►
From YouTube: AMA with the Red Team (external & public livestream)
Description
Live Ask Me Anything session with the GitLab Red Team
A
B
All
right,
thank
you,
everyone
for
joining
us.
This
is
our
first
ever
get
lab
red
team.
Ama,
real,
quick,
we're
gonna.
Do
a
quick
round
of
introductions
of
the.
A
B
Team
that
we
have
on
the
call
today
and
we're
going
to
jump
right
into
the
questions.
We
don't
have
a
lot
of
time,
so
we
may
not
get
to
all
of
the
questions
that
are
on
here,
but
our
intent
is
to
answer
them
all.
So
we
will
answer
anything
we
don't
get
to
verbally
or
in
the
stream.
Here
we
will
answer
in
the
document
and
we're
also
going
to
turn
the
document
into
a
blog
post
as
well,
so
we'll
be
able
to
get
information
out
there.
B
We
also
have
an
email,
alias
that
if
you
have
a
question
that
you
didn't
get
a
chance
to
ask-
or
you
want
to
follow
up
on
something
I
read
team
gitlab.com
is
a-
is
a
good
way
to
reach
the
entire
team.
So
real,
quick
introductions,
my
name
is
steve
madzik,
I'm
the
manager
of
the
red
team
here
at
gitlab
and
turn
it
over
to
my
team.
I
will
start
with
you
greg
to
go
ahead
and
introduce
yourselves.
C
B
D
E
And
chris
hey
everyone,
chris
moberly
on
the
red
team
as
well,
based
in
australia
and
I
publish
code
under
the
pseudonym
in
its
string.
A
Okay,
so
voice
over
number,
one
which
is
considering
you're
a
full
remote
company.
Persistence
on
endpoints
is
still
relevant
in
your
activity,
or
hunting
tokens
or
credentials
make
more
sense.
Some
cloud
services
do
not
require
you
to
reach
them
with
vpn,
so
sso
tokens
or
credentials
could
be
enough
in
some
cases
to
reach
sensitive
information.
B
Yeah,
that's
that's
actually
a
really
good
question,
so
the
the
the
simple
answer
there,
of
course,
is
both
right.
I
mean.
Obviously
both
of
those
things
are
are
definitely
important
to
us,
but
but
we
have
focused
a
lot
over
the
last
little
while
on
going
after
things
like
credentials
and
tokens
and
things
of
that
nature,
in
fact
I'll
let
greg
here
take
over
because
he
he
worked
on
releasing
a
couple
of
tools
that
we
actually
use
internally
as
well.
To
do
this.
C
Yeah
sure
I'll
keep
it
short
and
sweet,
but
you
know
when
we
when
we
first
started
there
really
wasn't
much
in
the
way
of
tooling
forget
that,
specifically
for
for
hunting
those
types
of
credentials
that
steve
mentioned,
so
we
we,
we
modified
a
tool
called
get
rob
we're
lucky
enough
to
have
the
original
creator
on
our
appsec
team
now,
but
at
the
time
it
didn't
support
gitlab.
C
So
we
we
wrote
some
some
extra
bits
in
there
to
make
it
to
make
it
support
gitlab
and
we
wrote
some
custom
tooling
that
started
off
pretty
simply
as
just
a
recon
tool
and
then
we
sort
of
expanded
on
that
to
basically
do
the
same
thing.
That
tools
like
git,
rob
and
and
other
tools
like
it
do
find
credentials
in
in
different
parts
of
the
of
the
gitlab.
C
E
Yeah,
I
did,
and
just
to
clarify
the
question
a
bit
for
some
folks
who
may
not
use
the
you
know
these
security
words
very
often
when
we
talk
about
endpoints,
we're
specifically
talking
about
laptops
and
mobile
devices,
and
the
point
I
wanted
to
add
is
a
bit:
it's
it's
a
bit
non-technical,
so
we're
we're
an
internal
red
team
here
and
when
we're
talking
about
our
our
targets
and
endpoints
being
our
targets,
those
targets
are
owned
by
all
of
our
fellow
team
members,
our
colleagues
and
our
friends,
and
these
are
the
people
that
we
work
with.
E
You
know
day
in
and
day
out,
so
just
in
terms
of
being
efficient
and
being
able
to
get
the
job
done,
we
need
to
be
able
to
establish
and
maintain
trust
with
the
people
who
own
these
targets,
who
own
these,
who
own
these
endpoints
they're.
B
E
That
we
ask
questions
to
every
day.
I
know
I
often
pop
into
like
development
slack
rooms,
for
instance,
and
ask
how
something
works
and
when,
when
people
see
my
name-
and
they
see
me
asking
a
question-
and
I
see
red
team
next
to
it-
I
want
them
to
trust
me.
I
want
them
to
feel
like
they
can
help
and
and
answer
my
question
and
you
know
feel
safe
that
they're
not
putting
themselves
in
danger
in
danger.
E
Doing
that.
I
don't
want
anyone
to
think
that
we're
out
there
trying
to
exploit
their
laptops,
especially
at
a
company
like
git
lab,
where
we're
fully
remote.
So
those
laptops
are
sitting
inside
our
homes,
they're
they're
on
our
home
network
and
they're
sort
of
the
gateway
into
our
personal
life.
They're
used
for
personal
think.
So,
when
we're
talking
about
persistence
on
endpoints,
it's
just
not
something
that
we
want
everyone
to,
think
that
we're
going
after
their
endpoints
and.
E
We
really
like
to
focus
on
something
that
we
call
an
assumed
breach,
so
we
need
to
fully
understand
the
threat
model
of
these
endpoints.
We
need
to
understand
the
type
of
data
that's
accessible
on
that
endpoint
and
then,
essentially,
what
we'll
do
is
we'll
assume
that
an
endpoint
can
be
breached
and
we'll
start
with
that
level
of
access
that
we've
identified
in
a
threat
model.
So.
E
A
Great,
thank
you.
We'll
move
on
to
number
two
next
question
is
to
evaluate
an
insider
threat.
Do
you
consider
to
run
exercises
from
authorized
users?
I
mean
run
an
exercise
to
simulate
a
legit
change
in
your
system,
but
with
some
malicious
effects,
for
example,
set
up
a
new
web
service
or
whatever,
with
some
back
doors,
in
order
to
be
able
to
keep
access,
steve.
B
Yeah
yeah,
so
so,
and
this
kind
of
overlaps
a
little
bit
with
with
the
answer
to
the
previous
question.
So
so
we
definitely
consider
that
in
in
some
of
the
exercises
that
that
we
do
so,
we
will
do
things.
You
know
like
chris
said
in
his
last
answer,
where
we
assume
the
attacker
is
either
someone
that
already
has
some
sort
of
access
to
something,
or
he
is
an
internal.
You
know,
employee
or
or
in
insider
threat.
B
And
again,
though,
you
know
when,
when
focusing
on
things
like
like
endpoints,
we
have
our
own
test
ones
that
will
build
to
look
identical
to
what
an
end
user
is
using
and
and
then
test
things
out
that
way
versus
actually
trying
to
exploit
some
of
our.
You
know,
co-workers
and
things
of
that
nature.
Fred,
you
wanted
to
expand
on
that.
One.
D
Yeah
just
a
little
example
like,
for
instance,
we
will.
We
will
really
start
with
the
linux
shell
from
either
vm
or
container,
because
we
would
assume
I
mean
the
user,
since
it's
an
authorized
user
who
is
trying
to
breach
anything,
he
would
eventually
be
able
to
have
such
a
shell,
and
we
will
start
the
operation
from
there
and
then
we
will
see
how
far
we
can
expand
and
how
we
can
detect
that.
C
Yeah
and
just
to
expand
on
that
a
tad
bit,
but
in
the
interest
of
time
it
won't
go
too
deep,
but
it
as
chris
mentioned
you
know,
we
we
spend
some
time
mimicking
how
an
attacker
might
try
to
gain
persistence
on
those
those
vms
or
containers
as
well.
So
so
we
know
what
that
traffic
looks
like
and
we
we
know
better
how
to
defend
it.
A
A
B
Yeah,
that's
that's
that's
a
great
question
so
and-
and
this
is
something
that
get
lab-
that
we're
always
trying
to
improve
on
and
always
trying
to
iterate
on,
but
but
we
obviously
use
our
own
product
git
lab,
especially
when
it
comes
to
the
planning
and
and
tracking
of
our
exercises
as
as
well
as
for
reporting,
then
there's
also
another
tool
called
vector
that
we
use
that
we
really
like
because
it
has.
B
It
has
a
lot
of
the
ttps
built
into
it
and
we'll
draw
draw
us
out
some
really
nice.
You
know
attack
trees
and
help
us
track
exact
actions.
We
take
as
well
as
detection
options
as
well.
B
And
chris,
I
think
you
you
wanted
to
add
something
to
that
one
as
well.
Yeah.
E
I
just
want
to
expand
on
that
a
little
bit.
So
if
you
read
my
answer
in
the
document
here,
I'll
use
an
acronym
called
ttps,
which
is
tools,
techniques
and
procedures.
E
So
we
leverage
our
own
self-hosted
gitlab
instance.
We
use
gitlab.com
for
some
things
as
well,
but
we
also
do
a
lot
of
self-hosted
and
one
of
the
things
that
we
do
that
I
really
like
is
to
try
to
make
our
techniques
for
red
team
operation
automated
and
repeatable,
and
we
do
that
by
building
custom
attack
tooling,
like
let's
say
we're
I'll,
just
keep
it
very
simple.
Let's
say
we're
doing
a
password
brute
force
tool
or
something
we
could
write
our
own
custom
password
brute
force
tool.
B
E
We
can
use
the
git
lab
ui,
either
manually
or
via
schedule,
to
repeat
those
techniques.
So,
let's
say
in
an
operation
we,
you
know,
we
do
a
brute
force
attack
and
it
gets
in
the
record,
and
it
shows
what
time
we
did
it
and
everything
if
the
blue
team
makes
some
modifications
to
their
capabilities
and
they
want
to
run
that
technique
again,
we
can
go
back
to
that
project
and
we
can
look
at
you
know
an
exact
commit
of
that
custom,
tooling,
that
we
wrote
and
re-run
it
with
with
the
source
code.
E
A
gitlab
ci
job,
then
we'll
get
the
full
console
output,
which
is
logged,
and
it
has
time
stamps
and
everything
that
we
need
to
go
back
and
review
and
see
what
work
and
what
didn't
is
sort
of
right
there
inside
the
gitlab
project
we
can
iterate
on
it.
If
we
make
changes
to
the
source
code,
we
can
then
rerun
it.
You
know,
pin
to
a
different
different
version
of
our
source
code
and
so
on.
E
We
we
even
have
another
tool,
actually
that's
pretty
interesting.
That
uses
multiple
pieces
of
the
git
lab
project,
so
it
uses
some
some
off-the-shelf
pen
test
tools
combined
with
some
custom
bash
scripts
that
we
wrote
and
it
uses
gitlab
ci
to
run
this
tool
and
then
the
output
of
the
tool
fortunately,
is
html
and
we
use
that
tool.
Output
combined
with
something
called
git
lab
pages,
which
is
a
way
to
host
static
websites
to
host
the
output
of
that
attack.
E
Tooling
and
gitlab
pages-
has
authentication
built
in
so
we
can
even
do
you
know,
role-based
access
control
on
the
output
of
this.
You
know
off-the-shelf
pen
test
tool
where
only
get
lot
of
people
can
access
that
output
and
it
has
two-factor
authentication
built
in
and
all
that
stuff.
So
that's
just
sort
of
one
cool
way
we
can
use
our
own
in-house
product,
and
then
I
did
just
want
to
echo
steve's
comment
by
using
vector
vector
is
awesome.
E
E
After
the
fact
you
get
these
really
cool
reports
about
how
effective
all
your
blue
team
tools
are,
and
things
that
you
can
show
upstream
to
management,
so
vector
is
a
very
cool
tool.
It's
unfortunately,
it's
not
open
source.
It
is
free,
you
can
find
they
do,
have
a
github
project
and
you
can
download
some
docker
containers.
E
E
Oh
sorry,
and
one
last
thing
also
and
using
our
own
in-house
tools
gitlab
just
for
like
project
management,
not
source
code
project
manager
but
like
managing
the
logistics
of
a
project,
there's
tons
of
cool
features,
things
like
epics
and
and
issues
and
and
timelines
and
tracking,
and
all
these
things,
and
if
you
just
type
into
a
search
engine
using
gitlab
for
project
management,
there's
like
a
five-minute
video
and
a
45-minute
video
and
a
blog
and
all
kinds
of
cool
things
that
will
you
know,
help
you
brainstorm,
maybe
how
you
can
use
it
as
well.
A
B
Yeah,
that's
a
that's
a
good
question,
so
we're
a
little
bit
different
in
this
regard.
When
it
comes
to
you
know
what
I
would
call
your
traditional
red
team
right,
so
most
rec
teams-
you
know
at
least
traditionally
would
excuse
excuse
me-
would
be
performing
exercises
and
trying
different
things
in
a
rather
stealthy
manner,
without
necessarily
telling
anybody
else.
We
try
to
do
the
opposite
right.
So
so
we
do.
B
When
we're
planning
our
operations,
we
usually
pull
people
in
from
different
teams,
especially
teams
that
will
be
impacted,
and
somebody
always
knows
what
we're
up
to
right.
So
a
good
example
I
have
here
is:
if,
if
we
were
working
on
something
that
you
know
potentially
could
set
off
fire
alarms
for
our
incident
responders
in
our
incident
response
team.
B
Typically,
the
manager
of
that
team
or
somebody
on
that
team
knows
what
we're
doing
knows
what
we're
up
to
and
then
when
we
are,
if
we
are
detected,
we
then
jointly
make
the
call
of
okay.
Well,
do
we
want
to
say
fine
you've
been
caught?
Let's
stop,
you
know
work
now
or
do
we
want
to
actually
test
what
the
incident
response
would
be
and
let
everyone
proceed
through
like
this
is
a
real.
B
You
know
like
this
is
a
real
incident,
so
it
is
kind
of
at
a
case-by-case
basis,
but
but
we
are
definitely
very
open
and
and
collaborative
from
the
beginning,
all
the
way
up
to
the
end
of
one
of
our
exercises.
D
Unless
it
doesn't
make
sense,
we
try,
as
steve
said,
to
involve
people
even
during
the
life
of
the
operation
like,
for
instance,
we
will
set
up
a
chat
channel
with
the
red
team
members,
but
also
the
the
some
we
will
invite
in
the
channel
some
team
members
from
the
targeted
teams
and
they
can
see,
live
what
we're
doing.
D
Okay,
I'm
seeing
this
now,
I'm
gonna
try
to
elevate
privileges
here
and
there
and
and
it's
actually,
they
usually
take
it
very
well,
and
sometimes
they
even
give
us
some
cool
ideas,
actually
that
we
didn't
think
about,
and-
and
they
don't
see
this,
as
I
mean
because
they
are
part
of
it-
really-
they
don't
see
this
as
us
trying
to
like
point
fingers
at
them,
but
really
collaborating
with
them
to
to
make
things
better.
At
the
end,.
B
And
I
think
to
quickly
add
to
that
too.
There's
always
going
to
be
a
scenario
where
we
don't
want
to
tell
anybody,
but
even
I
mean,
but
even
in
those
scenarios
typically,
you
know
my
boss
and
my
boss's
boss
know
you
know
what
I
mean
like
so
somebody
there
is
always
somebody
that
knows
what
we're
doing
it.
Just
we
just
may
not
share
it
as
broadly
or
as
wide
across.
You
know
the
the
different
security
teams
or
infrastructure
teams,
as
normally.
A
B
You
know
we're
calling
somebody's
baby
ugly
right,
so
we
we
are
very
careful
to
not
have
any
ego
with
that
right.
We're
very
careful
to
you
know
present
the
facts,
the
data,
the
men.
You
know
the
message
and
make
sure
that
people
understand
that.
Look.
We're
not
here
to
point
fingers
we're
not
here
to
tell
you
that
you
messed
up
we're
just
here
to
make
sure
that
you
know:
we've
we've
done
our
due
diligence
and
that
we've
raised
you
know
the
bar
from
a
security
perspective.
B
You
know
as
much
as
we
can
and
I
mean
a
lot
of
that
comes
with
experience
right.
I
mean
I've.
I've
seen
red
teams
and
other
organizations
and
other
places
where
they
maybe
forget
that
you
know,
and
they
you
know,
get
on
that
call
to
explain
something
to
another
team
where
they're
laughing
about
a
bug
or
something
that
they
found
and
that's
usually
not
a
helpful
approach
right.
D
Oh
sorry,
yeah
when
I
joined
gitlab,
I
saw
like
this
transparency
value
is
really
nice,
because
every
team
is
kind
of
used
to
to
show
what
they
do
and
have
like
feedback
from
other
teams.
So
they
are
kind
of
used
of
being
pointed
at
mistakes
and
also
gig
club
is
promoting
like
yeah.
You
can
do
mistakes
and
just
learn
from
them.
So
there
is
some
kind
of
culture
of
like
yeah.
Nobody
tries
to
hide
really
anything
and
they
are
used
to
to
have
some
yeah
different
inputs
from
different
teams.
D
So
we
are
we're
an
additional
input.
Somehow,
so
we
we
don't
show
them
their
babies
ugly,
because
maybe
already
tons
of
other
teams
show
them
their
baby
easily
and
they're
improving
already
so
yeah.
This
transparency
value
is
nice.
It
brings
down
the
ego
and
nobody's
trying
to
really
hide
anything.
C
Yeah
and
just
to
add
a
little
bit
to
that
is,
there's
there's,
obviously
a
very
human
aspect
to
red
teaming.
You
really
can't
ignore,
and
a
lot
of
it
is
about
building
trust.
C
You
know
early
in
the
process
and
and
making
sure
that
you
that
you,
that
you
meet
that
trust
in
the
end
and
the
points
that
both
steve
and
fred
brought
up
about
working
with
other
teams,
closely
is
extremely
important,
because
git
lab
is,
is
a
huge
ecosystem
of
different
systems
and
technologies,
and
no
one
person
can
can
possibly
understand
all
of
it.
So
getting
input
from
from
other
people
and
say
hey.
This
is
something
that
I
that
I
thought
about
you
know.
Maybe
we
could
attack
this.
A
B
Yeah
so
the
the
easy,
the
simple
answer
there,
the
short
answer:
there
is:
it's
both
right,
so
we
use
miter's
attack
framework
where
possible,
but
but
we
also
do
adjust
and
and
create
our
own
either
based
on
you
know,
other
attacks
that
we,
you
know
become
aware
of
and
that
we're
able
to
study
and
learn
from,
and
also
just
things
that
we
come
up
with
you
know
on
our
own,
so
something
we
found
at
the
beginning
right
is
that
is
that,
while
miners
attack
framework
is
is
really
good,
it
definitely
has
been
lacking
in
the
past
in
some
of
the
cloud
technologies
and
summit
and
some
of
the
ways
that
that
cloud
services
get
attacked.
B
So
that's
an
area
that
we've
had
to
really
you
know
create
some
of
our
own,
and
that's
the
nice
part
about
this
vector
tool
that
we
use
is
that
we're
able
to
create
them
in
there
and
then
actually
save
them
and
keep
them
for
future
use,
and
you
know
again,
like
chris,
said
previously,
make
things
repeatable
each
time.
C
Thank
you,
spacebar
just
stopped
working
all
of
a
sudden.
In
the
end
you
know
we
we
try
not
to
limit
our
creativity.
You
know,
I
think
you
know
being
participating
at
gitlab
and
being
part
of
the
team
as
a
whole.
We
we
learn
a
lot
about
how
the
systems
work
and
and
where
the
weaknesses
might
be,
that
a
generic
framework
like
mitre
might
not
cover.
So
you
know
we
tried,
try
not
to
limit
things,
but
there's
an
extreme
amount
of
value
in
the
things
that
we
find
in
mitre.
A
Awesome
and
then
we
had
a
question
come
in
to
chat
related
related
to
this,
so
are
any
of
those
cloud.
Ttps
that
aren't
tracked,
I
don't
know
is
this:
do
I
read
out
the
abbreviation
all
of
that.
B
Attack
yeah
yeah.
I
can
finish
it
yeah
that
aren't
track
and
minor
attack
published
outside
of
vector
or
where
the
public
can
access
them.
So
that's
actually
a
national
question,
because
that's
something
and
chris
I
know
you're
probably
smiling
to
see
that
question.
That's
something
we've
actually
talked
about
doing
and
we
need
to
follow
through
on
is.
We
have
talked
about
that
as
we're.
Creating
these
two
start,
releasing
them
ourselves
and
essentially
just
posting
them.
B
We
have
an
area
called
red
team
tech
notes
where
we
publish
a
lot
of
different
things
and
that'll,
be
where
we're
gonna
end
up
publishing
any
ttps
that
we
come
up
with
that
are
outside
of
you
know,
miter's
framework.
E
Yeah
next
so
just
to
add
to
that-
and
I
know
we're
right
at
the
end
here
so
attack
matter-
attack
is
organized
by
tactics
which
is
sort
of
the
high
level
thing
like
initial
access
and
persistence
and
then
below
that
those
techniques
and
techniques
are
where
it
gets
very
specific
like
like
create
a
system
d
service
or
use
as
a
sued
binary.
So
we
use
the.
A
E
Everywhere,
because
they're
they're
very
generic
and
we
can
sort
of
fit
everything,
we
do
in
pretty
much
any
operation
into
mitre's
definition
of
tactics
when
it
comes
to
techniques,
though
what
mitre
prefers
is
to
only
include
techniques
in
their
framework
that
are
publicly
known
and
have
attribution
to
some
known
threat
group
and
for
mitre.
I
think
that
makes
a
lot
of
sense,
but
at
gitlab
we're
in
a
much
more
modern
environment.
E
We
have
no
physical
networks,
we
have
no
active
directory
and
it
could
be
years
until
there's
attribution
to
techniques
that
we
know
work
because
we've
done
the
research
and
we've
tested
them.
So
again,
yeah
we've
created
sort
of
a
lot
of
our
techniques
we
reached
out
to
mitre
and
had
the
discussion,
but
again,
as
we've
learned,
they're
more
interested
in
techniques
that
already
have
attribution,
so
ours
are
probably
not
going
to
be
included
until
a
threat
group
uses
them
and
gets
caught.
We
do
have
some
of
them
published
publicly.
E
If
you
look
at
our
red
team
tech
notes,
we
did
a
very,
very
thorough
blog
on
techniques
inside
google
cloud,
for
example,
in
terms
of
having
them
broken
down.
Like
in
the
mitre
format,
exactly
how
you'd
see
them
in
attack
we
sort
of
started
on
on
those,
but
because
once
we
learned
that
mitre
would
prefer
not
not
to
include
them
until
they
have
attribution.
E
It
was
just
sort
of
a
lot
of
work
that
might
not
go
anywhere,
but
if
people
are
interested
in
that-
and
they
let
us
know-
then
yeah
possibly
we
could
work
on
that
as
well.
We
have
some
things
in
the
pipeline
as
well.
Some
upcoming
vlogs
that
may
be
a
bit
more
focused
on
providing
things
sort
of
in
that
attack
framework
as
well.
A
And
I
know
I
know
we're
at
time,
but
this
is
a
good
question
to
end
on,
so
we
can
answer
it
quick.
What
are
the
exceptional
or
unusual
skills
you
have
in
your
red
team?
How
diverse
is
the
skill
set
across
the
team.
B
That's
a
good
one
and
I'll
be
honest.
I
had
to
think
on
that
one
because
I
don't
know
if
we
have
any
unusual
skills
you
know
in
in
the
team,
but
we
definitely
have
a
wide
range
of
diversity
in
in
the
team.
B
I
know
for
for
me
something
I
look
for
you
know
for
people
when
we're
when
we're
growing
the
team
is,
is
not
necessarily
the
skills
that
that
people
already
have,
but
but
how
easily
and
how
quickly
they're
able
to
learn
new
things
and
how
much
they
enjoy
being
kind
of
thrown
into
that
fire
right.
So
things
change
so
fast
and
there's
just
so
much
so
many
different
moving
pieces.
B
When
we
look
at
gitlab's
entire
ecosystem
that
that
we
are
constantly
put
into
positions
where
you
know,
we
have
to
very
quickly
learn
something
and
then
very
quickly,
figure
out.
Okay,
how
do
I
attack
this?
You
know
new
thing
that
I
just
learned
about
right.
Yeah
greg
did
you
did
you
want
to
add
to
that?
One.
C
I
ask
the
immediate
team:
usually
I
can
get
a
get
a
great
answer,
or
at
least
a
thread
to
pull
to
to
find
it.
So
that's
pretty
amazing
for
a
team
as
small
as
ours.
D
Yeah,
I
wanted
to
add
a
small
one.
There
are
actually
some
skills
that
are
absolutely
you
use
less
at
gitlab
that
maybe,
if
you
confirm
a
traditional
office
environment
like
I
knew
I
was
doing
a
lot
of
microsoft,
active
directory
stuff-
and
you
can
forget
about
that
at
gitlab-
anything
wireless
or
related
to
entering
into
buildings
that
no
no
no
need
at
all.
D
So
yeah
just
wanted
to
point
out
that
I
don't
think
we
have
anything
unusual,
but
there
are
some
skills
that
are
absolutely
useless
in
a
full
cloud:
computing
environment,
where
everybody
is
home.
Basically,.
E
A
B
Yeah
yeah,
so
we'll
we'll
put
some
answers
in
this
document
as
well,
but
we're
literally
going
to
just
do
some
cutting
and
pasting
and
formatting
on
the
document
to
get
it
into
a
blog
post
as
soon
as
possible
and
we'll
add
our
answers
to
the
final
set
of
questions
that
are
in
there
and
if
we
ever
do
this
again,
I
think
we
now
know
to
schedule,
maybe
a
little
more
time,
so
we
can
actually
get
into
all
the
questions.