Weaponizing the Deep Web | SANS OSINT Summit 2020

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

but you know a lot of the things that are happening in the world are not at the GU global level necessarily you know they're in that that deep web and I'm really happy to introduce my friend and colleague here Matt Edmondson who is a principal at argelius is that how you said we'll just say that um and also he's a sans instructor Matt's gonna tell us how to weaponize the defect Oh without further ado Matt thank you thank you it's pronounced arg Elias it's a made-up planet from an old Star Trek episode but it sounds like Greek and classy right like if I didn't tell you guys it was some classy Greek word you'd buy it so I ain't got that much time so I'm not gonna waste it talking about me you want to talk about breach data breach data is like a very very controversial topic like some people have some very strong emotions about it so if you like some of the stuff I'm talking about you want to do it buy me a bourbon talk to me afterwards like if you hate it you don't think anyone should be do it buy me a bourbon talking about it afterwards so either way I'll win but what we're gonna talk about here is a quick intro talk about where do we actually find the data talking about how we weaponize them I weaponize it actually make it useful because some of these data breaches are ridiculously large in size how can you search that in a quick manner and then most importantly the fun part how we can actually use the information like how our organizations are how we as individuals can use it in our security goals really whatever they are so we'll say that's the fun part we'll save it for last like deserve like reasonable adults two seconds on this like what is the Deep Web right what is it it's basically it's nothing magical about it I'm not trying to sell you anything right it's just crap that's on the internet that is not in Google it's not magic there's a lot of large files on the internet that aren't indexed in Google there's a lot of compressed files that aren't indexed on Google there's things you need to login to access they're not in Google it's not some magic things so if you have a two gigabyte file that zipped up Google may help you actually find the file but the contents of the file it's not going to be in Google so and when I say Google I mean search engines I'm just using it so for the three Bing users in here I apologize for offending you not like beings got a place like Google has had their face suit up so many times they censor search results right you ever like try to Google piratebay and it's getting like VPN sites like don't play coy with me you know what I want you know I'm looking to pirated a movie you know so no where as being so if you're ever like in a city and trying to buy drugs use be not Google because they won't censor the results you'll have much better luck so for the four of you I see writing down right now you're welcome so we got a room full of people here doing awesome for a lot of different reasons but I'm not naive right it's Washington DC it's a know some but we have quite a few in here that are law enforcement that are military that our intelligence community and when you're doing oh sit in that realm really hell a lot of times there really is only one challenge its identity resolution right we've got some selector we've got an email address you've got our phone number we're trying to actually tie that to an individual or a group and we're doing that over and over and over on loop and that really becomes like I said for quite a few was doing OSINT the biggest challenge we have and breached it it can help us with that so most people are here and familiar with this I use this all the time and I teach technical classes on OPSEC to kind of demonstrate not using the same password on multiple sites but it's the site have I been poned run by troll hunt he has friends that hang out on kind of a seedy underbelly of the dark web or on the internet and when this breach data you know every single day we hear about someplace getting hacked and if he can ever get his grubby paws or his friends can get his grubby paws on this data and they get it to him then he will index it and put it in here so he can put in your your email address there and see hey it was my email than in any of these breach data's and the answer is yeah absolutely was 16 of them when I first made the slides about a month ago it was 15 last week I was updating something and it was 16 I'm like cool update the slide and so like I said I love this one I'm teaching technical classes on OPSEC because it just shows like you cannot reuse the same password so you know I had an account on blackhat world that got hat back in 2014 why because I was doing some of the same stuff from two talks ago buying like residential proxies black hat SEO accounts some of the exact same things for reasons that we won't get into here but you see like okay that account got hacked big deal it's not that big of a deal unless I use the same password that I'm using for my Gmail for my bank and other stuff and it you know it's a good teaching point there but here is Osen analysts we're looking at we're like damn date of birth email address instant messenger IP passwords username website activity if I can transition from an email address to all that if I could get my grubby paws on the actual raw data that's a goldmine if I can take that email turn it into a username turn it into all these different types of things and that's kind of what we're going right here so if this seems interesting to you at all how can you actually find it right so it seems very simple but just google it kidding kind of so there's a few shady sites out there like dark net leaks that are use that's fantastic but we can go there and they will have probably like I think it's or like 40 50 different breach data sets there yeah there's nothing amazing sitting there you can just see the top result there Avast but if you can find like one site like this and hey spoiler alert I just gave it to you and I'll give you the link to download my slides but if you can take that okay you can grab anything there that you want but then we can take the file names and take the file names they're like Avast 2014 400k and now search for that and now if you look at the search results from that file name we have 127 results where we see that from and I think within like two clicks of that I was able to find like a giant torrent link that had just a ridiculous amount of breach data out there so like say if you are searching for this that can be one way you can find it we don't have the time to get into the OPSEC my time is very limited in this talk but use some protection right whether it's VMs whether it's tor whether it's VPNs whatever your preference is but whatever you normally do to kind of keep yourself safe we are going to these shady shady sites you absolutely want to be doing it when you're doing the style of work distributed denial of Secrets if you haven't heard of it it's kind of like a WikiLeaks slightly classier cousin but they've been having like a lot slightly they've been releasing like a lot of really really good data or links lately this is a one they recently had so copies of the servers from the Cayman National Bank when a bunch of you know wealthy Russians were storing their money and kind of doing some shady stuff and when they say copies of the servers no they mean copies of servers so if you look at the actual data here look at that like that is ridiculous that is their exchange server that is their domain controller their database server like everything right there these are some massive massive data sets that you can find sometimes with this breach data and depending on what style of work you do this may be very very interesting to you or not interesting at all but it is data that is out there just sitting on the Internet just not indexed in Google clearly if you're searching for kind of some real-time stuff you kind of have to get lucky this isn't automatic but very very commonly people that host this data right and also put it on their own server in their house or their own personal Dropbox so the most common place where people usually host data in this breach data is megaupload right so shout out to a chem comm with the of Omega is a very very popular place so if you're searching for links that are mega dot and Z and then just like the word leaked on Twitter you're gonna be able to have some luck and right here you see someone that actually has a link right there to download a million and a half users Facebook data leak and will actually see that in the screenshot that we had later today but once again it's not just gonna be leaks here you'll see like a lot of animated porn and other types of things for some reason you'll see some weird things but this can be one way maybe sometimes to get some of the hot off the press leaks torrents hordes are fantastic if you can get them you can't always but here some of the there was some leaks will talk about combo lists later on but the collection some of the a massive massive leaks that were out there all the time so here you can see collection one this thing compressed is still over 36 gigs and that's gonna be a really really tough download if you're trying to get that from the dark web or something else I had to download like over 300 gigs from the dark web a couple months ago that was a painful experience that was not a fun thing so if you can clam onto a torrent for some of this collection data or some of the larger data sets you're gonna have a much better time raid forums raid forms right yeah a lot of us maybe it played around in here before this is one you can there's a lot of data here you can see some of the data that they have you can buy little credits used to get them from posting now it's that kind of you can buy some little credits you can use it to download different datasets if you're looking for something specific the forms here actually a hoot to read sometimes especially like the sections where people are looking for data because sometimes are things you can kind of make sense like sometimes people like I'm looking for Spanish telecom data or maybe I'm looking for UAE banking info like alright player ok I can see maybe where you're going with that what you want sometimes something just blows your mind I remember recently I just started laughing and it was someone's like hey I'm looking for a list of people that have committed white-collar crimes along with where they serve their time and when they served it like dude like you know like damn like I want to talk to this guy like what do you have going hey what you think what's your thinking like you can kind of start forming the scam in your head and kind of honestly I wanted to be a part of it but yeah you're just sometimes specifically right so think about this if you're doing research on a target you put the email into how Ivan ponents data sets and that the data sets are there I'm not saying to support this ecosystem like I said some people start to get really a you shouldn't do that I'm not the morality play so I'd be the worst morality police ever but I mean there's a whole large data set there that you can go easily acquire if you felt so Len or like I said just the forms for the entertainment value alone frankly so if you found some of this data if you found some stuff interesting to you now what do you actually do with it right when you download this massive massive data set because honestly a lot of times it's gonna be too big to open up in Excel or notepad or notepad plus plus your the things that we normally use to look at data so usually what I do is I'll just take a really really quick peek from the command line so I'll put it in directory then I'll go in there for Linux at ease Linux right it's a straight up cat the name of the file starts spitting it out to the screen if you use Windows it's actually just type type the filename windows and start looking at the raw data right as it starts scrolling by the screen you can just a very very quickly hit control-c kind of get a view for the data see what it looks like what fields are in there how its formatted you know you know do that is there anything separating the phone numbers or anything like that and get you a feel for what the data looks like is like I said a lot of times it's too big to open and are true programs if you were looking for one thing specific like I remember one time I got ahold of a mass of like hot-off-the-press the day it hit leak and I was talking to a buddy of mine he's like hey he worked for Booz Allen he's like hey are there any of our emails in here I'm like yup a couple hundred just scrolled by right in front of me and how we can do that right on Linux most people that use Linux they know grep so we can cat the file name then pipe to actually take the results and force them through grep - I makes a case-insensitive and then the key word we're looking for and so in this case you can see I actually I only want to see results from results that have LaQuinta comm and the line and people that'll use Linux like I said no grit but most people that use Windows don't know Windows has the same thing so we can do type filename to spit out the contents of the file to the screen but now we pipe it to send the results somewhere else fine string is what that is - I once again case insensitivity I don't care about case and then the key word that we're looking for and so once again instead of seeing this massive massive breach data scrolling by way to quit to see I'm saying I only care about results that have LaQuinta comm and the name Liz what's likitha in English what's likitha in English you supposed to Deniz yeah all right this is a blog post I wrote a couple months ago a day to hit the internet right and it was all from iron March it was like Nazi it's like real Indiana Jones Nazis just someone disagreed with you on Twitter so you called him a Nazi like real actual Nazi Nazis and so a lot of people do in OSA we're kind of playing with that data and so it was one of those things I was actually talking to a buddy of mine who's in the back row here about them hey you know what cool there's actually a forensics tool that can really really help us with this because in this room I Karen tu I'm not the only one that works in my day job in an environment where I get asked something and like I have minutes to answer like the time that I have to answer this question is in minutes not days or weeks and so this tool called bulk extractor can really help us out and it's a very very simple tool it's a digital like I said it's designed for digital forensic the crickets are going off but it's amazing innocent as well so what it does the uses something's called strings right just to suck out all the text from a file even it's like an executable it can suck out all the text or it's some weird funky format like an exchange database per se but it tries to suck out all the text and then it uses regular expressions like hey if you see a group of letters or numbers and they're an ampersand then another group and then a period and some that's an email address if you see it like this that looks like an IP address and so it can quickly kind of suck those out this works like a champ you can stick this on a massive file on a hard drive image and it will go through and it will run it very very quickly and kind of suck out some of these key word selectors and so even if you have this ball of data that you're not exactly sure what to do with and it's like kind of a raw sequel dump and you're sitting there just kind of looking at it like yeah really know what you do but just quick down and dirty what I use you're referred to is your smash-and-grab just a smash-and-grab selector extraction sick bulk extractor on it go pour yourself something to drink when you come back it'll probably be close to done and then you'll have all the phone numbers all the emails everything like that it's not a hundred percent it's not perfect but like I said if you work in an environment where a lot of times you have minutes to answer questions not hours or days this tool is fantastic I really can't say enough good things about it so also years ago in a forensics class I heard about a file called or excuse me a software called agent ransack they didn't let you search through like hard drives everything else for files very very quickly and it's free and it's fantastic the company that makes that though they make a free version or excuse me a professional version called file locator Pro it's $60 and whenever I talk about a technical topic I always try to give free resources like I hate giving paid resources it just really pains me but file locator Pro here one of the things that it has the free version doesn't you see there the second one from the top indexing and when we're dealing with breach data indexing is fantastic and we use indexing all the time and we're doing forensics and what an index does is it lets us trade effort and storage space now in exchange for much quicker search results in the future right so take a quick look at the math I have eight hundred and twenty-six gigs of raw data and that is only one data set searching that for a selector like an email address or a phone number takes about 50 minutes that's not tenable that's not reasonable so if you start thinking that's one data set now imagine if you have terabytes of data a bunch of different data sets and it's not one email I'm searching for words twelve emails like that's out of control and that's not usable right the whole weaponizing the Deep Web what the weaponizing is is how do we actually make this data usable if you're a database guru if I can give you a bunch of like disparate data from different database dumps and you're like yeah I can just take that I can dump it into an AWS box I can get that in a database no problem knock yourself out it's doable like I've seen it done the best software engineer I know did it i sat there and watched her do it it was a pain in the butt because data's format a different ways all of a sudden the hash goes from one format to another you're like what format isn't that even it can be done but it's a pain in the butt my method is lazy AF totally totally lazy and then it actually makes it usable and so now instead of a selector search taking 50 minutes you just banged off an index job the indexing job took about two days to run and it took up an extra 73 gigs of space spoiler alert hard drives are cheap like I got an 8 terabyte drive full of this stuff it's like a hundred and forty bucks right I'll trade the storage space all day but now that I've taken two days of effort to index the data and now that I'm willing to give up another 73 gigs of storage and size my searches take about two minutes now instead of 50 minutes and now I have something that's usable right now I can take something that's giving me results back in like 15 minutes maybe half an hour instead of a day and it was a heck of a lot easier I wrote a blog post yesterday so I posted it on my blog the link to this this github page has a link to it if you want to go check it out I'll have links and stuff at the end as well to download my presentation everything else but I didn't really that file locator Pro I don't like the user interface I love the fact that for $60 it lets me index the data instead of like a multi $1,000 forensics program but the user interface has a few issues the program itself has some EEO secrecy's which is why with the blog post that I did we'll talk more about that in a second but what I did is I wrote like a Python wrapper for and I just call it hunts an inside joke as to why but now I can just give it a text file full of selectors email addresses phone numbers whatever it is just push and go I can go do whatever it is I want when it comes back it actually takes the results it runs it on the command line and it gives me a nice neat HTML report that has all the results that any results in there are made bold so you can kind of find it easier because sometimes a date a little bit ugly but it just makes this even more and more usable like I said even if I have a big list I can fire it up go home come back in the next day and kind of pour through the results also I have two lists of indexes in there I kind of talked about this in the blog post I have one that searches everything that I have and I have one that only searches data that has phone numbers in it so if I'm searching phone numbers through that I don't want to waste my time searching data sets that don't have phone numbers in there so like I said it's ugly ugly Python code it's only like 50 lines it's very very rough but it does a really really good job of kind of just making the process really really easy and spitting out a user report well it's funny is the Python is a really really short program but it still takes up 55k and you're like what it's because I've got one line that's a mile long and what it does is it actually takes the old Nintendo duck-hunt logo and puts it at the top of my report I have that kind of base 60 because I'm an eight-year-old and I'm immature and it makes me it makes me laugh when I see it so now the fun part right we saved it for the end like responsible mature adults how can this actually help me the easiest sell of all is the pen tester Red Team easiest sell by a mile right figuring out user accounts for an organization what they're like kind of user login looks like their email format looks like and then trying to guess passwords fundamental part of all offensive operations spoiler alert people tend to reuse their passwords right we see this everywhere we go humans are unbelievably predictable and I absolutely love it there used to be a service out there called pwned list it was really cool it's like hey you know what I want to go against like Cisco or I want to go against you know mitre whatever it is and you could go to them they charged a ridiculous amount of money like it had a comet in it and there was more than one digit to the left of the comma but then they would give you this basically breach data and like here you know 1300 emails and passwords associated with that organization like oh did the organisation get hacked no all right because our users and our internal work emails we use those for things all over the internet so you use it to like buy a book somewhere the publisher gets popped and now that's how you have this email password since people reuse it you know we see that those can be very very usable I think they are out of business I think they're no longer around but the good news is you can do it yourself now very very easily right so here I kind of ran through I just look for Tesla calm when I'm teaching like sans classes or technical classes on a web hacking I'll always always use Tesla as kind of the example just because they have a bug bounty that I'm signed up for so I'll use it so here you see or just picked one or random Tesla and their password is viewsonic one if you think about it this is actually an amazing password because all the social engineers are trying to look for what posted notes under monitors they skip the post-it note and the monitor itself is actually the password it's actually effin brilliant it really really truly is so yeah this is some next-gen stuff right here yeah and if anyone here is played with this before you will realize how much of an achievement it is to have like 30 passwords here without one of them being offensive it's not easy it took me a while to find this screenshot I'm not gonna lie alright so probably not a whole lot of pen testers in here blue teamers though right how can it help us blue team kind of threat intelligent a little bit closer to what a lot of us do so yeah fake accounts everywhere think about this yesterday I was actually researching a gmail address and it was a valid email that this person used and I was able to tie it to them on Facebook and several other services I put it into have I been poned to see what breeches they were in and they actually weren't in any and I was stunned I'm like whoa think of how rare that is for those of you that have played with how have I been pwned think of how rare it is now if you have an email account like a Gmail or whatever it is that you use is your primary account those damn crickets whatever it is use your primary account if you haven't been in a breach are you even real like you're even doing anything is that really your primary email that you're using it LinkedIn and MyFitnessPal and everything else and so financial institutions actually love breach data because when you're sitting there and you're writing an algorithm trying to way is this a real person or is this a bot someone that's trying to mess with me if this email account doesn't show up in the breach data that's a point in the negative favor right it doesn't automatically mean it's a BS email but that's absolutely a point in the negative I'm calling BS on this being a real person and so that's one way that this data is kind of help protecting some of our organizations that are out there have I been pwned one cool feature they have is monitoring for a specific domain so if I got the rights to heard in widgets calm that was my company all my emails great and I could prove - have I been pwned that I owned Herndon widgets' calm then I can tell them hey anytime you get uni new results from Herndon widgets com email you know letter brother no suite that's fine and dandy but what if I run a service and people can sign up with their service for their gmail or hotmail or their work email whatever it is they have I can't monitor that haven't been pwned isn't helping me anymore right I can't give him a list of all my users and tell them to let me know a they don't do it B or legal would never let you do that it's not something you would want to do but there still is a lot of usefulness in being able to check a breach data against your user accounts I was working with an organization a few months ago they had a massive amount of accounts taken over and it was like you know what give me like two dozen just give me like two dozen of your accounts that have been taken over cool okay was this person's password this they go calculate the hash yeah this person's password this yeah okay give me one more this one's this yeah they're all from collection one everything we were seeing was all from collection one it was out of there right so reasonably now you're started thinking we'll shoot I should probably scan for any more emails of my users that I have that are in collection one calculate the hash if they match up I should probably you know have them roll that password I need to have them create that and kind of make a new password so it's up to you when you're legal if you can actually action on that but that's one way that a lot of organizations once again are using breach data to kind of help improve their overall security posture so if you want to do that yourself you said have I been poned is there really gonna help you if people are using other emails to sign up for your service you can either pay a third-party vendor there are some out there they are not really cheap but they do a good job to do it or you can do the style that we're talking about right here and kind of roll your own to do your search and kind of figure out I mean if you don't think that a bunch of your accounts start getting popped and being able to see the source of where those pops are coming from if you don't think that has a lot of value I think it absolutely does I think it's pretty clear OSINT analyst writes the Oh since summits talk about Osen analyst and how it can kind of help us and use it there this is a fun one so we heard it talked about earlier right to search my contacts for friends method you fire up an android emulator throw down phone that you got on eBay whatever it is you take that you got your targets phone number you're looking forward you put that as a contact on your phone and then you go to snapchat and you go to all these different you know whatsapp telegram a I'm new here help me find friends you know as part of my day job I teach like over a thousand people are hero sent to government and military and law enforcement all over the place that is a tried-and-true technique that works like a champ usually for anyone who's been playing in this space right about the last five months we have seen a little bit of weakening in this and we've seen it from who Facebook and Instagram and Facebook and Instagram now it's kind of like a little weird you kind of got to go to know the network and kind of let it simmer there's some idiosyncrasies there and they're not gonna come out and say why that they've made some of the changes that they made but you can kind of put two and two together and when these changes started to occur about five months ago what did we see about that saying I'm right Facebook boom they found like 264 million users data sitting out there on the web and as you start seeing some of these massive breaches or clearly people are using things like API weaknesses to enumerate users and their information next thing you know Facebook really kind of locked down a lot of the things that a lot of us were using so like I said the technique itself overall is still a champ and it's still worth knowing and doing but in Facebook and Instagram now it's gotten a little bit weaker we saw earlier though man it's only 1.5 which is only a drop in the bucket of total Facebook users but there was actually raw Facebook data sitting out there so let's take a look at some actual some of the Facebook data from some of these leaks obviously I have blurred out 99% of this but I've blurred out most of Conny stuff I have blurred out or full Facebook username I have blurred out her phone number that you can still I left enough to see that it starts off with seven-one-seven I blurred out that she has an AOL email which shows she's very tech savvy you know we can still show she's born in the 70s because she said last time she had been on before this data was done was Tuesday you know February 2019 I've blurred out most of them still you see enough of a teaser yeah there is plenty of raw data there and it doesn't have to be data from Facebook itself right it can be Facebook adjacent xanga the company that makes all the games that everyone plays on Facebook they got popped a while back and that date is out there and actually really really easy to find right now if I put my boss's cell phone number through there there's this name there's a Z gmail address there's you know information about I was like I said it doesn't even have to be Facebook itself it can just be kind of Facebook adjacent combo lists as you start doing this you will see the nomenclature of kind of combo lists you're wondering out what is that so we're talking about breach data where it's like okay organization gets popped the data's out there this organization gets popped that's out there what people will do people that only care about that don't have any oh cent value people that only care about trying to use the valid passwords to crack into services like Netflix or banks or whatever weird crazy thing they're doing they will put together massive combo lists that are just combinations of emails and passwords with all the other data stripped away people that are just wrong user for password cracking love for us as ocean analysts we hater it's mildly interesting to me but I'd rather have the raw data but it is still mildly interesting to you passwords itself right can still be something interesting to you a while back I was looking at some telegram user pretty sure they were Russian and the as I take the username and I go to search it through the breach data I'm looking through the results and I actually had that user named on a hotmail account and the password was a super nerdy like Marvel comic book reference and I'm like alright that's not my Russian thread actor right this is not their password I'm scrolling down through the results I find two dot ru email addresses both with that same nerdy password I'm like I'll be damned I stand corrected yeah so now once again I'm not sure if this is the same person but at least these three accounts I now strongly know those are absolutely tied of the same person with that kind of nerdy unique password so even something as mundane as a password can sometimes be useful but obviously the raw data with more information like user name IP address is much more handy at what we're looking for alright forensics practitioner this is probably the this is the if he is one like I said I'm not the morality police but this is kind of the one where it's like alright we're pushing the line a tiny tiny bit I could easily stand here and play the password card I can play that card today all day long and I could sleep well at night right people reuse passwords we need to know that a couple months ago I got a hard drive that had a backup of an iPhone on it and a backup of an iPad trying to crack it with four digit passwords on both nothing trying to crack the iPhone 6 password nothing tried to crack the iPad with a six digit password God in like woo okay what do I do take the passwords from that for their Wi-Fi networks from their websites grab all the passwords from that then go to use it on the iPad like 10 minutes later I was in the iPad I even did a nice little dance at my office there was a witness here who's in the back row right now and I was super happy so people reuse passwords and so heck yeah right if you have like a file or a laptop or something tied to an individual and you know that individuals email searching it through there to see what other passwords they have totally valid totally valid technique that's not where I decided to go so I decided to go someplace way shadier all right I decided to talk practice right for the four sports fans in here who know who Allen Iverson is and get this reference practice think about this so many people doing OSINT did analysis is that iron March data when it you know was out a couple months ago all sorts of people that write-ups on it no one cared they're Nazis all right you kind of forego all of your rights when you become a Nazi it it's just kind of a publicly assumed thing no one has any problem with forensics companies with ediscovery data is using things like the Panama papers to demo their products right within Ron or like the data from like you know the Russian bank accounts like no one has any problems like listen you were shady people doing shady things so somehow now magically your data is all public domain and people just kind of go accept it and have no problem with it think about the forensics practitioner you want to practice mobile device forensics are I've got some stuff out there memory forensics cool there's memory dumps out there there's images out there you can download from CTF so you can have a good time where do you practice parsing a domain controller where do you practice Parsi an exchange server and trying to get all the emails out of that or searching that for information you're not going to be able to go to a corporation just asking for a copy of their server normally that can be a very very tough thing to practice so if you're testing your tools if you're calibrating the tools I hate to say it but thank you back like 20 tides ago to when we started when we're sitting there looking at a sequel server database an exchange server a domain controller like all of these servers that have been copied right there and like I said this is the one where I'm not the morality police work it's like as I start talking to people like hey what do you think about breached it it's fairly you know fairly universal if ya know I think I'd be useful you know use responsibly everything's good when you start what do you think about using it to practice your forensics it's like like no one really wants to answer and I get it but it can be there and the reason why people are like yeah right it can have a lot of sensitive data for example right there right this is from one breach that was out not that long ago and you start seeing things like terminated employees salary changes like that's awkward some of the data that leaks out sometimes very very kind of awkward to deal with so I am about out of time now and I know they're doing a podcast behind me this slide deck if you want to download it it's right there just a bit Lee I set it up there's my Twitter if you want to follow me on Twitter I think it's like 80% tech 10% baseball and 10% alcohol so yeah seriously though like I said I know I'm about out of time we're running low on that and they have a podcast coming up but if you want to hit me up I'll be the tall you drinking bourbon at the bar after this all right thank you very much [Applause]

Info

Channel: SANS Institute

Views: 13,079

Rating: undefined out of 5

Keywords: sans institute, information security, cyber security, cybersecurity, information security training, cybersecurity training, cyber security training

Id: eLL6BPKvwlg

Channel Id: undefined

Length: 33min 52sec (2032 seconds)

Published: Mon Mar 16 2020