Seeing Outside In: Mapping Your External Attack Surface - Arcadio Aguilar

sides if you are hope I can keep that street going um that's me I go by Aggie I'll be talking to you about mapping your external external attack surface today get my words out uh here's a high level overview um I do have two main goals for this presentation uh I want to give you tangible ways you can gain visibility into mapping your attack surface so you know what assets um are visible to attackers uh and I also want you to be able to answer that dreaded question you know if you come in to work this that morning and your boss manager VP Rolls by your desk and say hey I saw this in the news are we vulnerable to insert

your latest headline there uh but I'll set the stage we'll do some baselining I'll go through some use cases uh I will mention a lot of tools and resources I have a QR code slide at the very end so you don't need to frantically write down anything um that's going to be at the end for you all to to uh scan so about me uh I did spend some time as an intelligence analyst in the Air Force I currently working as a senior F analyst the most important thing you should know about me is I am that guy I am a crazy dog Dad this is Obie uh he's our fuest child um and we had created a

monster the views opinions and uh Expressions that I have in this presentation or mind alone do not necessarily reflect the position or policies of my employer [Music] so before I get into the silette um I want to define a tax service real quick for this presentation attack Service uh can mean anything that is publicly accessible to an attacker right that's a lot of things uh that is remote access devices like vpns that's your websites web applications uh it could also mean iot or operational technology type things social media profiles for this presentation though I'm going to focus on those remote access devices and like the websites and things like that I won't really get into iot um which goes

into SK and things like that or social media profiles so the so what so I just mentioned I was in the uh Air Force for a long time and I think anywhere you get a lot of briefings and I always find myself sitting where your eye at like so what does this change what I do first thing in the morning does it change anywhere in the middle does it change any the in like why am I listening to uh so ransomware uh thread actors last year this is a conservative number uh earned about $1 billion I've seen reports up to 1.3 so if they weren't well financed before they definitely out uh October last year I think it like

mid October I might have my dates a little wrong but 6 to came out this is really dangerous um it bypassed all your technical controls right so you had a login and then you had a twac authentification behind that bypassed it right it was able to lead a session could me that session took me session toing you just replay in a browser and that practor had that user permissions in whatever application that they were doing right so uh that was really really bad it was about 20,000 devices when it first came out um rolled into the new year uh vonti I think they're still having a really bad year I think this is the the first

part of January um they've had numerous critical vulnerabilities since then but there about 22,000 devices and we saw Mass exploitation with within days as well and these are both uh Edge devices uh so attackers are going to use these tools that I'm going to talk about today so quick show of hands who's used DNS dumpster at all cool what about sh more Shan and census okay cool uh so these are the three tools I'll talk about today there are many others these are the three that I chose for this presentation um so if you when you use these tools attackers can use these tools as well what can they see you're going to see the same thing uh so

know your attack surface the goal is to reduce that attack surface to just business critical needs uh and then detection is a must after that and then prevention if you can so this scenario this goes into setting the stage spoiler aler it's just worst case scenario right you don't have anything you're starting with nothing uh you're the Lone Wolf maybe if you're lucky you get a partner in crime to help you with doing this but um the point of this presentation is you can start with nothing and just be yourself you're going to find a lot of information quickly um but to actually run it to ground it's going to take a lot of time

and we'll talk about that so you don't have any IP addresses you don't have any domain names you know where do you start and we'll answer that question here in a second no problem um I don't think I'm unique in this but sometimes when I get really large tasks I overcome with that paralysis right like where do I start maybe there's multiple places I could start which one's the best right where do I go so I'll give you a place to start uh you're going to Baseline your tax surface at almost no cost all the tools I'm going to talk about today all have a free tier um showan that I'm going to show today I paid the onetime

$50 membership which is almost in herd of nowaday right not $50 a month like one time and that's it that's all you have to do uh so you're GNA reduce the risk for your company and you're going to show immediate value but again to get it fully completed and get a good Baseline that you can use on a reoccurring basis it's going to take some time so where do you start uh ask yourself a question does your company have a website for the purposes of the presentation I'm going to use best buy.com I could have chose any company right but we're going to use best buy.com so the tools uh like I said just took a little quick poll we're going to

talk about DNS dumpster for those that have never viewed or looked at DNS dumpster uh it just performs DNS numeration right so you're going to put in best buy.com and you're going to find all the other www.best.com uh qa. best.com all the those subdomains uh and you're going to get a lot of records and IP uh IPS associated with that you're also going to find the hosting providers that your company uses um it's going to show you some things about mail and then we're going to take that information we're going to put into Showdown uh the best way to explain showan is it's just going to show you information on Internet connected devices right and that's why I kind of

narrowed the scope to U websites web applications and remote access devices you can see iot things in there but we're not going to cover that should I also give you reports and histories about um your organization and certain assets then we're going to move to census uh again same thing as showed and they're very similar in the output and the things you can see internet connected devices um I'm in a very trust verify mindset it kind of goes back to that Intel portion I don't want just one tool to tell me something and I take it as gospel uh I want to trust that tool but I want to verify with other things right is are these other tools showing

me the same thing and you you can use it to verify and enrich those findings as well um so this is a quick visual workflow this is what worked well for me um you can use this in your own organization and then you can mold this uh work workflow to what suits best for you but we'll start with DNS dumpster uh you can enumerate those subdomains and then you're going to export those results taking that information you can throw it into showan where you're going to verify the findings from DNS dumpster again going back to that trust the verify mentality you'll probably find new pivot Points uh and you're going export to the results so what you're going to find we what I

found was that you might have this mini workflow going back between DNS dumpster and sha depending on uh what you find about your organization but at some point you're going to get a really good visibility and what your company has and then you're going to move from showan and then we can put that information into census which then again verify my findings that the other two tools have shown me um and maybe discover new pivot points that then I can go back to Dina stumpster or showan depending on what I need to find um again to verify those those results so that's a quick visual workflow so I had a challenge when I was making this slide um I was going to take

websites and I'm trying to make them static because I learned a long long time ago if you don't have to do anything live don't because the pr presentation Gods will Feast on your tears so I'm going to take a website that you can you know navigate actively and make them into static uh slides I did go from top to down or top to bottom uh so this should that should follow DNS dster and I haven't checked in in a little bit but I don't think they've changed your website excuse me I do have up here in the top right a little yellow ticker and I'm going to use that because we started with nothing we just asked ourselves do

we have a website yes and then at the end of each tool we're going to walk through and show you like hey we just found all this information and when I was putting this together it was probably about four to six hours is of work right so you're going to find almost immediate value um but we'll talk about why it takes so long to run into ground so this is the top of DNS dumpster um up here you can just throw in whatever organization you want you Best Buy down here it shows you the hosting providers and this is important right so for best buy.com um this bar right here is what's hosted on you Best

Buy IP space right what they own they also have uh Salesforce they also have acomi things like that and that's important because if you come in to work in the morning and you're sitting down having your cup of coffee and you're reading some security articles and you see Salesforce is hit with a Dos attack well if you don't know you're using cforce you might just blow past that article but now that you know that you're using it like wow maybe part of our network is having problems maybe part of it's down um and at the end of this DNS dumpster tool slide you're going to see exactly what assets you have within each hosting provider but the first step is knowing

what you're using so as you scroll down through the slide or the the website the next section you're going to go to is the DNS servers right who are you using to do name resolution for your um company same thing with knowing who your hosting providers are know who's doing the name resolution for your company because if those companies have a problem um people can't visit your sites and it has like a Domino cascading effect and then out the bottom uh that next records this is where your mail goes to uh looks like Best Buy uses proof point so again same thing right you see an article that proof point is being acquired merged dos reach um if

you didn't know you're using proof point for anything might just blow by but now that you know that you were using it for mail um you can go and say oh help desk is anyone reported problems with a receiving or sending mail um think like that next section are text records text records are um metadata that can be added to DNS records that don't affect name resolution right it's just kind of like amplifying data and one of the things that calls out here in D dumpster is you can look at the center policy framework for additional information high level because Center policy framework isn't part of this presentation it's just a way for companies to combat spam and I I

highlighted down here um two class C's right so we started with nothing we ask ourselves do we have a company website yes and within maybe a minute or two we have two Class C subnets that we already know that um belong to us or we use in some form or fashion so we can write those things down as well okay I'm going to go to my homor Simpson arrows first and then I'll go back up so if you I encourage you as you go through any tool um to really review understand and investigate what the output of the tool is telling you but for whatever reason you don't don't have time like I'm late to a meeting I'm just

going to you know run this real quick if you do nothing else on un dumpster you're going to click those two buttons that all my my erors are going to U you're going to download a CSV file of all this information so you can review it later and Excel is an analyst Best Tool uh and then you're going to see a graph and that graph is really cool for a couple reasons we talking about so you're going to click those two buttons but now let's go up to the top so after the text records you're going to find um all your host records your ha records of your company right this is what we was talking about where you're

going to enumerate your organization so you're going to take best buy.com and up here we have qa4 and then fur that it's fabric D internal right uh so QA I don't know anything about Best Buy but I'm just going to assume QA stands for quality assurance I need to be sure about that I'll go investigate um but then I was like well Fab that's a weird name so I did a little research that ends up being a python library for unit test right so you can find out a lot about an organization uh and decipher the business just on their naming uh conventions um I'm guessing that if I scroll up I might see a qa3 and if we

got more than 100 records I'll talk about the cap in a second there might be a QA file right and it has the IP address through each one right so you're going to find out a lot of information about your organization maybe you're new and you don't know how the business is set up this is a great way to kind of decipher that business how do they how do they name things um and and things like that so because it's a free tool and this is screen in the T set a lot of free tools nowadays they ask you to sign up right you have to give them your information and things like that and then you get

spammed um this is free in the truest sense where you just go to the website and you start putting in domain and boom you get information right but like say free tool there's going to be some limitations this limitation you're going to get a cap of 100 day record and it even tells you you want to get the full report of 73 so one of the things that I saw this I would immediately do is go back to my boss and say hey boss I know you're you're sticking me on this project uh I don't have any resource I don't have any budget I'm telling you right now I'm using these free tools I'm getting 17th of our attack service kind

of right so um I think one thing that I wish someone would have told me a long time ago is insecurity whether you're just starting out or whether you're a veteran is we need to do better about building our business cases right A lot of times we just get sick on a project um and we run into these hurdles and in our nature we just figure out where we overcome them U but we could use resources right uh more people more money um things like this you can stick in your back pocket and say Hey you know we with the resources that we were given which is nothing um this is what we're needing uh all right so the network don't worry

I have a zoomed in for you of this right but um Tech taking the very first slide uh where you had the the hosting providers that's what are up here on these little I know you guys can't see them right this is Salesforce this is Best Buy that's what I was talking about you'll be able to find which assets are under which hosting provider so going back to that scenario where you saw an article that says you know Salesforce is getting doxed you know these assets might be affected right and I think these are a lot of MTA so probably M transmitter agents um so again you might want to Ring the Alarm bells on your messaging team or whoever

handles email see if everything's working appropriately um but I'll zoom into the next one right so I picked this section specifically because there was one little orange rectangle I was like well what is this DNS dumpster can help you identify technologies that your company is using to that you don't maybe know that you're using so in this particular one uh DS dumpster is saying that hey you have a SharePoint site something hanging off of this asset called VPN mn2 um these are some of the questions that you need to start writing down so you can answer hey uh X system owner or X team um this is the asset in question is VPN uh you can verify it too maybe

you know the IP address of that SharePoint site you can browse to it do you know that there's SharePoint hanging off of this is it supposed to be exposed things like that right because our goal again is to reduce that attack surface uh detect is a must prevent is the goal so let's update our ticket real quick so excuse me we just used DNS dumpster right off the bat we got 100 a records because we get we hit the cap there's another tool I'll mention right now it's it's in that QR code resources at the end uh called SubFinder through project Discovery it's command line which is why I didn't choose to do it here I've sat where you guys are at and

I've seen command line tools unless you're like really invested in command line tools you go crossy does it's not really interesting um but they don't have that 100 cap limitation so you can use other tools we got eight name servers that are used by our company uh seven hosting providers I don't know why I'm looking up there I have it right here uh two mail servers uh we got one cool external network map another thing you can do with that external network map is if you work in a a place that has one of those really big printers you could print it out and like stick it on your wall and then when your boss comes by he like hey

how's this going you're like pointing to this you know you're like oh my god boss look at this we're doing you like little pins and stuff in there um not going to say I've done that but uh and and then it's really easy to to download that spreadsheet right so you have that offline because that's really what is going to help you do this analysis right looking at a website yeah it's cool maybe you want to do it just to check to see if certain things are still on there if you de uh decommission an asset and it's not supposed to be there anymore you can use these free tools as a verification step right this

isn't supposed to be there DNS still shows it's there I don't know what kind of uh Cadence that DNS dumpster goes and refreshes things but um it could be used as a verification so moving on to showan I think more people use showan here um again this has worked well for me you can adjust it to work well for your your needs cast a wide net um excuse me showan has specific tags you can use to show very specific things if you're just starting out uh I would advise not to um cast a wiet in this case I just used uh Best Buy I didn't even use the or tag or anything like that um and then just a word workflow is

investigate validate and enumerate and you're going to kind of go through that cycle so this is what showan looks like if no one's seen it before so I just plugged in Best Buy you see there's 135 assets um best spot our showan does have VI report download results and historical Trends uh toward the end of this section you'll get to see what those look like but the reason I say Casta wet is you might see something that you're just not familiar with and in this case I ran across something I'm familiar with aami but this aami ghost or ghost I was like that's new I'm going to click on that and see what it is right this is a

chance to to cypher your business again I said before well that was a gold mine actually uh because it gave me 14 new domains that Best Buy owns that I didn't have before right so we started with Best Buy so I scratched that one out I don't really care about AC my Technologies because that's a different company but all these other ones I was like ah it makes sense I go to best squad.com that makes sense that they would own that um DT Deals they do own it spoil it over but at first I was like I don't know if this one really goes with it but then you can see like Best Buy debr that's by external Gateway

things like that so that's where if you remember that visual workflow you might find yourself going from one root domain you go to showan you might find 14 other domains you go back to DNS dump you throw all these back into DNS dumpster now you're going to get however many subdomains are underneath that so you'll find yourself probably at least I did going back between those two tools and then you're going to get a much wider U attack surface for your company so this is the report tab that I mentioned uh a minute ago um it'll show you all the open ports web Technologies products that you use I suggest you take these down too

however want to take them down uh San does have a download we'll talk about that in a minute um same thing with the hosting providers right as you see the products like uh it's probably hard to read but that's Cisco ASN VPN um anyone familiar ever heard of Arcane door it just happened a couple months ago okay one okay so there was an attack against Cisco VPN appliances right the campaign was called Arcane door so you want to make sure you know these products because if you don't know you using Cisco VPN you see a security article that mentions hey these things are getting popped you'll you'll blow right past it right so you'll need

to make sure you know the products that you're using also the web technology web technology is a big one too down here um I'll pick that chase rum because it has the word rum in it but if you see another article that has a vulnerability in that um web technology you're going to want to know that you're using it so an add a benefit of using showan it'll it'll tell you and give you a historical graph graph of your attack surface and you want that trend line to go down right remember from one of the goals you want to reduce your tax surface to business critical needs um so reduction that first point and then once

you've met that goal um you want to detect everything that's a must and then prevent if you can so updating our ticker we found 14 new domains that we're going to run back through DNS dumpster I just did two I'm not going to go through all 14 and you know have everyone sleep in this audience um 12 web technology so I went ahead and did the the more hit the more button on each one of those sections oh I didn't want to blow pass that yet so that's what we got from from uh showan so talking about the download it's not as easy to download your or export your results uh from showan as it is from DNS

dumpster on the web guey by default you're going to get a Json press Json on format maybe your tools use that uh I know I like everything in just like Excel CSV kind of format um so in this case there is a commandline version to Showdown you'll have to get you know a Linux box I don't think it runs on Windows um download that package pretty straightforward uh it's pretty straightforward to use you're going to use that showan converter command and then I actually have in yellow the actual command you would use um just substituting out whatever file that you downloaded right um and then you can goer it to CS so not a straightfor not as simple but you can

still do it so sensus so uh kind of fast forward we took all those 14 domains we've kind of gone back through we've gotten a much wider visibility into our tax service um what I like using sensus for is that trust of verify kind mentality we have all this information let me go back to census are you going to tell me the same thing and sometimes you'll get new pivot Points right that's going to lead new investigations which kind of goes back into it's going to take a long time for you to run this to ground completely um so I have some Homer Simpson things that I've pointed out it'll tell you it'll call out specifically login pages so I

thought that was really interesting when I ever see longin Pages pages I want to see you know the questions in my head are does it have MFA enabled do we have detection of someone's trying to Brute Force type of things um it'll show you vendors software vendors again so you can compare that to the list that you've seen from showan um asns as you go through and and enumerate your company's tax surface you're going to see asns think of it like neighborhoods for the internet right you're going to see very common asns and so that's why I threw up here I just use this autonomous system number this 15 or 11596 um you're going to see common ones

and if you see some something that isn't that common one then then you can go and uh and investigate that see what we're using that that neighborhood for um but it also tag devices as well um like here it is another VPN so we can enrich and validate findings um the DT deals domain that we saw on DNS DNS dumpster I took that one and I wanted to find out if that's why I really own that um they do so what you can do is from census here's all the DNS records for that DT deals.com um it gives you the software technology as well and I verified it with with DNS dumpster um yes the same asset uses cold

fusion kind of like that I was really interested in those login Pages um so I clicked on one this is it'll take you to the login page um so again if you're in the security area the questions you should be asking are um do we have detection if someone's trying to root Force this login page can we detect it right can we whack that IP or take some action um if you if you put in a username and password am I prompted for multiactor authentication I don't know I don't know what dtms is but I would research that is it a third party vendor are there known vulnerabilities out there in the cve world and it is it's a that's bu for DT

deals it's like deal tree I think is what it breaks out to be it's a secondary market so they you know they do own it they they branded it right now so we'll recap really quick so far so let me just go through piece okay so we started with nothing uh I'm not going to go and read every single one but we got a lot of information like I said it probably took me four to six hours to to do this because I was actually looking at certain things like the acami uh ghost I didn't know what that was I want to investigate it I encourage you to do the same if you're doing this for your

company something you're not familiar with the technology uh go research it learn it that's why I like technology and security because you never know enough and we have four spreadsheets so I I kind of skipped this um I did take Geek Squad and DT deals and I ran those two root domains through DNS dumpster and between those two it gave me another 67 subdomains so if you kind of take that average and say okay well there's 12 more root domains you can kind of see how much the sprawls really quick and that's why I said it's going to take you a long time to to run this to ground um but then you're going to have four spreadsheets right you're

going to have three from DNS dumpster and then one from showan uh and hopefully you'll combine them all into one and you can start you know doing all the things that Excel allows you to do analysis and data um comparison filtering uh and then we have one really cool Network map that we printed out so one one more time this is a workflow that worked well for me uh you have initial thing you're going to investigate it you're going to validate that thing that thing will probably give you new things and you're going to enumerate that and then you're going to Pivot off those new things so that's what you find yourself um doing a lot

and that's this is what's going to take a lot of time if you are a lone wol doing this or if you have a partner in crime this probably isn't going to be your like full-time job you probably have other duties if you're in the sock you're probably going to be working notables and tickets and things like that um so it's going to take a real long time however much time you can carve out to to finish this all right so let's say it took you a couple weeks maybe a couple months you have this really great Baseline well now what um you need to communicate up those findings to management right they need to know that hey there's things on here

that need to be either decomm properly or these remote access devices again in the last year have really been hit hard right uh foret Avanti Cisco uh checkpoint I think is one of them depending on your org uh you might work in the sock or like a threat hunt team so you might just uh communicate those to other team members but if you're in a like a a threat Intel cell or something that you need need to communicate these findings to other security teams so horizontally as well as vertically so if if anyone caught uh Kaden's talk it was a couple couple talks ago um soft skills are needed here in security right you have to talk to

people as much as I just want to sit behind my computer and press buttons um in security you are I want to say rarely ever the system owners of the things you're trying to protect other people are going to be the ones that are actually going to be do the patches and Remediation things like that that so I can't tell you 100% what will work when talking with these uh other uh offices I can tell you what won't work and what won't work is if you approach this as you're not doing your job you're incompetent you need to do this blah blah blah you're not going to get anywhere with that right approach it as

a conversation uh approach it as a discovery um process on your part hey so and so messaging team let's pick on the the mail exchanges right I see that we have this could you give me some more information about this how does this work you know build that Rapport um those soft skills are really really important because once you develop those when stuff hits the fan and there's an emergency vulnerability that comes out like you see a news report or something that says hey these Cisco devices or Citrix devices you know pick your flavor of the mon um if you're able to you know call or you know message you know that that person if you have that report

already built um you're going to have their ear a lot quicker and that's you want to have those conversations before breach rather than after because after the bre sucks so you might find that you you care about 80 things or 100 things right if you only care about those 80 things don't worry don't waste your time with anything else right so what works really good is you take those products um those software vendors those web Technologies things like that put it into an RSS reader make those fields and and filter them I only want you to tell me if something happens with the things I care about if I have time I'll read about other things there's really good RSS

readers out there feedle is a good IO reader blog Trotter uh you can get those real time alerts I use Google Google Alerts uh you will have to tune those uh you'll get blasted in your eternity if you don't have the right ANS and ores um so caution but those work really well as as well so now we can answer the great question right you just come in you got your cup of coffee and your VP comes by your desk and says hey I saw X in the news well not X that was a bad thing not Twitter why I saw I saw why in the news are we vulnerable to it right check your

Baseline right you can really quickly get an answer to those better yet if you come in just slightly earlier than your VP and you see why in the news you can already tell them that hey we are not affected by this right that's what they really want um they don't want to go to you just ask them if you can already tell them you're going to get a lot of R Points all right use cases um so no surprise here check your Baseline that's your first go-to your Baseline is probably going to tell you if you have the or it is going to tell you not probably it is going to tell you that you have X Y device um that's the

cve for citri bleed um but amplifying your Baseline with other collection sources uh is really big and we'll go through here so citric bleed uh mid October last year uh so I go to Mastadon a lot I stay away from actual X as much as I can um he did some really good coverage and in the QR code and the resources I have all the the security researchers that I follow um and like any good social media platform once you plug in four or five it's going to give you some other suggestions based on those right so you can go from there but uh this is October 25th I think it happened mid October around the 12th

13th somewhere around there um Kevin actually gives you like a get request which is a goal mine right yes we we have it um you immediately can take this get request and give it over to your threat hunting team if you have that like hey is someone knocking on our door with this here's here's an indication of compromise uh a few days later um I will give my shout out can I use Kevin a lot so he has a uh I think it's on medium a Blog he writes double doublepulsar but the reason I have this in here is he points out that there's a public exploit for this that uses a python user agent so like the last slide

you can head over to GitHub find that public repo grab that python user agent whatever that is give that to your start hunting team hey if you see this block it right this means if someone's trying to get in uh this is the last one this use case so might be a little hard to see he took it from his phone he's using show again um I ICBC if anyone remembers the the bank in China that got hit you know basically due to citric bleed what he's showing here is uh yes this is um the ICBC Bank down here he's showing like this is the date that I'm taking the screenshot and down here is the last

modified the last modified is I'm going to say a good indicator if something comes out today and the last modified was 3 months ago you're probably aren't patched I'm not going to say it's 100% it's not definite but it's a good indicator that's what he's showing here is this is you know the end or this is actually the beginning of November November 9th for the if you can't see it um the last modified was 19 August so it's a good indicator that hey this wasn't patched they probably got popped with C all right so to kind of tie that back into the rest of my presentation Is We I went back to showan and I put in uh the

Best Buy org and I just put in title Citrix you know does uh does Best Buy uses and they do um you can get the uh IP and you can get the host name and the same things that you know Kevin showed in his master coach you can get the the date you can see when I put the slide s together around 10 February and it was last modified 25 Jan right so you can use this to not only answer the question for your bosses but you can uh go talk to the system owners and go hey I have a last last modified device or last modified to date you know two months ago it looks like it's not patched you're

the system owner I'm going to trust your word more than mine but it looks like we need to patch these you know whatever devices Second Use case avantti pulse connect those are the cves uh same kind of walk for you check your Baseline uh amplify with other collection sources I'm going to use Kevin bont again because he he really followed this as well sometimes these security researchers just hand you stuff on a golden platter so in this in this case he said hey here's a show search here's the HTML tag here's the the syntax you you should search for and then combine it with SSL your or and or you know colon your or and so sometimes you don't

even have to figure out the syntax you know these these researchers are really good and I'll give it to you uh later that same day he gave another uh showand search uh you can search for product pulse secure and then your or or your SSL to find your devices so that's what I did I was like all right I'm want to see if Best Buy has Avant products right so U negative on this first HTML and then again for the the product right so you can not only answer if you have this product but then you can follow on answer hey it looks like we may need to patch like do I need to sound the alarms do I need to talk to

the system owners on this so that's the end of my presentation I have uh if you have comments feedback gripes complaints you can reach me at that email address um and then here's a QR code I promise so but I'll take questions now if anyone has any yes sir in the Air Force were you enlisted commissioned or GS I was enlisted I was going to make a follow on comment but I refrained I appreciate that yeah yeah CU one of my officers is in the room so I work through this there's another question here yes sir so it feels like you can automate Tax [Music] Service yes you should work that right but actually verying manual you don't

want to do that you want to do it initially but then after that you want go CLI for automation API and I would use

also hasil to put