The Grugq, a distinguished expert in the realm of open-source intelligence (OSINT) and cyber operations, elucidates the intricate interplay between information warfare and contemporary security challenges. He articulates the notion that during times of conflict, traditional rules governing cyber operations, such as deniability and stealth, become markedly less pertinent. Instead, the focus shifts towards achieving mission objectives without the necessity for concealment, as the stakes escalate in the context of warfare. Throughout our discourse, we explore the evolution of cyber tactics, emphasizing the shift from sophisticated methodologies to more rudimentary yet effective tools, reflecting a pragmatic approach to cyber engagements. Ultimately, our conversation serves as a profound examination of the current landscape of cyber warfare, underscoring the necessity for adaptability and a nuanced understanding of operational security in an era marked by rapid technological advancements and shifting geopolitical dynamics.
In this episode of the Security by Default podcast, host Joseph Carson engages with the Grugq, a cybersecurity expert and PhD student, discussing his journey into the field, the evolution of cybersecurity practices, and the complexities of information warfare. The Grugq shares insights on anti-forensics, the importance of understanding human behavior in cybersecurity, and the current landscape of cyber warfare, particularly in the context of the ongoing conflict in Ukraine. The conversation highlights the challenges and changes in the cybersecurity field, emphasizing the need for clarity and understanding in a chaotic information environment.
Takeaways
- The Grugq’s journey into cybersecurity began with a Unix book.
- He transitioned from internships to freelancing in cybersecurity.
- Moving to Thailand helped reduce living costs while consulting.
- Understanding anti-forensics is crucial for effective cybersecurity.
- The rules of cyber warfare differ significantly from peacetime operations.
- Information warfare involves changing how people interpret information.
- The Grugq emphasizes the importance of human behavior in cybersecurity.
- Staying updated in cybersecurity requires monitoring current events and engaging with experts.
- The evolution of cybersecurity tools has made it easier for new actors to operate.
- The Grugq’s PhD research focuses on the realities of cyber warfare.
Additional Resources:
https://x.com/thegrugq
https://github.com/grugq
Engaging with the multifaceted realm of Open Source Intelligence (OSINT) and Cyber Operations, this podcast episode presents an erudite dialogue featuring The Grugq, an esteemed expert in the field. The conversation is initiated by the host, who invites The Grugq to share his origin story, tracing his journey through the labyrinthine world of cybersecurity, beginning from his formative experiences with UNIX systems. The Grugq elucidates how he transitioned from being an independent security researcher to an academic, currently pursuing a PhD focused on cyber warfare. This episode delves into the complexities of operational security, the principles underpinning successful cyber operations, and the significance of understanding human behavior in the cybersecurity domain. The discourse further explores the dynamic interplay between OSINT and cyber operations, emphasizing the critical importance of meticulous analysis and strategic deception in contemporary cyber warfare. The Grugq articulates the evolving nature of threats in this space, and how adversaries utilize increasingly sophisticated techniques to obfuscate their activities. Throughout the episode, listeners are afforded a unique glimpse into the methodologies that underpin effective cyber operations, highlighting the necessity of adapting to the ever-shifting landscape of cybersecurity. Amidst the complexities of the cyber domain, The Grugq offers profound insights into the ethical implications of cyber operations, urging practitioners to consider the broader ramifications of their actions. This episode serves not only as a repository of knowledge but also as a call to action for cybersecurity professionals to reflect on the ethical dimensions of their work. By the conclusion, listeners are left with a rich understanding of the intersection of OSINT and cyber operations, equipped with the knowledge to navigate the tumultuous waters of the cybersecurity landscape with greater acumen and awareness.
Takeaways:
- The Grugq emphasizes the importance of understanding the principles of operational security and their historical context in the realm of cyber warfare.
- In the discussion, we explore the evolution of cyber operations, highlighting how the dynamics of war have shifted the focus from stealth to achieving mission objectives.
- A key takeaway is the recognition that modern cyber actors often utilize pre-existing techniques rather than creating new ones, complicating attribution efforts in cyber incidents.
- The podcast delves into the significance of information warfare, stressing that the ability to manipulate perceptions is as crucial as the actual data being presented.
- The Grugq shares insights on how the principles of access, humanity, and economy underpin successful cyber operations, framing them within the context of both offense and defense.
- We discuss the blurred lines in modern cyber conflicts, where traditional rules of engagement may not apply, particularly in ongoing large-scale cyber warfare scenarios.
Transcript
Hello everyone.
Speaker A:Welcome back to another episode of the Security By Default podcast.
Speaker A:I’m the host of the show and I’m really excited about being here again with all of you to share some, you know, what’s happening in the world.
Speaker A:A lot of great thought leadership, a lot of experience and knowledge to share with you.
Speaker A:And we live in a world of chaos and this show is really to bring clarity to that chaos and also to make sure that the world that everybody has access to security and knowledge and experience.
Speaker A:So it’s really bringing you all those ideas.
Speaker A:And welcome back to another amazing, awesome guest who’s been on a previous episode, previous show before.
Speaker A:So welcome to the group.
Speaker A:Do you want to give like you’ve been on before?
Speaker A:So, but I think for the audience just give a bit of a background.
Speaker A:What’s your origin story, how you get into this industry?
Speaker A:Did you choose it or did it choose you?
Speaker A:And what’s some of that journey along the way?
Speaker B:Yeah, sure.
Speaker B:So I’m the grug I these days, I’m a PhD student as well as just my sort of regular independent security researcher type stuff.
Speaker B:I started out, so when I finished high school and I didn’t, like, I wasn’t going to college, I didn’t really know what to do.
Speaker B:A friend of mine was like, well, you know, so this was in the late 90s.
Speaker B:He’s like, well, if you, if you don’t have a job, you don’t have a college degree, you’re going to have to learn how to use computers because that’s where, that’s where all the jobs are.
Speaker B:He gave me a book called something like Introduction to Unix or like UNIX in the Workplace.
Speaker B:And so I sat down and I read this book on Unix and I didn’t have a computer and like.
Speaker A:So you read the book without the computer?
Speaker B:Yeah, yeah.
Speaker B:So I read the book and then I saved up money from the jobs that I was doing at like the cashier and stuff like that.
Speaker B:Bought a computer.
Speaker B:Then I was like, oh yeah, time to do this UNIX thing.
Speaker B:And it showed up with Windows, which was very confusing.
Speaker B:So my friend’s like, oh yeah, yeah, yeah.
Speaker B:Like just install Linux and like you can.
Speaker B:So this was way back in the day.
Speaker B:He’s like, yeah, you can, you can adjust the partition table so that you preserve the Windows and then you’ve got Linux on the other end and as long as you don’t do anything stupid, it’ll be fine.
Speaker A:Yes.
Speaker B:So obviously I did something stupid because I had no idea what I was.
Speaker A:Doing, got corrupted.
Speaker B:Wrecked everything.
Speaker B:But anyway, I figured that out a bit.
Speaker B:And then a few months later another friend was over and we had found a bunch of these computers on the sidewalk, like someone was throwing them out.
Speaker B:So we rescued them and as we were carrying them back to his car, we were talking about Linux.
Speaker B:And we walked by this house and this woman on a porch just goes, excuse me, excuse me, do you know Linux?
Speaker B:And we’re like, yeah.
Speaker B:And she’s like, here’s my card, call me.
Speaker B:I work at this company and we’re looking for a couple of interns.
Speaker B:And so like we call, you know, the Monday whatever we call and they say, yeah, like come in for an interview, we’re looking for interns.
Speaker B:We show up, they, they do some like really basic stuff like, do you know computer?
Speaker B:Are you interested in technology?
Speaker B:All this stuff.
Speaker B:And we got hired and the internships that they were looking for was they wanted two people to learn how to do red teaming to hack the infrastructure.
Speaker B:And I helped them set up this red team.
Speaker B:So like that was our job for the summer, was learn how to hack.
Speaker A:That’s a lot of fun.
Speaker B:Yeah, yeah, it was brilliant.
Speaker B:Like, we left and we were like, I can’t believe this is my job.
Speaker B:I can’t believe they’re paying for this.
Speaker B:But you know, like they had a mentor guy.
Speaker B:Like they had experienced people, but they, they were having him train us to do this work so that they could, you know, have more people on.
Speaker B:Anyway, so that’s, that’s how I got started.
Speaker B:I worked for them for a few years.
Speaker B:Then I went to the uk, started working for At Stake, stayed there for a little while, left.
Speaker A:I think many of, many of us have had some crossover across paths with At Stake.
Speaker A:Yeah, it was, it was that semantic at the time when At Stake was or we both required very similar time.
Speaker A:Like I was like run the same:Speaker A:And so many of our, all of our paths at some point came either through At Stake or people connected to it.
Speaker B:Well, yeah, I mean back then that was sort of the only game in town for a while, right?
Speaker B:It was that’s sake.
Speaker B:And then Symantec was, you know, huge.
Speaker B:So anyway, so I worked there for a little while.
Speaker B:Then I did a startup doing host intrusion prevention, which is now edr.
Speaker B:Yes, it’s the same sort of stuff.
Speaker B:Then left there and I moved to Thailand because I did not like living in London.
Speaker B:A very, very different world.
Speaker B:But I mean the.
Speaker B:So like the big thing was that after I left the startup, I Was like, I’ll just do freelancing.
Speaker B:I didn’t.
Speaker B:I didn’t really know very much about how to do consulting and stuff like that.
Speaker B:Yeah, like any other things, like, you send an invoice and it gets paid at some point very far down the line.
Speaker B:Like, not.
Speaker B:Not like same day or, you know, a couple days later.
Speaker B:But when.
Speaker B:When I moved sort of into London proper, I’d just done a few days consulting with a company where I’d be getting, like, €1,200 a day.
Speaker B:So I was like, okay, well, if we estimate that I do, you can do like 20 days in a month, which is, you know, say 20,000.
Speaker B:I don’t need to work every day.
Speaker B:Let’s say 15.
Speaker B:So 15 days in a month, I get, you know, 50,000 put away five, got 10 to live on.
Speaker B:So let’s spend like 3,000 on rent.
Speaker B:That seems completely reasonable given my projected earnings over the next whatever.
Speaker B:And so I didn’t get 15 days per month.
Speaker B:I got three days and three months.
Speaker B:Substantially different.
Speaker B:So I was running out of money far, far quicker than I’d anticipated, which meant that staying in London was no longer viable.
Speaker B:And so moving to Thailand, where it was like, you can reduce your outgoings by 90%.
Speaker B:That was.
Speaker A:It’s a big difference in cost of living, for sure.
Speaker B:Huge.
Speaker B:Plus, like, the weather.
Speaker B:And I wanted to move to Asia, but it was like, Singapore is very expensive, and money was already the issue.
Speaker B:Hong Kong, similar.
Speaker B:Bangkok is well situated in that.
Speaker B:There’s a good transportation hub.
Speaker B:It’s got good Internet.
Speaker B:It’s got good access to, like, you can go to Laos or Burma, and you can have decent stuff in terms of cost of living, but technology is very far behind and so on.
Speaker B:So Thailand was a good, like, intersection of all these things.
Speaker B:And I’ve just kind of been here ever since, sort of bombing along and doing my own thing.
Speaker B:It’s gotten slightly better at consulting since then.
Speaker B:Couldn’t get much worse.
Speaker A:So, you know, hopefully you figured out the invoicing and expensive.
Speaker B:Yes, yes.
Speaker B:And, yeah, that was.
Speaker B:That was a little bit of a shock where it’s like, look, like I.
Speaker B:The first invoice I sent, I was like, hey, man, in a. I kind of have to pay rent in the end of the month, and it’s the 27th, so anytime soon, you know, if it’s not too much trouble.
Speaker B:And he’s like, usually we pay in at 45.
Speaker B:And I was like, what does that mean?
Speaker B:Like, 45 minutes?
Speaker A:Is that.
Speaker A:I think when I got it When I started my own, own company as well, I had this.
Speaker A:I was like, okay.
Speaker A:I tried to do it all myself I think for almost six, six months to a year.
Speaker A:And I decided, okay, let the accountant deal with that because they’re way better at asking and, and understanding the terms.
Speaker A:Because I was wasting a lot of.
Speaker B:Times just chasing people when it’s like hi, I sent you an invoice.
Speaker B:Did you get it?
Speaker B:Because it’s like it’s been two months so I’m pretty sure you got it like at least the three other times I sent it.
Speaker B:So it would be kind of cool if.
Speaker A:So I mean you started from reading a UNIX manual.
Speaker B:Well, it wasn’t a manual, it was a, it was a, it was a book.
Speaker A:And it was very much like, yeah, yeah.
Speaker B:So it’s like, you know, welcome, you know, congratulations on your purchase of the UNIX whatever system.
Speaker B:And it was very much.
Speaker B:It’s like you will start out with a login.
Speaker B:Here’s how you log in, you know, here’s how you, you know, list the directory, the, the files in your current directory.
Speaker B:Here’s what you know, how do you change directories?
Speaker B:How do you make it so like all of this stuff.
Speaker B:And I was like this is fucking amazing.
Speaker B:Like this is so great.
Speaker B:This is like wow, like I want this thing.
Speaker A:It’s like everyone else is off reading all like in a traditional, you know, English books.
Speaker A:I have a very similar.
Speaker A:Because when I, I struggle with reading, you know, like what you had to read at school and I love manuals.
Speaker A:It’s like, okay, I’ll read all of that, you know, use the fridge, how to install.
Speaker A:So for me they were more, I guess I related more with like the logic and the understanding and the commands and the kind of interface and stuff.
Speaker A:So, so very similar.
Speaker A:Kind of like understanding is like I would love.
Speaker A:I’ve switched it now.
Speaker A:I still do, I still do very technical manual kind of or how to books but I do try to read a little bit more philosophical.
Speaker A:Philosophical or even like educational type of like you know, way of life books and stuff.
Speaker A:So I’m trying to balance between the two because I know you just can’t do.
Speaker A:Do it all by one logical method.
Speaker A:So what from that UNIX and you got into red teaming kind of.
Speaker A:What was the path afterwards?
Speaker A:What was your passion?
Speaker A:Which area did you really enjoy out of all of those areas?
Speaker A:Because it can get very broad.
Speaker A:You can get a very broad.
Speaker A:This industry.
Speaker A:There’s so many areas you can get into.
Speaker A:What was your passion?
Speaker A:Where does it lead you to.
Speaker B:Right.
Speaker B:So I mean, the thing is, back then it was small.
Speaker B:Like it was big, but it was small enough that you could actually do everything.
Speaker B:Like you could, you could know like all of the systems you needed to know.
Speaker B:You could know kernel stuff, you could know application level stuff, you could know networking, you could like all the defense, like forensics.
Speaker B:It was just like it was all small enough that while you could specialize, you could be a generalist still.
Speaker A:Yes.
Speaker B:So it was, it was, it’s actually quite weird.
Speaker B:But essentially what happened was way, way back in the day there used to be this guy called Mixter and what Mixer would do was he would take private exploits and he would rewrite them and then publish them.
Speaker B:So it wouldn’t necessarily be exploits, would be tools and things like that.
Speaker B:And one of the things that my mentor had taught me when I was learning was that.
Speaker B:So there’s sort of two things.
Speaker B:One was aspire to subtlety and the other one was, you know, what’s interesting is not getting on the box.
Speaker B:It’s what you do after you’re on the box.
Speaker B:And at the time, being young and dumb, I’d understood it very literally as a. Oh yeah, it’s like after you gate access, do you install a rootkit?
Speaker B:You know, how do you, how do you ensure access?
Speaker B:And so like that’s sort of what I was thinking about.
Speaker B:And this guy Miggster, he had released a thing which basically what it did was it opened the RAW disk device like dev SDA1 and then it went every 8k bytes and it overwrote a bunch of bytes with zero.
Speaker B:And the idea was that you’d kind of point it at a disk and it would overrun stuff and maybe it would hit some inode UID section and convert a file into a root owned file and then you could, you know, get a root shell.
Speaker B:And I was like, that seems dumb because it’s like the file systems, it’s structured right.
Speaker B:Like there must, there must be some way of understanding this.
Speaker B:So I sat down and I was like, I’m going to learn how file systems work.
Speaker B:So I started learning.
Speaker B:This was ext2.
Speaker B:Like we didn’t even have ext3 back then.
Speaker B:So it was like the ext2 file system.
Speaker B:And I, you know, spent a long time learning that.
Speaker B:And I was like, okay, well this doesn’t seem particularly useful for hacking, knowing how file systems work.
Speaker B:Like I could finally write that program he was trying to do, but you know, correctly.
Speaker B:And then I was in, I was in a course on like as a training for, for red teaming stuff.
Speaker B:Just some, some hacking course.
Speaker B:And in talking with the instructors, something came up about like, like hiding yourself or like doing, doing something on the box.
Speaker B:And I suddenly like, hey, why don’t I do anti forensics?
Speaker B:Like, why don’t I look at how to not be detected?
Speaker B:Like, if I was going to do actual hacking, I’d want to make sure that, like, I didn’t get caught.
Speaker B:The way to not get caught is to know how to, you know, hide all your stuff beforehand.
Speaker B:Right.
Speaker B:Aspire to subtlety.
Speaker B:So I was like, okay, so I should, I should learn how to do this stuff.
Speaker B:So I sat down and a.
Speaker B:Took sort of what I knew and so I went and I learned forensics because I, if I was going to defeat it, I had to know how it worked.
Speaker B:So I spent years learning forensics and then I started looking at, you know, like, what are the ways that you can interfere with this process?
Speaker B:There was like, there was nothing out there.
Speaker B:No, no one was writing about this stuff.
Speaker B:So I basically, I had to invent a theoretical framework on how to conceptualize different ways of attacking forensics.
Speaker B:So I came up with this framework of understanding.
Speaker B:So first of all, I had to figure out like what anti forensics meant, which was I formulated it as reduce the quantity and quality of evidentiary material.
Speaker B:And it’s like, it’s a, it’s not a very academic phrasing, but I think it captures it a lot better and that quantity and quality, right, because most people look at the, you know, how do I reduce the amount of evidence that’s left behind?
Speaker B:Or how do I make it useless?
Speaker B:But the thing is like, if you, if you reduce the quality, that’s what all this living off the land stuff is these days, right?
Speaker B:Like the, the quality of evidence is useless.
Speaker B:It’s like, oh yeah, they used like CD and LS and GCC and you know, gdb and it tells you absolutely nothing.
Speaker A:And how do you distinguish that between an authenticated normal user.
Speaker B:Exactly.
Speaker A:And a lot of what we tried to do today is from timestamp.
Speaker A:Literally time is, you know, where you really have, you know, an understanding of how user.
Speaker A:What time do they normally use things?
Speaker A:So you can at least pull out little pieces of potential.
Speaker A:But it’s never, you know, Right.
Speaker A:You’re never going to be 100%.
Speaker B:Yeah.
Speaker B:So I mean, the, so there’s the interesting thing from Matt Monti, who, he wrote out these sort of principles of offensive security or like network attack.
Speaker B:And there’s three axioms that underpinned everything.
Speaker B:So one of them is access, which means if there’s data that’s available, there’s a user who has access to it.
Speaker B:Like that’s like axiomatically, it has to be true.
Speaker B:If, if there’s data, someone has access to it, and if no one has access to it, then it’s not data, it’s just, you know, it’s garbage, it doesn’t count.
Speaker B:So as a hacker, all you necessarily have to do is impersonate that person or coerce them or get them to access the data or impersonate them to access the data or whatever, so there’s access.
Speaker B:Second principle is humanity, which is that humans built these systems, humans operate these systems, humans make mistakes, humans get tired, humans cut corners, humans have loyalties other than, you know, to the system, all of these things.
Speaker B:So there’s, there’s this humanity aspect.
Speaker B:And then the third one is economy, which is there’s a budget.
Speaker B:So the people who develop and run this system, they’ve allocated so much money to it, security is some part of that and it shouldn’t be more than it absolutely has to be from their, like, from their perspective, more than the system itself.
Speaker A:I mean, security is there to support another reason, another financial motive, and it should never be within the system.
Speaker A:So you always have to allocate what’s your appetite for risk is what bill thinking and how much are you willing to spend in order to protect the other economy that your business is.
Speaker B:Right.
Speaker B:So like if you, if it’s an enabler, it shouldn’t cost more than the rest of the system because, but, yeah, so, but economy applies the other way as well.
Speaker B:As an attacker, you don’t have infinite budget and infinite time.
Speaker B:For one thing, at some point the economy, like the economics, just no longer favor continuing to attack.
Speaker B:So it’s, it’s similarly, you know, these apply the other way as well.
Speaker B:Like the attackers are human.
Speaker B:Right.
Speaker B:Like there’s people behind them or there’s people directing them.
Speaker B:But anyway, like those are the three axioms of network attack.
Speaker B:And I think that they’re very, very profound and it’s very, very worthwhile understanding them because it gives you.
Speaker B:Just before the show we were talking about, people don’t necessarily get excited by the same things that we do.
Speaker B:As we’ve, we’ve aged, aged up, matured.
Speaker B:There we go.
Speaker A:As a matured.
Speaker B:Yeah, yeah, We’ve, we’ve aged into a deeper understanding of cyber as opposed to grown old.
Speaker A:I think, I think it’s, we also have to Remember, as we were there before, it was all a cyber thing because it was more just systems and misconfigurations.
Speaker A:And mostly it was just like, faults.
Speaker A:You had to deal with lots of faults, you know, traditional system usage.
Speaker A:And so we have, like, sometimes I always say that back, you know, we have a better understanding about the why we were doing things because ultimately we had a bigger picture.
Speaker A:We were doing everything.
Speaker A:And now you’ve got people who specialize in one very specific thing and that becomes exciting for them and they miss that, that time where, you know, and they have a very goal, it’s associated with cyber.
Speaker A:So which comes sometimes is that, you know, we’re the bringer of bad news and.
Speaker A:Absolutely.
Speaker A:I think we’ve just, we just came through a different generation of how we see the systems.
Speaker B:Yeah, I think that’s, that’s true.
Speaker B:Like, I think the, like, part of what was very useful was seeing like the, the renaissance of memory corruption as like new techniques were discovered.
Speaker B:And, you know, you went from these very, very basic simplistic understandings to these much more, you know, now we have a theory of weird machines.
Speaker B:Whereas back then it was like, you know, if you overwrite by 4 by, you can control EIP.
Speaker B:And EIP is like the thing that tells the computer where to go.
Speaker B:And it’s certainly.
Speaker B:It’s gotten a lot more sophisticated.
Speaker B:And, you know, I don’t necessarily think people be better off starting when we did because back then you had to write all your own tools and everything was slow and it was like.
Speaker B:I don’t want to sugarcoat it.
Speaker B:Like, it was quite painful and difficult.
Speaker A:I remember those days.
Speaker B:Yeah, Well, I was like, you know, it used to be like, you’d be like, okay, I’ve got this idea for a project.
Speaker B:You know, I want to.
Speaker B:I want to send arbitrary DNS packets.
Speaker B:Step one, I will write a string handling library in C. Step two, I will write a UDP handling library.
Speaker B:Step three, I will write like a DNS.
Speaker B:Oh, my God, I’m out of energy.
Speaker B:Like, I give up.
Speaker B:It’s been two weeks.
Speaker B:I don’t.
Speaker A:I mean, I know it.
Speaker A:Yeah, I remember like sitting.
Speaker A:We had.
Speaker A:I was doing a financial money market system and one.
Speaker A:One bank was like complaining because one transaction didn’t go through.
Speaker A:And I sat for hours looking at like literally GUID tables and logs, trying to figure out and trying to match.
Speaker A:I think it was like a 256 character.
Speaker A:Good with another one.
Speaker A:And just, just the time you could sit, sit and set up, you know, some sort of Automation for it you can get so far it would ultimately end up being.
Speaker A:It was what Cisco, local directors, they had a flag which is on a sticky bits.
Speaker A:And for whatever reason, certain scenarios, that sticky bit didn’t work.
Speaker A:So one transaction went in one CLD and it went out another one and then they try and match and then merge it together.
Speaker A:And it was so painful.
Speaker A:And we’re laughing.
Speaker A:We were talking about earlier.
Speaker A:I did a hackathon last weekend.
Speaker A:Normally, kind of for me, you know, I’m using mentoring, but I thought, I’m going to get hands on, I’m going to get.
Speaker A:I was shocked at like, you know, the, how many automation tools.
Speaker A:I didn’t really have to do anything.
Speaker A:I just had to tell another agent or application how I wanted it.
Speaker A:And it did it for me.
Speaker A:I just became a prompt person.
Speaker B:No, it’s amazing now, like kids these.
Speaker A:Days, they don’t know how easy they have it.
Speaker B:Yeah.
Speaker B:I mean, back when I was coding, it was uphill both ways through the snow, nine miles before breakfast.
Speaker B:Yeah, but like, it’s true back then things were a lot easier in terms of the complexity of what you were trying to do.
Speaker B:But the tooling you had was so much more primitive that it sort of, it compensated.
Speaker A:Like you had to create it yourself.
Speaker A:That’s the difference.
Speaker A:You have to write it from scratch without knowing any kind of baseline that was out there.
Speaker A:I hated.
Speaker A:One thing I hated was, you know, I used to do basic coding when I started off and I get the magazines with the games in it and I’d be spending all weekends, you know, under.
Speaker A:It was funny, you know, because my, my computer room was under the stars.
Speaker A:I was a little bit like, you know, the old school Harry Potter with a computer under the, under the surge, writing basic code from a magazine.
Speaker A:And then of course you get runtime or line, whatever, and you’re like, what the hell?
Speaker A:You know, like, you know, wasn’t working.
Speaker A:And then you try to like go through, did I miss something?
Speaker A:And then a month later you get the new updated magazine, like, okay.
Speaker A:And it says, remember the one we actually issued last month, this line.
Speaker A:And I was like, oh.
Speaker A:And even sometimes when I’m doing Catch the Flag as well, I still run into those simple things and you’re still going back and like, okay.
Speaker A:You had to know how it worked.
Speaker A:And also those mistakes made you go and realize that when you see it again in the future, it gives you that knowledge about how to go back and identify it.
Speaker A:So it really gives you that fundamental, very basic, like, you Know, getting into even I went back in order to make myself a bit better, going back and looking at disassemble code.
Speaker A:I started writing Atari:Speaker A:Because I think it’s sometimes it is important to have that skill and unfortunately, yeah, absolutely.
Speaker A:New generation, don’t go into that detail.
Speaker A:That’s not the fun part for them.
Speaker B:Yeah.
Speaker B:I mean, so, you know, it was for me before I started programming as well.
Speaker B:Like, I did the same thing that I’d done earlier.
Speaker B:I bought a book called Unix Systems Programming, first edition.
Speaker B:And this was from like, like 89 or 90 or something.
Speaker B:And so it.
Speaker B:It had.
Speaker B:Here is how you use Open.
Speaker B:And then it’ll be like, except on, you know, this sort of version of BSD where it’s got a different thing.
Speaker B:And then except on, you know, AIX where.
Speaker B:So it had all this stuff and it was like.
Speaker B:It sort of taught me how, like, there were different versions of UNIX that had all these subtle differences which now no longer exist because it’s just like POSIX interface is sort of followed by Linux and Linux is all there is, and that’s that.
Speaker B:Not that it’s necessarily a bad thing, but it’s just, you know, back then you did have to have a different understanding of just the details of how things worked, because a lot of the time they didn’t sort of.
Speaker B:It reminds me, like, so very, very, very early on, in one of the, sort of.
Speaker B:The first jobs I had with computer stuff, I was debugging some issues.
Speaker B:I don’t remember what it was at all.
Speaker B:This is 25 years ago.
Speaker B:A little bit hazy on the details, but what I remember is that there’s this one of my co workers who’s not technical, and she was sort of shadowing me to sort of learn a bit more.
Speaker B:And I’m there and I’m like, okay, so I’ve logged in.
Speaker B:This thing’s working ls, you know, CD at this grab, you know, doing all these things, and she’s handwriting out every single command that I’m doing.
Speaker B:And then I figured out what the issue was.
Speaker B:I fixed it.
Speaker B:And she was like, okay, so when that issue comes up, these are the steps that you take to fix it.
Speaker B:And I was like, no, no, not at all.
Speaker B:Those.
Speaker B:Those are the steps I took to figure out what the problem was.
Speaker B:And that’s based on, like, you know, some sort of intuition and some sort of, like, I’ve seen something similar and some of it just like I got no idea.
Speaker B:It’s gotta be in here somewhere.
Speaker B:Like let’s.
Speaker B:When you’re doing grep, you know, var log star and just hoping something shows up.
Speaker A:So you’re hoping that you see something that is, isn’t normal that you normally would see in a regular operator.
Speaker A:I mean kind of like.
Speaker A:And you’re kind of doing that elimina the things that you would typically and isolating it and getting it as narrow as possible.
Speaker A:So when you’re in the, getting into the forensic side of things and the anti forensic side, what, what did you kind of, what where did you go after that?
Speaker A:Have you started looking at.
Speaker A:So what, what’s the other areas that you kind of moved in from then?
Speaker B:So after that I got interested in voice over IP telephony for a while.
Speaker B:It was just that there wasn’t any tooling.
Speaker B:So I got to write some which back then was still interesting.
Speaker B:There’s no documentation on problems so I had to read the RFCs and then think about like what are the things that could go wrong?
Speaker B:How could you attack this?
Speaker B:What would you look for?
Speaker B:So there’s a lot of that for a while I did that for a few years.
Speaker B:Then I switched to doing GSM for a while which like switching to mobile was again it was interesting because there’s no tooling and there’s no, like no one had done anything and you could do it all from scratch.
Speaker B:But then afterwards I got more interested in operational security.
Speaker B:That’s the thing that excited me was the how do you, like how do you keep secrets?
Speaker B:Like how do you actually, do you actually do the security thing?
Speaker B:And so I spent many, many years researching that and that took me sort of quite far from technology because people don’t write about OPSEC on computers.
Speaker A:Yeah, now they do a little bit, but it’s a more, more, more of the thing now.
Speaker A:But yeah, the time you’re talking about is it was very fundamentally new and so there was not a lot of, let’s say, you know, knowledge and education around that, you know, you could simply go and do.
Speaker A:But there is a lot of, you know, from a lot of, you know, the modern wars as well, you’re seeing a lot of that come to, you know, kind of really having a, a massive purpose and, and yeah, so you.
Speaker B:Know, at that time I started, I started doing a lot of research on terrorists and spy agencies and essentially a little bit on cartels and drug smugglers.
Speaker B:Like that was like all of these things are people who face like when their security fails There are very bad consequences.
Speaker B:Therefore they invest a lot of time and effort and energy into making sure it goes correctly.
Speaker B:So that was quite interesting.
Speaker B:And then I was also from researching the spy stuff, I got interested in information warfare.
Speaker B:And then:Speaker B:So I was, I was quite interested in that from the beginning because I could do a lot of analysis on like what is happening in real time.
Speaker B:And I found that very interesting.
Speaker B:And then after doing that for a while, a whole bunch of people jumped into the information warfare space because suddenly it was this new thing.
Speaker B:And I left because I didn’t like, I don’t like being in the same domains where there’s lots of other people lightning things that are.
Speaker B:I kind of like doing new things or doing things in a way that other people aren’t like.
Speaker B:I find that more interesting.
Speaker B:And so I started moving towards what I’m doing now, which is more of offensive cyber operations and cyber warfare.
Speaker B:Trying to understand if you are a state, how do you use cyber to achieve your ends and if you’re a non state actor, how would you use cyber to achieve your ends or how would you, you know, all these things that sort of like, that’s the thing that interested me.
Speaker B:So I was doing that for a while.
Speaker B:Friend of mine strongly encouraged me to go to university and get a degree.
Speaker B:I got a master’s degree focusing on like cyber warfare essentially.
Speaker B:And now I enjoyed that so much that I’m doing a PhD also on cyber warfare.
Speaker A:So that’s really interesting topic.
Speaker A:I think it’s, it’s evolved a lot.
Speaker A:You’re to your point every time.
Speaker A:Sometimes when I, you know, I don’t know what, what’s, what’s your kind of your methodology when, when you know, you get into different scenarios, whether being nation state or you know, let’s say the, this, the mercenary type of attackers who kind of wear multiple hats and you get into the more criminal side of things.
Speaker A:And I always get to is, I’m always trying to look, you know, the, you know what type of activity you’re looking at.
Speaker A:I sometimes try to work my way backwards from using what’s the motive here?
Speaker A:What’s the true motive?
Speaker A:And I actually really enjoyed reading Jeff White’s book Rinsed because it was very much in the financial side because we always work in the digital world.
Speaker A:And a lot of these motives you can actually find and trace back to some type of financial money laundering.
Speaker A:What are they attempting?
Speaker A:What techniques are they using for what purposes?
Speaker A:When you get into of course nation state, primary goal is stealthiness, is to not know that anyone’s there because that gives you the advantage.
Speaker A:And again in cyber warfare that’s an advantage is to make sure that you stay hidden, stealthy, so your anti forensics and those techniques become so valuable there.
Speaker B:Yeah, so I found it.
Speaker B:So I spent many, many years figuring out anti forensics from first of all discovering what the first principles were sort of empirically and trying to reason it out.
Speaker B:And then once I had first principles building on that and then when I started learning about opsec and counterintelligence, I discovered that what I’d basically invented from scratch is many thousands of years old.
Speaker B:And I could have basically read a James Bond novel and saved myself four years.
Speaker B:But of course it’s different because if I just short circuited it and read someone else’s thing, I wouldn’t have this bone deep knowledge that I have now.
Speaker A:You created within your DNA, it’s almost become a habit that you kind of, you built your own Persona, part of it, you know, rather than somebody else’s Persona, you know, becoming acknowledged.
Speaker B:Yeah, it’s, it’s, I mean it’s so like once I did that and then I did the opsec for about a decade and it got to the point that I sort of, I gave up on it for a few reasons.
Speaker B:One of them was that I would read things and it would sort of, I wouldn’t be reading what was actually there.
Speaker B:I’d just be going, okay, compartmentation attempt, use of COVID You know, a concealment device, a concealment attempt, compartment.
Speaker B:Like I’d just, just see like they’d write a bunch of stuff and I’d be like, this is the theory that they’re applying.
Speaker B:This is the principle that’s being invoked like this.
Speaker B:So it, it was no longer interesting at all.
Speaker B:Like it was just, it was very, very tiring to see the same things over and over again.
Speaker B:And then, you know, I just, I got a lot more interested in this, this offensive stuff, particularly the information warfare, which I thought was very, very interesting that you could like changing people’s minds.
Speaker B:Like that seems super powerful, right?
Speaker A:Like it’s, it is one of the most powerful things that you can actually do.
Speaker A:I always love, you know, I’ve seen lots of the documentaries over the years.
Speaker A:I remember I was like, you know, information is like, you know, is, is powerful if you can control the information.
Speaker A:I think that’s one thing is, is controlling information.
Speaker A:But if you control how people like Interpret that information that’s more powerful.
Speaker A:And that’s what you’re saying is like, how can you.
Speaker A:Not just about, you know, get the information in front of the person, but how can you get their mind in order to actually either believe it or.
Speaker A:Or contribute or interact with it?
Speaker B:So, like, there’s a lot of really interesting things about how you go about doing actual information operations.
Speaker B:And there’s a lot of theory on it.
Speaker B:And then sort of at some point it does break down into, like, you kind of just have to know how to do it instinctively, because if you follow the theories, it doesn’t really get you where you need to be.
Speaker B:Like, you need to get into the mind of the person that you’re speaking to and speak to them as if you are them.
Speaker B:Like, if you understand things from their point of view, but the things you say have to accomplish your goals.
Speaker B:So there’s some.
Speaker B:There’s some really fascinating stuff.
Speaker B:Basically, in Thucydides, like the history of the Peloponnesian War, he talks about how at some point there’s this one fleet that goes.
Speaker B:And they’re.
Speaker B:They’re obviously going to come to this particular area to get to this particular stream to get fresh water.
Speaker B:And so the opposing side went there first and they carved a message into.
Speaker B:They carved messages into rocks around there saying essentially, so the fleet that they were facing then was made up of two allies.
Speaker B:There’s a very large contingent of one.
Speaker B:And they sort of brought the smaller contingent of their allies along with them.
Speaker B:And so the message that was written was like, to this smaller group saying, hey, we’re not your enemy.
Speaker B:We don’t want to fight you.
Speaker B:When you go to battle, don’t.
Speaker B:Or at least just hang back a little bit, like, you don’t have to participate on the front lines.
Speaker B:You could sort of shirk your duties, essentially.
Speaker B:Right?
Speaker B:And the point of that message was not actually to encourage that behavior, but instead to put into the minds of the larger ally that their subordinate ally was going to do that behavior to create distrust.
Speaker B:So the.
Speaker B:The objective is actually this.
Speaker B:This, like this third option that’s not listed to.
Speaker B:To disrupt the cohesion of this group.
Speaker B:And it’s fascinating because that’s from, you know, two and a half thousand years ago.
Speaker B:That’s literally like.
Speaker B:That’s from the manuals today.
Speaker B:That’s.
Speaker B:That’s what you say.
Speaker A:Like, that’s literally the playbook that’s happening that we’re seeing at the moment.
Speaker A:It always fascinates me.
Speaker A:One thing I always remember, there’s a Couple of.
Speaker A:Couple of things that comes to mind when you’re talking about that.
Speaker A:There was a guy that I used to work with years ago, and he was always like.
Speaker A:His way of dealing with situations was so unbelievable.
Speaker A:We’d sit beforehand, we were going to like a big meeting with a large hardware.
Speaker A:He says to me before.
Speaker A:He said, this is how I want it to play out.
Speaker A:I want the people in the room believing that they came up with the idea and signing it off.
Speaker A:I’m going, I mean, but it’s our idea.
Speaker A:How are you going to do that?
Speaker A:And I was always like.
Speaker A:And we’d go into this meeting and like, you know, and the way he just positioned.
Speaker A:He would.
Speaker A:He would be doing it by asking questions.
Speaker A:It was just his method of asking the right question.
Speaker A:Kind of got little seeds into the other person’s mind.
Speaker A:And he was just as he was observing and he was watching their feedback and their interactions, he would ask another question that would kind of like move it a little bit closer to the goal.
Speaker B:Right, right.
Speaker A:And ultimately at the end, all of a sudden the guy’s like, oh, maybe.
Speaker B:How about, wait a minute, I’ve got.
Speaker A:An idea, I’ve got an idea.
Speaker A:I said, I’m literally sitting in the room.
Speaker A:I’m just going, oh, my goodness, how did.
Speaker A:How did he do it?
Speaker A:And it was very subtle because he wasn’t just asking little questions based on the feedback and just navigating that little bit closer to ultimately what he wanted without even giving his opinion or.
Speaker B:Right, right.
Speaker A:This is the idea.
Speaker A:It was ultimately just getting to that person to kind of say the words that the question was kind of indicating or forcing to ultimately them believing that they come up.
Speaker A:And I sat there, when we come out of the meeting, I was just always like, I was.
Speaker A:I was always impressed.
Speaker A:So many times he had this perfected that he was able just by simple nudging that to get the message and get that person to.
Speaker A:To come up and believe it was theirs.
Speaker A:And I think that’s brilliant.
Speaker A:Yeah, true.
Speaker A:Kind of like, you know, cyber warfare is.
Speaker A:You can get the other person to believe it even reminds me of some of the stories, you know, that I always believe that, you know, Swordfish movie is one of my favorite kind of types of these styles of movies of, you know, misdirection is getting people to believe one thing, something else is happening and that I always think it’s maybe an underrated movie in the hacker theme, but that misdirection is.
Speaker A:Is always a kind of a real thing that you’re that’s what you’re always looking at.
Speaker A:And I always remember as this is Stories and Talent, where during World War II, when they were bombing the city, they turned all the lights out of the city and they built lights, like, you know, a couple of kilometers away so that when the bombers were coming over, they would see those lights and then the bombs there.
Speaker A:But that wasn’t the city, it was just lights.
Speaker A:So that misdirection area is always something, you know, and it’s.
Speaker A:It’s always impressive to see those types of techniques and, you know, ideas and creativity to really create that misdirection.
Speaker A:It’s.
Speaker A:It’s always fascinating.
Speaker B:Yeah, well, so deceptions was one of the things that I was interested in for several years as well.
Speaker B:Like, I actually, I gave a keynote at the, like, the UK Cyber Deception Symposium or something like that.
Speaker B:Like, deception is sort of.
Speaker B:It’s fascinating because you’re not, like, when you approach it, you.
Speaker B:You go like, how do I get someone to think this?
Speaker B:And that’s actually not what you’re trying to do.
Speaker B:What you’re trying to do is change behavior.
Speaker B:Like, you don’t care what they’re thinking.
Speaker B:When they do something, you want them to actually do it.
Speaker B:So when you’re crafting your deceptions, you’re not sort of trying to change their mind.
Speaker B:You’re trying to trigger a specific set of actions.
Speaker B:And it’s.
Speaker B:It’s a slightly different way of thinking about things, but it’s quite like it leads to some.
Speaker B:Like, I, when I was doing research, I came across some amusing stuff.
Speaker B:Like during the Burmese campaign, basically, when the Japanese were chasing down the British out of Burma, and the British were trying to do all these deceptions that they’d been doing against the Germans, right?
Speaker B:So they do stuff like they would put together like a package of intelligence information and put it in a car and then create a car crash so that when the Japanese found it, they could recover these intelligence documents.
Speaker B:And then, you know, oh, you know, there’s 27 divisions in front of us or whatever.
Speaker B:And none of this worked because the Japanese just didn’t care.
Speaker B:Like, the Japanese position was like, the Emperor’s soldiers are going to do this, and it doesn’t really matter what the enemy is planning or doing.
Speaker B:That’s not relevant to our operations.
Speaker B:Like, this is just what we’re going to do.
Speaker A:They had a very static approach that wasn’t, you know, it wasn’t a dynamic.
Speaker A:It was very like this, this is how we’re going to do it.
Speaker A:And whatever influence is not going to change our actions.
Speaker B:Right.
Speaker B:So it became impossible to get them to do anything, but, like, they didn’t ignore everything.
Speaker B:So one of the things that was happening was the like, Indian section was sending out these, like.
Speaker B:Basically they had radio traffic to like, fake divisions to create the impression of like, more men than were available.
Speaker B:And the Japanese were picking this up and recording everything.
Speaker B:And at the end of the war, they find out that the Japanese firmly believed that The British had 150 divisions when they had three.
Speaker B:The thing was, it didn’t change whether there were three divisions or 150.
Speaker B:The invasion was going to go this way and it didn’t really matter what the, you know, like what the British were doing.
Speaker B:So they just believed everything.
Speaker B:Like they’re completely like, oh, yeah, okay, 150.
Speaker B:That makes sense.
Speaker A:So, so it’s interesting.
Speaker A:So one of the things, so what I’m seeing.
Speaker A:So over the years, I do a lot of incident response.
Speaker A:You know, I help the certs out.
Speaker A:I help in countries with the different major critical incidents.
Speaker A:Usually is it an advisory role or kind of trying to look at the techniques.
Speaker A:And one thing I’ve seen evolve over the years is that, you know, a lot of the nation states, mercenaries, cybercriminal groups, they used to create a lot of their own.
Speaker A:They would have a fingerprint that, you know, an attribute or technique that you could easily say, this is this group or this is this is this actor became.
Speaker A:So, you know, even a lot of incidents.
Speaker A:I remember there was one I was working on a couple of years ago that I saw a specific executable on the system.
Speaker A:I was like, what the hell?
Speaker A:You know, And I was talking with a friend of mine who’s working in a completely different incident, different ransomware variant, different techniques, but we all started finding the same executable on the system.
Speaker A:And there was that one thing that connected, it was the same group.
Speaker A:They just had different campaigns operating at the same time with different victims.
Speaker A:So you’re able to kind of trace back into kind of, okay, these, while they’re using one technique here with a different ransomware variant.
Speaker A:Because that was the way they get evade detection and, you know, get mass impact on that victim.
Speaker A:But where the one I was working on it was, it was like different, slightly different techniques.
Speaker A:So sometimes you start looking for those IOCs that can give you some sort of like, you know, understanding.
Speaker A:What I’m finding is a lot today is that, say, and maybe some people like me were old school, we would still go to those techniques because they still work but the more modern younger actors, you know that, you know, that new generation finding is, to your point, what we talked about earlier, they’re very much tool users rather than the script creators.
Speaker A:So they tend to go and look for other actors techniques and use them as their own.
Speaker A:And this gets into this fuzzy area of the operational side of things is that if they’re using other attackers techniques and masquerading behind them that disinformation or misdirection, but they’re pretending to be another country.
Speaker A:Are you starting, is attribution in this?
Speaker A:You know, Osint and warfare are starting to become very fuzzy because they are starting to kind of make it very difficult to determine what is true attribution because the techniques are so coming up as like, you know, one apt group is this.
Speaker A:And all of a sudden now, all of a sudden the campaign shows that like it’s operating like a different one.
Speaker A:How is that impacting the work that you’ve seen and been doing over the years?
Speaker B:Yeah, so the short answer is I don’t, I don’t deal with any of that.
Speaker B:My, my primary focus these days is sort of Russia, Ukraine, like cyber war, which I define as sort of just like air war is the air component of a war.
Speaker B:A cyber war would be the cyber component of a war.
Speaker B:So I’m looking at an actual additional large war that’s going on.
Speaker B:And then how is cyber used within that context?
Speaker B:So one of the big things that comes up is a lot of the rules that make sense during peacetime just don’t matter anymore.
Speaker B:Right.
Speaker B:So stealth during peacetime.
Speaker B:So you could basically say that there’s, it’s competition, competition, another one, competition, contest and conflict.
Speaker B:Those are the sort of the three states that you could sort of be in.
Speaker B:And peacetime is basically the first two.
Speaker B:So it’s during these phases, things like deniability and not being detected and not being attributed.
Speaker B:These are very important because you want to for political reasons.
Speaker B:They’re sort of political drivers of what you’re doing and how it can appear during wartime.
Speaker B:That doesn’t matter.
Speaker B:So if you’re dropping bombs on someone having your hacking tools found on their computers, it doesn’t really change things.
Speaker A:It doesn’t lift the needle because you know who you have already a conflict with.
Speaker A:Right.
Speaker B:It’s like, what are they going to do?
Speaker B:Shoot us more?
Speaker B:Like, you know, send more drones?
Speaker B:Like it’s, you’re not really moving the needle there.
Speaker B:So you don’t need to spend as much time and effort on that.
Speaker B:You know, the stealth that you need is to not be detected while you’re operating until you’ve achieved your mission objectives.
Speaker A:Yes.
Speaker A:Until the main goal has been achieved.
Speaker A:Right.
Speaker B:And then who cares?
Speaker B:So actually that’s what we see is that the, the tools that are being used in Ukraine tend to be these, like, these, these cheaper, simpler sort of, they’re ready to use and they’re not like, they’re not sophisticated like the, the.
Speaker B:Our boros.
Speaker B:Like that Snake malware that went up for 20 years that was updated and had all these complex, like, you don’t see that stuff because it’s not worth wasting.
Speaker B:There’s a Chinese saying which I think might apply here, which is that you don’t use good iron to make a nail, nor a good man to make a soldier.
Speaker B:And it’s sort of like you’re not gonna.
Speaker B:You’re expecting this stuff to get burned very, very quickly.
Speaker B:So you don’t want to put any more effort than you need to.
Speaker B:It’s good enough.
Speaker B:These are the things that you start to find.
Speaker B:And to me, that’s very, very interesting because a lot of the theory that gets developed of, you know, like, here’s how you have to do stealth, and here’s how we have to, you know, make sure we don’t get detected.
Speaker B:And it turns out that’s not actually true.
Speaker B:Like, that’s.
Speaker B:Those are not the rules of cyber war.
Speaker B:The rules of cyber war are completely different.
Speaker B:And sort of, that’s my PhD.
Speaker B:That’s what I’m looking into.
Speaker A:It’s like, what is.
Speaker B:What’s really going on?
Speaker B:What’s the.
Speaker B:What are the real.
Speaker B:The real issues here?
Speaker B:So my throat’s going.
Speaker B:My throat’s going.
Speaker B:It’s been an hour.
Speaker B:So.
Speaker A:Question kind of summarize things up as well.
Speaker A:How do you stay up to date?
Speaker A:What’s the things that you do?
Speaker A:You’re doing your PhD on this subject, which is fantastic.
Speaker A:I’m really excited about to read the research and stuff.
Speaker A:When you’re finally, you know, getting it published, how do you step to date?
Speaker A:What’s the tools and resources you go to?
Speaker A:Where’s your reading material in order to learn?
Speaker B:Yeah.
Speaker B:So it’s not very exciting.
Speaker B:I’ll admit.
Speaker B:A lot of what I do is monitoring Twitter for current events.
Speaker B:I check, for example, the Ukrainian newspapers, they tend to publish things that happen.
Speaker B:I keep up to date with think tanks when they put out papers.
Speaker B:I read a lot of academic articles, and I don’t recommend that to anyone.
Speaker A:It’s good for.
Speaker A:It’s good for research and Understanding how things work though, right?
Speaker B:It can be.
Speaker B:Not in cyber.
Speaker B:Unfortunately, there’s.
Speaker B:That’s the huge part of my PhD actually is the difference between cyber theory and cyber reality.
Speaker B:Or like cyber theory and cyber practice is significant.
Speaker B:I’ll leave it at that.
Speaker B:But yeah, and then there’s a lot of just talking with people, like, that’s a huge part of how I stay up to date on things is being in contact with people involved in a sort of let me know what’s going on or what to look for or oftentimes because the public reporting will be public.
Speaker B:Right.
Speaker B:So it’s.
Speaker B:It’s useful to, like, you.
Speaker B:You read a report and then you speak to some of the people behind it.
Speaker B:You say, like, look, this part is a little bit confusing.
Speaker B:Could you explain it?
Speaker B:And then from those details, you get a much deeper understanding of what’s actually.
Speaker A:Gives you more context.
Speaker B:Hang on.
Speaker A:Yeah, context.
Speaker A:Because you might see something and you’re like, oh, okay, that doesn’t connect or it’s not connecting for me for whatever reason.
Speaker A:And therefore just asking the questions.
Speaker A:You can actually get that context from the individuals.
Speaker B:Yeah.
Speaker A:Always a valuable resource.
Speaker A:So it’s fantastic having you on.
Speaker A:What if.
Speaker A:If the audience do come back and they have questions or they want to kind of follow up, where’s the best place.
Speaker A:Where’s the best place for them to get your knowledge?
Speaker A:You do have the website, I’ll add to that, right?
Speaker B:Yeah.
Speaker B:So I guess these days still the best place to reach me would still be on Twitter or X for.
Speaker A:For the new gen.
Speaker A:I’m still calling it.
Speaker B:Yeah, it’s Twitter.
Speaker B:So the Grug T H E G R U G Q. Yeah.
Speaker B:And that’s it these days.
Speaker B:Like, I’ve got a newsletter as well, but that’s just a summary of basically what I’ve read today.
Speaker A:Okay.
Speaker B:So I sent that out daily, which you can sign up for that.
Speaker B:That’s about it, really.
Speaker B:I do need to start publishing.
Speaker B:Like, I do a lot of writing but not a lot of posting anymore.
Speaker B:So.
Speaker A:Yeah, it’d be good to get your writing.
Speaker A:I think I still have some of your old stuff in the GTFO stuff, because I think that was.
Speaker A:You said you do a lot of articles in the.
Speaker A:In the gtf, so.
Speaker B:Yeah.
Speaker B:Yeah.
Speaker A:The old bibles.
Speaker B:Yeah.
Speaker B:Fracking everything.
Speaker A:Yep, very much.
Speaker B:Fantastic.
Speaker A:Well, it’s been fantastic having you on.
Speaker A:It’s really always great catching up with you.
Speaker A:You’re always a wealth of knowledge and I always enjoy hearing.
Speaker A:Hearing your stories and what you’re working on.
Speaker A:And really, I’m really, you know, good luck in the PhD.
Speaker A:That’s impressive.
Speaker A:We call Dr. Dr.
Speaker A:Soon.
Speaker A:Yeah.
Speaker A:So for everyone, hopefully this has been educational, you know, lesson of, you know, history and how all we used to do things in the past and what’s happening today in the world in information, it’s evolving and we really do have to have a better clarity and context of what’s happening.
Speaker A:Information today is so, so fuzzy and so muddy that sometimes you have to see through what is the real true message.
Speaker A:So awesome having you on.
Speaker A:Always great chatting with you.
Speaker A:So for everyone, this is the security by default podcast.
Speaker A:You’re really bringing clarity to the world of chaos and information.
Speaker A:Every two weeks, new episodes tune in.
Speaker A:Subscribe, share it with your friends and colleagues until the next episode.
Speaker A:Take care and all the best.
Speaker A:Thank you.
