PG - The Little Dutch Boy - D0n Quix0te

hello hello good let's see well it's time for me I'm going to go ahead and get started because I've my presentation is a lot longer than my time so I'll probably Buzz through a lot of it um if you have any questions afterwards let me know uh or if you want to hit before I hit launch let me know um before we get started I have this uh that's wet I have this [Music] um tradition I always pass out marshmallows at my uh at my talks so I'll pass them around uh my recommendation is um if I get caught on a topic and start diving into it too deep uh throw them at me uh I have a

tendency to do that if um if I'm just fine uh don't throw them at me uh but you can you can eat them so pass them around okay so uh I'm nervous if you can't tell uh who am I um well that's a pseudonym um the reason I use a pseudonym is not because I care that anyone knows my name um just that I work with some folks who are indexing uh videos this is being recorded and the last thing I want is for uh I try to keep a low profile so uh as little of my uh name that goes out on the Internet is good with me uh stuff I've done I've been in it for a long

time um about 30 years uh I've done just about everything you can do as a Defender uh even written uh fsma security plans uh that was fun that took a whole year uh but um basically if it's a Defender Tool uh I probably inst it configured it to run it um here is my uh my disclaimer I don't speak for my employer or their clients or anyone who may be their clients or may have been their clients I'm not even sure I believe what I'm saying uh it's just my opinion right now uh that can change without prior notice uh so if you catch me afterwards and convince me I'm wrong I'm okay with that uh my talk is

titled a little Dutch boy uh for those that don't know the um the story it's about a small boy in the Netherlands on his way to school he saw a leak in the dam that uh kept the water from his his his town and he put his finger in the dam and and and uh sometime later some workers came by repaired the dam the story's told to to uh show that a very small leak uh in a very large thing can turn out to be far more devastating than one would think um for any of you Defenders out there you know that uh the bad guys can sometimes get in with uh through a very

small hole and when they do uh they can often uh affect a lot of damage so what I'm going to bladder on about t is cut in two two pieces um our current security Dam the thing that keeps the the bad guys out and the good stuff in um firewalls uh that we use to to to help make this happen ids's and file Integrity uh and then I'm going to talk about a tool that I've written uh called Omens it's a web server sentury um actually uh the uh the young man who wrote an article about me for a trip wire uh named at a century and I think that's a really good term um I call it a

continuous monitoring tool it could be used for a lot of things but but we'll cover what it does uh to sort of plug these holes that exist in our current uh security systems so let's let's talk about the C current security Dam uh this is what it looks like um uh actually there's a lot more to this we have uh networking detection file Integrity monitoring firewalls web filtering system development life life cycles we do static code analysis um we do vulnerability scanning um and uh patching and Antivirus and and all of this sort of forms the thing that we we piece together into this damp to keep the the bad guys out and the good stuff in uh

I'm just going to talk about three pieces today um if I talked about all of this it would be a week and nobody wants to listen to me for that long I'm sure so uh I'm going to talk about Network intrusion detection file Integrity monitoring and and firewalls okay so first firewalls uh this we typically say hard and crunchy on the outside soft and chewy on the inside um this is on our perimeter uh it's it's a choke point in the network so if our firewall is not sized large enough or if we're asking more of our firewall than we initially thought we would um we the firewall won't be able to keep up with the

traffic um also SSL is a challenge um for those that may not have heard this term crunchy on the outside soft and shoy Center just basically means that um it's hard to get past it but once you're inside the world is your oyster um we typically uh when we think of firewalls historical firewalls we're talking about IP firewalls right uh five five tles or tupes however they say that Source port and destination um uh Source Port destination Port Source IP address destination IP address and then what protocol it it's going to pass or not pass tcpip UDP icmp um this used to be really cool when everything had its own port and protocol and Port

protocol so you're running uh a bulletin board right okay nntp Port 119 you don't want nntp on your network you block Port 119 great uh smtv Port 25 reading nail um POP 3 Port 110 or 143 forap so it used to be really cool that you could just basically say okay I don't want that on my network um that all changed because basically what people started doing is tunneling inside of https but then we didn't even have to do that anymore because everything's moving to http and https anyways so Gmail it's just HTTP or Facebook or you know IRC we used to do Port 6667 uh now we have all these chat clients that run across regular HTTP so

since we're not blocking all these ports anymore things are just coming in through HTTP or https um we need for the firewall to be more aware of of what that traffic actually is right so we move towards West and Next Generation firewalls these are firewalls that understand the traffic they understand uh they can better integrate with your network uh some you can manage the permissions direct the directory um it adds application awareness and this this is a movement past what we used to call an application firewall I I installed the first application firewall my first application firewall 14 years ago um uh proxy application firewalls are not new but this is sort of the next step in

understanding okay this is what this traffic is and even though it's all on Port 80 some of it is this and some of it is this um so essentially what we're talking about is a firewall and uh and a network intrusion detection system put together so let's talk about IDs common and effective tool excellent just I mean one of the one of the one of the really most useful security tools uh but these are typically network based appliances they sit on your network they monitor and scan packets coming in and out um they are often very Rob not bus but sometimes the language is is complex like you don't just install a nids and start

writing signatures um at least and I don't know anybody that does that uh so one of the first things we run into is okay this is an appliance that sits on your network if it's not sitting on the segment that you want to monitor you have to have a sensor on that segment so we have to place these seg these these these sensors at critical points in our Network to be able to see what's going on in those parts of the network so essentially for a nibs to work you have to have traffic now that sounds kind of silly right of course you have to have traffic traffic but it turns out that in in the

real world when you're looking at intrusions uh that can be a real blind spot so what could possibly go wrong right well first of all mid signatures are are not typically generic now what do I mean by that so mid signatures don't Target a server now it turns out that looking at a specific server and what should be on that server is really useful for not only that server for what's going on in your whole network and I'll cover that in a minute um so these signatures are generally targeted uh to look for General uh generally bad traffic and that's because you really it just doesn't make a lot of sense or it's too much work to write a

nid signature a set of nid signatures for every server on your network um so you're looking for General generally bad things it's very hard to Target what I call not signatures and and I'll I'll talk about that in a minute what I mean by not signatures um signatures are gear not gear towards uh ad hoc deployment so if you have an evolving threat um you go to your guy and say hey we've got this evolving threat we need a nid signature for that um the last time I tried to do that what I heard was it'll take me about a week to create that signature that was not useful for me um so uh ad hoc signatures

and there's a good reason for that I'm not bashing that um it's there's a good reason why you want to make sure your signatures are not going to all of a sudden fire off gobs and gobs of false false positives so the next thing we run into is that signatures are typically not shared now this is sort of the thing that I'm passionate about and I'll talk a little bit more about it um sometimes looking at an evolving threat a very narrow signature would be very useful so a zero day comes out your your uh organization ation is attacked um you create a signature for this okay great okay now another division is attacked they create another signature

another uh organization in your sector is attacked they create another signature right so you have all these people uh creating signatures when signatures already exist they're just not shared um and this is something that uh I I am hoping I'm seeing changes in the industry now but I'm hoping this will really really change because I think this is the key to really addressing this problem um and again uh sometimes you know the bad guys move so fast uh you don't have a day you don't have a week you certainly don't have a month to to uh to detect and and put in mitigations uh at that point they're they're already crawling all over your network

so what I'm trying to say is that a tax scale really well one zero day if nobody's sharing any signatures one zero day can affect a multitude of organizations so without sharing uh the defense does not scale well everybody has to do the same work over and over again uh so you know I just throw the question out there I I have some of what I think are the answer I won't explore it here but why is Sharon so fear in in in our industry um why is it you know I mean I have some ideas none of them are very popular but uh I think we should be asking ourselves this question um because the bad guys they share really

good if you've ever done an intrusion and you've looked at some of the the open source intelligence and said well I wonder if this has happened any where else you find the exact code that's on your network it's all over the place it isn't new right you're looking at U uh Google code or uh it eludes me now um but lots of this code is posted all over the internet ppin thank you very much yes you you're probably going to find that whatever on your system is on bpin um so this is a lot so we're going to talk about what what I call not signatures right it turns out that since nids can uh look

at the traffic going in and out of your network that's useful the problem is nids can't tell you what actually happened on the server right what if there's no traffic at all what if you're you're not monitoring that that segment what if there's no sensor on that segment what if it's SSL and you're not doing SSL decryption um I know that this is available I know how it works I just don't really know anybody that's doing this really well I mean there I'm sure there are and I don't know about them but uh SSL decryption is really hard too it's hard to do that um what if it's a non-modern segment or or a block segment

right okay so nobody would bring in a wireless router and put it on your network and have traffic behind that router right so what if what if the traffic looks like it's normal what if it's encoded um this I see a lot um B 64 encoding Rod 13 right just abusca the the data um the comments crew this this is you know what now has come to be known as apt1 but these guys sort of became famous because their command and control servers were receiving commands through what looked like web pages with basic form coding inside of a comment so on on the network it's just going to look like regular traffic um what if

your application lies to you now we're again starting to see more of this um if the traffic is being monitored by okay the the server is owned uh it's receiving let's say it's a web shell well uh if the request uh coming in is coming from an internal IP address I'll just act normal um see a lot of this in black hat SEO um to try and fool the search engines but if it's coming from hacker X okay now do this other thing so nids is in this case going to be very hard to detect traffic that uh it's it's basically not so let me talk about not signatures let's say you have a server

that is running uh an asp uh application a web server running an asp application right should that server ever see PHP traffic on it a request for um U the uh the um an Administration page for for PHP admin or or um any other uh common CMS written in PHP your server should never see that right but you're not sure from a nits level from from the network if you've got 200 servers on your network uh and you're not managing all of those servers you're not sure maybe I shouldn't see that traffic um so this concept works amazingly well if you're looking on that server and you see a request for PHP admin on that server and you're not

running PHP well there's a good chance that that IP address is scanning your network for something else so now okay I have a piece of information I know this IP address is is scanning at least this server what what else is it scanning on my network so that little piece of information based on something that should not be there what you know what a lot of people are calling the an anomalies although this isn't anomalous Behavior really it's just not a request that should be in your law so what if your admin console is exposed to the internet this happens a lot too you install a CMS the default is yeah sure the admin console too come and get it so you have

to go and actually lock that down at at the server and say no no no if you're not this IP address you cannot access the admin console but if you haven't done that so now your admin console is exposed to the internet what if it's a compromised password right what if you reuse that password from another system that's been compromised um what if it's a a bypass uh remote uh a arbitrary file upload um or um authentication bypass uh so it can look like normal traffic uh and your nids may not your network intrusion detection may not flag on it it can appear to be acceptable that's really a a bad term I couldn't think of a better way to say it's just

not flagged as hostile so by default if it's not hostile then it's acceptable right so once the bad guy gets inside really really bad um they may no longer be traversing your perimeter okay um they may have installed um a proxy um this could be you know a service uh running on your on your windows box um it may be a webshell um these web shells by the way are are kind of the thing I'm really interested in um been doing a lot of sort of looking at that uh and what this can look like is you have this application your your box has been open the web Shell's been been loaded onto the Box the bad guy is

sending base 64 encoded strings as input into your web shop just looks like random stuff coming through your network right no real signature webshell gets it decodes it and then takes some action based on that uh what if the bad guys using autoband methods right they're proxying through other things DNS proxying right so so the key to take away here is persistence this magic persistence is really just all about hiding it's about putting something on a server and just leaving it there you you may be you the bad guy may be using it they may not they may just want to put it there and leave it there to reestablish control uh if whatever else they've done uh is found

out so problem with this traffic um the person may look like a it may look like a trusted traffic file copying from one server to another right are we really worried about that um it may be SSL again or it might be custom encrypted you know hex z a xord hexa nothing complicated just meant to bypass uh the uh the intrusion detection system um so does it look like normal use or is the guy using the bad guy using countermeasures stuff that I haven't even seen or know about I certainly don't know all the counter measures that can be used um but I'm sure there are many yet to be discovered so the key here nids needs

Network traffic so nids won't detect if there are file changes like one of the best things to know if your your box is has a bad guy on it is is there a file changed on this box so this is why we have file Integrity Checkers right so let's look at file Integrity Checkers very effective tool but what's inside that file okay was it a legitimate change was it done through Change Control did a bad guy change it did one of our programmers change it did an administrator uh put something new uh in there uh that he was asked to put in there is that code save uh does it have eval in it uh uh now who gets notified

of this does it security get notified if there's a file change typically yes does the programmer get notified does the system administrator get notified if there's a change on file server not always these guys are often the guys that you really want to ask the developer gets a message files been changed on the file server I didn't change any file okay well maybe we should go look at that file this is my obligatory sunu quote um I'm told every security presentation has to have one so let's talk about the way that we can sort of plug the way that we can augment existing security systems to look for some of these exposures right first thing we want to do when your when your

server's compromised or you think there might be some hostile traffic where you want to go the logs the logs tell the story this is on the box this is this is assuming that uh the bad guy hasn't already covered his tracks this is going to tell you what transpired not just packets that came and went on the network but what happened um you may be able to go back if you're doing full packet capture on your network if you have a very large Network you're probably not you may be doing partial packet capture which is still useful but if that data has is no longer available um you're you're going to have a problem building a timeline

and and understanding what happened so what are the things that uh the tool that I've written it's called Omens by the way I forgot to mention that um object monitor for enhanced network security um I picked that Al I picked that uh that acronym first by the way and then named it later uh cuz I thought that was pretty cool so I'm going to admit that out front uh for posterity uh so Omens is going to scan your logs what's it going to scan for known vectors uh it's going to scan for generic vectors okay an unmatched single quote percent 27 okay somebody's sending percent 27 you see that any your log yeah might be okay

might not probably not uh we're going to scan for not vectors okay I'm running a I'm running Java server pages and somebody's scanning for a CO somebody's asking for a cold fusion page that doesn't belong there I want to see what else that person has done um Omens uses very simple search strings uh if you could do a dur command on dos you can write an open's search string I kept them very simple on purpose I'm very very reticent to do anything more complicated because the idea is to be able for any person to just write a quick signature and say I saw this I want to see where else this is happening it also supports false

positives uh you know I put the signature in I got all these I got all these uh warnings and and and and uh alerts and oh uh yeah look for that signature but if it has this don't look for that so it's just meant to weed out the false positives so the next thing ens is going to do is it's going to scan the file system uh this is on the box itself this is a a tool that's run uh host based host based intrusion detection um so the next thing ens is going to do is scan the file system were any files deleted were any files changed um were any files added um then it will open up that file

if there's a file added or changed on the network if it's deleted it's not going to open up obviously but if there's a file that's been added or changed Owens will open it up and it'll say you know is there something in that file that that looks really hostile um is there time stop something in there did someone put some code in this in this is this a webshell someone put some code in here to change date stamps uh typically a developer is not going to put code in their in their in their web app to to do um time stop there so uh this is a clue that that you know maybe this file doesn't belong here norals

Omens can check for hostile m5s uh these are marginally used useful uh I put it in because in a case where you might find some hostile code on your network you could md5 it uh you can push that out and other servers can can scan for that um but what I find is that the bad guys change their code enough uh and there's some really cool talks on taking existing compiled code and changing you know a couple bites in it and and it being undetectable um through md5 md5 isn't really a good detection mechanism for this but um it can be useful in some cases so it's in there um we're going to look for hostile file names again not

really that useful but if you're looking at an emerging threat you found this file on This Server I would like to know that file is on other servers too um very useful for a short time period perod um but useful nonetheless especially if there's an or threat the other thing that that it's going to do ens is going to do it's going to check for obfuscation I see a lot of this okay entire webshell is written in Bas 64 all right so the bad guys go okay you're going to look for base 64 fine I'll just base 64 and then rot 133 or I'll B 64 R 13 it I'll reverse it Bas 64 it again so

the per ations are are nearly endless so what Owens attempts to do is just say does this look like obfuscation the detector's pretty good on the stuff I've run it on I'm getting 85 90% detection rates on all sorts of obfuscation it's not perfect but again um we just want a heads up if it's if it's painfully obvious that the bad guy base 64 encoded It reversed it uh only find it uh ens is going to check one of two ways to determine if a file is changed they can either just check file dates and sizes that's really fast you can Buzz through a server looking at file file dates and sizes really quick unfortunately the bad

guys may time stop uh they may change the file date back they may edit the file and such a way that the file size stays the same um in this case you know they're going to avoid the action so M has the ability to Hash it this takes a little bit longer but it's not crazy slow uh um on my server um fairly you know I'm running a a commercial CMS on it it's about five minutes to to Hash the entire file system so uh it it's it's definitely usable so what's Omens going to do with this well it can cist log it you've got a centralized uh uh you're uh centrally looking at all

your logs um it can email the report and it can also encrypt it um the encryption is not meant to be unbreakable super duper encryption all we're trying to do is send email that that is encrypted to to give us a leg up over the bad guy if the bad guy has has already owned our email system um it's rc4 by the way I'll talk about that in a minute um but it's not AES and it is um this is symmetric encryption it's not asymmetric so uh you do have all of the vulnerabilities that you have with symmetric encryption um but I don't know if I'm going to talk about it later but let me talk about it

now it's still useful to do this even if the B guy somehow owns the box and and and can modify your configuration if they can change the password you will still get an encrypted report but it will be encrypted with the wrong password so if you get a report and you can't decrypt it it's an outof band way to say hey somebody maybe somebody changed the password so the encryption can be used for the typical while I'm encrypting this uh but it can also be used uh as a way to sort of monitor in and out of band way if uh a bad guy has changed your configuration woman's configuration on the box um now

the the report can be emailed up to 10 people um again I have this thing that this idea that I'm exploring about deputizing other people in other departments right so a lot of times just it security gets this information but would it be useful for the cisman to have that information would it be useful for the developer to have that information they're not an IT security person but if if there's a CH a file changed on a server the it security guy probably is not in the best position to open up that file and look did someone append a webshell to the B bottom of my normally good code did did a bad guy change a good program a script a web

application and add hostile code into it right the best guy to answer that question is going to be the developer so I think that moving more people that are not in it security into this Loop is something that that the the I that the computer industry can benefit from so what if there's really hostile activity right some bad guys is pointing nessus at your server or net sparker or any of the other you know a python scanning tool right so if Omen sees this kind of activity it allows you to take action um you set these thresholds if it sees uh whatever you want to set that for threshold too if I see 200 hits in my in my log and I see

three files have changed shut down that server or disable the network interface or do all sorts of things um these are just batch files um Omens will sign these batch files so it just won't run anything when you when you make an 's alarm you tell ens okay digitally sign that and it will run that unless it's changed if that's changed run that

box so Omen signs its configuration uh you need a password to change the configuration um if you're really really paranoid you can use a I I've implemented a pbk pbkdf2 style um iteration count so yeah I want to rehash this password 35,000 times all right so then when you decrypt when you receive that email you have to know okay this is the password rehash it 35,000 times it's just an extra sort of piece of the password that the bad guy may not know or shouldn't know um I'm using md5 uh md5 is uh I I've implemented some counter measures they're common counter measures uh I haven't made anything up uh I'm not an encryption person um so if you want to

talk with me later about the kind of stuff I'm doing with md5 i' be glad to talk to you about it um output can be encrypted and output can be offbox on the assist

log so as I developed Omens initially it was just a scanner and I was really happy with this but then I started to think okay I have this information can I can I do anything with it and since I'm scanning uh the the logs and the files themselves I can have an effect on the server on what's in those logs what action I can take based on information from those logs and what kind of action I can take based on whether Omens determines a file is hostile or not so since Omens is a scanner Omens itself won't block the IP but what I've done is Omens can output either an IP security file this is just

an XML file that your I server can use uh to block so I'm just telling I if I find hos IP addresses uh if I find you know know this guy has hit my server 25 times I'm going to put that in a file that IIs understands and will block that IP address now so let the web server do the work um it also works with Apache it will write out an HT access file for aache um I can also block that a hospitel file okay I found a web shop so do I just want to wait for someone to go look at that or do I want to take some action so what Omens can do is either

set the hidden attribute just set it set that file the hidden uh IIs Honors that so if you set a file to Hidden and you try to access that file you'll get a full Flor error um Apache does not honor the uh hidden file so what Omens will do in that case is it will quarantine that file now if the bad guy keeps uploading that same file again Ms will keep quarantining it um and it will do it up to 999 times and it just aens and aens and number to that one time delete it from its original location move it to another location and then append a uh a number on the end so this is really sort of the meat

of what I'd like to talk to folks about is centralized signatures Omens even though it's host BAS B allows centralized signatures up to 10 now if somebody calls me up and says you know I really need 25 okay I'll recompile it for 25 10 is an arbitrary number eventually I may make that unlimited um but 10 just seemed like a good idea uh and what this is is two things in an internal organization if you've got 50 servers Omens has its own configuration file that's for that server you can also tell el okay go get a signature file from another web server these are just flat text files they're meant to be as simple as

possible um and they are a way if a central it organization gets notification that there's one of the omen Services alarming they can put an IP address in the centralized signature file the next time any one of those Omen servers runs and I typically schedule them every 2 hours you can make them whenever you like once a day every half hour it really doesn't matter it's up to you uh and I just use the window schedule to do that uh so every time one of those Omens uh um one of those service with Omens on it runs it will just do an HTTP get it's just a straight flat file it will download it load it up into memory

and say okay now I'm going to search for all of this and then begin to alarm on whatever else is happening uh what other other server is is is getting that traffic uh or getting that uh that activity um so the signatures are additive it's going to use the local signatures for server it's going to use uh the remote signatures uh meant to be really simple 1.0 Omen version 1.0 which I'm going to release today it now can share its signatures so real quick I don't want to dive into it but let's say you've got a server that sees a tremendous amount of track Omens will may see some traffic that the other servers won't

see Omens notices this traffic or notices in its logs that that this traffic this IP address uh or this signature is happening it then takes that and creates a signature that it puts in a centralized signature file and now all the other servers can get that file so in this way you can sort of have this and and I'm going to develop this further the idea is to get these servers to tell each other hey this is what's going on here you may have not seen this traffic yet but you probably will and when you do go ahead and tell it security about

that so the next thing I really want to say is Omens is not designed to replace anything we have great tools um people that spend years and years and years people way way smarter than me uh selling you tools I'm not saying getting rid of any of them I'm saying some of them can be bypassed and and I'm not saying that that's possible I'm saying I see that uh and so having a double check uh against what your other tools may miss I have found very useful right so Omens and mids why wait for the bad guy to to send bad traffic on your network if they've compromised your network and they've stuck a webshell on your server

and they're just leaving it there no traffic why not have a way to find out that that's there and it it uh has hostile hostile contact so mids don't C SSL um but Omens can see everything cuz it's on the server right so everything eventually resolves to the server that's why when you do forensics when there's an intrusion where do you go you go to the server because that's eventually where everything winds up this is kind of the idea go to the place where you have the best likelihood of finding the the greatest amount of information before the bad guy can um gain access to your entire network so it can act as a nids double check uh it can

allow admins and developers to participate and it can react at the server level block IP or block um H what may look like Hospital files and it can centralize uh the signatures so ens and WS waffs are great uh WS really cut down on the amount amount of hosle traffic you'll see on your networ but they don't get rid of it I still see Omen still reports uh things that come through that have uh have come through the wff and for anybody that reads about this stuff W evasion is is is quite the sport for a for a whole segment of the the red team guys um so WS are still uh generally network based uh they don't do file Integrity

checking typically don't do file Integrity checking and WS are not real time uh I mean WS are real time and ens isn't um real quick just to mention this Omens is also meant to be used as a forensics tool so if you go to a server that's already owned um you can run Omens against it to see to gain more information on what happened on that server so not only as a monitor but actually as a forenses tool so WS are now really meant to encourage fixing the problem again this isn't bashing in any way W WS are great but WS say okay I'm not going to let this through Omens is really designed to monitor so I saw this

what I'm really trying to create is a way for people to say I saw this I should go check that out I should go fix that because really that is what I think is ultimately the only way to address the problem you have to fix it up the SS um but again not the bash WS they they you know they do great work so what am I going to do with this uh well I'm here talking about it taking me about a year and a half to to write this software it's not anywhere near done I'd call it about halfway done I still have a headful of ideas uh on things I'd like to continue doing with

it uh it'll uh I'm building it as a narrative uh just so that you know what happens is I solve a problem and then I think well but that doesn't solve this problem so I solve another problem well yeah but what about this so it's sort of a narrative on building um to address deeper and deeper problems eventually um sorry about that eventually I'll move to asymmetric encryption uh and eventually it'll have a nice web interface uh it's command line now um I'm an old command line guy I like command line uh but I understand that uh that web based is you know the way that people centralize So eventually I'll do that written in C meant to be really

fast my opinion about applications especially security applications is the faster the better so uh performance is really important to me ens is free uh I've been given the uh permission uh by the people that I work for and have worked for um I've signed a an agreement with the US government that they have an unlimited free license so womans will always be free no matter what to the US government uh but that really doesn't matter to me because womens is always going to be free to everybody as far as I'm concerned um this is where you can get it music tech.com that's a server sitting in my house uh I figure if I can't defend my own server um really

doesn't make much sense for me to talk to you about it 1.0 is being released today you can go right now uh this is it music tech.com besides Las Vegas uh that's the latest version it will probably change as soon as I get back but uh that's it if you want to take a look at it this is me I'm done I have them no time left but um if there's a quick question I'll answer it or if you want to hit me afterward how have you compared this with other hits like o and and you know figure out how you're different you know I got to be honest with you uh what I've done is mostly

reading on on other things that are available and this is going to sound very poor but what I'm looking for and trying to develop is something really really really simple and when I look at a lot of the other tools available they do a lot of really cool stuff but unless I have a really good reason I don't want moments to become complicated so I've tried to keep it very simple and that's really probably the only delineating factor is it's really meant to uh if anyone wants to see me install it and run it on my laptop it it takes 5 minutes it it's really very very easy to do and that that's what I'm looking for is for

everybody to be able to do this am I out of time yeah okay open okay great oh oh really okay

I