Your Security Badge Can Be Hacked: RFID Secrets Exposed | Iceman

Posted by:

|

On:

|

Christian Herman, known in the hacking community as Iceman, joins us to delve into the intricacies of RFID hacking, with a particular focus on the Proxmark device. This episode elucidates the journey of Iceman from his early encounters with technology to becoming a prominent figure in the RFID hacking domain. We discuss not only the technical aspects of utilizing the Proxmark for various hacking endeavors but also the challenges and learning curves inherent in mastering such a sophisticated tool. Iceman shares his personal anecdotes of overcoming obstacles in his hacking career, emphasizing the importance of community support and knowledge sharing. Through this dialogue, we aim to inspire listeners to engage with the world of hacking, highlighting both its complexities and its potential for innovation.

In this episode of the Security by Default podcast, host Joe Carson interviews Christian Herrmann, also known as Iceman, who shares his journey into the world of RFID hacking. The conversation covers Christian’s origin story, his passion for technology, and the challenges he faced while learning and developing his skills. They discuss the importance of community engagement, open-source contributions, and the evolution of hacking tools like Proxmark. The episode also touches on risk management in cybersecurity, the ethical implications of hacking tools, and the significance of finding balance in personal and professional life. Christian emphasizes the value of asking for help and surrounding oneself with supportive individuals in the tech community.

Takeaways

  • Christian Herrmann, known as Iceman, shares his journey into RFID hacking.
  • He emphasizes the importance of community engagement and open-source contributions.
  • The evolution of Proxmark has significantly impacted the RFID hacking community.
  • Tools used in hacking can have ethical implications that need to be considered.
  • Risk management is a crucial aspect of cybersecurity and hacking.
  • Finding balance between personal life and professional commitments is essential.
  • Asking for help and engaging with the community can accelerate learning.
  • Surrounding oneself with supportive individuals enhances personal growth.
  • The importance of continuous learning and adapting in the tech field.
  • Gamification can be an effective way to improve hacking skills.

Chapters

  • 00:00 Introduction and Guest Background
  • 01:23 The Journey into Hacking and RFID
  • 09:23 The Thrill of Hacking and Career Development
  • 20:03 Open Source Contributions and Community Engagement
  • 30:54 Navigating Tools and Legal Considerations in Hacking
  • 36:03 Conference Experiences and Community Engagement
  • 42:00 Tools and Their Misinterpretations
  • 44:25 Risk Management in Technology
  • 46:06 Current Projects and Future Plans
  • 49:40 The Importance of Hobbies and Balance
  • 55:33 Learning from Failures and Community Support
  • 01:02:22 The Value of Networking and Collaboration

Takeaways:

  • The Proxmark 3 is an essential tool for anyone interested in RFID hacking, as it allows users to interact with various RFID card systems and understand their vulnerabilities.
  • Christian Herman, also known as Iceman, shares his journey from personal challenges to becoming a prominent figure in the RFID hacking community, emphasizing the importance of resilience and curiosity in learning.
  • The open-source nature of Proxmark 3 has fostered a collaborative environment where individuals can contribute to the tool’s development, leading to more effective RFID hacking methods.
  • Iceman discusses the significance of embracing failure and asking questions in the learning process, highlighting that persistence and community support are crucial for success in technical fields.
  • The podcast emphasizes the need for ethical considerations and responsible use of hacking tools, as they can be misinterpreted and labeled as burglar tools depending on the user’s intent.
  • Listeners are encouraged to engage with the community through platforms like Discord, where they can seek assistance and share knowledge with others involved in RFID hacking.

Companies mentioned in this episode:

  • Proxmark 3
  • DEFCON
  • bsides Talent
  • Raspberry PI
  • Dark Matter
  • Flipper
  • Chameleon
Transcript
Speaker A:

Hi, everyone.

Speaker A:

Welcome back to another episode of the Security By Default podcast.

Speaker A:

I’m the host of the show, Joe Carson.

Speaker A:

It’s a pleasure to have you all back and listening to another excellent, exciting episode.

Speaker A:

And this is one I’ve been waiting for a long time.

Speaker A:

We’ve been chatting.

Speaker A:

I can’t remember how long we’ve been chatting about this, but it’s been.

Speaker A:

It’s been a while.

Speaker A:

So I’m really excited to have an amazing person on who’s helped me when I’ve actually been stuck here.

Speaker A:

When you’re stuck in the ruts and you’re trying to figure and get some.

Speaker A:

See the light in some way out, I am joined by the awesome Christian Herman, also, AKA Iceman.

Speaker A:

And I’d love to know is like, you know, what is your origin story?

Speaker A:

How did you get into this industry?

Speaker A:

And I’d also love to know about the Iceman alias as well, how that came about as well.

Speaker B:

Thank you for having me, man.

Speaker B:

Like you said, it’s been.

Speaker B:

It’s been a long time in the making.

Speaker B:

But yeah, we met, was it last year at bsides Talent, Besides talent.

Speaker A:

Absolutely.

Speaker A:

A little bit before that.

Speaker A:

We bumped into each other during DEFCON as well.

Speaker B:

Yeah.

Speaker B:

Yeah.

Speaker B:

It’s hard to remember all the faces, but, you know, I remember when we sat in Tallinn and, you know, you had a little cute little dog with you.

Speaker A:

Oh, my little poodle.

Speaker A:

My poodle.

Speaker A:

She’s somewhere around here.

Speaker A:

I think she’s underneath.

Speaker B:

Love that dog.

Speaker B:

So I’m Eismer and I do RFID hacking.

Speaker B:

That’s what I do.

Speaker B:

And I usually is very, very intimately connected with a device called the Proxmog 3.

Speaker B:

And it’s.

Speaker B:

I didn’t.

Speaker B:

Let’s see if I can rewind back to myself.

Speaker B:

Let’s see.

Speaker B:

How did this all started?

Speaker B:

It started way back.

Speaker B:

It’s like a decade.

Speaker B:Somewhere around:Speaker B:

I think I was the darkest time in my ever in my life.

Speaker B:

And I can only describe a couple of months there as black.

Speaker B:

That’s all I remember.

Speaker B:

And I decided one of the process steps in your life to, you know, is to lift yourself up again and bootstrap you over again.

Speaker B:

And I was like, so what do you like, Christian?

Speaker B:

What do you like to do in your life?

Speaker B:

I was like, I love computers.

Speaker B:

I really love it.

Speaker B:

I’ve been doing computers since I was 7.

Speaker B:

I hacked every computer what I ever touched.

Speaker B:

I always find it tremendously fun.

Speaker B:

Like, I know like 8 or 12 different software programming languages, which I taught myself all over years, right?

Speaker B:

I just love, love it.

Speaker B:

It’s the whole mystery of computers, like, interesting.

Speaker B:

If it’s like looking at things, you know, it’s triggers.

Speaker B:

I just find it tremendously fun, right?

Speaker B:

So during this time of sorrow and blackness, I didn’t find anything fun, not even computers, because I made.

Speaker B:

When I was living together and getting kids and getting divorced, you made working with computers as your job.

Speaker B:

And that kind of takes away the fun part of the job because it becomes job and it slowly kills the joy you have for something if you keep on doing things for money.

Speaker B:

But I was like coming back to myself and I was like, I need to do something for myself.

Speaker B:

Like, I spend something on me.

Speaker B:

And I’m like, there was an article in another town on the other side of Sweden that they were talking a hacker space in Unio and they were making fuzz and making article in the newspapers about how they hacked the local bus transportation ticket system.

Speaker B:

And they used a device called Proxmock 3 and talked about that.

Speaker B:

And I think like RFIDs.

Speaker B:

That’s kind of interesting.

Speaker B:

I felt like curiosity, like, how does it work?

Speaker B:

Be honest.

Speaker B:

I mean, you take a card, I’m going to take just one because I have tons of them here.

Speaker B:

Fcc.

Speaker B:

You take one of these cards, a.

Speaker A:

Lot of those cards, I have loads.

Speaker B:

Of this card and you put it to a reader and something happens and I’m like, how on earth does this work?

Speaker B:

Adam Laurie says his best magic moonbeams.

Speaker B:

I want to know more.

Speaker B:

So that sparked a little bit interest.

Speaker B:

Turns out that the same bus transmit system that they had up in that town, they have it here in my town I live in on the upside of Sweden.

Speaker B:

And I was like, maybe I should do something naughty.

Speaker B:

Maybe I should go and get myself a hacker tool.

Speaker B:

I never spend money on myself, right?

Speaker B:

So like approximate free.

Speaker B:

So I go type in on the, on their AliExpress or Google or whatever you did back then.

Speaker B:

And it comes out this device that says Proxmo 3.

Speaker B:

It’s $330, this thing.

Speaker B:

And I was like, ooh, that’s a lot of money.

Speaker B:

But I’m going to spend it for me, right?

Speaker B:

Typing it in and you’re all excited, you know that little rush, what you get from that and then you forget about it because nothing happens, right?

Speaker B:

It’s like you don’t get it the next day.

Speaker A:

It takes.

Speaker A:

It takes some weeks, sometimes even months, depending on where it’s coming from.

Speaker B:

It takes some weeks, but then you get a miss notice saying that you got a package to, you know, pick up and you go and pick it up and go like, oh, you’re giggling, excited, you feel happy, enjoying it.

Speaker B:

You open it up, you know, like Le Boy.

Speaker B:

And you open it up and it’s a circuit board and two antennas.

Speaker B:

And I’m like, now what?

Speaker B:

I thought I could get a device.

Speaker A:

When you do order something and you see the finalized, you know, the, the view, the picture that looks it’s all completed and then when you get something in the post, it’s like it’s the parts and you have to get into actually building it yourself.

Speaker B:

Exactly.

Speaker A:

All different.

Speaker A:

Different thought process.

Speaker B:

I’ve done a lot of software development.

Speaker B:

Right.

Speaker B:

Sounds like embedded.

Speaker B:

I never done that.

Speaker B:

So I started and I was like, I’m going to go this.

Speaker B:

And I was on the Proxmo forums and I started ask because I ask questions.

Speaker B:

That’s how I do things.

Speaker B:

You know, I have no problem being wrong.

Speaker B:

I have no problem of being false and asking questions to correct myself, to learn more and getting hinters.

Speaker B:

So I, I did that and I was like, I’m going to do this and go like, do you have Linux?

Speaker B:

Oh, I’m going to use Ming here.

Speaker B:

All right.

Speaker A:

You’re originally a Windows developer, a driver.

Speaker B:

Yeah, for sure.

Speaker B:

NET developer, right?

Speaker B:

Oh yeah.

Speaker B:

I’m like an enterprise architect designer.

Speaker B:

I got my wall of shame up here.

Speaker B:

I don’t can see it here on your image now, but yeah, that’s my.

Speaker A:

NET framework.

Speaker B:

Yeah, yeah, Yep, yep.

Speaker B:

You know, the highest one you know, but nobody ever asked about.

Speaker B:

And sorry for all your listeners who only listen in anyway.

Speaker B:

So I was like, I’m gonna do this J.

Speaker B:

And I kind of failed.

Speaker B:

Nothing worked.

Speaker B:

So I asked questions more.

Speaker B:

What doesn’t work?

Speaker B:

Am I going to have you follow the guide?

Speaker B:

It’s like, I don’t need a guide.

Speaker B:

I should be able to.

Speaker B:

How much is.

Speaker B:

I’ve done with computers for ages.

Speaker B:

So I failed and I got very disappointed after two weeks that I did and you know, like it.

Speaker B:

So you put it all back in in the box.

Speaker B:

I put it up there in the corner here you can see it again.

Speaker B:

But I have a shelf up there.

Speaker B:

So I put it there and then it was like a hat.

Speaker B:

It was like a cat has this hate and love relationship with you.

Speaker B:

It’s looking down and you’re looking up and it reminds you about your failure and it’s like, it’s like it reminds you about the money you spent on it.

Speaker B:

It reminds you about how bad you are and you felt Bad as a was, you know, I was.

Speaker B:

This was supposed something to be something funny for me to be exciting, make me happy again.

Speaker A:

It’s a bit of hobby that you wanted to kind of, you know, get the enjoyment back.

Speaker A:

Because, because as you said, in this industry, you know, I have the same challenges that it’s my hobby, it’s my fun, it’s my passion.

Speaker B:

And.

Speaker A:

But then when that line of job overtakes it and becomes dominant and you start doing more of the things you don’t enjoy and you’re trying to find that balance back and you’re always looking for.

Speaker A:

I think for me, I’m always looking for toys.

Speaker A:

What can I do that will bring that passion back again that will get me excited?

Speaker B:

Well, you’ve got kids as, don’t you?

Speaker A:

Right?

Speaker A:

Absolutely.

Speaker B:

Yeah.

Speaker A:

Yeah.

Speaker B:

Family dive.

Speaker B:

Family life takes tremendous amount.

Speaker A:

It does take a lot of that time.

Speaker A:

Yes.

Speaker B:

Right.

Speaker B:

You don’t get free time for yourself.

Speaker B:

So I got two kids, you know, doing that, raising the kids as a single father then was.

Speaker B:

Is rough.

Speaker B:

It’s less time.

Speaker B:

And I run my own company as a.

Speaker B:

As a software developer.

Speaker B:

So that takes even more time.

Speaker B:

Right.

Speaker B:

But you still want to have that extra little joy things.

Speaker B:

Right.

Speaker B:

Then you try to work out and all that stuff.

Speaker B:

Anyway, so I’m back to the story.

Speaker B:

I’m going to go back.

Speaker B:

So I was sitting there because I was not ready to learn.

Speaker B:

I didn’t embrace my failure and say, be humble again.

Speaker B:

Right.

Speaker B:

So this is step one.

Speaker B:

When you want to learn something, something new, accept that you’re not good at it.

Speaker B:

Become humble.

Speaker B:

It’s like, it’s okay not to.

Speaker B:

No, it is.

Speaker B:

Oh.

Speaker B:

After six months, I was ready.

Speaker B:

I took again and I spent so much money that I talked to myself.

Speaker B:

I’m going to open up, I’m going to do one more try, and if it doesn’t work, then fine, I’m going to accept failure.

Speaker B:

So I put it up and I was like, everybody talks about a guide.

Speaker B:

I find the guide.

Speaker B:

Step one and it compiled step two.

Speaker B:

Flashing.

Speaker B:

I can never flash an embedded device.

Speaker B:

I don’t know if you’ve done that before.

Speaker B:

That’s kind of scary.

Speaker A:

It is scary because when it goes wrong, it goes horrible wrong.

Speaker B:

I have no idea what I’m doing, but it worked.

Speaker B:

Have a good day.

Speaker B:

Okay, great.

Speaker B:

And now I memorized all the steps because now I have done all that research.

Speaker B:

Now I’m typing in that proxmarket number comport and proxmo client comes up and I.

Speaker A:

Yes.

Speaker B:

You know, the excitement and I run out to a desk and get my transport card that I had run out, smack it on the antenna, and I type in hfmf.

Speaker B:

Dark side was it?

Speaker B:

And I like present.

Speaker B:

And I knew it comes up this text, executing dark side attack.

Speaker B:

Average runtime, 25 seconds.

Speaker B:

And on 27 second, the key comes up, and I’m like that dopamine rush of cracking the first key, and, yeah, the rest is history.

Speaker B:

That’s why I’m here.

Speaker A:

That rush got you excited, that it turned into a career obsession?

Speaker B:

Yeah, it was like that.

Speaker B:

So, yeah, so I started asking questions, and then I started doing more stuff.

Speaker B:

And, yeah, that’s how I come intimately connected with the proxmog.

Speaker B:

Yeah.

Speaker A:

Oh, fantastic.

Speaker A:it was for me, it was around:Speaker A:

I was.

Speaker A:

It was actually master’s students for cybersecurity in Estonia.

Speaker A:

And it was.

Speaker A:

I was basically, you know, helping out the university, doing, you know, some courses and workshops and stuff.

Speaker A:

And I was asked by the.

Speaker A:

Actually the dean, who was, you know, would I be interested in mentoring some of the students for their.

Speaker A:

Their thesis?

Speaker A:

I thought, oh, this is interesting.

Speaker A:

So I was like, sure, absolutely.

Speaker A:

So I ended up getting paired up with this former Colombian Air Force pilot.

Speaker A:

One of the most unusual purrings.

Speaker A:

And that purring was a change.

Speaker A:

It was a whole change of my career.

Speaker A:

I mean, these are the moments where you think that I’m helping someone, but in turn, they’re actually helping me.

Speaker A:

They’re giving me new ideas.

Speaker A:

And ultimately, the person’s thesis was actually on drone hacking.

Speaker B:

Wow.

Speaker A:

So that was what the thesis was about, was taking drones and understanding about the risk profile of different drones, from ultimately understanding about the power, you know, the power need for the antenna and also the signal and the energy usage.

Speaker A:

So all of that to determine for different types of drones, how much power you needed and what type of antenna you needed to be able to hack in or over, you know, take over the drone itself during the drone hacking.

Speaker B:Way back in:Speaker B:

Wow.

Speaker A:

And for me, that was interesting.

Speaker A:

He created this prototype.

Speaker A:

It always reminds me a bit of Cactus Man.

Speaker A:

What’s his name?

Speaker A:

Remember, he had the Cactus of defcon.

Speaker B:

Dark Matter.

Speaker A:

Dark Matter, yes.

Speaker A:

It always reminds me because it was a very similar setup.

Speaker A:

Not as.

Speaker A:

Not as elaborate with his pineapples, but.

Speaker A:

But it was a mini version of it.

Speaker A:

And so this master’s student was doing the whole thesis I was mentoring, and we, you know, helping him from basically doing the risk Mapping side of things.

Speaker A:

And we were, you know, helping formatting and with the side of things.

Speaker A:

And it got really interesting because then at one point in time he had created this device which was actually used in order to analyze signals from drones.

Speaker A:

So from the, basically the control pad to the actually receiver on the drone itself.

Speaker A:

And it turned into that basically it was Raspberry PIs with a couple of SDR antennas set up on it that was used and then also a car battery to power it.

Speaker A:

And then ultimately from that he decided we actually repurposed it.

Speaker A:

I had a pen test engagement in Belgium for a transportation maritime agency.

Speaker A:

And we decided, okay, let’s take the.

Speaker A:

Actually the device that he had created for drone hacking and modify it slightly in order to then pick up other types of signals.

Speaker A:

And then we kind of broadened the range to looking at things like RFID door signals, to Bluetooth, to WI Fi.

Speaker A:

So we expanded the whole setup.

Speaker A:

And that for me got me really interested.

Speaker A:

And so I ended up as like, okay, you know, I end up deciding I need to get myself some of these toys.

Speaker A:

So I looked and started with a Proxmark and I felt really bad.

Speaker A:

I think similar to you.

Speaker A:

I think it was maybe about a month after I got it and I’d already done my first, you know, basically cracking the keys and some cards and I think end up.

Speaker A:

I made a mess up because I end up having a mismatch between versions on the client and the com on the version on the Proxmark.

Speaker A:

And when I end up doing the connection and doing the update, it bricked it.

Speaker A:

And I was so devastated.

Speaker A:

I was, I mean, for me and because, because at the time, you know, it’s a lot of money you’re spending on, on those devices.

Speaker A:

They’re not, you know, even the SDR side of things and the rfid, because they’re all, all very similar.

Speaker A:

They’re all using radio in order to basically communicate.

Speaker A:

Some are on the low frequency side, some on a high frequency, some on the ultra high frequency.

Speaker A:

So it really comes down to the, basically the radio strength and signal.

Speaker A:

And for me, when I bricked that Proxmark, I was so devastated.

Speaker A:

I was like, I was so upset by myself.

Speaker A:

And that’s why, you know, to your point is I, I felt failure.

Speaker A:

I was like, can I do this?

Speaker A:

And I remember that I was trying to, you know, look at all the forums and look for help.

Speaker A:

And I, I reached out to you and you give me some, you give me some tips about what I made the mistake into, where I made the mismatched versions.

Speaker A:

And I didn’t have the right privilege to set on it.

Speaker A:

And I was like, okay, so how do I go through?

Speaker A:

And there was no.

Speaker A:

There was literally no proper documentation how to unbrick it.

Speaker A:

There’s nothing.

Speaker A:

Nothing.

Speaker A:

It was like there was bits.

Speaker A:

There was spatter pieces all over.

Speaker A:

Yeah, if you get this far, then you can do this.

Speaker A:

But like, there was no central way.

Speaker A:

I ended up creating.

Speaker A:

Creating one myself.

Speaker A:

And I find.

Speaker A:

So I pulled up my old.

Speaker A:

I had a bunch of Bus, Bus Blaster and Bus Pirate sitting on my shelf that I’d done before for doing some kind of, you know, just.

Speaker A:

Basically just reading firmware and stuff from chips.

Speaker A:

And I thought, okay, all of this points me that I need to.

Speaker A:

I need to pull out my old dusty Bus Pirate.

Speaker A:

I was like, okay, here we go.

Speaker A:

And then having to then compile the firmware and then also having him use the Bus Parrot in order to connect to the JTAG JTAG.

Speaker A:

And then also to hit the pin 55 oils.

Speaker A:

Remember PIM55?

Speaker B:

You had one of those Proxmark ECs.

Speaker A:

That was the easy one at the time as well.

Speaker A:

But I also did.

Speaker A:

I also had the.

Speaker A:

The Proxmark Rdv4.

Speaker A:

I didn’t have to do that, but the easy.

Speaker A:

You actually had to reset the chip on pin 55.

Speaker A:

And that was just.

Speaker A:

And to your point.

Speaker A:

I think when I all of a sudden got it Flash and got it working afterwards, the joy and the excitement, it was like, I did it.

Speaker B:

I can do things.

Speaker A:

I can do things.

Speaker B:

It’s like when you swap the tires for the first time.

Speaker A:

I think it is.

Speaker A:

It’s when you’re able to actually do something.

Speaker A:

Other people might say it’s like, oh, that’s quite easy to do.

Speaker A:

But once you do it yourself, you feel empowered.

Speaker A:

You feel like superpowers that just went through you.

Speaker A:

Yes.

Speaker B:

And I think it’s exactly what you said.

Speaker B:

It was no documentation.

Speaker B:

It was a scatter all over the Internet.

Speaker B:

Right.

Speaker B:

And it was so hard to find things or like come together.

Speaker B:

So the Proxmo forum was the center point of information where you can actually talk about things.

Speaker B:

But it was a kind of strange attitude there.

Speaker B:

It’s like, you know, it’s like keeping things to itself.

Speaker B:

You know, the.

Speaker B:

Oh, geez, they were really hard to get into this.

Speaker B:

You know, you were new, you know, so you weren’t allowed to know things.

Speaker B:

I remember just to get to know people, they have to prove that you have access to a key, so they encrypt.

Speaker B:

There was the icloss picopass key that everybody has today, that one, you know, so had to.

Speaker B:

He encrypted his email with that key and then I have to decrypt it to prove that I had it in order to email him.

Speaker B:

And I’m like, yeah, back in the day it was a little bit harder to get touch, in touch with people.

Speaker A:

It was.

Speaker A:

And I only knew people through the alias names as well.

Speaker A:

I didn’t know who they were.

Speaker B:

I still do that.

Speaker B:

I still do, but I don’t know any.

Speaker A:

So.

Speaker A:

But that was.

Speaker A:

It set off a passion for me as well.

Speaker A:

I think I’ve gone down the path.

Speaker A:

I’ve spent tons of money on easys, chameleons, proxmarks, antennas, flippers.

Speaker A:

I mean I think I have pretty much most of the chameleon versions that’s out there and you know, just curious about the differences between each of them.

Speaker A:

What the capabilities are, the portability, what types of keys can you.

Speaker A:

Can you basically crack?

Speaker B:

You need to know about as well because you are into that sector of red teaming and pen testing as well.

Speaker B:

And then you need to know what kind of tools are out there and the capabilities.

Speaker B:

So you need to buy all that shit.

Speaker A:

Yeah.

Speaker B:

And you need to understand it to a certain technical level, not just reading an overview and think that you can get by with it because you have touched the proxmock, you know how fiddly it could be.

Speaker B:

You know, even if a flipper is very easy to handle with these, you know, buttons and menus, it doesn’t mean that you understand what you’re doing.

Speaker B:

Correct.

Speaker B:

And if you’re going to be a good pen tester, this is a second lesson is learn the tools of a trade.

Speaker B:

Just learn them hard.

Speaker B:

Let’s learn it.

Speaker B:

It’s, it’s not, it’s not easy, it’s not going to be light, it’s not going to be fun all the time.

Speaker B:

But you have to do the hard.

Speaker A:

What do you call that English do the proper, basically, you know, homework and research.

Speaker A:

Is it really kind of.

Speaker A:

I would say that I think that’s one of the fundamentals.

Speaker A:

I think that’s probably where the likes of yourself and me, we come from very different backgrounds in education, was that the things didn’t exist.

Speaker A:

You actually had to understand and build it yourself.

Speaker A:

You had to find out the undercover, you know, there was no easy front end tool that simply just did it all for you.

Speaker A:

We actually to your point is we had to open the bonnet of the car and twiddle things around to understand about when things weren’t working or when there was a new noise of the day.

Speaker A:

What the hell?

Speaker A:

What’s that noise that’s coming from the engine?

Speaker A:

And that’s really where you start kind of you start learning because you’re braking at the same time.

Speaker B:

That’s how you learn.

Speaker B:

You learn by failing and you learn again.

Speaker B:

But it’s also this.

Speaker B:

You didn’t have access to documents, data sheets, you know, you don’t have a mythology like now, but you have thousands of videos out there how to do things, how to run things.

Speaker B:

And the biggest joke that was out there was like, yeah, the Proxmo can do everything, but you have to implement it yourself.

Speaker A:

Yes.

Speaker B:

And that was the joke.

Speaker B:

And I never understand that as a joke until you got really into it and realized, holy crap, yes, it’s possible for this device to do it, but you have to do it.

Speaker B:

Here is open source and that’s what’s the biggest change happened somewhere when you start, okay, well, software, I know this is my home gar, you know, I can do this.

Speaker B:

So I’m going to do this, see, but no problem.

Speaker B:

So I have to learn that and stop doing things, you know.

Speaker B:

So everything you see today, you have to realize all RFID hacking tools that you have access today.

Speaker B:

This is all the information and knowledge and hacks comes down to two projects.

Speaker B:

One is Lib NFC and the other one is Proxmog 3.

Speaker B:

Those are the two fundamentals, right?

Speaker B:

Everything builds upon what’s released as open source there.

Speaker B:

And if it wasn’t for open source, you wouldn’t have had any of this ease, ability or ease of access or ease of use like you see today.

Speaker B:

And people go like, oh yeah, it’s easy and stuff.

Speaker B:

No, no, it was hard earned sweat who made that happen, right?

Speaker A:

Yes, it was because of other people who made the foundation, made it easier for everyone else because they did the hard work at the beginning.

Speaker A:

So tell me more about when you got more involved.

Speaker A:

You started working on the Proxmark forums and then started doing your own builds as well, kind of.

Speaker A:

What was the steps on that and how did that get started?

Speaker B:

It’s just fluke, I guess.

Speaker B:

I think I just inspire.

Speaker B:

I think I’m.

Speaker B:

I think I just inspire people naturally by being me and what you see is what you get.

Speaker B:

I don’t have very much a facade, right.

Speaker B:

It’s just me.

Speaker B:

So I have no problem asking questions and being wrong and doing things and still putting effort.

Speaker B:

But like I said, the OGs back in the day is Very rough.

Speaker B:

The ones who were maintaining the original Proxmog forum open source project, they were really like, protective and didn’t like my changes.

Speaker B:

Why do you want to make it so easy for people?

Speaker B:

They wanted you to do a signal looking at the data plot window and then manually pick up the bits and then decode it in Manchester and then know how to decompile the vegan into numbers.

Speaker B:

Right.

Speaker B:

Facility card numbers.

Speaker B:

And I’m like, I know how to do it because I did the hard work, but it sucks.

Speaker B:

And if I’m going to research a card, I don’t want to sit and do this manual labor.

Speaker B:

But this is not a computer for me.

Speaker B:

This is what I have a computer for.

Speaker B:

So I started doing these things, right?

Speaker A:

You want to automate.

Speaker A:

You want to do things quicker.

Speaker A:

Yeah.

Speaker B:

To do proper research, you need to have the tools working for you, right?

Speaker B:

So you build your tool sets your bag of tools, you have that, you have to develop it.

Speaker B:

So that’s what it was.

Speaker B:

I tried to be better myself and realize, okay, let’s do it, let’s start, let’s add on.

Speaker B:

And then people done blog posts everywhere, like you said, that was scattered out.

Speaker B:

So I started like, all right, I’m gonna pull in all this stuff everywhere and unify because I think it’s great.

Speaker B:

Why can’t we have it in one package instead of having 15 different projects?

Speaker B:

If you want to do that, you have to go to this one there.

Speaker B:

And this one is not on GitHub.

Speaker B:

This is on the other Google code.

Speaker B:

And this is on, you know, some web page.

Speaker B:

This is a blog post for pen testers partners.

Speaker B:

And this was ever all over the box, right?

Speaker B:

And I’m like, ah, let’s make it all together.

Speaker B:

So I started doing that.

Speaker B:

And the biggest liberation was when I realized if I fork it, I can put all of my stuff in there.

Speaker B:

And I don’t have to be questioned about it, why I have it.

Speaker B:

I can make it, inform it in the way that makes it better, right?

Speaker B:

In the way that I want to work with it.

Speaker B:

So what you see is a manifestation of how I like to work with the tool, how I expect it to work with.

Speaker B:

And that was the beginning of what is called the Iceman fork and what I’m known for and all that, because that was people started using that one more and more because it worked and it was easier to work and had this fun stuff and it was just in one place instead of official one.

Speaker B:ack and forth and then around:Speaker B:

And we made this hardware protocol out before and from there on it’s.

Speaker B:

Yeah, I just started adding more and more stuff, but it grew slowly.

Speaker B:

So I posted many things all of a sudden.0xff, who was the administrator of the forum, he made me a moderator, but he didn’t tell me.

Speaker B:

I didn’t know until someone mailed to me and said, yeah, well since you’re a moderator, can you fix this issue?

Speaker B:

I’m like, what?

Speaker B:

I don’t know.

Speaker B:

What are you talking about?

Speaker A:

Moderator?

Speaker B:

And I had to go in.

Speaker B:

I was like, oh, I’m a moderator.

Speaker B:

Oh, thanks.

Speaker B:

How did that happen?

Speaker B:

Nobody tell me.

Speaker A:

Yeah, it just happened in secret.

Speaker A:

It’s like, like let’s look through and see who’s.

Speaker A:

Who’s doing a lot of the work and who’s saving us lots of time.

Speaker B:

Yeah.

Speaker B:

Who has the right attitude.

Speaker B:

Right.

Speaker B:

Learning and open source and it’s.

Speaker B:

It’s a mindset, I guess, you know, and wanting.

Speaker B:

Willing to share and all that stuff.

Speaker B:

Yeah.

Speaker B:

So it’s ended up that way and I’m going to end up being an administrator at the forum.

Speaker B:

And I got into becoming a maintainer actually for the major.

Speaker B:

For the official repo of course as well.

Speaker B:

But I was doing my things and having fun and I always backported everything that came on the official one.

Speaker B:

I backported it down into mine and then for a while it was so spread.

Speaker B:

The code base was so diverse from.

Speaker B:

Diverged so much from official one, so it was not worth the effort to try to backport it onto official again.

Speaker B:

And I was like, I’m not going to do it.

Speaker B:

So I just kept on doing this.

Speaker B:

And that is the fort that is of making what people use still today.

Speaker B:

Right.

Speaker B:

So if you use a Proxmox, that’s what you use.

Speaker A:

It’s the same for me as is all my builds are using Iceman build because it was becomes.

Speaker A:

I know where everything is.

Speaker A:

It becomes so stable as well because when you, you know, once you have stability, that makes a big difference.

Speaker A:

And I haven’t bricked cross my fingers in quite a few years now.

Speaker B:

You don’t brick it anymore.

Speaker B:

Right.

Speaker B:

You don’t brick it.

Speaker B:

You have help text, it acts like you want to do it reports back, it gives you hints, it uses col.

Speaker B:

It reconnects everything of those items.

Speaker B:

I was told that this is impossible to do.

Speaker B:

And then I’ve proven Wrong.

Speaker B:

Always by implementing it slowly and slowly and slowly.

Speaker B:

I’m like, what are you talking about?

Speaker B:

It was never impossible.

Speaker B:

What?

Speaker B:

It’s like, I’m not going to do this.

Speaker B:

And that’s the whole thing.

Speaker B:

That’s number three I wanted for people to listen into.

Speaker B:

Don’t listen too much on your heroes, you know, or.

Speaker B:

Just because it says something in a data sheet doesn’t mean that it’s true.

Speaker B:

You know, that’s the back tech, you know, that’s how we hack things.

Speaker B:

You know, the data sheet selects a documentation and then you just do your own fucking thing with it with fuzzing and you do.

Speaker B:

You try new things and whatever and all of a sudden you end up doing weird, crazy shit that was not possible before.

Speaker B:

And voila, you’re a hacker.

Speaker A:

Absolutely.

Speaker A:

I mean, I think also it was a big change as well.

Speaker A:

I mean, you look at, even the last 10 years, lots of, you know, once the technology has advanced so much, it’s used in almost everything today from like packaging and shops basically to my, you know, 3D printer has RFID tags to determine basically what’s the filament in the.

Speaker A:

Actually in the printer itself.

Speaker A:

Everything today is expanded just from years ago.

Speaker A:

What was basically the key card to get on a bus or to get on a train or to open your front door, where it was more about access controls then to now it’s more about data sharing and sensors and everything else.

Speaker A:

So it has expanded quite a lot.

Speaker A:

I think some of the foundational work that you’ve done also brought a lot more people into the interest.

Speaker A:

At the same time, the technology is kind of getting more broadly used everywhere that at the same time you have a lot more people coming in with diversity and different backgrounds and different skill sets, and then expanding it even further into newer ideas and newer devices.

Speaker A:

So I do think, you know, a lot of the work that you did was pinnacle into one is also bringing the broader community into it as well, and more ideas and more basically sharing and knowledge.

Speaker A:

And I think one of the best things also for me was when the forum moved to Discord.

Speaker B:

Yeah, like Discord now.

Speaker A:

Yeah.

Speaker A:

Where it was used to be in, you know, it was a little bit kind of in GitHub.

Speaker A:

And then we had.

Speaker B:

The forum.

Speaker A:

Yeah, forum, one of those.

Speaker A:

It was almost static.

Speaker A:

No one was interacting and communicating and it wasn’t in real time.

Speaker A:

You know, you’d be looking at posts that, you know, got really dated.

Speaker A:

And then the GitHub was pretty.

Speaker A:

I mean, it was pretty good, well structured.

Speaker A:

I have to Say it was.

Speaker A:

It was well structured and it was good.

Speaker A:

But then also you could sometimes get lost between pages, you know, if you weren’t backlinked properly.

Speaker A:

And Discord kind of, I think that made it for me was the difference where that’s what brought me into the community and to know other people much better and to interact and even be able to chat properly.

Speaker A:

So that definitely moving to Discord for the community was.

Speaker A:

Was a game changer, I think in the whole time.

Speaker A:, six years ago now is:Speaker B:

Just around before COVID hits.

Speaker B:

Just around there it was.

Speaker B:

People like the kids, my kids at home were using Discord and like.

Speaker B:

And a lot of people was asking, why don’t you exist on Discord?

Speaker B:

I’m like, I don’t want to be on any damn kids place.

Speaker B:

You know, like.

Speaker A:

And then everybody was like, what?

Speaker B:

That’s exactly.

Speaker B:

I want to be on Snapchat.

Speaker B:

Heart Big.

Speaker B:

We got a forum.

Speaker B:

And then I realized we, like you said, oh, static and people was not interacting in the same way.

Speaker B:

And then I tried Discord because I tried Slack.

Speaker B:

I was on some interesting RFID hacking slacks to lives.

Speaker B:

And that was nice, but I just, I dislike Slack.

Speaker B:

It’s.

Speaker B:

It’s like teams and whatever.

Speaker B:

And I was.

Speaker B:

I don’t like it.

Speaker B:

Right.

Speaker B:

And we tried Discord and Manual.

Speaker B:

So simple.

Speaker B:

We just set it up also free and you can have video calls in it, audio calls, chats, photos, share.

Speaker B:

It’s like, oh, this is perfect essentially.

Speaker B:

Yeah.

Speaker B:

And row so you can get that, you know, and you can just do this.

Speaker A:

And it’s like the searching is pretty good now as well as well.

Speaker A:

So that’s one thing for me is that when I got in Slack searching history, it was also one of the problems as well.

Speaker A:

I do a lot of my documentation in OneNote and OneNote searching was horrible, you know, when you did any special characters now that all of that was fixed and also in Discord as well.

Speaker A:

And now I can go back and look a lot, search easier for things that, you know, I couldn’t find or remember or this piece of documentation or somebody mentioned something about a key maybe six months or a year ago.

Speaker A:

The search is so much better and so much easier to go through.

Speaker B:

Oh yeah, that really helps.

Speaker B:

But so many people, the young ones today, they really don’t like searching.

Speaker A:

They ask the question again and again.

Speaker B:

And again, you know, and the AI floss, slop, you know, God.

Speaker B:

Well, I don’t know English.

Speaker B:

So I use AI to Translate AI can tell.

Speaker B:

Yes, of course, sir, I can do that.

Speaker B:

And when it comes to text, I’m like, no.

Speaker B:

It’s like, oh, I don’t know if it’s lazy or if it’s just their way of solving a problem that they think that they’re doing it fast.

Speaker A:

I think the problem, I think, I think one of the things is that they might as technology and everything changes so fast today.

Speaker A:

They think sometimes maybe that something three months ago is not valid anymore.

Speaker A:

I think just the evolution of change.

Speaker A:

Maybe they’re just looking for the latest and greatest or maybe the, you know, updated information.

Speaker A:

But I’m from a world where, you know, things are five years ago still work today and they’re still valid.

Speaker B:

That’s the funniest thing actually.

Speaker B:

We spend a lot of time with our, the Proxmo source code.

Speaker B:ou can actually use it on the:Speaker B:

You can actually just put this Source code recompile for 256 flash memory and it will work today.

Speaker B:

I mean, I mean, I jokingly say it’s yes.

Speaker B:

How about that for sustainability, right?

Speaker A:

Backwards compatibility, making sure old devices are still actually operational and valid.

Speaker A:ing I purchased, Even back in:Speaker A:

You know, I do move to the Mini and the Comedian still just from mobility perspective.

Speaker A:

But the Proxmark, if I need something more complicated or more cracking or more power.

Speaker A:

But it really comes down to the kind of, I guess the, the mobility side of things that you’re looking for, you know, moving around.

Speaker B:

We were talking about you doing Pentas and red teams and being aware about things.

Speaker B:

Right.

Speaker B:

Knowing your tools.

Speaker B:

Another part of, another side of that is that you also need to know that the apps that you’re using, you have to remember that the Flipper and Flipper app is developed by Russian.

Speaker A:

Yep.

Speaker A:

Company Pavel and Anna.

Speaker B:

Pavel and Anna, exactly.

Speaker B:

No shade on them.

Speaker B:

But you know, it is what it is.

Speaker B:

The same goes for, you know, where does your files go when you upload things.

Speaker B:

Same goes for the Chameleon that’s developed by Chinese group.

Speaker B:

Right.

Speaker B:

So when you do things and say we’re going to use this tool in a pen test, you better inform, you know, you better know that the app you’re using to control those and you have an offline cracking part or when people take a cloner that has online capabilities, same problem there.

Speaker B:

You take it up and you have to realize, you have to do your research and understand does this Phone, home or not.

Speaker B:

Because in the worst case, this device or this app we’re using to talk to the device with will send that credential data for cracking in a place most likely where you not want your customers data to be in.

Speaker A:

Absolutely, absolutely.

Speaker B:

I think most of them are benign in when looking at it and use open source and all that stuff.

Speaker B:

But with that said, it’s you who has to inform your customers which tools you use and what the downside with it.

Speaker B:

Something I want to stress for people who’s professional in this game.

Speaker A:

Absolutely.

Speaker A:

I think you bring up a really important point is that when using any tools that you really understand about basically the supply chain of those tools and ultimately how they’re created, a lot of times for me, even like the Flipper, I actually have to have a completely separate laptop and a separate network just to basically use it because I will not let it on basically my open network and my other devices.

Speaker A:

I actually have whole separate segregation in order to be able to use it and understand it and kind of see.

Speaker B:

How well if you have customers like Interpol.

Speaker B:

Yeah.

Speaker A:

So and intel also as well.

Speaker A:

In addition to that, when I’m traveling because I do travel a lot and I’ve had situations where I get a flight cancellation and now basically I get rerouted and I’m now flying to a country where, you know, maybe they may not have laws or they have laws that actually make it illegal as well.

Speaker A:

So it gets into.

Speaker A:

Also as a pen tester and you’re using tools for different, let’s say, activities and campaigns, you also have to know the legal side of things as well.

Speaker A:

A spicy frustrate.

Speaker A:

So for me, sometimes I actually had to put them in a package and post them home or if it was software based, I had to go and completely either upload it to a cloud environment or to my own personal environment and wipe it from my machines.

Speaker A:

So I’m not traveling through airports or through, you know, potentially if I, if I went through an airport, that’s one thing.

Speaker A:

But then if you’re forced to leave that airport through immigration, then that becomes, you know, I’ve had situations where I got rerouted through Canada and I had the question of, okay, now I have to decide what I’m going to do with all this stuff that’s in my bag because, you know, Canada might see it as, you know, offensive, illegal tools.

Speaker B:

Yeah.

Speaker B:

So I have two stories to share with you.

Speaker B:

That one of them is some years ago, two, three years ago.

Speaker B:

Two, three years ago, when this debacle about Flipper being a hacking tool.

Speaker B:

It’s not.

Speaker B:

And we tried to whitewash it.

Speaker A:

I know but it’s a Swiss army knife of multiple tools bulge into.

Speaker B:

It’s just this.

Speaker B:

They took six open source projects for hacking and they made a very nice form factor for it.

Speaker B:

And that’s what it is, it’s a hacking tool.

Speaker B:

And they only, you know, you can whitewash as much as you want.

Speaker B:

That’s what people want to use it for.

Speaker B:

So the government came up with it again.

Speaker B:

So the customs and tsa there’s a note sending out to five eyes and it says if you get in for question or the question to open and see your phone, if they see the flipper app installed on your phone, you will be sent to secondary or the next step where you have to, you know, where we’re going to look into if you have that device onto you and then might take it.

Speaker B:

And of course we have to question, you know, why do you have this device?

Speaker B:

You’re not allowed to fly with it either.

Speaker B:

In that case, if it marked you that and then you will be forever marked in the database saying that.

Speaker B:

Yeah.

Speaker B:

So that’s the first story.

Speaker B:

What people don’t understand.

Speaker B:

Well, I don’t know.

Speaker B:

I had it in my hand luggage.

Speaker B:

I used, I used to travel like that until I got that get a copy of that message.

Speaker B:

And then I understood people give me a heads up about things.

Speaker B:

I was like, okay, thank you.

Speaker B:

The next head up I got is I didn’t do conferences before, right.

Speaker B:

So I sat home at my office here and I just had a Proxmox and people was wondering how can you make so much like, well, I have a Proxmo.

Speaker B:

Yeah, but whatever gear do you have?

Speaker B:

I have a Proxmark, that’s what I have.

Speaker B:

And was like, okay, do you active on hacker conferences?

Speaker B:

No.

Speaker B:

So I was like, maybe I should go out to a hacker conference.

Speaker B:

So I started going to hacker conferences and meeting hackers.

Speaker A:

What was your first one?

Speaker A:

What was the first, let’s say, you know, hacker conference you went to.

Speaker B:

Oh wow.

Speaker B:

That was just when we dropped the order before and we went to Black Alps in Switzerland.

Speaker A:

Okay.

Speaker B:

That was the first one that was scariest.

Speaker B:

Yeah, that was nerve wracking.

Speaker A:

It’s a pretty good community in Swiss.

Speaker A:

That’s actually I get to meet some.

Speaker B:

Really good people and turn out some of the people from the forum was there.

Speaker B:

So we’re sitting at my hotel room and he was showing me how he could, you know, listen to.

Speaker B:

He made a makeshift EM probe for his Oscilloscope so he can sniff traffic.

Speaker B:

And like thought I was just super great.

Speaker B:

That was the beginning of conference experiences.

Speaker B:

You’ve been to conferences much more than I ever have you.

Speaker B:

So eventually I ended up going to defcon.

Speaker B:

Right?

Speaker B:

The whole roads lead to DEFCON sooner.

Speaker A:

Or later, at some point we all end up in hacker summer camp with 40, 40,000 other people that we.

Speaker A:

Many of them are like us and many of them are not.

Speaker A:

But.

Speaker A:

But the diversity is good.

Speaker B:

Out of the 30,000, I would say maybe 400 is like us, but Vegas is Vegas.

Speaker B:

It’s a fucking nightmare in that sense.

Speaker B:

Yeah, it’s grown up kindergarten.

Speaker B:

I don’t know what you think about Vegas, but it’s crazy.

Speaker B:

So I got called out by the Ricks from the RF Village.

Speaker B:

So was asking me if I wanted to do a talk.

Speaker B:

And you know, I was like, you know what?

Speaker B:

You’re paying for my flights.

Speaker B:

Nope, we don’t have that.

Speaker B:

Okay, fuck it.

Speaker B:

But we turned out we got the RV4 and we got some money for that.

Speaker B:

So we were able to fly into DEF CON and be there because we have to be in defcon.

Speaker B:

And that was my first real exposure to people who been using the Proxmark and things like that before.

Speaker B:

And people like, oh, yeah, you, Iceman.

Speaker B:

Wow, I want to shake your hand.

Speaker B:

I want to buy your beer.

Speaker B:

Who are you guys?

Speaker B:

What are you talking about?

Speaker B:

And it’s like, this is very odd.

Speaker B:

It’s like, I just do some Proxmo stuff.

Speaker B:

What are you talking about?

Speaker B:

And people’s like, yeah, we know about me and do things.

Speaker B:

I’m like, I have no idea.

Speaker B:

Anyway, fast forward that DEF CON stories.

Speaker B:

I’ve been to DEFCON several times and doing talks, I end up a couple years ago, I get a note saying, you know, you know, how about the.

Speaker B:

You know how in Vegas that you get this paper sent out to the hotels saying, I remember that paper.

Speaker B:

I remember it comes out every year.

Speaker B:

Yep, both chains does it.

Speaker B:

The big ones, you know, the two big ones.

Speaker B:

And they send it out to all the hotels.

Speaker B:

There’s a paper saying, watch out for these kind of devices on the rooms.

Speaker B:

The room cleaning where you have to look in your room every third day, you know, if you see hacker stickers, you know, make sure that you inform us about the security on the premises.

Speaker B:

So people are telling me like, yeah, you know, that the Proxmark is considered, is considered a burglar tooth.

Speaker A:

Yes.

Speaker B:

I’m like, say what?

Speaker B:

I’ve been having tons of Proxima years.

Speaker A:

It is so funny, because I think I actually have one of the printed sheets here somewhere in my office.

Speaker A:

Of all the devices that was actually.

Speaker A:

Was going around.

Speaker A:

Yeah.

Speaker B:

Last year was like this.

Speaker B:

So this year as well, you know.

Speaker A:

Yeah, yeah.

Speaker A:

So I see.

Speaker A:

What I try to do is I try not to stay in the recommended hotels.

Speaker A:

I try to stay a little bit.

Speaker A:

Not near Black Hat, not near defcon, but somewhere that is like, you know, a little bit off the strip.

Speaker A:

So it’s like you don’t.

Speaker A:

The hotels that tend to like, if you’re not going to be near defcon, then all the hotels in that area are checking everything.

Speaker A:

So I try to get something this little bit off.

Speaker A:

And then I also stopped bringing a lot of stuff with me as well.

Speaker A:

You know, even my soldering kit.

Speaker A:

I was like, okay, I’m not.

Speaker A:

Because at the moment.

Speaker A:

Because they can actually, you know, you can get fines if you’ve been fined soldiering in the hotel room because.

Speaker B:

Oh, man.

Speaker A:

Because this was smoking.

Speaker A:

Oh, yeah, you can get the smoking.

Speaker B:

Yeah.

Speaker A:

They will throw you a cleaning charge on that.

Speaker A:

But absolutely.

Speaker A:

I remember all those.

Speaker A:

The device that was on that list, it’s just like, you know, I always have laugh because even my kids.

Speaker A:

My kids have lock picks and everything I’ve got.

Speaker A:

It’s actually when I put the defcon this year, my son was like, I don’t like my existing lockpick set because it’s like really flimsy and it’s all bent and stuff.

Speaker A:

I want a professional one.

Speaker A:

So what I had to do was I had to bring both of them back.

Speaker A:

Professional lockpick sets.

Speaker A:

It’s almost like a fidget for them, like something that they just play with.

Speaker A:

And actually that’s really nice because it all started for that.

Speaker A:

It started with my son was coming to the office and I actually had.

Speaker A:

He was wanting to play PlayStation all the time.

Speaker A:

I was like, no, you can’t do.

Speaker A:

You have to do something productive.

Speaker A:

I put the controller in a box and put a padlock on it, said, okay, if you can get the controller out of the box, you can play PlayStation.

Speaker A:

And he got really good at picking the lock and then he moved on to hack the box from that and bug bounties and everything else afterwards.

Speaker A:

Yeah, they do love.

Speaker A:

They love, you know, getting into a lot of the tools and toys and the Proxmark side of things.

Speaker A:

So me and my son’s.

Speaker A:

We’ve actually built one using Arduino.

Speaker B:

Wow.

Speaker A:

From that side.

Speaker A:

So, you know, really kind of getting into the manual side of things.

Speaker A:

But.

Speaker A:

But you’re right, is that, you know, these like all tools, they can miss it being misinterpreted for anything.

Speaker A:

You know, a hammer can be a burglar tool, a crowbar, a burglar tool.

Speaker A:

But it’s not the only purpose of it.

Speaker A:

They, they, yes, they can be used.

Speaker A:

For me, what I use a Proxmark for is to clone and copy cards so I don’t have to pay ridiculous fees for the office rental company where they’ll charge you if I want a second key from my office, it’s €50.

Speaker A:

I’ve got all the stuff here to create my own card or to create backups or to really be curious about how things work as well.

Speaker A:

So maybe you can make them better.

Speaker A:

So it’s not the only purpose.

Speaker A:

I think that’s what the myths from a.

Speaker A:

They get misinterpreted, especially from people who don’t understand them.

Speaker B:

It comes both ways, right.

Speaker B:

It could be like a knife could be used for good and bad.

Speaker B:

So if you take implants, like biohackers, they use this RFID implants very much.

Speaker B:

And they really want to hack the cards and tags and then clone it onto, you know, illegal cards to have it with them because that’s how they want to roll.

Speaker B:

And I have an implant as well that’s, you know, that circumvent the whole idea of a card being secure if you can clone goes hand in hand.

Speaker B:

Right.

Speaker B:

But back to that hotel story.

Speaker A:

It was.

Speaker B:

Was kind of funny because I was invited for a bug bounty event and I was there and I was informed that proxmog was a burglar tool.

Speaker B:

And I was like, hey, you know, I have a bunch of them.

Speaker B:

You know, that’s what I’m known for.

Speaker B:

So I was like, yeah.

Speaker B:

And I ended up speaking to one of the managers at the hotel and is like, so, you know, is that going to be an issue?

Speaker B:

And my dude goes like, we know who you are.

Speaker B:

It’s not a problem.

Speaker B:

It’s like, okay.

Speaker A:

It’s one of those things.

Speaker A:

Yeah, we’ve already, we’ve already done the research.

Speaker A:

We’ve seen you, we’re watching you say.

Speaker B:

You’re one of the good guys.

Speaker B:

Stay that way.

Speaker B:

It’s like, okay.

Speaker A:

I think that’s the difference though, is that going to any tool is that it’s the intention of motives that we all have.

Speaker B:

Yes.

Speaker A:

And that’s the, I think that’s the difference, you know, between calling it a burger tool is because, you know, the person who’s using it for that purpose Some people might be using it for the purpose, but you know, their motives and their intentions are very different from those who are understanding technology.

Speaker A:

Making it better, making it more secure, making it more difficult and at the same time also educating people on, you know, how to use it properly, how to implement and configure it properly.

Speaker A:

Because I find a lot of times is that organizations and businesses and people use technology, they just don’t configure correctly.

Speaker A:

And that’s what creates the risks.

Speaker A:

They use the same ID across hundreds of keys or they just didn’t configure it basically in order to make sure that it has basically a unique key in the background or something, you know, that’s more using a version of the card which is more difficult to crack or more challenging.

Speaker A:

So misconfigurations.

Speaker A:

And I think educating and making that aware makes a big difference.

Speaker B:

Yeah, I think you raise a very fair set of questions and use cases for things.

Speaker B:

And all of them are valid, several of them.

Speaker B:

Right.

Speaker B:

And I am for one of those people who’s like, you know, it’s open source, make it work, make a copy of it so you don’t get vendor locked in.

Speaker B:

But also who are you if you are in a position to buy a system from a vendor, how do you analyze it?

Speaker B:

How do you verify their claims?

Speaker B:

Right.

Speaker B:

You need to know the, know how the tool setting for that because you know, modern days.

Speaker B:

And then you need to do the right decision making based on it, you know, to see what is the actual risk involved here.

Speaker B:

Because in the end of the day, all the management and all this buying and selling is about risk management.

Speaker B:

You know that, I know that.

Speaker B:

It’s nothing else.

Speaker B:

Doesn’t matter how well you write your pen test report.

Speaker B:

The people in the management gonna go like, interesting that you can burglarize that one.

Speaker B:

Nice.

Speaker B:

Great.

Speaker B:

So what’s the actual risk?

Speaker B:

Yes.

Speaker B:

And you.

Speaker B:

I’m.

Speaker B:

I’m pretty sure that you’re quite good at evaluating risk.

Speaker A:

That’s actually, that’s, that’s our job today is risk evaluators, different skill sets but, but just reevaluate risk.

Speaker B:

Yeah, but you need to know a whole heap of things, technology wise and tool wise in order to be able to analyze that risk by just the word of mouth or knowing people who to ask.

Speaker B:

And then the next step is actually trying to do it yourself.

Speaker B:

Right.

Speaker B:

But I am on that far end when I develop the tools that you guys work with.

Speaker B:

So that’s the difference.

Speaker B:

Right.

Speaker B:

So if people wonder what I do.

Speaker B:

Yeah, I hack things because I’m making the tools, I’m making things better.

Speaker B:

And that enables people to do trainings for people.

Speaker B:

It enables people to tell other companies if it’s good or bad, all of that.

Speaker B:

So yeah, so my reputation in this field of hacking is based on that side because that’s what I do.

Speaker B:

I mean, I guess people like that.

Speaker A:

Absolutely.

Speaker A:

You’re helping us create the tools that evaluates the risk that we use in order to determine is this actually what the vendor or organization said they were doing and then be able to hold them accountable when it’s not true.

Speaker A:

So that’s important.

Speaker A:

So a question.

Speaker A:

What are you doing today?

Speaker A:

What are you working on today?

Speaker A:

You’ve been doing a few different types of conferences this year.

Speaker A:

What’s the fun stuff that you’re working on at the moment?

Speaker B:

I was not supposed to do very much conferences this year.

Speaker B:

I was supposed to do relaxing and stuff.

Speaker B:

It’s been a nightmarish, extensive, excruciating, hard working this year.

Speaker B:

Many parts.

Speaker B:

I’ve been doing a lot of research for the Black Hat Asia Talk we did and then starting up the company that I’m starting up.

Speaker A:

You started a new company just recently.

Speaker B:

Oh, it’s a year old.

Speaker B:

But the web page is out now.

Speaker B:

Aurora Sec is out there.

Speaker B:

Yes.

Speaker B:

It’s like now, now we exist, we have, we have a web page.

Speaker B:

So yeah, that’s it.

Speaker B:

But this.

Speaker B:

And then I have a private nature.

Speaker B:

My son needs to do an operation for some surgery and I said I’m going to take off time to make sure that I can be there when you recuperate from it.

Speaker B:

And that got postponed.

Speaker B:

And I have a, it seems like I have a tendency to not be able to say no properly.

Speaker B:

So I went to Y, I went to Troopers.

Speaker B:

I’m going to go to Balkan now in two weeks and then I’m going.

Speaker A:

We talked about Balkan last time.

Speaker B:

Yeah, it’s a great conference in, in Serbia.

Speaker B:

And then I’m going to do some live hacking events in.

Speaker B:

Yeah.

Speaker B:

And which I can’t talk about.

Speaker B:

And then I’m going to be in Saint Con.

Speaker A:

You went a couple of years ago to Stone.

Speaker B:

I’ve been the last two years in Stone.

Speaker A:

I would love to go to Senkon.

Speaker B:

It’s a hardware place.

Speaker B:

It’s really nice.

Speaker B:

It’s, it’s, it’s really odd.

Speaker B:

It’s, It’s a small, two, 200 people family, a lot of kids and all that and everybody’s soldiers and hacks hardware.

Speaker B:

I’m like, are you kidding me?

Speaker B:

It’s like, this is like, we’re so friendly, everybody there.

Speaker B:

And there’s a magnificent nature there as well.

Speaker B:

It’s like.

Speaker B:

Yeah, there’s some.

Speaker A:

It’s Salt Lake City, south of it.

Speaker B:

Yeah, Salt Lake City is there.

Speaker B:

So the, the conference is in Provo.

Speaker A:

Provo.

Speaker A:

You wouldn’t.

Speaker A:

So my former, former, former former employer, their headquarters was in Provo.

Speaker B:

Yeah, It’s a big black box, right?

Speaker A:

I’ve spent.

Speaker A:

It is.

Speaker A:

There is a big black box.

Speaker B:

It’s a big black box in Provo.

Speaker A:

Yes, yes.

Speaker A:

With.

Speaker A:

Yes.

Speaker A:

A big building with lots of power getting used.

Speaker B:

A lot of power getting used there.

Speaker A:

So.

Speaker A:

But yeah, I spent, I spent a year of my life in Provo.

Speaker A:

I know, I know the place so well.

Speaker A:

Yeah.

Speaker A:

Because my former employer was Altiris and Altiers was started out of a lot of people who came from Novell and Novell of course, started in Provo and American Fork and all those places.

Speaker A:

So my bosses were based there and I would travel spent.

Speaker A:

I think I looked at my Marriott hotel nights.

Speaker A:

It was 360 plus days in Provo at the Marriott Hotel in Provo.

Speaker A:

So I still have, I still have my membership card for the comedy club there.

Speaker A:

So there’s a comedy club in Provo.

Speaker A:

And also.

Speaker A:

Yeah, java beans, which came and went a few times because they’re not very welcoming to coffee and caffeine.

Speaker B:

No, no, no, not caffeine.

Speaker A:

It’s a fantastic place.

Speaker B:

Yeah, it’s amazing place.

Speaker B:

Yeah, I like it.

Speaker B:

So, yeah, so I’m doing that.

Speaker B:

I was also gonna, I applied for, I applied for code blue in Japan.

Speaker A:

Okay.

Speaker B:

And then I promised to do a talk for Hack the Hills in Melbourne, Australia.

Speaker B:

But I most likely have to cancel those two occasions because the surgery has been.

Speaker A:

Oh, the surgery’s gonna be around that time.

Speaker A:

Okay.

Speaker B:

So I’m gonna be able to do that.

Speaker B:

So.

Speaker B:

Yeah.

Speaker B:

And then I hope to relax a.

Speaker A:

Little bit and have a, have a little bit, you know, of time for yourself, you know, because that’s what we need in this industry.

Speaker A:

We tend to always be on the forefront.

Speaker A:

You know, it never sleeps, it never ends.

Speaker A:

It’s constant.

Speaker A:

If you were to sit and look at the forums you were sitting, look at all the research has to be done.

Speaker A:

We’d be working 247 and non stop.

Speaker A:

So it’s always important to find the time to, you know, to, to focus on, on the, the hobby yourself, you know, the things that you want.

Speaker A:

You know, I always say that sometimes important to have hobbies outside of what we do a little Bit kind of, you know, that’s completely left to the field in order to really sometimes take the mind off things.

Speaker B:

Someone told me at Y camp now, the real summer, summer hacker camp, it’s like you have a real tense in Europe, you know, and instead of Vegas, someone tell me that, well, Iceman, you like, you always go to, you know, you’re like, conference junkie.

Speaker B:

It’s like, well, it’s kind of fun to go to conference.

Speaker B:

I get to hang out with Hackatham, you know, I get to hang out with great people.

Speaker B:

People.

Speaker B:

I mean, end of the story, you know, Talking to great people makes yourself feel so good about things, what you do, and you can share knowledge and you just.

Speaker B:

And you just think and you have fun.

Speaker B:

And they are people who understand your motivations.

Speaker B:

Right?

Speaker B:

They.

Speaker B:

They.

Speaker B:

Because they have the same, similar.

Speaker B:

Yes, right, Right.

Speaker B:

So we all have a passion for something, right?

Speaker B:

So sometimes I’m like, you know, and if I do a talk, I do a talk usually because they pay for me to get there.

Speaker B:

So it’s not bad.

Speaker B:

So it almost becomes like my holiday in one way.

Speaker B:

But I also need to not do anything.

Speaker B:

And when I do that, I prefer to lay on a beach and do absolutely nothing.

Speaker B:

And I don’t even have a computer with me.

Speaker A:

And I sometimes could even have a physical book.

Speaker A:

Yeah, a proper book.

Speaker A:

Or just music.

Speaker B:

Oh, music is good.

Speaker B:

Yeah.

Speaker B:

What do you listen to?

Speaker A:

For me, I’m a big Blink 182, blur, old school, Nirvana.

Speaker A:

So I’m a kid of all kinds of.

Speaker A:

My kind of childhood was more 80s, early 90s rock, alternative.

Speaker A:

So.

Speaker A:

So my old playlist that I pull up once in a while from 90s early rock.

Speaker B:

That’s great music from then.

Speaker B:

It’s really good.

Speaker B:

Red Hot Chili Peppers.

Speaker B:

Red Hot Chili Peppers, yeah.

Speaker A:

So even more.

Speaker A:

I do like Imagine Dragons, Mumford and Sons.

Speaker A:

I’m going to One Republic concert soon.

Speaker A:

It was one of the next ones.

Speaker A:

So I do like, you know, it’s a little different.

Speaker A:

It’s more kind of, you know, pop type of, you know, alternative.

Speaker A:

But it’s.

Speaker A:

It’s.

Speaker A:

It’s good.

Speaker A:

That’s one of the things.

Speaker B:

It brings you joy.

Speaker B:

You know, I listen to a lot of music in that sense, you know, because I want to be in the zone.

Speaker B:

And that feels great, to be in the zone.

Speaker B:

It’s a hard concept to explain to people who don’t do software development.

Speaker B:

But Zone is a special place.

Speaker B:

What we love a zone is the place when.

Speaker A:

When I’m.

Speaker A:

When I’m writing, when I’M doing the kind of.

Speaker A:

After I’ve done the research, I. I need to get it out of my head.

Speaker A:

Yeah, I put some, you know, usually it’s either kind of electro music, you know, something.

Speaker A:

No lyrics, no lyrics, just beats.

Speaker A:

So.

Speaker A:

And even, sometimes even going to some of the, you know, good old DEFCON media library as well.

Speaker B:

Oh yeah, Soma, guys.

Speaker B:

Yeah, Kampf, he does this DJ thing at sync on all that stuff.

Speaker B:

So it was great.

Speaker B:

So he, you know, it’s like, come listen to Soma.

Speaker B:

It’s like, okay, so tune in there.

Speaker B:

I have another friend who does that this spring.

Speaker B:

I was like, yeah, God, I feel, you know, wear it worn out.

Speaker B:

And he was like, yeah, when I do that, I listen to music.

Speaker B:

Yeah, I like progressive trends when I do this.

Speaker B:

And he’s like, I got you covered, man.

Speaker B:

So he keeps on sending me this playlist and like, ah, here’s some good beats for you.

Speaker A:

You’re not great.

Speaker A:

You’ll have to shirt.

Speaker A:

Well, let’s, let’s add it to the, the show notes.

Speaker A:

You have to share it with me so.

Speaker A:

Because that’s something I do.

Speaker A:

I do enjoy a good playlist, you know, even for me when I go on snowboarding, I need to have something.

Speaker A:

You know, I’ve got my helmet on.

Speaker A:

I’ve got basically I’ve got my speakers in the helmet it.

Speaker A:

And I’m just on the hill.

Speaker A:

I’m just like, okay, just.

Speaker B:

It’s just mountains in Estonia.

Speaker A:

There’s no mountains in Estonia.

Speaker A:

But I have to go to Finland or Sweden.

Speaker A:

So next year, next year’s a Finland trip to get some, some good hills.

Speaker B:

Are you going to go to Disa Bay?

Speaker A:

I’ve been talking with you.

Speaker A:

Yes, I, I’m going to do submissions because the call for papers open at the moment and I do plan to go to Disa Bay.

Speaker A:

That is the plan.

Speaker B:

Cool, cool, cool.

Speaker A:

I might give a training workshop there.

Speaker B:

So, yeah, what it’s going to be.

Speaker A:

About, it’s going to be basically probably hacking gamification.

Speaker A:

You know, how to get started, how to take notes, how to improve your skills, how to find the right people to help you.

Speaker A:

So getting into the gamification side in order to improve your skills.

Speaker B:

Cool.

Speaker B:

It’s a lot of gamification, isn’t it?

Speaker A:

There’s a lot of gamification.

Speaker A:

So I, for me, I run the community for Baltics in Finland for Hack the Box.

Speaker A:

So every now again I’ll do some type of live walkthroughs, different machines once in a while.

Speaker A:

Do you do that on stream, not live on stream.

Speaker A:

No, because otherwise you’ll see.

Speaker A:

You’ll see me like hitting the table or getting frustrated.

Speaker B:

Yeah, it’s.

Speaker B:

It’s important.

Speaker B:

I got some feedback about my talks about them.

Speaker B:

And we go like, yeah, we like that you’re genuine.

Speaker B:

But I also think it’s great that you talk about when you fail doing things well, that’s.

Speaker A:

So when I had, I had the conversations with Stoke and John Hammond and we went through this whole conversation and we talked about sometimes when we’re showing like one of my favorite conferences that I remember watching, it went online, which was colonelcon and Colonel Con.

Speaker A:

It was the one year where they actually streamed it all live and they had on Discord, they had the live stream I think they were doing on Twitch or something like that.

Speaker A:

And for me it was one of the best because when they were doing the hacking gamification that basically John would get a challenge and Joe grand would also get a challenge and they didn’t know what they were going to get.

Speaker A:

And when they were going through and they had solved those puzzles and challenges, it really showed you that one you’re failing.

Speaker A:

You know, the failing part of it, it really highlighted that.

Speaker A:

And for me, that was one of the best.

Speaker A:

So if you ever get the chance, I’ll actually put it in the show notes as well.

Speaker A:

Go back and look at the kernel Con.

Speaker A:I think it was from about:Speaker A:

And yeah, it was with Joe Grant.

Speaker A:

There was John Hammond was on.

Speaker A:

There was Chris, who does the Ida Pro Ghidra.

Speaker A:

And it was.

Speaker A:

It was really good.

Speaker A:

It was really good because it really got to the point because sometimes when you do edited videos, you show it all successful, how it should be done.

Speaker A:

But what you don’t tend to show is, you know, this is what I kind of like is that the failures, especially when even IPsec’s doing it.

Speaker A:

I like his style because he also shows here’s the rabbit holes.

Speaker A:

But you don’t get the sense of how deep those rabbit holes are.

Speaker A:

That’s the missing part.

Speaker A:

And for me, yeah, you’ll probably see me going down deep down a rabbit hole and getting really frustrated.

Speaker A:

And then my style is I know a guy who will go and help of this rabbit hole.

Speaker A:

So I end up using my connections to help me solve, solve things as well, which is what the real world is.

Speaker B:

Yeah, but that’s how you need to do it, right?

Speaker B:

So you need to do those things.

Speaker B:

You need to have connections and people who can help you up and who you can balance ideas with.

Speaker B:

So I do have a YouTube channel as well.

Speaker B:

And I sometimes livestream my failures when I code.

Speaker B:

And I sit endlessly staring at screens and we’re like, what am I doing wrong here?

Speaker A:

And then six hours later, a few.

Speaker B:

Moments later, you still haven’t moved.

Speaker B:

Are you live?

Speaker B:

I suppose.

Speaker B:

No.

Speaker A:

Oh, yeah.

Speaker A:

That would be classic.

Speaker A:

To really show the proper.

Speaker A:

The full length of stirring it a problem and then stirring it at a different way.

Speaker A:

Maybe it’s going to change, but it’s like that.

Speaker B:

It’s hard to explain the problem solving process because that’s what we’re into right now.

Speaker A:

Yep.

Speaker B:

How do you overcome problems?

Speaker B:

And for me, I heard what I remember is a story from the Naked Chef, Jamie Oliver, and what he was doing.

Speaker B:

He was a biggie on things for 10 years ago, and he was doing things and he was so frustrated.

Speaker B:

He was doing something for the community, for the schools and making.

Speaker A:

Yeah, I remember.

Speaker B:

Yeah.

Speaker B:

And he was super frustrated because he can’t get on with it.

Speaker B:

And he’s like, I can’t think.

Speaker B:

I bake a bread.

Speaker B:

Right.

Speaker B:

So he stops doing that and he stopped baking and kissing that bread.

Speaker B:

You know, the dough thing.

Speaker B:

And.

Speaker B:

And I really took to heart with that because when I don’t, when I get stuck, I start coding something, just whatever.

Speaker B:

I take up some old RFID cards and hack some old stuff.

Speaker B:

So I get into flow, try to do some improvements, whatever, and then I’m in there, and then I’m not here, here, I’m in there in that.

Speaker A:

Yeah, you’re in the kind of the frame, but you’re, you know, looking at a different problem.

Speaker A:

Sometimes looking at a different problem can give you a bit of, let’s say, you know, maybe if I tried this.

Speaker B:

Yes.

Speaker B:

And that’s.

Speaker B:

That would be the number four takeaway for us.

Speaker A:

So for everyone in the audience, how do you stay up to date?

Speaker A:

Where’s your learning?

Speaker A:

What types of things?

Speaker A:

And when you’re not, you know, sitting on the beach listening to good music?

Speaker A:

How can the audience get in contact with you if they have questions?

Speaker A:

Is the Discord Channel the best way?

Speaker B:

Don’t contact me anymore.

Speaker B:

I’m just joking.

Speaker B:

No, I’m always reachable in that sense.

Speaker B:

So Discord is a great place to now learn and to search and look at the PIN messages.

Speaker B:

If you want to get stuck, it’s always there.

Speaker B:

Ask questions and the community will answer them, you know, but for me, by now, I’m very blessed.

Speaker B:

I have an.

Speaker B:

A tremendous network of people that I Can talk to, chat with and it keeps on flowing in.

Speaker B:

I spoke to the, to a guy who’s been in a central organization for tools and he said, when you’re at that barnacle of the top part there in the pyramid, everything flows to you.

Speaker B:

The information always comes to you.

Speaker B:

So I’m at that point now, but information comes to me more.

Speaker B:

But I devour Internet like x and LinkedIn since x is, you know, since the whole travesty with X.

Speaker B:

It was a nice info bubble before, which I like, I remember how it was.

Speaker B:

You went to X, you had this filtered bubble was great.

Speaker B:

You got all the hacks, you got.

Speaker A:

All the knowledge, you got the things you, you were interested in.

Speaker A:

Yes.

Speaker B:

And you got it smack on you.

Speaker B:

You got it four hours later, right.

Speaker B:

That was yours.

Speaker B:

You know, that was the best thing.

Speaker B:

You was always aware.

Speaker B:

And that spread, right?

Speaker B:

So that spread out to Mastodon.

Speaker B:

That spread out to blue Sky.

Speaker B:

That’s.

Speaker B:

But.

Speaker B:

And also LinkedIn today, right?

Speaker B:

People use LinkedIn to sell hacky stuff.

Speaker B:

I’m like, what the.

Speaker B:

But there’s Warrior.

Speaker B:

It’s on Sl.

Speaker B:

Lack.

Speaker B:

It’s on signal groups.

Speaker B:

I am seeing so many signal groups everywhere and it’s.

Speaker B:

And Discord servers ever.

Speaker B:

It’s so spread out.

Speaker B:

So if you want to have knowledge, just go and join.

Speaker B:

If you interest, I say focus on one thing.

Speaker B:

Focus on a device.

Speaker B:

Focus on one.

Speaker B:

If you want to do web hacking, great, go and start looking for web hacking on, on, on YouTube and you will find tons of great channels.

Speaker B:

Eric is one of them.

Speaker A:

Then you have Ben, whatever you call and Nahamsec.

Speaker B:

Yeah, Nam Zach.

Speaker B:

Yeah, exactly.

Speaker B:

He does great as well.

Speaker B:

You look at those and then in the end of the day you have to start doing physical.

Speaker B:

You have to open the trunk.

Speaker B:

Right.

Speaker B:

Fiddle with it.

Speaker B:

And then you do that.

Speaker B:

And then maybe you start doing some burp suit or whatever and you start looking into that and then you start looking at the issues and then you start, oh, here’s a Discord server that talks about this and that’s.

Speaker B:

And then you have an entry into there.

Speaker B:

And then you have an interest, you have some knowledge.

Speaker B:

You ask questions.

Speaker B:

Never be afraid asking questions.

Speaker B:

And if you have an asshole attitude towards you, that’s a lousy server.

Speaker B:

And then you just drop that server because that’s.

Speaker B:

It’s not worth your energy.

Speaker B:

Yeah.

Speaker A:

You know, that’s one of my, one of my recommendations.

Speaker A:

Always never be afraid to ask for help.

Speaker B:

Yeah.

Speaker B:

Ask for help.

Speaker B:

Yeah.

Speaker A:

If you struggle.

Speaker A:

It was always.

Speaker A:

It’s probably even sometimes I’ve I’ve had that failure over the years is that I, I try to.

Speaker A:

I try to figure it out myself and not myself alone.

Speaker A:

Like.

Speaker A:

Like I started off with.

Speaker B:

Same.

Speaker B:

Same.

Speaker A:

I started off with the books, Mark.

Speaker A:

It was like, like, I can do this.

Speaker A:

Yeah.

Speaker A:

At some point I’ll feel.

Speaker A:

But I need to get, you know, how to get back on the road again.

Speaker A:

And it’s a community and not being afraid to go and ask for help, that it gets me back on track.

Speaker A:

And I always regret not doing it earlier because I think I wasted a lot of time in the past of, you know, I’ve wasted.

Speaker A:

I think even when I was doing my oscp, I wasted too much time doing it solo.

Speaker B:

Yes.

Speaker A:

And I realized that, yes, I needed help and I was fortunate enough to find the right people who could point me in the right direction.

Speaker A:

But I think if I look back, the lesson to my younger self was don’t be afraid to ask for help.

Speaker A:

It will.

Speaker A:

It was just a waste of time.

Speaker B:

And a final note on that one man is also, if you don’t know how to involve and get people shy and all that stuff, you know how hackers are sometimes, not always the social things.

Speaker B:

Doing a talk is really hard.

Speaker B:

But involve yourself in a village like.

Speaker B:

So if you go to a defcon, which is super expensive, but they have lots of villages, choose one or two, you visit a bunch of them and then go and sell.

Speaker B:

You go and ask them, say, hey, can I volunteer?

Speaker B:

Can I, can I help out?

Speaker B:

And then it starts rolling.

Speaker B:

Right.

Speaker B:

You’re willing to put in the effort and then people take, you know, the open arms and just bring you in.

Speaker B:

Awesome.

Speaker A:

And you meet a lot of amazing people at the villages, so.

Speaker B:

Oh, yeah.

Speaker A:

And always willing to give back as well.

Speaker A:

They’re always willing to give the time to you.

Speaker B:

Yes.

Speaker A:

So.

Speaker A:

So question for yourself.

Speaker A:

Any plans to write a book at all or to take your knowledge that you’ve got and put it, put it somewhere which would then, you know, kind of.

Speaker B:

I should write, shouldn’t I?

Speaker B:

You should.

Speaker A:

Yes.

Speaker A:

I think, I think that’s what I’m trying to get to is you should write.

Speaker B:

Maybe I should.

Speaker B:

I’ve been bouncing my idea of thinking I need a ghostwriter.

Speaker B:

I mean, I’m not good at writing as, as you are, you know, but it’s.

Speaker A:

I think you, you know, for you, you’ve probably taken a lot of documentation.

Speaker A:

You’ve.

Speaker A:

You’ve taken your notes.

Speaker A:

It’s getting someone to take the.

Speaker A:

I’m hoping.

Speaker A:

I mean, looking at the.

Speaker A:

Okay.

Speaker A:

Looking at GitHub and looking at all the other place you’ve done, you’re probably code as your documentation taking, I mean, taking that and taking a lot of the, you know, the things you’ve written, forums and talks.

Speaker A:

You can, I’m pretty sure you could put a.

Speaker A:

Get a ghostwriter or get a copywriter at least that will take all of that and put it into a format that, you know, would be storytelling and educational.

Speaker B:

Yeah, I think it’s a great idea and I would look into it, I think.

Speaker B:

Yeah.

Speaker B:

And I would ask you for helpers.

Speaker A:

I’m always willing to help.

Speaker A:

So, Iceman, it’s been fantastic having you on the show.

Speaker A:

I really always enjoy.

Speaker A:

This is my favorite part of the week.

Speaker A:

It honestly is.

Speaker A:

And I do, you know, miss meeting you up in person.

Speaker A:

So hopefully we’ll be able to catch up at some conference in the near future and have a good couple of drinks.

Speaker A:

I have a surely my dog poodle somewhere.

Speaker A:

Ellie’s around here somewhere.

Speaker A:

I’m sure she, she misses you as well.

Speaker A:

So she’ll, you know, so send her her thank yous and, and many thanks for taking the time today.

Speaker A:

It’s been much appreciated.

Speaker A:

What’s the best way Discord for the audience to connect with you?

Speaker B:

Discord is the number one place if you want to do.

Speaker B:

I’m on Twitter, I’m on YouTube, so.

Speaker B:

Yeah.

Speaker A:

Okay.

Speaker A:

And any final, any final words or comments to the audience you like to leave them with?

Speaker A:

What?

Speaker B:

Hack the planet, man.

Speaker A:

Oh, for me, you know, I have to watch hackers at least once a year.

Speaker B:

I’m very thankful for you to, you know, to interview me and having you on your excellent show, it’s always a pleasure speaking to you and I do enjoy you.

Speaker B:

You are one of those clever people and you go like, huh, interesting.

Speaker A:

Thank you.

Speaker A:

Thank you.

Speaker A:

It’s people like that I surround myself like you that.

Speaker A:

That makes me who I am.

Speaker A:

So, so it’s.

Speaker A:

That’s.

Speaker A:

That’s the person I am, is.

Speaker A:

That’s my, my community and sphere that really inspires me.

Speaker B:

Me.

Speaker B:

I think that’s a good thing to say to finish off with.

Speaker B:

Surround yourself with people.

Speaker B:

That makes you feel better.

Speaker A:

Absolutely.

Speaker A:

That makes you a better person and makes you enjoy life and have fun.

Speaker A:

Absolutely.

Speaker A:

So thank you.

Speaker B:

Thank you.

Speaker A:

It’s been a pleasure as always.

Speaker A:

So everyone stay safe.

Speaker A:

Take care.

Speaker A:

Tune in every two weeks for the security by Default podcast until the next time.

Posted by

in