Hacking Companies For Internet Glory While Not Dying In A Sarlacc Pit

right so this is not Dave's talk and they've unfortunately and eyes I don't want to say man flu but it is man flu is being a [ __ ] and so that's not the top title this is a top title and I apologize for the front but I like it basically this is for coming Boba Fett hacking companies for any glory while not dying in a sack with pet a key how I killed Dave and so that's probably should have been the flush slides I'm sorry should I swear a lot if you got offended last your [ __ ] problem basically there might be strong body violence I do have that's not a company drama

snakes nest okay wasn't my top that's why I'm drumstick got something the I so that's bloody violence anyway for those of you who don't know already I'm and legal I'm a penetration test though it's a sexy title but head test partners we break [ __ ] and reports I've been a security now for about eight years I've been an IT for the last ten so I'm pretty old for a young guy I also brought a book about pen testing it's learning the ropes for the one it's not about one that you do you do Google that some dodgy stuff does come up I can assure you it's not that and I've been described as a hacker a writer because I

partly because people can read it a reception I do research the ship speaker because off you're talking [ __ ] to you guys and no I'll lecture yeah some college in Glasgow have trusted me to teach students about security web apps fundamentals and pen test in front of metals courses that started last week and it's good for the foreseeable future that's tied into what their prosthetic is on Twitter it's a secret but I know at some point also high school failure so I [ __ ] up everything is cool for that doesn't remark thanks for being here you made it to be safely so you've gotten stabbed more thoughts or kidnapped by sad a forehand torch over

and BL because it means I get to talk and thanks to resize least for tell me six o'clock last night by the way you do another talk tomorrow might great I've got a couple of hours the right slaves luckily this is a problem say recycle talk but it's an augmentation of a top it delivered an internal conference for a PDB so it's just been made a bit more safe for human consumption because we're all reprobates the PTP anyway so about me Narus entertainment do this stuff a park up from hidden cars and hack Wi-Fi and [ __ ] and then the other you know 45 percent famous 7s people's lots of terrible windows up written mine pages

to what the [ __ ] do it and another like 10 percent of time anyone who falls meal to where I do this I Drive in this blue machine anyone heard I've got a blue car I could have grown a bit all the time it's great have no had it for about a year done twenty thousand miles so it's a lot and I love taking pictures of it because yeah I also get quite thoroughly involved in the community so I've written a book that's the full title that's the subtitle it's not free though anymore because the publisher went to me basically too many people are downloaded for free will not make any money can you charge some money for it

so I okay it's going to be five dollars five dollars if you want a free coffee and your skin let me know and I'll give you a free copy and I also run a blog that's good pities write-ups about my don't you stuff pentesting just general bits and pieces Auto being home networks that sort of thing and I also run the local DEFCON chapter which is actually what t-shirt I've got today and something made me this t-shirt this is DC for four one four one which right on one who doesn't know for is the UK number and one for one is the local area now local area land line for a schools or one for one is the widely so fed up

with specially in Glasgow or one for ones a next time what the in a piece of things with anyone who's interested we're always looking for speakers so we're the first Tuesday of every month we would fun travel but Glasgow is a good fun place so it's only five hours the train from here feel free to boost up and have some fun click this disclaimer and there's people in the room who are very much smarter than me I'm just I just found some holes or website once and ended up getting into folk Bernie's people who can't see the back plus pornhub and yeah it's kind of in the name they do porn and stuff so the top fun I am rattling through this

you know if the top line is too long didn't read ponies nutshell there are other talks today I've realised I didn't submit this talk is about another one then I have a prepare so I wrote this one instead and there's other people who have done talked today about my body so if you've been to that this may be a repeat of it but people weightless or people lying the foot I've just noticed it comfy down there oh yeah so this is gonna be an overview and a look at the techniques used in bog bodies and how they can be adapted for pain testing and vice versa and benefits about ponies is not just selling money but there is a lot of that

too there's people who get ridiculous payments the difference is from pen testing there's a lot of platforms the barcode on half your autoresponder in this conference try not to offend them too much but they're trying to easily replace pen testing it's not yeah it's not replacement in my opinion anyway hog pen is 101 the five W's pottage anyone who's done forensic science the response will know the five thirty th what we are who why all their them be secret so park Barney's for anyone who doesn't know is essentially companies letting you legally hack the systems with a school it's somewhat a pen test in the sense that you have a scope but different in the sense that they have the right

deterrent in Google we're not going to pay any money because we know about it or at someone's phone it before you or we don't think it's an issue and so I'll talk about kind of the issues and with bug bounty things I'm just going to board I'd easily [ __ ] this o off well yes but basically companies can kind of pick and choose the next n what they think is about what I think is an issue and yeah it's definitely from a pen tester they work in the way that you write a report so you find a park at say for example SQL injection on a website you can dump even even if you can't dump

records even if it's just information disclosure or something someone you can submit it and then the company either the platform will life is like a middleman or middle woman or middle human gender diversity in our stuff and so they they cut out at some point they're they're the metal GI state they triage it and they'll either on the spot decide if it's a bar owner or he'll try and Reeve out this it so a lot of the time some things you get and triage you're maybe not technically well-versed so the market bug is it's not an issue and then you go back to the wisely no this is actually because I face the business logic here or this is what this

is exercise xs/s big cross descripting bass only in their opinion it's only self only five years like but yeah you could use it to pass the dedication or do something similar so that can be a problem but they're walking the way that you submit about against reaiized all groan well company gets the bug the effects internally good companies will fix them quickly bad companies will not fix them quickly I've put bugs that have been open for the last three years pretty serious ones in that matter so yeah once the effects it all going well they'll pay you some money however some companies think it's fine cough sorry to give you a t-shirt because you found

remote code execution because who doesn't like t-shirts and t-shirts pay the bills right you can pay the bills of reputation and kudos that's how that works so Sony's it's always a perfect example there's lots of other big companies like Adobe are also similar to that there's also a lot of shots here today's Sean made it and as eternal as he anyway Sean didn't hit a blog post about bug bounty programs and how some companies have what's called a VIP program and a public program but public program tease you and reputations you get internet points for funny bugs the private program gives you money but the they were being quite decisive on will only pick people that

we like through who on our platform so we don't need to pay your money so if you find like our see for example and they don't like the look of you they'll give you some internet points but no money because they feel like it so going reach Hezbollah that is really in-depth and this absolutely interesting it has caused a bit of I want to say it kind of tidal wave in the end it in a punk band a sphere because people get offended but everyone gets offended it's just how you choose to be offended that's that's my kind of pain no thanks that's that's how they work why do them well there are ridiculous sums of money

and no I didn't bug ponies particularly when you find pretty high arrest issues so one of our mates who had do stuff with and he he found a bug in a concern management platform that was a basically SQL injection you could dump client information company give him $20,000 for that so that's quite big money you wouldn't get that from like contracting it you do like 100 these contract it up more to do that so you that's that you couple hours work but also they're quite beneficial from an education perspective because I'll talk about it later on you get to see some systems that you may not normally get to see in paid testing no technically speaking obviously paying

takes and depends on who your clients are so that depends what systems you have to work on that one backbone is that you're not you don't you're not defined by the fight basis such a defined it by what programs you're involved with and what things you get to test on and see so there's some interesting things I've seen a good thing and also it like can I get over the community the I'd say the kind of two industries in offensive security they move forward to collect assess but burning red team and over - or like techniques and tools it's not for at least ideally even early basis I mean there are other areas like hardware and

things where there's a lot a lot going on but of the two that I see on where all the time but if you just search hash like Bugs Bunny there's [ __ ] thousands of tweets of just new tools new techniques and things in the house changes other thing so something that was up-to-date yesterday will be one say Madrid demons is finding finding new tools techniques procedures so that's our covers why do them but then you working into them so there's lots of kind of platforms in the top this modern with the BFI was recovering off the kind of four main platforms there's hacker one bug Krauts these guys response in the Congress lucilla which is private

and invite-only they've kind of that will the met their met the vet who they bring on the platform because it quite exclusive things like that the u.s. departments and it's a paid program that fastest hacker one which is a non paid program you've also get cobalt which is more like painting as a service but it's still about bodies so essentially you get paid like you do to be to are people gonna be to grant whether you find stuff a lot some work that way the paint everything want to put this is it can be easy money so it's some of the contracting and so they're that kind of for one there are other ones there's also one that's

launched the EU called integrity I think role yeah the VP quite big box as well there's been a European directive that's been put in place for a lot of open source software there's no on that platform they will pay you for finding bugs so if you're fuzzing like let's see for example you find box they'll be money for it and some are things with my you'll see another person pieces so there's lots of open source and stuff on there and they're also big banks egg banks or ing of just wants to program on Tegrity and they pay maximum things like twenty thousand euros which at the current state of affairs is about twenty thousand pounds or more so yeah it's

pretty well so there that cannon beam platforms and I'll free the setup for as well which is a big benefit because obviously you're essentially getting something for nothing but you're doing work but you're getting paid for it it's pretty good but then who does them basically anyone anyone who's interested in security and kind of offensive security can do bog bodies I'm not necessarily new just be successful in doing them but you can try and you can even if you don't get any monetary payback you probably learn something so a lot of things that I've learned from doing hogs I've fed back into my can have data on pentesting in particular I write a lot about a

great threat and three or four blog post above xxe so external XML entity injection basically fuzzing API so interfaces and getting files back and this at that and I've been able to use it in pen test but it's paid pretty well in bog body so that using that technique and building tools off the back of that has been very useful so the other thing is when you do them well for some people they do it full-time I know a few guys that that's all they do that's their only source of income and it pays pretty well there's guys I know that plate was a guy in the States and called Ogeechee which is handled easily at half a million dollars in a

year a lot of money you would make that knowledge and tester you maybe stroking it as a business so you've made that just just by doing bug bounties so it's pretty it's pretty decent when you do them well you can if you're Phil Taylor you make it into the secret I got into some point in the candle all things essentially doing your day job but then doing research from like six to six and whenever you don't have to but the more time you put in the more rewarding it can be but then your based on the program to do it on pieces but anyway that's the kind of the over of you then we talked about the tools techniques and

procedures so the tooling that gets released and the procedures that get list they're the same but different so the question might be why why is that save in the sense that the you still have the scouting you still get the Recon you still get exploitation but more and more tools have been developed for specific pod classes so things like a sequel map everyone started automatically mark udall it's used for sequel injection there's specific tools have been built for specific types of sequel so someone's built up to copy years ago design from Oracle and it will fetch out not even not just sequel injection but old fresh out information disclosure and like Oracle e-business suite and middleware and kind of think

like big platforms and there's other tools that are designed for specific things you wouldn't normally see the Pentax I wouldn't you know the X quite a pen test because I have pen test ethically speaking you're constrained by the scope the quite so if you find for example a sub they take over ninety days I attend you're not able to exploit that or you wouldn't devote exploited because the client might not under them in been a bug based perspective slab ops probably one of the bigger companies that this happens to a lot if you if you find a a DNS traffic in a cname record that has and whatever domain calm and it's pointing to like cloud front which

is on Amazon you can claim that proto front domain and posted on content though from a malicious perspective you can leverage that for things like watering hole attacks or posting malicious content you can leverage it for fishing so you could set up a point point that to your domain set up MX records an essentially email from that domain so there's lots of things you can do with that then a pen test you might see or yet it's vulnerable to something like even work but you're not gonna exploit it because if one you see the score to the pipe made out all it so that that's the kind of the crops over other things like asset identification

you don't really see it in pen testing as much this is like going really deep and recon you do see and things like red team's where you've got like sorry for mine days they're going do the engagement and ten of those days will be for intelligent cabinet but in in the bug burn is really like pass identification and recon there that's the kind of medium potatoes that's the main thing you want to do because the more recon you do the more kind of external footprint you can find an organization and the more kind of to see things you can look at but using things like the wayback machine and anyone it doesn't go very like machine basically

you can go back in time and look at the means and things that we owned by companies look at what they were like five years ago or ten years ago or even for the fact phone things with em busy terms that their way back URLs written by basically Tom who stood it didn't work shot this morning you can feed it a list of URLs Al Gore we through the Wayback Machine create and find like paths of what might have been left over apps so I've used that in the past to find my PHP myadmin and interfaces on all the domains but the thing being that the domain might not like might no longer be tied to the company but it was still all

the IP so they've taken the hostname off for the eyepiece they launched the company you got the IP / PHP map and then boom you're an admin admin no in some platforms that's an easy hire at high risk so like $1,000 $2,000 I've had a few that have been like 1500 bucks just just for like 10 minutes what that by doing recon is it Peas they hacking pays train pays but trains bad don't do friend so breaking stuff with squad suppose have what falls into a bog body falls into paint test as well and obviously you don't want to bring your production system down if you can help it but at the same time in a burning

perspective if you can prove a risk to the client so see if another claim if you can prove arrest the program being write a phone of cross-site scripting here and the fight was a little risky it's like no but I can use this to change everyone's password so that's that's chaining bugs together and responsibly this comic telling them right it's a problem I'm not gonna exploit that because that might law for your users out but this is what things to do so by taking that mentality and applying it where you can get one a good peer until you can meet the business board aware and hopefully more secure now the arguments for that respective other business goes yeah I don't [ __ ]

here and that's a little rest there 100 bucks or an actual fact is high risk or maybe in a crackle dependent mother dude so the other problem you have with pen testing as I've mentioned a load is keeping in scope now arguably speaking you should probably keep your scope in you're doing progress but some things the coolest project you find out about of scope and sometimes if it's high risk enough companies will consider it I'm not advising going out of school it's not a good idea but sometimes like just going that a little bit farther and finding something in cheer together will get the P o and actually protect the business things like data breaches not saying

that Pompeii prevent their pictures but the certainly each companies and finding things that we wouldn't normally discover in their annual compliance based pen test where you've got to these to look it up that's the other difference between bugbears pen testers in essence a bug but it's like continual testing whereas pen testing is that you didn't take and that the only but that's that's another topic entirely because I could go on about it for weeks remember two weeks but ages there are things the techniques I've talked about recon enumeration is once you've done your recon do you start the debate through everything so you find all URLs you start to enumerate you pass you start with your IPS and I tend to do a

Mariko and I'll look at the company find the IP blocks they own then do an nmap scan of just the top hundred boards to see what's setting up and then I'll run other tools through the screenshot web app so if things are under port 8080 or eight four four three or like other things a lot of also written one-liners that will be and send like using netcat send and packets individual ports there was probably the best ping bugger or pornhub was I found stating server that they owned that had memcache opened which is a it's basically a service used for caching stuff other time when I found that than the word dead by whether we're at the dock and went oh [ __ ] this

is pretty serious so I submit to them the word right cool there's fifty dollars I was like hold on saying that's [ __ ] like that I can literally wipe everything off your staging server compliment memcache eight months later they went oh yeah we made a mistake here's two thousand four hundred and fifty dollars there's a 2500 thorpey oh it was like sweet buying a car sobaka not the one I've mother warned about previous cart that but it was pretty decent it's nice when companies do up companies that I would do that is nice but the aspect of that is in bug Bernese you have more well argue speaking you have Morris teleporters they were doing a you

know pen test no I was the case sometimes you find a shared a pen test you trigger you get Intel networking bits and pieces but my pocket find a lot is sever said request forgery and leveraging that to get a shell on an internal network can be so much fun find an app that's responding to something or another and you can send commands to the internal system so you can use that this internally scan service so doing taking a recon and putting it back into the police you you pop server side request for you go back to recon you start to scan in town network find mother eyes know this is down to scope I wouldn't go to five because there's

people in the past who have been absolutely bond from this they've gone too far companies going right and [ __ ] soon you if you're in your phone says to the other so yeah tread tread carefully and it depends who you're going after if you're finding bugs in the US government I wouldn't recommend going to a deep because they don't like it and don't why they just thought well then the other deafness between pain tests and bugbears is reported typically speaking in a pen test you write the report this for average 30 pages 40 pages like one maybe 100 pages in a book Bernie you're you're not writing masses you're maybe right in two or few pages tops you're right in

the Koran part you're writing the recommendation not always but most of the things written recommendation they write in the effective areas but the biggest part you write in a lot of but I see it lacked a lot of pen test reports is the steps to reproduce because it might not be important but if your recommendation the penthouse reports good enough the criteria 3 which is anyway but in a fog pony it's how you're been paid if you felt good good step 3 produced you can call from the company they're not going to be in and because like I fo nexor says here's the like most companies go I so [ __ ] like whatever but if you can write this

iPhone this sword processes a recession XSS it's on this page basically access this Vienna then they're more likely to go break cool this person knows what they're talking about they haven't just point to at it happens it pulled out this sort of dope it got an idea so that's that's the kind of reporting aspect things it you can then the techniques procedures a lot more stuff in background I've seen has been automated so people are right in frameworks that door we and these scan things they scan sure and they do open source intelligence gathering and they kind of gives you a thing back and then it'll go through the whole recorded narration and put it to the point of

there's what they're not polit if there's some people that I know that written tools are one-click footage so it will score we scan the horse find the things pop the easy hanging fruit and then regular report and then you just go put a nephews update I think Rob Rob's got tool that does someone stuff for his own patch looking so cheap well there you go so follow me in the hole high in fruits the fun stuff so I mentioned that earlier the other benefits in bone is yeah yes and cool swag I've got some cool t-shirts from these guys but you also get the hack and quite cool system so I've done some mainframe stuff and bug variance which

is be interesting having never tasted being friends before that people in the group are older than me who've seen mainframes and pentest I haven't by got to hack of them and I got to find like real-time bus which is quite interesting what a hacker system that tracks are party helicopters so not quite fun a friend a bug where you could basically locate where a helicopters were and get into like I wanna help over there kill will bring it over wander so I contacted the program that went right I found this bug the red coupe just thought I'd help up I'm like no no like Gardens tinyint we're gonna [ __ ] elephant from a garden and so I reported that it was it

was a duplicate unfortunately but it was pretty cool anyway I've also got to see like ship systems you see the more you see that sort of stuff and paint testing as well but it depends on bytes if you're working with what you have Odeon stuff you'd probably get ships probably planes maybe you get serious it's got like bikes and stuff but the thing you don't get to see is inflating the theater systems about some people could but I I was at DEFCON three years ago or four years ago and one of the finds they hadn't won at one of the bug by April I was happy and flight entertainer system so you couldn't hack with it and then a

flight back from Vegas at the same in flight in the same system but I didn't hack it on the plane because I'm not mental you can't prove anything and so the difference is from pen test and this is the sort of stuff was hard on up an earlier on in pen testing you find weak SSL yep cool tella quite in a bug Bernie nobody gives a [ __ ] like you've got weak SSL so far if it's hard please yeah cool you can dump memory dump and less than that but as a program of interest that if you've got if you're messing like weakside for a medium sized milk chefs given if you're messing content security

policy yeah kill what mess the header together [ __ ] however if you can leverage it to get like cross-site scripting or something then it's an issue but we are all completely able do get the [ __ ] out of here and no no more rows of Meggie that anyway and it's about the quickest person fast and finding impactful fun abilities so if you're finding these sort of things [ __ ] rethink your life and in my moments not just not just in general yeah you want to be looking for things like remote code execution server-side request for a stored across this whole thing and reflected thinks that subdomain takeovers and then looking at the kind of recon so looking for things

like SSH keys though where would I find SSH keys get out.get hubs a big one I was gonna answer my own questions rhetorical so you could get help you good things like googling things if you just do go start private key or even things that he spent you'd be surprised if people just post the public and private keys in the index page of their website I've seen it done though I do but also leveraging that with things are the Wayback Machine you can start to look at maybe a company who thinks they've removed things but they've not reset the keys so they've remove the keys offline but have not change them so I found private keys for what was the

company's come as a payment processing company not going to mention them for his that's a private program that had SSH private keys to their production payment card terminal systems that was on the wayback machine that did not cycles after the tip though so something obviously spoiled like oh that's a problem we should take that down but he hadn't cycled the keys so use the SSH keys to log into the payment card system to download the antenna API document documentation exploit the API that was public facing undocumented and a sub-editor port like 42 so they've realized it and they've gone holy [ __ ] this is pretty serious and but they haven't given it I might this critical

they've bone marked at the high but they haven't payment on it yet so it could be quite interesting but they're there's money in it points to be made because who doesn't like internet points yeah so learning is a learning a maturing market a lot of kind of I want to see homes like haka 1 and Bach road ant an extensor neck and proper coolbot all for their looking to the police pain testing looking to break that market and be light rate going to go into businesses and go to acts that you don't need Patterson every year will do pen testing because it's a bug buddy but an actual fact people like this pci-dss does not like that you want to have

yearly pen testing we want to have certified company because who knows belly nor mates may be just running C co-op or necess or whatever and that's not doing it you know you're not get that professional knowledge not getting people who are certified also Bugs Bunny's there's no guarantee that you're not going to flip over a system in pain test and at least more said time you're responsible what you're doing you're not just gonna run a tech equals drop tables or you might if you're on Muppet but like we've all done it at one point on Luther probably on but not on production system hopefully but it's having the understanding that bog bunnies aren't peddlers and they don't really spend

testing and the same with the pen testing isn't bog bodies that the mature organization should or I'd encourage them to have both pen testing and the Beaufighter platform obviously it depends on what date you're dealing with you can vet who you've got how valence your platform that it means you've got a more kind of get a rounded security model because you're getting your compliance based testing and maybe even grant even but you're also getting like your external parameter constantly tested know if you're chained up you're probably costly testing things anyway but you're not telling them about it so the benefit of having pod but is is you're you're having that question reaction and you might know about things

internally but being like confirming it with external bodies is good so that's essentially my top and rattled through it I did it in 30 minutes ago they started prior to so that's that's not too bad and has anyone got any questions and this is how you failure that I've got a blog that's been Twitter and this is my new project which I'm not this course and what it does yet but yeah is there any questions question was where they getting beer it's not beer something gave me it and and any other questions yes

when my that gets the ice level today now we're not so his book bounties of waited to them to start legitimizing knowledge our kids out there who got killed again out there who controls live sites enough the TLDR on this question because I need to repeat NSF TR TLDR are kids kids debug bodies may be intended goodness no longer answers and see if they've got the skill set the the problem with some bug bite part poses and landed by age so you need to be a minimum 18 years old some companies won't pay you if you're underneath you don't know why I mean anyone should bill to be a bunny but tax and stuff but

essentially to answer your question I don't know I don't I don't know if it should be retrained or funneled into it because you're right the education system is [ __ ] this country that they are taking steps to improve it since I started industry when I when I first when I first graduate all those years ago the music or something and I know I'm young you guys probably a Jew is like a century ago but hey and sorry if I offended anyone and there's there's more and more security programs out there like those things like cyber Fox there's like sub security challenge there's more college courses and unique courses and even in Scotland happiness going fast ignored decided they liked it

and it's going there is a higher so from like age of 15 or 16 you can do a higher and ethical hacking and there's no GCSE I think is England when all that's a [ __ ] good idea let's do that and then nobody gave for Scotland Danny credit because looked at like Scotland that's another reason anyway in the and sorry I'm yeah plus design she's not at school if the understand if you can get people who have got a skill set if you get people skill set and the the understand how this group works if you go ahead scope the NCAA come in your door and ruin your life if you stay in scope they

don't ruin your life they pay you some money and when you're old enough you can drive a nice car there's people I know who are driving like skylines at age of like eighteen sure well I mean if you add enough money you can invite by Stalin for 20 grand pay 20 grand in insurance lists and the other one questions Cui's completes how do you about me again that sort of consistently the programs that yeah the big books the products so the question is how do you hope you consistently make tons of cash and essentially there's no foolproof way of doing it but in terms of my methodology I think you look at programs that one mature so lightly to understand

what classes are and to have a good pay table so line the manape Oh probably $500 is what look at and there are some there are some Elaine stuff like the Pierre mostly give you a millionaire like your mom's watch in the state nor the you keep and the station you pay tax on so if you have a millionaire miles they'll catch you however much that isn't real money in the UK is fine so just do the UK against yes not a good program Facebook you've got a good program Google have all I've also got a pretty good program we also go good for public good program but that's only if you're over the age of 18 so

it's also quite distracting sometimes yeah I've got good ones well they restructure yeah would you see it's for someone trying to begin to get games is it more likely to go for a smaller company where someone might not pay Lutz I don't think my people go for a larger company we'd have more sort of almost amazing services and sorry bad points that you could actually paid I'd say I'd say go after but personally speaking I go after big scoops because using a lot recon you some things find things that other researchers have looked all about thousands of times but you find the level of some of our billet that you like the the what a fun reason that that

payment card so that that program has been looked at the death by I think they've got like what two thousand solved reports so they've had lots of people looking at it I found this by trigger and lots of different best business it's by doing effective recon and effective enumeration fine bumps that you might not think you could and today it's about Google and things like what I do at a job and it's my doing my ponies if you find that a bug that you're not sure about google it go and read about it and then try and apply it back and I've come to the point that if I find a bug that will show you

interesting I'll stand up an instance of it so if I find like an article and middleware for example I've got article vm's that will stand up and try things against us find out where the paths are don't know what place they could fight off against the target so your enumerate and finding stuff it's gonna reset it the more time you invest you'd like perfect practice makes perfect this I think it Bruce Lee said not practice means prices me perfect you can practice things [ __ ] a million times and you'll be great at doing it [ __ ] Lee but if you practice doing it well you'll get good at doing well that's the mentality at

five more classes well if you practice really well punchy really wet [ __ ] you'll have a broken hand for ages if you practice really well that's people have broken cases so that's the way don't go punch of people but that's the yeah any anyone else we're dead no anyway but hey was got any questions at penguin tomorrow and pay me afterwards and yeah I'm not Dave thanks for less than you