Mike Ritland
π€ SpeakerAppearances Over Time
Podcast Appearances
You want to neutralize all your stuff. However, if you're blue team and you found this, you can also use one of these to dump every bit of firmware that's running on here, which will include payloads and all this stuff. So as long as, you know, it hasn't been self-destructed, you can just dump that and do a full forensics on it. So they get to practice as well. Wow.
So, yeah, we've done a lot of things that kind of show off the forensic capabilities and ways of approaching. So it's meant to be holistic for security, not just purely offensive use. But it's really about raising the bar, basically.
So, yeah, we've done a lot of things that kind of show off the forensic capabilities and ways of approaching. So it's meant to be holistic for security, not just purely offensive use. But it's really about raising the bar, basically.
So, yeah, we've done a lot of things that kind of show off the forensic capabilities and ways of approaching. So it's meant to be holistic for security, not just purely offensive use. But it's really about raising the bar, basically.
I doubt it. So these are highly targeted. So it's kind of... Things like this. Yeah, exactly. But I think it's good to think about it. Like, let's step back to, like, a different type of crime. Like, pickpocketing versus, like, Ocean's Eleven bank job, right?
I doubt it. So these are highly targeted. So it's kind of... Things like this. Yeah, exactly. But I think it's good to think about it. Like, let's step back to, like, a different type of crime. Like, pickpocketing versus, like, Ocean's Eleven bank job, right?
I doubt it. So these are highly targeted. So it's kind of... Things like this. Yeah, exactly. But I think it's good to think about it. Like, let's step back to, like, a different type of crime. Like, pickpocketing versus, like, Ocean's Eleven bank job, right?
Like, this is more on the, you know, the bank job, whereas pickpocketing, that's what you're more likely to experience as just a random individual.
Like, this is more on the, you know, the bank job, whereas pickpocketing, that's what you're more likely to experience as just a random individual.
Like, this is more on the, you know, the bank job, whereas pickpocketing, that's what you're more likely to experience as just a random individual.
that's going to be more equal to like phishing emails, like really low-grade commodity malware type stuff that's delivered over email. Like the risk of physically delivering this stuff is too high. Or in the case of like, oh, we're going to contaminate the shelves, right? effectively, online or not, that's so high cost and so easy to find.
that's going to be more equal to like phishing emails, like really low-grade commodity malware type stuff that's delivered over email. Like the risk of physically delivering this stuff is too high. Or in the case of like, oh, we're going to contaminate the shelves, right? effectively, online or not, that's so high cost and so easy to find.
that's going to be more equal to like phishing emails, like really low-grade commodity malware type stuff that's delivered over email. Like the risk of physically delivering this stuff is too high. Or in the case of like, oh, we're going to contaminate the shelves, right? effectively, online or not, that's so high cost and so easy to find.
You just need one person to detect that this happened and we'd all hear the news story. Which kind of reminds me of that Bloomberg grain of rice story, right? Which was complete bullshit. My friend Joe Fitzpatrick is a great guy to talk about this, but basically there was this Bloomberg news story that a little grain of rice component was found implanted in a bunch of servers, right?
You just need one person to detect that this happened and we'd all hear the news story. Which kind of reminds me of that Bloomberg grain of rice story, right? Which was complete bullshit. My friend Joe Fitzpatrick is a great guy to talk about this, but basically there was this Bloomberg news story that a little grain of rice component was found implanted in a bunch of servers, right?
You just need one person to detect that this happened and we'd all hear the news story. Which kind of reminds me of that Bloomberg grain of rice story, right? Which was complete bullshit. My friend Joe Fitzpatrick is a great guy to talk about this, but basically there was this Bloomberg news story that a little grain of rice component was found implanted in a bunch of servers, right?
And it just doesn't make sense, which is why that story didn't make sense, because there are so many other ways of approaching that that are way less detectable. Does anybody, like, how do you control where that goes? It's very hard to control where implanted hard work goes. And if you don't have control, anyone's going to find it.
And it just doesn't make sense, which is why that story didn't make sense, because there are so many other ways of approaching that that are way less detectable. Does anybody, like, how do you control where that goes? It's very hard to control where implanted hard work goes. And if you don't have control, anyone's going to find it.
And it just doesn't make sense, which is why that story didn't make sense, because there are so many other ways of approaching that that are way less detectable. Does anybody, like, how do you control where that goes? It's very hard to control where implanted hard work goes. And if you don't have control, anyone's going to find it.
I think the closest you can get to that might be that Israeli pager story. where they had to create a fake manufacturing plant to develop these things. And that is how they controlled where it went.