Hybrid Attacks - Becoming the Stainless Steel Rat
8:55PM Jul 31, 2020
Hi, welcome back to hope 2020. We really appreciate you hanging out with us we have Eric and Terry here to talk about their next session which is going to be hybrid attacks, becoming the next stainless steel rats, and we'll take it away right, Eric Hierarch.
I hope How's everyone doing things are gonna show. Welcome today. Sorry for the delay we've had a lot of technical issues and we, we may notice that there are some glitches along the way so please bear, bear with us we promise we got some really cool content here. So anyway, today's talks hybrid attacks becoming the stainless steel rap. A lot of what we're going to cover today is where you know physical security has been and where it's going, and a combination of attack. Some attack methodologies that you may find interesting and including some interesting exploits who may display at the end of the talk. So, let's get started. See here. So who am I, my name is Eric we show the US, US co founder of tool. I'm starting 2004 pick my first slot at home, I think was the fifth hope someone can correct me here. But basically, I picked my first talk with very well. I said, hey, how do you start an organization like tool in Holland. We just extended here and so that's what happened at that first year I actually picked and designed tools around the multi lock interactive and medical three shortly thereafter, finished up school and got some notice ended up at Argonne National Laboratory, doing nuclear safeguards and security which was a lot of hybrid type of hybrid attacks. So, let's take a drink of water.
There we go.
Yeah, I was there for a few years built some hackerspaces pumping station when I founded that and a co founder hack TC hacked on voting machines, fix more locks their logical engineering and realize that you know especially in the real world. There's a lot of convergence happening and it's slow and Terry's going to help extend that apart as to where it's going, I'm going to cover the beginning. A lot of what you see, may think about what you focus on and I'm going to try to keep pulling you back from that focus in context of, you know, penetration testing and red teaming in the future and where attacks can go and how bad they can get. So let's save Terry can do a quick intro
to it, to Terry's audio I think Terry is unmuted.
There we go. Yep. Terry gold founder dcx research has spent the last 20 years doing infosec and physical security specialize in fortune 500 critical infrastructure controls and sort of the hybrid between both of those. So, that's pretty much my area focus.
Oh, all right so today's agenda, who has a stainless steel rat, we're gonna go over that why are we calling it this. Why am I talking about the stainless steel wrap. And what are really hybrid attacks. And then we're going to go over the classic coverage of physical security, that's me my section Terry's gonna go over to access control and where, you know, you see RFID cards but that's where the rabbit hole starts. And then, after his section, where the vulnerability vulnerabilities are expanding. Then we're going to go into other types of interesting attack research that I've done with other people, including independently, and then we're going to go over what a you know some potential nightmare scenarios are at the end that we've either seen or foresee. So that's about it. Let's get started. So who is the stainless steel rat Jim digger is a comment a thief hacker goes by many aliases including syllabary gym and stainless steel rat and it was written by Harry Harrison and the first book came out in 1961 about this person who lives on the fringes of society, like maybe a lot of us that live us live in this chat and. And basically, as a master of disguise martial arts with accomplished bank robber a criminal mastermind expert in breaking and entering and perhaps most usefully a skill buyer and a colleague recently brought this up and I thought it was a great idea to cover where, where we see where attacks are going so we'd have people here on the digital side and then on the physical side, and the physical is getting run over on this side a lot and a lot of people who are designing the systems for access control don't don't borrow from the past of what we have developed in cybersecurity from like software development lifecycle security development life cycles and those other areas. And as we'll see, there are big problems. But to get into into you're really into the thick of it. You know, there was a quote that we pulled which was, it was easier in the old days, just as old wooden buildings have more rats and concrete. Now that society is all Ferro cretin stainless steel there are fewer gaps in the joints, and it takes a very smart rat indeed to find these openings and only a stainless steel rod can be at home and environment. And so, that is, that is, the conceit for what we're covering today is a plethora of different like attacks and how they would combine it let's say, almost like a chain to perform complex compromises. So, so basically over the last 30 years, many mechanical access controls have been replaced, and we're going to go over that in depth today and for financial and administrative recent reasons for the amateur thief our hacker digital controls can seem like magic. But with the right set of eyes, all that extra complexity is an additional attack surface that's out there and I see this and I think a lot of our colleagues do and hopefully, you don't already you will today too. And for which an organization's security can be compromised, at worst is a precarious house of cards that can lead to a catastrophic failure. And we'll examine some of these implications, and the digital digitization of these access controls from the perspective of some of our real world environments. So examples and devices of physical space that you are all familiar with and I'm going to go pretty fast through this because you already know this all, and so we have the pin tumbler locks which everyone seems to focus on the warded locks the wafer locks the tubular locks, you know, we have some disk blocks, and then we get some more complex dimple locks. And then also we have, you know, medicals sidebars things like that. Now, one of the things to think about is specifically, as we'll jump right over to master keyed systems. In the history, is that, you know, when you have over, like a large amount of people which is what we're going to be covering today so what happens when you get to the enterprise when you get beyond just like the one door. One lock and you start expanding out into you know you have complex complex organizations. So you have like a Master Key System. And the problem is like, if one of those major cylinders gets compromised, you may have to rip and replace like 1000 or 10,000 how many cylinders you need. And that's where electronic access control systems actually come into play because then you can just like deactivate one of the cards out of those systems work. And so, moving forward, you know, people started to bond electronic circuit boards, you know you have like the cyber key and the apple protect where they have like variations on that, you know, all the major vendors now have something where you have actual with their access controls localized, more often than not, it's not just that you have the mechanical you have also the digital, and in that composition you actually often need a device to go read the logs, you actually have windows of time when things can be opened and but they're ridiculous expensive.
Moving forward into that people are trying to figure out how do we have systems that are, you know, can be open and closed repeatedly. And so we have also access control pads, which, you know, use feather dusters you know to pull the keys off you have the magnet mag mag locks, but sorry, somehow that's slipped. They have magnetic locks, where there's many ways around them, whether you go over them through them, are you know decals them. But, but that's not really, really important part. Today, we're gonna move on, move forward to the electronic side with RFID and other types of systems and to cover that shortly. So to compromise most of the systems we already know these attacks and techniques for lock picking, which is a skill bypass, you know, mechanical exploits in other areas, decoding unit with specialized tools, and other destructive types of entry. Now, it's okay. Now whether whether or not these are valuable today. The problem is, we have like cameras and other types of security policies and procedures and systems in place that might not allow you to do these particular things. But normally like when I go into do a, an engagement, I do a red team. Sorry, I don't know why I'm so sorry but my slides are just moving forward magically. When I do an engagement I come up with a general attack plan. And so basically like what's the Floor Plan who's there, who's the equipment let's the equipment. Where are the tools and techniques that I know I mean if you use, you know men display or other types of other types of digital tools you have a whole catalogue, sorry I don't know why the might be. What are the tools and techniques that you actually have again back to my display. You get a whole list of exploits there and obviously there's even private databases and other research and if you're really good you're writing around. What are the humans in this physical space. What are the conceits like why are they there when are they there, and what are your goals to get there, what are the policies in place and what are the schedules of relevant people. And then also what are the restriction points like basically when you're building out your attack plan, you know what what are what are each things you have to do now let's say what if you're going to be compromising a someone's corporate enterprise, maybe their first foothold a web server on a DMZ now maybe that doesn't actually pivot into their internal network, but you get a lot of extra information there from like maybe system administrators logging into that and you're like, oh, maybe they access this other system and we pivot over there. The same thing goes for physical access. So basically think of it like you're pivoting through a network. So when you're compiling tools, you may see tools like this, you know like, shove knife. bunkies things like that it's the same thing as you know different tool different equipment, different points of access. Now, obviously there's a lot of commercial stuff that's available. But what if we want to start digging a little deeper, like a bit deeper into the more sophisticated tooling. So, this particular tool here just for show is called a universal pinktober decoder patch on fall for $5,000. It's not generally available to the public. The way it works is that it has a very thin shim very very very very very very very tiny wire. And this tool was designed in the 1980s and sold, and so like when it is truly universal even worse in medical and they have a medeco actual two on the side now we have. So sorry I don't know why my slides are advancing automatically. But basically, with the metacoda from john king, which allows you to have a little smaller. Turn the biaxial pin on a medeco. This tool will actually do the measurement of the pen. And these tools actually work in two minutes so when you're actually, you know, putting together your attack plan of like I need two minutes here five minutes here, and you just need to idle here so that people can do their work, then I can continue accessing deeper areas of the enterprise. This tool may be available may not be available but just as an example of depths at which people make let's say different types of exploits. I'm trying to show you a quick video here, I hope it'll work.
It's not working. Um, can I actually get a URL really quick, or to the one of the people helping us on the screen on the screen here.
Yes, you can put it into the zoom chat, please.
Cool. Okay, awesome. Ah,
give us a couple of minutes two seconds to get that then we'll get that right to you.
Great. Cool. I have it, and I'll put it in your zoom chat. Where's the I'm in speaker view.
Try to find the. How do I text you can you text me.
The Zoom chat is in the bottom where we move the mouse towards the bottom of the gallery.
Oh, it's locked out if you can search me.
I see speaker view gallery view, I seem to have my features locked out, if I give it to Terry I'll give it to Terry really quick and Terry, you can just drop into the chat room for them. Signal works.
well I get it yeah Terry if you can put that in the zoom chat Thank you so much.
You can tell me if it's running
back again through
guys was just give us a link for you. And we'll have that in just a second here you go. All right,
it's coming right up.
Just time is playing I can't see it.
You'll probably have to see that on the live stream. Well no, that's a no
no no that's okay see you know that's that's running inside and I can.
OBS just crashed.
No. Slight challenge.
We can go oh we just keep we can keep going. Please do please.
Live. All right, cool.
So here's a short video so some of you may be familiar with what they call the under the door tool. This is a tool we use quite often on engagements to get or get around certain spaces I have the video plays,
or hold on a second. Let me see where we're at in the live stream.
Oh, we're alive.
Yeah. Cool. So, uh, see here. Turkey passing in the link really quick.
I believe I did. No way oh here
we go, I think. No, I'm hitting play, but it doesn't seem to want to play.
Okay, um, I'm having some severe issues here sorry everyone at home, I really apologize. This is we're trying to record this ahead of time. I'm going to get some stuff queued up on the side here while Terry takes over I'm at the next section. And basically, I'll come back with videos near the end, and we'll, we'll wrap this up. There we go. So anyway, sounds
good was very
normal was doing that chat something happened to the zoom.
Hi guys my, my audio still I really quick. I just wanted to say really Yes. So, a lot of that coverage was that's where we had our own mindsets of how to get around mechanical and electromechanical systems today, but Terry's gonna leap forward with what actually is now bleeding into the enterprise over the, over the last while and into the future. Thank you.
Okay. So, shows me here.
This is from control, Eric Can you please stop sharing your screen while Terry's sharing.
Terry go ahead and reshare your screen for me. Okay,
some issues. The second.
How's zoom acting upon you Terry.
Yeah, sorry I'm just trying to. It's mixing up a pre recorded portion I think I was
saying is great.
oh gosh keeps
trying to use a recorded version, that's the issue. Apologize.
He's just trying to
see your screen there, you're seeing it now. You're seeing the screen.
Okay. Sorry about that.
I had everything pre recorded images. Okay, I'm gonna get through this fairly quick. This is a lightning round. Can you see everything. Can you see me, they can see.
And we're working on getting your slide on the air. And Eric you can mute if you'd like. Or if you want to stay on, that's fine, that's fine.
I want to stay on I have I have follow up at the end.
Okay slides alive. Okay.
My wife, everything good.
Yeah, go ahead and proceed sorry. Okay. All right. So, when we, when we go to conferences, we generally see people presenting on Clinton cards, and there's a lot more to physical security than than just the access cards as a whole infrastructure. Let's talk about that for a second. Why do organizations have access cards. It's not for security or that's not how they came into play 25 years ago. It's because mechanical locks and Non, non electronic locks were expensive to replace if somebody didn't return the key they left the organization they lost the key get to replace the whole lock became expensive, and if you have 1000 doors or 10,000 doors. It's a big problem. So when, when RFID came along, or even magnetic stripe or whatever it might be, you can just replace the card and not block. So you implement a new system that's generally what the reason was, and that was utility and the people doing it were not security people security by title, you know guards and guns but not application security people. So this is how you have the old very insecure RFID that actually has no security, there's just no security whatsoever in it. So that leads us when we go to conferences and we see people saying hey, including cards and wow, I mean it is cool stuff. But generally, when you clone a card you only inherit inherit the privileges of the individual that you call, and if it's a corporation that I'm doing a red team for the whole name of the game for most engagements is elevated privilege. So, I don't want to be locked into one person that I cloned, and then one person I clone might not be the Au Pair solution I need. And
you, a lot of the talks that I see there they're kind of designed with the assumption that you're going to be trying to have, you're going to have an engagement with an organization that has very insecure technology and that's that's not really a good assumption, when you're walking into a red team unless the only red team's when the mom and pops or some outdated enterprise. I will tell you that my background is, I exclusively work with high security organizations fortune 500 kids. They call me in when they have problems. And I get access to older systems all their information, all the resources I interview, all the stakeholders. I go sit in their g sock, I see what they see, I know what they see, I know where the data goes, I've done this across many organizations, some that you would think are the most secure in the world and maybe on the infosec side but on the physical side it's a different audience. And so you can actually go work hard to get increased privileges to go deeper. But the challenge with that is, is if organizations have implemented new card technology in the past say five years. Generally it has an organizational life about 10 to 15 years. So you'll think about it it's just a fortune 1000 about 85 of them are going through change in their technology, every year. So, odds are that you find the old stuff that is in the clear, easy to hack like you see in conferences is like fading. Okay, and it's not to say it isn't out there, or they have a encrypted tech technology that's older that can be hacked. It's just the newer technology in the past five years, that they've been deploying so far to my awareness hasn't been hacked it's using standard space algorithms, and it will get at, but but just, it's a much steeper curve to be able to do that and then you can do should publish it I'd be interested in. Having said that, you can spend your time doing that. But even with the stuff that is insecure, when I go to have to take a closer look at and analyze it and crack and clone it, and then I go from cloning to fermenting, which means, I'll go ahead and understand the card technology and the number schemes they're using. And then I'll essentially become the issuance office to issue many different card numbers, and I have methods to estimate, which ones might have higher privilege, so I'll go. MIT like 100 different ones, walk around the campus, and generally some will start working that have higher privileges is a way to do it. But to get to that point, we generally think that if we're using for instance, a proxmark great tool that if you scan it, it'll tell you what it is, but people often don't know is that built into the proxmark. It has already done a lot of the analysis around the, the modulation, the waveform, the encoding, like if it's Fs k modulation but Manchester encoding, and they extract that relative to the chip, and then so when you scan it says, Ah, we know what this is, we know how its encoded, this is what it is. And that's that's a great tool that shortcuts a lot of things so you don't have to do go decode the the encoding. But, if, if the proxmark doesn't know that specific encoding, or data schema because they're all arranged differently. A lot of them, then it'll either tell you it thinks it knows what it is or it doesn't mean you have to do it manually. So, it can be a lot of work sometimes I it takes me, you know, real quick, you know, proxmark, sometimes I could do it on my own from the raw data takes me 510 minutes. It's taking 234 weeks to do some of these things. And you can see like I have different classifications for all these different technology types and then in each different tray. I have customers that have 50 different schema layouts even for the, even in one tray it's just a nightmare. So, you know, you kind of look at the rest of physical security it's not just about the cards of the readers, physical security generally is about 20 years behind information security practices and principles. So, given that and they operate in a silo. The information doesn't integrate the controls generally are weak because the classify risk based on building and use type. I'll give you an example. They'll say this is, this is an rnb building in Malaysia in this neighborhood. This neighborhood is a low crime rate so we're not too worried. So let's just go ahead and secure this facility relative to what we do in r&d. They don't generally think about who the actors would be that might not live in the area. And what that actor might do in terms of what they might be after what methods they might use. Is it a dynamic attack that might use some infosec type of methods, in, in exploits of physical aspects. And so there's a lot of holes. They have a lot of catching up to do. So don't think in terms of bad actors motive capability and methods. And a lot of the mechanisms in the control infrastructure are architected around functions and features, not actual controls, give you an example, a contact sensor in the door, the contact sensor was triggered doors open doors closed, it's it's a apparatus, and they want to know, was a contact sensor. Did it go off but they don't really know why or what it means or who did it right so it's kind of a and everything's built to keep everybody out. They know these control systems Well, there's a couple that are coming up that's different story. But what you'll generally find is, they're built to keep everybody out. And I don't think they do a great job for somebody that's determined, but they don't really account for when somebody gets in, to really identify what's going on. There's no anomaly detection intrusion detection so that's kind of an issue. If we look at the infrastructure beyond the, the RFID badge, you have a reader, right, and the reader right here would go ahead and and power the badge, with backscattered the data, the data we get captured by that reader, and that gets sent up to a local controller at that site usually near that door, and here's what happens.
The organization orders these badges from the manufacturer, generally 99% of the time that pre encoded. The coded electronically in the chip. They, they write the number, the authentication payload of the card number to the card not a good idea. And then that badge operator, takes that off the stack. And when they're about to issue it to john the user, they'll, they'll fat finger the number into the system. And then that system will push that card number out to the controller and this controller acts as a static whitelist, kind of like a CRL. Okay. Then Johnny goes out and he's gonna authenticate the door, and then when he presents his badge, the, the reader will go ahead and pass along that card number, and it'll do a match and say is this the right one. It doesn't really know that Johnny's the right person holding the card, or any of the other events are going on within the organization that say hey yeah he 70% of the right card number, but it was like just use another country like a minute ago How could it be in two places at the same time. So there's issues with this but that's kind of how it works. Now, when we go beyond the local door infrastructure. Now there's a back end just like like it people don't really realize this. Okay, we're going to get to the cool stuff in just a minute, going through this usually takes a week an hour to do this so we're making record time here. So if you look at the blue this would be at the local facility. Okay, this would be the building. Okay. If you look over here, the stuff in the red is where we'd be like mothership centralized. This is where the control system would be the software kind of equivalent to like a B and domain controllers visitor management would be a different system, the surveillance system would be different. So this isn't like the cameras. This is the system that manages all the streams that the cameras are recording. When they record what they do, maybe even angle the cameras like it's the brain system of it. I'll have different integrations, I might have integrations with third party systems, HR HR API's IoT ad, and then all the typical web server OS databases. And so we'll focus on the control system. This free here we'll go ahead and connect over like a land. Hopefully it's segregated back over to the facility and your typical stuff over here and then it will go back to the controls or the IP cameras, or whatever. Let's focus on the controller. So the controller will go ahead and connect over the land, but then the local level very seldomly is that IP it's like weekend or 45. So serial connection. And these things generally can't go ahead and detect events from the reader, other than somebody patched in, but if somebody changed the readers configuration. It can't pick it up, if. So generally, it doesn't pick things up, there are, there is a new protocol, I actually just spent six months doing research, deep dive on web publishing important about two weeks on the protocol what it can and can't do.
But generally that protocol can do some things, but it still doesn't pick up like whether somebody deprecated the configuration of a reader to get through the dories more easily. So. So generally, it's a broader attack surface is the message. And if we were to review. It's a static whitelist. Okay. If you were to mess with that whitelist the control system will now operate as the authorization happens locally, so you can attack that controller locally, and generally they won't know because if you attack it locally, you're going to make it look like it was an authorized user, and there's no anomaly detection. In the assistance built in generally. There's no authenticate authorization layer, so you can take advantage of that. There's no conditional access. I only know one or two systems that do that in a very new. They can still be undermined, there's no concept of privilege. So admins are it's generally a flat admin type of level, where if you get admin access either through breaking the database or the access control system. There's a whole bunch of things you can do and they don't really have detection on certain people or doing certain actions that shouldn't have in, and they don't tie in with like privileges or password management systems like, you know, those type of systems so it's very weak when you get in there. Almost everything symmetric key, and there are a lot of keys. So you can actually go ahead and gain trust. If you find out the keys. There are some methods actually you can go ahead and get in between them hijack the key, and then you actually become the authorized system, and then you kind of pull away even remove that original trusted device that's pretty scary. And so let's move on here if you look at the the attack surface of physical security, kind of in a similar simple sense, you look at it, it's devices applications process and people. Okay. And here's basically the things, not all of them but a good example of things that map to each one of those domains. And then if you notice the outer ring the methods. These methods or methods you're already familiar with. It's just as different systems in different environment. Okay. So, when I go to environment, and I go do a review I'll say you know here's what I found. You know, you couldn't do the tech configuration changes, you're, you haven't been updating firmware probably because a lot of these devices can't be updated on your cryptographic keys I was able to go ahead and get them on what they are there's no privileged accounts that sort of thing. Interestingly enough, I can't show you this but there is an animation here we will show you that organizations think they only have a couple of red spots but when I go in and do an audit I generally find that it's much worse than that this is actually the fortune 10 company. We take an example kind of wrapping up my section. I think that a lot of presentations at conferences, assume that they're going to have a lot of mechanical locks or they're going to have simple RFID type of cards. The reality is that as you go from top to bottom, small to corporate to a corporate corporate that has also high security access points to a critical infrastructure, generally they're there, they're less reliant on mechanical locks, they're going to more electronic because it's economy of scale. Also, as insecure as maybe sometimes they are they'll give them an audit trail that somebody went through that or something like that you can't give you. Okay. And, but generally circuit and corporate high security. You're not going to be able to attack the cards as often, or is predictable so you have to go to the system level. And there are multiple, we just went through there's multiple.
There's multiple points in that attack surface you go after. So if we look at that, we can say what my tactical approach be. So if we equate that to skip over the small business, they have crappy systems, I'm going to find something that's insecure, we can't depend on that. I don't like that let's assume that it's kind of corporate and hardened, a mix of things that, you know, we actually have to go Capture the Flag and somewhere that would be, you know, fairly hard even if I get through the front door, getting to really where I need to go and be pretty hard let's assume that okay because that is a really in, in most accounts, organizations, I have to deal with corporate afford hire me. So the first thing I would do is, you know, I try to find the country. You try to hack to control the readers and stuff, but then I go ahead and look for the controllers, and there's multiple ways you can go ahead and do that once you look for the controller. The interesting thing is the leading controllers that are deployed out there in the, in the world that are still being self employed, they have a one to one relationship, meaning they only allow one access control system to, to talk to them and they will only talk to that control system. So, like, you know, looking at the traffic and understanding what's going on, and where this control system is is pretty easy. Once you find the controller. Once you get to the control system, there's multiple ways to get into that. It's a whole separate session. but once I get in there I can create new users, I can change user groups, I can go ahead and mess around with privileges. If I find existing account, existing users I can change their photo with my photo. That's really good if you have like these garden areas where they're really rarely checking your badge your face with some system that better look like you. Well, if I do that it's just gonna pop up with my, my photo remotes, you know, the proof that somebody heard me.
Yes. Right, sorry I'm sorry to interrupt too. We only have about five minutes left, I just wanted to give you a heads up but you know wrap it
up in less than a minute.
Yeah, and I'll now jump in on the canned attacks and then we'll go over some stuff at the end very quickly.
Okay. So, the other interesting thing is once you actually understand what's going on between credentials and these controllers everything in the system, you come across these really hard and access points we can't crack the, you can't crack the RFID badge, and they have like these man traps, you can actually go into the control system, you can create a new badge type that you do know about that the reader can handle and you can look this up by knowing what reader model they have, and you can push that badge type down to the controller. And then the readers passive, and they can read your, your badge that you just made up and made the system deal to accept right so they thought they were like the secure credential. We just downgraded the whole thing to get around the security is the other thing too is you can do command and control so these systems are made to open doors and emergencies, you can press buttons open doors. I've done it where I pressed to open all the doors at the same time the building and like literally shut the building, just freak people out kind of cool. And then you can disable alerts and alarms and then the last thing is just to example how bad some of these systems are those controllers, like where they store the whitelist. If there is a power failure. They do a battery backup but if there is a power failure and it goes beyond the battery backup. The battery backup fails, the volatile memory dumps. A lot of a lot of the information, and then it goes into a state where it accepts just any old card read sometimes, and not necessarily specific card so you can you can force them sometimes kind of interesting.
Thanks Terry. Sure. All right, cool. I'm going to jump in really quick. So we lost a lot of time on this because of technical difficulties, I'm gonna do a screen share really quick, actually, if the, if the, we're going to cover some blended stuff really quick. So if you can keep the BMW video and hit play that'd be great guys.
All right, welcome back. We're here with Eric and Terry Eric, thank you for that talk. Did you want to add some more.
Yeah, apologies for the technical difficulties, we're going to reshoot this and post it online later but we hope we give you some really good information to start. Anyway, I really appreciate the time here hope apologies for the technical difficulties. But, um, thanks for having us.
All right. Well, thank you, Eric. And thank you, Terry on behalf of hope 2020 all the attendees presenters and the volunteers, we really appreciate you and Terry, for sharing your presentation and information today. Thank you very much and hope to see you soon.