Unknown

[Music] hey everybody welcome to this video on cyber security full course I'm sure that most of you would have gone online and checked an image watched a video like the picture and subscribe to a service but have you ever wondered how all this data is kept safe cyber security is the practice of protecting computers servers and networks from digital attacks theft and damage cyber security is critical for individuals businesses and organizations to protect against cyber threats such as viruses worms and ransomware hey everybody you are already watching a video on cyber security full course on

edurica if you love watching videos like this then consider hitting the like button and subscribing to our Channel you can also hit the Bell icon to receive regular updates from here we also have hundreds of training programs and certification courses on our website so if you are interested in them do check out the description given below now let's start this video by seeing what this video will cover since the title itself is cyber security full course I think that it is Justified that we start with water cyber security after that we can move on to

cyber security fundamentals this section will cover all the fundamental concepts that you will need to understand in order to start learning cyber security after this we can check the history of cyber security how exactly did it start and what made it evolve into what cyber security is today we will then see some cyber security threats and the tools that is used in this domain once we are done with that we will tell you the top 10 reasons why you should learn cyber security along with a few cyber security skills with this video we really do

hope that you are able to work in this industry so the next section is how to become a cyber security engineer followed by the cyber security career path if you are new to this industry then let me tell you cyber security certifications are absolutely necessary if you want to have a good chance in getting shortlisted we will also need to cover coding for cyber security to maximize your knowledge in this domain in this video we will also see the top cyber security attacks that have gained reputation in the recent years after this we will move

on to ethical hacking we will start by seeing what ethical hacking means after which we can learn the phases in ethical hacking once you are done with this we will move on to some Core Concepts like ethical hacking with Kali Linux cryptography penetration testing Etc in this video we will also show you how to use nmap a network scanner that is used to discover hosts and services on a computer network by sending packets and analyzing the responses we will also see a few methods of cyber attacks like cross-site scripting DDOS attack SQL injection Etc after

that we will cover steganography a technique that is used to hide data in a non-secretive manner to avoid detection now after all this we really do hope that you use these skills and succeed in your career that is why we have included a ethical hacking roadmap which will help you plan your career and cyber security interview questions and answers to help you ease through the interview process so now let's get started with the first topic which is what is cyber security foreign what is cyber security the onset of digitalization error has opened up a lot

of opportunities for everyone especially business and Enterprises from Mobile Banking to online shopping to reading news and books everything is just one click away but it has been rightly said that everything comes at a price the more you connect to digital assets the higher the risk of security vulnerabilities for your sensitive and confidential data now the question arises how are companies securing this critical data and combating these trips the answer is cyber security so what is cyber security technically cyber security is the body of Technologies processes and practices designed to protect networks computers programs and

data from Attack damage or unauthorized access or misuse of authorized asset the goal of cyber security is to reduce the risk of cyber attacks and protect organizations and individuals from the intentional and unintentional exploitation of security weaknesses and systems networks and Technologies you love the product on Amazon and plan to buy it on your way to checkout you are given options to pay through your debit or credit card or UPI with millions of users sharing such sensitive information over the platform ever wondered how Amazon tries to secure this information for the Facebook and Google also

managed to secure confidential information off its millions of users well from renew privacy policies to security focused patents to use of AI for data security each company is expanding its focus on data protection to encourage user Trust with the increasing advancements in the digital world cyber security threats will keep getting more complex as hackers learn to adapt to security strategies this will increase the widespread requirement of cyber security by companies that will be paying more than ever to land highly skilled cyber Security Professionals in order to secure their vulnerable assets from cyber attacks foreign now

we are living in a digital era whether it be booking a hotel room ordering some dinner or even booking a cab we're constantly using the internet and inherently constantly generating data this data is generally stored on the cloud which is basically a huge data server or data center that you can access online also we use an array of devices to access this data now for a hacker it's a golden age with so many access points public IP addresses and constant traffic and tons of data to exploit black hat hackers are having one hell of a

time exploiting vulnerabilities and creating malicious software for the same above that cyber attacks are evolving by the date hackers are becoming smarter and more creative with their malware's and how they bypass virus scans and firewalls still baffle many people let's go through some of the most common types of cyber dark snow so as you guys can see I've listed out eight cyber attacks that I've played us since the beginning of the internet let's go through them briefly so first on the list we have General malwarez malware is an all-encompassing term for a variety of cyber

threats including Trojans viruses and bombs malware is simply defined as code with malicious intent that typically steals data or destroys something on the computer next on the list we are phishing often posing as a request for data from a trusted third party phishing attacks are sent via email and ask users to click on a link and enter their personal data refreshing emails have gotten much more sophisticated in recent years making it difficult for some people to discern a legitimate request for information from a false one phishing emails often fall into the same category as spam

but are more harmful than just a simple ad next on the list we have password attacks a password attack is exactly what it sounds like a third party trying to gain access to your system by cracking a user's password next next up is DDOS which stands for distributed denial of service a Dos attack focuses on disrupting the service of a network attackers send High volumes of data or traffic through the network that is making a lot of connection requests until the network becomes overloaded and can no longer function next up we have man in the

middle attacks by impersonating the end point in an online information exchange that is the connection from your smartphone to a website the mitm attacks can obtain information from the end users and entity he or she is communicating with for example if you're Banking online the man in the middle would communicate with you by impersonating your bank and communicate with the bank by impersonating you the man in the middle would then receive all the information transferred between both parties which could include sensitive data such as bank accounts and personal information next up we have drive by

downloads through malware on a legitimate website a program is downloaded to a user system just by visiting the site it doesn't require any type of action by the user to download it actually next up we have Mal advertising which is a way to compromise your computer with malicious code that is downloaded to your system when you click on an affected ad lastly we have Rogue softwares which are basically malwares that are masquerading as legitimate and necessary security software that will keep your system safe so as you guys can see now the internet sure isn't a

safe place as you might think it is this not only applies for us as individuals but also large organizations there have been multiple cyber breaches in the past that has compromised the privacy and confidentiality of our data if we head over to the site called information is beautiful we can see all these major cyber breaches that have been committed so as you guys can see even big companies like eBay AOL Evernote Adobe have actually gone through major cyber breaches even though they have a lot of security measures taken to protect the data that they contain

so it's not only that small individuals are targeted by hackers and other people but even bigger organizations are constantly being targeted by these guys so after looking at all sorts of cyber attacks possible the breaches of the past and the sheer amount of data available we must be thinking that there must be some sort of mechanism and protocol to actually protect us from early sorts of cyber attacks and indeed there is a way and this is called cyber security in a Computing context security comprises of cyber security and physical security both are used by Enterprises

to protect against unauthorized access to data centers and other computerized systems information security which is designed to maintain the confidentiality integrity and availability of data is a subset of cyber security the use of cyber security can help prevent against cyber attacks data breaches identity theft and can Aid in Risk Management so when an organization has a strong sense of network security and an effective incident response plan it is better able to prevent and mitigate these attacks for example end user protection defense information and guards against loss of theft while also scanning computers for malicious code

now when talking about cyber security there are three main activities that we are trying to protect ourselves against and they are unauthorized modification unauthorized deletion and unauthorized access these three terms are very synonymous to the very commonly known CIA Triad which stands for confidentiality integrity and availability the CIA Triad is also commonly referred to as the three pillars of security and most security policies of bigger organizations and even smaller companies are based on these three principles so let's go through them one by one so first on the list we have confidentiality confidentiality is roughly equivalent

to privacy measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people while making sure that the right people can in fact get it access must be restricted to those authorized to view the data in question it is common as well for data to be categorized according to the amount and type of damage that could be done should it fall into unintended hands more or less stringent measures can then be implemented across to those categories sometimes safeguarding data confidentiality May involves special training for those privy to such documents such training

would typically include security risks that could threaten this information training can help familiarize authorized people with risk factors and how to guard against them further aspects of training can include strong password and password related best practices and information about social engineering methods to prevent them from bending data handling rules with good intention and potentially disastrous results next on the list we have integrity Integrity involves maintaining the consistency accuracy and trustworthiness of data over its entire life cycle data must not be changed in transit and steps must be taken to ensure that data cannot be altered

by unauthorized people for example in a breach of confidentiality these measures include file permissions and user access controls Version Control may be used to prevent erroneous changes or accidental deletion by authorized users becoming a problem in addition some some means must be in place to detect any changes in data that might occur as a result of non-human caused events such as electromagnetic pulses or silver crash some data might include checksums even cryptographic checksums for a verification of Integrity backup or redundancies must be available to restore the affected data to its correct State last but not

least is availability availability is best insured by rigorous maintaining of all Hardware performing Hardware repairs immediately when needed and maintaining a correctly functional operating system environment that is free of software conflicts it's also important to keep current with all necessary system upgrades providing adequate communication bandwidth and preventing the occurrences of bottlenecks are equally important redundancy failover and even high availability clusters can mitigate serious consequences when hardware issues do occup fasting is adaptive Disaster Recovery is essential for the worst case scenarios that capacity is reliant on the existence of a comprehensive Disaster Recovery plan safeguards against

data loss or interruption in connection must include unpredictable events such as natural disasters and Fire to prevent data loss from such occurrences a backup copy must be stored in a geographically isolated location perhaps even in a fireproof water safe place extra security equipments or softwares such as firewalls and proxy servers can guard us against down times and unreachable data due to malicious actions such as denial of service attacks and network intrusions so now that we have seen what we are actually trying to implement when trying to protect ourselves on the internet we should also know

the ways that we actually protect ourselves when we are attacked by cyber organizations so the first step to actually mitigate any type of Cyber attack is to identify the malware or the Cyber threat that is being currently going on in your organization next we have to actually analyze and evaluate all the affected parties and the file systems that have been compromised and in the end we have to patch the whole treatment so that our organization can come back to its original running State without any cyber breaches so how is it exactly done this is mostly

done by actually calculating three factors the first factor is vulnerability the second factor is threat and the third is risk so let me tell you about the three of them a little bit so first on the list of actual calculations we have vulnerability so a vulnerability refers to a known weakness of an asset that can be exploited by one or more attackers in other words it is a known issue that allows an attack to be successful for example when a team member resigns and you forget to disable their access to external accounts change logins or

remove their names from the company credit cards this leaves your business open to both unintentional and intentional threats however most vulnerabilities are exploited by automated Dockers and not a human typing on the other side of the network next testing for vulnerabilities is critical to ensuring the continued security of your systems by identifying weak points and developing a strategy to respond quickly here are some questions that you ask when determining your security valid abilities so you have questions like is your data backed up and stored in a secure off-site location is your data stored in the

cloud if yes how exactly is it being protected from cloud vulnerabilities what kind of security do you have to determine who can access modify or delete information from within your organization next like you could ask questions like what kind of antivirus protection is in use what are the license currents are the license current and is it running as often as needed also do you have a data recovery plan in the event of vulnerability being exploited so these are the normal questions that one asks when actually checking their valuability next up is threat a threat refers

to a new or newly discovered incident with potential to do harm to a system or your overall organization there are three main types of threat National threats like floods or tornadoes unintentional threats such as employee mistakingly accessing the wrong information and intentional threats there are many examples of intentional threats including spyware malware adware companies or the actions of disgruntled employees in addition worms and viruses are categorized as threats because they could potentially cause harm to your organization through exposure to an automated attack as opposed to one perpetrated by human beings although these threats are generally

outside of one's control and difficult to identify in advance it is essential to take appropriate measures to assess threats regularly here are some ways to do so ensure that your team members are staying informed of current trends in cyber security so they can quickly identify new threats they should subscribe to blogs like wired and podcasts like the techgenics extreme it that covers these issues as well as joint professional associations so they can benefit from breaking news feeds conferences and webinars you should also perform regular threat assessment to determine the best approaches to protecting a system

against a specific threat along with assessing different types of threat in addition penetration testing involves modeling real world threats in order to discover vulnerabilities next on the list we have risk so risk refers to the potential for loss or damage when a threat exploits a vulnerability example of risks include Financial losses as a result of business disruption loss of privacy reputational damage legal implications and can even include loss of life risk can also be defined as follows which is basically threat multiplied by the vulnerability you can reduce the potential for Risk by creating and implementing

a risk management plan and here are the key aspects to consider When developing your risk management strategy firstly we need to assess risk and determine needs when it comes to designing and implementing a risk assessment framework it is critical to prioritize the most important breaches that need to be addressed although frequency May differ in each organization this level of assessment must be done on a regular recurring basis next we also have to include a total stakeholder perspective stakeholders include the business owners as well as employees customers and even vendors all of these players have the

potential to negatively impact the organization but at the same time they can be Assets in helping to mitigate risk so as we see risk management is the key to cyber security so now let me go through a scenario to actually understand how cyber security actually defend an organization against very manipulative cybercrime so cyber crime as we all know is a global problem that's been dominating the new cycle it poses a threat to individual security and an even bigger threat to large International companies Banks and governments today's organized cyber crime far outshadows loan hackers of the

past and now large organized crime ranks function like startups and often employ highly trained developers who are constantly innovating new online attacks most companies have preventative security software to stop these types of attacks but no matter how secure we are cyber crime is going to happen so meet Bob he's the chief security officer for a company that makes a mobile app to help customers track and manage their finances so security is of top priority so Bob's company has an activity response platform in place that automates the entire cyber security process the ARP software integrates all

the security and ID software needed to keep a large company like Bob's secured into a single dashboard and acts as a hub for the people processes and Technology needed to respond to and contain cyber attacks let's see how this platform works in the case of a security breach while Bob is out on a business trip irregular activity occurs on his account as a user Behavior analytics engine that monitors account activity recognizes suspicious Behavior involving late night logins and unusual amounts of data being downloaded this piece of software is the first signal that something is wrong

an alert is sent to the next piece of software in the chain which is the security information and event management system now the arp can orchestrate a chain of events that ultimately prevents the company from encountering a serious security disaster the ARP connects to a user directory software that Bob's company uses which immediately recognizes that user accounts belong to an executive who is out on a business trip and then proceeds to lock his account the ARP sends the incident IP address to a threat intelligent software which identifies the address as a suspected malware server as

each piece of security software runs the findings are recorded in the arp's incident which is already busy creating a set of instructions called A playbook for a security analyst to follow the analyst and lox Bob's accounts and changes his passwords this time the software has determined the attempted attack came from a well-known cybercrime organization using stolen credentials Bob's credentials were stolen when the hacker found a vulnerability in his company's firewall software and used it to upload a malware infected file now that we know how the attack happened the analyst uses the ARP and identifies and

patches all the things the ARP uses information from endpoint tools to determine which machines need to be patched recommends how to bash them and then allows the analyst to push the patches to all the computers and mobile devices instantly meanwhile Bob has to alert the legal Departments of the breach and the ARP instantly notifies the correct person of the situation and the status of the incident after the attack is contained and Bob's account is secured the analyst then communicates which data may have been stolen or compromised during the incident he identifies which geographies jurisdictions Android

registry agencies cover the users and informations affected by the attack then the ARP creates a series of tasks so the organization can notify the affected parties and follow all relevant compliances and liability procedures in the past a security breach this large would have required Bob's company to involve several agencies and third parties to solve the problem a process that could have taken months or longer but in a matter of hours the incident response platform organized all of the people processes and Technology to identify and contain the problem find the source of the attack fix the

vulnerability and notify all affected parties and in the future Bob and his team will be able to turn the cognitive security tools these tools will read and learn from tens of thousands of trusted publication blogs and other sources of information this knowledge will uncover new insights and patterns anticipate and isolate and minimize attacks as they happen and immediately recommend actions for Security Professionals to take keeping data safe and companies like Bob's out of the headlines [Music] so let us take a trip to the early days of hacking to start with now the internet engineering task

force is responsible for maintaining documentation about protocols and various specification and processes and procedures regarding anything on the internet they have a series of documents called the request for commence or the rfcs and according to rfc1389 it says a Haka is a person who Delights in having an intimate understanding of the internal workings of a system computers and computer networks in particular while the expression hackers may go back a long time and have many different connotations or definitions as far as computers go some of the earliest hackers were members of the tech Model Railroad Club

at the Massachusetts Institute of Technology and what those people did and the various things that they did and were involved in are detail in Stephen Levy's book called hackers for our purposes now for our purposes we'll be talk talking about other types of hackers although the spirit of what we do goes back to those early days now the definition of hacking or hackers has changed particularly in the 1980s and in part as a result of a couple of people namely Robert T Morris who was a Cornell graduate who Unleashed a piece of software that was

called a worm on what was an early version of the internet firm went on to cause a lot of damage and create a lot of downtime on systems across the country and across the world now the Morris worm did end up resulting in something good however that is the computer Emergency Response Team at Carnegie Mellon was created primarily in response to the Morrisville now there is also Kevin mitnick who is another well-known hacker who was responsible for various acts with computer crime over a couple of decades he was the first convicted in 1988 so the

definition of hacker or hacking moved from something benign to something far more Sinister in popular culture now we see hacking or hackers in all sorts of popular culture we've seen them in hacker movies called War Games also the movie hackers of course you also see it in the Matrix movies where you can see if you look really closely that they are using a tool called nmap which we will get into the use of in great detail later on as we go on now also the movie sneakers and the movie Swordfish and on television in addition

to other places you can see the Asians at NCIS regularly doing things like cracking complex cryptography in just a matter of seconds or minutes so what is hacking really well hacking is about a deep understanding of something particularly with relation to computers and Computing it's also about exploring and the joy of learning new things and understanding them very clearly and being able to manipulate those things in ways that maybe other people haven't before it's also about digging into problems to find out Solutions in creative and interesting ways and sometimes finding problems where there weren't problems

previously and that's a little bit about what is hacking okay so now that we have talked about what exactly is hacking and how the meaning and connotations of that word has changed over time how it came into existence how it was coined let's go over the reasons that people normally hack now you may want to hack just for fun as discussed previously hacking is a tradition that goes back several decades at MIT even preceding the computer definition of hacking now MIT has a long and storied history of hacking and sometimes if a computer-related nature which

in this case happens to be true and sometimes if a non-computer related nature instance now here you can see that mit's homepage has been hacked or you might even say the faced to indicate that Disney is buying MIT this was an April Fool's Day prank in 1998 and again this is just the kind of hacking that you would do for fun rather now sometimes you might want to hack just to prove a political point or any point for that matter in this case again Bill Gates had donated some money to the MIT which allowed them

to have a new building and he was coming to MIT to visit and give a talk about Microsoft Windows and its systems and as you can see the the Windows systems that are installed in the entryway at the building were hacked to be running Linux instead and you can see here that tux the penguin is saying welcome to the William H Gates Building again that some students who decided that they want to make a point about Linux and Microsoft and windows to Bill Gates and they thought hacking was the best way to go about it

sometimes you hack just for the challenge here's an example again at MIT where some students turned the facade of a building into a Tetris game board now this was a reasonably difficult hack and the students went after it just for the challenge of completing it and it just so they could have some pride of ownership and to be able to say that they were able to pull this off you know the things that teenagers do to show off to other teenagers it just increases with increase in scale now in spite of its difficulties and its

challenges and all the obstacles and planning that had to go into it they were able to pull it off and now they have those bragging rights so that was one of them and one of the instances where somebody would hack just for the challenge and for the fun in it now sometimes you want to hack to prevent theft and this is where we get more specifically in the computer related hackings you see a lot of Articles and stories and the News over the last few years about cyber crime and here's an example of data theft

compromised and a few within one and a half million cards for Global Payments so there are some attackers who got into this company global payment and they were able to pull out about a mill million and a half credit card numbers during the intrusion there so what you may want to do is you may want to learn how to hack in order to find these holes in your systems or applications or employer systems so that you can fix these holes and prevent these compromises from happening because of the reputational hit that your company takes however

things like these happen you have the risk of completely running out of business so just to protect your job to protect your company and to protect your own desire of business you may just want to learn to hack and that's a very good reason now you may also want to find all the problems that exist in your system for putting them out and deploying them so that you can keep these attackers from getting in and stealing critical or sensitive information sometimes you may want to hack to get there before the bad guys and the same

sort of idea is the last one where we're just going to talk about and that exactly is ethical hacking now we were just talking about how sometimes you may want to hack into your own system before publishing it out to the public let's take Internet Explorer for example now Internet Explorer was actually published to the public with some critical error in the code and these flaws were heavily exploited by people who actually found them now a number of people in the world go out looking for these flaws and they call themselves security researchers and they

get in touch with the vendors after they found a flaw or a bug and work with the vendors to get it fixed what they end up with is a bit of reputation they get a name for themselves and that name recognition may end up getting them a job or some speaking engagements or book deal or any number of ways that you could cash in on some name recognition from finding these sort of bugs and getting them fixed if you want to get there before the bad guys you may think they're helping out a vendor you

may want to just make a name for yourself you want to find these sort of bugs before the bad guys do because think about the bad guy is finding them is they don't announce them and they don't get them fixed and that makes everybody a little less secure finally you may want to protect yourself from hacked computer companies and fight cyber criminals and this is a new headline from June 18 2012 and we're starting to see these sort of news headlines show up as companies are starting to retaliate against attackers in order to retaliate against

attackers now in order to retaliate against Dockers you need to be able to have the same sort of skills and techniques and knowledge and experience that those attackers have and where your company may want you to learn to hack or the company may want to bring in people who are skilled at these sort of activities so that they can attack the attackers and hopefully you end up with more Steely exterior and you get a reputation for not being a company that people wanted to go after those are several reasons and there you go I gave

you around a bunch of reasons as to why you may want to hack for fun to prove a point protect yourself to protect the company to not run out of business and along with another bunch of reasons okay so now that we have talked about why you would want to hack let's move on to the types of hackers that exist now we're going to be talking about the different types of hacking and the first step of hacking that I want to discuss is ethical hacking and ethical hackers which is really what we're going to be

talking about for the rest of these lessons now an ethical hacker is somebody who thinks like a black hat hacker or things like somebody who's intent on breaking into your systems but follows a moral compass that's more in line with probably the majority of the population so their intent isn't to do bad things their intent is to look for bad things and get them fixed so that bad things don't happen ethical hackers aren't out to destroy anything and they're not out to break anything unless it's deemed to be acceptable as a part of the engagement

and also necessary in order to demonstrate a particular ability to the organization that they are working with so that's an ethical hacker and there's a certification that's available from the EC Council it's a certified ethical hacker and you know if you find certifications valuable and this sort of thing is what you want to do we're seeing a certified ethical hacker maybe something you might want to look into now let's talk about black hat hacker there's plenty of cases of black hat hackers through yours and let's talk about a guy in particular called Kevin mythnic this

guy right here is a particularly good example probably because he was a black hat hacker for a lot of his years his goal was to cause mischief to steal where necessary and just to be engaged in the lifestyle of being a hacker and doing whatever was necessary to continue doing whatever it craw doing whatever he was doing it crossed moral boundaries or ethical boundaries and so Kevin whitnick here was involved for well over a decade in computer crime and was finally picked up by the FBI and he was charged and prosecuted and he was eventually

convicted of some of the activities that he was involved with now you may be able to argue that Kevin is a gray-haired hacker and as well and a gray hat hacker is somebody who kind of skirts the line between black and white hat hacking and white hat hacking is really what an ethical hacker is so instead of saying ethical Hackle he could say white hat Hackle it's the same idea a white hot hacker is somebody who acts for good if you want to think of it like that if you want to think of it as

a good versus evil and what they're really doing is they're in it for the technical challenge they're looking to make things better make things more efficient improve them in some way on the other hand the black hat hacker is out for the money for the thrill it's really a criminal activity and the gray-hat hacker is somebody who may employ the tactics and technique of a black hat hacker but have sort of a white heart focus in other words they're going to do things that may be malicious productive in nature but the reason they're doing it

is to improve the security posture of an organization that they are working with so you can see there's actually a book called gray hat hacking it's a pretty good book and it details a lot of the tactics and strategies and techniques we'll be going over in subsequent lessons in this video now one other type of hacking that I want to talk about is this thing called hacktivism and you'll find hacktivism all over the place and one example in the last year or so and certainly in recent memory is called Love's security yeah you heard that

right it's called lull's security and you can argue that lulls is actually a response to another type of activism an organization called Anonymous started hacking companies like Sony to protest their involvement in a lawsuit regarding a PlayStation 3 hacker now lull security was supposedly testing the treatment of anonymous or was hacking in support of this group Anonymous so they hacked a number of companies and the things like pull information Asian usernames and password from the databases at these companies and they said that the reason was to shine a light when the security of these companies

and also theoretically to embarrass the companies with their weak or poor security postures and the problem with that that they were doing this through were posting information that they had found online and that information often included details about customers for these particular corporations and for an ethical hacker a white hot hacker that would cross the boundary of causing harm so there's no reason for me as an ethical hacker to post information in a public forum about somebody because I could be doing damage to them but in this case law security and Anonymous specifically loud security

were engaged in the form of hacktivism and what they were doing was not only damaging to the cooperation that certainly was detrimental to those people so different types of hackers and different types of hacking we've got ethical or white attacking we've got black hat gray hat and then we finally got hacktivism it's really the goal and the means that vary from one to the other okay so now that we've discussed the types of hackers let's also discuss the skills necessary to become one so what we're going to discuss in this part are the different skills

that are required or will be learned as a part of this video so initially just for basic Computing you need a basic understanding of operating systems and how to work them there are going to be several fundamental types of tasks that I won't be going into any detail at all or and you'll need to know how to run programs and do things like open up a command prompt without me walking you through and how to do that so I am going to assume that you have some basic understanding of how to do these sorts of

tasks also you need an understandings of the basic system software and you'll need a basic understanding of how to use command line utilities there are a number of tools and programs that we're going to be going through this video and many of them use the command line now whether it's on Windows or Linux still need to be familiar with typing and being able to run programs from the command line and the various command line switches and parameters us that those programs or types of programs are going to use now from a networking perspective you need

a basic understanding of some simple networking Concepts you need to know what cables are and switches and hubs and how systems are networked together you don't really need a deep level of understanding I'll be going through some protocols as a reasonably deep level because I think it's important as an ethical hacker to understand what's going on at the protocol level so that you can know better what you are doing and how to achieve the goals and tasks that you have before you so we're going to be going over some protocols so just understanding what protocols

are and how they go together those sort of things are necessary from a networking perspective now we're going to also be learning a bunch of life skills yes there are some life skills that it's important to have I think the most important one is the ability to accept failure and persevere and by that I mean you're going to be just running across several things that just don't work the first time around and it's going to take a little bit of time and stick to itiveness to plug away and keep going until you get something to

work and the way that you get things to work is having an ability to problem solve and sometimes solving problems requires being a little creative sometimes you need thing out of the box and come out a problem from a different perspective in order to find a solution throughout the course of this video you're going to run across a lot of sticky problems through the course of learning about being an ethical hacker and just doing the work because it's not as simple so here's a little recipe for how to do this now go follow this recipe

every time and you're going to be successful every situation is different every system is different you're going to run across some pretty sticky problems and you're going to have to just wait and get your hands dirty and keep failing and failing and failing and failing until you find a way to succeed so I think those skills are very necessary to learn how to be an ethical Hackle digging through some of the material that we'll be going over in this video as far as what you're going to be learning you're going to be learning about how

to use a lot of tools you're going to learn networking and by that I mean we're going to be talking about different protocols involved in networking systems together you're going to learn about security and security postures security is the hard and soil of ethical hacking it's why we do ethical hacking in order to make systems and networks more secure than they were previously that's the goal from a networking perspective we're going to be talking about how to read packets from Network captures we're going to be going into tcpip related protocols in a fairly significant amount

of detail and you're going to understand how protocols interact with one another so we're going to do all that and the reading packets is going to be really important and we're going to do a fair amount of that in addition to just a fundamental approach to learning how to read packets in several lessons we're going to read packets as a way of understanding the different tools that we're using and how they're going to learn tactics and methodologies and you get to learn to use the information you've got other in order to get more information and

information is really what is this all about you can't do much anything without information and sometimes it takes a fair bit of digging in order to find that information and what you're going to learn is the entry points and the Stepping Stones to get the information that you need and then once you have that information you're going to be learning about ways to exploit it in order to get deeper into the target you're going to learn security awareness we're going to talk about risk and understanding risks and vulnerabilities primarily recognize the difference between a vulnerability

and an exploit and there's a significant difference there's so security awareness and understanding what a risk is and how that impacts your Target and it's going to be key to a lot of things that we talked about so it sounds like a lot we're going to cover a fair bit of ground not all of it at a deep level sometimes we're going to skim the surface but there's an awful lot of material to be covered so let's get started into talking about the different skills that are required or will be learned as a part of

the series of video so initially just for basic Computing you need a basic understanding of operating systems so it sounds like a lot where that we're going to cover and a fair bit of it is going to be at a very deep level and sometimes we're just going to skip the surface but this is an awful lot of material to cover so let's get started okay so that was all about the skills that we are going to develop throughout this video and that might be necessary for you to become an ethical Hackle now let's talk

about the types of attacks that you might be dealing with as ethical hacker yourself so now we're going to be talking about the types of attacks now one type of attack that you'll find common particularly in cases of hacktivism for example or cases where people are trying to make a particular point or just be a general pin is this idea of defacing now defacing goes back for quite a while it's the idea of sort of digital graffiti where you've left your mark or your imprint behind so that everybody knows you were there primarily a website

thing and it's really just making alterations to something that used to be pretty common a long time ago now it's very particular for businesses or people or just organizations in general to have their home pages being replaced by this other thing that was along the lines of hey I was here and I took over your web page we also have a pretty common one which certainly has been common over the years and it's a pretty good part towards quality exploits and high profile vulnerabilities and that's buffer overflow now a buffer overflow is a result of

the way programs are stored in memory when programs are running they make use of a chunk of memory called a star and it's just like a stack of plates when you put a bunch of plates down when you pull a plate off you're gonna pull the top plate you're not gonna pull the oldest plate you're gonna pull the one that was on top so the same thing with the stack here we're accessing memory and this has to do with the way function functions are called in memory when you call a function a chunk of memory

gets thrown on top of the stack and that's the chunk of memory that gets accessed and you've got a piece of data in memory within that stack and that's called a buffer and when too much data is sent and try to put into the buffer it can overflow now the bounds of the configured area for that particular buffer it can overflow the bounds of the configured area for that particular buffer now the way Stacks are put together we end up with a part of the stack where the return address from the function is stored so

when you overflow the buffer you have the ability to potentially override that return at which point you can control the flow of execution of programs and if you can control the flow of execution of the program you can insert code into that memory that could be executed and that's where we get buffer overflow that turns into exploits that creates the ability to get like a command shell or some other useful thing from the system where the buffer overflow is running so that but a buffer overflow in short sometimes we also have format string attacks and

sometimes these can be precursors to buffer overflow formats now format strings come about because the C programming language makes use of these format strings that determines how data is going to be input or output so you have a string of characters that define whether the subsequent input or output is going to be an integer or whether it's going to be a character or whether it's going to be a string or a floating point that sort of thing so you have a format string that defines the input or the output now if a programmer leaves off

the format string and just gets lazy and provides only the variable that's going to be output for example you have the ability to provide that format string if you provide that format string what then happens is the program starts picking the next piece of data off the stack and displays them because that way we can start looking at data that's on the stack of the running program just by providing a format string and if I can look at the data I may be able to find information like a return address or some other use of

piece of information there is also a possibility of being able to inject data into the stack I may be able to find some information like a return address or some other useful piece of information there is also a possibility of being able to uncheck data into the stack I may be able to find some information like a return address or some other useful piece of information there is also a possibility of being able to inject data into the stack using this particular type of attack now moving on to our next type of attack is a

denial of service a denial of service this is a pretty common one and you'll hear about this a lot this is not to be confused though with the one that I'll be talking about after this and that is a distributed line of service so this one that you see is that this is a denial of service staff and a denial of service is any attack or action that prevents a service from being available to its legitimate or authorized users so you hear about a ping flood or a sin flood that is basically a sin packet

being sent or machine constantly or a Smurf attack and Smurf attack has to do something with icmp Echo requests and responses using in broadcast addresses that one's been pretty well shut down over the last several years you can also get a denial of service simply from a malformed packet or a piece of data where a piece of data is malformed and sent into a program now if the program doesn't handle it correctly if it crashes suddenly you're not able to use that program anymore so therefore you are denied the service of the program and thus

the denial of service now as I said a denial of service is not to be confused with a distributed denial of service and I know it's pretty trendy particularly in the media to call it any denial of service a DDOS or any denial of service a DDOS now it's important to know that any denial service is not a DDOS a DDOS or as you might know a distributed denial of service is a very specific thing a distributed denial of service is a coordinated denial of service making use of several hosts in several locations so if

you think about a botnet as an example a botnet could be used to trigger a distributed denial service where I've got a lot of bots that I'm controlling from a remote location and I'm using all these boards to do something like sending a lot of data to a particular server when I've got a lot of system sending even small amounts of data all of that data can overwhelm the server that I'm sending it to so the idea behind a distributed denial a service stack is to overwhelm resources on a particular server in order to cause

that server not to be able to respond now the first known DDOS attack used the tool called stockhold rot which is German for barbed wire now stockhold Rod came out of some work that a guy by the name of Mixter was doing in 1999 he wrote a proof of concept piece of code called tfn which was the tribe flood Network let me just show that for you so you can see on the Wikipedia page that the triplet Network or tfn is a set of computer programs that is used to conduct various DDOS attacks such as

icmp floods in floods UDP floods and smart attacks now I know many people don't really consider Wikipedia a really good source of any sort of knowledge but it's a good place to start off so if you want to read about all these types of attacks like icmb floods and what exactly is a syn flood you can always do that from Wikipedia it's not that bad place of course you shouldn't use Wikipedia as your final Rosetta Stone moving on so this program called Old Rod which was it was used to attack servers like eBay and Yahoo

back in February of 2000 so that attack in February of 2000 was really the first known distributed denial of service attack which is not to say that there were in denial of service tax previously So to that there were certainly plenty of them but they were not distributed now this means there weren't a lot of systems used to coordinate and create a denial of service condition and therefore we get the distributed denial of service stack so that's a handful of type of attacks and some pretty common attacks that you're going to see as an ethical

Hackle when you become an ethical hacker or if you're trying to become an ethical hacker you should always know about these types of attacks okay so in this lesson we're going to be talking about penetration testing and some of the details around how it works and Logistics and specifically things like scope so what exactly is penetration testing so well not surprisingly it's testing to see if you can penetrate something which means you're going to check to see whether you can break into a particular thing whether it's a server or in applications depending on the type

of Engagement you've got you may have the ability to try to break in physically to a location but primarily what you're going to be doing with penetration testing is you're going to be trying to break into systems and networks and applications and that's the kind of what it's all about and this may actually involve social engineering attacks so it may require you to make a phone call to somebody and get them to give you their username and password or some other type of social engineering attack where maybe you send a URL via a crafted email

sometimes it's just strictly a technical approach where you're running scans and you're running Metasploit and you're gaining access that way or maybe some other type of technical application sort of connection sometimes it's physical access that you need so in order to get access to a particular system if you can get physical access then maybe you can get in so that was all about that's what exactly penetration testing is it's checking whether you can get into a system whether it be physically or on a network so what are the goals of penetration testing the goals would

be to assess weakness in an organization security postures we want to figure out what they're vulnerable so that they can go and fix these problems you want to help them understand their risks positions better and what they can or may be able to do to mitigate those risks and ultimately you want to be able to access systems in a particular way to find weaknesses so those are really sort of the goals of penetration testing now from a result standpoint when you're done you're testing what you are going to do well you're probably going to generate

a report and by that I don't mean you're going to run some automated tool and you're going to get it to generate a report for you you're actually going to give that to the client you're actually going to give your report to the client and then they're going to write you a really large check so that's not really how it works you're going to write a report detailing the findings in a detailed way so that it includes what did you do to find out what you actually found out and how you can actually mitigate that

particular risk so you should really include remediation activities in order to fix this vulnerabilities that you find and it's pretty easy to walk around saying hey that's a problem and that's problem and that's a problem that's really not a lot of value in that where there's a value is that hey that's a problem and here's how you can go about fixing it so let's talk about the scope of penetration testing so firstly you want to actually realize how big is the bread box and how specifically what is it that the U2 of the two of

you have agreed that being you the ethical hacker and the other guy being the authorized person to give you permissions to ethically hack have specifically agreed that you can do penetration testing and you can Target them as an organization or the client and what you have agreed to are any exclusions or any sort of areas that they say you're not allowed to touch so anything so like if they've got a database server maybe or there's a lot of really sensitive data on it and there's a little hesitant and they may put don't touch this thing

clause in the scope so there are a lot of different reasons why they may exclude areas from the scope and if they exclude them then trust their reason and listen to them what they have to say in terms of this is what we want you to accomplish so along those lines you really need to get a sign off from the target organization now we've talked about this before and this is certainly all about the ethics and trust and it's also about legality because if you do something that you don't have permissions to do you could

be prosecuted for that so definitely get the scope very clear in writing and with signatures attached to it as to what you can and what you can't do and always get approval from the right people and make sure you get somebody who has the right level of permissions and is the right level of management so that they can sign off on its understanding and accept the risk that is associated with the penetration test so let me talk a little bit about security assessments and how they differ from penetration tests so security assessment is a hand

in hand approach with clients so you would walk in doing a collaborative thing where your a trusted partner and you are alive at them and your goal isn't to penetrate them and point out all the things that are really bad but it's to get a full assessment of the risk that the organization is exposed to and you would probably provide more details about fixes that maybe you would in a penetration test now what we're going to do is we're going to walk in and make sure that the policies and procedures they have in place are

really what they need for the organization and the risk appetite that they've got and we're going to make sure that the policies and procedures have controls that can tell us whether they are being actually adhered to or not so the procedures and policies are being followed a security assessment is probably a little bit more comprehensive than a penetration test and you would look at more factors to assess the security postures of the organization in their overall risk and you would tailor the output based on the risk appetite and what they're most interested in and that's

not to say that I'm going to tell them what they want to hear but if there's something that they know and I know that they're just not going to do I'm not going to be making a big deal out of it because they're already aware of it and I'll make a note of it in the report just for a complete mistake but I'm not going to go out in a lot of details so it's really kind of a hand-in-hand collaborative approach where again you're not just saying that they want us to say we're providing some

real security and risk guidance towards their activities and other things so it may provide an unrealistic view so you've got a week let's say to do this penetration test against your target now you're going to have to go in you're going to have to get set up you're also going to have to start doing a bunch of scans and make sure that you're Gathering informations and screenshots and data for your reports you're gonna have to do all sorts of activities also during the course of that week you're going to be engaged in probably beginning to

write your report and getting a sense of what is going to say and what's going to be in it if you don't actually get any major penetration during the course of that week the organization may feel like their quote-unquote secure that's one of the reasons why penetration testing well really sexy and chill is nice and all but if an organization walks out of it believing that in a week you didn't manage to get to know get the keys of the king Kingdom then they might must be secure that's really misguided view because undedicated skill and

motivated attacker isn't going to just take a week or some portion of that week they're after something they're gonna dedicate themselves to do it and really go after it so just because you didn't find a penetration in some subset of a week doesn't mean that they're secure and and invulnerable to attacks it just means that during the course of that particular week and other circumstances that were in place you didn't get a penetration that was really significant or major that's all it means it doesn't mean anything beyond that and if an organization walks away feeling

like they're secure they're going to end up not fixing the real vulnerabilities that may be in place that could expose them to significant risks so that's penetration testing it Scopes its goals and how it differs to security assessments now it's time to go over footprinting so what is footprinting well footprinting is getting an idea of the entire scope of your target that means not just scope that he were given which may be an address block or it may be a domain name that even maybe a set of address blocks now what you want to do

is you want to figure out all the information that's associated with that in great detail as you can possibly get so you want the list of domain names as you're going to go through this you probably want some sort of database or Excel spreadsheet or something to keep track of all the information because you're going to have a lot of it at the end you want to be able to find the information quickly so having some sort of either notepad going with your notes or as I said a spreadsheet or a database so if you

can get organized in that way you want to keep all those sorts of things down so in this case I want to do some sort of search on suppose let's say eddyreka.com now I need Network blocks so so far we found out that just made up IP addresses because I'm just putting information down but I need Netflix blocks so you may have one IP address that you can find externally or or you're going to want to hold range of internal blocks and you can do a little bit of digging if you aren't provided those you

want specific IP addresses for critical systems web servers email servers databases if you can find any of these things of those sorts and you want system architectures and what kind of stuff are they running are they running Intel are they running windows are they running some Unix systems what are they running what kind of Access Control lists they have these are going to be hard to get but you may be able to guess them and you can guess these by doing Port scans so what sort of responses you get back from the port scans with

the filters and or what you don't get back we'll tell you about if there's an IDs around or some you want to do a system enumeration or you can get access to a system somehow you want to know usernames group names so on so the basic idea of footprinting is gathering information now if you can get access to system somehow you want to know usernames group names so you want system banners routine tables SM an MP information if you can get it DNS host names if you can get those now this is for both internal

and external on the side if you're doing an internal penetration test or ethical hacking engagement you want to know the networking protocols that are there are they using TCP or are they using some UDP or are they on ipx or SPX are they using decnet or apple talk or are they using some sort of split DNS in other words do they have internal DNS servers that give different form for the external and will give different information if you want to check for remote access possibilities now in the footprinting process you want to be very exhaustive

you might want to try and take out email addresses servers domain name Services I mean IP addresses or even contact numbers and you want to be very exhaustive with your approach you don't want to miss anything out because if you do that you can continue and also provide some some launching points for additional attacks or tests that you may be able to do but this is definitely a starting point of the time types of information that you need to have as you go about footprinting your target now next thing that we are going to see

is very interesting this is one of the many common tools that are out there on the internet and that is the Wayback machine or also known as archive.org now while it might not give you all the information that you need but it certainly gives you a starting point and what we're talking about out here is the Wayback machine or archive.org so let me just give you a quick look at what archive.org looks like okay I already have it open out here so out here what you can see is how a website look like around some

time ago so for example if you want to look at what Google look like so you just have to search for Google out here and wait for results to come back okay so we see that Google goes way back to 1998 so that was the last capture or the first capture rather it was the first capture by the Wayback machine and we can see that it has a screenshot of November 11th and how Google looked so let's see what Google looked like in November 11th of 1998. so this is what Google looked like it was

there was actually nothing to it it just said welcome to Google Google search engine prototypes and it has some link so yeah this is what the Google search engine looked like it had a Stanford search it had a Linux search and you could do all sorts of stuff you could just put the results now what I'm trying to tell you all is you can see the evolution of a website through time through the Wayback machine and this gives you rather in a informative look into how website has actually evolved okay now that we know what

footprinting is and how it falls into the whole recognition process so let's go over a couple of websites to do a little bit of historical thinking about companies and the types of infrastructure that they may be using and this information of course is useful so that we can narrow down our focus in terms of what we want to Target against them for attacks now over time we've improved our awareness about what sorts of information we may want to divulge so several years ago you may have gone to a company's website and discovered that you could

get email addresses and names of people in positions that you may find relevant and there were all sorts of bits of information that could be used against the company and over time we have discovered that those sorts of pieces of information probably don't belong on a website where they can be used against a company and so they've been pulled off now it used to be also that Google had the ability to pull up information that it had cached so far for example if a website is no longer available or if it was temporarily down and

offline there was a little cash button that you could click when you did and the Google search and you could pull up that cached information so even though the website wasn't available you could still get information from Google's servers now Google's removed that so we don't have that ability any longer however there is an internet archive that we can use so this thing is called the Wayback machine and I have it open out here so it's archive.org web so archive.org is a website that gives us information about other websites and how they looked like in

years ago and by so I'm gonna go to the Wayback machine which you can see is at the archive.org and I'm gonna go and try and search for edureka.com so now we're going to take a historical look at eddyreka.com's website and you can see we've got some years and they've got information going back up to 2013. so let's look at what this website looked like when it was just 2013. okay there don't seem to be any snapshots out here I wonder what's going on okay so let's go to 2014 and the first snapshot seems to

be on the September 12th of 2014. actually it's on May 17 too so let's see what that looked like okay so this is what Eddie reggae looked like back in 2013 or around the 2014 September 12 2014 to be actually exact now you can see that we have some live classes and all this pictures there and they've got this weird picture of this guy out here I don't know why that was a thing back in 2014. now we can browse more advanced screenshots or rather the screenshots I've taken later on and see how this company

has evolved with this infrastructure and the way it actually lays out its content okay so it still has the fall but I can go a couple of years ahead and see what this has actually evolved into so if I were to go to December 2016 so this is what it looked like to 2016 and we can see that they've added this weird box out here about Verizon courses they have added a search bar that kind of looks weird but it's mostly because my Internet is slow and it's not loading all the elements they've also changed

how they've actually laid out the courses we can also see a change in the prices I guess so yeah this tells us about how it evolves as a complete website now this other website that I want to talk about is called Netcraft now Netcraft does internet research including the types of web servers that companies run and they have a web server service you can see here as we scroll the Apache reverse service has 64.3 percent of the internet Market of course and that's followed by Microsoft with 13 interesting information may be useful information but even

more useful than that is looking at what different companies run for their websites and you can see here okay so let's try and search for edireca.go out here so let's just put it in the website URL and that Netcraft generate the site report so as you can see that some of the stuff is not available we know that the net block owner is by Amazon Technologies name server is this thing right here the DNS admin is AWS DNS host Master we also have the IP address we can go for a wire look up the IP

on virus total you can do that there is no IPv6 presence so that's some information that we can see so we can obviously opt out to not Target IPv6 ranges then there's also reverse DNS then we also have a bunch of Hosting history so this is a history of it and we know that it's hosted on a Linux system with an Apache web server and it was last seen and this was when it was last updated so this is some very useful information you can also get information on stuff like Netflix so if you just

type okay I just spelled that wrong so let me just change it from the URL out here so if you go and type for netflix.com and you see that it'll show you all sorts of information so as you see that it's on an AWS server it's an Amazon data services Ireland and this is all the hosting history that it goes along with it has some standard policy Frameworks domain-based message authentication and Reporting confirmations and there's all sorts of information that you can get about websites and their web servers from Netcraft so the Wayback machine along

with Netcraft may come for some interesting tools that is available on the internet from which you can do a little bit of your reconnaissance process okay now that we have gone over Netcraft and the Wayback machine now it's time to actually get to know how to use the little information that the site actually provides so what the next topic that we're going to go over is using DNS to get more information now we're going to be going over a tool and this is called who is and it is a utility that is used to query

the various Regional internet registries to store information about domain names and IP addresses and let me just show it to you about all the internet registries that are there so I have aaron.net open out here and these are the internet registries that provides the isps and looks over the Internet control as a whole so out here we have afrenic we have apnic we have Aaron we have laknik and we have ripe NCC so these are all the regions and all the different types of stuff that they support all different countries you can look at the

map that it is supporting out here by just hovering over the providers so as you can see all these Brown region out here is Africa after Nick then we have apnic which is this black or grayish thing which is India and Australia and quite a lot of Asia then we have Aaron which is a lot of North America in the United States mostly Dennis lachnik which is mostly the Latino site which is the South American part then we have the rest of Europe which is ripe NCC and this is the part that ripen cc is

providing internet to okay so that was all about the internet registries now let's get back to the topic and that is using DNS to get more information now for this we are going to be using a Linux based system so I have Ubuntu running on my virtual machine out here and let me just log into it so firstly we are going to be using this query called who is that looks up these internet registries that I just showed you let me just quickly remove this okay so for acquiring information from the regional internet registries that

I just talked about you can use two ways to get information about who owns a particular IP address so for example I could do who is and let's see I could do who is Google or rather netflix.com and we can get all sorts of information about Netflix so we can see that we have the visit Mark monitor then let's see let's go up and look for all sorts of information that is being given to us by this who is query so as you guys can see I just spent a little bit too much okay so

registry domain 90 we have the domain ID where it is registered there's a registered URL is Mark monitor okay so this is for marking actually now the creation date is 1997. so if you haven't realized Netflix been around for a long time and it's been updated on 2015 and the registry expiry date as we see is 2019 so it's going to actually go off this year then this is all useful information so we can see all sorts of domain status the name server the URL the DNS SEC that it says unsigned this is very useful

information that is being provided by very simple query now if you want to know who owns a particular IP address so let's see did we get back the IP address out there we should have got back the IP address but it's kind of lost on me so to get back the IP address also for a domain name server so you know so you could use this command called dick so your dig netflix.com now as you guys can see that it has returned a bunch of multiple IP addresses that these are all the IP addresses that

Netflix is so I could do something like if I was trying to check out who owned a certain IP address and for example I have got one of these IP addresses but let's just assume I don't know that actually belongs to Netflix so I can go who was 54.77.108.2 and it'll give me some information so as you guys can see it is giving us a bunch of information as to who this is and how it is happening so we see that it is from aaron.net and so we can very smartly assume that it's from the

North American part no we can also see that it's in Seattle so our guess was completely right so it also gives us a range so this is something very useful so if you see we now have the range of the IPS that might be being used by this guy so we indeed have a 54 and it says it goes up to the 54. there's also 34. now let's check that out and see what information we get so who is and let's check it out what was the IP that we were just seeing is 34.249.125.167. so

34.249. 165. I don't know let's see you can also put in a random IP address it doesn't really matter and it'll give you the information so let's see is this in some IP address even this seems to be an RN IP address and it's also based in Seattle and we get a bunch of information so that's how you can use the who is query and the bigquery to actually get all sorts of information about the domain name service and get information from a DNS basically so now let's go over some theoretical part that is for

DNS so using DNS to get information so firstly what is a domain name service and why do we need it so a domain name service is a name given to an IP address so that it's easy to remember of course you it's easy to remember names and mnemonics rather than a bunch of random weird numbers now this was mainly so that we can map names to IP addresses and we can get the a bunch of information from the hostname resolution so that's the purpose of IP addresses now we will also be looking at how to

find network ranges okay now before we get on to actually moving on to how to find out the network ranges let me just show you how you can also use who is so who is suppose you want to know the domains with the word Foo in it so you could go who is Foo and this will give you a whole bunch of things about how Foo exists and all the sorts of foods that there is on the end internet so that was one interesting flag and if you want to know how to use more about

who is you could just go dash dash hell I guess yeah so this is all the types of stuff that we can do with who is so you can set the host we can set the port that we want to search for then we can set with the elf live you can find one level that specific match and we can do an exact match do an inverse lookup for specified attributes then we can also set the source we can set verbose type and we can choose for a request template there's a bunch of stuff they

can do so you could suppose say who is verbos and suppose eddyreka dot code and it'll give you a verbose version of this is a ripe database query service objects are an rpsl format the arrive databases objectives so okay let's try something else like who is netflix.com okay I'm sorry I was supposed to do verbose and I kept doing etch it's silly me so you do V and it'll give you a much more like this is a ripe database again I think I'm doing something wrong okay just for that thing okay V and tight okay

or let's just see that's let me just show you how to use a primary keys are return only primary Keys okay let's see let's try that out okay so it seems to be that this is a ripe database query service and objects are an rpsl format so it won't really work for that thing and it also says that no entries found because it's this error so this is for some layer lesson so for now I hope I gave you a good idea of how to use Hue is like you could just go who is then

some IP address like 192.168.101 or some gateway address like that or you could just go for a domain name service like Facebook and get all sorts of information about Facebook when the query actually returns you something okay so let's move on to network ranges now now in this part of the video we're going to be going over the utility call who is which is used for getting information from the DNS now let me just show you a website out here so this is the original internet registries so the internet registries are used to store information

about domain names and IP addresses and there are five Regional internet registries first is iron which is responsible for North America America so that would be the US and Canada then we have lachnik which is responsible for Latin America and portions of the Caribbean then there's ripe that's responsible for Europe and Middle East and Central Asia there's afternik which is responsible for Africa and finally we have apnic which is responsible for Asia Pacific Rim so that's the regional internet registries and as I said who is is responsible for acquiring information from the various Regional internet

registries as you can use who is to get information about who owns a particular IP address for example let me just open up my Ubuntu system let me clear this out first so as I was just saying for example you could go who is facebook.com okay so as you guys can see we could find out pretty quickly about who owns a particular IP address so for example I could do who is and just go facebook.com and tell me about who it belongs to it also gives you who owns a particular IP address and who's responsible

for them from the information you can get email addresses that belong to a particular company this one has an email address for techcontact of ipreg adrate so you can get all sorts of email addresses Tech contacts and all sorts of stuff out there the registry database contains only.com and Dot net and all sorts of information now I want to query a different IP address and different information belongs in the different Regional internet registries of course so if I want to go to a protocol database I would have to use the minus H flag so I

could do who is Aaron net and remember the IP address and I'm going to query that again and of course I get the same information back because I went there so you could just go who is Edge and then follow it with an IP address so it's only like 34.205. 176.98 so that's just a random IP address I just made up and it says that who is option okay so it's a it's a capital H okay so let's see that and we get all sorts of information back from that so area 8 iron and all

sorts of stuff now I can get information about domains as well so if I can query something like netflix.com and I can find out that this is that actually Netflix and there's an administrative contact and the technical content and you can see the different domain servers the servers that would have authority of information about the DNA sentries for that particular domain you can also see other information like when the record was created and a whole bunch of different phone numbers that you can contact and additional restoring information about IP addresses and domain name sometimes it

will store information about particular host names and there may be other reasons why you would store a hostname or particular information about hostname on the system whether one of the rirs now if I want to wanted to look up something specifically once I had found that I could now do a lookup on who is suppose let's say something like who is Foo so let's say who is Foo now if you already don't have who is installed you can easily install it by just going apt install who is on your Unix system and that should do

the trick and then you can start use this really Nifty tool okay so that was all about using who is now let's get on to actually using how to find out Network ranges for a domain okay so now let's talk about how we're going to be going over and fighting Network ranges so suppose you've got the engagement and you only know the domain name and you don't know much beyond that and you're expected to figure out where everything is and what everything is so how do you go about doing that well you use some of

the tools that we either have been talking about or will soon be talking about in more detail and the first thing I'm going to do is I'm going to use the domain name eddyreka.com and I'm going to look up edureka.com and see if I get an IP address back so let's just head over there and go Whois edireca.co or we could use the host keyword so as you see we get an IP address back and that is 34.210.230.35 and that is the IP address and you see that I've got back an IP address so here's

just an IP address and I don't know what that IP just belongs to and I also don't know how big the network range or network block is and that's associated with so what I'm going to do is uh who is and I'm going to look up with Aaron who owns that IP address so you can basically go who is 34.210.230 not 35. so as you guys can see that gives us a bunch of information and who is now this doesn't seem to have a very big Network range but unlike something like Netflix so suppose we

were to do some like host netflix.com and see now we have a bunch of IP addresses so suppose we will do who is let's see who is 52.19.40 the 147. now I'm expecting Netflix to be a much larger company and have a better yeah now see we get net range so this is the network range that we're talking about so we had a random IP address and now we have found the network range so that's how you find network ranges and this can be very useful so this gives me evidence that netflix.com has a presence

on different addresses the one I have also located by looking up that particular hostname so I've got one address here that I can look and let's take a look at the website because there may be different address now if I didn't have that I could also go and do something like an MX flag so let's see I could go dig and this will give us all the mails so dig MX and let's see let's see what MX does actually you go help so we could do dig hyphen Edge for a list of options so these

are all the options that we have and the one that we're gonna use is something like this a dig MX and we say it's online netflix.com so these are all the mailings and mxs that we have gotten from Netflix and this is information regarding it's still producing information that's a big thing to produce okay so as I was just saying you can use the MX flag and I could get back all the mail handlers in this case and their mail is being handled by Google and let's see wait let's go on top then it's going

to tell me that Google's not particularly surprising and other things I can do is check for different host names since I'm assuming DNS probably doesn't allow Zone answers since most DNS servers don't anymore although they used to you may have to start guessing so I could do something like webmails that we find out here so this shows us a dump of all the outstanding memory stuff okay so that was all about finding Network ranges now moving on to our next topic is using Google for recognizance now some people also call this Google hacking now if

you know how to use Google to exactly Target and find what you are looking for Google is an excellent tool for recognition purposes and today I'm going to show you how you could use Google exactly for your searches so first of all let's open a tab of Google um let's open up here so let's go to google.com Okay so now we're going to be talking about how we can use Google to actually gain some information or some targeted information so this is in general called Google hacking now when I say Google hacking I'm not meaning

by breaking into Google to steal information I'm talking about making use of specific keywords that Google uses to get the most out of the queries that you submit so for example a pretty basic one is the use of quotations you code things in order to use specific phrases is otherwise Google will find pages that have instances of all those words rather than the word specifically together in particular order so I'm going to pull this query up and this shows a list of let me just show it to you so if you go index off now

this is showing us an index of all the films now this is basically all those index of sites that you want so as you guys can see the show this index of all sorts of films that are there now you can use index of and you see that we have also an index of downloads or something like that hype from.com slash download and it is an index of all sorts of stuff now you can go into some folder and check them out G Jones giversity giberical I don't know what these are but some sort of

stuff and this is how you can use Google Now let me just show you some more tricks so you can use this so suppose you're using Google to find for something like a presentation so you could use something like file type dbdx and it'll search for every type of file there that is pbd okay let's try some other side dot PVD so config okay so this brings up all the types of files that have some configs in them so this is some gaming configuration as we see there's some digital configuration of Liverpool now you could

also use something like this thing in url and you can use another root and this will give you all the things which root in their URL so kingroot.n Digital Trends and how to root Android so that's in the root and suppose you want to say something like all in file type or suppose you want some extension so so dot PBT dot pptx does that work um let's search for JavaScript files okay I think it's JS okay that doesn't seem to work either this shows us all the things with JS in it no it's just external

JS I'm doing this wrong so you could use file type so let's see file type and we go see duck so these are all the documents that you could find with the file type thing and you could also do GES I guess Yep this will give you all the JavaScript files that are there so this is how you can use Google to actually narrow down your searches so suppose you want a particular set of keyword and we want to make sure we get the passwords file from Google okay so now let's go into more details

about the various things you can find using Google hacking techniques now while Google hacking techniques are really useful for just general searching in Google they're also useful for penetration testers or ethical hackers you can narrow down information that you get from Google you get a specific list of systems that may be vulnerable so we can do things like look for error pages that do in the title error so I'm going to get a whole bunch of information so suppose like we go in title and we say error so as that we get all sorts of

stuff and we can do the mines Google part so if you do a minus Google will not show you the stuff that's from Google so we get a various documentation pages about different vendors and the errors that they support so here's one talk about Oracle about Java error where you know something more specific we may be able to get errors about all sorts of other stuff so this is how you could use the Google hacking technique to your own advantage of your penetration tester now let's also show you something called the Google hacking database now

this is very useful for an ethical hacker now the Google hacking database was created several years ago by a guy called Johnny Long who put this Google hacking database together to begin to compile a list of searches that would bring up interesting information now Johnny has written a couple of books on Google hacking so we're at the Google hacking database website here and you can see them talk about Google Docs and all sorts of stuff now you can see that we can do all sorts of searches like in URLs BC bsp this brings up some

portal Pages now out here you can bring up some password APS password in url now this will give you also are some stuff on Google so suppose you go in url it's like ABS password now you can get all sorts of stuff like which have passwords in their URL so maybe you can just guess a password from there too now that was Google hacking so Google hacking entries and they also have a number of categories and that you can look through to find some specific things so you may be interested in of course and you

can search specific information that you may be looking for with regards to specific product for example let me just show you exploit database these are all the certain types of stuff you can go through out here and and as you see we have all sorts of stuff like this is an SQL injection thing this is something regarding pure archive Towers so these let you get a foothold into some password tracking attempts and you can do some Brute Force checking and you can see here if it talks about the type of search it is and what

it reveals you can just click here on Google Search and we'll actually bring up Google for the list of responses that Google generates so let's look at this one here this type is a log so this is something about cross-size drifting logs and we can also see some party logs if I was not wrong so there's some denial of service POC and we can see a bunch of stuff and if you continue to scroll down there are a lot of interesting information in here so somehow somebody's got a party log that has a lot of

information they've got it up on a website and it's basically a bunch of information that you can see you can also get some surveillance video sometimes and you can look into them and this is basically how you could use Google so it's basically a list of queries that you can go through and this is a very useful site if you're a penetration tester and looking for some help with your Google hacking terminologies so that's it for Google hacking now let's move on okay so now it's time for some networking fundamentals and what better place to

begin with tcbip now we're going to be talking about the history of TCP and the network that eventually morphed into the thing that we now call the internet so this thing began in 1969 and it spun out of this government organization called arpa which Advanced research projects agency and they had an idea to create a computer network that was resilient to a certain type of military attacks and the idea was to have this network that could survive certain types of war and war-like conditions so arpa sent out this request for proposals to BBN which is

Bolt bearnick and Newman and they were previously an acoustical consulting company and they won the contract to build what was called the arpanet the first connection was in 1969 so that's where we get the idea that the internet began in 1969 and the internet as we call it now didn't really begin but arpanet did and arpanet has a long history that goes through NSF net in 1980s and after arpanet was sort of decommissioned and a lot of other networks were folded into this this thing called NSF net that then turned into what we now call

the internet and once a lot of other networks were connected into its first protocol on the arpanet initially there were 18 to 22 protocols which is very first protocol defining communication on arfanet and it was called 1822 protocol because BBN report 1822 which describes how it worked shortly and after that there was this thing called the network control program and the network control program consisted of arpanet's host to host protocol and an initial control protocol now they're certainly not a direct correlation or an analogy here but if you want to think about it in particular

where you could say that the art net host to host protocol is kind of like UDP and the initial connection protocol or ICP it's kind of like TCP so the host to host protocol provided a uni-directional flow control steam stream between host which sounded a little bit like UDP and ICP provided a bi-directional pair of streams between Two Hosts and again these aren't perfect analogies but the host to host protocol is a little bit like UDP and ICP is a little bit like TCP now now the first router was called an interface message processor and

that was developed by BBN it was actually a rocketized Honeywell computer that had special interfaces and software so the first router wasn't Roundup built piece of Hardware but it was actually an existing piece of Hardware that was specially purposed for this particular application so Honeywell had this computer that they made out and BBN took that and made some specific Hardware in faces and wrote some special software that allowed it to turn into this interface message processor which passed messages over arpanet from one location into another so where did IP come in here in 1973 so

IP came in here as well in 1973 as I just said and a guy by the name of Vint Surf and another guy by the name of Robert Khan took the ideas of NCP and what the arpanet was doing and they tried to come up with some Concepts that would work for the needs that the arpanet had and so by 1974 they had published a paper that was published by the IEEE and they proposed some new protocols they originally proposed a central protocol called TCP later on TCP was broken into TCP and IP to get

away from the monolithic concept that TCP was originally so they broke it into more modular protocols and thus you get TCP and IP so how do we get to our version 4 which is ipv4 since that's the kind of Internet that we're using right now version 6 is coming and has been coming for many many years now but we're still kind of version four so how did we get here between 1977 and 79 and we went through version 0 to 3 By 1979 and 90 1980 we started using version 4 and that's eventually became the

de facto protocol on the internet in 1983 when NCP was finally shut down because of all the hosts on the arpanet were using TCP by that point in 1992 a work began on an IP Next Generation and for a long time all of the specifications in the rfcs talked about PNG eventually and ipng became known as IPv6 you may be wondering where ipv5 went well it was especially purposed protocol that had to do something with streaming and certainly not a widespread thing one of the differences between ipv4 and IPv6 is that IPv6 has a 128-bit

address which gives us the ability to have some ridiculously large numbers of devices that have their own unique IP address ipv4 by comparison has only 32-bit addresses and as you've probably heard we're well on our way to exhausting the number of IP addresses that are available and we've done a lot of things over the years to conserve address space and use address space so we can continue to extending to the point till where we completely run of ipv for addresses another thing about IPv6 is it attempts to fix some of the inherent issues in IP

and some of those has to do with security concerns and there are certainly a number of flaws and ipv4 and when they start working on IP Next Generation or IPv6 they try to address some of those concerns in some of those issues and they may not have done it perfectly but it was certainly an attempt and IPv6 attempted to fix some of the issues that were inherently in IP and so that's the history of tcpip till where we reached today okay so now that we've discussed a brief history on TCP and how it came about

to the TCP version 4. let's discuss the model itself now we're going to be discussing two models and those are the OSI model and the TCP IP model now as I said we'll be talking about the OSI and TCP models for Network protocols and the network Stacks OSI first of all is the one that you see out here it's the one on the left hand side of the screen and OSI stands for open systems interconnect and in the late 1970s they started working on a model for how a network stack and network protocols would look

originally the intent was to develop the model and then develop the protocols that went with it but what ended up happening was after they developed the models tcpip started really taking off and the TCP IP model was what went along with it and much better what was going on with TCP IP which became the predominant protocol and as a result The OSI protocols never actually got developed however we still use the OSI model for teaching tool as well as a way of describing what's going on within the network stack and the networked applications you'll often

hear people talking about different layers like that's the layer 2 problem or we're under layer 3 space now continuing through these lessons I'll refer occasionally to the different layers and when I do that I'm referring to the OSI model so let's take a look at the OSI model starting from the bottom we have the physical layer which is where all the physical stuff lives the wires and cables and network interfaces and hubs repeater switches and all that sort of stuff so all that's all physical stuff is sitting in the physical layer now sitting Above This

is the data link layer and that's where the ethernet protocol 18 protocol frame relay those sort of things live now I mentioned the switch below the physical the switch lives at layer 1 but it operates at Layer Two And the reason it operates at layer 2 is because it looks at the data link address and the layer 2 or physical address and that's not to be confused within the physical layer it does get a little mixed up sometimes and we refer to the MAC address now the MAC address is not the physical address that I'm

talking about it is the message authentication code address on a system as so the MAC address on the system as a physical address because it lives on the physical interface and bound physically however that Mac address or media Access Control address lives at layer 2 at the data link Leo the network layer which is right above at layer 3 that's where the IP lives as well as icmp ipx and from ipx SPX suda protocols from novel routers operate at layer 3 and at layer 4 above that is a transport layer that's the TCP UDP and

SPX again from the ipx SPX suit of protocols number of that is the session layer and that's layer 5 and that's Apple talk SSH as well as several other protocols then there's a presentation there which is layer 6 and you'll often see people refer to something like jpeg or MPEG as examples of protocols that live find that layer then there's a presentation layer which is the final layer which is layer 6 and you'll often see people refer to something like jpeg or MPEG as examples of protocols that live at that layer and then they live

at that layer which is the presentation layer finally we have layer 7 which is the application layer and that's HTTP FTP SMTP and similar application protocols whose responsibility is to deliver and use a functionality so that's basically the OSI model and that's the seven layers of the OSI model and there's some important thing to note here that is when we are putting packets onto the wire the packets get built from top of the Stack Down by from the top of the stack to the bottom of the stack which is why it's called a stack each

layer sits on top of the other and the application layer is responsible for beginning the process and then that follows through the presentation session and transport layer and down through the network data link until we finally drop it on the wire at the physical layer when it's received from the network it goes from the bottom up and we receive it on the physical and gets handled by the data link and then the network and till the application layer so basically when a packet is coming in it comes in from the application goes out from the

physical and then was going out also it goes from the physicals to the data link then the network transport session presentation and application and finally to the Target system now what we're dealing with is an encapsulation process so at every layer on the way down the different layers add bits of information to the datagram or the packet so that's when it gets to the other side each layer knows where its demarcation point is well it may seem obvious each layer talk to the same layer on the other side so when we drop a packet out

onto the wire the physical layer talks to the physical layer and in other words the electrical bits that get transmitted by the network interface on the first system are received on the second system on the second system the layer 2 headers are report by the first system gets removed and handled as necessary same thing at the network layer it's a network layer that puts the IP header and the network layer that removes the IP header and determines what to do from there and so on and so on again bulk may seem obvious it's an important

distinction to recognize that each layer talk to each layer while it may seem obvious it's an important distinction to recognize that each layer talk to each layer and when you're building a packet you go down through the stack and when you're receiving you come up through the stack and again it's called a stack because you keep pushing things on top of the packet and they get popped off the other side so that was detailed and brief working on how the OSI model is set up and how the OSI model works now let's move on to

the TCP model which is on the right hand side and you'll notice that there's a really big difference here that being that there are only four layers in the TCP IP model as compared to the seven layers of the OSI model now we have the network access layer the internet layer the transport layer and the application layer and the functionality now we have the access layer the internet layer the transport layer and the application layer the functionality that the stack provides is the same and in other words you're not going to get less functionality out

of the TCP model it's just that they've changed where different functionality decides and where the demarcation point between the different layers are so there are only four layers in the TCP model which means there are a couple of layers that have taken in functions from some of the OSI models and we can get into that right here the difference between the models at the network access layer in the TCP model that consists of the physical and the data link layer from The OSI model so on the right here you see the network access layer that

takes into the account the physical and the data link layers from The OSI model in the left hand side similarly the application layer from the TCP IP model encompasses all the session presentation and the application layer of the OSI model so on the right the very top box the application layer encompasses the session presentation and application layer and on the left hand side that of course leaves the transport layer to be the same and the osm model they call it the network layer and then dcpip model let's call the internet layer same sort of thing

that's where the IP lives and even though it's called the internet layer as compared to the network layer it's the same sort of functionality so those are the really big differences between OSI and TCP IP model anytime I refer two layers through the course of this video that I'm going to be referring to the OSI model and in part because it makes it easier to differentiate the different functionality if I were to say lay one function in the TCP model you would necessarily know if I was talking about a physical thing or a data link

thing since there's more granularity in the OSI model it's better to talk about the functionality in terms of the layers in the OSI model and that's a predominant model the OSI model and the TCP model for Network Stacks Network protocols and applications okay so now that we've discussed the TCP model let's go over another important protocol and that is UDP so what you see out here on your screen right now is Wireshark and we'll be going over the uses of our shark and what it's useful for in the stock upcoming lessons but for now let

me just show you a UDP packet okay so before we get into um the analysis of the packet file it's still filtering let me just tell you a little bit about UDP so UDP is a protocol and the TCP suit of protocols it's in the network layer that's the network layer in the OSI so a similar reference model the IP network layer carries the IP address and that has information about how to get package to its destination the transport layer sits on top of the network layer and that carries information about how to differentiate Network

layer applications and that information about how those networked application gets differentiated is in the form of ports so the transport layer has ports and the network layer has in this case an IP address and UDP is a transport layer protocol and UDP stands for user datagram protocol and often called connectionless or sometimes unreliable now unreliable doesn't mean that you can't really rely on it unreliable means that you can't trust that what you send is reaching the other side so what means actually that there's nothing in the protocol that says it's going to guarantee that the

detail gram that you send or the fact that you send is going to get to where you want to send it so the protocol has no sort of safety feature like that so you shouldn't use this protocol that is UDP if you want some sort of safety net and if you needed that type of safety net you would have to write it into your own application so basically UDP is a fast protocol and that's one of the reason why it's good it's also one of the reason why it's unreliable because in order to get that

speed you don't have all of the error checking and validation that messages are getting there so because it's fast it's good for things like games and for real-time voice and video anything where speed is important and you would use UDP so right here I have a packet capture so I'm using Wireshark to capture some packets and let's check out our UDP packet so out here you see that there are some frames that says it's 167 bytes on bio 167 bytes have been captured but we're not really interested in the frame part we're interested in the

user datagram protocol but so here you can see that the source board is 1853 and the destination Port is 52081 now it has a lens and it has a checksum and stuff so as you guys see out here well we don't really see a bunch of information what you only see is the source board and the destination Port the lens and there's also a checksum so UDP doesn't come with an awful lot of headers because it doesn't need any of the things that you see in the other packet headers the only thing it needs is

to tell you how to get the application on the receiving host and that's where the destination Port comes in and once the message gets to the destination the destination needs to know how to communicate back to the originator and that would be through the so sport or a return message so a return message would convert The Source port to a destination port and send back to that port in order to communicate with the originator so we have a source port and destination port and the length is a minimal amount of checking and to make sure

that if the packet that you received is a different from the length that's specified in the UDP header then there may have been something wrong so Iman may want to discard the message to check for more messages so the checksum also makes sure that nothing in the middle was tampered with although it's if there's some sort of man in the middle attack or something like that a checksum is pretty easy to manufacture after you've altered the packet so you can see here in the message that there's a number of udb packets some of them just

say UDP I want to look at happens to be from some Skype application I guess so talking to Skype servers and we've already got the DNS now DNS also needs some Fast Response times because you don't want to send a lot of time looking up information about servers that you're going to before because just to go to them so DNS servers throughout throughout their queries onto the wire using UDP hopping to get fast sponsors they don't want to spend a lot of time setting up connections and during all the negotiating that comes with a protocol

like TCP for example so here you see that the DNS is using UDP and what we've got here is another UDP packet with poor destination and all sorts of stuff so you can see it out here so you can see the checksum it's unverified I check some status so you can check out all sorts of stuff using fireshock so that was about UDP or the user datagram protocol okay so now that we're done with the user datagram protocol let's talk about addressing modes so addressing modes is how you address a packet to your different destinations

so there are three kinds of addressing most the first kind of addressing mode is unicast this is pretty simple one to understand so there is one destination and one source and the source sends the packet to the destination and it's it depends on the protocol that you're using to actually address so if it's something like TCP you're probably using a bi-directional stream so the blue computer can talk to the red computer and the red computer can talk back to the blue computer but you can also use a UDP stream which is like One Direction stream

so it's I'm not sure if I'm using the correct word so it's a stream that's in One Direction I guess I'm driving home the point here so if it's UDP only blue is talking and when blue stops talking then red can talk whatever is TCP blue and red can talk simultaneously at the same time now moving on there's also broadcast now broadcast means that you are sending your packet to everybody on the network so broadcast messages are very common from mobile network providers so when you get those advertisements saying something like you have a new

postpaid plan from Vodafone or Airtel or something like that those are broadcast messages so it's one server that is sending out one single message to all the other systems now there's also multicast now multicast is like broadcast but selective now multicast is used for actually casting your your screen to multiple people so something like screen share when you are doing it with multiple people is multicast because you have the option to not show a particular computer what you are actually sharing so those are the three modes of addressing unicast broadcast and multicast okay now moving

on let's look into the tool that we just used to understand UDP that is varsha so what exactly is varsha so this utility called Wireshark is a packet capture utility meaning that it grabs data that's either going out or coming in of a specific Network and there are a number of reasons why this may be useful or important one reason why it's really important is what's going on in the network is always accurate in other words you can't mess around with things once they're on the network or you can't lie about something that's actually on

the network as compared with applications in their logs which can be misleading or inaccurate or if an attacker gets into an application they may be able to alter the logging now several other behaviors that make it difficult to see what's really going on and the network you can really see what's going on once it hits the wire it's on the wire and you can't change that fact now once it hits the wire so we're going to do here is a quick packet capture so let me just open up our shock for you guys so as

you guys can see I have already Wireshark open for us let me just remove the codp filter that was there so Wireshark is recapturing so let us go over the stuff that you can see on the screen some important features of Wireshark so that we can use it later so what I'm doing here is a quick packet capture and I'm going to show some of the important features of Wireshark so that we can use it later on now when we're starting to do some more significant work I select the interface that I'm using primarily which

is my Wi-Fi and I'm going to be go over here and we'll bring up a Google page so that we can see what's happening on the network so let me just quickly open up a Google page as you guys can see it's capturing a bunch of data that's going around here let me just open up a Google base and that's going to send up some data let's go back so it's grabbing a whole bunch of stuff off the network I'm just going to stop that I'm going to go back and go back and take a

look at some of the messages here so some of the features of Wireshark as you can see on the top part of the screen here there's a window that says number time Source destination protocol length and info and those are all of the packets that have been captured and they're numbering starting from one and the time has to do with being relative to the point that we've started capturing and you'll see the source and destination addresses and the protocol the length of the packet it bytes and some information about the packet the bottom of the

screen you'll see detailed information about the packet that has been selected so suppose I'm sales selecting this TCP packet out here so we can go through the frames the frame also has some interface IDs encapsulation type and all sorts of information is there about the frame then we can look at the source board the destination Port the sequence number the flag said the checksums you can basically check everything about a packet because this is a packet analyzer and a packet slipper now you'll see some detailed information about the back of that has been selected so

I'm going to select so as I've selected the CCP IP packet we see that in the middle frame it says frame 290 it means that it has a 290 a flat packet and the packet that was captured is 66 bytes and we grab 60 price and it's 528 bits later so you already see out here was Source in the destination Mac address of the layer to layer address and then you can see the IP address of both source and destination and says it's a TCP pack and gives us a source board destination port and we

can start drilling down into different bits of the packet and you can see when I select a particular section of the packet down at the very bottom you can see what's actually a hex dump of the packet and on the right hand side is the ASC guide so this is the hex the hex Dom and this is the asci that you're looking at what's really cool about wiresharket is it really pulls the packet into its different layers that we have spoken about the different layers of the OSI and the TCP IP model and the packets

are put into different layers and there's a couple of different models that we we can talk about with that but Wireshark does really nicely is it demonstrate those layers for us as we can see here it is actually four layers and in this particular packet here we can also do something so I've got a Google web request so what I want to do here is I want to filter based on HTTP so I find a filter so let's see we can do an HTTP and what I see here is text input and it's going to

get an image so that's a PNG image and this is a request to get the icon that's going to be displayed in the address bar so you also see something called R pouch here which I'll be talking about very soon so let's just filtering be done now in the web browser it's a Favi con data Ico that I can do here I can select analyze and follow TCP streams you can see all the requests related to this particular request and it breaks them down very nicely so you can see we've sent some requests to Spotify

because I've been using spotify to actually listen to some music then you can see all sorts of stuff like like this was something to some not-found place so let's just take the Spotify one and you can see that we get a bunch of information from the Spotify thing at least uh you can see the destination The Source it's an Intel core machine so the first part of the MAC address the first few digits is lets you tell if it's what what is a vendor ID so Intel has its own vendor ID so f496 probably tells

us that it's that's an Intel Core so Wireshark does this really neat little thing that it also tells us from the MAC address what type of machine you're sending your packets to from the back address itself so it's coming from a software's 4C and going to an Intel Core and the type is ipv4 so that was all about Wireshark you can use it extremely for packet sniffing and pack analysis packet analysis comes very handy when you are trying to actually figure out how to do some stuff like IDs evasion where you want to craft your

own packets and you want to analyze the packets that are going in into the IDS system to see which packets are actually getting detected as some intrusion so you can craft your packet in a relative manner so that it doesn't get actually detected by the IDS system so this is a very Nifty little tool we'll be talking about how you can craft your own packets just in a little while but for now let's move ahead okay so now that we are done with our small little introduction and a brief use on history of our shop

now let's move on to our next topic for the video that is DHCP okay so DHCP is a protocol and it stands for dynamic host configuration protocol so DHCP is a network management protocol used to dynamically assign an Internet Protocol address to any device on a network so they can communicate using IP now DHCP automates and centrally manages these configurations rather than requiring some network administrator to manually assign IP addresses to all the network devices so DHCP can be implemented on small or small local networks as well as large Enterprises now DHCP will assign new

IP addresses in each location when devices are moved from place to place which means Network administrators do not have to manually initially configure each device with a valid IP address so if a device has a new IP address is moved to a new location of the network it doesn't need any sort of reconfiguration so versions of DHCP are available for use in the Internet Protocol version 4 and Internet Protocol version 6. now as you see on your screen is a very simplistic diagram on how DHCP works so let me just run you down DHCP runs

at the application layer of the TCP IP protocol stack to dynamically assign IP addresses to DHCP clients and to allocate TCP IP configuration information to dhcb clients this includes subnet mask information default gateways IP addresses domain name systems and addresses so DHCP is a client server protocol in which servers manage pool of unique IP addresses as well as information about client configuration parameters and assign addresses out of those address pools now DHCP enabled clients send a request to the DHCP server whenever they connect to a network the clients configured with dncb broadcasts a request to

the DHCP server and the request network configuration information for local network to which they attached a client typically broadcasts a query for this information immediately after booting up the DHCP server responds to the client request by providing ipconfiguration information previously specified by a network administrator now this includes a specific IP address as well as for the time period also called lease for which the allocation is valid when refreshing an assignment a DHCP client requests the same parameters with a DHCP server May assign a new IP address based on the policies set by the administrator now

a DHCP server manages a record of all the IP addresses it allocates to networks nodes if a node is re-allocated in the network the server identifies it using its media Access Control address now which prevents accidental configuring multiple devices with the same IP address now dhap is not a routable protocol nor is it a secure one DHCP is limited to a specific local area network which means a single DHCP server per Lan is adequate now large networks may have a wide area network containing multiple individual locations depending on the connections between these points and the

number of clients in each location multiple DHCP servers can be set up to handle the distribution of addresses now if Network administrators want a DHCP server to provide addressing to multiple subnets on a given Network they must configure the HCB relay Services located on interconnecting routers that the sap request to have to cross now these agents relay messages between DHCP client and servers DHCP also lacks any built-in mechanism that would allow clients and servers to authenticate each other both are vulnerable to deception and to attack where row plans can exhaust the DHCP server's pool okay

so let's move on to our next topic and that is why use DHCP so I just told you that DHCP doesn't really have any sort of authentication so it can be folded really easily so what are the advantages of using DHCP so DHCP offers quite a lot of advantages firstly is IP address management a primary advantage of dsap is easier management of IP addresses in a network without DHCP you must manually assign IP address you must be careful to assign unique IP addresses to each client and to configure each client individually if a client moves

to a different network you must make manual modifications for that client now when DHCP is enabled the dlcb server manages the assigning of IP addresses without the administrator's intervention clients can move to other subnets without panel reconfiguration because they obtain from a DHCP server new client information appropriate for the new network now apart from that you can say that the hcp also provides a centralized net for client configuration it has support for boot TP clients it supports of local clients and remote clients it supports Network booting and also it has a support for a large

Network and not only for sure like small scale networks but for larger networks as well so that way you see see DHCP has a wide array of advantages even though it doesn't really have some authentication so because of these advantages DHCP finds widespread use in a lot of organizations okay so that winds up the hcp for us so now let's move on to our next topic for this video and that is address resolution protocol now address resolution protocol is a protocol that is used in the local area network so let me just give you a

brief introduction to it and then we'll get into how we can use it as an ethical hacker for looking into stuff and looking into vulnerabilities and looking if somebody is actually being hacked or something like that okay so first of all as I just said address resolution protocol is a local area network protocol it basically works when you're using a lan so suppose you have a bunch of computers that are connected over a lan and they have the following IPS which is 192.168.1.31 followed till 32 33 34 so these are the computers and this is

the scenario how the art protocol works is that when suppose the red computer out here wants to send a piece of data or a packet or a datagram to this yellow computer that is the IP that it's calling out so it'll call uh it'll broadcast over the Lan saying a who is message like who is 192.168.1.133 and they will be constantly listening for a reply after that so they send out a packet and they don't really know which machine to send it to because nobody has responded yet so after that the red computer asks who

is 192.168.133 and after that the yellow computer recognizes that it has the same IP address and he'll say that hey here's my Mac address so we can communicate more easily in the future so this Mac address is going to be tied into this IP address and thing called the ARP table I'm going to show you the app table right now in just a few minutes now what you have to understand is that this is actually exploitable because there is no validation anybody he can come into this situation and just lie so suppose that 192.168.1.31 and

there's this yellow computer and we also have this other computer with the blue computer and this is not supposed to be on the line but somehow this guy got into the building and he just connected a lan wire and now he's on the network now what he can do is that he can catch the packet that you are sending and then send it to 192.168.133 Simply by lying when the ARP protocol is running and saying that yep um actually the yellow computer so send your data to me and then he'll modify the data and send

it to the yellow one and when the reply comes it'll also be forwarded to the blue computer so what I'm explaining out here in the scenario is actually called a man in the middle attack okay so that was about the r protocol now let's talk about how we can use the our protocol for our advantage or as an ethical Hackle okay so now that we know how our actually works let me show you how you can access the ARP table of your computer so all you have to do is just open up command prompt and

oligo is our a now this is not specific to Windows it can be run on any machine that has this tcpi pseudo protocols installed on his computer so every computer system what is called an ARP table and the reason it's called an ARP table is because it matches a layer 2 or physical address or Mac address to an IP address and that's what our address resolution protocol is and what it resolves is an IP address to a MAC address or a physical address and the Mac or physical address are interchangeable because they mean the same

thing the reason it's called the physical address is because it is a physically on a network interface which is a of course a physical device so it's sometimes called a physical address that's sometimes called a MAC address for media access control so I might use Mac address and I might use physical address to make a particular point but it means the same thing so you can see here that the IP address and there are the Mac addresses so these are the IP addresses and these are the Mac addresses and they're listed in the art table

and I've done minus a which means show me all your ARP entries while I'm doing this on a Windows system as I just said it's possible on a Linux system and anything with a TCP so the protocol is installed because it's an important utility to have in order to help diagnose any issue with your network problems so this is how you would display an ARP table and as I said ARP is just mapping from IP address to MAC address so let me show you how the protocol looks like when it's actually working so let's head

over to Wireshark so we choose the interface that we want to see okay now all we do is put on a filters that says arp so if you guys see out here there is this our pockets that we are finding so this is how it looks like and I just said that it's a who has and a tell me now there is no authentication so when this guy is looking for okay so who has 192.168.2.1 now if we eat the hardware and if you see out here the MAC address that the target Mac address is

empty because it hasn't gotten a reply yet now when the MAC address is given they just interchanged and it is sent back so the sender Mac address is a broadcom and barshall does a really neat job at getting out the vendor names from the DNS I mean from the MAC address so there's this astrock thing then there's Google as I just saw out here some Google phone I guess maybe an Android I'm not really sure this is how ARP looks like and this is how ARP works and if you're trying to do a man in

the middle attack and you shouldn't be trying do that because that's completely unethical but just in case you were trying to force a man in the middle attack you could just try to forward the IP to your own address and just spoof your name while arping it so you can use other tools like error gap for that now that was all about our now let's move on to our next topic so our next topic has come up right after ARP because while studying about ARP you must have realized that I told you that ARP has

no sort of validation so how could that exactly be fixed so if the data that actually is being transferred over Lan is encrypted using cryptography ARP can actually be used very validly I mean what you want to do is you want to hide what you're actually sending before sending it out on a local network so that people who are not supposed to get it can't actually see it now let's first tackle the question what exactly is cryptography so cryptography is basically the art of hiding any thing now when talking about computers and computer science in

general it includes hiring data so now cryptography doesn't really actually start with the new age it's been there for a long long time since the time of Julius Caesar and all we'll be talking about the history of cryptography right now but what I want you to understand is that when a message is sent a key is actually used along with an encryption algorithm now this key is also sent to the other person and how this key is sent we'll get into that later so what you want to basically understand for now is a message is

encrypted using an encryption algorithm which takes the key and the message as parameters then on the other side of the message with the ciphertext that is after encryption you get something called ciphertext because it has to be deciphered now so Cipher is just a word a Latin word I guess or a Greek word I'm not really sure that means to hide so first you encrypt your message message then you decrypt your message with the ciphertext and the decryption key which is most of the time the same as the encryption key and when we're talking a

symmetric key cryptography so use the decryption key and the message along with the decryption algorithm and you get the same message on the other side so basically it's like a password it's a it's a password protect for messages and it's a fancy way to say that and that is cryptography so let us go into the history of cryptography now so let me give you a brief history of cryptography now cryptography actually goes back several thousand years before shortly after people began to find ways to communicate there were some of us who were finding ways to

make the understanding of that communication difficult so that other people couldn't understand what was going on and this led to the development of Caesar Cipher that was developed by Julius Caesar and it's a simple rotation Cipher and by that I mean that you rotate a portion of the key in order to generate the algorithm so here's an example we've got two rows of letters and that are alphabetical in order and means we basically written the alphabets down and the second row is shifted by three letters so a b is a z actually because if you

move that way uh B is a z from the first row gets shifted back to the second row and then the letter D becomes the letter c so there's that's an example of how encryption works so if you try to encrypt a word like hello it would look completely gibberish after it came out of that algorithm so if you count the Letters Out you can see that letter H can be translated to a letter L so that's a Caesar Cipher now you must have heard of things like rot 13 which means that you rotate the

13 letters instead of three letters that's what we can do here again and this is just a simple rotation Cipher or sieves a cipher that's what of course the rod stands for it's rotate or rotation now coming forward a couple thousand zeros we have the Enigma Cipher now it's important to note that the Enigma is not the word given to this particular Cipher by the people who developed it it's actually the word given to it by the people who are trying to crack it the Enigma Cipher is a German Cipher they develop the cipher and

machine that was capable of encrypting and decrypting messages so they good messages to and from different battlefields and warfronts which is similar to the Caesar Cipher Caesar used it to communicate with his Battlefield generals and the same thing with the Germans you've got to get messages from headquarter down to where the people are actually I think and you don't want it to get intercepted in between by the enemy so therefore you use encryption and lots of energy was spent by the Allies in particular the British trying to decrypt the messages one of the first instances

that we are aware of where a machine was used to do the actual encryption and we're going to come ahead a few decades now into the 1970s where it was felt that there was a need for a digital encryption standard now the National Institute of Standards and technology is responsible for that sort of thing so they put out a proposal for this digital encryption standard and an encryption algorithm what ended up happening was IBM came up with this encryption algorithm that was based on the Lucifer Cipher that was one that people had been working on

on a couple of years previously in 1974 and they put this proposal together based on the Lucifer Cipher and in 1977 that proposal for an encryption algorithm was the one that was chosen to be the digital encryption standard and so that came to be known as deaths over time and it became a imagine that there was a problem with this and that was it only had a 56-bit key size and while in the 1970s that was considered adequate to defend against brute forcing and breaking of Code by 1990s it was no longer considered adequate and

there was a need for something more and it took time to develop something that would last long for some long period of time and so in the meantime a stop Gap was developed and this top Gap is what we call the triple Des the reason it's called triple Dash is you apply the Des algorithm three times in different ways and you use three different keys in order to do that so here's how triple Dash Works your first 56-bit key is used to encrypt the plain text just like you would do with the standard digital encryption

standard algorithm where it changes and you take that ciphertext that's returned from the first round of encryption and you apply the decryption algorithm to the ciphertext however the key thing to note is that you don't use the key that you use to encrypt you don't use the first key to decrypt bit because otherwise you'll get plain text back so what you do is you use a second key with the decryption algorithm against the ciphertext from the first round so now you've got some ciphertext that has been encrypted with one key and decrypted with the second

key and we take the ciphertext from that and we apply a third key using the encryption portion of the algorithm to that Cipher encryption portion of the algorithm to that ciphertext to receive a whole new set of ciphertext obviously to do the decryption you do the third key and decrypt it with the second key you encrypt it and then with the first key you decrypt it and so you do reverse order and the reverse algorithm at each step to apply Triple S so we get an effective key size of about 168 bits but it's still

only 56 bits at a time now I said triple Dash was only a stop Gap what we were really looking for was the advanced encryption standard once again and nist requested proposals so that they could replace the digital encryption standard in 2001. after several thousands of looking for algorithms and looking them over getting them evaluated and getting them looked into this selected an algorithm and it was put together by a couple of mathematicians the algorithm was called raindall and that became the advanced encryption standard or AES it's one of the most advantages of AES is

it supports multiple key lens currently what you'll typically see is as we are using 120 bit Keys however AES supports up to 256-bit keys so if we get to the point where 128 bit isn't enough we can move all the way up to 256 bits of key material so cryptography has a really long history currently we are in a state where we have a reasonably stable encryption standard in AES but the history of cryptography shows that with every set of encryption eventually people find a way to crack it okay so that was a brief history

of cryptography now what I want to do is let's go over and talk about AES Triple S and this in themselves because they are some really key cryptographic moments in history because they are some really key historic moments in the history of cryptography now we're going to talk about the different types of cryptographic ciphers and primarily we're going to be talking about desk triple this and AES now this is the digital encryption standard it was developed by IBM in the 1970s and originally it was cryptographic Cipher named Lucifer and after some modifications IBM proposed it

as the digital encryption standard and it was selected by the digital encryption standard ever since then it's been known as Des now one thing that caused a little bit of controversy was during the process of selection NSA requested some changes and it hasn't been particularly clear but changes were requested by the NSA there has been some speculation that wondered if the NSA was requesting a back door into this digital encryption standard which would allow them to look at encrypted messages in the clear so basically it would always give the NSA the ability to decrypt Des

encrypted messages it remained the encryption standard for the next couple of decades or so so what is this and how does it Network basically it uses 56-bit Keys rather than a stream Cipher it's a block Cipher and it uses 64-bit blocks and a 1998 desk was effectively broken when a dash encrypted message was cracked in three days a year later a network of 10 000 systems around the world cracked the dash encrypted message in less than a day and it just got involved since then with modern computing power being what it is since deaths was

actually created we already had come to the realization that we needed something else so Along Came Triple S now triple this isn't three times the strength of this necessarily it applies there's just three times and what I mean by that is what we do is we take a plain text message then let's call that P and we're going to use a key called K1 and we're going to use that key to encrypt the message and use a key that will we will call K1 and we're going to use that to encrypt the message and that's

going to result in the ciphertext and we'll call the C1 so C1 the output of the first round encryption we're going to apply a second key and we'll call that K2 with that second key and we're going to go through a decryption process on C1 since it's the wrong key we are not going to get plain text out on the other end what we're going to get is another round of ciphertext and we will call this C2 what we do with C2 we are going to apply a third key and we will call this K3

and we're going to encrypt ciphertext C2 and that's going to result in another round of ciphertext and we will call that C3 so we have three different Keys applied in two different ways so with key one and key three we do a round of encryption and with key two we do a round of decryption so it's an encrypt decrypt encrypted process with separate keys while that doesn't really yield a full 168-bit key size the three nouns of encryption yields an effective key size of 168 bits because you have to find 356 bit keys so speaking

of that technical detail for triple deaths we are still using the test block Cipher with 56-bit keys but since we've got three different Keys we get an F active length of round 168 bits triple Dash was really just a stop Gap measure we knew that if desk could be broken triple Dash could surely be broken with just some more time I guess and so the nist was trying to request a standard that was in 1999 and in 2001 this published an algorithm that was called AES so this algorithm that was originally called raindall was published

by nist as the advanced encryption standard some technical specifications about AES is that the original riendoll algorithm specified variable block sizes and key lens and as long as those lock sizes and key lengths were multiples of 32 bits so 32 64 96 and so on you could use those block sizes and key lens when AES was published a specified a fixed 128-bit block size and key length of 128 192 and 256 as with three different key lengths but one block size and that's a little bit of detail about test Triple S and as so when

AES was published asp specified a fixed 128-bit block size and a key length of 128 192 and 256 bits so we've got with aes3 different key lens but one block size and that was a little bit of detail about this triple Dash and AES we'll use some of these in doing some Hands-On work and the subsequent part of this video okay so now that I've given you a brief history of how we have reached the encryption standards that we are following today that is the advanced encryption standard let's go ahead and talk a little bit

more about desk triple Dash and AES so this is a digital encryption standard it was developed by IBM in the 1970s and originally it was a cryptographic cipher named Lucifer and after some modifications IBM proposed it as a digital encryption standard it was selected to be the digital encryption standard and ever since then it's been known as Des or Des one thing that caused a little bit of controversy was during the process of selection the NSA requested some changes and it hasn't been particularly clear what changes were requested by the NSA there has been some

sort of speculation that wondered if the NSA was requesting a back door into this digital encryption standard which would allow them to look at encrypted messages in the clear so basically it would always give the NSA the ability to decrypt this encrypted messages it remained the encryption standard for the next couple of decades or so and what is this and how does it work now tests Remain the digital standard for encryption for the next couple of decades so what does it do and how does it work so basically it uses a 56-bit key rather than

a stream Cipher it's a block Cipher and it uses 64-bit blocks and in 1998 if you know this was effectively broken when a desk encrypted message was cracked in three days and then a year later a network of 10 000 systems around the world cracked the dash encrypted message in less in a day and it's just gotten worse since then with modern Computing being what it is today now since this was created and broken we knew we needed something and what came in between Advanced encryption standards and this is Triple S now triple Dash isn't

three times the strength of this necessarily it's really Des applied three times and what I mean by that is we take a plain text message then let's call that P and we're going to use a key called K1 and we're going to use a key to encrypt the message and that's going to result in the cipher text one so we'll call that C1 now C1 is the output of the first round of encryption and we're going to apply a second key called K2 and with that second Wiki we are going to go through a decryption

process on C1 now since it's the wrong key we are not going to get the plain text out of the decryption process on the other end we are going to get another round of ciphertext and we're going to call that C2 now with C2 we are going to apply a third key and we are going to call that K3 and we're going to encrypt ciphertext C2 and that's going to result in ciphertext C3 so we have three different Keys applied in two different ways so with key E1 key 3 we do a round of encryption

with key2 we do around a decryption so it's basically an encrypt decrypt encrypt process with three separate keys but what it does really is it doesn't really yield a 168-bit key size because in Effectiveness it's basically 56-bit keys that are being used Thrice whether it be three different keys so in Effectiveness you could say that it's a 168-bit key but it is not the same strength because people realize that triple Dash can be easily broken because if this is broken you can do the same thing with three different ways with whatever key that you use

so it just takes long time to decrypt if you don't know the tree and if you are just using a Brute Force attack you know that triple test can be broken if tests can be broken so triple Dash was literally a stop gap between this and yes because people knew that we needed something more than Triple S and for this the nist or the National Institute of Standards and technology in 2001 they chose as the algorithm that is now called Advanced encryption algorithm so it was originally called the raindall algorithm and a the main thing

about the raindall algorithm and the advanced encryption standard algorithm is that the raindall algorithm specifically States in its papers that it has available block size and available key size as long as they are in multiples of 32. so 32 64 96 like that but what AES does differently is that it gives you one block size that is 128 bits and gives you three different key sizes that is 128 192 and 256. so with AES three different key lens but one block size okay so that was a little bit more information on AES des and Triple

S and we are going to be using this information in some subsequent lessons Okay now moving on okay so now that we've discussed the different history of cryptography and people are involved in cryptographic algorithms let's discuss the different types of cryptography now the first type of cryptography I'm going to talk about is symmetric cryptography and by symmetric cryptography I mean that the key is the same for encrypting or decrypting so I use the same key whether I am encrypting the data or decrypting data one of the things about symmetric key cryptography is that they use

a shorter key length than for asymmetric cryptography which I'll get into a couple of minutes it's also faster than asymmetric and you can use algorithms like Des or AES as those are both symmetric key cryptography algorithms and you can use a utility like AES script let me just demonstrate how symmetric key cryptography works so for this we can use a tool called aescript so in aescript is actually available for Linux and Windows and Mac all the systems so I'm using it on the Windows one and I'm using the console version so first of all I

have a text file called text.txt so let me just show that to you so we as as you guys can see yeah I have this thing called text.txt now to do text.txt all I let me just show a text.txt contains so as you guys can see it has a sentence called quick brown fox jumped over the lazy dog so that's the sentence that has all the alphabets in the English language rather so now we are going to try and encrypt it so we can use something like AES or Des because both of them are symmetric

key ciphers symmetric key algorithms rather so we are using AES in this case so what we're going to do is say aescript we're going to encrypt it and we're going to use the password of let's say um Pokemon we're going to call it Pokemon and we're gonna do text.txt we're gonna encrypt that file so now we have encrypted that let's go see we must be having a new file so this is called text.txt.as so that is our encrypted file and this is what we would generally send over the network if we are sending it to

anybody so let's assume the the person who's received it also knows our encryption algorithm I mean encryption algorithm and the key that goes along with it so let's try to decrypt it now now before I decrypt it let me just show you what an encrypted message looks like so this is what the ciphertext looked like a s no text dot txt dot AES so yeah as you guys can see the windows control you feed everything but if I were to go here if I were to just go into the file and just add a notepad

plus plus you'll see that it's a bunch of crap you really can't make out anything what is being made here we can't really decipher much so that's the point of using encryption now if you were to decrypt it all you have to do is aescript uh you're trying to decrypt we're trying to give the password is going to be what was the password Pokemon okay so and we're gonna try and decrypt text.txt.as let's dir that again okay so that just decrypts our message for us so this is how you would use a script for encryption

and decryption so that just descriptive and that's how you would use symmetric key encryption to encrypt the file for this example symmetric key uses the either a stream Cipher or a block Cipher and the differences between stream or block ciphers is that block takes a block of bits at a time and it's a fixed length so for example 64 bits if I were to use a block Cipher with 64 bits I would need to take in 64 bits before I could start encrypting now if I didn't have 64 bits to encrypt I would have to

fill it with padding in order to get up to 64 bits a stream Cipher on the other hand it will encrypt a bit at a time so it doesn't matter how many bits you've got you don't need to have some multiple of the block lens in order to encrypt without padding and another type of cryptography is asymmetric now asymmetric as you would expect uses two different keys and that's where we have public key and private key asymmetric key cryptography uses a longer key length and it also has more computation and the encryption process is slower

with a symmetric key encryption and the encryption process is slower than with the symmetric key encryption one of the uses for symmetric key is for signing documents or emails for example where I would have the private key sign something and the public key would be used to verify a signature and another reason for using asymmetric key encryption is to ensure that you got it from who actually sent it since you've got two keys you always knew who the other end of the equation is wherever symmetric key since it's just one key if you can intercept

the key you can decrypt and also encrypt messages and so if somebody can figure out the key you can break into a communication stream using symmetric key encryption so asymmetric gives you the advantage of ensuring that the other end is who the other end says and they are since they're the only ones who should have the private key and in this particular instance in practice however however hybrid encryption models tend to be used and that's where you would use asymmetric encryption to encrypt asymmetric session keys so basically you to encrypt the message that you are

sending using symmetric key encryption and then you when you're exchanging the key with somebody else you use asymmetric key encryption so this is going to be a slower process you probably won't want to use it for small files in order to do that fortunately the file example that I have is a smaller one so I'm going to try and generate a key right now so for this we have to head over to our Ubuntu system so let's see let me show you how public key encryption actually works and we are going to first create a

key so let me just clear this out for you so first of all let's create a file and let's call that text.txt now if you see we are gonna edit text.txt to have some file so have some text in it so that seems to be a warning with the gtk I'll just use Echo instead so now let's see if that is in our file okay so let me just show you how asymmetric key encryption or public key cryptography works so first of all we need a text file so let me see do we have a

text file so there seems to be a text.txt so let's see what this text.txt says so it says that this is a random text file now what we want to do is we want to create a public key first so I'm going to use open SSL for doing this so we go open SSL and we are going to use it with RSA so we're trying to generate a key so generously and we're going to use this three to use this and we're going to Output it into a file called private dot key so we are

also going to be using a 4096 bit so this is going to be our private key so this will create a private key using RSA algorithm so let it work its way out so first of all it's asking me for passphrase now so since you can protect your keys with the passphrase so I'm just going to use my name okay so now we see if we LS and we have a private dot key I guess yep so we have this private dot key now we're using this private key we are going to generate a public

key so for this I'm again going to be using openssl and openssl is a Unix based so you will need a Unix system so you go RC utl that's RSA utility and what we want to do is encrypt and we want the public key in N key and we want to use the public key that we just generated I'm sorry guys so we are going to be using RSA so first of all we need to generate a public key so for that we use the private key so we will give the private key as an

argument after the in flag so private dot key and we are trying to get out a public key so pop out and we're going to call it public dot key okay so there seems to be okay uh I messed it up a little I forgot to give the output so you go out and then you use public dot key so it's asking me for my passphrase and now it's writing the RC key and since the password was correct we have a public key too so if you see now we have a public key and a

private key so we are going to encrypt our file using the public key so we go open SSL and we go RSA utl and we go encrypt and we can do Pub in so we are going to use the public key and we want to put the text.txt as the file to be encrypted so text.txt and what we want to Output is an encrypted file so encrypted.txt okay and you call it open SLL let me go and edit that out now yeah so that makes it a correct command and now we have an encrypted file

so let's see Alice and yep encrypted.txt so if we just cut that out so basically it's a bunch of garbage and we really can't read it unless we decrypt it so we're decrypting the key all we have to do is again use openssl let's clear this out first so open SSL and we are going to be using the RSC utility again so RSA utl we're going to decrypt this time so we go with the decrypt flag and then we are going to be giving the in key and that is going to be the private key

and what we want to decrypt is encrypted Dot txt and what we want to Output it is as let's say plain text Dot txt so it's going to ask me for my passphrase which is my name and I've entered the passphrase and now we have a plain text.txt now if we are to go in LS we see that we have a plain text.txt out here just pretlight info.txt now let me just cut that out so plain text Dot dxt so this is a random text file and if you go up we see that it was

a bunch of garbage and before that it was a random text file now you can also run this command called if plain text Dot txt text Dot txt so this will give you a difference in the text rings so it's zero so it gives you that's the difference so both files are the same and that's how publicly cryptography works and how symmetric key cryptography works okay now moving ahead of cryptography let's talk about certificates okay so now that we're done with cryptography let's talk about digital certificates so what is a digital certificate well a digital

certificate is is an electronic password that allows a person organization to exchange data securely over the internet using public key infrastructure so digital certificate is also known as a public key certificate or an identity certificate now digital certificates are a means by which consumers and businesses can utilize the Security application of public key infrastructure public key infrastructure comprises of the technology to enable and secure e-commerce and internet-based communication so what kind of security does a certificate provide so firstly it provides identification and authentication the person or entities with whom we are communicating are really who

they say they are so that is proved by certificates so then we have confidentiality the information within the message or transaction is kept confidential it may only be read and understood by the intended sender then there's Integrity there's non-repidiation the center cannot deny sending the message or transaction the receiver will get to know repudiation and I'll explain how non-repidation comes into digital certificates so so digital certificates are actually issued by authorities who are business who make it the business to actually certificate certify people and their organization with digital certificates now you can see these on

Google Chrome now let me just open Chrome for you guys and you can see it out here you can see certificates and you can go into the issuer statements and you can go and all sorts of stuff so you can see it's issued by encrypt Authority X3 so that's an issuing authority for digital certificates now that was all about the theory of certificates let's go and see how you can create one so to create a digital certificate we are going to be using the open SSL tool again so first of all let me show you

how to create a certificate so we are going to be using the open SSL tool for that so first of all let me clear the screen out so in this case I'm going to generate a certificate Authority certificate so I'm doing an artistic key here to use inside the certificate so first of all I need to generate a private key so to do that as I had just showed you guys we can use the openssl tool you go open SSL and gen RSA and we're going to use test3 then we're going to out it and

let's call it ca.key and we're going to use 4096 bits so I'm doing an RSA key here to use inside the certificate so I'm generating a private key and the private key is used as a part of the certificate and there's a public key associated with the certificate so you've got public and private key and data gets encrypted with the public key and then gets decrypted with the private key so they are mathematically linked at the public and private key because you need one for the end of the communication the and the other for the

other end of the communication and they have to be linked so that the data that gets encrypted with one key gets to be decrypted with other key so this is asking for a passphrase and so I'm gonna be giving my name as a passphrase so that has generated the key for us so now I'm going to generate the certificate itself so I'm going to be using the open SSL utility so first of all you say open SSL you say request so it'll be a new request and it's going to be an x509 request it's going

to be valid for 365 days and let's see the key is going to be ca.key and we're going to Output it into CA or let's call it edureka dot CRT so this is certificate that I'm producing in the name of the company that I'm working for so that is Eddy record so it says it's unable to load the private key let me just see there's the private key existing I had a previous private key so let me just remove that does it have a CA dot key seems like I put the name differently so let

me just try that again open SSL then we do request so we're requesting new certificate and it's going to be x509 and it's going to be there for 365 days and key is CA dot key apparently that's first call out here so and it's going to be out into any record dot CRT let's see whatever so let's enter the passphrase so it's my name so now it's going to ask me a bunch of information that's going to be inside the certificate so let's say it's asking the country name again so let's put in the state

okay so I N uh State Province name some state so Bangalore locality let's say Whitefield organization name is edureka unit name brain Force common name let's leave that out email address let's leave that out too and we have our certificate so if you go and list out your files you'll see that there is a certificate called anyreka dot CRT out here which is highlighted okay so now if you want to view this file you could always use the open SSL you can always use the open SSL utility so you say you want to read an

xo59 request and you want to then text and what you want to see is at your record.crt okay so that is the certificate so you see that it has all the signature it has signature algorithm it has all the information about the certificate and it's a signature issuer is cin and state Bangalore in location Whitefield Iraq are brain Force validity it has all sorts of information so that was all about digital certificates how who issues digital certificates where are they useful so this is basically non-repudiation so nobody can say it with this certificate like if

this certificate is included in some sort of a website and that website tends to be samples malicious and there's a complaint now the website can't go to a code of law and say they didn't know about this because the certificate that was included had their private key and the private key was only supposed to be known to the company so that is not repudiation you just can't deny that you didn't do it okay so that was all about certificate now moving on okay so moving on we are going to be talking about cryptographic hashing now

while the word cryptographic is in the term cryptographic hashing and it does lead you to believe that there is encryption involved there is no encryption involved in a cryptographic hash there is a significant difference between hashing and any sort of encryption and that is primarily that encryption is a two-way process when I encrypt a piece of data or a file or anything else what I'm doing is putting it into a state where I expect it to be able to get it back out again in other words when I encryptophile expect it to be able to

decrypt the file and get the original contents hashing is a one-way function on the other hand once I've hashed a piece of data or a file there is no expectation and ability to get the original piece of data back hashing generates a fixed length value and different types of hashing will generate different length values for example md5 will generate a different length value than sha1 and they're both hashing algorithms but they generate different length values and the resulting value from a hash function should be no relation at all to the original piece of data as

a matter of fact if two inputs generate the same hash value it's called the collision and if you can generate collisions you may be able to get a point where you can generate a piece of data that are going to generate the same hash values and that leads you to the potential ability to break the particular hashing algorithm that you are using so what we can use hash is for well one thing we can use hash is for file Integrity we can run a hash on a file and get a value back and later we

can check that the value to make sure if it's the same if it's the same I can be sure that the same file was hashed in both instances so let me just show you an example of what I just said that if we Hash a file we'll get the same hash every time so remember the certificate that we just created let me just log in again so we are going to Hash this certificate and it will create a certain hash and we are going to see that every time we hash it we are getting the

same hash so we can use this command called md5 sum and we can do edureka.crt so this is the harsh produce after you've hashed at ureca.crt so if I do an md5 again so md5 is a hashing algorithm that you should know of so at eureka.crt and it will produce very similar hash let's see if Xiao one works like this so Shaman edureka dot CRT okay Shawan is Shah the Shah from the Shah utils package okay so I've proved my point that with md5 which is cryptographic hashing algorithm we are getting the same hashback so

if you are able to produce the same hash that means you have broken the algorithm in itself so if you run md5 or Linux you can get a version of md5 and md5 summation program on Windows and Mac OS where with the utility md5 which does the same thing so I just showed you the file and I hashed it and another reason we use hashing is we are storing passwords so passwords are stored after hashing we hash the passwords and the reason for hashing passwords is so you're not storing the password in clear text which

would be easily seen even if you got it protected with permissions if I hashed password every time I hash that password I'm going to get the same value back from the same algorithm so what I do is store the hash and some sort of password database since it's a one-way function you can't get the password back Direct actually from the hash now what you can do with most password tracking programs do some variation of this and you just generate hashes against list of words and you look at a hash value that matches the one in

the password once you get the hash that matches the one in the password you know what password is there and here and we come back to the idea of collisions if I can take two different strings of characters and get the same values back and it's easy to crack the password because I may not necessarily get the password but if the hash that I get back from a particular string of data is the same as that I get from the original password then it doesn't matter whether I know the password because the string of data

that I put in is going to generate the same hash value that you're going to compare when you log in and this hash value will just give you that is valid and you'll be able to log in so suppose the password that you chose while making your account is dog and the dog word produces this hash value and if I were to like hash cat with the same algorithm and if the algorithm is prone to collisions it might produce the same hash value as spelled so with the password cat I could open up your password

I mean I could open up your account so that was all about hashing and hashing algorithms let's move on now okay so in this part of the video we're going to go over SSL and TLS now SSL and TLS are ways of doing encryption and they were developed in order to do encryption between websites web servers and clients or browsers as L was originally developed by a company called Netscape and if you don't remember Netscape eventually spun off their source code and became Mozilla project where we get Firefox from so back in 1995 an escape

released version 2 of SSL and there was a version one but nothing was ever done with it so we got the version 2 of SSL and that was used for encryption or web transmission between the server and the browser to do a whole number of flaws between the server and the browser now SSL version 2 had a whole number of flaws and SSL 2 has the type of flaws that can lead to decryption of messages without actually having the correct keys and not being the right endpoints and so Netscape released SSL version 3 in 1996

and so we get SSL 3.0 which is better than 2.0 but it still had some issues and so in 1999 we ended up with DLS now SSL is secure socket layer and TLS is transport layer security they both accomplish the same sort of thing and they're designed for primarily doing encryption between web server and web browsers because we want to be able to encrypt the type of traffic so let me show you what kind of traffic looks like so first of all let me open bar shop and out here I already have a TLS scan

ready for you guys that you can see we have all sorts of TLS data so you can see that here's my source and it's 1.32 and destination is 7612.40 59.46 doing its land key exchange and the chain Cipher spec and encrypted handshake message and then we start getting application data so there are some other steps involved here and you're not seeing all of it with this particular Wireshark capture because again you know we get fragmented packets and at some point it starts getting encrypted and you can't see it anyways because why shark without having the

key can't decrypt those messages but what ends up happening is the client sends a hello and the server responds with a Hello and they end up exchanging information as part of that now including version number supported and you get random number and the client's going to send out a number of Cipher suits that may want to support an order and it can support the server and it's going to pick from those Suite of Cyprus now then we start doing the key exchange and then do the change side perspect and from the client and server and

eventually the server just sends a finished message and at the point we've got this encrypted communication going on but there's this handshake that goes on between the two systems and there's a number of different types of handshakes depending on the type of endpoints that you've got but that's the type of communication that goes on between servers and the client one important thing about using SSL and TLS is as I mentioned some of the earlier versions had vulnerabilities in them and you want to make sure that the servers aren't actually running those so you want to

run some scans to figure out the type of calls and ciphers that different systems use so for this we can use something called SSL scan so this is available for Unix I'm not really sure if there is something that is similar for Windows or Mac but on a Unix based system that is Linux we can use SSL scan so let me just show you how to use that clear this part out so we what we can do is run SSL scan again suppose www.edurecord.com so I'm going to do an SSS scan here against the website

and you can see it's going out and probing all the different types of ciphers that we know on this system start with SSL V3 and are going to the TLs version one and we could force SSS scans to try to do an SSL V2 if I scroll back up here I get the surface ciphers which is SSL version 3 it's using RSA and it's using RSA for the asymmetric now in order to do the key exchange and once we get the session key up we're going to use AES 256 and then we're going to use

the secure hash algorithm to do the message authentication or the Mac it sometimes calls the hmac for the hashed message authentication code and what it does it simply hashes the MAC address that you would check one side against the other to make sure that the message hasn't been fitted with in transmission you can see here all the different types of Cipher suits that are available here's TLS running rc4 at 40 bits using md5 so that would be a pretty vulnerable type of communication to use and between the server and the client the 40-bit cipher using

our C4 is a low strength Cipher and we would definitely recommend that client remove those from the supported ciphers that they have on their server all that configuration would be done at the web server as well as when you generated your key and your certificates normally certificates would be handled by a certificate Authority now you can also sell signed certificates and have those installed in your web server you know or do Communications with your clients in fact the challenge with that is browsers today warn when they see a certificate against a certificate Authority that is

entrusted of it and it doesn't have any certificate Authority at all so you'll get a warning in your browser indicating there may be a problem with your certificate if your clients are Savvy enough and if the users are Savvy enough you may be able to make use of these self fine self-signed certificates and save yourself some money but generally it's not recommended simply because clients are starting to get these bad certificates and when they run across one that's really a problem a real Rogue certificate they're going to ignore the certificate message in their browser and

just go to these sites that could have malicious purposes in mind and may end up compromising the clients or your customers or users so that's SSL and TLS and how they work and negotiate between servers and endpoints okay so now that we've talked LS and SSL let's talk about disk encryption now this encryption is actually something that was not really difficult to do but sort of out of the reach of normal desktop computers for a really long time although there have long been ways to encryption of files and to a lesser degree maybe entire disks

as we get faster processors certainly encrypting the entire disks and being able to encrypt and decrypt on the fly without affecting performance is something that certainly comes with Within Reach and it's a feature that shows up in most modern operating systems to one degree or another now these days we are going to look at a couple of ways here of doing disk encryption I'm going to tell you about one of them first and it's not the one I can show I can't really show the other one either so with Microsoft their Windows system have this

program called BitLocker and BitLocker requires either Windows Ultimate or Windows Enterprise I don't happen to have either versions so I can't really show it to you but I can tell you that BitLocker has ability to do entire disk encryption and they use AES for the encryption Cipher and the thing about BitLocker is that they use a feature that comes with most modern systems particularly laptops they'll have a chip in them that's called The Trusted platform module or TPM the TPM chip is part what it does is it stores the keys that allows operating system to

be able to access the disk through this encryption and decryption process and they use a pretty strong encryption Cipher which is a yes but you have to have one of the couple of different versions of Windows in order to be able to use BitLocker and some of those things you would normally run in an Enterprise and so that's why they included in on its Enterprise version now on the macro side they have this thing called file Vault and you'll see in the system preferences on the security and privacy if you go to filevault you can

turn on file Vault now I if you have the little button that there says turn on firewall then you can turn on the file wall and it would ask you about setting up keys and it works similar to Windows BitLocker now pgp happens to have the ability to do disk encryption and you can see that in the case of this you've burned the system they've got a package called gdecrypt which is a GUI that allows you to map and mount a created encrypted volume so I could run gdecrypt and it would help me set up

the process of encrypting the volumes that I've got on my system now this encryption is a really good idea because when you are working with clients the data is normally very sensitive so as I mentioned you can always use things like BitLocker and windows Vault or other search softwares for disk encryption so what I mentioned before is now not only possible it's very much a reality with current operating systems now let's talk about scanning now scanning refers to the use of computer networks to gather information regarding computer systems and network scanning is mainly used to

security assessment system maintenance and also for performing attacks by hackers now the purpose of network scanning is as follows it allows you to recognize available UDP and TCP Network Services running on a targeted host it allows you to recognize filtering systems between the users and targeted host it allows you to determine the operating systems and use by assessing the IP responses then it also allows you to evaluate the target host TCP sequence numbers and predictability to determine the sequence prediction attacks and the TCP spoofing now Network scanning consists of Network Port scanning as well as

vulnerability scanning Network Port scanning refers to the method of sending data packets via the network through computer system specified Service Port this is to identify the available Network Services on that particular system this procedure is effective for troubleshooting systems issues or for tightening the system security vulnerability scanning is a method used to discover known vulnerabilities of computing systems available on a network it helps to detect a specific weak spot in an application software or the operating system which could be used to crash the system or compromise it for undesired purposes now Network Port scanning as

well as vulnerability scanning is an information gathering technique but when carried out by Anonymous individuals they are viewed as a Prelude to an attack Network scanning processes like Port scans and pink swipe types and return details about which IP address map to active Live host and the type of service they provide another Network scanning method known as inverse mapping gathers details about IP addresses that do not map to live hosts which helps an attacker to focus on feasible addresses Network scanning is one of the three important methods used by an attacker to gather information during

the footprint stage and the attacker makes a profile of the target organization this includes data such as organization's domain name systems and email servers in additions to its IP address range and during the scanning stage the attacker discovers details about the specified IP addresses that could be accessed online their system architecture their operating systems and services running on every computer now during the enumeration stage the attacker collects data including routing tables Network user and group names simple Network management protocol data and so on now a very popular tool that is used for Network scanning is

nmap now nmap is a must-have tool for most ethical hackers and ethical throughout the industry are using this on a daily basis now what it is used for is scanning as I just said and the only bad part about edmap is it is a very noisy scanner but uh if you know some ways of IDs evasion which is the next topic that we're going to talk about you can very well do an nmap scan by being very quiet so let's go into nmap and see the different ways that we can use nmap so nmap is

originally available on a Unix system but I've also heard that it's also available on Windows systems for now I'm going to be using the Unix version so first of all let's go ahead and open up our Unix system that is running on our virtual machine now let me clear out the screen out here so I already have nmap installed but if you don't you can go apt install and map and that should install nmap for you if you're not a root user you might want to check and use the sudo command along with this thing

so I'm not really going to run this Command right now because I already have nmap installed what I'm going to do is show show you the different ways we can use nmap so when you're using a tool on your Linux the first thing that you want to do with any tool is go and type the help command so if you do help it'll show you all the stuff that you can do with nmap so as you guys can see that we can do a bunch of Target specification we do host Discovery we have different types

of scan techniques and Port specification and scan orders then there's also servers version detection and script scans so there's a bunch of things that we can do okay so now what we want to do is let me just show you how you can do all sorts of stuff so suppose you want to do an nmap scan on let's say ediorreca.go so this will start up an nmop scan on the IP address that edureka.go sits on so as you guys can see this is running an nmap scan and it can take a little bit of time

now since it's taking a lot of time I'm going to show you some other ways by just scooting out of it okay so now that I've stopped it because it was taking too much time you can specify IP address so suppose you want to 192.168.1.24 you can do an nmap scan on an IP address like that I'm also going to quit out of this because my computer is really slow and it's taking a bunch of time to actually load anything then you can also do scan on an entire subnet like suppose you want 192.168.1 then

suppose you want to do all the IPS through 1 to 24. so this is how you would do it and you can run that and then it would do an nmap scan and all those IP addresses I'm going to quit out of every scan because this computer is really really slow okay so let me show you some other flags so suppose you had a file that says targets.txt so suppose you had a file that had all the target files in it so let me just create a Target file targets.txt now you could use this file

and actually create an nmap so and actually run through all the IP addresses so suppose targets.txt had a list of IP addresses all you would have to do is nmap and IL which is basically input list so small I and capital L and then you tell the name of the target which is targets.txt okay so because that had no IP addresses that you can see Zero IP addresses scanned in 0.89 seconds so you can do that now you can also do an exclude so nmap allows you to do that with nmap you can do exclude

and suppose you want to do a scan and you want to exclude some IP address so let's see 192.168.1.1 suppose you want to exclude that so you can very well do that and it will start scanning up all sorts of stuff so that was the host name so that's why it's fair it was Target now you can also do some scanning techniques so suppose you want to scan for sin Sports so cineports so you could do something like let's choose a default IP address now add an app for so for a Sim scan you do

small s and capitalist so that is for syn scans and this will choose all the TCP send Port scans and you can do it on anything so after that you just put in an IP address so out here I'm going to say 192.168.3 dot I don't know dot two 1.34 and it'll give you all sorts of information after that is done I'm not going to run the scan for a long time after that you can also scan TCP connection ports so for that you use the St flag so nmap s and t and this is

default and you can use a TCP connection port scan so you after that you just enter the IP address so 192.168.2.34 and that should do a TCP port scan let's quit out of that then so let me just tell you all the flags for the different types of scanning techniques so Su instead of SD let me just tell you s u set of St will actually scan for UDP ports then if you do an sa it will scan for all the acknowledgment Port scans so if when there's a TCP handshake going on it sends back

an acknowledgment package so you can specifically scan for those type of stuff then for Windows port scan you can do SW and for a main Mount Port can you can do an SM okay now you can also do a bunch of host Discovery stuff with nmap so let's go over them one by one now with nmap you can do something like S and L and this will show no scan so it will scan only the list targets so you could do something like 192 and then the IP address so 192.168.2.34 so that will do that

and let's quick out of that quickly you can also use the SN tag so so you can use the SN tag which is for disabling Port scanning or host Discovery only so this will not give you a host Discovery it will save you some time and you can use the N flag also and this will tell you to never do hostname resolution so you can just save yourself some time in that way then you can also do art discovery on a local network so let me just show you how to do that and map for

our Discovery is PR so that is for art discovery and you could do it on your local network 192.168.1.1 okay so that's a very invalid IP yeah so that was a Gateway and since that's the Gateway instead of running nmap on some random IP all the time let's let's go on ifconfig first and let's see our IP address so our IP is 192.168.56.101 so let's try and do some scans on ourselves that was all about host Discovery now you can also do some Port specification so you can do Port specifications like this so our IP

is 192.168.56.11 and suppose you want to scan for port number 21. so that'll scan port number 21 and I'll show you that TCP closed FTP is a FTP and it's closed so that's how it should be then you can use the port scan like you could say 21 to 100 and that would scan all the ports from 21 to 100. so that was about Port scanning now you can also do a fast port scan so that's with the F tag so nmap let's get up the previous thing so nmap and all you want to say

is f hyphen f so that'll be a fast port scan and it's considerably faster than see that that was very fast so it was considerably faster than most of the scans and that was also you can do another thing so suppose you want to just scan the top Port so you could say top ports and all the top 2000 boards and that'll scan all the top 2000 ports that is on this IP address now this will take a long time because it's a very slow computer so okay that did it now let's go and do

some service inversion detection so let's for service inversion detection let's get back our eddyreka DOT go IP address so that is 34.210 so let's try and do some service detection on that so nmap 34.210.230.35 so you could have done it on eddyreka.com itself so SV will give you the service version so you'll try and attempt to determine all sorts of service versions that are running on that IP address so far I personally know that it's an Apache server 2.0 that's running on there so I'm not really going to wait for the scan to run but

that's how you actually do it so you can also increase the version intensity so let's just stop out of that now you can increase the version intensity so the intensity is done something like this so you go version and intensity and then you specify a number anything between 0 to 9 the higher the number the more correctness that you can kind of get offered by nmap so you can say version intensity eight okay seems like version intensity actually has been the removed from nmap so that's an update that you learned in this lesson okay you

can also do aggressive scans so for adjuster scans all you have to do is an a tag so a and that will do a very aggressive scan on that IP address okay so that was all about were aggressive scans and take a really long time so I'm going to just quit out of it then you can do something like OS detection also so for OS detection just if you want some OS detection you could use nmap and you could go hyphen o and that'll give you the OS detection and that's basically the end of our

nmap tutorial so moving on we are going to be discussing IDs Vision which is going to be the last lesson for this video so now let's talk about intrusion detection efficient so before we get into ID activation let's talk about what exactly is an IDs now an intrusion detection system or IDs is a system that monitors Network traffic for suspicious activity and issues alerts when such activities discovered while anomaly detection and Reporting is primary function some intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected including blocking graphics and

from suspicious IP addresses although intrusion detection systems monitor Network for potentially malicious activity they are also prone to false alarms or false positives consequently organizations need to fine-tune their ideas product when they first install them that means properly configuring their intrusion detection system to recognize what normal traffic on the network looks like compared to potentially malicious activity and intrusion prevention system also monitors Network packets for potentially damaging Network traffic but where an intrusion detection system responds to potentially malicious traffic by logging the traffic and issuing warning notification intrusion prevention systems response to such traffic by

rejecting the potentially malicious packets so there are different types of intrusion detection systems so intrusion detection systems come in different flavors and detect suspicious activities using different methods so kind of intrusion detection is a network intrusion detection systems that is nids is it deployed at a strategic point or points within the network where it can monitor inbound and outbound traffic to and from all the devices on the network then there is host intrusion detection system that is HIDs which runs on all computers or devices in the network with direct access to both the internet and

the Enterprise internal Network SIDS have an advantage over nids in that they have may be able to detect anomalous Network packets that originate from inside the organizations or malicious traffic that nids has failed to detect HIDs may also be able to identify malicious traffic that originates from the host itself as when the host has been infected with malware and is attempting to spread to other systems signature based intrusion detection system monitors all packets traversing the network and Compares them against a database of signatures or attributes of known malicious threats much like antivirus softwares so now

let's talk about into IDs evasion okay so now let's talk about ID reservation now IDs is an intrusion detection system as we just spoke about and instead it detect exactly the types of activities that we are engaged in sometimes and sometimes you may be in called in to work on a Target where activities are known and should be known by The Operators or the operations people involved in monitoring and managing the network and the idea being not only do they want to assess as the technical controls that are in place but they also want to

assess the operational procedures and ensure that the systems and processes are working the way that they are supposed to be working now when you are engaged with the Target that you are in full cooperation with you don't need to do these types of vision tactics all these techniques may be actually avoided but if you are asked to perform an assessment or a penetration on a Target where they are not supposed to see your activities then you need to know some different techniques with detection from an IDs so we're going to talk about a couple of

different things that you can do so one thing that you can do is manipulate packaged to look a particular way now for this there is a tool called packets so packet is a really good way to actually manipulate traffic and by actually manipulating the contents of a packet like you can specify the destination and source so it's a really useful tool to set up package look a particular way one thing it can do is allow you to spoof IP addresses so I could set a source IP address here that was something completely different from mine

now if I'm using TC CP or UDP I'm not going to see the response back and in this case TCP I'm not even going to get the three-way connection made because the responses are going to go back to the source IP but what you can do is an additional to spoofing you can set up particular ways that a packet may look like changing the type of service or by changing the fragmentation offset or by different flag settings that may allow you through an IDs without maybe getting flagged and it may also allow you through a

firewall now it's a slim possibility but it's a possibility now another thing you can do is use packet to generate a lot of really bogus data and what you might do is hide in the noise generated by packheat so you can could create some really bogus packets that are sure set of IDs alarms and then you can run some legitimate scans underneath and hopefully be able to get some responses foreign s are taking place all the time even as we speak the security of some organization big or small is being compromised for example if you

visit the site out here that is threat Cloud you can actually view all the cyber attacks that are actually happening right now let me just give you a quick demonstration of how that looks like okay so as you guys can see out here these are all the places that are being compromised right now the red Parts actually show us the part that is being compromised and the yellow places actually show us from where it's been compromised from okay as you guys can see now that someone from the Netherlands is actually attacking this place and someone

from USA was attacking Mexico it's a pretty interesting site and actually gives you a scale of how many cyber attacks are actually happening all the time in the world okay now getting back I think looking at all these types of cyber attacks it's only necessary that we educate ourselves about all the types of cyber threats that we have so these are the eight cyber threats that we're going to be discussing today firstly we're going to start with malware so malware is an all-encompassing term for a variety of cyber attacks including Trojans viruses and worms malware

is simply defined as code with malicious intent that typically steals data or destroys something on the computer the way malware goes about doing its damage can be helpful in categorizing what kind of malware you are dealing with so let's discuss it so first of all viruses like the biological namesakes viruses attach themselves to clean files and infect other clean files and they can spread uncontrollably damaging A System's core functionality and deleting or corrupting files they usually appear as executable files that you might have downloaded from the internet then there are also Trojans now this kind

of malware disguises itself as legitimate software or is included in legitimate software that can be tampered with it tends to act discreetly and creates back doors in your security to let other malwares in then we have worms worms in fact entire networks of devices either local or across the Internet by using the Network's interfaces it uses each consecutive infected machine to infect more and then we have botnets and such where botnets are networks of infected computers that are made to work together under the controller of an attacker so basically you can encounter malware if you

have some us vulnerabilities or if you download some illegitimate software from somewhere or you have some other email attachment that was compromised with okay so how exactly do you remove malware or how exactly do you fight against it well each form of malware has its own way of infecting and damaging computers and data and so each one requires a different malware removal method the best way to prevent malware is to avoid clicking on links or downloading attachments from unknown senders and this is sometimes done by deploying a robust and updated firewall which prevents the transfer

of large data files over the network and I hope to weed out attachments that may contain malware it's also important to make sure your computer's operating system whether it be Windows Mac OS Linux uses the most up-to-date security updates and software programmers update programs frequently to address any holes or weak points and it's important to install all these updates as well as to decrease your own system weaknesses so next up on our list of cyber threats we have phishing so what exactly is phishing well often posing as a request for data from a trusted third

party phishing attacks are sent via email and ask users to click click on a link and enter their personal data phishing emails have gotten much more sophisticated in recent years and making it difficult for some people to discern a legitimate request for an information from a false one now phishing emails often fall into the same category as spam but are way more harmful than just a simple ad so how exactly does phishing work well most people associate fishing with email message that spoof or mimic Bank credit card companies or other businesses like Amazon eBay and

Facebook these messages look authentic and attempt to get victims to reveal their personal information but email messages are only one small piece of a phishing scam from beginning to end the process involves five steps the first step is planning the Fisher must decide which business to Target and determine how to get email addresses for the customers of that business then they must go through the setup phase once they know which business to spoof and who their victims are Fishers create methods for delivering the messages and collecting the data then they have to execute the attack

and this is the step most people are familiar with that is the Fischer sends a phony message that appears to be from a reputable Source after that the Fisher records the information the victims enter into the web page are pop-up windows and in the last step which is basically identity theft and fraud the Fishers use the information they've gathered to to make illegal purchases or otherwise commit fraud and as many as a fourth of the victims never fully recover so how exactly can you be actually preventing yourself from getting fished well the only thing that

you can do is being aware of how phishing emails actually work so first of all a phishing email has some very specific properties so firstly you'll have something like a very generalized way of addressing someone like your client then your message will not be actually from a very reputable source so out here as you can see it's written as Amazon on the label but if you actually inspect the email address that it came from it's from management at maisoncanada.ca which is not exactly a legitimate Amazon address third you can actually hover over the redirect links

and see where they actually redirect you to now this redirects me to www.fake amazon.com as you can see out here so basically you know this is actually a phishing email and you should actually report this email mail to your administrators or anybody else that you think is supposed to be concerned with this also let me give you guys a quick demonstration on how phishing actually works from the perspective of an attacker so first of all I have actually created a phishing website for harvesting Facebook credentials I simply just took the source code of the Facebook

login page and pasted it and then made a back-end code in PHP which makes a log file of all the Facebook passwords that get actually entered onto the phishing page now I've also sent myself an email as to make sure this looks legitimate but this is only for spreading awareness so please don't use this method for actually harvesting credentials that's actually a very illegal thing to do so let's get started first of all you will go to your email and see that you'll get some emails saying your Facebook credentials have been compromised so when you

open it it looks pretty legit well I haven't made it look all that legit it should look legit but the point out here is to actually make you aware of how this works so as you guys can see it says Dear client we have strong reasons to believe that your credentials may have been compromised and might have been used by someone else we have locked your Facebook account please click here to unlock sincerely Facebook associate team so if we actually click here we are actually redirected to a nice looking Facebook page which is exactly how

Facebook looks like when you're logging in now suppose I were to actually log into my Facebook account which I would I'll just use some random ID like this is an email address gmail.com and let's put password as admin one two three and we click login now since my Facebook is actually already logged in it'll just redirect to facebook.com and you might just see me logged in but on a normal computer it'll just redirect you to www.facebook.com which should just show this site again okay so once I click login out here all that the backend code

that I've written in PHP out here will do is that it's going to take all the parameters that I've entered into this website that is my email address and the password and just generate log file about it so let's just hit login and see what happens so as you guys can see I've been redirected to the original Facebook page that is not meant for phishing and on my system out here I have a log file and this log file will show exactly as you can see I've fished out the email address this is an email

address gmail.com and it's also showed the password that is admin123 so this is how exactly phishing works you enter an email address and you're entering the email address on a phishing website and then it just redirects you to the original site but by this time you've already compromised your credentials so always be careful when dealing with such emails so now jumping back to our session the next type of cyber attacks we're going to discuss is password attacks so an attempt to obtain or decrypt a user's password for illegal use is exactly what a password attack

is Hackers can use cracking programs dictionary attacks and password sniffers and password attacks password cracking refers to various measures used to discover computer passwords this is usually accomplished by recovering passwords from data stored in or transported from a computer system password cracking is done by either repeatedly guessing the password usually through a computer algorithm in which the computer tries numerous combinations until the password is successfully discovered now password attacks can be done for several reasons but the most malicious reason is in order to gain unauthorized access to a computer with the computer's owner's awareness not

being in place now this results in cyber crime such as stealing passwords for the purpose of accessing Bank information now today there are three common methods used to break into a password protected system the first is a Brute Force attack a hacker uses a computer program or script to try to log in with possible password Nations usually starting with the easiest to guess password so just think if a hacker has a company list he or she can easily guess usernames if even one of the users has a password one two three he will quickly be

able to get in the next are dictionary attacks now a hacker uses a program or script to try to log in by cycling through the combinations of common words in contrast with Brute Force attacks where a large proportion key space is searched systematically a dictionary attack tries only those possibilities which are most likely to succeed typically derived from a list of words for example a dictionary generally dictionary attacks succeed because most people have a tendency to choose passwords which are short or such as single words found in the dictionaries or simple easy predicted variations on

words such as appending a digit or so now the last kind of password attacks are used by keylogger attacks a hacker uses a program to track all of the user's keystrokes so at the end of the day everything the user has typed including the login IDs and passwords have been recorded a keylogger attack is different than a brute force or dictionary attack in many ways not the least of which the key logging program used is a malware that must first make it onto the user's device and the keylogger attacks are also different because stronger passwords

don't provide much protection against them which is one reason that multi-factor authentication is becoming a must-have for all businesses and organizations now the only way to stop yourself from getting killed in the whole password attack conundrum is by actually practicing the best practices that are being discussed in the whole industry about passwords so basically you should update your password regularly you should use alphanumerics in your password and you should never use words that are actually in the dictionary it's always advisable to use garbage words that makes no sense for passwords as they just includes your

security so moving on we're going to discuss DDOS attacks so what exactly is a DDOS or a Dos attack well first of all it stands for distributed denial of service and a Dos attack focuses on disrupting the service to a network as the name suggests attackers send high volume of data of traffic through the network until the network becomes overloaded and can no longer function so there are a few different ways attackers can achieve dos attack but the most common is the distributed denial of service attack this involves the attacker using multiple computers to send

the traffic or data that will overload the system in many instances a person may not even realize that his or her computer has been hijacked and is contributing to the Dos attack now disrupting Services can have serious consequences relating to security and online access many instances of large-scale Dos attacks have been implemented as a single sign of protests towards governments or individuals and have led to severe punishment including major jail time so how can you prevent dos attacks against yourself well firstly unless your company is huge it's rare that you would be even targeted by

an outside group or attackers for a Dos attack your site or network could still fall victim to one however if another organization on your network is targeted now the best way to prevent an additional breach is to keep your system as secure as possible with regular software updates online security monitoring and monitoring of your data flow to identify any unusual or threatening spikes in traffic before they become a problem those attacks can also be perpetrated by simply cutting a table or dislodging a plug that connects your website server to the Internet so due diligence in

physically monitoring your connections is recommended as well okay so next up on our list is man of the middle attacks so by impersonating the end points in an online information exchange the man in the middle attack can obtain information from the end user and the entity he or she is communicating with for example if you are Banking online the man in the middle would communicate with you by impersonating your bank and communicate with the bank by impersonating you the man in the middle would then receive all of the information transferred between both parties which could

include sensitive data such as bank accounts and personal information so how does it exactly work normally an mitm gains access through a non-encrypted wireless access point which is basically one that doesn't use WAP WPA or any of the other security measures then they would have to access all the information being transferred between both parties by actually spoofing something called address resolution protocol that is the protocol that is used when you are actually connecting to your gateway from your computer so how can you exactly prevent MIT attacks from happening against you so firstly you have to

use an encrypted WAP that is an encrypted wireless access point next you should always check the security of your connection because when somebody is actually trying to compromise your security he will try to actually strip down the https or hsts that is being injected in the website which is basically the security protocols so if something like this https is not appearing in your website you're on an insecure website where your credentials or your information can be compromised and the last and final measure that you can actually use is by investing in a virtual private Network

which spoofs your entire IP and you can just browse the internet with perfect comfort next up on our list is drive by downloads So Gone are the days where you had to click to accept a download or install a software update in order to become infected now just opening a compromised web page could allow dangerous code to install on your device you just need to visit or drive by a web page without stopping or to click accept any software add the malicious code can download in the background to your device a drive by download refers

to the unintentional download of a virus or malicious software onto your computer or mobile device a drive by download will usually take advantage or exploit a browser or app or operating system that is out of date and has security flaws this initial code that is downloaded is often very small and since its job is often simply to contact another computer where it can pull down the rest of the code onto your smartphone tablet or other computers often a web page will contain several different types of malicious code in hopes that one of them will match

a weakness on your computer so how does this exactly work well first you visit the site and during the three-way handshake connection of the TCP protocol a backend script is triggered as soon as a connection is made while the last AC key packet is sent a download is also triggered and the malware is basically injected into your system now the best advice I can share about avoiding drive by downloads is to avoid visiting websites that could be considered dangerous or malicious this includes adult content file sharing websites or anything that offers you a free trip

to the Bahamas Now some other tips to stay protected include keep your internet browser and operating system up to date use a safe search protocol that warns you when to navigate to a malicious site and use comprehensive security software on all your devices like McAfee all access and keeping it up to date okay so that was it about drive by downloads next up is mile advertising or malvertising so malvertising is the name we in the security industry give to criminally controlled advertisements which intentionally infect people and businesses these can be any ad on any site

often ones which you use as a part of your everyday internet usage and it is a growing problem as is evident by a recent U.S Senate report and the establishment of bodies like trust in ads now whilst the technology being used in the background is very Advanced the way it presents to the person being infected is simple to all intents and purposes the advertisement looks the same as any other but has been placed by criminal like you can see the mint ad out here it's really out of place so you could say it's been made

by a criminal now without your knowledge a tiny piece of code hidden deep in the advertisement is making your computer go to the criminal servers these and catalog details about your computer and its location before choosing which piece of malware to send you and this doesn't need a new browser window and you won't know about it so basically you're redirected to some criminal server the malware injection takes place and voila you're infected it's a pretty dangerous thing to be in so how exactly can you stop malvertising well first of all you need to use an

ad blocker which is a very must in this day and age you can have ad blocker extensions installed on your browser whether it be Chrome Safari or Mozilla also regular software updates of your browser and other softwares that work peripheral to your browser always helps and next is some common sense any advertisement that is about a lottery that's offering you free money is probably going to scam you and inject the malware too so never click on those ads so the last kind of cyber attacks we are going to discover today and discuss about is Rogue

software so Rogue security software is a form of malicious software and internet fraud that misleads users into believing that there is a virus on their computer and manipulates them into paying money for a fake malware removal tool it is a form of scare where that manipulates users through fear and a form of ransomware Rogue security software has been a serious security threat in desktop Computing since 2008. so now how does a rogue security software work these scams manipulating users into download the program through a variety of techniques some of these methods include ads offering free

or trial versions of Security Programs often pricey upgrades or encouraging the purchase of the elux versions then also pop-ups warning that your computer is infected with a virus which encourages you to clean it by clicking on the program and then manipulated SEO rankings that put infected website as the top hits when you search these links then redirect you to a landing page that claims your machine is infected and encourages you a free trial of the Rogue security program now once the scareware is installed it can steal all your information slow your computer corrupt your files

disable updates for legitimate antivirus softwares or even prevent you from visiting legitimate security software vendor sites well talking about prevention the best defense is a good offense and in this case an updated firewall makes sure that you have a working one in your office that protects you and your employees from these type of attacks it is also a good idea to install a trusted antivirus or anti-spire software program that can detect threats like these and also a general level of distrust on the internet and not actually believing anything right off the bat is the way

to go [Music] so first on our list is blue Vector now Network Security Programs and human ID operators who manage them are under constant threat new attack techniques like malware deployed without files us training resources and testing defenses into critical ways first brand new threats and attack techniques often have at least a small window of time when they can bypass some defenses before Defender catches up second even if critical threat like zero day malware are stopped the constant Siege of attackers means that Defender are likely to get overloaded by both real alerts and false positives

one possible solution that has only recently become an option is tasking machines and computers with protecting themselves if a security program could be programmed to think that act like an analyst then it could try and counter malware and human-backed intrusion at machine speed a move that would give Defenders a serious home court advantage this is exactly what blue Vector defense tries to do blue Vector works almost right away but also has deep machine learning capabilities so it gets even smarter over time and will learn the intricacies of each Network that deploys it tweaking its algorithms

and detection engines in a way that makes more sense for the environment blue Vector is installed as either a hardware-based network Appliance or as a virtual machine it can operate in line with network traffic stopping and remediating threats in real time as they attempt to enter a protected space or as a retrospective tool that can scan the work performed by other programs and analysts catching threats that they might have missed and recommending fixes it is designed to work with all IPv6 traffic as well as older ipv4 streams so it can operate in environments that are

rich in Internet of things and supervisory control and data acquisition devices such as those in industrial and Manufacturing settings as well as for normal office type environments so that was it for view Vector next up on our list of cyber security tools is bricata these days even the most basic cyber security defenses for any medium to large Enterprise will include an intrusion prevention system or an intrusion detection system even by itself a well-tuned IPS IDS system that is constantly monitored by security teams will catch most network problems and security breaches However the fact that many

organizations stop there has led to an upstick in successful attacks designed specifically to operate in its blind spots this is where bricata platform comes into play at its core ricotta offers Advanced IPS IDs protection with multiple detection engines and threat feed to defend Network traffic and core assets but it goes a step for further adding the ability to launch threat hunts based on events or simple anomalies this would enable an organization to begin Network level threat hunting using the same staff and tools they are already using for IPs monitoring it would be a good step

in the right direction towards better protection without the pain of installing additional programs or retraining stuff looking first at bricata as a pure IDS system it is deployed as a physical or virtual appliance that serves as the main collator point and user interface this in turn links up to network sensors that are deployed at Network choke points to capture traffic data while bricata sensors will almost always be deployed at Network gateways they can additionally be placed around core assets of internal points where Network traffic flow to give platform visibility into horizontal movements or potential threats

now that takes care of intrusion detection up next on our list of tools is cloud Defender by Alert Logic compared to traditional servers and client architectures cloud computing is the new kit on the Block while cyber security best practices are similar within a cloud environment many of the vulnerabilities and specific threats that Target the cloud are different as such even organizations with deep cyber security teams that may need a little help when moving a lot chunks of their Computing infrastructure to the cloud that is the whole idea behind Cloud Defender from Alert Logic designed from

the ground up as a way to provide protection to web applications critical data and everything else running or stored within an organization's Cloud there is a whole sliding scale of support available at the low end Cloud Defender is a user-friendly tool that would enable local I.T staff to inspect their Cloud deployment to look for evidences or hidden threats or breaches at The Other Extreme the 200 person cyber security team at Alert Logic can take over most cloud-based cyber security functions offering monitoring advising and logging of events in a software as a service model when used

as a SAS Alert Logic will do everything short of remediating problems most organizations are probably want to use cloud Defender as some combination of both SAS security and as a tool to Aid their local team the platform form is configured for this and making all logs and information collected by the program available at least for a year to local ID staffers Cloud Defender works with any Cloud environment including Amazon web services Microsoft Azure Google cloud services vmware's and others there's no difference in pricing based on the cloud environment pricing is totally based on the number

of nodes you're being protected and the size of the log files being analyzed up next on our list of tools is coffins triage which works as a phishing defense tool one of the most popular and quickest ways for attackers to enter a network these days is to trick a user into taking an action whether installing malware or providing their login credentials and if they're pretended to be a company official a business partner or a family friend their chances of success skyrockets phishing email Run the game from clumsily work sweepstakes type scams all the way up

to highly researched and targeted campaign designed to attack a handful of key people at an organization yet despite the danger they pose most organizations have little or no defense against them back in 2008 when the original fish meat product was deployed which was also the name of the company at the time there was also very low awareness of the danger that these types of email represented the fish me simulation was created to allow Network administrators and security personnels to craft their own phishing emails to train users about the dangers sometimes hidden in mail messages as

an organization fish me has moved its focus away from Pure education into threat remediation even the company's name is changing from fish me to co-fence which is a combination of collaborative and defense one of the first co-founds branded products triage takes email reported by users as suspected phishing and helps to manage responses in one sense the fish me product helps to make users more Adept at spotting phishing scams while triage creates a way for organizations to tap into Newfound skill set that the employees should have learned the next tool in our list deals with application

security which is basically the convergence of endpoint security network security and content security as you guys can see the name of the tool is contrasting RT which is actually a suit of tools now as such cyber Security Programs tend to look at the problem of Defense from a lot of different angles with expectations that enterprises will employ several different type of security at the same time this has led to a different problem alert fatigue setting in on it teams as all of those programs Sound the Alarm many times and all the time the contrast security

suit aims to change that Trend in two important ways first it takes one of the critical aspects of cyber security today that is application security and condenses it into a single program that can protect apps from the time of development first begins all the way through the deployment and their full life cycle second because contrast security embeds agents inside each app that is protecting essentially becomes a part of the program there is almost no chance of a false positive in fact it's called a rare hundred percent on the ovasp security Benchmark passing over 2000 tests

without generating any false positives the secret sauce for contrast security is use of bytecode instrumentation a feature in Java used to help integrate programs and application features during development only here contrast security uses it for the purpose of cyber security specifically embedding an agent into an application which will thereafter be directly monitored and protected From the Inside Out in a sense it turns any type of normal application into one that is designed to focus on security but don't worry all enormous business focused tasks of the app will still function so next on our list of

tools is digital Guardian in recent years Advanced threats have been increasingly targeting endpoints this makes sense because endpoint security has traditionally been the Realms of signature-based antiviruses technology that has proven to be inadequate protection against targeted and highly Advanced malware campaigns that is where digital Guardian threat aware data protection platform comes in with most endpoint Security Programs protection is delivered through the creation of rules behavior that breaks the rules of the network is considered a suspect and is blocked flagged otherwise becomes the subject of a security alert one of the biggest problems with this method

is that security is only as good as the rule set administrators either must carefully craft rules based on their own expertise or set a protection program into learning mode for several weeks or months while it discovers good Network behavior and Crafts rules restricting everything else the digital Guardian platform by contrast comes ready to use pre-loaded with thousands of best practices rules based on years of experience working in the field and after a quick data Discovery process those rules are tailored to the specific Network that it is protecting this is all done nearly instantaneously so that

when agents are deployed they can immediately begin protecting endpoints with good security policies next on our list of cyber security tools we have intellector there are important distinctions between compliance and security they are meant to be mutually supporting with compliance rules put in place to provide a good security Baseline but it's possible to be completely in compliance with all applicable regulations and still not be added adequately secure the reverse is also true if an organization has deep security but it's still not technically in compliance with applicable regulations should a data theft occur they will likely

still be held responsible sometimes financially because of the lack of compliance and just like compliance and security are similar but different so too are the skill set used to implement them organizations can have a deep I.T or cyber security staff that is unskilled with compliance issues or unpracticed in knowing exactly which regulations apply that is where the intellector platform from Tech democracy shines the platform acts like a security information and event Management console but for compliancy issues installed either as an on-premise or cloud-based console it pulls information from a series of network collectors and correlates

that data into continuously monitored compliancy dashboard it's a neat tool that every company should have up next on our list of tools we have the mantix 4 which is pretty interesting tool in my opinion given the Insidious nature of advanced threats it's almost a certainty that every organization of any size will eventually be hacked or compromised regardless of what or how many cyber security defenses are in place in response the somewhat New Concept of threat hunting is becoming an increasingly important part of cyber security defenses the mantix 4 platform named after the apex predator of

the insect Kingdom the praying mantis seeks to solve the people problems while the program provides robust threat hunting tools for use by clients the company also employs a team of experts to hunt on their behalf it takes threat hunting into the software as a service realm mantex 4 was originally designed for the Canadian government's Department of Public Safety which is the equivalent of the Department of Homeland Security in the United States in Canada montx4 helps to defend networks sitting in 10 sectors considered critical infrastructure rooting out threats that might bypass more traditional protection the system

is deployed as two components the first part is comprised of Observer sensors that sit at critical points within a protected Network either alongside routers or at Network gateways though they can be deployed almost anywhere depending on the need the sensors are lightweight enough to be housed inside a virtual machine or within a network server with additional bandwidth however because the Observer sensor process and record a lot of traffic the best deployment is probably going to be as a small appliance that hosts nothing else something the company provides the sensors can be set to work inline

or to passively sniff Network traffic now the last tool that we're going to discuss for today is a pretty important tool also in my opinion and it covers a very important aspect of any industry level cyber security plan that is traffic analysis Network traffic analysis tools have been used for a long time to help improve efficiencies in Enterprise Network locating unused capacity bandwidth and eliminating choke points it has recently been employed as an arms of cyber security too that makes sense given that except for Insider threats attacks are going to be initiated and ultimately controlled

by out outside elements the communication between the internal threat malware and its controllers on the outside are captured by traffic analysis tools the problem is that while the logic of using traffic analysis and cyber security is solid the reality is a bit different for one even a small to medium-sized Enterprise is going to generate three or four billion traffic logs per month without computerized assistance no human is going to be able to Wade through that and find anything meaningful second capturing all that data traditionally requires the installation of network crops on gateways across the network

for an organization with Branch offices or remote locations the number of traps installation can climb pretty high and even then some traffic may Escape around those gateways seg bi has fielded new software that aims to eliminate both of those problems volume processing of data for actionable intelligence threat and a Reliance on network traffic Hardware they have done this by deploying their analyzer as a software module capable of running on premise or in the cloud it only looks at the log files so there is no need for any network traps agents on the clients or anything

beyond access to the constantly generated log files it then crunches those billions of events in the logs using finely tuned algorithms that look for patterns associated with an ongoing attack or an advanced persistent threat it can be deployed with as a pay-as-you-go contract where users only pay based on how many gigabytes of log file data they need to process per day [Music] so recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure the President issued executive order 13636 which is improving critical infrastructure cyber security in February 2013

the order directed nist to work with stakeholders to develop a voluntary framework based on existing standards guidelines and practices for reducing cyber risks to critical infrastructures the cyber security enhancement Act of 2014 reinforced nist's executive order 13636 rule created through collaboration between industry and government the voluntary framework consists of Standards guidelines and practices to promote the protection of critical infrastructure the prioritized flexible repeatable and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cyber security related risks now according to section 7 of execute security of order the Secretary of Commerce

shall direct the director of the National Institute of Standards and Technology to lead the development of a framework to reduce cyber risks to critical infrastructure the cyber security framework shall include a set of Standards methodologies procedures and processes that align policy business and technological approaches to address cyber risks the cyber security framework shall incorporate voluntary consensus standards and Industry best practices to the fullest extent possible now let's see why exactly do we need a cyber security framework let's tackle that question so the framework will help an organization better understand manage and reduce its cyber security

risks it will assist in determining which activities are most important to assure critical operations and Service delivery in turn that will help prioritize Investments and maximize the impact of each dollar spent on cyber security it results in a shift from compliance to action and specifies outcomes by providing a Common Language to address cyber security risk management it is especially helpful in communicating inside and outside the organization that includes improving Communications awareness and among I.T planning and operating units as well as senior Executives of organizations it gives you a measure of where you are and where

you need to go it can be implemented in stages or degrees which make it more appealing to business it has built-in maturity models and GAP analysis so you don't need additional maturity models on top of CSF organizations also can readily use the framework to communicate current or desired cyber security postures between a buyer or supplier now let's see what exactly is a cyber security framework the framework is voluntary guidance based on existing standards guidelines and practices for organizations to better manage and reduce cyber security risks in addition to helping organizations manage and reduce risks it

was designed to Foster risk and cyber security management Communications amongst both internal and external organizational stakeholders now let's see the types of cyber security Frameworks that we have so the first type of framework is PCI DSS which stands for payment card industry and data security standards it is a set of security control required to implement protected payment account security it is designed to protect credit cards debit cards and cash card transactions the second type of framework that we have is ISO 27001 and 2702 it is the International Organization for standardization now the best practices recommendations

for information security management and information security program elements are from this framework the third type of framework is CIS which stands for critical security controls a prescribed arrangement of activities for cyber protection that gives particular and noteworthy approaches to stop the present most inescapable and perilous attacks a key advantage of the controls is that they organize and send a few activities with high outcomes last but not the least we have the nist framework now nist framework is made for improvising critical infrastructure cyber security with a goal to improve organization's Readiness for managing cyber security risk

while leveraging standard methodologies and processes now out of all the Frameworks we just discussed nist is the most popular framework Mist was developed in the February of 2013 after the U.S presidential executive order it was designed to address National and economic challenges and it is supposed to be voluntary at least for private sectors now let's discuss the objectives of the framework so the cyber security Frameworks prioritized flexible and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and National Security the framework was developed to be

adaptable flexible and scalable by an organization also it should improve organization's Readiness for managing cyber security risks the framework was designed to be flexible and Performance Based and it should be cost effective it should leverage standard and methodologies and processes and should promote technological advancement and Innovation and it should be actionable across the Enterprise focus on outcomes now let's discuss the components of the nist cyber security framework the cyber security framework consists of three main components namely the core implementation dials and profiles the framework core provides a set of desired cyber security activities and outcomes

using common language that is easy to understand the core guides organizations in managing and reducing their cyber security risks in a way that is complementing an organization's existing cyber security and risk management processes next we have the framework implementation tiers which assists an organization by providing context on how an organization views cyber security risk management the tiers guide organization to consider the appropriate level of rigor for the cyber security program and are often used as a communication tool to discuss the risk appetite Mission priority and budget last but not least is the framework profiles which

are in organization's unique alignment of their organizational requirements and objectives risk appetite and resources against the desired outcomes of the framework core profiles are primarily used to identify and prioritize opportunities for improving cyber security at an organized let's discuss the framework tires now the tires describe the degree to which an organization's cyber security risk management practices exhibit the characteristics defined in the framework the tires range from partial which is Time 1 to Adaptive which is Type 4 and describe an increasing degree of rigor and how well integrated cyber security risk decisions are into broader risk

decisions and the degree to which an organization shares and receives cyber security information from external parties tires do not necessarily represent maturity levels organizations should determine the desired Tire ensuring that the selected level meets organizational goals reduces cyber security risks to the level acceptable by the organization and is feasible to implement fiscally and otherwise next we have the core the core is a set of desired cyber security activities and outcomes organized into categories and aligned into informative references the framework core is designed to be intuitive and to act as a translation layer to enable communication

between multi-disciplinary teams by using simplistic and non-technical language the core consists of three parts functions categories and subcategories the core includes five high-level functions which is identify protect detect respond and recover these five functions are not only applicable to cyber security risk management but also to risk management as a whole the core asks an organization to identify what processes and assets need to be protected now after assessing that you need to find what protection is available then you need to find out what techniques can identify the threats and what techniques can contain the impact of

an incident and finally the core defines what techniques can restore the capabilities of the organization before the attack alright now let's dive deeper into the functions to see what these functions actually do and what purpose they serve so the functions are at the highest level of abstraction included in the framework they act as the backbone of the framework core that all the other elements are organized around so the first function is identified it helps develop an organizational understanding to manage cyber security risk the systems people assets data and capabilities the activities in the identify functions

are foundational for Effective use of the framework understanding the business context the resources that support critical functions and related cyber security risks enable an organization to focus and prioritize its efforts consistent with its risk management strategy examples of outcome categories within this function include Asset Management business environment governance risk management and risk assessment now the next type is the protect function so to develop and Implement appropriate safeguards to ensure delivery of critical Services the protect function supports the ability to limit or contain the impact of a potential cyber security event example of outcome categories within

this function include identify management and access control awareness and training data security information protection processes and procedures maintenance and protective technology the next kind of function is the detect function so this is used to develop and Implement appropriate activities to identify the occurrence of a cyber security event the detect function enables timely discovery of cyber security events example of outcome categories within this function includes anomalies and events security continuous monitoring and detection processes now next we have the respond function now to develop and Implement appropriate activities to take action regarding undetected cyber security incident the

response function supports the ability to contain the impact of a potential cyber security incident the outcomes category within this function includes response planning Communications analysis mitigation and improvements last but not the least we have the recover function now to develop and Implement appropriate activities to maintain plans for resilience and restore any capabilities or services that were impaired due to a cyber security incident the recovery function supports timely recovery to normal operations to reduce the impact from a cyber security incident examples of outcome categories within this function include recovery planning Improvement and Communications these five functions

were selected because they represent the five primary pillars for a successful and holistic cyber security program they aid organizations in easily expressing their management of cyber security risk at a high level and and enabling risk management decisions okay now let's understand the last component of the nist framework nist recommends that the framework we customize in a way that maximizes business value and that customization is referred to as a profile profiles are an organization's unique alignment of their organizational requirements and objectives risk appetite and resources against the desired outcomes of the framework core profiles can be

used to identify opportunities for improving cyber security posture by comparing a current profile with the target profile profiles are about optimizing the cyber security framework to best serve the organization the framework is voluntary so there is no right or wrong way to do it one way of approaching profiles is for an organization to map their cyber security requirements mission objectives and operating methodologies along with the current practices against the subcategories of the framework core to create a current state profile these requirements and objectives can be compared against the current operating state of the organization to

gain an understanding of the gaps between the two now the following steps illustrate how an organization could use a framework to create a new cyber security program or improve on an existing program these steps should be repeated as necessary to continually improve cyber security so the first step is to prioritize and scope the organization identifies its business mission objectives and high-level organizational priorities with this information the organization makes strategic decisions regarding cyber security implementations and determines the scope of systems and assets that support the selected business line or process the framework can be adapted to

support the different business lines or processes within an organization which may have different business needs and Associated risk tolerance risk tolerances may be reflected in a Target implementation deal step two is to orient yourself now once the scope of cyber security program has been determined for the business line or process the organization identifies related systems and assets regulatory requirements and overall risk approach the organization then consults sources to identify threats and vulnerabilities applicable to those systems and assets so step three is to create a current profile the organization develops a current profile by indicating which

category and subcategory outcomes from the framework core are currently being achieved if an outcome is partially achieved noting this fact will help support subsequent steps by providing Baseline information the fourth step is to conduct a risk assessment this assessment could be guided by organization's overall risk management process or previous risk assessment activities the organization analyzes the operational environment in order to discern the likelihood of a cyber security event and the impact that the event could have on the organization it is important that the organization identify emerging risks and use cyber threads information from internal and

external sources to gain a better understanding of the likelihood and impact of cyber security events so the fifth step is to create a Target profile the organization creates a Target profile that focuses on the assessment of the framework categories and subcategories describing the organization's desired cyber security outcomes organizations may also develop their own additional categories and subcategories to account for Unique organizational risks the organization may also consider influences and requirements of external stakeholders such as sector entities customers and business partners when creating a Target profile the target profile should appropriately reflect criteria within the target

implementation tier the sixth step is to determine analyze and prioritize gaps the organization compares the current profile and the target profile to determine gaps next it creates a prioritized action plan to address gaps reflecting Mission drivers costs and benefits and risks to achieve outcomes in the target it profile the organization then determines resources including funding and Workforce necessary to address the gaps using profiles in this manner encourages the organization to make informed decisions about cyber security activities support risk management and enables the organization to perform cost-effective targeted Improvement the last step is to implement action

plan the organization determines which actions to take to address the gaps if any identified in the previous step and then adjust its current cyber security practices to achieve the target profile for further Guidance the framework identifies examples informative reference regarding the categories and subcategories but organizations should determine which standards guidelines and practices including those that are sector-specific work best for their needs an organization repeats the steps as needed to continuously assess and improve its cyber security for instance organizations may find that more frequent repetition of origin step improves their quality of risk assessment furthermore organ

organizations May monitor progress through iterative updates to the current profile subsequently comparing the current profile to the Target profile organizations may also use this process to align their cyber security program with their desired framework implementation deal now the framework helps guide key decision points about the risk management activities through the various levels of an organization for supporting risk management now as you can see in the picture it describes a common flow of information and decisions at the following levels within an organization the levels are executive business process and implementations or operations the executive level communicates

Mission priorities available resources and overall risk tolerance to business process levels the business or process level uses the information as input into the risk management process and then collaborates with the implementation or operation level to communicate business needs and create a profile the implementation or operation level the implementation or operations level communicates the profile implementation progress to the business level the business level uses this information to perform an impact assessment next the business level management reports the outcomes of that impact assessment to the executive level to inform the organization's overall risk management process and to

the implementation operation levels for awareness of business impact [Music] so let's take a look on our top 10 reasons to learn cyber security so one of the major reason to learn cyber security is that cyber security is an evergreen industry as long as there's internet there will be malware hence a need of absolute digital protection against it with a CGR of 13.4 percent the worth of cyber security Market through 2027 is projected to be staggering 403 billion US Dollars according to Forbes 2021 with the Advent of Technologies like big data machine learning the iot the

cloud computing the position of cyber security has carved in stone and the magnitude of its importance is only the set to increase cyber security job Trends Are Always Forever and there is no chance for a shortfall of demand for those who have gone through professional training or in this particular domain so our next reason is cyber security is Meaningful and vitally important we all know cyber crimes have caused the world 2 trillion dollars so far since 2019 and the major drawbacks were the advancement of the Technologies such as artificial intelligence as artificial intelligence plays an

increasingly prominent role in cyber security as a number of attempted cyber attacks has grown rapidly it has become increasingly tricky for human cyber Security Experts should react to them all and predict where the most dangerous attacks will take place this is where AI comes to play but unfortunately thanks to ever growing availability of AI hackers and criminals where they are growing increasingly proficient and using it too their algorithms are used to identify systems with weak security or that are likely to contain valuable data among the million of computers and the network connected to the internet

this is how the hackers get opportunity to attack their targets next is building a security aware culture perhaps the most important stem that can be taken at any organization is to ensure that it is working towards initiating and fostering the culture of awareness around cyber security issues today it's no longer good enough for employers or employees to Simply think of cyber security as an issue for the ID Department to take care of it in fact developing an awareness of the threat and taking basic precautions to ensure safety should be fundamentally part of everyone's jobs description

in 2023 if we talk about internet of things and Cloud security ranging from Smart variables to Home Appliances cars buildings alarm systems and Industrial machineries which have proven to be bugbear for those with responsibility for cyber security this is because as they are often not used to store sensitive data directly manufacturers haven't always been focused on keeping them secure with frequent security patches and updates with more and more organizations now established on cloud security measures need to be continuously monitored and updated to safeguard the data from you although Cloud applications such as Google or Microsoft

are well equipped with security from their end still it's the user end that acts as an significant source for erroneous errors malicious software and phishing attacks by this you might have come to know that cyber security is actually meaningful and very vitally important in our day-to-day lives now if you wish or you are planning to become a cyber security expert you must be wondering about the requirements to start your career in cyber security well in cyber security the requirements are super basic if you think pursuing a career in cyber security is challenging you are possibly

wrong because in cyber security the requirements are super basic all you need is confidence and a professional background in ID the overall eligibility Criterion is being relaxed around the world one reason for this could be the huge gap between the demand and the availability of the experts even the college students and young professionals can go for it without worrying anything for those who doesn't have a professional background can simply proceed with the cyber security certification which enables them to earn equally as experts with solid background in cyber security so to become a cyber security professional

you absolutely don't have to go to some college for four year degree course or anything else like that or get a handful years of experience all you need is basic understanding to cyber security well as we are talking about the basic requirements we shall also know that mathematics is not a concern well the fact couldn't be denied that mathematics have been challenging subject for many college going students not everyone loves it and the fact is that doesn't let them proceed with other best options which have mathematics as an important part in cyber security training and

education is totally free from involvement of mathematics and thus one who hates it need not have to worry at all those who are still very young and consider it one of the best available options is due to this reason Learners can rather learn the programming and other core topics related to cyber security and can work in challenging environments cyber attacks are getting smarter day by day cyber Security Professionals are always busy outsmarting black hat hackers patching vulnerabilities and analyzing the risk of an organization tagging such attacks in a ever advancing industry only comes with continuous

study and thorough research this means after you learn cyber security and start working your knowledge is continuously enriched and with experience your wisdom continuously gets honed and thus the sky is the limit when we are talking about personal growth in cyber security industry cyber security is expanding its Horizon through various Industries this makes sure that the perfect platform for growth in terms of career as well as learning opportunities this proves that when you learn cyber security you will be continuously knowing new things and gaining Rich experiences which will add on to your skill set now

for those who aspire to travel the globe cyber security might just be the perfect career path thousands of homegrown cyber Security Experts are working to protect business government agencies and general consumers travel the whole world on a globe scale the rise of cyber attacks is outspacing the supply of cyber Defenders this results in plenty of opportunities for cyber Security Professionals and experts to travel overseas to serve their skills which are in high demand hence if you have ever wanted to work in different countries then occurred in cyber security must just be the perfect passport to

your success if we talk about industry requirements then there are over millions of companies in this world spread across a variety of sectors and Industry and a large proportion of them share one thing in common today that is the internet connection more than 400 1000 people already work in the information security industry and demand for cyber skills which is growing fast in every type of company and government department so whether you dream of working in a sports or a fashion on Media or the emergency services to subscribers or any other industry cyber skills could be

your gateway as everyone needs someone to defend their sensitive data well we got to know that there are plethora of Industries where are the Cyber Security Professionals are in huge demand we should also know there's a wider scroll in cyber security that means it is certain that cyber Security Professionals have a clear shot working with prestigious Fortune 500 companies like Dell Accenture infotech Etc but the potential doesn't end here in cyber security that means in cyber security you get a chance to work with secret agencies Expo words who proved to be worthy of their skills

might earn to work with top secret government agencies and intelligence agencies for example MI6 mossard NSA raw and many other secretive agencies so if you learn cyber security you might just become a top secret agent well that sounds interesting right now if we talk about one of the major reasons why should we learn cyber security then that can be the paychecks which have ballooned in cyber security I think we all can agree that money makes the world go round and that's true the world has realized the sheer importance of cyber security with stories in the

news almost every week on new cyber attacks faced with online attacks business and government agencies are looking for experts who can protect their systems from cyber criminals and they are willing to pay high salaries and provide training and development so there are great opportunities for anyone starting the career in cyber security because salaries in cyber security have a greater growth potential than 90 percent of other Industries for senior Security Professionals earning can surpass the average median by vast amount and these earnings totally depends upon your merits now the last but not the least the reason

to learn cyber security is that it's never too late to begin with that means one of the best thing about cyber security is that it's never too late to realize that you want to be in this particular profession there are a lot of people across the globe that opted this option after completing 50 years of age in fact it could be the best thing you can do after the retirement if you are having a background in life there is no need to worry about the job security as experts in this fields are always demanded widely

so you are always welcome to join any of the training courses and other options in this particular field let us now see some of the top 5 skills to have as a cyber security professional starting off with intrusion detection system an intrusion detection system is a set of skills where one monitors a network or a system for Malaysia's activities or policy violation any intrusion activity or violation is typically reported either to an administrator or collectively Center using security information and event management system a security information and event management system combines output from multiple sources and

uses alarm filtering technique to distinguish between malicious activities and false alarm the intrusion detection job roles can range from the scope of single computer to a large Network system the most common classification your network intrusion detection and host intrusion detection system all right then a system that monitors important operating system files is an example of host intrusion detection system while A system that analyzes incoming traffic network is an example of network intrusion detection system it is also possible to classify intrusion detection system by detecting the approach the most well on variant are nothing but signature

based detection and anomaly based detection the next important skill is to know how to code it is very important that a cyber security professional has a background in programming now you might be wondering how coding is related to cyber security right whether you see knowledge of programming language helps you defend against hacking techniques while using the languages that's why coding is a sort out after skill in the industry if you know cyber security programming language you're already a step ahead to give you a better understanding of what I'm speaking let us consider JavaScript as an

example we all know JavaScript is one of the most popular and widespread programming language for web development and I would say it is also one of the best cyber security programming language you can learn you see hackers can steal cookies manipulate even handlers and perform cross-site scripting but with JavaScript a website owner can run any code whenever a visitor comes to the website which can improve the functionality of the website but also its Security on the other hand it can also produce malicious functions unknown to the visitor if a hacker takes control of a website

they could program it to run malicious code JavaScript engineer in cyber security space is a perfect job for someone with knowledge of programming language clearly as a JavaScript engineer you'll be expected to Foster development process for API functionalities you may also design websites and use interface while ensuring that the security is not altered this means mitigating possible cross-site scripting atoms in web forms as well as minimizing other technical risk to beat hackers you have to think like them right so it's important that you think like a black hat so what I'm trying to say is

with this skill we can predict the Hacker's next move and beat them in their own game it is the mindset needed during a response to an actual attack and to find goals of the hacker besides the information that is being collected next skill is nothing but risk management and risk mitigation risk management address mitigation is a process of identifying assessing and mitigating risk to the scope schedule cost and quality of a project risk comes in the form of opportunities threats and are scored on the probability of occurrence and impact on the project few of the

most common ways to achieve this is by having a risk management plan and then to identify the risk and whatever risk have been identified would be put in a register which is called as risk register and to perform qualitative and quantitative analysis on the risk then if the risk is pretty high or low a response plan would be determined and once we have control the risk there will be an audits that can be performed in order to prevent the same risk from occurring on the project then we have Cloud security Cloud security is a protection

of data stored online via cloud computing platforms from theft leakage and deletion methods of providing Cloud security include firewall print ration testing obstruction tokenization and VPN therefore it is always advised that never to use public internet connection major threats to Cloud security include data breaches data loss account hacking server traffic hacking and many more one of the most common thread that occurs over here for cloud computing is nothing but denial of service these attacks shut down a server by overwhelming it by data and those users cannot access their account such as Bank Account Details or

email accounts [Music] why become a cyber security engineer let us first analyze the current and forthcoming trends that are driving the demand for cyber security Engineers today so there are six most recent Trends which have resulted in an increase in the need for cyber security engineers at first increasing ransomware attacks ransomware isn't a new threat it has been around for about decades but it is a growing one it is estimated that there are now over 120 separate families of ransomware and hackers have become very adaptive at hiding malicious School next we have remote working cyber

security risk for example did you know work from home possesses a new cyber security risk and is one of the most talked about new trends in cyber security this is because home offices are often less protected than centralized offices next is the evolution of Internet of Things the expanding Internet of Things creates more opportunities for cyber crime so many additional devices change the Dynamics and size of what is sometimes called as Cyber attack surface that means the number of potential entry points for malicious actor next increase in cloud services and Cloud security threads cloud services

offer a range of benefits such as scalability efficiency and cost saving but they are also a prime target for attackers misconfigured Cloud settings are a significant cause for data breaches unauthorized access in Secure interfaces and sometimes account hijacking too next we have social engineering attacks getting smarter social engineering attacks like fishing are not new threats but have become more troubling and the widespread remote Workforce nowadays attackers Target individuals connecting to their employers network from home because they can make easier targets and lastly continued rise of AI while AI presents a significant opportunity for more robust

threat detection among businesses criminals are also taking advantage of the technology to automate their attacks using data poisoning and model stealing techniques now that we have got to know about the recent Trends let us know how much the cyber security Engineers are in demand so we had done an extensive survey and found out that there are 14 000 plus job vacancies in India whereas in the U.S there are more than 15 000 jobs available for a cyber security engineer the major high-tech cities Bangalore and California have the highest job vacancies for cyber security Engineers moving

ahead with the salary package then an average salary of a cyber security engineer in India is 6 lakh per annual and one hundred and one thousand five eighty dollars per annum in U.S companies like IBM Deloitte TCS Oracle cognizant Accenture Amazon capture meaning CR and many others have a huge demand for cyber security engineers now that we have come to know the demand for cyber security engineer let us know who is a cyber security engineer a cyber security engineer is an ID professional who is responsible for maintaining the security aspects of computer and networking systems

and perform various tasks such as designing and implementing secure networking solution monitoring troubleshooting Etc how cyber security engineer helps the organization a cyber security engineer helps the organization by assessing the organization's security requirement and setting up the best practices and standards in response developing and deploying all security measures required to secure an organization conducting regular testings and scannings to identify the vulnerabilities in the network scientist systems performing regular penetration testing and taking an active role in the change management process next let us know the job description and the skills required for the cyber security engineer

we searched numerous job descriptions from many organization out of which we pick two job description as a reference so at first we have Vodafone which is a multinational telecommunication company they had a requirement for cyber security engineer and the job description specify the tasks performed by a cyber security engineer such as following the cyber security Baseline to deliver the task which support the execution of cyber security strategies supporting the team to deliver the technical operation in the cyber security platform they are also responsible to detect identify and respond to the Cyber events threats risk and

vulnerabilities in the line with the management response plan let's look on to the another job description that is from Visa which is an american-based multinational Financial Service corporation their job description specify the tasks such as implementation and continuous Improvement of effective security controls ensuring the correct and comprehensive functioning of server security Technologies working with the vendors to ensure time implementation of product updates and Bug fixes and many more to become a cyber security engineer you must be familiar with skills such as programming language operating system networking fundamentals and protocols security aspects web development and cidi

tools apart from that you should also be familiar to the tools such as Jenkins Travis CI gitlab sherden maltego Netcraft Etc moving ahead with roles and responsibilities of a cyber security engineer a cyber security engineer is responsible for tasks such as planning and implementing security measures of systems and networks troubleshooting security and network problems ensuring the protection of organizations data and infrastructure being a part of daily administrative tasks with relevant departments in the organization regular testing and identifying networks and system vulnerabilities and responding to all system and network security breaches at last how do you

become a cyber security engineer so in order to become a cyber security engineer you need to follow this roadmap which shows you the step-by-step approach that you need to take so the first step is that you should have a basic knowledge about programming languages such as python Perl CC plus plus Java Powershell Etc next you should work on operating systems like Windows Mac OS Linux Kali Linux Etc followed by networking fundamentals and protocols such as tcpip UDP FTP Etc after that you should know about the security aspects followed by web development skills and at last

you should have an hands-on experience on tools such as Jenkins gitlab Travis Etc this roadmap will surely help you reach to your destination easily in order to start your career path in cyber security you can check our edurika YouTube channel and find all cyber security related session as well as you can also refer to our edureka blog related to cyber security apart from this you can also enroll yourself to the audio records cyber security certification training program in order to learn from experience industry professional work on real-time projects and become a certified expert foreign so

because of the frequency of cyber attacks careers are varied and qualified professionals are in demand if you're ready to get started in this fast growing career start exploring cyber careers now and there are amp opportunities and job titles in the cyber security domain some of the top positions include people like security analysts who plan and execute Flawless security measures then we also have security Engineers who build I.T security systems for your organizations then we have security Specialists who had an entry level range is a person with a huge potential then we have incident responders who

prevent and protect organizations against threats then we have vulnerability assessors whose responsibility is to spot system vulnerabilities and create solutions to them next we have security Architects whose job is to outsmart online criminals by designing tough to crack security systems next we have security administrators who keep security systems running smoothly every day following which we have the cryptographers who write the code that hackers can't actually have next we have security directors who make the rules and solve complex problems regarding cyber security then we have Security Consultants who advise and Implement Security Solutions we also have

security managers who keep the system secure with expert team advisors last but not least we have security Auditors who find the weak spots in the security system before criminals do now when talking about a career in cyber security it's easy to get confused where to actually start so let's discuss that first now before you start your career in cyber security you need to untake the following steps firstly you need to earn a bachelor's degree while it's possible to find certain entry-level cyber security positions with an associate's degree most jobs require a four-year bachelor's degree in

cyber security or related fields such as information technology or computer science coursework in programming and statistics combined with classes in ethics and computer forensics prepare students with Technical and analytical skills required for successful careers in cyber security in an environment where data breaches are becoming the norm more cyber security degree programs are being added every year before choosing a cyber security degree prospective students should make sure that it is not only accredited but also aligns with their current career goals secondly we need to complete an advanced training now some employees will require candidates to hold

an advanced degree such as a master's degree in cyber security Now prospective employers may offer tuition assistance to meet the school and a master's degree takes an additional one to two years to complete after the bachelor's degree level and provides Advanced instruction in protecting computer networks and electronic infrastructures from attacks students learn the ethics practices policies and procedures of cyber security as they study how to tackle network security defense techniques and countermeasures cyber Security Professionals can also earn certifications to boost their skills while working full-time to gain hands-on experience last but not the least we

need to pass a security clearance test now security clearances are necessary for those who wish to work with classified information for example in a military government agency a variety of agencies issue both personal and facility security clearances but most are issued by the Department of Defense each type of clearance has its own procedures and paperwork and the process which takes three months to a year does not begin until an employer decides to hire you at which point you receive a conditional offer of employment the first step is to Summit clearance documentation followed by a background

investigation now let's discuss the various career parts that are actually available in cyber security new Cyber threats appear constantly and creating new and Innovative career opportunities and because any individual or organization is a potential Target for cyber attacks from governments to Banks to hospitals cyber Security Professionals can find employment in a wide range of Industries some of the most common career paths in this field include people like the Chief Information Security Officer also known as the ciso who is typically a mid executed level position whose job is to oversee the general operations of a company

or organization's I.T security division cisos are directly responsible for planning coordinating and directing all computer network and data security needs of the employers cisos work directly with upper management level to determine an organization's unique cyber security needs they are commonly tasked with assembling an effective staff of Security Professionals which means that the position requires an individual with strong background in I.T security architecture and strategy as well as solid communication and personal management skills talking about the educational requirements ciso positions normally require at minimum a bachelor's degree in cyber or information security information technology or other

computer science related subjects additionally most mid-size or large organizations prefer their cisos with a master's degree and one of the above described subject or an MBA in a related subject such as information technology or database Administration next up on our list of career paths is forensic computer analyst the forensic computer analyst is the detective of the cyber security World forensic computer analysts review computers based information for evidence following the security breach or other incident tasks include handling hard drives and other storage devices and employing specialized software programs in order to identify vulnerabilities and recover data

from damaged or destroyed devices forensic computer analysts must be sensitive to the security concerns of their employers or clients and follow closely all privacy procedures when dealing with financial and personal information we must also keep detailed and accurate logs and records of their finding which are often used in litigation purposes now on the point of education requirements employment as a forensic computer analyst normally requires holding a bachelor's degree in computer security for an in Computing or related subject previous experience may also be necessary depending on the company that you are looking to be employed in

next up we have information security analyst and information security analyst is responsible for the protection of an organization's computer system and networks they plan and execute programs and other measures including installing and using of software for data encryption and firewalls additionally isas help design and execute plans and methods for the recovery of data and systems following a Cyber attack isas must continuously stay on top of the latest industry Trends and cyber threats which involves researching new security Technologies and networking with other professionals on the topic of educational requirements isas need to earn a bachelor's degree

in computer science or related area there is a growing Trend towards undergraduate degree programs specializing in the information security field which may become the preferred choice of employers in the future now employers particularly large corporations or organizations may prefer job candidates with an MBA in Information Systems next up we have a penetration tester field now penetration testing concerns the proactive authorized employment of testing techniques on its infrastructures to identify system vulnerabilities simply put that means penetration testers are given the permission to hack into a computer and network system to preemptively discover operating system vulnerabilities services

and applications with problems in them or improper configurations and more and this is done before Outsider Intruders have the opportunity to cause some real damage penetration testers must be highly creative in their methods often using testing tools of their own design to break into the system under scrutiny penetration testers are required to keep careful records of their activities and discovered vulnerabilities on the topic of education requirements penetration testers typically earn a bachelor's degree in information technology or cyber security or other closely related subjects many employers additionally require applicants to have on relevant professional certifications too

last but not least we have the position of a security architect a security architect is responsible for establishing and maintaining network security for his or her organization security Architects work in all sectors of the economy for companies government agencies and non-profit organizations they may be employees of companies or independent contractors too and in addition to working on specific security systems security Architects develops and implements organization security policies and procedures for employees and others with access to computers networks and Data Systems to follow now security Architects are responsible for the Hands-On repair of issues raised in

the problem as well as an analysis of breaches following security incidents they typically work in an office environment on a full-time basis on the topic of the education required a job as a security architect normally requires a bachelor's degree in information security information technology or computer science some previous work experience is often required in addition to an undergraduate degree too okay so now that we've discuss the various career paths that are available in the cyber security domain let's discuss the salaries that go with them okay so the explosion and the demand for skilled cyber Security

Professionals combined with viscosity and talent has resulted in high wages and excellent benefits for qualified applicants so as you can see on the screen I have listed out the national median salary is available for some of the most in-demand cyber security careers so for example a ciso or a chief information security officer earns around 143 000 a year while a security director or a Computing networking or IT director earns around 120 000 a year and this keeps going down to I.T Security Consultants who earn around eighty thousand dollars a year okay so now that we

know the salaries that come along with cyber security jobs let's look at the skills that are actually required for having a cyber security profession so there are a number of core skills needed by anyone entering the cyber security employment Market whether starting his or her first professional job or transitioning from another computer related field here are a few of the key required skills so firstly we need communication skills cyber Security Professionals must have strong written and verbal communication skills as a job in the field requires them to communicate clearly and concisely with clients and Executives

as to what the problem is and how they are trying to tackle it next up they must be able to work in a team environment as it is a very important skill for almost any profession without a team member having a clear understanding of their responsibilities and how they integrate into the whole team no job is actually possible next up we also need some integrity and discretion by its very nature working in the cyber security field requires sensitivity to an organization security vulnerability issues and to be able to tackle those issues in a way that

engenders trust above that a person pursuing a cyber security career must have some organizational and problem solving skills as one of the most important characteristics of the cyber security business is the shear mass and complexity of data involved a cyber security professional must develop solid organization and problem solving because or must risk being overwhelmed by his job next up he must also have some programming skills as a variety of scripts and programming tools are often required to design effective cyber security programs then he must also have a good understanding of security principles such as the

CIA try it like confidentiality authentication privacy access controls and many other such Concepts next he must be excellent at risk analysis as cyber security personnels must be able to assess a client's particular security needs in light of its organizational goals which require knowledge or risk analysis principles above that Network protocols must be at the tip of the tongues of cyber Security Professionals as that is always what they're dealing with also they must be able to actually identify malicious code from actually good code and how they are propagated and the risk associated with it and last

but not least they also need to have a good information on Intruder techniques as analyzing attacks personals should be able to recognize known Intruder techniques and the characteristics and effects and identify new and future techniques by means of elimination of the known ones okay so now that we know the skills that you may require to become a cyber security professional let's look into the tools and technologies that you might be handling on a daily basis so the most effective tools employed by cyber Security Experts are software programs designed to protect against hackers viruses and the

like here are some of the most pressing areas of cyber security technology focused on today so the first is access management third party identity and access tools are used to provide additional protection for security Gap from Microsoft's active directory next we also have botnet protection which defends against botnet that would otherwise require individual identification and deletion and now since a lot of the information is moving to the cloud we also need some cloud-based security and there are a variety of cloud-based SOS 630 tools available for Network protection data encryption tools are also used to provide

added security for data as it's being transferred and data leak prevention tools also ensure system information is secure from Intruder access and stores information in Secure form in the event of a security breach nowadays we also have endpoint protection tools which address security issues for endpoints such as PCS mobiles devices Network and connected printers servers and many such as the peripheral devices we also have intrusion protection tools which prevent attacks from viruses and malwares designed to harm both software and Hardware next up we also have next Generation firewalls when compared to traditional firewalls provide additional

capabilities like integrated intrusion protection stateful inspection and application and identity awareness last but not the least we also have some wireless security which provides WEP or WAP security for data transmitted over wireless connections okay so now it's time we see the future prospects of cyber security careers and their estimated annual pay now according to Cisco Systems there is a distinct shortage of cyber Security Professionals particularly with those data science skills as a result of this scarcity many computer science workers particularly those current in the ID field are eyeing employment in cyber security indeed as job

growth goes it's hard to find a profession that outfaces cyber security according to the U.S Bureau of Labor Statistics for example job growth from 2012 to 2022 for information security analysts is projected to be a nice 37 percent compared with 18 for all computer occupations and 11 for occupations as a whole so why is job growth and cyber security expected to be so robust well cyber crime continues to be a significant and growing problem both in the United States and around the world and for example a record 79 of respondents to a recent pricewaterhousecooper study

reported that they had detected some sort of cyber security incident within the last 12 months now as the demand for cyber Security Experts grow as does a variety of cyber security job titles so here are a few examples of closely related careers along with their estimate a total annual pay so first of all we have a computer and information research scientist and to become one you need a doctorate in computer science or any Bachelors may be sufficient for some government positions they normally have a salary of around hundred two thousand dollars and have a 15

growth every year next we have computer and information system engineers and to become one you need a bachelor's in computer science or I.T or related fields and in some cases you also need an MBA they also have a handsome salary of 120 000 a year and a 15 growth about that too there are also computer hardware engineers and you don't really need much education to become one a simple bachelor's degree in computer science engineering is enough and you'll have a salary of around hundred thousand dollars a year and a growth of seven percent next up

we have computer network Architects computer network support specialist and computer programmers and most of them require a bachelor's degree in computer science information system engineering related fields or other communication related fields sometimes companies might even ask for an MBA degree according to their preferences also they have some handsome salaries like a computer network architect makes around 91 000 a year a computer programmer makes around 75 000 a year while a computer network support specialist makes around sixty thousand dollars a year so let's talk about the basics of cyber security first so security is more important

to Computing and the internet than ever before and the following well-respected security certifications will not only help you stand out from the crowd but also make you more valuable member of the I.T security Community cyber security skills fall into different categories such as secure coding vulnerability and penetration testing breach detection attack mitigation and so on now cyber security certifications come in all shapes and subjects from forensics to intrusion to ethical hacking they are typically administered by independent accrediting organizations like CompTIA EC Council giac isaca and ISC Square making a career in I.T security requires both

experience and certification cyber security certification qualifications are becoming a norm in many job descriptions today and organizations see quantifiable ways of measuring prospective employee expertise also DOD directive says that for certain levels of position in Security Department you should have one or more of these certifications to prove that you have knowledge and competency that are required within a position basically DOD directives provide guidance for training of government employees who conduct information assurance functions in their position which is why I'm going to discuss some of the best and popular certifications throughout the variety of Industry accrediting

organizations often divide the programs into three categories entry-level intermediate and expert level entry-level certifications are meant to ground you in the basics Foundation principles best practices important tools and latest Technologies intermediate and expert level certification presume that you have extensive job experience and a detailed grasp of the subject matter when it comes to getting the best cyber security certifications the variety of option passwords the purchasers while selecting hence to make a perfect decision it is better to focus on the knowledge and experience that it comes with here is a list of top-notch certifications being categorized

as entry treat intermediate and advanced as you can see in the entry level there is MTN networking certificate the very popular CCNA from Cisco com Tia Security Plus and gsec so these are some really good certifications for beginners then in the intermediate level there is a really good certification from is ACA like sssp from the EC Council there is the ceh certificate and then there is also the oscp and escp certificates for the advance or expert level there are cisa cism and cissp the list here is not even exhaustive I have just tried to include

some really good certifications here so you all can actually go check out and Google all the certifications that are available now let's unveil each of these since exam fees and renewal period can change I haven't included it in the presentation but I would recommend you check each certification website for the most up-to-date information when it comes to entry-level training you might start by considering certifications such as compti Security Plus we have our first certificate gsec which stands for giac Security Essential certification and sscp which stands for system security certified practitioner so com Tia plus is

an ideal industry level certification our recommended experience for this certification is two years as an ID admin with a security Focus you will then need to pass 90 question exam with a score of 750 or better out of 900. the Security Plus certification is also among the least expensive in this list but com TI is Security Plus is valid for three years you must earn 50 continuing education units which is also called ceu within three years to maintain your certification com TI is Security Plus is one of dod's improved Baseline for level 2 IIT security

technician however many consider it to be basic and lacking product specific knowledge therefore it may be undervalued by some employers despite these shortcomings com Tia Security Plus is one of the best ways to begin your security career all right now let me tell you all about the domains.com tis Security Plus certification covers so the certification covers most domains like network security access control identity management cryptographic Concepts application data post security compliance and operational and threats and vulnerabilities while taking your exam you can expect the questions from all such domains next on our list is gsec

which stands for giac Security Essentials certifications the global information assurance certification Security Essentials is another good to go entry-level infosec certification that is DoD approved for level 2 IIT security technicians candidates are secured to demonstrate an understanding of information security Beyond Simple terminology and Concepts the gsec exam is a fire 180 questions open book exam the exam is proctored and candidates passed with a grade of 74 or better although the exam is open book the gsec exam tests the candidates understanding and problem solving skills with scenario based questions you need to really know your stuff

to actually pass this thing the gsec is valid for four years and can be renewed with 36 continuing profession experience points it's important to note that this certification is called Security Essentials it actually also implies networking Essentials I recommend that you brush up on materials from CCNA com TI and network plus and ipv for subnetting the domain of gsec includes the following cryptography web communication security active defense contingency plans critical controls I.T risk management access control and password management window network security networking and its protocols next on our list of certifications we have sscp the

sscp certification from ISC square is a good intermediate level security certification you are required to have a minimum of one year of experience in one of seven designated security areas then you must pass a three a 125 question multiple choice exam with a score of 70 or better you also must certify every three years by earning 60 continuing professional education points sscp is seen as a relatively easy vendor neutral badge to obtain the certification is once the U.S Department of Defense approved Baseline certification for both level 1 and level 2 information assurance technical certifications now

let's discuss the domains it covers the content of sscb has been refreshed to reflect the most pertinent issues that information security practitioners currently face along with the best practices for mitigating those issues some topics have been updated While others have been realigned the result is an exam that most accurately reflects the Hands-On technical I.T skills and practical security knowledge required by practitioners to support an organization's Mission and operations following are the domains of the certifications Access Control Security operation and administration risk identification monitoring and Analysis incident response and Recovery cryptography networking and communication security systems

and application security so next on our list of certifications we have ceh the certified ethical hacker is an intermediate level certification focused on the prevention of most common attacks and securing systems and networks ceh is designed to ensure a strong understanding of hacking practices including footprinting recognitions scanning networks SQL injections worms and viruses dos attacks social engineering and honeypots see at certification requires successfully completion of a 4r 125 question multiple choice cyber security examination with a minimum of 70 score with the increasing number and awareness of cyber attacks the certified ethical hacker resonates with many

employers however there is some debate about the value of the certification in terms of difficulty the EC Council maintains a tight control over entry to the certification exam in order to be eligible to attempt the CIA exam it requires that candidates attend an easy Council official training program or provide employee verified proof of at least two years of information security experience the ceh exam is further categorized as core Advanced and expert however the general domains includes information systems and networking security controls recognitions fundamentals Network attacks system and device attacks regulations and policies and ethics so

next on our list of certifications again is cisc the certified information system auditor or cisa is icaca's validation for audit control assurance and security the main responsibility for a cisa is to assess vulnerabilities report on compliance and Institute controls within an Enterprise System this world-renowned certification will certainly set you apart from the competition and allow you to work anywhere you want while anyone can take the cisa exam getting certified has the following requirements so for firstly you need a year of experience in information systems or any qualifying educational degree next you need to have an

adherence to the code of professional ethics and also an adherence to the continuing professional education program and compliance with the information systems auditing standards the domains of cisa include the following acquisition development implementation operations maintenance and auditing next on our list of certifications we have cism the certified information security manager or cism is truly a management focused certification this is an ideal certification for seasoned ID managers security managers and csos the cism validates a vast range of cyber security skills and recognizes managers who promote these International Security practices if you are interested in I.T Security

Management the cism provides a multitude of opportunities while anyone can take the exam maintaining the certifications require 20 hours of continuing education every year and compliance with icaca's code of professional ethics the cism exam objectives include Access Control identity management Security Management policies and procedures intrusion prevention network security physical security security tools and security trends and the cism certification exam you can get questions from the following domains information security governance information risk management information security program development information security program management and Incident Management and response next we have the crisc certification another is ACA certification

which is the crisc helps professionals develop a better understanding of how it risk relates to the overall organization by earning the certification you'll develop the skills required to understand and manage corporate risk and implement the right security controls crisc is a program often endorsed as a necessity for c-suit executives as well as Chief compliance risk and privacy officers the exam will focus on four areas of risk identification assessment response and monitoring and Reporting and requires a minimum of three years of relevant experience to apply the domains and the certifications majorly cover the I.T risk identity

notification I.T risk management control monitoring reporting risk response and mitigation next on our list we have CI SSP the certified information system security professional also known as cissp from ISE square is arguably the current gold standard of infosec certifications it's an advanced level certification for it Security Professionals and is recognized and valued by both industry and government employers worldwide like Casp cissp is approved as a DOD Baseline for level 3 IIT security technicians that's where the comparisons and cissp certification is designed for Security Professionals who develop information security policies and procedures this is the most

advanced certification we've discussed so far and for many candidates it may require up to a year to prepare for the exam the certification exam is a 6r 250 question monster and in order to take the exam you must prove that you have worked at least five years as a security professional and you must subscribe to the ISE Square code of ethics once your cissp certified practitioner you must recertify every three years through at least 120 hours of continuing professional education and you must pay a yearly fee of 85 dollars to maintain your certification too cissp

basically makes your cyber crime investigator it's intensive but well worth it now let's see the domains of cissp so you will be challenged in a number of cyber security domains including security management practices Access Control cryptography security models and architecture telecommunication and networking now You Must Be Wondering there are so many certifications so how should I decide which is the best certification for me choosing the right certification is a bit of a challenge so you need to introspect a bit and ask yourself three questions the first question is what experience do I have because of

your experience you can opt for entry level or the intermediate level or the expert level while doing so don't forget to do a ground level research of the certification exam you are willing to take and also the certification authorities the next question that comes is what are your goals are you looking to get into the technical aspect of security such as penetration testing or incident response or are you interested in advancing your career into the management side of security choosing the right entry level certification can be a bit tricky because on one hand there are

certifications related to things that interest you but you have zero experience with in this case how does one obtain the experience one simple word volunteer volunteer your service in exchange for mentoring from an experienced professional another option is to seek out online communities and associations of professionals join these organizations and participate with them to gain experience needed the third question is what positions are available the Practical side of selecting security certifications comes from Human Resources what positions are employers seeking to fill or more specifically what positions are they seeking to fill in my geographical area

it is a good idea to do your homework to answer these questions take a look at the money job posting sites such as Monster search for openings using various certificate of acronyms [Music] let's say few of the top programming languages to consider while learning cyber security starting off with C and C plus plus we all know C is one of the oldest programming language out there and was developed in early 90s it was mainly used to develop software like operating systems database compilers and many more it is the excellent language to learn for programming for

beginners moreover after learning C it must be very easy to learn programming language like Java and python speaking about C plus plus it is a general purpose programming language which is actually an extension of C programming and the main use of C plus plus is to develop operating systems browsers games and many more so why should I use C and C plus plus for cyber security well you see both are low level programming language that you need to know as a cyber security professional this is because these languages have low level access to Hardware such

as RAM and system processing which are easily exploited by hackers if not protected so why are C and C plus plus useful in cyber security C and C plus plus are useful for reverse engineering and finding the vulnerabilities and on top of that a lot of malware is written in C plus plus this learning C plus plus is more important for reading and understanding open source code many cyber Security Programs such as nmap the network mapper tool are created using C plus next we have python we all know python is a general purpose object oriented

high-level programming language and is one of the most popular and widely used coding language due to its versatility it includes high-level data structures Dynamic binding Dynamic typing and other features making it ideal programming language for complex application development python is suitable for general purpose task like data managing and Big Data facilities it is a high level scripting language that is easier to learn than other low-level languages python is a useful programming language for cyber Security Professionals because we can perform variety of cyber security functions like Marvel analysis penetration testing and scanning apart from that python

enables cyber security managers who lead the team to implement projects quickly as python has extensive set of libraries which means that cyber security tools are already available and finally we all know python can be used for accomplishing multiple tasks such as host Discovery accessing servers Port scanning and network scanning this helps cyber Security Professionals to keep up with the task moving ahead we have JavaScript JavaScript is one of the most popular and widespread programming language it is one of the top rated programming language for web development moreover the growth of Frameworks such as jQuery angular

and react.js has made JavaScript even more powerful it helps program Farmers to build front-end as well as back-end software using different JavaScript based framework like jQuery and node.js however JavaScript comes with variety of Frameworks and libraries and its usage has now extended to mobile application development desktop app development and game development it is one of the best cyber security programming language you can learn if you are proficient in JavaScript you can make sure that website is secure enough to reduce or even eliminate web-based attack what I'm trying to say here is that JavaScript enables you

to design secure websites and user interface this is achieved by mitigating possible cross-site scripting attempts in web forms and minimizing other technical risks JavaScript also allows you to work with cookies manipulating event handlers and even perform cross-site scripting next in our plate we have PHP PHP is a server-side programming language that is used to develop websites PHP Powers 80 percent of the top 10 million websites thus making it most dominant server language on web there's knowledge of PHP will enable you to know how to defend against Intruders one of the most common hacking techniques using

PHP is Dos which stands for denial of service attack such attack usually attempt to make web applications unavailable to user by shutting down the websites how come make use of PHP to delete all the data on your website if you are not careful about how you've built it this learning PHP programming language can help you identify and solve one abilities in the PHP code moving ahead we have SQL SQL is a domain specific language used in programming it manages a data stored in database with organizations getting more data driven SQL is most sought out programming

language for managing databases you see SQL enables you to access records or data with just one single command just by using SQL queries the user will not have to specify the data that should be retrieved nowadays most hacker tries to exploit database with the intention of stealing or more verifying it whenever you attempt to log into a website a password stored in the database is bought up and compared with what you have typed while you cannot see it hackers take advantage of this by using SQL injection to extract sensitive data from organization and individuals it

can result in loss of critical information such as password bank account information Social Security numbers and many more therefore learning SQL can help you make database more secure I'm sure you might be wondering how right well an understanding of SQL its users and how SQL injection attacks enables you to manipulate website can be beneficial to Security Professionals since SQL injection is one of the top threads to web application security security Defenders will generally be helpful by Mastery of SQL to wrap things up some researchers claim that there is one language that is more or less

secure than other the truth is that there is no one best programming language it all depends upon what you are trying to achieve with it any programming language can be ideal as long as you create a perfect cyber security strategy now let's move ahead and see some of the projects to work with for getting hands-on experience on cyber security Concepts and principles start by working on key logger you see keylogger which is a shorthand term version of keystroke logger so what this software does is it has the ability to record every keystroke made by anyone

on that system this would be useful by hackers to get private information like net banking credentials account user ID and password and many more this concept of cyber security could be a great topic to glue a project on you see if you are a programmer or someone who is good at coding you can develop your own key logger and capture keystroke on your system and the project could be developing a keylogger or find a way for a key logger to capture stroke on a virtual keyboard as well keyloggers over the years have become more sophisticated

thus making it hard for AVS to detect them so as a project you can do a research on different ways to spot and detect keylogger from a system by reverse engineering it next on our list we have break a Caesar Cipher if you don't know what Caesar Cipher is it is a type of encryption method that was first used by Julius Caesar to communicate with his officials this encryption technique is also considered to be one of the first method which is still ineffective the concept of Caesar Cipher is pretty simple a letter of a given

text is replaced by another letter that comes after a number of other alphabets as a project using a logic behind Caesar Cipher you can build a small web app that can breaks his deciphers this would be a great project as a beginner as someone who's just getting started with cyber security this kind of project would give you confidence to make up to a bigger and more advanced project effect moving ahead to our next project that is Packet sniffing packet sniffing is one of the most important concepts of cyber security when you are in a get

to go of your cyber security journey and want to do a project around the concept you learn packet sniffing can be a great choice you see if you're learning cyber security in a training center they would definitely allow you to perform this task as your project but if you are using network of an organization an Institute then it is advised to take a pre-op permission of the administrator packet sniffing which is also known as Network traffic analysis is all about taking look at data packet that are sent across an internet and moves on your network

there are several tools available that captures packets such as TCP dump wind dump and many more finally on our next project we have SQL vulnerability assessment SQL injection is one of the most initial and important topics in cyber security over the years many websites have been hacked using SQL injection as mentioned earlier it is a type of injection attacks that is possible for hackers to execute malicious SQL statement therefore project on this concept would add significant value to your portfolio now moving ahead in our session let's see how we can encrypt and decrypt a message

using cryptography before we do that let's see what is cryptography well cryptography is associated with the process of converting ordinary plain text into encoded text it is a method of storing and transmitting data in a particular form so that only those who are authorized to see it can proceed with it cryptography not only protects data from thefts and alteration but also it can be used as an authentication before we move on and build our cryptography system let me give you a brief overlook so to give you a better understanding of what is cryptography right so

let's go something like we have two people over here let's say A and B now A and B are trying to have a conversation sometimes what happens is when we are on a web there'll be a third party as an intruder over here when A and B are trying to connect we obviously have an intruder we have this kind of intruders only when we are trying to have a conversation over unsecured Network okay so now what happens is these people have access to public Wi-Fi and there is an intruder over here so whatever conversation that

these people are having right it's going through them okay it's going through this Intruder over here so know what these guys do is they know that they are in a public network so they come up with a solution okay so if a is trying to send a message something like hello he will try to encrypt this okay he'll try to encrypt this say something like hello will be converted into o l l e h and he'll send this as a package to B and now as a knows B right so he will inform to B

as he receives this package which would be o l l e h he will tell whatever message you're receiving from my end try to just reverse it so now b gets the actual message right but now what happens with I who's our intrude over here Intruder will get the message o l l e h but now Intruder is done he doesn't know what this information mean and as I'm not providing any kind of clue or key so Intruder will not have any access or any information to get out of this so now what we're going

to do is we are trying to create a system where there would be two servers so we'll be using python Network programming although it's not necessary for you to know python Network programming to generate a cipher text okay so this is just to give you the feel of sending a message from one server to the other and what we'll do is we'll also have another includer over here okay the this person over here this server a over here it will encode the message and send the encoded message to both Intruder as well as our server

B okay now at server B what will happen is he will get the message okay which is encoded message and he won't have any access to this information whereas for B we'll be providing a key over here and using the key he will try to decipher the text all right so let us now quickly move to my code editor and see how we can implement this so as you can see I have come here to my ID that's I'm using pycharm here and I've already created three files so server one hacker one and client one

so server one here refers to the A Part a hacker is nothing but the Intruder and client one is going to be our receiver end right so what we're going to do initially is we're gonna have the server one okay before we move ahead right I'll just give you an example of what we're gonna do so we'll have like message here so you're supposed to pass in your message so we'll give your input okay and we'll give a small message something like please enter your message okay so now what we're gonna do is whatever message

we get it will be stored here in MSG right so now we are supposed to design our own encryption algorithm so what are you going to do for that will give something like ENC but before that what we'll do is let me just give an example what we are going to do so let's take like four alphabets okay so we have a b c and d right so now our encryption algorithm would be something like wherever we have a right it will become D if we have B it would be C if you have C

it's going to be B and if you have P it's going to be a so basically what I'm trying to say here is if this is a string okay our encryption algorithm would be the reverse of that okay so our encrypted message would have the reverse of that equivalent values so we'll Define our key here so key is gonna be is going to be a b c t e f g h i j k l m n o p q r s t u v w x y z and we'll also have to mention some

numbers right so it would be from 0 to 9 so 0 1 2 3 4 5 6 7 8 9 and then we'll give a space with an exclamatory Mark okay this is just to increase the complexity of our code okay so now what we are going to do is we'll create a dictionary okay okay so now we're going to create a dictionary right so we'll have something like encrypted message so e underscore m is G right so let this be an encrypted message this should be equal to dictionary okay so here what we're going

to pass is this thing right so like in place if it's a it's going to be replaced by exclamatory Mark so what we're going to do is we'll obviously have to reverse it so we'll have Val which would be nothing but reverse of this so how do I put a reverse of that it's gonna buy string slicing so key and minus 1. so this would give us the reverse value of this key now what I'm trying to achieve here is whenever I have alphabet a it has to be replaced by exclamatory Mark whenever it is

B it will be a space so now what we'll do is we'll have a dictionary then we'll have a zip but we are creating a dictionary right key value pair and then we'll give key and then value sounds good right okay so what we have done over here is we have created our dictionary so let me quickly print this dictionary and show you how it would look like so print okay so let me quickly run this here so we'll enter our message okay but we are not getting the encrypted message but we have something printed

here right so what this is telling is this is nothing but the dictionary so here a will be replaced by exclamatory Mark B over here would be replaced by space and C by nine so now let's encrypt our message I'm pretty sure this sounds pretty interesting so to encrypt our message we'll have encrypted message ENC message this would be nothing but thought join okay so this is because we'll be just doing the list comprehension right so it will be join and now what we'll do is we'll take this dictionary here e underscore message and then

we are going to pass letters or words you can say now where am I gonna get these words from so it's going to be from a for Loop for words in our message right so it's going to be this okay so after performing this right we'll have our encrypted message so if you don't believe me let me quickly walk you through this so let me print this print encrypted message ENC underscore message and let me comment this out we don't want to print our encryption key over here so let me quickly run this let's give

a message something like hi it's a beautiful day so anyone can read this out right now let's see what happens if I encrypt this okay so as you can see here we are getting an error right so the reason why we are getting an error is because we have an uppercase and we haven't defined any uppercase values here so in order to fix this all we need to do is use dot lower okay so over here we have message dot lower okay so let me quickly run this again so let me give the same message

it's a beautiful day just to prove you that you know this thing works I have the combination of uppercase and lower cases here and let me so as you can see we are getting this message in an encrypted form right so wherever we have space it's going to be replaced by exclamatory Mark and there's something which is not readable by anyone okay so similarly in order to decrypt this similar process so let me quickly show you that as well so for decrypting obviously we need the key part so this is the important thing so how

decryption works is something like we have decrypter Okay so let's give it as decrypt we are going to create something similar to this okay a dictionary okay so this is our decrypter and this is going to be dictionary and then we are going to have zip over here instead of passing key and value here we're gonna just reverse it so it's going to be value over here and key over here okay so this is done so similar to encryption decryption performs the same way so I'll just copy this here and paste it over here so

instead of encrypt message we'll give you a DEC decrypt message so same thing over here decrypt message and it's going to be same way here instead of message dot lower what's going to happen is we'll have to pass this value so let me quickly run this and show you what it would look like so let's say something like we are passing our card details okay so usually card details it would be like you know nine letters or so so we'll be like one two three and then we have space four five six and then some

number and then we'll also usually pass our name and all right so it's going to be like Let It Be Like A Eureka okay so answer CVV cbv is usually three digits right so it's three eight seven so now this number is very crucial as well as the first name as well as the CVV because anyone can hack it and try to misuse your account so now let's see our encryption and decryption work at the same time so as you can see here when I try to encrypt it so it's in a form of you

know some numbers which we cannot even comprehend to you know to get an output off so this is how this thing works and but finally when I try to decrypt it or when a person has a right key he can get the same and correct information so we can check here so it's one two three four three four five five six seven eight eight and so on and so forth in order to make this Caesar Cipher or encryption algorithm more powerful what I would do is I would give one more encryption key or encryption algorithm

thus making it more secure now what we'll do is we'll try to create a server okay so now what we're going to do is I'll create three parties here one would be the authentic sender and receiver and third party would be an intruder who is trying to spy on this people's Network okay so let's see how we can Implement that so first off let me create our sender here for in order to send this over the server we'll have to import socket okay so import socket okay and then we have something like we need to

get the message right so we'll give you a message MSG or let's give a full form m e s s a g e and we have to ask the end user to give the input so input please enter your message okay so now once this is done we want this thing this message to be passed through a server right so we'll have to create an instance of a socket so s is equal to socket dot socket and then within this we have some variables like socket dot AF underscore in it and then we also have

socket dot socket stream so it's going to be SOC stream perfect fine so now we have to bind it so you'll take the instance of this so it's going to be this dot bind within this we're going to pass a tuple so this will have socket dot get hostname okay and then we have to provide a port number so it's going to be 3 any number it's up to you okay so this is done so we will have another method over here called as listen and we'll give instance over here as five now we'll have

a while loop while true so this is the infinite while loop so we have something called as s dot accept right so this would return us two things address of our port and as well as the object that we need to send right so it's going to be like s dot access okay and now this would return us two things that's nothing but an object using which we can send a message and the address fine this is perfectly done and now what we are going to do is we have to send a message isn't it

so in order to send a message we'll have something like CLT dot send okay and here is gonna be our message so message this should remain the same so will not change but before this what we'll do is we'll try to encrypt our message okay so in order to encrypt our message as I mentioned we have to Define our key here so key is going to be and then we are going to have numbers space with exclamatory mark so in order to make it more complicated we can also ask some special characters like hash whatever

it is it's totally up to you and now we also have to have a value right so this would be like v a l and this should be just the reverse of our key so key will use slicing operation here and this should be done now in order to encrypt our message all we need to do is we need to just exchange these values right so we'll have message okay and so for this I'm gonna just use this dot join and then we'll use list comprehension so this is going to be like dictionary name right

so what's our dictionary name so we obviously have to give a dictionary name so let's give the dictionary name as encrypta so encrypt over here would be equal to the dictionary right so dictionary and we're supposed to have a zip this ZIP will have arguments like key which would be the keys and values over here perfect and now we have to pass an encrypter here and we need to pass the key values which would nothing be letters or we can give it as words so how do I get these words as I mentioned it's from

for low for words in message so this is the message right so this is the input message okay dot lower perfect so this is done so now what we're going to do is we'll save this before we run what we'll do is we'll create our receiver and also an hacker so the code for the receiver and hacker would almost be same just few differences so let me quickly go back to my page okay we need something for the receiver end right so we'll have import socket something similar to what we did before and then we

have something like okay give the encryption key okay so we'll try to perform two layers of security here what we'll do is if the person gives a correct encryption key size only then he will be prompted for next step to give the encryption key right so we'll have two layers of security so first off we'll have encryption key right e and C or we can give it as decryption right the EC key okay so first layer what we're going to do is if decryption key dot length or it's going to be here if it is

equal to number of alphabets okay that's going to be 26 right so we have 26 alphabets so apart from 26 we also have numbers right so we have how many numbers did we have let me quickly show you that so here we have 26 alphabets then we have numbers that is 10 that is from 1 to 0 and then we have three special characters with a space so it's going to be 26 plus 10 that is going to be 36 37 38 39 and 40. so it's going to be 40 right so so this is

going to be 40. I hope you understand why we got 40 right so if the length is same only then you go on okay so now we I need a decryption key fine okay so now if the length is same that says receive our message okay so it's going to be make socket we need to create an object of a socket so before that we need to import it so yeah we have imported our socket over here so let's create an instance of our socket s is equal to socket dot socket and then we'll pass

some arguments so it's going to be socket dot if then we have socket.socket stream okay and similar to earlier we have connect method here as well as dot connect wherein we're gonna pass the Tuple so it's going to be socket dot get hostname and mind it we're gonna fill this port number later the port number should be same as what we had before okay so we'll just give a random something like this here as of now and we'll change it later so whatever message you have received it's going to be like message whatever message you

receive is as dot receive and then we are going to pass number of bytes so you can just give any random value so I'll give here as 1000 it's totally up to you and then as the message is decrypted you have to obviously decode our message right so it's going to be message this will be message Dot decode and obviously it's going to be utf-8 okay so now we have the message let's try to put our decryption algorithm here so which is pretty simple it's something similar to what we did we need the value right

so v a l is going to be key we need all the values of our decryption key minus one okay so it's going to be decryption key here DEC underscore key so now we have the dictionary right so now we have to convert our message back to whatever it was so we'll we'll just give it as message or before that we have to create our dictionary right so we'll give it as decrypter d e c r i p t e r so decrypto is nothing but dictionary which is nothing but obviously the values will be

here first because we are receiving the values and then the keys so it's going to be decrypt key fine I hope you all understand till here and now finally what we are going to do is convert our message back to what it was so message then then I have join then we're gonna just use list comprehension so whatever is the name of our dictionary here be crypto and then we obviously have to pass letters or words and the way we get these words from for Loop for words in whatever the message we have received right

so it's gonna be here hope you understand this and now once we have our decrypted message what we'll do is we'll just print our message fine and now before that so if this fellow doesn't give the correct key input so we'll just say here else print you're not authorized for this information so now we have our algorithm ready here before that let's quickly fix this so let me go back to our server one okay so here as you can see we have two changes we have to copy this part and we obviously have to encrypt

our message before sending okay so before this we have to encrypt this into form of bytes which will be encrypted in the form of bytes right and then we have to message which algorithm I'm using here so it's going to be UT F hyphen 8. perfect so let me quickly jump here okay and let me pass this value here as well because this hostname should be same right okay so let me now quickly run this and show you how it would look like but before that let's copy our encryption key okay and then another small

change I would do is just give some space you know fine so now let me run this and show you first let me run our server one okay yeah so here let's give something like hi I am sending you my ID number and we'll give some random number let it be like 67 69 21 and something like that okay and just give some characters as well okay so let's hit enter so now it is expecting that you know we run our client code so let me quickly fetch that one now and yeah here we have

our client and we'll enter our presentation mode here okay and let me run our client right so here I'll click for run and then we'll have client over here this is asking me to give an encryption key first let's do one thing let's give some random encryption key so let's give something like this some random number that I'm generating over here and let's have some special characters so here it says you're not authorized for that information so let's now run this again and give the correct encryption key right so let's run this here and as

I've copied this earlier so let me just give this part and we should get our message hi I'm sending you my ID and this is so and so forth is my ID okay so now what we'll do is we'll create our hacker over here so everything Remains the Same all the mechanism that we have used for our client receiver everything Remains the Same only part we won't be having is this option for encryption key it would just be like receiving a message right because hacker will have access to this port number so let me now

quickly move to page empty sheet and let me copy all of this and now I'm gonna go here I'm gonna go for hacker here and let me enter our presentation mode okay so let me paste our code over here fine and let me quickly erase couple of things fine and then none of these would exist right so we won't have any of this but the message exists because we are receiving the message and even the if statement won't be there fine so let me kind of remove this as well okay let's fix our indentation issue

over here fine this is perfect so now let's run our code like if you're wondering why we don't asking the input key and all C only if a person is authorized to a system he'll be having all the features of a security system but if I'm a third party or an hacker I would have bypassed all of those security systems right so only thing that is standing in my way is this port number which is easily accessible most of the time it is accessible most of the time when you use this public Wi-Fi right so

let's now see how this car would receive a code okay so let's run our code here and let's go for our hacker okay so let me rerun this let's see where we are going wrong okay let's see if our encrypted message is working fine over here so let me just print my encrypted message fine and let me rerun our server okay so I'll have something like hello my bank details are so let me give something that resembles a bank account number okay and let's see if this works okay okay the issue that we are having

over here is because we are supposed to encrypt our message before this while true right okay so let me quickly get that fixed so all we're supposed to do is just have this over here cut this part and paste it over here fine I hope this looks fine so let me fix this indentation part okay so let me rerun our server again so let me give some basic simple words here hi I'm your friend okay so let's see yeah so you can see here it's working now right so let me quickly rerun this and put

some value that would resemble real life scenario so let's have something like I am sending you My Account Details okay fine so now this looks cool so now what we'll do is we'll try to run our code here again once again so we have run server let's see if our message is getting encrypted so My Account Details some random number that I'm giving here fine okay so it's getting encrypted okay so now let's run this once on our application that is Once On Our receiver another once on our the hacker okay right so okay so

we have our client here so let's see what happens client one and we'll run our client one so it's asking me to give an encryption key let's copy our encryption key here close this and rerun our client fine it's asking me to give an encryption key should be something like this and I would hit enter so I'm getting a correct value so let me rerun this once again giving a wrong encryption key okay so let me rerun this here and let me give hello I need info so it would say you're not authorized for this

pretty much simple right so now we'll do the same for how our hacker would have our message right so let's see how this would look like okay so I would run this now OutRunner hacker so hacker is over here so hacker would get an encrypted message I hope you got a brief idea about how to design a cyber security system right specifically cryptography [Music] let's see some of the top cyber attacks in history starting off with Adobe Ado was going through hell well you see Adobe announced on October 2013 a massive attack or massive hacking

of its ID infrastructure where personal information of about 22.9 million accounts was stolen which includes login IDs passwords name credit card numbers and expiry date and the file discovered on the internet later what number of accounts are affected by this attack was about 150 million to access this information hackers took advantage of security breaches at publisher specifically related to security practices and around passwords the stolen passwords have been encrypted instead of being chopped as per recommendation fortunately this led to banking data not being stolen this because of high quality encryption by Adobe the company was

attacked not only for its customer information but also for its product data indeed the most worrying part about Odo was about 40 GB of source code for instance the entire source code of cold fusion product was stolen as well as the part of source code of Adobe Acrobat Reader and Photoshop was also stolen so the next one is a target so people usually set as target targeted right so Target this is the second largest U.S discount retailer chain which was a victim of large-scale Cyber attack in December 2013. data from about 110 million customers was

hijacked between 27 November to December 15 including banking data of 40 million customers and personal data which included names postal address telephone numbers and emails and it was not the target who discovered that time the American Secret Service who detected abnormal banking movement and won the brand according to several U.S Security Services the hacker group was located in Eastern Europe it had installed malware in the cast registers to read information from credit card terminals the technique is known as ramscaping once the data has been hanged attacker resold it to the black market Target was Ultimate

ultimately required to pay over 18 million dollars as a settlement for State investigation into the attack moving ahead to the next one that is Sony so there was a panic at Sony in April 2011 Sony's Playstation network was attacked the multiplayer gaming service online games purchasing and live content distribution of Japanese brand contain the personal data of 77 million users was leaked banking information of tens and thousands of players was also compromised after the intrusion was detected PlayStation Network as well as Sony Online Entertainment were closed for one month to appreciate the user Sony paid

around 15 million US dollars in compensation plus few million dollars as a legal fees in addition to having to refund people whose banking accounts were illegally used this Cyber attack could have been largely avoided indeed hackers were well known about vulnerability that Sony chose to ignore data was unencrypted and could easily be hijacked to a very simple technique that is SQL injection moving ahead to our next Crisis that is at Equifax Equifax are American Credit Company revealed that it had suffered a cyber security attack over a course of months detected in 2017 it contained personal

data which had names date of birth social security numbers and private license numbers it contained information of about 143 million Americans Canadians and British customers as well as 200 000 credit card numbers so moving ahead we have a Cyber attack which occurred in South Korea South Korea learned in January 2014 the data from about 100 million credit cards have been stolen over the course of several years in addition to that 20 million bank accounts have been hijacked for fear of having their bank accounts emptied more than 200 million South Koreans had their credit card block

or replaced behind the theft was an employee of South Korean credit bureau he stole personal information from customers of credit card companies when he worked for them for a consultant by simply copying the data to an external hard drive he then resold the data to credit card traders and telemarketing companies as you see here this is a classic example of an Insider thread so the next ever attack that occurred was with Marriott Hotels you see information of about 500 million guests at Marriott Hotel was compromised their banking details date of birth and many other information

will have been Swift out it seems that the account or the hacking was taking place since 2014 but was only spotted during the month of September of 2018. Marriott was first alerted to the potential breach in September it said that there are internal security tools found someone was trying to access its database it then found out people seem to have been hacking its database since 2014 and they copied information apparently with the intent of taking it alright Guys these were some of the top Cyber attack that struck the industry so moving ahead let's check out

some of the challenges that we are facing with respect to cyber security starting off with ransomware attack ransomware attack have become popular in last few years and pose one of the most India's prominent cyber security challenge in 2020. according to cyber security firm Sofia about 82 percent of India's organizations were hit by ransomware attack in last six months you see ransomware attack involves hacking into a user's data and preventing them from accessing it until a ransom amount is being paid although ransomware attacks are critical for individual users but more so for businesses who can't access

the data for running the daily operation however with the most ransomware attack attackers don't release the data even after the payment Instead try to exploit more money the next most common cyber security challenge is iot attack according to iot analysis there will be about 106 billion iot device in 2021 iot device are Computing digital and mechanical device that can autonomously transmit data over a network example of an iot device include desktop laptop mobile phone smart security device and many more as adoption of iot devices increasing in an unpredicted rate so other challenges of cyber security

attacking iot device can result in compromise of sensitive user data and safeguarding iot device is one of the biggest challenge in the cyber security domain the next type of attack is the cloud attack we all know most of us today use cloud services for personal and professional needs also hacking Cloud platform to steal our user data is one of the challenges in cyber security for businesses we all are aware of the infamous iCloud attack which expose private photos of celebrity if such attacks is carried out in Enterprise data it could pose a massive threat to

the organization and maybe could even lead to its possible collapse finally we have phishing attack you see phishing is a type of social engineering attack often used to steal user data including login credentials or credit card numbers and many more unlike ransomware attack the hacker upon gaining access to the confidential user data doesn't block it instead they use it for their own Advantage such as online shopping and illegal money transfer phishing attacks are prevalent among hackers as they can exploit user data until the user finds out about it phishing attack remains one of the major

challenges for cyber security in India as a demographic here isn't well versed with handling confidential data so moving ahead let's see the future of cyber security the rate at which cyber crime is increasing is alarming almost every week a high profile cyber crime is being reported every business is in its own unique stage of digital transformation however it doesn't matter how far your business is going it should consider security as its topmost priority cyber Security Professionals will be in high demand you see the need for cyber security professional is a dire as with the passing

days as new attacks are being coined which are more harmful than the previous one these Rising threats require skilled cyber Security Professionals to help ensure safe art for the individual as well as for the organization we can also expect robust integration of artificial intelligence and cyber security tools and techniques this is because it improves security expertise analyzation study and understanding cyber crime it enhances security technology that companies use to combat cyber crimes and help keep their organization and customers safe we can also expect more of Automation in the future automation of many roles and tools

can also be heavily implemented this will allow performing a constant search for threats and deploying immediate remedies right [Music] what exactly is hacking so hacking is the process of finding valuabilities in a system and using these found vulnerabilities to gain unauthorized access into the system to perform malicious activities ranging from the leading system files or stealing sensitive information hacking is illegal and can lead to extreme consequences if you are caught in the act people have been sentenced to years and years of imprisonment because of hacking nonetheless hacking can be legal if done with permission computer

experts are often hired by companies to hack into their systems to find out vulnerabilities and weak endpoints so that they can be fixed this is done as a precautionary measure against legitimate hackers who have malicious intents such people who hack into a system with permission without any malicious intent are known as ethical hackers and the process is known as ethical hacking so now that we know exactly what ethical hacking is and who ethical hackers are let's go over the different types of hackers the firstly we have white hat hackers now white heart hackers is another

name for an ethical hacker they hack into a system with prior permission to find out vulnerabilities so that they can be fixed before a person with malicious intents finds them and does his job with it after that we have black hat hackers now black hat hackers also known as crackers are those who hack in order to gain unauthorized access to a system and harm its operations or steal sensitive information black hat hacking is illegal and has always been illegal because of its malicious intent which includes stealing corporate data violating privacy damaging the system blocking network

communications and much more following which we have gray hat hackers now gray hat hackers are a blend of both black hat and white hat hackers they act without malicious intent but for their own fun they exploit security weakness in the computer system or network without the owner's permission or knowledge their intent is to bring the weakness to the attention of the owners and getting appreciation in Tom's a little Bounty from the owners last but not least there are suicide hackers last but not least we have suicide hackers now a suicide hacker is a person who

works with the intent to bring down major corporations and infrastructure these kinds of hackers are not scared of the consequences of their actions as they mostly work with vengeance in their mind these people are also called hacktivists because they mostly utilize the technology to announce a social ideological reform or some religious reform or a political message in general most hacktivism involves a website defecayment or denial of service attacks okay so now that we've discussed the different kind of hackers that are there let's go through the different kinds of hacks that exist in the world now

that we have discussed the various types of hackers let's go with the different types of hacking now we can segregate hacking into different types depending on what the hacker is trying to achieve firstly we have computer hacking so this is the process of stealing the computer ID and password by applying hacking methods and getting unauthorized access to a computer system secondly we have password hacking now this is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system thirdly we have email hacking now this includes gaining unauthorized

access to an email account and using it without taking the consent of its owner for sending out spam links third-party threads and other such harmful activities fourthly we have Network hacking now hacking a network means gathering information about a network using a tool like telnet and slookup ping Tracer or netstat now these are done with the intent to harm the network system and or hamper its operations last but not least is the most common type of hacking which is website hacking now hacking a website means taking unauthorized control over a web server and its Associated

software such as a database and other interfaces [Music] let's get started with the phrases so the first phase is reconnaissance and also I'll be explaining each phase of ethical hacking with the help of an analogy so that it's easy for beginners to understand suppose there's a beginner it's the first video you're watching on ethical hacking or maybe you've watched a little videos and you know you don't have a lot of understanding of what ethical hacking is then it'll be easy for you to understand so let's start with the first phase firstly I'll tell you what

this analogy is so the analogy goes something like this suppose there's an enemy layer at a location and this enemy layer has got a lot of destructive weapons and you are the Army Chief who is assigned to you know attack the enemy layer and take control of this so my question to you is if you are actually an army officer you know who is assigned to make a surgical strike you got a lot of forces you've got the Army you've got tanks you've got Air Force all other command so would you just take all your

forces and go attack I don't think so yeah because first you'll have to create a plan and before that you'll have to understand the enemy layer so you'll collect basic information such as the location of the layer how to get to that location from the army base you'll collect more information about the building the number of flows and the surroundings of the building so similarly when it comes to ethical hacking you cannot just you know use tools or type something in your computer and just hack the target so to hack the target the first thing

you have to do is understand the target so this phase where you understand your target is reconnaissance so reconnaissance is basically the phase where the ethical hacker collects information about the target so that it's easy for him to understand how to actually hack the target so some of the basic information you would want to collect are the first one would be the IP address of the target suppose you are trying to hack a particular system in a network then you would want to know the IP address of the Target because you know the IP address

uniquely identifies the system in the network the next thing you would want to know is the IP address range suppose there's an organization with you know hundreds of computers and you want to hack the whole network you don't know which computer or which system has got the lowest security so to check that you would need the IP address range of the whole organization or the network the next thing you would want to know is the network you would want to know the architecture of the network and finally you would want to know about the DNS

record so these are very basic things very basic information to collect about your Target and depending on what your target is this information might vary so now I'll be talking about some of the most popular tools used for reconnaissance the first tool I'm going to talk about is search engine so I'm sure you're familiar with Google Yahoo and you know Bing so I'll give you an example okay imagine yourself in this situation where you are an ethical hacker you're the best in the city there's no one else who can compete your skills of of ethical

hacking and one day you are at your office and this guy a CEO of a big organization comes to you and he hands out the name of a website and he wants you to test for security loopholes or weaknesses on his website and he just walks away he doesn't speak a word he's an introvert you know so at this point you only know the name of the website you have you know no idea of what this application is or what your target is you only know the name of your website so what would be the

first thing you'd do so the first thing you would want to do is use the name of the website into a search engine so maybe Google the name of the website there are different search engines you can use as Google there's DuckDuckGo there's Yahoo this showdown and a lot of search engines so you just Google search or use whatever search engine you want to and then find information about your target so the first thing you'd get is the URL of the target the URL of the website using which you can find out other information such

as the IP address the IP address change and whatever information I told about in the previous slide so this is the first thing you would do the next tool you would use which is one of the most popular tool for reconnaissance is nslookup so NS lookup is a DNS querying tool and it's mainly used to get the domain name and the IP address map of your target so suppose there's an organization like maybe you want to you know collect information about the same website then you would run nslookup search on that and you'd collect information

such as the domain name the IP address map the range the IP address range and such information the next tool you can use is who is lookup so who is lookup is a browser-based query and response tool and it's mainly used to get the registration and delegation details of your target so suppose your target application requires a login so maybe the username is the email ID and using who is lookup you can find out who the website is registered to the contact information in and many other information so these information will play a vital role

when you're actually trying to hack the application so these are the most popular tools for reconnaissance moving forward to the next phase of ethical hacking so the next phase is scanning now let's come back to the surgical strike example you found out the location of the enemy layer you know you found out the way how you can go from the army base to the enemy layer and you've also found out about the surroundings but is this information enough you found the enemy layer you found the building but can you just go attack now no you

need a strategy you need a plan and for this the main thing you would require to know is which point of the building you can enter from so basically you scan the whole building to see which points you can enter from and whether these points are blocked or are they open because obviously there are enemies they have got destructive weapons so maybe a door is you know set up with a bomb with an explosive so you have to scan the building so that you can find a safe way to you know enter the building and

attack similarly when it comes to scanning in ethical hacking you found out the IP address the IP address range and many information but it's not enough now it's time to find out those points on your target which has got a weak security and where you can try to hack the target from so this phase where you find the weak points on the target is scanning the scanning is basically the phase where you find out points on the target system or the network from where the hacker can try to hack the target so these are the

weak points on your target that you can start the hack from some of the information you would want to collect during your scanning are there's active ports and active hosts so these are basically the ports and the hosts that are live and running on the system so there's no point if there's an organization and there's a network of 100 computers and 10 computers out of the 100 computers are turned off there's no point in finding out information about the 10 shutdown computers if you want to hack the network you would want to hack one of

the target that's live and up and running and that's why you would want to know about the active ports and the active hosts then you would want to know about the services being run on your target so these Services could be Security Services like firewall inclusion detection because obviously you wouldn't want your target to know that it's being hacked so you'd want to be a little careful so you'd find out services that are being run and then you would want to collect information about the application and the operating system so when I say a vulnerable

application and operating system it means the application or the operating system that is being used by the Target which is unpassed or outdated so most of the time when you are you know scanning your target you find out application or operating systems that are unpassed which have got security loopholes and you can use these weaknesses to hack your target now let's see which are the most popular tools used for scanning the first one is openvas openvas is an open source framework with several services and tools for vulnerability scanning and management the next tool is nicto

nikto is a command line vulnerability scanner and this tool scans web servers for Dangerous files cgis and outdated services so like I previously told while finding out information about the vulnerable application or operating system that if you find outdated services or unpatched Services there's a high chance that you can find out weaknesses on your target so nickto is a one says tool that will give you information about these outdated Services the next tool I'm going to talk about is Wireshark wires Arc is a tool especially used for wireless networks suppose there's a Wi-Fi network and

you want to you know scan this network then you can use wire suck and this is an open source packet analyzer and gives a lot of information about the wireless network the next tool and my most favorite tool is nessus nessus is a very powerful tool that provides high performance data capture and the reason I like nasus is it provides various types of scans so depending on what information you want about the Target or what type of Target is you know your system on the network you can select different scans so each scan will give

you different results using which you can hack the target so these are some of the most popular tools used for scanning so moving on to the next phase that is exploitation so now you've collected enough information about your target your plans ready you know where to enter the building from you know how to attack it's time to attack so now you call your force your tanks your army and then lead the attack and then gain control of the enemy layer similarly when it comes to ethical hacking you use different exploitation tools because your tools are

like your Force like your army and you use these exploitation tools to hack the tag okay so this is the phase where the hack actually happens so exploitation is a phase where the hacker takes advantage of the weakness and loopholes found on the target system of the network and then runs appropriate tools to hack the target so there are different steps for you know using exploitation the first thing is selecting the right attack so not every attack is applicable to every Target so depending on how your target is depending on what weaknesses you found on

the target you will have to select the right the appropriate attack then you will have to launch the attack on your Target and finally you will gain access of your target so some of the most popular tools used for exploitation are the first one is beef beef is a tool mainly used for penetration testing and it's a tool that leverages you know browser vulnerabilities the next tool is one of my most favorite and this is the tool that I mostly use it's meta start it's one of the most popular exploitation tools and this tool has

got hundreds of scripts to hack the next tool I'm gonna talk about is SQL map SQL map is a tool that automates detection and exploitation of SQL injection flaws so I'm sure if you are a beginner you don't know what SQL injection is but stay tuned you'll be learning about SQL injection and a lot of different hacking methods in the coming up videos so this tool is mainly used to take over database servers moving on to the next phase it is maintaining access so now the surgical strike is done will you just leave from the

enemy layer no you wouldn't now you would take actions to maintain you know the control over the enemy layer because you wouldn't want your enemies to occupy the layer again and then store destructive weapons because if they did if you just left and the enemies came back you would have to carry out another surgical strike to gain control over your enemy layer so this is maintaining access when it comes to surgical strike so when it comes to maintaining access in ethical hacking the hacker maintains you know a connection between the target so that if he

wants to use a Target later in time he doesn't have to you know start the attack right from the scratch he just directly access the target so this phase is maintaining access so maintaining access is a phase where the hacker installs softwares or makes changes on the target system after the target has been hacked so that he can access the target later in time directly without having to you know hack the Target right from the scratch so some of the ways are doing this are there are different ways but I've listed down you know some

of the most efficient or the most popular ways so the first one is installing back doors so backdoors are basically used to bypass login or authentication then the next way is creating new users suppose your target requires you to login to do something on your target then you would create a new user with a new username and password and later in time when you want to access the target you would use this username and password to log into your target another thing you can do is escalate the Privileges suppose you want to run certain system

commands on your target or certain system services on your Target and to run these system Services you need super user privileges then what you would do is make a normal user a super user and then use this user to run system services on your target the next thing you can do is install rootkits rootkits are software is used to enable access on your Target and finally you can use Trojans so let's see which are some of the most popular tools used for maintaining access the first tool is power supply Powersport is a tool mainly used

for Windows operating system and this tool is used to connect to the victim's Power Cell so if you've used Windows operating system you should know that you know a power cell is a place where you can run system commands from so when you are hacker and you hack a Windows operating system and you want to do something on that system maybe you know delete the files copy the files or run any Services which actually you shouldn't do you shouldn't be you know deleting the files of anything because you're on the track of being an ethical

hacker but I'm just telling you for example if you want to do any such thing then having access to the victim's Power Cell will be really useful the next tool I'm gonna talk about is Weebly Weebly is a PHP website that can be used to install stealth backdos or to manage web accounts and then you can use DNS to TCP DNS to TCP is a network tool that relays TCP connections through DNS traffic you probably don't understand a lot when I'm trying to explain about these tools but you know given time when you're learning maybe

watching the next videos I'm sure you'll understand all these topics so for now just know about these tools and yeah that's all so let's move on to the next phase that is covering tracks so you're done with a surgical strike and you've gone control over the enemy layer so the main thing you would want to do is keep your strategy of plan confidential because you wouldn't want the enemies or any unauthorized person to know what your strategy or plan or any information about your surgical strike so you erase all the details regarding this but when

it comes to ethical hacking it's a little different a hacker erases all the details all the information regarding his identity and also how he carried out the exploit so that the target doesn't know that someone has hacked the Target first of all and if at all he knows that his system was hacked then he shouldn't be able to trace back who this hacker was so covering tracks is a phase where the hacker hides his identity and also the way the expert has happened so he wouldn't want the target to know how he was hacked there

are different ways of doing this some of the most common ways are clearing the cash and cookies then you would want to Tamper the log file suppose like I told you in you know one of the slides if your target requires you to log in using a username and password and you've done that you've logged in using a username and password then you would want to delete these log files so that the target doesn't know that some other user had logged into his system then you can close the ports that you might have started or

stop the services that you might have started in order to install backflows rootkits or whatever purpose you did it for so this is covering tracks and the final phase of ethical hacking is reporting now we are done with the surgical strike you've cleared all the evidence all the clues all the information and now you have to inform your higher officer on what actually happened so you would inform him how you found the layer what was your strategy what was your plan what weaknesses you found on the enemy layer and how did you actually gain control

of the enemy layer so you create the documentation offered similarly when it comes to ethical hacking instead of reporting to a higher officer you report to the Target organization you tell them what weaknesses you found on the target which weaknesses the target was vulnerable for and which attacks you use to hack the target so reporting is basically a phase where the hacker creates documentation of the weaknesses and loopholes found on the target the way he used these weaknesses and loopholes to hack the Target and also mention certain precautions that the target can take to make

this security better so like I told you earlier this is a phase that differentiates a malicious hacker from analytical hacker I'll tell you why now because as an ethical hacker you know what you should do you should tell the target organization about the information found the way you hack the Target and also tell them how they can make the security better but a malicious hacker wouldn't do this a malicious hacker would hack the target would hide his identity and whatever purpose he hacked the target for he just do it and you know vanish so this

is the phase that differentiates a malicious hacker from an ethical hacker so these are the six phases of ethical hacking so if you want to hack a Target successfully and efficiently I suggest you follow these steps and maybe while you're practicing you think reporting is not really that important because you know you have your own Target you're trying to hack it you hack it successfully you might think why should I create a report for this but let me tell you make a habit of creating reports right from the beginning so that when you actually are

working for an organization it's pretty simple you know what details to include and it'll be very helpful so you know don't take any of these phases lightly practice each phase you know with dedication now let me tell you about some of the great hacks that have happened over time I made a list of four hacks I know there are hundreds of great hacks that have happened but I've made a list of four hacks just to give you the idea of how powerful a hacker can be so the first hack I'm going to talk about is

the FBI hack so in 2016 the entire database of FBI was hacked and the identities of all undercover FBI and Homeland Security agents was made public due to which a lot of lives were in danger the next hack is the NASA hack a hacker hacked into NASA and downloaded the source code used to run the International Space Station and to fix this issue NASA had to shut down its Network for three weeks so just imagine how powerful you'd be if you have the source code to run the International Space Station on your system so this

is how powerful you can be as a hacker but you can only do this when you've got enough skills let's move on to the next Hack That is the commercial sites hack a student of a university launched a Dos attack with 70 Plus Computers on 50 plus networks which affected a lot of commercial websites such as eBay Amazon Etc due to which these commercial sites face a lot of business laws and the final hack I'm gonna talk about in this session is the noble hack so a hacker hacked into different banks around the world and

then stole money from these Banks and instead of using it for his own self he donated this money to the countries living below the poverty line so his intention was noble and that's why I've named this the noble hack though his intention was Noble what his did was illegal and all of these hacks the four hacks I spoke about was just to give you an idea of how powerful you can be but all of these hacks were made for illegal purpose as an ethical hacker you should not be involved in any such illegal activities because

that's not what ethical hackers do as an ethical hacker you should always contribute to make the security of the system the network basically any digital you know Appliance or digital device the security of these digital devices better now Kali Linux is a deviant based Linux distribution aimed at Advanced penetration testing and security auditing Kali contains several hundred tools which are geared towards various information security tasks such as penetration testing security research computer forensics and reverse engineering Kali Linux is developed funded and maintained by offensive security a leading information security training company nakali Linux was released

on the 13th of March 2013 has a complete top to bottom rebuild of backtrack Linux adhering completely to Debian development standards Kali Linux is specifically tailored to the needs of penetration testing professionals and therefore all documentations are actually addressed to them in knowledge of and familiarity with the Linux operating systems in general now as you guys might also know that Kali Linux is basically any Linux distribution that comes pre-loaded with bunch of penetration testing software now some might argue that Kali Linux is not really necessary but well it does save you a lot of time

if you are a penetration tester aside from saving a lot of time there are a number of reasons that you should be using Kali Linux for now let's go over the reasons one by one first of all Kali Linux has more than 600 penetration testing tools included now that every tool that was included in backtrack did not actually make it to Kali Linux a great number of tools is simply not added because they do not work or because they duplicated what other tools did so now you have a bunch of tools that serve a specific

purpose and they are basically not cluttering up your computer with duplicates and useless tools the second reason that you should be using Kali Linux is because it's free and it always will be now calling Linux like backtrack is completely free of charge and always will be and you will never have to pay for using Kali Linux the third reason is an open source kit tree now Kali Linux is committed to the open source development model and the development tree is available for all to see all the source code which goes into college Linux is available

for anyone who wants to tweak or rebuild packages to suit their specific needs then another reason for using Kali Linux is a wide-ranging wireless device support a regular sticking point with Linux distributions has been supported for wireless interfaces Kali Linux has been built to support as many wireless devices as you can possibly think of allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices more adventurous users to customize Kali Linux to their liking all the way down to the kernel which brings us to

the kernel now and the last reason according to me that you should be using Kali Linux is because custom kernels and patched for injections so as penetration Tester the development team often needs to do wireless assessment so our kernel has the latest injection package that allows you to do so with much ease so this was six reasons as to why you should use Kali Linux and you can find a lot more reasons on the Kali documentation so you can go through them if you want now this brings us to the main agenda of our video

today so with that out of the way now that we know what Kali Linux is and how it works and why you should be using Kali Linux let's go over the topics that we are actually going to go through the course of this video today so through the course of this video you could expect to learn a bunch of stuff so firstly we'll go through some command line Essentials because Kali Linux tools are mostly in CLI format so we have to be well versed with the command line Essentials so that's the first thing that we're

going to tackle then we're going also going to tackle how we can stay Anonymous using proxy jng and Kali Linux we'll be talking about map Changers and we'll be also going into the whole realm of Wireless penetration testing we'll be checking out tools like aircrack NG and we'll be also testing on how we can Brute Force some WPS pins we'll be going to router vulnerabilities and some other miscellaneous topics that I couldn't really group into one so without wasting much time let's dive into the first topic for today and that is command line Essentials now

the way that this video is going to follow is that most of the times we are going to take a Hands-On approach to learning how to use things in Kali Linux because I'm a firm believer of actually practical work for learning any sort of thing so we will be using a lot of practical work and I completely encourage you that you go ahead and download and install Kali Linux you can do it on a virtual machine or you could try and dual boot that thing I'm not meant to teach you how to do that in

that video because there are tons of videos out there that teach you how to install Kali Linux what we're going to do first in this video is that we are going to take a Hands-On approach to firstly learn what the command line Essentials are now as you might have already realized there are some theoretical aspects that we might need to tackle from time to time for example what is the MAC address what are proxy chains fill me into learning some Theory so for the theory we'll have to go through the obvious evil and that is

PowerPoint presentation slides so I apologize for that from before but I assure you that most of the time we are going to be looking at a computer screen and I assure you that you will have tons of fun if you just follow along with me okay another disclaimer that I would like to add before we actually continue with our Kali Linux course and that is this is not the entirety of Kali Linux Kali Linux is a huge thing and this is just not it so these are basically what I find interesting and what you may

also find interesting and these can cause a bunch of damage if you're doing it without permission and and damage comes with repercussions which could include you being arrested and that is not my fault again I'm saying disclaimer if you do this without permission you will get arrested and that is no way my responsibility because this video is just for educational purposes okay now with all that aside let's move ahead and learn about command line Essentials okay so now it's time that we go through the command line basics of any Linux terminal now the Linux terminal

is a very powerful tool it allows you to move around the whole operating system through the files and folders it allows you to create files change their permissions change how they behave and a bunch of other things you can do filtering you can grab stuff the specific stuff from a specific file and there's a bunch of interesting thing that you can do and that's an ethical hacker you will be working with a Linux distribution most of the time whether it may be Kali Linux or some other thing like parrot OS but you will be working

on Linux most of the time because it's a powerful tool for networking analysis and scanning and all sorts of stuff that you want to do as an ethical hacker so the First Essential step is to actually know how to use the tool that is available to you and that is out here which is the terminal now as I'm running this on a virtual machine you might find that my execution times are much slower and that is because I have a very very slow laptop because my virtual machine is actually eating up a lot of my

Ram and I have a bunch of other processes that are also rendering I do this on my free time so let's go ahead and go through the commands that we are going to actually go through now let me actually make a list of commands that I want to teach you guys so let me see if Leaf pad is available firstly Leaf pad is basically a text editor so the First Command that we are going to start off with is CD Now CD stands for change directory now at this moment we are in the root directory

as you guys can see we can and print the current working directory with the single PWD and that is the current working directory as you see it's called root and suppose we want to change our directory to the home directory so all we have to do is CD the stands for change directory as I just said and specify the path now Siri slash home okay so once we're in home I want to make a list of commands that are used on the CLI that I want to teach to you guys so what would I do

I would firstly see if any files are available that I can edit okay so these files are available but let's create a new file for ourselves so firstly let's do Nano list dot txt now what Nano does is nano will open up a small command line text editor Now command line text editors are very much used by ethical hackles because they save a bunch of time if you're always switching between GUI and command line because you'll be doing a bunch of stuff on the command line and suppose you want to write something you are always

switching to GUI it's a wastage of time and you want to save time as a network so you can use this thing called the command line editor and it's it can basically do most of the stuff a GUI editor would do now you say Nano and the name of this file so Nano basically has created this file now and it has opened up this new fresh window which overwrites the command line that we were in The Bash and this is the place where you can actually edit what goes into the file now let's see the

list of commands that I'm going to teach you I'm going to teach you LLS LS will be the list of files we did CD we saw a PWD so that was the print working directory we'll be looking at how you can copy stuff with the CP command then we'll be looking at MV which is basically move then we'll be looking at cap and that's an interesting one and also less which is another interesting thing and we'll be looking at grep which is actually used for graphing or grabbing things from files that you might want to

see you'll see what I mean in a short while we'll see echo which probably does what you think if you have any experience with the Linux then we'll be doing touch and we'll be doing make there which is make directory and then we'll do in ch own CH mod then one of the most dangerous commands has RM and then you can do man plus Health okay so these are the list of commands that we are going to go through in this part of the video so suppose I was making this video and I wanted to

save this somewhere so if you see down here there are a bunch of options that I showed you now this carrot sign might be not really thinking that the shift six one it's not shift six it's actually a control so carrot is control and then G of course means G so if you go Ctrl G it will actually get help now what we want to do is save the file and that is Ctrl o and that is right out so what we want to do is say Ctrl o and now it's gonna say if we

want to name the file list. XT and we want to name the file and it says that we have written down 15 lines so that's how you save a file now all we want to do is exit out of here okay so first let's go LS and let's go through whatever there is so LS shows us the list of files that are there in that directory now LS can also show you the list of files in a directory with the paths that you specify like if I say LS VAR it'll show me everything that is

in VAR okay there are a lot of interesting things in bar so let's head over to vars CD slash bar and you hit enter and now we are in the folder VAR so now to actually demonstrate how powerful lattice is we have a few Flags now to see the flags of any command you can just do dash dash help universally throughout the Unix one line so out here you see some information that is kind of tough to read but if you go on top and scroll out here you'll see all the flags that you can

use use with the command that is LS and how you can use them so you can see what to use and you can read a little bit about it so if you use all it ignores entries starting with DOT so suppose we were to do LS and VAR let's see so it shows us like this now if we do LSL it'll show a long list with more information so these are the permissions that you see out here we'll be seeing how we can choose permissions of files soon enough and this is who owns the file

the user and the user group this is the file number I guess I'm not sure this is when they were created the name of the file this is the time when the file is created I guess okay so that's how you get very detailed information about all the files now there's another thing you might want to use with ls and that is the attack so you can go LSA and it will show you all the hidden files also so now you see some two files that were not shown out here our file list begins from

backup but when we do LS slash I mean hyphen La we see two more files that is Dot and dot dot so let's see if we can move into that CD Dot so we can't even move into that so that's interesting so these are hidden files so these are not seen to random users and we can actually do stuff with them we'll see how we can use hidden files later on so if you want to show hidden files through LSU all you have to do is LS and hyphen L A so that was all about

LS so let's move back to slash home where our list of commands that I want to show you all was so CD home let's LS and see what was it called it's called list and suppose I want to see the contents of list.txt all I have to do is say lists.txt now it shows us whatever this file is containing it'll read it out for you so we've done CD we've done LS and it's various forms we've done PWD now it's time to do CP so CP is basically used for copying files from one place to

another so suppose I want to copy this address file that is there into some other directory let's say VAR so all I would have to do is CP named.txt and then you specify which location you want to actually copy it to so CD slash VAR so this is where I want to copy my file to and you hit enter and it's copied but that was a very small file now we can actually check if it was copied before I move on and pour some more knowledge into you so let's go into VAR so CD slash

VAR hit enter and you're in war again and you see LS and now you see a name.txt so let's remove name.txt from here because I want to copy it again and show you all a difference between a flag that I'm going to use right now so the hyphen and letters that you use are called Flags technically in the Linux terminology so let's go back to home now instead of the name of the file and moving back home just like I did you can type out the complete name of the file out here so you could

have gone CD slash home slash name.txt and copy to slash bar but this time what we're going to do is we're going to use a hyphen V which is basically used for a verbose output of whatever you're doing so most of the commands that we're going to using will have a hyphen V with them so let's see how this actually affects the output so what we're going to do is we want to copy so CP and verbose and we want to copy the file name.txt and we want to copy it to the folder called VAR

right so now you'll see that it will give us what is being moved rather that is name.txt and where it is being moved to so this is a very good way of knowing what is actually happening because if you do it without the verbose part and suppose name.txt was just 20 GB file and you just don't know if it has finished or not so if it's a 20gb file it'll continuously update you on where what is being copied so basically all you have to do is type hyphen V if you want to know where your

files being copied in the exam jackpot okay so that was about how you can copy files from here and there now what was the next command that we want to see so cat so let me just go and see the next command that is there so list.txt so after that I want to show less Okay so we've done CP we also have to do MV now as you guys can see that CP is basically a copy copy is as you would expect it leaves a copy of the file that in the original directory while also

maintaining a copy in the directory that you specified but if you want to move the file completely all you would have to do is use the command MV so MV is for moving the file now let's see what all goes with MV so you can type help and as I said you get the verbose option and you get suffixes you can force things to happen so suppose you don't have the permission do not prompt before overwriting so it'll give you a prompt and you can completely Overlook The Prompt with the F thing so let me

just show you how that looks like we'll be doing a verbose and we will stopping the address the txt file and okay so every time I've been actually typing so you can do address.txt by just pressing Tab and it'll autocomplete so address.txt to slash VAR now it'll show you that it is actually renamed address.txt to VAR address.txt now if you go and do LS out here you will see that address.txt is not actually here but if you were to move to bar so CD slash bar okay I've also been typing out commands that have been

previously using and you can simply toggle through all the commands that you've used by the up and down keys so LS and we MVB help Catalyst I did CD home and now I have to go through all this just to prove a point it's a CD bar we want to change that now we're in the variable folder and we also want to see what we have out here so address should be out here and LS and as you guys can see address.txt is the first file that has come up and it is basically the same

file and it can prove that to you by just getting the file and as address.txt and you see that is some random address for some random person okay now let's quickly clear our file our window you can do that with the control l or you can just type out clear now what we want to do is move back to home home so yeah City home okay so now that we're back in home again let's get out our next file so let's start txt and after move I've already go through cat now cat as you guys

can see is printing out the contents of a file and there's also less which does something very similar to cat so let's see what it does so if you go less and do list.txt you actually see the contents of the file in a completely new window which overlays on the previous window and this is a very neat way to actually see the contents of a file which is through less if you want to keep your main command line interface not so cluttered which cat clutters it completely so if you want to get out of this

place this less place and all you have to do is press q and Q gets you back and as you see nothing was printed out on our main interface so this is a very cool way to actually keep your command line interface neat and tidy when you're doing work okay so grep so grep is used for actually filtering out stuff from a file so suppose we want to see whether a command has some verbose option to it or not so now I know that MV has a verbose command but suppose I didn't know that so

MV dash dash helps then you use the pipeline so what the pipe sign means is you have to take this command the First Command and then you pipeline through the second command and you want to see graph hyphen V if that exists okay so let's see grab for both yep so a verbose exists and that is hyphen B and that's hyphen knife and verbose so explaining what is being done so what happened out here is basically we took this first command and then we filter it and filtering is done through the piping so basically think

about you're taking some information and pipelining it through something else which funnels it out of this command which is grip so you can use MV slash help in conjunction with a bunch of other commands just on crap and I'll leave the creativity up to you so grep is basically used for getting what you want from a file and graph is used very very much throughout this course of this video through the skylinux tutorial that you're going to be watching so that is a very easy way to see if you have a particular option or let

me do something else also so CD slash VAR now we're in the VAR folder and let's LS we actually have name.txt now let's also go into backup so cdb and tab and brings us backup folder and we're now in the backup folder Let's do an LS out here okay so we have a bunch of files okay we have some password dot back no see if you have cat and you go password dot back you can see the entire thing now what if you didn't want this entirety of it or if you wanted something in particular

you want to be very neat so you can do that same command you can pipeline it and you can say grab and you want everything with no login so we can see that there are a bunch of things that say no login and we only want those and these are all the things that say no login in them and it's a much lesser list and it gives us a very particular list that you are looking for so that is how you use crap so now let's head back to home uh okay I type that wrong

and again let's see what the next command is so now let's start the XT so we've done grep we now have to do Echo Echo and then touch okay let's go back Q so we press q and we get out of there so what did I have to teach again I'm such a dummy we have to Echo okay so what is the echo used for so suppose you will say Echo and open code hello world it would basically do what command says and that is Echo whatever you say now it'll say Echo hello world and

that will basically Echo whatever you typed out in the quotations that is Hello World spelled very wrong okay now suppose you want to actually put this into a file so you could do Echo hello world let's spell it properly this time and you want to insert into file we had a phone number I guess phone number.txt yep and we can Echo it into that thing now that was done now let's see what is it phone number.txt phone number.txt and it says hello world so you can basically input text into a certain file with the echo

command and that's how you do it okay now let's also see how you can make directories and that is with the make directory come on so okay we also have to do touch before that I forgot now touch is used for quickly creating files so touch you could say touch and then the file name so we can create a name file again name.txt or that will create a name.txt let me just show it to you LSL and we have a name.txt we can also create multiple files with touch and you could say file one file

2 and file three so like this you can create multiple files and let me just LS that out and show it to you LSL and we have file on file two and file three now we can also create a directory so make dir and the name of the directory so suppose you wanted to say all your movies in One Directory the make directory movie and now you have directory called movies and you can also move into movies so CD movie okay so that's how you create directories and you can move into them and with the

change directory folder now let's see what the next command was so CD and dot dot so with cd.you can move back to the previous folder if I'm already not told you that and since we're in movies we can just go back to home with CD dot after now let's see what else is there so cat list.txt and okay now Cho and chmod now CH own will be a little tough to show because we don't have any sort of other user out here the root user is the only user that we have on this virtualbox as

setup but if you want to change the ownership of a file let's say so you can see the ownership of a file through the LSL command and you see that root and root so this is the owner name and this is the owner group and they're mostly the same thing so our next command that we are going to actually see is called CH own so let's see how CH own is actually used CH own is used for changing the ownership of a file so I actually don't remember how to use CH own so if you

actually don't remember or you're getting stuck somewhere just use the help function so if a command line argument is symbolic so let me just go through this one so this is how you use it owner and then colon group okay and then the file name so you go CH own and then you want to say the name of the owner and the group you want it to belong to that is root and root and then you specify the name of the file so suppose I won't change file one now it already belongs to root and

root so it doesn't really matter because I don't have any other username to actually change the ownership to so this is how you would normally change ownership so let me just show you where you can see the ownership and that is LS hyphen L and I'll share the root and root you see on file one is basically this is the owner and this is the owner crew they're normally the same thing and the same name game but if you had some different owner like a guest you could change it by actually using the CH own

method or the command methods are different things I always get confused because of the programming okay now the next command that is left is called chmod to actually show you how chmod works let me show you an interesting file so suppose let me just do this once okay now Echo what we want to Echo is let's Echo hello world and let's put that in quotation and we want to put this in test now once we've done that let's LS and we see that we have a test file out here and we want to move test

to test.sh so test.sh is the executable file that is used in bash scripting so we move test test.sh and the way you actually execute batch files on your command line is with the dot and the slash so you say dot slash and if I press T and I press tab you see that there is no options that's coming up that is because test.sh is not an executable file so test.sh is don't have the executable permission so let me just show that to you LS and you see test.sh it doesn't have the executable now you see

movie it is executable I don't know why it is a directory so it is an executable you can move into it so it's blue in color so the way you actually can make this an executable is by changing its permissions so the way you do that is chmod and basically you change it to an executable so plus X that is making an executable if you do plus r it'll make it treatable and if you do plus W it'll make it writable also so if you do plus X and do test dot sh and now you

go and do LSL you'll see that s dot sh has become green because it is an executable file now and now if you do dot slash and you press T you get test.sh if I press tab so now it is an executable file and if I execute it it presses out hello world under my screen so that's how you can use the CH mod or which is basically the change of permissions or files and we'll be changing permissions of files throughout the course of this video it'll be very useful for us and you'll see as

we go along with this video okay so the next thing that I want to show you only to our left and I remember those now and it is RM and RM is used for actually removing files so you should be very careful by using RM or any sort of removing command on a Linux system because once you remove something it is very difficult to get it back and it's almost near impossible it's not like Windows where it's basically just disappeared in front of your eyes but it's still there in the memory cluttering it all up

that's why Linux always trumps Windows that's one of the reasons I'll make a video on that later on but for now let's focus on RM now we can remove file one so let's see so file one is going to be removed so if we LS now you see file one doesn't exist but let me show you RM and if I do movie it'll say cannot remove movie as a directory but if you go into the help menu I bet there will be a option that you can just forcefully remove it so RM force will just

remove so RM slash R and you can do movie and it'll recursively remove everything and if you go here and do LSL you'll see that there is no movie directory anymore and that is how you can remove movies now the problem that you see out there is actually a safety measure because once you remove a directory and it's not retrievable that's a very sad scenario and you don't want to get yourself in such a scenario in whatsoever possibility okay moving on so on so forth that was all about the RM folder now you can do

RM and the address of anything so RM I know we moved and address.txt so into the VAR folder we can go RM VAR and address Dot txt and the Apple remove address.txt from the folder of our let me just show you that work so CD bar and LS and you see that there is no address.txt out here okay another way to get help for any command that you want is man and suppose you want to see about RM it'll show everything about RM that is there to show to you it'll show you how to use

it it'll give you a description synopsis the name remove files or directories it's a very useful way so out here you see is the manual page so that is where it means man and you can press line one or etcher you can press Q to quit so that's very much helpful okay guys so that was all about the command line interface and how we can use it to go about the operating system and change file permissions copy files move files and a bunch of other stuff now it's time to get on with the interesting stuff

and that is firstly we're going to be learning how you can actually stay Anonymous with proxy James okay guys so now that we are done with the command line Basics it's time that we move forward with proxy James so before we move forward with proxy chains let us head back to our PowerPoint presentation and see what exactly proxy chains are okay so proxy chains now as the name suggests proxy chains are basically a chain of proxies now where is a proxy used a proxy is used whenever you want to anonymize yourself on the wire or

the network you do not want to know or you do not want your others to know what the source IP address was for your client system and to do this all you have to do is send your package through a bunch of intermediary systems and these intermediary systems carry the packet out and they transmitted to the Target system and this is much slower and let's see how we can use this in Kali Linux now in combination with Tor to in order to anonymize traffic not only on web browsing traffic but rather instead on all networks

related traffic generated by pretty much all your applications but you can also change this in the settings now what we're going to do is we're going to open up the proxy chain configuration file and we're going to understand all its options that are available so to do that all you have to do is say Nano you go into the ETC folder and then you go for the proxychain.conf and what you see out here is the Nano editor and we had spoken about Nano editor when we were discussing the CLI bar I hope you haven't skipped

that now what you see out here is a bunch of instructions and options so let me just zoom in into this command line interface and now you can read everything much well so what proxy genes is well it gives you the ability rather to draw out your traffic through a series of proxy servers and stay Anonymous in such a fashion by by hiding behind them or by having them forward your request so it looks that on the other side that your requests are coming from them as opposed to you now surprisingly enough there are a

large amount of these proxy servers out there that you can use but they're not very stable you know they go up and down and they're not very fast so far specific targets they can be useful but not for brute forcing and not for any sort of computing attack so suppose you're doing something to a certain Target if you're trying to log in or you're already logged in you can definitely do it through proxy chains and it will be reasonably fast and reasonably stable as well but if you're doing some sort of mass scanning or you're

brute forcing a password or something of a kind of a proxy chain with a list of proxies selected from the internet especially the free proxies it's not going to work I mean it's going to work out eventually in a technical sense but it will consume more time than you can spare and by that I mean it can be very very long time it can take about months or two to do a simple scan so that's not an option and there are other ways of doing that but for the time being I just want you to

know how you can use proxy genes and how you can configure it and actually because it's really useful and I use it fairly often and a lot of people do and it's a fantastic piece of software so first off we have the types of proxies so you see HTTP sucks for and socks five now they are fundamental differences between these protocols and you always want to find yourself a socks 5 proxy as that's the best possible one and that has the ability to anonymize all sorts of traffic HTTP well as the name it says it's

for HTTP traffic and sox4 is very similar to sox5 but it does not support IPv6 protocol and it does not support UDP protocol so this can be sucks for and it can be rather problematic and you always want to make sure that you're using sock 5 wherever and however anyway down below you have these other options which we will go over so basically how you enable these options is that you don't need to type some complex lines of code or anything of any kind basically all you have to do is just delete the hash out

here let me show you so suppose we wanted to actually activate Dynamic chains options so all we have to do is delete the hash but let's put in the hash right now so after you delete the hash all you have to do is save the file and the option is enabled this hash presents a commented outline meaning that the system reading this will ignore if there's a hash and if there isn't a hash it will take into consideration and interpret it accordingly anyway what we have here are statements which allow us to specify how we

want our traffic to be routed so first off we have Dynamic chain now Dynamic chain is a sum and is an option which you will find people using the most it is most commonly used option and a preferable one too at that and honestly I think it's the best one out there primarily because it's the most stable one and here's why now suppose you have ABCD proxies so those are some servers with IP addresses with open ports and if you have a strict chain policy which is enabled on this computer right now as you see

if you have a strict change policy we can only be able to access any site on the internet in general by going through ABCD so you have to go through all of them and you have to go through them in that specific audio that is ABCD and that's not always a good thing I mean if you're paying for five proxies that's not a problem because they will always be operational and they will always be up and why not that's not a bad idea or an option but there are however people who use proxies for free

and they don't tend to pay for them why would you pay for like five proxies for a simple scan or something of that kind they're not free and they cost money and they're rather expensive also but still I mean the act of paying itself identifies you and kind of diminishes the amount of anonymity you have on the internet so some complex payment methods can still be used to actually anonymize yourself but it's fairly simpler to just use a dynamic chain so firstly we're going to go ahead and uncomment the dynamic chain option and we're going

to comment out the strict chain option so strict chain will no longer be used and I will be using Dynamic chains and one more thing to note here is that if you want to use proxy chains in combination with Tor if you want to Route all your traffic through the Tor Network not just web traffic you must be enabling Dynamic chains I mean there's a chance that it will work with strict chains but due to the instant instability of door nodes it is highly unlikely you will need Dynamic chains and that is why I'm using

them anyway if you're using Dynamic chains just give you the ability to go from a b c d to your desired destination by not having to adhere to any order so let's say C is down and you would go a BD and it would work with no problems even if P was down you would go to a d and you would go and still reach the destination so as long as one single proxy is functional it's going to work and you don't require any specific order to do it down below now down below you have

some other options too so first is random chains now random chains in effect are basically the same thing as resetting your service I mean if you're resetting your door you will be now assigned new IP address in Tor assigns your new IP address every 10 minutes or so anyway with the random chain you can specify a list of ips and then you can tell your computer okay I want you to try and I want you to connect to this point and every time you connect every time you transmit the packet I want you to use

a different proxy and we can do that as well and that's one of the options definitely and you can say Okay use this is phone five times and then change to another one or some kind like that there are a lot of options to specify there primarily the chain length anyway down below there's quiet mode and you don't really need that then that's proxy DNS requests no leak from DNS data this is very important you cannot have any DNS leak and let me explain to you what DNS leaks are and even though somebody cannot get

your particular IP address they can get the IP address of the DNS server that you are using and that DNS servers do is resolved main domain to the IP address and vice versa so for example if you typed in youtube.com the DNS server of your local ISP provider will resolve that into some sort of IP address that YouTube has and it will make a request no problem and you do not want that happening because your local DNS server will be discovered and that is information that can be used in order to figure out your personal

IP address and when that is done your physical location is pretty much compromised and that's a no-go and you definitely need proxy DNS here it might slow you down a bit but without that you're practically not anonymous and it's just a matter of time before somebody finds you now if you go down below we have some other options here but we're not really interested in them at the moment what we here are for the formats for entering proxies and I'm going to leave it at that so what you see out here is first the type

of the proxy that the stocks five then the IP address then the port number and then two words that is llama secret and then juice to Hidden okay so now what you see out here as I just said is how you would actually write down your proxy chains and now as I had already also said you always want to be using socks5 and you don't want to be using HTTP because they're not really that safe and sox5 doesn't support a lot of options anyway and this is the IP address of the proxy server that we

will enter a few of them manually later on and this here is the port number that you see on which the proxy server is listening and that port is open over here these two words now what some proxy server especially paid ones will always have a username and password so you can just type them here in plain text unfortunately it is assumed that only you and you alone have access to this computer besides this file and besides this file is you not not everybody can read this file anyway so if you can just type in

the username here and password here you will gain access to a certain proxy that you have chosen or that you have paid for anyway these are just some examples and we won't actually be using these proxies or anything of a kind we need to go down below here out here you see and at the end of the file so if I just press enter a couple of times there we go so here is only one proxy active at the moment and it sucks four and all graphic means routed here through tar by default so let's

set to third now and Tor default listens on this port so this 905 report is what all listens on now what we want to do is we want to add a Sox 5 proxy address so what you want to do is just type in socks5 and the same IP address sucks five and you want to be keeping the space incorrect just use tab so 127.0.0 done one and then you want to specify the port number also so 9050 so what you see out here the 127.0.0.1 this is the loopback address of your computer so this

is for interdevice communication and if you ping this address in if you're pinging yourself basically and usually people ping this address in order to make sure that the IP protocol is set up correctly even though they don't have internet connectivity so let's just type in 1.27.0.0.1 and the same port number and 9050 so now we have to press Ctrl o to save our file and we're going to save on the same name and we wrote 65 lines of codes down and that's written and now you have to press Ctrl X and you exit out so

let's press Ctrl L and clear out our screen now we just edited our proxy chains configuration in a very neat environment so to go ahead and type in our service door status so we want to check status of our door service or service charge status so tar service could not be found so do we have the torch service installed okay so tar service is not installed just give me a little moment I'll quickly install it okay so now that we have set up our proxy genes configuration file and we have put in a sock 5

proxy chain giving it the torch service now what we need to do first is start up our service now to actually check if tar is running or not or if the torch service is running or not let me just clear that out we need to go service to our status and you see it says it's inactive so what you have to do is say service or start and that will start the tour service it might take some time depending on the system that you're using and voila there it has started it for me now what

you have to do to actually use proxy genes before you go to any website so all you have to do is say proxy chains then you specify the browser that you're using so we're going to be using Firefox and you could say it's only like www.con so now here you will see how your thing is being transmitted to doc.gov Dot Com when I say thing I mean your packets and your requests I'm sorry for my vocabulary so now your packets are going to be directed through a bunch of IP addresses but we haven't actually put

a bunch we just have put the loop back for the dollar Network so we will let our do the rest of the things for us okay so depending on your system this might take a little bit of time to actually open up okay so let's go ahead and see what's actually happening on the terminal while this thing is loading up okay as you can see it's going through a bunch of proxies out here and some are denying it and some are saying it's okay so as you guys can see most of the time you might

get denied and it'll be a lesson number of okays and that is exactly what we're looking for because primarily we have gone a great extend for the anonymity and what you want to do is stay like that so this is basically how you use proxy genes now if this computer just decides to open up talktago.com on Mozilla I could actually show you some interesting stuff but it seems my computer has kind of given up on actually opening duck Deco it's still waiting productive goals actually confirmation but that's about it so this is how you can

actually configure proxy chains I'm really sorry that my computer isn't working right now so well and nothing is actually opening on Mozilla it's mostly because my Ram is overloaded I think I should go ahead and get myself a new Ram but for now let me just also say that we can put some custom proxy lists and instead of just saying let me just go ahead and open up that file again as you guys can see out here I'm going to end this right now because my computer can't really take all this pressure see it's lagging

so hard okay let me just quit out of that and let me just open up a new one now as I had said that you can put up some custom proxy lists not really gonna do that but let me just show you how you can do this you go Nano and you go Etc and proxy so you basically have to go into the proxy chain okay so I think I have to put this again yeah now if you just go in and edit out here all you have to do is set up Dynamic genes and

you can go online and search for our free proxy list and that will give you everything that the port number to the IP address let me just show it to you free proxy server list so all you have to do is search for free proxy server list and you can see out here the proxy type is https and you basically want to find the soft fire proxy to find software proxy just add that into your keyboard and once you find those proxy addresses all you have to do is take down this IP address and followed

by the port number and you go ahead and just put it down in this configuration file and then you hit Ctrl o and you just save it and then you just go back so that was all about proxy chains and how you can set up proxy chains to set make yourself very Anonymous I'm sorry the whole muscle up pardon work that's your sad state of my computer but moving on let's go ahead and study about Mac changes okay guys so that was all about proxy change let's move ahead to Mac changer okay now before we

go into the tool called match changer let's just see what a MAC address is now a MAC address actually stands for media Access Controller address of a device and is a unique identifier assigned to a network interface controller for communication purposes now Mac addresses are used as a network address for most IEEE a02 Network Technologies including ethernet Wi-Fi and Bluetooth now in this context Mac addresses are used in the media Max's control protocol sub layer and as typically represented as Mac addresses are not recognizable as six groups of two hexadecimal digits each now these are

separated by colon and the first three hexadecimals are actually the organizationally unique identifier so they actually represent your vendor and the next three hexadecimals actually represent your network cards uniquely okay so when you are actually on a network you are recognized on something called an RP table let me just show you the ARP table how you can see it let's go in so the password is root still an ARP table is basically an address resolution protocol table and well this is a virtual machine and it doesn't really know many machines on the local network but

if I were to go on my Windows system and show you my ARP table let's see okay so if I show you the ARP table of my Windows machine on any machine that has a TCP protocol suit installed you will have this command that is working called ARP and you give the hyphen a and now you see that your IP address or somebody else's IP address is actually mapped to a physical address now the MAC address is very commonly used in the art protocol and this is how you are actually identified on a network now

sometimes what you want to do is be unknown on this network there are various reasons why you want to do that let me just give you an example of a very malicious reason that was done in my college so we as students would actually change the MAC address of our own computer to the professor's computer so we would somehow look up the professor's IP address and then come to know about his Mac address and then we would spoof our Mac to be his Mac address and then we would do some type sort of malicious activity

on the college internet and then the internet administrators of our college would come to know that that Mac address is doing some sort of malicious activity and that Mac address would get permanently banned for that session on the college Network so basically our professor would not be able to use the wireless projectors that he would use to actually show us his presentations and we'll end up getting a free class now I am not actually promoting any sort of bad activity like this I have just experienced this in my own college life so that was something

but there are many other reasons that you might want to spoof your Mac now Mac changer is an amazing tool for Ashley spoofing your Mac so first of all how do you come to know your Mac address so let's see you go ifconfig and this will give us our Mac address now this address that you see out here is the MAC address of this machine so you can also check out the MAC address by going Mark changer then let's type in the help options and this will show us how to get the MAC address so

if you see there's a show flag so we can go Mac changer and you can put the S and then you put the interface now the interface is where it's working so at zero is where we are actually adding we don't want the loopback one so at zero and this will give us the MAC address so our current MAC address is zero eight zero zero two seven let's see if that was the same one shown where is that Mac address okay so either zero a zero zero two seven so I'm sorry this was the MAC

address I selected the wrong thing what I was showing you is the IPv6 address and you can see that it's very very long so this is our Mac address now what you might want to do to change your Mac address well let's see with v we can get the version with s you can show we can do the E and as I said if you remember that the first three bits is about the vendors so you can also get the vendor list by going hyphen l so you go hyphen L and this will give you

a list of uh Mac addresses and which vendors they belong to so sometimes if you do the vendors that are actually being used on the network of your college for example and you want to just stay Anonymous and not Trace any Flash suspicion so you could hide yourself as a Cisco router so suppose your college was using all sorts of six core routers and you decided that today I'm going to spoof myself as a Cisco router and I'm going to screw around with the network so it would not raise any Flags before you actually decided

to do some malicious activity in some deeper inspection of your Mac address people would actually realize that you are actually spoofing the dress and after some investigation they put indeed take some time to actually reach to you and how you spoofed it but the point of changing your Mac is not tracing any flags and that is exactly what you should try to do so Mac changer is also very useful for getting the list of all the Mac addresses and their vendor IDs now let me just clear the screen out quickly so we go clear and

let's bring back the help so being a match changer and dash dash help now what we want to do is give ourselves a random Mac address now Mac changer so that is done with the r flag and we want to do it on each zero so once you run that you will be given a new Mac address so our new Mac address is F6 c649 now you can verify that by running ifconfig now we could just do ifconfig and you see our new Mac address is on ether so we could also do something like this

I F config and you could grab Peter so that is telling you the MAC address and this is completely new also you could show it through the match changer tool itself okay so we need to give it the e0 I forgot that now you see that this is a current MAC address and this is a permanent Mac address and they too are completely different sometimes you also might want to actually change your Mac when your laptop is or your system is booting up because you might want to stay Anonymous all the time who knows and

sometimes you might think I'll actually change it when I want to change it but let's face it we are forgetful as human beings and we tend to forget things that we are supposed to do so what else is better than to actually automate the whole process yourself and forget about remembering all these stupid nitty-gritty stuff so you can tell Linux or Kali Linux to actually change your Mac address on boot up is use this tool called Chrome tab now cron tab is actually used for scheduling tasks on Linux so let me show you how to

do that firstly let's clear our screen and go Crone Tab and go Health now you see it's a pretty small menu so first we start with the U flag which user this file is going to work for then we got the e-flag which is for editing frontab users the users Chrome tab list and you can see the list of users Chrome tab and let's see so do we have any content of this so there is no Crown tab at this moment so we can set up one for ourselves by going to the E then there

there's the r which is delete uses Chrome tab and I want to tell you all be very careful when deleting anything of that sort because once you delete something from the nuts that I've already said that it is very very difficult to actually retrieve it back you might get fragmented pieces of what you had actually deleted and that will only leave you with sadness and Devastation now what you want to do is go through Chrome tab and press e and this will bring us to select an Editor to change later run select editor so we'll

do it with Nano so what you have out here is the readme file of clontab and if you read this entire thing you will get how to use Chrome tab completely but if you have any sort of doubts even after reading it you can leave them down in the comment section below now what you want to do is actually set up a crown tab so that you can change your Mac address whenever you reboot your computer so all you have to do is say at reboot what you wanted to run is Mac changer and if

you remember we want a random Mac address and we want it on each zero so that's done now all you have to do is save this thing so you go Ctrl o and that will write it out to cron Tab and you press enter and you have written down one line now you go control X and you have access it out so now let's ask clear the screens by pressing Ctrl L and enter and let's go ahead and get our Mac address so if we go ahead and run that our Mac address is set to

F6 c649 so just remember the first few letters F6 C6 and 49 uh now let me just reboot my computer and you will see after I reboot and run ifconfig again with graph etop we will see a different Mac address now rebooting might take some time because I'm actually using a virtual machine but still now it's given problems with the Firefox but let's hope this won't take much time okay so now that our computer has booted up and we have actually opened up a terminal let's go in and type ifconfig and let's get in our

ether that is the MAC address so if you remember the MAC address now you see that it has completely changed and that's how you can spoof your Mac address on your local network and this will basically help you in staying Anonymous on our protocols and anything that actually Maps your IP address to the MAC address okay so that was all about match Changers I'll meet you in the next section now so in the section we'll be talking about a wireless encryption protocol cracking so that is basically Wi-Fi cracking now Wi-Fi in today's day and age

uses pins or passwords to normally encrypt their data usage basically if you want to access the wireless access point you need a password or a PIN to actually gain authorization now this authorization is done using a four-way handshake which we will try to capture using a tool called aircrack NG and then we will try to crack into the password using a wordless generator called crunch now you can use aircrack NG to crack WPA and WPA2 there's also another protocol called WEP or web and that is not normally used these days if you find anybody using

that you should always advise them to actually upgrade to WPA or WPA2 because WEP is actually very easily cracked in these days and people are generally punished for using WEP buy hackers all around the world okay so now you can actually go ahead and go into a terminal and type ifconfig to actually look at your network card name as you guys can see out here it's called wlo1 so the first step that we need to do to actually go into the process of Wi-Fi cracking is set up our network access card or our access point

into monitor mode so as you guys can see out here after typing ifconfig it shows me that my Wi-Fi access card is wl1 interface now our process of cracking passwords is pretty simple what we want to do is actually monitor for all sorts of access points that are nearby to us once we have chosen the access point that we want to actually penetrate into and find the password what we want to do is run an arrow dump scan on it and then we will try and de-authenticate any device that is connected to that access point

now one assumption out here is that the password is saved in that device and it will automatically try to re-authenticate itself with the access point and we want to catch and log this re-authentication process which will actually have a four-way handshake between your device and the access point so this is basically the procedure we are going to follow now another thing that you need to know before actually using this process to gain any access to any Wi-Fi is that you need to know a little bit about what the password is maybe it could be length

or it could be something like a specific character at a specific place maybe you know a series of characters so you just can't really guess the password out of thin air that is not how cracking Works unless you have some unlimited potential of processing power in that case you can very well brute force it and just find the password but if you are not somebody who has unlimited processing power and you're trying to use aircraft NG you need to know a little bit about the password also before we proceed with this wireless encryption protocol cracking

what I want to say is if you want to get into somebody's Wi-Fi network or you want to actually test for vulnerabilities it's better that you test for router vulnerabilities than actually cracking a Wi-Fi password because you're more likely than not to find more router vulnerabilities than actually successfully crack a Wi-Fi password if you don't know anything about it if you don't know anything about the password just go ahead and run some vulnerability tests on the router itself and more often than not you will just find something you can abuse okay now let's talk about

the two tools that I'm going to be using now these two tools one of them is already installed on Kali Linux but if you are not using this on Kali you can also use this on any Linux based system so what you have to do is download and install aircrack NG which is easily installed with the command opt-get install aircrack NG and you also have to install this word list generator called crunch now crunch is easily downloadable by just Googling the name and the first link will be a source Forge link and all you have

to do is go inside that and install it and once you've figured out how to install crunch you can make sure that it's installed now once you have installed both the softwares you can check out if the manual pages are opening up let me just open the manual page of aircracker NG and show you that it has been properly installed now as you guys can see the manual page of aircraft NG opened up and the manual page of crunch is also opening up so that means both of our softwares have been successfully installed on our

system now before we go ahead let me just show you how crunch actually works so crunch is basically a wordless generator what you would do is you try and generate a word list with given characters so what you can see out here is I've typed in crunch three five so that means the minimum lens is three and the maximum length is 5. and I've given it a series of numbers so it will use these numbers and generate all the words that are possible from length three to length five so the way we are going to

use crunch in conjunction with aircrack is that we are going to use crunch to generate the word list and then we're gonna pipe the word list through aircrack NG when we are actually trying to capture and crack what we will capture in a certain log file now what you want to do first is actually put your network interface card on a monitor mode now you can do that by typing in ifconfig and then the interface name which happens to be wl1 and first you have to put it down so I've config wl1 down now to

put your interface card into monitor mode you have to type in iwconfig and you go the name of the interface and then you go mode monitor okay it seems I've spelled it wrong so let me just do it once again so that has put our network interface card into monitor mode and what we need to do after that is we need to start up our network interface so all we have to do is type in ifconfig wl1 up now once it is up and running you can check by typing in ifconfig that indeed your network

interface card is up and running don't worry it's running in monitor mode if it's up and running what we want to do next is pretty important to the whole process so what we want to do now is check for some services that might still be running in the background that might hamper with our whole scanning process so we do this by actually typing in the command air mon NG check and then the name of the interface so as you guys can see nothing is exactly running right now but if there were any process running you

would only add the command M1 NG check and instead of writing the interface name all you have to do is say kill and it will kill any processes now if you see any process name the network administrator you want to kill that process first separately and then kill any other child processes you may need to actually run this command a few times before all the processors are killed and then you're good to go okay so now that we have finished killing all the sub processes what we want to do is run an error dump scan

on the network card so that is wlo1 so for this we go dump hyphen NG and then we put in the name of the interface and this will start up a scan that will look something like this so after you run the aerodynam scan on your interface what you see out here is a result of all the access point that is found out through the monitoring mode now if you see we have a bunch of columns out here first of all we have the BSS ID column now the BSS ID column is basically the MAC

address of all the routers that are found now every router obviously has a MAC address so those are the MAC address that is tied to the router names which is shown by the ESS ID then we have the pwr column we have the beacons column we have the data packets column another important column is the channel column it's important to know which channel your router is working on then we can see the cipher column the authentication so out here we can see the encryption that is used so most of it is using WPA2 so what

we will be cracking is basically WPA2 so from this list what you need to recognize is basically the Wi-Fi router that you want to crack into now I'm performing this particular test in my office and I don't really have the purpose mission to actually go in and test them for these vulnerabilities I'm not a security analyst off here so I don't really have the permissions to penetrate into them so what I have done is I have run a similar test at home using my own Wi-Fi and I will show you the results for that but

for this working example you will see the scans that I'm running in this office so as we intend to stay ethical what we are going to do out here is we are going to capture whatever we find in our office for only educational purposes but when we are doing the actual cracking step that is the last step of the soil procedure I'll be running it on a file that I have generated at home as I just said because I have four missions to do whatever I want with my own Wi-Fi and password okay so for

this example I'm gonna pick this wi-fi that is called edu tracker Wi-Fi and it's running on channel number six so what we want to pick from here is the bssid and the channel number we need to remember these two things first the BSS ID and second the channel number now what do you want to to do after that is open up a new window on your terminal and log in as root now what we want to do here is run a separate aerodump scan on this specific BSS ID and check for all the devices that

are actually connected to this access point now we do this by running the command aerodump NG and while we're doing this we also want to capture all the scan outputs that we actually get into a certain file so we'll be actually storing it in a file called capture and then we just have to pass in the BSS ID and the interface we also have to specify the channel so let's see what the channel is one so the channel is channel six so that's what we want to do and we specify the Channel with the hyphen

C flag so after you have identified the MAC address all you need to do is copy it down and place it with after the BSS ID flag okay so we're gonna run our Command out here and we just want to say our file is going to be called test out capture now that our scan is up and running all we want to do is wait till someone is actually connected to this access point so I forgot to mention this for this process to actually work properly somebody needs to be connected to that access point because

what we are going to try and do is disconnect that certain device and let them reconnect and capture that log file okay so it seems like nobody is actually connecting to it so at this time all I'm going to do is go back to our aerodom scan that we had run on our network interface and look for some other Mac address or other access point to actually penetrate into and let's see if something has actually connected to that okay so oh voila now what you see out here is that somebody has actually connected to this

access point and his Mac address can be seen under the stations tab now what we want to do is run a de-authentication broadcast message on that station and de-authenticate that guy now to actually run the authentication process all you have to do is go ahead and open up a new terminal window again and let the scan be running in the background don't close any scan at this moment okay so the information that we need to remember is a BSS ID or rather the Mac ID of the station now you also want your monitoring to be

running on the same channel so that your de-authentication messages being already broadcast on the same channel so we can do that easily by going Airmont NG and saying wl1 and you can say start on the specified channel so what we want to be doing is running this on Channel 6. then we want to go and use the third suit of tools that is air replay now air replay is used for broadcasting the authentication messages and all sorts of stuff now you can see all this in The Help menu also and you can do that by

typing in dash dash help if you go down you see that you can send the authentication message using the hyphen zero flag and that's exactly what we're gonna do then we say zero again because we want to constantly send a broadcast of the authentication so it's looping basically and until and unless we stop the scan nobody will actually be able to access the Wi-Fi so it's basically like a small dos attack and then we want to specify the bssid okay so it seems like I forgot the whole attack before the bssid and that should get

it working okay so it seems like I have copied some wrong BSS ID I guess so let me just go ahead and copy that once properly okay so now that we have the proper bssid as you guys can see we are running uh the authentication broadcast message on that particular network access card and now you want to run this for around a couple of minutes so that you become sure that all the devices have disconnected now while this is happening what you're doing is basically sending a Dos attack to that small little Wi-Fi and you

want to catch the handshake that occurs between devices and the router that it is connected to while reconnecting themselves okay so now that we've let scan around for a couple of minutes let us just stop it let's stop this other scan too now if I go and list out the files on my desktop you should see that there's something called the test capture now the test capture is given to us in various formats we have the capture format which is test capture hyphen01 dot cap and then we have test capture CSV we have a Kismet

CSV so it gives you a bunch of formats to actually run your cracking on now if you remember I had told you all that I have already generated a similar file at home basically when I was trying to crack into my own home password so I will be running the test on that file or the cracking procedure on that file and that is the last step of this whole procedure so let me just go ahead and move into that folder so I go CD scan now as you guys can see out here if I list

down the files you can see a Capture One Dot cap capture1.csv there's a gismet CSV and there's a net XML so I was not lying when I said that I have already done this at home so we are going to run our cracking process on capture01.com now let me just tell you guys the password for my home Wi-Fi is sweet ship 346 so you can say that I know the entire password but I'm gonna act like somebody who only has a general idea of what my password looks like so let's say I know that my

password contains tweet ship but I don't really know the last three numbers or letters or whatever they may be okay so we are going to use crunch once again to generate a list of words that might include sweet ship 346 and let me just open the crunch manual for once now if you go down in the crunch manual what you'll see is The Hyphen T So as you guys can see there is a pattern that is specified like at the rate at the rate God and Then followed by four other ad rates and all the

ad rates will be replaced by a lowercase character now you can remove other it and use a comma and it'll be replaced with an uppercase character or you can use percentages which in case it'll be numbers or you could use the carrot side in which case it'll search symbol so when you know the length of the password and also a certain degree a few letters you can use the hyphen T flag so that is exactly what we're going to use with crunch out here for this example so let me just remind you guys that the

password for my home Wi-Fi is free chip 346. now what we can do is we can ask crunch to actually generate something that looks like Switcher 346. so what I could do is say crunch so the minimum length is 12. I already know that and the maximum length is also 12. now let me just input in the pattern so we put in the pattern after hyphen t so now I'm gonna just show you how long it can take so we are just going to say sweet and then put in some other dates and then also

again try and guess in the numbers so after you put in the pattern you want to also input which letters and numbers it could be and I'm just going to input my entire keyboard out here now what you want to do is pipe this command through aircrack NG's cracking procedure okay so now what we want to do is pipe this command to aircrack NG and we want to write from or rather read from the capture file so what we go is hyphen W and then hyphen and then the capture file name so capture01.cap and then

we also have to specify the ESS ID which is given to the e-flag and the ESS ID for my home Wi-Fi is Nest away underscore c105 so that's exactly what I'm going to type in and this will start uh the tracking process on my Wi-Fi from the captured file so as you guys can see this is going to take a long long long long time and I'm not really actually going to complete it so in this time I'm actually just going to try and explain why this is not very feasible on a virtual Network so

basically this is not feasible because at this moment my computer is using all four of its cores and all the memory that is possible so what this means is on a virtual box this is not really possible your virtualbox doesn't really have that much power if you are using a focal processor computer only two of its maximum cores can be actually allotted to your virtualbox machine above that you can't really give it the entire memory because that will make your computer crash so if you want to do something like this it's better that you install

Kali Linux as a dual boot or as your own daily driver and then you can do this so this is why I have not done this on a virtual machine and instead done is on deep in Linux which is my daily driver operating system now as you guys can see it is constantly trying to actually guess the password by actually going through all the permutations and combinations that is basically it's taking in all the words generated from crunch piping it into the current command that is the AirTrack NG command and it's comparing everything so what

I'm going to do is I'm actually going to end this because this will take a very very long time and what we're going to do is we're going to actually try and shorten the command of the or the amount of guessing that we're trying to do so let me just try and do that so as you guys can see out here I have reduced the number of alphabets that might be actually tested but even in this case this will take a humongous amount of time and let me just show that to you so as you

guys can see the test is running running running and running and there's not really much you can do you can just let this run go out for a cup of coffee and then come back and you might still see that running it really depends on what the password is and how much time it takes to crack it and how much processing power you have directly affects how much time this will take so let me just show you guys that this is taking a bunch of time okay so now that I have fast forwarded a lot

into the scan you can see that I have tried almost two one two seven six zero eight keys so that's more than a million Keys that's two million keys that I've tried so and it still hasn't reached Switched at 346. so what we're gonna do is just to show you for demonstration purposes that this procedure actually works let me just shorten our guessing even more so what we want to do is this time we want to just guess the numbers so we will modify our Command accordingly so we just put in sweet ship and let

the algorithm just guess the 346 part so we're going to remove the alphabets from the guessing scope also and as you guys can see the password is almost immediately guessed because only 456 keys were tested and as you guys can see it shows that the key was found and it switched at 346. now let me also show you that it works with the guessing of letters just because I don't think I've Justified that letters are also guessed and not just numbers so let me make it just guess the P part that is sweet she and

then it should guess p and then 346. so let me just show you that and next you guys can see it guesses it almost immediately after just going through 15 000 Keys okay so that brings us to the end of this wi-fi cracking tutorial and also to the end of this video which was regarding ethical hacking using Kali Linux I hope you guys had a bunch of fun learning about Mac changes proxy chains and a bunch of stuff that we did like Wi-Fi password cracking I hope you practice these procedures and methodologies that I've taught

you only for your own educational purposes and not use it to harm anybody or do anything harmful with it because let me just tell you very seriously that you can be prosecuted by the law [Music] now I'm going to take the help of an example or scenario to actually explain what is cryptography all right so let's say we have a person and let's call him Andy now suppose Andy sends a message to his friend Sam who is on the other side of the world now obviously he wants this message to be private and nobody else

should have access to the message now he uses a public forum for example the internet for sending this message the goal is to actually secure this communication and of course we have to be secure against someone now let's say there is a smart guy called Eve who has secretly got access to your Communication channel since this guy has access to your communication he can do much more than just eavesdrop for example he can try to change the message in itself now this is just a small example what if Eve actually gets access to your private

information well that could actually result in a big catastrophe so how can Andy be sure that nobody in the middle could access the message sent to Sam the goal here is to make communication secure and that's where cryptography comes in so what exactly is cryptography well cryptography is the practice and the study of techniques for securing communication and data in the presence of adversaries so let me take a moment to explain how that actually happens well first of all we have a message this message is firstly converted into a numeric form and then this numeric

form is applied with a key called an encryption key and this encryption key is used in an encryption algorithm so once the numeric message and the encryption key has been applied in an encryption algorithm what we get is called a ciphertext now this ciphertext is sent over the network to the other side of the world where the other person who the message is intended for will actually use a decryption key and use the ciphertext as a parameter of a decryption algorithm and then he'll get what we actually sent as a message and if some error

had actually occurred he'd get an error so let's see how cryptography can help secure the connection between Andy and sound so to protect his message Andy first converts his readable message to an unreadable form here he converts the message to some random numbers and after that he uses a key to encrypt his message after applying this key to the numerical form of his message he gets a new value in cryptography we call this ciphertext so now if Andy sends the ciphertext or encrypted message over Communication channel he won't have to worry about somebody in the

middle of discovering the private message even if somebody manages to discover the message he won't be able to decrypt the message without having a proper key to unlock this message so suppose Eve here discovers the message and he somehow manages to tamper with the message and message finally reaches Sam Sam would need a key to decrypt the message to recover the original plain text so using the key he would convert a ciphertext to numerical value corresponding to the plain text now after using the key for decryption what will come out is the original plain text

message or an error now this error is very important it is the way Sam knows that message sent by Andy is not the same as the message that he received so the arrow and sense tells us that Eve has tampered with the message now the important thing to note here is that in modern cryptography the security of the system purely relies on keeping the encryption and decryption key secret based on the type of keys and encryption algorithms cryptography is classified under the following categories now cryptography is broadly classified under two categories namely symmetric key cryptography

and asymmetric key cryptography popularly also known as public key cryptography now symmetric key cryptography is further classified as classical cryptography and modern cryptography further drilling down classical cryptography is divided into two which is transposition cipher and substitution Cipher on the other hand modern cryptography is divided into stream Cipher and block Cipher in the upcoming slides I'll broadly explain all these types of cryptography so let's start with symmetric key cryptography first so symmetric key algorithms are algorithms for cryptography that use the same cryptographic keys for growth encryption of plain text and decryption of ciphertext the keys

may be identical but there may be some simple transformation to go between the two keys the keys in practice represent a shared secret between two or more parties that can be used to maintain a private information link this requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption in comparison to publicly encryption also known as asymmetric key encryption now symmetric key cryptography is sometimes also called secret key cryptography and the most popular symmetric geek system is a data encryption standards which also stands for Des next

up we're going to discuss transposition Cipher so in cryptography a transposition cipher is a method of encryption by which the positions held by units of plain text which are commonly characters or groups of characters are shifted according to a regular system so that the ciphertext constitutes a permutation of the plain text that is the order of units is changed the plain text is reordered now mathematically speaking a bijective function is used on the character's position to encrypt an inverse function to decrypt so as you can see that there is an example on the slide so

on the plaintext side we have a message which says meet me after the party now this has been carefully arranged in the encryption Matrix which has been divided into six rows and the columns so next we have a key which is basically four two one six three five and then we rearrange by looking at the plain text Matrix and then we get the ciphertext which basically is some unreadable gibberish at this moment so that's how this whole algorithm works on the other hand when the ciphertext is being converted into the plain text the plain text

Matrix is going to be referred and it can be done very easily moving on we are going to discuss substitution Cipher so substitution of single letters separately simple substitution can be demonstrated by writing out the alphabets in some order to represent the substitution this is termed a substitution alphabet the alphabet may be shifted or reversed creating the Caesar and upstash Cipher respectively or scrambled in a more complex fashion in which case it is called a mixed alphabet or deranged alphabet traditionally mixed alphabets may be created by first writing out keyword removing repeated letters in it

then writing all the remaining letters in the alphabet in the usual order now consider this example shown on the slide using the system we just discussed the keyword zbras gives us the following alphabets from the plain text alphabet which is a to z so the ciphertext alphabet is basically zebras Then followed by all the alphabets we have missed out in the zebra word so as you guys can see it's zebras followed by scdfgh and so on now suppose we were to actually encrypt a message using this code so as you guys can see on the

screen I've shown you an example which is a message flea at once we are discovered is being actually encrypted using this code so if you guys can see out here the F letter actually corresponds to s and then the L letter actually corresponds to I out here then we actually get the ciphertext which is s i a is that Q using the code and the process that I just discussed now traditionally the ciphertext is written out in blocks of fixed length omitting punctuations and spaces this is done to help avoid transmission errors to disguise the

word boundaries from the plain text now these blocks are called groups and sometimes a group count that is the number of groups is given as an additional check now five letter groups are traditional as you guys can see that we have also divided our ciphertext into groups of five and this dates back to when messages were actually used to be transmitted by Telegraph now if the length of the message happens not to be divisible by 5 it may be padded at the end with nulls and these can be any characters that can be decrypted to

obvious nonsense so the receiver can easily spot them and discard them next on our list is stream Cipher so a stream Cipher is a method of encrypting text to produce ciphertext in which a cryptographic key and algorithm are applied to each binary digit in a data stream one bit at a time this method is not much to use in modern cryptography the main alternative method is block Cipher in which a key and algorithm are applied to block of data rather than individual bits in a stream okay so now that we've spoken about block Cipher let's

go and actually explain what block Cipher does a block Cipher is an encryption method that applies a deterministic algorithm for the symmetric key to encrypt a block of text rather than encrypting one bit at a time as in stream ciphers for example a common block Cipher AES that encrypts 128-bit blocks with a key of predetermined length that is either 128 192 or 256 bits in Len now block ciphers are pseudoran permutation families that operate on the fixed size of block of bits these prps are function that cannot be differentiated from completely random permutation and thus

are considered reliable I've been proven to be unreliable by some Source okay so now it's time that we discuss some asymmetric cryptography so asymmetric cryptography also known as public key cryptography is any cryptographic system that uses pair of keys which is a public key which may be this emanated widely and private Keys which are known only to the owner this accomplishes two functions authentication where the public key verifies that a holder of the paired private key send the message and encryption where only the paired private keyholder can decrypt the message encrypted with the public key

and a public key encryption system any person can encrypt a message using the receiver's public key that encrypted message can only be decrypted with the receiver's private key so to be practical the generation of public and private key pair must be computationally economical the strength of a public Key cryptographic System relies on computational efforts required to find the private key from its paired public key so effective security only requires keeping the private key private and the public key can be open openly distributed without compromising security okay so now that I've actually shown you guys how

cryptography actually works and how the different classifications are actually applied let's go and do something interesting so you guys are actually watching this video on YouTube right now so if you guys actually go and click on the secure part besides the URL you can actually go and view the digital certificates that are actually used out here so click on certificates and you'll see the details in the details tab now as you guys can see the signature algorithm that is used for actually securing YouTube is being shot to 56 with RSA and RSA is a very

very common encryption algorithm that is used throughout the internet then the signature hash algorithm that is being used is sha-256 and the issue is Google in Internet Authority and you can get a lot of information about sites and all their Authority Key identifiers their certificate policies the key usage and a lot of thing about security just from this small little button out here also let me show you a little how publicly encryption actually works so on the side which is basically cobbwebs.cs.uga.edu you can actually demo out public key encryption so suppose we had to send

a message first we would need to generate keys so as you can see I just click generate keys and it got me two keys which is one is the public key which I will distribute towards the network and one the private key which I will actually keep secret to myself now I want to send a message saying hi there when is the exam tomorrow so now we are going to encrypt it using the public key because that's exactly what's distributed so now as you can see we have got our ciphertext so this huge thing right

out here is ciphertext and it absolutely makes no sense whatsoever now suppose we were to actually then decrypt the message we would use the private key that goes along with our account and we would decode the message and as you guys can see voila we have hi there when is the exam tomorrow so we have actually sent a message on the internet in a very secure fashion above that there's also RSA that needs some explaining because I had promised that too now RSA is a very very commonly used algorithm that is used throughout the internet

and you just saw it being used by YouTube so it has to be common so RSA has a very unique way of applying this algorithm there are many actual parameters that you actually need to study okay so now we're actually going to discuss RSA which is a very popular algorithm that is used throughout the internet and you also saw that being used by YouTube right now so this crypto system is one of the initial system it remains most employed crypto system even today and the system was invented by three Scholars which is Ron rivest Addie

shammer and Len Adelman hence the name RSA and we will see the two aspects of the RSA crypto system firstly generation of key pair and secondly encryption decryption algorithms so each person or a party who desires to participate in communication using encryption needs to generate a pair of keys namely public key and private key so the process followed in the generation of keys is as follows first we have to actually calculate n now n is actually given by multiplying p and Q as you guys can see out here so p and Q are supposed to

be very large prime numbers so out here P will be 35 but for some very strong encryption we are going to choose very large prime numbers then we actually have to calculate Phi now Phi is you can see the formula goes is p minus 1 into Q minus 1 and this helps us determine for the encryption algorithm now then we have to actually calculate e now e must be greater than 1 and less than 5 which is p minus 1 into Q minus 1 and there must be no common factors for e and Phi except

for one so in other words they must be Co Prime to each other now to form the public key the pair of numbers n and E form the RSA public Key System this is actually made public and is distributed throughout the network interestingly though N is a part of the public key and the difficulty in factorizing a large prime number ensures that the attacker cannot find in finite time the two primes that is p and Q that is used to obtain n this actually ensures the strength of RSA now in the generation of the private

key the private key D is calculated from p q and E for given n and E there is a unique number D now the number D is the inverse of e modulo Phi this means that D is a number less than Phi such that when multiplied by E it gives 1. so let's go and actually fill up these numbers so n should be 35 out here and if we generate them we get the value of 5 which is 24 which is basically 4 into 6 and then we should also get e is now e should

be Co Prime so we're going to give it 11 as 11 is co Prime to both so now for the actual encryption part we have to put in E and N out here so e out here for us is 11 and N is 35 and then we're going to pick a letter to actually Cipher which is a and then we're going to encode it as a number so as you guys can see we've encoded it as one and out here now after we've given the message this numerical form we click on encryption and we get

it now to actually decrypt the message we are going to need d and n now D for us was 5 and N was 35 so 5 and 35 and then we're going to take encrypted message from above and we're going to decrypt this message so after you decrypt it we have the numerical form of the plain text and then decode the message just click here decode message and as you guys can see we have decoded a message using RSA so guys that's how Odyssey works I explained all the factors that we actually use in RSA

from n to 5 to e to D and I hope you understood about it if you all are still more interested you all can actually research a lot on RSA it's a very in-depth cryptography system so when you get hired as a penetration tester or a security analyst one of your main roles is vulnerability assessment so what exactly is vulnerability assessment well a volumetric assessment is a process of defining identifying classifying and prioritizing vulnerabilities in a computer system application and network infrastructures and providing organization doing the assessment with the necessary knowledge awareness and risk background

to understand the threats to its environment and react appropriately to them so vulnerability is a situation that can be taken advantage of by a hacker or a penetration tester for their own misuse or actually for fixing the issue so volatility assessment has three steps so the first step is actually identifying the assets and the valuabilities of the system the second step is actually quantifying the assessment and the third is reporting the results now volatility assessment is only a small path and Pen testing is an extended process of vulnerability assessment pen testing or penetration testing includes

processes like scanning vulnerability assessment in itself exploitation research and Reporting whatever the results are so in the industry one of the most widely used Frameworks when penetration testing is Metasploit so Metasploit is widely used in penetration testing as I just said and also used for exploitation research so some of you might ask what exactly is an exploit research well in this world there are tons of exploits and the way to approach each one of them is ever so different so what we have to do is exploit all the research that is available to us and

we have to find the best way to approach them so suppose for example you have a secure shell login so the best way to actually approach a secure shell login until my knowledge is that you have to get about your access to this from the port numbers that you can scan via nmap or zenmap okay so without wasting much time at looking at proper and presentations let's actually get started as to how we can use Metasploit so Metasploit is a freely available open source framework that is widely used by fantasters as we just discussed so

to actually install Metasploit which is easily available on Linux and windows I guess let me just check it out so you go on your browser and you can multiply downloads now you just visit the first link and as you guys can see it says it's the world's most used penetration testing tool and then you just download the Metasploit framework by clicking the download button here so you all might also find a pro version which is a paid thing and this has a little bit of extra features like group support and actually helping a company work

as an organization but we don't actually need that when practicing our pen testing abilities so for that you just go ahead and download Metasploit framework and install it on your system above that there's another thing I want to make you guys aware of and that is metasploitable so when actually pen testing we need a server or a website to actually pen test things on so normally this is a very illegal thing to do with our permission so metasploitable has actually created a server with a lot of vulnerabilities on it and it's called metasploitable too so

metasploitable 2 is easily downloadable from this link and it's a virtualbox file so you guys must have a virtual machine software on your system to actually set this thing up I'll also go through how to actually set up metasploitable because it has a lot of configuration and network management to go with it so we'll get to that later but for now let's get started with metasploitable so before that metasploitable is written in Ruby and if you all know Ruby coding and you all know how to make exploits you all can also always contribute to the

Metasploit community so Metasploit is one of the most widely used pen testing tools in the industry so what exactly is Metasploit well it's a framework and what a framework is is it's actually a collection of tools so these tools are majorly used for penetration testing and exploitation research now one might ask what exactly is exploit research well there are tons of exploits out there and there are tons of ways to actually approach them and this only comes to us from thorough research as to how we can approach each and every exploit in their best way

so talking about Metasploit well it's open source and it's free and it's also written in Ruby so if you guys know Ruby coding and know how to make exploits you all can always contribute to the Metasploit framework now talking about the download part well you all can easily download Metasploit from its download page which is www.metesploit.com download I'll be leaving the download link in the description and once you're on the download page you'll see two versions one is the free version which is the original met supplied framework and it's the core framework that everybody works

on and then there's Metasploit Pro which comes with a 14 day free trial so Metasploit Pro actually has a few extra features which is great for an organization like it helps you work as a team but if you're a guy who's just practicing pen testing like me metasploy framework the free version is the absolute way to go now also when pen testing you all will also need metasploitable now metasploitable is an intentionally vulnerable Target machine for actually practicing your Metasploit skills on so we'll go over the installation of metasploitable later but for now let's go

over metasploitable so once you guys have actually downloaded the link you all can actually install it on your systems and Metasploit actually has three interfaces so we are going to be using the command line interface or the msf console in other words but you all can also use the GUI interface which is called Armitage if I'm not wrong so let's get started so first of all I've already actually downloaded Metasploit and installed it on my computer and you all can just do the same by pressing the download button as you guys can see so the

startup Metasploit all you have to do is go on your terminal and so to start a Metasploit all you have to do is go on your terminal on Linux well we're starting a posterior SQL Server because first of all the postgresql server is a basis of all the Metasploit exploits that are stored and starting it will just make it run faster so we go service post gray SQL and start so that should start up a service and indeed it has so next thing you want to do is go in and type msf console and that's

going to take a little bit of time because I have a very slow computer and it's going to start up our Metasploit frame so as you guys can see we got a big banner out here which says Metasploit cyber missile and it's the banner changes every time don't get worried if you have a different banner and the main thing is that you should see this msf thing out here so this means we are in the msf Shell right now which is the Metasploit framework shell so let's get started by actually clearing our screen so first

things first the first command that you might want to run on Metasploit is the health command so help will tell us everything that we can do with this framework so as you guys can see there are a bunch of commands and the descriptions to go along with it y'all can give it a quick read and find the things that are interesting to you so as you guys can see Banner is display an awesome Metasploit Banner you all can change the banner as you guys can see there are a lot of Juicy commands like there's a

banner command which I just had used so if you go and type panel it'll give you a nice cool Banner about metasplod and there are other commands which work very similar to Linux like CD which changes the current directory you can change the color by toggling colors and then you can connect with the host and all sorts of stuff so Metasploit has a bunch of exploits so before we go further I want to make you guys aware of three important terms regarding Metasploit the first is a vulnerability and we had already discussed this that a

vulnerability is a situation which can be taken advantage of by a system or a person who access so the second part is an exploit so what exactly is an exploit well an exploit is a module which is a bunch of code written in Ruby on Metasploit that is used to Target different vulnerabilities and the third thing is a payload so a payload is the action that you do once you actually have access to somebody's system so basically suppose you've hacked somebody and you've gained access to their system now the activities you do after gaining access

is defined as the payload so we just spoke about exploits and I told you guys that Metasploit has a bunch of exploits so how do we see all the exploits that are there so you go show exploits well as you guys can see we've loaded up a bunch of exploits which is basically all the exploits that Metasploit has to offer at this moment so let me just increase the screen a bit and let's scroll completely to the top yep so as you guys can see show exploits gave us a bunch of exploits and shows their

name a description a disclosure date and a rank so the name and description is as it says it's the name of the exploit and it's a short description about it the disclosure date is when the exploit was actually released by Metasploit and the rank is how it has fared against the vulnerability it was released for since it was actually released so as you guys can see ranks range from excellent great good and stuff and we have a bunch of exploits so as you guys can see there's an Android exploit there's a Samsung Galaxy nox Android

exploit there are a bunch of Windows exploit Adobe Flash exploits FTP exploits MySQL exploit asp.net exploits and a bunch of other stuff so as you guys can see there are a bunch of exploits to use and it can get confusing and rather Troublesome to search for the exploit you actually want to use so as a pen tester you can always go for the search keyword which is basically suppose you know that you have a MySQL server which has a bunch of vulnerabilities and you want to test those out so you simply go search MySQL now

I'll search the database for all the exploits that are related to mySQL and present them to you okay so we have our results so as you guys can see we have a bunch of MySQL related modules now now it just makes it way way easier if you're a pen tester and you're looking for MySQL exploits now suppose you choose your exploit and let's see let's choose which one do we want to use today we're going to just use this MySQL hashtam so to actually use this we have to copy the name so double click on

it and it'll just select it and then you go Ctrl shift C in your terminal so that copies it and so if you want some more information about it you can always go info and then just paste in the name of the exploit so this gives us a bunch of information actually gives us all the information you need about the exploits so it gives you the name that it's a MySQL password hashtump it's module name is auxiliary scanner and all this stuff it's licensed by metasployed framework in itself and it has a normal rank and

these are all the options that you might need to set when actually using the exploit and this also gives you a small description so it says this module extracts the usernames and encrypted password hashes from a MySQL server and stores them for later cracking so seems like pretty cool stuff you can do with isql server and its password database so if you actually want to use this so you have to use the use keyword so we go use and Ctrl shift V so as you guys can see it's denoted in red out here that we

are indeed in the exploit that we want to use now the first thing you want to do when you're using an exploit is you want to go and say show options now as you guys can see these are the options that we actually need to set before using the exploit now the options can be necessary or they can be optional like so there's a password field out here which is not really necessary but will help your exploit if you actually provide it but you need to provide the r hosts which is the targeting host machine

and the port and the threads is already set now suppose you want to set the r hosts so you can just go set our hosts and you can set it to whatever IP address you want like suppose you want to address 192.168.2.56 something like that sand will that will set the r hosts you can also set the number of threads now threads are actually what the threads mean in parallel processing I mean how many parallel threads you're going to run so that you have faster computation so this means you need GPU power if you have

multiple threads running so let threats that threads to 30 for now so we've set the threads to 30 and then you can go show options again and see that you have indeed actually set your options so we've set the threads to 30 and our host has also been set so that was all about how you can get into a module no get some information about a module and how can also use the module so once you're done using the module or once you're done setting up the options rather you can go ahead and run the

command run or even exploit and this will start actually running the exploit on the system that you want to now I've put in a very arbitrary IP address so and that not have MySQL Port running so our exploit fail now once you have tested out your exploit and you want to go back to the main msf Unix shell just go ahead and type back it's as simple as that so that brings us back to the msf command line so let's go ahead and clear our screen now okay so it's time you do something interesting so

to do that first of all we need to go ahead and actually download metasploitable too so to download metasploitable 2 you have to go on this link I'll leave the link in the description so or rather you can just go on your browser and type in metasploitable to download so met exploitable as we had earlier discussed is a Linux based distribution and it's mostly meant for actually practicing your pen testing skills so basically it has a bunch of ports open on it so it's basically just for your ease so that you don't go ahead and

test it out on some valid website and then get thrown into jail because that's a very illegal thing to do so go ahead and download metasployable 2 and then also download Oracle virtual box machine or Oracle virtualbox so you all can also easily download that from www.virtualbox.org and this is because you should never run metasploitable 2 On A system that is connected to a network you should always use it on a virtual machine because it's protected that way so that nobody else can access it so to actually set up metasploitable once you've downloaded it you

go ahead and open up your voice the box so out here you have to go into Global tools and you create a host only network manager now I've already created a host only network manager and then you go ahead and enable the DHCP server by pressing this out here like enable then you go back and you just go new you give it a name like whatever you want to name it I have already named Mine metasploitable 2 as you guys can see so we're going to call this demo for just demonstration purposes choose a type

to be Linux and it's Ubuntu 64-bit click next give it a gig of RAM and you are going to use an existing virtual hard disk so out here you just click on this button out here and you browse to the place where you've actually downloaded and unzipped your metasploitable download file then you'll get this virtual machine disk file this is the vmdk file and you just go ahead and load it up so I'm not going to do that again because that's just going to eat up my Ram and I've already installed it out here so

that was all about the installation and the configuration so now let's get started and let's start playing around with metasploitable so once you're done downloading and installing metasploitable on your computer all you have to do is go ahead and start it up in your virtualbox machine and the login ID and the password both are msf admin so first of all we need the IP address of our metasploitable server so we go ifconfig and this gives us the address so as you can see out here our address is 192.168.56.101 so once you go ahead and started

on metasploitable it's time that we go ahead and exploit all the vulnerabilities that is presented to us by metasploitable 2. so to do that let's head back to our Linux terminal again so once we have the IP address that was 192.168.56.101 if I am correct so let's go and quickly get a little bit of information about that so who is 192.168.56.101 so this will give us uh who is on metasploitable 2 and will give us a bunch of information as to how the server is set up where to set up the ports that are open

and various other things so as you guys can see this gave us a complete who is so to get some more information about our metasploitable server we're going to be using nmap now if you guys don't know about how to use nmap you can go out and check my other video on the playlist I've made a pretty good nmap tutorial so we go nmap hyphen f hyphen s and V which is steel version and we give it the name or the domain name server and 2.168.56 or 101. so we've got a juicy result out here

and we can see that there's a bunch of stuff open so as you guys can see there's the FTP Port open which has a version of vsf tpd 2.3.4 there's also open SSH which is 4.7 P1 Debian there's also telnet which is almost miserable to have telnet running on your computer then there's SMTP there's HTTP and there's a bunch of ports open as you guys can just see on your screen so it's time we actually use Metasploit like a pen tester to go ahead and test out these vulnerabilities so let's choose these FTP things so

we have this FTP out here so from the version number which is given to us by the steel version flag on nmap we know that it's using vsftpd 2.3.4 so we can easily search for an exploit of the same version so as a pen tester you would go search vsf dpd 2.3.4 so this should give us all the exploits that are available for this particular vulnerability so as you guys can see after a long search from the search vsf tpd we found a vulnerability or an exploit that can take advantage of the binary so it's

time we actually use this so first of all let's get some info about this so info let's copy down this thing and then let's get some info about this so as this module description says this module exploits a malicious backdoor that was added to BSF dpd download archive this backdoor was introduced in the vsf tpd 2.3.4 tar.gz archive between June 30th and valavala so we have the options of setting in our hosts it has an available targets provided by these guys and it's a pretty good exploit in my opinion so let's go ahead and use

it so we go use and then of the exploit so it's visible to us that we've again entered the exploit module which is UNIX FTP vsf tpd234 backdoor so what we're going to do is we are going to actually gain a backdoor access to our metasploitable system so to actually make this more believable so if you guys go into your metasploitable system so you guys can see that you are in the root directory so you can gain some root access by going sudo Sue I'm going msf admin so we are now a root user in

the msf admin or rather the Mets Deployable console so if you go LS we can see the various files and if you go 3D slash home we're in the home directory now and if you do LS out here we can see that there are a bunch of stuff so there's an FTP folder there's a hacked folder there's an msf admin folder and there's service in this user so that's five folders if you guys remember so now what we're going to do is we're going to gain some backdoor access into this system and we're going to

create a bunch of folders in the home directory so let's get on doing that so to do that we head back to our multiply terminal and we go show options as we had already entered our exploit so go show options so as you see the options that we have to provide is CR host and the port number now the port number has already been set because it's 21 that's where FTP runs or rather TCP runs and we now just have to set the host so to set the host we have to just put in the

IP address of our met exploitable server so if I remember correctly it set our host to 192.168.56.101 so that has set our hosts so we can again check that if we've done it correctly by going show options and we indeed have set our hosts now all we have to do is run the exploit so we go and hit run so as you guys can see we have actually gained a backdoor service has spawned and it's handling and the command shell session has started now you might be confused as to why do I have this blinking

line well this blinking line actually means that you are inside the metasploitable server that means we have already gained a backdoor access and this blinking line denotes that we are on the terminal of metasploitable 2. now if you don't guys don't believe me let's do some experimenting so as I had said I'll create a bunch of folders in the home directory so let's change to the home directory first or rather first you can also do a who am I and instead you that you are the root user next you go and do CD slash home

and I'll change the home directory now let's make a bunch of folders like make directory this is a test so that should have made a directory so let's go into that directory CD this is a test so we're already into the directory this is a test now let's make a file called targets Dot txt so that creates file so just to see if you have actually done it properly let's go back to our met exploitable server now in home directory you go and type in LS again okay so let's type in LS and see so

as you guys can see we have created this is a test folder and it's already available there so let's go and move into that folder so this is a test and we are already in that folder so and we have also created a text file which is called targets so that was LS and it should give us a targets.txt so as you guys just saw we gained a backdoor access into a remote system through a vulnerability that was available to us on the FTP Port so we first did that by scanning the entire domain name

server of metasploitable via nmap and gaining some intelligence as to what ports are running and what ports are actually open then we found out that the FTP Port was open then we went on to Metasploit and we found out exploit that vulnerability very successfully we found out how to use the exploit some information about that exploit and in the end we actually executed our commands [Music] now you guys must be wondering what exactly is nmap and why should I learn it well nmap is a network scanner that is widely used by ethical hackers to scan

networks as the name suggests now you might wonder why do I need a network scanner well suppose let me give you an example so suppose you have a Wi-Fi that has been set up in your new house and you realize that your data is being actually consumed at a faster rate than you are using it now you have suspected that it's your pesky neighbor who keeps on connecting to your Wi-Fi and eating up all your data so to actually confirm all your doubts what you want to do is a network scan and nmap is a

pretty wonderful tool to do that now nmap runs on Linux Mac OS and windows and I'm mostly going to be running this on Linux because that's what I do most of my penetration testing and network testing on so let's go ahead and get on with the installation of nmap on your computer so what you do is go apt-get install and map now for this you have to be logged in as root if you're not logged in as root just add sudo before this whole command and it will install it now I already have nmap installed

so I'm not really going to install it again and again so let's just go ahead and just do a few scans on our website that is www.adureka.com and we are gonna see what we get back as results so first of all let me just show you how you can scan a certain domain name servers or DNS so atmap we are going to use a flag all the time now let me just tell you what are flags so if you just go into nmap and type dash dash Health this will give you all the flags and

options that are available to actually use on nmap so if you are actually stuck and you can't remember stuff just go in and type nmam-help and it will give you all the stuff now Network scans generally take a long time so I'm going to be using the fast mode most of the time so for fast mode all you have to do is type in edureka dot go and sit and wait for this can to get over now when the scan gets over you will see a bunch of information and let me just wait till that

information pops up and then we'll talk about the information together okay so as you guys can see our scan has been completed it took 13.71 seconds to actually do the scan now as you guys can see it shows us the ports the states and the services now the ports is basically the port number which are service that is also binded to is working on so we can see that SSH service is working on port number 22 SMTP 125 HTTP 180 I PC bind on 111 and https on 443 so that is how you can use

nmap to scan a certain website now if you see nvap has also given us the public IP of the DNS because what nmap does is it looks up the DNS and then translate it to an IP that is recognized to that DNS server so nmap also Returns the public IP so what we can do also is nmap hyphen f and 34.210.230 and Dot 35. okay so as you guys can see that our command also works when we put in the IP address and it produces the same results now we can also scan for multiple hosts

now suppose you are on a network and you want to scan for multiple hosts now you don't really want to run different commands for that now what you can do is just go ahead and type nmap and a bunch of IP addresses like 192.168.1.1 and 192.168.1.2 and 192.168.1.3 and what this will do is it will run an nmaps scan on these three different IP addresses and you did this in just one command so that's a way that you can do this now you can also know about how much of your scan is left by just

pressing the up button so that will tell you and give you a constant update on how your scan is going like mine is 32.4 percent done and 34.7 now and also show you kind of the time remaining okay so till this sports car is going on let me just tell you about the states now States can be of two types open closed and unavailable sometimes you'll see that it is unavailable and that's because some sort of firewall or something is running out there states can also be closed in that case mostly nmaf will not return

you any result unless you're explicitly finding something of the closed state so that was a little trivia on States and how they work let's see how much our scad is done so a scan is done 81 and takes around another 20 seconds it should be done soon now this scan could be significantly made faster with just the F tag but I really want to give you all a good look into how this works 97 98 99 okay so as you guys can see this is our result it gives us a bunch of ports and services

now as I just said this thing can be also closed and also unavailable so open and closed we see both the examples okay so that was about how you can scan multiple ports so you can also scan multiple boards with this command as I will show you so 192.168.1 dot 1 to 30. now what this will do is basically scan everything from 192.168.1.1 to 192.168.1.2 up to 30 like that so this is a very useful way of actually scanning multiple IP addresses and let me just show you how that works since we have used the

F lag this is going to work considerably faster now as you guys can see out here this had taken around 119 seconds so that's around two minutes now this will take a comfortably lesser time so let's see this was done in 29.91 seconds and we did 30 IP addresses so we see that hyphen f surely speedens the whole scanning process now you can also give nmap a Target list now let me make a Target list so targets.txt we just cut it out for you so let's start again now all I want to do is edit

this file so let me just edit that file and put a 192.168.1.1192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 or 50. boom roasted now all we have to do is save it so that saves it and Ctrl X to actually access it now you can go ahead and view what is a targets.txt so as you guys can see this is what is in targets.cxd and now you can just pass it to nmap with the IL flag and you could say that nmap is going to actually scan all the IP addresses that are in this file so let that just

run so this will take a little bit of time because it's five IP addresses and it's not really running on the fast mode 83 percent of our work is done okay so as we see our scan has been completed now what you see out here is the scan results for whatever we had provided in the targets.txt list so that's how you can also provide nmap input file and it will give you the results for all the targets that were specified in the file now let's go ahead and talk about a little bit on board scanning

so nmap is also a brilliant tool for scanning ports and if you have a server or a website you know that there are around 65 535 ports out there on every server and almost 99 are unused so sometimes scanning ports is really a necessity now you can scan ports by just using the P flag and specifying the port number and this is how you would do it and you would just specify the IP address after that so I'm going to use www.edurecord.go and what you can also do is this will scan only the port number

20 but you can also scan from port number 20 to 25 you can also put in commas and tell nmap you also want to scan all these are the port 80 years HTTP and 443 is https so you can surely do that so let me just go ahead and run this okay so that gives us an information on the ports that is there now something about ports also you suppose you know you want to scan for some HTTP ports so you can just say nbap and with the hyphen P you can just say that I

want to scan the HTTP port or www.edurecord.go so that we'll just go ahead and do that and as you guys can see that gave us a result and you can also add in stuff like MySQL FTP and stuff like that so let me just see and show you how that runs okay HTTP install SCT okay so as you guys can see these are ports that are running and it gave us according to the name now if you want to scan all the ports you can use hyphen B hyphen and the IP address and www.edurecord Dot

go now this generally takes a lot of time because you're basically doing 65 000 scans so I'm not really going to do that I'm going to quit this out another thing that I want to show you all that generally takes a lot of time to actually execute is called something like an aggressive scan so as you guys can see out here I have done an aggressive scan on Eddie wrecker so to do that all you have to do is add map hyphen a and then you go edureka dot go so let us see how it's

time did this take to actually execute this took 459 seconds that's a long time for scan but it gives us a bunch of other information for example it gives us a trace route so what is a trace route first of all so Trace root is the root taken by buy a packet to actually reach the clients and the target server so as you guys can see our packet had 22 hops first it went to the first half was to the Gateway router that is 192.168.1.1 then it went to the Airtel lease line then went to

this IP address then went to the bsnlvsnl.net and it went to London New York then Chicago and it went all the way up to wherever this tag is hosted that was some information and then there is some other information given to us like the TCB open TCP rap program versions Port type sport States and all sorts of other information is given about in an aggressive scan another scan that I have previously also done and kept for y'all is because it takes a lot of time and I have done something called the service version so and

map hyphen s and V where V Capital will give you the service version so it tries to actually a guess the version of the service that is running so for example on the TCP Port it tells us it is postfix SM dpd or the Apache it's Apache httpd and you can see all sorts of versions that are here another thing end map is generally brilliant is for guessing the operating system that is running now I have already done the scan previously because this takes a humongous amount of time that I don't really have and that

is 386.34 seconds and this can together basically took me more than 10 minutes and I don't really have that kind of time for explaining all this stuff so as you guys can see out here the OS is kind of os detail is fortnite 40 gauge it kind of tries to guess the OS upon the time to live that is in the response from the packets that it sends so hyphen S V hyphen o and hyphen a are some really cool stuff that you might want to know another thing that you can do is traced route

as I had just told you all and you all can do trace route separately so you go hyphen hyphen trace route and then you say the name of any sort of website so suppose I want to know how I reached netflix.com so I go netflix.com and this will give me a trace route that shows me how my packet actually reaches netflix.com okay so this is basically it was a direct one hop okay so that was surprising on the other hand if I were to do this on eddyrekka.com it would take a bunch of hops to

actually restart okay this might just take some time to run okay so it's 94 done I'm just waiting for it to get completed okay so this gave us a hop and as you guys can see we took 22 hops to actually reach at eureka.com and it's the same process you go through a bunch of IP addresses and then you reach this thing called us West to compute.amazon ews okay so that was about trace route now just to end this tutorial let me just tell you guys that you all can also save a file to nmap

and that is basically save all whatever you found from a search into a file and let me just show you how to do that now sometimes when you are working as a security analyst you will have to perform Network scans on a wide area network that is huge it's basically huge ah these cards take a lot of time and you don't really have the space or your command line to actually store that and see that in the play that is feasible for analysis so what you want to do is actually save it in a file

so what you can do is say end map o n and then you can say the name of the file we could say results Dot txt and we could save this in file so www.edureka dot go so whatever search result is going to be generated is going to be stored in this file called results.tx 60 now this file need not exist from before it will just be created by nmap and now you see if I do LS we have a targets or a results.txt if I just scat out that file let me just list it

actually results.txt and what you see out here is an nmap scan result that is stored um another thing that I would like to show you all before I end this nmap tutorial is a verbose mode so for verbose mode is basically when we were pressing up arrows to see how much of our scan is done you can basically do that fit for a postpone so you go hyphen f and hyphen V for verbose and you could say www.edureca.com and this will basically give you a verbose mode of what is actually going on I'll tell you

everything and boom roasted there it's done and we have finished our nmap tutorial foreign [Music] scripting attack croset scripting attack is basically a code injection attack executed on the client side of the web application the client side of a web application is usually the software that is used to interact with the web application and in most cases it is a browser that is used to interact with the web application so in Crosshair scripting attack we inject a malicious code onto the web browser to make the web application do something that is ideally not supposed to

do so in this case in this attack the attacker injects the malicious script through the web browser and what happens is this malicious script executes on the web application after it's injected on the web browser the malicious script is executed either when the victim visits the web page or the web server now like I told you there are different types of cross-et scripting depending on what kind of Crosshair scripting is being used the malicious script executes when the victim visits the web page a single web page or maybe the web browser this attack is mainly

used to still sensitive and information like cookies session tokens and maybe other sensitive information maybe if you're passing your username or password and using this malicious script using cross-et scripting those information can be stolen from the web browser or the web server CrossFit scripting can also be used to modify the contents of the website because cross-site scripting attack is a code injection attack you can modify the contents of the website by injecting malicious code onto the web server or the web browser now this is a brief about cross-site scripting now let's see how cross-site scripting

actually works let's see what's the logic behind this attack Crosshair scripting is basically a web application hacking technique so you need a website you need a web server and a victim so what happens when you ideally access a website so you have your laptop and then you use the internet connection to access a web page and maybe you interacted maybe you send data to the web application maybe you enter your data in the text box or even if you don't there is some transaction of data that's happening between you and the web server through the

website so what happens is you send a request to the web server through the website and then the response from the web server is sent back to you through the webpage or the website now what happens in Crosshair scripting attackers a hacker can inject a malicious code on the website which is then sent either to the victim or to the web server depending on what kind of cross-et scripting you are using and when this happens the malicious script is executed either when the victim visits a web page or when the victim tries to access a

page or access some data from the web server and when all this is happening a hacker can inject a code which can be used to steal the credentials or any sensitive information and by this logic a hacker can inject a malicious script that can be used to steal the credentials or any other sensitive information of the victim either from the web browser or the web server so this is the logic behind cross at scripting attack now let's look at the are different types of cross-site scripting attacks there are mainly three types of Crosshair scripting attack

one is the reflected cross-edge scripting and also Crosshair scripting is also known as xss that's the abbreviation for it so the first type is reflected in this case the data is not stored on the web server the next type is a Dom which makes use of the document object model to inject the malicious script and the third type is the stored cross-site scripting in this case the malicious script is stored on the web server so I'll be explaining these types in detail in the next slides when I'm telling you how to hack each of these

kind so let's move on and see how you can use Crosshair scripting attack to hack a web application now like I told you earlier there are three types of cross-site scripting attacks and I'll be showing you how to hack each of them so the first type would be reflected crosshatch scripting so in this type of attack the script is executed on the victim side and it is mainly executed on the browser so the script is not sent to the server or even if it's sent depending on the API calls or the request the script is

not stored on the browser side and that's why it's called reflected cross-site scripting because the malicious script is reflected on the victim side and it's not really stored on the server so let's see how to hack a web application using reflected cross-site scripting I'm using Dam vulnerable web application to show you these demos so if you don't know what this is or how to install and configure it I have a video on how to install Tam vulnerable web application go through where to install it on your system and then you can practice different hacking techniques

on this so here I've chosen reflected Crosshair scripting attack now let's see how this works here's a text box where I have to enter my name and then hit the submit button so let me just enter some value and see how this web application is designed to work I'll be entering my name and I'll hit the submit button so I can see that this web application or this website is designed to Echo my name on the website so what happens is when I enter a name and the webpage takes the input and prints hello and

the input that was given by me now as you can see I cannot really modify a lot but I have total control over what input I can give in the text box so this is the place where I'll be injecting my code so what I'm I'm gonna do is I'm gonna type A HTML code I'll use a H1 tag first which is used to mention the headers and I'll type something under close attack so this is the code used to display something in H1 tag so let me just submit and if this web application is

vulnerable to reflected Crosshair scripting you should see a different output so let me just hit the submit button so here you can see that the output is modified because I've used the H1 tag the way that my input is displayed on the web application is different and this clearly indicates that this web application is vulnerable to cross-site scripting attacks now let me give some malicious script here so I'll be typing script this is a tag to execute any script and I'll be creating a pop-up to display something and let me just hit the submit button

and if this works you should see a pop-up that says hello and yeah you did see a pop-up that says hello so this clearly means that this web application is vulnerable to reflected cross-site scripting now you might be thinking how is this hacking a web application just because I inject a code that displays the content in a different way it's not really hacking right so let me tell you how this can be dangerous so instead of displaying something in a different way I'll try to get some sensitive information from this web application and what I'm

gonna do is use the script tag and create a pop-up but instead of printing a string I'll try to access the cookies for this web application or for this user basically so let me just hit the submit button and here you can see that the session ID is displayed and using this session ID I can log into a different account even if I don't know the username and password for that account now what is a session ID basically a session ID is a unique string assigned to a particular user when the session is going on

by the web server to identify that particular user so suppose you login to your account your Gmail account your Facebook account or your banking account and I can get hold of your session ID I can use this session ID and using a tool like burp suit I can log in to your account without even knowing the password so this is how dangerous a cross-site scripting attack can be now I was just using the low security level let me just increase the security level and see what changes has to be done in this attack so I'll

just increase the level to medium I'll click the reflected cross-site shifting attack again now let me give the same input let me give script alert and some string and I'll just close the script tag I'll hit the submit button now you can see that previously when the security was low you saw a pop-up that said hello but in this case I don't see a pop-up that means that this web application under medium security is doing something to avoid cross-site scripting now how would you know what it's actually doing now look at the output the input

I gave was script alert hello and I close the script type so this was the input that I gave to the web application and the output was only this so this means that the web application is doing something to eliminate this script tag and the end script tag so I'll just change my input to something like this so I'll be using the same input but I'll modify it a little because the web application is designed to remove the script tag I just modify it a little I just modify this code to look something like this

I'll add a nested script tag first let me give this as an input let's see if it works and if it works I'll tell you how this actually works and what's the logic behind this so just copy paste this and let me hit the submit button now like you can see this actually worked so when I use the nested script tag it actually worked now let me explain how this actually worked so like I told you this web application is designed to eliminate the script tag and when I give this as the input what the

web application did is it looked at the input it found the the script are here and it eliminated the script tag and because I had nested a script tag even when it eliminated the main script tag there was another script tag that was formed and this is how you could see the pop-up so basically when you Nest a script tag the script tag is eliminated and when the script tag is eliminated the divided part of the script tag is concatenated as a string like you can see here and then this code is executed so this

is how we can use cross-site scripting if the web application is designed to eliminate the script type now let me just increase the security I'll just increase it to high and hit the submit button then let me go to cross-site scripting reflected let me give the first input that is the direct approach and you don't see a pop-up so it means that the web application is handling the Crosshair scripting attack let me try the previous input and even now you see the same output now let me just show you the code that is used to

sanitize the input on this web application so this is the code that is used to sanitize the input so what's happening here is this code is making use of regular expression and wherever there's a script tag found or wherever there's a script tag formed it is replacing that with a blank space or with a empty character so basically this means that we cannot use the script tag in any way now what other options do we have so what you can do is give a malicious script or give a malicious input without using a script tag

now what you can do is you can use other tags of HTML or PHP I'll be using the image tag I'll be mentioning the source to some random thing and I'll be using this function called on Mouse over and what the web page should do when the mouse is over that particular image so this line basically tells there's a image and the source to that image is this file which is a dummy value in this case and if the mouse is over that image then create a pop-up that displays the string hello now let me

just give this as the input and see if it works I'll just hit the submit button okay so now you can see that it says hello but you didn't see a pop-up and because we have given a function on Mouse over for the alert or for the pop-up to appear you have to move your cursor on the image so when I move the cursor on the image you see that the pop-up appears now what you can do is in this case I have not given any image as a source but what you can do is

you can download an image that says click here and instead of giving a dummy value you can give the source to that image so when you use that malicious code what will be displayed is hello and the image that says click here so when the user will go to that image to click on that image basically because the mouse is over that image you see a pop-up so that's when your malicious code will be executed so this is all about a reflected Crosshair scripting let's move on to the next type that is stored cross-site scripting

so like you saw in reflected Crosshair Shifting the data is not being stored on the web server it is executed on the web browser now in stored Crosshair scripting what happens is the script is stored and executed on the server so there are a lot of web applications like Facebook where you comment on a picture where someone uploads a picture you comment on a picture or you post a status on your wall or on your timeline so this data is stored in the database of the server and every time somebody clicks on that page or

tries to access that data the web server fetches that data from the database and then displays it on the web browser so when you're using stored Crosshair scripting attack you are basically storing this malicious script on the web server or the database that is being used by the web server the advantage of stored Crosshair scripting is because it is stored on the web server every time any user that is accessing that data will be executing the malicious code now let's see how you can use stored Crosshair scripting to hack a web application so this is

a web page for stored Crosshair scripting attack there's a name and there's a message so let me just give some input I'll type test one and the message will be message one and I'll just hit the sign guest book button so basically this takes a name and it takes a message and then it stores that so even if I refresh this you can see that the data is still present because this is stored in the database and it is being fetched every time I access this web page now what I'm gonna do is try to

inject some malicious code here so I'll give the name as Test 2 and then I'll try the first input the direct approach and I'll hit the sign guest book button so you can see that there's a pop-up that appears so this means that this web application is vulnerable to cross-site scripting attack so even if I refresh this you can see that it executes the malicious script executes so every time a user visits this web page the malicious script executes so it's the same in the case of applications that store data from the user for example

like I told you about Facebook when you post something there's a comment or when you post something on your timeline you post a status on your timeline and any other user or any other profile accesses that page to view your photos or to look at your status or the comments on any of the posts they basically ask a web server to fetch that data and that data is basically stored in a database so in that case any user who accesses that data executes that malicious script now let me just increase the security and see what

changes we have to make or what security features have been implemented and before tying the next injection I'll just clear this guest book or else every time I refresh the malicious code will be executed and I'll see the outputs I'll see the pop-ups so let me just clear the guest book all right so what I'm gonna do is gonna type the same input that I gave earlier so that'll be test one and the malicious script hit the guestbook button and see that it's not working I don't see a pop-up here so there's some way that

this web application on a medium level is handling the malicious input now I'm gonna try to give the malicious input in the name field but I'm not able to type a lot of characters let me see the message field I'll just type message one and I'm not able to type more characters so this is because the text box is limited to take a limited number of characters I'm gonna manipulate this by changing that restriction so what I'm gonna do I'm gonna inspect the web page and here I can see that there's a line that says

max length equal to 10 which means that this text box is designed to take only 10 characters as input so what I'm gonna do is I'm gonna change this value to 100 and I'll just hit the end button and close this window and now try to give the input so because I've manipulated it I've changed the max length of the input I can give more characters as the input and let's see if it works it still didn't work that means even the name field is designed to sanitize the input now let me just modify the

input so I'm gonna Nest the script tag because here I can see that the script tags are being eliminated or they're being cut off so if I find a way to manipulate the script tag like I showed you in a reflected Crosshair scripting maybe I can execute this code so what I'm gonna do is paste the script I'll again have to change the max length I'll change the max length to 100 and then give the input and here I'll be using nested script tags similar to the way that I use in reflected Crosshair scripting I'll

type a message here message to and let me see if this works well it did work and because I could see from the output that the web application was designed to eliminate the script tag I just manipulated the way you inserted the script tag I use the nested script tag and then I could execute the malicious code now let's move on to the next level of security and before that I'll just clear the guestbook and I'll just increase the security go back to Crosshair scripting store now again I'm gonna try the previous input the previous

malicious script and see if it works I'll change the max length to 100 again give the nested script tag as the input and the message would be message one let's see if it works okay it didn't work and similar to how it was used in reflected cross-site scripting I think this code is also using regular Expressions to eliminate any script tags but just to confirm I'll just open the code for you and see if it's actually true yeah so it's same in this case so what it's doing it's basically identifying all the script tags using

regular expressions and then replacing it with a blank space so it basically means that you cannot use any script tags so you need to use the alternative of the script tag now similar to the previous case like how we use in reflected cross-site scripting I'm going to use the image tag for this and before that I'll change the max length field and the input I'll be giving will be image source X on Mouse over I'll be creating a pop-up that says hello and some message here I just hit the sign get book button so now

we can see that this word but the pop-up didn't appear because the function that I use is on Mouse over so let me see if I get the mouse over on the image yes it did work so when I brought the mouse over that image you saw that the pop-up appeared so this is how stored Crosshair scripting can be hacked now let's move on to the next type of cross-site scripting attack that is Dom cross side scripting so Dom basically stands for document object model and it is basically the way the website is designed so

when you use Dom Crosset scripting it is a client-side attack the script is not sent to the server or it is not stored on the server it stays on the client side and the way this works is the web page sends a request to the server the server sends a response the server script is executed first and this is the genuine script that the server has to execute so that is executed first and then the malicious script is executed so let's see how to use Dom cross Edge scripting so this is the web page that

is vulnerable to Dom cross-site scripting so there are different options here there are different languages and when I select one and hit the select button nothing is seen on the web page but you can see the URL is changed so you can see that the default is set to English now let me change the value I'll hit the select button let me change the language and hit the select button so you can see that the language is being changed so basically in this webpage I don't have a text box where I can give the input

every manipulation that I have to do or every script that I have to inject here should be done in the URL so what I'm gonna do is I'm gonna manipulate this so instead of giving friends I'll use my malicious script here so the script will be script alert hello and we'll close the script tag so when I executed it you can see that the pop-up appeared that means in Dom based Crosshair scripting you mainly manipulate the URL that is being used or the URL that is being generated so this is the low level let me

increase the security I'll change it to high let me give the same input again script alert the string is hello and I'll close the script app let me hit the enter button well it didn't work it actually went back to default as English so let's see what's the code behind this what's the logic behind this so what's happening here is it's finding the script tag and it's just stripping the script tag and it's setting the default to English so it means I cannot use a script type now what if I use a nested script tag

let me try that also let me Nest the script tag like I did in the previous stages let me Nest the script tag well this also didn't work so this web application under medium security is designed in such a way that if there's any script tag it will set the default to English the language to English now how can you bypass this for this I'm gonna inspect the element so let me see how the web page is displaying all this data here you can see there's a form tag and there are different options here so

I'm gonna make use of this syntax to inject my malicious query I'll just copy paste this so this is a line that displays English as the value so what I'm gonna do is manipulate this so the way this is designed is there's a select tag and under this there are different options English I'm not typing the whole code because I want you to understand the logic and other inputs and then the select tag is close and when one of the option is selected may be English so this option is selected if I choose any different

option maybe friends then this line is selected and so on so what I'm gonna do is manipulate the URL in such a way that the option tags is closed earlier so basically when I choose English as a default it says English default so this part of the code is executed and this is used to close but instead of letting the page do it I'll give that as the input in the URL so what I'm gonna do in the URL is I'm gonna close the tag right here the option tag and the select tag and I'm

gonna use the body tag here and the function on load which has to create a pop-up that says hello let me hit the enter button now as you can see here I could successfully inject the malicious code in the URL so how this works is so when I choose English as the option this part is executed so instead of the web page closing this for me I'm adding another option tag and I'm adding another select tag so what happens is this part of the code does not execute because I am closing it here and then

I'm typing my malicious script here and that's how this code successfully executed for medium security level now let me increase the security level to high and see how it works let me try the direct approach well this didn't work let me use the previous approach well this also didn't work so the webpage is designed to sanitize the URL so let me see the code for this so this code is designed in such a way that it only takes these languages as the input and if there's anything else apart from these languages it will set the

default to English now how to approach this so to hack this you need a little idea about how web pages are designed there's something called an anchor tag so anchor tags are basically used to index a particular part of the web page let me show you an example so I'll open a Blog that uses the anchor tag and then explain you how this works so here you can see the URL that says ID record blog and the URL of the blog and if you scroll down a little as usual there are different contents on the

web page and what I want you to see is the index part so there are different topics that are covered in this blog and here's a list of it so what happens when I click on one of this is the webpage takes me to that particular part of the web page so in case I click this it takes me to how to use Network scanning tool and in case I click on types of network scanning it'll take me to that part of the webpage now what I want you to observe is whenever I click on

one of the anchor tags the URL is regenerated to point me to that particular section of the web page I'm gonna make use of this feature of web design or web development to hack our web application so what I'm gonna do is I'm going to use a pound symbol or the hash symbol and then use my malicious script after that so because the pound symbol is used to index or to point to a certain page on the same website this web page will not consider it as the input it will just think that we are

trying to point to a particular part in the web page so let me type hello and then close the script tag let me hit the enter button and see if this actually works well it did work so you can see that there's a pop-up that says hello and this is how you can use a pound sign or the internal anchor feature of the blocks to inject the malicious code so this is all about Crosshair scripting attack we saw three types of cross-site scripting that is reflected stored and Dom and what type of Crosshair scripting attack

you use depends on how the web page is designed you cannot use Dom crossed scripting on a web page that is vulnerable to stored crosshatch scripting so first you have to understand how the web page works how the web application works and then decide which type of cross search scripting attack to use now let's move on to the next topic that is how to prevent Crosshair scripting attacks so the first thing you can do is escape the user input so there are special characters like greater than symbol smaller than symbol which are generally used in

tags or in malicious script or maybe the percentage symbol so the first thing you can do is escaping these characters which means that you take off the special feature of this character and make it just another text character the next thing you can do is consider all input as a threat because the user has complete control on what input he gives you have to assume that every input is a thread and sanitize and handle every input with care the next thing you can do is data validation suppose you have a field of login where you

can enter username and password uh what you can do is use data validation especially in case of email IDs because you know the generic format for an email ID there should be a username there should be a at the rate symbol then something then.com or dot something so you can use data validation to avoid cross-site scripting attacks next thing you have to do is sanitize the data like you saw in the demo that some of the web pages were sanitizing data they were eliminating the script tags or they were eliminating any script tag phones and

they were also using regular Expressions to eliminate all the script tags that can be generated so this is how you can sanitize data the input data next thing you can do is encode the output so what happens is when I gave the script tag and alert as the input as the malicious script the arrow symbols were being treated as the arrow symbols what you can do is you can URL encode them so the arrow symbol will be something like percentage 25 so when you encode it it's no longer a malicious script so you can use

encoding URL encoding for the input or for the output next thing you can do is use the right response headers you can decide what the response header should be you can decide what data can be sent or what data can be received through the response headers and finally what you can do is use content security policies so this is a standard it is also known as CSP standards so you can use a Content security policy to avoid crosshatch scripting to know more about this you can just Google it you can just Google content security policy

to know what standards are this [Music] firstly let's go over what dos and DDOS means now to understand a dtos attack it is essential to understand the fundamentals of a Dos attack dos simply stands for denial of services this service could be of any kind for example imagine your mother confiscates your cell phone when you are preparing for your exams to help you study without any sort of distraction while the intentions of your mother is truly out of care and concerned you are being denied the service of calling and any other service offered by your

cell phone now with respect to a computer and computer networks a denial of service could be in the form of hijacking web servers overloading ports with requests rendering them unusable denying Wireless authentication and denying any sort of service that is provided on the internet attacks of such intent can be performed from a single machine while single machine attacks are much easier to execute and monitor they are also easy to detect and mitigate to solve this issue the attack could be executed from multiple devices spread across a wide area not only does this make a difficult

to stop the attack but it also becomes near impossible to point out the main culprit such attacks are called distributed denial of service or DDOS attacks now let's see how they work the main idea of a DDOS attack as explained is making a certain service unavailable since everything that is attacked is in reality running on a machine the service can be made unavailable if the performance of the machine can be brought down this is the fundamental behind dos and DDOS attacks now some dos attacks are executed by flooding servers with connection requests until the server

is overloaded and is deemed useless others are executed by sending unfragmented packets to a server which they are unable to handle these methods when executed by a botnet exponentially increase the amount of damage that they are doing and their difficulty to mitigate increases in Leaps and Bounds to understand more about how these attacks work let us look at the different types of attacks now while there are plenty of ways to perform a DDOS attack I'll be listing down the more famous ones these methodologies have become famous due to their success rate and the Damage they

have caused over time it is important to note that with the advancement and Technology the more creative minds have devised more devious ways to perform those attacks now the first type of methodology that we're going to discuss is called ping of death now according to the TCP IP protocol the maximum size of a packet can be 65 535 bytes the Ping of that attack exploits this particular fact in this type of attack the attacker sends packets that are more than the max packet size when the packet fragments are added up computers generally do not know

what to do with such packets and end up freezing or sometimes crashing entirely then we come to reflected attacks this particular attack is more often than not used with the help of a botnet the attacker sends a host of innocent computers a connection request using a botnet which are also called reflectors now this connection that comes from the botnet looks like it comes from the victim and this is done by spoofing The Source part in the packet header this makes the host of computers sent an acknowledgment to the victim computer since there are multiple such

requests from the different computers to the same machine this overloads the computer and crashes it this type of attack is also known as a Smurf attack another type of attack is called male bomb now male bomb attacks generally attack email servers in this type of attack instead of packets oversized emails filled with random garbage values are sent to the target's email server this generally crashes the email server due to a sudden spike in load and renders them useless until fixed last but not the least we have the teardrop attack so in this type of attack

the fragmentation offset field of a packet is abused one of the fields in an IP header is a fragment offset field indicating the starting position or offset of the data contained in a fragmented packet relative to the data in the original packet if the sum of the offset and the size of one fragmented packet differs from that of the next fragmented packet the packets overlap now when this happens the server vulnerable to teardrop attacks is unable to reassemble the packets resulting in a denial the service condition okay so that was all the theoretical portion of

this video now it's time to actually perform our very own DDOS attack okay so now that we've finished the theoretical part of how DDOS actually works and what it actually is with its different types let me just give you guys a quick demonstration on how you could apply a denial of service attack on a wireless network anywhere around you like this could be somewhere like Starbucks where you're sitting or this could be a library also or your college institution no matter where you're sitting this procedure will work so the first thing we want to do

is actually open up a terminal as because we will be doing most of our work on a command line basis now for this particular demonstration we will be actually using two tools first is aircrack NG which is a suit of tools which contains aircraft NG air mon NG air replay NG and aerodynamic so these are the four tools that come along with it and the second one that we'll be using is called math changer okay so let me just put my terminal on maximum so you guys can see what I'm actually writing out so first

thing we want to do is actually actually log in as a root so let me just do that quickly so because we need to log in as root because most of the stuff that we're going to do right now will need administrator access now if the first thing we want to do is check out our wireless network cards name and we can do that easily by typing ifconfig now you can see that my wireless card is called wlo1 and we get the MAC address and we also get the IPv6 stress so that's my wireless network

card and we'll be actually setting that up in monitor mode now before we actually go into and start up our network card in monitor mode let me just show you how you can install the two tools that I just spoke about that is aircraft NG and Mac changer so to install aircraft NG you can just go apt-get install aircraft NG hit enter and this should do it for you I already have it installed so it's not going to do much to install mac changer you could just go the same command that is apcat install Max

changer and you can check if both the tools have been installed properly by opening the manual pages by typing man and crack NG and this will open up the manual page for you and let's also do the same for Mac changer so what we're going to do first is set up our network interface car into monitor mode so to do that all we have to do is type ifconfig and we need to put our network interface card down so we go wlo1 down and with the command iwconfig we go mode monitor don't forget to specify

the interface that you're working on so IW config wl1 mode Monitor and all you have to do now is put it back up so what we are going to type is ifconfig wlo1 up you can check the mode it'll say managed if it's in monitoring mode so as you guys can see it says mode managed so that's how we're gonna go ahead so you can check that just for your own purposes so we can also check for only wl1 by specifying the interface or you could also check the mode only by passing it through a

pi function and that is using grep mode so iwconfig wl1 grep and mode well mode begins with a capital m so that's how you would probably return it so as you guys can see that has returned the mode for us back on along with the access point and the frequency okay so that was a little fun trivia on how you could fetch the mode from a certain command that like iwconfig by passing it through a pipe and grabbing it with mode crap basically means grab okay so now moving on we'll get to the more important

stuff now so firstly we need to check for some sub processors that might still be running and that why it actually interfere with our scanning process so to do that what we do is air mon NG check and then the name of the interface now as you guys can see I have the network manager that is running out here and we need to kill that first and that can be easily done by going Hill with the PID after that you can run a general command called airmon NG check and kill so whatever it finds it

will kill it accordingly and when it produces no results like this that means you're ready to go as there are no sub processors running that might actually interfere with our scan now what we want to do is we want to run a dump scan and on the network interface card and check out all the possible access points that are available to us so as you guys can see this produces a bunch of access points and they come with their BSS IDs they also have the power which is the pwr that is the power of the

signal and let me go down back again so yeah you can see the beacons you can see the data you can see the channels available and what the BSS ID is it's the Mac ID that is actually tied in with the ESS ID which basically represents the name of the router now what we want to do from here is we want to choose which router we want to actually dos now the whole process of dosing is actually we will continuously de-authenticate all the devices that are connected to it so for now I have chosen edirect

Wi-Fi to actually dos out and once I send a de-authentication broadcast it will actually de-authenticate all the devices that are connected to it now this de-authentication is done with a tool called error replay which is a part of the Air Track NG suit of tools now let us just see how we can use air Replay by opening up the help command so we go dash dash help and this opens up the help command for us now as you guys can see it shows us that we can send a d authentication message by typing in The

Hyphen 0 and then we need to type in the count so what we are going to do is type in hyphen 0 which will send the de-authentication message and now we can type one or zero so one will send only one the authentication message while 0 will continuously Loop it and send a bunch of the authentication messages we are going to say 0 because we want to be sure that we are de-authenticating everybody and we can also generally specify the person we also want to specifically the authenticate but for this demonstration I'm just going to

try and de-authenticate everybody that is there so what we are going to do is we are going to copy down the MAC address or the BSS ID as you would know it and then we are going to run the authentication message now as you guys can see our de-authentication message is beginning to hunt on channel 9. now as you guys know and as I already know that our pssid or the MAC address is working on channel 6. now we can easily change the channel that our interface is working on by just going iwconfig wr1 and

then Channel and then specifying the channel now as you guys can see our chosen router is working on Channel 6 so that's exactly what we're going to do now as you guys can see it immediately starts sending the authentication codes to the specified router and this will actually make any device that is connected to that router almost unusable you might see that you are still connected to the Wi-Fi but try browsing the internet with them you will never be able to actually reach any site as I'm constantly the authenticating your service you will need that

four-way handshake all the time and even if it completes you are suddenly the authenticated again because I'm running this thing on a loop now you can let this command run for a few moments or how much of a time you want to leaders that guy for well this is not exactly a DDOS because you're doing it from one single machine but you can also optimize this code to actually looks like it's running from several different machines so let me just show you how to do that we're going to write a script file to actually optimize

our code a lot so this script file will actually automate most of the things that we just did and also optimize a little by changing our Mac address every single time so we become hard to actually point out so the first thing that we want to do is we want to put our wireless network card down and maybe that's not the first thing that I want to do just give me a moment to think about this I haven't actually thought this through and I'm doing this on the Fly okay so the first thing that we're

going to do is we're going to start a while loop that is going to continuously run until we actually externally stop it so we go while true and then we're gonna say do and the first thing that we want to do is send out a de-authentication message and we are going to send it around 10 the authentication messages is and we want to run it on a specific BSS ID so that is the BSS ID that I had copied so let me just put in that and then we just put in the interface as it's

supposed to work on now what we want to do after that is we want to change the MAC address after we have sent all these 10 packets so what we will need to do is put down our wireless network and as you already discussed we can do that with ifconfig W level one down and now what we want to do is change our Mac address so we can do that with the simple tool that we had installed and saying Mac changer hyphen R so let me just open up a Quick Tab and show you guys

how Mac changer actually works now you can already check out my other video called the ethical hacking course which actually covers a lot of topics and Mac changer is just one of them and you can check how to use it in depth in that video but for now let me just give you a brief introduction how Mac changer works the Mac changer will basically give you a new Mac address every time let me just open up the help menu for you guys so as you guys can see these are the options that are available to

us we can get a random Mac address we can also tell to show our Mac address and we also have to specify the interface when we want to show us the MAC address now let me just generate a new Mac address so you see out here that interface up or insufficient permissions is being shown so this means we always have to put down our interface first so let me just do that quickly I have config wlo1 down and now we want to do is give ourselves a new Mac address and boom roasted we already have

a new Mac address as you guys can see from the new Mac part now if we put back our in network interface card and then try and show our Mac address again we see that our current MAC and our permanent Mac are two completely different Mac addresses and our current MAC and the new Mac are identical so this is how you can actually generate new Mac addresses to spoof your own identity on the while and that is very useful in this case because the person you're attacking will be so confused as to what to do

because your Mac address is changing every time and there's no real solution to the situation that you're creating for them at least I don't know of any solution if you do know how to stop this for yourself please leave it down in the comment section below and have the world a little bit now we want to also get to know what our Mac address is every time so let me just pipe my function through the whole thing and let me just try and grab the new Mac address so Mac changer are double level one and

graph map and then we want to put our network card into monitor mode and then we also want to put up our network interface card now what we want to do out here is optimize it so we can't be attacking constantly so let us put a sleep timer so this will make our program sleep for a particular amount of time I'm going to make it sleep for five seconds so after every five seconds it's gonna send that particular BSS ID then the authentication messages then it's going to bring down my interface card it's going to

change my Mac address it's going to put back the interface card into monitor mode and sleep for five seconds and then repeat the entire process and to end the script let's just say done so that will denote when the loop is done now let me just save it Ctrl o control X to exit and there we go okay so first of all to actually run this need to give it some more permissions so as you guys can see we already have it let me just put it in a much more readable format okay so as

you guys can see our dos dos sh doesn't really have executability so we can do that with command CH mod so I'm going to give it some executable permission so CH mod plus X and then the name of the file so this will actually change our dos dos sh into a executable bash script okay so it seems that we have done some error so let's just go back into our bash script and check for the errors that we have probably done so nano.hs dos dot sh ah okay so the thing that I am missing is

that I forgot the hyphen a that I'm supposed to put before putting the BSS ID in the air replay NG part of the code so let me just go ahead and quickly do that okay so now that that is done let me just save it and quickly exit and see if this thing is working okay so now we are trying to work out our script now you guys should know that this area record Wi-Fi is my company's Wi-Fi and I have complete permission to go ahead and do this to them also my company's Wi-Fi is

kind of secure so every time it senses that a de-authentication message is being sent like that it kind of changes the channel that it is working on so these guys are really smart smart than me most of the time and this time I'm just going to try and force them to work on channel 6. so let me just go ahead and run my script once okay so let me just check that they're still working on channel six Yep they're still working on channel six let me just check my script once if it's correctly done if

I have the perfect Mark ID let me just copy in the Mac ID just to be sure once again so there you go we've copied it let's go into the script and let's paste it out okay so now that that is done and we have the Mac IDs and everything set up properly let me just show you how to run the script so you go Dot and backward slash and then you said SH now you see that our thing is working on channel 8. so this will definitely not work and say that VSS ID is

not there so what we need to do as I have showed to you guys earlier we can go iwconfig w101 and change the channel to channel 6. oops actually here to channel 8 again this will not work I'm sorry that was my bad so now that we have changed it to channel 6 you can see that it is sending everything immediately okay so that is actually running our script very well and as you guys can see the security measures that are taken by my company it will not always work on channel 6. it'll keep rotating

now until it finds a safe channel so it really can't find the safe Channel I will always be dosing on Channel 6 and it will run sometimes it won't run sometimes but mostly with unsecure Wi-Fi that is running at your home mostly uh this will work 100 times so let me just stop this because my company will go mad on me if I just keep on tossing them so this brings us to the end of our demonstration this is how you can always dos your neighbors if they're annoying you but remember if you're caught you

could be prosecuted so this was about how DDOS Works what DDOS actually is and the different types and how you can do one on your own with your own system [Music] so let us understand what SQL injection is SQL injection is one of the most used and one of the most common web-based attacks so for SQL injection to work you need a web application that uses a database let me tell you with an example what SQL injection is consider an example where there's a web application that's using a database this web application might be taking

input from the user and storing the information onto the database or it might be fetching data from the database and displaying out to the user in either case what happens is there's a SQL query or a database query that's generated on the web application which is sent to the database and this query is executed on the database and relevant information is returned back to the web application now this is how the normal scenario is so what happens when you use SQL injection is you manipulate this database query in order to make it do something that

it is ideally not supposed to do so you change the SQL query you manipulate it you inject some malicious string in the SQL query and then make it do something that it is not ideally supposed to do so what happens is you manipulate the query and and then this malicious query is sent to the database it's executed there and the relevant results are returned now this is SQL injection so SQL injection is a code injection technique which is used to execute malicious SQL statements on the database so basically SQL injection attack is something that you

use to take over database servers now that you've got a high level understanding of what SQL injection is let's understand how SQL injection Works moving on to understanding how SQL injection Works let's take an example of a web application that takes username and password for login now on a day-to-day basis you use a lot of web application where the first thing you have to do is login into the web application you can consider the example of your Gmail account your email ID your Facebook account your Twitter Instagram and even your internet banking services so the

first thing you have to do in order to use the features or the functions of this web application is to login into the web application so what you usually do is you enter the username then you enter the password now because SQL injection Works only on a web application that's using the database and suppose the details of all the username and their password is stored in a database what actually happens is there's a database and in this database there's a table that is storing all the usernames and their respective passwords so when you hit the

login button after entering the username and the password that input information is sent to the database and it is cross checked with the table so if there is any user with that username and the password to that username is right then there's a successful match and there's a successful login and if there is no user with that particular username or if there is a user with that particular username but the password to that username is wrong then the login is unsuccessful so this is how the usual cases now what we are actually interested in is

not the flow of how this works but the SQL query that's generated in order to do this job so for this example the simple query that would be generated would look something like this so the research star where star means fetch any number of rows that matches some condition from users where users is the name of the database table then there's a condition to check the username equal to ABC at xyz.com and the password should be one two three four five six so when this SQL query is generated if there is a user with a

username ABC at xyz.com and the password to that username is one two three four five six then that particular row is returned and if there is no user with this particular username and password then there is no rows or there is no values written so basically if this SQL query returns some value or returns a True Value then the login is successful and if this SQL query returns a 5 false value then the login is unsuccessful so this is how it actually works now like I told you we are not interested in the flow of

how this works we are only interested in the SQL query that's generated let me just highlight the SQL query for you so this is the same SQL query that I showed in the previous slide now what I've done is I've highlighted some part of the SQL query now why have I done that I've highlighted the part that is the input to the SQL query now when you are using a web application the SQL query is pre-generated by the web application and the only control the user has is over the input so the part I have

highlighted is the user input and that's the only part in the whole SQL query that the user has control over so whatever changes we have to make or whatever we have to do in order to execute a SQL injection attack should be done by giving the right inputs now like I told you that if this SQL query returns true then the login is successful and if this SQL query returns false then the login is unsuccessful so SQL injection attack is a web-based attack where we manipulate this SQL query in order to always return true even

if we don't know the username or if we don't know the password now the question is how can we do that to do that we'll be using something called an or logic gate so for that I'll be explaining you first what an or logic is so or logic is a function that takes certain inputs and gives an output now let's take an example where A and B is the input and out is the output now Suppose there is an R function running on the inputs A and B if both the inputs are false then the

output is false if one of the input is true then the output is true and if both the inputs are true then the output is true now what you have to observe here is when one of the put us true then irrespective of what the other input is the output is always true so whenever there is one input true the output is always true and we'll be using this feature of the or function in the SQL injection attack so there is this SQL query and the objective is to make this SQL query return true so

I'm gonna manipulate this SQL query to something like this and like I told you that the user doesn't have control over the SQL query that's generated and the only control the user has is over the input that is given so I'll be giving this as an input the input will be inverted comma space or 1 equal to 1 hyphen hyphen space now this part of this query is the part which always returns true now let me just highlight that particular part for you and explain how this malicious string actually works now the input is a

inverted comma space or Space 1 equal to 1. now the first inverted comma is used to close this string parameter whenever you give something as an input in the input box of the web application then it is considered as a string in most of the cases especially for username and the password so the first inverted comma is used to close this parameter the string parameter then there is the or function and after that there is a statement that is 1 equal to 1. now if you see this there are two inputs this is the or

function and there's one input to the left hand side and there's one input to the right hand side what we are interested in is the statement that is to the right hand side of the or function that is 1 equal to 1. now this is a statement that will always return true because 1 is always equal to 1 and like we have already understood that if one of the input to the r function is true then irrespective of what the other input is the result will always be true so in this case because 1 is

always equal to 1 and that is true then this function the or function will always return true and hence the the SQL query will always return true now what is the use of the extra double hyphen that I've used so the double hyphen I've used is to comment out the rest of the SQL query and that's why I faded out the and password part so when I use double hyphen it doesn't matter what the next part of the SQL query is and like we have understood that this or function returns true then this SQL query

returns true meaning that the login is successful so this is how SQL injection works now let's see how you can use SQL injection to attack a web application in the previous slide I showed you one malicious string that can be used for SQL injection but there is no one universal string that can be used for SQL injection now what kind of SQL injection you use or how you use the SQL injection depends on how the web application is built just so you can understand in a better way how SQL injection can be used differently I

have taken two examples in this session where in each case the data is being passed in different ways so first I'll explain to you what are these different methods that the data is being passed so the first way that the data is being passed is by using the get method so when a web application is using the get method to pass data Maybe from one webpage to another or from a web page to the database the data that is being sent is sent through the URL of the request so the data that is being sent

is visible in the URL let's take an example where there's a login page and there's a username and a password field you enter the username maybe as admin and the password is also the ad and when you hit the login button suppose the web application is using the get method then the URL request will look something like this in this case there's a name of the web page and there is also the information that is being passed that is the username and the password so when you use the get method the data that is being

passed is visible in the URL now let's see an example where there's a web application that is using the get method and let's see how you can use SQL injection to hack that web application I've built this web application that uses get to method to pass the data and this is how the web application looks before telling you how it works let's just have a look at the database so to show you the contents of the database let me first login into the database now I'm using the database named test so let me just select

it first so first let's see what are the contents of this database table so the name of the database table is login details so let me just print out all the rows and columns that are in this table so there are two columns in this table one is the username and one is the password and there are three entries the username and password for the respective username now let's see how this web application works so first I'll show you the code I've used to build this web application so this is the code that handles the

login activity so first it takes the data from the web applications the HTML page then it connects to the database then it uses the SQL query and it selects the user which has that particular username and that password and if there's a user with that particular username and password then it prints a success message and if there is no user with that username and password then it prints a failure message now let's see how this web application works so I'll just give some valid inputs first there is admin with a password admin let me just

hit the login button well this was a success let me try another input where the username is at Eureka and the password is one two three four five six then may try logging in in and it was also a success now what if I give some wrong input so I'll give tony as a username and some random thing as a password let me try logging in and it's a failure because that user name does not exist in the database and obviously the password also now what you have to observe is because this web application is

using the get method to pass data you can see the data in the URL of the string especially this part where the username is Tony and the password is this random string well now we can see that the data is being passed using the get method and the data is visible in the URL of the request now what we'll do to use SQL injection attack on this is we'll use that malicious string I showed you during the slides to bypass this login so what I'm gonna do is erase the username and use the malicious string

so the string is inverted comma space r 1 equal to 1 hyphen hyphen space so what should happen when I hit enter is this SQL query should return true and the login should be successful and we should see a success message on the screen so let me just hit the enter button while the login was successful and we can see that the SQL injection attack worked this is how you can use SQL injection while you're trying to hack the web application that users get a method to pass data well there's another method that can be

used to pass data and it is called the post method now let's see what this post method is when a web application is using in the post method to pass data Maybe from one webpage to another or from a web page to the database then the data that is being sent is not visible in the URL string now let me show you how you can use SQL injection attack on a web application that is using the post method this is the web application that uses post method to pass data from the web page to the

database I've kept the interface same because it doesn't matter how the web application looks so what matters is how it works so let me give some valid input at first the first username was admin and the password was admin let me just hit the login button and you see the login was successful let me use another entry the username is at Eureka and the password is one two three four five six and let me hit the login button and the login was successful now let me try some wrong input some invalid input some random characters

and some random password let me hit the login button and the login was a failure so you can see that the web application works in the exact same way apart from one thing that when I hit the login button the username and the password is not seen in the URL you can only see the name of the web page and not the data that is being sent now in the previous case you could see the username and the password in the URL and you use the malicious string to hack the web application now that there

is no username and password in the URL how would you hack this web application like I told you while explaining how SQL injection works the only control the user has over the web application is in the input that he gives so whatever malicious string that we are gonna enter will be through the input that we give to the web application now let's use the malicious string in the username and the password field and see whether it is vulnerable to SQL injection well the malicious string was inverted comma R1 equal to one hyphen hyphen space and

let me just give some random password and let me hit the login button well this was a success and you can see I didn't give the right username and I didn't give the right password but still I use the malicious string and use SQL injection attack on this web application well this is how you can hack a web application that is using post method to transfer data now the next part of this session is how to prevent SQL injection well when you are an ethical hacker and you have to test a web application for vulnerabilities

and suppose you found that that web application is vulnerable to SQL injection attacks now you have to tell the organization on how they can make their security better and that's why it's important to know that how you can prevent SQL injection attacks there are different ways of preventing SQL injection attacks and it all depends on how the web application is built just so you know I'll be explaining one such way that you can use to prevent SQL injection attack now there's another web application that I've built that prevents SQL injection attacks so let me just

show you how it works I'll show you the code and I'll show you what changes I've made and then explain how this prevents SQL injection attacks so the first part of the code is same it takes username and password from the HTML page from the input and then it connects to the database and then it runs some SQL query to check if the username and the password is valid and finally it returns a success if it's true and it returns a failure message if the login is unsuccessful now the changes I've made is in this

part of the code what I've done is I'm using some method some function called prepare and bind parameter and what this actually does is it binds the whole input that the user gives as a string like I told you previously that the inverted comma was used to close the string parameter when you use the bind parameter function that hold malicious string is considered as a string now just so you can understand it better I've just visualized this logic so you can understand better so I'll get back to the slide and explain how this works so

what we actually did was there was a username and the password field and we entered the malicious string in the username or the password and we could login successfully now when you use the methods that are used in the code what actually happens is this whole string the whole malicious string is considered as a string and the inverted comma used is also considered as a string now when you use the bind parameter function what happens is the whole malicious string is considered as a string and the R1 equal to one hyphen hyphen is not considered

as a logic in the code so when you use the bind parameter and even if you give this malicious string as the input it is sent to the database as the string it is compared it is cross checked with the username and the password in the database table and because there is no match the login will be successful this is one way how you can prevent SQL injection there are many other ways that you can use you can use form validations you can limit the characters that can be used as password and there are many

other ways and it all depends on how the web application is spread [Music] so you remember the last time you went shopping online remember all the pictures of clothes books and electronics that you looked at what if I tell you that those images weren't really for you what if those pants you were looking at were really detailed blueprints of military installments you would never know right this is the nature of stegnography steganography is science of hiding information from Plain Sight secret communication is very important because if your message is important and if you do not

want others to know about your message then you use different kind of techniques to hide your message from third person and steganography is one such technique however criminals and organizations are using this for their own purpose so understanding how to hide data using steganography and prevent the data from being misused will be very helpful however to talk about steganography we should consider its predecessor cryptography which is science of writing and secret codes basically cryptography makes messages meaningless to the Casual reader by encrypting the data using set of rules which are known to both sender and

receiver only the intended receiver with the decryption key can extract the actual message thus when an attacker discovers the message it is still difficult for him to get the secret message if cryptography is a strong way to encrypt and secure communication then why do we need a new technique answer is very simple when we are using any cryptography Technique we need to send a secret key and third person can easily judge that some secret kind of communication is going on in simple terms cryptography does not try to hide the fact that secret message is being

sent this is where steganography comes into picture the main reason of using steganography is that you're hiding your secret message behind an ordinary file no one will suspect the fact that a communication or some sort of secret message is being sent people will generally think it is an ordinary file and your secret message will go without any suspicion unlike cryptography which conceals the content of a secret message stigonography conceals the very fact that message is being communicated so if I have to Define steganography it is an ancient art of covering messages in a secret way

such that only the sender and the receiver knows the presence of the message well now if you're thinking steganography is a brand new method then you are mistaken steganography is an ancient practice the word steganography is derived from Greek words taginos meaning hidden or concealed and breffen which means writing or drawing before moving further let's get a glimpse of how steganography evolved from past the concept of stegnography was first introduced in 1499 but the idea itself has existed since ancient times there are stories of a method being used in Roman Empire whereby a slave choosing

to convey a secret message had a scalp shaved clean and a message was tattooed onto his skin when the messenger's head grew back he was dispatched on a secret mission on the other end the receiver shaved the messenger's scalp again and read The Secret Message well that was one way of doing it demeritus the King of Sparta sent a secret message on tablet covered with wax when it was received at the other end the wax was scraped off to recover the message one of the oldest and the most fascinating and common way to hide message

is to use invisible inks the actual message can be made visible if document was heated gently next came the null Cipher null Cipher refers to the method of encrypting where plain text is mixed with actual message next was hiding data in the images micro dots were used to conceal a message a micro dot is a simple text or an image which is reduced in size to hide its contents and this micro dot are the images or the text which are present in a micro dot are then read using magnifiers apart from these techniques there were

others as well like spread Spectrum semagrams Etc so like I said earlier steganography is an ancient practice the majority of today's steganographic systems use multimedia objects like image audio video Etc as cover media well if you don't know what I mean when I say cover media don't worry about it you will know more about it as we progress through the session but for now cover media is a place where you actually store your hidden information or you store your secret information so based on the type of cover media stegnography is divided into multiple types to

begin with we have text ignography text ignography is hiding information inside the text files it involves things like changing the format of existing text changing words within a text generating random character sequences or using some sort of context-free grammar to generate readable text well there are different methods to hide data in text some of the popular ones include format based method random and statistical generation linguistic method moving on we have image technography this is nothing but hiding data in an image it's one of the most popular way of hiding data because an image there are

huge number of bits present in digital representation so it's easy to store or hide data in an image there are a lot of ways to add your information inside an image common approach includes lsp's steganography which we'll be discussing in detail later and then there is masking and filtering some sort of encryption techniques and many others moving on audio steganography it sounds according to its name in all your signography secret message is embedded into an audio signal Health which Alters the binary sequence of corresponding audio file then there is videos technography and videos technography you

can hide any kind of data in digital video format the advantage of this type of steganography is that large amount of data can be hidden very easily you can think of it as combination of image technography and audio steganography well there are two classes of videos technography one is embedding data in uncompressed raw video and then compressing it later other one is embedding data directly into compressed data stream and next there is Network steganography like it sounds it's a technique of embedding information within Network control protocols like TCP UDP High CMP and many others for

example you can hide information in the header of ntcpip packet in some fields that are either optional or non-important and finally there is email stagnography it's not a very well known type but anyway email that contains the files embedded within head information in using steganography can be very difficult to detect as well as read now that we have learned of different types of steganography let's take a look at few features that is technographic technique must and should process I am sure you can see an image of an adorable and cute kitten on the screen right

well that's our cover image or the file where we store our secret data so the first feature that any stagnographic technique must process is transparency it's an important feature each cover media it can be image or audio or video has certain information hiding capacity if more information or data is hidden inside the cover then it will result in degradation of cover media as you can see the stigo image or a final image after adding data inside our cover image is not proper or exactly similar to our original image right so there's some sort of distortion

so if attacker notices this Distortion then as technographic technique fails and there is possibility that our original message can be extracted and damaged by attack on well that's the first feature next feature is robustness robustness is ability of hidden message to remain undamaged even if the stigo media undergoes some sort of transformation like cropping or scaling and blurring or linear and non-linear filtering or some sort of hindrance so we have to make sure that technique in any way doesn't affect our secret message and the last property tamper resistance this is one of the most important

feature because if attacker is successful in destroying the steganography technique then the tamper resistant property makes it difficult for the attacker to alter or damage the original data while you can think of it as a last step that as a sender you can do to protect your data from other people okay so till now we have covered what steganography is a bit about its history and its types now let's go through a basic technographic model well it's pretty simple concept but before we start we should be aware of few technical terms that I was using

earlier and which I said I'll explain later so here we go we have something called cover object or cover file this is the file that we will use to hide the information it could be an image or a video or an audio or networked or the different types which we discussed earlier and then there is our secret message as you know this is a secret information that we want to hide into cover object and sometimes you also have something called stego key and I'll explain you what that is when we encounter it so let's get

started there so there is a steganographic encoder which uses some sort of steganographic method or function to embed The Secret Message which is represented by m into our cover object or cover file X so as you can see there's a function which takes X which is our cover file and that is secret message and another input that's K like I said K is nothing but key or stego key it is a key to embed data in a cover and extract data from the stego medium well it's optional using a key provides extra security that is

all so basically our steganographic encoder method or function takes this cover image secret message and key as an input and embeds are secret message into cover object embedding process generates a stigo object and this object looks exactly like our cover object now this Lego object is sent to receiver through the network without any encryption here so this is whereas technographic encoding process ends now if on the other end receiver wants to extract The Secret Message all he has to do is feed the sticker object into steganographic decoder which also takes key as one of its

input and then as a result he gets secret message which was intended for him so like I said it's a very simple process right so if I summarize you have your cover file which could be image audio or anything and then you have your secret message both of them along with the key if you want are fed into steganographic encoder as a result you get your sticker object which looks exactly same as cover object and this ego object is sent to receiver through secure Communication channel without or without encryption on the other hand if receiver

wants to extract the secret data he feeds this they go object into signographic decoder and he gets cover other object and secret message as an output so this is how steganography actually works well if I want to make this process more secure I can add one more step which is encryption let's see how to do that so like I said there's a sender before actually feeding the secret information into signographic encoder he encrypts this secret message along with an encryption key as a result he gets a cipher text or like we discussed when we were

discussing cryptography the meaningless text or the ciphertext this ciphertext along with steganography key or stego key and cover file is fed into steganographic encoder embedding process generates a sticker object and this is where our encoding process ends this ego object which looks exactly like a cover object is sent to receiver using a secure Communication channel now on the other end if the receiver wants to extract The Secret Message he feeds this Tego object along which they go key into steganographic decoder as a result he gets a cipher text and to decrypt the data he feeds

the cipher text and the key that's decception key into decryption algorithm and as a result he gets the secret message which was entered there for him through his sender so there you go guys that's simple so like I said earlier we discussed the most simple process if you want to make it more secure you can include encryption as well so basically any type of stegnographic method or technique works this way it's just that the type of algorithm they use or the encryption algorithm or the technique they use to embed data into an image or in

video or it could be anything that's cover object is different so guys till now we've learned about what steganography is and how is technographic technique actually works it's time that we should learn about one of the most popular stenographic technique which is LSP steganography if you remember earlier we talked about image signography you know where we hide secret data inside an image well one of the popular technique to write secret message inside an image is LSB stigmography or least significant bits technography now before we jump in into what lsp's technography is let's take a look

at a few basic concepts on the screen I have an image to be more precise let's call it a digital image every Digital Image is a finite set of digital values called pixels you have probably heard the term before and generally know that pixels make up an image pixel is actually short for picture element well you can think of them as dots of Illumination typically so small that you're unable to see them thousands or even millions of individual pixels together make up an image so each pixel can be one color at a time however pixels

are so small that often blend together to form new colors in this session we will work with RGB color model the RGB color model is an additive color model in which red green and blue light are combined together in different ways to reproduce a broad array of colors and each of these can be represented using a binary code so like I said I have three values which are RGB that is red green and blue and each of this value is represented in a binary code so by mixing the 8-Bit binary red green and blue values

pixel can be any color and the color is usually determined by number of bits used to represent it well in this case we are using 8 Bits so we can display for about 250 colors moving on when we are working with binary values we have more significant bits and less significant bits the leftmost bit is the most significant bit on the other hand rightmost bit is the less significant bit now if we change the left most bits that is more significant bit it will have a large impact on Final value for example let's say I

have 255 and its binary representation which is 8 watts in 8-bit representation now if we change the leftmost bit from 1 to 0 the decimal value will change from 255 to 127 as you can see the amount of change is very huge here it has made a large impact on Final value on the other hand the rightmost bit is the less significant bit now if I change the rightmost bit it will have less impact on Final value for example if we change the leftmost bit which is 1 to 0 it will change the decimal value

from 255 to 254 and you can note that the change is about decimal zero zero two percent which is very less when compared to most significant bit so the point I want to State here is that if we change more significant bit or MSB it will have larger impact on Final value but if we change LSP the impact and final value is very less this very point is made used by LSB steganography so in this method which is LSP stegnography least significant bit of an image or of a pixel in an image is replaced with

a bit of a secret image the result of this process Alters the original output very slightly so your cover image and your stigo image that you'll find a result after hiding the data look exactly same with without any difference this technique works very good for image audio and video stegnography well let's consider a simple example suppose we want to insert letter A into an image the binary representation of a is one followed by five zeros and again one now like I said earlier we are using RGB color model here so and I'm using 8 Bits

to represent each of these value which is red green and blue so I'll be needing about three consecutive pixels that's about nine bytes to replace all the least significant bits by the bits of the letter A well don't worry about it you'll understand once you see the next image that I show you on the screen so like I said I'm considering 3 pixels which is about 9 bytes so these are the pixels before insertion I've picked like random pixels so as you can see I have three pixels one two three and nine so totally nine

bytes I have here and now if I replace the last bit or LSP for each byte with a bit from binary representation of a what we get is this so as you can see I have replaced the 0 with this one here so as you can see Zero is replaced with one and then I have five zeros zero zero like five zeros followed by one one which is already one so I'm not replacing anything here so as you can see all the color bits have been replaced here so once you are done with replacing you'll

find that the final result or the sticker image is very much identical to your actual image that's your cover object on an average LSB requires that only half of the bits in a mage can be changed as you can see I have like left three or four bits unchanged here for example this one this one and the zero here the zero in the first line in the last line I have two ones left without changing it so if need required right you can hide data and the least and the second least significant bits as well

and still the human high would not be able to discern it so guys that's all about least significant bits technography well that's the concept so to summarize every pixel can be represented using different color models while in this demo I've used RGB color model and if each of these values are represented using 8 Bits while you can use different number of bits as well and this number of bits used usually determine the color which pixel displays like I said we have used eight bits here and in a binary format we have least significant bit and

more significant bit like I said changing more significant bit makes more changes to our final value but that does not happen when we change the least significant bit so we made use of that point so basically the least significant which stigography make uses of the fact that changing LSB doesn't make much change to our actual image so it replaces the lsbs in the cover object by the binary bits of secret message so there you go guys now you know already part of the concept it's time to perform a small demo in this demo we'll see

how to use the concept of lsp's technography and hide secret text in an image so here are the steps involved first to encode the text into image the program loads an image and looks or considers each pixel XR decimal's value then the program asks you for the secret text and converts it into its binary form and then one by one it stores The Secret Message bits into LSP of image pixels which is our blue value bits of RGB model after the message is embedded into an image program adds delimiter to the end to determine when

the text ends so here ends the encoding process suppose you want to retrieve the data then the program extracts all the zeros and ones from the stigo image until delimiter is formed and there goes our secret message so these are the steps we'll be performing in the program so guys this is what a program does while to summarize a text image it converts that into its decimal values it takes our secret test and converts it into its binary value then replaces the LSB of cover image with the bits of secret message once it does that

it adds some delimiter at the end so that we know that this is where the text ended so this is how encoding is done suppose you want to retrieve the message all you have to do is extract zeros and ones from the stick object and convert the binary form into string format that way you can get your secret message or the receiver can extract The Secret Message well I'm using the code which I found in GitHub and suppose if you guys want to experiment as well please do post your email IDs in the comment section

below and we'll get back to you with the code now let's get started with the demo so guys I'll be using my Ubuntu system here so as you can see I have a code let me show it to you guys I have code here and I have certain images of different formats I have one of jpj and one of PNG as well okay let me delete this file move to trash so going back to terminal let me show you guys the code first the file name was hide uh bye I think if misspell it wrong

anyway let me just check it anyway it's HIDs here we go guys I already have code because I've already extracted it from kids and I'm using it here so I'm just gonna explain you the basic concept of how this code Works actually so like I said we're going to convert our image into this xrsml format so I have a code which converts RGB values to hexadecimal values before that since we're using images here we need to import certain libraries we need python Library image or pil which is below well if you're using Windows operating system

you need to separately download it but if in Ubuntu which comes by default and suppose if it doesn't work let me go back well if it doesn't work all you have to do is make sure you have Python 3 version installed for that check Python 3 version and make sure you have Pip install again you can check using version command itself okay so as you can see I have Pip install and suppose if you don't have please do install it the command is simple all you have to do is the sudo app install python three

pip that's it just click enter and it'll install I'm not doing it again because you already have it installed like you guys saw and once you've done that to install pillow sudo pip that's just the way of installing pillow Library let me clear the stuff let's go back to program so since we're using images like I said we need to use certain libraries here we'll be using pillow Library so if you get an error while using this program please do install pip and below so getting back to program like I said here we're using an

image and converting that with Excel decimal format and similarly while retrieving it we are using the inverse function of it and our secret message which is in string format we're converting it into binary and binary to string and then there is encode basically it goes through the hex code and places the binary bit of a secret message into the hex similarly the invoice program is decode it will decode the hex format first let's check if for the zeros and months and then it pulls the data from that so basically we have four main functions here

which is encode decoder hide and the retrieve like I say encode and decode like I said earlier it checks for the hex code XR decimal code and then replaces the bits and decode it checks if the hex code has zeros and once it will extract the data if xcode doesn't have any zeros and what it will return null so there you go now these are the basic functions and then comes the complex function which is to hide our message I have a height function here just go through it it's very simple so basically as you

can see the side function it takes file name and the message it opens the image Library where it gives the file name as input and then converts the message from string format to Binary format and adds the delimiter as we discussed in the 3D part of the session so that while extracting you know that you've reached the end of the text so basically first it checks if our image is in RGB format or not if it doesn't and then it converts let's do it and then there it goes and basically it takes each and every

bit checks if the bit is in proper format if the actual bit of The Secret Message can fit into this and all that and then replaces the bit and once it has encoded The Secret Message completely into our image it returns a message saying completed if the mode of the image or if your file doesn't exist and for all that it returns a message saying incorrect image mode couldn't hide now retrieve function is as very simple the most simple one it's taking the file name from which you'll have to extract the data if it checks

first it checks if it's in a RGA format I mean that's red green blue format and if it's not it's going to convert into it properly and from there it's going to extract the data and then it retrieves all the zeros in one until it finds delimiter once it is Foundry limiter it gets to know that it has reached the end of the text and then it displays the message success otherwise it will give you an error message finally we have our main function so basically we're gonna give like string you have switch option while

writing code right even Java C plus but anyway just like that I'm going to give a code well it's not gonna display to the user but anyway it's in this code according to the code you need to use a command like python the file name as in the file name and which contains the code iPhone 8 to embed the data and the image and the text which has to be embedded and all that so we'll get to know when we actually perform the demo so let me just summarize what we have learned in the code

again so just basically go through it's very simple so like I said we are using below a library for that we need to install it properly if not a program doesn't work so make sure you have Python and after that install pip and through pip install below and like I said we're converting our image into this xrsml format using this function and inverse using this function and our secret message to Binary and binary to string and code it basically checks for each and every extra decimal of our image and replaces that by zero or one

of a secret message and then you have decode it checks if the hexadecimal code has zeros or ones if it does it extract the data otherwise it returns not and then there's our hide image which actually embeds the data into our image so it will take file name and message as input it checks if the image is actually in RBA format before that it converts our message into binary format and all that and then based on certain conditions it emits the data properly into the image if there is some error regarding the board of the

image you're using or if the text file doesn't exist it shows an error message same goes for the retrieval as well it checks for the zeros and ones extracts until it finds a delimiter and then it gives you a success message so there we go guys the program is simple so if you guys want a copy of the code and please do post your email ID in the comment section below and we'll get back to you with the code and now that you've understood the code let's go ahead and see if this works properly for

that I'm going to exit before that like I said I have my few images here docs.jpg then cat and Cube and all that I need a text file to hide right so here I go okay I've just typed some random message board meeting is on Tuesday please do send weapons lawyers and food so I'm gonna save it in my home page itself let me just give it a name msg.txt and click let me close it so now going back to files as you can see I have a file here which is msg.txt now I'm going

to use a dojs a docs JP the image oh sorry I forgot to tell you this program only works for PNG images so I can't use docs image and let's take cube.png so python because we are using the python code I mean the file is in Python format right Python and the file name is have p y e to embed and the filing which is Q dot PNG enter a message to hide well basically this doesn't actually take a file which contains the message it directly asks you to enter the message to hide but don't

worry the file which we just created I'll show how to use it for while we are discussing this technographic tools anyway getting back to what we'll be doing write a message so so it is it's completed now let's get back to files now if in case I open qpng it's same as before you won't find any changes here getting back to terminal if I want to extract the message sorry friend D and success it says the message is extracted which is how I send your weapons do you know where so that's easy guys well it's

a very simple program it's just taking an image it's taking it's asking you to enter the message and it's embedding in that so well you can take this as a base code and create your own code which performs many things or Advanced stigmography as well so basically to summarize in this program what we did was we converted our secret message into its binary form and we took the file the bits in the binary code and replace the least significant bits are the blue color bits of RGB color model by these bits of secret message so

basically we are replacing the least significant picks so that our cover image that's cover object as well as a sticker object both are same and look identical now let's get back to PPT so guys earlier we discussed about the instant stigmographic methods there are various ways of achieving this technography in this digital communication World however you do not need to perform coding to achieve this there are various software tools are available for stegnography this software can hide your secret message behind the image file or audio file or video file or any kind of file basically

so we are going to take a look at few such tools and I'm going to show you how to use them maybe at least two or three so there we go the first tool is to go shoot basically here you can hide any kind of text inside an image then you have to go hide it hides a secret file in an image for audio file then you have scios technography it's a free software where you can hide your files inside BMP Majors or wave files that's wav files and then there is sued pixel which works

as in it's similar to other tools where you can hide data and images but the way it works is slightly different I show you how it actually works so don't worry about it for now then there is open buff where you can conceal all the files in an image audio flash files and then camouflage tools that let you find any type of files inside any other file so these are very few there are other tools outside as well as for today we're going to explore three to four tools which is Tego suit other one is

to go hide then science technography and a suit pixel so there we go guys let's begin with sticker height let's go back to Ubuntu so this stack height is an open source technography software that lets you hide your secret file nmh or audio file you will not notice any change in the image or audio file it is a command line software therefore you need to learn the command line to use this tool and therefore I have come back to Ubuntu here so I've already have it installed it's very easy to install app get installed stick

hi it'll install use the command just sudo apt get installs tag height and click enter I'm not doing it it's gonna take time since I've already done it I'm going to straight away use it so stick hide well as soon as you enter the commands to guide it'll show you the help command related to the stick height so basically it says the first argument should be one of the following that is either you should embed the data or extract the data and you have various options that you can add in commands to use your cover

object or does they go object or your secret message and you have options to compress and encrypt the file before actually putting it into an image for hiding it as well and then suppose if you want entire information about your file after encrypting it you can use different commands as well which for example let me yeah you have info command here if you use that command it'll display all the information about your file and when you're trying to embed data It'll ask you for a pass phrase basically it's nothing but just like you can think

of it as a key or a password basically it's making sure that you're the right user who has entered a hidden the data or extracting it so well to make it easier for people using it they also have given few examples here so Julie the command begins with Stig height the command name and embed to embed the file iPhone CFS refers to your cover object it's the name of your cover object and then you have your secret message and for that you're using iPhone EF let's do that so stick hide embed before that let me

go back to files so I'm using this docs jpg and the message dot text which we created earlier embed iPhone CF so that's docs.jpg and I've been EF which is our MS dot dxt right cool it says enter passphrase which let's say ABCD it says embedding and it's done now to check if it's done the properly or not let's go back to files I'm going to move it to desktop click on enter cool now let's go back to desktop here is our file now to extract I'm using extract command so for that I need to

go to my desktop right because that's where my file is stored here we are and stick hide extract SF is what you use to extract your stego file you can see it in a help session and the name was dogs.g it's asking for the passphrase more for security purposes so it says extracted to message.txt now to check the file you need to go back to desktop because that's where our file should be and if you open that with editor there you go we have successfully extracted the data from the image now let's try a few

other commands let me come back okay let me try it here click hide what is that info command right N4 and let's say so as you can see it's extracted the information about the file it's in format its capacity and it says you want to get information about limited data as well why could not extract any data with the database paper is already extracted The Secret Message from that file well if you hadn't extracted then maybe it would have showed the embedded content as well so that's how you use SD guide you have multiple other

options as well like for example when you're trying to embed it asks you for the fast phase right instead if you don't want it to ask like this you can use hyphen P command and enter the passphrase you can add it in the command itself here and then it actually skips that a step and actually goes back to this embedding message and dance step so yeah that's all about stick hard now let's go back to other tools so the next tool we'll be using is a sticker suit it is a free stegnography tool which is

written in Java and with stickers to it you can easily hide in confidential information and image files so I have a file called sample your I have certain images it's in jpj format it's a BMB file and then there is a PNG file as well so first tool that we're going to explore is Tego suits yeah there we go this is the stego suit tool it looks very simple basically there's nothing here so click on file open and select the file and which you want to embed the text or the secret data let's go back

to sample and here I'm using this PNG image open here it's ask you for the test which you want to embed an image so this is the secret text I want to type if you want you can give the password and embed it says embedding completed the file is saved to desktop sample image embed.jpg let's go back and check sample and here we go you have an image and properties it's a JPG file let's try opening it there you go guys it looks similar to our actual message well it doesn't look different at all but

the data is actually hidden inside it right to know that all you have to do is let's just rename this let's say image key that's the embedded format of our image it says the image is open okay I'm gonna close take a suit so yeah you can see the image here Let's uh rename it image e now if you want to retrieve the message they go suit file open select the file in which the text was embedded which is image e and open enter the password which is and extract so as you can see it

has extracted the text message which earlier I hid into the image hey this is a secret test I want to hide well go ahead and try to use it it's fun it doesn't have any other functionalities apart from these it's a very basic simple tool let's go to our next tool which is scios technography well it's a free software that can be used to write secret files in BMP that's a bitmap images or wav files use of this tool is very easy you can just open the software load any BMP image or wave file to

its interface and then add a file which you want to hide and this also supports encryption multiple formats well instead of telling all this to you let me just show it to you so as you can see I have had already installed it's just one step installation and to add the file present to end code you need to click on this add files option to extract you can use this first let's try to add files so the first name all you have to do is load your BMP or WAV file and Sample I have one

BMP image I'm gonna load it open well as you can see this size is slightly bigger click on next here so now that you've loaded your cover image you'll have to load the image or the file which you want to store in this cover image for that you click on ADD file option here let's say I wanted to store this image let's try open and next so as I said it shows different encryption formats here so you can select from various algorithms like rc4 then you have triple Ds DS triple Ds worth 112 and many

of the formats it's asking for the password give some password click on next so the embedding is done it's asking you to name the file let's say bird and save so the final file is similar to the actual BMP image you can't make out any changes right but there is a secret data which is added inside it which is another image now let me close finish let's try to extract it click on this extract files and load the source file which should be a bird then open next it's asking for the password so a b

c d that's what I'd give it and extract file image2 dot j save file extract successful okay Finish let's go back to the location and see so here we go we had tried to store this image too in the bot but after that we try to extract it so there we go guys the image has been successfully extracted this way you can store any kind of file it can be your Excel file or Word file document file or PowerPoint file or image or anything so that's your sales technography tool so like I said you can

add the files but to extract the message you'll have to start using this file from the beginning again then let's go back to our next tool which is a suit pixel it's here let me just check off um installed it I'm gonna extract all let's store it in our desktop and okay now if we go to desktop this is our application pixel click on that so guys even this is a tool where you can store any kind of hidden information but it has a different approach when compared to other tools it uses image file as

a key to protect your hidden text inside an image that is to hide and unhide text inside an image you need to enter another image as a key so as you can see you have three images Here original image that's your target image and Delta image which acts as a key instead of giving some password or anything it takes another image as a key or passphrase so open original image desktop let's go to samples let's try fly now you need to enter the message hi this is the text I want to hide and here I'm

clicking on encrypt message save image let's try and save it somewhere else this stop let's store it in the documents file name my image and Save now let me open the thing again or you can just say reset exit here now if I open the application again let's try to extract what we just had so open the original message which is in desktop right sample that's flying open decrypt image so there you go so let me show it to you again all you have to do is reset click on open original image give the original

image which you try to encrypt that would be flying and open and then say decrypt image so like I said it uses an image as a key to extract or hide anything inside your image and now give your actual images in the encrypted encoded image or your stego image and click on open yeah and just say yes so as you can see it has extracted data which I was trying to hide so I'm sure you might have observed right the way it functions is slightly different from other steganographic tools [Music] so let us now move

ahead and see few of the roles that ethical hackers do there seem to be a general misconception that a person with an ethical hacking career is only responsible for penetration testing of system and application well this is not true an ethical hacker is responsible for much more you see ethical hacker perform operations such as scanning open and close Port using nmap tool and then ethical hackers engage in Social Engineering methodologies examining patches released to perform various vigorous vulnerability analysis on them and an ethical hacker will see if he or she can evade an IPS which

is nothing but intrusion prevention system honey pots and firewall ethical hackers can also employ their strategies into sniffing networks bypassing and cracking wireless encryption and hijacking web services and web applications as ethical hackers tries to replicate working of black hat hacker by analyzing the defense protocols and social engineering aspect of an organization thus to sum up ethical hacker job role is to protect the privacy of an organized Innovation that ethical hacker is working for then Immaculate report any sort of breach in the system to the corresponding division with the responsibility of mending the vulnerabilities an

update hardware and software vendors regarding the sort of vulnerabilities found in the product that is being used in orchestrating the business all right so moving ahead let us now see why ethical hacking is important we all know that data has become invaluable resource accordingly the prevention of privacy and integration of data has also increased in the importance in the essence this makes ethical hacking extremely important today this is primarily due to the fact that almost every business out there has a internet facing side whether be it Public Relation content marketing or sales internet is being

used as a medium this makes any endpoint that is being used to serve the medium of possible vulnerabilities furthermore hackers of the present age have proven themselves to be creative genius when it comes to penetrating into a system fighting fire with fire might not work in the real world but to fight off a hacker so smart an organization needs someone who has the same training to go through recent hacking outrage have led to losses amounting to millions of dollars these incidents have cautioned businesses around the globe and made them rethink their instance on the importance

of ethical hacking and cyber security by now I'm sure you have a motive to study ethical hacking let me now walk you through the roadmap to become an ethical hacker how you begin your route to become an ethical hacker very much depends on your current field of occupation study or research if you're not in the field that is remotely related to computer science information technology or cyber security you might need to shift to one for someone who is at the early stage of the career this might be an easy task but for others suddenly changing

their field into work is a daring task having a bachelor's degree certainly helps you slack the job but you can pass most of the beginner level interview with the general knowledge of networking and operating systems technical knowledge aside and ethical hacker must be a creative thinker and the reason for this is that ethical hacker have to predict and prevent crack activities and this requires out of the box thinking apart from that ethical hackers should also think like an hacker in order to beat him in its own game furthermore ethical hackers need to be able to

work under pressure with Immaculate judgment last but not least an ethical hacker must be proficient at communicating the problems he finds to the corresponding Department those who are spectacle about going to college could perceive their career in the military having some experience in the military particularly in the intelligence faction could help your resume get noticed by necessary employers getting a job as a ethical hacker prior to getting industry experience is really difficult after getting an entry-level job such as tech support engineer or a security analyst you may try attending some of the partnered certification which

will definitely give you a certain Edge over the others while you are applying for the job speaking about certifications let's discuss about it while talent and ability aren't established only by certification but they do help when you are proving your Knowledge and Skills to others even if you don't have ample industry experience a certification like certified ethical hacker in short Che unquestionably helps CH is an unbiased credential and generally cha certified ethical hackers are in high demand according to pay scale certified ethical hacker in short Che earns around 88 000 dollars per annum apart from

Che few other noteworthy certifications are Sans certification certified vulnerability assessor certified professional ethical hacker and then certified penetration Testing Engineer all right now so moving ahead let me now speak about few of the skills that ethical hackers should have as I mentioned earlier an ethical hacker is a computer expert who specializes in networking and penetration testing some of the skills that I would say important are experience in various operating systems primarily in Linux and its various distribution this is because a good portion of vulnerability testing includes invading the target system and shifting through their systems

this is impossible without a good grasp of an operating system then in-depth knowledge of networking is also a key to a successful ethical hacking career this involves packet tracking packet sniffing intrusion detection prevention and scanning subnets also programming is an important skill now programming is a very vast topic with different approach in every language as an ethical hacker it is not expected of you to be a master coder but to be a jack of all trades whenever I have mentioned programming is a ethical hacking essential I have been asked why this is because most people

don't have the slightest clue about the roles and responsibilities of an ethical hacker here are the few reason that makes programming knowledge critical in ethical hacking career you see ethical hackers are problem solvers and Tool Builders learning how to program will help you implement solutions to the problem programming also helps in automating tasks that would generally take up precious time to compete writing program can also help you identify and exploit programming errors in application that will be targeted programming knowledge also helps you in customizing pre-existing Tools in order to Crater to your needs talking about

tools used in ethical hacking let me walk you through a few of them although it is impossible to go through every ethical hacking tool in this single session hence I'll be just going through some of the really famous ones starting off with nmap nmap which is a shorthand term for Network mapper it is a reconnaissance tool that is widely used by ethical hackers to gain information about the target system this information is key to decide proceeding steps to attack the target system and map is a cross-platform and works on Mac Linux and windows it has

gained immense popularity in hacking Community due to its ease of use and Powerful searching and scanning abilities next we have netspeaker netspeaker is a web application security testing tool and netspeaker finds and reports web application vulnerabilities such as SQL injection cross-site scripting on all type of web applications regardless of the platform technology that they are built with netspeakers unique and debt accuracy proof building security technology does not just report vulnerabilities but all also produces a proof of concept to confirm that no false alarms have been ringing freeing you from having to double check the identified

vulnerabilities moving ahead to the next tool that is burp suit Enterprise Edition burp suit is a javascript-based web penetration testing framework it has become an industry standard and this tool is used by Information Security Professionals burp suit helps you identify vulnerabilities and verify attack vectors that are affecting web applications burp suits unquestionable acceptance and fame came to an attribute to the Fantastic web application crawler it can accurately map content and functionality thus automatically handing sessions and handle all sort of State change violation content and application logins moving on to our next tool that is nothing

but Metasploit Metasploit is an open source pen testing framework written in Ruby this acts as a public resource for reaching security vulnerabilities and developing code that allows network administrator to break into his own network to identify security risk and document the vulnerabilities it is also one of few tools used by beginning hackers to practice their skills it allows you to replicate website for phishing and other social engineering purposes [Music] so the first question is what do you mean by cyber cyber as an enter I'd expect that the candidate should first tell me the need for

cyber security says views on cyber security so the candidate should be like this today's generation lives on the internet and we General users are almost ignorant as to how those random bits are ones and zeros reach securely to a computer it's a golden age with so many access point public IPS and constant traffic and tons of data to exploit black hat hackers are having one hell of a time exploiting vulnerabilities and creating malicious software for the same above that cyber attacks are evolving by the day hackers are becoming smarter and more creative with their malware

and how they bypass wire scans and firewalls still baffle many people therefore there has to be some sort of protocol that protects us against all these cyber attacks and make sure our data doesn't fall into the wrong hands this is exactly why we need cyber security Now for defining cyber security here goes cyber security is a combination of processes practices and Technologies designed to protect networks computers programs data and information from Attack damage or unauthorized access okay so moving on to the next question is what do you have on your home network so a home

network gives you a test environment for experimentation active directory domain controller a dedicated firewall Appliance and a net attached toaster as long as you are learning and fiddling with it that's what matters I've augmented the router my ISP provided with an Apple AirPort Extreme which provides better Wireless performance to some devices from there I've extended the wired part of the network into two parts of the house using five port ethernet switches my office and living room each with four devices in the office I have a network attached storage device which provides shared data folders to

every device for movies and TV streaming anywhere in the house as well as backups in the living room is a range of gaming consoles a TiVo box and an Android media player despite owning a smart TV it's not hooked into my network simply because the device we own do a far better job of anything the smart tv offers okay now moving on to the next question is what is encryption and why is it important well a process of converting data into an unreadable form to prevent unauthorized access and thus ensuring data protection is called encryption

encryption is important because it allows you to securely protect data that you don't want anyone else to have access to businesses use it to protect corporate Secrets governments use it to secure classified information and many individuals use it to protect personal information to guard against things like identity theft okay so that explains encryption and why it is important moving on tell me the difference between symmetric and asymmetric encryption okay so if we compare on the basis of keys symmetric encryption has the same secret key for both encryption and decryption whereas asymmetric uses different keys for

encryption and decryption purposes performance wise symmetric encryption is fast but is more vulnerable while asymmetric encryption is slightly slower due to high computation some examples of symmetric are des and 3des while asymmetric the most popular is RSA and Daffy Helmand okay so time for the next question so what is the CIA Triad now in this question the candidates should explain what is CI Triad and what it is used for so here's the answer the CIA Triad for information security provides a baseline standard for evaluating and implementing information security irrespective of the system and or organization

in question where confidentiality is all about making sure that data is accessible only to its intended individual measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people while making sure that the right people can in fact get it Integrity on the other hand is all about making sure that data is kept properly in task without it being meddled with an unofficial way data must be changed in transit and steps must be taken to ensure that data can be altered by unauthorized people these measures include file permission and user access

controls on the topic of availability well it is all about making sure that data and computers are available as needed by authorized parties moving on to the next question is what do you understand by risk vulnerability and threat in a network well sweat refers to someone or something with the potential to do harm to a system or an organization moving on vulnerability refers to a weakness of an asset that can be exploited by one or more attackers in other words it is an issue or bug that allows an attack to be successful last but not

least risk refers to the potential for loss or damage when a threat exploits a vulnerability okay the next question is how do you report risk well risk needs to be assessed first before it can be reported there are two ways you can actually analyze risk the first is it can be either quantitative or qualitative this approach is suitable for both Technical and business guys the business guys will see the probable loss in numbers while the technical guys will Monitor and assess the impact and frequency now depending on the audience the risk can then be reported

moving on how do you differentiate between IPS and IDs systems well first of all IDs stands for intrusion detection system and ips's intrusion prevention system now IDs just detects the intrusion and leaves the rest to the administrator for assessment and evaluation or any further action IPS on the other hand detects the intrusion and takes necessary actions to further prevent intrusion also there is a difference in the positioning of devices in the network although they work on the same concept the placement is very very different moving on what do you know about cyber security Frameworks well

cyber security framework is a volunt guidance based on existing guidelines and practices for organizations to better manage and reduce cyber security risks besides helping associations oversee and decrease probable risks it was intended to cultivate risk and cyber security administration Communications among both inner and outer authoritative Partners most frequently adopted cyber security Frameworks are PCI DDS which stands for payment card industry data security standards the iso 2701 and 27002 which is the International Organization for standardization then CIS which stands for the critical security control and the most famous cyber security framework is missed moving on to

the next question which is what is weak information security well information security policy is considered to be weak if it does not meet the criteria of an effective one the criteria include distribution review comprehension compliance and uniform information security is weak if the policy has not been made readily available for review by every employee within an organization or the organization is unable to demonstrate that the employees understand the content of the policy document this is when an information security is considered weak moving on to the next question is what's the better approach of setting up

a firewall okay so following are the steps you should take to configure your firewall the first is a username and password modify the default password for your firewall device next is the remote Administration which will disable the feature of remote Administration from the outside Network then comes port forwarding for certain applications to work properly such as a web server or FTP server you need to configure appropriate port forwarding next comes the DHCP server which is installing a firewall in a network with an existing DHCP server will cause conflict unless that firewalls DHCP server is disabled

then is logging now in order to troubleshoot firewall issues or potential attacks you want to make sure to enable logging and understand how to view the logs last but not least we need to actually go through the policies now if you want to have solid security policies in place make sure that your firewall is configured to enforce those policies moving on to the next question is can you explain SSL encryption now SSL stands for secure socket layer and it is a protocol which enables safe conversation between two or more parties it is designed to identify

and verify that the person you are talking to on the other end is exactly who they pretend to be we also have https which stands for hypertext transfer protocol secure which is actually HTTP combined with SSL which provides you with a safer browsing experience with encryption so this is a very tricky question but SSL wins in terms of security moving on which one is more secure SSL or TLS well SSL is meant to verify the sender's identity but it doesn't search for any more hazards than that SSL can help you track the person you are

talking to but that can also be tricked at times TLS is another identification tool just like SSL but it offers better security features it provides additional protection to the data and hence SSL and TLS are often used together for better protection moving on what are salted hashes well salt is actually random data when a properly protected password system receives a new password it creates a hash value of that password and adds a random salt value then the combined value is stored in its database this helps defend against dictionary attacks and known hash attacks example if

someone uses the same password on two different systems and they are being used using the same hashing algorithm the hash value would be same however if someone of the system uses salt with the hashes the value will be different moving on to the next question which is how can identity theft be prevented okay so the following steps can be ensured to actually prevent identity theft first of all ensure a strong and unique password secondly avoid sharing confidential information online especially on social media third shop from known and trusted websites only fourth use the latest version

of the browsers fifth installed Advanced malware spyware and tools next use specialized Security Solutions against financial data and always update your system and software and last but not least always protect your social security number now moving on to the next question is how can you prevent the man in the middle attack okay so an mitm attack happens when communication between two parties that is systems is intruded or intercepted by an outside entity this can happen in any form of online communication such as email social media web surfing Etc not only they are trying to eavesdrop

on your private conversation they can also Target all the information inside your devices and the outcome could be pretty catastrophic so the first method to prevent this attack would be to have encryption preferably public key encryption between both the parties this way they both will have an idea with whom they are talking with because of the digital verification secondly to prevent this it is best to avoid open Wi-Fi networks and if it is necessary then use plugins like https Force TLS Etc moving on to the next question which is State the differences between encoding hashing

and encryption okay so the purpose of encoding is to transform data so that it can be properly and safely consumed by a different type of system that is example by binary data being sent over email or viewing special characters on a web page the goal is not to keep information secret but rather to ensure it's able to be properly consumed examples include asci Unicode URL encoding and base64. now the purpose of encryption is to transform data in order to keep it secret from others example sending someone a secret letter then only they should be able

to read or securely sending a password over the internet rather than focusing on usability the goal is to ensure that data cannot be consumed by anyone other than the intended response examples include AES Blowfish and RSA now hashing serves the purpose of ensuring Integrity that is it makes sure that if something has changed you know that some change has taken place technically hashing takes arbitrary inputs and produces a fixed length of string example are sha3 md5 which is now Obsolete and shot 256 Etc now moving on to the next question which is what steps will

you take to secure a server now secure server uses the secure socket layer protocol for data encryption and decryption to protect data from unauthorized interception here are four simple ways you can actually secure a server so the first way is that you make sure that you have a secure password for your root and administrator user secondly the next thing you need to do is to make new users on your system these will be the users you'll use to manage the system step 3 is remove remote access from the default or root administrator accounts and the

last step is to configure your firewall rules for remote access okay so the next question is what is a DDOS attack and how is it mitigated okay so DDOS stands for distributed denial or service when a network is flooded with large number of requests which is not recognized to handle making the server unavailable to the legitimate request senders DDOS can be mitigated by analyzing and filtering the traffic in the scrubbing centers and the scrubbing centers are centralized data cleaning stations where in the traffic to a website is analyzed and malicious traffic is removed okay so

the 20th question is why do you need DNS monitoring the domain name system allows your website under a certain domain that is easily recognizable also keeps the information about other domain names it works like a directory for everything on the internet thus DNS monitoring is very important since you can easily visit a website without actually having to memorize their IP addresses DNS has an important role in how end users in your Enterprise connect to the internet inspecting DNS traffic between clients devices and your local recursive resolver could be revealing a wealth of information for forensic

analysis DNS queries can reveal both botnets and malware connecting to the CNC server so this is why DNS monitoring is very essential moving on what is a three-way handshake the TCP three-way handshake in transmission control protocol is the method used by a device on a network to set up a stable connection over an Internet Protocol based Network TCP is three-way handshaking technique is often referred to as the synac or more accurately since synac and ack because of there are three messages transmitted by the TCP to negotiate and start a TCP session between two computers moving

on to the next question is what are black hat hackers white hat hackers angry hat hackers so like all hackers Blackheart hackers usually have extensive knowledge about breaking into computer networks and bypassing security protocols they are responsible for writing malware which is a method used to gain access to these systems their primary motivation is usually for a personal or financial gain but they can also be involved in cyber espionages protests or perhaps just addicted to the thrill of cybercrime now white hat hackers choose to use their power for good rather than evil also known as

ethical hackers white hat hackers can sometimes be paid employees or contractors working for companies as security Specialists that attempt to find security holds via hacking they employ the same method of hacking as black hearts with one exception that is they do it with permission from the owners of the system first which makes the process completely legal now there comes grayheart hackers as in life they are gray areas that need a black nor white gray hat hackers are a blend of both Blackheart and white hat hackers often gray heart hackers will look for vulnerabilities in a

system without the owner's permission or knowledge if issues are found they will report them to the owner sometimes requesting a small fee to fix the issue okay now moving on how often should you perform patch management well patch manage should be done as soon as it is released for Windows once the patch is released it should be applied to all machines not later than one month same goes for network devices we should patch it as soon as it is released and proper patch management process should be followed too question number 24 what do you know

about application Security application security is a practice of improving the security of applications using software hardware and other procedural methods countermeasures are taken to ensure application security the most common being an application firewall that limits the execution of files or the handling of data by specific install programs moving on to the next question which is differentiate between penetration testing and software testing now penetration testing helps identify and address the security vulnerabilities whereas software testing focuses on functionality of the software and not the security aspect a good penetration tester truly thinks differently than the other two

they don't care about the proper behaviors of the system or software and they are crafty looking for that one small of vulnerability that was not mitigated and software security testers generally have a fair amount of crossover as they usually know the full details of the system or software and they know how it's supposed to properly behave when properly used and they can test for a lot of the common end user misbehaviors moving on when to use Tracer or trace route so trace route is a command which can show you the path a packet of information

takes from your computer to the one you specify it will list all the routers it passes through until it reaches its destination or fails to and is discarded in addition to this it will tell you how long each hop from router to router takes now when you connect to a website say how to geek.com the traffic has to go through several intermediaries before reaching the website the traffic goes through your local router your internet service providers router onto larger networks and so on okay so moving on to question number 27 which is telling me something

about the common cyber attacks that plague us today I'm going to be discussing eight cyber threats firstly it's malware now malware is an all-encompassing term for a variety of cyber threats including Trojans viruses and worms malware is simply defined as code with malicious intent that typically steals data or destroys something on your computer next is phishing now fishing often posing as a request for data from a trusted third party phishing attacks are sent via email and ask users to click on a link and enter their personal data phishing emails have gotten much more sophisticated in

recent years making it really difficult for some people to discern a legitimate request for information from a false one phishing emails often fall into the same category as spam but are more harmful than just a simple ad next is a password attack and a password attack is exactly what it sounds like that is a third party trying to gain access to your system by tracking a user's password usually using some algorithm like Brute Force dictionary attacks or software which is a key logo next is a DDOS attack and a Dos attack focuses on disrupting the

service to another Network attackers send High volumes of data or traffic through the network until the network becomes overloaded and can no longer function next is a man in the middle attack and a man in the middle attack is an attack where somebody is impersonating the endpoints in an online information exchange for example if you are a banking online the man in the middle would communicate with you by impersonating your bank and communicate with the bank by impersonating you next is drive by downloads and this is a malware which is actually implanted into a legitimate

website and a program is downloaded to the user system just by visiting the site it doesn't require any type of action by the user to actually start to trigger the download next is malvertising and malletizing is actually malicious code which is hidden behind advertisements on websites and it is also downloaded to your system without your knowledge last but not least is Rogue software which is malware that masquerades as legitimate unnecessary security software that will keep your system safe okay so moving on to the next question is what are different OSI layers and what is the

job of the network layers okay so OSI or open system interconnection is a reference model for how applications communicate over a network a reference model is a conceptual framework for understanding relationships and the purpose of the OSI reference model is to guide vendors and developers so the digital communication product and software programs they create can interoperate and to facilitate a clear framework that describes the function of a network or telecommunication system the seven OSI layers are application layer presentation layer session layer transport layer Network layer data link layer and the physical layer okay so the

network layer is actually used for controlling the operations of the subnet and the main job of this layer is to deliver packets from a source to a destination across multiple links moving on to the next question which is how would you reset a password protected bios configuration now since bios is a pre-boot system it has its own storage mechanism for its setting and preferences in the classic scenario simply popping out the CMOS battery will be enough to have the memory storing these settings lose its power supply and as a result it will lose all its

setting other times you'll need to use a jumper or a physical switch on the motherboard still other times you'll need to actually remove the memory itself from the device and reprogram it in order to wipe it out the simplest way by far however is if the BIOS has come from the factory with the default password enabled try the whole word password now for question number 13 what is cross-site scripting or xss now xss refers to client-side code injection attacks wherein an attacker can execute malicious scripts also commonly referred to as malicious payload into a legitimate

website or web application xss is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates by leveraging xss and attacker would exploit vulnerability within a website or web application that the victim would visit essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim's browser now what is data protection in transit versus data protection at rest so the answer to that is that data in transit or data in motion is data actively moving from

one location to another such as across the internet or through a private network data protection in transit is the protection of this data while it's traveling from Network to network or being transferred from a local storage device to a cloud storage device wherever data is moving effectively data protection measures for intransit data are critical as data is often considered less secure while in motion now data at rest is data that is not actively moving from device to device or network to network such as data stored on a hard drive laptop flash drive or archives start

stored in some other way data protection at rest aims to secure inactive data stored on any device or network while data at rest is sometimes considered to be less vulnerable than data in transit attackers often find data at rest a more valuable Target than data in motion the risk profile for data in transit or data address depends on the security measures that are in place to secure data in either State moving on to question number 32 is tell me the differences between cyber security and network security okay so cyber security describes that the policies and

procedures implemented by a network administrator to avoid and keep track of unauthorized access exploitation modification or denial of the network and the network resources network security describes a process and practices designed to protect Network computers programs and data from Attack damage or unauthorized access in a Computing context security includes both cyber security and physical security while cyber security is concerned with threats outside the castle network security is worried about what is going on within the castle walls the cyber security specialist is the crusading Knight defending the kingdom and network security focuses on The Barbarians at

the gate and how the castle connects to the world around it moving on to question number 33 which is how will you prevent data leakage data leakage is when data gets out of the organization in an unauthorized way data can get leaked through various ways that is emails prints laptops getting lost unauthorized upload of data to public portals removable drives photographs Etc a few controls can be restricting uploads on internet websites following an internal encryption solution restricting the mails to internal networks or restriction on printing confidential data Etc moving on to the next question which

is what is ARP and how does it work okay so address resolution protocol or ARP is a protocol for mapping and Internet Protocol address to a physical machine address that is recognized on the local network on the topic of how it works when an incoming packet destined for a host machine on a particular local area network arrives at a Gateway the Gateway asks the ARP program to find a physical host or Mac address that matches the IP address now the ARP program looks into the ARP cache and if it finds the address it provides it

so that the packet can be converted to the right packet length and format and send it to the machine now if no entry is found for the IP address ARP broadcasts a request packet in a special format to all machines on the Lan to see if one machine knows that it has the IP address associated with it so for question number 35 is what is 2fa and how can it be implemented for the public websites so an extra layer of security that is known as multi-factor authentication requires not only a password and username but also

something that only and only that user has on them that is a piece of information only they should know or have immediately to hand such as a physical token authenticator apps replace the need to obtain verification code via text voice call or email for example to access a website or web-based service that supports Google Authenticator the user types in their username and password that is a knowledge Factor okay now time for question number 36 which is what techniques can we use to prevent Brute Force login attacks so here the attacker tries to determine the password

for a Target through a permutation of fuzzing process as it is a lengthy task attackers usually employ a software such as fuzzle to automate the process of creating numerous passwords to be tested against Target to avoid such attacks password best practices should be followed mainly on critical resources like servers routers exposed services and so on okay so now time for the next question which is what is cognitive cyber security Now the applications of artificial intelligence Technologies pattern on human thought process to detect threats and protected physical and digital system self-learning security systems use data mining

pattern recognition and natural language processing to simulate the human brain albeit in a high-powered computer model this is exactly what cognitive cyber security is so what is Port blocking within Lan well restricting the users from accessing a set of services within the local area network is called Port locking stopping the source to not to access the destination node via ports as applications work on the port so ports are blocked to restrict the access filing up their security holes in the network infrastructure okay so time for question number 39 which is what is the difference between

VPN and VLAN okay so VPN is related to remote access to the network of a company while VLAN basically means to logically segregate networks without physically segregating them with wages switches now while VPN saves the data from prying eyes while in transit and no one on the net can capture the packets and read the data VLAN does not involve any encryption technique but it is only used to slice up your logical Network into different sections for the purpose of management and security okay so it's time for question number 40. so the question is what protocols

fall under the TCP internet layer okay so I'll be going through the five layers that consists the tcpip protocol and I'll also be listing out the protocols that are inside every layer so starting with the physical layer the protocols that reside in the physical layer are the ethernet IEEE 802.3 and rs-232 from one of the many protocols and moving on to the data link layer we have the triple P protocol the IEEE 802.2 protocol then moving on to the network layer it's governed by the IP protocol the ARP protocol which is basically the address resolution

protocol and the icmp protocol then moving on ahead is the transport layer now the transport layer has two main protocols namely the TCP and the UDP protocols and last but not least we have the application layer which is governed by a multiple of protocols namely NFS nisplus DNS telnet FTP rip SNMP and various other protocols as such okay so that brings us to the end of the general interview questions that might be asked in any cyber security interview now moving on to the scenario based questions so first I'll be reading out the scenario and then

I'll ask questions regarding the scenario too okay so for scenario number one we have you receive the following email from help desk so the email goes as follows dear UCSC email user beginning next week we will be deleting all inactive email accounts in order to create space for more users you are required to send the following information to continue using your email account if you do not receive this information from you by the end of the week your email account will be closed so then the email actually goes on to ask the various credentials like

name email login password dob and alternate email and then it says please contact the Webmail team with any questions and thank you for your immediate attention so in such a scenario what you do and justify your actions for doing so okay so this email is a classic example of phishing trying to trick you into biting the justification is the generalized way of addressing the receiver which is used in Mass spam mails above that a corporate company will never ask personal details on mail they want your information so don't respond to the mail instant message texts

phone calls Etc asking you for your password or other private information you should never disclose your password to anyone even if they say they work for the UCSC its or any other campus organization moving on to the next scenario which is a friend sends an electronic Hallmark greeting card to your work email you need to click on the attachment to see the card what do you do and justify your actions well this one has four big risks firstly some attachments contain viruses or other malicious programs so just in general it's risky to open unknown or

unsolicited attachments secondly also in some cases just clicking on a malicious link can infect a computer so unless you are sure a link is safe don't really click on it third email addresses can be fake so just because the email says it is from someone you know you can't be certain of this without checking with the person fourth finally some websites and links look legitimate but it really hoax is designed to steal your information so what we have to do is actually not click on the email and actually ignore it completely moving on to the

next scenario which is one of the staff members in its subscribes to a number of free ID magazines among the questions she was asked in order to activate her subscriptions one Magazine asked her for a month of birth a second asked for a year of birth and a third ask for a mother's maiden name what you infer is going on in the situation and justify well all three newsletters probably have the same parent company or are distributed through the same service the parent company or service can combine individual pieces of seemingly harmless information and use

or sell it for identity theft then it is even possible that there is a fourth newsletter that asks for a day of birth as one of the activation questions often questions about personal information are optional in addition to being suspicious about situations like the one described here never provide personal information when it is not legitimately necessary or to people or companies you don't personally know so now time for scenario number four well in our Computing labs and departments print billing is often tied to users login people log in they print and then they get a

bill sometimes people call to complain about bills for printing they never did only to find out that the bills are indeed correct so what you info is going on in the situation and justify your inference sometimes you realize they loaned their account to a friend who couldn't remember his or her password and the friend that the printing and thus the charges it's also possible that somebody came in from behind them and used their account now this is an issue with shared or public computers in general if you don't log out of the computer properly when

you leave someone else can come in from behind and retrieve what you were doing and use your accounts always log out of accounts quit programs and close browser windows before you walk away from a general public computer now moving on to scenario number five we have that we saw a case a while back where someone use their Yahoo accounts at a computer lab on a campus she made sure her Yahoo account was no longer open in the browser window before leaving the lab now someone came in behind her and used the same browser to re-access

her accounts they started sending emails from it and caused all sorts of mayhem so what do you think might have gone wrong here well the first person probably didn't log out of her account so the new person could just go into the history and access it secondly another possibility is that she did log out but didn't clear her web cache this is done through the browser menu to clear pages that the browser has saved for future use time for scenario number six now okay so two different offices on campus are working straighten out an error

and an employee's bank account due to a direct deposit mistake office number one emails the correct account and deposit information to office number two which promptly fixes the problem the employee confirms with the bank that everything has indeed been straightened out so what is exactly wrong here well account and deposit information is sensitive data that could be used for identity theft sending this or any kind of sensitive information by email is very very risky because email is typically not private or secure anyone who knows how can access it anywhere along its route so as an

alternative the two officers could have called each other or worked with the its to send the information in a more secure fashion okay moving on to the next scenario which is the mouse on your computer screen starts to move around on its own and click on things on your desktop what do you do in such a situation a call A co-worker over so they can see B disconnect your computer from the network C unplug your mouse D tell your supervisor e turn the computer off F run an antivirus or G all of the above so

we have to select all the options that apply in this situation so the options that apply are B and D which is basically disconnect your computer from the network and tell your supervisor so this is definitely suspicious immediately report the problem to your supervisor and the its Support Center also since it seems possible that someone is controlling the computer remotely it is best if you can disconnect the computer from the network and turn off wireless if you have it until help arrives if possible don't turn off the computer okay time for scenario number eight so

below are a list of passwords pulled out of a database now which of the following passwords meet the ucsc's password requirement okay so the third password which is option number c is the only one that meets all the following of the ucsc's requirement it has at least eight characters in length it contains at least three of the following four types of characters which are lowercase characters uppercase characters numbers and special characters and not a word is preceded or followed by a digit so it's the third option which is correct in this situation moving on to

the second last scenario we have for today is you receive an email from your bank telling you there is a problem with your account the email provides instructions and links so you can log in to fix your account and fix the problem in doing so so what should you do well we have to delete the email and better yet use the web client that is Gmail Yahoo mail Etc and report it as spam or phishing and then deleted any unsolicited email or phone call asking you to enter your account information disclose your password Financial account

information social security number or any other private or personal information is suspicious even if it appears to be from a company you are familiar with always contact the sender using a method you know it's legitimate to verify that the message is indeed from them okay so it's time for our last scenario of the day which is a while back the it folks got a number of complaints that one of our campus computers was sending out Viagra spam they checked it out and the reports were true a hacker had installed a program on the computer that

made it automatically send out tons of spam email without a computer's own knowledge so how do you think the hacker got into the computer to set this up well this was actually the result of a hacked password using passwords that can be easily guessed and protecting your password by not sharing them or writing them down can help to prevent this password should be at least 8 characters in length and use a mixture of uppercase Locus letters and numbers and symbols even though in this case it was a hacked password other things could possibly lead to

this are that out-of-date patches and updates the lack of an antivirus software or an out-of-date antivirus software or clicking on an unknown link or attachment or downloading unknown or unsolicited programs onto your computer okay guys so that was it if you all have any questions regarding any of the questions that were discussed here please put a comment down below that's it from me goodbye I hope you have enjoyed listening to this video please be kind enough to like it and you can comment any of your doubts and queries and we will reply them at the

earliest do look out for more videos in our playlist And subscribe to edureka channel to learn more happy learning