Get-Help: An intro to PowerShell and how to use it for evil

all right uh hey everybody this is get help an intro to powershell and how to use it for evil my name is jared hayt i'm a security engineer with the charlotte team with uh gotham digital science uh before that i was a sys admin for a long time uh primarily focused on windows but being a sysadmin that kind of covers anything with blinky lights on it so it definitely got my hands on all sorts of stuff for fun i develop web apps and just stuff like that never been a professional developer but it's fun to screw around with and if you do the twitter thing i'm at jared hate and i retweet interesting people so what i wanted to do with this uh

with this presentation is kind of uh give an overview of how easy it is to get into powershell i've been an advocate for powershell pretty much since it came out i think it's definitely one of the coolest things that microsoft has going on right now uh both from a sys admin perspective and from a offensive uh perspective this presentation isn't going to be terribly in depth uh i don't expect anybody to leave here and like become a powershell master more just want to get the point across of how approachable and easy to use the languages i also want to showcase some of the really cool stuff going on uh as far as offensive security goes

there's a lot of really cool frameworks and stuff out there as i kind of hinted at before uh we're going to be talking about developer stuff scripting and variables and stuff like that and i'm not a developer i have no idea what i'm talking about so you picked the right presentation i'm entirely self-taught so i get terms mixed up i may not be entirely accurate in how i'm describing stuff works for an intro level course it's going to be fine though everything i've what i have taught myself has at least worked for me so vocabulary may be off you may get into powershell in a couple years down the road be like oh that jared kid

had no idea what he was talking about that's fine i just need you to pretend i know what i'm talking about right now so the reason i think powershell is important especially for a information security standpoint uh for red tamers powershell is this incredibly powerful object-oriented language that's part of windows from windows 7 on up so it gives you access to the entire.net framework it gives you access to wmi and it's incredibly easy to use the other great thing about it is the blue teams the incident response teams aren't looking out for powershell and it's actually really hard to log and monitor a powershell up into it wasn't until windows 10 that logging of powershell

events really became a thing for blue teams it's important because it is what actual bad guys are using for their nefarious deeds there have been a couple instances recently where apts have used powershell to execute code on their uh bots deeppanda was a group that was attacking national think tanks or national security think tanks and what they were doing they were using scheduled tasks that would execute powershell to download and run remote access tools and stuff like that more interestingly uh apt-29 what they were doing they had a c2 network a command and control network that was all through twitter dms so their bots would check into these accounts get the dms and execute the powershell that was

being sent via direct messages over twitter with getting started in powershell uh i'm assuming a lot of people here have scripting knowledge this is gonna be just old hat for you but i do want to kind of get us all on the same page uh for the purposes of this talk uh when we talk about strings we're talking about characters that ultimately you're going to be printing out to screen strings are just chunks of text they can be letters or numbers but it's when you think string think i'm going to be printing this out to screen integers are just like you learned in math or numbers in the context of this talk it's numbers you're going to be doing math with

you can have numbers that are strings you can convert those to integers and that's all well and good it's outside the scope of really what i want to cover here today for our purposes integers mean math strings mean printing to screen uh you also have booleans when we start talking about logic boolean just means this is true or false it's kind of a unique value in a scripting language that you use for logic and variable is just a way to reference uh data throughout your script or program um an example of that is if you have a script that is going to print a message to screen and it's going to generate the content of that message

based off what happens within the script you can assign whatever you want printed to screen in a variable throughout the script and then at the end of your script just have a single line that prints whatever the contents of that variable is so objects are kind of an abstract concept and it's not something i really felt comfortable with until i played around with them for a while the way i look at an object is it's a type of something and being a type of something it inherits properties and methods that are relevant to its type so a good example of that is taking the taking a string right a string is an object in powershell and it has properties for

length where you can we have a variable here variable strain we call the length property it tells us hey there's four characters in this string it also has a method called to upper which will capitalize all the letters in that string as you get into more advanced things in powershell really everything's an object so one thing you deal with a lot at least on the sysadmin side is 80 user objects an ad user object is going to have properties for first name last name username stuff like that it's going to have methods to change the user's password or maybe add them to a group objects are really part of what makes powershell so great because it lets you interact with things

real easily arrays are just a list of objects it can be anything it could be strings numbers it could be any combination of objects but basically it's just objects separated by commas in this case we have a variable list we're assigning an array of the words one two and three to it one of the cool things about arrays is you can reference any object in that array using its index and we're doing that here for the last two lines by calling a bracket zero bracket that's going to give us the first item in the array in this case bracket two bracket gives us the last item so your index starts at zero uh continuing the powershell intro here

uh everything we've talked about so far is real general scripting uh stuff uh with powershell one of the really cool things about it is it has what it calls commandlets and they're just essentially tiny little programs you use to interact with stuff it's going to be the majority of the stuff you do in powershell you're going to be running commandlets uh what's neat about it they've established this uh methodology or this uh yeah methodology where uh all your commandlets are going to be in a verb noun format so that makes powershell a very verbose language but it also makes it very readable and very easy to figure out what you're doing or what you're trying to do

it makes it intuitive as well so one of the examples i have up on screen here is a set clipboard so you can call set clipboard you give it a string it's going to send that string to your clipboard if you want to get the contents of clipboard it's probably git dash clipboard and that's going to return whatever is in uh stored in flipboard once you get the variables down once you learn the objects or whatever you're interacting with powershell becomes a pretty intuitive language to work around with it's a great beginner's language some of the cool things about powershell being a modern language is everything's tab completable so that includes commandlets that includes the parameters of the

commandlets and in some cases actually includes the parameter values that that commandlet takes if they're predefined the other cool thing is uh powershell includes a ise by default which is just a ide for working with powershell it inherits some of the visual studio coolness so that includes like intellisense if you're familiar with that it's a very powerful autocomplete functionality and it also has a sidebar that will list every commandlet that's on the computer that you're working on and you can drill in through that sidebar and it will tell you all the parameters that that commandlet takes so really easy to explore around get a feel for what you're trying to do you can also see uh in the main window

on the left here so what i've done here is i've gotten a directory object by just basically doing a drawer c and intellisense is telling me every uh gives me a list of every property and method that's associated with that directory object just by working with the variable so pretty cool stuff um i can't talk for powershell straight for an hour so here's a bunny

yes yeah there will be regular bunnies and some puppies towards the end uh so great we know the basics of working with powershell we know the basics of what we're actually working with are strings objects stuff like that making it do stuff the most basic thing you're going to do is a for loop in powershell really straightforward it uses four each so in the example here we have an array of the words one two and three we're assigning that to the variable list and then we're calling it for each item in list and we're gonna run a chunk of code in this case it's just print out uh an asterisk and whatever the item is

so you can see on the in the output on the right-hand side there real straightforward asterisk 1 asterisk 2 etc more practical example of this is uh taking what was shown in the ise earlier uh we're gonna get we're going to get an array of all of the file system objects on the root of c and we do that with get child item and actually if you run uh dur or ls in powershell those are both aliases for get child item what's cool about get child item as i mentioned is it actually instead of just giving you a list of you know like a plain text list of what's on the drive it actually returns an array of objects

so we're going to take that array of objects we assign it to the variable dirs and we iterate through and we say okay for each girl in the dirs array we're going to write out the full name which is just the path we write out a separator the directory object has a method called get access control which returns an access control list we run that we assign it to the variable acl and then we take that acl object and it has a property of access to string which gets us our ntfs permissions as a string we print that out we print out a blank line and we go back through our for loop the output for this looks like this you

get your path for the directory a separator and the ntfs permissions so for loops are great but they're done and we can do smarter things with programming that's why we have programming uh when we talk about logic and scripting or programming it really amounts to if something is true do x the way we figure out if something is true as we compare it to whatever we want to compare it to with powershell you compare things with dash and then two-letter acronyms it's a little bit different than maybe python or ruby we're used to bang equals and stuff like that uh this i've used the two letter acronyms in batch scripting before i don't know if it has further history than that

there's a lot of linux references through powershell it's kind of cool they actually have aliases now for wget and curl built into powershell that just call a gitweb request which is kind of cool so the most basic form of uh a logic uh statement is just an if-else statement so in the example here we're taking a list of numbers an array of numbers uh the integers one through ten and we're iterating through with a for loop uh we're getting each number out of that array we're checking to see if the number equals four if it does we write that out so this number is four else we write out that it's not four uh on the output on the right hand side you

can see kind of what that looks like when it runs the last thing about logic that i want to cover is a while loop and really a while loop just says you know you're comparing something as long as that evaluates to true it's going to keep running whatever that block of code is and it's going to run that block of code over and over again each time comparing what's in the while loop to make sure that it's still true so in our example here we're taking the variable i we're assigning that then integer of one and then we're checking to see that while i is less than or equal to the number four we're going to run this block code real

straightforward it prints out the whatever the contents of i is and then increments i up by one so our output on the right hand side there is just the numbers one two three and four so knowing what we work with in powershell or objects or strings or variables knowing how to logic stuff out you can literally do anything in powershell now the first six to eight months that i was scripting in powershell everything i wrote was just a really glorified very long if else statement basically it wasn't efficient it wasn't pretty uh anybody who had any experience with scripting would have like throttled me but the scripts got their jobs done and that's really kind of all that

matters when you're starting out uh to figure out how to use powershell and how to use what's available to you there are three things that i typically find myself using the first commandlet is git command and that just lets you search all the commandlets and all the programs in your path for a string so in the example here we're searching for anything that ends with the word clipboard so that's going to get us get clipboard set clipboard etc the help system in powershell you access it through get help or there's an alias for man again a linux throwback the help system is surprisingly well written it's obviously written by people that have used these commandlets

practically and one of the cool things about git help is the examples uh parameter that you can throw in so in the case here we're doing a git help write host dash examples and it's going to print out i think when i ran it it was four or five examples of how to print stuff to screen so just really a lot of great examples one that i use all the time is get date i can never remember how i the formatting works for get date there's i think 11 examples in the help command and usually one of those is exactly the formatting that i'm looking for the last thing that's really helpful is git member

what git member does is you can send an object to get member and it will give you a list of all the properties and methods that that object has you do that by just taking the object and piping it to get member so the output for that looks something like this we're taking our directory object from before piping that to get member and it returns a long list of methods and properties that are associated with that object i love this one bunnies are jerks i own a bonnie he is a jerk all right so let's start putting all this together and actually do something practical uh what i want to do is we're going to

take the script from before where we've got the ntfs permissions and we're going to make it a bit more intelligent a bit more useful we start out basically the same uh we go we call get child item get an array of file system objects return that to the variable dirs and then we go into a for each loop where we start to change things though is the first thing we're going to do is we're going to declare an i variable because i like the letter i we're going to call that 0. now before what we did when we got our acl is we called access to string and that just returned a chunk of text that was the ntfs

permissions and we could chop that up and we can get what we're looking for probably should have mentioned what i want to do here is i want to find permissions that apply to the everyone group and we can do that with access to string we can there's definitely string manipulation in powershell we can do things easier and more efficiently the way we're going to do this is the acl object also has an access property that access property is an array of access control entry objects so what we're going to do is we're going to take that i variable and we're going to call through the index of that access property list and start working with the

access control entries by themselves so we do that with our while loop we check hey as long as you know i'm going to call access bracket 0 bracket as long as we start incrementing through that and it doesn't return a null or you know just nothing this while loop is going to be true and it's going to run its code into the while loop we know we have an access control entry we assign that to the variable a c e and what i did putting this together was use to get member to figure out kind of what i was looking for and how i can work with this ace object so i found out you know i need to

find out who these permissions apply to and i want to find out what those permissions are the identity reference parameter is the parameter in that ace that tells us who this ace applies to so we're able to do an if statement if that identity reference parameter contains the word everyone we want to do something with it we go back we write out the full path our separator and then we write out just simply the uh the identity reference who this ace applies to and we write out the file system rights which using get member and playing around a bit we figured out that's how we find out what the permissions are in that ace we increment up by one

and we go back into our while loop and keep iterating through that array of ace the full code looks like this 19 lines and to go through real quickly again you know we get our directories we iterate through we get the acl from that directory and then we start going through its access control entries in that while loop we keep iterating through the access control entries once we're out of access control entries we're back into our for loop and we move on to the next directory and continue the process uh so again this time the output we're just looking for anything that contains everyone and on running this on my laptop uh we got back users which is expected

and uh sandbox which apparently sandboxy wants everyone to have full access to that folder which confuses me and has since been fixed all right so some of the unique things about powershell that make it pretty cool there's the concept of ps drives and what a ps drive is is it's kind of like a virtual file system so in the example here we're actually working through the registry as if it was a file system we just changed directory into hqcu so hq current users and then from there we can switch between keys and we can also start creating objects one of the cool commandlets that comes into play is a test path which you feed it a

path uh either with any ps drive supported thing so it could be a file system unc registry it will check to see if that path exists and return true or false so in this example we check to see if we have a key for a b side chs we don't so we go ahead and create it with new item and then we create a value in that registry key of a demo with the value of text goes here because i ran out of original things to do there one of the nice things about powershell being a modern language is it's network aware so unc paths work natively and a lot of the commandlets especially those provided by microsoft

will work on remote computers so in the example of the stop service commandlet what we're doing here is we're stopping the spooler service on a remote pc that will come into play when we talk about frameworks the other cool thing is it integrates with windows rm which is windows remote management service that lets us do two pretty cool things one is we can do a we can run the enter ps session command which is kind of like ssh but powershell until powershell actually gets proper ssh which is common uh by using the enter ps session command you actually drop into a powershell prompt on a remote pc you can also do invoke command and invoke expression

which are both ways to execute just raw powershell code on a remote pc so when i put this together i didn't realize until after i'd kind of looked at the slides a couple times that well thank you sir uh that puppy break is a terrible terrible pun for this gift

all right so now the fun stuff there is an incredible amount of talent in the offensive security like powershell community uh there really is frameworks and modules for any stage of a pen test or engagement that you want to do recon data exfiltration backdoors there's been an incredible amount of work done and what's cool is there a lot of the standout members and the people kind of driving all this they have a very mature methodology to how they approach pen testing and this has led to a big focus on in-memory attacks with powershell a lot of the powershell code we work with offensively doesn't touch disk it runs entirely in memory so it is a lot less likely to trip av

it's a lot harder to track down and makes our jobs pretty great using a framework in uh powershell is really easy uh basically they're modules uh so what you do is you clone down the repo that you're trying to use and you run the import module command a lot of times you can point import module adjust the folder of the repo sometimes you have to point it at a ps1 file or a psm one file that's kind of just trial and error to figure out what works for whatever framework you're working with so the first framework i want to talk about is a framework by a manifest station called powersploit and it has a lot of

modules a lot of great stuff to use in it uh two of the things that are relatively unique to it are its ability to modify scripts so you can take a powershell script that you've written and pipe it through his framework and it will either encode or encrypt the script and kind of hide it from plain sight i specifically am not going to use the word obscu fate i think that's how you pronounce it but yeah it's uh pretty handy the other cool thing about it is that it has a mayhem module and that's a real rare thing to have to see in a framework is just a module for hey let's up um and i really really appreciate that

he has that so some of the things i definitely would highlight in power split are there he has a invoke ninja copy command lit and what invoke ninja copy does is it gets around file system locks and acls the way it does this is actually reads the raw volume data from the hard drive and then recreates the ntfs structures to make those files we're going to be using that in a demo later to good effect the other great thing that has is invoked in the cats if you're not familiar with mimikatz it's a tool that will dump credentials from memory on a windows box so it looks out for lsas and a couple other processes and we'll get just in

up into windows 8 or 8.1 it gets plain text credentials just from memory and there's ways you can make it work in 8.1 as well the cool thing about invoke mimikatz is it runs in memory itself so from your computer that you're working off of you just point it at a remote computer and it will bring back you know passwords and credentials from that remote computer uh the mayhem module like i mentioned is really great uh one of the cool things about is has the uh setmaster boot record commandlet which just lets you overwrite the mbr with whatever string you want to put uh power tools which is now part of the empire framework it's not part of bail

anymore uh power tools is started by uh six dub and harm joy and has a lot of great stuff uh they're really focused on massive engagements so there's a lot of code that is focused on multi-threaded attacks there's also a lot of network awareness code so power view is their module for network awareness what's cool about power view is it has several commandlets that let you do user hunting what that means is you'll run user hunter and it will find who the domain admin accounts are on the network and then find where they are logged in on the network so you can start attacking their pcs directly the other cool thing is the pew pew pew

module which besides being a great name for a module it focuses on multi-threaded attacks or command execution it includes a module for invoke mass minicats which takes the invoked mimikats from powersploit and runs it against everything on the network and just starts grabbing credentials from whatever it can possibly reach out to technically it's really interesting because the way it does this is they end up use the multi-threading which is kind of native in powershell but they spin up a http server in powershell and that's how they're actually receiving all the requests back which is a really cool approach the last project i want to talk about is uh nishang which is a nishang is a huge project the dude just

obviously enjoys creating random awesomeness uh and it's actively developed there's a lot of stuff going on with it the two things i want to focus on here is uh the client module which allows you to easily inject powershell into word docs or chm files stuff like that uh what's cool about that basically will create a macro at least in office docs that will go out and either execute the powershell you give it or download a ps1 file from the internet and execute that it also has some really unique approaches to backdoors the first backdrop i want to talk about is the dns text uh pwnage backdoor what that does is you point it to a

domain and it will query that domain for text records and treat those text records as executable power shell the other great thing is gupt back door what gupped back door does is it looks for wireless networks that are available to the pc it doesn't connect to them but it checks the sid and if the first four characters of that sid match a magic string that you define like a password uh it then checks the fifth character of the sid if the fifth character of the sid is a c it treats the rest of that sid as powershell and just executes it if the fifth character of that sid is a u it treats the rest of that sid as a

google short url and goes out and downloads the ps1 file or whatever it's pointed to and executes that as powershell that is totally off the wall and i love the devious bastard that came up with that so uh i want to do a quick demo here that hopefully will work without issue all right so in this example uh we've compromised a help desk user account oh that's good and like a lot of corporate environments the help desk has admin rights on laptops and desktops and stuff like that but they don't have access to the servers and what i want to do is i want to get the active directory database and get that off the network so i can crack it

and do my thing so the first thing i want to do is find myself an admin uh so what we're going to do here is import power tools power view module that's not what i want i'm really nervous i'm going to spill my

beer okay and we're going to run invoke user hunter all right so that found our domain admin his username is mr admin he's logged into demo client 2. so we want to run mimikatz against them this environment uses windows 7 so we're in luck there to use memocats that's in the powersport repos

so windows defender windows 10 uh windows defender on windows 10 does detect uh invoke mimikatz as a malicious file there are ways to get around that uh we've talked about that when it's not being recorded but it's fine for our purposes uh invoke commitment cats and we're gonna point that to demo client two

sweet all right so we have passwords all right so username is mr admin password is god complex and what we're going to do is start a new powershell window as the admin

is uh mr admin

all right so we have domain admin rights we need to get our active directory database so first thing we need to do is figure out what our dc's are there are any number of ways to do this because this is a powershell talk we are going to use powershell uh part of power view under power tools is a lot of ad enumeration sort of stuff and one of those things is get net domain controller yeah all right so this tells us what our domain is uh what the dc's running what its roles are and what its host name is so we're going to use now to get that ad database we're going to use invoke ninja copy from powersport

let me clear this out for you guys yes yes yes all right so invoke ninja copy we need to specify the path that we're trying to copy uh which in this case is c windows ntbs ntds we want to specify what computer we're copying it from which in this case is demodc01 and we need to specify where we want to copy files to for ease of use we're just going to copy it to our repos

whoa now that's never happened

yeah i did a complete

let's path that again local destination c repo sign tds dot dead and your name is demo dc01 i wonder if it was choking on the capital n2ds in that path weird this is going to take a second uh because like i said it's actually reading raw volume data and kind of restructuring that back into ntfs stuff

cool all right so we have our active directory database downloaded uh we can exfiltrate that using either some of the tools that we have available to us through this through the frameworks or we can just copy it to a usb key if the organization lets us do that one thing i wanted to do for this demo because i never get to do this in real life is uh wreck this box so we're gonna start a administrative prompt

and we're going to import power support

yeah yeah and we're going to set the master boot record to like the hacksaw yes i do want to screw up my computer

karma

huh all right

so uh the last framework i wanted to talk about today is a framework called empire and empire is an amazing piece of work it was uh debuted uh at the most recent uh b-sides defcon or black cat one of the three and basically empire is a complete powershell post exploitation remote access kit uh it's kind of like meterpreter but entirely written in powershell and includes a lot of the modules and tools that i covered today and then some what's great about it is it's they have a strong focus on cryptographically secure communications they have a strong focus on unique memory footprints so when you set up empire it's a client server model like you'd expect

you need a linux box you clone the empire repo run the config scripts when you do the installer when you run those configuration scripts one of the things it does is it generates like a 32 or 64 character string and it uses that to encrypt all of the payloads that you generate so in theory every version of empire is going to generate different code so it's incredibly hard to track down like signatures for it uh as the server to get it up and running you need to set up endpoints which are just http uh listeners basically uh and then it features you generate the launchers which are just powershell code that you run on the remote client

it has a couple ways to do this including a ducky script so if you have a rubber ducky you'll just generate the native ducky script for that run the code on the remote boxes and receive shells one of the cool things about it is it's a phone home architecture so instead of having a persistent connection back to the server the client's phone home at whatever interval you specified usually 5-10 seconds so from a network perspective you just see an outbound https connection every 5-10 seconds it's incredibly hard to track down and really cool stuff so one thing i wanted to cover again before uh before i wrap up here um if you're in blue teams

powershell isn't just an offensive tool there's a lot of really cool stuff in the data forensics instant response areas that uh have been built in powershell uh one of the standout a couple of the standout frameworks uh possec framework is really cool because it's a custom powershell console built for instant response and data forensics it was written by a dude uh named ben 10 and he wrote it for his internal teams that he was working with to make powershell more accessible and easier to use for some of the newer folks on the team another great site to check out is invoke dash ir which is a powershell focused uh collection of projects run by uh jared

kadyksen i believe is his name two of the standout projects there are power forensics which focuses on data forensics and uproot which is an ids written purely in powershell the last framework that i've heard a lot about in incident response i unfortunately haven't played with it much is concept uh and that focuses largely on information gathering and baselining so reading event logs figuring out what you have out there setting up baselines all very cool stuff so like i said i don't expect anybody to leave here being a powershell expert i hopefully at least let you know how easy it is to start that path um if you want to take things from here microsoft has a great

site uh their microsoft virtual academy which really if you want to learn any microsoft technology they have like hours and hours of cbt and stuff like that up on there a lot of great stuff with powershell up on that site learn powershell on a month lunches is a book that i've seen recommended a lot i haven't read it personally the way i learn powershell is just really through google i would find stuff that i wanted to play with or find stuff that i wanted to do and just poked around at it until i kind of figured out what i wanted to do i find that's really one of the best ways to pick up any real new programming

language it's incredibly easy to spin up a lab and play with this stuff the lab i use during my demo here is three servers three vms it's a windows 2012 box a windows 7 box and a windows 10 box and i'm all running the eval licenses for that well that is totally not what i meant to do let's try that again uh there we go so i definitely want to highlight uh the people that wrote all those cool frameworks they're the guys that are actually doing really interesting stuff with powershell as opposed to just telling you how to use it uh six step hard android enigma uh all contributed to the empire project uh which

i can't tell you how much i appreciate and love that uh manifestations uh is with powersport nikola mit it does nishang or nishang uh jared kadaksen is with invoke ir and ben 10 did the poshsack framework uh all these guys are really great people to follow if you're interested in powershell in the infosec community uh so wrapping up uh if we have any questions i have a couple minutes i can answer those shoot um you mentioned monitoring for these types of attacks and so forth windows 10 was primarily about tools like uh sysmon and things like that that are kind of intended to i know that they provide functionality for that yeah so uh it

depends on the level of attack i think as to how much success you would have with sysmon one of the cool things that i didn't talk about uh but so when you power shell is not powershell.exe uh powershell is actually just a dll that's part of the windows management framework and so empire and a lot of these guys uh just take that dll and inject it into another process so it's not even that you're looking for powershell.exe like you actually have to look at what dlls are loaded okay because i know a lot of them you can do like command line execution and things like that i i think you would have to look for it

a different way but i i break things out and try to fix them so yeah no i just i know there's a lot of efforts to try to monitor yeah exactly exactly obviously if you're injecting it into another process by that process so maybe you could do a check for that dll yes yeah and my understanding from a blue team perspective uh is that it's really hard to right now at least to figure out you know without getting real deep into like memory forensics and stuff like that kind of what powershell is doing when it's not doing its normal thing so cool all right well uh like i said if you're on twitter i'm at

jared hate uh if you are in the charlotte area uh me and a bunch of friends get together regularly uh charlotte hackers and we just meet up and drink beer and talk about hacking and if you are on the job market uh gotham digital science is hiring and we do a lot of really really cool stuff so check us out thanks guys