[Robert O’Connor]

My thought is, okay, well, if antiviruses want to detect that, will EDRs? Because antiviruses, they have, this is getting in more into like Windows use lane versus kernel differences, where antiviruses will more focus on like user mode areas and EDRs will focus more on kernel areas. So what I found is EDRs will mostly build, Windows Filtering Platform is like the technical name for Microsoft.

It's essentially like a layer within the networking stack that you can put a driver where any incoming network connection will analyze the network connection, like the packet data or anything like that. So I built my own to see, you know, can this shellcode being sent over the network, unencrypted, be detected in any easy way.

[Kyser Clark]

Welcome to the Hacker's Cache, the show that decrypts the secrets of cybersecurity one bite at a time. I'm your host, Kyser Clark. And today I have another returning guest, Robert O'Connor, who is a Penetration Tester and Red Team Consultant focused on Internal Network and Active Directory Assessments.

He holds dual bachelor's degrees in Network Security and Network Engineering, along with certifications including OSCP, CRTO, and Security X, which was formerly CAS Plus. With expertise on both the defensive and offensive sides of security, Robert continues sharpening his craft through CTFs, Bug Binding Hunting and Programming projects. And if you are wondering what episode he was on before, it was episode number three.

So if you want to go back and listen or watch that episode, feel free to do that. However, not mandatory to enjoy this episode. So Robert, thank you so much for coming back on the show.

What have you been up to since last time you was on the Hacker's Cache Podcast?

[Robert O’Connor]

Thanks for having me. Glad to be back. I would say a little bit.

I've changed jobs. Gotten going, I guess, more from Pen Testing to Red Teaming. Got, I think, another certification focused on Red Teaming, like CRTO, which is pretty introductory for Red Teaming, but still good to have.

And then still just studying in my own spare time about Windows Exploitation and low-level Windows internals and Active Directory knowledge. So that's what I filled up my, I think, year with.

[Kyser Clark]

Yeah, it's been about a year and a month since the last recording. And yeah, nice to see you make that transition from Pen Tester to Red Teamer. That's actually one of the transitions that I'm personally trying to make, and I'm sure there's other people that are listening and watching this episode that are also trying to make that transition.

So what was the main thing that helped you make that transition from Pen Tester to Red Teamer?

[Robert O’Connor]

So I guess like at my previous job where I was a Pen Tester, we got to dabble in a little bit of Red Teaming. We did, I think it's like civilian government contracting. And even though I was mostly a Pen Tester for like 90% of my job there, I did get to, I guess towards the end of it while I was there, I got to help participate in one or two different Red Teams.

And I just, I started to enjoy it, I guess, as much as Pen Testing. And I've been doing Pen Test for almost three years at a time. So I was like, it'd be nice to, you know, switch it up and go into Red Teaming for a little bit, see if I like it more than Pen Testing or not.

So I've been enjoying it so far with the current company I'm at. Red Teaming is a bit of a stretch. I feel like it's more of like a marketing term for, I would say like companies where we do Red Teaming versus Pen Testing.

They, sadly, I don't think marketing and HR really know like the actual difference between the two, which is sad. They'll kind of get them mixed up. So it's like, oh, you're going into a Red Teaming job.

It's like, well, it isn't Red Teaming, it's just Pen Testing. It's no different why you're advertising as a Red Team job when it's just Pen Testing. So.

Interesting. Yeah, that's what I found, at least.

[Kyser Clark]

So would you say your current role is more Pen Testing than Red Teaming? And you would say that your title doesn't match the role fully?

[Robert O’Connor]

Yeah, currently for where the company is at, like I was brought on, I guess pretty early on, it's still a relatively small company. But their overall goal is to transition more into not just Pen Testing, but also into Red Teaming. But they have to have that foundation with their clients for Pen Testing in order to get them to do some Red Teaming engagements.

So currently I'm still doing Pen Testing. Sadly, not doing as much Active Directory or internal network testing anymore. I'm doing mostly mobile web app and API testing.

And I've been doing it for a while. There's some fun in it, but it's not where my passion is. I find myself still, even though I'm not doing internal network testing or Active Directory testing anymore, I still go back and study for things for it just because I find it.

It's just my passion compared to web and mobile and API, which is, I would say it's, that's becoming the predominant type of testing in today's like Pen Testing market is it's, I would say like 60 to 70% is mobile web or API or cloud testing.

[Kyser Clark]

Yeah. And that was actually one of the things I want to dive into. So I was smiling a little bit there because when you said you was doing more web app and mobile app testing, I was smiling because you specifically mentioned in the last episode that you was on episode number three, that you don't like web app testing.

So have you kind of grown to like it a little bit more? Or is it still something that you just do just to tolerate it?

[Robert O’Connor]

It's a bit of both. I've gotten better at it. I've been able to actually, because before my previous job, whenever I would do web testing, wasn't like good at it at all.

Didn't really, I guess, understand the like web application architecture, that kind of stuff, how to find vulnerabilities or weaknesses, how overall it was structured and built and how it operates. But now that I'm doing solely that, I'm learning a lot more about it. But again, it's not where my passion is.

I'm fine doing it, but I'm not going to use my spare time, like my free time to go and study more about it. I'm going to use that to come study more of like what I'm personally interested in, what I want to do, which is.

[Kyser Clark]

Yeah, that makes sense because it's sorry to interrupt you. Did you have to close that out? No.

Yes. I was going to say that makes sense because like it's it's hard enough to hit the labs to begin with, especially after eight hours of pen testing. And then you have to go to the labs and do three to five more hours of pen testing.

[Robert O’Connor]

Yeah.

[Kyser Clark]

So, you know, going in the labs and doing something you actually enjoy is is absolutely critical. And I found that about found that out about myself as well when I started doing some IOT testing. And I'm like, dude, I'm not really into this.

I like web apps and I like networks. And this IOT testing is not my jam. And I've said that on the show all times now.

But just so you know that that's I understand where you're coming from when with that. So you mentioned that like pen testing is turning towards web app and even cloud testing. Do you think that the internal network pen testing will remain just as critical as it did in the past in the next five years?

Or do you think it's going to become a new specialty?

[Robert O’Connor]

I would say it's going to be it's going to decrease in popularity. Just because even like for active directory testing, a lot of small to medium networks are moving strictly to like Azure, I guess, like Active Directory, but online, not really, I guess, in a closed environment. So that's more like cloud related testing.

So I think it's going to sadly become more niche to do, especially with like the rise of AI testing, as well. I'm currently doing an AI test, which is interesting. Not my not my forte or interest, but medium to large companies are still like Fortune 500 companies just have, you know, thousands or tens of thousands of users, they're still gonna have Active Directory, like no matter what, it's not going to go away.

So it all depends on, you know, what kind of companies can get those contracts to test those clients. So if your company is has a lot of like reach and networking for that, then you can definitely still find ways and opportunities to do Active Directory testing. But I would say in like smaller to medium networks, it's going to start to go in more focus on like Azure.

And I think it's like m 365. I forget the name. They change it every Microsoft changes it like every year or two.

I forget what name it is now.

[Kyser Clark]

Yeah, yeah. So you're saying and I've said multiple times on on the show, that web apps are slightly more prevalent compared to prevalent compared to internal and external network tests. And when I said that it was like a slight favorite towards web apps.

But now as I've been in my role for about a year and a half now, and it's, I would say, slightly more prevalent web apps are slightly more prevalent than what they were. So I would say that that sliders is sliding ever more closely towards a web app. And I'm doing less network testing than I was before.

And I mean, our company, you know, we've brought in people who specialize in only web apps, because that's where most of our work is. But like you said, it does depend on your company and what kind of work they're able to secure. So that's also a big factor too.

I'd imagine more government jobs, like government clearance jobs are probably more about the network testing if I'm not mistaken, but I could be wrong there.

[Robert O’Connor]

No, no, you are, at least to my knowledge, from the contacts that I have, and who I've talked to, I would say it's more prevalent to network testing for sure.

[Kyser Clark]

You think I would know, because I did six years, I had to do the Air Force. But you know, I, I didn't work as a government contractor. I've never done that.

So that's one. Most people get out of the military and become government contractors. I did not do that.

All right, Robert, before we dive more into the conversation, we need to do our security Mad Libs. So for those who are new to the show, Robert's going to have 40 seconds to answer five security Mad Libs or basically fill in black questions. If he answers all five questions in 40 seconds or less, he'll get a bonus six Mad Lib that's unrelated to cybersecurity.

His time will start as soon as I stop asking the first question. Robert, are you ready? I am.

Here we go. And by the way, he won. So on episode three, he won rap fire questions, which was last season's version of security Mad Libs.

So let's see if he can go for two for two here. Hopefully. Here we go.

Robert, my favorite flag I ever captured was blank.

[Robert O’Connor]

Administrator on a domain admin or a domain controller. The nerdiest thing about my setup is I have four monitors and my computer's barcode.

[Kyser Clark]

The most overrated tool in cybersecurity is a ZMap. The one thing I wish I knew before my first pen test was how to use NetExec or CrackMapExec. If I had a hacking superpower, it would be a skeleton key.

[Robert O’Connor]

Get into any domain I want to.

[Kyser Clark]

Okay. So that was 43 seconds, but I'm going to give it to you because I laugh on that before that one question. The reason why I was laughing because that's a very good point.

You said ZMap. Is it ZMap?

[Robert O’Connor]

Whatever NMap's GUI tool is.

[Kyser Clark]

Yeah, that's why I laugh because like every hacking course shows it to you. But like, bro, I've never used it ever. Not one time have I used it.

Actually, I take that back. There was one time I did use it, but it wasn't in the real world. I did it for my master's degree.

They force you to use the GUI and they're like, take a screenshot and show us like you use the ZMap. And that was the only time I've used it. I've never used it on a CTF, never used it on a certification exam, never used it in the real world.

And that's why I chuckle because I 100% agree with you because every hacking course shows it to you. But like, it's not. I mean, I guess if you need a GUI, but if you want to get into hacking.

[Robert O’Connor]

Shade at the ZMap developers or anything like that. I just I prefer the command line tool.

[Kyser Clark]

Yeah, it's not. Yeah, we're not trying to shade at the developers, but it's at the end of the day, it's like all tools are in the command line. So like if you're not comfortable with the command line, then you're on the wrong field.

[Robert O’Connor]

Yeah.

[Kyser Clark]

So that that kind of covered the most interesting response, because that's that was definitely your most interesting response. I loved it. But for the bonus here, you can explain your answer as much or as little as you want to.

You can even dodge the question entirely. So here it is. If I had a theme song, it would be what?

[Robert O’Connor]

Blank. It's a SpongeBob theme song I'm good with. Like the opening song?

Who lives a pineapple under the sea? Just pants to my like room with four screens in it. It's funny because I'm sure there's like cooler theme songs that people have chosen, but I just feel like that fits me.

[Kyser Clark]

I think the reason why I'm laughing is not because of the song itself is because last episode, episode three was on. We do rap fire. Bonus question was, does pineapples belong on pizza?

And this is another this another answer related to pineapples in a way. And that's what makes it funny. Oh, man, that's great.

Uh, do you want to go any more explanation of why that's your theme song? I know I was laughing over what you said.

[Robert O’Connor]

No, I guess it's just the first one that came to mind when I think of it.

[Kyser Clark]

Nice. Yeah. So for me, if I had a theme song, it would be the opening song to the Hacker's Cache.

And the name of that song is called Hackers by Carl Casey, a.k.a. White Bat Audio. It's always in the description, his YouTube link. It says music by Carl Casey at White Bat Audio.

And the name of the song is Hackers. It's his number one song on Spotify for good reason. And I felt like that was a perfect song for this podcast because all this music is royalty free.

You can just use it as long as you credit them. And that's one of the reasons why I didn't want to pay for music, but it was good. It's the best royalty free music out there.

So if you're a content creator, then I highly recommend shout out Carl Casey, White Bat Audio. But yeah, that would be my my theme song would be the one that it literally is my theme song. It's like the one that plays on every episode.

OK, so moving into our main discussion here. So I want to rewind a little bit. And you you were kind of talking about how you're moving in your your current role.

It was advertised as a red team position and you get in there and it's more of a pen test position. Did you know that going in or is that something that you like kind of blindside you after you got in?

[Robert O’Connor]

I wouldn't say blindsided, but it was like. A foggy area, they said they do mainly focus on pen testing currently, but are transitioning into the near future of doing more red team focused assessments. So I was like, I guess I could do some pen testing until we get to the red teaming.

I'm fine with that just to branch into an area, sharpen my skills and that kind of thing.

[Kyser Clark]

OK, that's good to know that there's like, yeah, we got red teaming all the way and then you get in and and then it's just mostly pen testing with the red team. So hopefully you can get in those more more red team engagements and. When it comes to red teaming, how much do you think the CRTO helped you?

You think it's a certain that's a must have for anybody that wants to transition from that pen tester to red teamer or on a scale from one to ten, like how important do you think that certification is when it comes to growing red team skills?

[Robert O’Connor]

I say it's like in seven or an eight rest amounts, I think is the one who creates it. Develop the course like really, really well to teach. It teaches a lot of active directory because that's what.

I would say red teaming closely relates to. It's not solely about that, but more oftentimes, but not when you're on a red team engagement, it's going to involve a lot of internal network directory testing, so it focuses a lot on that. It's not absolutely required if you've done internal network testing before, but it helps a lot.

The only, I guess, thing that I struggled with with the exam or I guess the course, I guess specifically the exam is that it's closed network, meaning you can't bring your own have to use the tools that they give you, which is kind of good and bad. Some clients, if you're doing a red teaming or like any kind of testing, some of them are very paranoid and they'll give you their golden image, like virtual machines or operating systems that you can use for their testing, and they don't allow you to bring, I guess, your own tools. You have to use the ones that it's on their gold image, so it's beneficial in that area.

You have to use what you're given, essentially, not like essentially what you know, so it's good in that, but not being able to use CrackMapExec or NetExec and NTLM Relay and all the, I guess, fundamental AD testing tools was, it took me a lot longer to pass the exam than what I was, what I thought or planned.

[Kyser Clark]

Yeah, and do they leave those out for a reason? Is it to like to help you develop certain other skills? Why do you think they leave those tools out?

[Robert O’Connor]

I would say it's to develop your own skills, I guess, and using what you're given than what you, I guess, specifically know, because a lot of it, I'm pretty sure a lot of the tools that they give you is PowerShell tools for enumeration scripts, that kind of thing. They're publicly available, but you're not able to go to GitHub and download there on the testing VM when you load into the exam, but it was still a pretty good course, because Red Teaming, it focused on, a lot of it has to do with evasion, I guess, of like antiviruses or EDRs, so it helps teach the fundamentals or the basics of that, which is pretty good. You're not going to really come across that in pen testing, because it is like a, you know, pen testing and Red Teaming are different.

You're not, if you're pen testing, you're not really going to worry about whether or not they have AV or EDR on their, on the machines. It's not like a huge part of the assessment versus Red Teaming it is, so it's good that it also taught the fundamentals and basics of that, but I know they have a CRTO2 course, I think that they launched, I think, two or three years ago. I haven't looked into that, but it'll probably be on my radar after I hopefully pass the OSED exam.

[Kyser Clark]

Oh, OSED is next for you, huh?

[Robert O’Connor]

Yeah, I want to get it done, hopefully by the end of the year, but it's gonna be tough, because it's going into, I guess, a new area for me of exploitation development, and not super knowledgeable about that, so it's going to be a huge learning curve in the next couple months for it.

[Kyser Clark]

Yeah, I believe, I believe you there. That's actually the only offset course that I didn't go into. I went into OSEP and OSWE.

Don't have those certifications, by the way, because didn't feel comfortable enough to take the exams. Maybe one day I'll build my way up there, but yeah, I would agree with you. That's kind of outside the wheelhouse of a pen tester, because pen testers, I think I said in another video one time, but I'll say it again, like you're not really building your own exploits as a pen tester, like that's not what you're doing as a pen tester for anybody that's not a pen tester that's listening and watching, so that is a different area.

Why did you decide to pursue the OSED over some other certifications? What was the main reason why you chose that over some other areas of study?

[Robert O’Connor]

The big two, at least, for certifications was OSEP or OSED. I have a colleague that took the OSEP recently, went through the course and all that kind of stuff, and sadly it's too outdated, I think, is the course content is from like I think 2017 or 2018, and if you're doing like it focuses on basic AV evasion, I think using like C-sharp, it's, you know, AVs have evolved a lot more if I'm sure in like the exam what you can use in the course you can pass the exam with it, but the transition going from that certification to real world is completely different just because it's like antiviruses and EDRs have evolved so much in the past seven to eight years that what you learn in the course isn't necessarily what's going to apply in your actual testing, so I went to more so focus on OSED just because it's an area I haven't really delved into before. It's vulnerability research and exploitation development, which is again different than pen testing and red teaming, it's its own category, so again it's another branch that I'm like, you know, hopefully I'll enjoy it because getting into exploitation development as like a job or a career is a lot, it's more so like senior roles only that I've found, very difficult to get into it as like an introductory like knowledge level for it.

[Kyser Clark]

Okay, yeah, that makes sense and yeah, OSEP, I have heard that it is outdated, you know, it is basic AV bypasses, it's not going to work against EDR, it's not going to work in your red team engagements, and for someone who has went through that course twice and I understand the concept for me, like I understand the concepts in isolation, but then like that certification is all about like chaining multiple exploits together and my problem was chaining, like figuring out which like three or four to chain together and like in isolation I could, I know, knew what to do, but chaining them together was my problem, so that's a little, it's a little frustrating to me, I was like, man, like I can't even get this thing that's outdated, but I'll get it eventually, I'm slowly working my way up, that's why I took a step back to do the PMPT because I went, I'm doing the PMPT now because I thought the OSEP AD section was very lacking and I needed to strengthen that, so that's why I'm doing the PMPT now, but that's interesting you say that, so speaking of evasion, so what testing, so when you're testing mature environments with strong defensive controls, what techniques have you found most effective for blending in and staying undetected during internal assessments?

[Robert O’Connor]

So last time I did one, we would mostly use, we use like, I think Cobalt Strike is our C2 and we use various, I think it was like DLL side loading or Packers in order to, because the, I guess we would have trusted agents execute our payload in their environment to get like an entry level, like to get a foothold in their network, but doing those a couple years ago, they're probably more so outdated now, I haven't really done anything specifically for engagements other than my own like personal studying, like what I did recently was how, because from seven, eight years ago, the question I had is how detectable is shellcode in storage nowadays? Is it still, you can have shellcode on disk and it won't be detected by, you know, antivirus or EDRs or I guess like what's the, what's the rate of it being detected? So I wrote up like a blog post of, yeah, basically every AV nowadays will detect it and transitioning now, I guess more modern approaches, like quote unquote fileless malware, where there's no shellcode anywhere on disk.

And I guess it more so operates as a C2 where I built an application that doesn't have any shellcode and it's stored on disk, it'll essentially just create a listener and you can send raw shellcode over the network and then it'll execute it in memory. So it's, shellcode isn't specifically stored anywhere in disk, but it is received through the network and then executed in I found is no antiviruses will really check basic network filters or any kind of incoming malicious network connections. I guess like the actual packet data, because I didn't, when I was sending shellcode over the network to my listener, it wasn't encrypted in any way or encoded.

It was just raw shellcode to give me a reverse shell, for example, or execute a calculator. So my thought is, okay, well, if antiviruses want to detect that, will EDRs, because antiviruses, they have, I guess this is getting in more into like windows use line versus kernel differences where antiviruses will more focus on like user mode of areas and EDRs will focus more on kernel areas. So what I found is EDRs will mostly build windows.

I forget the specific term of what they're called, but essentially windows filtering platform is like the technical name for Microsoft. It's essentially like a layer within the networking stack that you can put a driver where any incoming network connection will analyze the network connection, like packet data or anything like that. So I built my own to see, you know, can this shellcode being sent over the network unencrypted be detected in any easily or easy way and never went into kernel development before.

So it was a huge learning curve, but it can be detected fairly easily. It's just no antiviruses have a, you know, networking filter driver in place. So it's mostly for large enterprise EDRs like cobalt strike, Sentinel one, that kind of stuff.

That's kind of like a tangent, but it's what I've been, it's the most thing I've been, most recent project that I've been working on past like a couple months.

[Kyser Clark]

Nice. And is that, would you say that's like complimenting your OSED or is you think it's, does it not relate to that at all?

[Robert O’Connor]

I would say it's a little bit of both. It's complimenting OSEP for like antivirus evasion. It's found a way to completely like not a new technique, but a modern technique for malware essentially.

For that, for OSEP and then for OSED getting into like kernel development and understanding low level windows internals and concepts will greatly help with OSED because it's you know, exploitation development. You have to learn, you have to know generally the structure of what you're exploiting in order to know how to break it essentially. Like you don't have to know how it works in order to know how to break it.

[Kyser Clark]

Nice. So when it comes to Active Directory in your experience, what has been the most creative or unexpected path that you've built in Active Directory that didn't rely on traditional vulnerabilities?

[Robert O’Connor]

Hmm. I've never really done, I would say like domain hopping. If like bidirectional trusts in a forest going from one domain is trusted in another.

So you can kind of go in between them if you have a user that can. So was able to compromise like one domain for like getting DA on it. And then we found a user that can also go into another domain.

Because you don't really see that very often unless you're in very large like corporate networks, they're not going to have multiple domains in a forest. So doing that was kind of interesting going from, okay, I got into one domain. Surprise, there's like three or four more that are connected to this one.

And you only have, you know, two days left in your assessment to go and try and break into those. So I've never really dealt with, you know, multiple domains in a forest before. So that was like a huge, I wouldn't say like unconventional, but it's not seen a whole lot in small to medium networks.

It's mostly seen in like large corporate networks. The CRTO actually does cover that a little bit of jumping across domains in a forest, which is nice.

[Kyser Clark]

Yeah, that's really cool. Like you said, that's pretty rare to see that on a pentest. I think I might have seen multiple domains once or twice.

It's not a very common thing when it comes to internal pentest. But yeah, it really just depends on the size of the network at the end of the day. But I mean, most, if you're an consulting role, I would say most of the clients are small, medium sized.

You're not going against enterprises and stuff because enterprises are just less common in the real world in business. But yeah, that's, I mean, that sounds fun. That sounds sick.

Was you able to, so you was able to compromise a second into the other forest?

[Robert O’Connor]

We owned the first one and then I was trying to get onto their development network. And for the life of me, I rabbit hole, I think we only had like one or two days left of testing and I rabbit holed on, I think it's ECS eight, like active directory certificate services, like the specter ops research paper. We found the NTLM relay or the ADCS HTTP, like NTLM relay for that domain.

But for some reason it was erring out in the very last step of it. And I just tunneled onto that. So sadly wasn't able to compromise their development network, but I learned a lot about like ADCS in the process, which is a plus.

[Kyser Clark]

Yeah. Well, yeah. Thanks for sharing all that.

That's a really cool and really interesting. And yeah, maybe one day I'll be switching over for us like you hopefully. So we're running out of time and I got to ask you the final question.

It's different than what everyone else gets. Cause you're a returning viewer. You already answered the standard final question.

So this season two returning viewer, sorry, returning guest question is what's one key lesson you've learned recently in cybersecurity or if you prefer, what's a bold prediction you have about the future of the field?

[Robert O’Connor]

I guess I'll do like the bold prediction. A lot of people are, I would say like a majority, like what's talked about on social media is AI is going to take over pen testing in like the next year or two. I don't think it's going to be anywhere close to that.

I think it will be like at least 10 to 15, just cause for pen testing, it's very hard to deal. It's very hard for AI to deal with the unexpected, like what's not, I guess, specifically trained to it'll guess on its best estimate, which isn't always correct. So an actual person taking the time to look something over that they come across as unexpected is a lot more beneficial than an AI doing it.

So hopefully I don't get too much hate for being on the anti AI train, but I'm not a fan of it to be honest.

[Kyser Clark]

I mean, if the haters want to hate in the comments, I will, I'll defend you. I mean, I, I agree with you, but at the same time, so I've been kind of flipped because like, I don't kind of like on the fence. Like I I'm like, I can see both points when it comes to pro AI, anti AI.

And I've been, I've made episodes on this podcast talking about like, you're going to get replaced. And it's, it's not that you are going to get replaced anytime soon, but I think the fact of the matter is like these tech giants and these business owners and these executives, they want to replace you. So I think it's good to keep your skills very sharp because while, like you said, five, 10 years, you'll start seeing pen testers being replaced.

That doesn't mean that employers don't want to replace you. So that's my hot take. I think employers want to replace humans with AI, but it's, it's going to happen a little slower than than what they think.

[Robert O’Connor]

Yeah. I think the biggest crutch for it is companies aren't willing to give out their, you know, internal data to help train an AI that I've, I've come across. So I think that's going to be the biggest, it's going to be an incredibly slow, like uphill battle for AI to be, to start getting good at it.

If it has no data to essentially train on it to make it better and better, if it can't use clients, uh, like I would say, you know, confidential data to make it better, which is understandable why companies don't want the, their information to be used in AI to train it.

[Kyser Clark]

Very valid point. Well, Robert, thank you so much for having a show and providing your insights, wisdom, and expertise. Greatly appreciated.

Where can the audience get ahold of you if they want to connect with you?

[Robert O’Connor]

Um, Twitter's probably your best bet, um, on there for, uh, or, or LinkedIn. I think the one you've, you've mentioned is, is good. Um, I think, I don't know if you have it, uh, linked or not, but Robert O'Connor on LinkedIn is, is good.

Yeah. I will link. Twitter is, uh, eternal underscore not.

[Kyser Clark]

Yes. And I love that name still. In audience, best place to get ahold of me is YouTube comments.

So drop your thoughts and feelings in the comments, ask your questions, and I will respond to them. If you haven't already rate the show five stars, if you're on audio and hit the subscribe button and hit the like button, if you're on YouTube audience, thank you so much for watching. Thanks for listening.

Hopefully I see you on the next episode until then this is Kyser and Robert signing off.