WEBVTT - A Conversation with Jason Haddix from Flare 0:00:01.280 --> 0:00:04.640 Welcome to Unsupervised Learning, a security, AI and meaning focused 0:00:04.640 --> 0:00:07.490 podcast that looks at how best to thrive as humans 0:00:07.490 --> 0:00:11.720 in a post AI world. It combines original ideas, analysis, 0:00:11.750 --> 0:00:14.960 and mental models to bring not just the news, but 0:00:14.960 --> 0:00:18.350 why it matters and how to respond. All right, Jason, 0:00:18.350 --> 0:00:19.970 welcome to Unsupervised Learning. 0:00:20.540 --> 0:00:24.140 Thanks for having me. First time on unsupervised learning. Super excited. 0:00:24.170 --> 0:00:27.980 Yeah, absolutely. So as most people know, we know each 0:00:28.010 --> 0:00:33.050 other very well. And you've also started your own business recently. 0:00:33.050 --> 0:00:36.470 You've got Arcanum Security up and running. So congrats on that. 0:00:36.500 --> 0:00:37.220 Thank you. 0:00:37.220 --> 0:00:38.810 I mean, you were you were the one who pushed 0:00:38.810 --> 0:00:40.040 me to do it. So I got to thank you 0:00:40.040 --> 0:00:40.820 on that one. 0:00:40.850 --> 0:00:44.540 Yeah. Yeah. Really exciting to see that. And, uh, you're 0:00:44.540 --> 0:00:49.220 also field CSO for, uh, for flare, which is super exciting. 0:00:49.220 --> 0:00:52.729 So I'm sure you've got a million companies, like beating 0:00:52.729 --> 0:00:55.070 down the door to try to, like, be associated with 0:00:55.070 --> 0:00:57.260 you and like, get you on the team and everything. 0:00:57.260 --> 0:01:00.250 So what was, uh, the thing that stood out and 0:01:00.250 --> 0:01:02.080 made you want to do it with flair. 0:01:02.620 --> 0:01:06.759 Yeah. So that's actually a really great question, I think. Um, 0:01:06.760 --> 0:01:10.809 so but between leaving Ubisoft, which, you know, actually wearing 0:01:10.810 --> 0:01:13.959 the merch right now, um, between leaving Ubisoft, the video 0:01:13.990 --> 0:01:16.660 game company, and being CSO there and then coming back 0:01:16.660 --> 0:01:18.550 into Red team, there was a year where I worked 0:01:18.550 --> 0:01:20.950 with a buddy of mine at another consultancy before I 0:01:20.950 --> 0:01:23.290 started my own thing. And so over the past couple 0:01:23.319 --> 0:01:26.470 of years, I've been on the red teaming side, um, 0:01:26.470 --> 0:01:28.570 a lot of red teaming, a lot of pen testing. 0:01:28.569 --> 0:01:34.000 And what I noticed was that kind of adversary methodologies 0:01:34.000 --> 0:01:38.050 had changed a little bit from what the very known 0:01:38.050 --> 0:01:43.089 penetration testing methodologies and red teaming methodologies, um, had, uh, 0:01:43.090 --> 0:01:45.760 you know, had consistently shown, at least from, you know, 0:01:45.790 --> 0:01:48.250 me talking to peers and, you know, reviewing reports. And 0:01:48.250 --> 0:01:50.350 I did a bunch of research in the last two years. 0:01:50.350 --> 0:01:55.360 And so that shift was basically, um, adversaries are not 0:01:55.360 --> 0:01:57.990 using hacking methods, at least in the traditional sense as 0:01:58.020 --> 0:02:00.570 their first stop shop right there, looking on the dark 0:02:00.600 --> 0:02:05.250 web for pre-owned accounts and credentials for organizations. And so 0:02:05.250 --> 0:02:07.620 I had to figure out a way to add that 0:02:07.620 --> 0:02:10.770 to my methodology when we did red team tests. And 0:02:10.770 --> 0:02:13.169 so I baked off, you know, all of the companies 0:02:13.169 --> 0:02:16.320 that did this because I wanted to, you know, provide 0:02:16.320 --> 0:02:19.680 the best, uh, you know, adversary emulation that I could. 0:02:19.680 --> 0:02:22.110 And so when I looked at all these companies, I 0:02:22.110 --> 0:02:25.230 stumbled upon flair, um, at a conference, met one of 0:02:25.230 --> 0:02:29.820 their reps and started using their trial and, uh, used it. 0:02:29.820 --> 0:02:32.640 And it was it was an order of magnitude better 0:02:32.639 --> 0:02:35.310 than any other vendor as far as finding creds for 0:02:35.310 --> 0:02:38.970 an organization. Um, and they do it in a, you know, 0:02:39.000 --> 0:02:41.609 a CRM, you know, kind of way, a credential exposure 0:02:41.610 --> 0:02:44.370 management threat, Intel management way. I mean, they sell that, 0:02:44.370 --> 0:02:47.820 but they also let pen testers and red teamers use 0:02:47.820 --> 0:02:50.220 the data as well for their customers. So if I 0:02:50.220 --> 0:02:53.280 have a customer for Arcanum, you know, I can use 0:02:53.280 --> 0:02:56.600 the I can use my relationship with them to look 0:02:56.630 --> 0:02:58.910 up creds on that company in the red team test. 0:02:58.910 --> 0:03:01.640 And so, um, like five out of the last six 0:03:01.639 --> 0:03:06.260 red team engagements that I had done in 2023, uh, 0:03:06.260 --> 0:03:09.410 flare credentials, which are pulled off of the dark web, 0:03:09.440 --> 0:03:14.180 telegram channels and stuff like that. Um, they came from 0:03:14.210 --> 0:03:17.600 the success came from the credentials that came out of flare. Um, 0:03:17.600 --> 0:03:21.560 and so I started talking to them and I was like, hey, um, 0:03:21.560 --> 0:03:23.929 you know, like, really like what you guys are doing. 0:03:23.930 --> 0:03:25.880 I ended up doing like a, I think one podcast 0:03:25.880 --> 0:03:29.750 with them. Um, and then that transitioned to them being like, hey, 0:03:29.750 --> 0:03:31.490 would you like to come work part time as our 0:03:31.490 --> 0:03:34.669 field CISO? And I was like, yeah, absolutely. So that's 0:03:34.669 --> 0:03:37.730 how that relationship started. And and now, you know, I 0:03:37.730 --> 0:03:40.970 do content for them. Um, I advise them on product. 0:03:40.970 --> 0:03:43.610 I do all kinds of stuff like randomly, you know, 0:03:43.610 --> 0:03:46.130 it's a startup. Everybody wears every hat. So yeah, that's 0:03:46.130 --> 0:03:47.180 that's how that started. 0:03:47.210 --> 0:03:49.820 No, that's very cool. And it flows really well with 0:03:49.820 --> 0:03:51.950 what you're doing in Arcanum. Right. Because you're doing red 0:03:51.980 --> 0:03:54.320 team over there. You're doing training over there. You're doing 0:03:54.320 --> 0:03:55.270 all kinds of stuff. 0:03:55.300 --> 0:03:58.210 Yeah, I mean, it comes in handy with the red teaming. 0:03:58.210 --> 0:04:01.060 The purple teaming. Um, you know, the, you know, the 0:04:01.060 --> 0:04:02.620 times when we do consult a little bit on blue 0:04:02.650 --> 0:04:05.560 teaming as well, which is, you know, threat intelligence and 0:04:05.560 --> 0:04:10.150 exposure management and um, yeah, really, it's been awesome. And 0:04:10.150 --> 0:04:12.760 they've been really receptive to from, you know, when I 0:04:12.790 --> 0:04:16.360 am a customer asking for, you know, features, they're on it, 0:04:16.360 --> 0:04:18.520 they're like, hey, like we'll build that soon. It's on 0:04:18.520 --> 0:04:21.670 the roadmap. So um, and they're one of the only players, 0:04:21.670 --> 0:04:25.359 I think that also works with, um, like those pentesting companies, right, 0:04:25.360 --> 0:04:27.850 where you can redistribute that threat Intel data and that 0:04:27.850 --> 0:04:30.339 exposure data to use it in your engagements. So I 0:04:30.339 --> 0:04:31.630 think that's really cool too. 0:04:31.720 --> 0:04:35.620 Yeah, I really like that red team focus that that's 0:04:35.620 --> 0:04:40.810 really powerful. Um, so what what would another protection scheme 0:04:40.810 --> 0:04:43.450 look like for a customer? So let's say you're a 0:04:43.450 --> 0:04:47.080 regular customer and you buy a flare. Is this essentially 0:04:47.080 --> 0:04:49.989 threat Intel that's coming down to you to notify you 0:04:49.990 --> 0:04:52.029 that a credential has been compromised? So, you know, to 0:04:52.029 --> 0:04:54.210 rotate it? Is that like the main use case? 0:04:54.600 --> 0:04:59.010 Yeah. So in in kind of the dark web world. Right. 0:04:59.070 --> 0:05:01.260 That attackers kind of go through there's, there's really the 0:05:01.260 --> 0:05:06.029 stepping stone or like I call it levels of, of 0:05:06.029 --> 0:05:08.550 data that's exposed via the dark web. Right. And so 0:05:08.550 --> 0:05:09.960 this is part of that research I did in my 0:05:09.960 --> 0:05:13.320 last two years. And so the first level is creds 0:05:13.320 --> 0:05:14.970 that have already made it to the clear web. Right. 0:05:15.000 --> 0:05:17.040 So this is stuff that you will see. And have 0:05:17.040 --> 0:05:19.830 I been pwned and leaked X. And you know some 0:05:19.830 --> 0:05:23.160 things like this. Right. Um, and so these things are 0:05:23.160 --> 0:05:26.130 already on the public web. They're posted via paste sites, 0:05:26.250 --> 0:05:29.460 they're already on torrent listed sites and stuff like that. 0:05:29.460 --> 0:05:33.000 And so that's the first place an adversary will go, okay, um, 0:05:33.029 --> 0:05:36.870 to look for creds. Now, uh, there are several other intermediaries, 0:05:36.870 --> 0:05:38.640 but eventually you get to one of the higher tiers, 0:05:38.640 --> 0:05:45.780 the higher levels. And that level is looking on telegram, discord, WhatsApp. Um, and, 0:05:45.810 --> 0:05:47.640 you know, some of the dark web forums that are 0:05:47.640 --> 0:05:51.210 invite only to find really fresh what we call, um, 0:05:51.230 --> 0:05:54.140 you know, basically they're the result of Steeler malware. Um, 0:05:54.140 --> 0:05:57.859 and so these packs of, um, you know, data from 0:05:57.860 --> 0:06:02.060 Steeler malware end up being sold, and they include, uh, 0:06:02.060 --> 0:06:06.560 credentials and cookies, um, from a user that might be 0:06:06.560 --> 0:06:09.740 associated to your business. And so that's where attackers will 0:06:09.740 --> 0:06:11.330 end up. And then right after that is the step 0:06:11.330 --> 0:06:13.640 where they actually try to hack you. Right? Um, but 0:06:13.640 --> 0:06:15.140 they'll do all the easy stuff first. 0:06:15.170 --> 0:06:18.620 Okay. And then so we hear a lot about like 0:06:18.650 --> 0:06:22.520 toufar bypass or whatever. So is this where the Toufar 0:06:22.550 --> 0:06:24.710 bypass comes in with the cookie stuff? 0:06:24.890 --> 0:06:28.219 Yeah, exactly. So, um, you can have your credentials stolen 0:06:28.220 --> 0:06:31.940 in a myriad of ways, right? Uh, and that is 0:06:31.940 --> 0:06:36.800 stymied by kind of traditional, um, you know, traditional security 0:06:36.800 --> 0:06:39.950 advice of using toufar. Right. And I think that what 0:06:39.980 --> 0:06:42.469 a lot of people miss out on is that most 0:06:42.470 --> 0:06:45.410 of the time when credentials are stolen, other than from, like, 0:06:45.440 --> 0:06:50.200 a breach, right? They're stolen via credit stealer malware. which 0:06:50.200 --> 0:06:53.740 owns your whole computer. And that means that the cookies 0:06:53.740 --> 0:06:57.220 in your browser, like Chrome or Firefox, are stolen from, 0:06:57.339 --> 0:07:00.010 you know, from that malware and sold as well. And 0:07:00.010 --> 0:07:03.429 so that means that you can just inject a cookie 0:07:03.760 --> 0:07:06.400 into a website and never be asked for a password 0:07:06.430 --> 0:07:08.290 or a cookie. You know, the cookie. You know, for 0:07:08.290 --> 0:07:11.560 those who aren't really, um, you know, aware of the, 0:07:11.590 --> 0:07:14.020 you know, technology or I'm sure most people who watch 0:07:14.020 --> 0:07:15.850 your show, you know, are aware of what cookies are, 0:07:15.850 --> 0:07:19.450 but in most senses, authentication cookies. Just tell the website 0:07:19.450 --> 0:07:21.610 that you are already authenticated, and you can view a 0:07:21.610 --> 0:07:24.670 page for a certain amount of time or an authenticated 0:07:24.670 --> 0:07:27.640 section of an application. So you have you have Netflix, right. 0:07:27.670 --> 0:07:31.540 And so, you know, you leave Netflix logged in for weeks, months, 0:07:31.540 --> 0:07:34.570 years sometimes. Right. And that's controlled by the cookie. When 0:07:34.600 --> 0:07:37.150 your browser visits Netflix, the first thing it does is 0:07:37.150 --> 0:07:40.090 it looks for the Netflix authentication cookie. And it says yes, 0:07:40.090 --> 0:07:44.380 Daniel has that one. It's it's hasn't set to expire yet. 0:07:44.380 --> 0:07:47.200 And so we know this is Daniel coming from this 0:07:47.230 --> 0:07:50.040 cookie and we'll let them in without asking for username 0:07:50.040 --> 0:07:51.000 and password. 0:07:51.660 --> 0:07:54.180 Yeah, that totally makes sense because like in the course 0:07:54.180 --> 0:07:57.360 of a session or even, you know, half a day 0:07:57.360 --> 0:08:00.300 or a day, you're hitting hundreds of things, right? And 0:08:00.300 --> 0:08:03.090 you can't be re-authoring each time. So you're just sending 0:08:03.090 --> 0:08:05.610 a cookie. So that makes sense. So I imagine in 0:08:05.610 --> 0:08:08.850 the forums they're going to have like decay numbers for 0:08:08.850 --> 0:08:11.730 how long this token is going to be valid. 0:08:12.060 --> 0:08:14.550 Yeah. And the dark and the dark web forums, you know, 0:08:14.580 --> 0:08:17.430 they'll they'll sell the packs of, you know, like Red 0:08:17.430 --> 0:08:20.580 line is the biggest credential stealing malware right now. In fact, 0:08:20.580 --> 0:08:24.150 I think Cisa came out with an advisory just yesterday that, uh, 0:08:24.150 --> 0:08:26.160 or the DoD just came out with an advisory saying 0:08:26.190 --> 0:08:29.880 it's their number one, like focus is to fight, um, 0:08:29.880 --> 0:08:33.030 Red line, which is one of the credential stealer malware 0:08:33.030 --> 0:08:36.360 and um, and yeah, so that'll steal the cookies and 0:08:36.360 --> 0:08:38.460 the credentials and a whole bunch of other stuff too. 0:08:38.490 --> 0:08:40.920 Like when you see one of the packs being sold, 0:08:40.920 --> 0:08:44.220 it's usually, uh, you know, sold. And it has a 0:08:44.220 --> 0:08:46.339 whole bunch of zips in it, and the zips in 0:08:46.340 --> 0:08:48.650 it have the result of the malware. You get a 0:08:48.650 --> 0:08:52.160 screenshot of the desktop, you get that person's stored Chrome 0:08:52.160 --> 0:08:54.800 credentials for all the sites they visit. You get the 0:08:54.830 --> 0:08:57.470 cookies for all the sessions that the browser is logged into. 0:08:57.500 --> 0:09:00.410 So all of their consumer apps, you get a full 0:09:00.410 --> 0:09:06.650 hardware listing of every app that's running on the infected machine. Yeah. 0:09:06.650 --> 0:09:08.599 It's crazy. I mean, I mean, Red line is a 0:09:08.600 --> 0:09:10.370 pretty advanced infostealer. So yeah. 0:09:10.400 --> 0:09:13.550 Yeah, I saw a thing yesterday. I got it marked for, um, 0:09:13.550 --> 0:09:20.360 for the show later. Uh, Russian national Roudometof, uh, just 0:09:20.360 --> 0:09:24.469 got captured for the red line. Yeah. And evidently they've 0:09:24.470 --> 0:09:27.290 got full source code and everything, and, uh. Yeah, bad 0:09:27.320 --> 0:09:30.470 OpSec was, uh, which has never happened before. Bad ops 0:09:30.559 --> 0:09:31.610 never happened. Yeah. 0:09:32.360 --> 0:09:32.780 Yeah. 0:09:32.809 --> 0:09:36.650 I mean, yeah. That's interesting. So. So you just really 0:09:36.650 --> 0:09:40.490 like the flow that flare is using here to like, 0:09:40.760 --> 0:09:45.550 are they, are they better at going deeper into these forums. 0:09:45.580 --> 0:09:47.559 Like what do you think sets him above right? Because 0:09:47.559 --> 0:09:49.930 there's a lot of people playing in this space. 0:09:49.960 --> 0:09:53.800 Yeah. For sure. So, um, I mean, I don't recommend 0:09:53.800 --> 0:09:57.040 a product unless I, I review like kind of the 0:09:57.040 --> 0:09:59.830 whole space, right? So, um, you know, like, in another life, 0:09:59.830 --> 0:10:01.630 I probably could have been a Gartner analyst or something 0:10:01.630 --> 0:10:04.689 like that, you know, but, uh, uh, but yeah, it 0:10:04.690 --> 0:10:08.350 is the level at which, um, they go for their credentials. 0:10:08.350 --> 0:10:11.500 It's really the research team. They're finding other novel ways 0:10:11.500 --> 0:10:14.559 to of surfacing the data that ends up on the 0:10:14.559 --> 0:10:18.700 dark web. Um, you know, I'm, uh, I may, may 0:10:18.700 --> 0:10:20.739 or may not be aware of a new feature that's 0:10:20.740 --> 0:10:23.920 going to launch pretty soon around this whole thing of cookies. Um, 0:10:24.040 --> 0:10:26.979 coming out in, uh, in a couple of weeks. But, um, 0:10:26.980 --> 0:10:31.270 to help people just. Yeah, in mass invalidate, um, cookies 0:10:31.270 --> 0:10:34.600 from B2C companies. Right. So, like, Netflix is a great example, right? 0:10:34.630 --> 0:10:37.569 So we could, you know, flare could work with Netflix 0:10:37.570 --> 0:10:39.790 and give them a list of all cookies that have 0:10:39.790 --> 0:10:42.220 been compromised, and then they can feed that into a 0:10:42.220 --> 0:10:46.350 script that will invalidate those sessions. Oh yeah, and in 0:10:46.350 --> 0:10:49.380 real time over API too. So, um, so those are 0:10:49.380 --> 0:10:51.690 some exciting things. And that's the kind of stuff like, 0:10:51.720 --> 0:10:54.630 you know, we talk about internally, they're building quickly, but 0:10:54.630 --> 0:10:58.260 it is really the, the depth of the, um, you know, 0:10:58.290 --> 0:11:00.120 the threat research or whatever you want to call it, right? 0:11:00.150 --> 0:11:04.709 That the team that gets into the forums and, and 0:11:04.710 --> 0:11:07.980 the telegrams and the discords is better than any other 0:11:07.980 --> 0:11:09.840 I've seen. So, I mean, it's really at the end 0:11:09.840 --> 0:11:11.670 of the day for any of those platforms, it's how 0:11:11.700 --> 0:11:14.459 deep can they get into the ecosystem. Um, you know, 0:11:14.490 --> 0:11:16.830 so bad that, you know, sometimes, you know, we see 0:11:16.860 --> 0:11:19.260 people talking about flare on the dark web and like 0:11:19.290 --> 0:11:22.290 lamenting the fact that we're, you know, like exposing all 0:11:22.320 --> 0:11:23.730 their stuff. So yeah. 0:11:24.030 --> 0:11:27.450 That's cool. Yeah, yeah. Uh, what what other stuff are 0:11:27.450 --> 0:11:30.630 you thinking about right now? Um, in terms of, like, 0:11:30.660 --> 0:11:34.620 malware activity that that, um, flare already catches or you're 0:11:34.620 --> 0:11:37.559 looking forward to them catching like other types of, like, 0:11:37.590 --> 0:11:40.500 forward leaning malware or attacks. 0:11:40.830 --> 0:11:46.520 So exposure of, you know, exposure of, um, malware that 0:11:46.520 --> 0:11:50.569 is like infostealer malware or credential stealer malware, um, is 0:11:50.600 --> 0:11:53.540 is kind of what flare started with. But, you know, 0:11:53.570 --> 0:11:58.160 that's part of a sub, you know, category of threat Intel. Right. 0:11:58.190 --> 0:12:00.050 And so like threat Intel includes a whole bunch of 0:12:00.050 --> 0:12:03.859 types of IOCs, right. Um, and so over the course of, 0:12:03.890 --> 0:12:06.199 you know, this last year and this next year, we've 0:12:06.200 --> 0:12:10.490 really been focused on also providing traditional threat Intel or 0:12:10.490 --> 0:12:13.640 forum monitoring or brand monitoring for a business when a 0:12:13.670 --> 0:12:17.720 campaign might start against them. Or we've been working with 0:12:17.750 --> 0:12:20.870 the US government and several branches of government, you know, 0:12:20.900 --> 0:12:25.220 tracking even, you know, some high profile threats to the nation, 0:12:25.309 --> 0:12:29.360 election integrity, you name it. We're working with big companies 0:12:29.360 --> 0:12:32.720 who I can't mention, you know, but AI companies and, 0:12:32.750 --> 0:12:35.690 you know, fraud and abuse and AI based on threat 0:12:35.690 --> 0:12:40.809 actor like IOCs and recognition. So there's that There's also 0:12:40.840 --> 0:12:43.600 we did an acquisition really recently for Attack Surface Management, 0:12:43.600 --> 0:12:46.240 which I know you're an expert in. Um, and so 0:12:46.240 --> 0:12:49.390 for eternal attack surface management, that'll be something we also 0:12:49.420 --> 0:12:54.490 move into offering in 2024 or 2025. Um, and so, 0:12:54.520 --> 0:12:57.010 you know, my dream of what I've told flair is that, 0:12:57.040 --> 0:13:00.610 you know, I feel like external attack surface, like kind 0:13:00.610 --> 0:13:04.630 of this brand monitoring or campaign monitoring on top of 0:13:04.660 --> 0:13:09.490 the credential exposure. Um, really great stuff that they do already. 0:13:09.490 --> 0:13:13.270 I feel like this can fit into, um, like a 0:13:13.270 --> 0:13:16.929 dashboard and a flow of, you know, general threat intelligence 0:13:16.929 --> 0:13:18.700 that I think no one else really offers. And I'm 0:13:18.700 --> 0:13:20.500 really excited to see when we can put it all 0:13:20.530 --> 0:13:23.829 together in, you know, for one, one person to access 0:13:23.830 --> 0:13:25.179 it in one place. 0:13:25.570 --> 0:13:29.650 Yeah. That's fantastic. So basically, you'd be able to look 0:13:29.650 --> 0:13:32.020 at your entire attack surface, see where you have like 0:13:32.050 --> 0:13:35.470 exposures or whatever. It's almost like outside in and then 0:13:35.470 --> 0:13:36.550 inside out. Right. 0:13:36.580 --> 0:13:39.270 Yeah. Yeah. I mean imagine Imagine logging into a dashboard 0:13:39.270 --> 0:13:43.229 and seeing all your assets. Everyone that has a login understanding. 0:13:43.230 --> 0:13:46.920 If you breach credentials, work on that login, understanding how 0:13:46.920 --> 0:13:50.670 to defend against that B2C or corporate app. You know, 0:13:50.700 --> 0:13:54.720 invalidate sessions. Also understand, you know, what kind of threat 0:13:54.720 --> 0:13:57.960 actors are targeting, which apps on your infrastructure. And you 0:13:57.960 --> 0:14:00.959 can do that both externally and potentially internally as well. 0:14:00.990 --> 0:14:03.840 So yeah starts to tie in a little bit with 0:14:03.870 --> 0:14:06.840 like IAM type stuff where you're just you just understand 0:14:06.840 --> 0:14:09.660 all the logins and how those logins work and which 0:14:09.660 --> 0:14:12.929 ones are federated, like which ones have or have not 0:14:12.929 --> 0:14:15.959 been compromised or whatever, maybe even like which ones haven't 0:14:15.960 --> 0:14:20.010 been used, like they might be more vulnerable, you know? Yeah. 0:14:20.040 --> 0:14:23.490 I mean, we already have filters for freshness. And you 0:14:23.490 --> 0:14:25.290 asked earlier like kind of like how I consume it 0:14:25.290 --> 0:14:27.450 since I'm a red teamer. Right? I use the credential 0:14:27.480 --> 0:14:30.150 browser feature the most for flare. And so you log 0:14:30.150 --> 0:14:33.030 in and you just put in a domain. So like, 0:14:33.060 --> 0:14:35.790 you know, unsupervised learning.com or something like that. And then 0:14:35.790 --> 0:14:38.940 it just filters down. You know what types of credentials 0:14:38.940 --> 0:14:42.000 have been on the dark web for it? So what 0:14:42.000 --> 0:14:45.240 do they come from? Breach lists or they come from 0:14:45.240 --> 0:14:49.020 stealer logs, or they come from some other chatter or whatever. 0:14:49.020 --> 0:14:51.630 And then you get that immediately and you can export 0:14:51.630 --> 0:14:54.930 that to just start using. Um, but but yeah, that's 0:14:54.930 --> 0:14:57.570 the way I use it. But organizations, you know, obviously 0:14:57.570 --> 0:15:00.810 have a more holistic kind of want there as well. 0:15:00.810 --> 0:15:03.450 So we're continuing to develop a whole bunch of features. 0:15:03.450 --> 0:15:07.109 And you know, my my big pie in the sky 0:15:07.140 --> 0:15:10.410 view will, you know, you know we're still working towards that. 0:15:10.410 --> 0:15:13.050 The bread and butter has been the, the uh, the 0:15:13.050 --> 0:15:17.729 exposure management, um, both GUI and API. Um, and that's 0:15:17.730 --> 0:15:21.960 what we've been focusing on for a majority of it. But, um, 0:15:21.960 --> 0:15:25.440 you know, we recently, um, you know, extended the team 0:15:25.440 --> 0:15:28.560 and hired a bunch of new researchers as well. You know, 0:15:28.590 --> 0:15:31.290 there's there's whole areas that, um, we want to get 0:15:31.290 --> 0:15:34.560 deeper in and build more features for. So I think that, um, 0:15:34.560 --> 0:15:36.780 the sky's the limit, honestly, for for flair. 0:15:37.380 --> 0:15:41.820 Yeah. That's fantastic. Now is everything, um, kind of like pull. 0:15:42.030 --> 0:15:44.580 You go to the portal to get the latest updates. Like, 0:15:44.610 --> 0:15:46.830 what if someone forgets to go to the dashboard, they 0:15:46.830 --> 0:15:49.950 just lose their login or they're just busy or whatever? 0:15:49.980 --> 0:15:53.850 Is there also, like a push, like notifications or email 0:15:53.880 --> 0:15:55.140 or that type of thing? Yeah, we have. 0:15:55.170 --> 0:15:59.130 We have full API access. So you could use Chatops 0:15:59.130 --> 0:16:02.430 to remind you with a webhook to remind you via 0:16:02.430 --> 0:16:05.880 slack or Teams or whatever you use at your organization. 0:16:05.910 --> 0:16:08.340 In fact, a lot of really forward facing companies are 0:16:08.340 --> 0:16:10.410 using Chatops to do this kind of stuff, right? For 0:16:10.410 --> 0:16:12.540 a lot of security data, not just us, but, you know, 0:16:12.570 --> 0:16:14.910 for everything, right? Where, you know, you log into slack 0:16:14.910 --> 0:16:16.320 in the morning and there's a whole channel that would 0:16:16.320 --> 0:16:18.180 be like flare ops or something like that, and it 0:16:18.180 --> 0:16:21.030 gets pushed like here, the new, you know, six credentials 0:16:21.030 --> 0:16:22.710 that we found between the time you went to sleep 0:16:22.710 --> 0:16:25.230 and the time you woke up and you know that 0:16:25.230 --> 0:16:27.270 that have appeared on the dark web, here's where they 0:16:27.270 --> 0:16:29.880 come from, you know, and then you can add that 0:16:29.880 --> 0:16:33.710 to your teams, you know, um, list to check to 0:16:33.740 --> 0:16:36.110 see if those sessions have been compromised or whatever. So. 0:16:36.560 --> 0:16:38.900 So I know you're doing a whole bunch in AI 0:16:38.930 --> 0:16:43.160 as well. And AI automation on the Arcanum side. Have 0:16:43.160 --> 0:16:45.739 you all been thinking about any sort of chatops sort 0:16:45.770 --> 0:16:49.730 of optimizations, like something drops into the channel? Can we 0:16:49.730 --> 0:16:53.120 actually go in and validate that credential or something? Yeah. 0:16:53.120 --> 0:16:56.360 So that is usually in the, in the B2C kind 0:16:56.360 --> 0:16:58.880 of world, like like a Netflix or an Amazon or 0:16:58.880 --> 0:17:01.520 anything like that, right. Um, that is usually up to 0:17:01.550 --> 0:17:04.160 the client, you know, to, to implement. Right. Because each 0:17:04.190 --> 0:17:06.800 app is different. And we would have to know, you know, 0:17:06.830 --> 0:17:10.580 kind of the general app login flow. So usually that 0:17:10.580 --> 0:17:13.520 part is left to them. But for the for the 0:17:13.520 --> 0:17:15.830 corporate logins, you know, where a lot of people need 0:17:15.830 --> 0:17:18.619 to log in via an identity provider or SSL or 0:17:18.619 --> 0:17:21.979 something like that, that is more easily for us to find. And, 0:17:22.010 --> 0:17:23.750 you know, maybe in the future that could be something 0:17:23.750 --> 0:17:26.899 that we offer an automated service for, you know. So, um, 0:17:26.930 --> 0:17:28.129 testing the credentials of. 0:17:28.310 --> 0:17:32.020 An agent there, listening, watching that channel, taking actions. right? 0:17:32.050 --> 0:17:34.960 And it could easily be done with some of the 0:17:34.960 --> 0:17:39.370 AI that exists right now. Honestly, it's just, uh, you know, like, um, 0:17:39.520 --> 0:17:41.530 I think that a lot of people I mean, the 0:17:41.530 --> 0:17:43.689 features we have right now in the platform for AI 0:17:43.690 --> 0:17:49.659 are more based around translation and correlation of data. So 0:17:49.690 --> 0:17:52.990 we do have an AI agent that's built into flair. 0:17:52.990 --> 0:17:55.479 And so when you go into any of the views, um, 0:17:55.480 --> 0:17:57.160 first of all, the first great thing about it is 0:17:57.190 --> 0:17:59.440 let's say you're dealing with a threat actor post that's 0:17:59.440 --> 0:18:02.889 in Russian. Well, you know, I can translate your ROI, 0:18:02.920 --> 0:18:05.379 which is called, I think it's called Alexandria internally we 0:18:05.380 --> 0:18:08.920 call it. But, um, it can it can translate that instantly. 0:18:08.920 --> 0:18:12.010 So you can read the context of the conversation, um, 0:18:12.010 --> 0:18:15.369 about your company. And then it can also tie together 0:18:15.369 --> 0:18:17.889 disparate sources of information, whether something showed up in a 0:18:17.890 --> 0:18:20.590 steamer log. And then there's also conversation about it in 0:18:20.590 --> 0:18:23.649 a forum, conversation about it in a chat channel, you know, 0:18:23.680 --> 0:18:26.290 something like that can tie those things together. Um, so 0:18:26.290 --> 0:18:29.110 those are, those are all things that, you know, were 0:18:29.109 --> 0:18:33.149 the first really easily automatable things. And then we're going 0:18:33.180 --> 0:18:36.270 to continue to, um, to deploy, I'm sure more and 0:18:36.270 --> 0:18:37.710 more AI features. Yeah. 0:18:38.280 --> 0:18:41.310 Yeah, that makes sense because I mean, it's kind of similar. Um, 0:18:41.310 --> 0:18:44.190 threat Intel is kind of similar to vulnerability management. It's 0:18:44.190 --> 0:18:46.890 like you do the cool thing, which is you surface 0:18:46.890 --> 0:18:49.889 this thing. But then on the other side of the threat, 0:18:49.890 --> 0:18:53.430 Intel and the other side of the vault management is fix, right? 0:18:53.460 --> 0:18:58.889 Take the action. So I could imagine, like we were saying, 0:18:58.890 --> 0:19:01.290 some sort of agent that sits there and is like 0:19:01.290 --> 0:19:03.960 it's hooked up to Jira, it's hooked up to these 0:19:03.960 --> 0:19:07.439 different control systems. It can actually push ACLs, you know, 0:19:07.470 --> 0:19:11.100 invalidate credentials, stuff like that. But, um, it's also early 0:19:11.100 --> 0:19:12.869 days for AI, so you don't want to be hooking 0:19:12.869 --> 0:19:16.260 up too much power for AI on production systems, right? Yeah. 0:19:16.290 --> 0:19:18.270 I mean, definitely a double edged sword, right? Like for 0:19:18.270 --> 0:19:20.850 every AI feature you put out has to be tested 0:19:20.880 --> 0:19:24.810 against a multitude of things, right? Um, yeah. So. Yeah, definitely. 0:19:25.470 --> 0:19:30.500 Yeah, totally. Um. Well, not going to let you get 0:19:30.530 --> 0:19:34.609 off without talking about Arcanum. What are you doing over there? 0:19:34.790 --> 0:19:39.020 Yeah. Yeah, absolutely. So, uh. So Arcanum is my company. 0:19:39.170 --> 0:19:41.480 The name comes from a fantasy book that you and 0:19:41.480 --> 0:19:43.609 I have both read. But if anybody else hasn't read it, uh, 0:19:43.609 --> 0:19:45.590 name of the wind is probably one of the best 0:19:45.590 --> 0:19:50.090 fantasy books of our generation. And, um, The Arcanum in 0:19:50.119 --> 0:19:52.850 that book series, which doesn't have a conclusion yet, which 0:19:52.850 --> 0:19:56.659 is really sad. Um, is is the school of magic. 0:19:56.660 --> 0:19:59.960 And so, uh, you know, we're we at Arcanum do 0:19:59.960 --> 0:20:02.570 a ton of training. So we have two classes. One 0:20:02.570 --> 0:20:05.990 is an offensive security based course. Uh, and it's my 0:20:05.990 --> 0:20:10.580 20 years of experience in doing penetration testing and web 0:20:10.609 --> 0:20:14.120 app hacking through bug bounty. Um, and so it's my 0:20:14.119 --> 0:20:19.100 experience there, uh, high focus on reconnaissance and some Osint stuff, 0:20:19.100 --> 0:20:21.230 some red teaming techniques, and then also just a lot 0:20:21.260 --> 0:20:24.530 of web hacking. Um, and it's, that's a three day 0:20:24.530 --> 0:20:26.950 course that we run. And so that was the first 0:20:26.950 --> 0:20:30.490 thing that we launched Arcanum for, was that training. And 0:20:30.490 --> 0:20:35.500 then shortly after that, this year we launched an AI training. 0:20:35.500 --> 0:20:38.290 But it's not a how to hack AI training. It's 0:20:38.320 --> 0:20:42.100 a how to use AI in your security role training. 0:20:42.100 --> 0:20:44.830 And so we call it red blue, purple AI. And 0:20:44.859 --> 0:20:48.340 and that, you know, that training basically is teaching people, 0:20:48.340 --> 0:20:49.600 whether you're a red team or a blue team or 0:20:49.630 --> 0:20:52.629 a purple team or how to scale yourself, um, you know, 0:20:52.660 --> 0:20:55.390 with AI and so that's a two day course. And then, 0:20:55.420 --> 0:20:57.640 you know, usually, I mean, just being honest, we're very 0:20:57.640 --> 0:21:02.139 small still early days, but, um, but, you know, usually 0:21:02.140 --> 0:21:04.179 we'll do those trainings. And what will happen is, you know, 0:21:04.210 --> 0:21:06.280 someone will be like, oh, that was excellent. Can you 0:21:06.310 --> 0:21:08.290 come do some consulting for us? Whether they want us 0:21:08.290 --> 0:21:10.389 to do their red team or a purple team engagement 0:21:10.390 --> 0:21:13.480 or a pen test or, you know, do some AI 0:21:13.510 --> 0:21:17.979 consulting and then, um, so we'll do custom consulting too, um, for, 0:21:18.010 --> 0:21:19.000 for a lot of places. 0:21:19.030 --> 0:21:22.510 Yeah, yeah. And I can say for myself, I've, I've 0:21:22.510 --> 0:21:26.760 attended both and they were absolutely fantastic. Honestly, I think 0:21:26.790 --> 0:21:30.060 you're the best trainer in security. Oh, I know, I know, 0:21:30.060 --> 0:21:32.669 we're best friends, so, like, I'm going to be biased, but, um, 0:21:32.670 --> 0:21:35.609 I think I'm good at being objective. And I really 0:21:35.609 --> 0:21:38.340 think you're the best trainer in security, so thank you. 0:21:38.369 --> 0:21:42.150 Encourage people to check that stuff out. Yeah. Um, yeah. 0:21:42.150 --> 0:21:45.750 And the I class was absolutely fantastic. Even better the 0:21:45.750 --> 0:21:48.150 second time. Just absolutely loved it. 0:21:48.300 --> 0:21:51.780 Yeah, I think I think I learned a lot from, um, well, 0:21:51.810 --> 0:21:54.240 from you and some other people too, about creating very 0:21:54.240 --> 0:21:57.419 fresh content. Right. So, um, you have augmented, which is 0:21:57.420 --> 0:22:01.440 an AI course that focuses on more than just security. Um, 0:22:01.470 --> 0:22:04.409 but I think what I learned is that there is 0:22:04.410 --> 0:22:09.300 a craving for training that stays up to date. Right? 0:22:09.330 --> 0:22:11.580 Because like a lot of the training organizations that exist 0:22:11.609 --> 0:22:14.040 right now, they just create a training and then it's 0:22:14.040 --> 0:22:16.320 out there and then they never update it. Right. And 0:22:16.320 --> 0:22:20.310 security and I move so crazy fast and it's like 0:22:20.340 --> 0:22:23.640 it's like, okay, so by the time you take that training. 0:22:23.670 --> 0:22:25.530 A lot of the tools are outdated. A lot of 0:22:25.530 --> 0:22:28.770 the methodologies are outdated, especially in the AI. Like AI, 0:22:28.800 --> 0:22:33.030 AI by far is like, you know, every class I teach, 0:22:33.030 --> 0:22:35.910 which is once a quarter live, I have to basically 0:22:35.910 --> 0:22:38.760 re dev the whole class because there's new, you know, 0:22:38.790 --> 0:22:42.090 advents in prompt engineering, there's new advents in rag, new 0:22:42.090 --> 0:22:46.110 advents and agents, all that stuff. And so I think 0:22:46.109 --> 0:22:50.639 that's what makes my trainings different than other people's. Right. Um, because, 0:22:50.670 --> 0:22:53.070 you know, I'm doing that. And then also, I think 0:22:53.070 --> 0:22:55.650 one of the crazy cool things was while cohort one, 0:22:55.650 --> 0:22:58.139 you were in, um, as a guest. And so in 0:22:58.140 --> 0:23:00.780 all my courses, whether it's the offensive security one or 0:23:00.780 --> 0:23:02.860 the AI one, every day I bring in 1 or 0:23:02.859 --> 0:23:06.090 2 guests who offer either like a different viewpoint than me, 0:23:06.090 --> 0:23:08.850 or who are specialists even above me in some cases. 0:23:08.850 --> 0:23:11.879 And we will talk for about 30 to 40 minutes 0:23:11.880 --> 0:23:13.949 as like an interview included in the class, and I 0:23:13.950 --> 0:23:17.070 will ask some very hard questions to them that only 0:23:17.100 --> 0:23:19.170 you know, like that only really like a homie would 0:23:19.170 --> 0:23:22.210 give you the answer to in a small group setting, 0:23:22.420 --> 0:23:24.280 and I think that has also made the classes great. 0:23:24.280 --> 0:23:26.980 So like last one in the offensive security class, we 0:23:26.980 --> 0:23:31.420 had Sam Curry Zls come on talking about his hacking methodology, 0:23:31.570 --> 0:23:33.310 and he's the guy who just did the big Kia 0:23:33.340 --> 0:23:36.370 hack with his group of, you know, hackers, which was 0:23:36.400 --> 0:23:40.090 Ian Carroll and some other people too. We've had some, uh, 0:23:40.720 --> 0:23:44.650 subs come on, Shabaam Sha. And he talked about, uh, 0:23:44.650 --> 0:23:48.760 like pretty hardcore reconnaissance methods that weren't talked about anywhere else. 0:23:48.760 --> 0:23:51.340 And so luckily, I know people. You came on cohort 0:23:51.369 --> 0:23:56.139 one and talked about your philosophy for agents flows and 0:23:56.140 --> 0:23:59.710 everything like that. Um, from, you know, from augmented. But 0:23:59.710 --> 0:24:02.830 you gave away some secrets there too. So that's how 0:24:02.830 --> 0:24:04.840 I like to run a class. Like it's like a small, 0:24:04.840 --> 0:24:07.149 intimate group. And yeah, it does. 0:24:07.180 --> 0:24:11.890 It feels extremely close knit and intimate. And after like 0:24:11.890 --> 0:24:14.470 the second hour and definitely after like the first day, 0:24:14.500 --> 0:24:17.920 you feel close with all the other people because it's 0:24:17.920 --> 0:24:20.670 a very sort of welcoming thing, like it's just discussion 0:24:20.670 --> 0:24:25.139 happening and everyone's listening to you, but it's also just 0:24:25.170 --> 0:24:27.600 a yeah, it's just a really good vibe. It's the 0:24:27.600 --> 0:24:31.530 best training vibe. And I've been taking sand since, you know, whatever, 0:24:31.530 --> 0:24:34.320 early 2000. And it's like it's the best training vibe 0:24:34.320 --> 0:24:35.160 I've ever seen. 0:24:35.430 --> 0:24:37.980 Yeah, I think, I think one of the cool things 0:24:37.980 --> 0:24:41.190 too is that like, um, I don't ever consider myself 0:24:41.190 --> 0:24:43.140 that I'm going to be the absolute master. I think 0:24:43.140 --> 0:24:46.469 overall my methodologies and the structure of the training is 0:24:46.470 --> 0:24:49.230 very well put together. But if someone comes in chat, 0:24:49.260 --> 0:24:51.300 you know, for one of the courses and is like, hey, 0:24:51.330 --> 0:24:53.880 have you thought about this thing? You know, sometimes we'll 0:24:53.880 --> 0:24:56.159 divert and look into like a new tool or a 0:24:56.160 --> 0:24:59.129 new piece of methodology right in the class and you know, 0:24:59.160 --> 0:25:01.859 you can't get that anywhere else. Um, so, so I 0:25:01.859 --> 0:25:04.020 think that vibe is I'm never going to consider myself 0:25:04.020 --> 0:25:06.719 the ultimate expert in that vibe is helpful for people 0:25:06.720 --> 0:25:09.150 who also come to the course and are experts. So. 0:25:09.300 --> 0:25:10.230 Yeah, totally. 0:25:10.380 --> 0:25:10.860 Yeah. 0:25:11.250 --> 0:25:16.290 Awesome. And, uh, what is next for flair? Like you 0:25:16.290 --> 0:25:19.100 talked about? You hinted at a few different things, but 0:25:19.190 --> 0:25:21.320 what do you see happening? Like you talked a little 0:25:21.350 --> 0:25:25.429 bit about your pie in the sky version of mixing 0:25:25.430 --> 0:25:30.680 like C10 and all the different stuff altogether? Yeah. And 0:25:30.680 --> 0:25:32.810 any features that might be coming out end of the 0:25:32.810 --> 0:25:34.520 year or first part of next year. 0:25:34.910 --> 0:25:35.450 Yeah. 0:25:35.450 --> 0:25:37.760 So I think that's, um, I actually don't know what 0:25:37.760 --> 0:25:41.870 I'm allowed to talk to you about, but hopefully it's fine. Uh, is, uh, 0:25:41.869 --> 0:25:45.050 is there's going to be some new features, um, around 0:25:45.080 --> 0:25:48.200 cookie exposure because a lot of people are getting really, 0:25:48.200 --> 0:25:52.580 really great at, uh, mitigating breached credentials, but less good 0:25:52.580 --> 0:25:55.010 on the cookie exposure stuff. So some APIs there that'll 0:25:55.010 --> 0:25:57.590 help you track cookies which are fresh, which have been 0:25:57.590 --> 0:26:00.890 exposed via malware campaigns or a whole bunch of stuff. 0:26:00.890 --> 0:26:02.990 Right now, we focus a lot on the stealer log data, 0:26:02.990 --> 0:26:05.420 but we're starting to focus more and more on career 0:26:05.420 --> 0:26:09.229 phishing campaigns by threat actors. Um, and taking that too, right? 0:26:09.260 --> 0:26:13.580 Because the two methods that adversaries use to steal your 0:26:13.580 --> 0:26:16.639 creds and cookies, one is stealer malware. They'll get malware 0:26:16.640 --> 0:26:19.750 on your machine. Some bot somehow, either via drive by download, 0:26:19.750 --> 0:26:22.840 you download a torrent, your kid downloads a Fortnite, you know, 0:26:22.869 --> 0:26:26.380 X or something like that, you know, or you get 0:26:26.380 --> 0:26:29.619 spear phishing with credit capture and cookie capture in the 0:26:29.619 --> 0:26:32.169 middle right, which is predominantly what red teams do. This 0:26:32.170 --> 0:26:34.540 is what I do in my campaigns, right? We'll set up, 0:26:34.570 --> 0:26:38.140 you know, something like Evil Jinx and fake an Okta portal, 0:26:38.140 --> 0:26:40.330 and then phish all your people, and eventually they will 0:26:40.330 --> 0:26:43.210 log in with credentials and will capture both the credential 0:26:43.210 --> 0:26:45.430 and the cookie. So that's the same thing bad guys do. 0:26:45.460 --> 0:26:48.610 I think the stats are, you know, it's like 54% 0:26:48.609 --> 0:26:52.810 of initial access for breaches. Is them just buying a 0:26:52.840 --> 0:26:57.909 cookie from stealer malware. And then 33.8% is still phishing 0:26:57.910 --> 0:27:01.630 these days to do to do credit capture. Um, I'm 0:27:01.630 --> 0:27:03.399 looking at the CSA stats that I had in a 0:27:03.400 --> 0:27:06.369 browser window over here. So, um, yeah, so we want 0:27:06.400 --> 0:27:08.950 to get more into that data as well. We do 0:27:08.950 --> 0:27:10.240 some of it already, but we want to get even 0:27:10.240 --> 0:27:14.680 better at it. Um, and then yeah, more traditional threat 0:27:14.680 --> 0:27:20.910 Intel features coming for flare. Um, and better visualizations, better dashboards, 0:27:20.910 --> 0:27:23.699 better filters like these are all things that, you know, 0:27:23.730 --> 0:27:27.270 are table stakes for a threat intelligence platform. Um, and 0:27:27.270 --> 0:27:29.850 then we haven't we haven't implemented yet a ton of 0:27:29.850 --> 0:27:33.960 the attack surface. We just, um, you know, uh, Nick 0:27:33.960 --> 0:27:39.180 Ascoli is one of the guys that we purchased his, um, ESM, um, product. 0:27:39.180 --> 0:27:41.670 And so we haven't implemented a ton of it yet. But, 0:27:41.700 --> 0:27:44.010 you know, over 20, 25, we're going to implement a 0:27:44.010 --> 0:27:46.230 ton of it. And then like you said, it bleeds 0:27:46.230 --> 0:27:48.960 into vulnerability management too, right? So at what point do 0:27:48.990 --> 0:27:51.840 you know, at what point do companies like us or 0:27:51.840 --> 0:27:54.720 even other ESM companies what at what point do they 0:27:54.750 --> 0:27:58.800 consider exposing vulnerability information like, you know, doing scanning of 0:27:58.800 --> 0:28:01.620 some sort for vulnerabilities, you know, and including that in 0:28:01.619 --> 0:28:03.239 the visibility? Because at the end of the day, as 0:28:03.240 --> 0:28:06.360 a consumer of something like this, I really don't like 0:28:06.359 --> 0:28:09.270 to be logging into so many disparate platforms. Right? I 0:28:09.270 --> 0:28:13.410 would love all of this to be in one place. Um, but, um, 0:28:13.410 --> 0:28:15.500 you know, no one's no one's perfected that out. Everyone's 0:28:15.500 --> 0:28:18.320 trying it, but no one's perfected that yet, so. 0:28:18.350 --> 0:28:23.359 Yeah, that makes sense. Um, cool. Well, where can people 0:28:23.359 --> 0:28:24.950 learn more about flare? 0:28:25.640 --> 0:28:29.540 So if you go to the main flare page, there's 0:28:29.540 --> 0:28:31.699 a free trial. This is also something that made it 0:28:31.700 --> 0:28:33.830 really easy for me to benchmark them. Was that flare 0:28:33.830 --> 0:28:36.950 actually offers a like a free trial. Anybody can sign up. 0:28:36.950 --> 0:28:38.600 They just have to be approved by, you know, a 0:28:38.600 --> 0:28:42.770 flare representative internally for legitimate use. But, um, yeah, flare 0:28:42.770 --> 0:28:44.960 was the only one that was easy to access and 0:28:44.960 --> 0:28:49.340 really start taking off. Um, so I think that, um, 0:28:49.340 --> 0:28:52.250 you know, our wonderful staff gave you a link, um, 0:28:52.250 --> 0:28:54.050 in the doc, but I don't have it in front 0:28:54.050 --> 0:28:55.820 of me. So do you have the free trial link? 0:28:55.850 --> 0:28:56.780 I do, yeah. 0:28:56.780 --> 0:29:01.700 So it's trifler.io/unsupervised learning, and. Oh, there you go. Free 0:29:01.730 --> 0:29:02.750 seven day trial. 0:29:02.900 --> 0:29:03.590 Oh, awesome. 0:29:03.590 --> 0:29:06.140 So that's even better than the regular free trial. So yeah. 0:29:06.410 --> 0:29:06.950 Yeah. Okay. 0:29:06.950 --> 0:29:09.260 Very cool. And where can people learn more about Akana? 0:29:09.740 --> 0:29:21.560 So Akana, our our website is Arcanum. Arc. Arc. Arcanum. Arc. And, um. Uh. Dash. Sex.com. Um. 0:29:21.590 --> 0:29:24.560 And then, uh, you can follow me on Twitter. I'm 0:29:24.590 --> 0:29:26.840 AJ Haddox and so I'll talk about all this stuff 0:29:26.840 --> 0:29:29.030 randomly on there. 0:29:29.390 --> 0:29:31.850 Awesome, man. Well great conversation. So glad to have you 0:29:31.850 --> 0:29:34.460 on the show and, uh, talk to you soon. 0:29:34.790 --> 0:29:35.990 Awesome. Thanks, man. 0:29:37.910 --> 0:29:41.120 Unsupervised learning is produced and edited by Daniel Miessler on 0:29:41.150 --> 0:29:45.710 a Neumann U87 AI microphone using Hindenburg. Intro and outro 0:29:45.740 --> 0:29:49.070 music is by Zomby with a Y, and to get 0:29:49.070 --> 0:29:51.170 the text and links from this episode, sign up for 0:29:51.170 --> 0:29:54.080 the newsletter version of the show at Daniel Missler Comm 0:29:54.140 --> 0:29:57.680 Slash newsletter. We'll see you next time.