IoT Security Podcast – Andrew Bellini – Formatted Transcript

2025-07-28

Transcript

Andrew Bellini: The OT security in a lot of places is very lacking. And I just think one of the biggest things that’s keeping it secure is that, like, countries would consider that to almost be like a kinetic act of warfare and like skipping past cyber to do something serious there. But I think, like, yeah, in North America we’re very vulnerable to, to that. And it is a very big and growing and important area of cybersecurity.

Phillip Wylie: Hello and welcome to this episode of the IoT Security Podcast. Today I’m joined by Andrew Bellini, hardware hacker and content creator. In this episode you’ll learn about securing IoT as well as learning IoT hardware hacking, along with some resources and how to secure your IoT environment. I hope you enjoy this episode. Today I’m joined by Andrew Bellini. So Andrew and I know each other from the cyber security community and we got to meet at the Defcon IoT Village for the first time last year and he recently reached out to me about being on the show. And Andrew’s a great guest for this because some of the most successful episodes we’ve had have been people that are hardware hackers. So hardware hacking or hacking in general is always a popular topic and so it’s always great to get to chat with folks like that.

Phillip Wylie: So welcome to the show, Andrew.

Andrew Bellini: Yeah, thank you so much for having me on. It’s really exciting to be here.

Phillip Wylie: Yeah, good to have you on. So, by the way, have you been to Hardware IO yet? Because I got to go there back in, I guess it was in May in Santa Clara.

Andrew Bellini: I have not been. It is number one on my list of conferences that I have not been to. So I’m over. I’m over here in Canada right now. So all these conferences are a little bit of a travel for me. But I am very much hoping that next year I can go to it because I heard really good things from some friends that went this year.

Phillip Wylie: It was, it was a good conference. I kind of lucked out on that one because my manager, about a week before the conference said, has anyone talked to you about going to this conference? And I said no. I said, can you go? I said, sure, because it was actually one that I wanted to go to. Actually got to meet Aseem, one of the founders and people that run Hardware IO at RSA this year. And so it was one of the ones I was kind of interested in going to. And so I got to attend. It was a lot of fun. It was interesting.

Phillip Wylie: It was a two day conference. Even Joe grand was teaching a workshop there. So it was pretty cool.

Andrew Bellini: Yes. It’s like all of the people that I look up to and a lot of my friends in the industry are always there and it’s like the highlights for them. It’s like the Defcon of the hardware hacking community and IoT hacking. So it’s very high on my list. And I would love to take a training by Joe grand as well.

Phillip Wylie: It’s interesting though, the culture was a little bit different. I noticed there because you go to DEF CON and some of these other conferences, you have a lot of LobbyCon going on where people are just chatting outside of the conference rooms, not necessarily attending the talks, but there they had breaks in between sessions and people would kind of congregate then. But there wasn’t much, you know, lobbycon going on. I guess maybe part of that’s due to the fact that there’s not always this opportunity to be around, you know, that many talks around hardware hacking and hardware security.

Andrew Bellini: Yeah, that and combined with like the training at Hardware IO, from what I’ve heard and seen and talked to people, is world class. And a lot of those, like trainers, they don’t do anything other than live training. Like Joe grand, for example, very well known one and some of the other ones. And with hardware it is a little bit harder to do them remotely. So yeah, you have that opportunity to take those training. So I think a lot of people take advantage of that. So they’re in the training a lot of time as well.

Phillip Wylie: Yeah, it was pretty cool. So it’s one area that I know I need to get to know better and I kind of gauge communities that I need to connect more with or, or get to know more people in it because I was there and I didn’t know. Know that many people. Matt Brown was there, so I got to chat with Matt. We’ve been connected on through the virtual community, but never had met in person. So I actually got to meet Matt Brown there.

Andrew Bellini: Yeah, Matt and I know each other as well. That’s what I saw him on and watched the podcast with him and that was what triggered me that, oh, hey, I should chat with. With Phil as well because that was a cool podcast and him and I have been on each other’s streams and I’m pretty active in his Discord community as well. And I’ve, I’ve learned so much, so much from his YouTube channel.

Phillip Wylie: Yeah, very cool. That’s one of the things that, just one of the areas, I really like to chat with folks that work in content creation too, because there’s just, you know, that’s such a amazing resource for people to learn because not everyone has the budget to spend to go to these conferences or pay for these trainings and to be able to have access to people like yourself and, and actually someone. I forget who it was exactly paid you the compliment. Recently I was talking to someone asking them about learning hardware hacking, good resources, and someone told me to get your training and buy the Atify hardware hacking kit.

Andrew Bellini: Cool recommendation. I thank you. Yeah. Yeah. Well, you mentioned the house like a lot. It’s hard to even, myself included without employee sponsorship or something like that to go to some of these in session hardware hacking trainings because we’re talking like, you know, the, the lower end in the twos to three thousands to, you know, you can get up into like double or five digits of, of the cost of them. So that was one of the reasons I really wanted to make a course because there wasn’t a lot of accessible options for people that are beginners and want to learn. And it’s a really, really cool field of cyber security that is kind of like gate kept a little bit just by the cost.

Phillip Wylie: Yeah, I can see that because I also see that cost can be a factor since there’s not as many opportunities for these trainings in person. There doesn’t seem to be as many people doing that either.

Andrew Bellini: Yep. Yes. Yeah, there’s, there’s not as many. It’s kind of like a more niche thing. And then there was almost like the, the myth that I, I don’t agree with it all, but that you need to spend a lot of money on gear to get in, especially if you’re seeing like people doing it. They’ve. The research that they’re showing, they’ve got like, you know, high end microscopes and probes and oscilloscopes and you know, tens of thousands of dollars of gear. But I’ve always said like you can get into it for less, probably like $50.

Andrew Bellini: Honestly. I think you get into hardware hacking and IoT hacking for $50 and build out a decent toolkit.

Phillip Wylie: Yeah, that’s very cool because I got to actually got to attend some of the, some sans. It wasn’t actually a Sans course is one of the ones where they had someone else come in. Justin Searle, I think, built the course. Don, known as Cutaway. He was. Yeah, that does some ICS stuff. I got to attend that session at the sans ICS back in 2020 and it’s kind of interesting. They got a lot of the.

Phillip Wylie: More of the hardware hacking things. It was ICS pen testing course but got into some of the wireless hacking and some of the embedded related stuff. So that really kind of got me interested. And I know at the time, as far as affordable stuff, the only thing I could really find out there back then was pentester Academy had some things that could be used that were kind of related to hardware hacking. So we could do like dumping firmware and some things like that or emulate firmware dumping and so forth.

Andrew Bellini: Yes. Yeah, there was, when I was learning there was very limited. So that’s was one of the motivations and it was. Was cool. I’m so I’m at, I’m at TCM Security now as a content creator as well. So I do content and they have a lot of affordable training there, which is awesome. And that was kind of the motivation for me to reach out to them. They were like looking for an IoT course and I was like, you know what, I think I could make one and it would be really cool if there was one that was like, you know, in the double digits price, like, you know, not more than that.

Phillip Wylie: Yeah. If you wouldn’t mind sharing about your course kind of. Is this like an entry level course or you could just go into the details?

Andrew Bellini: Yeah, absolutely. Yeah. So it is, it’s called the beginner’s guide to IoT and hardware hacking and it does assume like some cybersecurity and technical knowledge of like Linux and basic commands. But other than that. Yeah, it’s like a zero, zero knowledge of like IoT electrical engineering hardware required and it builds up from there to like you know, somewhat intermediate level. So it’s, it’s. I always say It’s a beginner IoT and hardware hacking course, but I wouldn’t consider it like a beginner course to like technology or IT or cybersecurity because it is a little bit more of a advanced niche subsection of the course or of cybersecurity.

Phillip Wylie: Yes. Kind of looking at your, your background, it’s. You have the perfect profile for, for this type of stuff because it’s interesting that you see in the cybersecurity community and back in it at one time folks that were in those areas end up they had like electrical engineering degrees. There really weren’t anything out of software development degrees. There really weren’t it specific degrees and a lot of people were coming from electrical engineering backgrounds. But you’re not seeing as much of that anymore. But it looks like the perfect fit for hardware hacking.

Andrew Bellini: Yeah, absolutely. Yeah. So I. My background. Yes. For those that don’t know. I’m an electrical engineer by training and I have worked in like the ics, ot, SCADA as well. Not in security, just like you know, as a, as an engineer maintaining and working and supporting those systems.

Andrew Bellini: And I also have worked in industrial IoT with trains actually, and again not specifically security related. I mean of course there’s some security stuff when you’re designing and training on and maintaining these products. But yeah, that’s my background and where I learned the most about hardware and hardware hacking and embedded devices and mostly just through how to build them and learning what developers do and what shortcuts people take and the debugging tools that are used. I mean that’s like 90% of hacking right there. It’s just learning what developers do and what shortcuts they take and what tools they use.

Phillip Wylie: So what other advice would you give to someone who wants to learn hardware hacking along with taking your course?

Andrew Bellini: Go out and get a cheap device, either buy it or I mean I always say like the beg borrow part of beg borrow steel, like dumpster diving, whatever electronics waste, go to goodwill, take it apart and go at it. Like, you know, figure out what the ports do, you know, can I get the firmware off of it? What does the device do? What sections of the PCB do this part? Yeah, I have a personal rule that I always suggest people like, I don’t hardware hack on anything. I don’t want to brick because I’ll eventually probably brick the devices. It happens to the best of us. But yeah, so get something cheap and just go at it. Find it. Find a guide if you can. There’s lots of write ups on YouTube or like my, my course walks through using like an off the shelf router.

Andrew Bellini: It’s the most popular router on Amazon. So if you want like a really, really detailed one, you can take my course. But yeah, there’s lots of good write ups nowadays and you can just go for it that don’t be intimidated, spend like 30 or $40 on some gear and do it.

Phillip Wylie: So how hard is that for someone to pick up compared to some of the more common methods of hacking like web app or network?

Andrew Bellini: It depends on what level of hardware hacking you’re going to get into. So the easier end of interfacing with the debugging ports and being able to read firmware off of a device, I would say it’s actually not that complicated. It’s mostly just understanding how the tools work and the different protocols and being able to identify them. Then the other sides of Hardware hacking, kind of like crossover threshold where you’re looking at things like fault injection and glitching and side channel analysis. Those are like some of the most complex areas of cybersecurity in my opinion because you’re needing to understand like complex mathematical functions as well as like how very small embedded devices work in the circuit boards and developing usually novel attacks on those. So that that side is, is very complex. But the, the, the stuff that will get you most of like what I see in commercial devices is very easy to do. Like yeah, I think anyone listening to this or watching this video could figure out how to do it and get into these devices.

Phillip Wylie: It’s kind of interesting, you know, talking about, you know, the hardware realm when I one of the things I’ve seen from some security researchers here locally and just stuff I’ve seen on the Internet is how some cases they’re like web based vulnerabilities because these devices are running like the busy box lightweight web server.

Andrew Bellini: Yes.

Phillip Wylie: And it’s not always as secure and sometimes that’s a foothold in 100%.

Andrew Bellini: Yeah. And usually. So this is an interesting thing you bring up because this is a good distinction that I have with like my students and people who are getting in is you know, like I’ll show them how to use the tools and get a shell into, you know, router, smart camera, whatever it is through the hardware. But the vendor probably won’t care about that. Now if you’re doing like a pen test. Yeah, it’s probably like a medium to even like somewhere in the high finding that they have these unsecured debug ports, whether it’s UART or JTAG or whatever. But if you were to go and report that to the vendor as like a bug bounty, if they’re bug bounty or like you know, responsible disclosure, they’re not going to care. So.

Andrew Bellini: But what we can do is we use that access through the hardware, whether it’s you know, to get a shell or dump the firmware to understand better how the device works and reverse engineer it and find vulnerabilities then that could be found through the web portal or mobile app or cloud. That would be very hard to find if we didn’t have that internal access to a live shell on the system and the firmware to reverse engineer and it makes it a lot easier to do.

Phillip Wylie: So you kind of mentioned bug bounty. So are there a lot of opportunities for bug bounty in the hardware space?

Andrew Bellini: It’s growing, but no, not, it’s not like it is limited and like Bug bounty is not really something I do because I don’t have a lot of time and like you do need to pour time into it and i would prefer to just spend my time on the devices I’m interested in and like it’s not, not. Yeah. So when people ask me about bug bounty, I always say like, if, if it’s a device you want to test on and that’s going to be an interesting use of your time, you’re going to learn something from it, then go for it. But like, if you’re just starting out, I wouldn’t be financially incentivized for which devices you’re going to go for. I would pick the ones that you think you’re going to learn something from or that interest you instead. Personally.

Phillip Wylie: Yeah, that’s one of the things, because my background is in offensive security and one of the things I had a hard time with doing bug bounty was I could do side pen testing and I get paid for sure. Or I could bug bounty, spend a lot of time and not make any money. So that was one of the reasons. Yeah, I really never got into bug bounty 100%.

Andrew Bellini: So yeah, you need to get something out, else out of it and then if you find something, then the money’s a bonus. But like you want it to work on whatever that kind of device is anyway. And I would say too, when you’re getting started out, the devices that are in bug bounty programs for like IoT and hardware are going to be a lot more hardened. Whereas if you’re starting out with like the consumer devices that are not going to have bug bounty programs, they’re not hardened at all. So like I, I always say this, anyone can hack an IoT device. I could teach probably anyone how to do it or at least like, if you’re hearing me say this, like you’re interested enough that you’re listening to this podcast or like YouTube recommended it to you, then you probably have enough knowledge that I could yet teach you how to hack an IoT device. And I’ve taught a lot of people and they’ve gone out and I’m not big on like going and finding CVs on these devices because it can be a bit of a run around sometimes to even try and get the vendors to respond back to you. But I’ve had many people that have taken my course or, you know, attended talks or like just my blogs and stuff and gone out and found CVs and gone through the whole process to report them and stuff.

Phillip Wylie: Yeah, it’s interesting the Difficulty that researchers can run into sometimes because I don’t know, you’ve probably saw the, the case several years ago where the, the researchers found the bugs. I’m not going to mention the drone manufacturer, but there’s a drone that they found these bugs in. They had a responsible disclosure program. They found these bugs and the, the manufacturer was, was threatening to sue them.

Andrew Bellini: Yeah, yeah. Nowadays you don’t hear that as much. It definitely was, it still is a thing. Like I saw a cybersecurity researcher that I’m connected with and he was working on like stoplights that he found which like seems like you would want these secure because these are like out in the public, right? Like not theoretical and yeah, the same thing. They sent him a cease and desist and like we’re going to sue you for it. And nowadays it’s a lot better. So usually either they’ll, they’ll fix it and you know, release it in a reasonable time if it’s somewhat reputable vendor, but then the other ones like you just, you won’t hear from them. That’ll be it.

Andrew Bellini: Because unfortunately right now in a lot of the IoT devices it’s, it’s what I say is like a race to the bottom almost. Because what’s driving the, the consumers for them is A, I’m gonna go out and buy like a reputable device that like I’m, I’m buying it for brand name or B, like I just need a smart camera for my house and I went on Amazon or AliExpress and you know, this one’s $15, this one’s $20. Oh, this one is two pack for $20. Probably going to get that one right. Without a lot of thought into the security implications for them as a consumer, like I think like the broader consumer. And yeah, so with those devices that are like companies racing to get it as cheap as possible, there’s not, there’s no money for R and D or security or anything like that. And the like web of like who’s selling the product and like the name on it back to like who’s actually making it. And if you open a lot of these devices up, you’ll start seeing like the same or similar devices on the inside for like the electronic components, but then just different cases.

Andrew Bellini: So sometimes it’s really even hard to be like, who do I even tell about this vulnerability in the smart camera I found? Because like this company that’s selling it, like they’re not designing it, they have no link back.

Phillip Wylie: So yeah, yes, it’s pretty Interesting. So. So what advice would you give people to secure their IoT environments?

Andrew Bellini: Yeah, absolutely. So there’s a couple things. One of them is definitely segregating networks and having it so that you have them segregated and whether using a VLAN or whatever. The second one is like, I would, I personally, I don’t use many IoT devices, but the ones that I use like actually in my home I like to buy from reputable vendors. So like, you know, Amazon’s a good one like Google devices because they actually have hardened, hardened hardware and they’re also, they have good responsible disclosure or bug bounty programs and they’re actually concerned about their brand reputation and security. So those ones are usually much better. I would never buy like the, the discount or the cheapest ones you can get off Amazon and connect them to my home network. I do have like dozens to maybe 100 of them in my lab, but they’ll only ever connect to my lab network.

Andrew Bellini: And I like taking them apart and looking at them. But if you want to do IoT hacking, those are the ones that I suggest to go out and the ones that I say anyone can hack. Like go and find the, the cheapest smart camera on Amazon and buy it. And like I got one, I got one last year and I did a short series on it on YouTube that ended up, people found it very interesting, ended up being quite popular and I literally just went on Amazon, sorted by cheapest to most expensive, bought the cheapest one and then pulled it apart. And like, yeah, the security was very lacking on it. Not to be surprised.

Phillip Wylie: So before we started, you mentioned something about you used to work for the mta. And so, you know, with critical infrastructure being kind of a risk, are there any things that you’re seeing out there that people need to watch for?

Andrew Bellini: Yeah, so I worked for a company that contracted with them, so I would go frequently to New York or like other Subway as well. And we provided a industrial IoT solution to train companies. That’s a tough one for individuals because really it’s outside of most individuals control of what’s happening there other than lobbying the government or it’s mostly probably gonna have to be a government thing. But I would say for the most part, like not just strictly talking like MTA or like any signaling anyone out. But from what I’ve seen, I’ve also been to like power plants, oil and gas, military, like the, the ot security in a lot of places is very lacking. And I just think one of the biggest things that’s keeping it secure is that like Countries would consider that to almost be like a kinetic act of warfare and like skipping past cyber to do something serious there. But I think, like, yeah, in North America we’re very vulnerable to. To that.

Andrew Bellini: And it is a very big and growing and important area of cybersecurity.

Phillip Wylie: Yeah, it’s kind of interesting because one of the things that I keep thinking about anytime, here’s something along these lines was the water treatment facility in Florida that was like a couple years ago that got. Got attacked somewhere. They poisoned the water treatment facility or did something.

Andrew Bellini: Yep. And it was. That one was through, I believe, an open team viewer to the. In, like to the Internet, which I know a lot of people are surprised when they heard that, but I used to do a lot of support for these companies remote and in person. And yeah, we would be coming in through unattended team viewer access, PC anywhere, like all of those. It’s very common because you have a lot of vendors working and it’s hard for them to come out. So there’s a lot of different remote connection technologies. And a lot of times it’ll be like the operators of the facility who are maybe like, have like, mechanical backgrounds or like fixing machinery that end up being the ones that have to like, help out with this or set it up.

Andrew Bellini: Like, I many times walked people through that who are not super computer savvy. And that’s okay. Like, their job was to, like, you know, keep the boilers on or whatever. But yeah, when I heard that, I was not surprised at all. I’ve seen that so many times. Places.

Phillip Wylie: Yeah. Some of the risks sometimes where people try to make it easier to access those environments when they’re supposed to be air gapped, that maybe they put in a WI fi router or run an ethernet connection directly in there to bypass it to be able to more easily manage it.

Andrew Bellini: Oh, my goodness. Yeah, I used to work with this one place and like, their PLCs and stuff would like, always keep going offline and their sensors and things. And they would call us in and I would like, remote into like, the computer. And we couldn’t. I’d be like, yeah, like, it’s, you know, it’s a network issue. Like, I can’t troubleshoot it unless I come there. But, like, you know, it’s not our gear. And that kept happening for weeks.

Andrew Bellini: And then I was talking to the one IT person there and they’re like, yeah, we figured out what was happening. We fixed it. And I was like, what? And they’re like, someone kept unplugging the Ethernet cable from the one switch that goes to all the PLCs to like plug their laptop in. I was like, yeah, yeah. And then they wouldn’t plug it in or whatever afterwards and it would take down like the factory, though.

Phillip Wylie: Yeah. It makes me think of a story because I had Lesley Carhart on my podcast, the Phillip Wylie Show (episode can be founder here), and she shares a story where she’s investigating this case where it’s a power generation facility and the failover power was getting turned on and they thought it was this nation state attack. And what it boiled down to is they had a touch screen monitor and at night it was dark and moths or some kind of insects were flying into the screen and they just happened to hit one of those, hit the right button or combination of buttons to. To power on the failover power. And that’s what it was. It wasn’t.

Andrew Bellini: That’s so funny.

Phillip Wylie: It wasn’t a nation state, but that goes back to basic hygiene. If they would have locked the screen. Yes, that would have happened.

Andrew Bellini: Yeah. You never think of that. Yeah, it was a real bug. A real bug.

Phillip Wylie: Yeah, it was a real bug. But that story is pretty amazing because what are the odds of something hitting the touch screen to get something like that to happen?

Andrew Bellini: Yeah, yeah. And then turning it off and. Yeah, and thinking it’s a nation state and it’s way less intense than that. Yep.

Phillip Wylie: Yeah, I’m sure there were. There was a sigh of relief from the people there when they realized they were not being attacked. No, he’s got a bug problem. Lock the console and put up some bug zappers.

Andrew Bellini: Yeah, that’s what I was thinking. A can array. It’ll solve their problems.

Phillip Wylie: What are some other resources that you follow as far as IoT and ICS resources?

Andrew Bellini: Yeah, absolutely. So the best one, in my opinion that I push out and I know he’s been on your show, is Matt Brown’s content. I’ve learned so much from his YouTube videos. Like if you want to try and hack something, honestly, he probably has a video of like it or something similar because he has so many videos and he does them like long form. Just like, he doesn’t skip steps. You’re just watching him do it. And then he also has a Discord channel or a Discord server, which is an amazing community. I’m a moderator there and I started a project there where we call it the Security Research Team and we do group hardware and IoT hacking projects.

Andrew Bellini: So we’ll vote on like an inexpensive IoT device that is very easy for everyone. To buy because we have people from all over the world and we treat it like it’s going to be a pen test. So we, and we all work together, we have some place where we share notes and I’ve learned so much from that because there are seriously talented people in that server, like way more talented than me that do this like senior level full time IoT and hardware pen testing and they just hop on and they teach people. And the one that’s being worked on right now, I don’t have my lab so I’m not doing this one, but someone else is leading it and they’re gonna write up a professional report at the end too so that like people get experience with like the whole end to end of writing up the report and then we, if we find stuff that’s reportable, we let the companies know, do a vulnerable disclosure. But that is probably one of the best ones. The other thing that I always suggest for people as a resource is go out and learn how to build an IoT device. And it sounds a lot harder than it is, but I use development platforms like the Beagle Boards or Raspberry PIs are really good. And there is a book called Mastering Embedded Linux that I have read front to cover probably like five or six times.

Andrew Bellini: And it walks through the whole end to end process of everything from bootloader, kernel, compiling your own kernel, developing a tool chain, everything to build out like your own embedded Linux IoT device and doing that. I learned the most about IoT hacking embedded Linux because once you understand how the developers are doing it and like at that level of building it, it makes it so much easier to reverse engineer and hack. So I recommend that book to everyone as well. Mastering Embedded Linux, very good book.

Phillip Wylie: So since this episode will go out right before Black Hat and defcon, are there any recommendations you would make for anyone that’s attending Black Hat and DEF Con? Are there any villages that you’d recommend or any kind of resources that they should check out while they’re there?

Andrew Bellini: Yeah, absolutely. So if they want to learn IoT hacking, there’s three core villages that I would suggest. So of course you do have the IOT Village which I was there last year and gave a talk at it and hung out there and there was a lot of really cool stuff there. There is the, the Rapid7 booth and what their project looks like is going to be very interesting this year. So I would 100% go and see them and the rest of the, the folks in the IOT Village in their talks. Then you of course, got the Embedded systems village, which is also very good, and writes up there with like hardware hacking, a little bit more hardware focused. And I know Matt Brown’s going to be at that one. And then of course you’ve got the hardware hacking village, which is a very.

Andrew Bellini: Is a busy one because that one’s got the soldering stations and you can like build your own little badges and things like that. So those three are. Are excellent ones to check out.

Phillip Wylie: Awesome. Yeah, I’m looking forward to it. One of the cool ones, if you ever get a chance to check out. As far as Black Hats, if you ever get the chance to go to Black Hat, Middle east in Africa, they’ve got the most hacking villages I’ve seen of anywhere. They’ve got like a medical device hacking village, drone hacking village, IOT hacking, I believe, like ics. I mean, it’s just amazing all the stuff they got there. And just the CTF alone is like the length of two football fields. There’s like a thousand people on site participating in the ctf, which is a lot different than Black Hat usa.

Phillip Wylie: They just barely got some little small village in there last year. They’re trying to get more of that in there. But I mean, this conference even had more stuff going on than. Than what DEFCON usually does, so it’s pretty amazing. So we’re getting down towards the end of the episode. Are there any ways people can reach out to you? What’s the best way to contact you if people want to contact you? And how can we find your.

Andrew Bellini: Yeah, absolutely. So you can get to all my stuff. It’s just that links DigitalAndrew IO so you can get links to my course, the certificate at tcm, what I’m doing. If you want a crash course free on IoT hacking, there is a link there to my DEFCON talk from last year at the IoT Village. Anyone can hack it IoT and I would suggest watching that. So, yeah, and then I’m Most active on LinkedIn if you want to send me a message or anything.

Phillip Wylie: Well, thanks for joining today and sharing all this valuable information and thank you for what all you do for the community. I appreciate it.

Andrew Bellini: Thanks so much for having me. This is a blast.

Phillip Wylie: Yeah, thanks. And thanks everyone for viewing. And if you want to learn more about Fox Phosphorus, go to Phosphorus.io. Also, if you enjoy this podcast, like and share, and subscribe with your friends and colleagues. Thanks for viewing.