1 00:00:00,000 --> 00:00:08,280 no wonder actually like st. Olaf has been really awesome like almost another 2 00:00:08,280 --> 00:00:11,610 actress now that was pretty awesome 3 00:00:11,610 --> 00:00:17,698 we have your day and your order where we have you know sitting on the floor so I 4 00:00:17,699 --> 00:00:21,900 mean it's just been really today really have to get off the market 5 00:00:21,900 --> 00:00:25,650 I gotta be sure to give away first person to raise your hand when you 6 00:00:25,650 --> 00:00:28,740 sponsor this etf right 7 00:00:29,939 --> 00:00:43,800 oh ok I'm gonna let me thinking it was it 100 points are able to a little of 8 00:00:43,800 --> 00:00:44,788 onions 9 00:00:44,789 --> 00:00:51,629 alright alright often works hard 10 00:00:51,629 --> 00:01:05,670 ok so in this last year the track so i have you John board thanks Bill that 11 00:01:05,670 --> 00:01:12,240 actually are everybody will love the size board is a security and solutions 12 00:01:12,240 --> 00:01:16,860 and a lot of things in the community just as a person here so thanks Phil so 13 00:01:16,860 --> 00:01:21,930 my name is John Kerry for this is a company is my co-presenter we're talking 14 00:01:21,930 --> 00:01:26,369 today about hiding within so this defensive trash off the most part of it 15 00:01:26,369 --> 00:01:28,140 has seen ya comin 16 00:01:28,140 --> 00:01:32,159 we're going to talk a little bit more today balls enhance education experience 17 00:01:32,159 --> 00:01:36,060 toolkit so this is a pretty solution of microsoft has had several years now 18 00:01:36,060 --> 00:01:40,079 people have in their environments show fans going to be well actually this 19 00:01:40,079 --> 00:01:44,699 whole for ok so how many people feel that they are pretty comfortable with 20 00:01:44,700 --> 00:01:51,119 musicians cool it will plan on it up another thing how many people they 21 00:01:51,119 --> 00:01:52,439 really know the soul 22 00:01:52,439 --> 00:01:57,298 ok very advanced all people it's one of those things it seems like that might 23 00:01:57,299 --> 00:02:01,659 talk about where there's a lot of times people are using it but there 24 00:02:01,659 --> 00:02:06,399 understand fully how is always hot control and manage it and how to push it 25 00:02:06,399 --> 00:02:14,470 to their environments so started talking about pretty much the overview of limits 26 00:02:14,470 --> 00:02:17,650 what it can do for us we're going to go into using independent security 27 00:02:17,650 --> 00:02:21,849 historical issues we're going to talk a little bit of some of the law's passage 28 00:02:21,849 --> 00:02:27,579 and a myriad of things that Microsoft has done trying to get going is retold 29 00:02:27,580 --> 00:02:32,709 it's not something that is a great discussion about is ones with you know 30 00:02:32,709 --> 00:02:39,489 you know how to use writing is very good solution provided in slc all securities 31 00:02:39,489 --> 00:02:44,170 or center is going to grate on things right now for as many people know we're 32 00:02:44,170 --> 00:02:47,559 looking at you know some next-generation windows stuff coming out of the 33 00:02:47,560 --> 00:02:52,660 woodworks and diet coke whores a lot of things going on right now windows making 34 00:02:52,660 --> 00:02:58,690 it more interoperable x lion server for coming out so a lot of people think of 35 00:02:58,690 --> 00:03:03,160 what are we doing moving forward to maintain this tool and then a Michaels 36 00:03:03,160 --> 00:03:08,049 gonna get a notice the demo we're going to break everything down show you some 37 00:03:08,049 --> 00:03:12,040 things about a minute show you that it works sure that it doesn't sometimes and 38 00:03:12,040 --> 00:03:14,709 o-obviously how to use it more effectively and then we'll go to the 39 00:03:14,709 --> 00:03:22,000 discussion questions so okay that's twenty dollars with the metroids no 40 00:03:22,000 --> 00:03:28,660 that's not what is your nominee is on the there's a lot more people think that 41 00:03:28,660 --> 00:03:32,950 those tools where you just very quickly qualified you're trying the best and 42 00:03:32,950 --> 00:03:38,048 bruising and you want but absolutely for coming here today to go back and have a 43 00:03:38,049 --> 00:03:42,370 game plan for uses more effectively as well as up if you have an environment 44 00:03:42,370 --> 00:03:45,370 where you train others from them as well 45 00:03:46,660 --> 00:03:55,180 alright so you really have two handles of recently a mystery boots got people a 46 00:03:55,180 --> 00:03:59,750 little bit about be so for coming heroes in seattle he's been a lot of time 47 00:03:59,750 --> 00:04:04,040 over guys all then the building community ever get the chance actually 48 00:04:04,040 --> 00:04:07,820 had also right NW washington stop by some their meetings they have like 49 00:04:07,820 --> 00:04:09,019 meetups and stuff 50 00:04:09,020 --> 00:04:12,260 the couple hundred developers get together with the stash a lot of things 51 00:04:12,260 --> 00:04:18,349 the college's school I do a lot of things with charities the most part and 52 00:04:18,350 --> 00:04:25,820 uh yeah they got some pull behind and right now i'm working on that g security 53 00:04:25,820 --> 00:04:34,310 also correct information technology on board or a capital so next is a little 54 00:04:34,310 --> 00:04:35,180 bit about me 55 00:04:35,180 --> 00:04:38,180 you can read the slides pretty self-explanatory 56 00:04:38,780 --> 00:04:42,380 if you have her semester stag is basically a vulnerability networking go 57 00:04:42,380 --> 00:04:46,520 into your game so the whole flows all the different bonobos you think about 58 00:04:46,520 --> 00:04:49,310 for my strings of mines 59 00:04:49,310 --> 00:04:56,390 I mean you name it we also have a web web app intestine and women RC challenge 60 00:04:56,390 --> 00:05:02,510 so once you have it you have it go smash that or check it out and that's me 61 00:05:02,510 --> 00:05:11,960 alright so begin to define a little bit more buying and planning in better 62 00:05:11,960 --> 00:05:14,960 detail so what it is why you should care 63 00:05:15,470 --> 00:05:21,320 alright so basically looking back and experience will get one of the things 64 00:05:21,320 --> 00:05:26,810 about this is a lot of you and with minors all visual i really was brought 65 00:05:26,810 --> 00:05:31,520 forward and honest though we could actually handle all the applications out 66 00:05:31,520 --> 00:05:34,580 there in the wild a lot of people running older server editions they have 67 00:05:34,580 --> 00:05:39,229 applications are proprietary third party and you have to maintain and simplest 68 00:05:39,229 --> 00:05:43,760 hey I'm going to my operating system patch everything for today and we're 69 00:05:43,760 --> 00:05:49,909 going there was a lot of issues that we did not angry for example 64-bit 70 00:05:49,910 --> 00:05:54,530 application architectures so microsoft security service and hey what can we do 71 00:05:54,530 --> 00:06:01,039 to try to bring some of the software patching homelessness is as patty vs but 72 00:06:01,040 --> 00:06:06,470 it was the mentality and say what can we do still need systems to protect against 73 00:06:06,470 --> 00:06:11,360 advanced memory exploits convertibility is out there so they came up with them 74 00:06:11,360 --> 00:06:15,530 and for that purpose and its free still maintained as we stated mitigate your 75 00:06:15,530 --> 00:06:18,650 abilities and software so it's awkward fall protection 76 00:06:19,340 --> 00:06:24,200 we're ready to the slide later on a little bit even explaining more about 77 00:06:24,200 --> 00:06:30,469 the actual security tools work and then I cyberattacks corruption so a lot of 78 00:06:30,470 --> 00:06:35,180 things working with rock tax returns and programming all discuss step farther 79 00:06:35,180 --> 00:06:46,490 apart so luck command line line line tells you there's different things for 80 00:06:46,490 --> 00:06:50,780 us is just a week for the most part people many people have actually worked 81 00:06:50,780 --> 00:07:02,570 ok pull in right now is that we shared some of these poses where you want to go 82 00:07:02,570 --> 00:07:03,380 with it 83 00:07:03,380 --> 00:07:08,570 rats and micro that is low and also change your configuration is releasing 84 00:07:08,570 --> 00:07:12,229 manage their the command line to it can aid and detecting targeted attacks a lot 85 00:07:12,229 --> 00:07:19,400 of people and cyber intelligence level radio siren when you talk about how 86 00:07:19,400 --> 00:07:23,810 great our controls you can actually break down every school has control of 87 00:07:23,810 --> 00:07:29,990 protection Foley have been and who are these DLLs and all these processes so 88 00:07:29,990 --> 00:07:35,180 when you use that effectively that can help right so we're talking about a 89 00:07:35,180 --> 00:07:38,990 maybe I want to see my browser surprising hacks 90 00:07:39,820 --> 00:07:45,760 right so you married and all and then help you troubleshoot you get in step 91 00:07:45,760 --> 00:07:50,380 forward and within that you can actually control how certain applications utilize 92 00:07:50,380 --> 00:07:57,250 its functions and then a heavy on every protection but also SL thanks so you 93 00:07:57,250 --> 00:08:09,070 have things that you might actually like really mind and so this is opening 94 00:08:09,070 --> 00:08:16,300 microsoft recently certified sighs how many days there explicitly microsoft has 95 00:08:16,300 --> 00:08:21,100 several it's not very warm though very little warning pre-certified websites 96 00:08:21,100 --> 00:08:25,420 you can work with getting one there is really just something there are working 97 00:08:25,420 --> 00:08:32,500 actively are now you know building into that function so next like alright so 98 00:08:32,500 --> 00:08:41,169 this is a breakdown of graduates . is there really a whole but you know this 99 00:08:41,169 --> 00:08:45,160 is actually break down all the nation's efforts that Morris towards these are 100 00:08:45,160 --> 00:08:52,810 all sizes and every one of these is able to call on some of the work comment 101 00:08:52,810 --> 00:08:57,760 you're gonna probably cultivated just working with energy related programs so 102 00:08:57,760 --> 00:09:04,630 breaking it down different programs lots at its execution flow where things are 103 00:09:04,630 --> 00:09:08,500 getting called in from our ties every production functions to make sure that 104 00:09:08,500 --> 00:09:12,190 we're not executing things from areas memory that's you know not supposed to 105 00:09:12,190 --> 00:09:18,520 be marked as rewrite this one really i was going on that so what that looks 106 00:09:18,520 --> 00:09:21,819 like that's all on Microsoft's official documentation by the way 107 00:09:22,990 --> 00:09:26,530 alright so using any with defenses so we're going to actually get into talking 108 00:09:26,530 --> 00:09:27,430 about this 109 00:09:27,430 --> 00:09:31,329 so what cyber protection is to provide 32-bit legacy applications that were 110 00:09:31,330 --> 00:09:37,120 older already that I asked my little wow this is very common 111 00:09:37,120 --> 00:09:40,420 so Michael works a lot with compound and 112 00:09:40,420 --> 00:09:49,719 that is more than I think about this here but not coder anything i wanted to 113 00:09:49,720 --> 00:09:50,589 go already 114 00:09:50,589 --> 00:10:00,310 awesome family yeah decided a little oil very visual people we work along ie8 all 115 00:10:00,310 --> 00:10:10,060 setup really low budget allows i do you know British automated process for years 116 00:10:10,060 --> 00:10:10,779 gross 117 00:10:10,779 --> 00:10:14,620 so a lot of people there a little while developing applications they don't 118 00:10:14,620 --> 00:10:18,910 really designers and compilation process is not Valerie everything else does a 119 00:10:18,910 --> 00:10:22,839 lot for is really thought this little bit more private parking lot of your 120 00:10:22,839 --> 00:10:28,120 applications and features that provides the ends so a lot of the older compilers 121 00:10:28,120 --> 00:10:35,350 are you know always at a certain angle on moving into the Prophet time we have 122 00:10:35,350 --> 00:10:41,260 64-bit so the latest evidence under the spell of 10 years and you know instead 123 00:10:41,260 --> 00:10:45,339 of applications that are being pushed down a little bit even today we don't 124 00:10:45,339 --> 00:10:51,699 have a special so Microsoft Excel software does maybe it doesn't have to 125 00:10:51,699 --> 00:10:55,990 be provided finest protections it will absolutely work to protect their 126 00:10:55,990 --> 00:11:04,779 applications will see your butt is an assault can absolutely save review it 127 00:11:04,779 --> 00:11:09,399 may actually cause complex functionally so the cracks and trying to protect them 128 00:11:09,399 --> 00:11:15,640 memory actually causing not to work so be cognizant of that and then on done it 129 00:11:15,640 --> 00:11:18,519 for these courses required . about that next 130 00:11:18,519 --> 00:11:23,829 alright so this is kind of a continuation on new tricks all platforms 131 00:11:23,829 --> 00:11:27,849 really thats it's not what your Pony though just be understanding that and a 132 00:11:27,850 --> 00:11:32,800 lot of business that's a really good thing today to talk about its you how 133 00:11:32,800 --> 00:11:35,800 many people work with man security or 134 00:11:36,370 --> 00:11:43,000 services are you a better one to so many times to get the best of our clients 135 00:11:43,000 --> 00:11:51,670 like hey I got the same i no want yous all right yeah all the time and so many 136 00:11:51,670 --> 00:11:54,310 people generally just to say what Michaels gonna show you the demo what 137 00:11:54,310 --> 00:11:58,599 you can do to actually I'm not just nude women to use more effectively and then 138 00:11:58,600 --> 00:12:04,450 you can have your sock into all options for every single or double deduction is 139 00:12:04,450 --> 00:12:10,810 the medications but that was not the roscoe programs videos all this land is 140 00:12:10,810 --> 00:12:15,489 like a higher level you know your science forever then you know he's going 141 00:12:15,490 --> 00:12:22,450 to act not never usually start working correctly understand and take time to 142 00:12:22,450 --> 00:12:26,770 basically all of these controls we're not saying that you're going to get the 143 00:12:26,770 --> 00:12:31,870 wii's everywhere and how we're doing everything and operate all you just need 144 00:12:31,870 --> 00:12:38,740 to do have the functional use productions for profit colleges i said 145 00:12:38,740 --> 00:12:43,450 earlier or maybe sure it's perfectly options might be called in from other 146 00:12:43,450 --> 00:12:50,320 libraries that are relevant portion as late as an example of something that 147 00:12:50,320 --> 00:12:54,160 flows careful because what it does is it's actually going to run through the 148 00:12:54,160 --> 00:12:55,719 process execution 149 00:12:55,720 --> 00:13:02,830 that's a couple of times so think about is I this is going and then ok really 150 00:13:02,830 --> 00:13:08,440 should be colleges that jump return i'm almost at obviously commands move around 151 00:13:08,440 --> 00:13:11,230 so many little lightheaded 152 00:13:11,230 --> 00:13:17,050 that happens a lot with LLC people just are . happens right so the right is 153 00:13:17,050 --> 00:13:20,229 exploit the transport . things and everything comes from also other 154 00:13:20,230 --> 00:13:23,290 application you got like something like Windows Update running in the background 155 00:13:23,290 --> 00:13:29,110 is really cool guys little pieces of code memories already loaded from some 156 00:13:29,110 --> 00:13:33,040 other process a little function and you're trying to attack process so they 157 00:13:33,040 --> 00:13:36,130 try to reach out there and say I want to get a look-in something that i use is 158 00:13:36,130 --> 00:13:37,570 legitimate 159 00:13:37,570 --> 00:13:40,870 you know I didn't memory for windows right now i should think this is great 160 00:13:40,870 --> 00:13:46,000 work so don't really were smitten the left side 161 00:13:46,000 --> 00:13:55,450 I mean you have talent on the right side it's part so Chris teasing him and a lot 162 00:13:55,450 --> 00:13:59,650 of people tend to forget that there are sea losses with a horse best are rags 163 00:13:59,650 --> 00:14:06,250 your memory way was programmed you may use places one of the things that man's 164 00:14:06,250 --> 00:14:17,470 issues powers and also the gravitation crash and then the bargain results when 165 00:14:17,470 --> 00:14:21,130 sorry I want it on the slide because it's more operational control but of 166 00:14:21,130 --> 00:14:28,480 course it is good you sell your belly but do not question how is always best 167 00:14:28,480 --> 00:14:34,870 Trollocs play around a little bit you can take all right and then SL paying 168 00:14:34,870 --> 00:14:39,190 don't really depend on it right now 31 and got a little more lust for users to 169 00:14:39,190 --> 00:14:48,339 be a little more control and hard as it is to travel is quickly little bit 170 00:14:48,339 --> 00:14:55,150 basically the past and it's had a bunch of problems okay to say no yeah is 171 00:14:55,150 --> 00:15:01,120 doesn't sell back again 474 pads rises use blue hat technologies as you 172 00:15:01,120 --> 00:15:04,120 microsoft hey so we're throwing that out there 173 00:15:05,190 --> 00:15:09,000 whoever thinks that they can actually explain memories being protected by an 174 00:15:09,000 --> 00:15:15,660 application we want to know why it's cool right there was really creative 175 00:15:15,660 --> 00:15:23,189 ideas so best in children ready ready yeah right LOL actually going to jet 176 00:15:23,190 --> 00:15:28,020 itself little production is kind of a lot of tasks work today so it attacks 177 00:15:28,020 --> 00:15:37,560 the cells like our memory is ballin so one people decided they really some 178 00:15:37,560 --> 00:15:42,030 really cool stuff to kind of moment but anyways well 64 is one of the big issues 179 00:15:42,030 --> 00:15:46,350 that we have today when running it at a horizon year versus permitted wanna see 180 00:15:46,350 --> 00:15:53,790 anything that is how a lot of issues doesn't have 64-bit projections yet it 181 00:15:53,790 --> 00:15:58,410 was while 64 fully developed so just note that that's that's important is a 182 00:15:58,410 --> 00:16:02,760 lot of browsers today I think the last year's service and values and browsers 183 00:16:02,760 --> 00:16:09,150 were actually busy been hit on a 64-bit hypervisor layer and it was like hey I'm 184 00:16:09,150 --> 00:16:13,890 protections but not my normal work because they're all headed your resume 185 00:16:13,890 --> 00:16:20,819 or so be careful with that next part so blasting through this little bit more on 186 00:16:20,820 --> 00:16:26,040 several folks and groups of men have my ways to defeated blue that we're not 187 00:16:26,040 --> 00:16:34,530 really quick about bringing labs jared montz x-axis cello reasonable model 188 00:16:34,530 --> 00:16:41,400 because it said I want a contact eric sequel credible control and arrive for 189 00:16:41,400 --> 00:16:49,050 protection so everything was innovation that you're like oh they can with some 190 00:16:49,050 --> 00:16:52,319 pretty good ideas about using stuff that's already there how we get around 191 00:16:52,320 --> 00:16:59,070 bypasses veins we can avoid color check around ya Yin and work tables 192 00:16:59,070 --> 00:17:04,949 thanks for is not real big on memory that works and show we're gonna use 193 00:17:04,949 --> 00:17:08,459 what's already out there running and you know the average man has environment and 194 00:17:08,459 --> 00:17:12,690 memory and start playing around in slc we get around by pass thanks 195 00:17:12,690 --> 00:17:17,130 alright so Jerry out that can get some return oriented programming code 196 00:17:17,130 --> 00:17:21,839 actually riding wordy and basically durable hey you know I can take the 197 00:17:21,839 --> 00:17:25,679 stuff that's out there i can actually write my own custom shows one thing 198 00:17:25,680 --> 00:17:32,130 gland is it will almost as brazen as a lot of American families returning job 199 00:17:32,130 --> 00:17:37,560 functions as well as callings you all guys from other processes that was 200 00:17:37,560 --> 00:17:44,790 pretty protective so by default and can stop those autonomously George figured 201 00:17:44,790 --> 00:17:48,300 out the custom handwriting things basically cool stuff that's out there to 202 00:17:48,300 --> 00:17:50,370 get my text 203 00:17:50,370 --> 00:17:54,689 that's basically saying the same thing Jared assume the attacker has control 204 00:17:54,690 --> 00:18:02,850 over trigger you're gonna be using our work a nine nicely and use it as an eye 205 00:18:02,850 --> 00:18:06,570 on it and I know that American production so all that research hires 206 00:18:06,570 --> 00:18:09,570 only right so the defense of people we need to be understanding a little bit 207 00:18:09,570 --> 00:18:13,200 about what the vulnerabilities bring you know other radioactive for the software 208 00:18:13,200 --> 00:18:18,630 . so Jerry exactly that and knowing that as an offensive guy he can basically 209 00:18:18,630 --> 00:18:22,530 pick it apart because there's one information on environmental controls 210 00:18:22,530 --> 00:18:25,530 and he broke his little tools basically next 211 00:18:26,100 --> 00:18:30,209 alright so our checks we talked about this a little bit just making sure that 212 00:18:30,210 --> 00:18:34,230 it's not you know using legitimate calls its not using returns and jobs all over 213 00:18:34,230 --> 00:18:39,240 memories hat coming follow place because obviously organized proper code normally 214 00:18:39,240 --> 00:18:42,840 doesn't do these things which men explain things to you know oxygen ball 215 00:18:42,840 --> 00:18:47,010 over its and then we'll talk about the library just make sure that it's not 216 00:18:47,010 --> 00:18:51,510 loading a dll from somewhere has already sitting on the same way I'm here but I'm 217 00:18:51,510 --> 00:18:56,100 not really normally used in the process is dirt was able to find a way to pull 218 00:18:56,100 --> 00:19:00,240 in solids normally do use maybe like it's legitimate kind of walk through the 219 00:19:00,240 --> 00:19:06,180 game six and then obviously this is a little man has been found he put that in 220 00:19:06,180 --> 00:19:07,049 there is because it 221 00:19:07,049 --> 00:19:10,110 in second place for the blue got challenge that's another gentleman 222 00:19:10,110 --> 00:19:14,100 microsoft didn't actually put Jared's research into their improvements they 223 00:19:14,100 --> 00:19:17,100 put the other guys and everything back in the next version found it 224 00:19:18,239 --> 00:19:24,330 alright so talk about then send exact activity f on memory protect this we 225 00:19:24,330 --> 00:19:27,149 talked about that make sure that certainly the calls are coming from 226 00:19:27,149 --> 00:19:35,369 marks at pages i know it doesn't really I'm is be right to realize that it's 227 00:19:35,369 --> 00:19:39,090 looking for that kind of stuff basically and then simply sexy clothes were 228 00:19:39,090 --> 00:19:42,869 especially flowing in from a run a few instructions ahead and let me go try 229 00:19:42,869 --> 00:19:47,158 this out its theoretically the man i call this push that is that memory 230 00:19:47,700 --> 00:19:52,289 ok that's say was i'm ok i'm actually going to return the job is just starting 231 00:19:52,289 --> 00:19:56,999 to like an obsolete . and then BF is obviously the export tables are 232 00:19:56,999 --> 00:20:00,419 legitimate is ok for them 233 00:20:01,830 --> 00:20:07,080 alright so in summary basically like I said ginger was able to bypass all the 234 00:20:07,080 --> 00:20:11,609 controls using legitimate tools that were microsoft microsoft has been saying 235 00:20:11,609 --> 00:20:17,039 something very important and it is not designed to be all you know process 236 00:20:17,039 --> 00:20:23,908 solution was designed you design make happens have to work harder to develop 237 00:20:23,909 --> 00:20:28,470 more proactive customer always bypassing these controls and sneaking through the 238 00:20:28,470 --> 00:20:32,789 gate and a nutshell it was an intern which is really the tool so moving 239 00:20:32,789 --> 00:20:35,220 forward thinking of him as an intern strategy 240 00:20:35,220 --> 00:20:39,809 thanks alright so they said try harder this is all sections you don't know I 241 00:20:39,809 --> 00:20:46,019 said that also it was like a one which are harder to head home and next so 242 00:20:46,019 --> 00:20:49,710 basically all set this really cool thing where object was like hey you know what 243 00:20:49,710 --> 00:20:54,600 that's right is injecting himself like a mature we make those things distribution 244 00:20:54,600 --> 00:21:00,719 maintain that mask worked so how does that work was intelligent process known 245 00:21:00,720 --> 00:21:05,970 as you are 16 time deal objects and cell fractions all-around process somewhere 246 00:21:05,970 --> 00:21:10,950 memory women's track and it's hard on all sectors able to find this also value 247 00:21:10,950 --> 00:21:18,210 is that is all go in there right 20 i'll link it out and show the little flags on 248 00:21:18,210 --> 00:21:23,280 set and disabled on this process so they didn't protect him and soul and 249 00:21:23,280 --> 00:21:27,540 protections blur protecting the process a little time wasn't protecting itself 250 00:21:27,540 --> 00:21:32,460 from these things as well so that's five and then also belong to the moment 251 00:21:33,360 --> 00:21:39,810 alright so anyways we get we have millions on a lot of l by Britain was 252 00:21:39,810 --> 00:21:46,620 being viable that just be home so grab yourself protected said 21 someone in 253 00:21:46,620 --> 00:21:51,449 its neighborhood process however love in place marriage is also arrival also said 254 00:21:51,450 --> 00:21:56,010 ok fine i'll set Europe and it was about next 255 00:21:56,010 --> 00:22:02,700 alright um and then they did a lot more . and then nutshell basically you're by 256 00:22:02,700 --> 00:22:03,390 yourself today 257 00:22:03,390 --> 00:22:11,670 go ahead and make that code is bad around we're going to learn to it that 258 00:22:11,670 --> 00:22:18,690 wasn't going all is ok I'm just going to go wire-to-wire noted water is already 259 00:22:18,690 --> 00:22:28,320 included in Windows naturally and now we know where you live now and I think they 260 00:22:28,320 --> 00:22:33,629 tried harder using it you know another Cody's easy goals and devices i resolved 261 00:22:33,630 --> 00:22:35,370 late around 262 00:22:35,370 --> 00:22:38,820 oh you can't find our voters will find whatever they want to do that again the 263 00:22:38,820 --> 00:22:41,280 cpuid also said okay fine 264 00:22:41,280 --> 00:22:45,480 why don't we just go to file and use this device itself a natural process 265 00:22:45,480 --> 00:22:50,730 than it used in on itself it's all physical and you know this is adamant 266 00:22:50,730 --> 00:22:56,670 that i talked about earlier people decided in school and colorful and hey 267 00:22:56,670 --> 00:23:01,860 so what you doing with you and I was recently also had a memory banks 268 00:23:02,760 --> 00:23:08,700 alright so basically moving forward here in 52 related to much to didn't help 269 00:23:08,700 --> 00:23:12,090 that or whatever we put a little more protections in place we try to hide it a 270 00:23:12,090 --> 00:23:13,199 little bit more 271 00:23:13,200 --> 00:23:17,450 it worked for a while but not forever and 55 k mother 272 00:23:17,450 --> 00:23:22,580 that anyways next part so Microsoft internal change anything 273 00:23:22,580 --> 00:23:29,299 hey talking box to this because it is not meant to stop stuff and people kept 274 00:23:29,299 --> 00:23:32,870 thinking as well as for but in a nutshell they try to hide this partner 275 00:23:32,870 --> 00:23:36,529 again and another researcher came forward and said okay I'm gonna find a 276 00:23:36,529 --> 00:23:40,340 hiding to reverse that and then i'm actually using himself to disable 277 00:23:40,340 --> 00:23:46,639 sellers natural function and alright so now my kids going to give them a demo 278 00:23:46,639 --> 00:23:49,908 business going to walk through logically was going on 279 00:23:50,600 --> 00:23:58,219 ok so basically you so i'm going to go through i'm going to show you what the 280 00:23:58,220 --> 00:24:02,419 UI looks like to show you a command line looks like to show you when using 281 00:24:02,419 --> 00:24:06,740 interpreter or medicine boy to do a piece exact to the box to migrate to 282 00:24:06,740 --> 00:24:11,269 process is not protected by Emmett and i'm going to protect that process and 283 00:24:11,269 --> 00:24:15,200 i'm going to migrate it again and show you I'm it actually captures it and then 284 00:24:15,200 --> 00:24:18,950 we'll talk about the local gpo how to add local GPs to it and show you from 285 00:24:18,950 --> 00:24:23,090 commandline how you can view some of the protections because from the google you 286 00:24:23,090 --> 00:24:27,199 can't see group policy protections you want to concede rebelling positive 287 00:24:27,200 --> 00:24:38,389 protection from the command line and we'll go over there so switch that ya 288 00:24:38,389 --> 00:24:47,000 never see that fine it's not cut off organism and all right so this is a this 289 00:24:47,000 --> 00:24:50,870 is the main goal when you download and install and this is what comes up and 290 00:24:50,870 --> 00:24:54,678 there's some default applications that are protected so like office suite 291 00:24:54,679 --> 00:24:59,659 internet explorer course basically microsoft core products and they have 292 00:24:59,659 --> 00:25:05,750 some profile files and call there is called your recommended software and 293 00:25:05,750 --> 00:25:08,840 popular software they added some more things in there for you that we 294 00:25:08,840 --> 00:25:12,529 protected the best way to update those things are to add all the application 295 00:25:12,529 --> 00:25:15,620 that you want to add to the software just come up here and click on add apps 296 00:25:15,620 --> 00:25:20,809 and bring above the screen adaptation to go to your directory find where 297 00:25:20,809 --> 00:25:25,850 applications you want to go to see drive down to program files and let's say you 298 00:25:25,850 --> 00:25:26,969 want to protect 299 00:25:26,970 --> 00:25:34,110 you know google chrome go hair Chrome application and click on chrome and plug 300 00:25:34,110 --> 00:25:37,289 it in and by default it selects everything except for a few things that 301 00:25:37,289 --> 00:25:44,370 may cause you know may cause an application crash if you look at it you 302 00:25:44,370 --> 00:25:47,729 can see it up there with the ones in bold those are the ones that are 303 00:25:47,730 --> 00:25:52,919 protected by default anything that's not a bold as things that you had to the 304 00:25:52,919 --> 00:25:59,190 software that makes sense right on the John remember all these protections so 305 00:25:59,190 --> 00:26:02,309 you can uncheck any one of these you want to step is one of the ones that you 306 00:26:02,309 --> 00:26:06,149 cannot check as enforced by windows 7 by default it's system wide you can't you 307 00:26:06,150 --> 00:26:11,280 can't change that when you go to just uncheck different ones if you don't want 308 00:26:11,280 --> 00:26:14,610 to protect those so what this means that you if you add an application that you 309 00:26:14,610 --> 00:26:17,459 have an application is crashing believe that Emmett because it didn't start 310 00:26:17,460 --> 00:26:21,840 crashing to install it go through and check each protection one by one until 311 00:26:21,840 --> 00:26:26,220 you find one is called an issue and then re-enable the other ones that we do not 312 00:26:26,220 --> 00:26:34,799 save on everything ok if you want to change your default profiles it's right 313 00:26:34,799 --> 00:26:39,450 under here just click on a custom security maximum recommended and these 314 00:26:39,450 --> 00:26:45,720 files are in the am a directory so you navigate to the directory program files 315 00:26:45,720 --> 00:26:51,179 commit to go deployment you got your group policy and you've got your 316 00:26:51,179 --> 00:26:57,240 protection files these are your your default file that come with it right 317 00:26:57,240 --> 00:27:00,630 what you need to do a group policy files to copy these files in your windows 318 00:27:00,630 --> 00:27:04,950 profile definitions and then your mother provide definitions you have your 319 00:27:04,950 --> 00:27:13,140 English us and our show and second that's your basic UI down the bottom you 320 00:27:13,140 --> 00:27:17,340 have these green checkmarks that lets you know what what processes are 321 00:27:17,340 --> 00:27:20,760 protected by a minute so we see the green check that means images protecting 322 00:27:20,760 --> 00:27:23,760 that process and there's no check that means I'm it's not protected rights 323 00:27:23,760 --> 00:27:30,690 basically in this version of your task list so what we talked about earlier was 324 00:27:30,690 --> 00:27:35,820 anything that's been applied by policy you cannot see from this gooey so when 325 00:27:35,820 --> 00:27:36,780 you look 326 00:27:36,780 --> 00:27:40,110 when you go to your apps right this is this is basically what is protected by 327 00:27:40,110 --> 00:27:43,800 any right now you will not find anything protected by group policy in this list 328 00:27:43,800 --> 00:27:47,760 so if you're a sysadmin or irresponsible to figure in an enterprise environment 329 00:27:47,760 --> 00:27:51,450 and you wonder why all the applications that you spend 23 hours configured are 330 00:27:51,450 --> 00:27:55,170 showing up on your client systems as well you have to explore the command 331 00:27:55,170 --> 00:28:06,510 line and do with their and from the command line just jump there you talk a 332 00:28:06,510 --> 00:28:09,420 minute on a score confidence to go from the directory or you configure 333 00:28:09,420 --> 00:28:12,930 environments you running from anywhere and dash dash list 334 00:28:13,470 --> 00:28:19,350 press ENTER to give me your entire list along with your GP 0 configured programs 335 00:28:19,350 --> 00:28:25,679 so i went ahead and already configured he's ahead of time and that's why you 336 00:28:25,680 --> 00:28:28,500 see those two there by the flop to do nothing there 337 00:28:28,500 --> 00:28:33,300 your local computer and you want to modify your local GP 0 obviously gb 338 00:28:33,300 --> 00:28:39,210 edited that MSC bureau your editor and you come into application configuration 339 00:28:39,210 --> 00:28:44,640 you can see it's already enabled because i added those to come down to so 340 00:28:44,640 --> 00:28:47,640 obviously it will be not configured when you initially started up go to enabled 341 00:28:47,640 --> 00:28:53,400 click on the show and you can just in the value name section you put path so 342 00:28:53,400 --> 00:28:58,890 you can put you know c colon programs whatever you want to put on you use a 343 00:28:58,890 --> 00:29:03,270 regular expression you can say star backslash whatever it's easy just to use 344 00:29:03,270 --> 00:29:08,580 on star back slicing and even process because you might have a typo in the 345 00:29:08,580 --> 00:29:12,990 path that you type in or that in the application might be installed somewhere 346 00:29:12,990 --> 00:29:18,240 and it's you know not standard the other thing is that it's kind of a downfall to 347 00:29:18,240 --> 00:29:23,490 it is it works off the passage give it a binary name so if you protect notepad or 348 00:29:23,490 --> 00:29:28,590 protect chrome and somebody change the name of Rome it's not gonna be protected 349 00:29:28,590 --> 00:29:33,780 data for some reason they don't use hashes of of the banners that are 350 00:29:33,780 --> 00:29:37,950 windows or applications that well-known which i think is something pressure due 351 00:29:37,950 --> 00:29:42,210 at least with the core windows system32 buyers right there should be at least 352 00:29:42,210 --> 00:29:46,279 check by hash and not just by the pathname of the name of minor 353 00:29:46,279 --> 00:29:50,570 so anything goes wrong value is what protections you want to enable or 354 00:29:50,570 --> 00:29:54,200 disable so you can do dash basically you can read everything on the left-hand 355 00:29:54,200 --> 00:29:59,599 side so down here it gives you exactly what you need to configure that alright 356 00:29:59,599 --> 00:30:04,908 so we'll move on from there if you want to verify the process is being protected 357 00:30:04,909 --> 00:30:09,320 by use process hacker some of you probably use sysinternals our process 358 00:30:09,320 --> 00:30:13,789 explored can do the same thing I just before process hacker cool thing about 359 00:30:13,789 --> 00:30:18,379 process occurs if you have somebody create service on your box or does nice 360 00:30:18,379 --> 00:30:21,649 things for a second give you an alert service got created service got deleted 361 00:30:21,649 --> 00:30:25,820 so that's kind of why I like using it and just one thing that does that a 362 00:30:25,820 --> 00:30:31,070 process explorer doesn't do so will check and see what processes we have 363 00:30:31,070 --> 00:30:34,428 protected right we said we can come to the main screen and look at here we can 364 00:30:34,429 --> 00:30:38,809 do from the console and so we see we have a command commander Dax is 365 00:30:38,809 --> 00:30:39,799 protected right 366 00:30:39,799 --> 00:30:47,899 we also sort of command line is it anyway it's not in here so let's add one 367 00:30:47,899 --> 00:30:52,039 in the third on top okay so it's protected right so it's got all the 368 00:30:52,039 --> 00:30:57,259 default protections so let's see where that dll is this on commander Dax here 369 00:30:57,259 --> 00:31:04,969 is go to properties and process process attacker private showing modules in the 370 00:31:04,969 --> 00:31:07,969 student notepad be a lot easier 371 00:31:07,969 --> 00:31:11,149 nope there's no compact plus plus 372 00:31:11,149 --> 00:31:27,320 alright so note that this bus where's that means running there is an app that 373 00:31:27,320 --> 00:31:28,999 would be amazing 374 00:31:28,999 --> 00:31:35,210 alright so if you do have a process running Google properties or modules and 375 00:31:35,210 --> 00:31:38,479 you can see around $TIME a.m. dilo rights any process that you add to 376 00:31:38,479 --> 00:31:42,889 Emmett and you want to verify this actually protecting that process you can 377 00:31:42,889 --> 00:31:47,209 come in here and check it out that when there's also another tool and historical 378 00:31:47,210 --> 00:31:51,200 this dll so this module think things called a show you all the deals over 379 00:31:51,200 --> 00:31:55,070 there if you happen to run in and you don't see that deal owners probably cuz 380 00:31:55,070 --> 00:31:56,250 that process is already right 381 00:31:56,250 --> 00:32:00,510 you have to restart the process that way you can can add that protection so if 382 00:32:00,510 --> 00:32:04,680 you add add the binary 2m it while it's still running it will protect it 383 00:32:04,680 --> 00:32:09,750 you have to restart that process ok I society various mine it's a 64 bit 384 00:32:09,750 --> 00:32:14,790 processor same thing you'll see in a 64 an idea though my only an image . of 385 00:32:14,790 --> 00:32:16,230 current version ended 386 00:32:16,230 --> 00:32:22,080 alright so i'm going to show you a process that's not protected 387 00:32:22,770 --> 00:32:30,300 I'm gonna go to model the screen and i'm going to use a i'm already connected and 388 00:32:30,300 --> 00:32:36,000 see have to recreate session some statistics said nothing fancy so 389 00:32:36,000 --> 00:32:43,290 standard 2 i'm just using that is . to do it and if you PS exacta box and it 390 00:32:43,290 --> 00:32:46,409 will not detect that right doesn't detect sequel injection it doesn't set 391 00:32:46,410 --> 00:32:51,630 the tech you clicking on a binary gets mighty Rochelle it detects things that 392 00:32:51,630 --> 00:32:56,910 happen in memory to a process right so wrong 393 00:32:56,910 --> 00:33:08,370 see already there so let's find a process that's not being protected see 394 00:33:08,370 --> 00:33:11,939 or we can create 395 00:33:22,370 --> 00:33:45,110 so and killing yeah alright so we'll run ms paint again will double check that 396 00:33:45,110 --> 00:33:50,659 it's not being protected by a minute and by the way if I want to do that from the 397 00:33:50,660 --> 00:33:55,820 command line i'll just do a minute I'll do delete and then the path to ms payne 398 00:33:55,820 --> 00:34:02,030 right or I'll do just you know Walker backslash just mspaint start this pain 399 00:34:02,030 --> 00:34:07,790 same thing you can do everything delete all another thing know if you do you do 400 00:34:07,790 --> 00:34:11,149 an app from from are you can't delete an app from the command line that's a group 401 00:34:11,149 --> 00:34:17,359 policy enabled application so discordant a-plus-plus was at a good group policy 402 00:34:17,360 --> 00:34:20,060 you can't from the command line to say that you have to use good policy to that 403 00:34:20,060 --> 00:34:24,649 there might be a consideration for using group policy versus just using the doing 404 00:34:24,649 --> 00:34:31,489 so anyway already removed that got patron we're going to check the news 405 00:34:31,489 --> 00:34:37,638 prosperity that's actually disabled mspaint here properties go to modules 406 00:34:37,639 --> 00:34:45,050 skeptical so we got ms64 under so it's still still protecting that drive them 407 00:34:45,050 --> 00:34:52,190 in this paints paints we should actually do that off 408 00:34:54,020 --> 00:34:58,550 ok fresh 409 00:35:16,090 --> 00:35:26,530 watch that 410 00:35:29,890 --> 00:35:47,230 alright so let's see if it was paint so we got 6012 depend on my grades and so 411 00:35:47,230 --> 00:35:51,280 if it's any buyers protected or process to protect behind a little pop-up little 412 00:35:51,280 --> 00:35:56,410 notification saying year protection and detective or wear protection that 413 00:35:56,410 --> 00:36:01,120 stopped mitigated it'll basically turning process so we can see we 414 00:36:01,120 --> 00:36:07,270 migrated successfully that process 6012 nothing happened right we can still 415 00:36:07,270 --> 00:36:12,790 still move around still do stuff i can drop the shell funny to you know it's 416 00:36:12,790 --> 00:36:18,190 not trigger anything right now this user has no clue that somebody's on a box 417 00:36:18,970 --> 00:36:22,270 alright so now we're gonna protect I'm going to turn the protection a lot of 418 00:36:22,270 --> 00:36:25,360 pain is still running and show you that it doesn't it still doesn't protect it 419 00:36:25,360 --> 00:36:32,650 or detect that somebody's in that that process so we'll go from the command 420 00:36:32,650 --> 00:36:35,890 line just to show you that you can go from the command line for those of you 421 00:36:35,890 --> 00:36:42,520 that like the command line command set not add and then you can just do you 422 00:36:42,520 --> 00:36:54,100 star backslash mspaint having this pain already in there yeah it's already in 423 00:36:54,100 --> 00:36:57,100 space on 424 00:37:00,010 --> 00:37:11,560 alright let's do a bit more ads in their right mind 425 00:37:21,809 --> 00:37:26,400 alright so when you adaptation to admit it will give you this little statement 426 00:37:26,400 --> 00:37:28,650 is an achievement you may need to restart which is what I talked about 427 00:37:28,650 --> 00:37:30,989 earlier if you don't restart it 428 00:37:30,989 --> 00:37:40,469 it's not protected right so we have no cat running will close it run it again 429 00:37:40,469 --> 00:37:48,180 didn't want that I've got my setup so whenever no padding around the bad plus 430 00:37:48,180 --> 00:37:50,129 plus 431 00:37:50,130 --> 00:37:54,809 alright so we got that running now when we come back over here we'll see what 432 00:37:54,809 --> 00:38:13,410 did that is for notepad and we've got 3716 no let's get out the show first and 433 00:38:13,410 --> 00:38:16,410 my help 434 00:38:18,420 --> 00:38:26,489 alright so once my grand you see images detected BF detected motion detected and 435 00:38:26,489 --> 00:38:29,729 mitigation will close the application notepad.exe that's what happens when you 436 00:38:29,729 --> 00:38:34,529 migrate when using material to migrate to another process is protected by in it 437 00:38:34,529 --> 00:38:41,969 you get that dedication determination process the person interpreter show will 438 00:38:41,969 --> 00:38:47,579 crash so it's still trying to migrate but eventually crash my session will die 439 00:38:47,579 --> 00:38:54,119 and life goes on right on this end several things happen if you go to your 440 00:38:54,119 --> 00:38:59,249 event longer right you'll see my login so if you're doing remote login to get 441 00:38:59,249 --> 00:39:04,529 capturing the black the logs and anything that triggers on will say in it 442 00:39:04,529 --> 00:39:07,799 so you can filter log of everything that says in it and I'll tell you exactly 443 00:39:07,799 --> 00:39:12,449 which process trigger so if you look down here you guys in system32 ms paint 444 00:39:12,449 --> 00:39:19,349 before that I to tell you that it was enabled so this is when I added it will 445 00:39:19,349 --> 00:39:22,559 give you all you default protections everything that's enabled so it's pretty 446 00:39:22,559 --> 00:39:26,939 detailed information for you know anything that you need new protections 447 00:39:29,700 --> 00:39:38,430 any questions so far alright so like I said he had a group policy your local 448 00:39:38,430 --> 00:39:39,210 policy 449 00:39:39,210 --> 00:39:42,660 these are all configurations you only get these settings once you copy those 450 00:39:42,660 --> 00:39:47,730 files showed you in to show you the directory so you take these files that's 451 00:39:47,730 --> 00:39:52,230 in your deployment folder so you go to deployment group policy you copy each 452 00:39:52,230 --> 00:39:58,560 one of these when you go down to your windows directory round windows and any 453 00:39:58,560 --> 00:40:04,890 little profile definitions so the admx files in here and in the other file goes 454 00:40:04,890 --> 00:40:08,879 into this directory and then you open up your local group policy editor these 455 00:40:08,880 --> 00:40:13,260 these comparisons of available at the under windows client and/or you can do a 456 00:40:13,260 --> 00:40:16,260 search and look at everything as a minute 457 00:40:16,860 --> 00:40:31,980 alright that's pretty much it so that goes into our recommendations as long as 458 00:40:31,980 --> 00:40:40,920 there's a little bit of acid cycle power on being active dude is that had 459 00:40:40,920 --> 00:40:46,050 intended goals is slowly losing something solid lines so as you notice 460 00:40:46,050 --> 00:40:50,280 before when able to see anything everything is moving around the library 461 00:40:50,280 --> 00:40:55,950 just like that though using it correctly fully-managed right we will see that 462 00:40:55,950 --> 00:41:04,350 renders table litigation in there was a lot that is drawn into that process and 463 00:41:04,350 --> 00:41:07,020 protected that isn't one more thing then 464 00:41:07,020 --> 00:41:11,610 so this is the xml file for the recommended software that it comes about 465 00:41:11,610 --> 00:41:15,090 fault so you have your office suite that's pretty much what it looks like 466 00:41:15,090 --> 00:41:18,300 and then if you want to create your own custom file so let's say you have an 467 00:41:18,300 --> 00:41:23,190 enterprise that you don't use Google+ some reason you just want to create a 468 00:41:23,190 --> 00:41:26,940 custom profile this is what it looks like you wouldn't do this by hand so 469 00:41:26,940 --> 00:41:31,590 you're not going to just hack away at no pay you go to application you add every 470 00:41:31,590 --> 00:41:36,390 application you want on a test box and then you export that so if you go to MIT 471 00:41:36,390 --> 00:41:40,379 just do there's a feature to export the current configuration and then you take 472 00:41:40,380 --> 00:41:42,570 that file and maybe set up a share and have 473 00:41:42,570 --> 00:41:45,630 everybody every other box pulled from that share or however you want to 474 00:41:45,630 --> 00:41:49,500 distribute that XML hot that's also an option group policy you can manually 475 00:41:49,500 --> 00:41:54,120 configure everything that application you can create a profile box and export 476 00:41:54,120 --> 00:41:57,120 that and utilize that question 477 00:42:02,670 --> 00:42:07,320 it's not any more protected than anything else in the program followed 478 00:42:07,320 --> 00:42:22,770 the virtual so it reads the configuration file once it runs and it 479 00:42:22,770 --> 00:42:24,750 doesn't keep rereading that follows you 480 00:42:24,750 --> 00:42:29,760 you know all three starters election nice 481 00:42:31,350 --> 00:42:38,549 yes the planning on bringing the authors and methodology was the answer the back 482 00:42:38,550 --> 00:42:45,720 that static file box problem but if you push it out the group policy then you 483 00:42:45,720 --> 00:42:47,669 have to just like anything else 484 00:42:47,670 --> 00:42:54,720 whenever anyone's and even as because the use that's on that system it doesn't 485 00:42:54,720 --> 00:43:00,149 run as system or any other user one says that's that's probably a lot of these 486 00:43:00,150 --> 00:43:04,380 applications if they run the same user space malware runs in the same user 487 00:43:04,380 --> 00:43:05,700 space there baby 488 00:43:05,700 --> 00:43:11,069 both competed and obviously running as an internal space is not a good idea 489 00:43:11,070 --> 00:43:14,610 right so that's the problem we have right now which is going to leave some 490 00:43:14,610 --> 00:43:32,820 of the recommendations that we have later when professional dancer most yeah 491 00:43:35,290 --> 00:43:38,890 your question was already together 492 00:43:40,510 --> 00:43:58,240 ice creams and lotions microsoft products you know what it is like which 493 00:43:58,240 --> 00:43:59,859 was anybody running 494 00:43:59,860 --> 00:44:05,260 yeah so they they do admit there's problems and conflicts and that's why 495 00:44:05,260 --> 00:44:09,760 some things are off by default but if carbon should fix a lot of those 496 00:44:09,760 --> 00:44:10,480 problems 497 00:44:10,480 --> 00:44:13,930 I don't know you're running to know the current version i mean like what version 498 00:44:13,930 --> 00:44:22,120 you're running because they just updated passionate spot 151 now i don't remember 499 00:44:22,120 --> 00:44:24,250 the exact date but I know there was five 500 00:44:24,250 --> 00:44:29,620 there's like a recent one of 5.51 so try that one see the other problems or just 501 00:44:29,620 --> 00:44:33,220 disable uaf so it's not a it's not the end all be all 502 00:44:33,220 --> 00:44:36,279 there's just different layers that the attack has to go through and have an 503 00:44:36,280 --> 00:44:39,850 image is it's just going to be way better than not having anything else and 504 00:44:39,850 --> 00:44:48,100 I said to be able to give you that problem just disable the same way that's 505 00:44:48,100 --> 00:44:52,930 the microsoft recommended way of oh if you have an application this compressive 506 00:44:52,930 --> 00:44:57,460 conflict within one by one disabled them and see which one cause of the problem 507 00:44:57,460 --> 00:45:11,080 and just keep that one off will keep everything Hillsong just basically we're 508 00:45:11,080 --> 00:45:14,230 going to talk about goals were researched out looking but it's 509 00:45:14,230 --> 00:45:21,190 basically valley and my body said earlier half day's proceeds so no nose 510 00:45:21,190 --> 00:45:27,550 and based on just the roses bathroom natural after buying right initially or 511 00:45:27,550 --> 00:45:31,210 dance things passing it and then I extensive list of politics but 512 00:45:31,210 --> 00:45:36,930 application really cool and she has immunity is well crowdsourcing 513 00:45:36,930 --> 00:45:44,069 and then I control though as you travel technology shadows back it'll be looking 514 00:45:44,069 --> 00:45:46,770 into this is awesome 515 00:45:46,770 --> 00:45:51,059 you're liable to get out there and get dirty talk about do tell extensions are 516 00:45:51,059 --> 00:45:55,710 going to use a supporting an earlier that and remember how sit in the bus bar 517 00:45:55,710 --> 00:45:59,790 potential base is productive remember anybody heard of shadow set 518 00:46:01,020 --> 00:46:05,460 yeah it's nothing 519 00:46:07,349 --> 00:46:13,020 get ya up so we're going to wrap it up any questions at this michael i will be 520 00:46:13,020 --> 00:46:18,329 available as well and he catches my mind so hopefully we did also injected a just 521 00:46:18,329 --> 00:46:22,559 basically all understand it and it's not perfect and I'll be all this time 522 00:46:22,559 --> 00:46:26,040 it definitely has a lot of work that's going on right now as we said there's 523 00:46:26,040 --> 00:46:33,300 about what constituted that so fun and we use it properly more effectively or 524 00:46:33,300 --> 00:46:39,420 plain sight see it was like I will go to questions are going to be the least we 525 00:46:39,420 --> 00:46:45,780 have our girls sponsors roads out of students office the event wasn't running 526 00:46:45,780 --> 00:46:48,510 version human toe 527 00:46:48,510 --> 00:46:51,569 well okay but can you guys are fast 528 00:46:51,569 --> 00:47:01,799 no okay awesome and then uh ok that was broken last reserves that you okay look 529 00:47:01,799 --> 00:47:08,040 up and was then yesterday 530 00:47:08,549 --> 00:47:13,230 no Jack last night 531 00:47:13,230 --> 00:47:17,640 ok I could 532 00:47:18,289 --> 00:47:26,569 you see what's the name of the command line tool used to configure in it 533 00:47:28,039 --> 00:47:31,039 you're the answer 534 00:47:31,910 --> 00:47:46,339 uh let's see what's name of protection that and mitigated when i migrated from 535 00:47:46,339 --> 00:47:48,799 one process to the other 536 00:47:48,799 --> 00:47:56,269 yeah yeah okay good job of elastic press for the sponsors as well many ways of we 537 00:47:56,269 --> 00:48:01,879 have an output and USB adapter as well as a land turtle so you don't everyone 538 00:48:01,880 --> 00:48:05,359 it's time from built 539 00:48:06,259 --> 00:48:07,519 yeah thanks guys