furious it's like I can't believe that Mr Taylor was telling you guys to be lazy but then he explained why that made sense you make the wise decisions when it comes to programming instead of doing the same thing over and over again write a function to take care of it right uh we also see that many times the simplest solution is not only the

answer but oftentimes the best answer how many times out of curiosity have you over thought a problem and it ends up being like the dead freaking simplest thing ever yeah I'm surprised I don't see more hands okay all right yeah right it happens to us all the time relax be lazy this stupid stuff works now apt what does APT stand for somebody help me out I like I like to keep this interactive by the way if you couldn't tell the advanced persistent threat right every time we hear of a breach we're like well an advanced highly sophisticated attacker the advanced persistent threat is what has compromised our organization and then you read the after action

reports the compromise you report you're like really were they really that that advanced were they even persistent like Threat all right I'll give you that part right and there's like there's case study here is Equifax now I'm not trying to pick on Equifax this story is universal it's the same thing we hear at time and time again so let's talk through the timeline here again with Equifax so here's a situation um March 2017 the cve is announced so now the world knows this flaw exists the breach occurs two months later now at this point there is public exploit code what does the p stand for again versus this one sorry yeah tell me any word that starts with p

it's like Cookie Monster here right yeah the P here stands for persistence well this was off the shelf code and it took them two months persistent right like mom tells you clean your room I'm persistent mom I gotcha in December right two months also it's off the shelf code the A and APC stands for what advanced I mean the dudes downloaded it and just used it two months later right so we hear about this advanced persistent Threat all the time but so many times it's not I think curiosity do we have some folks who work in IR here the IRS I'm sure so many of the stories you would hear in IR at least the folks

that I've dealt with like how are the bad guys getting in well it's like fishing and bad credentials it's not the high sexy thing it's not like necessarily like the brand new thing um the bad guys that we're in for months finally detected them kicked him uh kicked him out right here's another article I've tried to find a more recent article but I haven't found one uh this is so this is a little bit dated but it's important to look at the timing here so we've got the date of this article May 30 2020 uh this is an advisory here from the NSA very near and dear I'm sure to many of your hearts they've been exploiting vulnerability

and extra mail transfer since August 2019. August to May is what like nine months we can make a child in that amount of time like we can create

like we could actually breed new people to patch for us in that amount of time right it is not much uh number one here from October 2020. in a cve the second set of numbers is the year 2019 2019 2019 2019 2018 2015. this child we have bred to give us to install patches is now in kindergarten and can read right this this this this patching class of humans now can actually install the patches themselves 2015. the flaws here that were being exploited were all multiple years old right we're looking at the end of the year here there's lots of 2020s sorry 2019s and even older so when it comes to that advanced persistent threat

they weren't even persistent enough necessarily to exploit it in the last six years right really really long time let me tell you a couple other situations that I encountered in my career sort of related to this the dead simple stuff so how many offensive people let's say not not just offensive but like security offensive a few of you that's it all right just on this side nobody over here all right we'll talk to you folks here how much time do you end up spending on a test and I don't know how I'm gonna have you answer this but let me um when you're doing your test do you spend a bunch of time doing some AV

evasion type stuff my pen testers I got one yes he speaks for everybody okay it's oftentimes it does take a lot of time but just like we saw with some of the other stuff sometimes the dead simple crap works so I was working with a Friend of Mine Derek Banks we were working on a pen test and I really needed netcat up on a Windows host but if I just copied netcat up to that host it's getting busted I was getting burned so Derek being smarter than I am is like hey wait a second there's a tool called nmap and in nmap there is another executable called n Cat and Cat does the same thing as netcat

this time though this is a n map approved script we all use nmap right to even see security teams systems administrators a lot of people use nmap people Trust they also trusted MCAT upload it and it just worked flawlessly and what's even better it has more features than netcat so it supports encryption and all that jazz meanwhile I'm like trying to like reverse engineer This and like change strings and he's like bro I got it working I was like oh what'd you do uh I just download it and ran it it's like damn it dang it absolutely worked another a great one uh Jeff mcjunkin good friend of mine fantastic gentleman he was uh doing some AV Invasion can't

share the the real sample but was looking at a um an executable called CTF tool try to run that sucker on Windows got busted so he's like all right let me take a little bit of time looking at a tool called Defender check to figure out the offset where is my executable getting busted and it showed up with the name Tavis ormandy so the the name the name of the author was the trigger to mark this thing as bad so what's the simple answer change his name yet Tavis ormandy is bad now he puts on a mustache and those little crappy glasses his brother to have his zorbandy totally cool right and of course worked just fine

one of my favorite things and by the way when I say favorite things I'm an offensive person so it's probably not good for everybody else but the gift that keeps on giving bad passwords right like I kind of feel bad as a pen tester that most of the times I'm getting in or doing lateral movement doing most of my stuff it's this it's the bad passwords right it just works and I hear people well don't you use exploits I didn't know I don't have to I can just log in I was like why like the exploits are hard this I just log in like you do and people pick these exceptionally uh bad passwords one of my favorites and by the way this

is not a suggestion don't do this uh any Auditors in the room you guys don't allow Auditors here right no Auditors allowed very cool press conference okay cool according to the Auditors how often are we supposed to change our passwords 90 days you know why when Moses came down from the mountain so thirds have no sorry when Einstein derived E equals m c squared he then no my money it was two dudes working together like hey Carl how long do you think passwords are should be good for it's like well I don't know Steve what do you think about 90 days great Carl stamp it and now we have this if you ask anybody why 90 days there is no answer

it's like well it's kind of like dividing 365 by four if you're kind of bad at math and just like to round things so we end up with this this 90 days right how many of you have worked the help desk on January 2nd what's the call that you get non-stop that day well no no there's one call January 2nd what are you getting all day long what's my password right how many of you have called on January 2nd and sucked somebody else's will to live no nobody okay so people get tired of calling I.T they're like man looking out their window right like it might be kind of cold here maybe an occasional snow January 2nd like man if

I could just look out my window and know my password you're like huh it's winter what if I use capital W lowercase enter as my password it's like oh wait I need a number and there's a winter this year and there's probably going to be a winter next year so I can't reuse my password so like man if only there was a number that would differentiate this winter from next winter and they sit there for probably 45 minutes to an hour to come up with that solution which is what the year right and then 90 days later they changed their password to what spring you guys are way smarter I was in a room like this what's after winter and

they're like nothing I'm like all right cool at least I know you're not using that password scheme because you're not smart enough to but whatever nine days later after that right it's super hot here in Augusta we have summer very good no one screwed up the months yet very good right so we see this type of scheme and again as the attacker I don't need all the passwords I need one right I need one way and I was at another organization they said Tim that's not going to work here I was excited I was like good good for you what are you guys doing to prevent us are you are you Banning bad passwords are you

preventing passwords with the season or the year he's like no we fixed it because we changed passwords every month foreign

and waited and in my mind like there are so many sarcastic answers that are like just filtering by like oh this is a good one this is a better thing to say I'm like don't say it don't say it don't say it and I'm like I'm just gonna try the month in the year you see him go oh they hadn't occurred to him uh first when we first account we had we got was the uh the director of HR there are two groups of people that most most people in a business are scared of one of them is I.T we're not scared of I.T in fact we crush them for fun when we're offensive people

right I mean we help them that sounds rude Human Resources still terrified right because they can fire me they control my benefits they help me understand whatever the complication is with my my deductible and reaching my limits and my children and what whatever Magic and you get attachments for days from HR so just send a couple of emails people are clicking on stuff like like Absolute Math so we're seeing this is a dead simplest way in that we're seeing both from externally uh internally I actually tweeted about this and said hey give me your interesting password stories um winter 2019 here was one of them guess the con the password just from a conversation I'm so interested to know how that

conversation went right uh uh the domain admin was this password was the same as the username that's some advanced stuff right there right uh password spray this is where you're trying just a few passwords for all of the users 30 of the company 30 percent right um breached passwords right they use their password at some other site that password is compromised and reuse it these are the ways these are the good guys right these are the ways that I'm getting in guess how the bad guys are getting it the same way they're just not telling you you're getting a free pen test it's more expensive and you don't get a cool report at the end

right like they're doing they're running ransomware like you're still paying you don't get the cool report not telling you how they got in but this is the exact same thing that we're seeing here right I've seen other things like in help pages we're literally like the help page says hey use this password to uh to log in here um there was I've seen documentation publicly available again just simply to to log in once again those lovely lovely uh passwords now the purpose of my talk here is to show you much of this stuff is dead simple I would suspect many of you are here you know to learn to make yourself better maybe make a job or a career change set

yourself up for the future this is a scenario this was a number of years ago I had never attacked any iot devices before I'd never done it I wanted to so I saw this blog post from a friend of mine and he in his blog post showed how he reverse engineered this firmware so let me show you the the the the the screenshots from here so this was a trend net camera here and what he did is downloaded the firmware and used a tool called bin walk what Ben walk does is it looks in that file for other pieces of files other headers now the modern versions of Ben Walker will actually extract it for you in the

olden days you had to do it manually so he was using the DD command here to split it apart I don't expect to be able to read all of this text here but what he's done here is we see at the top is there's three chunks there's offset zero to that what three two three two zero there's another chunk in the middle and then one at the end so he splits it up into a three pieces and then looks at the third one the third one says it is a Linux file system gzip compressed data was root f s from Unix extracts that looks inside that and sees a directory called uh server inside there CGI bin

there's another directory hey Nani if you had to guess what does a Nani stand for Anonymous yeah these questions aren't hard anonymous so literally taking the camera going to the anani directory CGI or mjpg.cgi and you had remote access to the camera dead simple right now this was his version this is was what he did I'm like cool so I went to Amazon I spent 42.31 after tax to buy my own camera different brand and literally walked through the exact same steps here ran bin walk extracted the firmware found the file system I didn't find anything called a Nani now where is one of the first places if you compromise a Linux system or if somebody compromises where is the

one of the first places you look when you're trying to learn about that system somebody says in the back there louder Etsy password good call now in Etsy password is account information in newer Linux systems you have passwords in another file typically Etsy shadow but in Old Linux systems and brand new iot devices they put there was an oh no in the back you see you know it's coming don't you the passwords were in Etsy password that's okay usually the passwords are hashed this case they use a very special hashing algorithm base64s

now base 64 is kind of like the crappy code you come up with your friends okay it is not encryption it's encoding you can literally grab a pen and paper and decode this right be sure to drink your oval tape now this password I'm looking through the use through the the file here so I'm looking through the file I see root web interface there's a user root in the file there's a user viewer in the web interface there's a user viewer in my file it's a password there's a user Factory test

thank you for the extremely deep side like it's fantastic anything like a special effects sound effects button it's great that user account was not in the web interface so I could log in as this Factory a test count on every single one of these devices throughout the world okay now I literally followed this hack by number and looked in the first file that we look at and found this thing literally it was like two to three minutes and I was like I mean it felt good but at the same time I was like that's it I ended up selling that to the company a bug Bounty uh for four thousand bucks I've never made that much money that

quickly in my entire life and that probably never will again right four thousand bucks it was funny because it was before the company had a bug Bounty program so you had to be a little bit careful if you if you contact them and say hey bros pay me or else I release this there's a very special legal term for that it's called extortion so you had to like be a little bit cagey if you're like well do you compensate for exclusive disclosure of vulnerabilities that could negatively impact your brand and stock price right this is not a contractual agreement that I could blah blah blah anyway um but just literally followed somebody else's work here

I'm not saying don't try to be original but there are so many people's shoulders to stand on and there's so much out there try what other peoples have done so that you can understand that we'll come back to some of that a little bit later here too another situation anybody a giant football fan I am a huge football fan like I wish I'm trying to see if I can get a table at my booth to have college football behind me I think it'd be fantastic um anyways I'm a giant I'm a big Green Bay Packers Fan I grew up in Central Wisconsin um and I was trying to stream the Packers game I live in Texas I was

trying to stream the Packers game down in Texas because it's not on the local the local station so I bought I forget it was like NFL rewind allows you to watch every single game um and I'm watching it on my uh my my tablet it was an Android tablet using Amazon app but I have an Apple TV so I wanted to like stream it to my Apple TV and I tried it says sorry AirPlay is not supported for this device and I was like well that stinks or no sorry AirPlay is not enabled for this device I was like well that's a weird wording so what I did is I downloaded it so I looked at I I I fired up a sniffer and I

looked at what was being sent to and from this app inside the app there was this configuration file and it said AirPlay enabled false and I was like you jerks it's there you're just like we hate Apple screw you so what's the obvious fix here true right AirPlay enabled true now in my app I get an error message that says invalid signature so I scroll down in the configuration and there's this signature thing at the end I'm like dang it what's the fix now recite it that's hard give me easy nuke it downloads the sign downloads the configuration file checks the signature oh there isn't one fair enough like you don't have to be super fancy

try the dead simple thing first to be fair I was like trying to get the certificate I was trying to factor the key I spent hours on it where and then almost literally by accident my search and replace didn't work and it just deleted it I'm like why is it working I'm like well that's amazing I wish I would have thought of that sooner right try the dead simple thing first be lazy I got one of the guys on my team Mike who is the destroyer of MFA and he tries really complex things like normally you put the username the password the MFA token and access the page right username password MFA nah just skip that

and go right to the page the page to get fair enough close enough you tried we asked you for the MFA but you didn't have it but here you go right the dead simple thing here we had the Mac OS flaw a few years ago anybody remember this lovely thing enter enter enter enter enter and you get a root prompt right dead simple stuff literally somebody hammering a keyboard there's probably somebody holding a toddler in their lap it's like how did I get Roots all of a sudden right or my favorite flaw of all time I call this these the kids soccer trophy flop so with this flaw one in 256 times authentication says congratulations you're in

now I'm trying to imagine the person that found this because like nessus probably reported like you have a bad password on this MySQL server so the person tries to log in with this bad password right it doesn't work and they're like well Nessa said it worked so they tried again and then they probably rage and they're like four one to Infinity log in go five seconds later it works right is the parts but participation trophy hey you tried to authenticate good job Tommy come on in right dead simple flaws like this now I want to let you know like there's so many times in my career that I've tried to solve the problem up here when the

solution is down here and this isn't even just the technical stuff right we mentioned this a little bit earlier how many times have you tried an exceptionally hard thing stepped away for a second you're like oh my God it's the simple answer that absolutely worked related to this oops wrong one sorry you can you can always you can always learn more the most dangerous people in any organization in my mind are the people who know everything and they don't want to listen to other people and even worse than that they squashed the new people the new people have some new idea some new experience you probably have done maybe 10 maybe even 20 years ago let him

enjoy it like hey cool good job for you and then shut the hell up you don't have to tell them I was like well when I did that who cares right let them enjoy that you never know too much the the most confident I was I ever was in my entire career was when I was brand new I remember walking into a company doing a pen test I have never been more confident in a pen test in my entire life the most confident people I know these days are super happy to say I don't know and be okay with it and in fact you probably work with some of those people and they're the most trustworthy people

you know because you know they're not going to BSU they're not going to lie to you right but it's it's hard sometimes to say I don't know and be okay with that especially when you're more Junior when you actually are learning but I encourage you Embrace that like get quickly like I don't know but here's how I'm going to try to figure out the the answer to this all right we're going to come back to that a little bit more here's another sort of situation here a number of years ago there was a competition to go to Las Vegas go to black hat okay whoever won this would get a black card free entrance to what to Black Cat I had

never been to black hat so I'm like cool I want to go how to be a ninja in three steps like all right cool let's be a ninja here okay so how to be a ninja step one so there was this app that if you downloaded it and installed it on your phone you would get like 10 points just installing the app gives you 10 points and there were other ways to get extra points you could crack passwords you can map the network you could sniff a URL some other stuff but just installing the app 10 points cool right so I want to get more than I need to get a lot of points because I want this free

ticket right I install the app on my phone Next Step what's the next step here and again simple think dumb uninstalled install it again cool what else that takes a while right related to that you're on the correct path here installed on 1000 devices sir I don't have that many friends yeah

there we go so when I install this thing it needs to communicate back to the server to say yes this was installed on a device so the actual install uninstall reinstall process is essentially a replay attack snip the traffic replay this over and over and over and over again and it worked right scoring a a ton of points here and if we looked at the payload we saw some sort of payload that looked like this right okay cool now the problem was now Tim tomes he might be here a little bit later uh Tim tomes uh former good friend of mine um he and I were working on this together so we installed this app

um after a while it was it was actually Mother's Day weekend now I'm we're at lunch for my mother-in-law and Tim and I were going back and forth like we're trying to figure out how to make it faster and stuff like his internet's faster than mine so hypothetically I may have used some work servers to send more traffic to play it faster um so we're going back and forth I figured out a trick to make it go faster and I'm looking at my phone at Mother's Day lunch don't do this and according to my math I'm going to pass Kim in about 10 minutes so I'm like yeah happy Mother's Day refresh refresh refresh refresh right just keep looking

the site goes offline so now I'm like panicking I'm like great like I said there's whole lunch now and I gotta figure out what's going on um come to find out they're like we were crashing their servers because we were just hammering them um but they said hey no more replay attacks so we see this I'm like oh crap right so I would send we would try to register it would say hey um duplicate device ID what's the next step then what's that throw random data in there I like your thinking didn't work what does this look like base64 right let's decode this thing looks like this

what do we change then the Android ID right change the the um the Android ID base64 encoded send it back to the server now it says invalid Magic so here is the payload so the data is what I showed you right here right now we've got this magic what's the first option with the magic nuke it right good good call didn't work The Next Step here then well the answer is a little bit of reverse engineering so literally open up the thing in a Jad X and do a search for Magic like where's Magic okay cool found magic here all right look at the code so there's magic next to it a variable called stir

stir is used up here with A2 we will worry about what A2 does later but I see A2 like a couple of times A2 is up here um A2 comes from B which is my data right so the question is what does this function do at the top so what's that did you you figured this out already holy awesome okay cool yeah what I was going to ask is what does this do I did zero reverse engineering on this but just looked at it what was the key for you that was base64

so you saw that so you saw the pattern in the uh the magic back here okay very good

just reading the code what were the two pieces that stood out to you one or two where they're starting an array the two pieces that stood up for me literally says bad base64 but the the the three slash four because base64 takes three characters converted to four literally I didn't reverse engineer this at all I'm like what happens if their magic encoding is just more base64. and then take the second character and the last nine and duct tape them together and now we can create our own Magic right now I'm a sorcerer I don't need your magic I have my own right we are going to Harry Potter the crap out of this thing so

talking to Tim he figures out like hey you know what here's the the code here I've got a um this the inside is the plan the plan here by default is basic well if you tell it you are on the Platinum plan you have a multiplier now very bottom of 2.5 times for each request so instead of 10 points you now get 25. also if you submit a payload with every single one of these things you get all of those points in fact the um cracking a password didn't work in the app but I was scoring points we were scoring points for this because we just put the XML in there that said password cracked

true and multiply that right so that one was broken so we take 10 plus 5 plus whatever 142 multiply it by two and a half so 355 points per request now right so I'm sitting at my house I get a call Sunday at my desk from the guy who runs this thing he basically says hey this is this is so and so can you stop because we had crashed their servers like multiple times so like I I'm talking to Tim tomes I actually I had I had passed him at this point I'm like Tim man I like I know you're going to try to get ahead of me he's like oh I'm already going to black hat do you

want the ticket yeah I do Tim this is why I no longer talk to no just kidding um so we ripped through this thing we can see like Christy Pryor here probably had some of those um we were on I was on track to get like a billion points but then there and don't crash our servers whatever um you know got they got the trip but again the answer here was simple right the simple replay attack is what did it not even reverse engineering the code while Mass guessing like maybe it's base64 right just try the simple stuff don't you don't have to get super super complicated learn from new people I can't tell you how many times I have

been trapped in trying to solve a problem up here and instead should have just tried this simple answer or ask somebody who's never experienced that problem in their life there's two real world scenarios where this has worked phenomenally well RSA encryption existed because there was a new guy to uh to the company and the boss man said hey can you figure out how to do asymmetric encryption and so over lunch he figured it out basically he's like oh my God we've been working on this for years but nobody told him that it was supposed to be a hard problem and literally saw that it was another case college professor had two math problems on the board

two math problems on the board and a student came in late saw that went home came back he's like I think I got the answers it was really hard and the professor said we didn't have homework he's like well you had two problems on the board yesterday so I spent a few hours last night and I solved it there were two formulas or um algorithms whatever that had never been solved in mathematics before and he just did it that night because he thought he was supposed to be solvable homework and no one told him it was supposed to be hard so you know talk to me get get that perspective don't think oh you're new I

can't learn anything from you related to that you're gonna go do some talks here today you're going to see a lot of people getting up in front of you we've all did our first presentation my first presentation sucked so bad he says yes he was we were you there you might he actually might have been it was a 60-minute presentation on Powershell I finished it in 16 and a half minutes I got up front incredibly excited super nervous I just went just as fast as I could and in my brain I'm like slow down my body's like cool let's go faster I could stop it was such a terrible presentation I got to the end and I'm

seeing people's eyes I could a couple of months like when I was like stop man people are like pointing at water like take a water bottle just anything and I'm like got it faster okay my first presentation was terrible but then it got better at it and got better but what I'm trying to tell you here is you have a tremendous opportunity be this besides Augusta is in my opinion the best b-sides in the nation you've got a huge opportunity to come to this conference one to learn from other people but I can guarantee you have something to share you have and you might be sitting there it's like well no I don't I'm new yeah

but there's other new people you have a topic that you know better than me guarantee it tell me your version tell me your story on how did you develop the skills to get where you are that's what's interesting how many talks are you going to go to today where someone is releasing brand new o day probably not many and frankly even if they were it's probably not useful to the masses what's useful to most people is the here's this I don't want to say simple thing this thing that's simple to you but might not be simple to everybody else right I mean lock picking has been a thing for multiple millennia but you're still going to go there and

learn how to do it maybe right so I would highly encourage you and it maybe it's not coming to an event like this maybe it's a blog post maybe it's a smaller thing maybe it's a lunch and learn at your office but I highly encourage you get out there and share what you know your version of the story is the interesting piece so sign up for these conferences next year volunteer to be a speaker um you know there's there's probably smaller events if this many people is scary but I highly encourage you get out there do a talk share what you have you have something interesting that I don't know you have something interesting that most

of the people here don't know I look at the statistics for our red Siege website and I look at the blog posts the blog posts that have the most hits are what we blog post that we almost didn't do because we thought they were too simple but we have like a shortage in our industry we're trying to get more and more people into our industry to help out so this simple stuff works right and I know a lot of people you're like you know what I'll do it someday cool when are you going to put that stake in this that that's lying in the sand you know what like let me pick a day right it doesn't have to be today it

doesn't have to be tomorrow but draw a line you're like look I want to do a talk between now and next year at Augusta I want to write a sort of blog I want to do informational tick tocks right whatever but get out there figure out what your plan is is going to be if you continue to take the same actions you're going to get the same results right if you want to change your life if you want to change your career but you're taking no actions to change it guess what you're going to come back here next year and you're going to have the same mental conversation in your head so get out there let me look around you

there's people around you talk to them talk to the people at the booth I find at these conferences the most valuable thing is the hallway talk in fact I tell my employees when we go to conferences hey if you don't go to a single talk I'm okay with it I didn't tell you I didn't because there's so much valuable conversation that we have with other people going through the same struggles the same uh things that we're going through and and learning from that right where do you want to be the one thing you can't buy is more time your only resource in life you have exactly one time you traded for friendship you traded for

money you traded for food you trade your time for that so make the the decision to spend your time making the changes that you want this is more specifically around the security career here but I'm trying to tell you here is there's a tremendous amount of opportunity and it doesn't have to be hard all of the things all of the attacks that I just showed you dead simple right not a single one of those was very difficult that if you didn't understand it it I'd be happy to explain it to you some more but none of that stuff was uh super complicated so in short give back okay uh that is my time I think do we have time for

questions or no cool uh questions

this is where I say Bueller but then I see a bunch of bunch of the younger people they're like where the hell is Bill there

go for it

so the um so the when I was talking about the app with the reverse engineering and that payload the payload was being verified on the server it was being verified in the server was there one thing that that kind of got you started like aha moment or something like that got you interested in in security yeah so and I'm going to answer a slightly different question from that the question I get all the time is where should I start and my response is well what is interesting to you because if I give you an answer and you hate that thing you're never gonna do it right find the thing in security and dig into that piece are you into web cool

spend some time in web are you into reverse engineering there's a lot of blog posts to help you with that with those things are you into GRC whatever it might be pick the thing that's useful to you uh for me when I was a kid I would reverse engineer like video games to figure out how to make my little dudes faster right like like the fast I just little soccer game and the top speed was 99 but if I went in and edited the hex and change it to FF their speed was like 256. and I could just run around like mad it was awesome yeah what's cyber security threats targeting our nation's polarizing models concerns

what cyber security threat targeting our nation's just democracy uh strains me the most uh polarized democracy I don't know what that I don't know I think the biggest the the biggest thing I'm scared of is some of the um cyber threats against some of the critical infrastructure because that has the potential to impact you know Everyday People Power stuff like that okay cool we got people heading out there's other talks thank you all so much for your time be sure to stop by the booth