Ashish Rajan: I’m super excited that you’re here. The first question though

I would be really surprised if people don’t know who you are, but for people who don’t know, who was Jack Rhysider and What is Darknet Diaries?

Jack Rhysider: Yeah, I created this podcast called Darknet Diaries, which I really liked stories of hackers or botnets or attacks or anything related to computers. It’s true stories from the dark side of the internet.

And I wanted to get these stories out because they’re stories that I hear at like security conferences and stuff like that. But they’re in these small groups of people who are at the security conference and I’m like, this is a story that’s worth. That’s bigger than just this, you know, I want other people to hear this too.

And so I take those stories and I try to make it a palatable for the whole world and not just people who are into IT and security, but anyone is interested. And at the same time I’m adding music and I’m really improving the storytelling craft. Cause a lot of people who have these stories of a time when they were hacked or, or did a hack, they they’re not good storytellers, so I can kind of, , pick it up and, and build on it and [00:01:00] make it sound good.

And then, yeah, let’s make a podcast with that and that’s kind of blown up. There’s like 200, 300,000 listeners of the show now. So it’s, it’s quite a big deal and it’s now my full-time job. And before that I was the it security engineer. So, security has been my thing for a long time, but now I’m just kind of almost like a journalist

Ashish Rajan: storyteller.

Investigative journalist is how I was seeing it. Wait, so you started in cyber security, like what was your journey like in cybersecurity? The

Jack Rhysider: I got a degree in IT security or it just general IT, right. So I learned, I took one class on C programming, one class on Java, one class on Linux, right.

Everything. And so you come out of that and not good at anything, just a little bit good at everything. And I couldn’t find a job. So I just did like odds and ends work, not it related stuff, but then I was like, I really need to get back into this. So I got a CCNA certificate, Cisco networking, right.

And that got me into a knock and I was monitoring routers and switches there. And then I just kept going crazy. I was just like,going cert after cert in Cisco. And they said, well, you’re unstoppable. We’re going to move you to engineer. Do you want to be a security engineer? I didn’t know really what they [00:02:00] did, but I was like, yes, engineer sounds great.

And I’m so glad I ended up in security because that, you know, past of means learning a little bit about everything came into full. Use, when I became a security engineer, I had to pick my brain and be like, wait a minute. What, how, what does the header look like in an image? And what does the header look like in a PDF file and what am I looking for when I’m looking in Wireshark and all these things.

And it was just like, if I didn’t have that well-rounded background of knowing a little bit about everything, I would have been lost, but once I got there and security, I was home and it was wonderful. I, and I lived there for 10 years.

Ashish Rajan: Wow. There you go. Oh, so it was basically 10 years of working in cyber security before you moved into investigative journalism, but more from a cyber security angle.

Yeah. Wow. Okay. And so to your point, I understand you saw harder stories. You obviously felt compelled at, this is something that should be shared and this month is bug bounty month in Cloud Security Podcast cause like, I mean the live stream has been really interesting so far in terms of finding out how people go down the [00:03:00] path of finding bounties.

But I’m curious to know, considering your investigative, I guess, present, what’s the difference between bounty hunters and hackers and online criminals? Is there a difference? Should people put them all in the same bucket?

Jack Rhysider: I mean, there’s a legal difference, that’s for sure. Like if you invite someone to allow, them to hack your stuff, you’re giving them explicit permission and that’s very different than somebody coming in and saying, I’m just going to hack your stuff.

And then I’m going to, I mean, there’s a story of. Of these hackers who found some vulnerabilities in, I think it’s Uber and LinkedIn and they found some credential on Github and they took those credentials and just got into both of these networks and ran a muck, stealing a dump, a bunch of stuff, finding a whole bunch of exploits.

And then, and then coming to Uber and LinkedIn and saying, we found these bugs, you need to pay us for these bugs, or we’re going to tell the world that, you know, you have these huge vulnerabilities that you’re not securing your data well or something. And It was pretty much extortion, right? It wasn’t an approved bug bounty, even though both companies have bug bounty [00:04:00] programs, they went beyond, they didn’t follow a scope at all.

They didn’t follow any of the rules. They were very strict about it and mean, and like, you know, you have to pay us in Bitcoin and on our terms and all these things. And yeah, that’s an interesting tale that I was going to get into soon on my show, but I think what happened, I’m not sure all the details where I think Uber kind of paid them to hush up and said, okay, just don’t say anything.

Here’s your money. And a LinkedIn said, we’re not going to pay you. And we’re going to fix this right away. You’re not following the rules. And what happened was Uber got in big trouble for trying to, I don’t know, pay rent some and get a hut to hush up the whole thing. And, LinkedIn gig got away clean as far as like what, what they did properly.

Right. So it’s interesting on just. You’re doing the same thing as a bug bounty hunter, but you’re just the way you’re doing it is different. And so, yeah, I mean, you have to follow the rules in the scope. If you’re going to be a bug hunting and with just criminal hackers, they don’t follow any rules.

Ashish Rajan: No. And while you’re on that story, it reminded me a thing that we had where [00:05:00] we, I guess I had asked the question, I think in my past we asked the question to these. So I say two or three Poplar, bounty hunter com companies that you can sign up with and you definitely try and limit people to the scope, but you always find cause some of these, I guess, for lack of a better word, the kids on the internet when it’s school holiday time and they, they kind of realize, oh, bounty hunting is probably a legal way to do this, so I’m going to do it.

But your point about the scope definition. Like that concept doesn’t I guess, hard way put this lightly it, they don’t comprehend what that really means. I just go, oh, I guess it just means, www dot carry podcasts or TV. And tell me just like, okay, it’s everything inside it. Even though I just said, Hey, no, it was only slash application that can be searched on or count be a hundred or there’s like, it doesn’t get that.

Jack Rhysider: Yeah. And I, I mean, this is kind of the maybe the collateral damage or something. When you open up your, your website to bug bounty hunters.

Come hack me, but only do it in these particular things. And a [00:06:00] lot of people, like you said that he just hear, oh, come hack me.

I’m coming. Right. So you do open yourself up for, for things that is not intended and you need a good way of being able to handle that and say, okay, Gently and nicely like, okay, I appreciate you finding this bug, but that’s not in scope. We’re not able to pay you for that. Right. And so that’s a difficult thing, right?

That’s a very difficult thing to navigate when you’re finding, when people are finding things. There was another story I had on my show where somebody found a vulnerability in Instagram and basically they found this vulnerability and they reported it. But then from there they were able to find another vulnerability.

Right. So if Instagram had come back and fix that first vulnerability that wouldn’t have given them the ability to find the second vulnerability. Right. And so from that second vulnerability, they found a third vulnerability. And so they reported the second one, right? And now the third one gave them access to everything.

They had full user access, full user, you know, you see every single user detail of all of Instagram, right? Total access bins. Wow. And so Instagram told them here’s money for the first bug, but you weren’t allowed, it’s beyond scope to use that [00:07:00] bug, to find other bugs. So we’re not giving you any vulnerability money for the next ones, for the ones beyond that, and so much.

So that Instagram got really mad at this person and called their boss and tried to get them fired and stuff. It was really, I mean, there were threatening legal attacks and stuff like that. So it’s, it’s also just a fine line to say, I’m, I’ve been doing this for many years. I’ve been a bug hunting for a long time.

And I know, you know, the ins and outs on how all these scopes work and still have that problem of like a company not willing to pay for bugs. It’s it’s still tricky at times. So yeah, it’s, it’s hard to do it right. And figure things out and yeah. Good, good luck.

Ashish Rajan: Funny enough, we were talking one of the CISOs on the show and qualification was more around the fact that. Outside of the bug bounty hunting if you have responsible disclosure on your website, it seems also invite people who are, I guess, actively on the internet, looking for bounties that they get paid on, but it’s almost like abot kind of a system where they just keep sending you [00:08:00] emails.

Even though you’re say, for example, you’re this responsible disclosure program would say that we do not want to entertain any bounties, which may be related to this 10 categories over here. Like we know they are, but we consider them as low. So do not charge for that. But. They will still get emails consistently, almost like they hound them like an email coming every two months saying, Hey, what do you think of the vulnerability?

It was high, but it wasn’t high because if you do the mistake of responding to them once, oh my God, you’re basically you’re inviting a, I don’t want to use the word spammer, but they just do not stop off of that. You just go into the repeatedly. So I think the one time it stalled was after 15 emails from that person.

And you’re like, it just, you just keep ignoring, ignoring you noting. And by after the 15 email like that, finally the person that gives up at least that’s what happened in arguing. Do you see those scenarios as

Jack Rhysider: well? I’ve seen that in my own website. Right. So I got people to submit things to my site and , I look into him.

Right. And then I’m like, wait, there’s no vulnerability here. I could make it more secure, but there’s no like whole, right. [00:09:00] So like on my website,darknetdiaries.com. It’s a static HTML site. So there’s no backend PHP or database or users or anything. Right.

So it’s just flat HTML across there. And so there’s no like stuff that you could get into because whatever you see is all you could see, you could just scrape the whole thing and now you have the whole site, like there’s no beyond that. Yeah. And so people are always trying to show me like, oh, there’s a vulnerability here.

And I’m like, but there’s nothing to get out of the whole site. There’s no like SQL injection and people think that there is and stuff it’s weird. It’s so weird. And yeah. So I see it and I try to convince them, like, it’s not something I’m going to fix, feel free to, and this is the thing you’ve gotta be ready for is if somebody tells you there’s a vulnerability and you don’t want to fix it, you have to be prepared for them to publicly disclose that.

Yeah. And so that’s what I always say is feel free to publicly disclose this, that there’s this on my site, because that’s the kind of the thing that a lot of companies get worried about. Right. So they’re like, yeah, we don’t think that’s a, of severe enough vulnerability. And then when the person says, okay, well I’m going to blog about it and I’m going, and it [00:10:00] spreads around all over Twitter and it makes news articles and stuff like, oh, look at this, they’ve got a vulnerability.

They’re not fixing. Then that company goes back and says, okay, okay, we’ll fix it. Cause now they’ve got this kind of public shame that they have to, so you have to be prepared for that. If you’re not going to fix a vulnerability, is it, are you okay , with this vulnerability hitting the front page of ARS, Technica cars, something, cause you didn’t want to do it.

And so, you know, you just have to be ready for that.

Ashish Rajan: Oh my God. Yeah. I share your pain in this. I’m just going to say this cause I think we can go into very differentrabbit hole with that , but I do appreciate, that you share your experience as well.

All right. So we kind of spoke about the differences and I’m glad you mentioned the legal difference between a bounty hunter and someone who is a criminal, out of curiosity I always looked at like before Darknet Diaries, I always looked at investigative journalism as a thing where, you know, a news channel would cover.

Part of it is as dramatic as, as they can make it. They’ll probably make it as dramatic so that people are like, oh my God, I can’t believe someone asked me, do I drink disinfectant or whatever. Right. So I’m just making them an example. But then you have the 60 [00:11:00] minute version where you have like a one-on-one quote unquote with the, with the individual, but even then there’s it kind of, at least to me, it seems like it goes to a certain agenda, but yeah, I love how the perspective that you’ve taken of storytelling it’s almost like to your point, what you were saying earlier you have music, there’s a, there’s basically like a sequence to it.

You’ve gone and completed the whole story. And it’s not just left with a cliffhanger in the end, unless you talk about the Xbox episode that you did, which you did two episodes of, which was interesting to have a good cliffhanger for that. What made you go down the path of like the whole dark side?

Cal covering that side? Cause I mean, you can totally go a happy story , other things as well, but why just the dark side? Yeah. I mean,

Jack Rhysider: I was really into podcasts, like listening to podcasts a lot. In the last seven years or so. And I was living shows like Radiolab and this American life and, 99% invisible and stuff like that.

And I was like, these are great, but this is just for like, these are everyday stories. I’m just EV you know, they’re not in any particular niche. And so I was like, [00:12:00] where is that show? But for hacker stories, because there’s just as much drama in a hacker story when you’re the CEO of a company. And you’re trying to figure out if you should pull the plug on the entire network and stop, like pull business, come to a complete screech, because you think it’s more important to stop the bleeding than it is to keep business running.

Like there is such dramatic moments in so many different things we do in, in cybersecurity. And I thought that needs to be a podcast. Where is that podcast out there? And so I couldn’t find it, it didn’t exist. There were little bits of it here and there that I found, but there wasn’t. It wasn’t enough. So I said, that’s, you know, I’m going to make this.

And so what I had to learn, I had to read a book, you know, I have it right in front of me here, and it’s called out on the wire. And it says the storytelling secrets of the masters of radio and on the front is IRA glass from this American life.

Right? So I’m like, well, if these people are going to tell me how to make what they made, that’s exactly what I want to do. So that was where the starting with that book. And I learned the elements of storytelling and there are a lot of different things you can [00:13:00] do, right? You got to set the stakes and you’ve got to have twists and you’ve got to have resolution and you got to ask questions and solve questions.

Like there’s all this stuff that goes into it. And so I kind of learned from all those guys. And yeah, I just realized also that everyone’s talking about hacking that’s going on. Right. My barber, my neighbor dentists, my dentist, and I talk about hacking stories. Like every, this is on everyone’s minds, like, oh, did you hear what happened to Sony?

Yeah, let’s talk about it. This was great. This is what I talk about all day. Right? So if the average person, if the everyday person is just totally fascinated with what’s going on in hacking world, right? Where’s that extra bit of information that they want. They’re obviously not going to follow all the latest news and know about all the cybersecurity incidents that are going on.

They just want something to bubble up so that they can. Like understand what happened and I’m kind of a slow news junkie as well. So I’m like, I want to wait until this story is complete to, before I tell it. So I might wait five or 10 years and then say, okay, now we have indictments and we have arrests.

Now we have the whole story. And so that’s when I go from, okay, here’s [00:14:00] what happened from the very beginning, all the way to the end. And that’s that’s time to tell that story. Right? Cause I’m not a person who’s just like, okay, this is what happened this week or yesterday or something like that. That’s just a lot of the times we don’t even know what it is.

And it’s just, we hear like a, a rumor and we’re writing new stories on that. And so I kind of want to pull back and say, I want all the dust to settle. I want all the opinions to be swept away and I want the truth to rise up. And that’s what we’re going to report on here. And I don’t mind waiting five years.

And so, yeah, that’s kind of how I settled on this topic and got going on this.

Ashish Rajan: It’s an interesting question that I’ve come across right now, from neon Jay, over here, it says great show. Sorry. I don’t know what the reason is for the video for the Jack is on right now. Very Cybil funky though.

So he likes a silo, funky filter is what it is. It was file sharing. Why? I mean, I guess what kind of stories you share with us, which makes the really important. Yeah,

Jack Rhysider: I mean, there, it feels like over here in the U S it feels like journalists are under attack. Like, it just feels like there’s these chance of like [00:15:00] fake news and you see like, journalists just getting.

Hit hard with all kinds of tax, physical harassment, everything. So one of the things I like to do is if I’m going to be just reporting on the news, I like to take a step back and kind of remove myself. So I don’t want my face to be out there and I want to have privacy. And I think people who are insecurity get privacy, like immediately, they don’t even ask questions.

They’re like, yeah, of course you want to be private. That’s the whole point of what security is, is maintaining your privacy. So, yeah, I just, I don’t like to share my face out there. That’s the biggest reason and yeah, I mean, there’s also, you know, the, some of the stories I report on are maybe I’m opening up stuff that those companies don’t want me to talk about.

And so they might be mad at me and they want to retaliate or something. And I just rather, not be, not be an

easy

Ashish Rajan: target. And as, as my calling God, and I hope that answered the question, but some of the stories, I’d definitely encourage people to check out Darknet diaries and the stories that you cover, because

these are not stories. A lot of companies are comfortable sharing as well. Right. There’s a lot of anonymous, even from that perspective. Like I think a lot of things that you did [00:16:00] where you interview online criminals and hackers and everyone, and I’m sure they would prefer their anonymity’s as well. I guess it’s one of those ones also where you want the information to be out there so others can learn from it.

But at the same time, it’s a double edged sword because it makes you the target as well.

Jack Rhysider: Yeah, it’s funny you say that because one of the running jokes I have about the first question I have when we start, when I started talking with someone is, okay, are you ready to share with me the worst day of your life?

The story when that happened, we made to get into it because that is really what’s going on here, right? Yeah. It’s the days when people, when a hacker got arrested and their door got kicked down with guns pointed at their face, like, you can’t get much worse than that. And you got put in prison for seven years or whatever.

Right. So let’s get into that story. Let’s talk about that. Right. So yeah, there’s a lot of horrible stuff that happens to people on my show and I’ll joke about it, but it is really bad. And Yeah. He was like, let’s let’s not get any more bad things that happen to people or something like that.

Right. So

Ashish Rajan: Someone gets a call from Jack, like, Hey man, or, Hey lady, can you tell me when the time you got hacked? I want to make it public. I was like, no, thank you so [00:17:00] much. This is totally a scam call. Right.

Jack Rhysider: And you know, to be honest, when I first started the show, I was like, there’s no way I’m going to be able to ask these questions and get people to like, cry on the show and all this stuff.

And cause you know, sometimes it happens sometimes it’s just like, yeah, man. You know, as I was getting married like a week before, and then I got arrested and all this things and like it’s really hard. And so I thought it would be just too embarrassing and too hard and too awkward to ask those questions.

But it, it turns out to be pretty. Like cathartic, almost like, go in and see a counselor and let’s talk about it and let’s get it all out there. And how did you feel? Cause that’s the, one of the biggest questions I have is how did you feel. When everything was going, right. And then how did you feel when everything was going wrong?

And a lot of people don’t ask those questions , when you’re, in a bar telling someone’s story about the time you hack something, , that’s crazy story, man. And that’s about all you get, but here I am like, no, let’s like how, how much of regret did you have 10 seconds after pushing the enter key?

Right? No regrets. You’re just full on. It was the best feeling ever. And how when’s the next time you slept after that? Right. And you know, I didn’t sleep for three days after that because it [00:18:00] was the most intense adrenaline rush in my whole life. Right. And so yeah, it let people get to let out all kinds of things that nobody ever asked them before.

And it feels good about the end to a lot of them, you know, obviously people aren’t telling me about crimes they’ve committed and got away with, right. So I’m typically asking people about crimes, they committed and they got caught for, But yeah, I mean it’s still an intense conversation to have with someone.

Ashish Rajan: Yeah. Wait, do you ever cover a story where you have to meet one of these online criminals? In a jail?

Jack Rhysider: Oh, I really want to, I just never figured out the logistics of it, but I need to do that in the next

Ashish Rajan: year or so. That would be super cool. I mean, I guess I’d say it’s super cool, but I’m playing pretty scary as well.

Going to visit person in Jail or Wherever hope they don’t keep hackers in those kind of jails. I just hope.

Jack Rhysider: I’ve corresponded with people in jail, like, okay.

I send them scripts and I send them stories and snippets and idea. I dunno, anything. I think they might be interested in tell them about who I am and I may be interested in when you’re getting out, let’s have a talk and stuff like that. [00:19:00] And so we write back and forth, you know, I’ve done that for some people, but there are some people that I would love to visit and get their story because they won’t be able to talk for a long time.

Ashish Rajan: Oh, okay. But yeah, I’m not going to go into the I guess what people do and whether it’s justifiable, what they get punished for.I digress to another question over here I don’t know if you’re okay to share this one. I’m wondering, did you buy that filter or can we build a filter like yours?

Jack Rhysider: I’m just using the snap camera app on my computer and it gives you all kinds of video filters. It’s really cool. Most people put their like puppy, dog ears on and stuff. Not me. I I’m like what’s the, what’s the thing to obscure my face the most.

Ashish Rajan: Yeah. Okay. There you go. So that’s, that’s the app.

I’ve got a question on clubhouse as well, and I’m gonna bring the individually in one second.

Hey David, I can do the stage. What’s your question for Jack?

I did. Yeah.

Jack Rhysider: the other question that I had, did you ever read Brian Krebs Spam Nation ? Cause it sounds like. Exactly the sort of story that you’re trying to create here. And I thought that was just a good reference points for me and what you’re talking about.

Yeah. I mean, their spam nation is a great book to talk about all the spam [00:20:00] Kings that went on.

Ghost in the W ires is another one by Kevin Mitnick and, you know, reading these ones. If you go to that section of the library or the bookstore, there’s only like five or 10 books that are just like stories where it’s not, like technical, like here’s how to secure your Kubernetes instances or whatever.

It’s more like here’s that time of this, of, you know, like there’s Kingpin is another good one. And, there’s one by Kim Zetter about Stuxnet, you know, in these books they talk about, it’s like eight hours of this one hack in this one thing that happened. And yeah, those are really good stories. And I was taking those and turning them into the podcast. That’s another source of inspiration I had was, was all those kinds of books. Yeah. In spam nation. I love Krebs that had the hotspot. I actually go to Moscow and talk to some of these guys face to face. I was really, I thought it was a really good read. Awesome. You got involved with some pretty crazy stuff in that one.

It’s a good book. Check it out.

Ashish Rajan: Thanks for the question, David I’ve got a few questions to go through as well, so we’ll probably get through them and come back to the question on the audience. I have this definition of a hacker in my mind that I always go back [00:21:00] to a lot of people. Talk about, Hey hacker. When people think about hacker, they always think about someone who’s behind, I guess, a snap cam camera trying to write up some code.

They go some machine. But I’ve always appreciated the fact that a lot of people who create content as well, even like what you’re doing and a lot of other people on the internet do there, or even people who runs businesses. Right. Everyone’s trying to figure it out. Like no one really truly knows the answer for a particular problem.

They’re all trying to try different variations of ways of solving the problem. So just using that as a thing, would you call yourself a hacker as well? What’s your definition of hacker in that context?

Jack Rhysider: I really think a hacker is anyone who faces something, then it’s a problem.

Right. They can’t get something done and they have to get it done in a non-conventional way, in a way that they’re not really supposed to, be able to do or something like that. Right. So if you take your car and you. Make the rims extra wide or you Jack it up or you adds, all kinds of like the Jack ejection seats or something, you’re hacking your car [00:22:00] too, to make it do things it’s not intended to do.

Right. And so it’s the same thing with like, I couldn’t get some software to work on my computer, so I had to change the clock in order for it to reset the thing and all these things. Like, you’re just doing these things to get beyond what it’s intended to do, then you’re a hacker. So yeah. I mean, I think we’re all hackers and if we’ve ever hit a problem and then figured out like an out of the box way of solving it yeah.

Then we’re hackers in that sense, that’s for sure. I think the media kind of distorts the term hacker and equates it to cyber criminal. And I think a lot of us don’t like that at all. And so I try not to do that in my writing, but yeah, if it’s still at the same time, it’s an easy way to describe what, like a computer, Cyber, it’s hard to, it’s hard to come up with another definition of hack for in the computer hacking term, other than just, it’s a nice, simple way of explaining it.

Yeah. You hacked into that database.

Ashish Rajan: So I’m going to call my parents and tell them I’ve been officially made a hacker now because Jack said, because I’m hacking my way through content. So I’m definitely a kind of Hacker

Jack Rhysider: yeah, for [00:23:00] sure. I mean, one of the things I read the most is is Y Combinator is hacker news, right.

And it’s almost never about hacking or, you know, cyber, computer hacking. It’s always about entrepreneurship. Like that’s the whole concept of that website is entrepreneurial

Ashish Rajan: growth hacking. That’s our growth. Yeah.

Jack Rhysider: There’s yeah. Hacking and just anything like, yeah. That’s another thing. Growth hacking is getting new listeners or users to your product.

More of a gorilla kind of marketing, right. So it’s not just like using ads, but it’s like You know, sticking stickers at the airport or something, right. Like doing something that is an little unconventional or just a little bit sideways and figuring out ways to go viral. That’s another kind of thing is

Ashish Rajan: like I’m not going to admit to something that we did with, because at the airports around Australia and Sydney.

So I’m not gonna comment on that at the moment, but I’ve heard of people doing growth guerrilla side growth hacking. Yeah. It’s definitely a thing. I got a question here from Vinny and which is basically which is your favorite story from cloud security, vulnerability or breach.

And maybe I can sprinkle something on top of this as well. Cause you’ve covered so many criminal stories and I [00:24:00] guess, hacker stories and online criminal stories as well, is cloud security, vulnerability or breach? If you can give us an example of a story you may not have covered as well.

And if you have a favorite story that as well,

Jack Rhysider: It’s hard to, I say specifically that it’s like cloud stuff. Cause it’s kind of all meshed up now. So it’s hard for me to parse out in my head, which was on-prem and which was in the cloud. And what does it even matter when it comes to my favorite stories, but I mean, you’ve got these stories about people.

One thing I was thinking about recently was like, when I was younger, we could just get some equipment from a thrift store and build. Servers with it. Right? So I mean, windows 95, windows 98, there was no windows server back then, right? That was what servers were ran. It’s just the, whatever you were good at using was also good at being a server admin.

Right. And staying with Linux. But then we, then it created, there’s this whole server, you know, stuff, we’ve got VMware and we’ve got windows servers and we’ve got Linux server versions versus desktop versions. [00:25:00] And so now you kind of have a different skillset of there’s a, you’re a regular user of this computer, but then there’s servers and admins have to know a whole different kind of skillset.

And so you start to separate that, but it’s still within reach. You can still spin up a VM and run, active directory server and you can get that going. Right. But now with the cloud, It’s you can’t just go find that in the thrift store and say, oh yeah, I’m going to practice this cloud stuff. Cause I found an old version of it somewhere.

It’s it’s now you have to pay to practice to get good at being the server stuff. And so I feel like a lot of people are kind of tripping into the cloud. You get into Azure, you get into AWS and it’s your option overload. There’s so many things and you don’t know what you’re doing to get things secure and not because you weren’t playing around with that back in the nineties, screwing around because you had access to it or whatever.

Right. It’s just, it’s a whole new world. And so we get people who are like playing around with this as a teenager, getting into this world that they’re just like only in a [00:26:00] professional space that they ever get access to this or, or experience with it. Yeah. I think we’re making a lot of mistakes.

I think we’re. Setting access lists too strict and not letting anyone get out on things on accidental or opening up things too much. And it’s having people read buckets, they shouldn’t be reading or whatever the case may be. We don’t have like the, you know, practice from being a child screwing around and being curious.

We don’t get that. Let’s be curious and push all these buttons in the cloud kind of ability. Like we don’t have that privilege. So it’s weird moving to the cloud. So I’m sorry, I don’t have a story for you there, but that’s just kind of what my thought was recently.

Ashish Rajan: Cool. Hopefully that answered your question if you need.

And one other question here from clubhouse from Susheel I hope I pronounced your name correctly. Feel free to unmute yourself and ask the question again.

Jack Rhysider: Yeah. Hi everyone. My question is, with the advent of IOT and biomechanics on one side, And on the other side, we are seeing so many of the security products, which are coming to on day-to-day basis, which are promising to protect our network as well as our servers.

So what is going to be the future of hacking as per you?

[00:27:00] Yeah. It’s it’s interesting seeing so many things pop up. I mean, everyday I’m getting asked like, Hey, what do you think of this router that builds itself as secure wifi? Like, oh, well I don’t know. It’s brand new. I’ve never heard of it before.

Right. And so it’s interesting to see these companies making secure things. What I don’t see yet is just like a secure phone, right? Like there are two big options. Here are Android and apple, but I want to see a very popular, secure phone that like, it doesn’t require your credentials. It doesn’t give away your location.

It doesn’t give you all these extra acts. It doesn’t give apps. All these extra privileges. That they don’t need and stuff. And so what I hope the future is is that there’s enough people who are like, either saying I don’t need all those features because a lot of these features we are enable because it makes our lives easier or whatever.

Like, you know, if you have, Somebody that you want to know their location, right? So if you have a parent and you don’t want to keep track of where they are, you can turn locations on and on their phone. And now you can kind of watch to see where they are in the [00:28:00] world in case they get lost or something, and you can find them.

Right. But obviously that is a privacy issue because now they’re sharing their location to the world and it can be an issue. So we kind of weigh out these things of like, well, we want that feature, but we don’t want it to be insecure. So I’m hoping that either we no longer want some certain features and we’re just like, okay, we need to get a more secure thing.

Or we figured out a way to do things securely that respects privacy, but also gives us the feature. Right. So I really want there to be a bigger market for people who are into. Privacy. And that’s kind of like start there and then let’s build apps and phones and routers and switches and whatever for those people, because I’m telling you now the, the amount of data that’s collected from you on Spotify or an iPhone or an Android is just mountainous.

And I don’t think it’s required to get the services we get out of it. And I wish there was more products out there that just respected our privacy

very, very well said. And what I feel like is always a trade off between ease of access and [00:29:00] the security, and most of the people don’t get it because even we also, we are not a KRd if we are keeping our location on at all times.

Ashish Rajan: Thank you. Yeah. That wasn’t really interesting. and thanks for answering the question as well we have a few more compliments coming in for you, man. I love the Jack started in it at literal Jack of all trades. I can relate to that very much.

And hello from Anshul oh, there’s another question from me on what’s your what’s next for is it a Patreon goal or next phase?

Jack Rhysider: Yeah, I mean, the, my goal for Patreon is to release more bonus episodes for Patreon users. I think that is very, you know, respectful to them. And I just really want to, I just can’t seem to get ahead enough to come out like regular episodes for them, but that is a goal.

And the other goal is to possibly make a second show because you know, my episodes are about an hour long, but there’s some topics that just go way beyond an hour, Like there’s stories of, you know, election hacking. That’s more than an hour long. We gotta, we gotta sit down and talk about this for like six or seven hours.

Right. And there’s other stories I [00:30:00] have that I just think go way beyond kind of where I am. So I would, I was thinking about having a second show. That’s kind of like a season, like seven episodes season, and then we go into another subject and then different subject each season. But that could be a possibility and I’ve always wanted to do courses, but I never seem to get, it together to like, make a CCNA course or something like that.

But that’s been going for a while. I don’t know, maybe not anymore, but yeah, definitely the goal is to keep going with Darknet Dairiesfor quite a while.

Ashish Rajan: Awesome. Well, and I see a full-time gig as well now. Right? You don’t no longer, I mean, officially you don’t work with it, I guess like in the fro I guess.

Jack Rhysider: Is that right? Yeah. The I quit the job doing it. Security network engineering. And now it’s yeah, the podcast is full time. Thanks to the Patreon subscriber.

Ashish Rajan: There you go. Shout out to your patreon subscribers. Hopefully you get a few more for offer listening to this. The I’ve got another comment from Zinat here as well.

Thank you for pointing out the importance of privacy. Yeah, I think cyber security people definitely get the importance of privacy. I was gonna switch gears a bit as well. I know we’ve kind of been talking about some of the stories and we’ve [00:31:00] talked about a few other things as well about what your past has been.

Got a couple of incidents that came into, I guess, the cloud sphere for me. And we kind of touched on this with the whole Uber conversation, but, is there any crypto mining on the cloud kind of thing has come on your table yet out of curiosity?

Jack Rhysider: Yeah. I mean, I’ve, I’ve considered it myself, but what questions you have?

Well,

Ashish Rajan: I’m just curious in terms of like a lot of the cloud breaches, like the Tesla one, or like the there’s an Uber one is what I believe, but they seem to kind of like be, if you only get like the surface, like, oh, there was like a potential open access endpoint and someone got in starting projecting it.

Hasn’t gone beyond that as well. Like actually someone was able to share this story that someone’s crypto mining and basically they never found out for like a six month period or does even went worse that they went, I mean, they went down , what was the recent example was ransomware, but someone actually paid the ransom as well.

So has it, have you heard a story that, or did you get across any stories which were like a bit more than just an open end [00:32:00] point access?

Jack Rhysider: Yeah. I mean, I think that the common thing , is finding keys or finding logins and then getting into like often it’s API keys.

Right? So you open up that too much and you open it up, so your app can contact. So like something I’ve seen is when somebody takes an Android file, it’s an APK program, right. That’s just kind of like a zip. So you can kind of look into that and zip that and see what’s inside there. And you can look at those files and if somebody is just saying, okay, well, here’s the database connection to AWS and here’s the API key to get in there?

Well, you can see that sometimes by just examining an APK file. And then if you have the key, you can then use that database connection to. Get everything out of the database or at least read, right. If you have right ability, then you can do that too. So, yeah, that’s I think is probably the most common vulnerability.

I see it with the cloud is just a lack of securing credentials or, or keeping having a bucket open and viewable when it doesn’t need to be. Yeah. The other thing is like [00:33:00] people will push a code to GitHub and in that code will be credentials as well. That’s pretty common. So you have to watch out if you’re having it have as your repo.

And that has like some sort of. You know, database connection account there. Yeah, I can’t think of any crypto mining in the cloud stories off the top of my head though. I know

Ashish Rajan: If they do come in, I would love to hear them on your show as well. So I’m glad I planted the seed.

Jack Rhysider: I’ve heard the story before of people breaking in and then running crypto miners in networks.

And I just can’t tell you whether that’s on prem or in the cloud. I don’t know exactly where that

Ashish Rajan: At least the ones that I’ve heard seems to be on the cloud environment and most cloud providers seem to be actually paying money as well, but let me just rephrase.

So this noise that I’ve heard of is where, and I think some of them, some of these are public as well. I believe Tesla’s was the one where we were running Kubernetes security month, last month. And one of the stories that I came across was in 2018, Tesla had their Kubernetes API. So which is basically the mothership for Kubernetes

that is by default on [00:34:00] the internet and someone had it on the internet. Basically someone took over and ran the small container with were just doing crypto mining, but it was such a small, I guess, container, it didn’t really come up as a massive memory spike or a CPU usage spike. So they were in the re under the radar for some time and it was really interesting to kind of, hear those stories more from, oh, something love was leveled from the engine. Every time I’d watched him just by the nature of being on the internet these days, anything and everything.

Even you get messages from people for bounty hunting. So considering yours as a static website, which is just texts. I can’t imagine what people who have actual data. As in like actual sensitive data, like companies like Tesla and Uber, when they put their website online, I’m sure they get hammered quite a bit as well.

So it’s usually stories around that where anyone had like an open end point on the internet. They got the hacker in the hacker started doing crypto mining for some time. Sometimes they were picked up because it was a performance bike, or there was a CPU usage, spike. But in majority cases they’ve [00:35:00] gotten smarter to the point that they go under the radar.

I saw it like a small blip in the radar and they remain there until someone destroys the container and then they. Good and don’t come back again. But anyway, in some scenarios, the customers who got like a massive bill of a hundred K or even more I think in some of the cases, the cloud service providers actually gave credit back to the customer as well.

So, I mean,

Jack Rhysider: I wouldn’t count on that if I have money.

Ashish Rajan: Yeah. I mean, well, but then again, this wasn’t the beginning as well, then own was trying to use cloud. Now everyone uses cloud. So I guess now. Probably this may not happen in terms of money being given by CSPs to the customer. But that’s the stories on the internet at the moment.

But, switching gears again I want to talk about your podcast as well. Last Christmas on this podcast, we covered how to become a cybersecurity podcaster and or what you’ve brought in into the whole cybersecurity podcasting is amazing unique perspective on the whole investigative journalism point of view.

I’m curious to know from you about [00:36:00] all these, like now you have 94 episodes and counting in this. 94 episodes that you’ve done so far, which one was the hardest to put together if you can share and maybe even why?

Jack Rhysider: Yeah, I think the Xbox underground one was the hardest. So first of all, it’s a two-part episode.

So it’s like two hours of video and then I had four guests on it. So I had to interview each person individually and then get that tape together. And of course, most of these people don’t want to tell me about the worst time ever in their life. So it was hard to like get them to agree. And there were other guests that I tried to find a, they didn’t want to agree.

Right. So I had to leave some out of it because they just didn’t like the idea of recording it. And other ones I couldn’t find. So, you know, I could have went like much further, but still dealing with four guests and then getting all the audio together actually, before I even recorded the guests, it was.

Really hard to understand the story. Like it was just, these guys broke into, epic games network to start with. And then from there they found the credentials into X-Box and bungee and world of Warcraft and EA [00:37:00] and like so many different other video game makers. And they were just going crazy, getting source code and hacking into video game companies.

It was such a wild ride. And one of them was Australian by the way. And it was, so it was such a complicated story because there were just so many different places they got into. And there were like 15 people that were involved in like the HR, each person has three names, right.

They have their real name, they have their online name. And then they have the name that their friends were calling them. Right. So it was hard to like follow who is who here. And so I drew like a big map of like all the characters and who they were, you know, how they were connected and what group they were in and were they on this team or that team.

And that just took like days to figure that out. And then I had to draw like another timeline of events of what happened when, and I had to have all that before I interviewed the first person, because if I’m going to get into the story, I need to know before they are telling me. So I need to know where this story is going and how crazy it gets and stuff like that.

So there’s a lot of research I have to do before the first interview. But yeah, that one, that one took forever to put together. And I was just so proud of it when it was [00:38:00] done, because it all came together very well. And so, yeah, that’s one of the the hardest one and the most proud of that. I think the answers two of your questions.

Ashish Rajan: Ah, there you go. And maybe I probably the next question is what’s the most surprising one that when you started investigating, surprised you the most? I guess,

Jack Rhysider: yeah, I think there was this one called project Raven so the guy reached out to me and he’s like, I got the story and he starts telling me, and I didn’t know, it was part of this big, big story.

I was just like, all right. Yeah. I’ll just hear your story. Okay. It sounds interesting. And I wasn’t asking the right question, so I obviously didn’t do enough research to know he was involved with this. I mean, he was ex NSA and he moved to United Arab Emirates to do some hacking against other nations within the middle east.

And like, he was literally like, just deep into the nation state hacking scene. And I just didn’t get it at the time. I was just like, okay. His whole point of wanting to tell me was that you gotta be careful when you’re accepting contracts abroad. And that was the whole reason why he wanted to tell me this.

So I was like, okay, [00:39:00] let’s hear why that’s important. Right. So I’m looking at it from that angle, but I didn’t realize like, oh my gosh, there’s so many other people I need to bring into this. And there, this is a huge story. And, you know, I didn’t realize all that until I had listened to probably the second or third time to what he was saying.

And I’m just like, wait a minute. This is really a big deal. And so then I started finding news articles and I was like, oh my goodness. I should have asked like a whole bunch of other more questions here. But he was very kind of hesitant to tell me some of those other details. So he didn’t really want to have a second interview, but at least I I was able to understand the story and get some other people involved in that one too.

So yeah, that one was pretty surprising.

Ashish Rajan: Yeah. Always at the one where, I think one of your listeners decided to get a tattoo of that same artwork as well.

Jack Rhysider: Yes. Yeah, that has been the so the artwork for that episode is a Raven with a security camera for Ted. And that’s been one of the most popular pieces of art that I’ve made for the show.

Ashish Rajan: Yeah. I’ll definitely encourage people to check out your website and check out that artwork as well. But it [00:40:00] definitely, I can understand the complexity of layers as well when it comes from nation state, I can’t even fathom, man.

That’d be a whole nother level. So another question on the episodes, and I know it’s like probably hard to tell, but what’s your favorite episode so far out of the 94? I’m sure one of the answers would be the, be the favorite is yet to come, but

Jack Rhysider: maybe I might have peaked at that Xbox underground wine.

That was such a such a brilliantly done. I don’t know how to describe it. It was just such a, one of those like magic moment ones that I can’t believe I got those people to talk about that. Right. It’s just such a remarkable story. The other one that is really. Up there is the one called operation going symphony.

And I was at Def con talking with some people and somebody tapped me on the shoulder and I was like, yo, what’s up? And they’re like, do you, do you want a story from the NSA? And I was like, yeah, I want a story from NSA what do you got you’re from the NSA? And so like the NSA agents, you know, decided, well, you know, I’ve got one for you and I’m allowed to tell it even general, Paul Nakasone is approving it.

You know, I [00:41:00] think I can get his permission to tell it publicly. And so this was like a legit, like, Hey, the NSA is admitting to hacking ISIS. That’s what the story was actually, ISIS. And so, yeah, I mean, I had to get permission from all kinds of people in the department of defense to get him on the show.

And then after it was made, I had to run it by them again, saying, this is what we’re going to publish. Is it all right with you? And they had a couple of things they didn’t want me to say, and it wasn’t much, but other than that, it was ready to go. And like, yeah, even the head of NSA had to approve it, which is just phenomenal that I was ever able to get that level of access because NSA, in my opinion, doesn’t admit to any hacks ever.

And here they are. Admitting we in person, like this is what we did. And that was just like it. That was kind of what I pictured this show to be one day, right. Is getting that access to people who you would never be able to talk with, right. Where the average person would never be able to talk with and hearing a story about how they did this crazy hack.

That’s what I want to bring to you because you just don’t have access to these people. And I want to [00:42:00] get access to those people and cultivate those relationships and find that out. And that is hanging out with criminals at times, and hanging out with NSA and CIA and secret service and all this stuff that I seek out.

And I find these people and I just have drinks with them at Def con or whatever the case may be. And yeah, it’s crazy. Those are my people at this point.

Ashish Rajan: Wow. And thanks for sharing that, man. I appreciate that. And. I’m thinking more people who may be listening to this and going, oh my God, this is such a fascinating story.

And also a great way to kind of portray that as well, with all the music and everything that he put into the episodes as well, that people can, people get to experience when they listen to your episode. I’m thinking about people who may be listening to this and going and may go on their websites, get fascinated by the artwork and like, oh my God, I want to make something like this.

So for people who may be getting inspired, listening to you and thinking, Hey, podcasting could be amazing. What are your first thoughts on for people who want to jump into podcasting?

Jack Rhysider: This is a great question. So before I started podcasting, I was blogging for seven years, right?

And , this was me hitting a problem at work as a [00:43:00] network security engineer, Googling the question, Googling the problem, not finding an answer and then saying cripes. I got to figure this out on my own, through trial and error in the lab, whatever the case may be, and then struggling and struggling, and then finally finding a solution.

And then I’m blogging that, right? So I’m not blogging like ideas or thoughts or trying to be a thought leader. I’m just. Telling myself the solution for later in case I hit this problem again, in the future, here we go. I’ve already like solved this once before. I don’t need to go solve things again, because everyone has like figured out this crazy command line.

That’s like, you know, 10 different things that you’re writing on the command line. And you cannot remember this command again for the life of you. And you’re like, why didn’t I write that down? It’s not my history. I should have wrote that down. Right. So I, it was just blogging to kind of keep my notes on.

This is the stuff that I’m need to recall later and you need to find later. And so that was a lot, right. There was a hundred articles, maybe 200 articles on this blog. And that was helping me practice. Right. Talking about technical things in a simple term, right. So maybe I’m explaining [00:44:00] how to troubleshoot a VPN.

Well, I don’t need like. 20 different nodes and instances and all this extra stuff in the network diagram. I just need a simple, as I can, let’s get this problem figured out and solved and describe it in as simple as we can and solve it as simple as we can. And so that’s kind of what my goal was.

So that was just practice of using this language of cybersecurity language and how we use it effectively and how we can explain technical concepts and stuff like that. So, seven years of just practicing, like solving problems it’s written to the public and that opens you up for criticism and other ideas.

And other people are like, well, that’s not the way I would have solved it. I would have solved it like this. And now I can add that out of the stuff, you know? So you kind of get this public feedback. So that’s kind of gave me the, , encouragement, but you know, the. The attitude of like, okay, what’s the next level?

I’ve been teaching people through the blog now I want to teach people through a podcast maybe. Right. So that was kind of another trajectory. If it wasn’t that I was going to do like YouTube videos or something of just teaching people how to do stuff. But yeah, it just kind of gave me the practice.

So I think if you’re going to start a a cybersecurity podcast, there’s probably [00:45:00] three different, Genres , or styles. So you could do a news related one, or you could do a, interview related one, or you could do something like I am, which is storytelling. Or maybe you could do a like a fourth one might be like educational.

Like here’s what VPN is or something like that. Right. So you got to pick your style and yeah. Maybe it’s something you want to learn more of, or maybe it’s something you already know. And yeah, once you figure out that style, then you can just kind of go from there.

I think the hardest part is coming up with the content and not so much figuring out all the equipment and technical aspects of it. That’s something you can figure out on a weekend, but being able to talk comfortably on a mic and have good content and find something good and have like a good connection with your co-host, if you have one or whatever the case may be that’s kind of the tricky parts.

I just encourage anybody who’s to. I think what’s important is if you’re like an amazing engineer at work or whatever the case is, probably the only people who know you, you’re amazing are your coworkers, your boss and your customers, which might only be like 10 people or less.

Right. And so when you go to get another [00:46:00] job, it’s going to be hard to get those 10 people to say, oh yeah, it’s such an amazing person. Right? And so if you can open yourself up to be a blogger, to be a podcast or something like that, when you go to get your next job, you might already have an audience of people who love you.

Because they just love the content you’ve been doing. And they’re like, wait, you need a job, come work for us and stuff. And on top of that, it’s so satisfying to create something creatively and to have people appreciate it and say, oh, that’s really inspired me to do these things. And it’s just been so helpful in my life or whatever, whatever it is.

It just is very satisfying feeling when you’re helping people. So yeah. I encourage anyone to start a blog or a podcast and video, a video content, just teach help, do whatever you can spread the spread the knowledge.

Ashish Rajan: I think I’ve got a question here. Someone’s asking you for your blog as well.

Jack Rhysider: That first blog I had was called tunnels up.com.

Ashish Rajan: tunnelsup.com. There you go. And I think you have another one called lyme.link as well, right? Yeah. I

Jack Rhysider: th I have something like eight blogs. I love blogging. So I have a, like a local area blog, or it’s just like in my town, I [00:47:00] blog about things.

You know, a technical blog and podcast blog. I think I have a video game blog somewhere that I was playing video games doing

Ashish Rajan: all right. Okay. So yeah, , that would be interesting. But so I think, I think that’s the website I’ve got that website there. So anyone else who’s on any other stream can go on there as well?

And I think we have lyme.link as well, if anyone wants to go there. So it’s really interesting that now, since you mentioned as well, that you’re doing this full-time at what point does one realize it’s okay to switch over ? Or what was that moment when you kind of feel that, Hey, now I can do this full-time because I imagine like the same people who are listening in and are.

Obviously curious about writing a blog or , making a podcast video or audio that going. Okay. I’ve gotten content. I I’ve been posting for some time maybe frequently at what time do you recognize like a, it’s a sign that, Hey, now you can make this full-time for 150,000 downloads.

Jack Rhysider: I think 99 times out of a hundred. It’s just not going to happen. You’re not going to go full time. It’s just very rare to get there. But you might start seeing like, just, money’s [00:48:00] starting to trickle in and you could see okay. If, if that’s after making 10 videos, what if I make a hundred videos that would be 10 times as much, right?

So you can start kind of doing some math and then figure out where you need to be before you can start having like a significant inflow. For me I was latching onto, what I saw was people really appreciated the show. And it was strangers coming up to me at conferences and being like here’s $20.

You mean a lot to me, I’m so thankful that I found your show and I’m so happy that you’re making it. And I was just like, wow, if I’m making that big of an impact to my small audience. Now, if I just had a bigger audience, I think I would make the same impact just on more people. And so if you take the smallest.

The audience and you can make an impact on them. Then that does scale up. If you have a small audience and you’re not making that kind of impact. And you’re just not there. You’re just not hearing like feedback of people saying how much they love the show or whatever it is. Then. It’s going to be hard to, I I’m a big fan of just like getting more value to your listeners or your readers [00:49:00] or whatever.

Like in the case of the blog, I was finding that people were coming to a specific article looking for something specific, but it was at the bottom of that page. I knew I needed to take that to the top of the page. Right. So I wanted to just give more value. Like you come in here for that answer here.

It is in the first, second above the fold. Right. And so that way, the next time they say, oh, I remember that page. It was helpful. Last time I want to go there again. Right. So it’s kind of cult giving more value to wherever you can. Then they’ll appreciate you more. And when you need to you know, use them for something you can or whatever.

So yeah, just see if there’s people who are really loving what you’re making and if you’re getting that, then you’re on the right path and you could probably take that chance and get through the dip and keep making stuff.

Ashish Rajan: Yeah. Awesome. No, thanks for sharing that. All right. I’m going to switch gears to the tail end of our show now.

And I’ve got three fun questions for you and hopefully not too long as well. So the first one that I have is where do you spend most time on million? Not to working on podcasting or technology or hacking in general?

Jack Rhysider: Yeah, so I’ve been doing a few things. [00:50:00] I practice guitar. I just kind of picks it up in the last year.

Of course, no, acoustic is all I have. And so, yeah, I’ve been playing a different old rock songs and stuff, and I’ve been running, which is strange because I hate running, but I thought that the pool’s closed, the gym is closed. I’m going to go do something, you know? And so I started running and it’s been fun.

I got over the hatred of it. So I’ve been doing that for the last six months and I was running today even so running has been a thing now and I’m playing chess has been another hobby of mine. Oh,

Ashish Rajan: fair enough. I was going to say running is probably good when the zombies are coming. Right.

Jack Rhysider: I had a dream that I had to run away from someone, and I was so happy that I’ve been practicing my room.

Ashish Rajan: You’re in the, definitely in the right space. You can anonymize yourself. If someone does come close to you, you can run away. But because no one else is practicing running, I guess I’m going to think question, what is something that you’re proud of, but it’s not on your social media.

Jack Rhysider: Hmm. Proud of I’m not in social media.

Ashish Rajan: That’s a good question. If you can share it as well, like I know it’s a fine line between, but going personal and I already can share as well. So I’m curious to know wherever you are, feel your privacy

Jack Rhysider: I’ve. I I’ve [00:51:00] stayed out of jail

Ashish Rajan: and I feel proud of that. That’s a great bar, man. That’s a good bar. I think everyone’s parents would be really happy if their son doesn’t get to go to jail.

Yeah.

Jack Rhysider: I mean, I, there’s something about my show that too, that like, if I had worked for the NSA, I wouldn’t be able to make this show because I’m giving away too many secrets and I’m giving way too many opinions, whatever, you know, my hands will be tied. I feel like that’s the case. Right? So I’m also proud of just like the whole way I went through life to get here, to be able to give my perspective you know, I mean, I criticize the governments around the world all the time, so I can do that because I don’t have any, I don’t know.

Don’t have any obligations

Ashish Rajan: not to. Yep. And and I’m glad you’re sharing the story. That’s about, so appreciate that. All right. Last question. What’s your favorite cuisine or restaurant that you can share?

Jack Rhysider: I like a cauliflower. So today I had, like one of my favorite things is Manchurian Gobi. I think that could be my favorite food in the world.

I’m serious. Yes. So today I had like a Buffalo sauce on my cauliflower. It was like fried cauliflower with Buffalo sauce because there isn’t Manchurian Gobi in my town. So this is [00:52:00] like the closest I can get. But yeah, I really miss getting Manchurian Gobi. When I lived in another town, there was some greatManchurian go be in a Western

Ashish Rajan: don’t like Gobi is cauliflower.

It’s little translation of Hindi in English. Yeah, isn’t it. Yeah. Yeah.

Jack Rhysider: That’s gotta be. There. I don’t know. I it’s called flowers, just such a delicious thing when made, right? Like if it’s just raw cauliflower, it’s horrible. It’s it’s not going at all. They dip it in a sauce. It’s just not good. But the way, the way, if it’s fried just right.

And oh man, and battered deep fried, maybe I don’t know how manchurianGobi is made, but it’s battered and cooked in a way. That’s just so delicious.

Ashish Rajan: I cannot believe I’ve met someone who loves a Gobi or cauliflower that much in their life this is definitely a first for me in my life as well. I’m going to add that in to that list, but I appreciate your time, man.

And I might towards the end of like, this is the last question that I had. So is there a final, any final words or where people can find you and talk to you, maybe share some of their stories as well.

Jack Rhysider: I mean, I’m at darknet diaries.com, but if you search any podcast player, you’ll find me pretty [00:53:00] easy too.

So darknet diaries is the podcast, check it

Ashish Rajan: This was really interesting conversation, man. I think that really enjoyed, unpeeling, I guess, unveiling the veils of some of those podcasting topics as well.

So thank you so much for coming on the show. I really appreciate it.

Yeah,

Jack Rhysider: this has been a blast. Thanks for having

Ashish Rajan: me. Awesome. Thanks everyone else. I’ll see you next weekend on our regular bug bounty, Google cloud month episode. And we have an interesting lady coming in. She’s been doing bug bounty for Google cloud for some time.

So, and she’s done a few SANS talks. So there’s a hint for who that person may be. And I will see all of you next week and I’ll see everyone on clubhouse next week as well. Thanks so much for coming here.

‍