[Music] [Music] Oh. [Music] [Music] [Music] เ [Music] [Music] he [Music] [Music] เฮ [Music] [Music] [Music] เฮ [Music] [Music] [Music] [Music] [Music] [Music] เ เฮ [Music] [Music] เฮ [Music] [Music] [Music] เฮ [Music] เฮ [Music] [Music] [Music] [Music] [Music] [Music] เฮ [Music] [Music] เฮ [Music] เฮ [Music] [Music] เฮ [Music] [Music] เฮ [Music] [Music] [Music] [Music] เ เฮ [Music] [Music] [Music] เฮ [Music] [Music] [Music] เฮ [Music] [Music] เฮ [Music] [Music] เฮ [Music] [Music] [Music] It's blinking, It's blinking, it's recording, daddy. Starting another Shorumi Talks. Okay connected? You don't know what it is Shorumi Talks. It's a project that we It's here on our channel. And this The project doesn't have a set date, okay? connected? When you have a cool topic or when there is something in, I don't know, a subject trending or something I want to talk about with someone, we usually separate Friday to have this chat. I am with a project to leave this framework fixed every Friday or at least every 15 days. Let's see, let's see what the Guys, are you finding it? Then, damn, thank you for being stuck there on our Friday, July 4th 2025, 3:06 PM, dude, time heir, right? Why? The guys spoke like this: "You became a dev abroad, you became a millionaire?" No, no. Actually, I I work and I don't work on Friday, beauty? I don't work on Friday and I suggest no one to work either Friday, because Friday is not day of doing nothing. What's up, guys? Damn, first thank you to the club members, always strengthening this content here. How's it going on? message today here below here, the chat He doesn't have a live today, okay? Why I'm streaming on Streamyard and it it is not possible to put the notifications, Live Pix, then send it by chat, pro super, pro chat, pro super chat. But remember, tip is the same as ban. So, thank you to the members club It's always getting stronger here, man. Thank you here, oh. Oh, Diego Carvalho became a member. Antonio Oliveira, member for 7 months and the hack attack on the Central Bank. Let's go talk today, bro. Anderson Oliveira sent two. Are there people like that? chat involved? Damn, let's find out, huh? Let's find out, huh? And the couple more millionaire of this YouTube, the couple sponsor of this YouTube, sent two hundred already in the father's chest to start well and guarantee the derby. Wow, bro. Damn. Yes, yes, yes. Good, for damn. Thanks for the support there, bro. Jordan Lisandra, man, a couple millionaire. Guys, let's get started. Which what's the stop? Hold on. DJ, DJ, DJ, stop, stop, stop. I want it to stop my trail. For my trail. Strip this message. I want. Oh, [ __ ], I I got suspense music here, man. Damn, I only remember the stops at the time, right? I only remember at the time. suspense music. So, giving context for you who tuned in now, You who tuned in to the live now, already leave a like, subscribe to the channel, now give me strength, help me beat 300k. Second, an attack happened this week on bank, alleged attack on the Central Bank, where the Central Bank said it did not have no attack. There were people who said that the theft was 1 billion, there were people who said that it was more than a bi, there were people who said it was 500 billion and we are seeing a lot, we are, man, if the we get the news, we see a people creating content, the people of finance creating content, speaking well shallow and such about what is happening. The content I found more technical is from the Ancapso channel, on channel he has there for safety which is not about Ancap, it is a channel of security. Then during the lives the crowd he said: "Bro, you have to talk about that, but I'm a scumbag. I I'm a boot camp hacker, a programmer of tiger, supposed programmer of little tiger." So I said, "Dude, since I'm a show, I'll bring people who know what they're talking about". Then I said: "Dude, I'm going to look at my network." I I said, "[ __ ], I have two friends who they are the best in the galaxy at this thing. Then, to start with a round of applause, my first friend Alc Jones to be able compose this bench. Applause. Hey, he arrived and left. What happened? Did they hack his machine? I think there was some trouble. hacked the his machine. The Central Bank does not want that he is among us. He he came back, he came back, he came back, he it returned. Hey guys, what's up? Beauty, big. Good afternoon, everyone. Big brother Davin. Hey bro, how's it going? face? Is it cold there, Brasilia? Boy, cold stays at night during the day. That one hot, right? That that pattern that you met, right? Very hot during the day, night, freezing cold. But colder than Brasilia, right? which is 10, 8th. It's not that one southern cold, what's that crazy thing? No, man. It's a little cold here too, face. 21st today. It's really cold here. Cold weather in Rio, face. It's [ __ ] cold in Rio, damn. We are all bundled up, bro. I'm even wearing socks here because I I also discovered that I have to leave the air on, otherwise my camera heats up and turn everything off. That's tough. There I am dying here. It's going to freeze, man. Go freeze. We're together, bro. Now calling for compose our bench my other friend crazy hacker, mad hacker, hardware hacker who understands that flip thing, right? connected? That little flip that you, damn, bro, open, open locked car, you open a hotel, you get it beer machine and pull beer from grace. The special guy talking [ __ ] for [ __ ] sake. Hacker Expert hardware, my friend Júlio de Flora. [Applause] Okay, it's silent, bro. It's silent. Damn. Hey guys, how are you? Do these things no. Don't do those things, old man. Beauty. Wow, burning the film, right? bro? Damn. Worse still are the attacks. Worse still, there are the attacks even, old man. It really does. I go speak, I won't speak live, no. It will be that they used? Did they use the flipper? to hack the central bank? There's this theory, right? Wow, bro, I can't stand this business anymore flipper, old man. Wow, bro. It's all world in this, damn it. Dude, I think before to start, man, I wanted to ask for you to introduce yourselves, because, like, there are a lot of people who are not part of the bubble security, who doesn't know you, no you know, you guys are the best in the galaxy, They are the tough guys there. Come on, leave it me, let me change this track here, brother, who looks like God. Hold on, hold on. Ready. To the trail. to. Okay, great. So, to let's start our chat, man, come on, let's go start the interest of La Floria. If present it here, bro, to the people who still He's not connected to your work. Wonder. Hey guys, how are you? Well, for whom don't know me there, Deivinho has already done the initials, but I work with this information security area. We must have been a few days ago I I put it like this, man, more than 10 years like and in the security area. Then I was watching which hit 2020, I don't know, right, 25. There it is already more than 15, so it's been about 15 I've been working in security for years now, more specifically in the area of offensive security. So what's the stop? eh develop tests, right, or design penetration tests on systems computational, it can be in software, it can be in hardware. Hey, my area specifically it's more hardware. AND currently, what I work most on card machine penetration tests, right, Smart Kiosk, Smart Totem, those little things there that automate are for you buy a snack at Burger King or McDonald's, you know? Beer machine. AND shopping machine can also be used, right? So this whole area related there hardware hacking, right? I work, I have training too, right? And no It has to be, right? Training doesn't. Hack in six months. Hacker in six months. AND hack in six days. Training is good, huh? It's training is good. Oh oh oh. Dude, I have. Oh, it's weird, right, man? Because, oh, I did, I did, I did undergraduate, two postgraduate, one master's degree be a teacher, right, man? There, there now, Now being a teacher is a joke, okay? connected? You have a training that is mocked. Like, you go there, I don't know, study 10 years to, like, to go to the area. THE, Teachers just get screwed, right, bro? AND [ __ ], right? It's trivialized, man. Type, teacher already earns poorly and now trivialized. So, here goes any idiot and say like this: "No, if you become in six days, you know?" And the guy, like, the guy There's nothing wrong with that, man. Never did nothing in life. Oh, that makes me sad, old man. AND a defeat in my life, man. AND that's it, man. Yeah, but like, my training, for example, I have, I don't know, man, since 2018, get it? It's good before the bubble, right? Car before Mister Robot. Yeah, man. Ah, Mr. Robot is, man, he came much later, huh, man? We are from the hacker era computer pirates with Angelina Joli, are you aware? Damn, it's this one, this one that she has short hair, etc. THE people are bald, bald. There it is, yes it is, old. Baldness here is tough, man. Good, bro. But that's it, folks. I I work with it. It's offensive security, penetration testing on hardware, software, right? Today I work for P1 Infosc. Cool, huh? Cool. Beauty. Good too much. And to compose our bench Here, bro, big Al Jones, man. THE idealizer here, look, so Jones doesn't talk that I am ungrateful. Look at my little cup. Look at my little cup. Yes, then. That is good. Damn, Black Box Meeting here, bro. I have that first edition that it happened there, look. Holy [ __ ], man. This one is relic, huh? That's more expensive. This one is a collector's edition. Holy crap, Al Jones is down. He died. Died of new. He died. He died. Damn, bro. They knocked him down. They knocked him down. So of [ __ ]. They are knocking down [ __ ]. Wow. No, that's what sucks. The guys who use Kali Linux there, damn, out of nowhere it's not compatible with the camera, then the camera falls. Yeah, it's C Linux, bro. It's C. It's Car, Car is knocking it down, man. Wow, I think it is. I don't know what It's that business, no. It's going to be really messed up here today. It's getting stuck here. I'll go to close, but let's go. Well, guys, beauty? Hey, so my name is Alc Jones there, right? Alon. In fact, Alones is nickname that people know, like Júlio said, we are from the times beginnings, right? We had one already had a webcast there, podcast for over 10 years ago. We did it for 10 years there, closed last year. Julio participated from one of an era, right, from two two seasons there with us. Uh-huh. Dust, I work with the security part offensive there are more than 15, right? Almost 20 years too. It's been a long time. Security in general and then offensive security. But that's it, man. Yeah, people call it hacker, right? But the people in the area security there now boliatecotei what a mess, huh? PJIN Hacker. And that. Little pot. There, damn good. And I have a channel, right, which is True Hacking, which I started even inspired by bro Davin, I said, right, when I saw the about the Tech show, then I said: "Wow, I'm going to do the hacker slurry too because to show the truth and these marketers there who are coming from the bubble I want to help knock down the in this crowd showing real hacking, that's why it became true hacking there, the name of the project that started at the end of the last year, it's growing there, cool. So, a lot of ideas there were copied from bro Davin also in the face of Ah, what that's it, man? I'm going to copy Black Box, stay calm, stay at peace. Okay all very well. One copying the other. We found out who took it down, man. Look who's on the live, bro. There, look. He's the one taking down Al Jones, man. Great Penegui. What's up, bro? Penegui. Damn, that's so good, guys. Penegui found some cool flaws, huh, not in the [ __ ], I don't know if I can speak. Face, but it has to do with Pix by approximation there. I don't know if you can talk now, okay? connected? I said like, man, I almost I spoke in a live, I said: "Wow, bro". Then I said: "No, leave it over there, let it go, because, bro, internet is awesome." Yeah, man, we spoke together just a short time ago at in the last in the last sherif, me and the Penegui. And let's schedule some more lecture too, right? Cool, huh? Cool. You have to go, right, Davin? You have to go, man. In some others events started going already, right? I started, face. The first event was Al Jones' there in sec, man. But I said you there nah, come on, let's go HC. Yeah. I'm going to play you there at H2HC. It will be, it will be fun. Cool, cool. Man, I am I say that I'm flirting with people saying like this: "Man, I think that the Divin will change careers. I'm in this, I don't know, I don't know, but I'm flirting with the security area, man. Very [ __ ]. Very cool. Even, bro, I me I even wanted to start chatting to start warm up. Alon tells the history from when, because look, it said there that the We have a [ __ ], the guy fell again. A doesn't want to. But hey, what's happening? face? We had a project there that was Security Cast and Security Castí from a YouTube channel where he called the personnel both to interview and I had the fixed ones too. And I was fixed on Secur Casto, 2 years or so. And Aion has always been fixed also. Sudré, Martineri, finally. Oh, that what's up, man? This channel once and I wanted what Alon came back to he tell the whole story, this channel, once the Secretast Telegram channel was hacked, you know? Wow, bro. At the time when there wasn't even a second one authentication factor, there was nothing. It was the beginning of Telegram, you know? He does quite a while there. And what happens, old? If he doesn't come back, I'll tell him history. Let's go. The story, right? THE Guys are calling Penegi for a live, face. Let me send him the link here. Let's see if he can stick it here. Leave it and see, bro. Then you know, you even know that the owner of Telegram got involved in some are in some fights there. went to stuck for a while, had to change various Telegram guidelines, precisely because the guy was caught there in eh if I'm not mistaken in France, right? He got off the plane in France. THE girlfriend that the guy was there in France It seems like he was a bit of an Instagrammer, he posted with geolocation enabled on Instagram and Interpol caught the guy, right? Yeah, you'll see. But Pavel is. Oh, hey Alon, I want you to tell what happened at H2HC when the guys stole the Telegram channel Secast. Oh, that one, that one was, you see, already want controversy now, oh, the slop of security there, look. No, I am today I am just a listener, man. I'm just listening. You'll like it. Cool little story, face. Tell, tell, tell the story. That Oh, that was great. We had a guy who participated in our group, right, from the Secret Cast and there were four Telegram administrators and our group was the largest security group in the Telegram, right? More than 3,000 people participated in Telegram. It was, it is, it arrived at 5000, right? Yeah, it reached 5000 people once era. Yeah, 3,000 was right after the We redid it, right? reached 5,000, then it happened this business. So, we had 5,000 people at the time and then one of the group administrators were already halfway through pissed off at us because we were, anyway, I was making some modifications that he didn't find interesting. And there he started banning a bunch of people from Telegram that he thought was that he if he felt it wasn't good for him group. But our group is a group free, you know? The guy says he wants to, do what you want. Mania. And that was it, man. THE Dude, people could say whatever they wanted there in the group. And then this crazy guy went and did it a takeover on the channel, like, took it down all administrators, all administrators, right? And then it was just like he, as adm was not going to return the adman was going to nothing. And he said he was going to knock it down and he said like this: "Now the channel is mine, like this, Telegram is mine and it's all torn apart world, [ __ ] everyone, okay? connected? What's up, man?" Then it was a [ __ ]. I was at H2HC in training, because that one was from a Sunday to second, that is, H2C ended in Sunday, I stayed Monday with a training there from I don't remember now what the topic was, but it was training there. And then I was in the middle of training and I just saw that crap, like, we don't could do nothing else. And I started talking with the other Security Cast owners. There I said: "Guys, hey, what do we are you going to do it now, man?" Wow, out of nowhere I'm talking to our friend B Dimon, he said, "Man, nice to meet you, this is the one Pavel, the owner of Telegram, he's here by your side." I said, "Wow, that's it, sir. from Telegram itself. Yeah, he was speaking at the event, bro. [ __ ], this Demon, right, who is Rubira. Wow, the Dude, it's just work like that, it's Google, Amazon, Intel, only at that level, right? So, the guy knows the world, right? old? [ __ ], crazy, man, you know the world, old. The world. People are saying that H2 HC happens, face? It's in Floripa. Sao Paulo, Sao Paul. São Paulo. São Paulo. Hmm. Dude, in the end, in October usually, right? This last year was in December. And the last year it was in December, but it's usually late October or November. AND. And it's like and people come from gringa like this, man, what's the event like like this? I think it's really cool because, like, bro, the sec bubble is another one totally bubble, man. The guys think which is not the same thing as the dev bubble, face. It's not like, the events are different [ __ ], it's another level. And it is the is another same thing, man. It's a, it's a, it's a different staff. It's a personal different, you know? For better or for worse. These guys are awesome. I, I went to the event there, I went with my wife, right? I I said: "Uncle, nothing's wrong, information nothing for anyone if ask, you come in quietly and leave quiet, because I don't know which one it is security event. The H2 had a time that was boring, bro, that you I had to turn off my cell phone, [ __ ], man. Because otherwise it would come to message like this: "Ah, Uberits here, look, okay [ __ ], come here and get your Uberites, man." Man, what's this, man? What absurd message in everything that is cell phone. The cell phone would freeze, it would arrive message from all sides. The Giovanni you're talking here, man, that the level technical is very high. Tell me more, I ended up interrupting there. Give me a count then we'll talk about the event, right? Good, good. Then we talked to Pavel, such, I I said: "Man, look, the guy took it, did the takeover, here it is, look, the whole script, right? THE BS Dim accompanied our group, so Rubiro accompanied our group and he has always been present in the community like this. Then I said: "Man, we need to get back this channel and how do you do it?" He said: "Man, if I to take down the channel, like, put it come back, I may have legal implications so, whether he likes it or not, he was an administrator, right? And then we don't will get it." But then he said: "Dude, If you gave it to him, he left a tip, right? He said, "If you look closely, there is a little hack here, like this, the guy gave the tip, damn, bro, at the right time, "Oh, Penegui, stop knocking him down there. I don't know this technical part of it story, because he was the one who talked with the guy, I had already gone back to home, man. Wow, Sunday night, damn, in the good part of the story. Jones it fell. The chat is messed up. They knocked down the man. Damn, use 4G. He sends use 4G. The guys are there, look. The Bastos. You bastos was there, look. It's always there with Penix, man. That's cool, man. Event. Yeah, man. And I know, but like this, for summary, bro, Pavel he passed the lyrics yours later he tells you exactly how it is which worked, but he passed the letter of how could he go back to being channel administrator. [ __ ], like, he told a vulnerability he has that nobody, it's a backdoor, like that, let's say, you know? Like, this here, look, doing this here, look, you can take back the channel. [ __ ], it's the the most badass social engineering in the world, face. Donio who returned the channel to he, you know? Then he returned the channel and removed the old administrator. That was it, man, what happened. Holy [ __ ], man. But kind of was the owner, right? It was kind of the owner of Telegram who passed on the tip like this. You didn't pass on the tip, bro. He made a way I could get it out there and it worked the situation. Holy [ __ ], that sucks. But man, things happen. there at H2HC, because it's a great event cool, bro. It was always a great event legal. AND like, then there was Giovani who said that the technical level is very high, man. AND absurd. One cool thing about H2 HC is that way, now they are so little more trying to make the event pay for itself, but like that, it was an event that gave loss every year, [ __ ], man. It's like this, the guys, the organizers have always supported the event, it was always an event of community, the guys always supported, like, I think the guys didn't earn R$ with that, I only lost money. But no had a sponsor, man, because the guys say that, ah, event generally, Dude, what's up, man? And yet, it gave damage, damn, it was, because, man, every year is something new, right, that the guys invented. But this event is also like the one that I put the chip, Boadinho's chip also. Also, for example, oh, this year, right, last year, in this case, right, that It was in December, the last H2HC, there in Harder Hacking Village I was at participating, I was one of the organizers there at Hardware Hacking Village. Peneg was there, Tesc, there was a brother he was doing implantation biochip there, he was [ __ ] awesome, man. AND then he brought the pile there and then he was doing the body implantation bioschip there. And they are different models, right? Then you choose which one you want, the model that does X, that does Y. It has magnet neodymium also to implant. Already, already the update has arrived so you can pay card, make payment, bro. He has um, just like, it's, uh, he's dependent from the payment gateway, you know? Oh, believe me. Get it? Because he has to negotiate. It's a business that, like, he need to negotiate with payment gateway to be able to do this, because the chip is a thing that cannot be exchanged all the time, right? So it's a deal, I forgot to ask that you have one, Have you changed yours today? I have, I have one in my hand, but he It's not for payment, it's an NFC, okay? connected? He's like, if I'm not mistaken, it has like 800 KB of space. Holy crap, man, storage. So what? so pretend he's one of those NFC cards, like, as if it were a small NFC card. And then you can put a lot of stuff inside. It is possible to put like, oh, my website, then when I approach, open the website or put mine WhatsApp or put, I don't know, eh, for open a video when I approach. He has even attacks that can be done. Inclusive that brother there who commented, not now, not Raoni, but Bastos. Yeah. He had commented, he was the first guy to implant a chip of a biochip in here in Brazil, bro. What's up, man? Wow, We have the legend here, bro. THE first guy that the video I think gave like 100,000, man. I think the video worked some, I don't know, more than I don't know how many thousand views, everyone cursing him of antichrist and such. Antichrist for [ __ ], bro. The first antichrist of Brazil was him, man. The first antichrist of Brazil. Damn, bro, what an honor. The guy is there. AND, The guys are great, they are great here, man. Wow. And it has always been a one-off event absurd technical primacy, because the Rubira and the others and collaborators of event, the event staff, they they always had a lot of contacts and They were always very out of the loop guys curve, right? They worked in key places, right? who were moes in that area. So like this, it was normal to see you at the event like that, it was It's normal to see very well-known faces from the area, very important people, like, for example, Pavel, right, who was a guy who came to lecture, [ __ ], at H2C. Yeah, and like, there are guys like that, there are some really cool guys who came and always by invitation or from Balestra do Rubira, that people have always worked for gringa, right, and there was contact, right? No, now I know why the event didn't closed, right? Imagine the cost to bring these foreign guys. Damn, there's that too, right? Absurd. And but oh, but but in this area it's like this, bro, generally you pay for the guys, you pay stay and lodging, but like this, the guy does not charge for a lecture, something that In other places people charge, right? Like, you're going to ask a lawyer give a lecture, the guy will charge, right, bro? True. And then in IT, not in IT, but in safety, I don't know how it is in IT in general, but in security you are It's kind of bad that you charge for lecture, you know? It's like na a na dev bubble kind of has is an agreement that the Guys, you kind of have to generally when it's a community event we doesn't charge, but there are one or two that I I heard that it charges, but generally community we don't charge, but event private we charge to be able to, yeah, so it's because in the security area of the information if it is a business half half anarcho, half punk, okay? connected? Half anarchic, half punk. Then it is derived, right, from the community kind of from the 80s postk, half community industrial there. And the guys always had this breeze of dissemination of content. Ah, free software movement, and so it goes, right, for [ __ ] sake. Content dissemination. So it is it is very unusual cover for a one security researcher or a guy from area, mainly security offensive, the guy charges to do a lecture. Usually the guy will be giving this lecture there in a room or in the event corridor that happened a lot, It already happens, people do some lectures sometimes in the hallway of event. A brother of ours, Tauan, was giving a talk in the hotel lobby at 3 o'clock in the morning. Holy [ __ ], man. Type in Saturday like this, Saturday to Sunday. That I lost because I was crazy, inclusive. Yeah, I was there, I ordered one, I I ordered an iFood, then I went down to get it iFood, there was Tuan speaking 3 o'clock in the morning at L. [ __ ], that's [ __ ] up, face. What the [ __ ]. So, it's are are events cool. Hey, finish the story, bro. That's curious. I will explain. I bought the new notebook and then I was doing this change, right? I bought one Alienware that was coming out of Mac and then I I've been using it for a week, man. But I'll tell you, man, it's Windows 11 is a real trash. I'll have to put Linux there. I've seen that it's not possible, no. It does not have no way. And Tony for those who defend this damn too No way, man. It does not give. I played here at Mac here so we can do it now. It will be fine at least people finish. Good. So then he told us about a little hack, right? He said: "Oh, there's a little hack here that you can get type the user list, give a sport there and do the channel migration, because otherwise he could take a lawsuit for is knocking a guy down, anyway, right? And and was, he has a, he had some certain still problems with justice in Brazil at that time there. So we did this hackzinho, everyone immigrated from dawn, got it? We did it in dawn everyone's migration. There when we managed to migrate, we went there and knocked them down one by one from the canal Dude, got it? Like he put the people as administrator there. We gave a cry there, he put us like admin. Then he woke up, he was the only one in the group, the three of us. We sent a message well educated, like that, right? Well well well really strong, like, go [ __ ] yourself, giant. I said it, that's it, I said it. And it was I was measuring my words, I'll speak. And then the guy woke up and got pissed off, started to discussion, he entered our other channel, right? He started talking a lot of nonsense, we kicked the guy, gave him I banned him at the end and everything was fine. But then it was thanks to these contacts, okay? connected, what do we have there in the half, got it? It is different. The area of security always has some big problems Good, bro, to follow. Damn, man, it's scary, man. It's scary p security guy, why the bubble dev, I come and go, I get into fights, but the guys, the best thing about the guys is kid, send me a DM and ask me to delete the video. This happens. Now from security, get into trouble with this crowd. I'm so scared, bro. Say: "Oh, boy, these guys are going to knock down, go, [ __ ], I don't know, take loan in my name, thinking that my name is dirty, [ __ ] it. I don't know, man. People are a bit crazy. It will appear, it will appear as, will appear as death there, on the SUS website there. I will be in active debt in my city out of nowhere my name is in the active division, dust. Dude, it's all right. PTU is paid. Yeah, man. The little panels are falling off there, old man. Damn, guys see my channel become a crypto channel like those guys, man. Man, but boy, man, YouTube channel It's tough, because it always appears like this emails like this, it's who doesn't want to partner with you. But, Dude, there was a guy, he has a big channel that the guy fell for it, because the guys they say: "Bro, all the instructions is inside this file here." Then when you will download the file, it is a DMG or it's an XE, say: "Bro, you have that it may be too late for you to click in this [ __ ]". Hey, man, the guys are losing a lot of channel with this, face. Wow, man, there are some, there was one time when people did this with some gaming channels and the guy would send, like, a link to download the preview, the game beta, you know? Get it? But then it wasn't the beta of game, obvious, right? It was kind of a social inherence better yet, spear fishing, right? Node case. Wow, mine has a certain one browser there, ah, we are creating a new one browser and such, we want close a partnership with your channel. I said, "Uh, get out of here, bro. Yeah, always he has. I'm vaccinated already." And like, yeah, always has. And it's usually a proposal good. The guys put some money in table there, they say: "No, we have so much of funds to be able to close advertising with the channel." I said: "Ah, get out of here, bro." Hey man, I'm going to get you say that the business is so widespread lately, man, I've been trying sell my car, old man. The guys came talk, start a conversation with me, say that I wanted to buy my car for later pass me, pass me stuff crypto, [ __ ], bro. Of investment, investment tip for I buy [ __ ] from [ __ ] [ __ ] pyramid, old. Either pyramid or scan. AND one of the two always. Are you kidding me? face. I said, "[ __ ], I want it, just I wanted to sell the car, only the guy here renting, renting me for a long time." It happens, doesn't it, man? It happens. I think before we go in, let's just comment here on this super chat that Del Game saw that the Indian engineer worked at eight startups, the guy was fired from everyone then he made money 800,000 per year. Holy [ __ ], man. Dollars. Wow, huh, man? Indian knows how to survival, right, man? The King of India, face. Another super chat here. Jordan Lisandre, man. I worked in security also. Hotel guard. Damn, man. That's why the security guys are Everyone tall, have you seen it? Julio is 1.90m tall. I'm also over 6'3. If it works wrong, we become security guards shopping, okay? Wow, that's true, man. You cars are all really high, man. Absurd. In the picture, man. Damn, I took the picture with Jones and Guilherme, bro. I looked like a dwarf. They bent down to take a picture with me, man. Wow, I was teased for [ __ ] because of this photo. The guys, damn, because you're kidding too, right, man? Damn, man, the reference is awesome too, huh, old man? You put a lot of people high up there, put it like this, the guy in a normal height, then the guys will be joking, right? Damn, I got it, I got it my 1.65 more or less. There are good days when I'm 1.63. It depends on the day. Yes, at Sometimes it's cold, right? It's not cold. Yeah, okay cold. I'm smaller. It happens for a lot of things in life, right? bro? Cold gets less. It's the cold, the cold from Brasilia made me shrink a little, damn. The crowd is awesome. Good. I think we can start, Guys, come on, giving context, because what what happens? Many people still aren't connected to what happened. I think that we could start by giving a context of what happened at the Bank Central, if it was the Central Bank, it wasn't and such. I think we could start with that, then we'll go climbing and such. I'll keep track of it in the chat here also, seeing doubt. Could it be? Beauty, quiet. Could it be. Yes, it can be. I go start here with some history here. He can be, Julian. I'm pulling the history here for the guys. Keep going, I'm here, Our Lady, more lost than You If you want to share something, please for I release here. Oh Divine, I will go send you a PDF. I don't know if the if Alon sent it here, in case you want it. Send the cure and it will be the best. From the to share too, guys. If If you want to share it, I'll let you know from here. Uh-huh. It turns out I have another one computer now, I can't share more. Oh, no. Good, good. AND that has to restart. It's [ __ ] up, it's [ __ ] up. Let me share here. I'll download it here. Alright, bro. Good. So, what's up? Well, I'll tell you a little bit of the timeline, right? I go speak quickly here so as not to get boring. The idea is not to be a boring technician, otherwise the gang will start soon even banning the channels there. So it is. But it's like, June 30th, right, but or less midnight 20 there, right, some platforms such as SmartPay, Tandar a identify an atypical movement, right, of cryptocurrency purchases. That was it the beginning of everything, get it? So, start to identify an atypical movement of a lot of money, you know? Around there 4 in the morning, right, call him a pilot BMP reserve, he was notified by an executive from another bank, right, and on receipt of a PIC of 18 million at that time, like, 4 of the morning there was a PIC of 18 million, right, from BMP. So at that moment they receive this notification, he takes the knowledge, right, the BMP bank, it takes knowledge of what was happening. Before continuing, it is important to say that the money was not stolen from the Bank Central, there are a lot of people talking wrong, right? It wasn't a bank robbery Central. the system was used Brazilian OSPB payments, which he makes the interconnection of PICS and other types of movement also to make the bank movement from a system of what was managed by CM, ok? What you have is a kind of white label bank which is called a bank a service, ok? Then he is a bank, he is white label and he does these and makes these integrations. Then I will give an example of a white label bank, like you can talk about brand but Riachoelo, Renner, they are not banks, they have a bank behind them that manages everything, they just put the brand, right? So it is more or less what happens today. Everything is an exacervice, right, bro? Bizarre, right? People were even joking earlier that It was the Insider eXacervice, right? What rolled. No, there is more, exacerbation today up to date, it has everything, everything exacervice. I I say, we are the only one, we are the only one, I know there, the only animal that pays to live, because everything of ours is exacervice. We You have to pay for everything. We don't own anything anymore, man. He finished. That's right, bro. And then people received this notification at 4 o'clock on the BMP. Oh, there was a one movement, right? There again, right, the BMP personnel at 5 am notified the CM CM Software, right, what does it do? management of that bank, that's what's left behind, right, this White Label bank, which manages that, which communicated that had an improper transaction. Then, as a preventive measure, the CM was temporarily disconnected from the system of Brazilian payments from the Bank Central. That was on the 30th, but it was a a little later, okay? The schedule People don't know exactly, but there is a bulletin who says it was at the end of the day. Or that is, it took them almost 24 hours to do it this this this this pause, this block there, because they were investigating in time rolling. But they, according to what I heard that they had stopped, right, they had already stopped the transactions there, at least internally. The first portal to say something It was the first day, that is, on the day next, which was the Brazil portal Journal, right? he linked the news of incident, that is, he became aware of something and published it, because then I had no news, not even from the BMP, neither from the Central Bank nor from any other institution. And then came an official note on day two, that is, two days after BMP notified, right, a note on its website that she suffered an incident and put very little information. Didn't say anything nothing very relevant, right? Just said who suffered an incident in the system payment at dawn on such and such day and full stop. On the same day at 10 in the morning on the 3rd Central Bank announced, right, already the partial resumption, right, of activities and operations of CM Software, that is, they stood still for almost three days, two days standing there, right, which is a one a huge blow, right, because they were several banks impacted. I didn't say the name here, but who was there behind, the BMP Money Plus, CM Software, right? To the Central Bank, in this case, which was involved in this whole environment, the Credit System and Banco Paulista, okay? This report, including brother Davin, by chance of the company I work for, which is from Pura, you can even later share it on your Discord. I'm going too share on my Discord there True Hacking, because here are information that even if we have more information, we only put the that can be disclosed, ok? In that reporter. So she can, he can be disclosed to any of the Brazil, finally, on the internet, right, to everyone. Oh, good. If you want share is already here, I've already downloaded it, It's already here. Beauty. It is, it is like this, what the that, oops, what's more important, maybe if you want to show the notes officers there, right, because I think it's the which is more relevant on page 10, inclusive. On page 10, which is cool. Asper's Bulletin. No, no, the other one, the another is Apura, another. It's from Apura, dust. Let me share it here. Even if I say something stupid, responsibility is mine. If I speak good thing, then the company takes the credit, ok? Just so you don't lose the PJ there, okay? It's on page 10 here. It was the whole cause, why? There are two theories about the attack, right? I'm going to start pulling a little bit of theory. The first theory was what It took effect this morning, right? to the beginning of everything that was what was a insider. He was arrested this morning, right? I don't know if you saw the report. It came out of the meme, there is a meme that I sent for Davin. That meme there. Yeah, yeah. That meme is good. That WhatsApp meme, if you want to show. No, you can't, right? It's on WhatsApp. Ah, forget it, forget it, right? So, uh, what happened? Eh, it was an insider initially, an insider who had credentials, which he handed over there. That from there, oh. That's it, man. The one about João Nazareno Rock, is the guy who supports, is holding the infrastructure financial center of Brazil there, look, with a lot But this was the guy who got arrested. He was. Wow, bro. Damn, those guys are really fast, man. I think that was it, bro. I go confirm, but I think it was. AND, supposedly it's like that, right? Oh, insert supposedly in front of everything I to speak, because that's it, that's it. Put Please, the name of this live is supposedly a theory. Supposedly that. So, that was a print taken from our tool there, by chance. Normally, this isn't No advertising, okay guys? Because it is a material that we had, was one of the There are few public reports that have been released, ok? So here are credentials that already were leaked inside one of the CMSW.com, which is the CM system, which had credentials leak administrator. So this was purchased, acquired in Deep, Dark Web and other means of electronic shopping that are made in the system of monitoring intelligence that we he does. And then yes, there were credentials, no no I'm saying it was this person's, ok? But there is a leak, yes. Okay good. That can be seen later, okay? And this domain here is the CM domain Software, right, which is the company that is the white label of all these banks there, BMP and others, ok? So behind Oh, look who arrived. Look who arrived there. Look, oh now it's not even been 20 minutes. Holy [ __ ], man. Damn, the guy doesn't stop, old. It doesn't stop, it doesn't stop. Oh, supposedly Penegi was here once week before the attack. I'm just saying here, okay? Okay. I didn't understand anything, okay? For those who spoke in the comments, my vulnerability that I found not has nothing to do with what happened, ok? Just to be clear. Ah, good, good. No, we didn't even touch it. subject, isn't it? Really. It's just that these guys put PX in the middle of everything, right? Nowadays, there is, there is no Pix. THE, Who talked about Pix there? Hey, Penui, There you go, Federal Police knocking on your door, look. I think that's why he didn't stop travel, right? It's running around Brazil there that meme, right, man? Tap tap tap. Who is it? It's the Police Federal. That's awesome, man. Wow, it doesn't even work to play with it. Let me share it here again. Good, came back here. Good. Legal. And then, the first thesis is that it was what initially he let go, actually he didn't it's a thesis, then it's already a fact because it's already out in reported, right? So he said that he sold his credential for initially R$,000 and then received more R$ 10,000. So R$15,000. 5,000. Wow, what a good investment, huh? Our Lady. Then, hum. After sold what did he do, bro? What what he must have done with those R$ 15,000, old man? The police must have already caught. It should be in cash. No, but I'm saying this, what can I do? bro, with that? Yes, you can buy it an old Monza. I don't think Monza anymore than now increased the price of the old Monza. How much does a good Monza cost there? Paraguay? Fill it with derby and sell it, right? So it is, right? Yeah, it's the beginning, right? Good. So, what's up? what's up? He really sold it cheap, opening quotes here in this market, who works in a bank, right, and they are larger institutions too, right, in the top five banks, sell credentials there, if for a manager, it's around 200 to 300k to sell credentials. The guy sells for that. Technician arrives 100 supposedly. Okay, thanks. Thanks. Supposedly I heard about it at the bar, right? They told me at the bar. And and 100 of analyst and people are network administrators between 100 and 200k, okay? So it is, it is what is sold from So he sold himself very cheaply for power he had there. You can't even buy a Monza Classic, right, damn. 89 is automatic. Ah, no, but then it's more expensive, right? Divine, Are you mutated, Davin, are you mutated? Yeah, it's mutated. I am, I am mutated because I am with a lot of audio here now. It's not more audio coming out, right? I'm not using it. The Divine was mutated and so were you, Penegui. But we are all mutated. It is not automatic, automatic is more expensive, huh, bro? There's more, there's GL, look. Oh, but It doesn't work either. It's 15000. If you're going to go for Paraguay, it has to be without documents, right? Because if you get lost, you're already there and you There is no problem with wrapping. It is without document, man. Oh, it would be possible to complete this one of 17, look. It looks nice. From the to complete, right? Boot 15, boot more, right? 2900 there. It makes you cry. Boot two more, man. Come, take the 15 and play in the little tiger, man. Play the tiger, try make that profit there. and buy it, bro. Damn, this one is nice, man. I'm seeing it tiny, but It's beautiful. I'm almost buying it, I am almost calling the chat here. It's beautiful even the painting. Oh there, oh there. Our, golden. You are crazy. The police don't even to. The police don't even stop. I think it's from collect velvet stool, huh. Police stop to take photo. Yeah, stop. THE guy stops to take a picture alone and compliments the face. He says: "Wow, back in my day." Oh, my dad bought one of those new. And me I like. And I like the ones that come with cigarette lighter and ashtray also. Damn, that was a luxury item, huh, old man? It's over now, right, man? You buying a car hardly comes with lighter. Now comes the stop there closed, bro. Revolted by this that You can't, you can't even smoke, right? More You can't smoke anywhere. It doesn't even work you can smoke. It's a lot good. Interrupting Al Jones there for make a joke, damn it. Are you aware? But I I think it has to be, right, bro? Why It's already enough of a joke, right, this case. So it is. 15,000. Man, that's already a joke. I have my theory that he said 15,000, because if the police find only those 15,000, he loses that. If you have another place saved, they don't even go back. Could, huh? Oh, by the way, no I don't know if Aon will mention this, but It seems that whoever initially warned over the 18 million that had been transferred from directly thus, it was a crypto company, right? It was a crypto broker. It was, it was, I I commented here well and it has no reporter too, but it was like this, it was 18 millions. He said: "Oh, we received a Strange crypto stuff here, okay? running and came from the BMP." What a stop it is that one? Are you aware? The guys, the guys of crypt are so smart, so smart, the guys are so scalded that, like, said like this: "No, when there is too much alms, the saint is suspicious." I said: "No, it is not possible. Yeah, no, it's too good to be. true. There's something wrong." But that's a shame because it seems like the dude bought it from a regular broker, no It wasn't even P2P, no. He went to the brokerage normal crypto and bought. Normal. Yeah, yeah that's why she warned. Dude, the following, and think about it, because it's complicated for you too to drain all this money without being in a common crypto when you're talking about speed, because we are not talking about a robbery of 1000, 5000, R 15,000, R$ 100,000. We are talking of a of a something that came close to billion, right? P Yeah, that's true, man. The P2P it takes a while to process. Wow, but I thought the high value was processed faster, man. Had this theory. Nothing. This one knows what's worst, bro? It's just that money, that money doesn't even exist, right, man? right? There is no way to you take it from, there is no way to take it from your hand of the guys, man. There is no way to. You did you understand? Because money doesn't exist, no. It is not material. Eh, money is the what? It's the guy saying: "No, this there is money there and it is mine. Ready, "it all comes back". So much so that the guys recovered almost everything, old man. If you go see at the end from the accounts, almost everything, no, supposedly, right? They recovered. AND, supposedly. Supposedly. Supposedly. So, the first theory is that this guy had a password, right? I won't say the name his because I don't know if that's the name and It is still under investigation. So he, in fact, he is just an indictee initial, right? Don't know if he really is the person, but his password within the CM had a very high power to the point of be able to make this type of transaction inside. This is the first one, it's the first discussion that happens, okay? I was thinking that maybe they were scaled, right? A a so from the his credentials were scaled to other credentials or another could. Okay, this is the second one theory I have. The second theory is that with his credentials, the people analyzed the vulnerabilities within the system. It's even written there, look. The Active MQ, he has a pretty heavy RCE, okay? what is it a very new RCE, including, right, 2023. It was only reported two years ago this vulnerability. They are using still inside the CM. It is not a criticism, okay? I'm just commenting. Supposedly, right? And then, supposedly. Supposedly. And then he said that they used this and the Active MQ is for messaging, right? So he has some transactions that are, right, that take longer, that are type transfers that depend on a longer processing time and others which are the same time, like Pix, etc., right? with transactions there in less than 3, 4, 5 seconds the transaction is made. So they used that to make these Pix transactions. But it happens even, there are many many banks, many payment institution, even bas, right, bank a service there, which are these white labels that we are talking about, that they use monitoring on top of very large transactions, especially because start leaking a very high volume, they raise flag. Had several attacks that people started to make transactions high and generated flag and the attackers started doing with values minors. Like, it's better to take R$100,000 R$1,000 accounts than a R$1,000 account. million, understand? Like, at that point there, because no one would feel the 1000 nothing, there is no greater monitoring, but the larger volumes, that is, when it was bigger, when the volume was large all at once in the transaction, raise flags and people do a blocking, do an analysis to understand if that transaction is really there. He has several, there are several points there that the people can say that even holes were used there by organizations criminals, whose names I won't mention here, right? Otherwise, there will be another one soon. person knocking on our door here, but that but that are even used other items, right? For example, ON back then nobody looked, right? So the people used NGOs to make a donation from one NGO to another and then it was billion-dollar donations and no one looked because it is one NGO for another. And when went to see that money, I didn't even have to where to enter, nor where to leave, no he had. Finally, speaking very well about fraud same, you know? What is this part here? that we work, that I work, I'm a fraud hunting test, right? Then we work a lot with this type of thing here within the company. But good, doing this mapping, right? So there is this this this initial point that they made these settlement messages to the Bank Central that had this vulnerability. So the second theory is he got the password from him who bought for theoretically R$ 15,000 R$ 1000 supposedly and allegedly exploited this Active MQ vulnerability, which is the 5th. X there that had a vulnerability of 2023, which is an RCE, which is how to do it it's a remote access, right, a a a remote code execution without being there inside the bank. So he could run something to do the exploration without being there physically, just with the password of the person he had, right? So it would be an escalation of privilege, as Penegi said, he can climb because there he will have a one as if it were a rot user, that is, he will be the administrator of that system with this vulnerability that is being rotated. So these are the two things there, right, bro? Initially the initial access, in theory access The initial one was because of this CVE, right? He was because of this code execution remote from Active MQ. Perfect. What a mess that is something that Nessus catches, right, man? any other to Nessus, right? That one, like, there wasn't any had nothing, apparently had nothing no process I won't even say pain test, right? face? that does not need a pain test to that's it, it's just vulnerability analysis. There was no analysis process vulnerability in a critical place of these. Apparently there was no process nor vulnerability analysis, no had no Dust tools, let's say, right? Yeah, it's dust, right? It's DAS. On page 14 there's something cool there, oh David, who talks about the steps of the attack more, right, supposedly, right? what was mapped by MITRE. MRI is a it's a framework, right, that shows there to support whoever is going to do it security, right? So then, what types of points, controls that we have to implement to make security in a system. Then MRATEC is used to show from recognition, which is When will I see if there is vulnerability, if it doesn't have it, etc., right? To the point of blocking access by there you go. So, supposedly, right, this person made the criminal group, right, made the reconnaissance collecting the information about the victim's organization, etc., right, and relating to the business, that's what he did, that's related to this, I will not stay speaking of framework, but this step of framework on the left there, whoever has interest can read later. And then he went to seek recourse, that is, to capture resource to get more, or that is, obtain access. According to Dake, right, we already think he has credentials access possibly only from this person or perhaps more people who were of this person who is being indicted there, that is stuck there in the now, right? I don't know not even if he was released yet, but ok ok technically it's there. And use of compromised accounts. So there is also suspect that they explored some compromised accounts on CM services Software, okay? And your customers financial. Why? From that moment, I entered the middle of the layer, right? Looking at it this way, talking about the bank, I I entered the middle of the layer between the bench end, right? In other words, what is the white label? and the Brazilian payment system. So I'm there in the goal mouth, right? To do. If I have this access and for the rot, how did it happen, I I'll take any money from those five banks that they were listed there, right? I think it was five institutions, and I can disseminate it to any other place. The Bank Central will approve the transaction, no there is no blockage there because it will run free, right? The bank authorized it and then I play for any account, right? I am not I still know about the accounts that are used, but commonly use CNPJs of companies that have already gone bankrupt. ok? I.e, that no longer exist or that were newly created or use people's CPF oranges, right? Here comes Orange Service, right, which also has this type of service now, or of people who have already passed away. And if You'll see that there, it's very connected to which the Central Bank made a decision, right, this week the banks will have to implement, which they will now have to make the Federal Revenue consultation to know if their customers are people who have already died or are companies that have already been closed or gone bankrupt and do not can you open a bank account or will you? block those accounts as well. Until then I didn't have any kind of check like that there. It is also something that is a very critical vulnerability, because made life easier for cyber crime make this financial movement, ok? So you see the kind of hole that existed in the payment system, right, that there is still, right, in this system of payment. And look, a lot of people talk bad, but our country has the system of safest payment and etc in the world, ok? It's because we also have the strongest bum in the world too, right, face? Oh, just to make a point for you, it is common for the Chinese, they are card machine manufacturers, send the machine here, to the market Brazilian to be tested, and then approve for other countries? Are you aware? It's that thing, right? If it worked in the Brazil, it works in the rest of the world. What that's it, man? There is a problem. AND. It's because Here's the thing, bro. If you give little incidence of fraud using the machine, it means it's good enough to meet the rest of the world, understand? This is kind of crazy test, so much so that sometimes you will see, sometimes Sometimes I do tests on machines there there by P1, sometimes I test in machine that it does not have any FCC ID still, because, right, not even the record of the of the hardware in the United States, let's say, right? The identification of the FCC. So, like, she has she has a record in Natel, but it is not registered with the FCC. That's it, man. Man, I wish I wish one, I wanted to pull a stop that, type, explains as if it were to a child of 10 years, more or less these steps here. Good. Go to the page, then go make it simpler with the image in page 18. 18. The first image of 18. It's because, like, what context do I I have? Because you already mentioned the issue of CPF and such, of the people who have already died, Oranges Service. Only I had seen a stop that I didn't quite understand I don't know if it's wrong, but they they said that the Central Bank, I don't know whether the CM or the Central Bank, they have a a reserve fund as if it were for fix transaction bug to not transact and I don't know, and more pull more money than. So, it kind of has that there and they said it was as if it were a reserve itself, a cistern, a an extra water tank and where the guys stole that money there. So how is it? took that money that I couldn't get understand if it was sent for that, but let me put it on the page. Which page? 14. It's next. No, 18. 18. 18. Good. Beauty. So this money that you're talking there, I didn't until then there was no confirmation, ok? Put that's what I'm not going to get into subject. But what you are experiencing does exist speaking, which is exactly those funds credit guarantors. They are money which are immovable until then. Unchangeable, right? Just so everyone knows, the guarantee fund credit is what? You put R$ 1 investment, the bank must have R$ 1. You, for example, ask for R$20,000 loan, the bank must have R$ 20,000 R$ 1,000 guarantee of this loan you took out so that avoid. Imagine, right? 1 million people ask for a loan and 1 million people do not pay. Imagine the bank was going to break, right? Because he would be, right, giving all the money borrowed from several account holders and I wouldn't be able to. So they have to have the guarantor of credit, not only for loans, but as well as for investment. And there you have it a value of up to R$250,000 there. And go depending on each one, I won't explain a lot of this, even because I don't understand the background, but technically there are several types of investment you make that up to R$ 250,000 R$ 1,000, he has to guarantee it. If the bank, for example, goes bankrupt, it doesn't go bankrupt. I will say, but if the bank has any problem, these R$250,000 you have guaranteed that no one will touch it. Above of that, of investment, they do not guarantee, except for some types of investment that are made internally and contracts. But speaking here, right, of what happened, so this indirect participating bank, which is the first one on the left, he is the, let's say, what uses his label, right? He puts his name there. And this direct participant is what white is label, that is, what makes the transaction. So let's use as an example, the first is the BMP and the second is the CM, which that's where the fraud problem happened, ok? And then it is interconnected to the PSTI, which are the service providers technology and information, and it is also interconnected with the RSFN, which is the national financial system network, and to the SPI, which is the payment system, ok? So, making an explanation of what happened, someone, right, this criminalized, someone who worked in that indirect participating bank, delivered the password for criminals. The criminals entered the password and supposedly climbed privilege inside and they managed to monitor and make it so any money you had in those indirect banks there could be moved wherever he wanted. There the The guy reached in and took that money that was there and distributed, right? I.e, gave the command through the system when he climbed and distributed this money that kick. There are people who say it was 400, There are people who say it was 600 million and there was already a report of 1 billion. But the Central Bank did not confirm this value until now, even because the investigations They're not even finished, okay? is still ongoing. So, we know that we already know for sure which was more than 600 million. That's it people already guarantee, because only the justice, only the Central Bank has already asked to block 270 million that one of one of the transactions, to give you an idea. So that has already been blocked, but others too that were requested but not have not yet become public. Okay then this money was transacted, by that the money didn't come from the bank Central, the money came from institutions of payment. The Central Bank was only used because it was a means of a third, that is, one of the CM that was explored. And the money that this CM managed these other institutions a lot of their money was wasted on other other accounts. So, what did you see? Pix, via the payment system eh Brazilian, SPB. Got it? I get it. And when you speak, just like you spoke, a matter of eh climbed the privileges, it was you spoke now. That. That. What would it be? that's it, man? Hey, explain it to us. Let's go. I accessed here as my my user auxidiones. I am not the root of machine or the root of that system, administrator. I am a regular user. And when are you going to make any permission higher, or you have to have a path of higher permission, or you can exploit a vulnerability that this system has, which in this case was the Active MK, okay? And then there was a vulnerability 2023 that can be exploited, right? And then you exploring this vulnerability you become the administering. So that's what you call RCE. And then you wins the admin bank X and send it there and it's gone direct command to the central bank of system that is in the Central Bank and the Central Bank will execute, got it? Scaling privilege is you having a lesser privilege and do what? To try climb it or by means of a vulnerability or with a credential valid. It is what it is what it usually is done in these penetration tests that we do it there. There he is, right? There he is. Damn, cool, man. Cool. And that. So much so that taking a look here, bro. Hey, I was just looking at this one. vulnerability. Hey, let me even look here. It was a derealization, right? THE Active Kill eh, it's a Messenger Broker, right? Which is done in Java. AND, if I'm not mistaken, what the guy did? He built one, he built one a string there to send commands within the sererealization. When he was going deceralize, he he when he was going to be again, right? He he executed this command. Instead of get as a string or something, the server executed this command. It's more or at least that's how it worked. Then you could escalate privileges or even make the access. We don't know right if it was made by Shell, right? He was was received in this way. I mean, the Shell which is communication, connection between the target, between the target server and the striker, it was done that way, right? Because you get an execution of remote control. From this, you You can also bring a shell, right? you can bring the same thing there that you say SSH there, you can make a connection between the target and the attacker. Then from that point on, the guy is inside the computer, it's inside the server and then the guy starts doing these lateral movements there from of that, right? Exactly. It's because the vulnerability in itself, she was in one of the protocols that Active MQ, right, used, which is the open war protocol. AND there within that protocol that had this vulnerability, right? It wasn't exactly inside the part, right? Active MQ, right? But anyway, right? With his update You already solved this, right? Above the 5.18.3 next time I would supposedly go speaking, right? Make it very clear This one shows really cool. If you leave him on page six, man, man Davin, next time. There you have all the vulnerabilities, this this this report, right, seems to be from ASP and it seems that it has not been 100% proven. There are two theories as well. Or this one document was leaked, ok? They leaked and they had access to what was happening there through some investigation and they leaked this document that was not supposed to leak or is it an assumption about all this what's happening, but they won't let me Of course, it's just an assumption, right, or anything. They They just say that a forensic report was not issued public that justifies that the trigger initial was from this CVE of the first one there Active MQ, okay? That's why in some reports people don't mention, until because it's all guesswork, so you don't can affirm and then not give a bigger problem for the company. But here they are making this clear and it is difficult for us to even analyze, right? Because then it doesn't close, it doesn't close, let's say, right, bro? No, no, no it is possible to reach an exact conclusion, because one piece may be true, another piece may be an assumption. There you see, ah, there is a theory, ah, a theory is X, another theory is Y. Ultimately, no one knows exactly what happened, because there is no report, right? It does not have proof. The police are still there investigating, right? It was people there who went seized, we don't know if it's still free, if she is still in prison or if she has already been released. Eh, anyway, it'll take another day all time, right? All the time. we have a new information, right? So, either go out news or a report comes or anyway, because the really, right, for a bank central, for such an institution to give a piece of information, they have to have a very absolute certainty of what happened. They can't stay eh, for example, Oh, we think that was it, it's not how to release, because it can give shareholders problem, right, mainly because they can lose money. AND second, but we have a law, right, that they even took 48 hours to warn, which is the General Protection Law of Data. Because if there was an invasion computer device by LGPD, they they had two days, right, 48 hours to inform to central body of the general law of depths, I forgot the name now here, the NPD. And then they informed and released the public statement because they had to inform all customers and there was also a lot of murmuring on the internet and such. That was the video. I don't know if you can put it. I know that they knock it down, right? Sometimes business of news, but it's G1. Let me see if I can jump here. Pear there. Wow, Globo. It's out. There is more advertising that my channel, man. F, okay? easy for anyone. There is a sentence also from people talking about the key store, right, from the pfx points, from the JSK there, that people were storing insecure way the certificates of private key. Because and they weren't rotatable, right? They were keys that were fixed, they were not rotatable. But It is, in fact, what RP is. Then we'll go back there to talk about him. Oh, great. AND. So what happens? He can send it, bro. It's giving me a dream. Arrested. Suspect. Arrested. Ah, probably one technical, right? This company from Caraca, face. And it's like, we immediately think that He's a young man, right, man? For 15K to sell so that cheap, right, man? Damn. But at Sometimes this guy is a technician and receives, I know there, 4, 7K salary only. Password delivery for 15, man. Good morning. There's his face. The name It has not yet been released, but it is fact, as you said, Leo, it was made an arrest last night. This is the headquarters of the God. That. That. And the police are parading with him, right? Two police officers subscribe there. Eh, apparently. Hold on. You have to pausing, otherwise they'll knock it over. Let me see if if I get the part here, they say something. This from the month of March of this year I was leaving a bar near his house is at the end of afternoon when he was approached by a man who said that he knew that he worked in the payment system. what his version of the grooming. AND this man said he had friends from area where they said he had friends hackers, I wanted to take a look at the system and wanted to get in touch with he. This suspect that we are in custody showing the image there said that after received a call via app WhatsApp in which the interlocutor of this connection, so he was approached in a bar near his house, then received a call and this man also talked about same question I wanted to know payment system and know the Pix infrastructure. And let me pause so as not to knock it down. Pause. Pause. I knew one who said he wanted to know about Pix. Okay, bro. This, this is a violent social engineering, right, man? Damn, like, the guy already knew he was there. Bob knew who he was. Same there spoke the question here. Let me see here. I think it talks about it here. Let me find here. He really is doorman. Something like that. Where? Where? At 48 he started as an electrician. he was installation technician, the cable entered the college of technology. Ah, so he It was IT there, man. Yeah, he was from IT. He had a strong password there, right? Supposedly strong. Holy [ __ ], man. Then, like, I'm like wondering how these guys, like, bro, I already knew who he was, they found him he at the bar and it was right. Wow, bro, because we see social engineering, we see social engineering, I don't know, more Nutella, right, from a guy on the internet, sent a message, pretend it's a person. Now the person is physically, man, man, this even looks like a script for movie, I don't know, at least for me, I I'm really scared about this, man. AND ah, but you look, man, there are many sources of intelligence there, many eh you can make an intelligence of open sources, right? such as OCINT that the People say, right, it's not that difficult you don't find data about about the people, even more so since we are with several Brazilian data based, right? So it's easier nowadays. Yeah, no It's so so hard to find the guy. Exactly, right? And of course, you wet the one's hand, wets the hand of another, it was already talk about the hand of so-and-so, right? There business is already easier, right? From, right? Yeah, the guy is an example of that, sorry, sorry, I thought you were going to stop. He was good. Eh, the good example of this is the LinkedIn, man. Get there and say: "Who What is IT at Bank X?" Open from LinkedIn There, you will see the guy is IT from Bank X. Then you start to find out where he lives, it's written there. Then the guy does a any post and you search for social network, goes after the guy, says: "Hey, buddy, Let me tell you something, okay? I I have an opportunity here for you here, oh, of millions to give you in hand." This is the first point of approach. Now there are in the very social networks, on Telegram channels, right, from the underworld there, let's say, those places where people say: "Oh, whoever has a manager password and such here from the bank, I'm paying a lot. If you have technician password, I pay." Then the guy keep an eye out, go in there talk and end up delivering. Dust, also has online recruitment, got it? Wow, the guys said he He's a junior back end, man, at the company. There, the. So it is. Not me, I had seen that. I wasn't sure if it was there. I had since he was a junior. Do you think so? his linkedin? Look there, I won't have anything to do with it therefore. It's you who's looking. Holy [ __ ], man. No, there's nothing. Thank God. Pay, pay the premium of the LinkedIn, you will see almost a super power, old man. Multiply people. Holy [ __ ], man. for recruiter, then then you can do it. And then, exactly. The guys in the chat said: "[ __ ] junior, damn, 15k, threw 15k at the car's chest." There the guys are playing, I think the Guys are playing low those 15k there I think it's on purpose, but only guess, right? Of course. Wow. Oh, I'm already tired of the process, right? I have an investigative reporter here he already gave me his linkedin, It's live here. Look there. So, that's how it is. I I don't know nothing, okay? I just found out that he had. Will it go to [ __ ]? I don't think so. His name is public there. Yeah, okay, okay public. Come on, let's react on linkedin from him. Holy [ __ ], man. Lawyer is there. Hello, Lion is online. Wow man, these guys found LinkedIn of the guy. That's it, Mrs. Anguer, huh? Face, will it follow you? Does it follow you? Wow, have you ever thought about the guy subscribed to the channel? He's a member of the channel, bro. Member, you're welcome. Member iso is good. No, if it is member no, man. It doesn't matter. But if to make it very clear, okay? We don't you know here, supposedly the learned guy there, it is not known supposedly if the guy it was I think I don't think it's him, man, because there's nothing of him here. So let's leave that for Yeah, people said the photo looks like, right? The photo looks like. Wow, give me one look. Yeah, man, Sao Paulo. Yeah, bro, at 42 important age of higher education and such, information technology. Oh, [ __ ], it's him, bro. If you don't a fake, it's him. And there is this chance, right? Oh, hey, Brazil is like that, right, man? To the Sometimes you are reacting, the thing is fake that the guy did, man. Cine put this name, John Nazarene full. That's the name there. They are article from O Globo that he just published look there. Yeah, man. And poor thing, man. THE guy said: "Have you seen your movie? intern?" Man, that's really sad, man. man, [ __ ], it's starting now, bro, making career migration. Our, Dude, the guy screwed up his career. I hope he didn't get it there take a course from these marketers, right? I'm going to take 15k here, I'm going to put it here marketer here now, pay R$ 1447 to do a mentoring here. Have you ever thought, face? He took these 15k to pay mentoring abroad, to become a dev in gringo, [ __ ]. No, that hurts, bro. That hurts. I was going be, it would be better to stay with Del Rei same, man. The Monza. Monza is better. AND good. Then it's good if we can continue speaking there in that one you have the another document. That one, that one, that one there. Good, good. So he has there the second, the second vulnerability that they say that he explored, right, that it is the one of Pf PFX, that's where the keys run, right? private, are the tokens that are used there for the banking API, which they run on top of one that you can open an internal webshell in upon reading these keys and the vulnerability that is already known. AND Hey, straight talk, bro David, we'll talk like this: "Ah, sometimes it's very complicated so, actually hacking is quite good complex until you get it, see there how works, but a lot of these vulnerabilities when you find there with a vulnerability analyzer web, that we weren't even joking here, that free worked there and such, I won't say the name of the software here, but you put it there and it appears ready-made exploit that someone created to register this CVE, the exploit is ready to explore this CVE and the guy can perform, like, in a way simple, you know? But this one here technically it is a zero day. That's what I I found it really strange, right? So then show that this gang that is there really is behind there is a lot of knowledge, even because to operate on a back end of this, right? He said in the report that It was in May, right? March or May now that They recruited him, right? No, I don't remember. now here at the bar, but anyway, if you look, it was two months of study to get his scene, started to study to do all this kind of transaction, it is not overnight. And they are people who have knowledge of true, you know? The people who know a lot, not just anyone will get there and to do. I keep imagining that the guy, like, he has made every attempt, he said like this: "Dude, the last case, we're going having to go after someone and go and like and try, I don't know, just extort the guy, huh, man? I think like, guys should have, oh, we've already exhausted everything we could do, so now is the chance and let's go. Now just for me pulling the Podá side of the canal and even for the guys to stay that I say that this channel here is Bolatec's podá. Then, what's the deal? Explain to us the what is CVE and Zero Day. I think only so we can stay on the same page. Good. Well, CVA, then, is a national bank, World Bank, sorry, right, from record, it's not a bank of a bank, no, It's a record bank, right, that vulnerabilities that are becoming acquaintances. So for example you are a vulnerability researcher and then you discover a vulnerability, I know there, on MacOS, you discovered your vulnerability, you report it, this CVE is created that even gives, oh, the auxion even gives credit to whoever discovered it there as a vulnerability researcher, discovered this CVE, tell us how it is It works, right? You have a whole record, It's quite complex to do this record, but it is possible, right? So, it is it is feasible to do. You show, prove how it is done and then she gets a classification. Do you see down there? Okay there CVSS10. It means she has a rating highest from 0 to 10. That is, it is a exploration that gives you super power, let's say so, ok? Speaking a language good legal. Usually when she when she is 10 which means it is high CVSS in the last row of this column of the RP there, look, in the second column CV where is the CVA 2025 31 on the penultimate line. But no is talking, but is not talking to complexity of it. It's not talking about the above at the top CVSS10 there, look. That. Ah, CS10. That. CVSS10. See? Hmm. So, when you have this it means that it is the maximum. It's like it's because it goes from one. AND, It goes from one to 10, right, in this case. And which one? It's a bid to see, for you to know also how to classify the less critical vulnerabilities for the most critical ones, right? She besides give privileges, besides being dangerous, It has to be easy to execute, okay? connected? It has to be easy to execute and widely executable too, because this impacts the CVSS rating. So, like, if it's a vulnerability that I can execute through the mass internet, it becomes more dangerous. If it is a vulnerability that is easy to execute, like, ah, I took a line of code and put it in the console there, I put it in a browser and executed without needing much complexity to make the attack, it gets bigger and the rating gets higher hers, right? More critical. I understood. What if and the greater the danger, right? right? The easier it is to execute, the more easier to disseminate as well, example, hardware vulnerabilities physically they tend to have CVSS smaller, because you have to run physically one by one, get it? I understood. So the bigger, theoretically, easier, among many quotes, easier and more risk and more potential risk, right? More potential damage she can cause. [ __ ]. And that. AND that. And zero day. Zero day, right, bro? AND, he can talk. That's it, fan, if you want explain there. But hey, anyway, Zero Day, yeah, technically it's like, it's day zero, literally. I discovered something. I found that on macOS, in the last version here, or regardless if it is the latest version or not, but on macOS, the system that I'm analyzing in this moment, he has a vulnerability. AND then I discovered, only I know how to do this, or that is, no one has published it yet. So the we call it that when there is a publication, people say it's a zero day, or be, oh, it's day zero that discovered this vulnerability. Technically it doesn't exist no kind of mitigation nothing. I.e, you are susceptible to attack just by having the version, oh, how can I not be attacked? Turn off the machine. It's like that's it, got it? There is no way. The staff usually says: "Ah, it's zero day because there is no mitigation yet for that one the one for that exploit in this case." So when it's an exploit that doesn't have no measure. It's a vulnerability. AND an unpatched vulnerability. Without correction. Exactly. I get it. There you go a doubt. For example, let's say I I found a vulnerability here, like, it's a zero day, but how do I I guarantee it's a zero day? I have to read the report. Is there anything I can get check, I don't know. a search. I I believe that now with AI it is easier, right? But I imagine the bank must be giant and I know that really that it's a zero day, it wasn't something that anyone he thought. How do I do this? If you type there, look, in this case cve.org, right? AND there it will show, so you have a idea, which are all that are registered and you have several filters there inside for you to search. And then when you think, for example, of Active MQ, right? Let me see where it is their search bank. Then I always I get confused on that website up there, look. First, look for his search there. Type Active MQ there, just so you can see. Say, you found something in the Active MQ today, right? I think it's together the name Uhum. Then he appeared, right? But must only have. There's more, look. So there, oh, Active MQ has several vulnerabilities, not just that one, okay? seeing? And then everyone has one classification. And if you found any thing, it's described, look. It's a bypass, an injection in the third line, in third, you see there, look. it's a bypass an injection into the vulnerability in the part kemel components. Then explain what are the components, what is it like done and there is the whole explanation of how is that this as this vulnerability it works. Someone discovered, registered this vulnerability. Usually they inform the company, the people who make it this is reported to the company, look, we just I found this here, registered the CVE and you have one you can fix it there, do until agreements, oh. I will go for example talk about it at such an event in a while year. It's three months from now, a year from now. It's called conscious disclosure, right? THE such as conscious disclosure. Will it be but not is it not wrong by type, let me see, let me see the best question. I don't think he answered your question, right? Do you want to know how Do you know that that is a zero day? AND that's it, that's it, that's it, bro. If you, you even coded and it's working, it's a zerode. Yeah, it's probably one because you found it, bro. It was you who found it, you found the bug, you coded a exploit, developed a script there that takes advantage of that flaw and that's it working. I mean, there is no correction for that, nobody is catching. So it's yours, I get it. No, it is not It's not even zero day, because it will only become zero day when, when someone finds out, okay connected? Like, if it becomes public, become public, otherwise it is your exploit, it's your exploit, like, it's an exploit that I I can and it is active, it is an exploit that is working, do you understand? That's it, Man, in the underworld it has a lot of value, it has people who pay for this, okay? Pays a lot but the STN asks, because I said, Is there some kind of bug boun? Like, man, I found this out here, I I want to make money in this [ __ ]. Government buys it, bro. The government buys. Like, supposedly the American government, right, in the Staxnet operation, you guys remember this virus, it was considered the first weapon of mass destruction made of code, right? Stacknet, it was over 20 and zero Days in there for exploration, both Windows exploit as exploit of the stairs, right, of the centrifuges of of uranium enrichment and syn clps that they used inside the do da do Nathan's complex there, from Bushir, which was one of the complexes for enrichment of Iran's uranium, you know? And then there is Mossad participation, has participation of United States government, has a bunch of people in the middle there to do this deployment and and they had more than 20 zerods running inside the software from Stuxnet, right, inside the packet, right, from the STXNT package. This has value for the government, right? Why if he wants to investigate and finally have do something intelligent in others countries, he discovering vulnerability of this type, he can be the biggest player that has, right? Yeah, it's the biggest, it's just the who pays the most and pays the best. But you imagine, I found one vulnerability here that I can unlock an iPhone 16, you know? How much do you think the government of United States would be willing to pay for a vulnerability like that? being that These guys have the NSA on their tail, right? Being that the FBI guys have need for solve crimes and not just the FBI, right? Eh, literally intelligence services that need it, that the guys don't even will spend this type of exploit to solve crime of the internal population. They will use this type of exploit to spy on other countries. Yeah, that's it cool why not not enter my head, like, I find vulnerability in, I don't know, in a product of a private company, of a BigTech, for example, and the government pay and not Bigtecch pay me. And that that I said, why? That's where the government goes buy, right, so you don't talk, you will sell to him. Ah, like, stay there, bro. There, there, then it is, shut up, shut up little mouth, shut your mouth there, stay quiet there. Of course, bro, at that level. It's much worse, man. It's much worse, old. It's much worse. It's like this, you think of the worst deep web stories that you've heard in your life, like, it's very worse, you know? Because it's just like that, huh, who is kind of going to decide who is owner of the world, you know? That it, face? That's it, old man. It's because you are dealing with government, old man. Only the governments of the world's greatest powers, old. Supposedly. Supposedly. Supposedly supposedly everything supposedly. Here. Oh, you don't remember, oh, from that explosion there from the pagers there that the people who who who took, the one who took responsibility was the It was the Mossad, right, the Israeli army along with the Mossad that the guys from suddenly one day the pager started exploding of the Ramas there. Pager himself, didn't see that, bro? I saw, I saw, I saw beep, radio, a bunch of stuff exploding out of nowhere. That was crazy, okay? That was crazy. AND, that there the supply poisoning chain that happens a lot. Mosside is expert in poisoning supply chain, right? The guys create some companies nothing through, the stuff goes in company of the guys and comes out with a bomb within. Nobody knows. Holy [ __ ], man. I I think this is really cool. Where the Can we find this information, man? that kind of information like that, because, man, this, like, this was published in the media, but from what you're saying, it seems like it is a common thing that happens that no one it's you, you usually have to be connected to security channels of information, thus, places that talk about do interviews or talk about information security and more channels focused on the military world too sometimes they bring this in military technology, let's say, sometimes they bring this type of information too, bro. This this one this case of Pagers exploding still. I remember I said no no It didn't even make sense whether the Mossad or the army Israel has spent this letter if were not for supposedly mark Ramas' people, right? Mark the terrorists. Yeah, there's this theory that is strong, this is very good theory. It's because, like, man, it is hmsade, old man. In 2010 the guys were guys were deactivating the power plant uranium enrichment, you know? like with a business that never even existed seen in the Earth phase. The people looked, said: "My God, man, this exists, old man". The Zero Days that has there was something that when they discovered what were the Zero Days, has evolved over the years, thus the security of information, right? That not even when he had the Valt leaks too, right? Volt Sen from Wick Leaks. You guys remember I don't care about that, okay? What what happens? H, Wikliak once leaked an alleged data packet. Supposedly not, because already, right? Alleged package is the alleged package of data, of information, of hardware, of software that belonged to CIA, NSA and the like, okay? And then they used This package is and it even had a price. about how much each software cost, how much each hardware cost, how is it each attack worked. And it was a [ __ ] of a giant leak that was nicknamed Valt Seven, right, safe number seven. I don't know, I don't remember why called Vult 7. I know it even had the Vult later. Oh, so what? Did you have that in that in that Valt 7? One series of attacks that were developed by the NSA, right? A series of hardware that were developed by the NSA to give support for the United States government, sea, right? Anyway, investigations eh against other countries, investigations of intelligence against other countries and and and so on. And when this VT came out Seven, man, I remember that security, right, information security, it evolved years, in a few months, because there was so much stuff there, there was vulnerabilities are for Windows 7 time when people disbelieve, saying: "No, it's not possible that this is working". which was simply you pointed to the IP of the PC that you wanted and the thing invaded, [ __ ]. Yeah, it was RDP, right? I was using for Windows 7. People disbelieved me. Fal, no, I don't believe it, bro. Had a in Windows XP, I don't believe there is a pro Windows 7 again on the same protocol and the guys had, right? had vulnerabilities of this type, had operational exploits of this type and more a bunch of other gadgets, a bunch of other hardware that has appeared, like, years later, you know? Things that were starting to appear as technology many years later. One of them It's the Rubber Duck. I don't know if already heard of it, Davin, have you heard of it? Rubberduck? It's that little pen drive that when you poke him he pretends he is a keyboard and starts giving commands. Holy [ __ ], man. Yeah, I have, I have here are some. You have the I have, I have, I have. Oh, wait a minute. Julio has so much thing in that place there. Wow, look at this, face. Soon he won't even come in anymore in his room there. That's right, man. Oh, this isn't the rubber duck, but this is the following, it's a cable and this cable here has a microcontroller inside and you access this cable from the Wi-Fi network and you inject the commands you want, speak the commands you want for the cable and it type the commands. He pretends he is a keyboard and type commands when you connect to your computer or cell phone. So what? this cable is much newer, but the original, beginning of everything, right, back in 2010 It's this toy here, look. The guys in the chat are awesome. Supposedly, supposedly everyone is desperate. Supposedly he does, bro. Look at this pen drive, old man. Like, it's bigger pen 2GB drive, right, man? Biggest face of drive. Those are those pen drives that sell, man, on March 25th with music, comes with Geno's compilation there. Beloved Baptist, beloved Baptist, Genigéno, Ginigéno, you know? And then what happens, face? The idea behind this pen drive is that he takes advantage of one of a weakness, right, of a feature of the own plugin play, from the plugin system play from PC. Eh, he identifies himself like a keyboard, he says: "I am a keyboard". And you can do this, you put it in the hardware descriptor, in the VIID, PID, you say you are a keyboard and then the computer, how is it plugin play, it talks, cool, you are a keyboard, you are connected. So what about you? starts giving commands as if he were a keyboard, you start writing things like a keyboard, but you can access, for example, the screen because, like, it becomes a remote keyboard. That would be it, bro? Not in this version here. You stab already with what you want to write on the screen. So what do the guys do? They create scripts that access remote. Then he opens Power Shell, write, ok, a code in Powershell, for example, do, write a chat about life and already generates the beat. Yeah, or do it in Python, or do it in anything else, man. Or makes you enter a website that oh that exploits some vulnerability in your browser or, in short, anything that a keyboard you can do with keyboard, you these pets here do. There you go, bro, let me cut it quick, Julio. So now the gang will understand why the devs stay pissed when the security area orders block USB ports. Then he gets pissed. That explains why. I was talking with friends of some friends at the company, man, because like, we who work remote, they send emails every now and then fishing. If you click wrong, you is required to take a 30-day course. Go to the course. Course. The course of shame. The little course of shame. Shameful little course. 30 days punishment taking an ant fishing course. There now the guys are going back to in-person classes, they are leaving the pen drive lost by enterprise. Ah, the guys are doing call K damn, man. Then the guys go there, plug in the pen drive, then out of nowhere it appears there notification, it appears like this, so-and-so, go for HR, Welcome to the new course. [ __ ], man, but it's very automatic, man. Wow, pen Whose drive is it? Let me plug it in to see what's here. The guy already was. I managed to do red team. When the we are going to do Red Team activity, we usually play there near the doorman, like, put it on the PC near the doorman, are you aware? What is it like this or that? secretary, depending on the time and play like this. Yeah, put it on the side there in the middle of the side like this. Hey, Julio, let's sell this one. service there for people who want to do it layoff. Like this, whoever plugs in the pen drive will be laid out right away, right? Now lock the screen and send it to HR. Yes, whoever is interested in pa Red Team activity tests, there you have it P1 Infosc, right? I'm working there, right? There has to be gravel. But man, there are and there are several others devices. And just so as not to lose the thread of the skein, right? This was kind of in the ultimately it was created from the Valt 7's ideas, because I already had that device type in VT S and era device that it was already built into inside the inside of one of an equal cable that. And this one here was, I don't know, appearing 15 years, 10 years after Volt 7, right? As well as several other devices hardware. If you look, if you search for Volt 7, there is a list, Dude, it's like a shopping list, You'll see, it even has a price. That from here that was this cable, he had it there in Vult 7 list the version called cotton mouth. It's like a cotton mouth. Damn, what a shame. It was hard. Each. Captain, captain tr pen drive with the message, go to HR to the sound of black race. full of mania. The era is expensive and so there are amazing things. And then it ended up evolving like this when have these mega leaks or when, like when the CIA loses it loses it backup key and the guys get it collect information that happens from time to time when, man. there are some booms like that in security market, which gives the guys start to see what the CIA is using, what is the NSA using for develop, right, what are the tools or whatever they are developing. And from that the market evolves upwards. So much so that the Guidra was the same thing, right, man? THE Guidra was a leak, which is a reverse engineering software. And then he became open source after it was leaked. Eh, and it was used by the NSA, FBI and and so on. today it is widely used by by cybercriminals to do reverse engineering the apps, including from the bank, to find out vulnerabilities there and be able to effectively do scams like the one from M Fantasma, right, which was some, anyway, they had several blows, right, one of them was that one. So, people use a lot of guidra until today for that. That's because in the past, not in the past, people still uses Aida, right, Aida Pro, but Aida Pro is expensive, right, man? And then the People migrated to Guidra, right? There are people who uses Guidra, there are people who use it, anyway, there are several others, right? And but man, it's a business, it's a very business interesting, old man, because the stories are great. There's a guy called, It's called Darknet Diaries, right? Diaries of the Darknet. Oh, there was a guy commenting on chat. Respect. Exactly. Dude, this crazy there is the I think it's one of the guys which is Jack Recycle, the guy's name. I think he's the best guy, one of the guys most river bend I've ever seen in my life, old man, that everything that is useless falls in this guy's hand, old man. Enough to him, right? Everything comes to him, bro. I've never seen it. And he gets an interview with all the guys, like, all the guys, ah, was arrested and spent three years. Ah, this one guy here was arrested for three years. Now he came here to talk on the podcast about how it is which was the attack. Ah, this guy here participated in one of a group of mercenary who was going to the middle of nowhere to subtract I don't know what from I don't know where it was all that. It was Micael Almeida. I found the message here. Yeah, that's Cyber News, same scheme also. Yeah, it's just not a podcast. Cyber News is about security news, right? He has There are some, right? There are some websites that are news aggregators of security, which is also cool for you see it like this, man. Neither you nor that you don't understand what happened, but the history is always very good. Cool. The story is always very good. Face, I think we even before we start I was chatting with Al Jones, he talked about what already happened something similar in the banking system. He was that's what we started talking about. He was. Hey, what's up? Eh, we have those devices, you know, which are implemented in bank branches. AND what are you talking about? Those ones devices. That. I think that was it that we started talking about. He was. So, it happens a lot, right? Besides these types of attack that we talked about Insider, right? Insider a service there that people were commenting there, that these are guys who are the ones who give give 100, etc. So today Cyber Crime, right, guys is also implementing several devices within the network, right, of agencies, because these agencies have direct communication with the central office for make the transactions, right, do a Pix, does, etc. It has to be. So, there are various devices that are implanted and that people even in the reports they say, right, this device here super sophisticated, right, it's actually like a 3G plugged with molding, with a connection of Reverse SSH to the guy there. comb, ok connected? Combine router kit, there you go, [ __ ] it, that the guys put it on social media and start to do. So there are a lot of plants there in bank branches, there are those of keyboard that we are already tired of see, right? People put fake keyboards on card machine, we have seen a lot in report, right? It's the talabra, right? Exactly. But Julião is the guy there to talk about that, that he works directly with this, much more than me, I'm more into software, he's into hardware, he can speak better. He the Peneg is the hardware guys. I, I, I, I, I am, I am a terrible with coworker. Call Jones is C Jones is from web part and I'm just a show. Then, There are two, there are two hardware and there is one W Johnny alone there to talk about the web. That's basically it. The bench, What Alcion said is interesting. Oh, oh, oh, Davin. Hey, I even made a video about it. I made two videos, one talking about fraud using implants in banks and I also made one last video. Damn, it even disappeared from my head, but there's the to do with bank, it has to do with implant also. Eh, those times ago I was eh I was thinking about this this this video, I said: "Dude, I'm going to make a video showing which implants are the people use to subtract money today it's in Brazil." And man, there are some subjects, including an article from Fantástico, which the business was impressive. Yeah, so much for implants within institutions financial, as well as to open ATM. The guys showed how to open ATMs without break into the ATM, right, without use a blowtorch. That's it, man. Eh, in that last video, I just remembered, right, it was a video of ATM machine that I was doing and the guys showed, at least, eh, it appeared there in the images the guys were able to open the ATM safe, subtract the money, take the money although without even needing to, right, cut nothing, open nothing, everything using technology, without dirtying the note, without dirtying the notes, dirty the note, without dirtying the note, man. And this is usually done through hardware implant, right? They are two different topics, right? The first is as follows. Yeah. The cool thing about that Mry Attack, right, from that one matrix there at MyR, right, that Won even showed. Hey, that's cool over there because he gives you, he was made to give support for Blue Team, for Blue Team understand how the activities were carried out of suitable advanced persistent. Basically the apt eh every group of criminals that you don't you know the name, right, that the one that acts as virtual, digital way, you give the name of advanced persistent threat and you give a number. So it's more or less like this that you know or and start studying about a certain group, because the guys they won't tell you that their name is X or Y, right, bro? So, and general, and sometimes they don't have, right, just a bunch of Chinese there, I don't know, screw this. There what happens? There is an apt name there. But the MRI does this to outline the apts. But the Red Team people, like The MR headquarters is very pretty there, everything is fine, you can think there what do you want for initial access, the what do you want from persistence, what that you want to explore and so on go. Red Team personnel also use the M. matrix to make these attacks, are you aware? So you always get it fit everything into the M. Sei matrix. AND, coming back, right? What do you guys do? are you usually doing? There in the matrix of MRE, the first thing you have is access initial. There are a lot of ways different from you making initial access. But which one is the most common here? Brazil? Buy credential and fishing too, right? Yeah. So what? what do you do? The guy gets there and says so, look, I'll pay you 10,000, 15,000, 20,000 for you to implement this box here inside. from the financial network or within the network of that bank branch. AND then the guy is usually an outsourced employee, something like that, the guy goes there a day at work, pick up the box mysterious and plugs it inside financial institution in the style of Mr. Robot. There is a Mr. Robot episode, I'm talking about that, man, it's a lot of talk, man, it's not possible believe because I think this is fiction and all, but man, this is true. People do that. It's because the guy who did one of the consultants, including Mark Rogers, right? One of the technical consultants from Mr. Robert, he even came to give a lecture once in Holdsack here in Brazil. Holy [ __ ], man. One of the events is Mark Rogers. And he was the one who gave these consultancies there for the series, right? For the technical part of the series. And man, over there at Mr. Robot, the most of the stuff guys put on there it is just like that, right? Why the idea was to be quite faithful and dignified, right? with reality. Sure, there are some things that you have to dress up, otherwise it won't work properly, but the most things, you see even the command lines that the guys are doing, they are all real. You pause and look and try to execute on your PC, let's say, like a scan, I don't know, you see sometimes guys give NMAP less SP, minus I don't know what, the address of IP and so on, right? But going back, there the guy paid to implement and inside, having a little pc, so to speak, inside a Raspberry Pi or a small router, you could make a kind of a VPN there, you know? You had one bank network, the branch network, you I could, [ __ ], man, go looking for it vulnerabilities. This would work in a environment that which has all the security features, that has a legal governance of security? No, because you were going to plug it in. that, it would whistle everywhere, speaking like that, look, they plugged something that the MAC address of the thing is messed up, It's not on the list. This business here doesn't can communicate with the network, it would stay apart. But apparently some bank branches in Brazil, you plug the thing into a lollipop sweet bread and that's it and feijoada, you understand? Plugged it in and that was it. And then the guys were like, You can talk, right? It's that story that we have a router, a suitch in these tips. Imagine, man, they are agencies of the interior, where you see that the investment to exchange, I don't know, suitch, router, man, you multiply that for 100,000, 200,000 agencies that there is in the country, right? An exorbitant amount. AND then they will exchange these technologies with the time that they are not that they are susceptible to these attacks, which take time. And then people start finding out what are the agencies and go plugging these devices there and then you can do the attack because routers and security systems do not identify and then he ends up attacking because of that, right? So even those who get along very well in this story they are fintex, because they are companies that are just there in the system, right, not on the web. So decrease this type of targeted attack there because there is no exit point, right, at most insider. Exactly, man. And who is and who is it really screws up, right, the thing is designed for banking, right? Eh, so what? what happens, right? There are some agencies in Brazil, which, I don't know, sometimes the city has a lot of money or has a lot of access to that agency, but the agency is basically a manager and a cashier electronic, right? Inside the agency there is that's all. Yeah, man, the interior has a lot that. Exactly. You get it from the countryside, right? You take the farmer type, the guys have farm for [ __ ] and like must have a lot of money in that agency and it's a manager. There are people depositing in gold, right? That's right. There are people depositing in gold, right? Ah, 1 kg of gold here. Car, It happens a lot in Mato Grosso, for example. It happens, right? Yeah, man, it happens. And then it's increasing a lot because of cyber crime, right? Let me just make an addendum there. Type so the money itself that goes keeping the agency is not even as high as a cyber attack like this, for example, Got it, right? Now I've knocked down Peneguei because he had knocked me down. It was mine time. Then he got it. It achieved. Ready. Then, for example, there is R$ 100,000, R$ 200,000. But the guy is planting something in agency that will arrive in the color of a system of a bank like that, he will be able to steal millions, man, right? You see a attack of that one in five banks, how much whatever is not enough, it can reach billion, which is what is being estimated. AND an attack in seconds. Imagine the guy blow up the ATM, it will take the notes under the arm, man, how is it that does this, right? And all stained. Then It's not worth it for the guy to explode. He's in his house with a lot of people operating in several places that will make the invasion, they will take the money, disseminate in orange accounts, these accounts will be removed from the money and it's everything ok, got it? So it's not worth it but the guy kept blowing up the box. There still is, of course, but cyber crime, the crime is moving towards cyber crime, which It's much more worthwhile, it's faster, right? Wow, Pix is there, in a second you can do it a transaction 2 seconds. And man, and like, now going to my side conspiracy theory, which maybe isn't so conspiracy, do you think that, for example, the factions today that, bro, ended up being a power parallel that we have in Brazil, will be that they're already looking at this, man? Are they already recruiting people? to try to get into this thing? Why I know they are recruiting for coup. I know he's from inside, I I received a complaint, an alleged complaint, that inside the prison the guys recruit programmer to be able to do these fraud stops of eh these Pix scams, scam of mail, stuff like that, says it's many people who orchestrate this within the chain. And man, I said: "Wow, man, it will be that is so sophisticated at this point of Guys, you're investing in another cyber crime, recruit a group of people to make things easier this stop?" Supposedly who heads the majority of these attacks today in the country are these factions there, okay? And I'm not going to quote the name no. So, supposedly they are who do because that's where the money comes from. And these recruitments are not always So, look, I'll give you a lot of money, come here, right? When the guy is very well known and you know a lot, the guys do it, okay? Just like that movie Fol, have you seen the movie? Fol? It's very old, I forgot the name of it. actor there, well known. They arrive at the house his, he was the security manager of the bank, he had security passwords of the of the bank system. And they get there, They kidnap him, make him plant mauer inside the bank there, that same one scheme, oh. Your family is here, if do something, we will kill they. And the guy has to do it. Node The ending has a twist, right? standard of always, but he is obliged to do so. So, it's not just about love, right? Oh, I'll give you money here, come here happy with me. There is also this type of recruitment that is very punk. So until the exposure of many people on the network social is very complicated, right? That one story like this, the guy who says he is the racudão, who does everything, etc., right? So it is It's really, really difficult, right? This guy can be recruited in one way or another. Damn, this is heavy. Ruptura sent five here, man. It's cool, work in Telecom, my sector is the NOC, monitoring network incident and many times we exchange these router equipment and related, which was mentioned, man, supposedly. Damn, man, so, like, is this common? [ __ ]. Wow, there's always something planted in agency, old man. There's always something planted in agency, bro. That it, face? Because, man, just imagine, old man, how many people don't want to do this, old. There are gangs specialized in do this. Those times ago it came out until in the newspaper 40 million of one agency. I don't, I don't know if for me or for everyone it's chopped up. Yeah, okay chopping, man. I guess I don't know if the noise reducer, something activated there on the microphone or it changed a lot. It will be, bro? No no. Okay, okay. Yeah, beauty, beauty. So, then what it happens? Eh, it was, if I'm not mistaken, It was at an agency in Rio de Janeiro and 40 million were diverted, Yeah, just because the guy put it there a little router with a 4G mold and gain access to the agency's network. AND then he there, but he deviated money? Not necessarily, man. What what did he do? He had information privileged within the network and he I could attract customers there, you know? No It was just about diverting the money in itself. The guys don't necessarily go in the money. The guys go on some attack of social engineering with a lot of information for any customer of agency, get it? And then they go managing to divert this money to few, right? It had been a while since they were diverting. Reached 40 millions. Damn, there's another one that is heavy here, man. Magnes is the boss. Here in Rio traffic is cutting fiber optics and I had to change the aim for men's internet. Thanks. Hey, I already found out that their router has SSH open. I can't deactivate without the 100. Don't touch it, okay? face? Traffic is full of failures security. Supposedly you may not be in the next live here if you do anything there. Leave it alone, leave it alone. There are some live pics here, a super chat here. Man, I don't like giving tips on the channel, but since this live is a live special, There were already two saying the same thing. Vittor Barbosa sent a strong wind, but had the another one, the bro, where's the bro Calil Reis Fonseca, who also asked the same question similar. that's personal, what's the best way to start in the area of information security without falling into scam, enter as it should, do course, degree? Wow, man, that's a question that we receive a lot. Then I think that the Alon will have a lot of things to do talk and I'll also have a bit of thing to talk about. Penegui too, but First, start by following them. Ready. So you don't fall into scam like that, I think the first plan is for you to enter stay kind of complicated, but you get into known communities of people who are there to help, from people who are there of events that are events recognized. So from there you will have contact with people who can help you direct to start in this area. If outside the field of study, man, It's interesting that you look for references of people in the area and if the guy has a course or not, take a look at how it is yeah, how is the guy's course there? no, what's the name of that thing over there that points when, Oh man, it got away from me. Complain here. Give it a look at Reclame Aqui. See what the students are talking. Ask for people who are more experienced, oh, me indicates a training or which college I have to do? College is more easy, right? Some are kind of complicated because there is not a full quorum necessary, it doesn't have everything, ah, let's say there, everywhere the theoretical load necessary, but it is more common than things that are supervised by Mac have a little bit better character there, at least At least it won't be a scam, right? Eh, but I say so Initially you have to access events security and start having knowledge of people's names are reference in the security area, because hence you having access to this niche of people, you automatically you will also know which guys are are pickaxes, got it? Because the guys will always be or talking or joking or cursing the guys who are crooks. It's [ __ ] up, okay? connected? So you kind of learn, you kind of learn that way to get in in the security area, eh, the hacking area itself, besides you study, it's kind of a service community, so, uh, there's a part social there, like, oh, hey, relate with these people here, oh, these people here that have published lectures, which have events in such a place, that a guy who there's all, like, a lot of certification in the area of security, a guy who spoke at events international security that are recognized. More or less following this line, you You already know what to expect from the person. Then, let's suppose, analyze Júlio there. Ah, the Is Júlio a crook or not a crook? Okay, look, first thing, look at the publications that Júlio makes. Oh there. No I understand very well, okay? Check out LinkedIn from Júlio to see more or less what that he did. Ask the students who Julio has a training. Beauty, ask Júlio's students if it is scam, if it isn't. Are you aware? How it is that I training? Make a checklist, huh, man? That's it, that's it for any area, even in the dev bubble, right, face? It's for any area, man. And and so, going to events, what were the events that Júlio appeared or lectured? What is Julio, like, in the What does Júlio help the community with? He has already developed software, he lecture, he helps with events, he, anyway, you know? the guy does something or he's just a guy who came from scratch and it was you and that appeared to you because It was paid advertising, right? It was a paid lead. One thing I always say, whoever does a lot of marketing, which seems like it's a dream, be careful. Be careful, because those who sell dreams there is a problem. Yeah, bro, I'll keep the information safe here, look. I arrived late because I was in psychiatrist, you know? It looks a lot like Volha Dev, man. And that. That's it, man. It does not have. Oh, if the The guy is very handsome, very dark under eye, old man. It already gives one suspicious of the guy, you know? Type, because it doesn't exist, old man. Does not exist in dev bubble, man. It's in the dev bubble ostentation. If the guy starts to show off time, oh, I have quality time, I travel and work or start show off, I don't know, vehicle, car, the things. Get out of here, bro. You are a C. Get out outside. That guy is making money with course. That's right. Yeah, in that area The guys show off their cannabis, right? bro? Can of cannabis. You can, right? Pen. Ah, pen. Holy [ __ ], man. The guys dream is to have the pens. Thanks. Oh, but without want to do the jabá, but kind of doing here, besides Júlio's channel, right? Bruno has already made the link also, huh. Oh, there's no coupon. No There's no course, man. The guys are me joking because talking about the course. I I I don't have a course. I follow the line of show here from the guy Deivinha on I don't I don't sell the course. But the idea from the True Hacking channel, right, I even said, was born with the idea that I saw from Davin's channel, you know? I saw he talking like that, right, it's not because no sells courses, but it is really about bringing the the real, the true for the guys, like this, Hey, this is real life, you know? So I started very inspired, right, with even with the video that what what what Dela Flora did and what Penegi did also, right, talking about some people and that I saw like this, man, these guys sell the dream. Because the guy sees, right, man, if become a hacker in three days, man. Nobody will become a hacker in three days. First of all, hacking isn't even a profession, okay? connected? That's why I put PJinha hacker there. Hacking isn't even a profession, man. Where? The signed card appears there. Hacker, right? Senior hacker. Oh no have this. A mess, right? for us discuss, like, that's a business that everyone argues all the time about what who is a hacker, you know? Because if you to see the guys who are committing crime, not necessarily the guy is a hacker, understand? Hacker is basically a security researcher. What if you are very judicious, it is usually an offensive security researcher. There the guy is considered a hacker by community, are you aware? Exactly. Like, the guy who runs exploit, the guy who installs it Linux, bro, it will never be. You never will be, never will you be recognized as a hacker by a community if you don't have one [ __ ] research, for a community, a serious, international community, national, if you don't have a survey of [ __ ] security if you don't present this research and this research really changes concepts, got it? And that's it, right? You take, for example, events. The guy here is awesome community, oh. This guy there, this guy then he sent a pill there, man. Street Credits do not come from likes and followers, comes from the guy's story. That it's [ __ ] up. Exactly. A very old guy of the community as well. Bro. AND you win you win street credits. AND lecturing in doing eh talk room, conference room, which is the guys volunteering at event security. You see the tough guys, like like that, right? RCU way of speaking here, but you see these guys who are from community for a long time, you see the Guys, for example, how many times, right, we went to Bisside in São Paulo and Nelson Brito was there, who was the guy who developed the T50 and was there serving hot dogs to the crowd that I was at the event, damn it. And that's it, got it? This is community, you know? This is [ __ ] up. I think this is really cool, really awesome. Dude, there was an international event, bro. I remember Bruno, my brother here, Morpheus, right? Ah, he said: "Dude, there was an event we went to that Dark Tangent, which owns the is the owner of DEF with the largest conference hacker in the world, right, in terms of volume, he was serving drinks to the guys". It was there in Neutral Pate, you know? That does not exist plus this conference and such. He said: "Dude, the guy was there, he was serving drink for the guys there". Like, yeah, that's it, I think this is really cool, man. He thinks the guy's conference, oh, the guy's conference Dude, that's 25,000 people, man. 30,000 [ __ ] people. It's in Las Vegas with a whole week Las Vegas stopped by because of this conference that has Black Hat and has Defcon, right? And then there are the Pides around there, a lot more. Last year You went too, right, Alon? I didn't go, but you went to Vegas, right? Yeah, I'm in last 10 years i went. I just didn't go to the year of the pandemic, man. And I am and I'll probably go this year. The staff calls Lula Palos of Security. They are four or five events just for the event security. And there, Mandinha is a chatterbox turn off 4G, it's really talk Guys implant fake cell phone herb to capture data. There is funk. There that's it, man. There is no way to go there as a layman no. The layman gets there and gets screwed. AND I have some brothers, man, that guys they went, they stayed there for 15 days and the guys didn't managed to watch a lecture, bro. And that. It happens too. It happens. It's rare, but it happens a lot. Enter the event. In Vegas, like, drinking to [ __ ], playing, [ __ ] it. One hour because, oh, I jumped in the pool and I was empty and I didn't see it. Another time I broke mine leg, yeah, I hit my forehead. Ah, I'm with them cracked breasts. Finally, a punk story. My sister, she usually goes with me, right? But she's not in the middle, she just goes travel there, like that sister trip, sister. I'm very close to my sister. And she went and she went with me last year and She has those insulin pumps, right? right, insulin, such, and hers was new, that she had just bought and had Bluetooth. And it was funny that we I was in the room exchanging ideas and out of nowhere the pump started injecting insulin, put inject into it, inject insulin into it, because She's diabetic, you know? Yeah. And there I said: "Dude, turn that [ __ ] off." Like, I wasn't even at the event, it was the hotel that wasn't even the next event, including, got it? But obviously they are 30,000 people spread out across Las Vegas, There are hackers, right? everywhere there, right? Spread. No, it's the apocalypse, bro. Damn, that's crazy, bro. No, I don't want to go to that party, no moral. I'm very lay. I'm going to [ __ ] myself there a lot, man. Including the manager of security in not in this last one, but in the penultimate one, it was the manager of security of the TS. What is the name of the conglomerate? from Casino? Oh, it's not from No, I forgot the name, but from the MCU conglomer, no, M [ __ ] conglomerate of Casinos that is there in Las Vegas, the guy was a manager security there and he was lecturing at event, but they didn't even say what kind of event his name, nor nothing, you know? The guy has already worked with me. Boom security, this live can last 10 hours, watch calmly, you are beast. Wow, on Friday, huh? There was Magnus too. 5 hours of the late, right? 5 hours, huh? We are already here closing. Let's close because with the Palmeiras game, no, Fluminense, I don't know, man. No, the last live I I did it with Aquita, people got pissed that I closed the live, I wanted to see the game from Flamengo. The guys, damn, leave the Here's the talk, man. I said, "No, bro, there's a Flamengo game." Another thing, bro, that I remembered now that the Alon spoke of the S of the insulin pump, first the Bar Barnaby Jack died two weeks before doing this like that, right? that he was going to talk about insulin pumps, about insulin pumps smart insulins. He was in elei, if I'm not mistaken, and supposedly died of overdose. There the guys are, there the guys are there are some theories about the construction, but no, the guy actually died of an overdose, because There were some brothers who knew him, Dude was awesome, bro. But the guy was E this guy, bro, is responsible for ATM jackpot attack. He was the cashier at the event, right? It rolled at the event, he started spitting dollars there in a ATM during 2010. It is, Must with 2010. There is a video there on my channel, I showed you there's a little video there on my channel showing the guy doing it jackpot, spitting out cash. Then this attack was obviously replicated in several countries. Here in Brazil has also had incidences of this ATM spitting attack money, right? Out of nowhere car. Supposedly, supposedly. Supposedly. Crowd, come to grandpa, talk, talk, sorry just to to complete, it's just to complete something which I found interesting. A brother mine said: "Old man, do you believe that I was in Vegas and my cell phone was in time was an iPhone, I think it was an iPhone 7, 7, I don't know, I had an iPhone and he said, "Dude, I arrived at a place in Vegas and like, my pocket started doing noise". Then I took out my cell phone, it was the iPhone was making noise and was catching some radio thing, like, it was a noise as if it were a radio, as if was someone saying something. But the cell phone, like, you turned it on cell phone, I wasn't making calls, no I was doing nothing, the cell phone was normal, you know? Just what kind, I was like talking, the cell phone was speaking, the cell phone speakers were working out of nowhere, crazy, face. in a specific place where he went. And then after that, bro, I think about 5 years then I saw a vulnerability where It was more or less that, except it was inverted. you could eh listen in a given space of space geographic if the iPhone was with a iTunes on, streaming music, something like that, you could hear what was being processed there inside the inside of the iPhone by an attack which is called Tempeste. It is an information leak attack, right? unintentional leakage of information. And who created this Tempest pattern was NSA. [ __ ], that's crazy. It's awesome, guys. Get to the end, right? Hold on. Where? Here. Arriving, arriving at the end, right, dust. We're already 2:17 into the live, man. Wow, bro. On a Friday Throat is already dry, I can't wait to drink it a beer. But, come on, first thank you, man. Thank you so much there. Al Jones, Julio de Laa Flora, the Last minute penig, man. I sent the message, man. Thanks a lot for being there, crowd. And I'll leave the time to you to be able to, like, bro, talk to follow, you can share the course, tiger, the whatever. I'll start by pulling here, look. Hold on, Alonis, leave your words there for the guys. Thanks, brother. Well, guys, that's it, right, that I was commenting. So, there's the my channel there is True Hacking, right, that we have here, the idea is follow, as I said about the show here, right, but bringing real hacking, bringing real techniques and thus the community. There We have a Discord where I share several stops for the crowd, so no I have no course, right? What's the maximum that we have a study group there that people come together, gather, right? During the We do it every week, I do some live streams during the week there are also agendas there, whoever can follow, I will enjoy it a lot there to help there. We already have 14,500 subscribers there with newly created channel created. And the idea is to bring that, you know? Show the people that it's real, the people who is a troll, like Júlio de Laa Flora, Penegui, who is not a course seller, Who isn't a marketer, right? The chat, the That's the chat. All my others social networks too, I have several, right? I am, I think I'm one of the guys work with more exposed security that exist, right? So you put @idone, you'll find me until then chat there in China, you know? You will me find in that. Then look for Jones there, if you can follow me. The name The channel's handle is True Hacking or @Jones. It's @ Jones too, despite the channel name be different. And I left it in the description also from the live. It's in the live description also. Good. Whoever can continue to give this strength, I am very grateful for the project growing, got it? The idea and spreading this, you got a calm language, right? idea, right? There is the technical live, but the we have several lives there, which is the café with exploit, want to chat, show, right? We launched a new framework there, it's hack fic now, right? To show the crowd that Are you really hacking or is it fake, right? If it's a lie. So there are some videos there that we are releasing and doing some reactions. But that's it, man. Guys, I hope that you enjoyed. Then there was the more technical part there that maybe has been a bit of a bore, such, but who If you don't like it very much, you don't understand, right? Whatnot, people didn't like it, I don't know, they thought half, but the idea was to show you the full attack, right? How was it? made from end to end and how are they other channels are with others are attacks are made, get it? But that's it, dust. Your presence was really worth it. Leave a like, man. Let the like power come on, seriously, like it, man. Then they talked about the report. I can i share? Oh Jones, the one from company you work for, are you okay? This one from Pura Pod 100% and I'm going to put it in my Discord there too. Devin goes put it on his, it will be on my Discord also the link is there on my channel Discord. Beauty? Then it closed. Penegui. Leave your service. So guys, I was quieter because it wasn't even for me to be on this live and I just arrived on a flight. Yeah, I just got on a flight that I have a headache damn. I haven't had lunch yet, but I'm alive. I'm here. Guys, for those who don't know me you know, I do content creation for YouTube, for Instagram mainly, creation aimed at information security. So you guys You can take a look there, just search here, you find me there are a lot of thing, there's my training, eh, there's just that I am more hardware hacking in sense of access controls. So, it is one is one is pretty lynched, but it's pretty cool. You can check it out there. There is enough thing. The videos are also for a general public, so there are several types of video, right? They are small generally. It's pretty cool for those who don't do you know. Take a look there, give me a hand. We're together. Good. We're together. And big Master Julio de Flora. A master in disappoint people, right? That it? My wife said I'm very optimistic lately. Damn, what Friday, man. It's joy, bro. Very, first, thank you very much for the invitation, old man. I am happy. AND, Dude, call me more often, I like it much of its content. I always liked it. I I remember at the very beginning, eh, you I had, I don't know, about 10,000 people, right, about 10,000 1 followers. When I found the channel, I said: "Damn, bro, this guy here is going, I I think I said, when I started the channel, you were one of the few people famous and who called me and said: "Dude, keep going." So I say, "If the channel still exists today, I am grateful for damn you". Dude, that's cool, bro. I I'm very happy because I saw yours content. I said, "Holy [ __ ], man, this man, is it going to work out here, man?" Because the content was very funny and it was a very specific niche and it was focused for that guy who takes three medications, are you really tired, you know? It's our vibe. Yeah, yeah, old man. No, for me there's no such thing as oh, no, stay rich in three weeks no, old man. It won't go stay, old man. There's no way not to. Damn, that's so good, man. I am happy. Guys, if you want to take a look in my content, it is more focused on hardware hacking, more focused on electronics, in devices instruments, of measurements, but I always I do, huh, lives with react videos sometimes famous, involving attacks with hardware, involving attacks that have some physical supply chain, say like that, right? So, there is always something thing related to the real world, world physical, implanting things or moving things around devices. I like it, I like this one tactile part, let's say, of the area of harder hacking itself. So, to whoever wants to take a look, the name of the channel is Hardware Hacking and my @ It's there on Instagram, right? It's there screen. If you guys want to give a take a look there, I'm very grateful. If want to follow and share with others friends, it will help a lot. Oh, so good. I'll leave it at description of the entire Instagram live, Everyone's YouTube, I'll leave it at description, so the crowd is seeing after. If you are not subscribed to the channel, subscribe. This is the time. Help me hit 300k by the end of the year. To thank awesome, guys. Thank you very much there presence. Wow, the live was really good, face. Time passed quickly. The gang already is asking to be able to mark a part two. So let's leave it on the radar so we can schedule a part two there It will be great to have you here. AND face with everyone, guys, what need to publicize, event, whatever, count on me, count on the channel, call that we have good visibility, We have a cool community, engaged as hell. So, what if you need, count on me and the doors will go always be open here. Beauty, crowd? Divine and I think it's cool, man, We could schedule you take to security events, right? One coverage at events, man. Hey, me, Aon Peneguia, we end up having a one certain contact with the developers, right, with the maintainers of these events. So, if you're interested, man, No, I'm super into it, man. And I think cool because the mission is the same mission that I pulled from the dev bubble, I I realize that the security bubble is also with the same problem as the guys, It's a little confusing. So, like, at times we start to give visibility the right things, I think are cool, you know? AND Dude, it's been a long time coming, bro. Security is a thing that has a pickaxe It's been a long time, old man. Wow, man. It always has, right? Always had. Always had, man. Always had. Yeah, no. Let's go although. Let's go. Count on me, crowd. We're together. It was worth it. You who's watching it until now, man. It cost too much. Leave a like, subscribe to channel and that's it. We're together. Kiss. Until the next live. It cost.