Small-town street scene in Illinois American flag flapping in breeze by huge painted American flag fading from brick wall


Episode #68 - Cybersecurity Offense - Can you hack back?

Is there really such a thing as "offense" in cybersecurity? This week, the guys discuss how it's possible to proactively protect organizations against criminals and how to identify potential attacks so you can stop them before it's too late. They share the realities of offensive cybersecurity and "hacking back."

Pick up your copy of Cyber Rants on Amazon.
Looking to take your Cyber Security to the next level? Visit us at
Be sure to rate the podcast, leave us a review, and subscribe!



Mike's Headlines


Hackers are now hiding malware in Windows Event Logs
Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

Microsoft: May Windows Updates Cause AD Authentication Failures
Microsoft Patch Tuesday Updates for May 2022 Fixes 3 Zero-Days, 1 Under Active Attack
FBI, CISA, and NSA Warn of Hackers Increasingly Targeting MSPs

Five Eyes Agencies Warn of Attacks on MSPs
Researchers Uncover URL Spoofing Flaws on Zoom, Box, Google Docs

An Offensive Mindset is Crucial for Effective Cyber Defense
Experts Uncovered a New Wave of Attacks Conducted by Mustang Panda
Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums
Low-rent RAT Worries Researchers
Vanity URLs Could be Spoofed for Social Engineering Attacks
Intel Memory Bug Poses Risk for Hundreds of Products

CISA adds CVE-2022-1388 flaw in F5 BIG-IP to its Known Exploited Vulnerabilities Catalog
Business Email Compromise Scams Netted $43 Billion in Losses as New Variations Emerge, FBI Says
Tech Group Pushes Back Against SEC Cyber Rules, Warns of Reporting Overload
US Charges Hacker for Breaching Brokerage Accounts, Securities Fraud




welcome to the cyber rants podcast this is your co-host
zach fuller joined by mike rotondo and laura chavez today we have a good episode we're going to be talking a
little bit about cyber security offense is there such a thing well let's unpack
it and find out shortly but before we do mike why don't you kick us off with the news ukrainian hackers target vodka
supply chain recognizing the vodka exports helped fuel russia's economy hackers loyal to
ukraine turned their attention to russia's supply chain that feeds into viktor production russian alcohol
producers and distributors must register shipments for a russian internet portal packers have launched ddos attacks to
deny access to the website the outage impacted not only vodka distribution but also wine companies and purveyors of
other types of alcohol i know that's a horrible story to start the weekend with but uh you know it
started hoarding the 13th they took our vodka people are going to start hoarding it
instead tequila or scotch instead people just move on move on vodka's dead
hackers are now hiding malware and windows event logs yay uh security researchers have noticed a malicious campaign that uses windows event logs
or malware a technique that has not been previously documented publicly for attacks in the wild that method
enabled the threat actor behind the attack to plant fileless malware in the file system attack filled with techniques and modules designed to keep
the activity as stealthy as possible we got another three stories on microsoft here real quick uh so i'm just gonna hit
the highlights cyber estimate attack drops post exploit model where framework on microsoft exchange servers a likely
china-based state-sponsored threat actor has been deploying a sophisticated post exploitation malware framework on monkey stock
microsoft exchange servers at organizations in the technology academic and government sectors uh since
last fall it's called ice apple microsoft may windows update causes ad authentication failures and microsoft
patch tuesday updates for may 2022 fixes three zero days and one is under active attack see the above 80 authentication
failure microsoft is investigating a known issue causing authentication failures for some windows services after
installing updates released during the may 2022 patch tuesday this comes after what windows admin started sharing
reports of some policies failing after installing smart securities updates with authentication failed due to the user
credentials mismatch either the username provided is not mapped to an existing encounter the password is correct
this issue impacts client and server window platforms and systems running all windows versions including the latest
available releases of windows 11 and windows server 2022 so definitely a concern well it's funny because i just
sent an article to you guys the other day about microsoft offering microphones it's hard for me to say that
anyways microsoft off offering the uh their managed security services for some
for other businesses yeah i saw that too it's like okay yeah go ahead how about
you fix your code before you start telling other people how to secure their windows exactly exactly all right this is going
to be the topic for today but i do have a couple other things after that that that are important for you to look at
the offensive mindset is crucial for effective cyber defense as uh ransomware attacks continue to increase and cyber
criminals are becoming more sophisticated the federal government has implemented a more proactive approach when it comes to cyber security
we'll see how well they do that as evidenced by its strategy to adopt a zero trust architecture the federal government is
taking measures to reduce the risk of cyber attacks against its digital infrastructure and setting specific security goals
for agencies to quickly detect isolate and respond to threats the approach is also exemplified by the extension of the
industrial control systems cybersecurity initiative which is aimed at facilitating the deployment of technologies and systems that provide
cyber related threat visibility indicators detections and warnings to the water infrastructure an offensive
mindset is key to ensuring the best cyber defense to ensure success there are three main components for
organizations to consider when developing a defensive strategy based on offensive cyber model re-envisioning
recruitment thinking like a hacker and promoting offensive training in tangent with defensive training it's the
government so though they want to do this it'll probably be implemented in 2057 so who knows fbi is an nsa warrant
of hackers and crystalline targeting msps this is a topic for another day but msps are a privileged target for both
nation state actors and cyber criminals right now because you take down one and you can take down many companies in the
process there's some good information on this i'm not gonna go into too far in detail today uh respect and lastly
researchers uncover urls spoofing flaws on zoom box and google docs users have
discovered several url spoofing bugs that would allow fishers to generate links to malicious content and make it look like it's hosted by an organization
sas account vulnerabilities arise for a lack of validation of so-called vanity urls and they allow attackers with their
own sas accounts to change the url of pages hosting malicious files forms and landing pages so
that's that's not good experts uncovered a new wave of attacks conducted by mustang panda something to check out the exported sound alarm on dc rat backdoor
being sold on russian hacking forums and there's a low rent rat out there that costs less than a starbucks copy which
is i think 37 dollars now so with that laurel what do we got and low rate rats i like that
rats yeah some of them are free why would you pay for the service of hosting that might get i guess whatever i don't
know hackers uh this one's reports yeah i think that's that's probably more they have to make cyber crime accessible
to everybody in today's environment all right it's not it's not politically correct if cyber criminals are only
allowed to be the elite few right the two percenters right we need to make sure everybody can be a criminal so
let's lower the price eventually you're very wonderful
disagree with that the world will never cease to amaze you the darker you get on the internet let me tell you okay so f5
big ip this week has a remote code execution so um this is cve 2022 1388
you got an f5 big ip make sure you're getting off of the 16.0 version as there is a really good poc
uh done by yeshus alvarez and it is solid and it
will certainly deliver whatever execution payload you want to send to the f5 so make sure if you've got that
running that you're getting off of that version today there's other pocs also available on the get community for that
um if you're running an intel product uh like many of you probably are in the
world today then it's probably mindful to know that there is an octane ssd and an octane data center product
zero day essentially vulnerability that allows a local attacker i will say that so before you get all spun out of place
when you see your executive read this on the headline news and he sends it down to the security team like we got a patch right now
just remember that these vulnerabilities 33078 33077 and 33080
all dealing with these um these these basically privileged access using the intel chip flaw you
have to be localized okay so they have to be hands on the keyboard physically at the machine or the server in order to
accomplish this so keep that in mind right don't get spun out however it is quite alarming that this type of attack
can happen and then finally for all my google chrome fans out there get off of version 780 39 because there is a remote
code execution for that as well get pulled into a a page that's hosting this exploit it's going to run in your
browser and you're going to be able to execute code local on your machine so make sure you're updating your google
chrome this week there are several pocs out there available for this uh the one by deadlocks probably the one that looks
i think they're probably the most solid that's going to work for the bad guys but there are a lot of 90 plus percent
working pocs for for this chrome exploit so make sure you stay the legitimate sites
turn on your browser extensions for for the the security and privacy and uh also
update your chrome all right zach we got something fun to talk about today we we do and uh just
as a quick reminder to everybody all the news articles are posted at again you can go there
you can click the links go straight to the source and get more information yourself and you can also
leave us a message ask questions all that good stuff right there through the website or through linkedin or
many other channels carrier pigeon all kinds of good stuff so that being said let's take a quick break and we will be
right back talking about offensive cyber security want even more cyber rants be
sure to subscribe to the cyber rants podcast get your copy of our best-selling book cyber rants on amazon
today this podcast is brought to you by silent sector the firm dedicated to building
world-class cyber security programs for mid-market and emerging companies across the us silent sector also provides
industry-leading penetration tests and cyber risk assessments visit and contact us today
and we're back you guys ready ready ready ready sure why not
all right don't sound so enthusiastic hey man
we're out of vodka training hackers what is there to look forward to
it's all downhill from here oh the drake beam it's like no to russian oil but you know russian vodka yeah
yeah really yeah i think it's great i mean there's vodka made in plenty of other places and we could support those places so yeah
i'm pretty sure everybody has potatoes it may not be up to your vodka standards but uh
yeah or it might be it might be higher than your normal standards have been that implies i have standards there you
there you go if it doesn't have chunks of potato in it you don't drink it well when i lived there that's actually
had like floating pieces of potato in the vodka you got for three rubles
that's pretty much also 1800 rubles to the dollar so you could buy six hundred bottles of vodka for a buck
wow that's living on right there at that at those those exchange rates
too it's uh pretty hard to buy a strainer so um it's yeah so you might as well just
deal with the chunks of potato but anyway this is not a vodka show popular
uh just against all all common belief here it's actually a cyber security show so we will um talk about you know the
topic of and this this is excellent with that that article his article was titled
offensive it was i forget the title exactly offensive cyber security measures you know being taken and and um
we we have to unpack that right because a lot of people ask and and this is straight out of the cyber ants book so
for those of you who have read the book outstanding you're a step ahead you're going to
have heard some of this before uh just in different words that being said i mean is offensive cyber security
really a thing for the common folks out there for the common focus out there most of us i honestly think it's a
misnomer in that you can't be offensive in that you can't go attack you can't go
uh preemptively strike you can't go you know do those things that you would think of from a offensive standpoint in
either sports or war but you can train your people
to be able to be offensive minded uh in order to
you know identify attacks and deal with them properly
and i think there has to be a hybrid model between completely passive and active defense versus offense i
think active defense is a better term than often yeah i think that there's a misnomer because i think you know really what what we call this
in the industry for a long time we were trying to get companies to move to was a proactive
cyber security mindset right being being forward thinking you know not sitting there being idle handed doing
nothing waiting you know waiting for approvals or the worst case scenario to happen offensive sounds way cooler
yeah but i i agree with you in the in the term that it was meant for in our field it was for
um you know red team versus blue team right offense versus defense and it was for active attacks
that you can't go and do you're not going to go that maybe the government is going to be you know the government can be offensive against hackers in russia
and in china and those places right us that are handling the the
business uh you know backbone of the the country we don't we don't do that that's
not something that we do right unless you can go play at the cyber warfare range in your spare time right what what is spare time i don't
we're too busy being proactive with cyber security i mean yeah there's no there's no time for play um that's not a
term in the cissp glossary in the back i didn't see that in there
um well you know you got to think this is an america you know i mean here in the united states we have you know a lot of
you know sports right so offense versus defense is a term that everybody gets right it's right you know expect what
expect what the bad guys doing and i think that's really what what the misnomer is is that you need to you need to understand your enemy and i think
that's probably what what a lot of organizations don't i don't think that the cyber security
professionals do but the leadership probably does not understand i don't think they put the level of thought into it i think they
just think it's like somebody else has thought of this all i have to do is buy the tool and then it'll take care of it
right you know i honestly don't think they took it through yeah and i think and and but in the in
relation to the article it does say offensive mindset and i think that's good because we we're starting to think
about how the how the attackers are thinking right so we could certainly have offensive
security internally in terms of like red team blue team exercises but really
that's just the training for the for the real battle the true battle right and so we're always going to be the defenders
but yeah that mindset piece you know i know we talk a lot about
security awareness training and some of those mechanisms to get people to keep
security top of mind so no need to dive into that too deep but you know i really think that's where it starts but even
actually that's not where it starts it starts with leadership's decision to be offensive minded right if they're
not doing that if they're not putting the resources in nobody's going to in the organization
yeah there was actually a bill before congress i think it was last year and i think i actually touched on it we
touched on it in the book that was actually talking about allowing people to go back after hackers like if you
someone came and ddos you you could go attack them and i think that wiser heads or cooler heads
prevailed and realized that having a bunch of uh you know sys admins at you know all the
different companies in the world attacking and you know counter attacking probably wasn't a good idea
well it's a terrible idea attacking they're you know they're attacking a
target at a perfectly legitimate company that's already been compromised now that poor organization's getting smashed
i think the internet would go down worldwide if everybody was hacking everybody it would just be
i would it would our i think the face of the earth would just catch on fire i'm pretty sure we're close to that
today because i think there's a lot of there's just a lot of activity going on but you know the the industry used to
like you know when when the first technology appliance came out um you know and it could be arguably you know
discussed whether it was a firewall which is in a lot of organization it's like who owns the firewall rules is it
security team or is it the network team oh that was a big argument but you know i think really probably one of the first security plans that you know officially
came out to do you know defensive based understanding of packet inspection was
the intrusion detection system right ids right you see the abbreviation before all the time well it was it was
defensive in nature hence intrusion detection it was it would detect an intrusion hopefully and alert uh you
know a like-minded security individual to go and investigate that and that was considered to be a proactive tool that
was offensive security of the you know late 90s early 2000s where you would deploy this device and you had people
watching it and it would tell you if something acted out of the normal hopefully if you had it tuned right and
then um you know technology heads figured well let's let's not wait for a human to analyze the attack
figure out if it's a real attack or if it's a false positive and then in the meantime we're getting attacked let's let the device give the device the
capability to return and retaliate right this is the true offensive device now what what happened might they
wouldn't let you turn it on right i probably have a lot of security people
laughing right now but like how many of you remember having the ids ips come out it's like oh it's preventative now
we can we can smash we can smash it anybody that tries to attack the the front interface and and the leadership
saying no we can't we can have that we're getting the lawsuit you gotta turn that off let's leave it on detection
yeah good yeah don't let's play with our toys no they never do
but i think that you know but they'll spend money on them you know that's a dumb thing it's a write-off you know what i mean
it's like it's a loss yeah well the guy you know he couldn't deploy he couldn't figure it
out so we had to write it off you know that's what it was that's what it was we didn't have a competent engineer it was
it wasn't the leadership's fault at all but um oh never never never okay we're
not smashing on non-technical leaders i promise um but listen to your technical folks and speaking of listening to your
technical folks that's i think something that we bring to the table when we couple with a
client not you know shameless plug for the book and our services here but um you know we're trying to get the
organization to be proactive as immediately as possible so when when when silencer engages with
you there's two things that we do right up front that could be considered offensive right quote-unquote in in
nature for cyber security and that is number one we're going to start doing vulnerability scanning to your external
and internal networks immediately right your web applications all that started getting looked at and scrutinized by a
third-party tool that's not yours your buddy your people didn't manage and you have no insight or control over right
we're going to give an independent review of vulnerabilities and and wrist posture um immediately and then we're
also going to throw your people in training right and that's i think that's all companies need to be doing that right you don't need to couple with us
to do that that's just good proactive offensive security mindsets train your people start looking at your
systems from you know the external perspective first and foremost and then internally as well well then we're going
to train you to navigate the internal relationships with management to explain how
teach you how to deal with to explain how these are things are important and how to get your way a little bit
more because we've fought those battles for a long time and so i think we have a little more experience than the average
uh cyber security engineer out there yeah when it comes to fighting the the leadership
uh that leadership fight yeah i think that we we also get very good navigation there that's so well no more shame no
more plugs no more plugs you know
it benefits a third party benefits and this isn't sounds like this is anybody a consultant anybody with termed a
consultant that has a briefcase comes from more than 100 miles away suddenly has for whatever reason more
more influence and cachet than you know the internal resources for whatever reason right they just can you know for
whatever reason management's like oh he's a consultant you know or she's a consultant or whatever and they'll tend to buy and we've seen
this through our careers oh gosh so much it's you know it's rampant out there in the industry for
and here's the thing is i think leadership doesn't trust their people because leadership doesn't understand what their people really do
right and so there's this it's like if you're you know the old mindset of and this is probably still
common too and so the you know misogynistic methods of of male mechanics getting over on a female
that brings your vehicle in that doesn't know what could be wrong and then the mechanic will try to oversell you things
that you don't need and this doesn't just happen to females it happens to anybody who is non-mechanically inclined
right that you go in and they're like well you've got a you know the ball joint on your on your you join is
starting to unjoint so we got to add these three things here it's going to be an extra 900 bucks but you don't want to have a rack
and they'll buy that right and so that i think this you know the wiz the whiz bangs right i think this the the
generations that that are some of these high leadership positions they don't understand what their technicians are
doing and therefore it's hard for them to buy into what they're telling them so they'll spend double the money to
have an outside consultant like you said come in from 100 miles an a we're in a briefcase telling the exact same thing
that they were told by their internal confirm the story basically and then they'll go forward with the budgets or new tools or training and it's it's
unfortunately don't you know if you're listening to this near a leader don't get yourself in that in that situation listen to your people that's what you
paid him to do i was just going to throw in though you know just to
um point out there there are certainly situations where it makes sense for leadership to have a second opinion
right before making major investments maybe maybe the internal people
made the same recommendation but don't have the full visibility or level of expertise to
actually go you know follow through with strategy and implementation all that but they know what needs to be done so i think i
think there are you know to to stand up you know for for the leadership you know a bit here there are
cases where it makes sense to validate your internal assumptions or internal because they may be fully in agreement
and just need that um that third party recommendation there's also a legal component to that
as well in some cases where it does make sense to bring in some unbiased third-party view um for certain
situations and and get that um you know get that those recommendations um you know
verbally but also in writing too so well it's transference of risk i mean if you do that right you're sharing risk
and it's not the bag on the consultant class but i mean there there's just certain consulting companies out there
and there's certain companies that just oh you're a big four company then obviously you know more than my reach
than my people and it's just it's kind of a i think it's a more almost like a personal thing it's like
i've seen it happen so many times is it personal boys i think we i think
we rode our horses off the range here a bit we should come back
offensive offensive mindset and security and i was just going to say you know if
it's a good way to get promoted to rub it in your boss's face that you were right the entire time and you just spent a bunch of money on a consultant so
that's always good so it can work for you yeah
yeah just write him a letter to tonight
[Laughter] we need to get you some vodka just not
russian vodka anyway
um i think i think offensive mindset is is everything you know i think for um
you know you look at if you take it from kind of a military perspective and
combat scenarios that sort of thing you're always thinking okay we're going to go in we're going to move through this terrain um you know we're
looking at obstacles and avenues of approach and cover concealment factors all these different things
and what is the enemy going to do to use those same features to their advantage you
know to increase their their strength and i think we need to use that
that mindset you know think like the enemy and and one thing we have to
mention in this episode when we're thinking like the enemy a lot of people don't realize this still
but it's it's over i think i don't know what the latest exact percentage is based off the studies but basically it's
over 85 percent of cyber attacks um probably over 90 at this point are
financially motivated attacks so they're after money meaning
they need to find targets that produce a return on investment that's their that's
their first mindset we are here we are this is a business for us we need it just like you know the drug
cartels right it is a business for them they need to make money that's what they're after um everything else is
secondary a lot of people are still caught up in this notion that oh there you know all of this stuff that's happening it's you know cyber warfare
and hacktivism and things yes those things occur but it's the minority of attacks and for most of
our audience most of the organizations we're speaking with across the u.s are
are really you're not you're not really at a huge risk for hacktivism a type of tax or
cyber warfare or anything you're really at a risk of attacks that are financially driven so
remember that first and i'm going to get off my horse tom's beige top and mobile is not
a russian target well no it depends on what's going on in the basement you know
i could shut the bush at the base we'll shut the bait shop down though and say you know and start extorting them for
money to unlock their systems right exactly so i i think
so you know maybe we should say this and i don't maybe some of our audience probably understands this but
you know and then i'm certainly not trying to because you know you threw in the cartels in this conversation
the in i'm not trying to compare the internet to mexico
but what i'm saying is what i'm saying is that when when you're active on the
the fabric of the known public internet of things you are operating
in a place that not only a you probably only understand even if an engineer
level so much and and if at a neophyte level or just a user level so minimal that you
can't fathom the dangers that befall you as you go on your quest to go to google
and look for a new water filter for your refrigerator you have absolutely no idea
the work that these cyber criminals have put in place for been doing right in advancing
and um revolutionizing essentially the attack surfaces over the last 25 years
that the internet has been a popular place for us to utilize and share so if you think about it like a cartel
perspective these cyber criminals have worked to put botnets in places over time so that they have
not just one or two they have hundreds of them and and they they've over time taken
over small organizations and small compute resources that don't really flag
anything but they can be utilized together to carry out certain types of attacks deploy malware act as commander
control for for things like ransomware and and the you know the are evil the locker virus those types of things that
are gonna deploy ransomware to your systems all that stuff lies a weight in there you might as well be walking
through an indiana jones temple full of snakes and scorpions and giant beetles that'll
bite your feet i mean it is quite literally the same environment i just people don't see it because you're only
looking through the lens of your browser and you only see what the browser is allowing you to see
that's that's out there on the fabric computer well yeah i can tell you how many people are like oh the dark web's got to be so cool and it's like no don't
go there unless you know what you're doing yeah no and it's it's actually not cool it's it's it's old tech for for
everybody who wonders what it looks like it's like it looks like a bbs system from the 90s and a lot of these web pages are so basic right it's it's more
board driven it's it's more of a it's more of a between place to meet and
gather quickly efficiently privately and then go someplace else so that's really what
i think the bad guys are using it for but there there are you know obviously there have been marketplaces and popular places that have been there
um yeah but but but today it's more of an elusive place to to me get ops and leave and then don't leave your
your onion site available anymore right so they're torn down typically afterwards but it's been romanticized
and um to be so much you know so much out there
but um a lot of yeah i mean a lot of it's fbi flagging at this point
i think you know there's a lot of fake pages out there that are trying to lure people into trying to get you know um you know murder for hire type so two
ways that they can come arrest you because you're an idiot right so yeah you're literally if you're a use you
need to yeah most people for the even engineers need to stay off the dark right there's no really no reason to be there we research you know
based on data leakage and of course looking for you know new exploits that are that are being offered as as far a
payment i think it's the only really benefit that we see out of it um yeah i remember being at a uh
ic squared conference and the fbi was talking and the guy said
john wick doesn't exist i am john wick on the dark web you know it's like
it's like yeah because then you're going back to your fbi that i mean that's really what's out there i mean you're not going to find
the continental hotel you know you
know it's like yeah that stuff's not you guys this isn't slenderman you just need to calm down right out there
um the dark net but um yeah but but there is there is literally a
lot of i mean it's it's like it's like being an animal and walking through a trappers you know area where they
they've laid a bunch of traps for you and that's that's if you're not specific and it happens i see with my
parents i'm not i'm not sure about you guys but you know my my parents are older and so they they're they're very
limited in their knowledge of places so my like again my dad will be like well i need a new water filter for the refrigerator and you know he'll look at
something and and you know his browser will force him to a page and he'll see a ad for
like the same water filter for like 1.99 and he'll click on it and he'll be like it sent me to this
google login page and they asked me to log into google to get to i was like no no no no no you don't that's not it's
not just don't log into google no go back let's just get it off amazon you know so this i mean but
these attacks are designed to ensnare the unknowing person into
i mean they use everything from discounts to uh unobtainable things like you know
like no wrinkles for you know no aging you know all this stuff right uh renewable water sources uh renewable
energy i mean anything that you can think of there's a trap lead in that in that space for a human that is going to
find or wanting to find information on the specific topic they have a trap set for every topic out there
well and then even if you know to go to the target even the porn sites and the the you know the pictures of you know
the top 10 hottest women of all time and those kind of board sites are always basis for fishing and
uh ransomware and malware and yeah everything else yeah absolutely and
scare scare ransoms right where they where they'll they'll use your video camera to film you
yeah while you're doing various things right and and then try to extort you for money so but again yeah i don't think humans um
there are operators out there really understand the threat and so i think that offensive mindset and a proactive
mindset is important because again you're looking it's like looking through the universe through our telescope okay
we can only see very specific frequencies that's it so your web browser is that frequency
that you're looking into the public internet of things and it's a very limited view for you to understand
what's happening there yeah and so keep in mind that there are other things happening like if you
believe in ghosts and you're like well you have to see him through a infrared lens with you know above that this is
like what that's exactly what's happening here there are ghosts waiting to scare you and do other things to you
extort you for money out there on the internet the ghosts of the internet i think because
kevin mitnick book um the or the ghost ghost in the wire sorry um
ghost in the machine was an anime which exactly we got a rat we gotta wrap it up here
but one final thing i'll add and then curious to hear your your final thoughts as well but i think
organizations don't do enough of this and i think it's a valuable uh activity to do i think open source intelligence
research to find out what not on the dark web but just on your general internet what's it
what where are you already exposed where is there information out there that a attacker could use to potentially
compromise your organization and so when you start to learn about even just what you can get through just using google
boolean searches and things like that and um some of the different
deep net really is what it is it's not dark web it's deep net but it's all through your normal browser
you know what can you get out there you might find that your company has a bunch of things like pdf files of internal
company documents and and different information that's just been put up in different places over the years that can
actually be found if you know how to look for it the right way and some of that stuff can be compromising so we we find find that
on organizations so if you haven't considered open source intelligence research
as part of your active defense uh that would be my my final tip of the day mike lauro anything
else before you wrap no you know training policy procedure
uh all these things are definitely will put you in a more offensive or
proactive mindset so uh just be aware out there there's threats that
there's really no safe place on the internet not anymore no and i'll just i'll back
what mike says training uh vulnerability scanning make sure that your gaff you can't do the ocean
research and again i think uh you know email protection is very important today
there's a lot of phishing attacks that are gonna you know come from leadership that will go down to a person saying i need you to go out buy a bunch of gift
cards today so train your people to scrutinize messages that have urgency
and other types of strange you know emotional driven kind of you know wording to you know drive an
emotional response instead of a logical one for them to go do something that's going to you know get some bad guys some
money on your company so certainly train your humans and yeah there's unfortunately there's not really
many safe places out there anymore well thank you everyone for joining us on the
cyber rants podcast again check out the website reach out please
subscribe rate the show share it so we can get the word out and share this information with more people
so that they can help secure themselves their organizations their families and we can
do better octave defense right even if we can't be truly offensive
let's learn how to defend ourselves and think like the attackers