Cryptography, encryption and building a secure photo app

[00:00:01] CS: InfoSec Skills is releasing a new free challenge every month with three hands-on labs to put your cyber skills to the test. October's challenge, Celebrate Cybersecurity Awareness Week, featuring a bundle of three labs that provide hands-on training with in demand cyber skills. Level one, get hands-on experience with the Metasploit framework and investigate systemic vulnerabilities like the professional ethical hackers do. Level two, leverage Pseudo to set up user permissions and explore the harmful side effects of improper implementation. And for your boss level challenge, you'll head over to our secure coding cyber range to correct secure coding errors commonly found in Python. Complete all three challenges, download your certificate of completion, upload it to LinkedIn and tag InfoSec for your chance to win a $100 Amazon gift card and InfoSec hoodie and a one-year subscription to InfoSec Skills so you can keep on learning. Just go to infosecinstitute.com/challenge and kickstart your cybersecurity career skills today.

Today on Cyber Work, my guest is Alex Amiryan of Stingle Photos photos. What’s Stingle Photos? It's an end-to-end encrypted open source gallery and sync app created by a professional cryptographer and able to prevent theft by breach. How does it work? And how did Alex come by his obsession for cryptography? Tune in and find out today on Cyber Work.

[INTERVIEW]

[00:01:30] CS: Welcome to this week's episode of the Cyber Work with InfoSec podcast. Each week we talk with a different industry thought leader about cybersecurity trends, the way those trends affect the work of InfoSec professionals and offer tips for breaking in or moving up the ladder in the cybersecurity industry. Alex Amiryan is a software developer with over 18 years of experience specializing in cybersecurity and cryptography. From early school years, he was obsessed with computers and technology in general. Alex is the creator of popular Safe Camera App, which was the predecessor of Stingle Photos. So Alex's story came to me in regards to his work with Stingle Photos, which is a photo sharing app and its connection to cryptography and encryption. And it seemed like a very good tie in in terms of thinking about the way images, videos, and just information in general is being sent through the Internet in comparatively unsafe or intentionally unprotected ways. And so I want to sort of talk with Alex about some of the ways forward here. So Alex, thank you for joining me today. And welcome to Cyber Work.

[00:02:39] AA: Thank you very much. Thank you for inviting me. I'm really glad to be our guest today.

[00:02:45] CS: My pleasure as well. So we like to start out every episode by getting the story of our guest’s cybersecurity journey in their own words. And it said in your bio that you've been interested in computers and tech from your early school years. What was the original draw to that? And also, what was the draw? You've become kind of an authority on cryptography and encryption? How did how did one go to the other? Was it just a natural progression?

[00:03:10] AA: Yeah, so my journey actually started when I was three years old. And my dad was a programmer and a developer back then. And I was really obsessed with computers. And back then it was 386, this kind of stuff.

[00:03:26] CS: Sure, sure. Absolutely.

[00:03:27] AA: Yeah. Yeah. Yeah. And after that, in school, I started like using computers and was really obsessed with them. And in the sixth grade, in the school, I got my first personal PC. And then I just like went all-in and never talked to anybody, never went to play with kids, this kind of stuff. Yeah. Yeah, when I was like in the high school, with friends, we started like doing some hiking. And it was kind of fun for us. But we just were playing, and until we got into the hands of law enforcement. And they just called us and said like, “You're very smart kids. We want you to put on the right track. These laws are just for cybercrime. These laws are just passed in our country. So just be careful. You’re just really smart kids. We want you not to get into any trouble in the future.” Yeah. And so after that, the hacking became security. And it's remained like that. And this was my main field of interest from the beginning and until now.

[00:04:43] CS: Yeah, we've had a couple of guests who have run afoul of law enforcement early on like that. Can you talk about that? Was that ever a consideration? I mean, was the sort of stern warning enough to make you say, “Yeah, I want to stay on the side of the law?” Or did you get a sense of like what other sorts of paths were available to you at the time?

[00:05:05] AA: Actually, we're just not doing anything malicious. So it was kind of malicious, but we were doing it not for profit. Yeah, just for fun. Just to see if we can accomplish it or not just to prove to ourselves. So there was no point in continuing in that direction. And actually, it's the same. So if you want to do security, you have to know all the hacking techniques so you can protect yourself from that. And also, while developing applications, you have to know all possible hacking techniques and so you can do the appropriate stuff to mitigate them in the first place.

[00:05:48] CS: Right. Absolutely. Yeah, I'm always amazed, and we have articles on our site how to destroy a server and blah, blah, blah. Like, well, yeah, you have to know that so that you know that it doesn't happen to you. So I want to know, we were talking about encryption and cryptography, what precipitated your move from software engineer to starting your own company, Stingle Photos? What skills did you take from your previous job into starting your own company? And what was the sort of – Were you dissatisfied with just being a software engineer? Was this another interest that budded later on?

[00:06:18] AA: Actually, let me tell you the backstory of Stingle photos. Like and how this idea came. So actually, at some point, I started like de-Googling my life and moving away from all kinds of Google services. And I found a really good alternative for Gmail, for email, for notes, for search. But when I came to find out some good like privacy-respecting secure alternatives to Google Photos, I found nothing. So this was like aha moment for me. Like why there is no – So there are some solutions that are really complicated, and they're not practical, even for a developer like me, like hosting your own server and using Nextcloud, this kind of stuff. But this is also not really secure, because now instead of Google, you're trusting your cloud provider where you bought your server, right?

And other than that, there are some like practical and very convenient solutions, which are practically the same as Google. So they're not encrypted, and the provider gets all of your photos and videos in the clear. It's like Amazon photos, Apple iCloud, some Keepsafe. I don't know. These kind of apps. And they're all practically the same. So there is no point of switching. So then I decided, “Why? I have the skills and I have the motivation.”

And also like for your question about what kind of skills I took from my experience. So I was a CTO in my last company. And I took like my development skills, my cryptography security skills, and also management skills, which are helping a lot right now.

[00:08:14] CS: Yeah. Well, that's a really good leads in my next question here. Can you give any advice for listeners who might be about to take the plunge and create their own business? What skills did you take from engineering that are helping you in this management sphere? And if you had any pitfalls in creating your own business can you talk about? Like how you overcame them? Or what to avoid?

[00:08:36] AA: Yeah, sure. So my first advice will be if someone is willing to start their own business, just find good ideas, find something that is needed. So like find a gap in some industry where you can see that people have this pain, have this need. And also it can be like in my case. So it can come from your own experience, right? You're trying to find something. Yeah, you're trying to find something and there is nothing that satisfies you. So this is probably the place where to start because you can think about it like this. So if you have this problem, if you have this need, there are probably several million people who have the same need and problem like you. So you can start right there.

Other than that, be persistent. Be motivated. Just have fun. Maybe it will not go well at first. Also you have to learn a lot of like business related stuff, like for raising money, for pitching your product. This is not something you're familiar with if you're a developer. And at the end, the last advice will be like just hire the right person, persons. So like do a lot of interviews. Spend a lot of time on interviews and selecting the right people, because at the beginning it's really crucial to have right people next to you. And especially, it's about cofounders if you have one.

[00:10:18] CS: Yeah. So let's sort of dig into Stingle Photos and what differentiates it. So you describe it in your bio as a secure and an encrypted gallery and sync app. So can you tell me how it works specifically and how it differs from the photo apps that you mentioned, Google Photos, and iPhoto and all that kind of stuff? What's did you do differently?

[00:10:41] AA: So Stingle photos, as you said, it's end-to-end encrypted, open source gallery and sync app. So let me explain what is end-to-end encryption. So usually, all of these services, they're encrypting your data in transit. So nobody in between can intercept it. But at the other end, it is their servers and they're receiving it in the clear and that's the problem. So the provider has your data. End-to-end encryption means that it's encrypted from one end to the second end, but on both ends are actually you. So you encrypt that. So all the encryption occurs – In the case of Stingle Photos, all the encryption occurs on your device with the keys that only you have and nobody else and we just provide a service for storing your data and syncing it between your devices, but we have no visibility on the data itself, whatsoever. So you have the keys. Only you control your keys and nobody else. So this effectively gives the advantage of the nice feature of Stingle Photos is that, for example, we see a lot of different data leaks all the time, right? So the last one was T-Mobile. And if you know that, they leaked a lot of data.

And if you think about it, these large companies have like billions of dollars in cash and they're still failing to protect their user data. And you can think of like if I get large enough, I will be hacked too, maybe one day, right? So like I was thinking about this problem a lot and what the solution. Solution is not to keep on your servers on your cloud infrastructure anything that you can't afford to lose. Plain and simple. So this is a whole idea behind Stingle Photos and it was like designed and developed with this mindset from day one. And it's like this right now. So if somebody would hack the servers and steal all the databases, files, scripts, everything from there, they will get like plain nothing out of it, because we don't have access and so does everybody else.

[00:13:05] CS: So the way it's working, if I I’m imagining it in my head, is like if you had like a storage locker and someone just brought in an empty black box that you can't get into and they put it in your storage locker and you're like, “Well, we're storing it, but I have no idea what's in there and I have no way to look into there.” So that's really interesting. So like you say, if you do get hacked, then they're just getting a mess of nothing. So, okay. That's really interesting. So like I said, we mentioned some of the other photo sharing on personal and professional level. It's beyond widespread at this point. It’s ubiquitous. And we all sort of whistle past the graveyard when we think about the sites that we post things on, whether social media, Facebook, Instagram, or photo sharing sites or storage sites like Google Photos or what have you. But these sites are sort of unabashedly porous in their approach to safety and privacy. I mean, I think it's working out for you and that you're providing something that they aren't. But do you foresee your sort of unusual method of end-to-end encryption ever taking off with these other companies? Or is this something that you think that they really don't want to lose that sort of access to your data?

[00:14:22] AA: So, actually, it comes from their business model. So they will not like Google and Facebook particularly. They will not opt-in for this kind of stuff because they want your data. So you're using Google and Gmail and all the Google services for free, right? And you're using Facebook for free. Are you paying monthly fee for Facebook? No. But it's expensive to keep all this infrastructure, and they need to generate money. So they generate money from advertising. And for advertising, the first thing that you need is to know the people that you have so you can do more targeted advertising. And these companies are really like data hungry. So they want as much data as possible to serve you as relevant ads as possible. And more the relevance the ad, the more money they get, because advertisers are more likely to go and advertise on their platforms. Yeah, I don't see in the foreseeable future that they’re going to change something.

Or the other possibilities, for example, if the laws change and they require these companies to do end-to-end encryption, but this is unlikely too because everything is going in the opposite direction actually. So lots of countries are trying to pass laws to incorporate backdoors in the encryption so they can view the data because they don't like that people can communicate secretly and they don't have any visibility over that. Yeah, I think this is a place for other companies like ours to take back privacy of users. So if you don't want to grant all your data to these large companies or use something –

[00:16:25] CS: Now, is your service just a black box storage or do you have like sort of sharing of images between Stingle users? Is there any sort of community aspect to it or is it really sort of set up like an online safe deposit box for your images?

[00:16:42] AA: Yeah, we have sharing. And sharing is also of course protected with end-to-end encryption. So only you and [inaudible 00:16:47] can see the photos and videos that you share. Actually – So Stingle Photos is on the outside. The interfaces, we would try to make it as much like ordinary gallery app as you always used to. So the switching is really easy. So when you open it for the first time, like you said like what? Like this is a like ordinary gallery. And we like also went into great lengths of effort to make it really fast. So all this kind of – This encryption, decryption is not getting in your way. You just use it as your normal gallery app. You just take some photos. It goes there. And it's automatically encrypted. You don't even know. And it's backing up or syncing through your devices the encrypted data and you don't feel it again. But all the time you're protected with this kind of security.

[00:17:49] CS: Yeah, it's just humming in the background.

[00:17:52] AA: And by the way, one more thing, we have a professional academic cryptographer in our team, which is a really famous guy. He developed Lelantus Protocol for Zcoin and is like a world-famous cryptographer and he's on our team. And he helped a lot during the development part at the first when we're just designing the crypto system. And yeah, he's with us.

[00:18:28] CS: Yeah. And you have that background as well. Are you still sort of working in that aspect of the company or have you sort of transitioned into sort of ownership management?

[00:18:39] AA: No. I’m working. I’m actively developing it beside the organizational and business part. But yeah, I really enjoy it. And I’m not planning to give it.

[00:18:50] CS: Right. Right. So can you talk about your crypto method at all? I mean, obviously, I don't want to give away anything. But like you say, you've got one of the best dudes in the world. What's so exciting about it to you?

[00:19:06] AA: You mean the technology part?

[00:19:08] CS: Just specific. Yeah, just the level of safety of the encryption.

[00:19:12] AA: Yeah. First of all, everything is open. We're not hiding anything. Everything is open source. And on our website, on the security page, you can read like really deep explanation on how everything works because in this field you have to be like really open. All code is open source. So everybody can check. And there's nothing to hide. So we're using actually a well-established and well-vetted and industry standard Libsodium crypto library, which is the backbone of Stingle Photos. And it uses ChaCha20, Curve25519, ECC Crypto, this kind of stuff, which is really fast and really, really secure. So yeah, this is a –

[00:20:05] CS: So speaking in terms of just the way that images and such are shared on the Internet, and there's certainly a lot of talk about doctored online photos and video deep fakes are becoming more prevalent and just the general sort of ownership or the originality of images gets harder and harder to track. Is this type of end-to-end sharing encryption a possible check against stolen and modified photos going viral and spreading disinformation with them?

[00:20:36] AA: I think, no. These things are not connected. So actually, like detecting deep fakes is more of a job of AI, I think. It's not about encryption. And actually I had an idea a few years ago to make a system like the opposite system, like system for verified photos on the social media so you can prove that this photo is really mine and I’m not fake. Yeah, and it will require some kind of a digital signature embedded in the photos. But the thing is the providers, like the websites, have to support this technology to be able to verify the signature and show the badge, for example, this kind of stuff. Yeah. So maybe it's something I will develop in the future.

[00:21:27] CS: Okay. That's another course. Okay.

[00:21:28] AA: Yea. But for detecting deep fakes, I think it's a whole another –

[00:21:34] CS: It’s not going to work. Yeah. What’s the average Stingle photo client? Do you have like people with like large – Like photographers with large collections? Like what sorts of people are using and enjoying your service?

[00:21:52] AA: Actually, right now, a majority of our users, as far as we know, because we don't collect any information. We don't have any trackers. We don't have any advertisements in the in the app. We have a Telegram group, like a fan group of Stingle users. That's why I know some people out of there. So I think the majority of them are just techies who are aware of these privacy problems, these security problems. And just like me, we’re seeking for some alternatives, and they finally found Stingle Photos and they're really happy with that. And yeah, and our user base is quite growing right now. We have 12,000 users right now.

[00:22:35] CS: Cool. Okay. And since you're not – I’m assuming there's a monthly fee since you're not mining content and things like that. You're making your revenue sort of more one-to-one in the sense of like we store this and then we collect the money from you.

[00:22:52] AA: Yeah, it's free and open source as I said. And with each account you get one gigabyte of free cloud storage. And after that, you can buy more storage with monthly or yearly subscription fees. And actually you can use the app locally. You can turn off backup and use it locally as much as you like. But if you want like backup and sync functionality, you like need some cloud storage. So this only thing that we sell actually.

[00:23:23] CS: Okay, perfect. So I want to sort of rotate over to the work of cryptography. This is Cyber Work podcast. So, obviously, your company is based around photo storage, but it seems like encryption and cryptography are obviously a big source of excitement for you. So for our listeners who are sort of trying to get into cybersecurity and looking for their particular job track, can you tell us about the day to day work of being a cryptographer, like what types of skill sets are crucial to do this kind of work? And what sorts of personalities learning backgrounds or training tend to do well with the work of cryptography?

[00:24:01] AA: So actually, I think the personality, like it’s you should have more like learning and you have to be a person who like digging and learning new stuff, just having fun out of it. And yeah, so cryptography and security in general is a very interesting field. And it's also like growing and developing really fast. So it's a lot of news every day, a lot of things happening. And it's a really interesting place to be right now because it's so much – It became so much larger of a problem for the whole industry right now because everybody's getting hacked. There are ransomware groups that are infiltrating larger enterprises and demanding larger ransoms. Yeah, it's become a big thing right now and there's a lot of potential if you want to start right now. There're lots of room to grow and lots of like this kind of secured secure end-to-end encrypted and privacy respecting applications that have to be created, because there are not much right now. And large companies are taking over all the space right now. We have to compete.

[00:25:27] CS: If our listeners are hearing this and saying, “That sounds great. And I'm glad there's a growing field. I want to get involved in it.” What would you recommend are some concrete steps that they could start tonight that would put their foot on the path to doing this type of work? Like what type of study, YouTube videos, online stuff, reading? Where do you sort of get that first spark?

[00:25:50] AA: Yeah, that's a really good question. And if you want to start and just to have a feeling that is this for you or not, you can just probably watch cryptography 101 videos on YouTube and just get to know what is symmetric encryption, what is asymmetric encryption, what is hashing, this kind of stuff. And then I can suggest really fun stuff to do. You can read out the RSA works on Wikipedia, for example. And then you can take a pen and pencil and choose very small keys, like, I don't know, two digit, one digit keys, which are really not secured, not considered secure, but it's practical for you to calculate by hand. As you, with your friend, you can sit down and choose your private and public keys, and exchange public keys and then start talking with each other with the public key cryptography, which is really fun so nobody in between can understand what you're talking. But you both, yes, you can decrypt what the other person is saying. It's really cool.

[00:27:03] CS: I love that. Yeah. That makes sort of a game of it. And also, it becomes a secret society. And it also kind of builds a sort of shared communication.

[00:27:14] AA: Yeah. Actually, my advice is it's always has to be a game. Like you have to have fun and it should be like a lot of pleasure for you to do this kind of stuff. Like not think of it about like this is a really serious job I'm going to do right. No. This is really fun. Like learning and doing this stuff is actually fun. And then you will like progress and make progress when you think of it like this.

[00:27:48] CS: Can you think of a moment when you were studying and learning about cryptography where you felt like your skill is really leveling up? Where you learned a certain thing or you learned a certain technique and you said, “Oh, wow! That really like changes the entire game?” Or is it just this this sort of constant evolution where you just get like slightly better every day?

[00:28:04] AA: It's kind of like you get a lot of information at the beginning and then it's like levels out. So at first, it's like, “Yeah, it's cool. That's really cool. It's changing for me. Yeah, everything is new.” But then after that, yeah, you get more sense of taste, more sense of that. You learn how to do things right. So also it's important not to imply cryptography and encryption algorithms, but also do them right. So your security is like a chain and it's as secure as your weakest link in the chain. So if you do a lot of good crypto, a lot of good algorithms, etc., large keys, but at the end you do something dumb in the meantime and you leak all the keys, for example, there is no point in the previous job. So you have to be very careful.

[00:29:01] CS: Very good point. Now, what types of companies – At what level? You said the job market for cryptographers is growing and growing and stuff, like you're over end over end. But like what types of companies hire cryptographers? Is it just sort of these sort of encryption storage companies? Is this is something – Like where would you start looking for a job like this once you start sort of developing your skills?

[00:29:28] AA: For cryptographers, I think any company that is developing something, something from scratch, I would say, and not using like readymade packages. So it's not about just cryptographer. So there's also a notion that like you take the cryptographic primitives and you assemble them in the right way so it will be secure at the end. So it's not about like writing and inventing your own crypto and cryptographic algorithms. By the way, I'm not an academic cryptographer. So I'm not inventing new algorithms. I just know how to create a good cryptosystem. So using the well-established primitives, like As256, like RSA. These are the primitives. And combine them into the cryptosystem that is secure at the end. And so these kind of specialists are like needed everywhere actually, and not only about cryptography, security in general. So they're like security guys in the cloud infrastructure, on the physical like offices and enterprises. So people need security guys everywhere.

[00:30:49] CS: Yeah. So it's a little bit more of a team effort then. It's not just a person in a room making crypto. Like you need to have your sort of security team there to sort of help you implement it. And like you said, it's not a solo activity. Is that right?

[00:31:05] AA: Yeah.

[00:31:07] CS: Okay. So looking to the future, what are the next steps in the cryptography arms race? Because it seems like every new level of encryption complexity or deliberate asymmetry will somehow get plowed through by armies of massive processors doing like nuclear calculations? Like do you see any tech or processes on the horizon that are really going to change the game in terms of encrypted materials? Or is it just constantly like we create something more complex and then it gets decrypted, and then we create something more complex and gets decrypted.

[00:31:33] AA: So let me tell you a little bit on which stage we are and where everything is going. So right now, we have a really solid cryptography. And there are no computers in the world that can crack it. So the thing is, for example, if you use 256 bit key, you always see that everywhere. So it's 256 bit encryption, this kind of stuff. And what it actually means? It means that the key consists of 256 bits, right? So each bit is one or zero. And you might think that it's not a lot, but this is a two to the 256th – To the power of 256. This is enormous number. Actually, if you want to like imagine, this number is greater than the number of atoms in the universe.

[00:32:33] CS: Wow. Okay. All right. So yeah.

[00:32:37] AA: So you can't brute force this number. So you can possibly try all combinations. So how the algorithms are getting like hacked in the meantime because you know there are some old algorithms that were hacked. You just find some clever way to shortcut it. So you don't try all 256 bits of combinations. You just find some shortcut to make your work a lot easier. And like cryptography started a long time ago. And now we have these algorithms that we have now. They're like the product of this many years of development and trial and error, and our knowledge in mathematics, in crypto analysis. And they're really, really secure. So right now, we don't have anything to worry about.

So what about the future? So the in the future, we're like anticipating that quantum computing will be more prevalent? And so right now it's like a toy thing. It's not dangerous at all. But in the 10, 15, 20 years, maybe they will become dangerous. And some algorithms will be no more like relevant anymore. So they will be not considered secure. But for right now, cryptographers already like inventing new algorithms and which are quantum proof. So we know what is quantum computing, and we know what to expect from that. And we now already developed algorithms that are quantum proof. And we also have a lot of time to move our industry away from the older and vulnerable algorithms.

[00:34:23] CS: Gotcha. So this is still ultimately going to come down to sort of errors of programming. I hate to say human error, but with the with the encryption being as sort of bulletproof as it is, it's ultimately going to come down to, like you said, sort of unforced errors and things like that. That's where breaches still come from.

[00:34:43] AA: Yeah, yeah, absolutely. That's why we think that open source is the way to go. So not only you, your employees, are looking at the code, but the whole world is looking at the code and give the opportunity for everybody to audit it and find any bugs maybe that will be – Yeah, that will hurt you in the future.

[00:35:03] CS: So there's not really – Even for people who want to crack the algorithm or the encryption, like having an open source, like that doesn't necessarily help them in terms of being able to crack it.

[00:35:12] AA: No, no, absolutely not. So the right encryption is not security through obscurity. So you're not hiding your algorithm. So you're actually hiding your keys. And keys have the users, which are protected for them, protected with their password. And in case of Stingle Photos, it's really important for you to choose a good password, at least eight or nine characters long, so your keys will be protected. Yeah, and other than that, yeah, this is a thing.

[00:35:45] CS: Alright. So as we wrap up today, can you tell me some upcoming projects you're working on with Stingle Photos or elsewhere that you're excited to share with our listeners?

[00:35:54] AA: Absolutely. So right now, we're releasing our iOS version of the app. So before that, we had only Android version. And iOS version is public beta right now. So users can find it if they want to be the first to test it and play with it. You can find on our Telegram channel, it's t.me/stingle_ photos. Yeah, so soon we’ll release the iOS version. And also we're planning to have desktop and web versions of the applications. And yeah, after that, those were the future plans. We're also going to expand to Stingle Drive. So we also have the same security. Our users will have same security for storing files and documents. And also we'll build an online document editor on top of that so you will be able to secure your files and documents with that.

[00:36:56] CS: So, just so our listeners heard it for sure, can you give us a where to go if they want to know more about Stingle Photos and yourself? What's the online? What's the URL?

[00:37:09] AA: So the URL is stingle.org. So it's stingle.org. And the telegram channel where you can get the updates and participate is t.me/stingle_photos. Yes. And that's all. Yeah.

[00:37:30] CS: Great. Alex, thank you so much for joining me today. This is a lot of fun.

[00:37:34] AA: Yeah, that’s very much. It was lots of fun too.

[00:37:37] CS: All right. And as always, thank you everyone who is listening at home, listening at work, or listening at work from home. New episodes of the Cyber Work podcast are available every Monday at 1pm Central both on video at our YouTube page and on audio wherever find podcasts are downloaded. Also, I'm excited to announce that our InfoSec Skills platform will be releasing a new challenge every month with three hands-on labs to put your cyber skills to the test. In September, you'll start in our Security+ Lab exploring the ins and outs of secure and insecure protocols. Level two, move on to explore secure coding errors commonly found in JavaScript. If you make it that far, it's level three, boss around, deploying advanced techniques leveraged by Sandworm AAPT to compromise pivot from and destroy a server. Complete all three challenges, download your certificate of completion, upload it to LinkedIn and tag InfoSec for your chance to win $100 Amazon gift card, InfoSec hoodie and a one-year subscription to InfoSec Skills so you can keep on learning. Just go to infosecinstitute.com/challenge and show us what you can do. Thank you once again to Alex Amiryan, and thank you all so much for watching and listening. We will speak to you next week.