359: NEW IPadOS Changes Incoming! (Also, Don Is Back!) |

Episode 359 May 09, 2024 01:16:57
359: NEW IPadOS Changes Incoming! (Also, Don Is Back!) |
Technado
359: NEW IPadOS Changes Incoming! (Also, Don Is Back!) |

May 09 2024 | 01:16:57

/

Show Notes

Join Don and Daniel as they discuss all things happening in the tech and cybersecurity world this week!

Article Links:

Rapid Fire
https://www.tomshardware.com/pc-components/cpus/rising-metal-prices-could-mean-more-expensive-laptops-pc-parts-and-other-electronics-in-the-near-future
https://arstechnica.com/apple/2024/05/apple-must-open-ipados-to-sideloading-within-6-months-eu-says/
https://arstechnica.com/gadgets/2024/05/wear-os-will-soon-be-at-50-percent-of-apple-watch-sales/
https://www.darkreading.com/cloud-security/dprks-kimsuky-apt-abuses-weak-dmarc-policies-feds-warn
https://gbhackers.com/cybersecurity-consultant-jailed/
https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html
https://www.securitynewspaper.com/2024/05/06/how-safe-is-your-tinyproxy-step-by-step-guide-to-exploiting-tinyproxys-zero-day-vulnerability/

Deep Dive
https://blog.kandji.io/malware-cuckoo-infostealer-spyware

View Full Transcript

Episode Transcript

[00:00:04] Speaker A: You're listening to Technado. [00:00:07] Speaker B: Hey, everyone, and welcome to the tech NATO, the techiest of all. NATO's out there on the interwebs. Thank you for joining us today. And don't forget, we are sponsored by our wonderful sponsor, who is ACI learning. You should check them out. It's a lot of fun. We do a lot of tech training there, and we'll get you trained up on all the skills you need. So definitely check that out. We do thank them for making this show possible and viewers like you for joining us today. That said, we got a wonderful techno. You'll notice I'm not Sophia. Nope, not. Not her. We. We are similar in size and structure, but I know that could be confusing. I am not her. But today is a special, special day because she is gone. Obviously, I'm hosting, but I had to. I had to find someone else to fill in. It can't just be a one man show me raving like a madman into the sky, which would be fun for me, but probably not so much for you. So I scoured the Internet. I found someone with the right credentials. The one, the only, he's climbed k two. He's run with wolves. It's Don Pezet. Welcome back, Don Pezet. How you doing, man? Hey, Daniel. [00:01:07] Speaker C: Doing well. I like how you sugarcoated that story, because the real story is Daniel called me and said, hey, Don, would you come back onto Technado? And I said, not if Sophie's there. And he said, have I got the opportunity for you? [00:01:21] Speaker B: And stars aligned. Here we are. Well, Don, our viewers have missed you greatly. We hear it constantly in the comments. Where the hell is Don? And I'm like, he's changing the radiator. Where do you think he is? [00:01:33] Speaker C: Where you keep somebody. [00:01:34] Speaker B: Yeah. So how has the radiator been for you? [00:01:35] Speaker C: It's good. You know, it's odd. Not many buildings in Florida have basements. And even those that do, it's even more rare to find one with a radiator. And yet you guys have done it. [00:01:44] Speaker B: You know, we built it especially for you because we spare no expense for the capturing captivity of dot Z. [00:01:53] Speaker C: It's funny, and I'll just go off on a tangent here, but please do. In Florida, it is very rare for a building to have a right, because you dig, what, a foot? And you hit one, you're in the. [00:02:03] Speaker B: Water, too. [00:02:05] Speaker C: So it's rare. But. But Daniel and I used to work at an insurance company. [00:02:08] Speaker B: I was going to ask you where. [00:02:10] Speaker C: The entire id department was. Literally underground, under. [00:02:14] Speaker B: Under the ground. We were basically translucent beings, Morlocks, because we never saw the light of day at all. There were no windows. No windows at all because we're underground. [00:02:27] Speaker C: I had a window. [00:02:29] Speaker B: You did? But it was like a view window. [00:02:31] Speaker C: To the office, to the help desk. [00:02:34] Speaker B: Don had this big picture window that looked out to the help desk area, and we had big printers, and then he just had blinds closed all the time, paper over everything. [00:02:46] Speaker C: I think it was probably put in, like, in the seventies when they had some totalitarian dictator. [00:02:52] Speaker B: It is time for your 15 minutes break. [00:02:54] Speaker C: You will do this. [00:02:56] Speaker B: I actually heard from some of the people that worked there that their bosses were like that, that they would come by, everybody, it's time for your break. And they would time it and go, it's time to go back. I'm like, wow. [00:03:07] Speaker C: There you go. [00:03:07] Speaker B: That's not fun. [00:03:09] Speaker C: It's changed a lot a little bit. Like, you know, because you used to wear suits, ties. They expected the printer repair technician to have a tie on. Yeah, yeah. [00:03:15] Speaker B: Weird. That's not a danger, right? Does he get hazard pay for that? [00:03:19] Speaker C: I wonder how many of them died, though. [00:03:20] Speaker B: Yeah, yeah. Another printer repairman choked to death as Epson. [00:03:26] Speaker C: Like in the incredibles, when they talk about capes. [00:03:28] Speaker B: Yeah, right, right. It just gets sucked into everything, and that's how you get killed. [00:03:32] Speaker C: No capes. [00:03:32] Speaker B: All right, well, I guess we should probably do this whole article thing. We got this thing we like to call the rapid fire section, and today we're going to go through a bunch of really fun and cool articles. I got some tech articles because I knew Don was going to show up. Back when Don was a regular on the show, back when it was called the tech natal with Don Pezet, we actually did tech stuff. I'm not a tech guy. I mean, I'm a security guy. So we, we kind of pushed that off as Don went away, but now that he's back, got a few tech articles get. So let's get to our first one. This one comes from Tom's hardware. Let me get the old link going here. And it says, rising metal prices could mean more expensive laptops, pc parts, and other electronics in the near future. [00:04:13] Speaker C: Yay. [00:04:14] Speaker B: That's. That's. I'm just ecstatic. [00:04:16] Speaker C: You know this, Dodd, a lot of people don't realize how many precious metals are inside of the electronics that you buy. And weird metals like, you know, platinum and palladium and stuff like that, that you don't normally. [00:04:27] Speaker B: Unobtainium. [00:04:28] Speaker C: Yeah. And so that, that's why, like, so many people push for recycling e waste. Because, like, hey, there's these precious metals in there. [00:04:36] Speaker B: Don't just stick them back in the. [00:04:37] Speaker C: Ground, but they're in such small quantities. You know? Have you ever watched a video where they do, like, gold plating? [00:04:43] Speaker B: Yeah, sure. [00:04:43] Speaker C: And it takes, like, this minuscule amount of gold. Like, the gold is floating in a liquid. You can't even see it. And it just bonds. It's weird. So it's not like there's a ton of metal in there, but there is some, and it's essential. And so in order for them to continue building these components, if the price of gold goes up, if the price of copper goes up, they've got to pay for it. Now, this isn't just affecting computers, though. This is affecting everywhere. It's why you hear about so many catalytic converters being stolen. [00:05:08] Speaker B: Oh, man. I saw a video of a guy that people kept trying to steal his catalytic converters, and he had, you know, like, a ring camera or whatever that was catching them. And, you know, they would yell to the camera or whatever, and they would jump and run. So they decided to prank them when they came back. Cause they kept coming back. So when they came back, they come running out, like, as zombies. The dude is just, like, bailing as hard as you can go. They just come chasing after him. Like, this is how you keep people from coming after your catalytic converters. You threaten them with human consumption. [00:05:45] Speaker C: I remember a few years back, my parents were buying a house, and you. [00:05:49] Speaker B: Were stealing their catalog converters. [00:05:51] Speaker C: So it was a house that had been vacant for a year or two. It was when the housing market had crashed. These houses that had been either never. [00:05:59] Speaker B: Sold or turned in, foreclosed on. [00:06:01] Speaker C: And thieves had stolen all the copper piping off the air conditioner unit, the air handler outside. And I asked a police officer about that. I was like, why would they steal. I know copper is worth something, but why would they steal that? And he goes, well, you'd be surprised how much meth you can buy. A little bit of copper. [00:06:17] Speaker B: Yeah, fentanyl is cheap, which is the danger. Don't do drugs, kids. It's bad for you. And it makes you turn to a life of crime, stealing copper. Yeah. It says that cost of copper, which was $5,000 per metric ton in 2020, now sits $8,300. That's a bit of an increase there, Donald. [00:06:36] Speaker C: Yeah. You know, hey, it's time to buy gold, right? [00:06:40] Speaker B: I see the commercials all the time. Right? Have you thought about getting precious metals. [00:06:44] Speaker C: Have you? I haven't done this, but have you seen where Costco is selling gold? [00:06:48] Speaker B: They are. No, I did not. [00:06:49] Speaker C: You can straight up go to Costco and we don't have a Costco here in Gainesville. I think you guys do where you live, right? [00:06:55] Speaker B: We do not have one yet. There's one talk of one being built in the villages. [00:06:58] Speaker C: Well, you can straight up walk into a Costco and buy gold bars. They sell 1oz gold bars and people are eating it up. Like, Costco has turned into one of the number one gold sellers in the US, practically, overall, at a good price. Well, they're trustworthy. It's hard. Like, you don't want to just buy gold from the random pawn shop in town. [00:07:17] Speaker B: Yeah, he could be ripping you off for all you know. [00:07:20] Speaker C: Yep. Yeah. That was a episode of Pawn Stars once where this guy brought in a gold bar and they were like, yeah, we got to drill a hole in it, right? And he was like, why? You're going to ruin the bar. [00:07:30] Speaker B: I got to see if the bar. [00:07:31] Speaker C: Is solid, if it's gold all the way through. [00:07:32] Speaker B: That's right. Yeah, yeah. Fool me once, it might have been silver. Shame on you. Fool me six times. So, yeah, be on the lookout, kids. It's going to get. It's going to get nasty out there when it comes to prices of your devices, because the damn prices, I did not. It worked out really well. Fell down the stairs and landed on my feet on that one. But moving on, let's hit the next article we've got today, because the hits just keep on coming. This one comes from Ars Technica. Apple will bring sideloading and other EU mandated changes to iPadOS. Right? No, I'm sorry, that's not iPadOS. That's iPad os this fall. This is an interesting change that they're making, Dom, because, correct me if I'm wrong, because security guy, right? Like, one of the big pros to having an Apple ecosphere is that you have all this, like, gatekeeping and walled gardens that they do. Sideloading isn't a thing. You got to go to the App Store. And now they're opening this up. [00:08:31] Speaker C: This is a tough one. On one hand, you can make the argument that Apple is trying to create a more secure environment, right, by checking the apps, ensuring they're safe and giving you a safe place to go and purchase apps. On the other hand, they're like the skeeziest business on the planet, and they're trying to squeeze every penny out of people. And you don't feel bad about everything. [00:08:55] Speaker B: When your iPhone falls apart after two years, like, yep, on schedule. [00:08:59] Speaker C: And they're doing everything they can to make it where you can't fix it. It's hard to feel bad for a company like that. [00:09:07] Speaker B: I got a MacBook Pro and the battery blew up on me and I'm like, great, this is going to be fun to replace. Yep. [00:09:13] Speaker C: Yeah. It'll definitely be cheap. I'm sure. I'm sure it will cost me nothing. So, you know, the EU had their ruling a few months ago about how Apple's walled garden is anti competitive and they have to open up the iPhone to support third party marketplaces. Right. So the epic App Store or whatever, you know, can now be available on the iPhone. Well, Apple is doing everything in their power to resist this, to do the absolute bare minimum of the EU mandate. And so the EU mandate was focused on the iPhone. And Apple said, well, the iPhone runs iOS, the iPhone operating system, but the iPad runs iPadOS. [00:09:52] Speaker B: Which, correct me if I'm wrong, is like, virtually no differences. Almost the same in these operating systems. [00:09:57] Speaker C: Almost the same, yeah. In fact, the only real difference is in some of the USB device support, the iPad's a little more friendly. Like, you can hook up most usb renders up to it, whereas. [00:10:07] Speaker B: Right. The phone is like, whoa, you're, you're hooking something up there, buddy. [00:10:10] Speaker C: Yep. [00:10:10] Speaker B: You sure about that? [00:10:11] Speaker C: The phone's a little more strict on the M five, the made for iPhone restrictions. Also the, the large screen and multitasking support on the iPad is largely not available on the iPhone. So I think Apple really defines multitasking as a true differentiator. But it's the same os. Yeah, they get the same version number, they get updates at the same time. It's effectively the same os. But Apple said, hey, it's different. And so the EU had to do another ruling to say, no, it's not. And the iPadOS is a gatekeeper, just like the iPhone OS. And so now they've got to support it there. So this is going to keep happening. Apple's pushing the limits with the Epic App Store. Epic was. When the EU mandate passed, epic was like, all right, great, we've got our App Store ready. Let's get it. Let's get it thrown over. And Apple suspended their developer account within just a couple of weeks. And they had to petition that and say, mom, play it by the rules. You know, they weren't, yeah. [00:11:08] Speaker B: So nobody likes a snitch. What is so obviously like, what is the European Union's. I don't know. What's their motivation for allowing, like, what do they care what Apple does as far as their App Store goes? Why are they trying to make them? Or they're not trying to, but forcing them to open up to these third party apps? [00:11:26] Speaker C: So there's a. There's a public reason and then there's a private reason. [00:11:31] Speaker B: Right. [00:11:31] Speaker C: So the. The public reason, the reason they're telling all of us is that it's anti competitive, that no other App Store could launch and compete with Apple because Apple won't allow it. And Apple controls the majority of the mobile phone market, and they've effectively locked everyone else out of that majority. So they've locked it in and they're doing things like paying. Paying. Well, you know, Google's a little easier to explain where Google is paying, like, $20 billion a year to be the default search engine in Safari. [00:12:02] Speaker B: Yeah. [00:12:02] Speaker C: Apple's doing some of the same stuff. Right. So when Verizon or over in the EU, it would be like orange or o two or whatever. All the various cell phone companies over in Europe, when they want to sell iPhones, they have to pay a huge premium to Apple to sell an iPhone versus the premium they pay for Android phones and things of that nature. So the public side is that it's just anti competitive. Right. But there is a private piece that they don't talk about. But is. Is something that security researchers are aware of, which is by Apple locking the App Store the way they have, it's put it in control of a United States company. Right. And what are we doing with TikTok right now? [00:12:46] Speaker B: Right. [00:12:46] Speaker C: We're saying, tick tock, is China controlled. [00:12:48] Speaker B: Right. And they're. They're an adversarial country. [00:12:51] Speaker C: And. But, I mean, even if they're doing nothing today, tomorrow they could. [00:12:55] Speaker B: They could go crazy. Yeah. [00:12:56] Speaker C: And the same goes for the United States. Right. So we might not be doing anything today, but tomorrow we could. That's right. So in the EU, they want to be able to have european based App Stores that sell apps written by european developers that give money to european employees. Right. And I don't blame them for that. [00:13:14] Speaker B: I totally get that. Yes. [00:13:15] Speaker C: I would call it national security, except they're a european economic Union, so I. [00:13:19] Speaker B: Don'T know how that works out. But. [00:13:22] Speaker C: But it makes sense, right? [00:13:23] Speaker B: No, totally get it. I knew having Don back on was. [00:13:26] Speaker C: Going to be a good idea. [00:13:27] Speaker B: He knows all these things. Right? So much fun. All right, let's move on to the next article here. Another one from Ars Technica. If I can click on it. It is. Wear OS has a big comeback, and it is continuing. Might hit half of Apple Watch sales. I picked this specifically for Mister Pezet because I know he loves this kind of stuff. So wear Os, I thought that was kind of like, you know, just some janky side project to somebody's that started to go the way of the dodo, but now the dodo's been breeding sort of. [00:14:00] Speaker C: You have to remember how pitiful this market is. Remember ten years ago when wearable tech was like the cool thing, like AI is today. Everybody is talking about generative AI and chat GPT. We have to have AI and everything. We're getting these crap gadgets, the rabbit AI. [00:14:21] Speaker B: It's the race to the bottom, right? [00:14:22] Speaker C: What's the one that pins on your shirt? Have you seen that one? Oh, I haven't seen that one. It's a little pin, and you can talk to it. A voice interface at all. And if it needs to show you text, you can hold your hand up. It's got a projector. [00:14:33] Speaker B: Are you kidding me? Okay, interesting. [00:14:35] Speaker C: Sounds neat. It's a piece of junk. [00:14:38] Speaker B: Well, don't sugarcoat it, Don. Tell us how you really feel. [00:14:41] Speaker C: So wearable. Technology has not weathered the storm very well. Right. The Apple Watch, when it came out, many people considered it a game changer. There's a whole computer on your wrist. I mean, hell, I'm wearing one right now. [00:14:51] Speaker B: I'm wearing one right now. [00:14:52] Speaker C: Yeah, but the Apple Watch today is very different than the Apple Watch in its first year. App developers were scrambling. We got to create apps that will run right on your watch. And then they realized that apps on the watch are worse than apps on a palmpilot. The Palmpilot gave you more screen real estate, memory, and all that. Within a two year period, apps on the watch dried up. And so now the Apple watch is really only good for calendar and fitness apps. And if you know me, I use it for the calendar. So I like that I can look at my watch and actually see what my next meeting is. [00:15:31] Speaker B: You don't make phone calls on your watch? [00:15:32] Speaker C: I don't. Yeah, I don't use any of that other stuff. But fitness is really where it's picked up. [00:15:38] Speaker B: Sure. [00:15:38] Speaker C: So wear OS was already in second place, and second place of a crappy market is not a great. [00:15:45] Speaker B: It's definitely the first loser. [00:15:47] Speaker C: And so even the article, I mean, they sort of acknowledge it, like, wow, watchOS is really jumping up. It's got 25% of. Oh, wait, hang on. I'm getting my market of a garbage market. So Apple's watchOS last year had 53% of the market. Now they're down to 49%. Right. So Apple still controls half the market. Wearos went from 21 to 27. So they pull that market share. So that's good. But it's still just 27% of, like, $47. Yeah, I mean, I have to imagine where OS users can be counted in the tens of thousands. [00:16:26] Speaker B: Okay. [00:16:26] Speaker C: Yeah, probably. I mean, that makes sense. We're talking. Well, not. Not as bad as Apple's visor, whatever that was called. Not as bad as that, but pretty small. [00:16:37] Speaker B: Yeah. And it says that they kind of partnered with Samsung and another company. If I don't remember which one it is, it was Samsung and someone else. Sorry, but that this is supposed to kind of help them pick up some more steam and start to really become a real market competitor with the Apple Watch. [00:16:56] Speaker C: Yeah, Samsung was really on board with Wear OS in their early days. But then Google did what Google does, which is they. [00:17:05] Speaker B: Google did what Google did. [00:17:06] Speaker C: They dump a ton of money into a product for two years and then nothing. And then it just stops. No more development. No more development for three years. And then all of a sudden they come back and they say, wait, this is the greatest thing. We're putting money into it again. They've done that with Android, they've done it with Gmail. They've done it with all their products. You take the most expensive products Google sells, they've done this where they will stagnate for years. And so Samsung at one point said, hey, if you guys aren't going to keep developing Wear OS, we're going to switch to our own thing. And they started to create their own operating system. And I can't remember what it was called, but it was designed not just to run on the Apple Watch. I mean, their watch, their watch, but also tablets and other things. They were like, yeah, we're just going to push Android out if you guys aren't going to keep developing it. Cause Samsung really is propping up the Android market. Yeah, but now that Google's put some more investment into it, Samsung's back on board, and that's a game changer. That's going to keep wear Os alive. [00:18:00] Speaker B: Well, I know I'm going to go buy me some wear OS. That's all I know. I'm have six wear Os watches. I have one on my ankle. Just go, just go buck wild with it. All right, moving on. We're done with that. Well, there was your tech news there you go. There you go. Don, I'm so glad to have you back. We get to talk about wear Os once again. That said, we're moving on to a little more the security side of things when it comes to our rapid fire. And today, this article comes from dark reading dprks, Kim. I'm going to call them Kim sucky because they suck. Their apt abuses, weak Dmarc policies. The feds warn organizations can go a long way toward preventing spoofing attacks by changing one basic parameter in their DNS settings. Oh, don. Now, last time I checked, d mark was. Was meant to help us. Yeah. Not be a vulnerability. [00:18:50] Speaker C: All right, so I'm. I'm torn on this article, Daniel, because on one hand, I view it as sensationalism. On the other hand, they're technically right. There is one setting in DMArc that, if you have it set incorrectly, makes it where DMARC is basically useless. [00:19:06] Speaker B: Actually, not even just useless, it actually works against you. Because now it seems like it's coming from an authorized center, because that's what DMarc does. It says, this came from the authorized domain. You are good. [00:19:17] Speaker C: Yeah. Uh oh. [00:19:19] Speaker B: It didn't come from the authorized domain, by the way. [00:19:21] Speaker C: So over the last couple of years, major email providers like Office 365, Microsoft 365, Google did it with G suite, Sendgrid, Mailgun, like all these big. The people who send the most email reached out to all their customers and said, look, if you want to keep sending email through our systems, you've got to set up DMARC. And so people scrambled to get it set up. And DMARC adoption has gone up significantly in just the last three years. But the problem is, if you ever worked with these records, um, think of like SPF, right? [00:19:49] Speaker B: Sender policy framework, right? [00:19:51] Speaker C: Uh, where you basically, with an SPF record, you put it in DNS, it's text, and you say, here's the servers that are allowed to send email from my domain. If you get email from my domain, from a different server, not me, throw it out. [00:20:02] Speaker B: Yep. [00:20:03] Speaker C: Okay. But it was just based on ips. And the problem was DNS records can be spoofed, can be overridden, and so they ran into challenges with it. And so DMarc was kind of the successor for that. And it created another way for you to provide it using digital signatures. So it was a much more secure method, much more difficult to, to spoof or poison. The problem is, when you implement it, there's little attributes that you have to set, and one of them is the policy attribute. And the policy attribute says, if you get an email not from my list, what do you do with it? And there's three options. One option is you reject it. Hey, this is a good email. I'm going to reject it. The other option is you quarantine it. And that seems like a no brainer, except not everybody has an email quarantine, so that may or may not work. And then the third option is do nothing. [00:20:52] Speaker B: Just send the email. [00:20:53] Speaker C: So if it's p equals none, that means do nothing. Now, why would you have a setting like that? The intention of p none was when you implement a DMArc policy, you turn that on and you monitor your log. You set up an RUA where it sends an email. [00:21:10] Speaker B: Hold on, Don. That sounds like work. We can have that. I got to go and make setting changes. That's some more shit right there. [00:21:18] Speaker C: It's like. Have you ever configured an outbound firewall? [00:21:22] Speaker B: Sure, yeah, probably have from time to time. Not lately. [00:21:25] Speaker C: Tons of people do. Inbound firewalls filter the traffic as it. [00:21:28] Speaker B: Comes in, but outbound is much more difficult. Right. [00:21:32] Speaker C: And so the way to do it, and this is the same with ips and ids devices and stuff like that, is you turn them on, but you don't let them enforce. You just say, log everything that would have been flagged. And then you go through the logs and you identify the good stuff and you create the appropriate rules. And you keep doing that over and over. It might take weeks or months. They call it training the firewall until you get to a point where your logs are just full of crap that you wanted to block. Right. And that's how Dmarc is supposed to be. You're supposed to go and evaluate everything, find all the servers that you forgot about. [00:22:01] Speaker B: Cause they're all over. I thought this was Ron popill. Man said it and forget it, right? I turned the DMarc on. I did the right thing. [00:22:07] Speaker C: That's what people do. [00:22:08] Speaker B: Yes. [00:22:08] Speaker C: They turn on DMArC, they leave that policy set to none and they never come back. Yep. [00:22:12] Speaker B: Yep. They're like, yeah, this was fun. I like this game. I got that. Well, and this just goes to show you, like, why we still have problems with security a lot of times is that we feel like we purchased the thing I turned the key on. It's doing. It's a little security engine. It's doing the security engine stuff, right? Well, yeah, but much like f one racer or something like that, it's those fine tunings that we have to really dig into and find those settings and it takes work. You're going to have to sit around and kind of monitor these things and make sure we always say, you're tuning it right, you're tuning the engine, you're tuning the device so that it works as efficiently as it should. If you're not reading how the thing is supposed to actually work. Well, you could have set your policy to none. I think. Even if you set it to nothing, it also just kind of like goes, okay, well, if you set it to nothing, that's the equivalent to none. And therefore. So p equals like, no, no string, then it will allow these things to come through. And again, that's going to really hurt you. Where you've set up a system to try to help. Now it's having the opposite effect. Now when the, you know, the North Koreans, the kimsukes of the world start sending spoofed emails, they have an air of legitimacy behind them. And people are like, oh, I can. I don't have to worry about this. We have a machine that's stopping bad stuff. So this could only be good. [00:23:35] Speaker C: Yep. And so the message from the fed here is, is a valid message, which is, it's not enough to start implementing DmArC. You have to finish implementing Dmarc. That's important if you want it to work. [00:23:46] Speaker B: I don't like you anymore. [00:23:47] Speaker C: And just on a side note, I finally found it. The Samsung operating system was called Tizen. Tizen, t I z e n. That was to compete with Apple's watchOS and Google's wear os. They wanted their own and they were going to do tv appliances and all sorts of stuff with it. Okay, so there you go, Tizen. [00:24:03] Speaker B: There it is. Well, now, knowing it's half the battle, right, Gi Joe pork chop sandwiches. Yeah, pork chops we do have. We still keep the pork chop sandwiches around for special occasions because it does pop up from time to time. And speaking of segments, we now have to go to one of our favorite segments, which is behind bars. Break the law and you'll go to jail. That is the word on the street. Hopefully it happens more often than not. If you break the law, you go to jail. That's, that's how it should work. [00:24:38] Speaker C: You go to jail. At least for a few minutes. [00:24:39] Speaker B: Yeah, yeah. You're left out on your own recognizance. Anywho, we got an article here about. This is from gbhackers.com, comma, ex security consultant jailed for trading confidential data. Man's they. The good old tale is oldest time. The insider threats. Yeah, person given access and trust to a system turned around and used that against their employers for nefarious purposes. Don. I hate to see it happen. [00:25:07] Speaker C: Yeah. You know, you can take every precaution you want. You can do background checks on contractors coming in. You can make them sign NDAs and engagement contracts and all that kind of stuff that you do with pen testers. You can do all of that. But there's still some bad apples out there. It's hard to sift them out. [00:25:25] Speaker B: Apparently, Vincent Kennedy is one of those bad actors. He's a professional who used to work as a consultant in the cybersecurity field, has been taken into custody for allegedly trying to extort a sum of money that could go up to 1.5 million from an IT company that is publicly traded. He said, yeah, I got your stuff. You want it back? I'm going to need that money. [00:25:46] Speaker C: This is a. It's reminiscent of the ubiquity extortion thing, where it was their CI or their Ciso, who was pretending to be a hacker and holding. [00:25:57] Speaker B: Oh, this was a pen test. Yeah, that's not how pen tests work, buddy. [00:26:01] Speaker C: So he's in jail, but in this case, he didn't even bother with the fake story. He was just like, look, I've got your data, and you're gonna pay me. And he wanted a ten year CD as a certificate of deposit. [00:26:19] Speaker B: He wanted to get interest on this. [00:26:20] Speaker C: Thing, which is a weird thing to ask, is CDs are traceable. [00:26:24] Speaker B: He's thinking of retirement, man. He's got. [00:26:27] Speaker C: There's got to be some high yield, right? I mean, certainly it's. [00:26:30] Speaker B: He's thinking fiscally, man. [00:26:32] Speaker C: You know, all joking aside, now is the time to buy CDs, right? [00:26:36] Speaker B: CDs are yielding good profits at this point in time, man. Forget your 401K. CDs are where it's at. But nor, we do not endorse any financial advice at the Technado, by the way. We're not financial experts. [00:26:48] Speaker C: No, far from it. Yeah, I broke my fortune's in dogecoin. Yeah, it's going to pay, but normally, when somebody's extorting a company, they want bitcoin. They want something that they can at least try and obscure where the funds are going to, and maintain some anonymity. In this case, wanted a CD, and. Yeah, that's just bizarre. So I have to imagine he's, like, mentally unstable or something. [00:27:17] Speaker B: Well, how do that goes? Are we in the tech industry so odd to the rest of humanity that this dude flew by the radar? Because if he's mentally unstable, and I just thought that was normal for it. Workers, I mean, they might not be wrong because we're a weird group of people. I mean, I find it to be fun, but yeah, it was the camouflage that got this guy his job. And then he was like, no, now I steal all the things. I want some money, where's my money? But this dude's facing down like the barrel of 20 years in jail for this. This was no joke. I mean, this is like a murder rap. [00:27:54] Speaker C: Yeah, worse than a murder rap in some states, depending. [00:27:58] Speaker B: Yeah, depending on which murder rap it is. Who did you kill? I mean, come on. [00:28:03] Speaker C: So, yeah, it's strange, but it just shows that oftentimes your biggest risk is the insider threat. It's people within your company or, I mean, this guy was a long term contractor, but still, it's that somebody you've let in the door, they've got the key badge to get in, and, you know, it just shows how important it is to have separation of duties, to have peer review of work, to monitor audit logs. Like at some point this guy had to exfiltrate that data. Right, right. And whatever method he used is probably not much different than whatever method a hacker would use. And so, you know, that should have been monitored for. But not every company can do that. [00:28:44] Speaker B: Are we doing that here? Because. No, I'm asking for a friend. [00:28:46] Speaker C: So. Well, there's. If you take like this building. No, because there's no Pii stored here. Right. So all of ours is stored up in cloud services. Right. And in the cloud services, yes, it is monitored for there. [00:28:59] Speaker B: Okay, good to know. [00:29:00] Speaker C: It's actually easy to monitor for exfiltration in AWS because they bill for egress traffic. [00:29:07] Speaker B: You think I'll enjoy prison don, but. [00:29:10] Speaker C: Salesforce, Netsuite, you know, a lot of those tools that are out there, they have various monitoring for when somebody's pulling more records than they should. But user credentials should be restricted to small data sets. It gets tricky with security people, though. If you take a security person, say, I want you to scan our network for vulnerabilities, but I'm going to restrict your access. [00:29:29] Speaker B: Right. You tied their hands. [00:29:31] Speaker C: You have. [00:29:32] Speaker B: Right. If they are security people, you have given them the keys to the devices that they can now tune to. Just ignore me. [00:29:39] Speaker C: Yeah. [00:29:39] Speaker B: Right. So, yeah, it's a difficult, so do a lot of really, really good background checks and a couple of rounds of probably interviewing, make sure you get the right person and then continuously monitor them. [00:29:51] Speaker C: And even then, know that you're gonna miss stuff. [00:29:55] Speaker B: Yep. [00:29:55] Speaker C: Right. [00:29:55] Speaker B: No guarantee. [00:29:56] Speaker C: I mean, Edward Snowden, right? [00:29:58] Speaker B: Oh, yeah. [00:29:58] Speaker C: Dumped it to a USB key and walked out the door. [00:30:00] Speaker B: Walked out the door with it. [00:30:01] Speaker C: So you're not gonna see that on your ips. [00:30:03] Speaker B: No. Yeah, you got a hell of an IPS if you do, and I want to know where you got it. [00:30:08] Speaker C: And that was, that was the NSA. [00:30:10] Speaker B: That was the NSA. Right. The flipping NSA. Ah, fun stuff. Speaking of fun stuff, our next article comes to us from the hacker news, one of our favorite haunts. Hackers increasingly abuse Microsoft graph API for stealthy malware communications. This is, this is the kind of thing twirls my beanie. I really enjoy like c two and all that red team y stuff. It's really fun. I don't like it when hackers do it. I like it when we do it to try to figure out how they would do it. And this is a really crafty trick. It's not necessarily super novel as far as maybe with them. Using Microsoft graph API is something that's new, but we tend to try to find these open cloud services that have an API and then abuse the piss out of it. [00:30:53] Speaker C: Yeah, yeah. So for decades, if you wanted to stand up a command and control or c two. [00:31:00] Speaker B: C two. C two, c two. [00:31:01] Speaker C: A c two server, uh, you'd use IRC, right? [00:31:04] Speaker B: Yes. [00:31:04] Speaker C: Like, I mean, IRC was the go to. There were IRC, I mean, you could just use ef. Net, like public IRC servers and create your own channel on there. And there's your c two network. Uh, that was the go to. Well, I'm gonna harp on ids and ips today. Uh, ids and IPS devices, you know, were, were tuned for that. They would look for IRC traffic, and most people don't use IRC in any meaningful way anymore, so companies just block it out. [00:31:29] Speaker B: Right? [00:31:30] Speaker C: And that was that. Now you can't talk to a c two server. So hackers have had to get creative, and boy have they. They've come up with some really cool stuff. And I remember talking about this a while back where there was some malware was the first instance where it was using OneDrive as its c two server. It could just, via the API, reach out to OneDrive and look for script files that it would pull down to execute. And the people controlling it could just change those script files in OneDrive, and then the bots would all connect. If you're a network administrator, how do you filter for that? Here's a computer connecting to OneDrive. It's encrypted because it's secure traffic. It's going to a Microsoft server. [00:32:09] Speaker B: It's a hacker's heaven, Don. [00:32:10] Speaker C: It really is. It really is. And how do you fight that? [00:32:14] Speaker B: That's a really good question. It's super difficult, right? Because like you said, it's all encrypted, maybe with like a next gen firewall where you're giving it keys and it's exchanging all that information with the next gen firewall, it would be able to look into that information and see, oh, I don't really like what's going on here and from there, but like you said, it's, you would have to start doing that. You would have to then implement into that, into those systems. And even if then I'm not sure that it would be successful. That's why this has become kind of the popular way to go around getting your XFL traffic to go and your c two traffic is because you're giving me the platform to do this. So if you look at the Microsoft graph API, what it allows you to do is to upload and download files from OneDrive. And OneDrive is a free service. Thanks, Microsoft. Again, I don't want to harp too bad on Microsoft. This isn't necessarily like a fault of theirs. You could do this with Virustotal. I've literally looked at the virustotal API and went, I can send like, updates to Virustotal. So if I have an API to virustotal, I can do submissions through the API. In those submissions, I can send descriptions and updates that could be command traffic. I could put my commands in base 64 encoded strings and then pull it down with my malware. And that's. I could be communicating through something that's supposed to help us. It's. It's kind of a thing. [00:33:39] Speaker C: That would be the irony of it, right? [00:33:40] Speaker B: The virus total. [00:33:42] Speaker C: Yes. [00:33:43] Speaker B: I was like, should I do this? Probably not, but, man, I want to. [00:33:47] Speaker C: That'd be a cool thing to present at, like, you know, one of the hacker conferences. [00:33:51] Speaker B: I guess I could. Yeah. Yeah. [00:33:52] Speaker C: Here's my c two server. [00:33:53] Speaker B: Yeah. Virus total. C two, vt, vc two. How would I put that? [00:33:59] Speaker C: I don't know. [00:33:59] Speaker B: I have to come up with a name. I'll build the tool. It'll be fun. I think. I think I would be violating virustotal's terms and conditions. [00:34:06] Speaker C: I think that's all over the place. That's a given. Although, I mean, so do you have to log in to upload a file to virustotal? Because normally you just have the API. [00:34:17] Speaker B: Key, so you'd get an API key. [00:34:20] Speaker C: So you have to log in. [00:34:21] Speaker B: Just make a software account. [00:34:22] Speaker C: Okay. So that would violate it. I'm thinking like, there's probably some services out there where you don't have to log in, like pastebin. I do know people are very popular. Yeah. [00:34:30] Speaker B: A c two. [00:34:31] Speaker C: Yeah. [00:34:31] Speaker B: So, yeah, fun. Good luck, Microsoft and all you other free services that give us an API, that which we can use. It's going to be a lot of, I'm assuming, looking at traffic and trying to figure out behavioral patterns. So hopefully these next gen things can kind of figure that stuff out using AI and ML. And that's when you go to RSA and that's, they'll tell you that we can do that. And then you purchase it and it doesn't really do that. [00:34:56] Speaker C: So you can, you can protect against c two by using AI at RSA. And, man, do we got enough acronyms for this acronym. [00:35:05] Speaker B: Bingo here. Bingo. I got it, I got it. This is fun. All right, let's see. Here we go. One more in the rapid fire. And let's see here. This one comes from security newspaper.com. I really scoured the Internet for this one, but I'll be honest with you, I kind of looked at this, this site. It's not bad. I thought it was a good little, good little place. I'll start haunting them. Says, how safe is your tiny proxy? Step by step guide to exploiting tiny proxies zero day vulnerability. So if you are running tiny proxy out there, I. This is what I love about security news is I come in contact with software that I just did not know existed. But then you're like, oh, a lot of people are using this. I was unaware because it just kind of flies under the radar until one of these CVE's pops up that's like, oh, is it a 9.8? I believe this is a 9.8 out of ten cvss. So if you are running tiny proxy specific version. Cisco Talos, their security research group has discovered rut row. Raggy, we got a real problem because remote code execution is on the table. [00:36:12] Speaker C: Yeah. Yep. And where this one gets even more risky is, if you haven't heard of tinyproxy, most people don't need proxies anymore. Right? There was a short period of time back in the early nineties where proxies really popular and they kind of went away. I guess some people use them for accessing Netflix from other countries and things like that. But VPN's have largely replaced that too. But one place where proxies are alive and well Docker and any kind of container environment, right. So if you use Docker compose and you start spinning up a bunch of containers on your system and you need to publish a port for systems to access, Docker will, you might have five containers that all need the same port and that's going to conflict. [00:36:50] Speaker B: Right. [00:36:50] Speaker C: So you got to pick different ports and then you've got to have some way to direct traffic to the ip on the host to these individual containers that likely don't have public ips or, or even network ips. They probably just have internal to the Docker environment. And so that's where epoxy comes in. The other thing is if you want SSL, if you want, or TL's, whatever you're using today, hopefully, hopefully TL's. [00:37:12] Speaker B: So if Don's still on SSlv one. [00:37:15] Speaker C: Maybe it's hard to bring it back for so long. I know. And then you gotta change. But, so if you've got to generate a certificate and you've got 50 containers, you don't want to have to go and plug that certificate into all 50 containers. That's a nightmare. Right. And you want to be able to easily change the certificate. And so oftentimes what developers will do is set it up where the TL's connection terminates on the proxy and then it just uses regular HTTP to the containers on the backend. [00:37:45] Speaker B: Right. [00:37:45] Speaker C: It's the backend. Totally safe. [00:37:46] Speaker B: We're in the safe zone, right. We made it past because, well, that's the, that's kind of the janky thing about proxies and things of that nature is they sit in the DMZ, they're, they're facing the public facing Internet as well as your internal facing network. They kind of act as a gateway from one network to the next, right? [00:38:04] Speaker C: Yep. Now, fun fact, if you're filling out a security questionnaire for compliance and they ask if your data is encrypted in transit end to end, and you're terminating your secure connection on a proxy, you are no longer encrypted end to end. [00:38:18] Speaker B: Right. [00:38:19] Speaker C: You're encrypted across the public network, sure. But once you get to your internal network, it's now moving between devices, unencrypted. And why is that a problem? Because of stuff like this. If the attacker can take over tinyproxy. Right. They can now see the unencrypted backend as well as a certificate. It's right there. And you've effectively popped network security for your environment. [00:38:40] Speaker B: Yeah, that's a real problem. It was funny, we were talking about this article because it was a last minute throw in and Don was like, well, who's using proxies anymore? And that's true. We came up with the idea of where they're being used. But then you were like, but it's a proxy, big deal. And I'm like, well, it's actually a really good spot to kind of nestle in as an attacker because who's logging into the proxy? Who's watching the proxy? If the proxy is doing proxy stuff and no one's complaining, just kind of sits there and now it becomes a really good pivot point. [00:39:12] Speaker C: Yeah. [00:39:12] Speaker B: For, you know, I can use it to bring all the data into that and then x fill out from the proxy. And now all that's encrypted, you start to see the fun times that we had because I'm now got a really good place to laterally move throughout the network that's completely trusted and it's a lot of fun for hackers. So definitely if you have Tinyproxy installed, you're going to want to do some updating. I think they did release an update, if I'm not mistaken. [00:39:36] Speaker C: They did. [00:39:37] Speaker B: Yeah. There you go. So if you're interested, this article does have a step by step for doing exploitation, so we're just interested in that kind of stuff. If you're wondering, am I, am I vulnerable? Well, you know, check those definite, what do you call those versions, and then have some fun and install it yourself and see how that all works, since you know exactly what that attack vector looks like. All right, Don. Rapid fire has been rapidly fired. We gone through a lot of articles, but we're gonna take a little break, take a breath, stretch our legs. We'll come back. We got the deep dive. We're gonna get into a little bit of Mac Os malware. This ought to be a little bit of fun for us, so stay tuned for that and until we come back. Yeah, watch this commercial. [00:40:20] Speaker A: Tired of trying to schedule your team's time around in person learning? Isn't it a bummer to spend thousands of dollars on travel for professional development? What if we said you can save money and time and still provide your team with the best training possible? The answer to your woes is live online training from ACI learning. With live online training, we provide our top in person courses in private online instructor led formats. You get to provide professional development and in a manner that fits today's expectations. Entertaining, convenient and effective. Our exam aligned courses inspire the full potential of your team visit virtual instructor led training at ACI, learning for more info. [00:40:57] Speaker B: Well, that was an amazing commercial. I'm sure it changed your life. Hopefully it did. Now the lives have been changed. Let's change them even more and go into our deep dive section here on the tech NATO. It's one of my favorite sections because. But Don was like, tell me a little bit about this deep dive thing you guys are doing. I'm like, it's just a chance for us to nerd out on some technology, some, some security stuff. And I really enjoy looking at malware and seeing how malware works because I'm really interested in red teaming things, and you have to kind of develop and use malware for those purposes. But it does give us a better look at our systems, the attack vectors that they are vulnerable to and how threats that are out there are capitalizing on these things. And for us to know those systems better is going to make us better at our jobs, at securing them, at least, hopefully. That's the idea, anyway. And today is a really interesting one, because I don't think we've ever talked about, uh, Mac malware, because it doesn't exist. [00:41:51] Speaker C: Daniel. [00:41:52] Speaker B: I know. That was, I had it on good authority that Mac malware was not a thing, but lo and behold, damned if I didn't find me some. [00:41:59] Speaker C: Sure. The date on this article is on April 1. [00:42:00] Speaker B: Yeah, yeah, it's. Oh, they got me. They got me. Dig, man. Well, this comes from Kanji IO, and this is malware. Cuckoo. I know this. I don't name these things. Behaves like cross between info stealer and spyware. So it's kind of double dipping on the. What it actually does. And what's interesting, they said that they named it cuckoo because there's a bird called the cuckoo bird, and it lays its eggs in the nests of other birds and steals the host's resources for the gain of its young. So, in the same vein as the cuckoo bird, the cuckoo malware nests itself into your Mac operating system and steals information and does a little spying while it's there. It's a lot of fun, not for anyone that actually is going through this, but for us to investigate. [00:42:52] Speaker C: Now, if you're like me, or maybe a little more of a novice than Daniel, I thought, what the hell's the difference between an info stealer and malware? I mean, spyware, yeah, they both kind of do the same thing, but it really boils down to persistence, right? [00:43:04] Speaker B: Persistence is the thing. [00:43:05] Speaker C: An info stealer just wants to get in there, get your data get out. But spyware wants to hang around. This one does both. [00:43:11] Speaker B: This one's like, hey, why can't I live in both of those worlds? [00:43:14] Speaker C: Like Reese's peanut butter cups. [00:43:16] Speaker B: That's exactly right. They put the chocolate and peanut butter together and everybody was happy on whoever these threat actors are that are doing this. But they said that, I love this part. I said, how do they find it? Because I'm really interested in how, how do security researchers discover new malware variants and things of that nature? They set up honey pots and then they watch it as it rolls in and go, oh, what's this? Now? They said that they found this one. It was named, it was actually from Virustotal. So it was, there was this dump media, Spotify media converter, and it was put on virustotal on April 24, and it was also found under the name UPD. This is universal binary that can run on arm based Macs or intel based Macs. Now, if you're not familiar with Macs too much, macOS are the binary formats. So you got Exe's over in Windows worlds, you got elf binaries over in Linux land, and you got Mac os that are in. I. [00:44:14] Speaker C: Don't be too pedantic. [00:44:15] Speaker B: I know you're getting ready to get onto me here. [00:44:17] Speaker C: It's mako. Is it? Because it's the mach colonel m a c h. I always say mach deep down under. [00:44:23] Speaker B: You actually used to call it macho because it was more fun. It's fun, yeah. [00:44:27] Speaker C: Snap into a slim. [00:44:28] Speaker B: Yeah, you can have the macho. [00:44:32] Speaker C: We just watched idiocracy the other day with President Camacho. [00:44:34] Speaker B: Did you realize? Good flick, good flick. Shame we're living in it. But you know what that comes from is I've never heard anybody say it out loud. I've only ever read it. [00:44:44] Speaker C: Yeah. So you know how a lot of people say that Mac Os is basically BSD? Yes, it sort of is, but the Darwin kernel underneath it is based on the mach kernel. And so the, you know, the, the kind of template Os in the early days was, I don't know, mock whatever. So, yeah, so the binaries are mock o. Got you. [00:45:05] Speaker B: Yeah. There you go. Pronunciation on facts. I'm being pedantic, and we got to use the word pedantic today, which is, which is fun for us. [00:45:12] Speaker C: Biggest word I'll use today. [00:45:13] Speaker B: Yes. Yes. So this is really interesting. So basically, their initial access vector, right. It's what we like to call it in the biz. How did they get initial access? Well, they tricked people, they said, hey, come and download this Spotify media converter tool. It's going to save your life. What does the tool do? Well, you go to Spotify, you stream something and we can rip that into an MP3. [00:45:37] Speaker C: I can't tell you how many times over the years, and I'm being serious, where I needed to convert like an Avi to an mp4 or AAC to an MP3 and I would just do a quick Google search and you'd get all these like shady companies that would show up on the top of the list, you know, so and so media converter and so on. Yeah. And every now and then you'd find an open source one. And I would usually try and go with the open source one. There's at least some fair scripting there. [00:46:05] Speaker B: Yeah. [00:46:05] Speaker C: But there were tons of other products that you'd never heard of. [00:46:07] Speaker B: Yep. [00:46:08] Speaker C: And I could totally see people saying, you know what, let me just try it. I just need it one time, I'll use the demo, the trial, install that, do what I want and never run the program again. [00:46:17] Speaker B: Yep. And that's what, it's exactly what happens, you know, every, every once in a while, kind of like, don, you find yourself in that position where you're like, I need this tool that could do X, Y or Z. It seems kind of niche and weird, but in, in today's world, I need that. So you do your Google search, you find these things and people will see these and go, that looks legit. That looks. And what's funny is this is actually legit software. So the, the malware is actually bundled in the legit media converter. It will do it, yes. Well, yeah, in a way. Right. So you're not getting it straight from the manufacturer. They set up fake infrastructure. [00:46:53] Speaker C: Oh, they look like. [00:46:54] Speaker B: Yes. You basically just take the binary and then you bundle in your malware, you decompile it. You bundle your malware and you add it to that, that compilation, you recompile it back together and then I give it to you, I run. And it actually does Spotify media conversions. [00:47:10] Speaker C: You know, fun fact with the way that Mac binaries are packaged. Right. So. And I think the article talks about the way they do bundles. Yeah. If you're not a Mac user, it's a different world than Windows and Linux. In Windows and Linux, when you install an app, there's an executable somewhere, there's a binary, but there's also a ton of library files and other stuff that goes along with it that's necessary to make the app work. But in the Mac world there's just one file. One file. When you install an app, you download this file, it'll say just drag and drop it to your application folder. The reason is they use these bundle files. They don't go right out and tell you this, but if you take the bundle file and just add zip to the end of it, it's just a zip archive. [00:47:49] Speaker B: Yeah. [00:47:50] Speaker C: And then you can open it right up. You can do this on Windows, Linux, whatever, and you can open it right up and look, so you don't even have to recompile it to add malware. [00:47:56] Speaker B: To it, right, because you're just adding it to the bundle. So, and it's funny you bring this up because if we take a look at my screen here, we can see that one of the major, like hmm, what's going on? Is a little different to Don's point. You'll notice that it doesn't say drag to applications. It says right click, this is the actual installer, a view of them running the installer. It says right click on the icon below and click open. [00:48:20] Speaker C: That is different. [00:48:21] Speaker B: That is different. That is not normal. Now why are they saying to do this? Because the way this works is it will get popped. Because if as they, as Don's point goes to, it's just a bundle of files. If you do that, show package contents instead and see what's actually in this, you'll notice that there are some things that should not be there that are going to get run. And since you're downloading from an unreliable source, what does Mac operating system do when you download things that get installed and run as executables? It goes hey, I don't know what this is. You need to approve that this is going to be done. So this is kind of like cutting that off at the pass and going hey, just right click go open. You're basically telling the system I know what this is, I want to run it instead of trying to just double click it. [00:49:08] Speaker C: Yep. And unfortunately as a side effect of Apple's App Store policies, if you install an app from the App Store, you don't get, it's called gatekeeper. You don't get the gatekeeper trigger. But if you download an app from anywhere else on the entire planet, you get a gatekeeper pop up. And so people are used to that. When they install an app, not from the App Store, they're expecting you to get a dialog box of some sort and to say okay to it. Right. And even if it asks for admin credentials, people are used to that too. Like, oh, it maybe has to write somewhere outside of my user folder, then it's going to prompt for that. And so people provide that. And that gives this malware the chance to, to get elevated privileges. [00:49:45] Speaker B: Yep. So back to our story. Interesting stuff here, right? I do love learning this. Like I said, this is what I like. This the nerding out part of learning about the Mac operating system and how we can abuse some of the way it's supposed to work for nefarious purposes so that we can know more about that. So it says when we selected the show package contents instead of open, they found and then navigated the Mac OS folder with the bundle, found the mako binary called UPD. This is the actual malware itself. And that name raised red flags to them as well. Because normally when you download a binary for the Mac operating system, the binary is the name of the package. We go, oh, if I'm Dan's media converter, it will be Dan's media converter exe or whatever. It'll be the same as, as the thing you downloaded. This was not the case. It was some weird just UPD name. And that name raised the red flags for them. So not only that, they sell. Also, looking at the UPD file in the original bundle, we found that it was signed ad hoc with no developer id. That right there is just like warning Will Robinson, because Apple is extremely, what's the word? Stringent. Right. They're strict about applications going through the right process to be released. Now, obviously you can dev for the environment if you want to, but if I don't have an Apple developer id assigned to us, you can't trace it back to me. [00:51:10] Speaker C: Right. They used to be strict about if you had an Apple developer id, you could sign an app, but it had to be available via the App Store. And developers were frustrated because if they didn't want to use the App Store, they couldn't sign their apps. But Apple changed that policy, so it cost a developer $99 a year. If they want to be able to sign their apps, that's not a big deal. Even for a small shop like a, you know, somebody who creates some shareware or whatever, not a big deal for them to sign it. So in this day and age, you really shouldn't have unsigned apps. [00:51:39] Speaker B: No, that's a bad idea. Don't do that. All right, now let's talk about running this application. Let's get into what happens. Okay, I've done the bad thing. I've downloaded this. [00:51:48] Speaker C: I've. [00:51:48] Speaker B: I've right clicked and hit open like a fool. But hey, you got me. What are you going to do? It was a good, it was a good fish. And it says, running the application. Once we allow the application to run, we could see from a process monitor that spawned a bash shell and it uses this system profiler system. You can just see right here, simple SHC, which basically means run this in the bash or in the shell of your system to grab this system profiler device and give me the SP hardware data type. Then they run it through awk to kind of pare down to only the specific things that they are looking for from this. You can run this on your computer. There's nothing nefarious about this specific command. I did it online. It just starts pulling back a bunch of information. This gets to what it's doing. It's gathering the hardware uuid in this initial stage. So it wants to grab that uuid probably for the purposes of, well, this is a different system than the other system that I've popped. [00:52:44] Speaker C: Yeah. And it's starting the info stealer process. Right. So gathering that data and exfiltrating it. [00:52:48] Speaker B: That's right. And of course they're doing what all good hackers do, which is doing some sort of encryption or encoding or both. And in this instance they're using XoR encryption. They say Xor encoded, I've always heard it as or encryption. And this is basically the idea of we are going to look at, we're going to run it through a filter. You created a symmetrical key, which can be anything you want. You can say, you know my key if you like, but randomness is always, usually better. And if you have similar. I see. If I can remember Sor encoding, I'm sure Don knows this off the top of his head, but it's, if it's the same, it comes out as a one. If it's different, it comes out as a zero. I typically get those backwards, so fact check me on that. [00:53:27] Speaker C: I don't recall. [00:53:30] Speaker B: The fifth on this one. [00:53:31] Speaker C: This is where I would google it. [00:53:33] Speaker B: Either way, it just runs it through a little filter and then modifies with the output. And then the encryption key helps to reverse that case. Ultimately what they're trying to do is just obfuscate this from the system. So any monitoring that would be running and looking to see what is this doing? It wouldn't easily be able to do that or be able to do that at all. Once you have it all encoded or encrypted, then of course that is how they're going to run all the commands that they work in this. So we're going to see XOR encoding, as they say here. I'll use their terminology. They're going to azure encode every command that they throw at the system. So they do show this in kind of the, what looks like, and maybe this is how makos are coded. I'm not familiar with how to do that for those systems, but it looks a lot like assembly to me because you see some hex values and that kind of thing. And you do see some interesting things that might tell you what's going on here. They do kind of point to registers and cpu and things of that nature. Are you familiar with any of this, Don? [00:54:38] Speaker C: Yeah. So a lot of it is written in c. Yeah. [00:54:40] Speaker B: Okay. [00:54:41] Speaker C: And so in C you have to do like, you have to specify memory addresses as opposed to, like, variable names. [00:54:46] Speaker B: Correct. [00:54:46] Speaker C: I mean, you can map addresses to variable names. [00:54:49] Speaker B: It's really hard. [00:54:50] Speaker C: Yeah. But for these guys, because they're having to reverse engineer it, that's what they see. And so that's what they're, they're providing. [00:54:56] Speaker B: That makes sense. [00:54:57] Speaker C: I'm not familiar with Kanji IO, but they did a really good breakdown. [00:55:00] Speaker B: They did a phenomenal breakdown on this. So great job out there. Your team is doing a phenomenal work, and we thank you for your efforts. But really, really cool stuff, how basically showing you how they got to from here to here. So this stuff right here, all this wondrousness turns into this on the other end. A lot of fun. So reverse engineering. It's not just for dinner anymore, Don. [00:55:29] Speaker C: Yeah, because you can pull the data right out of memory, but if it's obfuscated like this is, you've got to figure out how to deobfiscate. And that's, that's the challenge. [00:55:37] Speaker B: And they're looking for the XOR encryption key, which typically is bundled into that. And if they find that, it's good. And, you know, I used to think, well, if you're putting the encryption key into the malware itself, I mean, what are you really hiding from? You're hiding from the machine. The machine doesn't know what to do with that other than decrypt whatever is encrypted or encrypt whatever needs to be encrypted, because that's what the command cell to do. It doesn't care what's going on. [00:56:02] Speaker C: And they get an extra advantage in that. Most Macs aren't running any kind of host based. [00:56:07] Speaker B: There's no malware for Macs. Don. [00:56:09] Speaker C: Yeah. [00:56:09] Speaker B: What do you need it for? [00:56:11] Speaker C: That's true. [00:56:11] Speaker B: That's ridiculous. Stop being ridiculous. Okay. All right, moving on. Let's keep going here. Let's see. They got a decoding loop. That's, that's always fun. So it's just kind of more of that breakdown. Definitely. We probably spend 3 hours on this entire breakdown if we really got into the nuts and bolts of it. But basically telling you now, this is an interesting thing where it says once that the string is decoded, it passes to a function that calls p open, which is a very common function for executing a string, like a command execution. So if you see open, p open exec, that kind of thing, that's usually for, hey, where I need you to run this for me once you go ahead and do that, be great. I appreciate it. So that's what they do. They use p open for that. Anything else cool that goes around here? It does say that the original UPD will then use the x adder d command to remove the quarantine flag from itself. So if it probably has that enabled and now it can remove that to be like, ah, now I'm afraid to move about the cabin on a Mac. [00:57:12] Speaker C: You might try and open a downloaded binary and it'll tell you, you'll get a warning that'll say this executable originated from the Internet. Are you sure you want to open it? And that's the quarantine feature. And if you remove that, all of a sudden it says it's not from the Internet. Right. That it came from somewhere else. It came from a USB key or an install media. So that's what they're changing. [00:57:32] Speaker B: That's right. All right, now it does a locale check. Really interesting little piece of the software. Kind of probably going to give us some ideas into attribution. [00:57:40] Speaker C: This is showing up a lot in malware today. [00:57:42] Speaker B: And this is showing up a lot in malware today. Look at Don staying on top of things. He acts like he's busy running companies. He's really just nerding out at his house, not doing a dang thing, eating. It's the fun part of the job. You know, vines and stuff. [00:57:54] Speaker C: I think it's fun coming up with. [00:57:55] Speaker B: A budget getting sock too. No, it's not. It's not at all. [00:58:02] Speaker C: No. [00:58:03] Speaker B: You're wondering what the answer to that question was. The answer is it's not fun. Zero fun, sir. So the locale check this. Basically what it does is it looks at the lang environmental variable in the shell to say, hey, where you at? What you doing right now? I could use IP or something, but it goes with language on this, which is probably a bit more. It's going to be. What's the word I'm looking for, Don, help me out here. [00:58:28] Speaker C: So it's gonna be more accurate. [00:58:30] Speaker B: Accurate. Thank you. Yes. [00:58:31] Speaker C: And the reasoning for that is like, let's say you. I don't let the cat out of the bag here, but let's say you live in Russia, right? And they've got the great. They've got their own firewall up just like China does. And so if you're in Russia and you're an attacker or whatever, you're likely vpning out of the country. And so they can't rely on your ip or geolocation because you'd show up in a different place. But if they look at what your keyboard is set to or what your currency value is set to, and they. [00:59:00] Speaker B: See that because it's unlikely that many people in states or the EU are speaking Russian because that's just not what we do. It's just English is typically in Great Britain and things of that nature. But that just goes to show you that's who they're looking for and they're not looking for, as we can see. If we look here, it's got a laundry list of different. Let me scroll down here. There we go. [00:59:23] Speaker C: The usual suspects. [00:59:24] Speaker B: They want to avoid the countries of Armenia, Belarus, Kazakhstan, Russia and Ukraine, which I found interesting because Russia and Ukraine are kind of in conflict with each other right now, if you hadn't noticed. [00:59:35] Speaker C: Yeah. [00:59:36] Speaker B: But they are avoiding those two countries. So could this be ukrainian? Could this be russian? Most likely russian, I would think. [00:59:44] Speaker C: Yeah. You have to remember, like, criminal organizations don't necessarily observe governmental boundaries. [00:59:51] Speaker B: Yeah. [00:59:52] Speaker C: And I mean, you really gotta go back to USSR days, right? Estonia, Belarus, Latvia, like, all of those countries were either part of Russia or were satellite countries that were attached to the USSR. And so the criminal organizations that you face today are really the same ones that were around back then. And so even though Russia and Ukraine are at war right now, there are absolutely criminal gangs that have footholds in both countries. [01:00:20] Speaker B: So this could just be a criminal organization and not necessarily like a nation state. Apt. Or something. It could be, yeah, that's a good point. [01:00:26] Speaker C: And I don't like to jump straight to this is a state sponsored whatever. [01:00:30] Speaker B: But even though it typically is, it typically is. [01:00:33] Speaker C: Yeah. [01:00:33] Speaker B: Well, it is either some sort of like ransomware group or. [01:00:37] Speaker C: Yeah, but this has happened so much that some security researchers out there actually recommend you add the russian keyboard as an option on your system, even if you ever activate it, just to have it. And it's fun to trick the baddies. [01:00:51] Speaker B: Out there, isn't it? [01:00:52] Speaker C: Yeah. Well, I mean your machine still gets infected. It does. [01:00:55] Speaker B: Well, so to the point, right, this machine, let's say that I was, I had the russian language enabled and it said oh hey look, it's, it's a Russian, it's a fellow risky or whatever. I'm not going to run malicious stuff. It's not going to do info stealing and spywaring. What it does do is give me the option to use the media stream converter. Yeah. So it just, it does none of the bad stuff and just gives you all the functionality you were actually looking for. [01:01:18] Speaker C: Yep. [01:01:19] Speaker B: So you know, jokes on them. I set my stuff to Russian and then I got a great media converter for my Spotify. [01:01:26] Speaker C: Hahaha. You know, actually after having gone through all this, I still don't know if the, if the thing is a great media converter. [01:01:33] Speaker B: Right, that's true. Actually used it. They use the jinkiest one on the market. It's like, it sucks. I'm uninstalling this. But now we come to persistence, because Don mentioned persistence is where it kind of separates the stealerware from malware, or spyware, as it were. And to create persistence is always a fun thing. Says steelers do not typically set persistence. That behavior is more usual in spyware. So it is surprising to see that this malware does it. Each of the strings needed to create and then populate a plist. And man, I hate plists. [01:02:10] Speaker C: It's basically just the pain in the butt. [01:02:11] Speaker B: It's basically the, yeah, the crappiest cron capability. They used to have cron and then they got rid of cron and they brought in this plus crap. It spent like 3 hours trying to figure out how to make a scheduled task on my Mac OS. One way. [01:02:25] Speaker C: Yeah, plist files originally were like Mac's answer to the Windows registry. So the Windows registry, you get this one big hive where you can have all sorts of values and key value registers. Right. In macOS you had plist files that could store all sorts of system preferences and things, but now they use it for a lot more. And replacing Cron job functionality is actually how I learned about plists. [01:02:48] Speaker B: Me too. [01:02:49] Speaker C: Launch agents in general. Oh, gotcha. I think it was like Mac OS ten point or still called Mac OS X back then, 10.6 or seven or whatever where they made that change if you wanted an application to run at boot time. So prior to login, if it's post login, you can just go into your user account, you've got a setting there where you can add launch apps and that's that. But if you want somebody to run pre login, or if you want it to run on a set schedule, you've got to go and create a launch agent and define a plist that says what the schedule is for it to run. It's a pain in the butt, but it's stored in a text file and that means it's easy for malware to recreate, which is exactly what we're seeing here. [01:03:27] Speaker B: That's right. It creates that plist, slaps it in a very specific area of your device. And then if we take a look here, we can see that it uses the launch CTL to persistently load a launch agent for a plist from the application. And there's the command that does that. And then looking into the plist, we see that the goal is to run every 60 seconds. So every 60 seconds this thing is trying to run and make sure that it is doing its thing, doing all the steely stuff and spying stuff that it does. Persistence is set up with calls to Xor function. Again, more XOR to decode the strings and then uses snmprinf. And this is kind of just kind of getting into how it's doing that. So if you're interested in that, definitely dive a little more deeply because they, like we've said before, it definitely does that into this. But once that persistence is set up now we got to move into some privesque because that is super helpful for us. So from here, the UPD uses OSA script to ask the user for their password. I thought this was like super crafty, right? This is, hey, Mac OS needs access to system settings. How often do you get that prompt? If you run a Mac OS, I constantly get that thing. Hey, you need to type in your password to do X, Y or Z. [01:04:35] Speaker C: It's funny to me, like, what's the easiest way to get a user's password? Ask them for it. [01:04:39] Speaker B: Ask them for it. Hey, can I have your password? Well, hell yeah. Let me just. [01:04:44] Speaker C: And again, people are used to this. Hey, I'm installing an application and it's going to ask my password. It must be writing files to somewhere important. There you go. [01:04:53] Speaker B: What could go wrong here? Don't. [01:04:55] Speaker C: Yeah, yeah, but the way it described generating the. I didn't actually get to see what the prompt looked like, for the password, do they have a picture? [01:05:02] Speaker B: No, I don't think they did. I think they, the way they described. [01:05:04] Speaker C: It, it sounded to me like it would look different than the normal pop up. But I haven't seen it, so I don't know. [01:05:09] Speaker B: Yeah, I haven't. I didn't see it either, but definitely a crafty piece of tradecraft that they got going on there. It's just like Don said, let me just give you something that looks official and ask you for your password. And a lot of people, probably nine out of ten, would probably do that thing easily without even hesitation. [01:05:26] Speaker C: People are on their guard for phishing emails. If you send somebody an email asking for their password, they've learned not to mess with that. But if it's an application asking for. [01:05:34] Speaker B: The password that looks like it's coming from the operating system and they're in. [01:05:37] Speaker C: The process of installing an app. Oh, people fall for that. [01:05:39] Speaker B: Yeah, perfect. [01:05:40] Speaker C: All day long. [01:05:40] Speaker B: Yeah. Heck, I would probably fall for that, right, if I had download this thing because I was an idiot and I'm out there looking for Spotify media converters. [01:05:49] Speaker C: I got to see if I can see the icon on his desktop. [01:05:52] Speaker B: Pay no attention, Don. This is not for you. Keep your eyes on your own stuff. Okay. But, yeah, then I totally would have got hit with this and not thought twice about it because it is a very crafty thing. So then they save the password file into a file called PW, if I'm not mistaken. I think it's just called PW. There it is. Written to the PW dat file as mentioned above. So they make a little copy of that, and then they start sending that kind of information to c two. I think that's where we get into the c two's traffic. Oh, it runs into spying, info stealing, which mostly. Forgot about that part is it does do some spying info stealing. Info stealing. Specifically, what is it stealing? A ton of stuff. Like a lot of things. If we look at the list, this. [01:06:36] Speaker C: Is the best part of the article because to me, it shows you the type of thing these attackers are looking for. [01:06:42] Speaker B: You know, um, started off with system information. So just like a P's, like, what applications are running on your device? It looks for that. Uh, what are the installed applications? I want to say it looks. Oh, here we go. Here's a, here's a little laundry list. We got browser setup. So it's looking for stuff in safari, filezilla, steam query. So the steam, right. You're running steam wallets and coins. Yay. So if you're running bitcoin. That's fun. Discord telegram zsh ssh curl setup. Now don, you said something about Zsh. Not that I was super pertinent. [01:07:13] Speaker C: Yeah. [01:07:14] Speaker B: Please, please explain why Zsh is, is going to hamstring you here. [01:07:17] Speaker C: So this article is kind of a living one. They keep adding more targets to it. And one of the last ones they added, I was surprised it was the last because it's an attack vector that I know about. Yeah. In Mac OS, when you open up a terminal, the default shell for it is Zsh. And Zsh maintains a command history. Now bash does the same thing, so it really doesn't matter what your terminal is, they maintain a command history. Well, if you're a developer and you've used a tool like the AWS console or the AWS command line client, which almost every AWS developer uses, well, you have likely had to input your API key into the AWS client so that it functions. And when I say you're likely to have done it, I mean you've done it. [01:07:58] Speaker B: You've absolutely done that. [01:07:59] Speaker C: And unless you have intentionally cleared your Zsh history, the odds are your API key is still in your history. Zsh maintains a pretty big history file, and so if they can harvest that, anything you've entered in the command line is going to be in there. So anytime you've passed a credential for a one time operation, anytime you've done a token, any, anything that you've executed historically, it's right there and they can get it. It's all in that history file. It's just a simple text file, easy to exfiltrate. Your user has full permission to it. You're the user who's executing this stuff. So like they don't have to elevate creds to get at it. [01:08:34] Speaker B: Dude, when I'm doing any kind of like pen testing or ctfs or things of that nature, if I make access into a Linux system, it's one of the first things I do is go check for bash history or the history file, or just start pushing up and see what happens there if I have that kind of access to the system. So you'll see a lot of people, and especially in CTF, still just redirect all bash history to dev null because I want to keep that or set his to zero. So they're not maintaining that history file because there's a lot of good stuff that people type into there. They're bash prompts, but it's a pain. [01:09:06] Speaker C: I use the hell out of my history, it's super useful. [01:09:10] Speaker B: But there it is, right? If it's ease of use, it's typically going to, probably going to give you some vulnerability there. [01:09:14] Speaker C: And there are ways around it. So like when I set up my AWS client, I create a credential file first and then I edit that file and I put the credential in there and then AWS client just points to the file. But hey, if the attacker gets the history, they know where that file is. They're already in, they can get it. That file too. That's a challenge that you've got to keep. Yeah. [01:09:33] Speaker B: The good thing about that is if you're doing something, you're making something like vagrant or doing popular chef or any kind of orchestration, and you're just calling from a file, you're not actually putting those things inside the code that you might be hosting a GitHub or that kind of stuff. So you want to keep those things out of there. I typically will use an environmental variable to hold my API key and then just call the environmental variable for that stuff. [01:09:55] Speaker C: I know a developer who will remain unnamed who wanted to make it easy to move between computers. And so he set up a GitHub repository to synchronize his user profile. What he wanted was every time he dropped to the terminal, he wanted to have the same aliases and stuff like that in place. And so the bash Rc file or whatever Zsh uses would be synced. Well, it was esh. And he synced that up and his aws key was in there. And GitHub actually scours the repositories. [01:10:22] Speaker B: I'm thinking of the meme right now of Leonardo DiCaprio on Once Upon a time on Hollywood. Hey, there it is, holding the beer and the cigarette. [01:10:34] Speaker C: I get an email from GitHub because I was the AWS administrator back then. I get an email from AWS, shoot, GitHub, sorry, jumping companies. Now I get an email from GitHub saying, hey, your API key or an API key has been posted here. You need to do something about it. So it was cool because we took action really fast, but for a few minutes that developer's API key was exposed and so we had to kill off that API key and rotate it and so on. But if GitHub hadn't sent me that warning, I would have been host. [01:11:03] Speaker B: Yeah. [01:11:04] Speaker C: Yep. [01:11:04] Speaker B: Yeah. Fun stuff. Fun stuff, kids. All right, basically the rest of the article is some of the other things that it does info stealing on. Obviously. I think I already talked about it's looking for data from third party applications and how they're collecting that app. Data collection. So stealing from Safari, the keychain notes, always great places to start looking if you are a nefarious actor. So you're using Safari's query. They're also using keychains as well to look in those and notes as well. So these are just basically part of the APIs of the operating system. [01:11:38] Speaker C: I thought it was interesting that it scours the file system for certain file extensions and some of those are pretty important, like OVPN, which is open profiles. Yeah. So you can load one of those in. It's got all your creds in it, ready to go. Pem files, which would be your private keys for SSH sessions. There was another one that stood out as being a big deal. Oh, jpegs. Yeah, jpegs, man. PDF's just all the other stuff that you'd think about. It's interesting what they search for. [01:12:14] Speaker B: Yeah, absolutely. And then from there they also do screen capture. You don't want to have malware without screen capture. Microphone capabilities. I think they grab that as well. [01:12:23] Speaker C: That's persistent too. It runs the microphone. [01:12:26] Speaker B: Wasn't there something, did it have a microphone? [01:12:27] Speaker C: Yeah, it was on there, but it was for a tricky reason. They wanted to do something. So on a Mac, when you take a screen capture, it makes a noise. It makes like a camera click sound. And so it requests microphone and speaker privileges and it will mute the system, take the screenshot, unmute the system. [01:12:47] Speaker B: Gotcha. [01:12:48] Speaker C: And so like they thought through it enough to make it where the user won't notice the screenshot happening. And that's why a lot of operating systems have changed. I don't know if you've noticed this recently, but you take a screenshot and the whole screen kind of flashes. [01:13:00] Speaker B: Yeah. [01:13:01] Speaker C: And that's why it's letting you know as the user that that just happened. So if a program does it, I don't know if Macs do it or I know Windows does. [01:13:09] Speaker B: Yeah. I've definitely heard a Mac do it because I take screenshots all the time. So does the screen flash? It does kind of like a thing. [01:13:16] Speaker C: All right. Yeah. So I mean, that's supposed to counteract and make it where you don't know that's happening or that you do know that's happening. [01:13:22] Speaker B: Yeah. And even if it did happen, most people probably like, that's weird. [01:13:26] Speaker C: Yeah. [01:13:27] Speaker B: Right. [01:13:27] Speaker C: Yeah. [01:13:28] Speaker B: Computers, computing. What are you going to do? Right. [01:13:30] Speaker C: Glitch in the matrix. [01:13:31] Speaker B: Yeah. So interesting fact about its c two is. It's using curl, just straight up curl for c two communications, which is simple and effective because you're just grabbing URL's and probably doing some post and get and you're good to go. It's fairly simple. I've built janky little c two s that basically do the exact same thing where you just say hey, post this information from the malware to the c two server which is running Apache or nginx or something. And then once that information is there, the system can then run. So it's basically posting. If it run a command, say cat Etsy password, runs that command, grabs that data and then posts, it does a post request to the Apache server. Now that's in the logs and I can skim the logs and grab that information. So that's basically what's happening here. [01:14:22] Speaker C: The only problem with that method is that you have to basically hard code an IP or domain name for curl to access. When you hear about the FBI doing a takedown or seizing a domain, that's usually what they're doing is trying to seize whatever the c two URL is. In this case, it looks like it was hard coded to an IP address. So now that the authorities are aware of it, at some point that IP address will get seized which will break current installs. But they just change the ip in the binary and new people, it moves on. [01:14:51] Speaker B: They just keep playing this whack a mole game. It's the fun cat and mouse that we do. And of course, speaking of indicators of compromise, got a whole laundry list of indicators of compromise. So if you need to check your systems and make sure that you don't have any of this action happening, you can of course start whipping up your yara and sigma rules till the day's end. Here's the the DMG. So grab that Spotify music converter. That's a shah. Looks like 256 maybe hash value of these. We got the. What is it again? Makos. [01:15:19] Speaker C: Makos. [01:15:21] Speaker B: The makos shock hash values for those and then those, those domains and ips. So you can set those in your firewalls and say we don't, we don't talk to these people. They are Persona non grata. So. And as Don said, there's the addendum of the deep dive. They just kept adding the functionality that they were discovering into the feature in the addendum. So check it out at your leisure. We are out of time for this episode, Don. We have run it down to the nub. It's been a lot of fun, though, but really enjoyed having you back. How was it being back? [01:15:48] Speaker C: It's good, you know, just snap right back. [01:15:50] Speaker B: So we'll have to, have to make scheduled appointments for you to be back in the hot seat. [01:15:54] Speaker C: Yeah, I'll be around. [01:15:55] Speaker B: All right. That said, we're going to leave you, but don't forget to check out all the things that are our parent organization, ACI, our sponsors, that they're doing [email protected] or acl learning.com dot that's the, that's the official website. We also have the Technato website. Check that out. Join us here on the youtubes. Don't forget to like and subscribe. Leave us a comment. We like to hear what you have to say about these things. Always interested in hearing your thoughts and opinions on the articles that we went through, as well as if you have some suggestions for articles. Totally down with that. Actually, one of the articles today was suggested to me in LinkedIn by one of our viewers. Hey, cool. I was like, this is, it was the DKim one. I was like, absolutely. We're using this one. This is a great article. Yeah. So love to hear that stuff. That said, Don, again, thanks for watching, or thanks for watching. Thanks for joining us. Thank you for watching. And until next time, take it easy. [01:16:46] Speaker A: Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.

Other Episodes

Episode

April 02, 2020 00:51:16
Episode Cover

Technado, Ep. 145: CyberX’s William Price

William Price from CyberX was this week’s Technado guest. In addition to talking cybersecurity, William broke down why security professionals should attend the SMB...

Listen

Episode

November 19, 2018 00:33:34
Episode Cover

The Technado, Episode 75: Microsoft’s Taylor Brown

Containers might be a new buzzword for many, but Microsoft has been in that game for years. In this episode, Peter and Don talk...

Listen

Episode

November 12, 2020 00:49:17
Episode Cover

Technado, Ep. 177: CertNexus’ Lindsay Bachman

Sticking with the CertNexus theme, Director of Certifications Lindsay Bachman joined Technado to talk about what goes into making a brand new certification. She...

Listen