Speaker 1 (00:00):
I don't think that any one discipline or niche in
it has a leg up above the others. I think, uh,
they all are pretty much on equal footing because they're
all gonna have strengths and weaknesses.

Speaker 2 (00:14):
Right.

Speaker 1 (00:15):
If you're a systems guy and you're starting off and
you want to go into the offensive security route, you're
gonna be very strong on server architecture databases, right, but
you're gonna be weak on on protocols. You're gonna be
weak on network pivots and configuration, and you may even
be weak on like code review where your network guy.
You know, for me, my hardest, my heart, my largest

(00:35):
hurdle was the programming and the the code review stuff,
right because you know, yeah, I'm just not a programmer
by trade. So sitting there having to learn Python and
see C plus plus C sharp, that was a big
hurle for me to cross. Uh, But it's just one
of those things you have to grind it out. Then
you got the programmers where they're very good at programming,
but they don't really have a clue on what's the

(00:57):
underlying structure that a lot of these things, you know,
especially nowadays, where everything.

Speaker 3 (01:02):
Is okay, welcome back, to another episode of Them Tech
Folks podcast where Ebdy, Reggie and myself Rico Randall, we
dive into the world of technology with the little bit
of humor a whole lot of insight. In this episode,
in episode twenty nine, to be exact, we go into
a conversation with mister Mike Ortiz. Mike is a season

(01:23):
Red Team engineer who shares this journey from the Marine
Corps into cybersecurity as we explore the intricacies of Red Teaming,
the importance of cybersecurity, and the skills needed to thrive
in tech.

Speaker 4 (01:40):
Don't miss out.

Speaker 3 (01:41):
You gotta subscribe now join us for an engaging discussion
and if you laughs along the way, and don't forget
to tell your friends. Also, if you're interested in looking
into some other episodes, it's some other things that we
have going on with Them Tech Folks. Go to our
website at d E M Tech Folks d E M,

(02:02):
T E C H F O l K S dot com.
You thought I can spell it in you all right? Well,
let us know what you like about the show. Hit
us up on any social any kind of like feedback.
You may have kudos or comments, it doesn't matter. We
take it all and we enjoy hearing for you guys,
enjoy the show.

Speaker 5 (02:22):
I can't take no loss.

Speaker 3 (02:24):
Ye, I don't even know what it cos I hit
the ground in and go off.

Speaker 2 (02:27):
Yah, hit the ground in and go off.

Speaker 4 (02:29):
Yeah, I can't take no loss. Yeah, I don't even
know what. I hit the ground in and go off.

Speaker 2 (02:33):
My name is Mike Rates.

Speaker 1 (02:35):
I'm glad to be here and I'm glad to be
talking you guys. And uh oh, I am currently a
Red Team engineer. I'm with a defense contractor company currently
working for the Department of State.

Speaker 2 (02:48):
So we do a lot of.

Speaker 1 (02:51):
The the Red Team engagements campaigns uh through the quarter,
throughout the quarter so that we can uh I only
identify gaps within the security posture, but also work with
the Blue teams too, uh to institute those remediation techniques

(03:12):
to kind of mitigate those risks and and uh make
sure all those gaps are are closed up.

Speaker 3 (03:17):
Nice. That's a that's a lot. That's a lot. So
how'd you end up getting into that like work?

Speaker 2 (03:25):
Yeah?

Speaker 1 (03:25):
So you know, I could start off, you know when
I was in you know, I was in the communication side.
I was in the Marines for twelve years. I was
specifically data data coom, with a little bit of dabbling
in radio and some of the other big box communication stuff.
But really, you know, I could probably trace it back

(03:46):
even before that. You know, the dabbling probably really started,
you know, sitting there in uh in kindergarten class with
those big old Apple two E computers, you know, back
in the eighties, where teacher sits you down and you're
learning basic and you're learning you know, Oregon Trail and
all that, and that's really what I love for kindergarten.

Speaker 4 (04:06):
Wait a minute, what school were you went to school?

Speaker 6 (04:11):
He said, a rich school.

Speaker 2 (04:14):
It was a d D school, right.

Speaker 1 (04:16):
My father was in the military, so we moved around
ever since I was in kindergarten.

Speaker 6 (04:21):
Uh.

Speaker 2 (04:21):
I went to kindergarten in Japan, so.

Speaker 6 (04:29):
Yeah, yeah, I had a computer too, but it was
actually a calculator. I thought it was a computer. It
was nice. They made me. They made me get it
a t I whatever texas.

Speaker 5 (04:42):
That in kindergarten, Regie.

Speaker 6 (04:44):
Yeah, I thought it was fancy. It wasn't. It wasn't mine.
It belonged to my cousin. But I took it like
it was my own computer.

Speaker 3 (04:50):
Okay, that's the way throwback, man, you loaned and calculators.

Speaker 6 (04:56):
Oh I'm done with Yeah, I'm done with this. You
can have this. Oh my gosh, this computer does line graphs,
does everything.

Speaker 5 (05:04):
This is amazing and you probably still reduced it to
eight zero zero a five.

Speaker 6 (05:09):
What I'm tired of coming on the show. But okay.

Speaker 5 (05:19):
To you, Mike. So with your fancy computers, the interest
started in technology.

Speaker 1 (05:25):
Yeah, yeah, you know, going throughout school seeing computers. Then eventually,
you know, because you know, we all had we're pretty
much the same age bracket, right, we had the analog childhood,
you know, but really it was just starting to churn digital.
You know, we saw the the gaming consoles coming in,
and we saw the home computers coming in, right. You know,

(05:47):
My first one was an old Commodore sixty four that
was sitting in a bargain bind that my my dad
had brought in ticket, took it apart, placed that, replaced parts,
got it online, was able to you know, play games
on it. Then you know, went from there to threety
six thirty six to the intels. Then you know, laptops
became the scene, and then at that point, you know,

(06:09):
we're all carrying around smartphones and tablets, you know.

Speaker 2 (06:13):
So so I was able to.

Speaker 1 (06:15):
See tech progress, you know, slowly and every step of
the way. You know, that's pretty much I've been along.

Speaker 2 (06:20):
For the ride.

Speaker 4 (06:21):
Yeah.

Speaker 3 (06:22):
So you said your dad brought up computers home and
things he had kind of play with.

Speaker 4 (06:27):
What did he do?

Speaker 1 (06:28):
Yeah, so my father was in the Marines. He was
an artillery officer, specifically in meteorology, and then of course,
you know, the marine thing did a couple you know,
different postings here and there. So, uh, but he also
knew like, hey, I was really into it, right, Like
I was one of those kids, like I wanted to

(06:50):
go to the radio shack and get those little home
radio shack home kits, right, you know, getting a little
crystal diodes, building your own your own radio, right doing
putting parts together, making lights blink and things like that.
So you know, every chance he got, you know, he
would he would feed that to me.

Speaker 2 (07:07):
You know. Uh, you know, whether it's.

Speaker 1 (07:09):
You know, hey, you know, here's a new video game
or not video game, but like a new console or
a computer.

Speaker 2 (07:13):
But it doesn't work. You got to fix it.

Speaker 1 (07:15):
So here I am, you know, going back and forth
between the radio shock, you know, uh, getting shocked as
I'm figuring out, Okay, don't touch that wire because that's
the power supply, right, you know, digging in in bargain
bins in you know, like flea markets and stuff looking
for you know, spare parts that I can chop out
and put my own stuff together, you know, things like that.

(07:37):
So that that that's what's kind of kind of sparked
into me. And uh, you know, and that that's always
been that that lifelong curiosity, right, that kept me in tech.

Speaker 2 (07:48):
And led me to tech. So it was, you know,
just a little bit in a.

Speaker 1 (07:54):
Little bit and just kept progressing and progressing until you know,
it became a full blown career.

Speaker 6 (08:00):
I love your story, dude. I mean I love the
fact that you were digging through the crates, finding parts,
putting stuff together. That's the good stuff people. So for
all you young people on the on the call on the
radio Shack used to be. Radio Shack was the electronics

(08:21):
store that all the people they were in the tech
used to go to. It was it was that was
like walking into a candy store when you were into
really in the tech and stuff like that back when
you were younger. So radio Shack isn't around anymore.

Speaker 5 (08:35):
But look it up, it's Captain Marvel.

Speaker 3 (08:41):
It's like it's like physically walking into the elate tronic
section of Amazon dot Com.

Speaker 5 (08:46):
Oh yeah, I think that's a terrible comparison.

Speaker 7 (08:51):
Yeah, probably not.

Speaker 3 (08:53):
Hey, you appreciate the support, though, Mike, I appreciate the support.

Speaker 6 (08:56):
Hey, I'm with you, brother.

Speaker 3 (08:59):
I'm my true marine. He wrote right into that bullshit.
He was like, yeah, that's pretty good.

Speaker 1 (09:05):
No, I mean it's true because we did a uh,
you know, I don't know if this might have been
before Amazon really took off. You had, you know, Tiger Direct.
Tiger Direct was like the new Radio Shock, you know,
where it was literally like just bins and bins and
bins of like, hey, I need this one specific part
you haven't, Like, yeah, we got some bins over there,

(09:26):
and you're literally like digging through the floor of like
just parts everywhere, trying to find the one specific type
of RAM module you need for your motherboard, you know.

Speaker 6 (09:35):
So, so I'm gonna take you back to I don't know,
this other show, comp Usa.

Speaker 3 (09:43):
I thought you was gonna say the one that you
brought up when Louis. When we had interview Louis, it
was like another one. It was like before radio.

Speaker 6 (09:50):
Shock Circus City. But I remember comp Usa.

Speaker 5 (09:58):
Well, i'd like to it. I don't want to interrupt.
Is reminiscing, of course, but I didn't ask a question
about what a red Team engineer is.

Speaker 2 (10:09):
Yes, uh so.

Speaker 1 (10:14):
We should probably talk red teaming first, red teaming itself.
So everyone knows penetration testing.

Speaker 3 (10:19):
Right, is that what you did while you you didn't
do that. He's in the rincudo right, No, no, no, no, no,
he's six five X.

Speaker 2 (10:25):
Yeah. I was a six fifty one. Uh which the fifty.

Speaker 4 (10:32):
You went straight to the chief.

Speaker 5 (10:33):
I got a six five one? What are these numbers?

Speaker 4 (10:36):
So what is happening?

Speaker 1 (10:39):
I was gonna say, Originally I was a forty sixty six,
but then our ms converted into the six fifty one
fifty six?

Speaker 2 (10:47):
So data.

Speaker 6 (10:54):
Don't you work out of base?

Speaker 3 (10:57):
Yeah, but they don't know. All the branches don't the
same thing, though.

Speaker 5 (11:01):
I don't need to know that for anything that I
have to do for work or have to do now, ma'am, Now,
don't cry, you being hysterical.

Speaker 4 (11:09):
Justly take that off line.

Speaker 5 (11:13):
But I won't forget Mike Young got me in trouble.

Speaker 4 (11:17):
But go ahead and if if you.

Speaker 3 (11:19):
Want to go ahead and you give them a rundown
on the designations.

Speaker 5 (11:24):
No, don't give me a rundown on the designations.

Speaker 7 (11:29):
It's too late.

Speaker 4 (11:31):
You said it out loud, You let it out of
your head and to deal with it.

Speaker 1 (11:35):
Let me have it all right, we're talking designations and us. Yeah, okay,
I'm uh so for first, yes.

Speaker 6 (11:44):
Before you start.

Speaker 2 (11:45):
Uh.

Speaker 6 (11:45):
Somebody in the chat said that your volume is a
bit low, So I don't know if you can turn
your mic up a little bit. Oh men, if you're
giving a lot of information, I want to make sure
everybody can hear you.

Speaker 2 (11:59):
Oh for sure. Let me see how's that comes? Check
one two, one, two three?

Speaker 6 (12:11):
What do you guys think?

Speaker 4 (12:12):
It's It's fine for me.

Speaker 3 (12:15):
But I mean if they if they're having trouble because
it goes through different channels, probably they get to them.

Speaker 6 (12:21):
Well, they can always watch the edit. We'll clean it
up later.

Speaker 4 (12:26):
Yeah.

Speaker 7 (12:26):
I always crank it up.

Speaker 6 (12:28):
Yep. Absolutely, I'm gonna crank up my volume.

Speaker 3 (12:32):
Mike, so, so what while he's working through that? Every
since she asked the question, O six five one is
a tactical data network administrator?

Speaker 2 (12:43):
Is it?

Speaker 4 (12:43):
Mike? Uh No, fifty one City three may be the
tactical one.

Speaker 2 (12:49):
Fifty six is.

Speaker 1 (12:50):
Were the tactical where the fifty ones were supposed to
be the garrison. But those what happened is that whole
plant kind of went went went to wash.

Speaker 2 (13:01):
So then they just kind of basically by them all.

Speaker 3 (13:04):
Yeah, it didn't really makes it separated because because the
non tactical turn tactical winning went Iraq anyway exactly.

Speaker 1 (13:13):
So I was I had put in for tactical because
my whole career I was, you know something you know,
was in the communications battalions. I was on the you know,
deployed you know, Okinawa, Iraq, you know, uh, the whole nine. Right,
then when they did the split, they basically said, hey,
everyone that wants to be a fifty one, raise your
hand and wants to be a fifty six, go here.

(13:35):
The fifty six is were supposed to be the ones
out in the field. The fifty ones were supposed to
be the ones that worked at the garrison or in
the base, right and then it just became a mishmash
and at that point didn't matter. Then when you pick
up staff sergeant, you all feed into the same top
tier MS.

Speaker 2 (13:48):
Anyway, which is fifty nine data chief.

Speaker 1 (13:51):
So why they split it didn't really make sense, but
you know they learned the lesson. Now that MOS is
completely gone, they merged with I believe the wire dogs.
It's for now for circuits, and then the majority of
them moved over to cybers now the cyber Marines.

Speaker 4 (14:10):
Nice.

Speaker 2 (14:10):
Well.

Speaker 6 (14:11):
So, I was gonna say, I don't know if until
until just about a minute ago, I thought Ebony's camera froze.
She just looks completely stoic when you were going through that,
she blinked. I'm like, oh, she's.

Speaker 5 (14:30):
I don't pay them no mind.

Speaker 3 (14:33):
This ain't the first time we've had to talk about
Ebany and many faces might so just be ready for that.

Speaker 4 (14:39):
It's gonna pop up again.

Speaker 3 (14:40):
I promise you worse you retire recently or did you
get out before that time?

Speaker 2 (14:47):
No?

Speaker 1 (14:48):
So I wounded up getting out in twenty twelve, and
then uh I picked up my duty two fourteen in January,
and that February I was over in Afghanistan as a contractor.
The money, the money was just too good.

Speaker 4 (15:02):
Right a man, I almost do the same thing.

Speaker 2 (15:04):
Yeah, couldn't turn it down.

Speaker 1 (15:06):
And you know a lot of it was do I
stay in for another eight years, write it out to retirement.
But at that point, you know, a lot of the
Marine Corps was transitioning, you know, they were closing down
leather Neck, they were transitioning back, and then it was
starting to change pace to like, hey, now we're getting
back to garrison Marine Corps.

Speaker 2 (15:23):
Right, War's over. Marine Corps is done.

Speaker 1 (15:24):
We're going back to the way things used to be,
you know, back in the early two thousands when I
first came in. So I was like, all right, well,
if I'm going to get out, now's my chance to
get out. So I went and got out in twenty twelve,
went to Afghanistan and didn't look back because at that point,
you know, paying me five times on paycheck to do
pretty much my same job, except I don't have to

(15:47):
shave and put on a uniform every day, right, it
couldn't be when you won't exactly, So it was it
was a good choice. It was a little a little
nervous at first, you know, but once you get once
you get abroad and you live over you know, you
go overseas, you know, you get used to the swing
of things and you hit that battle rhythm right where

(16:08):
you you're pretty much just working NonStop and grinding it out.

Speaker 4 (16:11):
While you're there, you over think about, Man, I would
have retired last year this year? Yeah, four, I think really.

Speaker 2 (16:23):
No.

Speaker 1 (16:23):
The funny thing is watching like some of my junior Marines,
their retirement ceremonies are happening, right, So, yeah, we have
retired in twenty twenty. For twenty years.

Speaker 2 (16:33):
But you know, it's.

Speaker 1 (16:35):
Hard when I look back and I and I quantify
everything I've done career wise, everything that i've you know,
the places I've been, the projects I got.

Speaker 2 (16:44):
To work on, the money I made, right, you know,
you don't really.

Speaker 4 (16:47):
Can I forget the money?

Speaker 2 (16:49):
Yeah?

Speaker 5 (16:50):
I talk about these junior Marines. What they look like,
what's the situation, where are they located?

Speaker 7 (16:55):
What do you mean what they look like?

Speaker 4 (16:58):
I'm just I'm asking for Reggie, Reggie, what is going on?
What are we doing?

Speaker 2 (17:03):
This?

Speaker 3 (17:04):
The episode of the Pop the Balloon? Are we gonna
a We're gonna pop the balloon? If you want to
answer that question, Mike, go ahead.

Speaker 4 (17:14):
Is this yeah?

Speaker 5 (17:16):
You know, Mike, No, you don't worry about that question.
You can ask them that that's what a Red Team
engineer is, because that's what.

Speaker 7 (17:25):
Focus, focus girl.

Speaker 6 (17:28):
So, Mike, we do have fun here?

Speaker 2 (17:30):
So if you so, no, No, it's fine.

Speaker 6 (17:33):
Good to have fun. You're you know, loose, yeah, verse
but very serious.

Speaker 1 (17:41):
Yeah so, uh did you want me to answer that question.

Speaker 5 (17:45):
Or I'm a engineer please?

Speaker 6 (17:53):
Oh yeah, yeah, yeah.

Speaker 5 (17:56):
The other Let's focus and get this back on track. Okay,
because this what we're gonna have to do.

Speaker 1 (18:01):
Yeah, okay, so red teaming. Right, let's talk red teaming first.
So everyone knows, you know, penetration testing or ethical hacking,
things like that, right, what those are? Those are basically
when you're auditing a system or a closed system or
groups of systems, web apps, certain networks, or an entire

(18:24):
enclaver premise. When you're penetration testing, you're not really worrying
about being quiet or being stealthy. You're just coming in.
You're you're smashing all the glass in the jewelry store,
you're grabbing whatever you can, and you're running out the door.
Where red teaming is now, You're you're taking your time,
You're you're being quiet, you're being stealthy. The idea is

(18:44):
for you to get in, sit in that network, learn
what you can, observe what you can and then use
that to leverage your way into other boxes for lotter
movement or privileged escalation to get yourself higher credentials.

Speaker 2 (18:58):
You know, so.

Speaker 1 (19:01):
When you are doing red teaming, you're more concerned about evading.
You want to evade the antivirus, you want to evade
the endpoint detection, you want to evade the seams. Right,
you want your traffic to be as stealthy and as
quiet as possible because then you can stay. You know,
you're not gonna alert the blue team, You're not gonna
alert the cyber defenders, You're not gonna alert the sock

(19:22):
that's looking for you. And the reason why you want
to do that is because the longer you can stay
in the network, the more access you can get to
other things of the network. You can you can, you know,
do more recon, you can do more letter movement to eventually,
you know, you gain what what we call, you know,
endgame right domain dominance, where now you have the keys
to the kingdom and you can pretty much do whatever

(19:44):
you want on the network. And even then that that's
not even where the game ends. The game ends on
what the data you can excel trade out and as
long as how long you can stay hidden that network. Now,
the reason why red teaming is important is because when
you have these threat actors that are out there, these apts,

(20:04):
you know, Fuzzy Bear, Cozy Bear, Lazarus Group, Charming Kit,
you know, all these different either nation states or cyber criminals,
when they come in, they're coming in quiet. They don't
want you to know they're there, because the longer that
they can sit and wait, the better they can observe,
and the better they can invade your defenses for their
end state, you know, or end goal depending on which

(20:25):
apt it is. You know, if it's China, they want
to expltrate your intellectual property. If it's North Korea, Lazarus Group,
they want to try and get into your your finance sector, right,
they want to pull out your crypto coins, your wallets
and stuff like that. If it's Russia, you know, they
want to get your your plans, they want to get
your military movements, they want to get you know, involved
in your policy. So that is what red teaming is.

Speaker 2 (20:48):
Now.

Speaker 1 (20:48):
What we're doing is we're pretending to be those threat
actors and and doing that adversary simulation so that when
the first time your sock, your your your defensive posture
sees an actual attack being played out is not by

(21:09):
the real deal.

Speaker 2 (21:10):
Right.

Speaker 1 (21:12):
Part of that is, you know, I like to say,
you know the three p's, your people, your products, in
your in your processes. The first time that they see
an enemy in the gates, you know, you don't want
it to be a real enemy. You need to train
them to make sure that they are looking for those
indicators to compromise that they are, you know, able to
catch those bad guys you know, moving around the network

(21:35):
when it's you doing it, so that when they do
see it, then they know.

Speaker 2 (21:40):
How to respond. Right that.

Speaker 1 (21:42):
That's part of what Red teaming is. We get to
play to be the bad guys, you know, in that
adversarial emulation role so that it can help train the
train the the Sock and the Blue team, the defenders.
Just like in the military, you know, we go out,
we play. You know, you have your little objectives. You
play your war games. You know, you always have that
opt for that opposing forces. You know, yeah, you're not

(22:06):
shooting real rounds at each other and you're not actually
trying to kill them, but what you're trying to do
is you're trying to make that training as as.

Speaker 2 (22:15):
Realistic as possible, because.

Speaker 1 (22:17):
You know you're gonna if you want to, you know,
you gotta train like you fight, so that when you fight,
you're fighting like you train, right, so that that becomes
muscle memory, so that the first time, you know, a
junior stock analyst sees an alert pop up of something fishy,
instead of just.

Speaker 2 (22:33):
Ignoring it, he knows immediately, Okay.

Speaker 1 (22:35):
I've seen this before. I know what this looks like.
This looks like this, you know, type of threat or
type of attack vector. Let me escalate it right, and
then you know, it works up the chain all the
way to like, hey, we have a breach. Now we
you know, hit that red star cluster. Everyone crashed the
war room. We're gonna go hot, right, and and that
is that is the goal.

Speaker 2 (22:55):
That's that muscle memory.

Speaker 5 (22:57):
Yeah, that's amazing. So when you're building out the strategy
for the junior engineers or for the people that you're
practicing against, are there particular frameworks that you use for
that or it's just kind of like pull from wherever
you can get inspiration.

Speaker 1 (23:17):
Yeah, no, that's a very good question. The miner attack
framework is probably the number one adversarial threat emulation framework
out there. There's minor Attack and minor Defend for Blue
Team cousins. What we like with Miter attack is that
it demystifies a lot of the a lot of the
things and boils it down to its base building blocks.

(23:41):
Before Miter there was the cyber kill chain. The cyber
kill chain was kind of tracking, Okay, this group does
x y z right, where minor attack it's not x
y Z. What it's going to show you is it's
going to show you everything that you can kind of
pull from and put together your own kilch. Reason being
is they know that, hey, cozy Bear doesn't do the

(24:03):
same ten actions every time they breach your network, Right,
they're gonna do this. They're gonna go for low hanging fruit.
They're gonna go for what they can get access to,
and they're going to go for you know, easy marks,
soft targets, and then they're gonna you know, bring out
the big gun slowly. So what the Minor Attack framework
does is it allows us to associate TTPs, which is tactics,

(24:25):
techniques and procedures that certain groups like to use, and
one it identifies it so that we're all speaking the
same language, right, when I say T one zero three nine,
you know that's going to be you know, nfs, you know,
abuse or whatever. That's not what the actually is. I'm
just pulling something out of my head. But it gives

(24:46):
us that common language that we can start collaborating between
offensive and defensive teams and also start putting in our
reports and stuff together, so that not only not only
does it make it easy for us to understand our report,
but when we pass those reports on for other entities,
other users, other people in the space, they're able to

(25:09):
they're able to understand, Hey, what's going on? Because if
you call it one thing, and and MISREIGINALD calls it another,
Misssebany calls it another, right, it's the confusion can happen, right,
which is very real in the very beginning parts, right
when when those worms were coming out, you know, it
was it was helter skelter trying to figure out, okay,
well what ports are the worms using. You know, we're

(25:31):
talking you remember that I Love You virus, Melissa virus,
and you know all the all the trojans that were rampant, running,
rampant of the networks in the early two thousands, late nineties,
a lot of that was was defenders in one area
or systems administrators were saying one thing, calling things one thing,
and not using the same terminology across. So you know,

(25:52):
it pretty much gets everyone in the same common language
so that we can operate in the same common environment.

Speaker 2 (25:58):
Right.

Speaker 5 (25:59):
That's awesome, and I think that's really important because it
expedites how you can actually address the things that you find,
right because everybody understands what it is that you're referencing,
and then you can put it into a report and
then you can get out of there, slap them on
the butt, tell them get.

Speaker 2 (26:14):
To work exactly.

Speaker 5 (26:16):
Yeah, I mean it's it's a camaraderie situation. You just
encourage them, you know.

Speaker 6 (26:23):
But we all some of us play football, you know
what that's talking about.

Speaker 3 (26:26):
Thank you, Reggie, But that's not football, sir, it's not football.

Speaker 6 (26:31):
Hey, but football, you know the whole, the whole.

Speaker 5 (26:33):
Coach is still a good.

Speaker 2 (26:35):
Game, good game, good game, thanks coach.

Speaker 7 (26:40):
So, uh, I don't play go ahead, No, I was.

Speaker 6 (26:46):
Gonna say, Man, that was a phenomenal explanation of what
you do. I mean, like you really broke it down
and the and the good thing about the way you
explained it. I think anybody can follow that, right, because
I know a lot of times people like us, we
start talking and we get super super techy and we
start losing people and stuff like that. But I think

(27:06):
anybody that was on the call could have followed that,
which was which was fantastic. So thanks for that, and
for the people that's listening in, I hope you guys
really go back and take a listen to that, because
that was about as amazing as it could be.

Speaker 3 (27:22):
But you know, eight years, that's eight years of doing
it Barney style.

Speaker 6 (27:29):
Speaking of speaking of Barney style, I'm kind of curious
that why so many of these attackers have cute names
like Fuzzy Bear, Wally that was a jump that was
a jump call. But yeah, they have a lot of
little cute names, all these people, all these attackers.

Speaker 3 (27:45):
It's pretty funny a pit bull named tiny.

Speaker 1 (27:49):
Yeah. There's actually a push right now to kind of
stop that, right because it's been a trends is kind
of like you know, fancy Bear, Cozy Bear, you know,
Blizzard Bear, right for all the Russian apts, and then
you got charming Kitten Cozy again for the Iranians and
the pandas for the Chinese right.

Speaker 6 (28:08):
So it softens the effect of what exactly. You don't
want people to think that it's something cute going on.
You want people to know how serious was going.

Speaker 5 (28:15):
But it's also an insult to the people that.

Speaker 6 (28:19):
That's a nice way to look at it.

Speaker 2 (28:21):
That's so what they're looking at.

Speaker 1 (28:25):
What they're looking at, and I believe it was Theriple
has an RFC out for comment right now that I
was just reviewing a couple of days ago where they're
looking at to establish a naming standard where it will
be going back to the you know, stick to the
roots of APT number and then that group you know,
who they're attributed to.

Speaker 2 (28:43):
So that because at.

Speaker 1 (28:44):
The end of the day, you know, you end up
with a barely the Bear the erth signed family, if
you will, the Bear family. It is probably like thirty
different apts, you know, so, uh, it's starting to get
a little ridiculous trying to keep them all, uh, keep
them all straight.

Speaker 3 (29:02):
So what made you decide to go Red team versus
Blue Team? Is there like a pro con like the
things about Blue Team that people don't really like or
vice versa do Red Team?

Speaker 4 (29:14):
What are your thoughts on that.

Speaker 2 (29:16):
Yeah, so I came.

Speaker 1 (29:19):
I came by red teaming in a very roundabout way.
I talked about this previously. Uh, where your traditional path
is usually you know, you're gonna be in a sock
and then from a SoC you're you're probably gonna branch
out into pen testing, you know, offensive security, maybe doing
detection engineering, right, and then from there, you know, once

(29:42):
you're in that pen test role, you know, Danie'll progress
into a red team role. For me, I came out
of the network side, so I was always a networker,
uh number one. So even even when I was contracting,
I was not contracting on the cyberside because at the
time do O D cyber was pretty much all g

(30:04):
r C, which was governance, risk and compliance or information insurance,
which to me, being being a techie with hands on
the keyboard, you know, I lived and died by you know,
the command line. I couldn't imagine sitting there clicking through
NESSA scans and correlating you know, firewall logs. To me,
that was like you know that that was that was

(30:27):
you know, that was not appealing at all.

Speaker 5 (30:31):
Yeah, it does evolve more than just clicking through, just
because the organization that you were in chose to implement
it in that fashion.

Speaker 3 (30:50):
If you don't take the earrings yeah, I know, vasoline
on the eyebrows ear rings off.

Speaker 1 (30:57):
No, no, no, no, uh, don't get me wrong, right,
it is, it is indeed valuable, and it is indeed needed.

Speaker 2 (31:03):
Right.

Speaker 1 (31:03):
It is just you have to know yourself and you
have to know your limits. And I know that that
is soul crushing for me. Just like telling someone look,
I'm gonna sit you on this terminal and you're gonna
sit there and you're gonna run through Linux commands for
eight hours. Me, I gravitate towards that. But someone else
will be like, uh, you know. So that is That's
how why I never really stayed in the cyber world,

(31:28):
because it was mostly just GRC and information insurance, which
at that point, you know, that didn't do nothing for me.
I was already I was already a network engineer. So
for me, I'm ball about building circuits, getting my my
my layer two and layer three domains up, getting my
routers interconnected, you know, tapping into the backbone and getting
circuits and you know, my network extensions out and running.

(31:50):
So for me, you know, I was very much living
on the wire. Uh where the Information insurance guys, of course,
were the ones doing the SCAP scans and the NESSA
scans and all that and coming to me yelling at me, hey,
why are you doing that? That's that's a vulnerability. And
I said, no, you need to go back because I
can't remediate this as a Cisco router. I don't care
what NESSUS is telling you. It's not a BSD device,

(32:11):
it's a Cisco Router's nothing I can do right, I'm
on the latest distant release, you know. And that's usually
how the back and forth usually went.

Speaker 5 (32:18):
I get that, I get yeah, and my software developer
by degree. So like, initially I would have never gone
into cyber anything, information insurance anything, GRC anything. But then
after I failed this first thought it, I was like,
somebody needs to take control. Somebody that know what they're
doing needs to take over here. I can't be bothered.

Speaker 1 (32:38):
Yeah, and don't get me wrong, like that is absolutely
critical because if it was up to guys like me,
we would be slinging circus, doing whatever you want, cowboying
the network right, and it does. It does take that
heavy hand to kind of hey, you know, give us
that choke check right, pull on that pull that leash
a bit, you know, and say, well, slow down, you know,
you gotta get your documentation. You got to get your

(33:00):
you know, your your die cap packages together. You got
to get all together. You got to get approval risk matrices,
do all that, right, like, and people that do that,
God bless them. It's just not me. And and for me,
that's so crushing, but it is extremely important.

Speaker 6 (33:21):
So so the thing, so I noticed that you said
you're a type, So what type of people? What type
of skill sets do you look for in the Red
Team or people just looking to go to Red Team?

Speaker 1 (33:40):
Okay, so people that specifically like say, look, you know,
I see all the hackers on the TV shows. I
see the pentesters. I want to do that, right. The
first thing they have to do is they have to
sit down and they have to do the work. And
the work is they have to train, just like you know, hey,
you know you want to go hit the NFL where

(34:02):
you need to go train for the combine when you're
like in middle school, right, you know, you gotta you
gotta get out there and you gotta you know, hit
the gym, you gotta hit the weight rooms, you gotta
hit the hit the field and practice practice practice, same
for redding, right, like, you have to learn these systems
because what you're being tasked to do is, you know,
the defenders defend it, the administrators and the admins are

(34:24):
building it and putting together. But you have to know
a little bit of everything in order to to look
at a system, identify what's wrong with it, identify its
weak points, and then also figure out how you can
take that system and manipulate it to do what you
want it to do. Right, So, by by default you know, well,
it requires a vast range of knowledge on different systems.

(34:48):
You know, different architectures, different operating systems, different types of platforms, right,
because they all have their little niches, they all have
their little things. And then on top of that, you
have the software that's underlying right like you know, you
know even the software you know is your is part
of the.

Speaker 2 (35:05):
Your surface attack, right or your tack surface.

Speaker 1 (35:07):
So you want to make sure, uh, you have to
build that muscle memory by by one knowing how all
these systems interconnect and operate, then know what right looks
like for them, right Like you you know that when
you're a network guy, you know you should not have
to be using talent. You should not have vlin one enable,
you should not do this like part of those things.
So you have to know a little bit of everything

(35:30):
and all the different disciplines so that you can sit
there and objectively look at a box and then figure
out how you're gonna manipulate it or how you're gonna
leverage that box into you know, whatever your attack goal
is going to be. So for the type of people
that want to get into red teaming, I would say,
don't set your goals for red teaming. Set your goals

(35:51):
for learning as much as you can about what the
systems guys do, Learning what the network guys do, learning
what the I A and the scan team does, right,
learning what the what the SoC analysts do, and how
they're you know, their you know, dashboards look like, and
what they're looking for. You know, uh, that right there
is going to be the path to success, because then

(36:12):
you're gonna by the time that you're ready to attempt
the certifications or looking at a job or the job interviews,
you're already going to have a nice, you know, breath
of knowledge because you've been able to see these systems before.

Speaker 2 (36:27):
Now that's not to.

Speaker 1 (36:28):
Say that, oh, you have to work at a help
desk and work your way from to No, No, I'm not.

Speaker 2 (36:32):
I don't want to.

Speaker 1 (36:33):
I don't want to give that impression because you know,
you know, there's people that are very talented and this
is what they do, but you're not. Sometimes they don't
you're not really seeing what's going on in the back
end where they're spending those eight ten hours a day
reading Linux manuals and practicing in labs and and doing
all this.

Speaker 2 (36:48):
And doing all that.

Speaker 1 (36:49):
But then even at the end of the day, it's
some of those guys, Yeah, they're very good at attacking,
but sometimes they lack the knowledge on how to take
those those attack chains and churn them into mitigation strategies. Why, yeah,
they know how to how to attack a sequel server
or attack oracle database, but they don't understand how to
build it. So if you don't understand how to build

(37:10):
it or how interconnects, then how can you give recommendations
on how to secure it or defend it?

Speaker 2 (37:14):
Right?

Speaker 1 (37:15):
So you know, it's it's it's give and take, right,
and the more you put into it, the more you're
gonna get out of it. And then the further You're
gonna be able to go as long as you know
you have open mind and being able to sit with
those different disciplines and okay, you know what is it
that you do and learn from them?

Speaker 2 (37:32):
Right?

Speaker 1 (37:33):
You know, I was the guy that's I was, you know,
network guy running around plugging in you know, routers and switches.
But I'm sitting with the systems guys. Okay, what's going
on now? Most of the times, be honest, most of
the time as a network guy, sitting with systems guys,
showing them that, hey, the problem's not on my network,
it's on your servers, right, because that's.

Speaker 2 (37:50):
Usually number one.

Speaker 1 (37:52):
But then you know, learning that, then learning virtualization and
learning you know, how to how to get all those
systems online, then taking that knowledge putting it together in
my own lab so that I can build those build
those cyber ranges, so that you know, you can sit
there and practice these these tactics and techniques and see
what looks like and be able to you know, put
you know, effects on target.

Speaker 4 (38:13):
Nice.

Speaker 3 (38:14):
So based on your experience, right, what do you feel
is the best foundation to kind of like start out with,
you know, because I know you had like a huge
networking background, Right, do you think that networking is the right,
you know, place to start, or Linux or just any

(38:34):
systems or what are your thoughts on that.

Speaker 1 (38:38):
I don't think that any one discipline or niche in
it has a leg up above the others. I think
they all are pretty much on equal footing because they're
all gonna have strengths and weaknesses.

Speaker 2 (38:51):
Right.

Speaker 1 (38:52):
If you're a systems guy and you're starting off and
you want to go into the offensive security route, you're
going to be very strong on server architecture databases, right,
but you're gonna be weak on on protocols. You're gonna
be weak on network pivots and configuration, and you may
even be weak on like code review where your network guy.
You know, for me, my heardest, my heart, my largest

(39:13):
hurdle was the programming and the the code review stuff,
right because you know, yeah, I'm just not a programmer
by trade. So sitting there having to learn Python and
see C plus plus C sharp, that was a big
hurle for me to cross. Uh, But it's just one
of these things you have to grind it out. Then
you got the programmers where they're very good at programming,
but they don't really have a clue on what's the

(39:34):
underlying structure that a lot of these things, you know,
especially nowadays where everything is you know, uh, infrastructure as
a service or infrastructure as code. A lot of these
people have never touched the router, never touched the switch,
never never done on that because they have a animal
file that terraform deploys everything for them, and you know,
they don't understand how to bring everything together. So I

(39:57):
think they're all pretty much on equal footing, but they
all have their different strengths and weaknesses. The one thing
that that kind of will will will be the bar
that that they will all cross, or that that filter
that they all have to cross is the drive.

Speaker 2 (40:10):
How bad do you want it?

Speaker 1 (40:11):
How bad do you want to be on the other
end of that console when your beacons are coming home
and you know, you're you're you're you're getting you know,
root access on boxes that you're not supposed to be
because those that want it will get it, and those
that won't, you know, they'll try, and they'll try, and
then you know, they'll get distracted and they'll they'll settle
all into you know, different a different niche that that's
more for them. But really it's just that driving determination

(40:33):
is what's going to make them successful.

Speaker 2 (40:36):
In my opinion, I don't want to get ripped over. Yeah.

Speaker 3 (40:39):
Yeah, she's calm now, so okay, let's start with that.

Speaker 5 (40:45):
Okay, Mike, thank you so much for sharing your opinion
on that.

Speaker 4 (40:51):
She was not calm at all.

Speaker 3 (40:54):
We got We've got to trade lightly, right, exc got it.
So I imagine that like when you have a Red team,
right or Blue team. Within this team, there's people that
are like probably you know, stronger in certain areas, right,
you may have a goddess better at networking? Is that

(41:16):
the case is everybody kind of like have to like
be tight on everything or do you just you have
to have like general knowledge on everything and go deep
on a certain area or what are the recommendations?

Speaker 2 (41:26):
Yeah?

Speaker 1 (41:27):
So yeah, So there's there's even different subsets in red teaming, right.
So for me, my I enjoy I enjoy building the
infrastructure for the for red team operations, and that infrastructure
is basically, you know, hey, you have your your command
and control server, and your commandic control server is where

(41:47):
your beacons are phoning home to right, So you're putting
your implants out there, You're putting your beacons. Basically your malware.
You're you're developing your malware. You're you're you're dropping it
on boxes. You're hiding those processes so that it can
it can phone home and then gives you remote control
capability into those machines. So you have your C two server,
then you have redirectors because you don't ever want to

(42:07):
want to put your C two server right on the internet.
So because what's gonna happen is as soon as your
beacon gets there, when of your beacons get caught, you
know that that Tier one SOCA analyst that's sitting there
to in the morning is going to say, hey, this
beacon is calling to this I address, let me see
what's there, and they go look it up, do some
research on it, and boom, you're busted. Your whole entire
you know, range is blacklisted. So you have different redirectors

(42:31):
that that are sprinkled out there. You know a little
bit in Azure right, a little bit in AWS, a
little bit in Google Cloud because you got to mix
it up. Then you're gonna buy a bunch of different domains.
You're going to assign those domain names right if you know,
except for Azure because they they just recently closed off
domain fronting, which we're a little sore about that in

(42:52):
the community, but you know, rightfully, so it was for
it's for a good reason. But you know, we're leveraging
things like aws, LAMB and Google Cloud Basic, you know, VPSs,
and we go out there and we get a bunch
of like cheap domain names that are basically innocuous, We
build up some website, we give it traffic, you know,

(43:13):
and basically you're building up this whole infrastructure just to
the point of being able that when your beacon's phone home,
they're going to different redirectors, and the redirectors are sending
them to different areas, and then it'll all come back
eventually into that C two server where then you can
start issuing commands to that beacon from your CEA two
server and it's going to to take those actions on

(43:33):
those boxes that you're infecting.

Speaker 6 (43:36):
So man, let me tell you. You know, you walk
into you walk into a donut shop and you see
them and they're like, man, there's some wonderful donuts. You
just took us back in the back and we see
how the donuts are getting made right now, or how
the sausage is getting made. I mean, you like giving it.

(43:56):
You're giving the goat on that one.

Speaker 2 (43:59):
But I.

Speaker 6 (44:01):
Do want to take time here. I don't know if
Rico has his effect board.

Speaker 7 (44:08):
What effect board.

Speaker 6 (44:11):
So it's it's almost it's almost it's almost silly to
ask you this. But this is a segment that we
do within our show where we ask the guests you
pick a topic and the lightening you pick a topic

(44:32):
and we give you one minute to teach the topic.
So it's called Lightning lessons. So and this is for
our viewers and stuff like that. So we're giving you
a minute to choose a subject and a minute to
teach somebody about the subject within a minute, quick, easy, simple?

(44:54):
Did I get that right? Ebony?

Speaker 5 (44:55):
And we got to stick to the minute because it
was a lot of shame from people and we give
them three minutes.

Speaker 7 (45:04):
Shade from who.

Speaker 5 (45:06):
I don't think that's important, non attribution. What I am
going to say is we're going to stick to the
one minute rather you got the time?

Speaker 6 (45:13):
Yeah, So so Everily, did I get that right? That
I miss anything? And Mark and Mike, do you understand
we're talking about the I got this okay, So we'll
give you a minute to decide what you want to
talk about, and I'll have have a timer right here.

Speaker 5 (45:31):
And it can be anything, Mike, it doesn't even have
to be technically. I just want to be really clear
about that.

Speaker 2 (45:37):
Okay, man, already, I'm ready to go. I just start.

Speaker 4 (45:39):
When I got the screen, put in, coach, put him in.

Speaker 5 (45:43):
He ready?

Speaker 4 (45:45):
Can I see my my little screen over here?

Speaker 6 (45:48):
Yeah?

Speaker 5 (45:49):
We saw your over here?

Speaker 6 (45:51):
You say this?

Speaker 4 (45:53):
Worry?

Speaker 2 (45:54):
Do I need to have all I need to bring
up website or anything? All right? Just talk to it.

Speaker 4 (46:00):
Talk to how do you want to do it? You ready?

Speaker 2 (46:03):
Okay?

Speaker 6 (46:04):
All right, I'm having a clock in your face?

Speaker 4 (46:08):
All right?

Speaker 2 (46:08):
Okay.

Speaker 1 (46:10):
Uh So a lot of people always ask me, Hey,
how can I practice this stuff?

Speaker 2 (46:13):
What can I do?

Speaker 1 (46:14):
I said, you know, the best thing you can do
is build your own cyber range. But a lot of
people don't know how to do that. Tooth places to
go one. Lootis right, go on GitHub, there's a program
out there.

Speaker 2 (46:25):
Lootis.

Speaker 1 (46:26):
What it's going to do is it's going to do
a whole complete, one touch deployment of cyber ranges in
a box. It's going to use proxmoks and you don't
even need a fast machine to do this. All you
need is just any machine, or you can even run
in a VM if you absolutely have to, without even
needing to get you know, spend a lot of money
on subscription services or Amazon Cloud accounts. You go to Loutis,

(46:49):
you deploy it. They have different labs that are already
pre canned and pre developed, and from there you're able
to deploy those labs and start learning and working on
your own without having to pay for the expensive you know,
uh subscriptions and things like that. I think that's probably
the best banger for the buck you're gonna get.

Speaker 5 (47:07):
For a minute, that's not bad, Mike, But you said
that there were two and you only gave us one.

Speaker 3 (47:14):
Oh take the catty, I tell you.

Speaker 6 (47:21):
I tell you. The crazy part is that last second
is like the Stopwatch pause or something it did. I
was like, what, it's been stuck in one second for
like about three or four seconds. It's weird.

Speaker 1 (47:34):
But the second one was gonna be uh, go at
game of active directory. That's one of the labs within lutist,
So I probably should have connected the dot on.

Speaker 3 (47:43):
This doesn't feel like do you feel like if you
were a Blue team and you would have got that
on time.

Speaker 6 (47:48):
Oh my goodness, that was unnecessary. That was unnecessary.

Speaker 7 (47:57):
Wow, almost like one of right there.

Speaker 8 (48:00):
He was like, but see, if I was Blue team,
just have a dashboard to do everything for me, right, So.

Speaker 1 (48:14):
It would have been a little easier. I would have
the crip notes, the dashboards, I would have some AI
there telling me what to do.

Speaker 6 (48:22):
Snap watching the big boys.

Speaker 7 (48:27):
Yeah, sausage made what we should.

Speaker 5 (48:30):
Probably just have a battle for a Red team and
a Blue teamer.

Speaker 2 (48:34):
Man, it was so mad.

Speaker 6 (48:38):
Oh my goodness. That was that was that was that
was really that was really great.

Speaker 5 (48:45):
Thank you very much for indulging us and teaching us things.

Speaker 3 (48:50):
Do y'all like on the Red team, do you guys
generally have to do that kind of thing? I mean
presenting to an audience in some kind of way, whether
it'd be giving a class.

Speaker 4 (49:00):
Brief or is there like a person a lead that's
designated to do that kind of stuff.

Speaker 1 (49:05):
Yeah, I mean it's it's a mix of, you know,
depending on your team, depending on your makeup. I mean,
I mean keep in mind too, most Red teams we're
only fractions of the manning that you would find in
a sock, right, So when I was going around building
socks and establishing socks for our foreign military partners, you
know in Eastern Europe and South America. You know, we're

(49:28):
building you know, thirty forty man socks. Maybe two or
three of those will be dedicated for Red Team. And
that's how you want it because the majority of your
focus is the Blue team, the defenders, right, the Red
Team is only there to help keep your defenders sharp,
keep them on their toes, and make sure that you're
validating and vetting the work that they're able to produce,

(49:49):
and their work is equitable in detections found, you know,
true positives, you know, vetted and escalated.

Speaker 2 (50:00):
Right.

Speaker 1 (50:00):
So in order to do that, you know, you need
to have a small group of people that can work
with that work against the Blue team. And you know,
one of my colleagues, you know, he says, you know,
you know, what we do by nature is adversarial, but
it doesn't have to be, right, Yeah, it is adversarial,
which is why sometimes Blue Team they they put their

(50:23):
guards up and no, no, no, we don't want to talk
to your Red Team guys, or all you do is
just make us look bad in the reports, and like, no,
you got to understand that look ego aside is we're
both here for the same goal. And that's hardening this
the structure. Now, as far as talking, depending on the
Red team and where you're at, you know you're gonna
get a mixed smash of people or you know, you

(50:44):
may just be one person, you may be you know,
a team of five, or if you're like an offensive
security shop, you know you may have fifty. Just the
talking has just been you know, being in senior leadership roles,
architecture roles, right, we do have to do a lot
of presentations in front of the big wigs, in front
of the the stakeholders and getting them to understand, hey,
you know in briefs, out briefs, things like that, you know,

(51:07):
breaking down the reports, executive summaries, that that's all.

Speaker 2 (51:10):
Part of it.

Speaker 1 (51:12):
Do you need to be a you know, I'm not
a good talker, right, I'm stuff all over my words, right,
say too many times, But you do have to understand that.

Speaker 6 (51:22):
I'm gonna have to I'm going to have to stop you.

Speaker 2 (51:23):
There's right.

Speaker 6 (51:25):
I don't I think you're you doubt yourself. I think
when you know what you're talking about, you are an
outstanding talker.

Speaker 2 (51:33):
Okay, I'm just going to thank you for that.

Speaker 1 (51:37):
The main point to understand is that the work that
you produce, you know, your value is not how many
boxes you root, how many you know, how fast you
can get domain dominance, or how much gigs of UH
proprietary data you can exceltrate out of the machine. Your
value is that report you write, that coordination you do
with your with the Blue team and the defender and

(52:01):
taking those those those attack vectors and developing remediation strategies.

Speaker 2 (52:07):
For it right.

Speaker 1 (52:08):
And a lot of that may not even be like, hey,
sometimes you don't have to sit there and say, okay,
Blue Team, this is how you're gonna fix it. Most
of the time they're gonna have that is some you're
just shining the light on it, right. You're you're like
that house inspector that's looking up in the attic and
looking at all the corners and you know, checking all
the base boards and stuff like like. That is what
you're supposed to do, just so that you can put

(52:28):
that report together and get it to the right people
so then they can come back behind you. And sometimes
you know, if it's something really complicated or even emergent.
They're gonna come back to you and say, hey, can
you break this down for us, And you're like sure, yeah,
you'll sit there with them, you work side by side
with them. Then they'll say, Okay, I think I know
how to defend against this. This is what we're gonna do.
We're gonna look for, We're gonna we're gonna look for

(52:50):
you know, these type of files. We're gonna look for
these type of IOCs. We're gonna do, you know, these
type of group policies to lock it down. And then
they say, okay, can you go ahead and test again?
And then you go back and test, and you keep
doing it until you you you resolve that issue and
you close that that hole up, because better for you
to sit there and go through it than to for

(53:11):
it to be Russia or China or Iran coming and
leveraging that that attack factor on your enterprise or.

Speaker 5 (53:18):
Your assessor from the g RC department.

Speaker 2 (53:25):
Or the assessor from the GRC department. Yes, they ain't
doing that.

Speaker 3 (53:31):
So Mike, you like earlier in you said, like the
Red team comes in breaking glass in the jeweler store,
right yeah, Rick shout He said, oh really.

Speaker 5 (53:44):
That's what he said. He said, the wind testers walk
away like bad boys and blow up stuff, and the
Red team carefully lays bricks to the side so that
they can rebuild the stuff that were broken.

Speaker 2 (53:56):
Yeah mm hmm.

Speaker 6 (53:59):
Okay, so that's quite a forcible way to tell him.

Speaker 4 (54:02):
That expose me being a bad listener.

Speaker 3 (54:04):
But next time doing it in a way that nobody,
you know is not tell me what to do.

Speaker 5 (54:10):
Just go and stop that right there, Go and finish
asking Mike, whatever your question was.

Speaker 7 (54:15):
You really want me to ask me?

Speaker 6 (54:17):
Mommy just mommy, just slapped daddy?

Speaker 3 (54:22):
Okay, all right, I apologize, Mike. She sometimes you'll know
Aly got company.

Speaker 6 (54:28):
But.

Speaker 2 (54:31):
Nope, you're not gonna get me in trouble.

Speaker 7 (54:33):
You already in trouble.

Speaker 4 (54:34):
Man. You don't know what job, like, how are you
training to do this?

Speaker 5 (54:39):
Look for top.

Speaker 3 (54:42):
Okay. So, so penses are outside of these two teams.

Speaker 2 (54:52):
Okay.

Speaker 1 (54:52):
So it depends on the organization and depends on what
the goal is.

Speaker 2 (54:56):
Right.

Speaker 1 (54:57):
Let's say let's say you're an organization and you need
to do a pen test for your insurance company or
for like sock two compliance or hippo compliance, or you know,
to to meet some kind of uh, some kind of
regulatory thing where you have to get a pen tester
every couple of you know, months or years. Those pen

(55:18):
testers they're not looking to be quiet, they're not looking
to be stealthy. They're not looking for a vision. They're
just looking. They're they're gonna throw a bunch of They're
gonna scan your system. They're gonna look for vulnerabilities. They're
gonna try and leverage those vulnerabilities into proof of concepts
like hey, you know you have a vulnerability in your
Adobe client. Here we were able to execute a buffer

(55:39):
overflow or a you know.

Speaker 2 (55:42):
Uh uh some type of uh some type.

Speaker 1 (55:46):
Of you know, memory attack. Where now we received RCEE,
which is a remote code execution. Right, those are your
pen testers that those are the ones that are doing
the audits, you know, taking your Nest skin, taking those
Nesta scans, looking for those vulnerabilities and trying to leverage
a actionable proof of concept for remote code execution or

(56:06):
you know, doing something that wasn't intended to do. Where
the red teaming, the red teamers are coming in and
their their goal is to sneak into your network, stay
in your network, move around and pull and pull what
they can out. You know, they're coming in in different ways.

(56:28):
They're coming in ninety percent of the time they're coming
in off of off of phishing campaigns. That is still
the the number one attack surfacing. If it's not zero days,
if it's not some kind of novel emergent thing like
we saw with LOG four J you know, shoots almost
been a year now lock for J. Or if it's
not some kind of supply side attack like the solar

(56:50):
winds of Ryan from three years ago, yeah, three years ago,
then it's fishing. And ninety percent of it is going
to be fishing because that is just how they get in.
So just because they you're one of your users, gets fished, right,
it doesn't mean that they automatically are in your network.
They have to do a lot of work to get

(57:10):
into their where pen testing they're coming in, they have
maybe two weeks, they have maybe a month now probably
not a month, but usually it's like one week to
two weeks to really test this scope. They're getting rules
of engagement. They are given Hey, this is what's in scope,
this is what's out of scope. We want you to
test X, y Z, but don't run, you know, x,

(57:32):
you know like kernel exploits, don't touch our SharePoint server,
don't touch our database, right like only you know this
these are this is your box. Do everything you want
in that box. We're red teaming. That box is wide open.
That box is the entire enclave or an entire enterprise,
because that is you know, Russia is not going to
follow an ROE. They're not going to promise to not

(57:55):
attack your you know, SharePoint or takedown services. They're going
to do whatever they can, and that is what we're emulating.

Speaker 2 (58:01):
So a lot of what.

Speaker 1 (58:02):
We do is is adversarial and threat emulation because depending
on what sector you you're in, it determines what apts
are interested in getting getting the goodies.

Speaker 2 (58:12):
Right.

Speaker 1 (58:13):
If you're in you know, the financial sector, you know
you're gonna have no career after you. If you're in
the telecom or commercial sector, that's China, right. If you're
in government sector, that's Russia.

Speaker 2 (58:24):
Right.

Speaker 1 (58:24):
So and then that's not saying that you're only going
to get those, but that's that's what your major threats are.

Speaker 2 (58:30):
Right.

Speaker 1 (58:31):
If you're a bank and you're not concerned about, you know,
what Lazarus group is doing, and you don't have a
person coming in and pretending to be Lazarus Group and
doing those same tactics and these same TTPs that Lazarus
Group does. Lazar's Group is the North Korean fintech financial
sector APT. They're the one. You know, then you're missing

(58:52):
out because sure you could be worried about Hey, yeah,
we're worried about what Russia is doing and all that stuff,
but you don't understand that. Hey, you know, if you're
you know, a regional credit union, Russia probably doesn't really
care about you, right, but North Korea does, and they're
they're they're gonna want to hit you, and hit you hard,
like what happened with fifth thirds third fifth bank three

(59:14):
five three slash five I don't know how you say it,
or five over three. Uh yeah, that was a couple
of years ago, right, they got hit really hard and
North Korea almost walked away with a couple of billion. Yeah,
so you know, really understanding your your threats and what
your you know, you remember, you know in the Marines,

(59:36):
you know you're sitting on the rifle range, right, you
got your five meter, fifty meter and you know five
hundred meter targets, right, you don't have to worry about
your five hundred meter targets all the time when you
have your five and fifty meter targets right in front
of you, right, So you got to understand where the
threats are, what your threat what your your your main

(59:58):
I would say, not your threat factors, but really what's
going to be coming at you, and then adapting your
responses to that, and then making sure that your defenses
can can bear those attacks and bear those uh take
that brunt when when it does come, because they will come.
It's just a matter of when, right, not if. And
and that's that's basically the best way I can kind

(01:00:21):
of describe it. You know, just ensuring that you're you're
not wasting a bunch of resources, because every organization is
resource constraint, right, time constraint, personnel constraint. You want to
make sure you're you're attacking you know, what's right up
in front of you. Then focused about some way off
scenario that probably won't ever happen because they're not really
interested in in in your type of uh situation?

Speaker 4 (01:00:46):
Oh got you makes sense?

Speaker 2 (01:00:50):
Is that?

Speaker 4 (01:00:51):
Is that past the sniff test? Ebony? Is it good?
Let me take the box fue.

Speaker 5 (01:00:58):
We've been good. So I don't know what you're talking about.

Speaker 4 (01:01:02):
Yeah, yeah, we do.

Speaker 6 (01:01:04):
Yeah, okay, evening makes it sound like you just got it.

Speaker 7 (01:01:09):
Yeah, I know, Reggie. Did you have anything else?

Speaker 6 (01:01:15):
No, I mean, so, I'm gonna be completely forthcoming. I
have a lot of I have a lot of stuff.
But I understand that we have time constraints. I mean,
we're at the top of the hour. Maybe we'll bring
you back and you could talk more with us, But
out of respect for everybody's time, I'm just gonna kind
of curb my questions, uh, and not do it right now,

(01:01:38):
but definitely want to bring you definitely have more, but
maybe we can talk about bringing you back once.

Speaker 4 (01:01:44):
We hang out and hang ona what it be man,
He snowed in. Probably Wow, you're d well, Mike.

Speaker 3 (01:01:55):
Did you have any partner thoughts for anybody in the audience.
Maybe it's a question that you always get a hot
take on something.

Speaker 1 (01:02:05):
Yeah, No, you know, I I I appreciate what you
guys are doing. You know, out there, there's not a
lot of resources that's kind of that that someone you know,
it's hard to go out there and kind of get
that that real raw you know upfront, Look that isn't
like all corporatized and you know, trying to package in

(01:02:26):
some kind of subscription service or anything like that. So,
you know, kudos to that, because I believe that there's
a huge market out there, not market, but a huge
population that that needs these kind of talks and needs
these kind of insights because you know, some kid may
be listening to this, you know, and then realize, hey,
you know, that sounds really cool, and then that sets
them on their path. So you know, I really do

(01:02:47):
appreciate what you guys do and and your audience.

Speaker 2 (01:02:49):
You know.

Speaker 1 (01:02:50):
Hey, you know, tech and tech in general, you know,
is one of the few things that are left where
where you can really make it. You know, it's it's meritocracy, right.
It doesn't matter who your parents are, it doesn't matter
how much money you have, it doesn't matter what side
of the street you were born. Right here in tech,
the only thing that matters is how much you can

(01:03:14):
perform and how much you can ingest this information, you know,
whole bunch of information and turn that into actionable strategy.
So anyone on the fence of tech that yeah, I mean,
let's be real, right, like, no one's born you know,
none of us are gonna be born with you know,
in a mansion with all this, right, and we ain't
got no inherances coming man, got no trust fund, right, Like,

(01:03:36):
we have to grind.

Speaker 2 (01:03:37):
For what we have.

Speaker 1 (01:03:38):
And uh, you know, a lot of the people in
the audience like, look, you can now, you can go
grind in the streets, or you can go grind here,
right and you grinding the books, you grinding the labs,
you grind in tech, and you're gonna make You're gonna
make it. Like that's gonna be a good way to
get started in a career. And you know, the sooner
the better. You don't have to go in the military
to start in tech. You don't have to do all that,

(01:03:58):
Like you can start now. You can start you know,
high school college, you know. And that's one of the
one of the things I always want to push out there,
is like, hey, you don't need some fancy degree, you
don't need some fancy subscription. You don't have to pay
anyone five thousand dollars a month to give you coaching.
You could do it yourself. It just takes a little drive,

(01:04:19):
a little patience, and a whole lot of reading, you know.

Speaker 6 (01:04:21):
Not everybody has a little.

Speaker 3 (01:04:25):
Yeah, that's fair, well, Mike, I really appreciate you coming
on and sharing your experience and dodging the bullets are
able to be cling around towards everybody. I don't think
I thought it straight everyone.

Speaker 5 (01:04:39):
But also, thank you so much for joining us. I've
never had a guest welcome me to the podcast, so
thank you. I really appreciated that.

Speaker 4 (01:04:47):
Thank you.

Speaker 3 (01:04:48):
That's great right there. Yeah, everybody's up a favorite already
know that. Then he's been been messaging me saying hi, ready,
but it's a fa I appreciate it, Mike.

Speaker 7 (01:05:01):
Yeah, this has been great.

Speaker 2 (01:05:06):
Every Thank you everyone.

Speaker 3 (01:05:07):
So everybody's out there, make sure you developing every mind
that's around you. You see somebody with a question, if
you have to answer.

Speaker 7 (01:05:14):
Give it up.

Speaker 3 (01:05:16):
The community should be about sharing and building upon each other,
dealing with each other because it's a small community and
so you'll probably working with these same people, So make
sure that's sharp. Find us on every social I think
you were on everything, but look for us, look for
them tech folks, or develop every mind.

Speaker 4 (01:05:37):
One of the two.

Speaker 3 (01:05:37):
Make sure you can, you know, use a hashtag if
you believe in what we're doing, especially with respect to
like education in this space. That's one of my you know, passions.
So with that, I'll let you guys go for the
night and we'll see you on the next one.