WEBVTT 0:00:03.760000 --> 0:00:06.700000 Hello everyone and welcome. 0:00:06.700000 --> 0:00:11.500000 In this video we're going to be taking a look at threat hunters and digital 0:00:11.500000 --> 0:00:18.040000 forensic teams. And you may be wondering or asking yourself, why exactly 0:00:18.040000 --> 0:00:24.600000 are we focusing on these two teams or these two specialized roles? 0:00:24.600000 --> 0:00:31.720000 And the reason for that we covered in the previous video. 0:00:31.720000 --> 0:00:38.360000 So if you remember, in the previous video we went over the three primary 0:00:38.360000 --> 0:00:40.280000 roles within a SOC. 0:00:40.280000 --> 0:00:46.560000 And we primarily focused on the tier one, two and three analysts and what 0:00:46.560000 --> 0:00:52.620000 their key responsibilities are, what generally or broadly speaking are 0:00:52.620000 --> 0:01:02.980000 the responsibilities or what those responsibilities entail. 0:01:02.980000 --> 0:01:10.400000 However, I did not touch purposefully, I did not cover some of the more 0:01:10.400000 --> 0:01:14.240000 specialized roles within a SOC. 0:01:14.240000 --> 0:01:19.220000 Now this does not mean that these roles should exist or anything like 0:01:19.220000 --> 0:01:30.940000 that. These are just roles or teams that may exist. 0:01:30.940000 --> 0:01:35.100000 So let's get started. 0:01:35.100000 --> 0:01:39.560000 And the best place to start is to understand these specialty roles. 0:01:39.560000 --> 0:01:45.620000 So in the context of a security operations center threat hunters and digital 0:01:45.620000 --> 0:01:52.400000 forensic teams are specialty roles that complement core SOC functions 0:01:52.400000 --> 0:01:56.240000 like monitoring detection and incident response. 0:01:56.240000 --> 0:02:02.440000 Now threat hunters, you know, who are typically aligned or whose responsibilities 0:02:02.440000 --> 0:02:08.120000 are typically aligned with tier two operations actively search for threats 0:02:08.120000 --> 0:02:10.660000 within the organization's environment. 0:02:10.660000 --> 0:02:16.100000 Right? Now, if you remember in the previous video, we also saw that tier 0:02:16.100000 --> 0:02:20.420000 three analysts also engage in threat detection or threat hunting to a 0:02:20.420000 --> 0:02:29.720000 certain extent. Threat detection being a specialized role, they may be 0:02:29.720000 --> 0:02:34.760000 additional responsibilities or additional focus on reviewing logs, conducting 0:02:34.760000 --> 0:02:41.120000 proactive threat hunters and analyzing publicly available threat intelligence. 0:02:41.120000 --> 0:02:44.980000 But the key thing that I want to point out here is that while they may 0:02:44.980000 --> 0:02:50.460000 not be directly involved in every incident response process, their contributions 0:02:50.460000 --> 0:02:55.100000 significantly strengthen the organization's ability to detect, analyze 0:02:55.100000 --> 0:02:57.160000 and understand threats. 0:02:57.160000 --> 0:03:03.680000 So what I'm saying here is, you know, these two highly specialized roles 0:03:03.680000 --> 0:03:09.360000 play a crucial part in the proactive defense and post incident investigation. 0:03:09.360000 --> 0:03:14.440000 So if you remember, when we're talking about the core services, you know, 0:03:14.440000 --> 0:03:20.500000 that a SOC provides, we talked about proactive and reactive services. 0:03:20.500000 --> 0:03:26.540000 These two, I would say, generally speaking, fall in the proactive phase 0:03:26.540000 --> 0:03:34.600000 or side of, you know, the types of services and threat hunters specifically 0:03:34.600000 --> 0:03:38.940000 are focused on proactively seeking out threats that have evaded traditional 0:03:38.940000 --> 0:03:40.160000 detection mechanisms. 0:03:40.160000 --> 0:03:44.120000 So you understand, you know, where the whole proactive aspect comes from 0:03:44.120000 --> 0:03:49.480000 digital forensics teams, specialized in investigating and analyzing security 0:03:49.480000 --> 0:03:54.780000 incidents, gathering digital evidence and determining the root cause of 0:03:54.780000 --> 0:03:59.740000 attacks. Now, both teams or both of these individuals, they can be teams 0:03:59.740000 --> 0:04:05.500000 or group of individuals or just, you know, a single person are essential 0:04:05.500000 --> 0:04:10.780000 in enhancing an organization cyber resilience incidents. 0:04:10.780000 --> 0:04:14.740000 Incident response capabilities and post incident analysis. 0:04:14.740000 --> 0:04:18.360000 So you may be a little bit confused as to what I'm saying now. 0:04:18.360000 --> 0:04:25.340000 And hopefully this diagram explains or clarifies how, you know, each of 0:04:25.340000 --> 0:04:29.260000 these roles are interact with each other within a SOC and more importantly, 0:04:29.260000 --> 0:04:39.500000 you know, what they're responsible for. 0:04:39.500000 --> 0:04:44.720000 And I've sort of outlined how they're organized and, you know, how the 0:04:44.720000 --> 0:04:50.460000 tier one, two, three analysts roles are sort of separate from the more 0:04:50.460000 --> 0:04:53.320000 specialist roles in certain cases. 0:04:53.320000 --> 0:04:57.580000 So firstly, you can see that the SOC manager pretty much controls or is 0:04:57.580000 --> 0:05:02.640000 responsible for the entire SOC, you know, which is demarked with this, 0:05:02.640000 --> 0:05:04.600000 you know, border right over here. 0:05:04.600000 --> 0:05:06.680000 So what is inside the SOC? 0:05:06.680000 --> 0:05:10.940000 So inside the SOC, you may have an IR coordinator. 0:05:10.940000 --> 0:05:12.740000 Don't worry about what that is. 0:05:12.740000 --> 0:05:15.080000 We'll get to that in the next set of videos. 0:05:15.080000 --> 0:05:19.620000 But just think of the IR coordinator, someone who again coordinates incident 0:05:19.620000 --> 0:05:24.080000 response. So you have your tier one, two and three analysts and you can 0:05:24.080000 --> 0:05:29.180000 see that this arrow essentially points to the fact that, you know, there's 0:05:29.180000 --> 0:05:30.740000 an increased severity of alerts. 0:05:30.740000 --> 0:05:37.720000 So the higher you are, the more, you know, the more severe alerts you 0:05:37.720000 --> 0:05:39.620000 are dealing with. 0:05:39.620000 --> 0:05:45.340000 And the transition or the movement between, you know, responsibilities 0:05:45.340000 --> 0:05:53.160000 from tier one to three is in the form of escalation, which again is pre 0:05:53.160000 --> 0:06:00.740000 -texted or is, you know, essentially performed under the guise of consultation. 0:06:00.740000 --> 0:06:04.200000 Most of the time, so you consult before you escalate. 0:06:04.200000 --> 0:06:06.100000 It's always a good thing to do. 0:06:06.100000 --> 0:06:09.780000 We then have some additional roles that you may find. 0:06:09.780000 --> 0:06:14.360000 I've sort of colored them differently here, but you have the security 0:06:14.360000 --> 0:06:19.340000 consultant and you have the security consultant and the security architect 0:06:19.340000 --> 0:06:23.740000 who, you know, as the, as their name suggests, are pretty much consultant 0:06:23.740000 --> 0:06:29.320000 roles. But then on the right here, I've sort of outlined specialty roles 0:06:29.320000 --> 0:06:32.820000 or specialist roles, if you will. 0:06:32.820000 --> 0:06:36.220000 Now, you can see that I've highlighted the three in green. 0:06:36.220000 --> 0:06:40.780000 And the only reason I've done that is because we're sort of out. 0:06:40.780000 --> 0:06:42.480000 We're sort of covering them in this video. 0:06:42.480000 --> 0:06:46.140000 So we have the threat intel analysts, the forensic specialist and threat 0:06:46.140000 --> 0:06:51.160000 hunter. You can see that in the event, the specialty roles exist, either 0:06:51.160000 --> 0:06:53.440000 in the form of a team or individuals. 0:06:53.440000 --> 0:06:57.240000 They're sort of separate from the tier one, two and three analysts. 0:06:57.240000 --> 0:07:00.180000 Now, again, as I mentioned in the previous slides, this does not mean 0:07:00.180000 --> 0:07:04.880000 that the tier two or three analysts are not performing threat hunting 0:07:04.880000 --> 0:07:08.280000 or, you know, performing forensics or anything like that. 0:07:08.280000 --> 0:07:13.580000 They may well be, however, in the event that these, these responsibilities 0:07:13.580000 --> 0:07:21.700000 are dedicated to, or, you know, essentially, you know, tasks or responsibilities 0:07:21.700000 --> 0:07:28.300000 like like digital forensics or threat hunting have been assigned to a 0:07:28.300000 --> 0:07:31.540000 specific individual or a specific team. 0:07:31.540000 --> 0:07:34.800000 In that particular case, then, you know, a lot of those responsibilities 0:07:34.800000 --> 0:07:41.480000 are, you know, then are delegated or offloaded to those, you know, teams 0:07:41.480000 --> 0:07:45.540000 or individuals. So these are what you'd consider the specialty roles. 0:07:45.540000 --> 0:07:50.840000 So, you know, someone who does someone or a team who does malware analysis, 0:07:50.840000 --> 0:07:56.740000 threat intelligence, forensics, threat hunting, vulnerability assessment, 0:07:56.740000 --> 0:08:00.740000 red teaming and security engineer. 0:08:00.740000 --> 0:08:04.620000 Now, you can see I've sort of highlighted that the tier one, two and three 0:08:04.620000 --> 0:08:09.120000 analysts work together with these specialty roles for obvious reasons, 0:08:09.120000 --> 0:08:11.460000 when and when required. 0:08:11.460000 --> 0:08:15.620000 And then you can also see there's, you know, a provision for extra personnel 0:08:15.620000 --> 0:08:21.800000 who support the SOC as a whole, not this particular specialty roles, you 0:08:21.800000 --> 0:08:23.220000 know, the SOC as a whole. 0:08:23.220000 --> 0:08:27.100000 And we can see that the SOC manager reports to the CISO. 0:08:27.100000 --> 0:08:30.400000 So this is generally speaking the interaction that you'll have. 0:08:30.400000 --> 0:08:34.720000 Now, as I said, in the event these specialty roles do not exist or you 0:08:34.720000 --> 0:08:38.420000 don't have anyone in the SOC who does any of these specialty roles. 0:08:38.420000 --> 0:08:42.560000 Then generally speaking, they would fall under the remit of the tier one, 0:08:42.560000 --> 0:08:46.320000 two or three analysts to a certain extent. 0:08:46.320000 --> 0:08:50.340000 But, you know, generally speaking, this is what you'd find. 0:08:50.340000 --> 0:08:53.840000 And, you know, this is the interaction between these roles. 0:08:53.840000 --> 0:09:01.740000 So I just wanted to give you this diagram view of the interaction of the 0:09:01.740000 --> 0:09:06.080000 roles within a SOC and, you know, so you understand exactly what's going 0:09:06.080000 --> 0:09:11.080000 on. And I've sort of outlined or in this particular diagram, I've made 0:09:11.080000 --> 0:09:14.580000 a provision for these specialty roles, which as I said, is just to point 0:09:14.580000 --> 0:09:20.260000 out or just to aid the explanation of, you know, the threat hunters and 0:09:20.260000 --> 0:09:26.120000 the digital forensics specialist or digital forensics teams. 0:09:26.120000 --> 0:09:29.560000 And, you know, I've sort of highlighted them there. 0:09:29.560000 --> 0:09:33.840000 So now that you have an understanding of what exactly I'm referring to 0:09:33.840000 --> 0:09:37.240000 when I say specialist roles, we can sort of proceed. 0:09:37.240000 --> 0:09:42.340000 So threat hunters, you know, in the event, you know, this role does exist 0:09:42.340000 --> 0:09:46.440000 as sort of a specialty or specialized role within a SOC. 0:09:46.440000 --> 0:09:51.080000 You need to understand, you know, who they are, what they do, etc. 0:09:51.080000 --> 0:09:54.480000 Regardless as to whether it's a team or just an individual. 0:09:54.480000 --> 0:09:59.500000 So threat hunters are cybersecurity experts or specialists who proactively 0:09:59.500000 --> 0:10:04.160000 search for hidden threats and adversaries within an organization's environment 0:10:04.160000 --> 0:10:07.960000 that have bypassed existing security controls. 0:10:07.960000 --> 0:10:12.880000 So their role is proactive and this is the key hypothesis driven. 0:10:12.880000 --> 0:10:16.460000 So what that means is, you know, aiming to detect and mitigate threats 0:10:16.460000 --> 0:10:19.420000 before they escalate into full -scale security incidents. 0:10:19.420000 --> 0:10:23.640000 And some of the common tools used by threat hunters can be broken down 0:10:23.640000 --> 0:10:28.300000 into categories like the SEAM, EDR, Threat Intelligence, platforms, network 0:10:28.300000 --> 0:10:31.220000 analysis, you know, might attack, etc. 0:10:31.220000 --> 0:10:32.940000 Custom scripting tools and languages. 0:10:32.940000 --> 0:10:37.640000 So in the case of the SEAM platforms, examples are Splunk, Elk, Qradar, 0:10:37.640000 --> 0:10:42.880000 Microsoft Sentinel, EDR solutions like CrowdStrike Sentinel-1, Microsoft 0:10:42.880000 --> 0:10:48.240000 Defend ATP, Threat Intelligence platforms abbreviated as TIPs. 0:10:48.240000 --> 0:10:54.620000 You know, examples are MISP, Recorded Future, OpenCTI, very good OpenCTI. 0:10:54.620000 --> 0:10:59.160000 Network analysis tools like ZEAK, Wireshark, Surikata, the MITRE attack 0:10:59.160000 --> 0:11:02.620000 navigator which is used for mapping and tracking adversary behavior or 0:11:02.620000 --> 0:11:05.780000 TTPs or tradecraft in general. 0:11:05.780000 --> 0:11:09.280000 And then custom scripting in the form of Python, PowerShell, Bash for 0:11:09.280000 --> 0:11:12.780000 automating detection processes. 0:11:12.780000 --> 0:11:17.340000 So what are the key responsibilities of a threat hunting? 0:11:17.340000 --> 0:11:20.480000 What activities fall under these key responsibilities? 0:11:20.480000 --> 0:11:23.340000 Well, firstly, you have proactive threat hunting. 0:11:23.340000 --> 0:11:27.580000 Secondly, you have adversary TTP analysis. 0:11:27.580000 --> 0:11:29.720000 Thirdly, threat detection engineering. 0:11:29.720000 --> 0:11:32.220000 Fourth, automation and playbook development. 0:11:32.220000 --> 0:11:34.640000 Fifth, collaboration with threat intelligence teams. 0:11:34.640000 --> 0:11:38.660000 So starting off with proactive threat hunting, in this case the activities 0:11:38.660000 --> 0:11:43.020000 are A, develop hypotheses based on threat intelligence, attack trends 0:11:43.020000 --> 0:11:45.300000 and organizational risk factors. 0:11:45.300000 --> 0:11:50.460000 B, actively seek out advanced threats like, for example, Fireless Malware, 0:11:50.460000 --> 0:11:53.400000 Zero Day attacks and Insider threats. 0:11:53.400000 --> 0:11:56.320000 You know, that traditional security tools may miss. 0:11:56.320000 --> 0:12:01.400000 Also, see leverage, see data, you know, endpoint, telemetry and network 0:12:01.400000 --> 0:12:05.920000 traffic to identify abnormal patterns or suspicious behavior. 0:12:05.920000 --> 0:12:10.680000 Moving on to the second responsibility, adversary TTP analysis. 0:12:10.680000 --> 0:12:13.200000 What activities fall under this responsibility? 0:12:13.200000 --> 0:12:17.980000 A, map observed behaviors and attack patterns to the MITRE attack framework. 0:12:17.980000 --> 0:12:22.340000 B, identify gaps in detection and recommend strategies to close those 0:12:22.340000 --> 0:12:26.500000 gaps. You then have the threat detection and engineering. 0:12:26.500000 --> 0:12:29.860000 So again, what activities fall under this responsibility? 0:12:29.860000 --> 0:12:35.860000 A, develop custom detection rules and alerts for C, E, D, R and so platforms. 0:12:35.860000 --> 0:12:40.080000 And B, refine existing detection use cases to reduce false positives and 0:12:40.080000 --> 0:12:45.560000 create behavior or analytics models to detect sophisticated attack patterns. 0:12:45.560000 --> 0:12:48.820000 You then have automation and playbook development. 0:12:48.820000 --> 0:12:53.100000 So we'll actually talk a little bit about playbooks as we progress, but 0:12:53.100000 --> 0:12:55.220000 you know, so you don't worry about that. 0:12:55.220000 --> 0:12:58.560000 But you know, the first activity here is to work with the SOC and engineering 0:12:58.560000 --> 0:13:01.500000 teams to automate detection and response workflows. 0:13:01.500000 --> 0:13:05.780000 B, develop custom playbooks for responding to advanced attacks. 0:13:05.780000 --> 0:13:08.240000 You then have collaboration with threat intelligence teams. 0:13:08.240000 --> 0:13:12.900000 So, you know, use threat intelligence feeds to stay ahead of emerging 0:13:12.900000 --> 0:13:18.060000 threats and validate hypotheses by correlating data with known IOCs, which 0:13:18.060000 --> 0:13:21.760000 are indicators of compromise and adversary techniques. 0:13:21.760000 --> 0:13:24.300000 So hopefully that makes sense. 0:13:24.300000 --> 0:13:29.620000 We then have the digital forensic analysts or digital forensic team. 0:13:29.620000 --> 0:13:34.680000 So the digital forensics team is responsible for investigating security 0:13:34.680000 --> 0:13:40.300000 incidents, analyzing digital artifacts and determining the root cause 0:13:40.300000 --> 0:13:43.080000 of an attack, sort of very important there. 0:13:43.080000 --> 0:13:49.060000 So they specialize in data recovery, A, B, malware analysis and, you know, 0:13:49.060000 --> 0:13:52.580000 C, evidence preservation for legal and internal use. 0:13:52.580000 --> 0:13:57.720000 So what are some of the common tools used by threat by digital forensics 0:13:57.720000 --> 0:14:03.180000 analysts, apologies if you know that that's actually been it's referring 0:14:03.180000 --> 0:14:06.240000 to threat hunting there should be digital forensics. 0:14:06.240000 --> 0:14:10.560000 So I've just corrected that. 0:14:10.560000 --> 0:14:12.740000 So you we saw them by category. 0:14:12.740000 --> 0:14:17.460000 We have memory forensics, disk forensics, malware analysis tools, packet 0:14:17.460000 --> 0:14:21.660000 analysis tools, log analysis tools and cloud forensics tools. 0:14:21.660000 --> 0:14:25.620000 In the case of memory forensics tools, we have volatility, you know, recall, 0:14:25.620000 --> 0:14:30.920000 etc. Disk forensics, we have the infamous FTK, image or autopsy, and case 0:14:30.920000 --> 0:14:36.280000 as well. Malware analysis tools, we have Gidra, Ida Pro, Kakus, Sandbox, 0:14:36.280000 --> 0:14:38.460000 any dot run packet analysis tools. 0:14:38.460000 --> 0:14:41.400000 Again, the infamous choice, wire shark. 0:14:41.400000 --> 0:14:44.480000 We also have Zeke log analysis tools. 0:14:44.480000 --> 0:14:48.380000 You know, you have seen platforms in this particular case, Plunk, Q-ray, 0:14:48.380000 --> 0:14:51.120000 DALC, and then cloud forensics tools. 0:14:51.120000 --> 0:14:56.520000 You have stuff like AWS CloudTrail, Azure Security Center to name few 0:14:56.520000 --> 0:14:59.420000 of the most popular. 0:14:59.420000 --> 0:15:06.100000 So what are the key responsibilities, you know, for the digital forensics 0:15:06.100000 --> 0:15:10.740000 team or offer digital forensics team and what are the key activities that 0:15:10.740000 --> 0:15:12.420000 fall under each of these responsibilities. 0:15:12.420000 --> 0:15:17.820000 Well, we have to begin with, and on this particular slide three, we also 0:15:17.820000 --> 0:15:19.260000 have a couple of other ones. 0:15:19.260000 --> 0:15:22.360000 So firstly, we have evidence collection and preservation. 0:15:22.360000 --> 0:15:25.420000 So what are the key activities here? 0:15:25.420000 --> 0:15:31.000000 You know, firstly, collect digital evidence from endpoint servers, networks 0:15:31.000000 --> 0:15:36.340000 and cloud services, B, ensure the chain of custody is maintained to preserve 0:15:36.340000 --> 0:15:40.940000 evidence integrity, use forensic imaging tools to create copies of affected 0:15:40.940000 --> 0:15:42.340000 systems for analysis. 0:15:42.340000 --> 0:15:45.240000 You then have forensic analysis itself. 0:15:45.240000 --> 0:15:49.800000 So A, perform disk memory and network forensics to uncover indicators 0:15:49.800000 --> 0:15:54.920000 of compromise. B, investigate how the attacker gained access, what data 0:15:54.920000 --> 0:15:58.060000 was accessed and whether the attack is ongoing. 0:15:58.060000 --> 0:16:02.120000 C, recover deleted files and analyze file system artifacts. 0:16:02.120000 --> 0:16:06.480000 Those include or, you know, encompass time stamps, registry changes, stuff 0:16:06.480000 --> 0:16:09.720000 like this. You then have malware analysis. 0:16:09.720000 --> 0:16:14.380000 So what falls under this fairly obvious a analyze suspicious files to 0:16:14.380000 --> 0:16:17.820000 determine if they are malicious or benign. 0:16:17.820000 --> 0:16:22.980000 B, conduct static and dynamic malware analysis to understand malware behavior. 0:16:22.980000 --> 0:16:27.400000 And C, reverse engineer malware using tools like Gidra, Ida, Pro or sandbox 0:16:27.400000 --> 0:16:31.940000 environments. We then have the other two responsibilities starting off 0:16:31.940000 --> 0:16:34.200000 with incident documentation and reporting. 0:16:34.200000 --> 0:16:38.960000 So what what falls under this responsibility in terms of activities? 0:16:38.960000 --> 0:16:43.400000 A, document every step of the forensic investigation process. 0:16:43.400000 --> 0:16:47.200000 B, provide detailed reports outlining how the incident occurred, which 0:16:47.200000 --> 0:16:51.500000 systems were compromised and recommendations for remediation. 0:16:51.500000 --> 0:16:56.300000 C, support legal or regulatory compliance by providing forensic evidence 0:16:56.300000 --> 0:16:58.640000 for audits or legal cases. 0:16:58.640000 --> 0:17:00.680000 Fairly simple to understand them. 0:17:00.680000 --> 0:17:04.080000 You then have another responsibility, which is to support the incident 0:17:04.080000 --> 0:17:07.880000 response teams. And this is very important because, again, if you are 0:17:07.880000 --> 0:17:11.620000 an incident responder, if you're looking to become one, you need to understand 0:17:11.620000 --> 0:17:17.120000 how the digital forensics team will interact with you or what your interaction 0:17:17.120000 --> 0:17:21.500000 will be like. So first activity, collaborate with tier two or three SOC 0:17:21.500000 --> 0:17:25.100000 analysts and threat hunters to contain and eradicate threats. 0:17:25.100000 --> 0:17:29.040000 So if you, again, when you need help with this, always a good idea to 0:17:29.040000 --> 0:17:32.080000 consult with the digital forensics team. 0:17:32.080000 --> 0:17:36.580000 If there is one, B, provide insights on how attackers operated within 0:17:36.580000 --> 0:17:40.860000 the environment and C, assist in root cause analysis and recommend security 0:17:40.860000 --> 0:17:46.900000 improvements. So those are the key responsibilities of threat hunters 0:17:46.900000 --> 0:17:49.720000 and the digital forensics team. 0:17:49.720000 --> 0:17:53.720000 And the objective for this video, as I mentioned, when we begun was to 0:17:53.720000 --> 0:17:57.400000 give you an idea or an understanding of these specialty roles. 0:17:57.400000 --> 0:18:01.220000 Because, again, there's a high likelihood that you may end up working 0:18:01.220000 --> 0:18:06.740000 in a SOC that has these specialty roles and you need to understand the 0:18:06.740000 --> 0:18:11.000000 distinction between the logical distinction between the tier one, two 0:18:11.000000 --> 0:18:14.640000 and three analysts and the specialty roles as well as, you know, other 0:18:14.640000 --> 0:18:17.500000 teams or the roles. 0:18:17.500000 --> 0:18:21.880000 And more importantly, how these teams or how these analysts interact with 0:18:21.880000 --> 0:18:25.900000 one another. So with that being said, that's going to be it for this video 0:18:25.900000 --> 0:18:28.600000 and I will be seeing you in the next video.