DEFCON Recap – Our Takeaways from the Conference

Unsecurity Podcast

Fresh off a really successful DEF CON with Team Ambush, Oscar Minks joins the UNSECURITY Podcast to reflect on the conference with a DEFCON recap and its competitions. Oscar leads FRSecure’s technical services team—which many members of compete at events together as Team Ambush.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: All right. Good morning. Thanks for tuning into the Unsecurity podcast. I’m Evan Francen with Brad Nigh. This is episode 93 and the date is August 17, 2020 Brad. Good morning.

[00:00:35] Brad Nigh: Good morning. I don’t know what time is it?

[00:00:41] Evan Francen: Yeah, I know. I add more like in the show notes than what you said. So it threw me off. I was like, wait what? I thought I had a minute.

[00:00:49] Brad Nigh: Keep you on your toes.

[00:00:51] Evan Francen: Yeah, it’s too early for that. Uh Alright, also joining us is my good friend and fr skiers awesome Director of Technical solutions and services. Oscar Minks. Good morning and welcome Oscar.

[00:01:04] Oscar Minks: Hey, good morning guys, Happy to be here.

[00:01:07] Evan Francen: Take care. All right. It’s been a while since we had you on the show. Oscar and uh, I’m super excited to talk to you always we talk after the show anyway, every monday. Um, but I really it’s kind of cool because we have some cool things to talk about your team’s performance at def con safe mode this year was pretty damn awesome. Uh but before we dive in, we we first do our thing, we catch up. So let’s do that first brad. What’s up?

[00:01:39] Brad Nigh: How much need the early? No, really?

[00:01:44] Evan Francen: You’re usually better at this. Usually better in the morning.

[00:01:47] Brad Nigh: No, uh, so long weekend. Uh But uh physical activity outdoors and was good and getting some stuff done. But man, it wore me out.

[00:02:01] Evan Francen: Yeah. Last uh last weekend we talked you were become tired because you had helped Oscars team at safe mode a little bit.

[00:02:10] Brad Nigh: Yeah. Yeah. No this is I got enough sleep this weekend. I just did a lot of physical activity and after sitting in my chair for how much like 40 hours Oscar

[00:02:21] Oscar Minks: Yeah around 40 hours on the weekend. So it was a lot

[00:02:25] Brad Nigh: used to the you know moving around and doing stuff.

[00:02:29] Oscar Minks: Yeah I don’t know about you but it took me most of last week to catch back up and then even the weekend I was still felt like my body was catching back up from the sleep deprivation along with probably like two decoration of nutrition as well. I don’t think we ate nearly as much. I realized that when I got home and I was so hungry all week that I was just eating everything. Like uh we should have had more food.

[00:02:54] Brad Nigh: Uh taking care of me, making sure bring me too. So it was nice. I had that going.

[00:03:02] Oscar Minks: Yeah that’s what Erica was telling me when I got back. She’s like sounds like you just need me to go with you guys next year and I’ll just cook food, make sure you eat something would’ve been very happy with that.

[00:03:13] Evan Francen: What is the what is the staple during uh during your cts. I mean you gotta have something right pizza, it

[00:03:20] Oscar Minks: always used to be like well last year and years before the guys will get a giant pizza at least one of the days when we get these pizzas when we were in Vegas that were, I mean they won’t even fit in a car. It was funny the delivery guy when he brought them to us had to put him in his trunk because the boxes were so big and so that was always pretty fun this year though, since we’re remote, we uh I didn’t get a embark on the delicious giant pizza, but it was kind of cool. Me and a couple of the guys from the team, we went to a farmhouse in stearns Kentucky, which is in the middle of the daniel Boone and uh nearly coming on falls and things like that. And so four of us were working out of that farmhouse and we at least did grill some burgers and once it was all over we grow pretty nice meal. Um most of the time it was just snacking on whatever we had around beef jerky and chips and junk food and you know all that good stuff.

[00:04:13] Evan Francen: How many energy drinks do you guys do energy drinks, man

[00:04:16] Oscar Minks: too many. Yeah, I try to limit myself to like one a day of those just because if I have more than one, I can’t sleep and get a little jittery, but I think we brought a case, there was four of us and when we left, I don’t think there are any left. I think they were all gone. So some of the guys for him or two or three a day. And uh uh one of the guys has sworn off energy drinks since then. She says he had too many. So yeah, there was a lot of uh a lot of uh caffeine ingested as well. Yes.

[00:04:50] Evan Francen: You know how many energy drinks? I do too many. Not anymore, But I was, I was doing like six a day. Oh my

[00:04:59] Brad Nigh: gosh,

[00:05:02] Evan Francen: here, it’s just, that

[00:05:03] Brad Nigh: was my reaction too.

[00:05:05] Oscar Minks: Yeah, I don’t, I don’t know the my heart can handle that or my body can handle that if I have more than one and I just get the shakes, you know, started shaking really bad, so I can’t sleep good. Anyway, Add six cans of energy in there and I’m probably not going to sleep at all.

[00:05:23] Evan Francen: Yeah, you build a tolerance man then after a while it just becomes sustenance. Right? If you don’t have it, then you’re like screwed. Just keeps getting worse. Right. Right, so what do you do this weekend? Anything cool? Usually fish and stuff.

[00:05:39] Oscar Minks: Yeah. Usually fishing this weekend, I just decided to take a power down weekend and take it easy. Um we uh got sunburned on saturday floating in the pool. So that was a lot of fun. Uh And then uh we just kind of took it easy saturday and uh grilled some food and didn’t do a whole lot and then yesterday uh we got on in every can’t tell because you can see this window of my office, but we totally clean my office to put some new shelves in here, set up my old console stereo and record player again and just kind of did some home projects and some more, taking it easy,

[00:06:16] Evan Francen: awesome man. Yeah I got back from Sturgis on Tuesday, so I’ve been self isolating, you know, I don’t want to get anybody sick. Uh But I got no symptoms man, so

[00:06:31] Brad Nigh: thank you. Yeah,

[00:06:34] Evan Francen: I mean if you’re not gonna get it in Sturgis, I mean there’s no way in hell I’m getting it anywhere. I mean I could like I could like almost bathing covid and you know it’s about the same damn thing,

[00:06:44] Brad Nigh: you

[00:06:47] Evan Francen: Know, I haven’t but you know I’ve heard that those are only like 50% accurate or something like that, is that true?

[00:06:54] Oscar Minks: I’ve heard the same thing, that’s like uh 50, accuracy rate, something like that. Yeah.

[00:07:01] Evan Francen: Mhm. Yeah I could cook this up. Uh we see if I can get the damn having troubles with some display issues on my computer today, I got up early, I’m trying to auto calculate, trying to create some math for auto calculating um crime rates in the United States, there’s a lot of counties in a lot of law enforcement agencies who don’t really report good crime data in this country. Did you know that? Yeah, it makes it a pain in the butt to find like what is the actual crime rate here, you know, where I live and where you guys live. It’s anyway, I’ll figure it out because it’s one, it’s one less manual thing. You know, when we’re doing assessments, you know, you have to go out today, you have to go to neighborhood scout and, you know, get an account and do another crap. It’s a pain in the butt when we can, You know, this is like the year 2020, I think. So. We should be able to calculate things. Yeah,

[00:08:08] Brad Nigh: there isn’t really good. Good day was the FBI has some stuff, but

[00:08:15] Evan Francen: it’s pretty hot. Unified there, you see, are the unified crime reporting. But that’s about, yeah. So anyway, this weekend I was going to show you a picture of uh freaking uh brisket, man. I made a sweet ass brisket this weekend. Mhm. It’s got a smoke ring, like An 8th of an inch beautiful. Even like even three teenage girls who are over because my daughter loved it.

[00:08:43] Oscar Minks: So, you did it right? They love,

[00:08:46] Evan Francen: right? You have teenage girls who are, you know, because they don’t like anything except for Tiktok. I didn’t, I didn’t Tiktok any meat. All right. Well, anyway, that was, it was a good week. You guys have a busy week this week.

[00:09:03] Brad Nigh: Uh huh. Not really. I was surprised. It was kind of kind of nice getting caught up on stuff.

[00:09:10] Evan Francen: You want your stuff to do.

[00:09:12] Brad Nigh: I got plenty to do. I just don’t know what okay.

[00:09:17] Oscar Minks: Yeah. Looking like a pretty good week for me to so far. It doesn’t look hectic. I like it when I come in on Monday and I don’t already have 30 hours of meetings on my calendar. That’s a nice feeling. I’ve only got 15 or 20. So it looks like it’s gonna be a good week.

[00:09:31] Brad Nigh: It’s funny when happier time these meetings and you’re like, sweet.

[00:09:34] Oscar Minks: Yeah.

[00:09:37] Evan Francen: Now, you know, it’s the outlook has uh, I look, has a new thing. I don’t know if it’s how new it is, but greek. And beside time it will do it for you automatically. Saseidx focus time and all that stuff to get those weekly emails, those reports.

[00:09:53] Oscar Minks: Yeah, I see those two.

[00:09:55] Evan Francen: I clicked it for the first time last week I was like, what the hell? Give me some focused on. Let’s see what Allah does. Yeah. So I have focused on my, my calendar this week. I don’t know what that I’m going to do, but

[00:10:06] Oscar Minks: you’re gonna focus.

[00:10:07] Brad Nigh: Yeah, they sit there staring at the wall focusing

[00:10:13] Evan Francen: right. Right. Thank you. Microsoft for my focus time. All right, well, good. You guys are healthy. Everybody’s healthy. Covid free as first we know,

[00:10:24] Oscar Minks: you know, happy, healthy and covid free

[00:10:27] Evan Francen: not good. Let’s try to keep it that way. As you know, last week we are we wrapped up the women in security series now last week and I’m not going to get deep into it now, but I certainly hope that everybody enjoyed it. Um, I know that I’m better off, you know, for it. And I wanted to give a huge huge thank you to Renee Laurie victoria, Kristen Andrea judy amy Teresa. Mhm. Uh we talked, they were all incredible. It was nice that they gave us their time. Uh that was one thing that sticks out for you from that series.

[00:11:05] Brad Nigh: I’m kind of, I’m gonna have to go with two things because I couldn’t pick between just the one the first was kind of the, the confidence and our self confidence thing with the difference between men and women and you know, just that the women were constantly, I want to say question himself, but they felt like they had to be 100 or they wouldn’t kind of go for it versus weird you and I’m sure Oscar kind of like, let’s see what happens. And so, you know, that was kind of a big difference and then victoria’s story about the recruiter and being told, you’ll get a job because you’re attractive was just mind blowing.

[00:11:50] Evan Francen: Yeah, Yeah, that’s true. I mean that was one part that really stuck out because I’ve, I’ve never read that said about me, but you’ve seen you’ve seen me. Yeah. Can you just imagine somebody saying that to me well, avenues to get your good books? Really? Yeah, that was that was, that was the one part that sort of angered me because you know, there’s so much more to this. We don’t get paid for what we look like. You know, we don’t get paid for what we look like regardless of your gender or race or anything else, right? You get paid for what you can do, uh, to help other people. So yeah, that was frustrating. I also thought how it was kind of cool where it seems like things are coming together more. I wonder if we would have done the same episode or the same series, you know, maybe five years ago, how much different it would be because I do feel like we’ve made progress. It seems like from all the women we talked to that they were generally positive, they were inviting. I think most of them mentioned mentoring and either they’re mentoring or there, you know, they received mentoring. So I, I just thought, you know, I felt like we’d make progress. Yeah, it was good. I like positive positivity president. If it a all right. Hey, let’s talk about, we got this Oscar guy here, The bearded Kentucky wonder every time I talked to this guy makes me feel like barbecue. What’s your, what’s your hat say on it.

[00:13:29] Oscar Minks: It’s a red River gorge. My, my favorite place I’d say in the world.

[00:13:36] Evan Francen: Red River gorge now. Red River Gorge.

[00:13:40] Oscar Minks: Um, I’m sorry, didn’t hear the question.

[00:13:43] Evan Francen: Tell me about Red River of course. Uh,

[00:13:47] Oscar Minks: yeah, it’s just, um, it’s a forest. Um, it’s a nationally protected area in eastern Kentucky. It’s described has been one of the most biologically diverse places in the United States. Um, it is, uh, it’s just a magical place. I don’t know the size, but you know, there’s tons of beautiful mountains. Uh, it’s world renowned for rock climbing. All these big, beautiful rock bluffs. There’s tons of just, uh, you know, like pure mountain streams and stuff that exists there. And so, uh, I like to travel there whenever I get free time for hocking and uh, fishing, uh, hunting for fungi and uh, rock hunting and pretty much anything you can imagine it’s a place for someone to go and just really enjoy some peace and tranquility and um, it keeps me centered and grounded and yeah, just a lot of fun being down there all the time.

[00:14:43] Evan Francen: That’s cool man nervous the first time I’ve heard of it.

[00:14:46] Oscar Minks: Yeah, it’s uh, it’s a jewel. I think it really is brad’s been there. He’s got to visit it before and it’s part of, you know, it’s near the, in the daniel Boone national Park as well. But this is uh, more focused area within the boom, that’s under some protection and it’s cool. So there’s no development in there. It is the way it is. It’s always going to be the way it is and it’s pretty cool. Uh, only one bad thing I would say about the gorgeous in the last like five years, everyone’s found out how cool it is and then especially mixed in a little corona and everyone who found out how cool it is wanting to go there. And so it’s kind of funny. Most people enjoy their time. They’re like in the summertime. Uh, me personally, I really enjoyed going there like in the fall and the winter time because most of the vacationers and tourists and stuff like that have moved on out. And so it’s a lot less crowded. There’s not many people there. It’s kind of my favorite time to go to and you know, a lot of my enjoyment. There’s either hiking for trails. He said, looking for fungi or fishing. Um, and go in the winter time. I can go bushwhack through whatever. I don’t have to worry about poisonous snakes and stuff like that. I don’t have to worry about running to other people. And so it’s kind of my favorite time to be there because we do got some, uh, besides all the tourists that visit, there’s some uh, deadly snakes that live in the forest and I don’t know about you guys, but I’m personally not a fan of deadly snakes. Yes, I don’t keep me away by any means, but it’s something you have to be aware of when you’re there.

[00:16:17] Evan Francen: Yeah, I’m not, I’m not too scared of them when they’re dead.

[00:16:21] Oscar Minks: Yeah, my folks

[00:16:23] Evan Francen: got 100 sandstone arches.

[00:16:27] Oscar Minks: Yeah, it’s filled with these big, beautiful arches. The most famous one is called natural Bridge. Um I’m sure brad you’ve been there to uh it’s just amazing, this giant stone arch you’re on top of uh it’s really a bluff to, and you can see for miles on top of the arch, it’s just this crazy thing, you know, it’s this natural bridge And it’s probably 30 ft wide and a couple 100 ft long I guess and you get up there and uh it just kind of, it’s kind of overwhelming to see like how beautiful this is and to see this thing that was just naturally created and exists there um yeah, I don’t know how to explain it, Just put some things in perspective for you,

[00:17:08] Brad Nigh: The other one that uh is down there, that people just don’t, I don’t think you’ve heard about the mumbo over Cumberland falls.

[00:17:17] Oscar Minks: Yeah, the mumbo is magical as well and uh yeah, happens a few times a year eric and uh my wife, we took a one type of motorcycle motorcycle trip down there not and it was awesome and showing up and seeing a rainbow in the middle of night is my boy.

[00:17:35] Evan Francen: Yeah, that’s cool, I was just showing some pictures.

[00:17:39] Oscar Minks: Yeah, Yeah. So the gorgeous, I love it because it’s a lot like where I grew up, I grew up in, you know, eastern Kentucky only where I grew up. It’s not in protected for its land. And so just, you know, a lot of the environment there has been taken away. Um, and so this area we go to kind of feels like what it used to be, what it should be where I grew up. And so it’s a pretty special place that always uh, makes you feel good man there.

[00:18:04] Evan Francen: That’s cool man. Yeah. All right. Well, I was a little segue that I didn’t plan, but it’s cool. I uh, I’d have to get out there sometime. Uh, so tell us about def con safe mode and you too brad. Heard you did some work with the team also tell us about it.

[00:18:23] Brad Nigh: All right, good. Yeah,

[00:18:26] Oscar Minks: it was, it was different this year. You know, one thing I’ll always enjoy is my time with the team and physical time with the guys because you know, it’s, it’s one thing when we’re on these headsets and videos. It’s really nice to connect to people that way, but physical contact and just bend face to face with people as um, something special about that. Um, and so I was a little nervous about that going in because I know that one reason we’ve always performed so well is because we get to be in the room with each other and you know, it’s easy to hop from session to session or you know, just be able to pop in and help someone and kind of see what people are working on and things like that, and on top of that continue to build camaraderie um and so this year was all remote, like you said, it’s difficult, safe mode, and so we were all working through discord and uh that was interesting, but it worked out awesome, Number one, I was nervous about it and then I was very excited on how well we were still able to, you know, feel like a team, I think that’s a big thing that kind of, I don’t know if it sets us apart, but I know it makes us a better team um is the camaraderie and our ability and willingness to help work together and collaborate on things. Um so we’ll work through this chord this year, like I mentioned, um and that was pretty cool. Um the folks, the whole team was pretty engaged the whole weekend and uh we didn’t have video running all the time, some of us um I had to come in and out of that depending on how awesome or bad our internet was, the location we were at. Uh but we still, you know, it’s nice man tune in with the audio and to spend over chat and we set up break break out rooms, so guys could go have focused sessions and specific breakout rooms and things like that, so that was cool but I guess more importantly um we uh we’re able to have some success in a few different cts I’m really proud of um for the offensive focus. Um We competed in commanding control and so commanding control is like an immersive experience were essentially set up, you know an enterprise environment uh to be exploited, so there’s x number of systems in there um you know similar to like like I guess hack the box or something like that, we’ve got all these environments set up and then you attack the system to try to own the systems get to the root level and so on and through achieving those exploits have been able to gain the ownership of the systems, you accumulate points and so we finished second place in that one. Um The gang was like in first place literally 90% of the competition and then there’s an hour left to go in the competition. And the moderator sends out a note to all the participants and says OK at phase two, burn down the environment, destroy the environment. So we’re simulating you know, some data destruction which we’ve seen before, upright. And so at that point um The guys fell slightly behind as time was taken away and we ended up losing by 50 points. Uh coming in second place, someone else was a little bit faster at that instruction than we were And I told you guys don’t feel bad, we don’t get paid to burn down domains, We get paid to hack domains and we’re the best hackers. So

[00:21:57] Evan Francen: cool, man. So you had, you had four guys in a farmhouse in Kentucky where you were then? What do we have to in Nevada?

[00:22:08] Oscar Minks: Yeah, 22 guys in Nevada. Um, they didn’t work together. There was more going separately, but yeah, we had to folks in Nevada, um, another team member and uh, ST louis area, uh, mm, and then we have another team member who’s in north Carolina. Uh, then we had our team members up in a Minnesota area as well. So we were geographically was first pretty well there and it was nice to come together.

[00:22:38] Evan Francen: That’s cool. Command in control. Now, this is the first, so last year the team I said, I say Essentially one or a lot games, uh, World Games wasn’t there this year,

[00:22:52] Oscar Minks: You know, no more games.

[00:22:55] Evan Francen: And I can’t say I’m unhappy about that. We’ll just leave it at that. Uh, yeah, right, command and control though. Now this is a new one, was it new for this afternoon? I’ve never, ever heard of it before.

[00:23:09] Oscar Minks: I’m not sure if it was in previous Stefansson, certainly new for us and this is a newer CTF and it was something that we, the team was, you know, really happy about because sometimes we complain about CTF spend to c T F, You know what I mean? Yeah. Yeah sometimes they don’t necessarily represent real life and the skills we have and use every day. Um This CTF though um was that a pretty good representation of utilizing those skills you have in real life to be able to target a network just the same. Very similar to what we do and our penetration testing. Um And so that was cool and also you know from all my conversations with the guys to um no one had any complaints about the ethics or the way the CTF was handled. Um Everyone was really positive. It seems like it was very professionally ran. Um The guy who was running it straight up made a message at the beginning that said hey if you hack the platform you’re done. So don’t hack platform, it’s automatic D. Q. And uh so that was nice to hear and maybe some of our dropping from last year led to that. I don’t know, I’m sure folks had to hear about that. But either way it was uh it was good, it was a positive thing. We’re happy to see that.

[00:24:25] Evan Francen: That’s cool. So 200 teams in that and and in control in our team team members took second. Uh But I love how you yeah so really leading until tear down but you know that’s awesome.

[00:24:42] Oscar Minks: Yeah nothing to be ashamed of their, you know and it was great. Somebody was just a little bit faster at learning how to, uh, delete these systems and that’s okay, you know, really great,

[00:24:56] Evan Francen: super great man. That’s, that’s awesome. So then another one. So you guys did four competitions right in this one?

[00:25:02] Oscar Minks: Yeah, we did four competitions. We had to, I would say that we’re primary focus and two more that were worked on as side channels when we had spare time. Um, the other primary focus was open sock blue Team village, CTF. And so that was pretty exciting. Took the incident response team to compete for the first time ever. Um, you know, historically our presence in def con had only been, um, red team focused. And so we did, since we’re building this awesome incident response team, why not give ourselves the ability to showcase those skills as well. And so, um, We, uh, competed on the open sock blue team village, which was around 350 teams, I believe. And so essentially it was, we’re looking in environments, post incident and you’re trying to retrace what had happened in the incident as if we, you know, do in everyday real world life. And so there was, I don’t know how many different scenarios there were, I think there was around 500 flags and the competition, it was huge. And sometimes it felt like the flags were never going to end. But I’d say all in all, it was very similar to, you know, having the team work 20 incidents over a weekend, and so it was really, really cool um to come in there and I was really proud of the team to, because we had no experience in the tools are toolsets that we’re currently using for instant responses, different toolsets and they’re using. And when we started the competition to, there were some uh just server issues with the hosting, I think that they had more participants than they had originally expected to be. And so we’re seeing, you know, systems constantly crashing while we’re trying to learn a tool and our tools, a set of tools. And so the beginning was a little challenging just to kind of get going. Um but I was incredibly proud though of the guys, I mean, we took, you know, in less than a day and learn these tools and then we were able to apply our knowledge to those tools Um and qualify for the finals. So they took the top 20 teams to the finals and um we uh made it into the finals and it was, it was awesome brad, remember this? We were just, you know, racing against the clock because the competition was gonna end that, I think it was three a.m. Eastern time on saturday, and, you know, we still got a couple 100 points on the board and we’re all just working together as a team working together as a team and like Trying to beat the clock and beat at least 330 other teams to get into that top 20. And it was kind of a surprise even when we finished the board because I was looking, I was like, there’s gonna be more challenges, there’s gonna be more. And then we finished his challenge and that’s the end of the board and then we look And we’re in the top 20 and we just like roared. Everyone was so excited, you know, jumped up and down and did some holler and it was kind of funny Seth was with us in the cabin and he had fallen asleep on the couch because he’d been to the red team CTF all day and he’s in the room next to us and uh me and Mike Thompson and Corey Hanks, uh you know, just start cheering and you see Seth like spring to life, like he has no idea what’s going on, but he jumps up off the couch and he’s like, yeah, he starts cheering and he said snap out, he looks around, he’s like uh what happened, what’s going on? You know, we explain when we just made the finals and that he was cheering again, it’s really excited. So, but that was cool and I told the team, you know, like after that it’s like, hey guys, you know, first team here competing against 350 other teams from around the world, we just made the finals on a toolset, we’ve never used before. I want to win tomorrow, but I don’t care what happens, I’m already proud and we’ve already accomplished lots, Let’s don’t have any pressure. Let’s come in the next day and let’s have some fun and you know, see if we can see what, how we do. And so then the next morning um Was a little rough because we had worked for, I don’t know how many hours at that 0.30 some hours at that point and uh running on no sleep, but we get up, everybody was super positive and we’re ready to roll. And so they opened the finals board at noon eastern time on Sunday. And uh I mean, I can’t say enough good things about the team, we demolished the board and had completed the all the challenges. It was a three hour window to complete those and we completed all the challenges in an hour and a half and we were again, I think we were surprised when we brad when the board was done, we’re like, that’s it, Yeah, that’s it. And so, you know, we checked the board and realized that we came in ninth place. Um and so since there were multiple people who controlled the board are completed the board, it was time to finish um for your ranking and our pace was 10 minutes or so off the leader. Um And again, I mean, when I put that in perspective, um doesn’t mean anyone was better than us. It just means that someone was 10 minutes better than us using those tools this day. And you know, another thing that I think about two is a lot of those teams that were involved or they were on the leaderboard last year too, so they knew what to expect from the competition, had already familiarized with the tools, very little prep coming in, we didn’t have any of that and we came in and finished Top 10 and almost there, you know,

[00:30:57] Brad Nigh: what was more, I think what was most impressive? We had the fourth best accuracy right? When you look at, you know, true false answers, some of those teams were only getting 30, of their submissions were correct. We were at 70% flags. So I mean, just being, we were getting the right stuff at first, we were just spamming the board.

[00:31:24] Oscar Minks: Yeah, yeah, I agree with shows our quality of work and uh, yeah, it’s like I told the guys afterwards this is something to be proud of, you know, coming in and never doing this before and going up against these teams from all around the world and not only competing, but being right there in the top tier and having a chance to win. And uh, you know, the winds are nice. So we’ve been awesome to get that first place, but um, we learned a lot about each other. We grew as a team, asking individuals grow, uh, throughout the competition, I’ve seen camaraderie grossing friendships grow and all those intangibles to me are much more important than that first place finished. And this just solidifies to us that we’re, we’re a great team. We’re just gonna continue to get better.

[00:32:12] Evan Francen: Yeah, exactly. And there’s not, I mean, there’s, I mean, you’re talking about these are challenges and these are competitions that team has never done before, you know, and you have new, newer members on the team that have never done any challenges before really, other than maybe some homegrown CTF stuff that, you know, or something online. So the fact that, I mean to put all this stuff in perspective, you know, I’ve done, you know, cts in the past and um, you know, now I’m in management, so I don’t really do anything or just point that stuff. Uh, But 2nd place in a command in control. That’s amazing, man. And when we talk about 200 teams competing, uh, and many of our team members never really competing before. Even, uh, that’s, that’s amazing, man. And then the Blue Team Village CTF accuracy was, and, you know, in a real incident response, you don’t just spam stuff at a board. Right? I mean, I actually makes makes or breaks a lot of incident responses. So the fact that At a 350 teams, you guys made the finals came in 9th place with the tools that you’ve never used before And you are accurate in doing so and still within 10 minutes of the winner. I mean, holy shit, Excuse my language. Holy crap. That’s amazing. Yeah. Thank you.

[00:33:37] Brad Nigh: It was amazing watching the team like he said, Oscar I think friday, we were, gosh, we were in the mid thirties when, when they called it friday for technical issues and then just came roaring back on saturday and sunday with a like, yeah, it was just amazing to watch these guys pick up confidence. And

[00:33:59] Oscar Minks: I remember to, uh, I don’t know how many times you heard me brad and I don’t know how many times I said it though to the guys like don’t watch the scoreboard stay focused, slow and steady wins the race. We’re going to be fine, We’re gonna be fine. And I’ve seen it in the room, uh, you know, we were winding down there. The panic on some of the other guy’s face because we are, you know, like we’re all competitive. I think that’s one reason why we’re so good at this type of work is like it or not, we’re going to be competitive because you know, with its offensive, we want to get the win right? We want to be able to own that network of that system. Whether it’s defensive, like I can’t quit until I’m able to find all these artifacts to really put together a story about happen and be confident, but that Attackers not on our client partners network anymore. And so I think that competitive drive transfers into this. And even though like we knew it was a new thing going on on the, you know, the open sock blue team side, we all still really want with at least being the finals, you know, but I’ve seen the panic on everyone’s face, like as time was winding down, we got like 30, 40 minutes to go and we’re still not in that top 20 and just kept saying, don’t look at it, don’t even think about it. Let’s keep going. We’re going to be fine, we’re going to be fine. And then it completely surprised everyone when we finished the board. That’s why we had just that roar of relief because uh, You know, it worked out, we were fine. We were able to, you know, just keep on that steady pace and keep chipping away and chipping away. And uh, and then we landed ourselves in the top 20 and it felt incredible. And it

[00:35:29] Evan Francen: was nice. The trajectory of the team where the team is going, winds are going to come and they’re gonna be natural. Yeah,

[00:35:37] Oscar Minks: yeah. And you know, our, our big wins two that we’re getting from this is like, you know, all these guys that, You know, in that situation, I’ve never done the CTS before. They just got a chance to go through 20 simulated incidents in a weekend and then already seen like some of my younger guys, you know, on the team, I’ve seen their confidence change since that moment just in conversations and at work and, and sessions this week. And uh, that’s what makes me happy is like, yeah, we didn’t get that way, but we got, like I said before, it was uh, intangibles. We got a lot of winds there, there’s a lot of positivity that we’re gonna hold from that event for a long time and it’s going to continue to just make us better people and a better team

[00:36:23] Brad Nigh: when they, when one of those younger guys would get a flag, you can just see it, see their face, that you can see the confidence growing like real time. It was possible. Yeah,

[00:36:36] Evan Francen: yeah. And I think that was the to focus,

[00:36:39] Oscar Minks: yeah, I don’t want to sell the red team short in any way. We’re hashtag one team team ambush and uh, and I’m just saying, you know, a little bit more, I got to see that experience of the blue team grow the red team, you know, that’s how we’ve been there before and we’ve seen that and felt that a lot. Um, but it’s amazing with those guys to just to be able to go in and I’ve seen them this year how much more we had grew up growing as a team in a year was phenomenal and not to say last year we weren’t awesome or the years before that we weren’t awesome because I think we’ve always been awesome, but I’ve seen a huge growth in the camaraderie, the care, compassion, the leadership throughout both sides and man, it just made me feel awesome. I’m so absolutely proud of everyone. Red team, blue team team ambush for the best team and uh, we’ll shout it from the roof man. Everybody is going to continue to hear about us and I think we’re gonna do big things in the future and I’m incredibly excited And the lucky just to have all these guys on my team.

[00:37:36] Brad Nigh: Yeah, some of the things this guys, we’re doing our little scary. Yeah, a

[00:37:43] Evan Francen: lot of them are just just getting going to, I mean it’s, it’s crazy man. So command in control And the blue team village are open stock lutein village. Where to compositions that you guys went into, uh, this def con Focusing on. But then there were two other. So I mean just to add to the impressive nous of all of this, there are two other competitions that we’re sort of french. Out of your comfort zone competitions. The bio hacking device, lab, CT Afirman hack the planet. Tell us about those man.

[00:38:20] Oscar Minks: Yeah. So the bow hacking um, device lab, essentially it was a fake hospital, right? They created a simulated hospital environment. Uh, and inside of that hospital environment, there were medical devices. Most of those medical devices have been, you know, related to some known vulnerabilities and exploits or security weaknesses in general. Um, there were things like medication pumps, I think there was like a CT scanner, I don’t know if the CT but a certain type of scanner that was in there. Uh just some other various devices you may find on a medical network. I think it was a thermostat in one of these as well. And so most of those challenges were built around um you know, being able to identify those vulnerabilities to exploit the devices and also be able to learn how that medical data can be extracted and manipulated in that environment. Um and like you said, that’s something that, you know, we haven’t specifically focused on as far as the study, uh those medical devices, right? Maybe even rarely. And we gonna do work for our partners, those devices particularly out of scope for a lot of internal testing because they are so fragile. Everyone knows that um uh times are

[00:39:33] Evan Francen: being used

[00:39:34] Oscar Minks: and they’re in use, right? They don’t have a lab environment for us to be able to test those with. Um and so that was really interesting to be able to see um you know, things like the medication pop and how serious the security of those devices should be taken. And in that situation, you know, we have the ability to not only identify the medication pump now discovering an ability to be able to connect to that medication pump, read the data that’s on that pump, which would include the patient records, um you know their history, their medications and so on. Uh some doctor records, things like that. But the big thing is learning that channel of delivery for medications and how that you could exploit that vulnerability. And those pumps to essentially be able to alter the medications that are administered to that patient. And so for example, I didn’t realize this about those pumps and brad. I don’t know if you did before this, but for a medicine to be loaded in those pumps, it has to be programmed into the public and that medication is then read by your nurse and the nurse make sure those medications and the bags are properly attached to the pop. And so just in theory, if someone is supposed to be on a bag of potassium and an adversary is able to access and exploit that pump. Uh we could manipulate that potassium to be a big old back of amphetamines of some sort. And the nurse is going to read that and there could be complications with amphetamines in this person’s other medication and they’re gonna administer those amphetamines that person. And then we have a real um life endangering situation.

[00:41:23] Evan Francen: Um you can straight up young people ma’am.

[00:41:26] Oscar Minks: Yeah, sure.

[00:41:27] Brad Nigh: Yeah. I was surprised how easy it was to add or change some of that

[00:41:33] Evan Francen: data.

[00:41:35] Oscar Minks: Yeah. Not only can we see the data and still the data being able to manipulate that and the delivery of specific medications and treatments to patients. It’s something that, you know, everyone needs to take seriously. I I know there’s a lot of organizations and things like that that are trying to help with that. Um, but I think it’s this CTF did a good job of showing security practitioners, um, some real world experience with those devices and some real world scenarios and how the manipulation of those devices could be. Um, you know, potentially deadly to people. So yeah, we competed in that. It was cool. It was fun. Um, and team came out seventh place there. And that was something we did in our spare time. We all, I feel like if we had dedicated more, we could have finished higher, but we were happy with that. You know, something we’re very time. Yeah. So we’re still able to opt

[00:42:34] Evan Francen: In there four days. I know,

[00:42:37] Oscar Minks: but we don’t sleep. So when you eat or eat.

[00:42:43] Evan Francen: Just think you would have taken first place in all these few about six energy drinks each.

[00:42:49] Oscar Minks: Uh, see if we get a sponsorship bang rain. You listen.

[00:42:55] Brad Nigh: Uh,

[00:42:58] Evan Francen: Well. And so little stuff that you wrote that you wrote about the bio hacking device lab, 30 volunteers building the infrastructure creating the challenges, verifying the flags, solving the support issues To medical devices connected in a volunteers home not connected to a volunteer. That’s important. One CTF vulnerability reported fixed, disclosed 200 players On 150 plus teams from 15 countries. 14,000 plus plus flag submissions 57 or 50 700 plus solves 150 Plus Challenges. Uh I mean there’s a lot that went into that bio hacking device. Lab CTF And for the team again to come in 7th place on your spare time. What the hell man. Let’s nobody does this stuff

[00:43:47] Oscar Minks: got a we got a good team. I gotta I gotta. Yeah. You think

[00:43:53] Evan Francen: yeah shit this guy keeps wearing this isn’t the shit show that’s on thursday night. Sorry? All right so the last one was hacked the planet now hack the planet, modern city life stuff IOT stuff I. C. S. Stuff Things like that. Tell us about that one.

[00:44:11] Oscar Minks: Yeah so it was and I didn’t get to be involved in this one much but a lot of the red teamers again when they were in their spare time they were focused on this. I was kind of chatting with him about it a lot when this was primarily going on. Uh That’s when we were really digging into the open stock. Blue team stuff. Uh But so lot of devices we’re seeing now with smart technology um and understanding how to identify vulnerabilities and exploit those devices like smart locks were some of the things in there. Uh Thermostats, Home control systems. I think there was even some you know these like dishwashers and refrigerators with uh like brad’s talked all about his right but with internet connectivity. and so it’s a similar thing to the bio hacking village only was focused more on home life and home users and the technologies that we’re deploying and you know, folks, senators folks don’t necessarily understand the vulnerabilities and the risks associated with those are lows, those smart locks, those thermostats, yada yada yada. And so it was a very similar platform where they were identifying these devices, identifying exploits and vulnerabilities on those devices and then trying to apply that knowledge to either extract information that could be useful to an adversary or to be able to use that applied information to manipulate those devices in a way that could be dangerous to a user. Um, Again, that one was uh, didn’t have as much time to do that, but we uh, in our little effort, I mean we still finished number 16 out of 275 players on the board. So I think that’s pretty impressive as well. Um, yeah, it is a super cool competition. I think if we, uh, probably competing that again in the future, um, I think it’s really relevant to our society where we’re going our people and being able to focus and learn those technologies is something that I think all practitioners should be thinking about right now to try to help people. Um, and so our lack of focus on that wasn’t because of the quality of the competition or anything else. It was just more so we were hack, commanding control in an open sock and a whole lot. And uh when we worked on that we’re

[00:46:19] Evan Francen: Hacking, how much spare time do you have, man? I mean 24 hours in the day.

[00:46:25] Oscar Minks: Right, right. I mean, the

[00:46:26] Evan Francen: fact the fact that the team even tried to tackle, you know, for competitions, you know, over the course of four days, this is incredible enough, speaks a lot to, you know, I think the tenacity of your team, uh the fact that you placed as well as you did throughout is just a huge testament to the skill levels of the members of your team and be able to coordinate like that. But the things that don’t come out is just how this team has so much integrity, how this team is so cohesive, how you work so well together communicate so well together, there’s no drama on this, on this team, That stuff doesn’t come out and you know, in just what place you finished on the board. That’s what gives me 100% confidence that this team, we’ll just continue to get better and better. It’s led by you. I can’t you know, I can’t give you enough kudos for how well you’re leading that team. Well, you put together that team. Mm. Uh and people need to know that, man. I mean, I know you’re you’re you’re a humble guy, you kind of like to sit back and you know, I don’t necessarily want to be found, but dude, you have done amazing. I’ve never seen anybody do what you’ve done in such a short period of time to take the team that you started with to a team that you have now incredible brother. Sure

[00:47:52] Oscar Minks: means the world to me to hear that. And yeah, I don’t know, I mean like I honestly, I just I love those guys love my team, you know, it’s like I said before, I just feel lucky to have the opportunity to do this and I think that’s why it works. You know, they know how much I care about them on a personal and a professional level, and I think that’s one thing that makes our company special and that I’ve tried to give that culture to my team to to know that um number one, I care about you, I care about you inside of work and outside of work, and I want to give you what you need to be professionally successful and personally successful and I think that we all share that camaraderie with each other and we feel like we are part of the same mission and we are part of the same mission and I think that’s why it works and I really appreciate those fine words you said, you know, um but I feel like for me, I just had the opportunity to be a curator for a team that was already special and to be able to pull in more people to make that team more special and give them that love and support and let them grow and and they’re going to flourish. And so, you know, I appreciate the kind words, but you know, I don’t want to say it’s easy, but man, it is easy when you’ve got a great team. Like I got so

[00:49:13] Brad Nigh: all right

[00:49:14] Evan Francen: once and still the sky’s the limit man. I mean, the best days are still ahead. Yeah, that’s true.

[00:49:22] Oscar Minks: There’s only one way, one way to go and it’s up and we’re continuing to go up. I think we’ve seen that this year compared to last year. And uh, I gotta laugh. You know, one of my guys after the command controls chatting with him and he said, always a bridesmaid, never a bride. And I was like, come on, man, that’s going to change. You know, and it’s not all about the night.

[00:49:44] Evan Francen: Who is that guy? We’re gonna, we’re gonna buy him a wedding dress. Have a shift to put this on. You want to be a brian go ahead and put this

[00:49:53] Brad Nigh: on.

[00:49:55] Oscar Minks: He probably would. I’m not gonna say who it is right

[00:49:58] Brad Nigh: now.

[00:50:03] Evan Francen: Yeah, kudos to you and kudos to you to Burnett. I mean, you’re not even officially on that team. You’re friends with a lot of the those team members, but the fact that you gave up, I mean we talked about last week man, I mean you gave up your weekend to be part of this team. And I know that some of its addicting and that’s one of the next year. I want to be with you guys. I want to, even if I don’t to solve the damn thing just to be a part of it, man. It’s contagious. Heck yeah,

[00:50:32] Oscar Minks: We’re, we’re lucky to have Brad there this week and two. It was nice. Yeah. He kicked some butt, solve some flags and uh, and you know, it’s just part of the team to, and it felt really good having him there. Everybody was, everybody was excited to be with everyone. And uh, yeah, we were, we were lucky to have brad to be part of it.

[00:50:53] Evan Francen: Heck yeah, brad always steps up, man. He just steps up.

[00:50:58] Oscar Minks: Oh, for sure. Yeah. You want to talk about it, you know, but he’s just as competitive as everyone else. Yeah,

[00:51:04] Evan Francen: Marceau. Yeah, marshall. Yeah,

[00:51:10] Oscar Minks: it’s kind of one of those things, you know, like that’s a good thing, especially in the type of work we do as long as you don’t let it cross the boundary where it becomes an issue out that competitive edge. I think it’s what makes us great security practitioners. I really do one of the things right? There’s a whole gang of things that makes us great. Um, but I think to be able to, to be on the technical side of security, uh, you really got to be a little bit competitive because you can’t quit. It’s one of those things that, you know um that motivation to go until you solve what you’re working on. It drives a lot of us and so that plays perfectly into the def con.

[00:51:48] Brad Nigh: Yeah. Yeah, it was it was a lot of fun. It’s kind of nice to, it was a nice change of pace for me to kind of get back in and dig into that stuff. So it was, yeah, it

[00:52:02] Oscar Minks: was a lot of fun and I say this to like it’s a lot of stress, it’s like one of those things where it’s so much fun. Um But I don’t know if you felt this way brad, but after it was over like my gears in my head, I was solving flags in my sleep, like sunday night and monday night and I was like, you know, thinking about things in life like that were real world, but I was solving flags and so it took me a few days I call it like landing the plane like you were just kind of on this emotional high and then my gears get so wound up, you know, brains continually turning just to slow it down and bring the plane back to the runway. Uh And I think that’s what happened this weekend. It’s like I’ve landed the plane probably Wednesday or thursday and then this weekend my body is like, now you see the rest, take it easy, let’s have some relaxing time and come back next week to go. Yeah,

[00:52:54] Brad Nigh: I would agree. It was like the third I was on a call Wednesday afternoon uh withdrew and he’s like, man, you’re rusty. I’m like dude, I’m still trying to recover from the weekend. Uh thursday before I started feeling like, okay.

[00:53:11] Oscar Minks: Yeah, same. I compared to like, you know, a race, right? You think about like these uh like Formula One cars or Nascar or whatever, they put these cars on the track and they run them pedal to the metal until the race is done, you know, for hours. But what do they do with those engines after the race is over? They break them down, they rebuild them and they put them back together. That’s what we did our brain and then we had to break it down, rebuild it, put it back together afterwards.

[00:53:38] Evan Francen: Good analogy man, awesome. Well, I’m really proud of the team, part of you, uh proud of Youtube Red. Um I always impressed with the way you um you know, I’ll never forget the time. You know, it was right after you started and you just jumped right in to help with the this entry program and you’ve been, you know, an integral part of that sense, but you do that all the time. You just jump in and and for somehow both you guys set a good example to, of keeping the life, work life balance. Oh, pretty well, it’s like Mhm. How the hell they do that. I can learn a lot from you guys. I don’t do that part, right?

[00:54:24] Oscar Minks: I do it because I want, you know, I mean brad can probably relate to this because I’ve been there before um where I have been abused and I have had, you know, a manager or a superior who was totally like that blinders on when it came to my personal health, my mental health. And it put me to a breaking point and almost led me to leaving for a career change. You know, I was so stressed and uh disgusted with the industry. And so that’s one thing that I’ve always sworn is that if I have the ability to possibly influence people and help people, I’m going to do that and I’m going to make it a priority to always make sure that I know uh where my people are with their mental health and tell him to take a dam break. And also lead by example when I need a day, I’m gonna take a day and I’m gonna tell those guys expect them to do the same. I have calls every quarter with guys where I call multiple dudes and I say, hey, you know, you’ve been working your butt off. I can tell you’re tired and a little stressed, why don’t you get out of here today and take tomorrow off because I think that’s what you need to spend time with your family refresh a little, it’s easy, right? Just a little bit. I’m always paying attention to how those guys are. Just do the right thing. What would I need in that situation? What would any human need in that situation? There’s somebody to put a hand on their shoulder and say, hey I care about you. I notice your little stress, let’s take a break and uh I try hard to always do that.

[00:55:54] Evan Francen: Very cool. Well I think we can have you back to, I mean it would be good to have you back and talk about that more because it’s so often overlooked. You know, just keeping healthy, keeping a balance and everybody’s got a different balance. You know, you might look at somebody and say That dude only works or that lady only works 30 hours a week slacker. Well no, That’s their balance whereas others might work 60, 70, 80 hours a week and say well that’s that’s just way too much. Maybe. But that’s you know, unless that’s hurt their balance right? Everybody is different and checking in with them personally is such a huge important piece that a lot of people miss men. So good for you. Thanks. Right. Three news stories real quick. Uh Oscar you feel free to stick around, You got chops, you can chime in anytime you want. The first one comes from Krebs. Uh you know how I was talking with brian not with about brian Krebs about whether he’s a nice guy or not, but that’s a whole different thing. Uh max put off fixing zero day for two years. This came out just yesterday, I think 120 security holes that they fixed in August 11 patch, Tuesday last Tuesday One of those was CE. 1464. And it’s about how Microsoft or Windows validates digital signatures. The code signing, you know, Microsoft is used digital signatures for a long time for code signing in lieu of doing nothing. Sand boxing, right? The job always to sandbox the Microsoft ways to kind of do code signing and all that stuff. Well this one’s been around for two years without any fix. Uh Oh thanks, thanks for Microsoft for fixing it,

[00:57:53] Oscar Minks: stuxnet. Here we go

[00:57:54] Evan Francen: again. Right. God. Right, who knows? Yeah,

[00:58:01] Brad Nigh: that’s interesting.

[00:58:01] Evan Francen: Yeah, but the important thing here is most people probably, most of the security community, if not all of the security community, except for a small portion, I didn’t even know that this bug existed, but then Microsoft patches it and then it becomes known that, oh this has been around for like two years, Right? So just because it’s been around for two years doesn’t mean it was actively exploited by everybody for two years. It just means that somebody reverse engineered the patches and found out that what the hell? Or tied it back to the C. V. Yes, but yeah, so two years patch patch patch. And the I mean that’s like Security sort of one on 1 stuff. We should pack your stuff. You knew that. Right. Yeah.

[00:58:54] Oscar Minks: Alright. Good.

[00:58:55] Evan Francen: What’s that?

[00:58:57] Brad Nigh: That’s probably a good idea.

[00:58:59] Evan Francen: Yeah. Well, there are some Attackers out there. There are some hacking groups that will patch your system for you after leaving their backdoors then come back later. You can always wait for that.

[00:59:11] Oscar Minks: Those great guys. Right. Thank

[00:59:15] Brad Nigh: you.

[00:59:18] Evan Francen: All right. Well, the next one is uh from tech to which is uh first post I think. And that’s a it’s not a regular news outlet that I visit, but this one popped up on my radar. The title is NSA FBI exposed Russian intelligence hacking tool. Uh I said draw for rub drover rub.

[00:59:46] Brad Nigh: I don’t know how to set up. But yeah, you don’t usually see governments calling out governments like that.

[00:59:56] Evan Francen: No, no. Especially the N. S. This must have been a tool that the N. S. A. Didn’t have, I’m guessing.

[01:00:03] Oscar Minks: Yeah. That’s why they’re mad about it.

[01:00:05] Evan Francen: Yeah. They’re mad about it like oh let’s let everybody know quick. So then you know we can because the thing is if if I have a tool, if I’m the N. S. A. And I have a tool. They only released their tools when it’s known that they have the tools. Hmm. Right. So that’s why you see the essay coming out and say hey Russia’s got the staying

[01:00:26] Oscar Minks: it’s not us this time. It’s not us. Right. Yeah. It’s like uh almost seems like maybe like a C two for Lennox. Um Yeah, reading about here interesting.

[01:00:43] Brad Nigh: I wonder if it’s they’re trying to get ahead of it because of the election and says that we’re Yeah, same hackers who broke into the DNC in 2016 style. Yeah. James manship.

[01:00:56] Oscar Minks: Oh yeah, for sure.

[01:00:59] Evan Francen: When they stood a 45 page report. Yeah, wow, that’s a report

[01:01:06] Oscar Minks: is the link is the report public now as well?

[01:01:10] Evan Francen: I believe it is. Yeah. But I didn’t I didn’t include the link. It’s not in that news report, but I appreciate it. And find it

[01:01:16] Oscar Minks: try to find them today. Mhm. Or this is a this is either uh s a pointing finger like you were saying like gearing up for the elections or is this a political move?

[01:01:29] Evan Francen: I don’t know, I would I would go on the political move. It seems like everything is a damn political move nowadays. Yeah. Yeah. Swiss army knife of capabilities but targeted at Lenox systems. So if you’re a Windows person, don’t worry about it and don’t need to patch, you’re fine.

[01:01:48] Oscar Minks: But that Lennox server that, you know, Bill uh from development set up eight years ago when he left and nobody touches it, you don’t know the application does like maybe go take that out today.

[01:02:00] Evan Francen: Oh come on. That doesn’t happen. Oh yeah. Well and what’s rule number one after you figure out who does what is uh you know you can’t protect the things you don’t know you have so if you don’t know you’ve got a Linux server sitting around somewhere you should probably go find out. Yeah two. All right. And then the last news newsy thing I got is from silicon angle the title is vulnerabilities in amazon Alexa could have exposed user data to hackers My suggestion number one don’t use Amazon Alexa.

[01:02:38] Oscar Minks: My response is yeah and

[01:02:44] Brad Nigh: yeah yeah no no Alexis here.

[01:02:51] Evan Francen: Well the thing is do it’s like what percentage of americans are obese? Uh huh It’s like a huge percentage of large numbers like the fattest we might be the fattest country on the planet. Yeah you don’t need Alexa. You don’t even need a remote control. Get up and change the

[01:03:10] Oscar Minks: challenge. Let’s go back to control tv TVs. Get those old wanna cabinet tv just put them on the ground, start turning the clicker

[01:03:19] Brad Nigh: there you

[01:03:19] Evan Francen: go. Yeah. Yeah but anyway just like everything man I mean anything that runs any code anywhere anytime requires maintenance requires patching so you know your Alexa, your google home, your nest, your whatever else you’re running um at least here with Alexa you can actually patch the system a lot of IOT devices you can’t even patch Uh huh. Uh huh. Yeah so just stamp to date if you are using election you can’t wean yourself off of it um pattern like guess and check with your company to now that a lot of people are work from home check to make sure that using Alexa at home is still okay for policy because a lot of I’ve seen a lot more companies now saying that you can’t have a home office in the same place where you’ve got anything to base like Alexa or google home or anything else. Just double check that

[01:04:25] Oscar Minks: you guys have heard. I’m sure all about like Alexa at accidentally sending transcripts because the user may have said those voice commands but didn’t hear the confirmation from Alexa of the voice commands. And then since full transcripts unknowingly the people of your conversations you’re having in the room. So think about that relevance with us here on headsets right now. I know that if I had an Alexa sitting in the room next to me that she could hear my conversation and I would never hear the confirmations and all those hot words that can trigger Alexa to send data. I use all day long because I’m talking about sending something to brad. Talking about sending something to brad and she may say so you want me to send this to brad And I’m on the phone with someone else going yeah be sure to send that to brad. There goes my transfer

[01:05:09] Evan Francen: what?

[01:05:12] Oscar Minks: Yeah why do I care You’re having carne asada tacos for dinner man. I don’t

[01:05:18] Brad Nigh: know.

[01:05:21] Evan Francen: That’s funny. Yeah I’m not a fan. Okay, same. Alright, well it’s that time again. We’re at the end of the show and we get a time uh you know we kind of created this traditional to give a shout out on or two and either you guys have any shout outs this week.

[01:05:41] Oscar Minks: Oh man shout out the ambush top to bottom. Everybody involved, they get high praise uh best team in the world. One team, love them all. And I’m incredibly proud of every person on that team and there’s no difference contribution. Big small doesn’t matter. We’re all contributing. We’re all on the same mission. Incredibly proud of those guys.

[01:06:03] Brad Nigh: Yeah, I couldn’t have said it

[01:06:04] Evan Francen: better. It was unanimous unanimous the first time ever on our podcast. We have unanimous shut outs. Right brand. Did you have another one?

[01:06:16] Brad Nigh: No

[01:06:18] Evan Francen: one kind of talked over. Yeah. Yes. Derek

[01:06:23] Oscar Minks: Baby one team would love so we can say yeah.

[01:06:27] Evan Francen: Seriously? Yeah. Great job. Team man Bush. Great job to you guys because you guys lead. It’s just it’s life is good man. Thank you.

[01:06:37] Oscar Minks: Thank you.

[01:06:38] Evan Francen: Uh What else do we have questions, suggestions? Uh send us things email unsecurity@protonmail.com. I promise we check at what? Maybe once so quarter.

[01:06:53] Brad Nigh: Yeah, whatever. I’m like wait, I haven’t checked that in a while.

[01:06:58] Evan Francen: Right? I woke up this morning with 390 300 emails from just the weekend. I mean who’s got time for more email. Mhm. But anyway, send it there. We will get to it eventually if we don’t if you don’t hear from us for a while, just either state persistent or patients um We’re just busy. If you’re a social type you can socialize with us on twitter. I’m @EvanFrancen Brad is @BradNigh Oscar. You are relatively quiet guy online, which is cool. But is there any way you want people to reach out to you find you in particular? You can say no if you

[01:07:36] Brad Nigh: don’t find me.

[01:07:39] Oscar Minks: Uh just email me through my fr secure email. It’s totally fine. You can find me on the fr secure website. All my contact information is there reach out via email and I’ll be quick to respond.

[01:07:51] Evan Francen: Yeah, I admire you for your lack of online in this man.

[01:07:55] Oscar Minks: We can have a whole episode over that if you want.

[01:07:59] Evan Francen: We should totally because I have to get my I have to get out there because when you lead a company you’re supposed to Yeah, I hate it.

[01:08:08] Oscar Minks: It is a little different for you than me. That’s for sure. But I’ve got my thoughts and I think it’s a poisoned environment that leads to depression, anxiety, all the things that already prevalent in our industry and I think it compounds that for some people. Maybe not for everyone, but for some people.

[01:08:26] Evan Francen: Well when I’m starting to tweet into politics. So we’ll see how that goes.

[01:08:29] Oscar Minks: Don’t do that man, it’s gonna make you more stress.

[01:08:33] Evan Francen: I know right, yep, I’m an antagonist. Alright. Lastly be sure to follow our show on twitter. It’s @UnsecurityP and follow the companies we work for Security Studio is one of the sister companies of FRSecure and that’s @StudioSecurity and then if our security come to the flagship itself is @FRSecure uh That’s it. So we’ll talk to you all next week.

/by