►
A
Hello
all
right,
the
screen
is
flipped,
fantastic,
okay
tricks
with
obs,
I'm
assuming
you
all
can
hear
me
so
we're
we're
here.
We
go
it's
it's
ju!
You
know
in
in
hindsight.
I
don't
know
what
I
was
thinking
trying
to
get
two
months.
Work
of
work
done
in
one
month
that
didn't
make
any
sense
makes
perfect
sense.
Now
I
feel
a
lot
better,
actually
starting
this
video
and
realizing
we
are
on
track.
So
this
is,
we
were
gonna.
We
should
just
call
this
june
tutorials.
A
I
don't
know
why
that
we're
gonna
do
planning
and
execution
in
the
same
month.
That
doesn't
make
any
sense
so
anyways
so
on
to
volume
one
chapter,
one
down
the
dependency
rabbit
hole
again
all
right.
So
what
are
we
gonna
do
here?
Well,
we're
gonna,
build
some
threat
models
and
we're
gonna
do
some
basic
threat
models
to
start
yeah?
Basically,
let's
see
does
this
link
give
us
anything
that
will
be
nice
for
the
video?
A
No
okay?
Well,
that's!
Okay!
So
we'll
we'll
see
some
we'll
we'll
see
some
results
by
this
weekend
so
effectively
the
the
what
we're
gonna
do
is
we're
going
to
take
cbe
bentool,
which
has
great
facilities
for
scanning
a
great
plug-in
system,
great
great,
very,
very,
very
mature,
we're
going
to
introduce
some
of
the
stuff
from.
Should
I
eventually
down
the
way
to
we're
basically
going
to
take
cv
bentool
make
it
multi
multi,
you
know
more
than
just
binaries,
and
how
we're
going
to
do
that.
A
A
So
we're
gonna
take
cv,
bento
we're
going
to
add
an
alternate
scanner
to
it,
using
dffml
we're
going
to
make
sure
that
scanner
has
a
pair
has
parity
with
the
old
scanner
right
and
then
we're
going
to
extend
the
scanner
to
new
languages
by
effectively
doing
a
overlay
of
the
should
I
flows
right
and
so
then
we
should
have
wait.
Basically,
we
should
have
ended
up
extending
cv,
bend
tool
in
the
process.
A
What
we're
going
to
do
is
we're
going
to
add
a
new
output
format
and
that
output
format
is
going
to
be
threat
model.
Okay,
let's
get
at
it
all
right.
So,
let's
jump
into
the
scanner
code,
so
cv
bend
tool
is
structured.
Basically,
there
is
the
the
main
scanner
and
then
there
is
well
it's
been
a
while,
since
I've
been
in
here
so
yeah,
so
the
version
scanner-
and
we
had
some
great
great
work
that
was
done
in
here,
where
everything
got
made
async.
So
that's
going
to
be
fun,
so
we
love
that.
A
A
Oh,
I
was
scanning
log
for
oh
that's
right.
Last
time
I
was
in
here
I
was
back
in
december.
We
were
scanning,
so
there's
some
examples
that
we
have
on
scanning
for
log4j
using
data
flows,
and
so
I
was
going
to
do
this
support.
Then.
Obviously,
it's
six
months
later
so
well
here
we
are
we'll.
Do
it
now?
Okay,.
A
A
A
A
A
A
Okay,
or
should
I,
and
we
should
also
link
to
the
other,
should
I
tutorial
so
that
we
can?
We
can
make
sure
that
people
understand
right.
We
gotta
assume
nobody
knows
anything
coming
in
here
like
about
what
we're
doing
you
know,
they
know
everything
about
what
they're
doing,
but
they
know
nothing
about
what
we're
doing
right
and
they
shouldn't
have
to.
We
should
tell
them
it's
not
not
their
job
to
know
everything
that
that
we're
doing
so,
okay,
so
we're
planning
to
implement
multi-language,
support
and
cv
event
tool.
A
A
A
A
A
A
A
A
A
It's
just
in
case
somebody
finds
this
file
and
doesn't
know
what
the
hell
this
is
or
where
it's
coming
from
right.
So
important
and
important
all
right.
So
third
party
input,
so
dfml
is
now
a
third
party
import
right
because
we're
within
cv
eventual,
and
so
if
we're
following
our
you
know,
reverse
christmas
tree
dependency
includes
where
we
basically
stack.
A
We
basically
stack
at
least
character
count
dependencies
at
the
top
in
the
first
party
library,
in
the
standard
library
to
third-party
libraries
and
then
to
you,
know
second
party,
something
that's
plugins
or
something,
and
then
you
know
first
party
being
whatever
package
you're
in
so
here
now
we're
in
tv
ben
tool
right,
and
so
let's
see
scanner
data
flow
okay.
So
what
should
we
do?
What
should
we
do?
Why
don't
we
do
python?
Then
we
have
cv
bin
tool
right
here:
okay,
so
path,
dot.
Okay,
so
we'll
say.
A
A
A
A
Okay,
so
I
think
what
we'll
do
first
is
we're
going
to
integrate
within
the
cv
event
tool
code
base
and
then
once
we
have
a
clean
integration
within
the
cve
band
tool
code
base,
then
we'll
explore
okay,
let's
pull
it
back
to
alice's
level
and
see
how
does
alice
interact
with
cbe
been
tool
now
that
we
know
that
cv
event
tool
has
been
flushed
out
to
a
you
know,
a
multi-language
support
because
really
doesn't
make
sense
to
maintain.
Should
I
shoulda
is
really
just
a
very
specific.
A
A
A
A
A
A
A
A
A
A
A
Okay,
great
so,
let's
go
and
remember:
okay,
so
let's
reference
our
modification
of
the
git
repo
here
right,
so
we
want
to
do.
This
is
an
example
of
an
overlay
happening
where
we
basically
take
this
gear
repository
checked
out
and
we
run
the
lines
of
code
per
language,
but
now
we're
going
to
do
the
reverse
right.
So
we
want
to
download.