From 913492dcecdaa5f5a272bf279a7adf6328da029b Mon Sep 17 00:00:00 2001 From: Christoph Niehoff Date: Mon, 8 May 2023 15:06:06 +0200 Subject: [PATCH] Sync changes from 'OWASP/cumulus.git' --- docs/img/cards.svg | 2156 +++++++++++++++++++++++++++++++--------- readme.md | 6 +- tex/img/cover_logo.pdf | Bin 4890 -> 8128 bytes tex/lib/logo.tex | 11 +- 4 files changed, 1713 insertions(+), 460 deletions(-) diff --git a/docs/img/cards.svg b/docs/img/cards.svg index 23cfe1b..bb528f3 100644 --- a/docs/img/cards.svg +++ b/docs/img/cards.svg @@ -5,58 +5,100 @@ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" - id="svg2688" + id="svg1203" version="1.1" viewBox="0 0 210 137" height="137mm" width="210mm"> + id="defs1197"> + + + + + + + + + + + + + + + + + + + id="metadata1200"> @@ -71,374 +113,765 @@ transform="translate(0,-160)" id="layer1"> + transform="matrix(0.34047859,-0.09233898,-0.09233898,-0.34047859,31.918299,296.42365)" + clip-path="url(#clipPath856)" + id="g852"> + id="g858"> + + + + transform="translate(-88.526,95.177)" + id="g864"> + id="g866"> - - - + transform="translate(200.563)" + id="g868"> + transform="matrix(0.70709,0.70709,-0.70709,0.70709,0,0)" + id="g870"> + transform="scale(15.53734)" + id="g872"> + transform="translate(-112.037,-95.17)" + id="g874"> - - - - - J - - - - - - + id="text878" + style="font-variant:normal;font-weight:bold;font-size:24.78709984px;font-family:'Josefin Sans';-inkscape-font-specification:JosefinSans-Bold;writing-mode:lr-tb;fill:#f4a59b;fill-opacity:1;fill-rule:nonzero;stroke:none" + transform="matrix(1,0,0,-1,112.037,95.17)" + aria-label="J"> + + - - - + transform="translate(-200.563)" + id="g882" /> + + + + + + + + + + + + + + + + transform="translate(22.266,297.997)" + id="g904" /> + + + + id="g910"> - - - J - - - + id="g912" /> + + id="g926" + clip-path="url(#clipPath916)"> + id="g924" + transform="matrix(1,0,0,-1,0,14.173228)"> - - - - - - - - - - - + id="g922"> + + - - + + + + + + + + + + + transform="matrix(1.47612,0,0,1.47612,-170.98636,-473.35773)" + id="g942"> - - - - - jack/access&secrets - - - - - - - + id="text946" + style="font-variant:normal;font-weight:normal;font-size:4.98129988px;font-family:'Josefin Sans';-inkscape-font-specification:JosefinSans-Regular;writing-mode:lr-tb;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none" + transform="matrix(1,0,0,-1,115.835,320.677)" + aria-label="jack/access&secrets"> + + + + + + + + + + + + + + + + + + + + - - - - - Ourdeployment - artifactscontain - secretsthatcan - beextracted. - - - - - - + transform="translate(-12.454)" + id="g950" /> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + transform="translate(31.011,17.201)" + id="g988" /> + + + + + + + + + + + id="g1002" /> + + id="g1068" + clip-path="url(#clipPath1006)"> - - Secretsinartifacts - + id="g1066" + transform="matrix(1,0,0,-1,0,48)"> + id="g1064"> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + transform="matrix(0.35277777,0,0,-0.35277777,69.002274,282.28883)" + id="g1992"> + id="g1994"> + id="g1996"> + id="g1998"> + clip-path="url(#clipPath2004)" + id="g2000"> + id="g2006"> + id="g2010"> + id="g2012"> + id="g2014"> + id="g2016"> + id="g2018"> + id="g2020"> - + - 5 - + transform="matrix(1,0,0,-1,112.062,50.139)" + aria-label="5"> + + + id="g2028" /> + id="g2030" /> + id="g2032" /> + id="g2038"> + id="g2040"> + id="g2042"> - + - 5 - + transform="matrix(1,0,0,-1,20.043,297.998)" + aria-label="5"> + + + id="g2050" /> + id="g2052"> + id="g2054"> + id="g2056"> + id="g2058" /> + id="g2072"> + id="g2070" + clip-path="url(#clipPath2062)"> + id="g2066"> @@ -449,114 +882,434 @@ + id="g2074" /> + id="g2076" /> + id="g2078"> + id="g2080"> + id="g2082"> + id="g2084"> - + - fve/recovery - + transform="matrix(1,0,0,-1,140.779,320.677)" + aria-label="fve/recovery"> + + + + + + + + + + + + + + id="g2092" /> + id="g2094" /> + id="g2096" /> + id="g2098"> + id="g2100"> + id="g2102"> - + - Wehaveno - backupsofour - applicationdata. - + transform="matrix(1,0,0,-1,73.187,226.841)" + aria-label="Wehaveno backupsofour applicationdata."> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + id="g2114" /> + id="g2116" /> + id="g2118"> + id="g2120"> + id="g2122"> - + - Nobackupsofdata - + transform="matrix(1,0,0,-1,31.011,17.201)" + aria-label="Nobackupsofdata"> + + + + + + + + + + + + + + + + + id="g2130" /> + id="g2132" /> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -565,125 +1318,125 @@ + transform="matrix(0.34542603,0.07164507,0.07164507,-0.34542603,116.02323,280.10694)" + id="g3117"> + id="g3119"> + id="g3121"> + id="g3123"> + clip-path="url(#clipPath3129)" + id="g3125"> + id="g3131"> + id="g3135"> + id="g3137"> + id="g3139"> + id="g3141"> + id="g3143"> + id="g3145"> - + - 9 - + transform="matrix(1,0,0,-1,112.062,41.819)" + aria-label="9"> + + + id="g3153" /> + id="g3155" /> + id="g3157" /> + id="g3163"> + id="g3165"> + id="g3167"> - + - 9 - + transform="matrix(1,0,0,-1,20.043,297.998)" + aria-label="9"> + + + id="g3175" /> + id="g3177"> + id="g3179"> + id="g3181"> + id="g3183" /> + id="g3199"> + id="g3197" + clip-path="url(#clipPath3187)"> + id="g3193"> @@ -694,142 +1447,633 @@ + id="g3201" /> + id="g3203" /> + id="g3205"> + id="g3207"> + id="g3209"> + id="g3211"> - + - nine/monitoring - + transform="matrix(1,0,0,-1,127.215,320.677)" + aria-label="nine/monitoring"> + + + + + + + + + + + + + + + + + id="g3219" /> + id="g3221" /> + id="g3223" /> + id="g3225"> + id="g3227"> + id="g3229"> - + - Wedon’tknowif - anauthenticated - attacker/developer - accessedthe - production - environment. - + transform="matrix(1,0,0,-1,58.013,226.841)" + aria-label="Wedon’tknowif anauthenticated attacker/developer accessedthe production environment."> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + id="g3247" /> + id="g3249" /> + id="g3251"> + id="g3253"> + id="g3255"> - + - Noauditsforprodaccess - + transform="matrix(1,0,0,-1,31.011,17.201)" + aria-label="Noauditsforprodaccess"> + + + + + + + + + + + + + + + + + + + + + + + id="g3263" /> + id="g3265" /> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + i + + + + - i diff --git a/readme.md b/readme.md index cf59481..dcbf57b 100644 --- a/readme.md +++ b/readme.md @@ -4,7 +4,7 @@ SPDX-License-Identifier: CC-BY-4.0 --> -# OWASP Cumulus - *Threat modeling the clouds*[](https://github.com/OWASP/cumulus/releases/latest) +# Cumulus - *Threat modeling the clouds*[](https://github.com/TNG/cumulus/releases/latest) ![Cumulus Cards](docs/img/cards.svg) @@ -13,7 +13,7 @@ Cumulus is the easy way to bring security into cloud and devOps teams. As a variant of the card game Elevation of Privilege it follows the idea to threat model a system via gamification. This lightweight and low-barrier approach helps you find threats to your devOps or cloud project and teaches the developers a security oriented mindset. -Find the latest release [here](https://github.com/OWASP/cumulus/releases/latest). +Find the latest release [here](https://github.com/TNG/cumulus/releases/latest). ## Threat Modeling The idea of threat modeling via serious games goes back to the card game [Elevation of Privilege](https://shostack.org/games/elevation-of-privilege) by [Adam Shostack](https://github.com/adamshostack). @@ -80,7 +80,7 @@ You can find it under: Contributions to the card deck are very much appreciated. In the end, this card deck is intended to be a community project. -Changes to the threat formulations are welcome as pull requests to [cards.tex](https://github.com/OWASP/cumulus/blob/main/cards.tex). +Changes to the threat formulations are welcome as pull requests to [cards.tex](https://github.com/TNG/cumulus/blob/main/cards.tex). ## Versioning The card deck follows [semantic versioning](https://semver.org/). diff --git a/tex/img/cover_logo.pdf b/tex/img/cover_logo.pdf index 133868618188127c904fcf173dbe98f408abcbde..909c08e5aaef4f821b398a043b5c291ae396c7a1 100644 GIT binary patch delta 7474 zcmZXZRZyIPvV?JWg1ampSlr#+A-F?=EDk~cz@ow3-5r8UaQEOOA-KCc+;i^hnV0#h z=dG)zs;fGap;tU!1@QDYh-K@nT?3+N88ik!NcyzO_&eLrKt=1ZaV#>L~whixUBox7*=ci-2U_kixV z<9CW%|1urZYhSb7+kM?(;YGQ6(?{K_&g^A}X>VAU?io!pzz@lIC za@+s*F?ZR&#G7(=aa_1LI$^)__N{VRSoJN&mG|eLA&cdW)NM9my>+_g?UY(?q-=)S z?ZtnBpxDjQbWgol74sPX+fq-XFECvtE$0E0#Qaynx8He3Cmo$Npf+~+P@fk4L*f|% zj);P&T4R<1;O|jYaL8|LMY;!)9lN{xQRt+X3gu})PEIg!epA`KAa{vQ@88js_(QjMY-mkAziO4vV|uyO{fWE|h(qGTPaUV`+CK0N(8t)Q zRw=B1Rrr9Wv1?!F1xsDms6?4e_AbWwiERThku>cAn8DG?CH_6)mx~H_;(3Lm#^xJF zET3^K9#56F*`+lKx-Hq`_uLmnQfv5$zksEb#7R~-Am-HV7I5DfDdC7rT3&3e;9(gw zhdgNZ59FCUyxN%m@-+Ptz6FE4;_QL5N*%i-d&;yCVYwXX`Gtx>dxK(Bu^nEFqkL?T z(@OjskWX;!*UiJtoBMhKwW^ARx3WJA(F*nV*ZIcK5`vdvU>c63p3Nt(qZA{bnMBAM z{JnTm)SMboiF58a>SD1Oi|AcQfW}+#roV4!Ozu#{oNaHAlbA zN=Q;4Px;uZ2@UUDA}1NoLewk**|*X**hwgiilB}!pBh_QQ+)R>%xHjEA)ydfdYSYV zkXW9tn!@ghV-~&^}m(-(uKI1ViP#L39FxqGF4FuVVFHZCMQK*07S6QZ# z8$)3g&v?!e3R+~+R1CGV`yXpfWI!Eu0zq!u+0PxY)!kpx!lSQ z3?+DKIFd;0oMumP#`Gy-*I?3u*bVq{A`*mvepta)!qVPe=-7p+2K#r4V?rtIgdkeF z1{jhdrWtyp!VLw@9t6Du9BRrmByG+HHUfm>M2ilwY)|K~dO@i43Hz?l-HwTP|-ivtmxA>!FA_*L(XDMRFisoHi zlr;_k6Jor(Kxe}l0m_M@-HL3N8Jwndb-am^`K>% ziJ;qG%KVxBLMZ)y;4_}Fa1Vdt@1J8#s~Ad6+lwkV2F3%zCsUE=%E8Bx-veY8Iq?v;dgFCKW6Bq|Pl@ z%U^uWI+pPf8wok@0Vwl#5->kSX;%F7G9}zH7Yg_CdDX{bx5PI730sqr3@duC=RhSd zJV?zZb#{oU?ZERX4R9Mkpo)@{-M3`ITrJ7>@8k);!lp?`_JTK@uUwEwT*AI!Rc3eL zHj+!Uk284=PJRhvDwJrDn4_dnLfkrdY>-b>yxY^Z{%#bzVY{NK$~{2eoGm6FwkrjU zfjE<==TWD^4XEBF@+G7^1-=p?@rBvhe+x!&2cxD$N*8b*FlCSeF!s8YN$K01-+1@f zXL(pSi74lUzlVztoL8?)C>00)CVzWGv!vzbpNn#5 z2zh~V+q_Iuj(r(OLjM#=jZn~qG7`Sl_Za#i+926K@kTN72VNRmg1#{O6e!4+jL~UbBj@>p89B)WsCKfJ6`nwnmA(Z4FjJT&1IsnOCMr z8jB!*@l=?CPeH5j-AsxmJdD$3C&qGx_Ltx$@w%7;CC{EFisqA`a;;?vm#M0GW+|(T z`whEL*3_+3daM?0qKRPQ>Z28DWGkuY9Fbht@1zOnyXIqc+5ElLUtimCWko-zh1VhR z{Adl%0z^=}eLO5bYm@(DSG4!_Qj(_j;}Z(`keF=!@r;gMc`Mn?n8B*e^ie?rgMM2l z(H>0J1p#xLQu_Jtz3C!BixHU7#ujgqVloi}L(F?NFFQNP{hnH(H>s5=V z@4HbiUakBuQNCQsbM3}LCKGx3LRDJ4GB82~9zyY)C)o(04$`9R3F4URF zib0jdrE}sCMl;~ZT#(YWhn4^CJVTUAo*8F-(Z_<6MzNHh+uIUWo4QfDoeO=f2WxR( zgy42%O`3i{urUElkigo`TnN9=ph>d|7*}hj%YV|N$Ffmr&vynft;nE_&IuS!W zU0(gehtzsva1HKk5<-K&6@S8fZ7w<8!gdramOQ}SUA%)3!Td_TCF)?Tca^Kw94$Z` zRpRdJbkAHtfL2gBxPnvQ)u}dL0c)Ka%F|w1t7>Oa;0}hSEaAv0*a$nv$Zv!Jm^#q%EHKOd38xr+p@SKLj?%KP|04# zMMH9oa-BSprqI&(qHdy_KMoZE^n#pYHcw*X`v zvX)_KOynPH##jhh_%NP&V<X1(_NF z>le9EkB!|h(W>5JOOTAcErE{RIws9oLy@}&KbX0DlRUvj%JQG7j=ifk;IP;CZ6lU^(z7AMN4Xu7fu5kJ0G1wCRgNvyb*S@%?itGAV_CQiH6WrYQWP>&>qr z3Kn0mjRzZ5mNCw=eV0GUytl#$Wh0g1E){2Hj!+u|WGam9*|*EXBTBw%noAbFV{)^*eSEC<;${~XWzwY zIjEUj>NqrT*hvgr7Py6*^MQ;X_D5w_axTYI6~jceOTA9M3R74_h3kFiwfTY}YHLjhmD8iF}ac3KEU=v}0eSykgP6}$>oj|yN}z}m3s zxE0#JN+^M;io(+6iu6C8(BbRPwd|s(2tVv9brPxr?#;%zO6v@Km|^oG*{nQ2GhYADQ@&np3%A_d9I+GE6CM{due_F8{xc|aufaX|HR`ZTndt( zZi3|qxGF0^WyfWi)UH9!q20P^bfs;K#7AHTBI=hYM{Y*u?qI5LQXxAJTq|kR5i!wI zdQfzHw;qUZsCdH5TL+47 zX8Q1wb6n|px_5JZ+qH`&-d}-SI<0G)OMo&#|Nc%qcH^hgL-{+nu%qbNNJk4OdZ6BdLjQPzh2kN} z8%WU|D^jz>F13GrG%il~;A1l8OiLIx+{e-_1PU9PKhQGv_kTc$+$D-KAEsPT!Z?pq zL5R$<8e%P!&k0iNTqm(`R!I*e7$C1#`TcuV)H{# zzFB5vd6L6Tj3DHLt&PtPnU&^2lcI;G_y&iOcH(2}V;}9vp~1cmu#Cab4t7+-667}x zivN?Bo?cR``s?GRoG3VO<+fxARXJ`Q>{kE)1(6qudT> z;1V4_vv!VIOLxK`QKH$u!Ee-gcOj^ZinGBaYjpam{v4?o=+zr~_ZHN_dCwy@;rPlw zsrsv@2aF7aWeAE_6JpruziXipsiC`HC;pxDP;t3bAGWN}j6$#S|2r7q66VKAi&WNO6_)e4x zs|qle12QpXi5fqh;iG~DAZp7IAk;dSu9o^Ulghj*Cm|NmbJaaKeljWYiAIMGDd~vK zy7`CKkk6WFweVE`EG!_$j$ihV01G`xFJ)AZcl&&3j1TE;+^IzW#l0AI(HUzTR@4b( z**WU;BP6C()0+_VYO&A-K00lXxx(Cc0v5VRwTAG7)@Dr3SIYS<{|pU>>{f%yGaR5! zZjyaY3#G1PrG?7jV%Aev)*l*t;LR(3Vs{6stav|-fzBTor z%U6j&aeCs#>S_I?^O?7{sYUW_^`8*+OEnN%7*U-?t%c4>=AvEk&Z%?r+TqXJHk%J} zL;EgHA!@1vRwB{%bbKRZjXeB7YP{b1_y-neG)NJtw!Y`YXF~ix<+eBZ%jZ)SjJmF9 z9}NC>WkC(3T!#HCOuov}cpV;%#cbA0`>FSJM3F((&uIoSAu-ODR?%hsapA|5da+g& z620o$rs*1VkwpI{ceVit9n9N#9UPBEW$?g3dep5*96U5E(?TsgJTi<@~zJcKr9jRA8 z8-5Z!T{kQDu#$1!s`Le9fQ9SNK7IbYeaGuMYhr3^-X9!g7(DSF#}ULPv5C{Uah6bk z3eSOK*W2NGveiF^lFq?5qkhi)GYD>xBV@Ei5AJ!g^x`*#3G57TZwHUaukWIT22#d} zh*zI|n@h0t$1cek;$j}=@a*y9*{;Hw1geZYRO;_?;lzE-2U3B>r=QPZDj)TJ_WY_s zCT8u?oK@w}{9ZJEl=NU4SEVoz=GlBof<6$J73UXf_-bL|*xz{3nwAy)ds|aO!@y7E zS@4x)UCMv5T*n+Ul96|j|0r>xD;Px;#R5s!jF2DQvr_RMtprl?RO_C15E`H@{h5KP zKCb2qu%J6z`9YTI6C%mji8!m0Yxhc+1;tqdabe*Hh5+1!S zL{(`Wwn|rTOYxW7-)N`krbX6=BN@kG!seR$GVW)5CIgITU52?m4NCi^ZNwwX|GXtv z#9?bXrO`uZuj+scIwYa3H!B=>b>s@eA@pPTx%}nxCAC`4(4`ttw$P8NV?_-8(vgP_ zPR_jv@4H6eU;4J(CG7H|W#&~`%%-g`y1{M#eb9=ugoZnt-z3`PzqfU>(Kq=z@?zEr zs{=uK6>FCMCbozrMuz=e!@?&kTyYQLA^|r|+3p+SEu}vOR}~>o9%6=&3XwpHfV&v| zUgY(tg9kO|8Zz{?gfd%Q#fjm z3)AQfaLG|p*n8pYpW(Kq_Sbf!3+phrPO)wC36v z@U~RKh(?Pu{Ugmg;NP9G%=nKWpi!VD`tfoE7(m*NJTwfU!jWev7zrR_*DN7%6*)Ci zryFrjuMGEC2TxH29lM|GCehT%F8!E)AVN%~xDK#pzQ4irgU{2Z88gN6ws5+>}b`S247BQh-WR?pCdnRaV%aEYJNNTpzN z7dMD;c(i<(OcNLI$f@8TN;nX@j~4Z2Kf>N}WAeNb7V*MN&OZ9Jv76o^CP)Mrc`}xT z3-r*cTt)M};H>pCUH@T~5#0Y6D=*j@`H5t_kkh{T`9+^sp3l95aPPt{q~dGj9OAXH zp3l8cdHO4fg^BD{Xo;AqW8ixEAV|#FSo#I!@>p_A9YdT7r~kcU`VxLXaV_iz=jG@7 zEAgQu`xhwUI_6Hj*{cQbJNY})@xwdD!N?_=4aC~r!_CIR>A&P`X^+NB4W|C@rlzLm z=i(7aBE(68xMX#Wpj{{OUD|D$p9aVL4> l(X;V$^ML>7$j>S8KbinHPtpjU0y@8d03R9%B&#lm_J629NZ|kg delta 4186 zcmZXJcRbXO1-@l*dujlnVA64J+r@{e`cY4WS+&!(!(D?SSXR;vd7urZ7uqcKp{Rp(vXLLGJ z>sb_D|GuMx#W{3Zx-b3Twf@|Ve^3wb{HAwW8Ho$&o$d)*s@lO$_+|h5GpT9=5Q2jU zr+rWKkrU^w7d`v?^EDHSZPbhYfwSK8EjI2e=9--|FB=}7yL7KMECXH~9Vb2K{j+DU zdWJjatsCB;5H>xl9n6PtB-h65MLu(1Yr|HT*M~z~mbAHt`{fuRXe)$yD$q5s_s?^0 zClG3{4!@AY$LgJQ{vSM)dT#bP0p# z?21iDg4*0{E$D3cXA9Uq3o?yg&hFFIb9CKDU&0U+>>hSNWU0oC$wuw|mCm1y`>QpK zLdPfz&o|ozk1Y<6*-JRr_|@z^Un84_>7%qx7QEj&v49r$X%)#H+7#$<=d^r~WMADK z%KR@$0UUmms{!|~DgpT@)_|dh9~K%fcO4m2TH3#K?X+z1>pRVb@DA0iayed)FEtr^XEqGHmVA2)vlRq$5LXI)Ae5e+NN0~DEC#a+vUu;H+KJ+H_y9xoz+tqSK}!b zuPLO5G6+QqJ=grK*|h^fWle0JGUxD^*W5O#Nd~;`S-hGMs2=<-dq>Lc{6SrB9h_pr=YL_gcZx zm5#2OFUY5MiqaMXnmmJfI=1L=%3eMqT+B&+wqm)I_SMu~&6OUgEZ+8K(@q6UhTYtY z&$59Ta%KnnB0<4TLUA*D-RAZ?F`KbYGP_*m8Jq>NLl6Bb0(O{_N!4&=$+O}iH&VS) zuW5~28jFLbP{>DJ-0qF5UfcH$E;|x4<(dz3kcL&O)*n6P%sNZ$4Xh) zoqrY$=;^bm=yLMgjPqMHtTmlv>m%#!8vumM7FeB;rECyGNO=r4w2{z`VHH*>*7j3N zr5D@nxTL3G;OwbA;M;~CDzrgGpOBf6HS<>4??@|V8?&<~d0=ocns#Dd!;*dw>S7;S zG+ux$!E}PxYQ+2#G&=_6cDrRamFeLa2{jylJ}@}8ghR$$?<=5HsSiY+bU-@*JbNU< zLOGC_?9%^P;%CVhmkX5Qozd?jP4DsLCD6SsDgPcn@^jqm&52EMUhHF2+QGFYMh>fw zP+xN;WN<Le)=JO~SqeN%JcShFddK6@f8eVjDVp)*LUlq@YVAEFtQo0E1?cJ4(#5A+dakOV|J<~i$b*E;^8jGsIcOHw0 zalB?&#KhuA>93z+T3^$0(LK^K@(tb`qc;5$QF5|)Z$peKiy&J&Lru5VI@Cfa^HI3^ z4@;NujMu4~FCW~BO5D6ZyIOgpBQ2_UckLHUub4^Yz5a8-(T%oo`*|w|S&vR+>WKhAI)mwBMS7qz(5?^X&S)Z#SBEQ(jbk9LG^J zqs1`9``SKT#hsfMb*z^pqgImo4uKw?S33|x-on_s)wTM+-byVeHiod7II-Oc5xHJ_ z9j2C#6jWZSzX9cww6AOOOvvz0j&hqa9#I&4X>TP|Rs{hW9K2SA8BfN<9n*~SLMtQi zoaAjbsWK3s0=fAnG|X4XLISOui|gn^GM%w%8L-&8X|vy$g2k^VNHZeNqMt%AIxOmj zNabLY-JUO{_lr^ODG+I1$!z82sKrmOg&mb1bTu7*t=93KUT1U(4(Q-?daHW*qd9Hb z&PV|E^bCLo{~>5^xNQdsqDQ;`AwEW`F;5BllG1ELYC_w6oBLR5U_ZkIPNhdjaG zxOQBt(AbeT0$VE8U-PRTW?pp?CH zdpqkTGKBL{bu_vC8j?fB0_#fc-e+AHWmkEm_$=>ol@tg9tL#*ircQ~IY~*WDg1Sd#+QCFls?hyiVNtehVD8+3LKoQNFB-=gTievSJy zx$_%R))_nCex6CmyK!2ou9HbG@2lN5wJ@?5u?IYJ3-u4!3!CovCUc9JlwZpCDtM)g zL<8SB!@UiSU;?dwgSPNgvu4D)PK zJ#^=tveI959ND%5GH)uo37UXZV32$Lm2&onFK=)sv~Rq9Y0)!67sIX$Yi_)zzh@(Yw^*kyU4^&E@t`T0&LsLShOBJgee*;** ziE~`EW8dCC3EAZBC>Dg7kff?oAhEV(hP>h!iKQR|jX$f%%+9}0m3G@()mUGnEV#c@ zYU8sswrR6do}>F_mXC5(ZnM*NzLjs4^c(#K7f-3VNIXoGV>=vPG&J{L>VE6sKsR&C z)5(gQTjiYrHHg)F7_&z?EE8SPy9uxpk?Z!AJBqJ9p<4Ah8HpWNfK)I#WAo@5UfuN* z7*-?wnXEEyL4Wr%9o+NC-KSbcfth^HnxroMv)s?chJI0HO`EM#3#@Ip0#93_!QBPE*-M#HQn8%ekq_ ztq&c477hEpt#3eIVyRQ!oNxgH`+qcUlReEqX0ySVY@?#NlDU@xw95kTujQ6FWoGHX zU)v#89LeftQq;-x-qSg|Zc6oGnRyrfEoV!bIeRy+44tr) z%7~6_FS0zpoHecW((6bEGMZ9qcgbS;V`tJ=(Vrky7)s()eS1@=lTaelm=vp!n1JjT z?-P6Ci~7gBMMA3HCJcbBRPTeqD98fOUwJLvra_rhoRwX7$Pj_r?a$YSd1s#MlF|8? zfszF1(8`B3{ss$B(Dz2_h)Sy!p$lom+1SSrcKOcX$apFzO`Yq7{I}?u<73DA-_e6- z=s@s<>ZB*XAI#v{xLS4xXCX&)h9I~usG&lWIZlnKSMI|w*+;-5;V0412GOH}*9y&Y zLE}H}DpzAfboS%;9Z7)Yk5$k%c-)?>QtMI1ouBphu?($jb%Xxi%#1c-$Q&m@+9W_; zH*yzl>4}gYgNOUWyGfEI){APiNQ^ByH6et+&(1YR-HJ*qR6iZW@KABWcXyHeGg%TH zNr;kzk5d3wClKf$e$)pYZ~j*pWjMB3mjb&8i{)iJ9BxcR3nzs$;H)hJqAw@ za73%TY8Rt_-&tT~JQ2g%i<^qg6USzX1B3uG{GJ{P7>ZA;VEn41#U#P5b%0eHw;?6! zwE>OaQLLzoDX@@Z2;w7UQIm>t!fOz9N^B5u^BM_9uaw*|JKOi@_(2V*4{$1Xjt1ya zNl8C6(`@;6iZU6FpR9e8X*|L3*-{bz{`a2x5R%twxEmyh7EAnGRDo+}05SZ8Us`=8 z8BDMRlx|wKeX_Y98md(p4SESPw?;|>$rHM%U@x|?{o5QeKgxe0 zj2Gpwzsy0u2}M3T7P_epCNBhweI3}3EE|IX=W--l+DFp4ZFShc6sCNK7+f1K8qMa<+joUKbJ5D-I>+9OOuH5-!oz^`v(e`zR z0RDye&7E`$|C%;{Y3}ucrQqnod;tycl4c65N-pt{${7nL?9RQgG#r3eya@}3No zXRg5cqs}9bUvU26LA}@}AY29tjd^zYmz3yPZn8$B==1FR|5jZks8X9-P?p-P?+?A? zoI{@-!}oLahWpRY5my)8B~69aE$fd8NeT0mf_F9Ac8$`gsHzM^RiFd()Sn88N<-1l z;7cqMrW+Picb2Z!y+^$GlqiR2Jy~=s2!mOMsNi2vrxC-9l)D=s4GHhduy;oHP27_+ zf7|0!nf{tL+k{qJA!-Bc@?W}THo_cgMuGri-1Uv?F4z3G`WxaHeb&8