What I really love is how @ImperialHal clearly isn't a programmer and or IT person but he didn't get discouraged by Thor's tech talk. Instead of thinking "oh man, I'm out of my element, I'm going to stop talking because I don't know what might sound ignorant", he went with "oh man, I'm out of my element, so I'm going to KEEP talking because I don't know what MIGHT BE RELEVANT"! And it made all the difference.
I do work in Software Dev, and that's why I give as much information as possible in software/hardware issues, or medical situations. In that situation, I know that it is not my job to decide whether or not a detail is relevant. It's the professional's job, and I am the customer in that situation.
dude, I just had a literal epiphany reading this! I was struggling with getting ownership and talking about the features that I built because everyone else has more experience than me in both in the area and in the project! Reading this made me understand that what I say might be relevant, and that solely should be enough encouragement for talking. Thanks!!
CLICKYCRISP?!? Holy shit I hope you’re doing well man! Me and my buddies use to watch all your csgo content back in the day! Fuckin brought back a bunch of memories.
If you dont believe that his aim felt weird, remember that steph curry once lost his dribble, blamed the floor, and it was actually aomething wrong with the floor
Yeah this is 100% a thing. People know when something is off about the thing they do for a living. I have nearly 6000 hours in rocket league and play competitively. I can tell the difference between default and my preferred sensitivity settings. The game gives quite fine steps, and I can still tell when something is off by 1. I can tell when the frame rate isn't as high as I'm used to. The game is best played at 2x refresh rate, so for me it is 280hz. I can tell when it dips to 240hz because inputs feel "off." Physics runs at 120hz in the game, but inputs are displayed as fast as possible with predicted movement for a few frames at most.
Same. Shorts are actually the best advertising for this man. You can't skip them because you're hypnotised by his voice at first but then realize every single word he spoke was pure wisdom and truth with a whole load of motivation and love poured on top - or alternatively some super funny oddball take or realization you won't ever be able to un-hear. Gotta love him :)
Definitely why I sub to Thor. His thought process. Having a answer and a counter argument to his own answer. It's Good to be confident and good to be skeptical. But great to be both.
You'd be surprised. This way of thinking and articulating ideas isn't actually that uncommon amongst professional software or security engineers, but seems to be extremely rare more broadly. I can definitely appreciate it on youtube in particular though - most people who think like this aren't out there making content.
The way he thinks is pretty much standard in this industry. You should always consider all possibilities, rank them based on probability, and try to prove or disprove each one by one. Of course he's very experienced and he has very good communication skills to explain this to the average viewer considering he's been a streamer for a while.
Only really noticed about an hour in, but huge thanks for not having ad interruptions on this upload. The cpm would be crazy because the runtime, and people will watch because it's a hot topic, but you didn't and it makes the viewing experience so much better. Most people won't notice, but those that do will appreciate it but probably won't say anything, so here's that recognition and thanks.
You should talk to the Northstar developers over this. From what I understand the Netcode and server architecture of Apex is directly build on the one form Titanfall 2 and apparently they are still extremely similar. The Northstar developer reverse engineered the client server protocol for Titanfall 2 so that they can host community run servers for Titanfall 2 which you can access via the modified titanfall 2 game client called Northstar. Outside of Respawn developers these guys are the most knowledgeable on how the multiplayer infrastructure works on those games. Titanfall 2 too had a long running problem where some guy was attacking the servers via his hacked client that send malicious packets to the servers and the Northstar developers were one of the few people actually understanding what exactly was happening and they patched it for the community servers themselves.
@@MorbidEel I disagree, for a very simple reason. The titanfall 2 attacks were way less playful. Even ignoring the possible people it could have been in TF the hacks and attacks there was just bringing down the server all the time, no messages no nothing just destroying all the fun. These apex hacks are, while still bad is varying in intensity, target methods. He is enjoying this like Thor said so unless he had a wild personality shift, I really doubt it is the same person/people
@@janvangils5560 well according to this they either dislike the community servers, which i don't believe or may have some contact with that other person. Maybe destroyer2009 is just the guy using the client and r4ndom is behind making the client. If this exploit is also in titanfall2 it could also have been written into a hacking forum and the both of them started working from there. Anyways the history is less important but it's good to know that there may be people more experienced with this
its easy to see how he missed the malwarebytes thing at first. green with a tick would just be like "oh thats fine" for most unless they know specifically what theyre looking for, specially when malwarebytes normally flags bad stuff at orange or red. really nice catch by the person who managed to find it in the vod
I'm studying computer networking in community college right now and I am about to transfer to a university to get a degree in cybersecurity, this is helping me a lot. Thanks Thor!
cybersec degree's are mostly garbage unless your goal it to be a best practice person. The problem with this position is it sort of became popular due to salary. But the people who took this role initially were hackers , malware analyst, reverse engineers. Think www.youtube.com/@LiveOverflow or www.youtube.com/@_JohnHammond types. Deep knowledge in thing like "live of the land" trade craft, or reverse engineering. we are talking about at least half a decade or more of accumulate knowledge just to get to the starting line. But now we have universities trying to replicate this sort of expertise... and it really doesn't work well. You get people that are basically in the dunning kruger effect. They are given this super wide pool or very shallow knowledge. like they sort of learn to know what possible.. but not how to implement it so they really don't know how to properly defend.
I've been a System Admin for 10 years. I'm glad people are finally learning how delicate cyber defense is. We have to get SO LUCKY in modern times because criminals have gotten better with better technology.
@@idiotidiot5821 Being hard or soft of crime really doesn't effect criminal behavior. criminals tend to have deficits in executive functions (impulse control, emotional regulation, foresight) Adding heavy consequence doesn't factor in much since the part of the brain that would factor that in and modulate behavior doesn't have a strong input into decision making.
despite not really being that into either Apex or developing, the entire notion of learning to understand the process to reduce the chances of me going off on some poor sod just based on my own emotions is pretty invaluable. Thanks dude.
I am imagining Thor sitting across from this guy in a booth at a greasy spoon dinner, giving this monologue, and then he says, "We're not so different, you and I. You just approached this puzzle from the other side of the line.". Then the Dragnet Theme plays. 1:21:03
@@PoeticSkizzy Areas that rely on critical thinking are very good at it. Using a skill as part of your job gives you all the practice you could ever need.
reminds me of one time I was checking on some servers late at night for a client, and found an active connection from an intruder attempting to implement ransomware. it was clear they purchased the ransomware package on the darkweb and had no idea what they were doing. But as a precaution, we still had to wipe the environment and reload from backup.
Never got interested in hacking, security, dev things.... but this guy is the goat. I can listen to him talking things i dont even understand for hours. Much love and respect for what u do.
This helped me in a very specific way; I've been taking a Cyber Security degree, and I've been feeling really discouraged like I'm not actually learning anything useful, but the fact that I was able to follow this conversation with ease was so encouraging. I know: a cyber security degree probably isn't going to land me a job in the end. But I'm committed now, and it's been difficult to find motivation.
Nah dude you’re working for something, don’t say that about yourself. You’ll get that job and you’ll look back at this moment and laugh and wonder why you were so stressed. Don’t look too far into the future and focus on what’s in front of you and you’ll be in a job wondering how you got there
I sympathize with developers , I work in a pharmacy and for several years now I've just told people I get yelled at for a living. People can be cruel when something they love is in danger. Apex has a community that is not far off from family.
Bruh, I was laughing at that. These dudes were emoting hard for 20 minutes straight. One dude nodding for a long time, which means he had to be whipping his mouse up and down. Might have been actual work to keep that up so long. I see you, goblins.
This situation is probably going to be the origin story of lots of people getting into the cybersecurity space. Here's to hoping the goblin lord and the goblins are ready for that influx in the discord
or, the people tired of getting hacked on will learn to do it themselves. It really can go both ways. I got tired of PC aimbot users in Warzone back in 2021. Built a pc and started my own "GameShark" business where i now make a living by creating cheats and mods for single player games. Online multiplayer is dead and your a fool if you think otherwise. Kernel space anticheats do nothing when the game is also on linux LOL
18:00 when you've spent enough time moving your mouse and seeing how it changes your look direction, you then expect moving the mouse a certain amount will change your look direction by this much and if the crosshair didn't go all the way to where you think you moved it, it's a little bit off, it's being pulled a tiny amount in directions you didn't expect, you'd notice.
Deja Vu, but something is very off in a bad way. Happens to speedrunners and literally anyone who has a significant amount of time deep-diving into a particular skill. I may not be an Apex player, but I know exactly what Hal was talking about.
I don't know if you looked at it but Titan Fall 1 and 2, previous Apex developers Respawn's games suffered from a cyber attacker for years. It got to the point where the game got literally unplayable, and the community went to the extent of creating a community run server infrastructure called Northstar. From what I read online some people from that community used the same exploit the initial attackers used to kill Titan Fall multiplayer on Apex legends somewhere last year to force them to fix the servers. Upper Echelon over on RUclips covered the story very well.
Network admin here thats always been interested in the security realm (specifically SOC work). Ive got a couple entry level security certs but i cant lie ive been pretty comfortable sticking with what im doing. Listening to these kind of discussions, especially when they tie into one of my favorite hobbies is great! Youve been a big help to motivate me again! Hopefully you can give some more content to help someone who wants to get into the security realm!
I gotta say, as someone who works in security and is also and avid apex player, this has been one hell of a ride so far. Thanks for informing a community and getting some of the unwarranted hate towards hideouts and his team quelled. You're a legend.
I love how whether or not he is , there are times where it looks like he is reading code, mans got so much skill that he just has a mixed reality headset on and can see shit that nobody else ever could.
This is the stuff I love. While my job field is different, the troubleshooting and process to figure out issues is very much the same. Very fun listening and watching your process for this. The puzzle, and figuring them out, is such a gratifying thing
I have no connection to cybersecurity but man, this is one hell of a discussion! I'm barely 18 minutes in and there's so much going on. Love what you do Thor & ImperialHal!
There is something deeply satisfying to listening to a person be extremely competent at what they do and be able to articulate what they are doing to a layman. This was an awesome watch.
You have no idea how excited I am that this video dropped! Almost 3 hours?! Traveling for work tomorrow, and can’t wait to listen to what you and John cover.
I dont know if this is something thor would do but personally you helping teach cyber security could be really entertaining. Love it when my content creators come to together
Taking a shot every time Thor says "if that makes sense" this vid. See you all in the afterlife! I didn't know this happened but very interesting. I appreciate his layman's explanations for everything
the strange distortion feeling effect is how it feels when aimbot locks on, its like the chicken head thing, it feels unsettling because its so perfect
@@savathunsgoblin chickens can sort of lock their heads in 3D space, even when you move their body around, their head can eerily stay exactly where it started, even with quite significant acceleration, its definitely something you should look up on RUclips
@@savathunsgoblin How a chicken's head stays almost perfectly still while its body moves. I'll try to share a link in a separate comment but youtube likes to delete comments with links in them. Just look up "smarter every day chicken head" for a short demonstration of it if you dont see my other comment
Hey there @Pirate Software ! I'm new into the Cyber Security Field and currently busy in Information Security. These VODs are suuuper helpful and I am learning a lot. Thank you for being factual about this and explain stuff without making it a big drama.
This whole RCE scare on the internet brought me to your content and your breakdown and investigation of it got you a sub from me. Great content man! I have been doing identity/access management and cybersecurity inside the DoD for 6 years now, so I dont have nearly the breadth of experience that you do, but I thouroughly enjoyed listening to your thought process in breaking this stuff down. Some of this would be great material for a video on root cause analysisis and troubleshooting when it comes to threats and vulnerabilities.
I had been tossing around the idea of wanting to go more in depth with Offensive Security (Training/OSCP) but was always afraid that I wouldn't actually like it, I just liked the concept of it. Hearing these conversations and how John and Thor describe it being a giant puzzle that you want to solve, you feel you have to solve, has woken me up to how much I love this. I've always loved solving puzzles and tinkering with basically everything I do. I broke/fix so many toys and stuff growing up just because I wanted to solve how does this work. Hearing these breakdowns, descriptions, and conversations has given me so much encouragement and has helped me quench a lot of the doubts that were scaring me away from starting down this path. Thank you for all you do Thor and John. I may be some random person on the internet, but you've wholeheartedly inspired me to pursue a whole new rabbit hole that I can't wait to climb into.
I found this dude a day or so ago on shorts and I could literally listen to this dude talk about this stuff 24/7, none of this stuff makes sense to me whatsoever but learning the little stuff that makes sense to me I just love it.
Yeah I work residential HVAC and even just one person berating me, questioning my integrity, questioning my skillset, etc while I'm literally in the middle of trying to solve the problem that they asked for help with really gets to me, I cant imagine looking on the internet and having 1000s of people doing that
@@Glaedr11 it doesn't help that I'm not a fast response type of person. All of my words and responses are measured and contemplated. I find myself having to reassure people being telling them, Yeah I'm thinking over all the possibilities in my head so please give me a second.
Really love these VOD uploads about discussing this attack. I've stopped playing all EAC games to be safe, but because it hasn't been proven to be an EAC vulnerability yet, I've kept them installed on my consoles. Thank you for doing what you do! It's great to hear insights from an expert in the field about what this could be. You're great Thor, keep it up!
18:37 I love how freaking fast these dude’s brains process information. He was literally in the middle of a fight and like mid sentence senses something is wrong and stops engaging enemies lol
Watching you work is amazing. I think we can all tell that you're enjoying yourself when you're breaking this down. I love puzzles too, I just wish I already had your technical knowledge. Thank you for uploading this.
I feel like when I was in high school & early college (between about 1999 and 2006) I was pretty well versed in networking to this level but I definitely lost it over the years, so this video has really helped re-engage that part of my brain. Weirdly, this video woke up my inner child. Thanks man!
This Video has come out at a Great time, terrible that it happened but this has been helping me understand a lil more of what im currently learning in my CSA journey. I wish they had examples like this to refer to. The way you explain it and the discussion of it makes it so easy to sit here and watch it more than once.
Coming from someone who knows absolutely nothing about computers this was absolutely fascinating. Very cool to get a little window into how this stuff works and was explained in a way even I could follow. Very very cool.
I doubt this will be seen but I just want to say that I used what was written on your make games website as a key reference for my school presentation which I decided to make be about "What do you need to be a game dev?" and I think the presentation came out alright. The main challenge was trying to translate it to Japanese before the deadline and so the presentation wasn't as well translated nor long as I'd like but your website was an amazing help and if it weren't for you, it wouldn't have happened.
Great video with great points. EA definitely needs to give you something for being their damage control/PR, because its clearly made a great impact. Next Apex Legend added is Thor. Additionally, to Thor's point, we can only consider what Destroyer said in the article, but cant just take his word on it (until he releases how he did it). That said, I'd still consider compromised machines. Something I thought when it was mentioned that GenBurten re-installed windows before the tournament was, "did he do a full format?". If he's got multiple hard drives or partitions, and only formatted his C drive, it doesnt mean his other drives dont have infected files on it. Additional (possibly less likely) what other peripherals are plugged into this machine? you've got things like your mouse and USB DACs that can be flashed with settings, so if you change a machine or format, your settings are on the actual device for easy plug and play. Could these devices be compromised with custom code? Lastly, what Prime(?) said about the game previously having bots in game as an event a while back, reminded me of when i put apex on my Switch, and created a new account to use on there, I kept it in switch only mode (not cross platform) and the game literally added bots to fill a lobby (this was about 6 months ago). A friend told me this was feature for new accounts before getting into a normal live pvp. Im not sure if they've now disabled feature or maybe my account is outside of the beginner grace period, because i queued for an hour while watching this and got no match (i dont actually play apex, but was going to play casually on switch). Point is, that it just makes me wonder if that the point of entry for adding bots, along side what Prime already said, and what Mande said (on the previous vid) how Destroyer could be on PC but appear as a console player.
So awesome listening to Thor breaking this down, it's very interesting. I've been an Apex player since season 0 so I care a lot about the game. I feel this happening was both a good and a bad thing. Hopefully Respawn watches this and makes the game more secure. You're awesome Thor, thank you for everything you do! ❤
remote code execution: means the ability to run code on a remote box. The qualifier "ARBITRARY remote code execution" is where it graduates into running code
A good example of the players knowing something is wrong, is I remember there was a smash bros game that was played and there was a sonic player that ended up getting knocked off screen by an ability at like 90% damage. He refused to get off stage and said something wasn't right about the match and demanded they check the settings. The knockback is normally set at 4 and when they checked the settings it somehow got swapped to 3.9. Was wild how he could tell such a small change.
Knowing this incident is 4 weeks old, I'm surprised that nobody mentioned the "Save Titanfall" hacks in Apex about a year or two ago. From what I remember, the lobby menu UI was severely bugged with messages, in game matches were constantly being hacked and servers were crashing not only on PC but on Playstation and Xbox servers. The context was that the Titanfall 2 devs were primarily focused on Apex while TF2 was plagued with cheaters and hackers. Depending if there is a connection to Destroyer is entirely uncertain but definitely worth checking out considering that Destroyer was developing his craft for 4 years. I'm glad you reassured the gaming community that there is no cure all to stopping hackers and cheaters but giving insight and information on what happens behind the scenes. Great video Pirate.
11:49 Watching the gears turn and the excitement that comes from the statement "... displayed the server ID" It's entertaining to see Thor in his element.
I think some of the confusion from the community stems from the fact that they don't know IP addresses are SUPPOSED to be public. Imagine the mail-man had to deliver to your house but your address wasn't known by anyone but you. Well no mail for you! Imagine that a game client had to connect to a server but didn't know where it was. No game for you!
I am pretty sure they found a vulnerability to run commands on the game server (probably some packet), which can then (maybe) be used to run Squirrel on someone's client. That might explain how they spawned the bots, spammed the chat, and used in-game UI for the cheat hook. I don't think they have the ability to run shell code other than the attacker describing it as RCE. Him generating 4,000 packs would also correlate with how he might have the ability to run server commands. Highly doubt this whole fiasco has anything to do with the anti-cheat. EDIT: watching more into the video (not finished) The jump box claim is kind of jumping the gun I think. I looked up that IP on abuseipdb and most of the reports just say it's a port scanner. Seems unrelated to the hack at hand. The connection type being inbound also makes sense for a port scanner.
Yeah I think it leans more toward them running scripts through the server. That's been around since the dawn of Apex and TF2, methods and examples are well documented. It's patched here and there but never really been fixed, as we still see it happening. The only thing that I'm curious about and that I haven't seen done before is enabling cheats through the server. It makes sense in a way, but it perplexes me as to how it was achieved. I'm keeping an eye on forums to see when someone figures it out. We'll see if Respawn finds a way to clean this up. They've tried but people keep finding away around it. I've seen varying opinions saying that it's an easy patch, all the way to a complete rewrite of server code. Not my area of expertise to say what's true or not though. I've read into a lot of it though and it's pretty insane what people have been able to do on the servers over Apex's lifetime.
I think Thor should consider creating a cyber security course, his explanations are incredibly technical. The way he lights up on the subject leads me to believe he could be an incredible instructor. I would 100% partake in a course to learn more about machine connections and networking on top of my development courses.
Weirdly, having three black badges from Defcon is one of his more impressive resume items. It's an enormous flex. No. Really. They give out ONE each year. It's not an **especially** old event (though, as I get older I realize that's relative). He has a measurable percentage of them.
PLEASE TALK ABOUT THE XZ UTIL VULNERABILITY!!! As far as I understand, this is insane, unprecedented, and personally very scary. What is the impact of a vulnerability like this? How widespread is it's reach? I am unfamiliar with CVSS scores but it seems like a 10.0 is RARE, and this is huge. Would love to hear your takes on this, as an offensive security specialist. Thanks Thor for all you do and provide, big ups to you and your mission.
it has been so fun to follow this story, because I have a passing interest in Security but this has been so fun to witness that I kinda wanna go from passing interest to FULL interest.
1:18:00 The dummy accounts running a simple bot script was one of my first thoughts back when you with the Mande interview stream. But the way they were spawning rather than dropping had me second guessing that - thought a like training bot was more likely, if Apex had a training or tutorial mode with a very simple bot.
Apex does have a firing range for practice with configurable target dummies. They also have code that makes them spawn close to the player. While there are still some discrepancies between what the hacker displayed (spawning playable character roster models, very rapidly) and what's in the practice mode, I can see potential for the game having an existing NPC code framework to hook into/build off of for this hack, rather than having to fully make and run multiple account bots from the client side.
@@PhantasmXYZ from what some other comments mentioned in the previous video, there was an event that allowed you to spawn in bots with very simple proximity based scripts. It's most likely just a reuse of existing bot behaviour. Running multiple bot accounts like that would be significantly more complex
@@ahvin4764 I was hesitant to comment on that initially as I missed four seasons. BUT, I have played most of every other season since launch. And looking at online summaries, chronicling the entire history of events and limited time modes... there haven't been any that fit the exact bot spawning behavior the hacker showed either. I think that other commenters are parroting others or just saying whatever sounds plausible rather than see what actual evidence shows, just like Thor criticizing people stating "RCE" without concrete proof. That said, Respawn is reported to have included bots in orientation matches for brand new players starting on or around Season 16. THAT is likely the code sourced for the hack, as it fits all the characteristics (characters from the playable roster, spawned near the player, with attack logic.) Wouldn't have to worry about it being removed between updates like LTM or event coding, either.
Not only it bring bit of closure on how to not accused stuff without proof, it also explaining how people on the security division do stuff which are great things.
As some one who botted wow for many years and was never caught. Im here to say where there a will theres a way. i would have wow notifications on super loud and would respond if some one would whisper me.
oh the other video: TheTruth-xp2of posted: 3 days ago About the serverside exploitation section: The code for the things happening in this clip, exist within the game files. 1) Spawning bots. There was a limited time mode for Halloween where you could get two AI companions (Prowlers) which acted autonomously with a simple AI to chase and melee enemies within a certain range of you. 2) Increased squad size. There was a limited time mode, in which SURVIVORS killed by HUNTERS switched sides to HUNTERS, enabling teams of dozens on the HUNTER side. The Hackers just need a way to activate combinations of existing legacy functions in the game.
If you ever need an idea for a series or a stream. You can go over some history of hacks or defcon history. I love this stuff and you explain it so well. That stuxnet joke made at 1:04:00 made me realize how much i need that. Whoever made that joke is funny.
Thank you for releasing this as a video, I normally don't have time to watch the streams but I'm using it as a kind of podcast to listen to while I work and itst super interesting
@@valen5188 Hi, I am doing cybersec too, good luck there! By the way, do not know about your program, but ours too has less math formally, like in the requirements then other CS ones, however in other subjects/courses there is math too - and there its just sort of taken for granted that you know it so you'll have to learn some anyway. Just wanted to let you know. PS: Even the "harder" math we had is not that bad, you just have to spend a little more time with it until it "clicks".
Listening to hal talk in the begging shines a light on how much knowledge Thor has in the space. You can hear such an extremem wealth of working knowledge in his field. So v.v. cool 🎉
17:50 I know EXACTLY what he's talking about. There was a time, where I was able to see someone else's screen. This is an advanced version of what I experienced.
As someone graduating with my masters in cyber security this semester, running into program relevant info like this in the world is wild. Normally feels really separate from the day to day norm.
Huge thanks for letting me join you Thor -- super cool to dig into this with you and the goblins 😎 Hope we can get together again soon!!
Dang two of my favorite content creators 🥲
why do you cyber security guys have announcer voice lololololol
Hammond Robotics?!😮
What a crossover.
This was the crossover I needed for sure
What I really love is how @ImperialHal clearly isn't a programmer and or IT person but he didn't get discouraged by Thor's tech talk. Instead of thinking "oh man, I'm out of my element, I'm going to stop talking because I don't know what might sound ignorant", he went with "oh man, I'm out of my element, so I'm going to KEEP talking because I don't know what MIGHT BE RELEVANT"!
And it made all the difference.
I mean the way he approaches the game is very logical. It makes sense how he's able to grasp the information given despite not having IT experience.
I do work in Software Dev, and that's why I give as much information as possible in software/hardware issues, or medical situations. In that situation, I know that it is not my job to decide whether or not a detail is relevant. It's the professional's job, and I am the customer in that situation.
You must not be familiar with Hal , dude has never stoped talking , ever.
EXACTLY, THAT IS WHAT MAKES THIS SUCH AN EDUCATIONAL GEM, GOD I LOVE THIS
dude, I just had a literal epiphany reading this! I was struggling with getting ownership and talking about the features that I built because everyone else has more experience than me in both in the area and in the project! Reading this made me understand that what I say might be relevant, and that solely should be enough encouragement for talking. Thanks!!
I'm loving this man, this isn't drama, this isn't petty stuff, this is actually informative conversation that I think everybody should learn from
woah fancy meeting you here! hope you're doing well :)
Pure journalism.
CLICKYCRISP?!? Holy shit I hope you’re doing well man! Me and my buddies use to watch all your csgo content back in the day! Fuckin brought back a bunch of memories.
Everything that's good
fr, this was super nice to listen to walking around
If you dont believe that his aim felt weird, remember that steph curry once lost his dribble, blamed the floor, and it was actually aomething wrong with the floor
that dead spot in the floor was crazy tho
I remember hearing that some fps player noticed his setting were wrong by 5 dpi. They know their settings
Yeah this is 100% a thing. People know when something is off about the thing they do for a living. I have nearly 6000 hours in rocket league and play competitively. I can tell the difference between default and my preferred sensitivity settings. The game gives quite fine steps, and I can still tell when something is off by 1. I can tell when the frame rate isn't as high as I'm used to. The game is best played at 2x refresh rate, so for me it is 280hz. I can tell when it dips to 240hz because inputs feel "off." Physics runs at 120hz in the game, but inputs are displayed as fast as possible with predicted movement for a few frames at most.
🤫🤫🤫🤫🤫🤫 The Goblin Lord /RUclips sherlock is talking. Take your sports stuff somewhere else.
RUclips STILL gives me the short of that video
From a random RUclips short, Thor has become my favorite streamer.
Respect.
Amen man me too
Same. Shorts are actually the best advertising for this man. You can't skip them because you're hypnotised by his voice at first but then realize every single word he spoke was pure wisdom and truth with a whole load of motivation and love poured on top - or alternatively some super funny oddball take or realization you won't ever be able to un-hear. Gotta love him :)
Same, Charisma off the Charts and very easy to listen to / watch
Both him and folding ideas have that perfect voice that you can listen to for hours even if you're not initially interested in the topic
@@BassaliciousoO
I like the way his thought process works and the way he talks. Its pure reason, logic, and appropriate caution
I love it and it's so refreshing to see.
Definitely why I sub to Thor. His thought process. Having a answer and a counter argument to his own answer. It's Good to be confident and good to be skeptical. But great to be both.
You'd be surprised. This way of thinking and articulating ideas isn't actually that uncommon amongst professional software or security engineers, but seems to be extremely rare more broadly. I can definitely appreciate it on youtube in particular though - most people who think like this aren't out there making content.
The way he thinks is pretty much standard in this industry. You should always consider all possibilities, rank them based on probability, and try to prove or disprove each one by one. Of course he's very experienced and he has very good communication skills to explain this to the average viewer considering he's been a streamer for a while.
Only really noticed about an hour in, but huge thanks for not having ad interruptions on this upload. The cpm would be crazy because the runtime, and people will watch because it's a hot topic, but you didn't and it makes the viewing experience so much better. Most people won't notice, but those that do will appreciate it but probably won't say anything, so here's that recognition and thanks.
Use an adblocker, then you don’t notice regardless.
Use YT premium instead. Give the creators the money for your view
@@Sil3ntD3ath478 I do, but I also don't really support many of googles changes, so I won't recommend it for others.
@@Sil3ntD3ath478 🤝🏽
@@Sil3ntD3ath478 Nahh i'll keep my adblocker on. My favorite creators are well off and google has enough money to buy whole countries
You should talk to the Northstar developers over this.
From what I understand the Netcode and server architecture of Apex is directly build on the one form Titanfall 2 and apparently they are still extremely similar.
The Northstar developer reverse engineered the client server protocol for Titanfall 2 so that they can host community run servers for Titanfall 2 which you can access via the modified titanfall 2 game client called Northstar.
Outside of Respawn developers these guys are the most knowledgeable on how the multiplayer infrastructure works on those games.
Titanfall 2 too had a long running problem where some guy was attacking the servers via his hacked client that send malicious packets to the servers and the Northstar developers were one of the few people actually understanding what exactly was happening and they patched it for the community servers themselves.
According to some comments it is not just "some guy" but the "same guy".
@@MorbidEel
I disagree, for a very simple reason. The titanfall 2 attacks were way less playful. Even ignoring the possible people it could have been in TF the hacks and attacks there was just bringing down the server all the time, no messages no nothing just destroying all the fun. These apex hacks are, while still bad is varying in intensity, target methods. He is enjoying this like Thor said so unless he had a wild personality shift, I really doubt it is the same person/people
@@janvangils5560 well according to this they either dislike the community servers, which i don't believe or may have some contact with that other person. Maybe destroyer2009 is just the guy using the client and r4ndom is behind making the client.
If this exploit is also in titanfall2 it could also have been written into a hacking forum and the both of them started working from there. Anyways the history is less important but it's good to know that there may be people more experienced with this
@@RuneKillerz109the community servers were made in response to the unplayability of the official servers.
@@Chroniclerope and people are wierd sometimes. Like i said i don't believe that it was the case but it is a possibility.
man, the way thor lights up and just gleefully smiles every time he places a new piece of the puzzle, its rare to see such love for your craft.
its easy to see how he missed the malwarebytes thing at first. green with a tick would just be like "oh thats fine" for most unless they know specifically what theyre looking for, specially when malwarebytes normally flags bad stuff at orange or red. really nice catch by the person who managed to find it in the vod
I'm studying computer networking in community college right now and I am about to transfer to a university to get a degree in cybersecurity, this is helping me a lot. Thanks Thor!
cybersec degree's are mostly garbage unless your goal it to be a best practice person. The problem with this position is it sort of became popular due to salary. But the people who took this role initially were hackers , malware analyst, reverse engineers. Think www.youtube.com/@LiveOverflow or www.youtube.com/@_JohnHammond types. Deep knowledge in thing like "live of the land" trade craft, or reverse engineering.
we are talking about at least half a decade or more of accumulate knowledge just to get to the starting line. But now we have universities trying to replicate this sort of expertise... and it really doesn't work well. You get people that are basically in the dunning kruger effect. They are given this super wide pool or very shallow knowledge. like they sort of learn to know what possible.. but not how to implement it so they really don't know how to properly defend.
Can we get an update on what happened?
I've been a System Admin for 10 years. I'm glad people are finally learning how delicate cyber defense is. We have to get SO LUCKY in modern times because criminals have gotten better with better technology.
Being soft on crime isnt helping at all.
The defensive side will always be on the back foot, it doesn't matter how good the white/grey hats gets the black hats will always have the advantage
@@idiotidiot5821 Being hard or soft of crime really doesn't effect criminal behavior. criminals tend to have deficits in executive functions (impulse control, emotional regulation, foresight) Adding heavy consequence doesn't factor in much since the part of the brain that would factor that in and modulate behavior doesn't have a strong input into decision making.
@@idiotidiot5821 username checks out
@@idiotidiot5821Idk man, giving life sentences to guys running markets on the darknet seems pretty tough to me
despite not really being that into either Apex or developing, the entire notion of learning to understand the process to reduce the chances of me going off on some poor sod just based on my own emotions is pretty invaluable. Thanks dude.
One of my favorite types of content is people working in their own element and showing just how good they are at it
I am imagining Thor sitting across from this guy in a booth at a greasy spoon dinner, giving this monologue, and then he says, "We're not so different, you and I. You just approached this puzzle from the other side of the line.". Then the Dragnet Theme plays. 1:21:03
Explained it perfectly. Hacker’s critical thinking is on another level
@@PoeticSkizzy Areas that rely on critical thinking are very good at it. Using a skill as part of your job gives you all the practice you could ever need.
I’m just going home 🏠
Thanks for being willing to cover this and help those involved Thor. It's been extremley informative and helpful in containing some of the panic.
The only way I could be sure is
reminds me of one time I was checking on some servers late at night for a client, and found an active connection from an intruder attempting to implement ransomware.
it was clear they purchased the ransomware package on the darkweb and had no idea what they were doing.
But as a precaution, we still had to wipe the environment and reload from backup.
Never got interested in hacking, security, dev things.... but this guy is the goat. I can listen to him talking things i dont even understand for hours. Much love and respect for what u do.
This helped me in a very specific way; I've been taking a Cyber Security degree, and I've been feeling really discouraged like I'm not actually learning anything useful, but the fact that I was able to follow this conversation with ease was so encouraging.
I know: a cyber security degree probably isn't going to land me a job in the end. But I'm committed now, and it's been difficult to find motivation.
Nah dude you’re working for something, don’t say that about yourself. You’ll get that job and you’ll look back at this moment and laugh and wonder why you were so stressed. Don’t look too far into the future and focus on what’s in front of you and you’ll be in a job wondering how you got there
Hey brother, a degree alone shows you're willing to buckle down and follow through. A good portion of the time that's enough to open many doors
It will land you one. Cyber security is always in demand
Cybersecurity is always in demand. You got this, my dude!
The
I sympathize with developers , I work in a pharmacy and for several years now I've just told people I get yelled at for a living. People can be cruel when something they love is in danger. Apex has a community that is not far off from family.
I understand where your coming from but ea is like Hitler
Props to the hypedivers on the background prepping the stage for the talk.
Bruh, I was laughing at that. These dudes were emoting hard for 20 minutes straight. One dude nodding for a long time, which means he had to be whipping his mouse up and down. Might have been actual work to keep that up so long.
I see you, goblins.
@@ResonantfateI lost it when Thor brought up Paint and they all just shifted to the right to stay in frame 😂😂
This situation is probably going to be the origin story of lots of people getting into the cybersecurity space. Here's to hoping the goblin lord and the goblins are ready for that influx in the discord
Its not.
Getting hacked in starcraft 1 back in 1999 got me into the security field. Totally possible!
My cyber security professor got into the field because of Counter Strike hacking. It's totally possible.
It's already an oversaturated field so good luck to the people trying to get into it.
or, the people tired of getting hacked on will learn to do it themselves. It really can go both ways. I got tired of PC aimbot users in Warzone back in 2021. Built a pc and started my own "GameShark" business where i now make a living by creating cheats and mods for single player games. Online multiplayer is dead and your a fool if you think otherwise. Kernel space anticheats do nothing when the game is also on linux LOL
18:00 when you've spent enough time moving your mouse and seeing how it changes your look direction, you then expect moving the mouse a certain amount will change your look direction by this much and if the crosshair didn't go all the way to where you think you moved it, it's a little bit off, it's being pulled a tiny amount in directions you didn't expect, you'd notice.
Deja Vu, but something is very off in a bad way. Happens to speedrunners and literally anyone who has a significant amount of time deep-diving into a particular skill. I may not be an Apex player, but I know exactly what Hal was talking about.
I don't know if you looked at it but Titan Fall 1 and 2, previous Apex developers Respawn's games suffered from a cyber attacker for years. It got to the point where the game got literally unplayable, and the community went to the extent of creating a community run server infrastructure called Northstar. From what I read online some people from that community used the same exploit the initial attackers used to kill Titan Fall multiplayer on Apex legends somewhere last year to force them to fix the servers. Upper Echelon over on RUclips covered the story very well.
Network admin here thats always been interested in the security realm (specifically SOC work). Ive got a couple entry level security certs but i cant lie ive been pretty comfortable sticking with what im doing. Listening to these kind of discussions, especially when they tie into one of my favorite hobbies is great! Youve been a big help to motivate me again! Hopefully you can give some more content to help someone who wants to get into the security realm!
I gotta say, as someone who works in security and is also and avid apex player, this has been one hell of a ride so far. Thanks for informing a community and getting some of the unwarranted hate towards hideouts and his team quelled. You're a legend.
I love how whether or not he is , there are times where it looks like he is reading code, mans got so much skill that he just has a mixed reality headset on and can see shit that nobody else ever could.
This is the stuff I love. While my job field is different, the troubleshooting and process to figure out issues is very much the same. Very fun listening and watching your process for this. The puzzle, and figuring them out, is such a gratifying thing
I’m not saying Thor is L from death note, but I’ve never seen them in the same room at the same time.
Probably because L is dead
@@ToTheGrave20 🤣
@@ToTheGrave20
"Or Is He?"
*VSAUCE INTRO PLAYS*
I had this EXACT thought
The only way
I have no connection to cybersecurity but man, this is one hell of a discussion! I'm barely 18 minutes in and there's so much going on.
Love what you do Thor & ImperialHal!
There is something deeply satisfying to listening to a person be extremely competent at what they do and be able to articulate what they are doing to a layman. This was an awesome watch.
You have no idea how excited I am that this video dropped! Almost 3 hours?! Traveling for work tomorrow, and can’t wait to listen to what you and John cover.
Love his voice tbh! Imagine if he did asmr
I dont know if this is something thor would do but personally you helping teach cyber security could be really entertaining. Love it when my content creators come to together
David Bombal and John Hammond already do an amazing job
Taking a shot every time Thor says "if that makes sense" this vid. See you all in the afterlife! I didn't know this happened but very interesting. I appreciate his layman's explanations for everything
Love the cycber security conversations/content. By far my favorite
Thanks to him tsm Hal got his account back
I LOVE HOW THOR MAKES SO FUN THE FACT I'M LEARNING A LOT OF THIS WORLD.
speak english freak
"Has anyone really been far even as decided to use even go want to do look more like?"
beep bop beep boop bop
I’m just going
the strange distortion feeling effect is how it feels when aimbot locks on, its like the chicken head thing, it feels unsettling because its so perfect
The chicken head thing? Whats that?
The chicken head thing? What's that?
@@savathunsgoblin chickens can sort of lock their heads in 3D space, even when you move their body around, their head can eerily stay exactly where it started, even with quite significant acceleration, its definitely something you should look up on RUclips
@@savathunsgoblin How a chicken's head stays almost perfectly still while its body moves. I'll try to share a link in a separate comment but youtube likes to delete comments with links in them. Just look up "smarter every day chicken head" for a short demonstration of it if you dont see my other comment
@@savathunsgoblin ruclips.net/video/_dPlkFPowCc/видео.html
As someone going into cybersecurity I have learned more from this video than some actual certifications I have done
Same lol, studying for the Sec+ and have somehow learned more useful information from this than from studying for that
Hey there @Pirate Software !
I'm new into the Cyber Security Field and currently busy in Information Security. These VODs are suuuper helpful and I am learning a lot. Thank you for being factual about this and explain stuff without making it a big drama.
This whole RCE scare on the internet brought me to your content and your breakdown and investigation of it got you a sub from me. Great content man!
I have been doing identity/access management and cybersecurity inside the DoD for 6 years now, so I dont have nearly the breadth of experience that you do, but I thouroughly enjoyed listening to your thought process in breaking this stuff down.
Some of this would be great material for a video on root cause analysisis and troubleshooting when it comes to threats and vulnerabilities.
I had been tossing around the idea of wanting to go more in depth with Offensive Security (Training/OSCP) but was always afraid that I wouldn't actually like it, I just liked the concept of it. Hearing these conversations and how John and Thor describe it being a giant puzzle that you want to solve, you feel you have to solve, has woken me up to how much I love this.
I've always loved solving puzzles and tinkering with basically everything I do. I broke/fix so many toys and stuff growing up just because I wanted to solve how does this work. Hearing these breakdowns, descriptions, and conversations has given me so much encouragement and has helped me quench a lot of the doubts that were scaring me away from starting down this path.
Thank you for all you do Thor and John. I may be some random person on the internet, but you've wholeheartedly inspired me to pursue a whole new rabbit hole that I can't wait to climb into.
Love to see this level headed smart and intuitive content in this day and age of so much drab clickbait content. This guy is great!
I found this dude a day or so ago on shorts and I could literally listen to this dude talk about this stuff 24/7, none of this stuff makes sense to me whatsoever but learning the little stuff that makes sense to me I just love it.
I love that the pirate and apex communities are coming together ♥️
having people say you shouldn't have a job while your job is on fire. Yeah I work Geek Squad so I feel that so hard.
Yeah I work residential HVAC and even just one person berating me, questioning my integrity, questioning my skillset, etc while I'm literally in the middle of trying to solve the problem that they asked for help with really gets to me, I cant imagine looking on the internet and having 1000s of people doing that
@@Glaedr11 it doesn't help that I'm not a fast response type of person. All of my words and responses are measured and contemplated. I find myself having to reassure people being telling them, Yeah I'm thinking over all the possibilities in my head so please give me a second.
I love that this feels like a DefCon Q&A session.
Really love these VOD uploads about discussing this attack. I've stopped playing all EAC games to be safe, but because it hasn't been proven to be an EAC vulnerability yet, I've kept them installed on my consoles.
Thank you for doing what you do! It's great to hear insights from an expert in the field about what this could be. You're great Thor, keep it up!
18:37 I love how freaking fast these dude’s brains process information. He was literally in the middle of a fight and like mid sentence senses something is wrong and stops engaging enemies lol
Watching you work is amazing. I think we can all tell that you're enjoying yourself when you're breaking this down. I love puzzles too, I just wish I already had your technical knowledge. Thank you for uploading this.
I feel like when I was in high school & early college (between about 1999 and 2006) I was pretty well versed in networking to this level but I definitely lost it over the years, so this video has really helped re-engage that part of my brain. Weirdly, this video woke up my inner child. Thanks man!
love watching your breakdowns of this whole situation. you have helped so many people in the community understand more on this topic.
This Video has come out at a Great time, terrible that it happened but this has been helping me understand a lil more of what im currently learning in my CSA journey. I wish they had examples like this to refer to. The way you explain it and the discussion of it makes it so easy to sit here and watch it more than once.
Goblin elites rise up
Super cool to see someone doing something to help and genuinely seems happy doing it. You’re a cool dude, mister
@5:01 “The unban able super User” literally the South Park Blizzard episode come to life 😂😂😂
OMG. You're saying that it's Thors dad doing this!
/I hope it's clear this is meant as a joke.
The amount of time he has said his bit about where hes from and what he does,,, and how consistent he is with his speech is insane.
Yesssss, thanks for this. Was having a rough day and was sad it was Thorsday.
Thank you for getting such a great advocate for this industry! Thank you for being a voice of reason during this tricky time!
Go you for interviewing the actual dude. Love you dude. Keep killing it.
Coming from someone who knows absolutely nothing about computers this was absolutely fascinating. Very cool to get a little window into how this stuff works and was explained in a way even I could follow. Very very cool.
56:30, i couldnt stop thinking "he's bringing in the big GURNS"
I doubt this will be seen but I just want to say that I used what was written on your make games website as a key reference for my school presentation which I decided to make be about "What do you need to be a game dev?" and I think the presentation came out alright. The main challenge was trying to translate it to Japanese before the deadline and so the presentation wasn't as well translated nor long as I'd like but your website was an amazing help and if it weren't for you, it wouldn't have happened.
Great video with great points. EA definitely needs to give you something for being their damage control/PR, because its clearly made a great impact. Next Apex Legend added is Thor.
Additionally, to Thor's point, we can only consider what Destroyer said in the article, but cant just take his word on it (until he releases how he did it). That said, I'd still consider compromised machines. Something I thought when it was mentioned that GenBurten re-installed windows before the tournament was, "did he do a full format?". If he's got multiple hard drives or partitions, and only formatted his C drive, it doesnt mean his other drives dont have infected files on it. Additional (possibly less likely) what other peripherals are plugged into this machine? you've got things like your mouse and USB DACs that can be flashed with settings, so if you change a machine or format, your settings are on the actual device for easy plug and play. Could these devices be compromised with custom code?
Lastly, what Prime(?) said about the game previously having bots in game as an event a while back, reminded me of when i put apex on my Switch, and created a new account to use on there, I kept it in switch only mode (not cross platform) and the game literally added bots to fill a lobby (this was about 6 months ago). A friend told me this was feature for new accounts before getting into a normal live pvp. Im not sure if they've now disabled feature or maybe my account is outside of the beginner grace period, because i queued for an hour while watching this and got no match (i dont actually play apex, but was going to play casually on switch). Point is, that it just makes me wonder if that the point of entry for adding bots, along side what Prime already said, and what Mande said (on the previous vid) how Destroyer could be on PC but appear as a console player.
I love the smile on his face at 32:09 when that little bit of extra context gets thrown on as a clue.
So awesome listening to Thor breaking this down, it's very interesting. I've been an Apex player since season 0 so I care a lot about the game. I feel this happening was both a good and a bad thing. Hopefully Respawn watches this and makes the game more secure. You're awesome Thor, thank you for everything you do! ❤
remote code execution: means the ability to run code on a remote box.
The qualifier "ARBITRARY remote code execution" is where it graduates into running code
Found you off of a clip, I’m now a subscriber 🙏🤝 amazing knowledge
Also
Apex Legends needs this guy on the case ASAP ASAP
i cannot stress just how much i love this man for how level headed he is even when he is brimming with excitement over doing the thing he loves doing.
56:52 man was like “hey- hey gurn come out of the dungeon I got a puzzle” (idk how to spell their name)
A good example of the players knowing something is wrong, is I remember there was a smash bros game that was played and there was a sonic player that ended up getting knocked off screen by an ability at like 90% damage. He refused to get off stage and said something wasn't right about the match and demanded they check the settings. The knockback is normally set at 4 and when they checked the settings it somehow got swapped to 3.9. Was wild how he could tell such a small change.
I am the apex member that thrives off this content
Apex 🤮
@@nuts_fatteningglad to not care that you dislike a video game
@@nuts_fattening wild
He right tho apex is dog water@@eagonwild
@@doughboyexotics305 apex isn't new player friendly so it makes sense why he hates it 😂 must be to hard
Knowing this incident is 4 weeks old, I'm surprised that nobody mentioned the "Save Titanfall" hacks in Apex about a year or two ago. From what I remember, the lobby menu UI was severely bugged with messages, in game matches were constantly being hacked and servers were crashing not only on PC but on Playstation and Xbox servers. The context was that the Titanfall 2 devs were primarily focused on Apex while TF2 was plagued with cheaters and hackers. Depending if there is a connection to Destroyer is entirely uncertain but definitely worth checking out considering that Destroyer was developing his craft for 4 years. I'm glad you reassured the gaming community that there is no cure all to stopping hackers and cheaters but giving insight and information on what happens behind the scenes. Great video Pirate.
@PirateSoftware Thanks for posting this. I missed half the discussion, and didn't want to scrub through the VOD to find what I missed.
11:49
Watching the gears turn and the excitement that comes from the statement "... displayed the server ID"
It's entertaining to see Thor in his element.
One of the most impressive things from watching this was how good he is at writing on his screen, better than my handwriting 😂
I think some of the confusion from the community stems from the fact that they don't know IP addresses are SUPPOSED to be public.
Imagine the mail-man had to deliver to your house but your address wasn't known by anyone but you. Well no mail for you!
Imagine that a game client had to connect to a server but didn't know where it was. No game for you!
I think the confusion derives from the majority of the community being dumb gamer kids.
Thank you for this conversation, it's awesome! Learning so much! Much love! ❤
I am pretty sure they found a vulnerability to run commands on the game server (probably some packet), which can then (maybe) be used to run Squirrel on someone's client. That might explain how they spawned the bots, spammed the chat, and used in-game UI for the cheat hook. I don't think they have the ability to run shell code other than the attacker describing it as RCE.
Him generating 4,000 packs would also correlate with how he might have the ability to run server commands.
Highly doubt this whole fiasco has anything to do with the anti-cheat.
EDIT: watching more into the video (not finished)
The jump box claim is kind of jumping the gun I think. I looked up that IP on abuseipdb and most of the reports just say it's a port scanner. Seems unrelated to the hack at hand. The connection type being inbound also makes sense for a port scanner.
Yeah I think it leans more toward them running scripts through the server. That's been around since the dawn of Apex and TF2, methods and examples are well documented. It's patched here and there but never really been fixed, as we still see it happening. The only thing that I'm curious about and that I haven't seen done before is enabling cheats through the server. It makes sense in a way, but it perplexes me as to how it was achieved. I'm keeping an eye on forums to see when someone figures it out.
We'll see if Respawn finds a way to clean this up. They've tried but people keep finding away around it. I've seen varying opinions saying that it's an easy patch, all the way to a complete rewrite of server code. Not my area of expertise to say what's true or not though. I've read into a lot of it though and it's pretty insane what people have been able to do on the servers over Apex's lifetime.
Total idiot here: what's Squirrel?
Do you think it is possible that this would require the client PCs to have the cheats already downloaded?@@rekt_n_line
Man I wish you had the opportunity to do more vids like this. Was super informative and sure changed my whole outlook on devs! Thank you
Apex and this dude is the cross over i wasnt expecting in 2024 butt im here for all of it!
I think Thor should consider creating a cyber security course, his explanations are incredibly technical. The way he lights up on the subject leads me to believe he could be an incredible instructor. I would 100% partake in a course to learn more about machine connections and networking on top of my development courses.
Weirdly, having three black badges from Defcon is one of his more impressive resume items. It's an enormous flex.
No. Really. They give out ONE each year. It's not an **especially** old event (though, as I get older I realize that's relative). He has a measurable percentage of them.
PLEASE TALK ABOUT THE XZ UTIL VULNERABILITY!!! As far as I understand, this is insane, unprecedented, and personally very scary. What is the impact of a vulnerability like this? How widespread is it's reach? I am unfamiliar with CVSS scores but it seems like a 10.0 is RARE, and this is huge. Would love to hear your takes on this, as an offensive security specialist. Thanks Thor for all you do and provide, big ups to you and your mission.
I didnt even click for the discussion i clicked because of that epic thumbnail.
it has been so fun to follow this story, because I have a passing interest in Security but this has been so fun to witness that I kinda wanna go from passing interest to FULL interest.
1:18:00 The dummy accounts running a simple bot script was one of my first thoughts back when you with the Mande interview stream. But the way they were spawning rather than dropping had me second guessing that - thought a like training bot was more likely, if Apex had a training or tutorial mode with a very simple bot.
Apex does have a firing range for practice with configurable target dummies. They also have code that makes them spawn close to the player. While there are still some discrepancies between what the hacker displayed (spawning playable character roster models, very rapidly) and what's in the practice mode, I can see potential for the game having an existing NPC code framework to hook into/build off of for this hack, rather than having to fully make and run multiple account bots from the client side.
@@PhantasmXYZ from what some other comments mentioned in the previous video, there was an event that allowed you to spawn in bots with very simple proximity based scripts. It's most likely just a reuse of existing bot behaviour. Running multiple bot accounts like that would be significantly more complex
@@ahvin4764 I was hesitant to comment on that initially as I missed four seasons. BUT, I have played most of every other season since launch. And looking at online summaries, chronicling the entire history of events and limited time modes... there haven't been any that fit the exact bot spawning behavior the hacker showed either. I think that other commenters are parroting others or just saying whatever sounds plausible rather than see what actual evidence shows, just like Thor criticizing people stating "RCE" without concrete proof.
That said, Respawn is reported to have included bots in orientation matches for brand new players starting on or around Season 16. THAT is likely the code sourced for the hack, as it fits all the characteristics (characters from the playable roster, spawned near the player, with attack logic.) Wouldn't have to worry about it being removed between updates like LTM or event coding, either.
Man I have barely any clue what you’re talking about but trying to understand but keep watching these videos over and over
I don't understand half of this talk but God damn it is soo interesting thank you
Not only it bring bit of closure on how to not accused stuff without proof, it also explaining how people on the security division do stuff which are great things.
As some one who botted wow for many years and was never caught. Im here to say where there a will theres a way. i would have wow notifications on super loud and would respond if some one would whisper me.
Thank you for chipping in!
I hope this change game AND community for better
oh the other video:
TheTruth-xp2of posted:
3 days ago
About the serverside exploitation section: The code for the things happening in this clip, exist within the game files.
1) Spawning bots. There was a limited time mode for Halloween where you could get two AI companions (Prowlers) which acted autonomously with a simple AI to chase and melee enemies within a certain range of you.
2) Increased squad size. There was a limited time mode, in which SURVIVORS killed by HUNTERS switched sides to HUNTERS, enabling teams of dozens on the HUNTER side.
The Hackers just need a way to activate combinations of existing legacy functions in the game.
If you ever need an idea for a series or a stream. You can go over some history of hacks or defcon history. I love this stuff and you explain it so well. That stuxnet joke made at 1:04:00 made me realize how much i need that. Whoever made that joke is funny.
i got to watch this live and it was awesome. chat was lit the whole time for both streams lol
Thank you for releasing this as a video, I normally don't have time to watch the streams but I'm using it as a kind of podcast to listen to while I work and itst super interesting
im gonna major in cyber security when I start college in fall, this is super interesting
YOOO i just looked at my course requirements with a CS degree compared to CYB, I dont need any math. lets goooo
@@valen5188 Hi, I am doing cybersec too, good luck there! By the way, do not know about your program, but ours too has less math formally, like in the requirements then other CS ones, however in other subjects/courses there is math too - and there its just sort of taken for granted that you know it so you'll have to learn some anyway. Just wanted to let you know. PS: Even the "harder" math we had is not that bad, you just have to spend a little more time with it until it "clicks".
@@filip0x0a98 thanks for the heads up! guess I'll keep going through khan academy to stay ready lol. Good luck with your classes as well :)
@@valen5188 You are welcome and thanks too :)
Listening to hal talk in the begging shines a light on how much knowledge Thor has in the space. You can hear such an extremem wealth of working knowledge in his field. So v.v. cool 🎉
2:22:46 "You're a wizard Destroyer2009" Said John Hammond disguised has Hagrid.
This is a singularly unique set of circumstances that led to this moment. This video is a legitimately useful teaching tool for modern cybersecurity.
17:50 I know EXACTLY what he's talking about. There was a time, where I was able to see someone else's screen. This is an advanced version of what I experienced.
As someone graduating with my masters in cyber security this semester, running into program relevant info like this in the world is wild. Normally feels really separate from the day to day norm.