{"version":3,"file":"WJBZI1Ghk-96.C3Fgdwc3.mjs","names":["n","o"],"sources":["https:/framerusercontent.com/modules/xkgOTPH3D819XQA1Lv94/f7EzDt54JfBX9aTXubsh/WJBZI1Ghk-96.js"],"sourcesContent":["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{Link as n}from\"framer\";import{motion as o}from\"framer-motion\";import*as i from\"react\";export const richText=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"PEN-300\"}),/*#__PURE__*/t(\"p\",{children:[\"The official PEN-300 syllabus can be seen \",/*#__PURE__*/e(n,{href:\"https://www.offsec.com/courses/pen-300/download/syllabus\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"here\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"The first two chapters are informative. The first is an introduction to the course, materials and labs, and contains general information about the exam. The second describes basic Windows Operating System theory, including the Win32 API, \",/*#__PURE__*/e(\"em\",{children:\"WoW\"}),\" (Windows on Windows) and the Windows Registry.\"]}),/*#__PURE__*/e(\"p\",{children:\"The next two chapters are focused on client-side attacks. Starting with HTML smuggling and VBA basics, the third chapter rapidly escalates on difficulty with PowerShell download cradles, PowerShell .NET object calling and Reflection. The fourth chapter describes abuses of the Windows Script Host tool that can run arbitrary code on VBScript and JScript. As there's no known way to directly call Win32 APIs from JScript, the fourth chapter introduces tools like DotNetToJscript and SharpShooter that are used to accomplish this task via deserialization.\"}),/*#__PURE__*/e(\"p\",{children:\"The next chapter is about Process Injection, where different techniques are described to inject code into another process, including the use of Win32 APIs, DLL Injection, and Process Hollowing. Those techniques can be used together with the client-side attacks described in the previous chapters, and this is where the fun of PEN-300 starts.\"}),/*#__PURE__*/t(\"p\",{children:[\"Chapters five and six are related to Antivirus bypasses, with techniques like obfuscation, behavior bypass, sandbox detection and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/amsi-bypass-python/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"AMSI bypasses\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"The following chapter was my favorite, and it's related to AppLocker bypasses. Several techniques are described thoroughly, including the use of custom PowerShell runspaces and the use of client-side attacks for bypassing AppLocker rules.\"}),/*#__PURE__*/e(\"p\",{children:\"There are two no consecutive chapters (Bypassing Network Filters and Kiosk Breakups) which are highly theoretical and too specific. IMO, that kind of content is more relevant in a blog post than in a chapter of a certification book. If they were removed from the course materials, nothing relevant to OSEP would be lost.\"}),/*#__PURE__*/e(\"p\",{children:\"The chapter Linux Post Exploitation is somewhat weak too. A couple of abuses using VIM backdoors are described. The only fun part was the implementation of DLL Injection, but in the Linux realm, using shared libraries.\"}),/*#__PURE__*/t(\"p\",{children:[\"Then a chapter appears to restore the expected level of the course. Enter Windows Credentials. In this chapter, the most common ways of abusing Windows Credentials are mentioned, including \",/*#__PURE__*/e(\"em\",{children:\"SAM\"}),\" dumping, Security Tokens manipulation, and Kerberos. A custom \",/*#__PURE__*/e(\"code\",{children:\"MiniDumpWriteDump()\"}),\" implementation is created to dump the \",/*#__PURE__*/e(\"em\",{children:\"LSASS\"}),\" process memory to avoid AVs (if protections like \",/*#__PURE__*/e(\"em\",{children:\"PPL\"}),\" are not in place).\"]}),/*#__PURE__*/t(\"p\",{children:[\"The next chapter, Windows Lateral Movement, is also very interesting. Abuses of RDP are explained beyond the obvious use of the protocol for lateral movement. Also, a technique called \",/*#__PURE__*/e(\"em\",{children:\"Fileless Lateral Movement\"}),\" was quite fascinating and relevant to everyday Red Teaming engagements.\"]}),/*#__PURE__*/e(\"p\",{children:\"The chapter Linux Lateral Movement also describes abuses using the SSH protocol and tools that can be found in modern Linux servers that are part of an on-prem DevOps infrastructure, like Ansible and JFrog. Also, it mentions abuses on how Kerberos and things relevant to an Active Directory deployment are relevant on a Linux-joined machine.\"}),/*#__PURE__*/e(\"p\",{children:\"The next two chapters are the largest. Microsoft SQL Attacks and Active Directory Exploitation cover misconfigurations that can be leveraged to escalate privileges on an AD Domain. Although the longest, the depth of content is nothing like that of courses such as CRTP, CRTE, CRTO and eCPTX. If you are expecting to master AD attacks using only the PEN-300 content, you may be disappointed.\"}),/*#__PURE__*/e(\"p\",{children:\"Finally, the last chapter, Combining the Pieces, was my second favorite. It is a very helpful chapter describing a sample scenario where most of the techniques described throughout the course are employed, which gives a glimpse of what the challenges and exam would be like.\"}),/*#__PURE__*/e(\"h2\",{children:\"Lab\"}),/*#__PURE__*/e(\"p\",{children:\"Along the way of the course contents, there are labs on which you can practice everything that's presented. Each lab may contain one or more machines with different configurations and learning objectives. You will need to use an OpenVPN client to access the environment. On most of the course contents, there are exercises to practice in the lab. You may end up with several custom tools for specific attacks. I heavily recommend organizing it properly because many of those tools will be used during the challenges and even the exam with minimal changes. This is how I arranged the resulting artifacts during the course:\"}),/*#__PURE__*/e(\"img\",{alt:\"OSEP lab modules\",className:\"framer-image\",height:\"618\",src:\"https://framerusercontent.com/images/1HfnGtSj5zLpH86kP66XNSOIAt0.png\",srcSet:\"https://framerusercontent.com/images/1HfnGtSj5zLpH86kP66XNSOIAt0.png?scale-down-to=512 512w,https://framerusercontent.com/images/1HfnGtSj5zLpH86kP66XNSOIAt0.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/1HfnGtSj5zLpH86kP66XNSOIAt0.png 2048w\",style:{aspectRatio:\"2048 / 1236\"},width:\"1024\"}),/*#__PURE__*/e(\"h2\",{children:\"Challenges\"}),/*#__PURE__*/e(\"p\",{children:\"Aside from the labs, there are six challenges included in the PEN-300 course. Those challenges provide an environment where you must gather flags on different machines to complete them. The first four challenges are focused on specific topics of the course. The fifth and sixth are broader in scope and simulate very well what the exam environment would look like.\"}),/*#__PURE__*/t(\"p\",{children:[\"Take notes and save any tool you create or modify when solving the challenges. I created a \",/*#__PURE__*/e(\"code\",{children:\"notes.txt\"}),\" file on each stage of the challenges to use as a reference:\"]}),/*#__PURE__*/e(\"img\",{alt:\"OSEP challenges\",className:\"framer-image\",height:\"627\",src:\"https://framerusercontent.com/images/4vlglhlrHJfhJImu4uqlUXqFDLY.png\",srcSet:\"https://framerusercontent.com/images/4vlglhlrHJfhJImu4uqlUXqFDLY.png?scale-down-to=512 512w,https://framerusercontent.com/images/4vlglhlrHJfhJImu4uqlUXqFDLY.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/4vlglhlrHJfhJImu4uqlUXqFDLY.png 2048w\",style:{aspectRatio:\"2048 / 1255\"},width:\"1024\"}),/*#__PURE__*/e(\"p\",{children:\"Therefore, it is absolutely recommended to finish all the challenges before attempting to take the exam. You can thank me later.\"}),/*#__PURE__*/e(\"h2\",{children:\"Exam tips\"}),/*#__PURE__*/t(\"ul\",{style:{\"--framer-text-alignment\":\"start\",\"--framer-text-color\":\"rgb(0, 0, 0)\",\"--framer-text-stroke-width\":\"0px\",\"--framer-text-transform\":\"none\"},children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"Finish all the challenges before attempting the exam. That's it. Bye. Jokes aside, this is the most important tip of all. If you could even solve them twice…\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"I strongly recommend taking certifications like CRTP or CRTO before attempting OSEP. Life will be easier.\"})}),/*#__PURE__*/t(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:[/*#__PURE__*/e(\"p\",{children:\"Practice on HTB:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"Cybernetics (Prolab)\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"Offshore (Prolab)\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"Dante (Prolab)\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"Hades (Endgame)\"})})]})]}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[\"Join the \",/*#__PURE__*/e(n,{href:\"https://discord.gg/offsec\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"OffSec Discord server\"})}),\". The community is awesome, and OffSec support personnel can assist you with anything related to the course, labs, and challenges.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/e(\"p\",{children:\"There are different exam environments. If you fail your attempt, the next retake may not be in the same environment. Take that into account.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",style:{\"--framer-font-size\":\"16px\",\"--framer-text-color\":\"rgb(83, 83, 101)\"},children:/*#__PURE__*/t(\"p\",{children:[\"The VPN connection is not stable. As it's a UDP tunnel, there can be problems with the \",/*#__PURE__*/e(\"em\",{children:\"MTU\"}),\" size calculation (VPN MTU > Link MTU), which can lead to packet loss during heavy traffic, like downloading/uploading a file to the environment, performing port scanning, etc. Follow \",/*#__PURE__*/e(n,{href:\"https://www.thegeekpub.com/271035/openvpn-mtu-finding-the-correct-settings/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"this guide\"})}),\" to troubleshoot it. In the end, I had to add the \",/*#__PURE__*/e(\"code\",{children:\"mssfix 1387\"}),\" line to my OpenVPN connection file to fix those issues.\"]})})]}),/*#__PURE__*/e(\"img\",{alt:\"OSEP mssfix\",className:\"framer-image\",height:\"196\",src:\"https://framerusercontent.com/images/6mqngUitHUxCjhFJf93FVlb4s.webp\",srcSet:\"https://framerusercontent.com/images/6mqngUitHUxCjhFJf93FVlb4s.webp?scale-down-to=512 512w,https://framerusercontent.com/images/6mqngUitHUxCjhFJf93FVlb4s.webp?scale-down-to=1024 1024w,https://framerusercontent.com/images/6mqngUitHUxCjhFJf93FVlb4s.webp 1618w\",style:{aspectRatio:\"1618 / 392\"},width:\"809\"}),/*#__PURE__*/e(\"h2\",{children:\"The bad\"}),/*#__PURE__*/e(\"p\",{children:\"The course content is slightly out of date. The last update was in 2021, which is a very long time for the highly dynamic world of Active Directory attacks. Things that are not present include ADCS abuses, advanced coercing attacks (MS-RPRN, MS-FSRVP, MS-EFSR aka. PetitPotam, etc.), vulnerabilities like KrbRelayUp and ZeroLogon, modern technologies bypass (EDRs, ETW, ASR, WDAC, Kernel Callbacks), GPO abuses (!), WMI/COM, persistence mechanisms.\"}),/*#__PURE__*/e(\"p\",{children:\"Also, the exam is proctored. The proctoring plugin makes the computer really slow. I used a 4k screen that made my laptop run very hot. I had to change the resolution to 2k to mitigate the resource consumption.\"}),/*#__PURE__*/e(\"h2\",{children:\"Comparison\"}),/*#__PURE__*/e(\"p\",{children:\"PEN-300/OSEP covers several things, from evasion to Linux and Windows advanced attacks. If you want to get comfortable with Active Directory attacks, doing CRTP or CRTO first will give you a confidence boost.\"}),/*#__PURE__*/e(\"p\",{children:\"CCRTA can give you experience attacking Linux machines that belong to an Active Directory.\"}),/*#__PURE__*/e(\"p\",{children:\"CRTL is currently more up-to-date than OSEP in terms of bypassing techniques. Doing it will also help you with OSEP.\"}),/*#__PURE__*/e(\"p\",{children:\"Finally, the closest certification to OSEP would be eCPTXv2. The main difference is that OSEP includes Linux attacks, and eCPTXv2 goes very deep on Active Directory abuses.\"}),/*#__PURE__*/e(\"h2\",{children:\"Conclusions\"}),/*#__PURE__*/e(\"p\",{children:\"PEN-300 is a high-quality course. Aside from a couple of chapters, every module had very rich, relevant and deep technical information. The course needs an update. Major abuses and attacks have been discovered since the last update, and many others presented on the course are no longer working with today's default defenses. In the end, the OSEP certification will boost your Pentesting skills to a whole new level.\"})]});export const richText1=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"In his introduction for the book \",/*#__PURE__*/e(n,{href:\"https://archive.org/details/Secrets_of_a_Super_Hacker\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:/*#__PURE__*/e(\"em\",{children:\"Secrets of a super hacker\"})})}),', Writer Gareth Branwyn talks of the different images that hackers have had throughout thirty-so years prior to the book\\'s publication. He mentions how in the 60s and 70s hackers had the profile of \"independent scientists.\" Their ethics centered around the belief that every hacker should have access to the information and tools that would help them improve society. This benevolent goal is reflected in the first meaning of ',/*#__PURE__*/e(\"em\",{children:\"hacking\"}),\", used by engineering students, which was \",/*#__PURE__*/e(n,{href:\"https://staysafeonline.org/cybersecurity-for-business/history-ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"to find out\"})}),\" the way to optimize the technology under study.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Well-intentioned hackers not only worked with their entitlement to information in mind but also with mankind's. In the book, authored by the hacker known as The Knightmare, ideals of human rights regarding the free flow of information are mentioned. These include that everyone be made aware of the information that exists, be given free access to it and have their ideas and questions heard. And each individual should be able to control how their own personal information is used. The author then provides a definition of hacking as the pursuit of these and related ideals by using computers. It's easy for us now to see the attitude of early hackers present in the \",/*#__PURE__*/e(n,{href:\"http://www.ecn.org/settorecyb/txt/cybermanifest.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Cyberpunk\"})}),\" and the \",/*#__PURE__*/e(n,{href:\"https://www.dazeddigital.com/artsandculture/article/16308/1/we-are-anonymous-we-do-not-forgive-we-do-not-forget\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Anonymous\"})}),\" manifestos.\"]}),/*#__PURE__*/e(\"p\",{children:'Branwyn explores the different myths that have fueled hacker fantasies of being tech-enabled nomads in an unforgiving world, such as the hacker as a cowboy, pirate or cyborg. I would expect you also find the image of the hacker hero as most compelling. In a society where those having the brains are mocked and hurt by those having the brawn, the computer \"nerd\" finds in cyberspace a place where they are allowed to be the badass that defeats the latter to help people regain their freedom.'}),/*#__PURE__*/e(\"p\",{children:\"Still, the actions of hacktivists and the like spark mixed feelings in people. Feelings kindled by the media and perhaps matching people's own political inclinations. But what may cause less divisive opinions are the crimes committed by malicious hackers. It's in the 80s and 90s that the prosecution and waves of arrests of computer-savvy individuals with less-than-honorable intentions started in earnest.\"}),/*#__PURE__*/e(\"p\",{children:\"In the book, it was previsioned that in the future computer terrorism would present itself in a significant way. It has, alright. Today we've already heard many different names of ransomware gangs and know that cyberattacks of many kinds are happening worldwide at this very moment, representing a considerable cost to victims. Meanwhile, cybersecurity is ever trying to counteract the force of cybercrime.\"}),/*#__PURE__*/t(\"p\",{children:['To fight against malicious threat actors, the best bet has been to test system security preventively through the eyes of the attacker. Luckily for cyber security, hacking can be done legally today. Regular readers of this blog may remember our post \"',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/thinking-like-hacker/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Think like a hacker!\"})}),'\" There, we urge organizations to understand how malicious hackers work, as well as hire professionals to try and penetrate the organizations\\' defenses and inform of the detected weaknesses. The strategy of hiring well-meaning hackers to do good is far from new. And it was striking to me, as it might be to you too, learning that in the beginning these hackers were often cybercriminals who had cleaned up their act. The hired hackers formed \"tiger teams\" and helped governments and agencies improve their cybersecurity. Also from the beginning, there have been hackers who work as self-appointed security checkers and tip off firms about security problems in their systems.']}),/*#__PURE__*/t(\"p\",{children:['With so much information and gratification to be gained from hacking into systems, it is a great feat of white hat hackers that they do not let curiosity get the better of them and instead abide by some code of ethics. Yet we could wonder whether such a code is one that needs to be expressively spelled out in, say, official documents. Actually, as Journalist Stephen Levy wrote in a book chapter titled \"The hacker ethic,\" no manifestos nor missionaries had to drill principles into the early hacker community but rather \"[t]he computer did the converting.\" It\\'s possible to relate this to what some authors argue, namely, that ',/*#__PURE__*/e(n,{href:\"https://journal.acs.org.au/index.php/ajis/article/view/204/178\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"as computing expertise develops\"})}),\" so grows the respect for computers and information, and that \",/*#__PURE__*/e(n,{href:\"https://dx.doi.org/10.2139/ssrn.1286030\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"lacking ability and respect\"})}),\" toward the integrity of systems is looked down upon by white hat hackers.\"]}),/*#__PURE__*/t(\"p\",{children:[\"But a problem which may justify formulating ethics of hacking is that the work of malicious hackers and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"ethical hackers\"})}),\" each demands the same aptitudes. \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/thinking-like-hacker/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"We have sketched elsewhere\"})}),\" the behavior that both groups demonstrate: patience, determination, cleverness and curiosity during exploration and exploitation processes. A reinforcer of these behaviors may be the pleasure present in complex feelings of pride in oneself and recognition (both apparent in the narrations of The Knightmare). Where do we draw the line? Well, one commonly referenced trigger of computer criminal behavior appears to be \",/*#__PURE__*/e(n,{href:\"https://cs.slu.edu/~chambers/spring13/443/assignments/Ethics-distributed.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"greed\"})}),\". And this aligns with the primary motivation of cyberattacks, which is most often monetary gain. Other than that, considering motivations like political dissatisfaction, risk-taking, building a reputation, war, seem to take us back to square one. The stark difference may be found instead in the effects of each group's practices. Ethics enters the stage then to regulate hackers in this regard.\"]}),/*#__PURE__*/e(\"p\",{children:\"Fortunately, we're not short of codes of ethics to choose from. Most conveniently, The Knightmare's is appropriate here, as it considers the effects of hacker practice. It states the principles that I put here just paraphrasing the author:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"A hacker should never willfully harm, alter or damage any technology or person.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"In case that damage has been done, the hacker should correct it and then avoid doing the same damage again.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"A hacker should not profit unfairly from a hack and should not let others do so.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"A hacker should inform system owners of the security vulnerabilities and weaknesses found.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:'A hacker should teach when asked to teach, and share when they have knowledge to spread. (The author adds: \"This isn\\'t necessary, it is politeness.\")'})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:'A hacker should be aware of their potential vulnerability in all computing environments, even in the role of hacker. \"Act discreetly,\" the author says.'})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"A hacker should persevere but not be stupid nor take greedy risks.\"})})]}),/*#__PURE__*/e(\"p\",{children:\"Also, The Knightmare offers a couple of tips. One is to surround oneself with people who follow the same code or a similar one. Another is to show honesty and compassion in one's actions, which will lead to others acting in the same way and save the hacker troubles that may arise due to unkindliness.\"}),/*#__PURE__*/t(\"p\",{children:[\"Some time has passed since \",/*#__PURE__*/e(n,{href:\"https://archive.org/details/Secrets_of_a_Super_Hacker\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:/*#__PURE__*/e(\"em\",{children:\"Secrets of a super hacker\"})})}),\" came out. The context has evolved and among the changes is the affiliation (and certification) of ethical hackers. Like I said, there are plenty more codes of ethics, and they may offer some items that could be added to the list above. For example, the Electronic Commerce Council (EC-Council), which issues the Certified Ethical Hacker (CEH) certifications, offers \",/*#__PURE__*/e(n,{href:\"https://www.eccouncil.org/code-of-ethics/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"its own code of ethics\"})}),\". Among its code's 18 items, this institution asks hackers to respect intellectual property, avoid using illegal software or processes, gain prior consent from clients to collect and handle information during hacking, check that their (the hacker's) abilities are up to the tasks, lead a good project management, not associate with black hat hackers, and not be convicted for any felony or violating the law of the land. Moreover, some institutions, like \",/*#__PURE__*/e(n,{href:\"https://www.giac.org/policies/ethics/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"GIAC\"})}),\", which issues several information security certifications, officially state that they will investigate the violation of their code of ethics and subject the transgressor to a course of discipline.\"]}),/*#__PURE__*/e(\"p\",{children:\"To conclude, even though hacking was born a benevolent undertaking—and though it may seem like the codes of ethics just underscore being a decent person—it is now part of a legitimate professional path and, as with the activities of any other profession—which may also cross the line into corruption—, it helps the hackers' and their clients' interest quite a lot to try to guarantee that it is done with the good of the systems, their users and their owners in mind.\"}),/*#__PURE__*/t(\"p\",{children:[\"Fluid Attacks' \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/certifications/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"certified\"})}),\" ethical hackers and vulnerability scanners look for vulnerabilities in your system continuously and during your software development lifecycle (SDLC). \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Contact us\"})}),\" to ask us about our service.\"]})]});export const richText2=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"Are you reluctant to apply red teaming? Don't you know what it is and what its value is for the cybersecurity of your organization?\"}),/*#__PURE__*/t(\"p\",{children:[\"We built this blog post from the book \",/*#__PURE__*/e(n,{href:\"https://www.amazon.com/gp/product/B07VWHCQMR/ref=dbs_a_def_rwt_bibl_vppi_i2\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:/*#__PURE__*/e(\"em\",{children:\"Tribe of Hackers Red Team\"})})}),' by Carey and Jin (2019). We wanted to take as a fundamental pillar just one of the many questions asked there to several red teaming experts: \"',/*#__PURE__*/e(\"strong\",{children:\"How do you explain the value of red teaming to a reluctant or nontechnical client or organization?\"}),'\" Having already written blog posts on the opinions of five professionals appearing in that book (i.e., ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-1/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Carey\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-2/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Donnelly\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-3/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Weidman\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-4/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Secor\"})}),\", and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/tribe-of-hackers-5/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Perez\"})}),\"), we discarded their answers to that question here. And we did the same with others that we didn't find sufficiently meaty or relevant. Ultimately, we used the responses of 33 experts. We hope that what we have put together here will help you change your mind or broaden your horizons on red teaming, especially if your answers to the questions we posed at the beginning were affirmative.\"]})]});export const richText3=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Is your organization ready?\"}),/*#__PURE__*/e(\"p\",{children:\"Convincing an organization of the value of red teaming and persuading it to implement it in its cybersecurity programs can be a burdensome challenge for a service provider. It may be best not to try to achieve this, at least not directly. Ideally, organizations should look for and turn to the red teams. But if there is still reluctance or negligence with basic prevention measures, what could we expect in relation to a more advanced strategy like this? A security-conscious organization would become informed about it, mainly while it is in a deliberate process of maturing. Being mature in security, it would call upon a red team and its services without ado. However, one of the common setbacks is stagnation.\"}),/*#__PURE__*/t(\"p\",{children:[\"An organization may be unready and therefore unwilling for red teaming when the peak of its maturity has so far been \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/vulnerability-assessment/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"vulnerability assessment\"})}),\" or \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"vulnerability management\"})}),\". Some even reach that point by relying exclusively on automated tools. Haven't they considered approaches like \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/cvssf-risk-exposure-metric/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"risk management\"})}),\" and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/from-asm-to-arm/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"attack resistance management\"})}),\" yet? Perhaps what the expert Chris Gates says is true: \\\"It's most effective to not waste your time. In all honesty, if you have to really push [...] and convince, then the organization isn't going to be in the right [mindset] to receive or implement [a red team].\\\"\"]}),/*#__PURE__*/t(\"p\",{children:[\"However, it is indeed possible to contribute to the cybersecurity education of organizations. And this should not be seen as a waste of time. In fact, it is something that, for instance, we at Fluid Attacks like to do through this and other media. As the acquisition of red teaming ends up being a business decision, it is primarily the leaders or directors of organizations who need to be reached with messages that are clear enough to them about the importance of this solution. Even more so when there are no cybersecurity experts among them (something that should change; \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/sec-new-regulations/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"the SEC has already suggested it\"})}),\").\"]}),/*#__PURE__*/t(\"p\",{children:['As Christopher Campbell puts it, \"The problem is that most people don\\'t understand what the core mission of a red team is and instead compare it to other types of testing and assessment.\" (If you are among those who are just starting to learn about the subject, we invite you to read our post \"',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/red-team-exercise/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Red Teaming\"})}),'.\") This method is not meant to replace ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/vulnerability-scan/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"vulnerability scanning\"})}),\" or \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-manual-penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"penetration testing\"})}),\" but to \",/*#__PURE__*/e(\"em\",{children:\"complement\"}),\" them at an advanced stage of an organization's security maturity process. The executives of an organization can be apprised of the different features and benefits of each of these solutions (see, for example, \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/bas-vs-pentesting-vs-red-teaming/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"this post\"})}),'). We can contribute to modifying that vision that, as Jake Williams comments, is often present in some potential but reluctant customers: \"The red team is seen as an overpriced vulnerability scan or penetration test.\"']}),/*#__PURE__*/e(\"h2\",{children:\"Trying to figure out the differences?\"}),/*#__PURE__*/e(\"p\",{children:\"From the early stages of an organization's software development lifecycle (SDLC), development teams can significantly benefit from scanning and pentesting. With different techniques, these methods target diverse objectives. Well-known and zero-day vulnerabilities are identified in the software's source code and operations, especially in pre-production. Red teaming, on the other hand, is aimed more at a technology that is, arguably, ready for its end users and even at a set of systems or a network in which humans are involved. However, it is true that red teaming focuses more on goals to be achieved than on specific scopes. Those who benefit here are all security-related teams, such as prevention, defense and response teams.\"}),/*#__PURE__*/e(\"p\",{children:'In keeping with the above, as Brandon McCrillis says, \"Red teaming requires the ability to combine many aspects of traditional security audits into an engagement that crosses the bounds of simply \\'checking the compliance box.\\'\" And as Campbell rightly points out, \"Red teams test how all of your policies and procedures work together in the actual production environment, where there are real people.\"'}),/*#__PURE__*/t(\"p\",{children:[\"In that quote above, there is a key element of the value of red teaming: the approach to \",/*#__PURE__*/e(\"em\",{children:\"reality\"}),'. Which reality? The one relative to cyber threats and bad actors. A red team is tasked with emulating cybercriminals, using their resources, techniques, tactics and procedures, which could do harm to an organization. As Paul Brager specifies, \"Red teaming allows for an organization to find potentially damaging or risky holes in their security posture before bad actors exploit them, minimizing the potential impact to company reputation, customers, and shareholders.\" This is part of the much-touted-by-us preventive posture. In the words of Tim MalcomVetter, the job of a red team \"is to prepare the business for the reality that an attacker may play unfairly without their knowledge or consent.\"']}),/*#__PURE__*/e(\"p\",{children:'With this methodology, through a trained and supervised team and with prior approval from the target organization\\'s leadership, the aim is to evaluate the effectiveness of the organization\\'s entire security program (prevention, detection, defense and response) against attacks as close to reality as possible. As David Kennedy expresses, \"This is about as real as it gets without having an actual adversary compromise you.\" Ideally, it is about experiencing one or more hits but not waiting for them to occur from those \"actual adversaries.\" Drawing on the sparring analogy used by Chris Nickerson, with red teaming, an organization joins a \"fight club to see what it really feels like to be in a fight [...]. The entire sentiment of red teaming is to challenge the status quo —not through some type of theoretical or mathematical model but to learn and evolve through experience.\"'}),/*#__PURE__*/e(\"img\",{alt:\"Fight club\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/1p888MaEkxyg3TX1N1fzpdj4.png\",srcSet:\"https://framerusercontent.com/images/1p888MaEkxyg3TX1N1fzpdj4.png?scale-down-to=512 512w,https://framerusercontent.com/images/1p888MaEkxyg3TX1N1fzpdj4.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/1p888MaEkxyg3TX1N1fzpdj4.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Welcome to the fight club. (Source: \",/*#__PURE__*/e(n,{href:\"https://img.memegenerator.net/instances/71384244.jpg\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"memegenerator.com\"})}),\".)\"]}),/*#__PURE__*/e(\"p\",{children:'In a controlled manner, without putting the target organization at risk, it can be confronted with simulated adversaries who act as its real opponents (no hypothetical attackers). The organization\\'s teams can then learn from them and, with that experience, be more prepared for genuine threats and blows. Going back to Nickerson: \"It will prepare you for the inevitable fight ahead and give you trust in your skills. It will also point out opportunities in your game plan that may have never been tested.\" Also familiar with the sparring analogy, Robin Wood tops it off with the following: \"A boxer who spends many hours in the ring trading punches with a willing sparring partner will be far better prepared for a fight than one who has only ever hit a punch bag.\"'}),/*#__PURE__*/e(\"h2\",{children:\"Does it fit your organization's needs?\"}),/*#__PURE__*/e(\"p\",{children:\"So, the red team's purpose is to assess the true reactions of an organization's technological and human systems to attacks that border on reality. Thus, in order to be realistic, the red team must know and understand the types of threats that the industry to which the target organization belongs typically faces. It must also get a grasp on what previous attacks and incidents have been or could ever be experienced by that organization. Since prioritization is a vital issue in cybersecurity, the red team can find out what the organization's leaders are most concerned about and what assets they deem most important. As McCrillis says, \\\"The value in red teaming is understanding and exploiting the business's worst fears.\\\" Already in its offensive exercise, the red team may even compromise things that were initially wrongly undervalued by the organization.\"}),/*#__PURE__*/e(\"p\",{children:'The red team focuses on adapting to the context of the target organization and on identifying those multiple security issues that, if exploited by criminals, would have significant and compromising impacts on the organization. Therefore, the red team must show flexibility. As Stephanie Carruthers shares, \"Typically, companies get penetration tests conducted by a single consultant who usually has a general skill set. A red team brings a group of individuals whose specific skill sets are aligned with the company\\'s infrastructure.\" The background of each member of the red team should determine their involvement or at least the degree of participation (for they can also learn) in a specific project with an organization. A well-rounded group of experts with different knowledge and experience can help to discover even new threats and suggest which and how various systems and strategies of the organization could be improved.'}),/*#__PURE__*/e(\"h2\",{children:\"You're worried about money, huh?\"}),/*#__PURE__*/e(\"p\",{children:'Quite understandably so. Many organizations may be disinclined to try red teaming purely because of the cost issue. They may have already invested in good development practices, security tools and testing, and vulnerability management programs. But, we could ask them a couple of questions: Have your investments been sufficient? Are your prevention, detection, defense and response capabilities of enough quality? Bradley Schaufenbuel suggests that red teaming can be viewed as \"a relatively inexpensive way of determining whether your past investments in people, process, and technology are providing the results you expected and what areas of future investment will provide the organization with the biggest bang for its buck.\"'}),/*#__PURE__*/t(\"p\",{children:[\"On this money issue, successful red team exercises can help the organization realize what the costs would be in the event of specific incidents. (Note that good \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/red-team-exercise/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"red teaming\"})}),' that is not \"successful\" at achieving precise goals also counts as a benefit, revealing that the target organization\\'s security controls and processes are of high quality). Large amounts of money can be at stake. As Kevin Figueroa says, \"showing the cost if the organization is compromised versus the cost of conducting a red team engagement may change how they approach security in their organization.\" Don\\'t wait until you experience money loss to come to your senses. Keep in mind what Robert Willis shares: \"Organizations need to be able to justify the spending that goes into anything cybersecurity related, which is why many organizations have a horrible security posture.\"']}),/*#__PURE__*/e(\"h2\",{children:\"We're here to help you!\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, where apart from red teaming, we offer \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"other cybersecurity solutions\"})}),\", we take it as our responsibility to contribute to eliminating the misconception that a red team is there to break infrastructures, blame people for security issues, provide lengthy reports and get the hell out of there. A trustworthy, certified red team is not only there to compromise systems and expose holes and flaws. Its work should also include feedback and assistance to the different sections of the target organization to help them enhance their security programs.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Don't let your organization get bogged down in cybersecurity maturation. Don't join those people who, as Mary Sawyer refers to, \\\"are only ever going to be concerned about security when they face the consequences of doing something insecurely.\\\" It's better that your organization, with the help of a red team, such as Fluid Attacks', air out the dirty laundry as soon as possible. Follow Oddvar Moe's advice: \\\"It would not be a lot of fun to find out that an attacker can easily hack into our environment undetected and isn't stopped just because we did not test the security of our organization properly.\\\" \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Contact us\"})}),\" and start mitigating your organization's risk exposure right now.\"]}),/*#__PURE__*/t(\"p\",{children:[\"_____\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"⚠️ \",/*#__PURE__*/e(\"strong\",{children:\" \"}),/*#__PURE__*/t(\"em\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Caution: \"}),\"Don't forget that you can access the full interviews with each of the 47 red teaming experts in \"]}),/*#__PURE__*/e(n,{href:\"https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:/*#__PURE__*/e(\"em\",{children:\"Carey and Jin's book\"})})}),/*#__PURE__*/t(\"em\",{children:[\".\",/*#__PURE__*/t(\"strong\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{})]})]}),\"_____\"]})]});export const richText4=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"The Cybersecurity and Infrastructure Security Agency (CISA) made an \",/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/resources-tools/resources/secure-by-design-and-default\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"important publication on April 13\"})}),'. Together with the National Security Agency (NSA), Federal Bureau of Investigation (FBI) and the cybersecurity authorities of New Zealand, Netherlands, Germany, United Kingdom, Canada and Australia, it created and released the guide \"',/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/sites/default/files/2023-04/principles_approaches_for_security-by-design-default_508_0.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Shifting the Balance of Cybersecurity Risk\"})}),': Principles and Approaches for Security-by-Design and -Default,\" aimed especially at IT manufacturers. This guide includes technical recommendations and core principles to orient organizations toward incorporating security from the early stages of the software development lifecycle (SDLC) in order to build and deliver more secure products to customers.']}),/*#__PURE__*/e(\"p\",{children:\"If the governments of developed countries submit proposals such as this one, encouraging or urging manufacturers to secure their products, it's because they see their intervention as necessary. What is happening is that a good many technology providers are still lagging behind in securing the products they develop and market. They deliver their products to their customers, who are usually in charge of monitoring their security and reducing and responding to cyber risks. As time goes by, more and more vulnerabilities appear in the technology provided to customers, who must keep an eye on patch updates and their installation. Unfortunately, multiple vendors still have security below functionality and time-to-market in priority levels. This is what government agencies and companies like ours intend to help transform.\"}),/*#__PURE__*/t(\"p\",{children:['In short, within the proposal referenced here, \"the authoring agencies urge manufacturers to revamp their design and development programs to permit only Secure-by-Design and -Default products to be shipped to customers.\" These products would have the security of customers as a fundamental objective and, at the time of use, would not require configuration changes or additional payments for features in favor of security. More of the burden or commitment to security in preventing misconfigurations and weaknesses should fall on the manufacturers than on the customers. Today, ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/code-quality-and-security/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"security should be seen by everyone as a quality requirement\"})}),\". A company will not stand out just by how appealing its products are in terms of functionality but also of security.\"]})]});export const richText5=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Secure-by-Design\"}),/*#__PURE__*/e(\"p\",{children:'The authoring agencies encourage manufacturers to recognize the cyber threats facing their products and implement good development practices and defenses against them. This requires making security a business priority and investing resources in core features and mechanisms that put customer protection first. While this certainly increases costs in the initial phases of the SDLC for manufacturers, long-term maintenance costs are reduced. Although vulnerabilities may inevitably continue to emerge in their products, ideally, lots of security issues, many of which are \"due to a relatively small subset of root causes,\" could be prevented.'}),/*#__PURE__*/t(\"p\",{children:['For the Secure-by-Design objective, the authoring agencies promote using NIST Special Publication 800-218, \"',/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-compliance-nistssdf/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Secure Software Development Framework\"})}),'\" (SSDF). Applying this set of best practices for secure software development enables companies to identify, remove and prevent security vulnerabilities and mitigate the risks they pose. Based primarily on the SSDF, the agencies suggest, for example:']}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Employ \",/*#__PURE__*/e(n,{href:\"https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"memory-safe programming languages\"})}),\" (e.g., C#, Java, Ruby), which automatically manage memory and don't require the developer to add code for memory protection.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Use new architectural features, such as those of the \",/*#__PURE__*/e(n,{href:\"https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"CHERI research project\"})}),', which allow \"fine-grained memory protection and highly scalable software compartmentalization\" to limit the impact of vulnerability exploitation.']})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Design infrastructure that allows the whole system to be unaffected when a security control is compromised.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Acquire and maintain secure third-party software components (commercial or open-source).\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Generate a Software Bill of Materials (\",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/sca-scans/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"SBOM\"})}),\") or detailed inventory of components or resources used in the software and their dependencies.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Require peer review of the code by other developers.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Apply static and dynamic application security testing (\",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/differences-between-sast-sca-dast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"SAST and DAST\"})}),\") to assess source code and software behavior, respectively, and detect misconfigurations and vulnerabilities to be remediated.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Establish vulnerability disclosure programs oriented to researchers that can identify security issues and ensure that published CVEs contain the root cause or common weakness enumeration (CWE).\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Comply with basic cybersecurity practices such as those outlined in \",/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/cross-sector-cybersecurity-performance-goals\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"CISA's Cybersecurity Performance Goals\"})}),\".\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"Practices such as these, especially for companies just getting started with cybersecurity, can be implemented gradually, first addressing, for instance, critical infrastructure and products and new software.\"}),/*#__PURE__*/e(\"h2\",{children:\"Secure-by-Default\"}),/*#__PURE__*/e(\"p\",{children:'The authoring agencies urge manufacturers to deliver products that the end users do not have to struggle to protect against known and prevalent risks. These products, by default, should come with sufficiently secure configurations. Responsibility for security should fall first and foremost on the product deliverer\\'s shoulders, and security controls should not represent an additional cost to customers. As the agencies say, manufacturers should incorporate such controls \"in the base product like seatbelts are included in all new cars. Security is not a luxury option but is closer to the standard every customer should expect without negotiating or paying more.\"'}),/*#__PURE__*/e(\"p\",{children:\"In addition to Secure-by-Design practices, the authoring agencies suggest manufacturers prioritize Secure-by-Default configurations for their software and provide them recommendations such as the following:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Offer products that require establishing solid passwords during installation and configuration, as well as multi-factor authentication (MFA) for privileged users.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Implement single sign-on (SSO) technology so that users can enter their login credentials only once to gain access to all the services they are allowed to use.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Provide high-quality audit logging. (In this process, activities or incidents within the software are documented with details such as time of occurrence, responsible parties and impacts).\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Deliver recommendations on role-based access controls or authorizations, as well as warnings in cases of non-compliance.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Do not include backward-compatible legacy features in the products.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:'Significantly reduce the size of the \"hardening guides\" (expectations of secure configuration and handling of the product to be achieved by customers) by integrating many of their components into the product\\'s default configuration.'})})]}),/*#__PURE__*/e(\"p\",{children:\"Some of these latter practices require customers' input, so it is also suggested to manage with them significant incentives (e.g., listing potential risks) in favor of adopting improved security standards.\"}),/*#__PURE__*/e(\"h2\",{children:\"Final recommendations\"}),/*#__PURE__*/e(\"p\",{children:'The document referenced here concludes with recommendations for software manufacturers\\' customers. Perhaps the most relevant advice is encapsulated in the following sentence: \"[The] authoring agencies recommend that organizational executives prioritize the importance of purchasing Secure-by-Design and Secure-by-Default products.\"'}),/*#__PURE__*/t(\"p\",{children:[\"A growing number of organizations will tie up their success with the security of their products and systems. If your company, whether a software developer and/or supplier, is considering committing to Secure-by-Design and -Default practices, Fluid Attacks offers you a comprehensive \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/security-testing-fundamentals/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"security testing\"})}),\" service: \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/plans/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Continuous Hacking\"})}),\". Using manual and automated techniques such as SAST, DAST, SCA and CSPM, we contribute to making your products free of vulnerabilities from the earliest stages of the SDLC.\"]}),/*#__PURE__*/t(\"p\",{children:[\"If you want more details on the proposal from CISA and the other agencies, check out their \",/*#__PURE__*/e(n,{href:\"https://www.cisa.gov/sites/default/files/2023-04/principles_approaches_for_security-by-design-default_508_0.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"full PDF here\"})}),\". To read about issues related to the \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"security of your code\"})}),\", visit our series of posts on \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"secure code review\"})}),\".\"]})]});export const richText6=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Certainly, you are witnessing that technological environments are booming. On top of this, more and more malicious hackers are on the prowl, waiting to find holes in companies' or organizations' systems to generate damage and get benefits. For this reason, holes, flaws or vulnerabilities in your company should be detected and fixed as soon as possible. A \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/vulnerability-assessment/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"vulnerability assessment\"})}),\" solution can help you detect such security issues. But it is when a vulnerability assessment process is part of a broader program or solution called \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"vulnerability management\"})}),\" that the purpose of fixing them can be fulfilled.\"]}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, where we offer you our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/risk-based-vulnerability-management\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"risk-based vulnerability management solution\"})}),\", within our comprehensive \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Continuous Hacking\"})}),\", we believe that every organization faithfully committed to its cybersecurity, its reputation and the welfare of its customers should implement a solution like this to root out its vulnerabilities or security issues. In this post, we give you some tips that you can take into account when choosing a vulnerability management solution since there are already plenty of them available in the market:\"]})]});export const richText7=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Asset discovery and inventory\"}),/*#__PURE__*/e(\"p\",{children:\"Look for a solution that expeditiously applies an inventorying approach that allows you to have extensive knowledge of the assets of your company's digital ecosystem and the ability to monitor them. Devices, servers, operating systems, applications, containers, etc., all of them could be unexpected access points to threat actors within an attack surface. It is not enough to know which assets are present at a single moment. The discovery and inventory of assets is something that a solution should continuously do. The solution should allow you to list and manage all new assets or infrastructure that come to the environment. This way, you and your teams get complete visibility into where vulnerabilities may exist before starting to assess.\"}),/*#__PURE__*/e(\"h2\",{children:\"Speed coupled with accuracy\"}),/*#__PURE__*/t(\"p\",{children:[\"The solution to choose should offer you speed and accuracy in vulnerability detection. Refrain from assuming that vulnerability assessment is something that only automated tools should do. Vulnerability assessment can refer to both \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/vulnerability-scan/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"vulnerability scanning\"})}),\" and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"pentesting\"})}),\" (aka \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-manual-penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"manual penetration testing\"})}),\"). In other words, vulnerability assessment can be performed by both automated scanners and cybersecurity experts. (As we do at Fluid Attacks with our open-source scanning software and our ethical hackers.) For a comprehensive approach to your IT systems, the solution should have both assessment methods —don't stick with a solution that only involves scanners! Bear in mind that humans, namely pentesters or vulnerability analysts, are essential to keep false positive and false negative rates, which are still high for automated tools, to a minimum. Moreover, it will always be worthwhile to check that both the scanners and pentesters of the solution have specific \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/casa-approved-static-scanning/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"recognitions\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/owasp-benchmark-fluid-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"achievements\"})}),\" and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/certifications/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"certifications\"})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"Multiple and wide-ranging techniques\"}),/*#__PURE__*/t(\"p\",{children:[\"The cybersecurity vulnerability assessment within a proper vulnerability management solution should apply several techniques (e.g., \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/product/sast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"SAST\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/product/dast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"DAST\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/products/sca\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"SCA\"})}),\", CSPM, PTaaS, \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/product/re/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"RE\"})}),\"). The tool or scanner should have a well-stocked vulnerability database. In addition, there should be supporting pentesters and research teams for detecting zero-day vulnerabilities and nourishing the scanners frequently. Furthermore, human intervention would allow exploitation tests on simulated internal or external attacks to evaluate potential impacts not usually achieved by automated machines.\"]}),/*#__PURE__*/e(\"h2\",{children:\"A single pane of glass\"}),/*#__PURE__*/t(\"p\",{children:[\"Your solution should allow you to define and control different assessment scopes according to your company's needs. Both assessment (with the scopes, test methods and results) and the remaining part of the management (review, prioritization, remediation and validation) should be handled from a single dashboard (e.g., Fluid Attacks' \",/*#__PURE__*/e(n,{href:\"https://www.youtube.com/watch?v=g8H_c0b7fwo\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"platform\"})}),\"). Such a platform should be informative and user-friendly for both technical and non-technical personnel. It should also allow continuous risk analysis and vulnerability monitoring, with the help of multiple functionalities, details on findings, and ways of presenting and filtering information. Additionally, the platform should have well-defined access and usage privileges according to stakeholder roles.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Compliance\"}),/*#__PURE__*/t(\"p\",{children:[\"With the vulnerability management solution you choose, you should be able to comply with international security standards and guidelines (e.g., \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/compliance/pci/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"PCI DSS\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/compliance/hipaa/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"HIPAA\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/compliance/gdpr/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"GDPR\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/compliance/owasp/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"OWASP\"})}),\", NIST) related to, for example, appropriate security configurations, controls and testing. The solution should have as a bedrock a large number of sources in this regard. It should allow you to choose the most suitable requirements for your industry and even set your own policies. As with vulnerability databases, international security standards and guidelines should be constantly reviewed and updated as they are modified or new ones emerge. Ideally, from the dashboard mentioned in the previous tip, your company should be able to keep track of this compliance.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Continuity\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/security-testing-fundamentals/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Security testing\"})}),\" is not to be done monthly, let alone quarterly. With a proper solution, you should be able to assess your systems continuously and safely, generating no disruption of services or operations. Your company's development teams keep making product modifications, improvements and updates. Also, new systems and apps are integrated into your networks as time goes by and sometimes unexpectedly and unauthorized by employees and even threat actors. New vulnerabilities arise due to all these changes, and new vulnerabilities are publicly reported in components that may be in use in your company, thus altering the threat landscape. Hence the need for continuous security testing. These guarantee up-to-date reports that facilitate remediation processes and reduce costs. Remember, it is not just a matter of listing vulnerabilities but also treating them straight away.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Prioritization\"}),/*#__PURE__*/t(\"p\",{children:[\"Get a solution that allows you to prioritize vulnerabilities for remediation according to their risk exposure, not only their CVSS scores or tags. These metrics come fraught with pitfalls, such as those in segmentation and aggregation (see why Fluid Attacks uses \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/cvssf-risk-exposure-metric/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"the modified metric CVSSF\"})}),\"). For the right prioritization of security issues, historical data, exploitability, and current exploits and threats in the cyber environment should come into play. Moreover, there should be a clear contextualization, considering data, operations and technological resources at risk and possible impacts on the business concerned.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Remediation and support\"}),/*#__PURE__*/e(\"p\",{children:\"The solution to choose should provide your teams with vulnerability remediation recommendations and guidelines, as well as constant support for resolving questions through various fast and effective communication channels. The support information should be delivered in terminology comprehensible to the people in charge of fixing the reported issues and be accompanied by references and even estimates, such as possible remediation time. The solution should also allow you to assign the remediation of each vulnerability to the corresponding person within your organization from the same platform where you examine, for instance, charts and figures related to the findings. Furthermore, it should offer you the possibility of temporary and indefinite acceptance of vulnerabilities that, according to your company's criteria, are not considered risky.\"}),/*#__PURE__*/e(\"h2\",{children:\"Remediation validation\"}),/*#__PURE__*/e(\"p\",{children:\"An appropriate vulnerability management solution should allow you to validate that the remediation your team gives to a vulnerability is genuinely practical or effective. (This is something that, for example, at Fluid Attacks, we enable our clients with an unlimited supply of reattacks on vulnerabilities they report as closed or remediated). In addition, such a solution should integrate into your CI/CD pipelines an assessment mechanism that flags the presence of unaccepted vulnerabilities and even automatically interrupts their flow (i.e., break the build) to prevent such security issues from going into production.\"}),/*#__PURE__*/e(\"h2\",{children:\"Reports and progress\"}),/*#__PURE__*/e(\"p\",{children:\"Look for a solution that allows you to easily view, customize (according to your company's needs) and download reports in various formats to share with your audiences, including development teams, security specialists, and boards of directors. Additionally, such a solution should allow you to evaluate and track your company's progress, including how it compares to other companies in risk exposure mitigation, vulnerability remediation times and other metrics relevant to your cybersecurity.\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we always keep in mind all the aforementioned points, not just to implement them in our service but also to work on improving them, thinking about the welfare of our customers. Do you want to experience part of our Vulnerability Management solution (including our open-source scanner and platform) in a 21-day free trial? \",/*#__PURE__*/e(n,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Follow this link\"})}),\". Do you want to be part of our clients? \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Just contact us\"})}),\".\"]})]});export const richText8=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:['\"',/*#__PURE__*/e(n,{href:\"https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"National Cybersecurity Strategy\"})}),'\" is a document issued from the White House by the Biden-Harris Administration earlier this month. In this document, they state that through a new strategy —with the same name— there will be substantial changes, starting in the United States, concerning cyberspace and its use. Changes that will reflect its values, such as public safety and economic prosperity, respect for human rights, and trust in democracy. ',/*#__PURE__*/e(n,{href:\"https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"As the fact sheet declares\"})}),\", this strategy comes in addition to previous and concurrent plans and efforts, such as the National Security Strategy, the National Defense Strategy, the Executive Order 14028, the National Security Memorandum 5, M-22-09, and the National Security Memorandum 10.\"]}),/*#__PURE__*/e(\"p\",{children:\"This strategy and other projects attest to the fact that the U.S. recognizes that cybersecurity is essential to its economy, democracy, information privacy, and national defense. In cooperation with the private sector, President Biden's Administration has worked to strengthen the country's cybersecurity and, together with international allies and partners, aims to improve collective prevention, defense, and response to cyber threats from around the world that run counter to shared interests.\"}),/*#__PURE__*/e(\"p\",{children:\"Implementing the National Cybersecurity Strategy will require efforts, collaboration, and investments by the U.S. government, international allies, partners, civil society, and the private sector. Throughout implementation, the Federal Government will collect and monitor data related to investments, progress, results, and effectiveness of efforts. Furthermore, it will prioritize applying lessons learned from previous cyber incidents and seek to keep up with the constant and accelerating changes within the cyber ecosystem. Let's look at the issues this strategy aims to address and the pillars on which it is based.\"})]});export const richText9=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What are the problems to be addressed with this strategy?\"}),/*#__PURE__*/e(\"p\",{children:\"The cyber environment continues to expand and complexify at an accelerated pace. Not only in structural and interconnection matters, for the good of companies and consumers, but also in terms of cyber risks and threats. Every day, criminal groups, including those backed by governments of autocratic nations, dissenting from the interests and norms of the U.S. and allied countries, target organizations and users worldwide. They seek to exploit both vulnerabilities in computer systems and in the people who operate them. They mainly aim to achieve the theft of sensitive information or monetary assets and the disruption of operations or services.\"}),/*#__PURE__*/e(\"p\",{children:\"As interdependencies in the digital ecosystem increase, cyberattacks on a few spread rapidly, affecting many as a consequence. As the amount of sensitive information stored within cyberspace grows, more people are at risk. These are common problems today in the field of cybersecurity. This strategy seeks to address them with a more outstanding and larger-scale commitment, aiming for positive changes to strengthen the defense, resilience, and national values such as safety, democracy, and economic prosperity.\"}),/*#__PURE__*/e(\"h2\",{children:\"What is this new strategy based on?\"}),/*#__PURE__*/t(\"p\",{children:['The National Cybersecurity Strategy hinges on five pillars that, for their part, depend on two fundamental changes. The first change is referred to as \"',/*#__PURE__*/e(\"strong\",{children:\"rebalance the responsibility to defend cyberspace\"}),'.\" What they seek in the Administration is to shift the cybersecurity burden falling on individuals, small businesses, local governments and other groups with limited resources to those organizations better positioned and capable of reducing the risk exposure of all stakeholders within this shared digital ecosystem. The second change is \"',/*#__PURE__*/e(\"strong\",{children:\"realign incentives to favor long-term investments\"}),'.\" The goal here is for stakeholders in their cybersecurity to achieve a balance between short- and long-term obligations. Public programs and market forces can contribute by rewarding early adoption of security and resilience, coordinating investments in cybersecurity, and promoting a collaborative approach to a better future.']}),/*#__PURE__*/e(\"p\",{children:\"The five pillars of this strategy are the following:\"}),/*#__PURE__*/e(\"h3\",{children:'1 - \"Defend critical infrastructure\"'}),/*#__PURE__*/e(\"p\",{children:\"From this pillar, the ideal is to instill confidence in citizens in the availability and security of critical infrastructure and its services. Unfortunately, the rewards the market grants to companies that own and operate such infrastructure and voluntarily implement cybersecurity risk prevention and mitigation strategies are insufficient. Likewise, there has been a lack of mandatory requirements that encourage the implementation of preventive measures, so the Administration is focusing on establishing them and expanding the use of at least (but encouraging going beyond) minimum requirements for cybersecurity practices and outcomes in critical sectors.\"}),/*#__PURE__*/e(\"p\",{children:'In addition, in all sectors, the Administration seeks to modernize regulatory frameworks (basing them on existing standards and guidelines), better adapt them to each sector\\'s changing risks and threats, and harmonize them to avoid duplication and streamline their implementation. In line with what Fluid Attacks usually shares, they state: \"The most effective and efficient regulatory frameworks will be those put in place well before a crisis, rather than through the imposition of emergency regulations after a crisis occurs.\"'}),/*#__PURE__*/e(\"p\",{children:\"Here, the Administration emphasizes enabling and fostering collaboration between public and private organizations to defend critical infrastructure and its essential services and prevent their disruption. It also highlights the model to follow that the Federal Government can represent and the support it can provide to the defense of critical infrastructure by modernizing the security of its own networks and systems (under the principle of zero trust) and improving its incident response policies. When sectors of the critical infrastructure request support from the Federal Government, it should coordinate authorities and efforts for a unified response backed by predefined support possibilities and guidelines.\"}),/*#__PURE__*/e(\"h3\",{children:'2 - \"Disrupt and dismantle threat actors\"'}),/*#__PURE__*/e(\"p\",{children:\"Part of the purpose of this pillar is to make it impossible for cybercriminals to mount or maintain campaigns that threaten the security of the U.S. Already, the Federal Government has improved its capabilities to respond to cybersecurity incidents; it has arrested, prosecuted, and sanctioned transnational threat actors, and recovered enormous amounts of money from illicit activities. Based on these and other successes, again highlighting the need for continued and coordinated cross-sector collaboration, it intends to persist in enhancing its strategies to thwart campaigns before they impact, render them non-profitable, and dismantle cybercriminal groups.\"}),/*#__PURE__*/t(\"p\",{children:[\"The Administration intends to encourage support from the private sector, mainly since this sector has achieved a very broad understanding of criminal activity with its threat-hunting operations and its accelerated optimization of capabilities and technologies. The Federal Government also seeks to increase the speed and scale of threat intelligence transmission to provide early warning to potential or actual victims and defender teams. In addition, with a specific focus on \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"ransomware attacks\"})}),\", the U.S. aims to investigate this type of crime further, leverage international authority and cooperation to disrupt the operations of perpetrator groups, strengthen the resilience of its critical infrastructure to withstand these attacks, and improve law enforcement against illicit cryptocurrency exchanges.\"]}),/*#__PURE__*/e(\"h3\",{children:'3 - \"Shape market forces to drive security and resilience\"'}),/*#__PURE__*/t(\"p\",{children:['According to the Administration, cyberattacks\\' severe and ongoing impacts on sensitive information and industrial operations \"make clear that market forces alone have not been enough to drive broad adoption of best practices in cybersecurity and resilience.\" Many organizations do not invest enough in cybersecurity and end up affecting, for instance, small businesses that rely on them to some extent. In this case, the U.S. aims to change the situation through the reformulation of laws that regulate the responsibilities of those who collect and manage personal data and those who, due to errors in the development of technology and lack of protection, allow losses or damages that fall on citizens. Many providers continue to ignore secure development or coding, as well as ',/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/security-testing-fundamentals/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"security testing\"})}),\", and introduce vulnerable products or services into cyberspace, and, because of their position in the market, they manage to abdicate their liabilities by contract. The Administration intends to start shifting these responsibilities to them, especially to the most qualified ones, and to establish higher security standards for high-risk scenarios.\"]}),/*#__PURE__*/e(\"p\",{children:\"The Federal Government will use purchasing power and grant-making to incentivize the adoption of cybersecurity best practices. The idea is to invest in new infrastructures that are secure and resilient by design and to maintain them that way throughout their lifecycle. Moreover, the Administration will encourage coordinated disclosure of vulnerabilities in all technologies and further development of SBOMs. It will also develop processes to identify and mitigate risks in unsupported software used in critical infrastructure. Finally, it seeks to prioritize funding for research and development in cybersecurity technologies, especially those to strengthen critical infrastructure.\"}),/*#__PURE__*/e(\"h3\",{children:'4 - \"Invest in a resilient future\"'}),/*#__PURE__*/t(\"p\",{children:[\"On the one hand, the Administration recognizes the vulnerabilities in the fundamental structure of the Internet and those that arise when something new is built on top of it. In response, it will rely on investment and collaborative action to develop and implement security solutions in its networks and reduce such vulnerabilities on the Internet. On the other hand, it emphasizes prioritizing research, development, and demonstration (RD&D) in cybersecurity for new-generation technologies such as quantum information systems, biotechnology, and clean energy infrastructure. The idea is to invest in RD&D projects to advance cybersecurity in areas such as encryption (see, for example, \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/post-quantum-cryptography-algorithms/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"post-quantum cryptography\"})}),\"), artificial intelligence, cloud infrastructure, operational technologies, telecommunications, and data analytics.\"]}),/*#__PURE__*/e(\"p\",{children:\"Additionally, in this pillar, the Administration acknowledges the shortage of specialized cybersecurity personnel within and outside the nation. As a response to this, it seeks to contribute investment to enable greater access to education in this field and expand, diversify, and maintain a strong workforce.\"}),/*#__PURE__*/e(\"h3\",{children:'5 - \"Forge international partnerships to pursue shared goals\"'}),/*#__PURE__*/e(\"p\",{children:'The Administration aims to build a coalition with other countries \"to maintain an open, free, global, interoperable, reliable, and secure Internet.\" Ideally, through international collaboration, it will address common threats, punish and disrupt transnational criminal groups, protect against repression by them, help improve the capacity of coalition members, strengthen and defend globally accepted norms, and build an increasingly secure and resilient ecosystem. The U.S. and its allies will be able to \"advance common cybersecurity interests by sharing cyber threat information, exchanging model cybersecurity practices, comparing sector-specific expertise, driving secure-by-design principles, and coordinating policy and incident response activities.\"'}),/*#__PURE__*/e(\"p\",{children:\"Finally, other aspects of this last pillar include the U.S. interest in working collaboratively to generate new international law enforcement mechanisms, create secure, transparent, and reliable global supply chains for different technology products and services, and support investigations, response, and recovery of allies affected by incidents.\"}),/*#__PURE__*/t(\"p\",{children:[\"Is your company, inside or outside the United States, interested in improving and preserving a preventive cybersecurity posture? \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Contact us\"})}),\", and with our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"continuous manual and automated security testing\"})}),\", we'll help you get there!\"]})]});export const richText10=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"With around \",/*#__PURE__*/e(n,{href:\"https://datareportal.com/global-digital-overview\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"64.4% of the world population\"})}),\" using the Internet, and counting, organizations have a great incentive to go digital. Putting up a website or web application is a great way to reach out to a wider audience. But, accordingly, these firms become responsible for securing the data of that audience. Their new public-facing assets are attack vectors for cybercriminals looking to profit from the effects of exploiting errors there. Website and web app developers turn to \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/secure-coding-practices/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"secure coding practices\"})}),\" and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/vulnerability-assessment/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"vulnerability assessment\"})}),\" to diminish weaknesses in their source code. In this blog post, we talk about how website security scanning and web app security scanning work, their role in \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"vulnerability management\"})}),\", and the need of combining them with more complex assessments.\"]})});export const richText11=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Vulnerability scanning in web apps and websites\"}),/*#__PURE__*/t(\"p\",{children:[\"Vulnerabilities in websites and web applications can represent more or less risk depending on the amount of sensitive information they manage. Indeed, completely static websites, for example, whose content is invariable, as users can't interact with the pages to get responses like downloads, chats or payments, are more likely to be secure. Web apps, on the other hand, have several elements (e.g., databases) in their back-ends working to generate responses to users' requests. In this sense, there are higher possibilities of weaknesses (the most common of which you've probably seen in the \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/owasp-top-10-2021/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"OWASP Top 10\"})}),\"). Thus, there are more ways in for an attacker.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Many websites, however, have integrated some kind of interaction. Even just forms on a static website that trigger actions to save responder information to a different platform may be vulnerable (e.g., \",/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-vulnerabilities-065/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"caching input data\"})}),\"). So, website scanning to check vulnerabilities in websites is also necessary. A basic and automated way to perform a website security check is by using website vulnerability scanners or vulnerability scanning tools.\"]}),/*#__PURE__*/t(\"p\",{children:[\"We covered what vulnerability scanning is in \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/vulnerability-scan/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"a previous post\"})}),\". Basically, it's the process of a device, computer program, or testing tool automatically identifying and reporting weaknesses in systems. Therefore, it's a form of vulnerability assessment, which, in turn, is a necessary practice within a vulnerability management program.\"]}),/*#__PURE__*/t(\"p\",{children:[\"When deciding on the scanner, there are many alternatives to choose from, ranging from free web app scanners to paid services. For example, there are options to check website security online, as well as helpful vulnerability assessment tools lists (e.g., \",/*#__PURE__*/e(n,{href:\"https://owasp.org/www-community/Source_Code_Analysis_Tools\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"OWASP's\"})}),\").\"]}),/*#__PURE__*/e(\"p\",{children:\"A website scan or vulnerability scan proceeds by reviewing components and configurations of the predefined targets of evaluation, comparing them with characteristics of vulnerable code. Such characteristics are defined in the security vulnerability scanners by the developers who contribute to their improvement. For you to understand a bit of this process, we share how our security developers go about improving our scanner.\"}),/*#__PURE__*/t(\"p\",{children:[\"Initially, our team perceives the necessity of integrating a new method that would allow the scanner to find a given vulnerability. A candidate would be, for example, a new entry in the \",/*#__PURE__*/e(n,{href:\"https://cwe.mitre.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Common Weakness Enumeration\"})}),\" (CWE) or the \",/*#__PURE__*/e(n,{href:\"https://cve.mitre.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Common Vulnerabilities and Exposures\"})}),\" (CVE). It could be about a functionality that should not be present in production. Our security developers start looking into it to define how the tool will find that functionality in our clients' source codes. One possible way is to use a Python library to divide the code into pieces and create a tree to then find the parameters on which the functionality depends. Then, the developers can write functions containing what they learned that lead to the detection and report of that functionality. After integrating the method into our scanner, the tool can automatically find the vulnerability in the source code. The creation of methods to improve the tool is a constant activity at Fluid Attacks.\"]}),/*#__PURE__*/e(\"p\",{children:\"Our scanner can check compliance with security requirements that are most critical for web apps. They include the following, among many others:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-262/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Verifying that third-party components are secure\"})}),\", which helps secure against using software with known vulnerabilities.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-173/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Discarding unsafe inputs\"})}),\" and \",/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-349/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"including HTTP security headers\"})}),\", which help secure against injection and cross-site scripting (XSS) attacks.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-147/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Using pre-existing and up-to-date mechanisms\"})}),\" to implement cryptographic functions, which helps secure against cryptographic failures.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-095/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Defining users with privileges\"})}),\", which helps secure against broken access control.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-133/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Requiring lengthy passwords\"})}),\" and \",/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-132/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"passphrases\"})}),\", which helps secure against identification and authentication failures.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-requirements-324/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Controlling redirects\"})}),\" to lead to trusted sites, which helps secure against server-side request forgery (SSRF) attacks.\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"To validate certain requirements, web application vulnerability assessment with tools uses methodologies other than \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/product/sast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"static application security testing\"})}),\" (SAST). In some instances, the star is \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/product/dast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"dynamic application security testing\"})}),\" (DAST). It searches for weaknesses in environments, endpoints, servers, and cloud services configurations. This involves interaction with the running application, which our scanner also achieves.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Further, yet another method would be necessary to find other kinds of issues. \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/product/sca/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Software composition analysis\"})}),\" (SCA), among other capabilities, finds vulnerable open-source components and dependencies that are used in the web app so as not to reinvent the wheel. However, when this wheel is flawed, it's time to replace it.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The issue of using open-source software with known vulnerabilities is so pervasive that we placed it first in the list above, even though the rest follows an order corresponding to the risks in the OWASP Top 10. Our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.docsend.com/view/behmfvipxcha2t7v\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"State of Attacks 2022\"})}),\" shows that this was the vulnerability representing the most exposure to risk of our clients' systems. To find these instances of vulnerable components, we relied heavily on our automated tool's SCA.\"]}),/*#__PURE__*/t(\"p\",{children:[\"However, it must be noted that web app and website vulnerability scanners cannot find all security issues. \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-manual-penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Manual penetration testing\"})}),\" is required for comprehensive vulnerability assessment.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Web app vulnerability scanning vs penetration testing?\"}),/*#__PURE__*/t(\"p\",{children:[\"If you read a \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/account-takeover-kayak/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"previous post\"})}),\" about a vulnerability one of our security researchers found in KAYAK, you may have noticed that ethical hackers often find a vulnerability and go a little beyond that. In their assessment, they find even more issues that, linked to the initial vulnerability, can be leveraged to launch an attack with a greater impact than would be achieved by exploiting the first catch solely.\"]}),/*#__PURE__*/t(\"p\",{children:[\"This kind of behavior is not expected of website and web application scanners. In fact, security weaknesses escape tools if the detection of the former requires an external user doing complex stuff on the system. The answer to this problem is \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"penetration testing\"})}),\", which is, like vulnerability scanning, a type of vulnerability assessment.\"]}),/*#__PURE__*/e(\"p\",{children:'The work of ethical hackers, or pentesters, helps find complex issues (often of higher severity than those found by tools) and sometimes even unknown vulnerabilities. Penetration testing is valuable, as it simulates \"real-world\" cyberattacks and can offer demonstrations of the impact of exploiting detected issues. Besides, since tools can err, manual security assessments that verify their reports can reduce false positive rates in the overall report.'}),/*#__PURE__*/t(\"p\",{children:[\"The relationship between hacking and scanning is that of complementation. Hackers can certainly use website security scanners (e.g., \",/*#__PURE__*/e(n,{href:\"https://portswigger.net/burp/documentation/scanner\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Burp Scanner\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://github.com/ffuf/ffuf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"ffuf\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://github.com/projectdiscovery/nuclei\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Nuclei\"})}),\", \",/*#__PURE__*/e(n,{href:\"https://subgraph.com/vega/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Vega\"})}),\") to save time for the search of the best concealed weaknesses. This combination, when performed continuously throughout application development, yields accurate and up-to-date knowledge for vulnerability management.\"]}),/*#__PURE__*/e(\"h2\",{children:\"And don't forget to prioritize and remediate\"}),/*#__PURE__*/e(\"p\",{children:\"Beyond learning the difference between vulnerability scanning and penetration testing, we want you to understand that both benefit identifying, classifying and reporting security issues, which is then followed by prioritizing and remediating them. Indeed, all these processes are part of vulnerability management.\"}),/*#__PURE__*/t(\"p\",{children:[\"Like \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/vulnerability-assessment/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"we've said before\"})}),\", you might want to address first the issues that represent the most risk. Moreover, remediation should be something about which you should never stop thinking. As threats to your organization are constant and ever evolving, you better work on integrating security into your entire software development lifecycle (SDLC), in true \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/devsecops-concept/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"DevSecOps\"})}),\" fashion.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Take some baby steps and try out vulnerability scanning with our open-source and free online vulnerability scanner, which is included in the \",/*#__PURE__*/e(n,{href:\"https://owasp.org/www-community/Source_Code_Analysis_Tools\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"OWASP Source Code Analysis Tools\"})}),\" list.\"]}),/*#__PURE__*/t(\"p\",{children:[\"What's more, we enable you to step up your game in vulnerability management. You can enjoy our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/risk-based-vulnerability-management\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"risk-based vulnerability management\"})}),\" solution in any of our two \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/plans/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"plans\"})}),\". Our Continuous Hacking Essential plan leverages our automated tool to find vulnerabilities (with SAST, DAST and SCA) and comes with access to our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/platform/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"platform\"})}),\", where you can learn about the security testing results, assign remediation to members of your development team, track risk exposure, and more. (\",/*#__PURE__*/e(\"strong\",{children:\"Get your free trial\"}),\" \",/*#__PURE__*/e(n,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:/*#__PURE__*/e(\"strong\",{children:\"here\"})})}),\".) Our more comprehensive Continuous Hacking Advanced plan adds to the former: penetration testing by our pentesters and their expert support through the platform regarding remediation.\"]})]});export const richText12=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"Organizations need their cybersecurity strategy to suit their current threat landscape, lest they end up allocating their resources to ineffective solutions. A proper way to verify good decisions are being made in this regard is reviewing whether the company's technology, ongoing projects and roadmap cover the tactics, techniques and procedures factually targeting their assets. A feature of \",/*#__PURE__*/e(n,{href:\"https://portal.lumu.io/account/sign-up\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Lumu's platform\"})}),\" facilitates exactly that by aligning actual incidents in a company's network with the corresponding entries of the MITRE ATT&CK\\xae framework. This allows organizations to learn whether they are spending their resources on managing the true ways a malicious actor can get in. Importantly, they can also identify which scenarios should be present in continuous \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/red-team-exercise/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"red teaming\"})}),\" and penetration testing processes such as those provided by Fluid Attacks.\"]})});export const richText13=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Knowing your threat landscape\"}),/*#__PURE__*/e(\"p\",{children:\"Are you sure your organization's cybersecurity spending is not being wasted? Today, there is an overabundance of tools and service categories. Some companies believe the more tools they use, the more secure their systems are, so their budget goes to a lot of products. But when asked, a significant number admits that they still struggle with effective remediation. We believe they could prevent this by allowing ethical hackers to probe systems continuously to find the actual biggest risks before malicious hackers do. But the possibility exists that a breach to their systems might have already happened before implementing this approach and that it might even have gone unnoticed for hundreds of days. After all, companies worldwide are targeted by attackers hundreds of times daily.\"}),/*#__PURE__*/e(\"p\",{children:\"Incidents and results of manual security testing provide evidence of what your system is up against in the wild. The facts learned can give you a pretty good idea of what you should spend more on. So, a helpful solution should be able to get information on risks from several fronts, organize it for better analysis and allow for identification of areas where defenses should be prioritized. One such solution is offered by the cybersecurity firm Lumu. Their platform, Lumu Portal, is a single pane of glass where the user can manage continuous compromise assessments and access the generated reports and related contextual intelligence.\"}),/*#__PURE__*/t(\"p\",{children:[\"Basically, Lumu's solution runs continuously, looking for actual or potential exposure of the confidentiality, integrity or availability of IT systems or the information in them. On the platform, you can see the connections attempted from your organization's devices toward adversarial infrastructure, which devices are controlled by threat actors, traces of adversarial contact in logs, and phishing attempts, among other things. Lumu characterizes all these attacks through the \",/*#__PURE__*/e(n,{href:\"https://attack.mitre.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"ATT&CK\"})}),\" (adversarial tactics, techniques and common knowledge) framework.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Mapping incidents to the ATT&CK framework\"}),/*#__PURE__*/e(\"p\",{children:\"The ATT&CK framework is a knowledge base that helps people understand how malicious threat actors behave. Relating the incidents in the assessed organization's network with entries in this framework allows for the classification of attacker activity through a shared language. On the Lumu Portal, each incident has its own matrix showing which tactics are related to it. Further, users can see the actionable steps from Lumu's incident response playbooks based on controls suggested by the NIST (National Institute of Standards and Technology).\"}),/*#__PURE__*/t(\"p\",{children:[\"Since organizations need to know where they should exert the most effort, the platform also gives them an overall view of how attackers are targeting the networks. It does so in its \",/*#__PURE__*/e(n,{href:\"https://docs.lumu.io/portal/en/kb/articles/mitre-attack-global-matrix\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"MITRE ATT&CK\\xae Global Matrix\"})}),\", which shows all the detected incidents in a chosen time frame organized by incidence.\"]}),/*#__PURE__*/e(\"p\",{children:\"The following are clear benefits to having the information provided by the matrix:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Understanding, based on actual evidence, where the budget should go and what issues should be prioritized.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Learning which defenses need improvement to effectively protect against offenses from the organization's actual threat landscape.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Identifying which assets attackers are targeting and how. This allows the firm to continually assess the effectiveness of its \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/security-testing-fundamentals/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"security testing\"})}),\" scheme and make informed decisions to improve security testing scenarios.\"]})})]}),/*#__PURE__*/e(\"p\",{children:\"With these three benefits, which also represent use cases, companies can ask themselves whether they are covering tactics, techniques and procedures with their technology, ongoing projects or roadmap.\"}),/*#__PURE__*/t(\"p\",{children:[\"_____\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"⚠️ \",/*#__PURE__*/e(\"strong\",{children:\" \"}),/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/e(\"strong\",{children:\"It is worth noting that the second benefit mentioned above is closely related to the Threat-Informed Defense (TID) strategy, which can be operationalized with the help of Lumu's \"})}),/*#__PURE__*/e(n,{href:\"https://docs.lumu.io/portal/en/kb/articles/mitre-attack-global-matrix\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/e(\"strong\",{children:\"MITRE ATT&CK Global Matrix\"})})})}),/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/e(\"strong\",{children:\", as Julian Brown recently \"})}),/*#__PURE__*/e(n,{href:\"https://lumu.io/blog/threat-informed-defense\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/e(\"strong\",{children:\"noted in a blog post\"})})})}),/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/e(\"strong\",{children:\". There, Jon Baker, co-founder and director of the \"})}),/*#__PURE__*/e(n,{href:\"https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/e(\"strong\",{children:\"Center for Threat-Informed Defense\"})})})}),/*#__PURE__*/e(\"em\",{children:/*#__PURE__*/t(\"strong\",{children:[', is quoted saying that \"implementing a [TID] starts with understanding the threats that are relevant to your organization and then aligning your defenses to those threats.\"',/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{})]})}),\"_____\"]}),/*#__PURE__*/e(\"h2\",{children:\"Prioritize the right techniques in security testing\"}),/*#__PURE__*/e(\"p\",{children:\"Ideally, an organization should secure its systems completely. Despite this, prioritization helps concentrate efforts, knowledge and resources in the areas that represent the most risk. This involves requesting attack simulations that recreate actual incidents that happen the most in the firm's networks. In these simulations, ethical hackers employ the same techniques that attackers possibly used in such incidents.\"}),/*#__PURE__*/t(\"p\",{children:[\"By setting up your permanent \",/*#__PURE__*/e(n,{href:\"https://portal.lumu.io/account/sign-up\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Lumu Free account\"})}),\", you will be allowed to run assessments to understand your systems' compromise level. Then, you can upgrade to Lumu's paid offerings to get the most out of the solution, including access to the MITRE ATT&CK Global Matrix. Its information will allow you to prioritize the techniques in security testing that will be more effective for your organization.\"]}),/*#__PURE__*/t(\"p\",{children:[\"When choosing your cybersecurity testing strategy, remember you should not rely on automated security testing alone. Tools cannot imitate today's threat actors accurately and have high rates of false positives and false negatives. At Fluid Attacks, we encourage companies to let ethical hackers simulate attacks against their digital assets' defenses. And these simulations should be conducted continuously. When they are done only every once in a while, they do not truly suit organizations' needs in an ever-evolving threat environment. That's why we offer \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Continuous Hacking\"})}),\", which you can \",/*#__PURE__*/e(n,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"try for free for 21 days\"})}),\". Our most comprehensive offering includes continuous manual work by our highly certified ethical hackers in \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/penetration-testing-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"pentesting\"})}),\" and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/red-teaming/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"red teaming\"})}),\" operations.\"]})]});export const richText14=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"Organizations can no longer ignore the urgency of securing their software continuously. As cyber threats do not take breaks, neither should developers in their efforts to remediate flaws. We present why it is important to continuously conduct \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"penetration testing\"})}),\" (aka \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-manual-penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"manual pentesting\"})}),\"). We argue that it helps maintain a sensible security posture and save on costs (hint: especially time). Along the way, we compare this approach with point-in-time penetration testing. Further, we mention the ways in which our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/penetration-testing-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"penetration testing solution\"})}),\" overcomes the challenges commonly associated with continuous assessments.\"]})});export const richText15=/*#__PURE__*/t(i.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"How often should penetration testing be done?\"}),/*#__PURE__*/e(\"p\",{children:'Have you seen the subjects in the newsletters people in cybersecurity get delivered to their inbox? It\\'s always something like \"threat actors are exploiting a flaw in [insert software name],\" or \"[insert malicious technique name] reaches a new high.\" Not to mention the inclusion of ransomware attacks, which are constantly making headlines. Does it make sense to conduct security assessments solely once every year? The answer is a resounding \"no!\"'}),/*#__PURE__*/t(\"p\",{children:[\"Granted, firms getting their systems' security checked annually, or that at least had an assessment one single time, are addressing the problem, however minimally. Point-in-time penetration testing provides them with a snapshot of their security posture. This could be in terms of the known attack surface, vulnerabilities in systems, quantified risks or remediation rate \",/*#__PURE__*/e(\"em\",{children:\"at that time\"}),\". That is their baseline, which is useful for comparisons with the next assessment. But there's still the uncertainty about whether they can withstand the attacks targeting them between those periods, what with developers having to create value constantly anyways. What firms really need is to see what their attack surface, threat environment and \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"vulnerability management\"})}),\" performance look like in real time. The bottom line is: Penetration testing should be done continuously.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Benefits of continuous penetration testing\"}),/*#__PURE__*/e(\"h3\",{children:\"Real-time security posture identification\"}),/*#__PURE__*/t(\"p\",{children:[\"When assessments are done continuously, firms can make timely discoveries of assets making up their attack surfaces. They then have the opportunity to check for vulnerabilities in those assets. Any new threat (e.g., attack scenario) appearing in their environment is immediately imitated by the ethical hackers performing the tests. Although ideally, these highly certified professionals find the weaknesses or vulnerabilities before any exploit in the wild is heard of. Risk identified and mitigated is also true to the security posture \",/*#__PURE__*/e(\"em\",{children:\"now\"}),\", not to that of months ago. And because developers are notified instantly of any flaw found in recent changes, they can go ahead and solve it while that code is fresh in their heads.\"]}),/*#__PURE__*/e(\"h3\",{children:\"Lower costs\"}),/*#__PURE__*/e(\"p\",{children:\"It may surprise you, but costs may be lower for continuous pen tests than point-in-time engagements. And these are not only dollar costs.\"}),/*#__PURE__*/e(\"p\",{children:\"Conducting assessments annually (or just not continuously) means firms have to spend a great amount of time establishing the project scope, getting ahold of the right professionals, establishing expectations and deliverables, agreeing upon methodologies and a timeline, etc. This has to be done over and over again. Continuous pentesting may require occasional tweaks to the initial setup every now and then, but that is it.\"}),/*#__PURE__*/e(\"p\",{children:\"Time of remediation is also greatly reduced by doing continuous assessments, as developers are notified and get to fix issues along the way. In contrast, point-in-time assessments accumulate what could be a year's, half a year's or a quarter year's worth of security issues. Managing all these weaknesses and vulnerabilities becomes a tiresome and seemingly unending task. Ultimately, developers are forced to do rework on months-old code instead of producing value.\"}),/*#__PURE__*/e(\"p\",{children:\"Regarding money, the cost of continuous pentests, ideally, won't surpass that of data breaches. It's a hard pill to swallow, but your firm spends on cybersecurity to prevent losing significantly greater amounts to the effects of cyberattacks. Continuously testing your systems' resistance to the latest trends in attacks is a better strategy in comparison to point-in-time security testing when attempting to prevent malicious hackers from breaking in.\"}),/*#__PURE__*/e(\"h3\",{children:\"Adjustable scope\"}),/*#__PURE__*/e(\"p\",{children:\"Whereas the scope of penetration testing in the point-in-time approach is generally static, it is adjustable in the continuous testing approach. The former is therefore at disadvantage, because in case there are assets discovered that were unknown before the engagement, the penetration testing scope would leave them out. A contract of continuous pen testing would allow the firm to adjust the scope so that further testing focuses timely on those newly discovered areas of the attack surface.\"}),/*#__PURE__*/e(\"h3\",{children:\"Ongoing support from experts\"}),/*#__PURE__*/e(\"p\",{children:\"When firms have implemented the point-in-time approach, the time constraints may not allow developers to get in touch with the security analysts and solve many of their doubts. Like we said in a previous item, the reports may contain several months' worth of issues. Your team may apply a reasonable prioritization strategy to fix what could cause the most trouble and get support from experts on the issues, but much could be remaining to be addressed. The security analysts may validate that the fixes are effective, and, if it's the case, your firm may achieve sufficient compliance with a standard. Then it's until the next assessment that developers get to solve their doubts with the experts. And even then, more urgent issues may arise. Continuous assessments may eliminate this problem by allowing contact with the experts permanently.\"}),/*#__PURE__*/e(\"h2\",{children:\"Challenges to continuous penetration testing\"}),/*#__PURE__*/e(\"p\",{children:\"Despite knowing that they are subjected to constant cyber threats, there are reasons why firms contracting third-party penetration testing might go for point-in-time assessments.\"}),/*#__PURE__*/t(\"p\",{children:['Most often, it is a matter of the firm asking, \"How much does penetration testing cost us in relation to our budget for cybersecurity?\" Indeed, the company may allow itself only the regular point-in-time assessment. And it may do so ',/*#__PURE__*/e(\"em\",{children:\"at least\"}),\" annually, in the case it needs to follow \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/penetration-testing-compliance/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"certain standards\"})}),\" where penetration testing compliance is mandatory.\"]}),/*#__PURE__*/e(\"p\",{children:\"Additionally, there's the challenge of penetration testing being a manual method and therefore taking time to yield results. This fuels the view of security being an obstacle for the production of value.\"}),/*#__PURE__*/e(\"p\",{children:\"And there's also the challenge of the firm's resources to deal with all the data that continuous penetration tests yield. Doubts arise not only about where the data are to be stored but also how to keep track of findings as they accumulate.\"}),/*#__PURE__*/e(\"h2\",{children:\"How Fluid Attacks addresses those challenges\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we offer our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/solutions/penetration-testing-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"penetration testing solution\"})}),\" under the model of \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/what-is-ptaas/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"penetration testing as a service\"})}),\" (PTaaS). Which means we recognize the need of security to cover the entire software development lifecycle (SDLC). We offer firms looking to outsource penetration testing services a solution that addresses the challenges to continuous pen testing:\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Acknowledging the budget constraints of most firms, our continuous assessments are cost effective.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"We let developers deploy first, the production of value being a necessity, then our ethical hackers follow, so they test micro changes and report the cybersecurity issues they find.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"We include with our service access to our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/platform/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"platform\"})}),\", where users configure the assessments' scope, view findings through helpful visuals, assign remediation, read recommendations, talk to our pentesters, keep track of the flaws and the exposure to risk they represent, and much more.\"]})})]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Contact us\"})}),\" to receive our continuous penetration testing proposal.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Our penetration testing solution is part of our \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Continuous Hacking\"})}),\" \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/plans/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"Advanced plan\"})}),\". \",/*#__PURE__*/e(\"strong\",{children:\"You can\"}),\" \",/*#__PURE__*/e(n,{href:\"https://app.fluidattacks.com/SignUp\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:/*#__PURE__*/e(\"strong\",{children:\"try now for free our Continuous Hacking Essential plan\"})})}),\", which involves only automated \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/security-testing-fundamentals/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"security testing\"})}),\", to find deterministic vulnerabilities in your systems and get introduced with our platform. You can also upgrade to Advanced plan from the trial to enjoy continuous \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"pen testing\"})}),\".\"]})]});export const richText16=/*#__PURE__*/e(i.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"The need to protect sensitive information has resulted in regulations in every industry. Some of such regulations require conducting \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/penetration-testing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"penetration testing\"})}),\". This offensive approach, which mimics the behavior of malicious attackers, can yield very accurate \",/*#__PURE__*/e(n,{href:\"https://fluidattacks.com/blog/security-testing-fundamentals/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(o.a,{children:\"security testing\"})}),\" results. In this blog post, we present whether penetration testing is required by the international standards about which most people have this question. However, we stress the importance of going beyond basic compliance.\"]})});\nexport const __FramerMetadata__ = {\"exports\":{\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText15\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText12\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText16\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText13\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText14\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],"mappings":"yWACa,AADb,GAAkD,IAA8B,IAAuC,IAAwB,CAAa,EAAsB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6CAA0D,EAAEA,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iPAA8P,EAAE,KAAK,CAAC,SAAS,KAAM,EAAC,CAAC,iDAAkD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,2iBAA4iB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,uVAAwV,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qIAAkJ,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gPAAiP,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kUAAmU,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4NAA6N,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gMAA6M,EAAE,KAAK,CAAC,SAAS,KAAM,EAAC,CAAC,kEAA+E,EAAE,OAAO,CAAC,SAAS,qBAAsB,EAAC,CAAC,0CAAuD,EAAE,KAAK,CAAC,SAAS,OAAQ,EAAC,CAAC,qDAAkE,EAAE,KAAK,CAAC,SAAS,KAAM,EAAC,CAAC,qBAAsB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2LAAwM,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,CAAC,0EAA2E,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,uVAAwV,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wYAAyY,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,oRAAqR,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,KAAM,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+mBAAgnB,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,mBAAmB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,MAAO,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8WAA+W,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8FAA2G,EAAE,OAAO,CAAC,SAAS,WAAY,EAAC,CAAC,8DAA+D,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,MAAO,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kIAAmI,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,WAAY,EAAC,CAAc,EAAE,KAAK,CAAC,MAAM,CAAC,0BAA0B,QAAQ,sBAAsB,eAAe,6BAA6B,MAAM,0BAA0B,MAAO,EAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,+JAAgK,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,2GAA4G,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,kBAAmB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAyB,EAAED,EAAE,CAAC,KAAK,4BAA4B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,oIAAqI,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,8IAA+I,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,MAAM,CAAC,qBAAqB,OAAO,sBAAsB,kBAAmB,EAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,0FAAuG,EAAE,KAAK,CAAC,SAAS,KAAM,EAAC,CAAC,2LAAwM,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,qDAAkE,EAAE,OAAO,CAAC,SAAS,aAAc,EAAC,CAAC,0DAA2D,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,cAAc,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kcAAmc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,oNAAqN,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kNAAmN,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4FAA6F,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,sHAAuH,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8KAA+K,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kaAAma,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiD,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,6aAA2b,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,6CAA0D,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,kDAAmD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+pBAA4qB,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,YAAyB,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,cAAe,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6eAA8e,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,yZAA0Z,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wZAAyZ,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6PAA0Q,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,qqBAAuqB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,ynBAAuoB,EAAED,EAAE,CAAC,KAAK,iEAAiE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,iEAA8E,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,4EAA6E,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2GAAwH,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,qCAAkD,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,saAAmb,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,8YAA+Y,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,iPAAkP,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,iFAAkF,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,6GAA8G,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,kFAAmF,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,4FAA6F,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,uJAAyJ,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,yJAA0J,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,oEAAqE,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+SAAgT,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8BAA2C,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,kXAA+X,EAAED,EAAE,CAAC,KAAK,4CAA4C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,0cAAud,EAAED,EAAE,CAAC,KAAK,wCAAwC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,uMAAwM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,qdAAsd,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kBAA+B,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,2JAAwK,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,+BAAgC,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,qIAAsI,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yCAAsD,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,mJAAgK,EAAE,SAAS,CAAC,SAAS,oGAAqG,EAAC,CAAC,2GAAwH,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,uYAAwY,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,6BAA8B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4sBAA6sB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wHAAqI,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,mHAAgI,EAAED,EAAE,CAAC,KAAK,4DAA4D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,iDAAiD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,2QAA8Q,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mkBAAglB,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,ySAAuT,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,WAAwB,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,qNAAkO,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,4NAA6N,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,uCAAwC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+tBAAguB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,mZAAsZ,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4FAAyG,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,8rBAA+rB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,m3BAAs3B,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,aAAa,UAAU,eAAe,OAAO,MAAM,IAAI,oEAAoE,OAAO,8PAA8P,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,uCAAoD,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+vBAAiwB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,wCAAyC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+1BAAk2B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,q6BAAu6B,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,kCAAmC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4tBAA6tB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oKAAiL,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,0qBAA6qB,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,yBAA0B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4DAAyE,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,6dAA8d,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,imBAAknB,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,oEAAqE,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,QAAqB,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,GAAI,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,WAAY,EAAC,CAAC,kGAAmG,CAAC,EAAC,CAAc,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,IAAiB,EAAE,SAAS,CAAC,SAAS,CAAc,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,AAAC,CAAC,EAAC,AAAC,CAAC,EAAC,CAAC,OAAQ,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uEAAoF,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mCAAoC,EAAC,AAAC,EAAC,CAAC,8OAA2P,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4CAA6C,EAAC,AAAC,EAAC,CAAC,qWAAsW,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,2zBAA4zB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qkBAAklB,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8DAA+D,EAAC,AAAC,EAAC,CAAC,uHAAwH,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,kBAAmB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,moBAAooB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+GAA4H,EAAED,EAAE,CAAC,KAAK,oFAAoF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uCAAwC,EAAC,AAAC,EAAC,CAAC,4PAA6P,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,UAAuB,EAAED,EAAE,CAAC,KAAK,0FAA0F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mCAAoC,EAAC,AAAC,EAAC,CAAC,+HAAgI,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,wDAAqE,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,qJAAsJ,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,6GAA8G,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,0FAA2F,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuD,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,iGAAkG,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,sDAAuD,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,0DAAuE,EAAED,EAAE,CAAC,KAAK,mEAAmE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,iIAAkI,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,mMAAoM,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,uEAAoF,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wCAAyC,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,iNAAkN,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,mBAAoB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4pBAA8pB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gNAAiN,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,oKAAqK,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,iKAAkK,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,6LAA8L,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,0HAA2H,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,qEAAsE,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,0OAA4O,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+MAAgN,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,uBAAwB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6UAA+U,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8RAA2S,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,aAA0B,EAAED,EAAE,CAAC,KAAK,kCAAkC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,+KAAgL,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8FAA2G,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,yCAAsD,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,kCAA+C,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wWAAqX,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,yJAAsK,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,oDAAqD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4CAAyD,EAAED,EAAE,CAAC,KAAK,yEAAyE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8CAA+C,EAAC,AAAC,EAAC,CAAC,8BAA2C,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,gZAAiZ,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,+BAAgC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4uBAA6uB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,6BAA8B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2OAAwP,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,gqBAA6qB,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,sCAAuC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uIAAoJ,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,wCAAwC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,kBAA+B,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,IAAK,EAAC,AAAC,EAAC,CAAC,mZAAoZ,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,wBAAyB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iVAA8V,EAAED,EAAE,CAAC,KAAK,8CAA8C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,0ZAA2Z,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mJAAgK,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,4CAA4C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,yjBAA0jB,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,m2BAAo2B,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,gBAAiB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0QAAuR,EAAED,EAAE,CAAC,KAAK,4DAA4D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,6UAA8U,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,yBAA0B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,q1BAAs1B,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,wBAAyB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gnBAAinB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,sBAAuB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+eAAgf,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uVAAoW,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,4CAAyD,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,IAAiB,EAAED,EAAE,CAAC,KAAK,iGAAiG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,gaAA6a,EAAED,EAAE,CAAC,KAAK,4JAA4J,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,yQAA0Q,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kfAAmf,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8mBAA+mB,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,2DAA4D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,2oBAA4oB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,mgBAAogB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qCAAsC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2JAAwK,EAAE,SAAS,CAAC,SAAS,mDAAoD,EAAC,CAAC,uVAAoW,EAAE,SAAS,CAAC,SAAS,mDAAoD,EAAC,CAAC,2UAA4U,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,sDAAuD,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,sCAAuC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,spBAAupB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,mhBAAqhB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8sBAA+sB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2CAA4C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,ypBAA0pB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,geAA6e,EAAED,EAAE,CAAC,KAAK,4CAA4C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,yTAA0T,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,4DAA6D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6wBAA2xB,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,+VAAgW,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8qBAA+qB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oCAAqC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mrBAAgsB,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,qHAAsH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,uTAAwT,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+DAAgE,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,uvBAAwvB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6VAA8V,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oIAAiJ,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,kBAA+B,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kDAAmD,EAAC,AAAC,EAAC,CAAC,6BAA8B,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,eAA4B,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,ubAAoc,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,kKAA+K,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,iEAAkE,CAAC,EAAC,AAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,iDAAkD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qlBAAkmB,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,kDAAmD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6MAA0N,EAAED,EAAE,CAAC,KAAK,oFAAoF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,2NAA4N,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gDAA6D,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,oRAAqR,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kQAA+Q,EAAED,EAAE,CAAC,KAAK,6DAA6D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4aAA6a,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6LAA0M,EAAED,EAAE,CAAC,KAAK,yBAAyB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,yBAAyB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,+rBAAgsB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,iJAAkJ,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kDAAmD,EAAC,AAAC,EAAC,CAAC,yEAA0E,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,+EAAgF,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8CAA+C,EAAC,AAAC,EAAC,CAAC,2FAA4F,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,qDAAsD,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,0EAA2E,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,mGAAoG,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uHAAoI,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qCAAsC,EAAC,AAAC,EAAC,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,sMAAuM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iFAA8F,EAAED,EAAE,CAAC,KAAK,wCAAwC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,uNAAwN,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2NAAwO,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,yMAA0M,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8GAA2H,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,0DAA2D,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,wDAAyD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,6XAA8X,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sPAAmQ,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,8EAA+E,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wcAAyc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wIAAqJ,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,+BAA+B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,6BAA6B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,0NAA2N,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8CAA+C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,2TAA4T,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,4UAAyV,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,WAAY,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gJAA6J,EAAED,EAAE,CAAC,KAAK,6DAA6D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,QAAS,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kGAA+G,EAAED,EAAE,CAAC,KAAK,yEAAyE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qCAAsC,EAAC,AAAC,EAAC,CAAC,+BAA4C,EAAED,EAAE,CAAC,KAAK,kCAAkC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,uJAAoK,EAAED,EAAE,CAAC,KAAK,qCAAqC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,qJAAkK,EAAE,SAAS,CAAC,SAAS,qBAAsB,EAAC,CAAC,IAAiB,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,2LAA4L,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,6YAA0Z,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,yWAAyX,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,6EAA8E,CAAC,EAAC,AAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,+BAAgC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,qxBAAsxB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+nBAAgoB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,meAAgf,EAAED,EAAE,CAAC,KAAK,4BAA4B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,oEAAqE,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2CAA4C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kiBAAmiB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yLAAsM,EAAED,EAAE,CAAC,KAAK,wEAAwE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAAiC,EAAC,AAAC,EAAC,CAAC,yFAA0F,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,oFAAqF,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,4GAA6G,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,mIAAoI,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,iIAA8I,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,4EAA6E,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0MAA2M,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,QAAqB,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,GAAI,EAAC,CAAc,EAAE,KAAK,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,oLAAqL,EAAC,AAAC,EAAC,CAAc,EAAED,EAAE,CAAC,KAAK,wEAAwE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAc,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,qDAAsD,EAAC,AAAC,EAAC,CAAc,EAAED,EAAE,CAAC,KAAK,gFAAgF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,CAAC,gLAA6L,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,OAAQ,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qDAAsD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,oaAAqa,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gCAA6C,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,mWAAoW,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kjBAA+jB,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,mBAAgC,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,gHAA6H,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,cAAe,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,sPAAmQ,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,uOAAoP,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,4EAA6E,CAAC,EAAC,AAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,+CAAgD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,mcAAqc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uXAAoY,EAAE,KAAK,CAAC,SAAS,cAAe,EAAC,CAAC,+VAA4W,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,2GAA4G,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,4CAA6C,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2CAA4C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6hBAA0iB,EAAE,KAAK,CAAC,SAAS,KAAM,EAAC,CAAC,yLAA0L,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,2IAA4I,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0aAA2a,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,odAAqd,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,scAAuc,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,kBAAmB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gfAAif,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8BAA+B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,60BAA80B,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8CAA+C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,oLAAqL,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4OAAyP,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,6CAA0D,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,qDAAsD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6MAA8M,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kPAAmP,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8CAA+C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kCAA+C,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,uBAAoC,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,yPAA0P,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,oGAAqG,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,uLAAwL,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,6CAA0D,EAAED,EAAE,CAAC,KAAK,qCAAqC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,0OAA2O,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,0DAA2D,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mDAAgE,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,IAAiB,EAAED,EAAE,CAAC,KAAK,kCAAkC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,IAAiB,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,wDAAyD,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,0KAAuL,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,wIAAqJ,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,wGAAqH,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,gOAAiO,CAAC,EAAC,AAAC,EAAC,CAC/qlI,EAAqB,CAAC,QAAU,CAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,mBAAqB,CAAC,KAAO,UAAW,CAAC,CAAC"}