{"version":3,"file":"WJBZI1Ghk-107.BZAzwRa6.mjs","names":["n","a","o","r"],"sources":["https:/framerusercontent.com/modules/xkgOTPH3D819XQA1Lv94/Kcjcoin3g1OiIQQKhAhI/WJBZI1Ghk-107.js"],"sourcesContent":["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{ComponentPresetsConsumer as o,Link as n}from\"framer\";import{motion as a}from\"framer-motion\";import*as i from\"react\";import r from\"https://framerusercontent.com/modules/pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js\";export const richText=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Overview\"}),/*#__PURE__*/t(\"p\",{children:[\"This standard takes as its main subject \",/*#__PURE__*/e(\"strong\",{children:\"Vulnerability Disclosure\"}),\". i.e., in a nutshell, the act of informing stakeholders about an \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"IT system's vulnerability\"})}),\". You likely know that a vulnerability could be described as a security weakness in a system that could compromise some assets and operations when exploited by attackers. Factors such as the origin, severity, and impact generated by a vulnerability are variable characteristics. Nevertheless, when a person finds a vulnerability, at least at first, what matters most is not its specific features. What is vital is the mere fact of reporting it. From an ethical conduct stance, \",/*#__PURE__*/e(\"em\",{children:\"everyone\"}),\" should report any identified vulnerability either we are paid for it or not. This would be to our benefit and that of others.\"]}),/*#__PURE__*/e(\"p\",{children:\"ISO chiefly directs this standard to vendors. Those who may get vulnerability reports and publish advisories on their verification and remediation, for which they are responsible. Following ISO terms, the reporter (most often the finder) is the person or team that gives information on a potential issue to the vendor or coordinator. On the other hand, the latter acts as an intermediary if communication and negotiation between stakeholders require it. It is apt to note that, apart from users, coordinators and even vendors can act as reporters.\"}),/*#__PURE__*/t(\"p\",{children:[\"The procedures of receiving reports and distributing remediation advisories are only two parts of a broader process. Some of the other steps involve different International Standards, e.g., the \",/*#__PURE__*/e(n,{href:\"https://www.iso.org/standard/69725.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ISO/IEC 30111\"})}),\" for vulnerability handling methods, which I talk about \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/iso-iec-30111/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"in another blog post\"})}),\". In broad terms, we could describe that process as follows: First, a reporter contacts a vendor about a potential vulnerability. Then, the vendor verifies the issue and, if dealing with a genuine exposure, develops and implements remediation. In the end, the vendor publishes a related advisory to all stakeholders.\"]}),/*#__PURE__*/e(\"p\",{children:\"However, as the main focus of this post, let us mention some tips from ISO. These can serve as valuable support for those firms that want to set up or enhance their vulnerability disclosure policies and methods.\"}),/*#__PURE__*/e(\"h2\",{children:\"Preparation\"}),/*#__PURE__*/e(\"p\",{children:\"For the proper receipt of reports, as a priority, vendors should develop policies and a full program that must be visible and open to all potential reporters. It is ideal for a company to keep its IT systems under assessment through third-party vendors such as Fluid Attacks. But it is always prudent to have everything ready to receive reports from any other source. The lack of a vulnerability disclosure program can lead to reporters ending up publishing data without the vendor knowing about it ahead of time. Similar in a certain way to what occurred to the Colombian Foreign Ministry. However, when the issue is not already public, reporters should try to send sensitive vulnerability information confidentially to prevent attacks. It would also be great to give vendors enough time to fix the vulnerabilities before talking about them publicly.\"}),/*#__PURE__*/e(\"h2\",{children:\"Policies\"}),/*#__PURE__*/e(\"p\",{children:\"It is clear that vendors can adhere to existing vulnerability disclosure policies. But they can also create requirements that apply to their staff, affiliates and outsiders. Among their particular policies, vendors should make public their intentions, expectations and responsibilities in relation to stakeholders. All this in an accurate and simple way that facilitates communication. Policies should contain information on preferred contact mechanisms and their security technology for confidentiality. They should also include details on the required content for every report, among other things.\"}),/*#__PURE__*/e(\"h2\",{children:\"Receiving reports\"}),/*#__PURE__*/e(\"p\",{children:\"The capabilities to take vulnerability reports, establish efficient working relationships and ensure all involved people’s safety adhere to the vendor’s preparation phase. The reporting mechanisms to be enabled to reporters could be, as usual, emails, issue tracking systems, and web forms. But all of them should be as protected and confidential as possible. In addition, to ease the next step of verifying the potential vulnerability, the vendor should ask reporters for some data: the affected product/service, type of weakness, cause, severity, impact, evidence, among others. Of course, the vendor needs to be aware that a report made by a person who found the vulnerability, e.g., by accident, is not going to include all that required data. Thus, that operation always depends on the reporter’s technical knowledge, and the vendor should be prepared for it.\"}),/*#__PURE__*/t(\"p\",{children:[\"On the other hand, prepared and capable vendors should regularly monitor their reporting mechanisms, communications on reports already received, and internal channels and public sources for possible vulnerability reports. Vendors should be ready to give quick but at the same time meaningful responses to reporters. (\",/*#__PURE__*/e(\"strong\",{children:\"Caution\"}),\": frustrated reporters may choose to release data wherever they feel inclined to do so.) Next, a reporter has the right to be informed of the following: whether the vulnerability has begun to be under investigation, whether more information is required in their report, or whether it is currently irrelevant. In those cases where reports lead to research, the previously mentioned \",/*#__PURE__*/e(n,{href:\"https://www.iso.org/standard/69725.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"vulnerability handling processes\"})}),\" kick off, and the vendors build and test remediations about which they should later distribute advisories. Certainly, they should not forget to keep reporters up to date.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Distributing remediation advisories\"}),/*#__PURE__*/e(\"p\",{children:\"Vendors may disseminate advisories related to vulnerability remediation either only to their users or to the wider public. Users should receive information on the affected products/services and the remediation achieved along with corresponding instructions. For example, users have to install from time to time updates or patches that constitute vulnerability fixing. Nevertheless, it is preferable to have automatic update deployment systems. In contrast, when a vulnerability is under exploitation and no remediation is available, vendors should inform users about the threat and temporary solutions and guidelines to reduce risks. Always bearing in mind this: if the data is public, it must avoid the exhibition of any specification advantageous to malicious hackers.\"}),/*#__PURE__*/e(\"h2\",{children:\"A quote to remember\"}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/t(\"p\",{children:[\"[…​] Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and […​] make better risk decisions. —\",/*#__PURE__*/e(\"strong\",{children:\"ISO/IEC 29147:2018\"})]})}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"PS\"}),\": Many major details are missing in this blog post. If you are really curious about vulnerability disclosure, we recommend that you read the full text of \",/*#__PURE__*/e(n,{href:\"https://www.iso.org/standard/72311.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ISO/IEC 29147:2018\"})}),\".\"]})]});export const richText1=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"On January 26 of 2021, Qualys \",/*#__PURE__*/e(n,{href:\"https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"published\"})}),\" a new \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"vulnerability\"})}),\" discovered on \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\", a tool used to perform actions as other users (most commonly as \",/*#__PURE__*/e(\"code\",{children:\"root\"}),\") on Linux-based systems.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Although Qualys provided a very good \",/*#__PURE__*/e(n,{href:\"https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"analysis\"})}),\" of the vulnerability, they didn’t state how they found it.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In this post, we will show a way to discover this kind of bugs using \",/*#__PURE__*/e(n,{href:\"https://aflplus.plus/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"AFL++\"})}),\", a community-fork of \",/*#__PURE__*/e(n,{href:\"https://lcamtuf.coredump.cx/afl/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"American Fuzzy Lop\"})}),\", a \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/fuzzing-forallsecure/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"fuzzer\"})}),\" that uses compile-time instrumentation and genetic algorithms to find, among other things, security bugs.\"]})]});export const richText2=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Preparing the environment\"}),/*#__PURE__*/t(\"p\",{children:[\"First, we need to install \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\". You just have to clone the \",/*#__PURE__*/e(n,{href:\"https://github.com/AFLplusplus/AFLplusplus\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"repo\"})}),\" and follow the instructions. The only necessary change I made was to specify a version for the \",/*#__PURE__*/e(\"code\",{children:\"libstdc++-dev\"}),\" package. It needs to be the same as the \",/*#__PURE__*/e(\"code\",{children:\"gcc\"}),\" compiler on your system:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"$ git clone https://github.com/AFLplusplus/AFLplusplus.git\\n$ cd AFLplusplus/\\n$ gcc --version\\ngcc (Debian 10.2.1-6) 10.2.1 20210110\\nCopyright (C) 2020 Free Software Foundation, Inc.\\nThis is free software; see the source for copying conditions.  There is NO\\nwarranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\\n$ sudo apt install build-essential python3-dev automake flex bison libglib2.0-dev libpixman-1-dev clang python3-setuptools clang llvm llvm-dev libstdc++-10-dev\\n$ make distrib\\n$ sudo make install\",language:\"Shell\"})})}),/*#__PURE__*/e(\"p\",{children:\"And check the installation with:\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"$ afl-gcc --version\\nafl-cc ++3.01a by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: GCC-GCC\\ngcc (Debian 10.2.1-6) 10.2.1 20210110\\nCopyright (C) 2020 Free Software Foundation, Inc.\\nThis is free software; see the source for copying conditions.  There is NO\\nwarranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\",language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Now, we need to \",/*#__PURE__*/e(n,{href:\"https://www.sudo.ws/download.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"download\"})}),\" one of the affected versions of \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\". We will use \",/*#__PURE__*/e(\"code\",{children:\"1.9.5p1\"}),\".\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"wget -c https://www.sudo.ws/dist/sudo-1.9.5p1.tar.gz\\ntar xzf sudo-1.9.5p1.tar.gz\",language:\"Shell\"})})}),/*#__PURE__*/e(\"p\",{children:\"That’s it, we have everything we need!\"}),/*#__PURE__*/e(\"h2\",{children:\"Patching sudo for fuzzing purposes\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\" uses instrumented fuzzing only on binaries built with their compilers. Instrumented mode helps \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\" perform coverage-guided fuzzing and generate mutating input based on the measured behavior of previous payloads.\"]}),/*#__PURE__*/t(\"p\",{children:[\"However, \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\" will expect parameters from the standard input and files \",/*#__PURE__*/e(n,{href:\"https://groups.google.com/u/1/g/afl-users/c/ZBWq0LdHBzw/m/zBlo7q9LBAAJ\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"only\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\" uses command-line arguments, which is not compatible with \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\". However, there is a \",/*#__PURE__*/e(n,{href:\"https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/argv_fuzzing\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"way\"})}),\" provided by \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\" to fuzz that kind of binaries: A \",/*#__PURE__*/e(\"code\",{children:\"C\"}),\" header that converts a standard input payload to \",/*#__PURE__*/e(\"code\",{children:\"argv[]\"}),\" parameters.\"]}),/*#__PURE__*/e(\"p\",{children:\"To do that, we just need to:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Copy the \",/*#__PURE__*/e(\"code\",{children:\"AFLplusplus/utils/argv_fuzzing/argv-fuzz-inl.h\"}),\" file to the main source of \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Modify the \",/*#__PURE__*/e(\"code\",{children:\"main()\"}),\" function of \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\" to call the \",/*#__PURE__*/e(\"code\",{children:\"AFL_INIT_ARGV()\"}),\" macro.\"]})})]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"~/sudo-1.9.5p1$ cp ../AFLplusplus/utils/argv_fuzzing/argv-fuzz-inl.h src/\",language:\"Shell\"})})}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:'diff -urN sudo-1.9.5p1.orig/src/sudo.c sudo-1.9.5p1/src/sudo.c\\n--- sudo-1.9.5p1.orig/src/sudo.c    2021-01-09 15:12:16.000000000 -0500\\n+++ sudo-1.9.5p1/src/sudo.c 2021-02-01 09:20:58.481966614 -0500\\n@@ -65,6 +65,7 @@\\n #include \"sudo.h\"\\n #include \"sudo_plugin.h\"\\n #include \"sudo_plugin_int.h\"\\n+#include \"argv-fuzz-inl.h\"\\n\\n /*\\n  * Local variables\\n@@ -149,6 +150,7 @@\\n int\\n main(int argc, char *argv[], char *envp[])\\n {\\n+    AFL_INIT_ARGV();\\n     int nargc, status = 0;\\n     char **nargv, **env_add, **user_info;\\n     char **command_info = NULL, **argv_out = NULL, **user_env_out = NULL;',language:\"Markdown\"})})}),/*#__PURE__*/t(\"p\",{children:[\"This will work by converting all the expected \",/*#__PURE__*/e(\"code\",{children:\"argv[]\"}),\" array from standard input with parameters separated by a \",/*#__PURE__*/e(\"code\",{children:\"\\\\0\"}),\" byte and terminating the array with a \",/*#__PURE__*/e(\"code\",{children:\"\\\\0\\\\0\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"We also need to disable the \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\" password prompt; otherwise, the fuzzing will hang.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"diff -urN sudo-1.9.5p1.orig/plugins/sudoers/auth/sudo_auth.c sudo-1.9.5p1/plugins/sudoers/auth/sudo_auth.c\\n--- sudo-1.9.5p1.orig/plugins/sudoers/auth/sudo_auth.c  2020-12-16 20:33:43.000000000 -0500\\n+++ sudo-1.9.5p1/plugins/sudoers/auth/sudo_auth.c   2021-02-01 09:24:36.476083963 -0500\\n@@ -260,6 +260,8 @@\\n      debug_return_int(-1);\\n     }\\n\\n+    return 0;\\n+\\n     /* Enable suspend during password entry. */\\n     sigemptyset(&sa.sa_mask);\\n     sa.sa_flags = SA_RESTART;\",language:\"Markdown\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Now, we can build our patched \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\". As it needs to be built with \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\" compilers, we must overwrite the \",/*#__PURE__*/e(\"code\",{children:\"CC\"}),\" environment variable. We may also want to enable debugging symbols, and finally we should install it on a isolated path so we can safely remove it when we finish our fuzzing session. We can do that by issuing:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:'CFLAGS=\"-g\" LDFLAGS=\"-g\" CC=afl-clang-fast ./configure --prefix=/fuzz/sudo\\nmake\\nsudo make install',language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"This will install our modified \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\" on \",/*#__PURE__*/e(\"code\",{children:\"/fuzz/sudo\"}),\". To check that our installation worked, along with the patches, just type:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:'echo -ne \"sudo\\\\0id\\\\0\\\\0\" | /fuzz/sudo/bin/sudo\\nuid=0(root) gid=0(root) groups=0(root)',language:\"Shell\"})})}),/*#__PURE__*/e(\"p\",{children:\"Great, now it’s fuzzing time!\"}),/*#__PURE__*/e(\"h2\",{children:\"Fuzzing sudo\"}),/*#__PURE__*/t(\"p\",{children:[\"When using \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\", I recommend having a separate directory on which you can store the inputs and outputs for each fuzzed binary. I will create mine at \",/*#__PURE__*/e(\"code\",{children:\"$HOME/fuzz/sudo\"}),\".\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"~/fuzz$ mkdir -p sudo/{input,output}\",language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"The \",/*#__PURE__*/e(\"code\",{children:\"output\"}),\" directory will be on where \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\" will store the fuzzing state. As this directory will be extensively written to, it is recommended to use a RAM-based filesystem to improve performance and avoid damaging \",/*#__PURE__*/e(\"code\",{children:\"SSD\"}),\" disks.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"~/fuzz/sudo$ sudo mount -t tmpfs tmpfs output\",language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"In the \",/*#__PURE__*/e(\"code\",{children:\"input\"}),\" directory, we will create initial payloads for \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\":\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:'~/fuzz/sudo$ echo -ne \"sudo\\\\0id\\\\0\\\\0\" > input/payload1\\n~/fuzz/sudo$ echo -ne \"sudoedit\\\\0id\\\\0\\\\0\" > input/payload2',language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Fuzzing is CPU-intensive, but you can use parallel fuzzing with \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\". I used an 8-core PC and launched a \",/*#__PURE__*/e(\"code\",{children:\"Master\"}),\" \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\" instance:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"~/fuzz/sudo$ afl-fuzz -i input/ -o output/ -M fuzz01 /fuzz/sudo/bin/sudo\",language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"And launched 6 \",/*#__PURE__*/e(\"code\",{children:\"Slave\"}),\" instances on different consoles:\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"~/fuzz/sudo$ afl-fuzz -i input/ -o output/ -S fuzz02 /fuzz/sudo/bin/sudo\\n~/fuzz/sudo$ afl-fuzz -i input/ -o output/ -S fuzz03 /fuzz/sudo/bin/sudo\\n~/fuzz/sudo$ afl-fuzz -i input/ -o output/ -S fuzz04 /fuzz/sudo/bin/sudo\\n~/fuzz/sudo$ afl-fuzz -i input/ -o output/ -S fuzz05 /fuzz/sudo/bin/sudo\\n~/fuzz/sudo$ afl-fuzz -i input/ -o output/ -S fuzz06 /fuzz/sudo/bin/sudo\",language:\"Shell\"})})}),/*#__PURE__*/e(\"p\",{children:\"It looked like this:\"}),/*#__PURE__*/e(\"img\",{alt:\"Fuzz sudo parallel\",className:\"framer-image\",height:\"849\",src:\"https://framerusercontent.com/images/Djh2pA854HPLOQQsXrYO7XbvcQ.png\",srcSet:\"https://framerusercontent.com/images/Djh2pA854HPLOQQsXrYO7XbvcQ.png?scale-down-to=512 512w,https://framerusercontent.com/images/Djh2pA854HPLOQQsXrYO7XbvcQ.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/Djh2pA854HPLOQQsXrYO7XbvcQ.png?scale-down-to=2048 2048w,https://framerusercontent.com/images/Djh2pA854HPLOQQsXrYO7XbvcQ.png 2644w\",style:{aspectRatio:\"2644 / 1698\"},width:\"1322\"}),/*#__PURE__*/e(\"p\",{children:\"And just after a few minutes of fuzzing, one of the slaves showed 3 crashes!\"}),/*#__PURE__*/e(\"img\",{alt:\"Three crashes\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/Ca0MwMn4mxqMKaT8cr7Nq5mXUZI.png\",srcSet:\"https://framerusercontent.com/images/Ca0MwMn4mxqMKaT8cr7Nq5mXUZI.png?scale-down-to=512 512w,https://framerusercontent.com/images/Ca0MwMn4mxqMKaT8cr7Nq5mXUZI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/Ca0MwMn4mxqMKaT8cr7Nq5mXUZI.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/e(\"p\",{children:\"You can find here the payloads that caused the crashes:\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"~/fuzz/sudo$ ls output/fuzz03/crashes/id\\\\:00000*\\n4 output/fuzz03/crashes/id:000000,sig:06,src:000002+000209,time:276568,op:splice,rep:2\\n4 output/fuzz03/crashes/id:000001,sig:06,src:000125,time:404770,op:havoc,rep:8\\n4 output/fuzz03/crashes/id:000002,sig:06,src:000305,time:1623276,op:arith8,pos:20,val:-24\",language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"If we examine the contents of these payloads, we can see that they all invoked \",/*#__PURE__*/e(\"code\",{children:\"sudoedit\"}),\" with the \",/*#__PURE__*/e(\"code\",{children:\"-s\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"-i\"}),\" flags. \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\" mutated the original input payloads and eventually triggered the bug found by Qualys.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Bug triggered\",className:\"framer-image\",height:\"421\",src:\"https://framerusercontent.com/images/tNsqPDyCkuNINwwbhhK6M8aQUIw.png\",srcSet:\"https://framerusercontent.com/images/tNsqPDyCkuNINwwbhhK6M8aQUIw.png?scale-down-to=512 512w,https://framerusercontent.com/images/tNsqPDyCkuNINwwbhhK6M8aQUIw.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/tNsqPDyCkuNINwwbhhK6M8aQUIw.png 1919w\",style:{aspectRatio:\"1919 / 842\"},width:\"959\"}),/*#__PURE__*/t(\"p\",{children:[\"We can also replicate the crash by simply passing the offending payloads to our \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\":\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(o,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(r,{...t,code:\"~/fuzz/sudo$ /fuzz/sudo/bin/sudo < output/fuzz03/crashes/id:000000,sig:06,src:000002+000209,time:276568,op:splice,rep:2\\nmalloc(): invalid size (unsorted)\\nAborted\",language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"And you can use \",/*#__PURE__*/e(\"code\",{children:\"GDB\"}),\" to start the exploitation process:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Exploitation with GDP\",className:\"framer-image\",height:\"669\",src:\"https://framerusercontent.com/images/9Y7MAZVTVrELFREEEpZJduqCzw.png\",srcSet:\"https://framerusercontent.com/images/9Y7MAZVTVrELFREEEpZJduqCzw.png?scale-down-to=512 512w,https://framerusercontent.com/images/9Y7MAZVTVrELFREEEpZJduqCzw.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/9Y7MAZVTVrELFREEEpZJduqCzw.png 1549w\",style:{aspectRatio:\"1549 / 1339\"},width:\"774\"}),/*#__PURE__*/e(\"h2\",{children:\"Conclusion\"}),/*#__PURE__*/t(\"p\",{children:[\"It is easy to find crashes on software using \",/*#__PURE__*/e(\"code\",{children:\"AFL\"}),\" if you have the source code. What is unbelievable is that it took 10 years for a bug like this to be found on \",/*#__PURE__*/e(\"code\",{children:\"sudo\"}),\"!\"]})]});export const richText3=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Assume you set out to check and download your visa through the corresponding federal agency website in a country where you’re a foreigner. Then, amid your curious behavior, to your surprise, you realize that you can do something you are not supposed to be able to do on that website. It turns out that you can see and download many other people’s visas just by making a small change at the end of the URL. What do you think you should do in this kind of situation? To whom should you tell this, assuming, of course, that you do not intend to be a cybercriminal?\"}),/*#__PURE__*/t(\"p\",{children:[\"Well, such a scenario was \",/*#__PURE__*/e(n,{href:\"https://www.dw.com/es/colombia-falla-inform%C3%A1tica-expone-datos-de-550000-personas-extranjeras/a-56245939\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"recently faced\"})}),\" by a foreign individual who was about to check his visa (i.e., identification document as a foreigner) on the Colombian electronic visa platform. According to the Colombian news \",/*#__PURE__*/e(n,{href:\"https://lasillavacia.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"website La Silla Vac\\xeda\"})}),\" (LSV) \",/*#__PURE__*/e(n,{href:\"https://twitter.com/lasillavacia/status/1350221344231796747\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"on Twitter\"})}),\", it was on \",/*#__PURE__*/e(\"strong\",{children:\"January 13\"}),\" when this citizen with a fresh opportunity to work in this South American country discovered the platform’s issue. Specifically, this man could access a link through a QR code attached to his digital visa. And, from there, by changing the final numbers of that link, he could see and obtain not just his but other people’s visas on PDF without any restriction.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Perhaps this citizen hadn’t the foggiest idea of the magnitude of the snag. An estimated \",/*#__PURE__*/e(\"strong\",{children:\"550,000\"}),\" people had their data in that vulnerable information system at that time. Therefore, from any of them, our individual could obtain data such as the following: photograph, full name, date of birth, nationality, passport number, and job position. By the way, would this man actually be the first to notice this pitfall? How long ago did this vulnerability exist? Days, months? Questions with no answers shared publicly so far, it seems.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Anyway, following up on what was communicated on Twitter by LSV, our individual in question decided to write emails to the embassy, from where he got no solution, and then to the Ministry of Foreign Affairs, to receive no response. How the hell could that be possible? Okay, I forget for the moment that \",/*#__PURE__*/e(\"em\",{children:\"slow request processing\"}),\" is easy to find in the bureaucracy almost anywhere. Afterward, the individual allegedly initiated communication with LSV, and they were able to witness the security weakness on the electronic visa platform.\"]}),/*#__PURE__*/t(\"p\",{children:[\"That day, \",/*#__PURE__*/e(\"strong\",{children:\"January 15\"}),\", these journalists, apart from doing so on social networks, published \",/*#__PURE__*/e(n,{href:\"https://lasillavacia.com/bache-seguridad-amenazo-los-datos-extranjeros-y-cancilleria-no-sabia-79749\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"on their website\"})}),\" 'EVERYTHING' that was known so far about the issue. What did they do with their reckless conduct? They brought Christmas early for many malicious hackers, chiefly in Latin America. LSV revealed a cybersecurity vulnerability for which there was no implemented solution at that time. Though censoring URLs and people’s information, they gave a gif showing the platform error. Were they not aware of the harm they could be doing? Or were they just hurriedly thinking about their profits as a media outlet? Again, unanswered questions.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Nevertheless, LSV communicated by chatting the imbroglio to the appropriate authorities at the Ministry. This entity then said to LSV that it would soon remediate the vulnerability and, hours later, published a terse \",/*#__PURE__*/e(n,{href:\"https://www.cancilleria.gov.co/newsroom/news/cancilleria-informa-falla-sistema-informacion-plataforma-visas-electronicas\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"official bulletin\"})}),\" on the subject (see image below). However, it seems they did not suggest LSV remove the posts that were not far from looking like cybercrime incentives. Data that by law is supposed to be protected was at the mercy of many cunning individuals with obscure intentions of committing frauds such as identity theft and extortion. The next day (I don’t know how much time they disabled the platform service), the Technology Directorate closed the breach, and the Ministry distributed \",/*#__PURE__*/e(n,{href:\"https://www.cancilleria.gov.co/newsroom/news/cancilleria-informa-fue-solucionada-superada-falla-presentada-sistema-informacion\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"a new bulletin\"})}),\", only one sentence long.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Foreign Ministry report\",className:\"framer-image\",height:\"458\",src:\"https://framerusercontent.com/images/2qr2DAgkQ2k2JpujNwflZvtz54.png\",srcSet:\"https://framerusercontent.com/images/2qr2DAgkQ2k2JpujNwflZvtz54.png?scale-down-to=512 512w,https://framerusercontent.com/images/2qr2DAgkQ2k2JpujNwflZvtz54.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/2qr2DAgkQ2k2JpujNwflZvtz54.png 1919w\",style:{aspectRatio:\"1919 / 917\"},width:\"959\"}),/*#__PURE__*/t(\"h6\",{children:[\"Taken from \",/*#__PURE__*/e(n,{href:\"https://www.cancilleria.gov.co/newsroom/news/cancilleria-informa-falla-sistema-informacion-plataforma-visas-electronicas\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"cancilleria.gov.co\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"How many attackers could have taken advantage of this vulnerability? What image of Colombia’s national security does this event provide to foreigners? \",/*#__PURE__*/e(n,{href:\"https://www.enter.co/empresas/seguridad/la-falla-de-la-cancilleria-colombiana-que-expuso-miles-de-visas/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Are there similar\"})}),\" problems in this government’s systems (using the same technology) that have not been solved? Engaging questions, although I would like to keep focused on the vulnerability reporting issue at this point.\"]}),/*#__PURE__*/t(\"p\",{children:[\"As \",/*#__PURE__*/e(n,{href:\"https://globelivemedia.com/news/a-computer-error-by-the-colombian-foreign-ministry-made-the-visas-of-some-550000-foreigners-public/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Oakley for GlobeLiveMedia\"})}),\" said, some other people were also rejecting the publication by LSV. I repeat: they could have been calling for cybercrime! Their behavior was not appropriate or judicious in terms of disclosing an IT system vulnerability. However, before that, our individual should not have gone beyond failed communication with a couple of authorities to share his findings with a journalistic group. As suggested by Rafael Alvarez, Fluid Attacks' CTO, this man should have tried repeatedly to establish a conversation with the Ministry. Finding no response or being ignored, his next step should have been to contact an intermediary, such as the police.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Or, in his possible ignorance of what to do, why not resort to Google? This individual could easily have found the \",/*#__PURE__*/e(n,{href:\"http://www.colcert.gov.co/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"colCERT website\"})}),\", where people in Colombia can report cybercrime and related incidents. (Although, for example, \",/*#__PURE__*/e(n,{href:\"https://www.elespectador.com/opinion/la-importancia-de-reportar-fallos-en-sistemas-informaticos-del-estado/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Carolina Botero\"})}),', director of the Karisma Foundation, disqualifies this site for the appropriate reporting of vulnerabilities.) However, already in the hands of the media, continually looking for traffic generation, we could hardly expect responsible handling of this kind of data. \"Unfortunately —as Rafael said—, the search for fame by newspapers or pseudo-hackers always takes prisoner the common good, which in reality is what matters most here.\" LSV should have transmitted the event to the authorities and then waited long enough for the problem to be resolved before publishing the story. Those affected had to be informed in detail later, but mainly by the organization responsible for their data storage.']}),/*#__PURE__*/t(\"p\",{children:[\"Reading the \",/*#__PURE__*/e(n,{href:\"https://www.iso.org/standard/72311.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ISO/IEC 29147:2018\"})}),\" (about which I may emphasize more on a future occasion), a standard concerning 'vulnerability disclosure,' we find the following: \\\"The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities.\\\" Reduce the risk! In the end, in this case, none of the parties involved succeeded in doing so. It is real that the Ministry made a mistake with its IT infrastructure that kept the data of thousands of foreigners on exposure. But, for their part, the journalists made the situation public, conveying an implicit message: \",/*#__PURE__*/e(\"em\",{children:\"these people are in deep trouble, but it doesn’t matter if they get screwed even more; the right to information (and our recognition) must be above other principles\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Finally, as Rafael said, opportunities for improvement for organizations such as the Ministry arise in cases like this one where there were technical or methodological security failures. It is also true that companies responsible for their security should pay more attention to the management of reports and the implementation of standards (see ISO’s '\",/*#__PURE__*/e(n,{href:\"https://www.iso.org/ics/35.030/x/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"IT Security\"})}),\"'). In general, we could overcome the lack of knowledge on vulnerability reporting with, for instance, what \",/*#__PURE__*/e(n,{href:\"https://www.elespectador.com/opinion/la-importancia-de-reportar-fallos-en-sistemas-informaticos-del-estado/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Botero\"})}),\" recommended: the establishment of an easily accessible state-coordinated disclosure channel for the secure and transparent transmission of information.\"]}),/*#__PURE__*/t(\"p\",{children:[\"If you find yourself in a situation similar to that of the aforementioned foreign citizen, do not forget the following: \",/*#__PURE__*/e(\"strong\",{children:\"(1)\"}),\" Accessing third parties' sensitive data is a crime. \",/*#__PURE__*/e(\"strong\",{children:\"(2)\"}),\" There are intermediaries such as the police who can help. \",/*#__PURE__*/e(\"strong\",{children:\"(3)\"}),\" Social networks are not the right place to \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"report a vulnerability\"})}),\". On the other hand, all of us should strive to be more aware of the harm our actions can cause to others. That would be a good start to respond to some signs of unheeded moral principles.\"]})]});export const richText4=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/SolarWinds\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"strong\",{children:\"SolarWinds\"})})}),\", an American software company with nearly \",/*#__PURE__*/e(\"strong\",{children:\"300,000\"}),\" clients, including almost all \",/*#__PURE__*/e(\"em\",{children:\"Fortune 500\"}),\" companies and multiple federal agencies, received a critical, remarkable and surreptitious cyberattack. Incredibly, it was detected only in mid-December 2020, several months after its start. I’m referring to a 'supply chain attack' which, by its nature, still causes trouble nowadays. Let’s summarize what has happened so far.\"]}),/*#__PURE__*/t(\"p\",{children:[\"SolarWinds is a company focused on developing software for organizations to help manage their systems, networks, and infrastructure. Among its clients are the US Treasury and Commerce departments, which, as reported in \",/*#__PURE__*/e(n,{href:\"https://www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive-idUSKBN28N0PG\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Reuters\"})}),\" on \",/*#__PURE__*/e(\"strong\",{children:\"December 13\"}),\", had been victims of internal email traffic monitoring by, apparently, a group of Russian hackers. Some people involved then said that that event was related to the hack reported a few days ago by \",/*#__PURE__*/e(n,{href:\"https://www.fireeye.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"FireEye\"})}),\", a worldwide distinguished cybersecurity company.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/fireeye-one-of-the-worlds-largest-security-firms-discloses-security-breach/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"FireEye emphasized\"})}),\" a 'highly sophisticated' attack where the actors accessed their internal network, looked for data about their government clients, and even stole some of their \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/penetration-testing-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pentesting\"})}),\" tools. It was striking that they talked about observing a novel combination of techniques in this attack. Some sources associated it with the group \",/*#__PURE__*/e(\"strong\",{children:\"APT29\"}),\" or \",/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/Cozy_Bear\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Cozy Bear\"})})}),\", linked to the Russian Foreign Intelligence Service (SVR). However, FireEye preferred to be neutral and used the codename \",/*#__PURE__*/e(\"strong\",{children:\"UNC2452\"}),\". An official investigation by \",/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"CISA\"})}),\" and the FBI began because some individuals affected were seeing this whole incident as a cyberespionage campaign.\"]}),/*#__PURE__*/t(\"p\",{children:[\"All of this was part of the sizable SolarWinds breach, which seemed to have started several months ago. \",/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"The deployment of a malware-laced update\"})}),\" of the software \",/*#__PURE__*/e(n,{href:\"https://www.solarwinds.com/solutions/orion\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Orion\"})})}),\" (SolarWinds' platform for monitoring and managing enterprise networks) had infected many companies and government agencies' systems and networks. It corresponded to a 'supply chain attack,' where hackers hide a malicious code within a legitimate software update provided to the target by a third party. This kind of attack takes advantage of trust relationships, in this case, specifically the communication between machines for the software updating mechanism that users typically perceive as reliable. \",/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"SolarWinds confirmed that\"})}),\" Orion update versions \",/*#__PURE__*/e(\"strong\",{children:\"2019.4\"}),\" through \",/*#__PURE__*/e(\"strong\",{children:\"2020.2.1\"}),\", released in the first half of 2020, had been contaminated with a malware that FireEye called 'Sunburst' and Microsoft 'Solorigate.' Then, as a corrective measure, SolarWinds proposed to have ready by \",/*#__PURE__*/e(\"strong\",{children:\"December 15\"}),\" the new update \",/*#__PURE__*/e(\"strong\",{children:\"2020.2.1 HF2\"}),\" as a replacement with security improvements.\"]}),/*#__PURE__*/t(\"p\",{children:[\"At that time, it was known that \",/*#__PURE__*/e(\"em\",{children:\"SolarWinds.Orion.Core.BusinessLayer.dll\"}),\" was the Orion plug-in that hackers modified and distributed with the updates. \",/*#__PURE__*/e(n,{href:\"https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"It was digitally signed\"})}),\" and had a backdoor for communication with third-party servers managed by them. After a few weeks of inactivity, it executed commands that enabled the use and transfer of files, the disabling of services, as well as other operations on the system. \",/*#__PURE__*/e(n,{href:\"https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Attackers knew\"})}),\" how to avoid detection properly. Inside the target system, they made modifications to legitimate utilities with their malware, executed them, and then returned them to their normal state.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Later, on \",/*#__PURE__*/e(\"strong\",{children:\"December 17\"}),\", \",/*#__PURE__*/e(n,{href:\"https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Microsoft reported\"})}),\" they had distinguished more than \",/*#__PURE__*/e(\"strong\",{children:\"40\"}),\" of their clients (\",/*#__PURE__*/e(\"strong\",{children:\"80%\"}),\" of these companies located in the US) with Orion’s infected versions and intrusions of second-stage payloads to escalate attacks. Besides, they admitted that they were among the victims and that the attack was open-ended, although it was already public and different organizations had taken various protection measures. On the other hand, \",/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/microsoft-says-it-identified-40-victims-of-the-solarwinds-hack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"SolarWinds acknowledged\"})}),\" to the \",/*#__PURE__*/e(n,{href:\"https://www.sec.gov/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"SEC\"})}),\" that approximately \",/*#__PURE__*/e(\"strong\",{children:\"18,000\"}),\" of its customers (government and private networks) had installed the 'trojanized' Orion updates.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/a-second-hacking-group-has-targeted-solarwinds-systems/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(a.a,{children:[\"On \",/*#__PURE__*/e(\"strong\",{children:\"December 21\"})]})}),\", security researchers discovered a second actor threatening SolarWinds with 'Supernova' and 'CosmicGale' malware. Presumably, it was unrelated to Sunburst’s Russian hackers because of its unsophisticated methods. Also, at that time, the next step in escalation after Sunburst’s activity became clearer. As \",/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/a-second-hacking-group-has-targeted-solarwinds-systems/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Cimpanu for ZDNet said\"})}),', \"On infected networks, the malware would ping its creators and then download a second stage-phase backdoor trojan named Teardrop that allowed attackers to start a hands-on-keyboard session [or] human-operated attack.\" The spying powers of hackers were thus expanded, and they could even impersonate legitimate accounts. Regarding their case, ',/*#__PURE__*/e(n,{href:\"https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Microsoft said\"})}),\" that hackers were even able to see, but 'not modify,' part of their source code. Well, this occurrence certainly gave us plenty to ponder over.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(a.a,{children:[\"By \",/*#__PURE__*/e(\"strong\",{children:\"December 24\"})]})}),\", the media mentioned prominent victims in three groups: (1) US agencies, like the Pentagon, the State Department, and the National Nuclear Security Administration, (2) companies, such as Cisco and Intel, and (3) other organizations, like Kent State University. Days later, at the beginning of 2021, \",/*#__PURE__*/e(n,{href:\"https://www.theverge.com/2021/1/2/22210667/solarwinds-hack-worse-government-microsoft-cybersecurity\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"the media reported\"})}),\" \",/*#__PURE__*/e(\"strong\",{children:\"250\"}),\" federal agencies and businesses affected, and the list keeps growing. Data, users, passwords, and source code are the elements to which agents involved may be having access.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Vaughan-Nichols for ZDNet\"})}),' was right on the button when he said, \"While you’ve been distracted by the holidays, coronavirus, and politics, the more we learn about the SolarWinds security fiasco, the worse it looks.\" He didn’t mince his words, further suggesting, instead of an enhanced Orion update, to dump that software promptly and investigate \"the SolarWinds\\' mediocre security record.\"']}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/us-government-formally-blames-russia-for-solarwinds-hack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(a.a,{children:[\"On \",/*#__PURE__*/e(\"strong\",{children:\"January 5\"})]})}),\", a \",/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"joint statement\"})}),' from the FBI, CISA, ODNI, and NSA officially ascribed the threat (labeled \"an intelligence gathering effort\") to an author \"likely Russian in origin.\" ',/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/solarwinds-fallout-doj-says-hackers-accessed-its-microsoft-o365-email-server/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"The next day\"})}),\", the \",/*#__PURE__*/e(n,{href:\"https://www.justice.gov/opa/pr/department-justice-statement-solarwinds-update\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"US Department of Justice confirmed\"})}),\" that the hackers involved in this case had access to some of its employees' email accounts. \",/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/cisa-solarwinds-hackers-also-used-password-guessing-to-breach-targets/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(a.a,{children:[\"On \",/*#__PURE__*/e(\"strong\",{children:\"January 8\"})]})}),\", as another curious fact, CISA said these hackers also used \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/pass-cracking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"brute force\"})}),\" attacks to breach targets, not always relying on the trojanized update as the first attack vector.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/third-malware-strain-discovered-in-solarwinds-supply-chain-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"The following week\"})}),\", CrowdStrike detected a third malware strain, named 'Sunspot.' Surprisingly, this was the first malware used by malicious hackers in this supply chain attack, back in September 2019 (the time when their tests began). So —adding more details to the process—, Sunspot was installed on the build server to watch it for build commands that assembled Orion. Then, it replaced source code files inside the app to make way for Sunburst’s injection and the subsequent collection of data from internal networks. Depending on the importance of the target, the attackers decided whether to proceed using the robust Teardrop.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Moreover, \",/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/fourth-malware-strain-discovered-in-solarwinds-incident/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(a.a,{children:[\"on \",/*#__PURE__*/e(\"strong\",{children:\"January 19\"})]})}),\", Symantec reported a fourth malware called 'Raindrop' (similar to Teardrop), which appeared in the last stages of intrusion into exclusive networks. Undeniably, this SolarWinds issue doesn’t end here. And \",/*#__PURE__*/e(n,{href:\"https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"senior writers like Constantin\"})}),\" warn of a possible increase in the number of software supply chain attacks. In this advanced digital age, it seems that many organizations hadn’t paid heed to this as a threat model.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://www.zdnet.com/article/fireeye-releases-tool-for-auditing-networks-for-techniques-used-by-solarwinds-hackers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Investigations and countermeasures\"})}),\" continue in several organizations; even the incoming Biden government in the US is \",/*#__PURE__*/e(n,{href:\"https://www.csoonline.com/article/3603519/solarwinds-hack-is-quickly-reshaping-congress-s-cybersecurity-agenda.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"already committed to\"})}),' making cybersecurity a top priority and investing in a \"Rescue Plan.\" Beyond this extraordinary impact on systems and networks, confidence in cybersecurity has been widely affected without any doubt. In the midst of so much uncertainty about what lies ahead, the only thing that is clear for now is that much effort will be required to revitalize such confidence.']}),/*#__PURE__*/t(\"p\",{children:[\"Do you know about \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Fluid Attacks' service\"})}),\" for comprehensive testing of your systems' cybersecurity? Do you know that, besides other solutions, we provide \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"secure code reviews\"})}),\"? \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Get in touch with our team!\"})})]})]});export const richText5=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"A new form of \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ransomware\"})}),\" has emerged to welcome the new year, \",/*#__PURE__*/e(\"strong\",{children:\"2021\"}),\". We're referring to the \",/*#__PURE__*/e(\"strong\",{children:\"Babuk Locker\"}),\". A malicious software that is capable of encrypting some of your essential files to deny you access to them, and for which you should pay a ransom. \",/*#__PURE__*/e(n,{href:\"http://chuongdong.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Chuong Dong\"})}),\", a Computer Science student at \",/*#__PURE__*/e(n,{href:\"https://www.gatech.edu/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Georgia Tech\"})}),\" interested in cybersecurity, \",/*#__PURE__*/e(n,{href:\"http://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"reported it on January 3rd, 2021\"})}),\". (It seems that Dong saw Babuk mentioned in a tweet by \",/*#__PURE__*/e(n,{href:\"https://twitter.com/Arkbird_SOLG\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Arkbird\"})}),\" and, linked to it, finishing this post, I found an earlier \",/*#__PURE__*/e(n,{href:\"https://id-ransomware.blogspot.com/2021/01/babuk-ransomware.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"article in Russian by Amigo-A\"})}),\" published on January 1st, 2021.)\"]}),/*#__PURE__*/t(\"p\",{children:[\"According to Dong, this malware has not been obfuscated (\",/*#__PURE__*/e(n,{href:\"https://securityboulevard.com/2020/02/what-is-malware-obfuscation/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"malware obfuscation\"})}),\" makes the data or code difficult to understand) and is quite 'standard,' even amateurish in coding. Besides, it uses \\\"techniques we see such as multi-threading encryption as well as abusing the Windows Restart Manager similar to Conti and REvil\\\" (other forms of ransomware). However, this ransomware's encryption scheme allows it to stand out, being enough to prevent victims from recovering their systems and files efficiently and for free.\"]})]});export const richText6=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Babuk Locker's encryption scheme\"}),/*#__PURE__*/t(\"p\",{children:['The robust encryption scheme of Babuk Locker, as stated by Dong, includes \"SHA256 hashing, ChaCha8 encryption, and Elliptic-curve Diffie-Hellman (ECDH) key generation and exchange algorithm.\" ',/*#__PURE__*/e(n,{href:\"https://xorbin.com/tools/sha256-hash-calculator\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"SHA256\"})}),\" (SHA: Secure Hash Algorithm) is dedicated to generating a 256-bit (32-byte) hash value (we already saw what a \",/*#__PURE__*/e(\"em\",{children:\"hash\"}),\" is in \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-password-cracking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"my first post on Fluid Attacks' blog\"})}),\"). ChaCha8, on the other hand, is a \",/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/Stream_cipher\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"stream cipher\"})}),\", a better variant of \",/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/Salsa20\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Salsa20\"})}),\". These ciphers —both developed by professor \",/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/Daniel_J._Bernstein\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Daniel J. Bernstein\"})}),\"— encrypt plaintext messages (every bit of the message is encrypted one by one) by applying an algorithm with a pseudorandom cipher digit stream or a keystream. Finally, ECDH constitutes \",/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:'\"a key agreement'})}),\" protocol that allows two parties, each having an elliptic-curve public-private key pair, to establish a shared secret over an insecure channel.\\\" Undoubtedly, for many of us, it is sufficient with this information instead of going into encryption details. Let's keep an overview of this ransomware currently occupying our attention.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Babuk Locker's injection and operation\"}),/*#__PURE__*/t(\"p\",{children:[\"Babuk Locker appears as a 32-bit \",/*#__PURE__*/e(\"em\",{children:\".exe\"}),' file (i.e., \"',/*#__PURE__*/e(n,{href:\"https://id-ransomware.blogspot.com/2021/01/babuk-ransomware.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"BABUK.exe\"})}),'\", at least at first), but, as reported by ',/*#__PURE__*/e(n,{href:\"https://threatpost.com/ransomware-babuk-locker-large-corporations/162836/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"O'Donnell in Threatpost\"})}),', it is not clear how this malware \"is initially spread to victims.\" It seems, though, that the vehicle of infection, in this case, may not be far from the typical ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"phishing\"})}),' \"similar to other ransomware groups\\' approaches,\" said Dong. Indeed, for his part, ',/*#__PURE__*/e(n,{href:\"https://howtofix.guide/babuk-locker/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Brendan Smith in Howtofix\"})}),\" talks about \",/*#__PURE__*/e(\"em\",{children:\"only two\"}),\" forms of Babuk injection: email spam and trojans.\"]}),/*#__PURE__*/t(\"p\",{children:['When the threat actors launch Babuk Locker, they can employ \"a command-line argument to control how the ransomware should encrypt network shares and whether they should be encrypted before the local file system,\" notes ',/*#__PURE__*/e(n,{href:\"https://www.bleepingcomputer.com/news/security/babuk-locker-is-the-first-new-enterprise-ransomware-of-2021/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Abrams in BleepingComputer\"})}),\". Babuk, following an assigned list, can close or terminate a wide variety of Windows support services (e.g., system-monitoring services) and running processes (e.g., Office apps, mail servers, and web browsers) before encryption. Snuffing out these services and processes is something necessary for successful encryption by the malware. Additionally, Babuk tries to remove \",/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/Shadow_Copy\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"shadow copies\"})}),\" (i.e., backup copies or snapshots of files or volumes) before and after the encryption.\"]}),/*#__PURE__*/t(\"p\",{children:['As Abrams also points out, \"When encrypting files, Babuk Locker [uses] a hardcoded extension and [appends] it to each encrypted file.\" The specific extension currently used is \"',/*#__PURE__*/e(\"strong\",{children:\".__NIST_K571__\"}),'\". So, for example, if you have a file with the name \"summary_2020.docx\", it is transformed into \"summary_2020.docx.__NIST_K571__\". Also, a ransom note named ',/*#__PURE__*/e(\"em\",{children:\"How To Restore Your Files.txt\"}),\" (see the image below) appears in the folders containing encrypted files. It shows general information about the attack and instructions to follow for recovering data, including a link to a \",/*#__PURE__*/e(n,{href:\"https://www.torproject.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Tor\"})}),\" page (remember the \",/*#__PURE__*/e(\"em\",{children:\".onion\"}),\" domains we talked about \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-the-dark-web/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"a few weeks ago\"})}),\") to establish negotiation.\"]}),/*#__PURE__*/e(\"img\",{alt:\"To restore files\",className:\"framer-image\",height:\"395\",src:\"https://framerusercontent.com/images/QQy5Xjvg0p1h7qmANFBFLn9O4Y.png\",srcSet:\"https://framerusercontent.com/images/QQy5Xjvg0p1h7qmANFBFLn9O4Y.png?scale-down-to=512 512w,https://framerusercontent.com/images/QQy5Xjvg0p1h7qmANFBFLn9O4Y.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/QQy5Xjvg0p1h7qmANFBFLn9O4Y.png 1919w\",style:{aspectRatio:\"1919 / 791\"},width:\"959\"}),/*#__PURE__*/t(\"h6\",{children:[\"Image taken from \",/*#__PURE__*/e(n,{href:\"http://chuongdong.com/uploads/RansomNote.PNG\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"chuongdong.com\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"In addition, the ransomware operators can reveal the victims' names in their notes and demonstrate through images that they have stolen unencrypted files with data that they could expose (leak) on the Dark Web, specifically on a hacker forum, in case no agreement is reached. It seems that the subjects behind this Babuk Locker project do not currently have their own leak site (that could be launched soon, says Abrams). So, for now, they only resort to the forum to publish stolen data.\"}),/*#__PURE__*/t(\"p\",{children:['When both parties are chatting on the Tor site, the criminals start with two questions: \"Are you a recovery company?\" and \"Do you have insurance against ransomware programs?\" Then, before discussing prices, they ask the victim for some files (less than ',/*#__PURE__*/e(\"strong\",{children:\"10MB\"}),\") he/she wants to recover and subsequently request the \",/*#__PURE__*/e(\"em\",{children:\"ecdh_pub_k.bin\"}),\" file, where they can get the victims' public ECDH key that allows them to perform the decryption test. By this, they perhaps intend to demonstrate that this is a serious matter and that they are the party who calls the shots.\"]}),/*#__PURE__*/e(\"h2\",{children:\"You should be aware of Babuk Locker\"}),/*#__PURE__*/t(\"p\",{children:[\"Babuk Locker has already affected some companies (mainly manufacturers) 'worldwide,' which seemingly you could count on the fingers of one hand. (Reviewing the article by Amigo-A, this ransomware had already shown activity since last December, and it appears that the first known victim was an Italian company.) Babuk operators have established a pay range for the systems' release between \",/*#__PURE__*/e(\"strong\",{children:\"$60,000\"}),\" and \",/*#__PURE__*/e(\"strong\",{children:\"$85,000\"}),\" in Bitcoin. In fact, it was this higher value that one of the victim companies apparently agreed to pay, being the only one that has decided to do so, at least as reported until last week.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Based on O'Donnell's words, the number of ransomware attacks continues to grow, \\\"jumping by 350 percent since 2018.\\\" One of the most affected has been the healthcare sector, and how could it not be, when, amid a COVID-19 pandemic, its work has increased considerably, and its workers may show difficulties in concentration. The latter is a factor that many cybercriminals exploit nowadays. They send emails with files that some of your employees or coworkers may not think twice before opening. Babuk Locker, the 32-bit \",/*#__PURE__*/e(\"em\",{children:\".exe\"}),\" file, is another ransomware to add to the list, and everyone in your company should be aware of it!\"]}),/*#__PURE__*/t(\"p\",{children:[\"I hope you have enjoyed this post and remind you that we're looking forward to hearing from you here at Fluid Attacks. \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Do get in touch with us!\"})})]})]});export const richText7=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"47\"}),\" is the number of \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/red-team-exercise/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"red teaming\"})}),\" experts we can find in the book \",/*#__PURE__*/e(n,{href:\"https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Tribe of Hackers Red Team\"})}),\" written by Carey and Jin (2019). And we only have published three entries about it, each one dedicated to an expert in the following order: \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-1/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"(1.0) Carey\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-2/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"(2.0) Donnelly\"})}),\", and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-3/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"(3.0) Weidman\"})}),\". So, why not make room for a fourth entry? Or, is this starting to look like \",/*#__PURE__*/e(n,{href:\"https://www.imdb.com/title/tt0232500/?ref_=fn_al_tt_1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"The Fast and the Furious\"})}),\"? I’m just kidding!\"]}),/*#__PURE__*/e(\"img\",{alt:\"Fast & Furious\",className:\"framer-image\",height:\"400\",src:\"https://framerusercontent.com/images/CZZWapUSH74pfF6YpTuHQ28LxSw.png\",srcSet:\"https://framerusercontent.com/images/CZZWapUSH74pfF6YpTuHQ28LxSw.png?scale-down-to=512 512w,https://framerusercontent.com/images/CZZWapUSH74pfF6YpTuHQ28LxSw.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/CZZWapUSH74pfF6YpTuHQ28LxSw.png 1920w\",style:{aspectRatio:\"1920 / 800\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Image taken from \",/*#__PURE__*/e(n,{href:\"https://images-cdn.9gag.com/photo/ap580RB_700b.jpg\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Here I want to show you another standpoint on red teaming (another expert answering the same questions), with the corresponding recommendations for any of you, that’s all. The previous post displayed what we could consider, to some people’s astonishment, a 'strange' case. I mean, I presented one woman's ideas and advice related to \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ethical hacking\"})}),\", and that's rare because, unfortunately, at present, it's not common to see many girls practicing this profession.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Now, it would be interesting to read (why not to learn) about the opinions and recommendations of another 'curious' case. On this occasion, a person who does not appear in the referred book with his 'real' name. And, contrary to most of the experts interviewed, a person who does not display a picture in his section. Yes, apparently, it’s a man and uses the alias \\\"\",/*#__PURE__*/e(n,{href:\"https://twitter.com/tinkersec?lang=en\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Tinker Secor\"})}),'.\"']}),/*#__PURE__*/e(\"p\",{children:'Let’s see what we can get from this guy who served in the US Marine Corps, has worked as an intrusion detection analyst, and now is a \"full-scope penetration tester with experience in testing and bypassing the security of logical, physical, and social environments.\"'})]});export const richText8=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"For those hoping to be eager beavers on red teams\"}),/*#__PURE__*/e(\"p\",{children:'Tinker was recruited and trained to become a red analyst after gaining some blue experience and some reputation, especially giving talks concerning defense operations in the US Marine Corps. But we already know that it’s unnecessary to have gone through a blue team to belong to a red one. Indeed, as Tinker accurately says —when asked about the best way to get a red team job—, it is \"just like getting any job, you split your time between building up the skill sets required and networking.\" There you are!'}),/*#__PURE__*/e(\"p\",{children:'So, what does Tinker recommend you to build up your skill sets? First, \"study the following: systems, networks, virtual environments and cloud, [thick/web/mobile] applications, scripting, physical environments, social exchanges, [and] basic attacks [and] defenses.\" A lot of things to absorb, huh? Well, here’s what he puts forward about practicing: \"participate in scripting challenges, build a virtual lab inside your cheap laptop and install systems and connect them together through networking, and do capture-the-flag exercises online or at conferences.\"'}),/*#__PURE__*/e(\"p\",{children:'Conferences and meetups, that’s the kind of events Tinker suggests going to for setting up a network and \"hunting for a job\" (beyond the typical but not negligible online application). He even recommends volunteering at such events and, if it’s possible, organizing some of them. Of course, don’t forget to \"join some reputable online groups\"!'}),/*#__PURE__*/e(\"img\",{alt:\"Secor quote\",className:\"framer-image\",height:\"426\",src:\"https://framerusercontent.com/images/4S7hsfKO38hMeUm7ULUJ2Kro.png\",srcSet:\"https://framerusercontent.com/images/4S7hsfKO38hMeUm7ULUJ2Kro.png?scale-down-to=512 512w,https://framerusercontent.com/images/4S7hsfKO38hMeUm7ULUJ2Kro.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/4S7hsfKO38hMeUm7ULUJ2Kro.png 1919w\",style:{aspectRatio:\"1919 / 853\"},width:\"959\"}),/*#__PURE__*/e(\"h6\",{children:\"A quote from Tinker Secor.\"}),/*#__PURE__*/e(\"h2\",{children:\"For those already sweating blood on red teams\"}),/*#__PURE__*/t(\"p\",{children:['Tinker boils \"red teaming down to quality assurance.\" As simple as that. Therefore, when you intend to offer your services to some reluctant or nontechnical clients (reflecting no need for security), use some assessment as a demo, and prove to them that red teaming is really necessary nowadays if they want to ',/*#__PURE__*/e(\"em\",{children:\"guarantee quality\"}),\" in their systems not only for them but also for their customers or users.\"]}),/*#__PURE__*/e(\"p\",{children:\"A well-established red team should possess a clear as a day understanding of each of its members' particular skills. As Tinker says, it is common to see, in these groups, people who \\\"can do a little bit of everything.\\\" However, mainly in large projects, the leaders could delegate tasks according to the team members' special abilities and bring them together to discuss their evaluation and reporting activities at certain times.\"}),/*#__PURE__*/e(\"p\",{children:'Regarding what the client has to know after the red team obtains results in an assessment program, Tinker expresses the following: \"The biggest thing is to go through the attack methodology and show what worked […​] and what did not work in the attack.\" The idea is to let the client know the details of the path followed by each analyst together with the procedures carried out. Furthermore, apart from reporting vulnerabilities, Tinker recommends the delivery of information related to positive findings. \"Positive findings will include the security apparatus that prevented specific attacks as well as times where the blue team detected, responded to, and contained the attacks.\"'}),/*#__PURE__*/e(\"h2\",{children:\"For firms that in security aspire to be on the ball\"}),/*#__PURE__*/t(\"p\",{children:['\"Security quality assurance assessments and ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"penetration tests\"})}),\" can and should be conducted at all stages of a security maturity model.\\\" That's the answer Tinker gives to the question of when to introduce a red team into an organization's security program, for you to keep in mind. (You should not forget the term \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/devsecops-concept/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"DevSecOps\"})}),\".) After that, if it's possible for your company, following Tinker's advice, it'd be excellent to have a dedicated person or a team that continuously conducts \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ethical hacking\"})}),\" in your systems. (Have you heard about our main service of \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"continuous hacking\"})}),\"?)\"]}),/*#__PURE__*/t(\"p\",{children:[\"In addition, Tinker believes that for the sake of your firm, you should not employ only vulnerability scanners. It is better when you mix \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/penetration-testing-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"penetration tests\"})}),' with them. As he says, the two \"cover different areas and have different strengths and applications, and companies should employ both.\" According to him, it\\'s typical to see firms implementing vulnerability scan tools from top providers and using them to detect security issues, for then, after several months, remediate only some of them, usually ignoring medium and low severity findings. There is no creation of programs for managing and repairing vulnerabilities, and in subsequent analyses appear more extensive vulnerability lists, on which, again, no proper action is taken. (Now, I repeat the question for those companies that have fallen into that error but recognize it as such: Have you heard about our main service of ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"continuous hacking\"})}),\"?)\"]}),/*#__PURE__*/e(\"h2\",{children:\"That's all, folks!\"}),/*#__PURE__*/t(\"p\",{children:[\"Of course, you can access the complete information of the interview in \",/*#__PURE__*/e(n,{href:\"https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Carey and Jin’s book\"})}),\". Here I have just shared some highlights of the answers given by Tinker Secor, one of the \",/*#__PURE__*/e(\"strong\",{children:\"47\"}),\" red teaming experts you can find there. On the other hand, if you want to be part of the Fluid Attacks team, you can check out our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/careers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Careers\"})}),\" page, and if you require information about our services and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"solutions\"})}),\" for your company, please click \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here to contact us\"})}),\".\"]})]});export const richText9=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"Here we are in a third post with \",/*#__PURE__*/e(n,{href:\"https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Tribe of Hackers Red Team\"})}),\" by Marcus J. Carey and Jennifer Jin (2019) as reference. On previous occasions, we had appreciated opinions and received advice from two men, \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/red-teaming/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"red teaming\"})}),\" experts: \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-1/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"(1.0) Marcus Carey\"})}),\" and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-2/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"(2.0) Benjamin Donnelly\"})}),\". Now is the time to open up space for the female gender within this enthralling context. Few women appear in the cited book, just as few women work in red teams such as Fluid Attacks. In fact, they still do not have much presence in the area of \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ethical hacking\"})}),\", something we would like to contribute to change. That's why in this post, like a little incentive, we want to focus on the point of view and some recommendations of \",/*#__PURE__*/e(n,{href:\"https://twitter.com/georgiaweidman\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Georgia Weidman\"})}),' —\"serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author\"— for those of us interested in ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/red-team-exercise/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"red teaming\"})}),\".\"]})});export const richText10=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"For those hoping to be eager beavers on red teams\"}),/*#__PURE__*/t(\"p\",{children:[\"As it happened with Benjamin Donnelly (see \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-2/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"the previous post\"})}),'), Georgia started her red teaming career after participating at college in a cyber defense competition. And though she declares herself as a person with reduced social skills, at least \"to talk to someone one on one,\" that hasn\\'t stopped her from establishing networks and from getting opportunities to work on red teams. This has been strengthened by her research on security, lecture presentation and training classes as a volunteer.']}),/*#__PURE__*/t(\"p\",{children:[\"In 2014, Georgia published a book titled \",/*#__PURE__*/e(n,{href:\"https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Penetration Testing: A Hands-On Introduction to Hacking\"})}),'. She recommends it \"for new people to learn about hacking in a controlled environment.\" Besides, for those interested in gaining red team skills (without illegal activity), Georgia suggests participating in competitions such as ',/*#__PURE__*/e(n,{href:\"https://medium.com/@thehackersmeetup/beginners-guide-to-capture-the-flag-ctf-71a1cbd9d27c\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"capture the flag (CTF)\"})}),'. There, one has the consent to attack the targets in different time frames. She says: \"In general, as long as you are practicing on systems, applications, etc., that you own or have express permission to attack, you are learning ethically.\"']}),/*#__PURE__*/t(\"p\",{children:['It is striking something that Georgia mentions in relation to what she expects from people who apply for interviews as potential red team members. Besides good communication skills with technical and non-technical audiences, she requests professionals passionate about the field. Then she says, \"',/*#__PURE__*/e(\"strong\",{children:\"I'm not looking for people who work their 9 to 5 and go home and play video games all night.\"}),'\" (Have you noticed how many hours a day you spend on video games? Do you think you really know how to manage your time?) It is essential for her to have persons who do security research and present it to the world through any available means of communication. Georgia looks for individuals who, when they recognize they lack some skill in a particular area, do their best to get the corresponding knowledge.']}),/*#__PURE__*/e(\"h2\",{children:\"For those already sweating blood on red teams\"}),/*#__PURE__*/t(\"p\",{children:['When Carey and Jin ask Georgia about rules of engagement (arrangement to work for a client), she poses something that we can often find in this field. \"Naturally, given how so much of our society sees hackers —as criminal masterminds dead set on destroying the world just to show their rivals they can— many organizations have an understandable reluctance to allow security testers to attack their organization.\" For this reason, the rules of engagement defined prior to the start of ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/security-testing-fundamentals/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"security testing\"})}),\" within each project will vary in their rigor according to the client's comfort. And this is one thing we must always respect.\"]}),/*#__PURE__*/e(\"p\",{children:'Georgia later accurately expresses: \"breaking the rules of engagement, even if you think it makes the testing more real-world authentic, only feeds into the notion that ethical hackers are just malicious attackers with a cover job.\" Well, and not only that. Violating the rules of a contract can even lead to some penalty or merely the annulment of the agreed fee, as well as to the loss of a client for the future and, why not, to damage the reputation of the team.'}),/*#__PURE__*/t(\"p\",{children:['Georgia says that \"the most valuable part of security testing is not getting domain admin but rather leaving the customer with a clear understanding of their security shortcomings and an actionable plan for how to fix them.\" According to her, remediation recommendations from automated tools are often not in line with business plans and, therefore, not applicable. It is for this reason that detailed and contextualized ideas from security professionals can be much more valuable for ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"vulnerability management\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:'Immediately afterward, what Georgia remarks connects perfectly with what we at Fluid Attacks do through our platform. \"For me it\\'s important to not only clearly explain my results but also keep an open dialogue with the client blue team as they work through remediating the issues in case they have any questions.\" In addition, as an essential complement to the above, she mentions remediation validation —which, for instance, in our company, we carry out with reattacks— always to ensure that the identified and reported vulnerabilities have been successfully closed.'}),/*#__PURE__*/e(\"img\",{alt:\"Weidman quote\",className:\"framer-image\",height:\"480\",src:\"https://framerusercontent.com/images/xyOsWC5ccWcbAQPaXqO2Dy9M.png\",srcSet:\"https://framerusercontent.com/images/xyOsWC5ccWcbAQPaXqO2Dy9M.png?scale-down-to=512 512w,https://framerusercontent.com/images/xyOsWC5ccWcbAQPaXqO2Dy9M.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/xyOsWC5ccWcbAQPaXqO2Dy9M.png 1920w\",style:{aspectRatio:\"1920 / 960\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Georgia's original picture, taken from \",/*#__PURE__*/e(n,{href:\"https://pbs.twimg.com/media/CrYuOfaWcAAXM3u.jpg\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pbs.twimg.com\"})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"For firms that in security aspire to be on the ball\"}),/*#__PURE__*/t(\"p\",{children:['\"Many customers reach out to me looking for red teaming or penetration testing when really what they need to start is vulnerability scanning or help developing a basic security program.\" This is a crucial point Georgia remarked for companies. In their ignorance, some firms believe that red teaming is necessary ',/*#__PURE__*/e(\"em\",{children:\"immediately\"}),' when their security posture is not yet robust, and what will be detected first are \"missing patches, default passwords, and similar low-hanging fruit.\" In these cases, according to Georgia, scanners or automated processes should be used more often. That is what we do at Fluid Attacks with our tool at the beginning of projects, looking for known superficial and deterministic vulnerabilities to remediate ASAP.']}),/*#__PURE__*/t(\"p\",{children:[\"Make sure you resolve the most simple security problems first, then beef up your system with all the measures suggested by security experts, and finally submit it to the dexterity of ethical hackers for thorough \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pentesting\"})}),\".\"]}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:\"It takes a more sophisticated attacker to gain access to a more robust organization, and thus it takes more skill, time, and effort on the part of the security testers. —Georgia Weidman\"})}),/*#__PURE__*/e(\"h2\",{children:\"That's all, folks!\"}),/*#__PURE__*/t(\"p\",{children:[\"If you want to know about our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/security-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"security testing\"})}),\" solution for your company, you can \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"contact us here\"})}),\". I hope you enjoyed reading this post, the third in the Tribe of Hackers Red Team series. See you soon!\"]})]});export const richText11=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"In July this year, \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-1/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"I wrote a post\"})}),\" based on the book \",/*#__PURE__*/e(n,{href:\"https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:/*#__PURE__*/e(\"em\",{children:\"Tribe of Hackers Red Team\"})})}),\" by Marcus J. Carey and Jennifer Jin (2019). On that occasion, I presented a short description of the book, which is primarily aimed at all those interested in \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/red-team-exercise/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"red teams\"})}),\" (Fluid Attacks, for example, is a \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/red-teaming/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"red team\"})}),\"). Additionally, I referred to Marcus's answers to the questions that he and Jin then addressed to the more than 40 experts that appear in their book. For this post, I will focus on what was shared by one of those red team experts. I hope it will be of your interest —bear in mind the meaningful value other people's experiences will always have for our learning.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In this case, we have the \",/*#__PURE__*/e(n,{href:\"https://en.everybodywiki.com/Benjamin_Donnelly_(polymath)\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"American-Canadian\"})}),' engineer Benjamin Donnelly, who \"has worked as part of teams hacking such things as prisons, power plants, multinationals, and even entire states.\" He has participated in research projects like the DARPA-funded Active Defense Harbinger Distribution (',/*#__PURE__*/e(n,{href:\"https://www.activecountermeasures.com/free-tools/adhd/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ADHD\"})}),\") and was the \",/*#__PURE__*/e(n,{href:\"https://www.irongeek.com/i.php?page=videos/derbycon4/t108-ball-and-chain-a-new-paradigm-in-stored-password-security-benjamin-donnelly-and-tim-tomes\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Ball and Chain cryptosystem\"})}),\"'s creator.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Ben got closer to the world of red teams when, being in high school, he participated in a competition of the US cyber education program \",/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/CyberPatriot\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"CyberPatriot\"})}),\". Although his training there was more geared towards the \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/purple-team/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"blue team\"})}),'\\'s work, he managed to move into the \"red arts\" and began participating in ',/*#__PURE__*/e(n,{href:\"https://www.sans.org/cyber-ranges/netwars-tournaments/core/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"NetWars\"})}),\" tournaments. There, competing against professionals, Ben began to gain recognition for his skills and even succeeded in getting a job with a \",/*#__PURE__*/e(n,{href:\"https://www.sans.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"SANS\"})}),\" instructor. After that, and certainly through hard work, he obtained the official job title of \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"penetration tester\"})}),\"/security researcher.\"]})]});export const richText12=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"For those hoping to be eager beavers on red teams\"}),/*#__PURE__*/e(\"p\",{children:\"Benjamin gives some recommendations to get a job in a red team. What he initially suggests is to recognize subtle differences between companies that perform this kind of work. Therefore he separates them into two groups, and for each case, he offers some advice.\"}),/*#__PURE__*/t(\"p\",{children:['Ben refers to the first group as \"the computer network operator-type team,\" which focuses on exploiting networks or systems through diverse frameworks and hacking tools. The ways in which the attackers can gain and leverage access are then reported to the client. Accordingly, Benjamin comments: \"If you want to join one of these teams, you need to be focusing on training on breach simulation because that’s what their world is all about.\" Indeed, at Fluid Attacks ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-breach-attack-simulation/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"breach and attack simulation\"})}),\" is part of our job. Moreover, Ben says that you don’t usually need lots of certificates for a job like this, and you don’t even have to possess college degrees if you have enough skills and make yourself known. Such is the case for working with us as an \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/careers/openings/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ethical hacker or pentester\"})}),\", for example.\"]}),/*#__PURE__*/t(\"p\",{children:['Ben refers to the second group as \"the security engineering-type team.\" According to him, they are focused on creating and auditing complex solutions to improve \"the technical sophistication and security of a given software or hardware system.\" This team prioritizes system analysis from various perspectives and responds with the necessary controls to possible attack vectors that hackers might use on particular systems. And although I see this kind of work as more related to blue teams, I could also associate it with the position of ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/careers/openings/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"IT security architects\"})}),' at Fluid Attacks. By the way, a university degree is not required in our company to apply for this job either. But as Ben says, for both groups, \"you\\'ll want some combination of computer science and information technology knowledge.\"']}),/*#__PURE__*/e(\"p\",{children:'According to Ben, learning the necessary basic skills (e.g., manipulation of infrastructure) working in computer network defense positions will facilitate your transition to a job within a red team. \"You’ll learn about what it is that attackers do as you learn to anticipate them.\" On the other hand, apart from the technical aspect, this young expert recommends working on some attitudes. He suggests keeping active the dispositions to ask questions, recognize without problems the ignorance on one or another subject, and correct oneself.'}),/*#__PURE__*/e(\"h2\",{children:\"For those already sweating blood on red teams\"}),/*#__PURE__*/e(\"p\",{children:'From Ben’s perspective, the red team’s work is curiously more efficient when done individually. He refers to interpersonal communication as a big problem because this profession involves enormous amounts of information. Besides, the operations that are carried out are often very complex and highly specific. From his experience, Ben says: \"We have to work out what’s happening inside [the system] by tracking huge numbers of variables indicated by external responses (such as error messages). Communicating exactly what is happening (and when) to each other can be a huge challenge.\"'}),/*#__PURE__*/t(\"p\",{children:[\"However, Ben shows a strong interest in collaboration when working with blue teams and prefers the \",/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/Gray_box_testing\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"gray-box testing method\"})}),' instead of the black-box. (Nevertheless, the approach to be used regularly depends on what the organization you are working for chooses.) Ideally, for him, the analysts would be \"testing discrete sections of the application/network to understand the threats posed to exactly that portion of the system independent of any other protective layers.\"']}),/*#__PURE__*/e(\"img\",{alt:\"Donnelly quote\",className:\"framer-image\",height:\"426\",src:\"https://framerusercontent.com/images/onKAFdFTYjkFXGF6Un5IQam5Es.png\",srcSet:\"https://framerusercontent.com/images/onKAFdFTYjkFXGF6Un5IQam5Es.png?scale-down-to=512 512w,https://framerusercontent.com/images/onKAFdFTYjkFXGF6Un5IQam5Es.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/onKAFdFTYjkFXGF6Un5IQam5Es.png 1919w\",style:{aspectRatio:\"1919 / 853\"},width:\"959\"}),/*#__PURE__*/t(\"h6\",{children:[\"Benjamin’s original picture taken from \",/*#__PURE__*/e(n,{href:\"https://web.archive.org/web/20190929024550/https://pbs.twimg.com/profile_images/1092476712741302272/Ss5tKSjh_400x400.jpg\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pbs.twimg.com\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"For Ben, red teams' members should not orient their work towards the \",/*#__PURE__*/e(\"em\",{children:\"I’m living a hacker’s life\"}),' posture, desiring only to impress other people. This profession should have among its central objectives to help security teams optimize their systems\\' or software’s security. That’s why he says: \"If questioned, I consider it my job to tell the product team literally everything I know. If they can hold all that knowledge, then I as a red cell professional need to move on and discover more.\" By the way, and as a fundamental aspect to take into account in the reports you have to make, Ben suggests the following: \"Be detailed, correct, and honest.\"']}),/*#__PURE__*/e(\"h2\",{children:\"For firms that in security aspire to be on the ball\"}),/*#__PURE__*/e(\"p\",{children:\"When Ben is asked about the least effective security control currently in use, he seems to refer without hesitation to firewall technology. \\\"All these expensive 'security' devices that seem to keep selling like hotcakes are effectively capable of stopping 0 percent of technically sophisticated adversaries.\\\" The biggest problem is that many people who choose to access such technology are unaware of its actual capabilities.\"}),/*#__PURE__*/t(\"p\",{children:['One of Ben’s most important recommendations in preventing attacks on systems or networks is \"one hundred percent client (host) isolation.\" According to him, few companies currently in their networks require systems to communicate directly with each other. Cloud services have become especially relevant recently, and business applications do not have to live ',/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/On-premises_software\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"on-premises\"})}),'. The implementation of isolation helps enormously prevent attacks in which hackers could \"gain access to and exploit your network resources.\" Ben concludes this part by saying: \"Without device-to-device access, how am I supposed to find and exploit unpatched servers or workstations on your network? How am I supposed to pivot laterally? How am I supposed to relay credentials or access a rogue ',/*#__PURE__*/e(n,{href:\"https://en.wikipedia.org/wiki/Server_Message_Block\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"SMB\"})}),' shared directory?\"']}),/*#__PURE__*/e(\"h2\",{children:\"That’s all, folks!\"}),/*#__PURE__*/t(\"p\",{children:[\"All these were fairly simple yet worthwhile tips and ideas drawn from what Benjamin Donnelly shared on \",/*#__PURE__*/e(\"em\",{children:\"Tribe of Hackers Red Team\"}),\". I hope you enjoyed them. If you'd like to know more about our red team at Fluid Attacks, please do not hesitate to \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"contact us\"})}),\".\"]})]});export const richText13=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"A few days ago, Mauricio Gomez, our co-founder and chairman, had an \",/*#__PURE__*/e(n,{href:\"https://www.safetydetectives.com/blog/interview-mauricio-gomez-fluid-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"interview with Safety Detectives\"})}),\". It was conducted by Aviva Zacks, their content manager, writer and editor. She is continuously posting interviews with cybersecurity 'thought leaders' on her company's blog.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In this interview, Gomez describes in general terms what Fluid Attacks is. He talks about the services and solutions we offer, and the methodologies we employ as a \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/products/ptaas\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pentesting team\"})}),\" constantly \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"searching for vulnerabilities\"})}),\". He also gives an opinion about the current cyber-threats and the susceptibility of many companies to being attacked. The recent and sudden transformations in the modes of working and the tools used in the COVID-19 pandemic are factors of extraordinary importance for him.\"]}),/*#__PURE__*/t(\"p\",{children:[\"To read the interview, please click \",/*#__PURE__*/e(n,{href:\"https://www.safetydetectives.com/blog/interview-mauricio-gomez-fluid-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\"!\"]})]});export const richText14=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"This post is the third and last part of the \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/cybersecurity-2020-21-i/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"State of Cybersecurity 2020-21\"})}),\". Of course, to close the subject, we have to emphasize the year that is soon to come, and for which many people in the field of cybersecurity are making some predictions.\"]}),/*#__PURE__*/e(\"p\",{children:\"Let's start with some of them:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"For some years now, \",/*#__PURE__*/e(n,{href:\"https://cybersecurityventures.com/annual-cybercrime-report-2020/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Cybersecurity Ventures' researchers\"})}),\" have proposed that the global annual cost of cybercrime by 2021 will be \",/*#__PURE__*/e(\"strong\",{children:\"$6 trillion\"}),\". This would double the value reported in 2015.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"They also predicted that ransomware, by 2021, worldwide, will cost \",/*#__PURE__*/e(\"strong\",{children:\"57\"}),\" times more than five years ago, reaching \",/*#__PURE__*/e(\"strong\",{children:\"$20 billion\"}),\", and with a new victim \",/*#__PURE__*/e(\"strong\",{children:\"every 5 seconds\"}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"In terms of global spending on cybersecurity services and products, in 2004, it was worth \",/*#__PURE__*/e(\"strong\",{children:\"$3.5 billion\"}),\", which grew approximately \",/*#__PURE__*/e(\"strong\",{children:\"35\"}),\" times in 13 years. In the next five years, from 2017 onwards, \",/*#__PURE__*/e(n,{href:\"https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2019-to-2021/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"this value is predicted\"})}),\" to exceed \",/*#__PURE__*/e(\"strong\",{children:\"$1 trillion\"}),\" on a cumulative basis.\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"Apparently, based on \",/*#__PURE__*/e(n,{href:\"https://www.enisa.europa.eu/news/enisa-news/enisa-threat-landscape-2020\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"ENISA's report\"})}),\", we'll continue to see an increase in malware activity in the coming years. These cyber threats are regularly improving their characteristics, including, for example, \",/*#__PURE__*/e(n,{href:\"https://www.enisa.europa.eu/publications/emerging-trends\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"new propagation mechanisms\"})}),\". File types like disc image files (i.e., IMG, ISO) are becoming famous for spreading malware, apart from the typical XLS, PDF, DOC and ZIP files. Once the malware is installed, it allows recognition and movement on the victim's systems and affects their operation or steals data.\"]}),/*#__PURE__*/t(\"p\",{children:['On the other hand, there are omens about the expansion of attacks on the mobile sector. Users are now more and more dependent on it, even in their businesses. \"',/*#__PURE__*/e(n,{href:\"https://www.enisa.europa.eu/publications/emerging-trends\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Fraudulent apps\"})}),', SIMJacking and operating systems exploits make these devices the weakest link.\" Similarly, ',/*#__PURE__*/e(n,{href:\"https://techjury.net/blog/cyber-security-statistics/#gref\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"there are current warnings\"})}),\" about the possible growing impact of attacks on companies via IoT devices. These machines are increasing in number and have the reputation of not being up to date in terms of security. They can mean easy entry points into companies' networks for cybercriminals.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Highly planned and targeted ransomware attacks on the public sector, especially government and healthcare organizations, may keep their expansion during the COVID-19 pandemic. We'll undoubtedly continue to observe what is currently presented \",/*#__PURE__*/e(n,{href:\"https://www.enisa.europa.eu/publications/emerging-trends\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"in ENISA as an emerging trend\"})}),': \"Attackers […​] spending more time gathering intelligence about their victims, knowing exactly what to encrypt, achieving maximum disruption and higher ransoms.\"']}),/*#__PURE__*/t(\"p\",{children:[\"For more information on what's currently representing a trend among cybercriminals and may continue to do so in the near future, we invite you to check \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/cybersecurity-2020-21-ii/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"the first post of this series\"})}),\". At this point, we want to highlight some preventive approaches that we believe will continue being trends in the coming year.\"]})]});export const richText15=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Some preventive trends in 2021\"}),/*#__PURE__*/e(\"h3\",{children:\"Shift to the left\"}),/*#__PURE__*/t(\"p\",{children:[\"A crucial suggestion for your organization's security, which we at Fluid Attacks never get tired of sharing, is to shift the 'security element' to the left. In short, this means that any company creating or using software (almost all of them today) should think about its security and apply it from the beginning. This methodology belongs to the \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-devsecops/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"DevSecOps\"})}),\" approach. There, security testing must be \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/continuous-hacking\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"continuous\"})}),\" —covering the whole software development lifecycle (SDLC)—, and ensures significant savings in time and money. Then, for the next year, many businesses should move away from the approach of searching for and identifying vulnerabilities in their systems and software only after deployment to production. In such cases, attackers may already have access to the gaps. And these issues may not be immediately remediated and may require considerable time, effort and money due to their quantity and complexity.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Secure hosting in the cloud\"}),/*#__PURE__*/t(\"p\",{children:[\"Cloud services adoption will continue to increase over the next year as multiple firms adapt to the much-requested remote working. (Learn \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/remote-work/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"here\"})}),\" about our experience.) These firms should be aware of the flaws (mainly related to unintended misconfigurations) that are often reported regarding this type of service. Defects that have many times resulted in significant data breaches. On their side, cloud service providers have the challenges of keeping solutions up to date and, at the same time, implementing methods for identifying configuration errors asap.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Employees educated in security\"}),/*#__PURE__*/t(\"p\",{children:[\"Concerns will remain in many companies because \",/*#__PURE__*/e(n,{href:\"https://securityscorecard.com/blog/6-cybersecurity-trends-predictions-for-2021\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"some remote workers are not familiar\"})}),\" with proper security controls and practices. We have already mentioned that attackers are at this time paying too much attention to the human factor to penetrate organizations' systems. And they'll surely keep on doing so. That's why training staff and creating a cybersecurity culture will continue to be a priority to protect data assets.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Cybersecurity with multidisciplinary teams\"}),/*#__PURE__*/e(\"p\",{children:\"Linked to the previous trend appears another one that will continue to be outstanding next year. It refers to the formation of multidisciplinary teams focused on cybersecurity. We had already mentioned the lack of trained personnel in this area and the number of vacancies not being filled. However, different professionals from their particular skills and experiences will provide companies with diverse contributions to respond to cybersecurity challenges and opportunities. Cybersecurity is no longer an issue that only engineers will work on. We'll also have professionals in statistics, economics, cognitive science, business, political science, among other areas of knowledge.\"}),/*#__PURE__*/e(\"h3\",{children:\"Reevaluate cybersecurity\"}),/*#__PURE__*/t(\"p\",{children:[\"Companies will need to continually reevaluate their cybersecurity, protect every endpoint and maintain necessary security controls after this digital transformation forced by the pandemic. Many organizations concerned with their security, following \",/*#__PURE__*/e(n,{href:\"https://www.enisa.europa.eu/publications/emerging-trends\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"many decision-makers' advice\"})}),\", will begin to employ \",/*#__PURE__*/e(n,{href:\"https://www.cybersecurity-insiders.com/7-ways-youll-need-to-approach-cybersecurity-after-covid-19/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"a zero-trust approach\"})}),\", implementing a strict restriction of access and verification of everything. They should always recognize that although in most cases the threats are external, criminals can also be part of their staff. A firm adequately prepared for cyber threats in 2021 will appreciate the benefit of handling multi-factor authentication processes. It will also ensure that its employees create sufficiently complicated passwords and change them with a specific frequency. Some companies will even start \",/*#__PURE__*/e(n,{href:\"https://www.ownlydigital.com/blog/cyber-security-trends-and-threats-in-the-industry-in-2020/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"using biometric authentication methods\"})}),\", such as face verification for their staff, and why not, for their customers or users.\"]}),/*#__PURE__*/e(\"h3\",{children:\"A mixture of automatic and manual work\"}),/*#__PURE__*/t(\"p\",{children:[\"By 2021 the idea of valuing and recommending manual more than automatic work will be kept active, just for a matter of results. As discussed \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/cybersecurity-2020-21-ii/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"in part II\"})}),\", the excess of false negatives and positives in automatic tools' operations continues to make ethical hackers an essential factor in evaluating IT security. Following the \",/*#__PURE__*/e(\"em\",{children:\"x\"}),\" or \",/*#__PURE__*/e(\"em\",{children:\"y\"}),\" technique, an automated procedure delivering results will always be insufficient compared to a comprehensive process covering a mixture of automatic and manual hacking. The technological advances are quite useful to us as they are to you. However, we recommend that you do not let yourself be seduced by the skills that many firms intend to confer on their testing tools.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Conclusion\"}),/*#__PURE__*/t(\"p\",{children:[\"Finally, hoping that we'll see a more clear and promising future amid \",/*#__PURE__*/e(n,{href:\"https://www.nature.com/articles/d41586-020-02278-5\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"so much uncertainty\"})}),\", many businesses must continue their adaptation in cybersecurity. With the help of experts, each company persistently has to stay informed about the risks and the best prevention strategies to be implemented right away. Besides, every staff must be trained as a group and maintain a collaborative effort that in 2021 and the next years will allow their systems and assets to be as protected as possible.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Do you have any questions? Do not hesitate to \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"contact us\"})}),\"!\"]})]});export const richText16=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"In \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/cybersecurity-2020-21-i/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"the previous part\"})}),\", we focused our attention mainly on some current trends of cybercriminals. Now we intend to make room for the preventive and defensive sectors in cybersecurity, estimating some important tendencies in 2020. These trends are related, in different degrees, to the approaches, methodologies, and activities that we carry out at Fluid Attacks. A red team focused on detecting vulnerabilities in IT systems. That's why we'll also speak here from our experience.\"]})});export const richText17=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Cybersecurity as a necessity and responsibility\"}),/*#__PURE__*/e(\"p\",{children:\"Cybersecurity has gained particular relevance as a necessity. This is partly due to the sudden changes in the structure and ways of working that many companies and organizations have not long ago experienced around the world. Of course, this is also related to the growing activity of IT criminals. However, many businesses and public entities have not adequately addressed this need. And some of them have been victims of cyberattacks, often of disastrous scale. That's why it's recommended for many people to rethink their cybersecurity strategies. Even for some of them, it's advisable to reevaluate their attitude towards cybersecurity and their knowledge on the subject.\"}),/*#__PURE__*/t(\"p\",{children:[\"That's something that applies in the case of cybersecurity compliance requirements. Some firms are ignoring the function of those requirements. Many of them focus only on avoiding any sanction from some standard but leaving aside the incorporation of solid cybersecurity plans. At Fluid Attacks, we have maintained a set of \",/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/criteria/requirements\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"requirements\"})}),\" under construction and evaluation. It gathers information from more than ten international standards. The companies that work with us find it useful to go beyond mere security compliance.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Technology advances yet best practices remain\"}),/*#__PURE__*/t(\"p\",{children:[\"It's no secret to anyone: malicious hackers have kept up with technological and methodological advances. The same applies to the prevention and defense sectors. However, as \",/*#__PURE__*/e(n,{href:\"https://www.bankinfosecurity.com/cybercrime-review-hackers-great-covid-19-cash-in-a-15037\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Schwartz puts it\"})}),', \"security experts say the basic best practices that an organization should pursue to protect itself largely remain constant.\" It\\'s now typical for us to listen and at the same time recommend, for instance, the careful ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-password-cracking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"management of passwords\"})}),\" and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-credential-stuffing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"multi-factor authentication\"})}),\" and the proper administration of privileges (limiting access). We also advise the constant updating of components and dependencies (including software employed as defense, e.g., secure email gateway, antiviruses, firewalls) and the continued use of the latest patches for known vulnerabilities.\"]}),/*#__PURE__*/t(\"p\",{children:[\"As a curious fact, \",/*#__PURE__*/e(n,{href:\"https://techjury.net/blog/cyber-security-statistics/#gref\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"it is said that\"})}),\" currently, only \",/*#__PURE__*/e(\"strong\",{children:\"1%\"}),\" of the attack vectors used by cybercriminals correspond to new methods for cybersecurity professionals. In other words, we have a lot of knowledge to identify and repair almost all the existing vulnerabilities on which criminals take advantage. Conflict arises when the necessary tools and trained personnel are not available or by simple carelessness.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Talent in cybersecurity is still lacking\"}),/*#__PURE__*/t(\"p\",{children:[\"At this point, it is convenient to remember what \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/trends-2020-ii/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Arango shared with us\"})}),\" in April this year in regards to current trends in cybersecurity. Today, there's something that has become a common denominator for many firms with cybersecurity issues: the shortage of skilled and prepared talent. Arango referred to \",/*#__PURE__*/e(n,{href:\"https://cybersecurityventures.com/jobs/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Cybersecurity Ventures\"})}),\", estimating that more than \",/*#__PURE__*/e(\"strong\",{children:\"3 million\"}),\" cybersecurity jobs would be unfilled this year. An alarming number indeed! He commented that, at this time, in cybersecurity matters, some people believe that the academy is not qualified to keep up with the industry's pace. Some even consider that the automatic tools can do the operations usually destined to security professionals to counter this lack. Nevertheless, this can also represent a crisis.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Automation is not a substitute for IT professionals\"}),/*#__PURE__*/t(\"p\",{children:[\"Process automation is undoubtedly something that almost all humans benefit from in a variety of environments. In the field of information technology, the amounts of \",/*#__PURE__*/e(n,{href:\"https://cutt.ly/nmwzTer\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"data to be controlled are growing every day\"})}),\". Moreover, in different industries, fast and efficient solutions to an assortment of problems are often requested. It's in such cases that automation has taken some prominence. In cybersecurity, specifically, as \",/*#__PURE__*/e(n,{href:\"https://www.entrepreneur.com/article/358776\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Kaushik tells us\"})}),\", automation is useful for identifying, investigating, triaging, prioritizing and remediating vulnerabilities and threats.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Still, the trouble lies in assuming that machines' work, at least in these times, can replace all human activity in a field like this. On countless occasions, Fluid Attacks has informed about the high rates of false positives (lies) and false negatives (omissions) that can appear in cybersecurity assessments performed by automated tools. Apart from the fact that typically someone is needed to keep an eye on these tools' operations, their constant errors and limitations make complementary human work still required. Moreover, according to the results of these automatic processes — sometimes instruments identifying just \",/*#__PURE__*/e(\"strong\",{children:\"2.5\"}),\" of \",/*#__PURE__*/e(\"strong\",{children:\"10\"}),\" vulnerabilities present in a system — the tools should be seen only as a supplement to human exercise.\"]}),/*#__PURE__*/e(\"h2\",{children:\"ML and AI represent benefits\"}),/*#__PURE__*/t(\"p\",{children:[\"Cybercriminals have indeed taken advantage of advances in Machine Learning (ML) and Artificial Intelligence (AI), as we mentioned in \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/cybersecurity-2020-21-i/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"the first part\"})}),\". But it is also true that cybersecurity companies have leveraged these same advances and developed new strategies to respond to threats. This has represented a tendency in the last years. New tools have emerged within these technological approaches. We have experienced this at Fluid Attacks, e.g., with \",/*#__PURE__*/e(\"strong\",{children:\"Sorts\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Sorts\"}),\" is a recent command-line interface that we use for extracting metrics from the code repository. A previously trained neural network-based ML model is used to evaluate these metrics. Later, it returns the probabilities of finding vulnerabilities in specific files. As \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/security-trends/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Oscar Prado remarked one year ago\"})}),': tools like this \"can help our analysts to decide where to look first, what portions of code may have vulnerabilities and require further attention, or which inputs may not have been properly sanitized.\"']}),/*#__PURE__*/e(\"h2\",{children:\"The human-tool combination becomes ideal\"}),/*#__PURE__*/e(\"p\",{children:'Additionally, Oscar emphasized the point of view that we continue to hold: \"We see machine learning emerging technologies more as tools rather than the holy grail of cybersecurity that will replace human hackers.\" At Fluid Attacks, we preserve the idea of mixing humans and tools. The latter provide high-speed but low-accuracy reports. The former, in longer times but using their astuteness and creativity, are more accurate and access more profound and complex issues.'}),/*#__PURE__*/t(\"p\",{children:[\"The activity of our tools, searching for superficial vulnerabilities that are already known, facilitates and speeds up the work of our ethical hackers. A work that remains indispensable (using techniques such as \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/products/ptaas\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"pentesting\"})}),\") for comprehensive evaluations of our clients' IT systems. Organizations should no longer fall into the trap of relying only on these automated systems that generally check the perimeter of attack and deliver weak and limited reports.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Cybersecurity implemented from the beginning\"}),/*#__PURE__*/t(\"p\",{children:[\"It is ideal that today we include \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-devsecops/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"security in the DevOps\"})}),\" methodology. We should \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"do it from the beginning\"})}),\"! And, of course, always with the intention that all people involved in business projects understand it and apply it. Firms that build and manage software should indeed keep at least one \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/secdevops-security-champions/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"Security Champion\"})}),\" on their staff. From there, they could start training other potential talents to strengthen their means of prevention and defense (even if they are not the ones in charge of looking for vulnerabilities). Besides, many organizations should also start educating their other employees about behaviors that can pose cybersecurity risks. As we once said, it is imperative that everyone working for an organization be responsible for cybersecurity within this new culture of DevSecOps.\"]}),/*#__PURE__*/t(\"p\",{children:[\"See you in the \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/cybersecurity-2020-21-iii/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(a.a,{children:\"third part\"})}),\" of this series of posts!\"]})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText17\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText14\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText12\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText15\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText13\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText16\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],"mappings":"2dACa,AADb,GAAkD,IAA4D,IAAuC,IAAwB,IAA4G,CAAa,EAAsB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwD,EAAE,SAAS,CAAC,SAAS,0BAA2B,EAAC,CAAC,qEAAkF,EAAEA,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,geAA6e,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,gIAAiI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,qiBAAsiB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qMAAkN,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,2DAAwE,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,8TAA+T,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,qNAAsN,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,q1BAAs1B,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,ylBAA0lB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,mBAAoB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,k2BAAm2B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gUAA6U,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,gYAA6Y,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,6KAA8K,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qCAAsC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,owBAAqwB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qBAAsB,EAAC,CAAc,EAAE,aAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,qJAAkK,EAAE,SAAS,CAAC,SAAS,oBAAqB,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,6JAA0K,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8C,EAAED,EAAE,CAAC,KAAK,6HAA6H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,UAAuB,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,kBAA+B,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,qEAAkF,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,2BAA4B,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqD,EAAED,EAAE,CAAC,KAAK,6FAA6F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,6DAA8D,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wEAAqF,EAAED,EAAE,CAAC,KAAK,wBAAwB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,mCAAmC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,4GAA6G,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0C,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,gCAA6C,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,mGAAgH,EAAE,OAAO,CAAC,SAAS,eAAgB,EAAC,CAAC,4CAAyD,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,2BAA4B,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAEC,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;;qBAA0hB,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kCAAmC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;6EAAyV,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAgC,EAAEH,EAAE,CAAC,KAAK,oCAAoC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,oCAAiD,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,iBAA8B,EAAE,OAAO,CAAC,SAAS,SAAU,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAEC,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;6BAAoF,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wCAAyC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oCAAqC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,mGAAgH,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,mHAAoH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,YAAyB,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,6DAA0E,EAAEH,EAAE,CAAC,KAAK,yEAAyE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,8DAA2E,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,gBAA6B,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,qCAAkD,EAAE,OAAO,CAAC,SAAS,GAAI,EAAC,CAAC,qDAAkE,EAAE,OAAO,CAAC,SAAS,QAAS,EAAC,CAAC,cAAe,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8BAA+B,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAyB,EAAE,OAAO,CAAC,SAAS,gDAAiD,EAAC,CAAC,+BAA4C,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,cAA2B,EAAE,OAAO,CAAC,SAAS,QAAS,EAAC,CAAC,gBAA6B,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,gBAA6B,EAAE,OAAO,CAAC,SAAS,iBAAkB,EAAC,CAAC,SAAU,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAEC,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK,4EAA4E,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;;;;;;;;;;;4EAA6lB,SAAS,UAAW,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iDAA8D,EAAE,OAAO,CAAC,SAAS,QAAS,EAAC,CAAC,6DAA0E,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,0CAAuD,EAAE,OAAO,CAAC,SAAS,QAAS,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4C,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,qDAAsD,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;;;;;;;;gCAAoe,SAAS,UAAW,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8C,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,kCAA+C,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,qCAAkD,EAAE,OAAO,CAAC,SAAS,IAAK,EAAC,CAAC,oNAAqN,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;mBAAsG,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kCAA+C,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,OAAoB,EAAE,OAAO,CAAC,SAAS,YAAa,EAAC,CAAC,6EAA8E,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;wCAA2F,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+BAAgC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,cAAe,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,cAA2B,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,yIAAsJ,EAAE,OAAO,CAAC,SAAS,iBAAkB,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK,uCAAuC,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoB,EAAE,OAAO,CAAC,SAAS,QAAS,EAAC,CAAC,+BAA4C,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,8KAA2L,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,SAAU,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK,gDAAgD,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,UAAuB,EAAE,OAAO,CAAC,SAAS,OAAQ,EAAC,CAAC,mDAAgE,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;8DAAyH,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgF,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,wCAAqD,EAAE,OAAO,CAAC,SAAS,QAAS,EAAC,CAAC,IAAiB,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,YAAa,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK,2EAA2E,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kBAA+B,EAAE,OAAO,CAAC,SAAS,OAAQ,EAAC,CAAC,mCAAoC,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;;0EAAmX,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,sBAAuB,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,qBAAqB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,iWAAiW,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,MAAO,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8EAA+E,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,gBAAgB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,yDAA0D,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;;2FAAuT,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kFAA+F,EAAE,OAAO,CAAC,SAAS,UAAW,EAAC,CAAC,aAA0B,EAAE,OAAO,CAAC,SAAS,IAAK,EAAC,CAAC,QAAqB,EAAE,OAAO,CAAC,SAAS,IAAK,EAAC,CAAC,WAAwB,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,wFAAyF,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,gBAAgB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mFAAgG,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAO,EAAC,SAAsB,EAAED,EAAE,CAAC,oBAAoB,wEAAwE,SAAS,GAAgB,EAAEC,EAAE,CAAC,GAAG,EAAE,KAAK;;SAAsK,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mBAAgC,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,qCAAsC,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,wBAAwB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gDAA6D,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,kHAA+H,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,mjBAAojB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0C,EAAEH,EAAE,CAAC,KAAK,+GAA+G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,sLAAmM,EAAED,EAAE,CAAC,KAAK,4BAA4B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAA4B,EAAC,AAAC,EAAC,CAAC,UAAuB,EAAED,EAAE,CAAC,KAAK,8DAA8D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,eAA4B,EAAE,SAAS,CAAC,SAAS,YAAa,EAAC,CAAC,2WAA4W,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4FAAyG,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,qbAAsb,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mTAAgU,EAAE,KAAK,CAAC,SAAS,yBAA0B,EAAC,CAAC,iNAAkN,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0B,EAAE,SAAS,CAAC,SAAS,YAAa,EAAC,CAAC,0EAAuF,EAAED,EAAE,CAAC,KAAK,sGAAsG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,shBAAuhB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4NAAyO,EAAED,EAAE,CAAC,KAAK,2HAA2H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,meAAgf,EAAED,EAAE,CAAC,KAAK,iIAAiI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,2BAA4B,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,0BAA0B,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,cAA2B,EAAED,EAAE,CAAC,KAAK,2HAA2H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0JAAuK,EAAED,EAAE,CAAC,KAAK,2GAA2G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,6MAA8M,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAmB,EAAED,EAAE,CAAC,KAAK,sIAAsI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,koBAAmoB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sHAAmI,EAAED,EAAE,CAAC,KAAK,6BAA6B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,mGAAgH,EAAED,EAAE,CAAC,KAAK,8GAA8G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,2rBAA4rB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,eAA4B,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,+iBAA8jB,EAAE,KAAK,CAAC,SAAS,sKAAuK,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mWAAgX,EAAED,EAAE,CAAC,KAAK,oCAAoC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,+GAA4H,EAAED,EAAE,CAAC,KAAK,8GAA8G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,0JAA2J,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2HAAwI,EAAE,SAAS,CAAC,SAAS,KAAM,EAAC,CAAC,wDAAqE,EAAE,SAAS,CAAC,SAAS,KAAM,EAAC,CAAC,8DAA2E,EAAE,SAAS,CAAC,SAAS,KAAM,EAAC,CAAC,+CAA4D,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,8LAA+L,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,8CAA2D,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,kCAA+C,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAC,yUAA0U,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8NAA2O,EAAED,EAAE,CAAC,KAAK,kFAAkF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,OAAoB,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,CAAC,yMAAsN,EAAED,EAAE,CAAC,KAAK,2BAA2B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,oDAAqD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,4GAA4G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,mKAAgL,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,wJAAqK,EAAE,SAAS,CAAC,SAAS,OAAQ,EAAC,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,8HAA2I,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,kCAA+C,EAAED,EAAE,CAAC,KAAK,wBAAwB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,oHAAqH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2GAAwH,EAAED,EAAE,CAAC,KAAK,0FAA0F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0CAA2C,EAAC,AAAC,EAAC,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,4fAAygB,EAAED,EAAE,CAAC,KAAK,0FAA0F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,0BAAuC,EAAE,SAAS,CAAC,SAAS,QAAS,EAAC,CAAC,YAAyB,EAAE,SAAS,CAAC,SAAS,UAAW,EAAC,CAAC,6MAA0N,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,CAAC,mBAAgC,EAAE,SAAS,CAAC,SAAS,cAAe,EAAC,CAAC,+CAAgD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgD,EAAE,KAAK,CAAC,SAAS,yCAA0C,EAAC,CAAC,kFAA+F,EAAED,EAAE,CAAC,KAAK,8HAA8H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,2PAAwQ,EAAED,EAAE,CAAC,KAAK,8HAA8H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,8LAA+L,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0B,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,sGAAsG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,qCAAkD,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,sBAAmC,EAAE,SAAS,CAAC,SAAS,KAAM,EAAC,CAAC,uVAAoW,EAAED,EAAE,CAAC,KAAK,gGAAgG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,WAAwB,EAAED,EAAE,CAAC,KAAK,uBAAuB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,uBAAoC,EAAE,SAAS,CAAC,SAAS,QAAS,EAAC,CAAC,mGAAoG,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,wFAAwF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,sTAAmU,EAAED,EAAE,CAAC,KAAK,wFAAwF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,2VAAwW,EAAED,EAAE,CAAC,KAAK,iGAAiG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,kJAAmJ,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,uGAAuG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,+SAA4T,EAAED,EAAE,CAAC,KAAK,sGAAsG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,IAAiB,EAAE,SAAS,CAAC,SAAS,KAAM,EAAC,CAAC,gLAAiL,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,8WAAgX,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,0FAA0F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,WAAY,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,yHAAyH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,2JAAwK,EAAED,EAAE,CAAC,KAAK,8GAA8G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,gFAAgF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAC,gGAA6G,EAAED,EAAE,CAAC,KAAK,uGAAuG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,WAAY,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,gEAA6E,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,qGAAsG,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,mGAAmG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,wmBAAymB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0B,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,YAAa,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,iNAA8N,EAAED,EAAE,CAAC,KAAK,8HAA8H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,yLAA0L,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,uHAAuH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAC,uFAAoG,EAAED,EAAE,CAAC,KAAK,sHAAsH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,8WAA+W,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkC,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,oHAAiI,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,wEAAwE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,yCAAsD,EAAE,SAAS,CAAC,SAAS,MAAO,EAAC,CAAC,4BAAyC,EAAE,SAAS,CAAC,SAAS,cAAe,EAAC,CAAC,wJAAqK,EAAED,EAAE,CAAC,KAAK,yBAAyB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,0BAA0B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,iCAA8C,EAAED,EAAE,CAAC,KAAK,0EAA0E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,2DAAwE,EAAED,EAAE,CAAC,KAAK,mCAAmC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,+DAA4E,EAAED,EAAE,CAAC,KAAK,mEAAmE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,mCAAoC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4DAAyE,EAAED,EAAE,CAAC,KAAK,qEAAqE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,4bAA+b,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,kCAAmC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mMAAgN,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,kHAA+H,EAAE,KAAK,CAAC,SAAS,MAAO,EAAC,CAAC,UAAuB,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,uCAAoD,EAAED,EAAE,CAAC,KAAK,8CAA8C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,wCAAwC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,gDAA6D,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,8LAA2M,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,8UAAgV,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,wCAAyC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiD,EAAE,KAAK,CAAC,SAAS,MAAO,EAAC,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,mEAAmE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,8CAA2D,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,uKAAoL,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,uFAAqG,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,gBAA6B,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,oDAAqD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8NAA2O,EAAED,EAAE,CAAC,KAAK,8GAA8G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,yXAAsY,EAAED,EAAE,CAAC,KAAK,4CAA4C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,0FAA2F,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oLAAiM,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,iKAA8K,EAAE,KAAK,CAAC,SAAS,+BAAgC,EAAC,CAAC,iMAA8M,EAAED,EAAE,CAAC,KAAK,8BAA8B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,uBAAoC,EAAE,KAAK,CAAC,SAAS,QAAS,EAAC,CAAC,4BAAyC,EAAED,EAAE,CAAC,KAAK,0EAA0E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,6BAA8B,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,mBAAmB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0eAA2e,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gQAA6Q,EAAE,SAAS,CAAC,SAAS,MAAO,EAAC,CAAC,0DAAuE,EAAE,KAAK,CAAC,SAAS,gBAAiB,EAAC,CAAC,oOAAqO,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qCAAsC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yYAAsZ,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,QAAqB,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,+LAAgM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2gBAA0hB,EAAE,KAAK,CAAC,SAAS,MAAO,EAAC,CAAC,sGAAuG,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0HAAuI,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,qBAAkC,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,oCAAiD,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,gJAA6J,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,iFAA8F,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,qBAAsB,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gVAA6V,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,qHAAsH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iXAA+X,EAAED,EAAE,CAAC,KAAK,wCAAwC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4QAA6Q,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,mDAAoD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8fAA+f,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,ijBAAkjB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,yVAA0V,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,cAAc,UAAU,eAAe,OAAO,MAAM,IAAI,oEAAoE,OAAO,8PAA8P,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,4BAA6B,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+CAAgD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0TAAuU,EAAE,KAAK,CAAC,SAAS,mBAAoB,EAAC,CAAC,4EAA6E,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gbAAmb,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4qBAA6qB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qDAAsD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+CAA4D,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,8PAA4Q,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,kKAA+K,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,+DAA4E,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6IAA0J,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,8tBAA4uB,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0EAAuF,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,8FAA2G,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,uIAAoJ,EAAED,EAAE,CAAC,KAAK,oCAAoC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,gEAA6E,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiD,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,kJAA+J,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,aAA0B,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,yPAAsQ,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,0KAAuL,EAAED,EAAE,CAAC,KAAK,qCAAqC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,iIAA8I,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,mDAAoD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8CAA2D,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,sbAAwb,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4CAAyD,EAAED,EAAE,CAAC,KAAK,sFAAsF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yDAA0D,EAAC,AAAC,EAAC,CAAC,wOAAqP,EAAED,EAAE,CAAC,KAAK,4FAA4F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,mPAAoP,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2SAAwT,EAAE,SAAS,CAAC,SAAS,8FAA+F,EAAC,CAAC,0ZAA2Z,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+CAAgD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,ueAAof,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,gIAAiI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,odAAqd,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,weAAqf,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0jBAA4jB,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,gBAAgB,UAAU,eAAe,OAAO,MAAM,IAAI,oEAAoE,OAAO,8PAA8P,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,0CAAuD,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qDAAsD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2TAAwU,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAC,8ZAA+Z,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uNAAoO,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,aAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,2LAA4L,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8C,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,uCAAoD,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,0GAA2G,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAmC,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,sBAAmC,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,mKAAgL,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,sCAAmD,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,6WAA8W,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0C,EAAED,EAAE,CAAC,KAAK,4DAA4D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,8PAA2Q,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,sJAAsJ,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,aAAc,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2IAAwJ,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,6DAA0E,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,8EAA4F,EAAED,EAAE,CAAC,KAAK,8DAA8D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,iJAA8J,EAAED,EAAE,CAAC,KAAK,wBAAwB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,mGAAgH,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,uBAAwB,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,mDAAoD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wQAAyQ,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qdAAke,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,kQAA+Q,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,gBAAiB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6hBAA0iB,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,4OAA8O,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8hBAA+hB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+CAAgD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0kBAA2kB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sGAAmH,EAAED,EAAE,CAAC,KAAK,iDAAiD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,6VAA8V,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,0CAAuD,EAAED,EAAE,CAAC,KAAK,2HAA2H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wEAAqF,EAAE,KAAK,CAAC,SAAS,4BAA6B,EAAC,CAAC,0iBAA4iB,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qDAAsD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,2aAA8a,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0WAAuX,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,+YAA4Z,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,qBAAsB,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0GAAuH,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,CAAC,wHAAqI,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uEAAoF,EAAED,EAAE,CAAC,KAAK,gFAAgF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,iLAAkL,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uKAAoL,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,eAA4B,EAAED,EAAE,CAAC,KAAK,sFAAsF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,mRAAoR,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uCAAoD,EAAED,EAAE,CAAC,KAAK,gFAAgF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+CAA4D,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,6KAA8K,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gCAAiC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoC,EAAED,EAAE,CAAC,KAAK,mEAAmE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qCAAsC,EAAC,AAAC,EAAC,CAAC,4EAAyF,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,CAAC,iDAAkD,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,sEAAmF,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,6CAA0D,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,CAAC,2BAAwC,EAAE,SAAS,CAAC,SAAS,iBAAkB,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,6FAA0G,EAAE,SAAS,CAAC,SAAS,cAAe,EAAC,CAAC,8BAA2C,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,kEAA+E,EAAED,EAAE,CAAC,KAAK,mHAAmH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,cAA2B,EAAE,SAAS,CAAC,SAAS,aAAc,EAAC,CAAC,yBAA0B,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wBAAqC,EAAED,EAAE,CAAC,KAAK,0EAA0E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,2KAAwL,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,0RAA2R,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mKAAgL,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,gGAA6G,EAAED,EAAE,CAAC,KAAK,4DAA4D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,wQAAyQ,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qPAAkQ,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,qKAAsK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2JAAwK,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,iIAAkI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,gCAAiC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,mBAAoB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6VAA0W,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,8CAA2D,EAAED,EAAE,CAAC,KAAK,8CAA8C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,4fAA6f,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,6BAA8B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6IAA0J,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,iaAAka,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,gCAAiC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+D,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,uVAAwV,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,4CAA6C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4qBAA6qB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,0BAA2B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4PAAyQ,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,0BAAuC,EAAED,EAAE,CAAC,KAAK,qGAAqG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,8eAA2f,EAAED,EAAE,CAAC,KAAK,+FAA+F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wCAAyC,EAAC,AAAC,EAAC,CAAC,yFAA0F,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,wCAAyC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gJAA6J,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,+KAA4L,EAAE,KAAK,CAAC,SAAS,GAAI,EAAC,CAAC,OAAoB,EAAE,KAAK,CAAC,SAAS,GAAI,EAAC,CAAC,sXAAuX,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yEAAsF,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,sZAAuZ,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iDAA8D,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAmB,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,2cAA4c,CAAC,EAAC,AAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,iDAAkD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,qqBAAsqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uUAAoV,EAAED,EAAE,CAAC,KAAK,mEAAmE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,8LAA+L,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+CAAgD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gLAA6L,EAAED,EAAE,CAAC,KAAK,4FAA4F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,+NAA6O,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,ySAA0S,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAmC,EAAED,EAAE,CAAC,KAAK,4DAA4D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,oBAAiC,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,mWAAoW,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,0CAA2C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oDAAiE,EAAED,EAAE,CAAC,KAAK,gDAAgD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,8OAA2P,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,+BAA4C,EAAE,SAAS,CAAC,SAAS,WAAY,EAAC,CAAC,sZAAuZ,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qDAAsD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wKAAqL,EAAED,EAAE,CAAC,KAAK,0BAA0B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6CAA8C,EAAC,AAAC,EAAC,CAAC,wNAAqO,EAAED,EAAE,CAAC,KAAK,8CAA8C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,4HAA6H,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,onBAAioB,EAAE,SAAS,CAAC,SAAS,KAAM,EAAC,CAAC,OAAoB,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,yGAA0G,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8BAA+B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wIAAqJ,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,oTAAiU,EAAE,SAAS,CAAC,SAAS,OAAQ,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,OAAQ,EAAC,CAAC,+QAA4R,EAAED,EAAE,CAAC,KAAK,iDAAiD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mCAAoC,EAAC,AAAC,EAAC,CAAC,8MAA+M,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,0CAA2C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wdAAyd,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uNAAoO,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,6OAA8O,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8CAA+C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qCAAkD,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,2BAAwC,EAAED,EAAE,CAAC,KAAK,gFAAgF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,8LAA2M,EAAED,EAAE,CAAC,KAAK,8DAA8D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,keAAme,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kBAA+B,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,2BAA4B,CAAC,EAAC,AAAC,CAAC,EAAC,CACjswI,EAAqB,CAAC,QAAU,CAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,mBAAqB,CAAC,KAAO,UAAW,CAAC,CAAC"}