Dragging Out Dragons: Slaying Hidden Threats in Residential Proxies

Hello folks. Uh now we have Crystal talking about dragging out dragons slaying hidden threats in residential and and mobile IP proxies. As a reminder uh please put your questions for Cristo on Slatero bsidesf.org/q&a. And with that Christo take it away.

Okay. Okay. So, I'm super excited to talk to all of you because of uh you know, first off, this is my second bsides and I love bides super cool conference and uh this is the first time I ever given I've ever given any security talk that's uh not from my company Cloudflare but on my own idea and my own research, my own ideas. And this talk itself is about something that affects everybody in this room and everybody that everyone in this room knows uh just about. Um but because uh we all use um um data from web scrapers, we all use we all want the cheapest flights online. We all want the cheapest hotels and and uh these uh IP proxies

are used to grab that data and present it uh uh you know and and the cheapest prices but a lot of other reasons too. So I think this is super relevant especially in this day and age of AI. So, personally, I'm just a curious dragon hunter like a lot of the people in this room. I'm not a pro like maybe some of these people in this room, but I I submitted this talk track in December as a kind of a whim of just seeing if I could get accepted. I got accepted and then I had to go do the research over the last couple of months to uh to figure out what this stuff is really all

about. So, I've watched about 20 YouTube videos and read about 20 or 30 articles and this talk is the uh the result of that and hopefully uh it can help you guys uh have some jumping off points to learn more. Um I am a what's called a solutions engineer. Some people call us sales engineers. I hate sales but uh I I uh I'm kind of a I call it a dot connector for customers. kind of a technical consultant at Cloudflare where uh my customers are social networks, crypto exchanges and gig economy platforms, the kinds that advertise at the Super Bowl uh level out of Northern California. I've been there three years. Before that, I was seven years at Akami

where I really cut my teeth in cyber security. They really taught me uh from the ground up and and I've been running with it with Cloudflare with our amazing technology from there. And I will have this slide at the very end as well with a QR code for my LinkedIn profile. I'd love to connect with everybody in this room, further the conversation here, collaborate on other projects as well. And for starters, this is my family last week in Waka, Mexico. I highly recommend that little city or town. And I've been to Mexico four or five times. Always on the coast. Waka. Incredible artwork, incredibly uh um diverse food, and and um um great people. And I want to start

here with a question that my kids were asking me on that trip. Uh a question that all of us have probably asked ourselves at one point in time. Definitely if you have kids, they probably asked you this because I didn't want them on their phones the whole time. So uh I brought a book with us, a great piece of child's literature. And they kept asking me, "Dad, where's Waldo? Can't find him anywhere." Well, you know, I think it's pretty unfair that Waldo is hiding behind a wall. I mean it is part of his name but that's just not cool you know that made it really tough to find him but the real question for this audience and this oh

yeah I see some arrow some people pointing there there are 10 dragons in here can you find all 10 of those are hiding behind all the real authentic users and that's what this is about using these residential and mobile IP proxies to hide behind legitimate users that you want visiting your sites and these dragons are doing things like um account takeover attacks. They're doing things like u scraping data for gray purposes or building the next LLM model. They might be not on your website but over on ticket master competing with you for the latest Coachella tickets so they can sell them at 20x maybe even the latest Blue Origin tickets. Okay, I don't think anyone here is buying Blue

Origin tickets so maybe we'll move on from there. But uh what this talk is about uh first we're going to look at this from a uh the adversarial point of view. I mean, I'm a more of a white hatter myself. So, we're going to look at it from the gray and black hat point of view. And we're going to we're going to give a kind of a 101, hopefully some 2011 of what these IP proxies are, or I'm going to start calling them proxies for the for the sake of time here. And then we're going to pivot to a white hat perspective on how to uh think about detecting these and therefore eventually mitigating um the

uh the activity coming from them. And what this talk is not about is any endorsements. There are some incredible tools out there uh from the um adversarial point of view, those gray and black hats, and I will call out a bunch of them, but I'm not going to endorse any of them. And uh same thing, I'm not going to endorse any provider like Cloudflare to to be the uh the best tool to uh to to go after these guys. I'm just going to call out a lot of jumping off points for people to learn about and and think about on your own and and uh potentially collaborate with me on exploring further if you'd like.

And the big thing I'm not going to do is give any give away any silver bullets because there are none. This is a constant cat-and- mouse game uh of of of antibbot um vendors and and you know you all out there fighting the good fight on the white hat side and uh the other side you know trying to get ahead over and over and over again. Um so there's no silver bullets. Your mileage may vary with any of these types of solutions. So for starters, who's using these proxies? Well, I I love this graphic. I I hate the word hackers because you don't have to be a hacker to use this stuff. So, I threw up a big asterk there. And think

about these as actors, whether they're good actors or gray actors or bad actors. And I never knew that um these hackers came in so many colors. I always thought of them as black, white, and gray. And those are the ones we're going to be focusing on for this talk. But there are, you know, people out there that are that are um unskilled using these same tools. In fact, I learned when I first started doing this research, one of the YouTube videos I came across was from someone building out their Only Fans profiles and trying to create multiple Only Fans accounts, a couple hundred of them, using the same laptop. And therefore, they were stumbled upon this idea of mobile and

residential proxies and was explaining how they work because they figured out how they worked and they wanted to share with everybody else. So there's a lot of um um people out there that aren't necessarily the super skilled um in cyber um actions that are that are also using the same tools. So like I said, we're going to take this first half and focus on the gray to black hat point of view. And uh with that, you know, why use these things? Well, this is more of a gray market kind of slide here. this graphic that I found. There's a lot of black hat stuff that you could also do with the same approach. And here we're

looking at the the idea of using a residence or residential proxies, but let's start up with the sneaker bots in in my top left here. Um, you know, finding the latest sneaker drops, whether it's on Nike or elsewhere. Uh, you know, there's a lot of money to be made really easily there of just being able to be the fastest bot to uh to to or having multiple requests going at the exact same time and try and beat everyone else by a millisecond to get those sneakers and uh those, you know, say for Nike.com as an example. They are working to stop, you know, a bunch of requests coming in coming in from the same users. They want to allow everyone

to get a fair chance. So, they're going to try and stop you. And the best way they can do to do they best method they can do that with is based on your IP address. So they're going to try and rate limit you that way. Same kind of thing with if someone doesn't want you to scrape their website. You know we all know probably about robots.ext which is kind of a joke but you know that's the way that most companies would try and stop you from scraping their website but you don't really have to pay attention to that if you're kind of a gray hat or or or darker. Um and um ad verification and travel fair aggregation. Those are

two different use cases that and SEO monitoring those are all kind of I would consider more white hat. There's full businesses that run to see to check Google results in another country with um and and uh you know very quickly and to see if the right ads load in different countries and those are all kind of legitimate quote unquote use cases for for using these kinds of tools. Now I do call out in the middle that um although this image shows a residence um these uh proxies can also be done with mobile devices which we'll get into those are the actually the strongest method of doing this and there's also data center proxies I mean

I found about 25 different versions of proxies and um including VPNs and to exit nodes or or tour itself and I'll talk about you know the kind of the differences between those longtail of um what kind of like why you wouldn't use those longtail approxim ies, but the real three that I'm going to focus on are are well data center a little bit, but really mobile and residential because those are what most scrapers would use overall. Um, and I will um get into more detail about uh um uh the why you would use one versus the other. Uh I I do want to also call out social media automation. I mentioned that oly fans person earlier. Um there's a lot of

multi- accounting going on these days and to uh to upvote um posts uh to have it all AI run the whole show and and and go viral just using AI with putting a image out there of of uh Jesus on a piece of bacon or something like that and then having a bunch of fake accounts upvote it to get the algorithm going and the juices flowing and then all of a sudden go viral and make money off it that way. Uh that kind of an approach. So um you uh most most um business uh organizations would try and stop that from happening but using mobile proxies um it's really hard to detect and stop that as I'll show you. So we talked

about the who and the why of proxies but the what uh what they are and how do they work. We're going to get into that here. So a couple of key concepts to understand. I think everyone in this room probably knows what IP addresses are. I thought I knew what they were too and there's IPv4 and IPv6. Sure. But uh but what the concept I want to get across here, a couple of concepts about IP addresses is that they're really, you know, like a phone number, two different addresses that uh any system or person needs to communicate across the internet back and forth to one versus the other. And um that's great and all, but the

thing is that they they stay relatively static for some period of time depending on what type of IP addresses they are. A residential IP address would stay the static longer. A mobile IP address on the other hand is very dynamic. If you're driving your car around, your phone is jumping from tower to tower to tower and getting different IP addresses on the fly. In addition, I use T-Mobile and I bet I don't know 20 people in this room probably have the same exact public IP address if you're on T-Mobile right now on my on my phone in my pocket that you have in your pocket. And so because of that, just like going back to that uh

where's Waldo picture, if I'm doing something, you know, gray or black market kind of approach and and you're trying to go to the same Nike store, you might get rate limited because of what I'm doing. And and Nike does not want that to happen. They want to sell their shoes. They want you to get in. They don't want um to block you and have a false positive. So therefore that's why the mobile IP addresses are um are kind of the most valuable from a from a adversarial point of view uh because they they have a very high reputation very high authenticity because um uh organizations don't want to have false positives. So, I talked about IP

addresses um being relatively static, although they do change and they're, you know, point-to-point communications. And um really, I think I think the big takeaway with IP addresses, it's about authenticity and they end up getting a a fraud score, you know, u based on on what what um organizations see happening with them at any given moment in time. I mean when I was at Akami um they would basically an IP address would go into a penalty box for a couple of minutes and then when it started not doing bad stuff it would come out of the penalty box um and uh that's kind of a risky game to play is to rate limit based on IP

address but that's one of the key signals to rate limit on um and uh because everything else in a request most everything else in a request is very uh changeable on the fly like a user agent I mean come on we can all spoof user agents super simply it's pretty hard to near impossible to spoof an IP address and that's why these proxy uh tools exist. So next up the uh is is network address translation uh and carrier grade net and these are two different methods of handling the problem the scarcity with IPv4. So, IPv4 um created back I think in the 80s. We passed out the last IPv4 um uh slash8 in uh 2010 and since then

um uh well actually back in 94 I think it was we created NAT and carrier grade net to be able to handle all of the mobile devices out there in the world and all these IoT devices just basically way more devices than we ever thought we would need. And so with NAT and carrier grade NAT, you can have private IP addresses like I'll show in a couple diagrams here that are hiding behind a one a single public IP address that goes out to the world. So um think about like a library or my hotel that I'm staying at. You know, everyone in there probably has the same um public IP address going out to the world with their own private

IP addresses with everyone signing into different Wi-Fi networks. Same thing here at the conference. Next concept is these anti-detect browsers. So, a key uh way to detect bad um malicious activity would be to look at the IP address, notice that it might be like say in Berlin and um yet the browser says that it is in um San Francisco and uh that's a clear signal that someone's doing something sketchy there. Um it's a signal. It's not the signal that there definitely need to be cut off, but that's the kind of a thing that can happen. And that's what anti-detecting browsers, anti-detect browsers come into play to be able to uh make sure that everything in the browser that it's

sending out into the public into the to a website will match the IP address. Right? So, there's these these tools called the anti- detect browsers that most um real serious uh malicious actors would use. And then of course there's anti-bot vendors like Cloudflare where I work and um and Aami and Data Dome and a handful of others I'll get to as well. So super basic proxy. Think about it as maybe like a a waiter in a restaurant. It's basically acting on someone else's behalf. That's the way I think about it. And each of the three different um systems here or users have an IP address, right? So here maybe we have the uh example of um someone

hitting uh web um airplane uh airline websites to find the cheapest uh airfare and be able to update on the fly um um Expedia or um or or the like to be able to to to uh sell airfare and make a small commission on on on those things, right? Well, when that same user puts on a gray or a black hat, now all of a sudden they can use the the proxy server as a Trojan horse to be able to get um over to that internet and not be seen and therefore their IP address becomes private and they become relatively anonymous and uh they can get away with doing a lot more that way. Uh, so from a

residential point of view, again, you have those private IPs over in the back and the public IPs out in front. Like here we're showing going to Ticket Master, buying um tickets, Nike, the latest sneaker drop, going to a social network and and making things go viral. So all of us probably have 99% of our bandwidth at home and um these all these different IP addresses that our router could um uh support as private IPs on the back end. And we're not using all of that. that it goes unused. So you could right now you could make money by reselling your bandwidth to a proxy provider that acts as a middleman that would go resell that bandwidth out to

these gray black hats or even white hats that that need the service. And so you could run some software at home and uh basically you know pay for your home internet and maybe make some more money on the side. So that's a complete business that happens out there, especially these last couple of years as AI has taken off and web scraping is is so pol prolific. Um but from a mobile point of view, it gets even um stronger use case here where all the you know, as you see the different hops here, they're all private IPs until it hits the cell tower and goes out as a public IP on the internet. But uh you

know with mobile it's even easier to um have a bunch of SIM cards and uh bandwidth on all those SIM cards whether they're um u whether somebody owns them or whether they've been compromised. But uh this is even kind of a stronger approach especially like I described before about how these mobile IP proxies have the best reputation overall because they seem the most authentic to these websites over on the far right. Um and uh those websites never want to block any of them. So I mentioned tour and VPN earlier. Yes, those are proxies as well. Um you know, let's start off with tour. Let's look at the second row there. Proxy detectability. The thing with tour

and VPNs is that even at Cloudflare, we have easy rules that anybody could run that will just shut them down right away if if a website owner wants to do that. They're called to exit nodes or VPN exit nodes. And so it's like those IPs are all known to uh any provider and it's very easy to block those out of the gate, especially for something like uh like a sneaker drop uh page. Um that's that's very um sensitive to uh to to someone coming in there from elsewhere. Also, to VPN are very slow. When you're scraping data, when you're doing account takeovers, you want something very fast and can handle a lot of bandwidth. And

so uh that's where residential and mobile come into play. And they don't have data center on here. data center proxies are a thing and they are very fast and they're very reliable. They're not going to um go offline, but they they too have um known IP addresses, so therefore they don't change around as much and therefore they're much easier to detect. So there might be use cases where data center proxies are valuable, but typically residential are kind of the middle ground there with um with harder to detect. um you and and with residential mobile you get a much bigger geographic um footprint that you can pull from. So there's value there. Um but the mobile is by far the the

strongest because of their um overall reputation and never wanting to have false positives. So because of this over the last few years, in fact I guess it started in about 2017 with Bright Data. They um they actually sold the company in 2017 for $200 million. Um but uh they claim to be like a good guy, ethically sourced IP addresses. Um I talked to someone in the audience here uh opening here and talking about how hey some people buy out Chrome extensions to be able to use this bandwidth and IP space. So there are ethically sourced IPs and unethically sourced IPs. I'll get to a couple use cases there in a moment. But the point is that there are all these

proxy providers out there now that will resell this this data, this bandwidth and these IP addresses to be able to uh to pull this off and and allow the gray and black hat actors to to do stuff anonymously on on the internet. Here's smart proxy, one of the most popular ones that I've seen these days. In the bottom left there, you see that that's what the mobile proxy pricing looks like. Four $4.50 top middle residential proxies most next most expensive. Um and uh that'd be per gigabyte of course. Um and uh middle middle bottom data center proxies a heck of a lot cheaper. Um much easier to detect. But you know depending on your use case you know your your

mileage may vary. A lot of these proxy providers might have an extra style of approach. You know there's these ones that offer rotating IPs or dedicated IPs so no one's going to u muddy up your IP reputation while you're using them at the same time. So, there's a lot of different approaches and um you know, you really if you're going to use one of these tools, you not only, you know, would pay for it and have a free trial or uh or or use it for a while paid, but you're going to really want to kick the tires on it a lot to make sure that it's legit before you start really going going to town with it. So, I mentioned

that mobile is the most valuable and the most kind of bang for your buck. So, this is has has led to the rise of these these mobile proxy farms. As you see in the top left and the top right, we've got um Android phones. you know, you could run full um they all have SIM cards in them, of course, so you could resell all that data yourself. Um um call out to the web scraping club if you really want to get into this. I highly recommend his YouTube channel and his um his his website uh talking about how to build these things out or how do they approach things. Um he even interviews the people on the bot anti- um bot

vendor side as well. So he looks at it a very a very clear point of view on each side. Um, in the middle there, we've got what they call dongles. These these uh where they all have SIM cards inside them, but whole uh companies like Proxidize will sell you a whole kit you could run at home. I mean, heck, you could run this on Raspberry Pi. They even talk about how you could run on your own Android phone and get a couple of IPs for free and as long as there's a SIM card in there. But you could imagine that, you know, people are buying this stuff up and reselling this to these proxy providers and um, you know, making

money on their own, making passive income on their own. I mean, I thought about doing this once I started learning this on my own. Um, and uh, so, but the one of the that I find pretty funny is the the one on the right there, this actually is showing someone doing this inside of a a bus or or van or something and they're driving around to be able to have more um, authenticity with their IPs, having them change more often and therefore maybe selling them as a premium. And then this has led to proxy jacking. This is a colleague of mine when I was at Akami. um he had a honeypot set up and he he's from the

Yakami um threat intelligence team and he found that uh um a uh an attacker compromised a architectural firm in Libya and was able to uh get into their systems and then you know close all the back doors so no one else can get in and make sure no one else was in there from an adversarial point of view. And then he just started reselling their IP addresses, their private IPs, using their public IPs externally, you know, going out externally and um use uh reselling their bandwidth. They didn't even know about it. And he was running this stuff for years and being able to just make passive income this way. You know, I think uh this guy Allan was

talking about this is the latest uh attacker side hustle there you see on the bottom. But basically, it's just a it's kind of a frankly kind of a cool way to make some passive income and and never get caught and uh just kind of just keep doing that over and over again. And and so, you know, it's the same thing as like building out a proxy farm, but instead you're just using someone else's um uh um site to do it. Similar to what I mentioned earlier about buying out a Chrome extension and, you know, kind of maybe using that to be able to grab some bandwidth and some IP space to resell in the open market.

So, we talked about, you know, the the what proxies are, how they work, and and um the differences between residential and mobile. And then when you layer in these anti-detect browsers, I just wanted to throw this up there because I um to just give you an idea of the names of them and um not calling out that like go login and multi-log, those are kind of expensive, I think, you know, relative to the rest at least. So, they must offer something really good. I didn't have enough time to go into and use these. But that was my next step in this this uh this research is to be able to, you know, run one of these

anti-detect browsers, put my credit card down or or a pay prepaid credit card probably and attach it to some of these IP proxies and be able to uh to run some tests and see if I could get past these uh these defensive techniques I'm going to be showing you next. And I wanted to just call out a graphic here for if you if just to think about if you combine those especially the mobile proxies along with the ant autodetect browsers and if you do that at scale and turn that into a botnet there is a lot of power in that you know like you could easily run up full really strong DOS campaigns that can't be rate

limited by IP address you could do incredibly strong account takeover attacks that can't be rate limited by IP address you could do vulnerability scanning, you know, actual full attacks. You could do a lot of the grey hat stuff and make a lot of money that way. So, there's a lot of um not just power in doing this, but motivation for those those actors to be able to uh to put these pieces together. And again, you don't have to be a hardcore black hat or gray hat. You could be a screw-up kitty and kind of get away with a lot of this stuff like that guy was learning about at fans if they kind of like put the

pieces together and and got together. And so, so how do you stop it? Right? I mean, that's that's my company's job. A big part of it is is um is how to uh detect this stuff and and and therefore be able to have a a horse in the race to be able to start doing some mitigation. So, I'm going to walk through a couple of DIY techniques just to kind of lay the groundwork with with how you could kind of start thinking about it. I'm going to call out a co some tool uh approach of using tools. That's kind of the we're going to take a good better best approach here. And then I'm talk

about how to how to hire an army to fight these dragons and track them down. And that's really kind of using the pros um like like Cloudflare and and and um and uh the Cloudflare like companies. Um so from a DIY approach, let's see, we've got just calling out a couple of ideas. If people get sloppy, they let headers go. And there are a couple of headers out there like X forwarded for and and the like. I think I've read about four or five of them. They're not all the always the same, but you know, sometimes some headers will slip and say that, hey, look, um, I'm coming at you from a proxy because I'm forwarding for another

IP address. Super sloppy, but it happens. Next up, geoloccation mi mi mismatch. This is a geoloccation mismatch between what the browser says that it geoloccation is. You know, some browsers, you know, Chrome will ask you, do you mind sharing your location? They might share their IP address from a browser point of view. And if that doesn't match the IP address that the request is coming from, then uh there's a mismatch there or maybe the language that the browser uh accepts like um uh I'll show you an example in a second here about that, but um um and then web RTC leak detection. There's also a DNS leak detection where you could challenge the browser and have it come back and

and uh tell you what it thinks the IP address is. So those are all ideas. I had 10 here total, but I didn't want to put them all on the screen for sake of time and all. But um and then I think the the strongest approaches from a DIY technique is to try and use honeypotss. Although the mileage may vary there and try and use machine learning perhaps. Um that's probably the strongest approach. But um I know this is an eye chart. Don't worry about reading it. I just wanted to call out browsers.com as you could there's all kinds of pieces of your website that that uh sorry your your request to a website that that give

indicators here you know um the you know here I'm using my VPN to come out of Berlin um it passed the web RTC pass because uh check because it had the same IP address um but uh it does call out that I'm coming from a VPN so it saw that it says that I'm not coming from tour so it would know if I did that I'm showing in English from my browser. So, does it match German? So, that might be a signal. But, I just wanted to call out that there are tons of characteristics of your request that could go combined with an IP address to uh to to give out um um a signal, a strong signal that

this might be a bad actor. On the honeypot side, when I started googling it, I saw a couple research papers about how to do it, but there are a ton of proxy providers telling you how to get around it. So, mileage may vary completely there. From a machine learning point of view, sure you could try and DIY it if you have enough data, but it's really about number one high quality labeled, you know, really clearly labeled data, but you got to have a lot of data to be able to do this. And sure, you got to clean it and you know, all the regular ML stuff. This is an article in my deck and happy to

show the slides later to to show you more detail about it if you're interested in in trying to ML it yourself. But um the next better approach to do it to uh detect these things is using tools. So, there are a number of these tools out there that are much more affordable than going with the pros where they're basically staying up to speed with the latest and greatest of um of uh the different techniques that I talked about earlier. So, that might be a good way to approach it if you're if you're if you're at that level. Here I am using my VPN um where before I was not using my VPN, so I was all clean,

but you can see that my VPN score shot up to 100%. My proxy score is at 20%. Um it would be interesting to see if uh using a proxy provider and an auto detect browser if uh you know where where these these different tools would would rank you. Um and then you know really I think if your data is really valuable then it's really about contracting with the pros and so um you know this is the latest bot report. You can look it up yourself from Forester. Um you know Cloudflare I feel like we should be up higher to the right. Of course we feel like that but you know we kind of went heavy in AI. the reporter

didn't like us doing that as much for some reason, but uh but these are the leaders in that space. And um data dome does a great article from 2022 how they built out their ML model and and uh their PhD um VP of research uh has a great YouTube video from Black Hat about how they used ML to build out their models. So there's an approach there. Cloudflare last month, sorry, um last uh last uh year created um our own ML model to try and detect these. This is the what I based this this this abstract on to to be able to speak here today. And without going into the detail about how we did our model and and get into

machine learning, I just want to call out these three things on the right here. you know the way our approach is to to to aim for network integrity with the the the IP addresses that are coming towards us and using ML and some other characteristics of that coupling that with the session integrity what the the uh requesters are doing during that session and then if customer wants to do it then they're using turn style this you guys have all seen this around the internet um to to during the exact action that they're doing like checking out with a sneaker to be able to challenge them and having those three things all match up to allow them to to

get through and and and and call out for turn style. Um there's no captures, there's no puzzles. We hate captures at Cloudflare. You guys have all seen this around. If you paid for it, you could white label it yourself. But the point is you could use this and many people do all over the internet uh for uh for free uh with unlimited usage. Um you don't even have to have your website on Cloudflare CDN to do it. Uh the way it works is uh you put JavaScript in your page, there's a token that gets generated, it comes back and then when the user goes to the next page to do anything else um like checking out, then

that token would need to be validated and verified. Therefore, it can't be reused by other attackers. So, five key takeaways. Proxies are super sneaky and growing in momentum. um with mobile being the strongest. Uh most of this is not illegal, which is frustrating as heck. And it can easily be super costly to businesses and to users, but also we kind of benefit from some of the stuff as well being users that want cheap airfare. So, um it's kind of an interesting dichotomy that way. The anti-body is always going to be a game of cat and mouse, and it's always going to be an interesting one. Um it's important to take the strongest stance. If if uh if if security is most

important to you, then then you should probably consider going with the pros. Um and uh you're never going to be perfect. You're always going to have false positives. So aim for progress over perfection. And uh with that QR code of my LinkedIn page and uh easy to find me at Christocloudflare.com. Welcome any other questions. Ping me if you want the slides. And I gave away a lot of uh anonymity glasses to the people that were here early. If you didn't get them, I've got another 10 or 12 pairs. Come find me outside and I will uh give you uh some of these cool uh cyber security glasses so that you can ensure your anonymity whether you're

a gray hat or a white hat trying to hide from the gray hats. Thank you. Thank you, Crystal. And our next talk will start in 15 minutes.