1 00:00:02,679 --> 00:00:04,240 as we go through this just kind of keep 2 00:00:04,240 --> 00:00:07,560 in mind this is just our experience 3 00:00:07,560 --> 00:00:09,200 there's a lot of experiences so I'm 4 00:00:09,200 --> 00:00:11,679 going to kind of reflect on that but 5 00:00:11,679 --> 00:00:12,920 it's the Lost underground and we're 6 00:00:12,920 --> 00:00:14,320 talking about this today because there's 7 00:00:14,320 --> 00:00:16,680 a lot of this that's just missing we 8 00:00:16,680 --> 00:00:18,520 don't talk about it anymore we don't 9 00:00:18,520 --> 00:00:20,320 know about it it's not really captured 10 00:00:20,320 --> 00:00:22,720 we've evolved in the industry so we're 11 00:00:22,720 --> 00:00:24,599 going to kind of just reflect on some of 12 00:00:24,599 --> 00:00:27,039 this growing up uh me specifically 13 00:00:27,039 --> 00:00:30,000 growing up in his house was uh 14 00:00:30,000 --> 00:00:31,920 definitely an outlier experience so 15 00:00:31,920 --> 00:00:33,719 that's what we're going to kind of cover 16 00:00:33,719 --> 00:00:36,280 uh a little bit about me um if my 17 00:00:36,280 --> 00:00:39,040 presentation slide here will switch I 18 00:00:39,040 --> 00:00:42,000 don't know what's going on let 19 00:00:43,760 --> 00:00:46,160 me so why I win 20 00:00:46,160 --> 00:00:48,879 first and it's not working so we might 21 00:00:48,879 --> 00:00:53,760 just have to use the keys all right yep 22 00:00:53,760 --> 00:00:55,760 all right well we're shot so we're just 23 00:00:55,760 --> 00:00:58,039 going to 24 00:00:58,160 --> 00:01:00,600 use this 25 00:01:00,600 --> 00:01:03,239 so a little bit about me uh I'm going to 26 00:01:03,239 --> 00:01:04,879 go through this quick I've been hacking 27 00:01:04,879 --> 00:01:06,840 since like the late 90s I got my start 28 00:01:06,840 --> 00:01:09,960 in the CGI B phf vulnerability like old 29 00:01:09,960 --> 00:01:12,520 school remote code execution kind of 30 00:01:12,520 --> 00:01:14,759 powered me into this um I've been 31 00:01:14,759 --> 00:01:17,159 developing since like the vb3 days so 32 00:01:17,159 --> 00:01:18,680 kind of get my hands in that and then 33 00:01:18,680 --> 00:01:20,720 I've been pentesting officially at some 34 00:01:20,720 --> 00:01:23,560 capacity since around 2005 um and I got 35 00:01:23,560 --> 00:01:26,320 my start really in bbs's so there was a 36 00:01:26,320 --> 00:01:28,320 lot of BBS back doors and so I kind of 37 00:01:28,320 --> 00:01:30,680 got going there and I'm going to just 38 00:01:30,680 --> 00:01:33,600 introduce him real quick this is uh Ray 39 00:01:33,600 --> 00:01:36,360 and he is a an old school pay phone 40 00:01:36,360 --> 00:01:37,880 embedded firmware engineer so if you 41 00:01:37,880 --> 00:01:39,079 know anything about payones and the 42 00:01:39,079 --> 00:01:41,240 whole freaking scene um he was the one 43 00:01:41,240 --> 00:01:43,320 that was writing a lot of the um 44 00:01:43,320 --> 00:01:44,840 security controls in order to kind of 45 00:01:44,840 --> 00:01:47,240 remediate those he's a hardware hacker 46 00:01:47,240 --> 00:01:48,719 and he designs all the badges as you 47 00:01:48,719 --> 00:01:51,360 already know and uh he has a lot of fun 48 00:01:51,360 --> 00:01:53,119 with iot so he's hacking a lot of the 49 00:01:53,119 --> 00:01:55,320 iot stuff and all the wireless protocols 50 00:01:55,320 --> 00:01:56,159 and 51 00:01:56,159 --> 00:01:58,360 whatnot so this presentation 52 00:01:58,360 --> 00:02:00,360 specifically is going to cover the 80s 53 00:02:00,360 --> 00:02:02,479 the 90s and the early 2000s and once 54 00:02:02,479 --> 00:02:05,119 again this is just from our experience 55 00:02:05,119 --> 00:02:06,520 and so just kind of bear that in mind 56 00:02:06,520 --> 00:02:08,000 and so in the 80s we're going to start 57 00:02:08,000 --> 00:02:10,080 with like the microprocessor movement 58 00:02:10,080 --> 00:02:11,640 and then roll that into the cracking 59 00:02:11,640 --> 00:02:13,120 scene because those two go really hand 60 00:02:13,120 --> 00:02:15,200 inand and then in the 90s we're going to 61 00:02:15,200 --> 00:02:16,519 look at some of the hacking scene that 62 00:02:16,519 --> 00:02:19,040 was going on in the community um from 63 00:02:19,040 --> 00:02:20,560 that time frame and we got a lot to 64 00:02:20,560 --> 00:02:21,560 cover there so we're going to kind of 65 00:02:21,560 --> 00:02:23,360 stream through that and it'll bring us 66 00:02:23,360 --> 00:02:25,840 to the 2000s in the 2000s in the early 67 00:02:25,840 --> 00:02:27,440 2000s there was a huge black hat 68 00:02:27,440 --> 00:02:29,160 movement so I'm going to kind of cover a 69 00:02:29,160 --> 00:02:31,360 lot of those grounds as we get through 70 00:02:31,360 --> 00:02:32,879 this and then we're gonna kind of just 71 00:02:32,879 --> 00:02:35,000 talk about how the content rolled out 72 00:02:35,000 --> 00:02:37,480 back then uh and so with that I'm going 73 00:02:37,480 --> 00:02:39,040 to go ahead and hand it 74 00:02:39,040 --> 00:02:42,159 off to Ray so you should be on well here 75 00:02:42,159 --> 00:02:43,959 I am he didn't he forgot to tell you 76 00:02:43,959 --> 00:02:46,680 this is my first talk ever so he h the 77 00:02:46,680 --> 00:02:48,959 bar real low 78 00:02:48,959 --> 00:02:52,519 okay all right anyway we're going to 79 00:02:52,519 --> 00:02:55,159 start like you said in the 80s we didn't 80 00:02:55,159 --> 00:02:57,599 have internet we didn't have YouTube we 81 00:02:57,599 --> 00:02:59,840 didn't have Google to search we didn't 82 00:02:59,840 --> 00:03:02,879 didn't even have home PCS yet okay so 83 00:03:02,879 --> 00:03:04,680 before I get started I I need to go back 84 00:03:04,680 --> 00:03:09,239 to 1974 75 and uh tell you what we did 85 00:03:09,239 --> 00:03:12,080 have we had main 86 00:03:12,080 --> 00:03:17,599 frames and they were huge 6 feet high uh 87 00:03:17,599 --> 00:03:19,799 10 and something pound they were crazy 88 00:03:19,799 --> 00:03:23,519 they had a whopping 6K of memory and 89 00:03:23,519 --> 00:03:26,040 mostly corporations and government could 90 00:03:26,040 --> 00:03:27,720 afford them cuz they're running they 91 00:03:27,720 --> 00:03:30,159 around about $170,000 92 00:03:30,159 --> 00:03:32,760 back today's money back then it was 93 00:03:32,760 --> 00:03:37,000 18,000 but anyway that's where we were 94 00:03:37,000 --> 00:03:41,040 um real interesting but not not for any 95 00:03:41,040 --> 00:03:47,040 consumers um but then in 74 and 96 00:03:47,040 --> 00:03:49,480 75 we 97 00:03:49,480 --> 00:03:54,200 uh let's sorry about that uh intel was 98 00:03:54,200 --> 00:03:57,200 uh making static RAM and ROM they 99 00:03:57,200 --> 00:03:59,959 weren't really into microprocessors they 100 00:03:59,959 --> 00:04:00,959 they had a 101 00:04:00,959 --> 00:04:03,599 404 808 and an 102 00:04:03,599 --> 00:04:06,840 8080 but uh they didn't they just used 103 00:04:06,840 --> 00:04:09,120 it to support their memory line they 104 00:04:09,120 --> 00:04:10,599 they weren't interested in even selling 105 00:04:10,599 --> 00:04:13,319 for our systs which I thought was pretty 106 00:04:13,319 --> 00:04:14,959 interesting 107 00:04:14,959 --> 00:04:17,839 um at that Intel there was an engineer 108 00:04:17,839 --> 00:04:21,759 named Fredrico Fagan and he was on the 109 00:04:21,759 --> 00:04:23,759 team for the Memories as well but he was 110 00:04:23,759 --> 00:04:26,120 doing a side project he was doing a side 111 00:04:26,120 --> 00:04:28,400 project called super 80 he wanted to 112 00:04:28,400 --> 00:04:30,560 make a really good project at a real 113 00:04:30,560 --> 00:04:33,919 reasonable price uh but Intel wasn't 114 00:04:33,919 --> 00:04:35,800 really interested and then they had a 115 00:04:35,800 --> 00:04:36,880 major 116 00:04:36,880 --> 00:04:39,479 reorganization and they were even less 117 00:04:39,479 --> 00:04:41,720 interested and then they had a 118 00:04:41,720 --> 00:04:44,880 layoff well he B ban wanted to keep that 119 00:04:44,880 --> 00:04:48,560 super 80 thing going so he he left the 120 00:04:48,560 --> 00:04:50,840 company and took a couple Engineers with 121 00:04:50,840 --> 00:04:55,120 him and uh that's where we're at right 122 00:04:55,120 --> 00:04:58,199 here two other Engineers follow they 123 00:04:58,199 --> 00:05:00,840 formed a company called Z zock I hope 124 00:05:00,840 --> 00:05:04,479 I'm saying that right um their super 80 125 00:05:04,479 --> 00:05:12,039 chip ultimately became the z80 processor 126 00:05:12,039 --> 00:05:16,000 um hold on sorry about that yeah many 127 00:05:16,000 --> 00:05:18,199 use cases there was a world they hit the 128 00:05:18,199 --> 00:05:22,240 World Market obviously anyc TOA shop 129 00:05:22,240 --> 00:05:24,479 aachi but they made the Radio Shack 130 00:05:24,479 --> 00:05:26,639 computers also which is where I got my 131 00:05:26,639 --> 00:05:28,039 start the 132 00:05:28,039 --> 00:05:31,039 trs8 yeah man 133 00:05:31,039 --> 00:05:34,840 uh 65 also at about the same time motor 134 00:05:34,840 --> 00:05:37,199 roller was trying to work on a processor 135 00:05:37,199 --> 00:05:40,000 called the 6800 and Chuck P worked for 136 00:05:40,000 --> 00:05:44,400 them and he he wanted to make basically 137 00:05:44,400 --> 00:05:45,960 he went on some calls with some 138 00:05:45,960 --> 00:05:47,960 salespeople and he found out that they 139 00:05:47,960 --> 00:05:50,120 were really put off with the the price 140 00:05:50,120 --> 00:05:52,400 of the of the processor it was something 141 00:05:52,400 --> 00:05:56,120 like $360 back 142 00:05:56,759 --> 00:06:00,240 then oh I'm not talking into the mic my 143 00:06:00,240 --> 00:06:04,280 bad just hire all right anyway uh he he 144 00:06:04,280 --> 00:06:06,160 started to follow the sales people on on 145 00:06:06,160 --> 00:06:08,199 their calls and he found out they they 146 00:06:08,199 --> 00:06:11,000 they wanted a cheaper processor so him 147 00:06:11,000 --> 00:06:13,319 and eight other gu or seven other of his 148 00:06:13,319 --> 00:06:16,319 engineer France formed another company 149 00:06:16,319 --> 00:06:20,440 to make a 6502 CHP basically is what it 150 00:06:20,440 --> 00:06:23,599 it sparked the computer boom and then 151 00:06:23,599 --> 00:06:26,240 then you got your attire commodor the 152 00:06:26,240 --> 00:06:29,080 whole line just the whole line just just 153 00:06:29,080 --> 00:06:31,560 hit and 154 00:06:32,400 --> 00:06:36,400 up so what happened here you're good 155 00:06:36,400 --> 00:06:39,680 okay anyway I did get the TR s that was 156 00:06:39,680 --> 00:06:42,080 my first computer it got me started in 157 00:06:42,080 --> 00:06:44,919 programming I I I enjoyed Assembly 158 00:06:44,919 --> 00:06:45,880 Language 159 00:06:45,880 --> 00:06:48,120 programming the graphics weren't all 160 00:06:48,120 --> 00:06:51,039 that block figures stick figures not 161 00:06:51,039 --> 00:06:53,000 very good graphics but I did get a 162 00:06:53,000 --> 00:06:54,479 really good learning experience from 163 00:06:54,479 --> 00:06:59,800 messing with the z80 chip um 164 00:07:00,840 --> 00:07:04,240 oh yeah well there's my TRC information 165 00:07:04,240 --> 00:07:08,039 anyway um so s language we me and me and 166 00:07:08,039 --> 00:07:10,919 my cousin I have to say this me and my 167 00:07:10,919 --> 00:07:15,000 cousin uh got enjoyed doing this uh 168 00:07:15,000 --> 00:07:17,039 assem language program we we created our 169 00:07:17,039 --> 00:07:19,400 own games we created one called Sona 170 00:07:19,400 --> 00:07:22,479 that was based on a coin operated Sona 171 00:07:22,479 --> 00:07:24,319 game and we we created one called The 172 00:07:24,319 --> 00:07:26,879 Great Wall which was uh basically 173 00:07:26,879 --> 00:07:29,840 breakout but it was ours we we we did it 174 00:07:29,840 --> 00:07:33,080 we were real proud of ourselves and we 175 00:07:33,080 --> 00:07:34,240 went 176 00:07:34,240 --> 00:07:36,560 on like I said I didn't care for the 177 00:07:36,560 --> 00:07:39,400 graphics on F City but when the Atari H 178 00:07:39,400 --> 00:07:41,879 oh my God it opened it opened all the 179 00:07:41,879 --> 00:07:45,599 doors uh it has a 6502 processor uh 180 00:07:45,599 --> 00:07:46,840 which means I had to learn a whole new 181 00:07:46,840 --> 00:07:49,560 Assembly Language instruction set but 182 00:07:49,560 --> 00:07:52,159 that's that's fine it's actually better 183 00:07:52,159 --> 00:07:53,919 I think 184 00:07:53,919 --> 00:07:57,919 um but uh 2 million were sold in 185 00:07:57,919 --> 00:08:00,599 1979 and video games started to become a 186 00:08:00,599 --> 00:08:03,560 peel we used to go to the coin operator 187 00:08:03,560 --> 00:08:05,360 arcades all the time me my cousin we 188 00:08:05,360 --> 00:08:08,319 loved it but now we we had video games 189 00:08:08,319 --> 00:08:11,800 that were available and we could uh mess 190 00:08:11,800 --> 00:08:14,479 with those as well we had D modem it was 191 00:08:14,479 --> 00:08:18,800 only 110 R uh or 300 B if you had the uh 192 00:08:18,800 --> 00:08:20,039 a smart 193 00:08:20,039 --> 00:08:24,240 B uh but we had Bing boards so that was 194 00:08:24,240 --> 00:08:27,159 that start to be a 195 00:08:27,680 --> 00:08:30,080 thing and we this is this is where we 196 00:08:30,080 --> 00:08:32,399 got into the game cracking my kid told 197 00:08:32,399 --> 00:08:34,958 me he says yeah you you you're a hacker 198 00:08:34,958 --> 00:08:37,919 I'm not a hacker but yeah I really was 199 00:08:37,919 --> 00:08:41,760 and I didn't realize until now um we we 200 00:08:41,760 --> 00:08:45,800 had floppy discs and um cassette tapes 201 00:08:45,800 --> 00:08:48,080 that was how we saved our our games and 202 00:08:48,080 --> 00:08:50,120 all but we wanted to back up stuff and 203 00:08:50,120 --> 00:08:52,720 we wanted to share with other people and 204 00:08:52,720 --> 00:08:56,560 uh so we had to get into uh cracking 205 00:08:56,560 --> 00:08:58,959 just just so we could do that you know 206 00:08:58,959 --> 00:09:01,120 um protective measures were obviously 207 00:09:01,120 --> 00:09:03,480 implemented and 208 00:09:03,480 --> 00:09:05,760 uh they had a couple different methods 209 00:09:05,760 --> 00:09:10,079 the code Wheels we had a spin it and um 210 00:09:10,079 --> 00:09:12,440 licensing Keys which ended up being a 211 00:09:12,440 --> 00:09:15,680 key gen they put bad sectors on floppy 212 00:09:15,680 --> 00:09:18,120 discs intentionally so that they could 213 00:09:18,120 --> 00:09:22,320 check for it and allow execution or not 214 00:09:22,320 --> 00:09:24,519 and the happy driver obviously was a 215 00:09:24,519 --> 00:09:27,440 drive that could could copy those bad 216 00:09:27,440 --> 00:09:32,000 sectors but it had no red yet so copy 217 00:09:32,000 --> 00:09:34,360 protection started to cause a rebellion 218 00:09:34,360 --> 00:09:35,760 people wanted to be able to copy their 219 00:09:35,760 --> 00:09:38,240 stuffs and back it up and they didn't 220 00:09:38,240 --> 00:09:40,560 like 221 00:09:41,519 --> 00:09:44,279 this so I was mentioning the B sector 222 00:09:44,279 --> 00:09:47,760 read which is really really cool it it 223 00:09:47,760 --> 00:09:49,720 was my first real exposure to some real 224 00:09:49,720 --> 00:09:52,480 serious cracking um they like I said 225 00:09:52,480 --> 00:09:54,600 they deliberately put a b sector on the 226 00:09:54,600 --> 00:09:57,519 floppy they would boot it and they would 227 00:09:57,519 --> 00:10:00,000 read that that sector 228 00:10:00,000 --> 00:10:02,680 hoping that it's bad if it's bad it says 229 00:10:02,680 --> 00:10:05,240 yes go ahead and give execution it's a 230 00:10:05,240 --> 00:10:07,160 school but if it read good that meant 231 00:10:07,160 --> 00:10:09,240 you copied it and they would they would 232 00:10:09,240 --> 00:10:12,760 just break hang 233 00:10:13,079 --> 00:10:15,680 up so we had to do is we had to reverse 234 00:10:15,680 --> 00:10:17,279 Engineers so if I were to use that 235 00:10:17,279 --> 00:10:20,880 example of the bad sector um we' have to 236 00:10:20,880 --> 00:10:23,040 determine what copy uh protection method 237 00:10:23,040 --> 00:10:26,000 was and we in this case we know and uh 238 00:10:26,000 --> 00:10:27,800 we would load the software into 239 00:10:27,800 --> 00:10:30,600 memory and then we we will try to find 240 00:10:30,600 --> 00:10:34,600 information that would help us now Atari 241 00:10:34,600 --> 00:10:36,639 is real good about documentation they 242 00:10:36,639 --> 00:10:39,480 gave us memory maps of everything uh so 243 00:10:39,480 --> 00:10:40,920 all we had to do is find out when they 244 00:10:40,920 --> 00:10:44,920 were calling that read of the bad sector 245 00:10:44,920 --> 00:10:46,560 and then we we would be in the ballpark 246 00:10:46,560 --> 00:10:50,440 or where we need to be and let me go 247 00:10:50,440 --> 00:10:52,200 ahead let's 248 00:10:52,200 --> 00:10:55,040 say this this is where we what we would 249 00:10:55,040 --> 00:10:58,839 find typically is we know that uh they 250 00:10:58,839 --> 00:11:03,320 do it jump sub routine to 251 00:11:03,320 --> 00:11:06,360 e453 that call will read the will read 252 00:11:06,360 --> 00:11:09,880 the uh desk and then we would load the 253 00:11:09,880 --> 00:11:14,000 accumulator with the status register so 254 00:11:14,000 --> 00:11:16,880 if the bits were set for the error then 255 00:11:16,880 --> 00:11:20,320 then we were cool and it would fall down 256 00:11:20,320 --> 00:11:23,959 and it says if it rank Ranch equals zero 257 00:11:23,959 --> 00:11:26,160 meaning the accumulator was Zero we 258 00:11:26,160 --> 00:11:29,000 didn't get any bad errors it would it 259 00:11:29,000 --> 00:11:31,839 would fall through to to a good read and 260 00:11:31,839 --> 00:11:34,399 then we uh we would stop program 261 00:11:34,399 --> 00:11:36,399 execution 262 00:11:36,399 --> 00:11:39,920 basically that' be good a little bit 263 00:11:39,920 --> 00:11:42,279 horse original cracking looking at 264 00:11:42,279 --> 00:11:45,399 assembly on an assembler seeing these 265 00:11:45,399 --> 00:11:46,760 jumps and we were having this 266 00:11:46,760 --> 00:11:48,880 conversation when he was telling me hey 267 00:11:48,880 --> 00:11:50,200 we're looking at sub routines and 268 00:11:50,200 --> 00:11:51,519 looking where these jumps were at and 269 00:11:51,519 --> 00:11:52,880 we're just like doing all this cool 270 00:11:52,880 --> 00:11:54,880 stuff to try to patch it and I'm like 271 00:11:54,880 --> 00:11:57,360 dude that's like memory stuff that we're 272 00:11:57,360 --> 00:11:58,959 doing today and it was just crazy to 273 00:11:58,959 --> 00:11:59,920 have that 274 00:11:59,920 --> 00:12:02,160 conversation for for those of you that 275 00:12:02,160 --> 00:12:03,480 that aren't familiar with Assembly 276 00:12:03,480 --> 00:12:05,920 Language uh it's it's it's a language 277 00:12:05,920 --> 00:12:07,560 that the computer needs to talk to in 278 00:12:07,560 --> 00:12:10,120 machine language to make it easy for us 279 00:12:10,120 --> 00:12:13,399 the we use pneumonics um but for example 280 00:12:13,399 --> 00:12:15,240 the jsr to 281 00:12:15,240 --> 00:12:20,120 e453 the jsr is a hex value 20 so if you 282 00:12:20,120 --> 00:12:22,480 see over a little bit to the side there 283 00:12:22,480 --> 00:12:24,320 you uh you'll see the 20 then you'll see 284 00:12:24,320 --> 00:12:28,320 the address low high and I'm saying this 285 00:12:28,320 --> 00:12:31,839 because some instructions require two 286 00:12:31,839 --> 00:12:35,000 operands some only require one some 287 00:12:35,000 --> 00:12:38,320 instructions don't require any at all so 288 00:12:38,320 --> 00:12:41,240 like transfer X to a that would be one 289 00:12:41,240 --> 00:12:45,120 by that would be the op code no oper 290 00:12:45,120 --> 00:12:48,519 ANS and the reason I say that is you can 291 00:12:48,519 --> 00:12:51,760 see the machine code right here what we 292 00:12:51,760 --> 00:12:55,440 did we didn't wanted to do that check so 293 00:12:55,440 --> 00:12:57,800 we went in there we found the address 294 00:12:57,800 --> 00:12:59,639 and we put no Ops 295 00:12:59,639 --> 00:13:01,600 that's a one bite instruction that 296 00:13:01,600 --> 00:13:05,240 basically says don't do anything just 297 00:13:05,240 --> 00:13:08,320 just just go to the next nine so we put 298 00:13:08,320 --> 00:13:09,639 no Ops in 299 00:13:09,639 --> 00:13:12,199 there and now it's not doing to check it 300 00:13:12,199 --> 00:13:14,760 it falls right where it needs to go to 301 00:13:14,760 --> 00:13:16,800 start the program 302 00:13:16,800 --> 00:13:19,079 execution and when we did that and we 303 00:13:19,079 --> 00:13:23,079 booted it we got the 304 00:13:24,959 --> 00:13:28,360 game anyway what we discovered too is 305 00:13:28,360 --> 00:13:30,720 it's a cat Mouse kind of thing we we we 306 00:13:30,720 --> 00:13:33,360 quickly learned that the developers 307 00:13:33,360 --> 00:13:35,720 caught our little trick and they would 308 00:13:35,720 --> 00:13:38,120 take the next step which would be maybe 309 00:13:38,120 --> 00:13:41,600 do a check sum on their on the routine 310 00:13:41,600 --> 00:13:42,920 to make sure it wasn't altered or 311 00:13:42,920 --> 00:13:45,079 modified in any way the number needs to 312 00:13:45,079 --> 00:13:47,480 come up correct so in other words in 313 00:13:47,480 --> 00:13:50,160 this particular example the check sum 314 00:13:50,160 --> 00:13:51,680 would have been 315 00:13:51,680 --> 00:13:55,360 16 so if they ran the check up on our 316 00:13:55,360 --> 00:13:58,199 routine it would have been C2 it would 317 00:13:58,199 --> 00:14:00,320 have failed they wouldn't allowed 318 00:14:00,320 --> 00:14:03,519 execution so what we did we took a 319 00:14:03,519 --> 00:14:06,560 couple of those EAS noops and we 320 00:14:06,560 --> 00:14:08,519 replaced it with a load accumulator with 321 00:14:08,519 --> 00:14:10,880 some value we don't know what that value 322 00:14:10,880 --> 00:14:12,160 is going to be yet but we're going to 323 00:14:12,160 --> 00:14:15,079 load it with something and what we need 324 00:14:15,079 --> 00:14:18,120 to do is pick a value that will get us 325 00:14:18,120 --> 00:14:21,880 the 6E so now we have a noop routine 326 00:14:21,880 --> 00:14:24,800 with 6E for the check some and when we 327 00:14:24,800 --> 00:14:29,160 run it it goes It goes through 328 00:14:29,160 --> 00:14:32,600 so and finally there's a third method 329 00:14:32,600 --> 00:14:36,199 that we saw that they use developers 330 00:14:36,199 --> 00:14:39,600 clone their original function and then 331 00:14:39,600 --> 00:14:42,519 they hid it they back then they were 332 00:14:42,519 --> 00:14:46,680 using exclusive ORS to hide stuff I 333 00:14:46,680 --> 00:14:50,360 think they still do actually um so they 334 00:14:50,360 --> 00:14:53,519 hit it by exclusive or all ones become 335 00:14:53,519 --> 00:14:56,759 zeros all zeros become ones so if you 336 00:14:56,759 --> 00:14:58,440 were to look at it it would look like 337 00:14:58,440 --> 00:15:00,240 trash just 338 00:15:00,240 --> 00:15:03,120 garbage we decided to we figured that 339 00:15:03,120 --> 00:15:05,240 was what probably what they were doing 340 00:15:05,240 --> 00:15:09,519 so we exclusive Ed the whole program now 341 00:15:09,519 --> 00:15:11,519 we expected to not have any more machine 342 00:15:11,519 --> 00:15:15,160 code anymore but as we scroll down the 343 00:15:15,160 --> 00:15:17,560 routine popped right out at us so we 344 00:15:17,560 --> 00:15:19,440 knew at that point we knew that's what 345 00:15:19,440 --> 00:15:21,639 they 346 00:15:22,399 --> 00:15:25,880 did and I put a success up it's too 347 00:15:25,880 --> 00:15:29,720 early dude um so what we what we did 348 00:15:29,720 --> 00:15:31,880 what we did once we discovered what they 349 00:15:31,880 --> 00:15:34,480 were doing we put our original code back 350 00:15:34,480 --> 00:15:37,079 in there and then we exclusive order a 351 00:15:37,079 --> 00:15:41,680 copy and put it over the over their and 352 00:15:41,680 --> 00:15:44,040 saved it and that and then then you got 353 00:15:44,040 --> 00:15:45,720 the sucess my 354 00:15:45,720 --> 00:15:48,680 bad 355 00:15:48,680 --> 00:15:53,040 so anyway the summary on this is that um 356 00:15:53,040 --> 00:15:54,920 consumer microprocessor started to 357 00:15:54,920 --> 00:15:57,560 become a thing because we now had home 358 00:15:57,560 --> 00:16:00,920 computers tr8s and apple even the Apple 359 00:16:00,920 --> 00:16:05,279 was a 6502 as well and uh that it was 360 00:16:05,279 --> 00:16:07,279 basically the start of the home computer 361 00:16:07,279 --> 00:16:11,279 boom and also we obviously got involved 362 00:16:11,279 --> 00:16:13,680 with copy protection Rebellion we wanted 363 00:16:13,680 --> 00:16:16,519 to constantly try to find a way to get 364 00:16:16,519 --> 00:16:18,319 around this stuff we didn't know it at 365 00:16:18,319 --> 00:16:20,759 the time but we were hacking we were we 366 00:16:20,759 --> 00:16:23,560 were doing it for fun we just enjoyed it 367 00:16:23,560 --> 00:16:26,240 a lot matter of fact and we wanted to be 368 00:16:26,240 --> 00:16:29,279 the first ones to get our software onto 369 00:16:29,279 --> 00:16:31,079 a bulletin board before somebody else 370 00:16:31,079 --> 00:16:34,360 did our copy of the software basically 371 00:16:34,360 --> 00:16:37,240 but anyway um this is where I guess I 372 00:16:37,240 --> 00:16:42,079 hand it to my son and undo all my 373 00:16:46,839 --> 00:16:48,600 mistakes all 374 00:16:48,600 --> 00:16:52,360 right think I fix 375 00:16:53,360 --> 00:16:55,759 this maybe 376 00:16:55,759 --> 00:16:57,880 not hacking scene so we're going to talk 377 00:16:57,880 --> 00:16:58,920 about the '90s 378 00:16:58,920 --> 00:17:02,279 so as he ended with the bbs's um I'm 379 00:17:02,279 --> 00:17:05,039 growing up in the 9s I was born in ' 81 380 00:17:05,039 --> 00:17:07,280 so growing up on a PC through the 80s 381 00:17:07,280 --> 00:17:10,559 and then hitting my 90s um now I'm 382 00:17:10,559 --> 00:17:12,359 actually functioning on a computer and 383 00:17:12,359 --> 00:17:14,679 dealing with electronics and seeing him 384 00:17:14,679 --> 00:17:16,640 go to Blockbuster and renting my 385 00:17:16,640 --> 00:17:19,319 Nintendo games and then dumping the eoms 386 00:17:19,319 --> 00:17:20,599 and trying to clone them and I didn't 387 00:17:20,599 --> 00:17:22,559 know what was going on back then I knew 388 00:17:22,559 --> 00:17:24,439 that he was cloning the games but I 389 00:17:24,439 --> 00:17:26,959 didn't know um anything about all the 390 00:17:26,959 --> 00:17:28,919 electronic components of it and that's 391 00:17:28,919 --> 00:17:30,919 kind of where I got started so when I 392 00:17:30,919 --> 00:17:34,520 jumped in um bbs's were the thing so we 393 00:17:34,520 --> 00:17:37,160 had Renegade Wildcat um a lot of these 394 00:17:37,160 --> 00:17:40,679 bbs's had back doors that the ssop were 395 00:17:40,679 --> 00:17:42,640 or the software developers were 396 00:17:42,640 --> 00:17:45,679 embedding and these BBS as I've noticed 397 00:17:45,679 --> 00:17:47,559 were really all about the free flow of 398 00:17:47,559 --> 00:17:49,600 information so I didn't know it at the 399 00:17:49,600 --> 00:17:51,880 time but going into my house into his 400 00:17:51,880 --> 00:17:54,320 closet my mom would have these Avon 401 00:17:54,320 --> 00:17:56,720 boxes cuz she sold Avon and so we would 402 00:17:56,720 --> 00:17:58,400 look in these Avon boxes and we would 403 00:17:58,400 --> 00:18:00,960 have copies of literally everything so I 404 00:18:00,960 --> 00:18:03,400 had like Unix system 5 release 4 I had 405 00:18:03,400 --> 00:18:06,280 Red Hat power tools like 3.1 and so I'm 406 00:18:06,280 --> 00:18:08,799 in this house growing up and then I open 407 00:18:08,799 --> 00:18:11,320 up this piece of paper and I find a list 408 00:18:11,320 --> 00:18:14,120 of local BBS nodes with their dial up 409 00:18:14,120 --> 00:18:17,080 phone numbers and so I starting to dial 410 00:18:17,080 --> 00:18:19,120 into these bbs's and getting familiar 411 00:18:19,120 --> 00:18:21,320 with the war's door or the BBS doors and 412 00:18:21,320 --> 00:18:23,880 the games and fell in love with Legends 413 00:18:23,880 --> 00:18:27,520 of the red dragon anybody a lord player 414 00:18:27,520 --> 00:18:29,720 yes my people we probably playing on the 415 00:18:29,720 --> 00:18:32,480 same ones um and so these nodes were 416 00:18:32,480 --> 00:18:34,400 spun up all around the world but I was 417 00:18:34,400 --> 00:18:36,760 on my local ones and getting familiar 418 00:18:36,760 --> 00:18:39,320 with them and they were all text based 419 00:18:39,320 --> 00:18:42,799 and um and so using that list logging in 420 00:18:42,799 --> 00:18:45,760 Playing Lord and then finding where's U 421 00:18:45,760 --> 00:18:48,360 you could see why I I stayed um and that 422 00:18:48,360 --> 00:18:50,840 was where I first got my The anarchus 423 00:18:50,840 --> 00:18:53,640 cookbook and so in probably everybody 424 00:18:53,640 --> 00:18:55,120 knows about the Anarchist Cookbook so 425 00:18:55,120 --> 00:18:57,760 I'll skip that but uh yeah it was just a 426 00:18:57,760 --> 00:18:59,320 really interesting time to kind of grow 427 00:18:59,320 --> 00:19:01,919 up and so kind of going through we had a 428 00:19:01,919 --> 00:19:05,080 lot of early influences in these bbs's 429 00:19:05,080 --> 00:19:07,440 and that we were sharing files from 430 00:19:07,440 --> 00:19:09,240 these groups and I had no clue who these 431 00:19:09,240 --> 00:19:10,760 groups were at the time it was all just 432 00:19:10,760 --> 00:19:12,919 kind of an introduction but you had the 433 00:19:12,919 --> 00:19:15,000 legions of Doom U they were founded in 434 00:19:15,000 --> 00:19:17,679 the 80s uh and that they kind of created 435 00:19:17,679 --> 00:19:19,520 the hackers Manifesto so we probably 436 00:19:19,520 --> 00:19:22,799 know that one from the mentor um initial 437 00:19:22,799 --> 00:19:25,240 vulnerability um contributions that we 438 00:19:25,240 --> 00:19:27,799 found were through bbs's and so it was 439 00:19:27,799 --> 00:19:30,320 really this influence IAL portion of the 440 00:19:30,320 --> 00:19:31,640 hacker culture that I was getting 441 00:19:31,640 --> 00:19:33,000 introduced to that I really didn't know 442 00:19:33,000 --> 00:19:35,760 anything about and I was a kid um and so 443 00:19:35,760 --> 00:19:36,960 obviously he didn't know what I was 444 00:19:36,960 --> 00:19:38,919 doing and uh so it was just really kind 445 00:19:38,919 --> 00:19:41,600 of interesting uh so I remember um 446 00:19:41,600 --> 00:19:43,280 reading about this a long time ago but 447 00:19:43,280 --> 00:19:47,360 um LOD actually created a TLD um on the 448 00:19:47,360 --> 00:19:50,360 root DNS that was called LOD and somehow 449 00:19:50,360 --> 00:19:52,240 it just showed up some way I'm not sure 450 00:19:52,240 --> 00:19:54,240 how it got there um and you had masters 451 00:19:54,240 --> 00:19:55,960 of deception this was really cool 452 00:19:55,960 --> 00:19:57,720 because they were um doing a lot of the 453 00:19:57,720 --> 00:20:00,320 research into the systems at the time 454 00:20:00,320 --> 00:20:02,000 and so it really popularized the whole 455 00:20:02,000 --> 00:20:04,400 freaking uh culture and and movement 456 00:20:04,400 --> 00:20:06,480 that kind of happened and so I talk 457 00:20:06,480 --> 00:20:07,840 about the mentor a little bit the 458 00:20:07,840 --> 00:20:09,200 conscience of a hacker the Hacker's 459 00:20:09,200 --> 00:20:12,440 Manifesto super super influential in the 460 00:20:12,440 --> 00:20:15,200 early days culture and so it was just 461 00:20:15,200 --> 00:20:18,000 really motivated by that Curiosity um 462 00:20:18,000 --> 00:20:19,600 and then the free flow of information it 463 00:20:19,600 --> 00:20:21,200 was about challenging everything 464 00:20:21,200 --> 00:20:23,280 challenging Authority challenging the 465 00:20:23,280 --> 00:20:25,679 rules challenging the systems and it 466 00:20:25,679 --> 00:20:27,840 just created this pursuit of breaking 467 00:20:27,840 --> 00:20:30,080 boundaries and it was involving Tech and 468 00:20:30,080 --> 00:20:32,320 it was just this this is who I was and 469 00:20:32,320 --> 00:20:34,240 it was the makeup of what my dad was 470 00:20:34,240 --> 00:20:36,039 introducing me to although I didn't know 471 00:20:36,039 --> 00:20:38,120 it at the time and um and it really 472 00:20:38,120 --> 00:20:39,840 wasn't about being malicious it was 473 00:20:39,840 --> 00:20:42,400 really just about that seeking of that 474 00:20:42,400 --> 00:20:44,400 Curiosity and that was the hacking 475 00:20:44,400 --> 00:20:46,480 mindset that they really laid out so it 476 00:20:46,480 --> 00:20:48,720 was laid out in the 80s but this was 477 00:20:48,720 --> 00:20:51,240 well into the 2000s um later on that 478 00:20:51,240 --> 00:20:53,799 people were still talking about this um 479 00:20:53,799 --> 00:20:55,080 and when we talk about freaking a little 480 00:20:55,080 --> 00:20:56,799 bit I wasn't super big into freaking my 481 00:20:56,799 --> 00:20:58,600 dad did more of the the phone system 482 00:20:58,600 --> 00:21:00,559 systems and stuff but um we had the blue 483 00:21:00,559 --> 00:21:02,400 box everybody knows the you know Captain 484 00:21:02,400 --> 00:21:05,280 Crunch and how he discovered the 2600 um 485 00:21:05,280 --> 00:21:07,280 and there was a lot of fake coin deposit 486 00:21:07,280 --> 00:21:09,000 sounds that they were able to trigger on 487 00:21:09,000 --> 00:21:11,360 these payones but I remember being at 488 00:21:11,360 --> 00:21:13,559 home cuz my mom worked at the same pay 489 00:21:13,559 --> 00:21:16,600 phone company that that my dad worked at 490 00:21:16,600 --> 00:21:18,840 they they manufactured payones and so 491 00:21:18,840 --> 00:21:21,240 she worked on the the assembly side and 492 00:21:21,240 --> 00:21:23,279 said they were creating like anti- 493 00:21:23,279 --> 00:21:25,279 stuffing devices and ways to make sure 494 00:21:25,279 --> 00:21:27,919 that they could detect those um those 495 00:21:27,919 --> 00:21:30,440 hacks on the payones and uh and I 496 00:21:30,440 --> 00:21:32,039 remember the first smart card pay phone 497 00:21:32,039 --> 00:21:33,480 I remember you having like the card and 498 00:21:33,480 --> 00:21:36,440 I had like the u a smart card on there 499 00:21:36,440 --> 00:21:38,240 first Spanish pay phone it was this 500 00:21:38,240 --> 00:21:40,000 whole freaking scene was interesting 501 00:21:40,000 --> 00:21:42,039 because it was like opening up the 502 00:21:42,039 --> 00:21:45,039 hacking of what was to come later on um 503 00:21:45,039 --> 00:21:46,360 when my dad was kind of working on the 504 00:21:46,360 --> 00:21:48,320 other side and the phone systems were 505 00:21:48,320 --> 00:21:49,760 being tricked and you could like you 506 00:21:49,760 --> 00:21:51,720 could make an additional phone call like 507 00:21:51,720 --> 00:21:54,120 a longdistance one um without actually 508 00:21:54,120 --> 00:21:56,120 being built and without being traced and 509 00:21:56,120 --> 00:21:58,720 so there was this super surge in these 510 00:21:58,720 --> 00:22:00,559 boxes that people were creating to do 511 00:22:00,559 --> 00:22:02,720 these different weird things some were 512 00:22:02,720 --> 00:22:05,159 generating tones and um others were 513 00:22:05,159 --> 00:22:06,840 doing other things um but were doing a 514 00:22:06,840 --> 00:22:08,840 lot of wiretapping and snooping on phone 515 00:22:08,840 --> 00:22:11,400 calls and just a lot of good groups came 516 00:22:11,400 --> 00:22:14,159 out of this um and so it kind of kicked 517 00:22:14,159 --> 00:22:16,799 off this whole hacking freaking virus 518 00:22:16,799 --> 00:22:19,320 cracking Anarchy movement um with the 519 00:22:19,320 --> 00:22:21,960 bbs's and so uset kind of popped up and 520 00:22:21,960 --> 00:22:24,600 it was the alt. 2600 probably everybody 521 00:22:24,600 --> 00:22:26,400 has heard of that at one point and we 522 00:22:26,400 --> 00:22:28,919 talked about the BBS back doors but some 523 00:22:28,919 --> 00:22:30,799 of them were like with the Renegade you 524 00:22:30,799 --> 00:22:33,760 could push I a 100 times and it would 525 00:22:33,760 --> 00:22:36,840 actually push you into the siso menu and 526 00:22:36,840 --> 00:22:38,440 you could access some of the ssop 527 00:22:38,440 --> 00:22:39,760 functions which was like the 528 00:22:39,760 --> 00:22:42,679 administrator of the bbs's um there were 529 00:22:42,679 --> 00:22:44,320 other ones that had hardcoded 530 00:22:44,320 --> 00:22:45,840 credentials back door does this sound 531 00:22:45,840 --> 00:22:47,279 familiar I mean I think we have this 532 00:22:47,279 --> 00:22:49,840 still happening today um there were a 533 00:22:49,840 --> 00:22:51,600 lot of um different file access 534 00:22:51,600 --> 00:22:53,120 vulnerabilities because they would 535 00:22:53,120 --> 00:22:55,720 truncate the file name and so you could 536 00:22:55,720 --> 00:22:57,320 append different ones to do these 537 00:22:57,320 --> 00:22:59,440 downloads and you could download the the 538 00:22:59,440 --> 00:23:01,200 config files with the passwords that 539 00:23:01,200 --> 00:23:04,000 were playing text um it was just really 540 00:23:04,000 --> 00:23:07,120 interesting time frame for bbs's um if 541 00:23:07,120 --> 00:23:09,400 you wanted to uh to try to Brute Force 542 00:23:09,400 --> 00:23:12,640 login into bbs's you could just do it 543 00:23:12,640 --> 00:23:14,960 with two attempt cycles and you could 544 00:23:14,960 --> 00:23:16,760 actually evade that detection so it 545 00:23:16,760 --> 00:23:18,360 wouldn't lock out or do anything so you 546 00:23:18,360 --> 00:23:21,120 dial in two times you stop you pause you 547 00:23:21,120 --> 00:23:22,400 do it again a little bit later and it 548 00:23:22,400 --> 00:23:24,679 just this very slow Brute Force but it 549 00:23:24,679 --> 00:23:27,200 was super cool and then we had these 550 00:23:27,200 --> 00:23:30,159 things called local ssop meetings where 551 00:23:30,159 --> 00:23:32,640 all of the local BBS nodes that were 552 00:23:32,640 --> 00:23:34,600 ssops would get together they would meet 553 00:23:34,600 --> 00:23:37,360 at IHOP in our town um and IHOP would 554 00:23:37,360 --> 00:23:39,600 they would bring these big bulky laptops 555 00:23:39,600 --> 00:23:41,640 and you see all the ssops kind of over 556 00:23:41,640 --> 00:23:43,640 there and and so me I was young like I'm 557 00:23:43,640 --> 00:23:44,919 a teenager so I'm going to talk about 558 00:23:44,919 --> 00:23:47,840 some that I've done um but just know I 559 00:23:47,840 --> 00:23:50,120 was really young and it was just kind of 560 00:23:50,120 --> 00:23:52,640 not good but we would shoulder surf the 561 00:23:52,640 --> 00:23:54,840 ssops and so me and a friend of mine 562 00:23:54,840 --> 00:23:56,600 from a town over we grew up together we 563 00:23:56,600 --> 00:23:58,520 would shoulder surf the ssops and and 564 00:23:58,520 --> 00:24:01,520 then go home dial into their bbs's with 565 00:24:01,520 --> 00:24:03,960 their credentials and we got banned 566 00:24:03,960 --> 00:24:06,400 across all of the local BBS 567 00:24:06,400 --> 00:24:09,320 nodes yeah so they didn't know that and 568 00:24:09,320 --> 00:24:11,440 uh and so you wonder why you can't dial 569 00:24:11,440 --> 00:24:13,760 into the BBS anymore was because they 570 00:24:13,760 --> 00:24:15,679 they would block your phone number from 571 00:24:15,679 --> 00:24:17,960 being able to call the nodes so you have 572 00:24:17,960 --> 00:24:19,440 to change your phone number or go to 573 00:24:19,440 --> 00:24:21,720 your neighbors or do something like that 574 00:24:21,720 --> 00:24:23,919 and so that kind of happened um and so 575 00:24:23,919 --> 00:24:25,960 there's some dial up there and it moved 576 00:24:25,960 --> 00:24:28,559 into the AOL scene so full disclosure I 577 00:24:28,559 --> 00:24:32,840 skipped the AOL scene um we had 128k 578 00:24:32,840 --> 00:24:36,360 ISDN so two 64k lines um that were 579 00:24:36,360 --> 00:24:38,360 joined so we always had internet I had 580 00:24:38,360 --> 00:24:40,159 the best of the best because of him and 581 00:24:40,159 --> 00:24:42,919 his work and um the work equipment that 582 00:24:42,919 --> 00:24:45,039 they provided he would bring home so I 583 00:24:45,039 --> 00:24:47,600 kind of was the outlier but I did do a 584 00:24:47,600 --> 00:24:49,799 lot of AOL progs and I did them for my 585 00:24:49,799 --> 00:24:51,960 friends so you could like put a prag 586 00:24:51,960 --> 00:24:53,559 together and a little room Buster or 587 00:24:53,559 --> 00:24:55,000 something and you could sell it for like 588 00:24:55,000 --> 00:24:57,880 15 bucks in the neighborhood and so um 589 00:24:57,880 --> 00:25:00,360 that ended up up happening um and moving 590 00:25:00,360 --> 00:25:03,960 into this whole dialup War where a lot 591 00:25:03,960 --> 00:25:07,240 of these big software Solutions were 592 00:25:07,240 --> 00:25:10,200 being created like aohell and so aohell 593 00:25:10,200 --> 00:25:12,320 would steal accounts you could fish 594 00:25:12,320 --> 00:25:14,600 generate fake credit card numbers um 595 00:25:14,600 --> 00:25:15,919 there was these things called puning 596 00:25:15,919 --> 00:25:17,520 where you could send over and over and 597 00:25:17,520 --> 00:25:20,320 over messages and kick them offline um 598 00:25:20,320 --> 00:25:21,919 there were scrollers there were mail 599 00:25:21,919 --> 00:25:23,520 bombs where they would dump a bunch of 600 00:25:23,520 --> 00:25:26,640 mail into people's email box um and and 601 00:25:26,640 --> 00:25:28,480 there was just a lot of stuff happening 602 00:25:28,480 --> 00:25:30,880 you could subscribe to mass males I 603 00:25:30,880 --> 00:25:33,120 completely forgot about this until I was 604 00:25:33,120 --> 00:25:35,120 starting the the presentation but you 605 00:25:35,120 --> 00:25:37,880 could get wees in your AOL inbox just by 606 00:25:37,880 --> 00:25:40,840 signing up on these Mass mailers and so 607 00:25:40,840 --> 00:25:42,200 um this is where I got my start with 608 00:25:42,200 --> 00:25:44,480 really developing so vb3 was like the 609 00:25:44,480 --> 00:25:46,200 hot thing at the time and we would just 610 00:25:46,200 --> 00:25:48,039 use send Keys like I wasn't even smart 611 00:25:48,039 --> 00:25:49,440 enough to like do anything else other 612 00:25:49,440 --> 00:25:51,799 than just like send Keys um but it 613 00:25:51,799 --> 00:25:53,559 worked and you could send Keys over and 614 00:25:53,559 --> 00:25:55,520 over with loops and Brute Force into 615 00:25:55,520 --> 00:25:58,399 rooms and it was super cool at the time 616 00:25:58,399 --> 00:26:00,320 time they had AOL had like what they 617 00:26:00,320 --> 00:26:01,799 called a BL it wasn't a blue team but it 618 00:26:01,799 --> 00:26:04,440 is a blue team called catwatch and so 619 00:26:04,440 --> 00:26:07,200 catwatch was basically the the staff of 620 00:26:07,200 --> 00:26:10,320 AOL that was monitoring for the people 621 00:26:10,320 --> 00:26:13,360 using these progs in these rooms and so 622 00:26:13,360 --> 00:26:15,440 everybody was trying to fish these 623 00:26:15,440 --> 00:26:17,799 overhead accounts and so an overhead 624 00:26:17,799 --> 00:26:20,159 account was basically a staff account on 625 00:26:20,159 --> 00:26:22,880 AOL and you got access to do stuff like 626 00:26:22,880 --> 00:26:25,080 reset users passwords and so people were 627 00:26:25,080 --> 00:26:27,159 using overhead accounts to steal screen 628 00:26:27,159 --> 00:26:30,200 names and so it just caused this massive 629 00:26:30,200 --> 00:26:32,480 blowout then there was Merlin Merlin was 630 00:26:32,480 --> 00:26:35,559 the software that AOL used to log in and 631 00:26:35,559 --> 00:26:37,200 so people were trying to get access to 632 00:26:37,200 --> 00:26:38,919 it and this is kind of the the red blue 633 00:26:38,919 --> 00:26:41,520 slide so on the left you have blue team 634 00:26:41,520 --> 00:26:44,320 this is what Merlin looked like for the 635 00:26:44,320 --> 00:26:47,000 overhead users so when I worked at AOL 636 00:26:47,000 --> 00:26:49,559 they gave us an overhead account and so 637 00:26:49,559 --> 00:26:51,000 we would log in and this was actually 638 00:26:51,000 --> 00:26:52,559 the first place I ever had to use the 639 00:26:52,559 --> 00:26:55,320 RSA tokens this was a long time ago um 640 00:26:55,320 --> 00:26:57,360 they were using RSA tokens for Merlin 641 00:26:57,360 --> 00:26:58,840 because of what was going on and then 642 00:26:58,840 --> 00:27:00,720 you had aohell on the other side it was 643 00:27:00,720 --> 00:27:02,440 just kind of this interesting movement 644 00:27:02,440 --> 00:27:04,760 that happened um skip ahead a little bit 645 00:27:04,760 --> 00:27:08,120 because I told you I was ONN and on ISDN 646 00:27:08,120 --> 00:27:10,640 we had IRC obviously I wore the shirt 647 00:27:10,640 --> 00:27:11,919 radicalized by 648 00:27:11,919 --> 00:27:14,919 IRC we had channels and these channels 649 00:27:14,919 --> 00:27:17,120 you had nicknames and people went by 650 00:27:17,120 --> 00:27:19,120 nicknames and personas you didn't go by 651 00:27:19,120 --> 00:27:22,200 your real name and that was I don't know 652 00:27:22,200 --> 00:27:23,799 if I talk about it in here or not but 653 00:27:23,799 --> 00:27:24,840 actually it's the next slide I'll just 654 00:27:24,840 --> 00:27:27,279 wait but you had TCP client and server 655 00:27:27,279 --> 00:27:29,399 so you take your client connected to the 656 00:27:29,399 --> 00:27:31,240 server and we start learning that you 657 00:27:31,240 --> 00:27:34,760 could send like ICP icmp unreachable 658 00:27:34,760 --> 00:27:38,320 packets and spoof the the source to the 659 00:27:38,320 --> 00:27:39,960 server and it would it would nuke the 660 00:27:39,960 --> 00:27:41,279 person off it would disconnect their 661 00:27:41,279 --> 00:27:43,840 session and so if you could get their IP 662 00:27:43,840 --> 00:27:45,880 address if they weren't behind like a 663 00:27:45,880 --> 00:27:48,200 Windgate proxy from back in the day you 664 00:27:48,200 --> 00:27:49,919 could use these denial of service 665 00:27:49,919 --> 00:27:52,080 attacks at the time to boot people off 666 00:27:52,080 --> 00:27:55,120 IRC log in steal their nickname rejoin 667 00:27:55,120 --> 00:27:57,159 the channel and it was just causing all 668 00:27:57,159 --> 00:28:00,080 of this new movement on IRC and so you 669 00:28:00,080 --> 00:28:01,960 had a couple different clients um and 670 00:28:01,960 --> 00:28:03,399 then you had scripts that people were 671 00:28:03,399 --> 00:28:05,519 starting to create and the scripts were 672 00:28:05,519 --> 00:28:07,279 super fun so you could run you could 673 00:28:07,279 --> 00:28:08,760 build these scripts and write these 674 00:28:08,760 --> 00:28:10,600 tools and then automate a lot of your 675 00:28:10,600 --> 00:28:13,440 tasks and so the popular servers at the 676 00:28:13,440 --> 00:28:16,360 time that I was on was fnet and Undernet 677 00:28:16,360 --> 00:28:18,640 um fnet was more fun it was a lot more 678 00:28:18,640 --> 00:28:20,519 talent that was there Undernet was a lot 679 00:28:20,519 --> 00:28:23,399 more trollish um but it was fun I I did 680 00:28:23,399 --> 00:28:26,000 both but it really started to to 681 00:28:26,000 --> 00:28:28,960 permeate in a culture and so I want to 682 00:28:28,960 --> 00:28:30,640 talk about that a little bit because 683 00:28:30,640 --> 00:28:32,559 it's super important to reflect on the 684 00:28:32,559 --> 00:28:34,600 culture that we had then everything so 685 00:28:34,600 --> 00:28:36,840 far sounded really good but the reality 686 00:28:36,840 --> 00:28:40,279 is that we had a super super toxic 687 00:28:40,279 --> 00:28:41,960 culture you want to talk about 688 00:28:41,960 --> 00:28:44,080 gatekeeping at the keynote um they 689 00:28:44,080 --> 00:28:46,279 talked about this a little bit it was so 690 00:28:46,279 --> 00:28:49,000 bad then because it was always public 691 00:28:49,000 --> 00:28:51,640 shaming it was always public humiliating 692 00:28:51,640 --> 00:28:53,080 um there was discrimination against 693 00:28:53,080 --> 00:28:54,519 everything it could be where you were 694 00:28:54,519 --> 00:28:56,600 from what country you lived in and they 695 00:28:56,600 --> 00:28:58,880 would shun you um it be that you were 696 00:28:58,880 --> 00:29:02,159 from dnet another IRC Network and all of 697 00:29:02,159 --> 00:29:04,039 the sudden you were like frowned upon 698 00:29:04,039 --> 00:29:06,320 and nobody cared about you it was where 699 00:29:06,320 --> 00:29:09,120 the the terms script kitties and Skitty 700 00:29:09,120 --> 00:29:11,760 and skids really got popularized I'm not 701 00:29:11,760 --> 00:29:14,080 sure where it really started but what it 702 00:29:14,080 --> 00:29:16,480 meant was people that were new to 703 00:29:16,480 --> 00:29:18,799 security that were using someone else's 704 00:29:18,799 --> 00:29:21,640 scripts to cause havoc and so that's 705 00:29:21,640 --> 00:29:23,840 where skites or skids or script kitties 706 00:29:23,840 --> 00:29:26,279 came from but it also coined the terms 707 00:29:26,279 --> 00:29:29,840 the 31337 the one 337 because it 708 00:29:29,840 --> 00:29:32,279 differentiated between whether you were 709 00:29:32,279 --> 00:29:33,960 accepted or not accepted whether you 710 00:29:33,960 --> 00:29:35,720 were frowned upon or whether you were 711 00:29:35,720 --> 00:29:38,240 just pushed aside and it was really hard 712 00:29:38,240 --> 00:29:40,000 to start fitting in I mean I already had 713 00:29:40,000 --> 00:29:42,039 a hard time fitting in at school right 714 00:29:42,039 --> 00:29:44,320 like being a nerd growing up in a house 715 00:29:44,320 --> 00:29:46,799 with super thick glasses and then going 716 00:29:46,799 --> 00:29:50,240 into like the the IRC and seeing all the 717 00:29:50,240 --> 00:29:53,159 same stuff it was hard to fit in you had 718 00:29:53,159 --> 00:29:55,679 to like start trolling also or join up 719 00:29:55,679 --> 00:29:57,399 with someone that you had friends with 720 00:29:57,399 --> 00:29:59,399 in order to start being accepted and 721 00:29:59,399 --> 00:30:02,760 then the was people are being um hiding 722 00:30:02,760 --> 00:30:05,600 behind personas and because we're hiding 723 00:30:05,600 --> 00:30:08,240 behind personas people would use the 724 00:30:08,240 --> 00:30:10,880 finger D to try to dox you and if they 725 00:30:10,880 --> 00:30:12,799 doxed you they get your IP address they 726 00:30:12,799 --> 00:30:13,679 get you some of your personal 727 00:30:13,679 --> 00:30:15,919 information and now they start dropping 728 00:30:15,919 --> 00:30:17,440 docks that's where that really started 729 00:30:17,440 --> 00:30:19,480 emerging I know we still talk about that 730 00:30:19,480 --> 00:30:22,120 but that's really where it was at and so 731 00:30:22,120 --> 00:30:24,760 IRC became a Battleground and so you had 732 00:30:24,760 --> 00:30:27,480 IRC Wars you had takeovers of channels 733 00:30:27,480 --> 00:30:29,279 you had people people pushing net splits 734 00:30:29,279 --> 00:30:31,039 and driving a lot of bandwidth to 735 00:30:31,039 --> 00:30:32,960 servers to overwhelm them so that we 736 00:30:32,960 --> 00:30:35,399 could cause a net split and then rejoin 737 00:30:35,399 --> 00:30:37,360 the server ride that net split into a 738 00:30:37,360 --> 00:30:40,600 channel take over the channel ban 739 00:30:40,600 --> 00:30:42,600 everybody out of it set a key make it 740 00:30:42,600 --> 00:30:44,399 locked down so nobody had access to it 741 00:30:44,399 --> 00:30:47,159 it was wild wild west and so this is 742 00:30:47,159 --> 00:30:50,320 going on there's full-blown um denial of 743 00:30:50,320 --> 00:30:52,640 service attacks happening there were um 744 00:30:52,640 --> 00:30:55,399 they used xdcc for wees so you could 745 00:30:55,399 --> 00:30:59,399 join the channel do pound xdcc send 746 00:30:59,399 --> 00:31:02,480 Visual Basic three dis one of a 100 cuz 747 00:31:02,480 --> 00:31:04,639 you had to download a 100 of them um and 748 00:31:04,639 --> 00:31:06,600 then you'd pull it down and then so it 749 00:31:06,600 --> 00:31:08,639 was like full leech on Wares it was just 750 00:31:08,639 --> 00:31:10,919 this crazy time to kind of grow up well 751 00:31:10,919 --> 00:31:13,440 what emerged out of that was people that 752 00:31:13,440 --> 00:31:15,960 started fitting in with each other would 753 00:31:15,960 --> 00:31:18,120 start forming a group and that group 754 00:31:18,120 --> 00:31:20,039 would be closed off they wouldn't allow 755 00:31:20,039 --> 00:31:22,240 Outsiders to come in it became invite 756 00:31:22,240 --> 00:31:25,200 only and these groups were kind of 757 00:31:25,200 --> 00:31:28,639 protecting each other because of that 758 00:31:28,639 --> 00:31:30,519 crazy toxic culture that was going on 759 00:31:30,519 --> 00:31:32,200 and they started Waging War on each 760 00:31:32,200 --> 00:31:33,840 other I'm going to talk about that in a 761 00:31:33,840 --> 00:31:36,440 little bit but it became this movement 762 00:31:36,440 --> 00:31:40,279 of mass defacements and so what you have 763 00:31:40,279 --> 00:31:42,600 is you have these groups I'm going to 764 00:31:42,600 --> 00:31:44,840 talk about a couple of them here and so 765 00:31:44,840 --> 00:31:46,639 these are mainly on Undernet and fnet I 766 00:31:46,639 --> 00:31:48,240 know there were other groups on other 767 00:31:48,240 --> 00:31:50,159 IRC networks and I'm only speaking of 768 00:31:50,159 --> 00:31:52,440 the ones that I'm familiar with and so 769 00:31:52,440 --> 00:31:55,240 there were enforcers Oblivion innuendo 770 00:31:55,240 --> 00:31:57,679 those are some of the bigger groups um 771 00:31:57,679 --> 00:31:59,639 um pound chaos they created a lot of 772 00:31:59,639 --> 00:32:01,799 tooling for the groups and then you had 773 00:32:01,799 --> 00:32:04,320 some groups that spun up called infrared 774 00:32:04,320 --> 00:32:07,799 infrared moved into becoming total chaos 775 00:32:07,799 --> 00:32:08,880 and then there were other groups like 776 00:32:08,880 --> 00:32:10,919 feed the goats and all of these started 777 00:32:10,919 --> 00:32:13,279 breaking up and so these groups were 778 00:32:13,279 --> 00:32:14,880 groups of people that were actually 779 00:32:14,880 --> 00:32:17,720 starting to do blackout stuff and so a 780 00:32:17,720 --> 00:32:19,840 lot of them were really skids a lot of I 781 00:32:19,840 --> 00:32:22,240 was there so I was a skid like that was 782 00:32:22,240 --> 00:32:24,840 us and so these tools were coming out to 783 00:32:24,840 --> 00:32:28,639 take over IRC channels to Nuke to do 784 00:32:28,639 --> 00:32:30,559 and as that was happening you had two 785 00:32:30,559 --> 00:32:33,279 new groups that really formed one was 786 00:32:33,279 --> 00:32:35,200 Global hell and one was milworm you 787 00:32:35,200 --> 00:32:37,799 probably know milworm as the exploit 788 00:32:37,799 --> 00:32:40,720 repository that came after prior to that 789 00:32:40,720 --> 00:32:43,960 stroke and milworm created another group 790 00:32:43,960 --> 00:32:45,600 and these two groups really started to 791 00:32:45,600 --> 00:32:47,840 rival each other so there was a lot of 792 00:32:47,840 --> 00:32:49,919 crossover milworm would leave milworm 793 00:32:49,919 --> 00:32:51,919 and come to Global hell Global hell 794 00:32:51,919 --> 00:32:54,080 would leave them and go to milworm and 795 00:32:54,080 --> 00:32:56,559 it became this super fight between the 796 00:32:56,559 --> 00:33:00,000 two which led into Mass defacements 797 00:33:00,000 --> 00:33:02,360 across the internet and and bear in mind 798 00:33:02,360 --> 00:33:03,919 when I say Mass defacements I'm not 799 00:33:03,919 --> 00:33:06,399 talking about like rming and deleting 800 00:33:06,399 --> 00:33:08,799 all the stuff back then these groups 801 00:33:08,799 --> 00:33:11,919 were not intending to cause damage they 802 00:33:11,919 --> 00:33:14,080 were only doing they they would take an 803 00:33:14,080 --> 00:33:16,840 index.html and rename it because I 804 00:33:16,840 --> 00:33:18,320 didn't want to damage the server it 805 00:33:18,320 --> 00:33:21,000 wasn't about the servers or the admins 806 00:33:21,000 --> 00:33:23,159 that were being defaced it was about 807 00:33:23,159 --> 00:33:25,639 graffiting a high popular traffic 808 00:33:25,639 --> 00:33:28,159 website to throw shade on another group 809 00:33:28,159 --> 00:33:30,399 gr then you had other groups that 810 00:33:30,399 --> 00:33:32,399 started taking over so there was 811 00:33:32,399 --> 00:33:34,840 Oblivion that started and they took over 812 00:33:34,840 --> 00:33:37,600 Undernet they hacked Bob KC which was an 813 00:33:37,600 --> 00:33:40,679 IRC op and they ended up hijacking C 814 00:33:40,679 --> 00:33:43,000 Service which was a channel service for 815 00:33:43,000 --> 00:33:45,039 controlling services and then they added 816 00:33:45,039 --> 00:33:46,799 what they call gines which was like a 817 00:33:46,799 --> 00:33:49,600 ban on a user They just added star 818 00:33:49,600 --> 00:33:52,320 exclamation star at Star and banned 819 00:33:52,320 --> 00:33:54,559 everybody which caused massive Chaos on 820 00:33:54,559 --> 00:33:56,639 Undernet everybody was banned and these 821 00:33:56,639 --> 00:33:58,120 groups were just battling back back and 822 00:33:58,120 --> 00:34:00,720 forth and so this kind of Spun up into 823 00:34:00,720 --> 00:34:02,799 the whole reverse engineering uh 824 00:34:02,799 --> 00:34:04,559 vulnerability research and exploit 825 00:34:04,559 --> 00:34:07,080 development mode because now these 826 00:34:07,080 --> 00:34:09,760 groups were turning super blackout and 827 00:34:09,760 --> 00:34:11,399 so as it was getting in there obviously 828 00:34:11,399 --> 00:34:13,079 everybody knows Frack but Frack was 829 00:34:13,079 --> 00:34:15,480 really popularized around this time and 830 00:34:15,480 --> 00:34:17,839 so everybody knows lf1 smashing the 831 00:34:17,839 --> 00:34:21,320 stack it like popularized bypassing you 832 00:34:21,320 --> 00:34:23,719 know memory corruption all these 833 00:34:23,719 --> 00:34:24,918 different types of vulnerabilities that 834 00:34:24,918 --> 00:34:27,199 were surfing and and then you had full 835 00:34:27,199 --> 00:34:29,239 disclosure bug track that dropped and so 836 00:34:29,239 --> 00:34:30,679 what was happening was you had a lot of 837 00:34:30,679 --> 00:34:31,879 really good groups which I'm going to 838 00:34:31,879 --> 00:34:34,040 talk about next but these groups were 839 00:34:34,040 --> 00:34:36,800 releasing these vulnerability details on 840 00:34:36,800 --> 00:34:38,879 full disclosure so now you have these 841 00:34:38,879 --> 00:34:40,839 black ha hat groups getting access to 842 00:34:40,839 --> 00:34:42,960 this disclosures and learning how to 843 00:34:42,960 --> 00:34:44,760 weaponize it slowly learning how to 844 00:34:44,760 --> 00:34:46,560 reverse engineer learning how to read 845 00:34:46,560 --> 00:34:49,719 frack and get into a disassembler or 846 00:34:49,719 --> 00:34:51,679 using soft ice and you know trying to 847 00:34:51,679 --> 00:34:53,918 learn how to do some sort of Kernel um 848 00:34:53,918 --> 00:34:56,560 exploitation and you get you get access 849 00:34:56,560 --> 00:34:59,079 to these tools and research and things 850 00:34:59,079 --> 00:35:01,800 start going crazy and so on fnet some of 851 00:35:01,800 --> 00:35:03,200 the channels that I hung out with was 852 00:35:03,200 --> 00:35:05,240 pound hack probably a pound hack on fnet 853 00:35:05,240 --> 00:35:06,240 I know there's some people that here I 854 00:35:06,240 --> 00:35:07,839 talked to already and I know y'all are 855 00:35:07,839 --> 00:35:11,040 there um pound Frack was obviously the 856 00:35:11,040 --> 00:35:13,720 the big one uh 2600 was there I wasn't I 857 00:35:13,720 --> 00:35:15,920 idled in there um pound Wares was a 858 00:35:15,920 --> 00:35:17,400 popular one if you could even get in 859 00:35:17,400 --> 00:35:18,760 there because that was usually um 860 00:35:18,760 --> 00:35:20,400 blocked and then on Undernet there was 861 00:35:20,400 --> 00:35:22,079 hack freak VY some of these other 862 00:35:22,079 --> 00:35:24,800 channels um super cool places to hang 863 00:35:24,800 --> 00:35:26,760 out to learn but it was still a toxic 864 00:35:26,760 --> 00:35:28,880 environment then you had other groups 865 00:35:28,880 --> 00:35:31,480 that popped up you had woooo you had 866 00:35:31,480 --> 00:35:35,079 woooo tesso ADM um a lot of these big 867 00:35:35,079 --> 00:35:36,800 names you probably already know like 868 00:35:36,800 --> 00:35:39,280 Loft and at stake came out at the time 869 00:35:39,280 --> 00:35:41,200 um CDC with back orifice which was like 870 00:35:41,200 --> 00:35:43,480 the original C2 but these groups were 871 00:35:43,480 --> 00:35:46,280 doing like crazy research people that we 872 00:35:46,280 --> 00:35:49,000 looked up to all the time you'd see them 873 00:35:49,000 --> 00:35:50,839 they were like unreachable you couldn't 874 00:35:50,839 --> 00:35:52,760 get with them because they were a group 875 00:35:52,760 --> 00:35:54,240 of people that didn't want all the Riff 876 00:35:54,240 --> 00:35:56,280 Raff they just wanted to make computer 877 00:35:56,280 --> 00:35:58,760 security better so they joined up and so 878 00:35:58,760 --> 00:36:00,640 you have this split that was actually 879 00:36:00,640 --> 00:36:02,160 happening had two groups that were 880 00:36:02,160 --> 00:36:04,200 interested in security there was a 881 00:36:04,200 --> 00:36:06,520 little overlap at times where some would 882 00:36:06,520 --> 00:36:08,680 kind of come but um but for the most 883 00:36:08,680 --> 00:36:10,839 part these groups that you see up here 884 00:36:10,839 --> 00:36:12,599 were the groups that we were getting 885 00:36:12,599 --> 00:36:15,160 vulnerabilities from or full-blown 886 00:36:15,160 --> 00:36:19,200 exploits that were leaking to the groups 887 00:36:19,200 --> 00:36:21,800 and so a leaked exploit would come out I 888 00:36:21,800 --> 00:36:24,319 think my mic is messing up a leaked 889 00:36:24,319 --> 00:36:26,560 exploit would drop that weap that 890 00:36:26,560 --> 00:36:28,079 exploit would get weapon 891 00:36:28,079 --> 00:36:30,319 really quickly and it would go and just 892 00:36:30,319 --> 00:36:32,560 ravage the internet and so you have that 893 00:36:32,560 --> 00:36:33,720 kind of happening I want to highlight 894 00:36:33,720 --> 00:36:34,760 woooo a little bit because I'm just 895 00:36:34,760 --> 00:36:36,280 going to highlight as we go through I 896 00:36:36,280 --> 00:36:39,040 know we have some woooo here um woo woo 897 00:36:39,040 --> 00:36:43,240 in the back so uh super super massive 898 00:36:43,240 --> 00:36:46,760 impact on the security industry like if 899 00:36:46,760 --> 00:36:49,160 you look at just the historical people 900 00:36:49,160 --> 00:36:50,640 that were there and the contributions 901 00:36:50,640 --> 00:36:52,839 that they made and then looking at the 902 00:36:52,839 --> 00:36:54,440 people that were there and where they're 903 00:36:54,440 --> 00:36:57,040 at today you see them leading the 904 00:36:57,040 --> 00:36:59,280 security industry for the most part and 905 00:36:59,280 --> 00:37:00,520 so you have a lot of people that you 906 00:37:00,520 --> 00:37:02,440 look up to tools that you've used or 907 00:37:02,440 --> 00:37:04,800 that you know about nmap Napster you 908 00:37:04,800 --> 00:37:07,119 have a lot of stuff that dropped uh like 909 00:37:07,119 --> 00:37:10,119 WhatsApp um Duo security a lot of these 910 00:37:10,119 --> 00:37:12,319 people that we have today came from this 911 00:37:12,319 --> 00:37:15,359 this group of people and I know after 912 00:37:15,359 --> 00:37:17,280 talking yesterday with one of them um he 913 00:37:17,280 --> 00:37:19,119 was saying that they're still around 914 00:37:19,119 --> 00:37:20,680 like I didn't know this it was surprise 915 00:37:20,680 --> 00:37:22,560 to me because I don't follow it all the 916 00:37:22,560 --> 00:37:24,560 way that I used like I used to but 917 00:37:24,560 --> 00:37:26,240 finding that they're still around and 918 00:37:26,240 --> 00:37:27,960 that they're still functioning is just 919 00:37:27,960 --> 00:37:30,079 amazing to me I even heard that they 920 00:37:30,079 --> 00:37:32,160 might be looking to try to recruit John 921 00:37:32,160 --> 00:37:33,640 strand that's what I heard might be a 922 00:37:33,640 --> 00:37:36,560 rumor uh but anyway yeah so woooo um 923 00:37:36,560 --> 00:37:37,960 going to highlight Global hell here for 924 00:37:37,960 --> 00:37:39,240 a second because I highlighted a white 925 00:37:39,240 --> 00:37:41,839 hat and I want to show a black hat group 926 00:37:41,839 --> 00:37:44,160 at the same time you have Global how 927 00:37:44,160 --> 00:37:46,440 founded by mosted diow loophole and mind 928 00:37:46,440 --> 00:37:47,920 phaser these people are known it's not 929 00:37:47,920 --> 00:37:49,680 even I'm not like name dropping or 930 00:37:49,680 --> 00:37:51,280 anything um the reason why they're known 931 00:37:51,280 --> 00:37:52,640 is because there was a big bust that 932 00:37:52,640 --> 00:37:54,480 ended up happening down the road but it 933 00:37:54,480 --> 00:37:56,520 was infrared turned into total chaos 934 00:37:56,520 --> 00:37:58,040 which turned into global hell same 935 00:37:58,040 --> 00:38:00,720 people different nicknames same people 936 00:38:00,720 --> 00:38:02,280 different personas they just came and 937 00:38:02,280 --> 00:38:03,839 rebranded and this is kind of how they 938 00:38:03,839 --> 00:38:06,240 did this and they used teleconferences 939 00:38:06,240 --> 00:38:07,520 so what they were doing was they were 940 00:38:07,520 --> 00:38:10,200 spinning up 1800 number teleconferences 941 00:38:10,200 --> 00:38:12,240 under under people's identity and they 942 00:38:12,240 --> 00:38:13,839 would use this for like two months 943 00:38:13,839 --> 00:38:16,520 straight to coordinate attacks and so 944 00:38:16,520 --> 00:38:19,720 this kind of was causing massive 945 00:38:19,720 --> 00:38:22,599 disruptions across everywhere and so 946 00:38:22,599 --> 00:38:24,359 what ended up happening was you had this 947 00:38:24,359 --> 00:38:26,520 big group of people getting these remote 948 00:38:26,520 --> 00:38:28,319 route exploits 949 00:38:28,319 --> 00:38:31,240 that were weaponized and just damaging 950 00:38:31,240 --> 00:38:33,920 kind of everything and it started um 951 00:38:33,920 --> 00:38:35,839 once that started happening raids 952 00:38:35,839 --> 00:38:37,079 started happening and I'll talk about 953 00:38:37,079 --> 00:38:39,160 that later on but people started getting 954 00:38:39,160 --> 00:38:41,520 raided and so then they started shifting 955 00:38:41,520 --> 00:38:43,040 their Direction so instead of just 956 00:38:43,040 --> 00:38:45,839 targeting like China because China got 957 00:38:45,839 --> 00:38:48,000 targeted because they sentenced two 958 00:38:48,000 --> 00:38:50,119 hackers to death right it was like way 959 00:38:50,119 --> 00:38:51,480 back in the day so all of a sudden 960 00:38:51,480 --> 00:38:53,000 China's in the Limelight they're hacking 961 00:38:53,000 --> 00:38:55,160 every Chinese website they could find 962 00:38:55,160 --> 00:38:57,119 and just def facing it in retribution 963 00:38:57,119 --> 00:38:59,359 for were sentencing the two hackers to 964 00:38:59,359 --> 00:39:01,560 death um then you had um the milworm 965 00:39:01,560 --> 00:39:03,079 global hell drama so there was a lot of 966 00:39:03,079 --> 00:39:05,200 defacements against milworm and then you 967 00:39:05,200 --> 00:39:07,680 had the shift towards the government 968 00:39:07,680 --> 00:39:09,240 because the government was now starting 969 00:39:09,240 --> 00:39:11,880 to Target them and what you're left with 970 00:39:11,880 --> 00:39:13,800 is a bunch of hacks the the jet 971 00:39:13,800 --> 00:39:16,079 propulsion laboratory at Nasa got hacked 972 00:39:16,079 --> 00:39:19,040 white house.gov got defaced um Noah got 973 00:39:19,040 --> 00:39:20,200 hacked there's all kinds of different 974 00:39:20,200 --> 00:39:21,200 types of hacks that happened they 975 00:39:21,200 --> 00:39:23,440 started just hitting everybody and as a 976 00:39:23,440 --> 00:39:26,480 result of hitting everybody 30 like over 977 00:39:26,480 --> 00:39:28,599 30 um indictment or raids started 978 00:39:28,599 --> 00:39:29,920 happening across the country in the 979 00:39:29,920 --> 00:39:32,119 United States alone and so FBI was 980 00:39:32,119 --> 00:39:33,480 flying around and they really weren't 981 00:39:33,480 --> 00:39:36,160 sure what to actually charge people with 982 00:39:36,160 --> 00:39:37,599 and so what ended up happening was there 983 00:39:37,599 --> 00:39:39,040 was a lot of multiple indictments that 984 00:39:39,040 --> 00:39:41,280 ended up happening um most hated ended 985 00:39:41,280 --> 00:39:42,839 up getting hit for the teleconferences 986 00:39:42,839 --> 00:39:44,760 he owns like I think I like I think I 987 00:39:44,760 --> 00:39:46,720 talked to him like last week over two 988 00:39:46,720 --> 00:39:48,839 million in restitution still he's not 989 00:39:48,839 --> 00:39:50,920 even in security anymore he left the 990 00:39:50,920 --> 00:39:53,680 whole industry um zyclone got busted for 991 00:39:53,680 --> 00:39:56,200 the white house. goack mine phaser got 992 00:39:56,200 --> 00:39:58,000 busted busted for the Pentagon hack 993 00:39:58,000 --> 00:39:59,079 there was all kinds of stuff that 994 00:39:59,079 --> 00:40:00,400 started to happen but you could start 995 00:40:00,400 --> 00:40:02,880 seeing this evolving now it went from 996 00:40:02,880 --> 00:40:06,119 just targeting other groups innocently 997 00:40:06,119 --> 00:40:09,040 to minor defacements to actually turning 998 00:40:09,040 --> 00:40:11,839 it into a real movement that was very 999 00:40:11,839 --> 00:40:14,040 bad it was horrible for the industry it 1000 00:40:14,040 --> 00:40:15,440 was horrible for the culture it was 1001 00:40:15,440 --> 00:40:17,440 horrible for the people it was horrible 1002 00:40:17,440 --> 00:40:21,200 for the families um but it started in 1003 00:40:21,200 --> 00:40:23,240 movement that I'm just call the black 1004 00:40:23,240 --> 00:40:25,599 hat movement in 2000 um because you 1005 00:40:25,599 --> 00:40:27,760 think that was bad but these zero days 1006 00:40:27,760 --> 00:40:30,280 were dropping like crazy so now you have 1007 00:40:30,280 --> 00:40:32,200 the wild wild west of remote root 1008 00:40:32,200 --> 00:40:33,480 vulnerability some of these are going to 1009 00:40:33,480 --> 00:40:35,960 look familiar you have statd you have 1010 00:40:35,960 --> 00:40:37,680 bind you have Samba all these were 1011 00:40:37,680 --> 00:40:39,640 remote root vulnerabilities memory 1012 00:40:39,640 --> 00:40:42,160 corruption you had send mail pop all of 1013 00:40:42,160 --> 00:40:43,880 the mail demons were being popped all 1014 00:40:43,880 --> 00:40:46,160 the FTP servers were being popped and 1015 00:40:46,160 --> 00:40:47,839 these are remote Roots these are Damons 1016 00:40:47,839 --> 00:40:50,480 that are running as root open and 1017 00:40:50,480 --> 00:40:52,200 externally facing to the internet with 1018 00:40:52,200 --> 00:40:54,680 no memory mitigations there was no packs 1019 00:40:54,680 --> 00:40:56,119 on a lot of these packs was like a 1020 00:40:56,119 --> 00:40:57,839 hardening kernel that you could roll 1021 00:40:57,839 --> 00:40:59,480 into Linux that did a lot of cool stuff 1022 00:40:59,480 --> 00:41:01,920 that we use today we we take for granted 1023 00:41:01,920 --> 00:41:03,520 now it's just in the operating system 1024 00:41:03,520 --> 00:41:05,400 but back then you didn't have anything 1025 00:41:05,400 --> 00:41:07,440 and so the only thing that were required 1026 00:41:07,440 --> 00:41:10,640 was these vulnerabilities affect a drro 1027 00:41:10,640 --> 00:41:12,960 or a version of the dro so you had to 1028 00:41:12,960 --> 00:41:15,720 know the memory location offsets so all 1029 00:41:15,720 --> 00:41:17,000 that meant was you just had to load it 1030 00:41:17,000 --> 00:41:19,880 up in a GDB or just a a disassembler and 1031 00:41:19,880 --> 00:41:22,280 step through find that memory offset 1032 00:41:22,280 --> 00:41:24,720 Chang it in the the vulnerability um 1033 00:41:24,720 --> 00:41:26,760 code and now your shell code would be 1034 00:41:26,760 --> 00:41:28,319 loaded at the right offset for that 1035 00:41:28,319 --> 00:41:31,319 Linux drro or or Sonos or 1036 00:41:31,319 --> 00:41:34,319 BSD and so there were no mitigations you 1037 00:41:34,319 --> 00:41:36,480 didn't have NX bit you didn't have aslr 1038 00:41:36,480 --> 00:41:38,640 there was none of that at the time that 1039 00:41:38,640 --> 00:41:41,920 was openly available easy you had to 1040 00:41:41,920 --> 00:41:43,280 when we were compiling kernels you had 1041 00:41:43,280 --> 00:41:45,040 to compile it from scratch like if you 1042 00:41:45,040 --> 00:41:46,839 were running genin 2 or Gen 2 however 1043 00:41:46,839 --> 00:41:47,920 you wanted to pronounce it you had to 1044 00:41:47,920 --> 00:41:49,599 emerged world like you had to compile 1045 00:41:49,599 --> 00:41:52,319 that thing all the way through and so 1046 00:41:52,319 --> 00:41:54,480 Pax was introducing this new Harden 1047 00:41:54,480 --> 00:41:56,400 Linux kernel which did a lot of really 1048 00:41:56,400 --> 00:41:58,160 cool stuff like it was would stop memory 1049 00:41:58,160 --> 00:42:00,119 execution they would make memory 1050 00:42:00,119 --> 00:42:02,200 locations non-executable so you couldn't 1051 00:42:02,200 --> 00:42:04,319 just jump to that memory location to 1052 00:42:04,319 --> 00:42:06,440 execute code it would take the memory 1053 00:42:06,440 --> 00:42:08,560 map and randomize it which is what we 1054 00:42:08,560 --> 00:42:11,760 now have as aslr it was built into packs 1055 00:42:11,760 --> 00:42:13,240 um and it would be able to detect 1056 00:42:13,240 --> 00:42:15,200 overruns so anytime you were overflowing 1057 00:42:15,200 --> 00:42:16,720 a buffer it was able to kind of detect 1058 00:42:16,720 --> 00:42:18,119 that it was all depending on what you 1059 00:42:18,119 --> 00:42:19,839 wanted to do so it was a really cool 1060 00:42:19,839 --> 00:42:22,400 thing um so RPC statd I just wanted to 1061 00:42:22,400 --> 00:42:23,839 talk about it real quick this is a super 1062 00:42:23,839 --> 00:42:27,400 cool slide because it talks about the 1063 00:42:27,400 --> 00:42:29,599 the cve it was a it was a string format 1064 00:42:29,599 --> 00:42:31,040 vulnerability but remember this is 1065 00:42:31,040 --> 00:42:33,040 running as root and so you need a 1066 00:42:33,040 --> 00:42:34,800 precise accuracy and if you could get 1067 00:42:34,800 --> 00:42:38,160 that offset stat D would would execute 1068 00:42:38,160 --> 00:42:39,680 your code otherwise it would just crash 1069 00:42:39,680 --> 00:42:41,800 you got one good shot you didn't run 1070 00:42:41,800 --> 00:42:44,359 these crazy slide NOP sleds and all this 1071 00:42:44,359 --> 00:42:46,760 stuff and or rope gadgets to jump around 1072 00:42:46,760 --> 00:42:48,079 you just had to get that right offset 1073 00:42:48,079 --> 00:42:50,119 and you were good and so because it ran 1074 00:42:50,119 --> 00:42:52,079 as root when that vulnerability dropped 1075 00:42:52,079 --> 00:42:54,880 publicly it was game over and so you had 1076 00:42:54,880 --> 00:42:56,280 full disclosure which I already kind of 1077 00:42:56,280 --> 00:42:57,839 talked about but you had a lot of cool 1078 00:42:57,839 --> 00:42:59,800 stuff in there um you had this movement 1079 00:42:59,800 --> 00:43:02,200 called antise security. this is the 1080 00:43:02,200 --> 00:43:04,280 original anti-security movement so 1081 00:43:04,280 --> 00:43:06,000 you've seen Anonymous or whatever come 1082 00:43:06,000 --> 00:43:07,599 out with this anti-security movement or 1083 00:43:07,599 --> 00:43:10,880 anti-c anti-c was actually way back in 1084 00:43:10,880 --> 00:43:12,680 the early 2000s and it was put together 1085 00:43:12,680 --> 00:43:15,920 by ADM plus security. and so they were 1086 00:43:15,920 --> 00:43:18,280 wanting to keep all these bugs private 1087 00:43:18,280 --> 00:43:19,760 vendors were using them and then 1088 00:43:19,760 --> 00:43:21,480 complaining and not patching and then 1089 00:43:21,480 --> 00:43:23,480 not giving credit researchers were 1090 00:43:23,480 --> 00:43:25,760 stealing them and using them or leaking 1091 00:43:25,760 --> 00:43:27,839 them and taking credit for them and so 1092 00:43:27,839 --> 00:43:29,520 this whole thing was don't share bug 1093 00:43:29,520 --> 00:43:31,800 details anymore no more free bugs and 1094 00:43:31,800 --> 00:43:34,079 you can't claim someone else's bug and 1095 00:43:34,079 --> 00:43:35,760 it led into these Zen that were being 1096 00:43:35,760 --> 00:43:37,440 dropped by these black hat groups you 1097 00:43:37,440 --> 00:43:39,240 had a lot of new black hat groups that 1098 00:43:39,240 --> 00:43:41,599 were spinning up you had Defcon 10 1099 00:43:41,599 --> 00:43:43,800 gobbles wolves Among Us you had the 1100 00:43:43,800 --> 00:43:45,599 Frack High Council not to be confused 1101 00:43:45,599 --> 00:43:47,839 with Frack it was another troll group 1102 00:43:47,839 --> 00:43:51,079 for Frack you had Project Mayhem and you 1103 00:43:51,079 --> 00:43:53,760 had acid in el8 or TIY el8 if 1104 00:43:53,760 --> 00:43:56,000 you're familiar with them and zf0 zero 1105 00:43:56,000 --> 00:43:58,839 for owned or B4 and all of these groups 1106 00:43:58,839 --> 00:44:01,680 were hacking white hats they were 1107 00:44:01,680 --> 00:44:03,200 targeting the white hat vendors they 1108 00:44:03,200 --> 00:44:05,280 were targeting white hats they were 1109 00:44:05,280 --> 00:44:07,720 compromising their email spools dropping 1110 00:44:07,720 --> 00:44:10,000 them in text Zs publicly and then 1111 00:44:10,000 --> 00:44:11,359 everybody was waiting on these new 1112 00:44:11,359 --> 00:44:13,800 releases so you would see emails and 1113 00:44:13,800 --> 00:44:15,720 you'd see Linux server contents and you 1114 00:44:15,720 --> 00:44:17,720 see database passwords and they would 1115 00:44:17,720 --> 00:44:20,359 just troll the heck out of the industry 1116 00:44:20,359 --> 00:44:21,720 they were going out vendors they were 1117 00:44:21,720 --> 00:44:23,079 going after white hats and they were 1118 00:44:23,079 --> 00:44:24,520 dropping them in these and they were 1119 00:44:24,520 --> 00:44:26,800 just rebranding once again a lot of 1120 00:44:26,800 --> 00:44:28,040 these groups I'm not going to name drop 1121 00:44:28,040 --> 00:44:31,400 or anything these groups were rebranding 1122 00:44:31,400 --> 00:44:34,240 as themselves so it's the same groups of 1123 00:44:34,240 --> 00:44:35,480 people doing the same thing now there 1124 00:44:35,480 --> 00:44:37,880 was other that spun up and spun down but 1125 00:44:37,880 --> 00:44:40,920 one particular was TI El late now till 1126 00:44:40,920 --> 00:44:42,960 El late a lot of people knew about this 1127 00:44:42,960 --> 00:44:44,440 because they introduced The Project 1128 00:44:44,440 --> 00:44:46,680 Mayhem and Project Mayhem targeted 1129 00:44:46,680 --> 00:44:48,880 everybody it was targeting websites 1130 00:44:48,880 --> 00:44:51,280 people IRC channels they were leaking 1131 00:44:51,280 --> 00:44:53,200 logs they were backdooring source code 1132 00:44:53,200 --> 00:44:55,559 repost they were dropping email spools 1133 00:44:55,559 --> 00:44:58,280 and code and files public L um and they 1134 00:44:58,280 --> 00:45:00,640 were super hardcore trolls and they only 1135 00:45:00,640 --> 00:45:02,280 released a few of the Z but there was a 1136 00:45:02,280 --> 00:45:03,960 lot of damage that they caused they wre 1137 00:45:03,960 --> 00:45:05,960 it and so they released everything and 1138 00:45:05,960 --> 00:45:07,680 it was all in text form and they were 1139 00:45:07,680 --> 00:45:09,680 targeting high-profile people some that 1140 00:45:09,680 --> 00:45:12,079 are still in the industry today and so 1141 00:45:12,079 --> 00:45:13,960 where are they today a lot of these 1142 00:45:13,960 --> 00:45:16,160 black hats either matured or went to 1143 00:45:16,160 --> 00:45:18,280 prison I think Soup Nazi from the TJ 1144 00:45:18,280 --> 00:45:20,440 Maxx hacks just got out like a month ago 1145 00:45:20,440 --> 00:45:22,400 I think I tweeted it on Twitter um that 1146 00:45:22,400 --> 00:45:23,839 he was getting out but he's out now I 1147 00:45:23,839 --> 00:45:24,960 don't know how he is I don't know what 1148 00:45:24,960 --> 00:45:27,359 he's doing um so the TJ Maxx guys out 1149 00:45:27,359 --> 00:45:29,040 but some of the other ones like the Unix 1150 00:45:29,040 --> 00:45:30,640 terrorist that was a part of the TJ Maxx 1151 00:45:30,640 --> 00:45:32,559 hacks he's out he's a really good guy 1152 00:45:32,559 --> 00:45:35,800 now um super good dude uh and so just 1153 00:45:35,800 --> 00:45:37,040 it's really cool to see how people have 1154 00:45:37,040 --> 00:45:39,480 matured over the time and so um there 1155 00:45:39,480 --> 00:45:40,880 was a lot of people that died like 1156 00:45:40,880 --> 00:45:43,480 zyclone Ben Z evil Rabbi a lot of these 1157 00:45:43,480 --> 00:45:45,680 people died some committed suicide um 1158 00:45:45,680 --> 00:45:46,720 they were being targeted by the 1159 00:45:46,720 --> 00:45:47,960 government because they were about to be 1160 00:45:47,960 --> 00:45:50,079 raided um and then others started 1161 00:45:50,079 --> 00:45:52,119 pentesting CIS ading some left the 1162 00:45:52,119 --> 00:45:54,920 industry most hated is a plumber now um 1163 00:45:54,920 --> 00:45:56,400 he just likes it he just he doesn't like 1164 00:45:56,400 --> 00:45:59,200 to deal with te he doesn't use Tech um 1165 00:45:59,200 --> 00:46:00,520 but a lot of people don't want to talk 1166 00:46:00,520 --> 00:46:02,119 about it and they don't want to talk 1167 00:46:02,119 --> 00:46:03,480 about it because it's an embarrassing 1168 00:46:03,480 --> 00:46:06,520 culture right we see what we have today 1169 00:46:06,520 --> 00:46:08,920 and what we had today is not what we had 1170 00:46:08,920 --> 00:46:10,160 then and so there's an embarrassment 1171 00:46:10,160 --> 00:46:11,480 that comes with it nobody wants to talk 1172 00:46:11,480 --> 00:46:13,319 about this stuff and so because of that 1173 00:46:13,319 --> 00:46:16,359 we're losing this stuff and so why is 1174 00:46:16,359 --> 00:46:18,640 all this important to remember so I want 1175 00:46:18,640 --> 00:46:20,480 to really highlight how we've 1176 00:46:20,480 --> 00:46:23,839 grown we have a strong infoset Community 1177 00:46:23,839 --> 00:46:25,760 now this is something that wasn't around 1178 00:46:25,760 --> 00:46:28,319 then we have we have a lot of mentorship 1179 00:46:28,319 --> 00:46:29,839 and a lot of internship now I'm not 1180 00:46:29,839 --> 00:46:31,599 saying we're there yet I'm not saying we 1181 00:46:31,599 --> 00:46:33,359 reached it and we're great and we're 1182 00:46:33,359 --> 00:46:35,440 doing it great but I can tell you what 1183 00:46:35,440 --> 00:46:38,200 we have today is not what we had then it 1184 00:46:38,200 --> 00:46:41,359 was like 98% gatekeeping then we have a 1185 00:46:41,359 --> 00:46:43,640 lot of variety of people that come from 1186 00:46:43,640 --> 00:46:45,240 different backgrounds that come from 1187 00:46:45,240 --> 00:46:46,400 different countries that have different 1188 00:46:46,400 --> 00:46:47,920 skill sets that might have never even 1189 00:46:47,920 --> 00:46:49,960 been in Tech but we've ate lunch with 1190 00:46:49,960 --> 00:46:52,119 them we've sat down together we've had 1191 00:46:52,119 --> 00:46:54,040 awesome conversations and we share this 1192 00:46:54,040 --> 00:46:55,800 information because we all bring 1193 00:46:55,800 --> 00:46:58,319 different gifts and talents to the table 1194 00:46:58,319 --> 00:46:59,880 and so I wanted to kind of highlight 1195 00:46:59,880 --> 00:47:01,079 that because we have a lot of tools that 1196 00:47:01,079 --> 00:47:02,720 are open source a lot of research that 1197 00:47:02,720 --> 00:47:04,599 we just drop and yeah there's a lot of 1198 00:47:04,599 --> 00:47:06,920 stunt hacking and we have fun but we've 1199 00:47:06,920 --> 00:47:09,520 grown tremendously from then this is not 1200 00:47:09,520 --> 00:47:13,480 who we are today but we are still losing 1201 00:47:13,480 --> 00:47:15,880 we're losing because we no longer 1202 00:47:15,880 --> 00:47:18,480 challenge the status quo we're told what 1203 00:47:18,480 --> 00:47:19,720 we need to 1204 00:47:19,720 --> 00:47:23,040 think we're told what we need to believe 1205 00:47:23,040 --> 00:47:25,160 if you don't believe with the entire 1206 00:47:25,160 --> 00:47:26,960 Community you're going to be shunned I'm 1207 00:47:26,960 --> 00:47:27,680 telling you now you're going to be 1208 00:47:27,680 --> 00:47:29,720 shunned because we have this group mind 1209 00:47:29,720 --> 00:47:31,440 think that we all have to believe the 1210 00:47:31,440 --> 00:47:33,319 same thing and think the same thing and 1211 00:47:33,319 --> 00:47:36,000 if we don't then we hate each other but 1212 00:47:36,000 --> 00:47:37,800 who is seating all of this where is this 1213 00:47:37,800 --> 00:47:40,160 divisiveness coming from because I could 1214 00:47:40,160 --> 00:47:41,920 tell you when I don't know people's 1215 00:47:41,920 --> 00:47:43,000 background and they don't know my 1216 00:47:43,000 --> 00:47:45,520 background we love each other we have an 1217 00:47:45,520 --> 00:47:47,720 amazing time we hang out we eat we do 1218 00:47:47,720 --> 00:47:50,040 stuff together we code together but when 1219 00:47:50,040 --> 00:47:51,880 we don't and we learn that oh yeah you 1220 00:47:51,880 --> 00:47:53,440 know what this polit politician said 1221 00:47:53,440 --> 00:47:55,200 this and if you side with this and you 1222 00:47:55,200 --> 00:47:56,520 must hate everything no that's not how 1223 00:47:56,520 --> 00:47:57,480 it is 1224 00:47:57,480 --> 00:48:00,079 we've lost our individualism in this 1225 00:48:00,079 --> 00:48:02,040 because of that and there's a lot of few 1226 00:48:02,040 --> 00:48:04,480 there's a few voices so there's a few 1227 00:48:04,480 --> 00:48:06,839 voices in the industry that shift all of 1228 00:48:06,839 --> 00:48:08,960 this they push us in one direction we 1229 00:48:08,960 --> 00:48:11,440 use our platform wrong we push people 1230 00:48:11,440 --> 00:48:14,200 towards a mindset rather than cherish 1231 00:48:14,200 --> 00:48:16,119 their mindset and the div diversity that 1232 00:48:16,119 --> 00:48:18,359 they actually have we don't want them to 1233 00:48:18,359 --> 00:48:20,520 speak because we they don't agree with 1234 00:48:20,520 --> 00:48:22,559 us or we don't agree with them and so 1235 00:48:22,559 --> 00:48:24,599 this is where we're losing and so 1236 00:48:24,599 --> 00:48:26,920 usually the loudest voice dictates the 1237 00:48:26,920 --> 00:48:29,119 direction for the community and it's if 1238 00:48:29,119 --> 00:48:31,559 you're wrong on the wrong sides then 1239 00:48:31,559 --> 00:48:32,880 you're going to get bullied by the 1240 00:48:32,880 --> 00:48:34,440 community and I hate it it drives me 1241 00:48:34,440 --> 00:48:36,319 nuts I try not to get involved I don't 1242 00:48:36,319 --> 00:48:37,800 get involved with politics I hate I hate 1243 00:48:37,800 --> 00:48:39,079 both sides I'm just going to tell you I 1244 00:48:39,079 --> 00:48:40,520 hate both sides I don't agree with 1245 00:48:40,520 --> 00:48:43,240 either side I don't like it either side 1246 00:48:43,240 --> 00:48:45,520 because we're just so divisive and it's 1247 00:48:45,520 --> 00:48:46,960 just causing so much Division and it 1248 00:48:46,960 --> 00:48:49,960 drives me nuts and so we no longer 1249 00:48:49,960 --> 00:48:52,760 cherish our uniquness so now what now 1250 00:48:52,760 --> 00:48:54,200 that we know where we came from and 1251 00:48:54,200 --> 00:48:56,240 where we're at today we see the right we 1252 00:48:56,240 --> 00:48:58,200 see the wrong wrong what do we do about 1253 00:48:58,200 --> 00:49:00,079 it I'm going to say we should be 1254 00:49:00,079 --> 00:49:02,839 welcoming everybody we need to quit 1255 00:49:02,839 --> 00:49:05,440 judging based on the opposing beliefs 1256 00:49:05,440 --> 00:49:07,400 let people have a wrong opinion don't we 1257 00:49:07,400 --> 00:49:09,240 don't have to correct them all the time 1258 00:49:09,240 --> 00:49:11,240 it's actually harder to allow someone to 1259 00:49:11,240 --> 00:49:13,559 be wrong and not correct them than to 1260 00:49:13,559 --> 00:49:16,119 just correct them we need to lift 1261 00:49:16,119 --> 00:49:18,640 everyone up because your character could 1262 00:49:18,640 --> 00:49:21,160 change someone else's life even someone 1263 00:49:21,160 --> 00:49:23,000 that you don't necessarily agree with 1264 00:49:23,000 --> 00:49:24,799 then that's 1265 00:49:24,799 --> 00:49:27,400 okay but let's show some some Grace 1266 00:49:27,400 --> 00:49:30,040 because you know what we're all not the 1267 00:49:30,040 --> 00:49:32,640 sum total of our mistakes everyone in 1268 00:49:32,640 --> 00:49:35,240 here has messed up somehow some way and 1269 00:49:35,240 --> 00:49:37,760 if everybody knew our mistakes and the 1270 00:49:37,760 --> 00:49:39,920 sum total of our mistakes nobody would 1271 00:49:39,920 --> 00:49:42,040 like us no we wouldn't like anybody we 1272 00:49:42,040 --> 00:49:43,599 would be more divisive than what we are 1273 00:49:43,599 --> 00:49:46,119 now and then I'm just going to say love 1274 00:49:46,119 --> 00:49:49,400 everyone everyone don't let them whoever 1275 00:49:49,400 --> 00:49:52,960 them is divide us you know who your them 1276 00:49:52,960 --> 00:49:54,559 is I don't know who it is for you I know 1277 00:49:54,559 --> 00:49:56,440 who it is for me but I'm not allowing 1278 00:49:56,440 --> 00:49:59,160 them to divide us and so that's what I'm 1279 00:49:59,160 --> 00:50:00,680 going to leave you with and the last 1280 00:50:00,680 --> 00:50:03,280 thing is just challenge the status quo 1281 00:50:03,280 --> 00:50:04,880 bring your uniqueness bring your own 1282 00:50:04,880 --> 00:50:06,680 beliefs bring your own opinion bring who 1283 00:50:06,680 --> 00:50:08,880 you are bring your skill sets don't let 1284 00:50:08,880 --> 00:50:10,799 anybody tell you anything else and 1285 00:50:10,799 --> 00:50:12,240 that's what I'll leave you 1286 00:50:12,240 --> 00:50:15,559 with we got one more thing one more 1287 00:50:15,559 --> 00:50:18,760 thing we have a special uh thing it 1288 00:50:18,760 --> 00:50:20,720 turns out that it's somebody's birthday 1289 00:50:20,720 --> 00:50:25,079 today what's and we would like it if uh 1290 00:50:25,079 --> 00:50:26,680 everybody would join us singing Happy 1291 00:50:26,680 --> 00:50:30,880 happy birthday to Ray it's his 1292 00:50:30,880 --> 00:50:34,160 birthday happy 1293 00:50:34,160 --> 00:50:36,520 birthday all 1294 00:50:36,520 --> 00:50:40,119 righty birthday to 1295 00:50:40,119 --> 00:50:44,319 you happy birthday to 1296 00:50:44,319 --> 00:50:50,119 you happy birthday dear 1297 00:50:50,400 --> 00:50:57,079 Ry birthday to you woohoo yeah I feel 1298 00:50:57,079 --> 00:51:00,640 much better now