WEBVTT 1 00:00:00.160 --> 00:00:04.759 Welcome to the deep dive. So imagine it's November of 2 00:00:04.839 --> 00:00:06.000 nineteen eighty eight. 3 00:00:06.120 --> 00:00:08.400 Right, a very long time ago in internet years. 4 00:00:08.480 --> 00:00:13.080 Yeah, exactly. The Defense Advanced Research Projects Agency, you know DARFA, 5 00:00:13.560 --> 00:00:17.719 they had to form this specialized team SERT to respond 6 00:00:17.760 --> 00:00:19.160 to a computer virus. 7 00:00:19.199 --> 00:00:21.440 The Morris worm. Yeah, it was spreading through all these 8 00:00:21.480 --> 00:00:22.480 academic networks. 9 00:00:22.640 --> 00:00:25.800 Right. But here's the crazy part. It took twenty six 10 00:00:25.879 --> 00:00:28.879 hours for a digital warning about that virus to travel 11 00:00:29.120 --> 00:00:32.439 from Harvard to MIT. Oh wow, I mean today, a 12 00:00:32.560 --> 00:00:36.520 zero day exploit moves across the globe in milliseconds. But 13 00:00:36.600 --> 00:00:40.880 the truly counterintuitive part of modern cybersecurity it isn't actually 14 00:00:40.920 --> 00:00:41.759 the speed of the code. 15 00:00:41.840 --> 00:00:42.600 No, it's really not. 16 00:00:42.759 --> 00:00:45.280 It's the fact that, like ninety percent of a modern 17 00:00:45.280 --> 00:00:47.840 cyber attack doesn't even involve writing malicious code at all. 18 00:00:47.920 --> 00:00:50.240 It basically involves quietly googling. 19 00:00:49.840 --> 00:00:51.960 You, which is terrifying when you really think about it. 20 00:00:51.960 --> 00:00:54.320 It is. So our mission today is to take a 21 00:00:54.320 --> 00:00:57.640 stack of highly technical source material. Specifically, we're looking at 22 00:00:57.759 --> 00:01:02.399 excerpts from Sanjeebsina's Getting Ethical Hacking with Callie Linux, a 23 00:01:02.479 --> 00:01:05.439 great text. Yeah, and we want to extract the ultimate 24 00:01:05.480 --> 00:01:08.560 shortcut for you, the listener. We're going to decode exactly 25 00:01:08.599 --> 00:01:11.239 how ethical hackers operate, you know, how they think and 26 00:01:11.280 --> 00:01:12.200 how they train. 27 00:01:12.400 --> 00:01:15.840 Because I mean, it is an essential untangling of our 28 00:01:15.920 --> 00:01:19.359 modern reality. We live in an era characterized by just 29 00:01:20.079 --> 00:01:21.680 massive information. 30 00:01:21.200 --> 00:01:23.239 Overload, oh absolutely. 31 00:01:22.760 --> 00:01:27.280 And deeply interconnected infrastructure. The boundary between your physical security 32 00:01:27.280 --> 00:01:30.239 and your digital security, well, it dissolved years ago. 33 00:01:30.319 --> 00:01:32.400 Yeah, it's totally gone, exactly. 34 00:01:32.400 --> 00:01:36.000 So understanding this invisible battlefield it's no longer just a 35 00:01:36.120 --> 00:01:40.560 niche requirement for it professionals. It is foundational knowledge for 36 00:01:40.760 --> 00:01:44.000 literally anyone participating in the digital economy. 37 00:01:44.079 --> 00:01:47.040 Okay, let's unpack this because before we can talk about 38 00:01:47.079 --> 00:01:50.159 hacking into a system, we really have to establish what 39 00:01:50.319 --> 00:01:51.519 exactly we're trying. 40 00:01:51.319 --> 00:01:53.079 To protect, right, the core principles. 41 00:01:53.159 --> 00:01:56.480 Yeah, the source material brings up the CIA triad plus 42 00:01:56.560 --> 00:01:59.959 one critical edition. So we've got confidentiality, integrity, and availa 43 00:02:00.079 --> 00:02:04.040 ability plus non repudiation. 44 00:02:03.560 --> 00:02:05.159 Which is a bit of a mouthful. 45 00:02:04.920 --> 00:02:07.640 It really is. Let's ground this with an analogy. So, 46 00:02:07.879 --> 00:02:11.759 if confidentiality is the locked front door, you know, concealing 47 00:02:11.840 --> 00:02:15.319 information and hiding your resources, right, keeping people out exactly, 48 00:02:15.520 --> 00:02:19.520 and availability is like the fire suppression system making sure 49 00:02:19.560 --> 00:02:21.599 the building doesn't burn down and remains usable. 50 00:02:21.639 --> 00:02:22.400 Okay, I like that. 51 00:02:22.560 --> 00:02:25.560 Then integrity, well, that functions as the tamper evidence seal 52 00:02:25.680 --> 00:02:29.039 on the safe inside. It just ensures the data hasn't 53 00:02:29.080 --> 00:02:30.520 been like secretly changed. 54 00:02:30.800 --> 00:02:34.400 Right. And then that fourth concept, non repudiation. It functions 55 00:02:34.439 --> 00:02:37.719 basically as the unalterable security camera footage. 56 00:02:37.840 --> 00:02:39.120 Oh, that's a good way to put it. 57 00:02:39.199 --> 00:02:42.400 Yeah. It ensures the mathematical traceability of what a user does, 58 00:02:42.439 --> 00:02:45.639 so user can't just deny they performed a specific operation. 59 00:02:45.360 --> 00:02:46.759 Like an indelible receipt. 60 00:02:46.919 --> 00:02:50.879 Exactly. But what's fascinating here is the fundamental vulnerability built 61 00:02:50.879 --> 00:02:53.120 into the very concept of access control. 62 00:02:53.360 --> 00:02:56.639 Wait, really, access control is vulnerable? 63 00:02:56.840 --> 00:03:01.719 Yeah, because system dependent security mechanisms, like users with specific permissions, 64 00:03:02.159 --> 00:03:04.439 they require an underlying assumption of trust. 65 00:03:05.039 --> 00:03:08.879 Oh right. Trust is basically the ultimate single point of failure. 66 00:03:09.000 --> 00:03:09.599 It really is. 67 00:03:09.919 --> 00:03:13.439 Because you can have the most robust, you heavily encrypted 68 00:03:13.479 --> 00:03:16.840 access system on the planet, but if an authorized user 69 00:03:16.879 --> 00:03:18.199 goes rogue. 70 00:03:17.879 --> 00:03:21.199 Or if an attacker successfully impersonates an admin. 71 00:03:21.039 --> 00:03:24.599 Yeah, exactly, then the system just essentially turns around and 72 00:03:24.639 --> 00:03:27.719 protects the attacker, which I guess is exactly why zero 73 00:03:27.719 --> 00:03:30.360 trust architecture is such a massive priority now. 74 00:03:30.759 --> 00:03:33.520 And the necessity of zero trust. It was actually foreshadowed 75 00:03:33.560 --> 00:03:36.879 way earlier than most people realize. Oh really when well, 76 00:03:36.919 --> 00:03:40.120 the text points to this nineteen ninety four Internet Architecture 77 00:03:40.120 --> 00:03:43.599 Board report. It's called RFC sixteen thirty. 78 00:03:43.319 --> 00:03:47.039 Six, nineteen ninety four. That's ancient, right, But. 79 00:03:47.120 --> 00:03:50.719 Even back then they recognized this terrifying shift. Hackers were 80 00:03:50.719 --> 00:03:55.759 transitioning from highly manual intrusions to frequent, sophisticated automated attacks. 81 00:03:55.960 --> 00:03:58.840 And when threats become automated, you can't just blindly trust 82 00:03:58.840 --> 00:03:59.800 the perimeter anymore. 83 00:04:00.039 --> 00:04:03.120 Exactly, you have to understand the exact physical and digital 84 00:04:03.159 --> 00:04:05.400 path that every single piece of data takes. 85 00:04:05.759 --> 00:04:08.319 So what does this all mean for us to understand 86 00:04:08.319 --> 00:04:11.479 that path? The source material introduces the OSI model, the 87 00:04:11.560 --> 00:04:13.719 Open System's interconnection reference. 88 00:04:13.360 --> 00:04:14.840 Model, right, developed by the ISO. 89 00:04:15.120 --> 00:04:18.680 Yeah, it's the seven layer cake that allows completely different 90 00:04:18.720 --> 00:04:20.879 computer systems to actually talk to each other. 91 00:04:21.000 --> 00:04:23.560 It's the universal translator of the Internet exactly. 92 00:04:24.399 --> 00:04:27.439 So let's trace a single web request down the layers, 93 00:04:27.879 --> 00:04:31.319 like shipping a physical package. You the user, you sit 94 00:04:31.360 --> 00:04:33.279 at layer seven, the application. 95 00:04:32.879 --> 00:04:34.120 Layer writing the letter. 96 00:04:34.199 --> 00:04:36.879 Basically, right, your request is just raw data. But as 97 00:04:36.920 --> 00:04:40.360 it travels down to layer four, the transport layer, that 98 00:04:40.480 --> 00:04:43.680 data gets chopped up into what are called segments. 99 00:04:43.279 --> 00:04:47.040 And that segmentation is super important. It provides flow control. 100 00:04:46.800 --> 00:04:48.639 Right, so it doesn't overwhelm the system. 101 00:04:48.759 --> 00:04:51.040 Yeah, and sequence numbers are added there, so the receiving 102 00:04:51.040 --> 00:04:54.279 computer actually knows how to reassemble all those chopped up 103 00:04:54.319 --> 00:04:55.920 pieces in the correct order. 104 00:04:56.079 --> 00:04:58.240 Okay, So then it drops down to layer three, the 105 00:04:58.279 --> 00:05:01.560 network layer. The segment becomes a packet, and this is 106 00:05:01.600 --> 00:05:04.720 the postal sorting facility right Basically, Yeah, this is where 107 00:05:04.759 --> 00:05:08.079 source and destination IP addresses get stamped onto it. And 108 00:05:08.120 --> 00:05:10.759 this is where hardware like routers. 109 00:05:10.360 --> 00:05:12.920 Live exactly, routers handle layer three, got it. 110 00:05:13.319 --> 00:05:17.079 Then we drop further to layer two, the data link layer. 111 00:05:17.560 --> 00:05:19.240 The packet becomes a frame. 112 00:05:19.279 --> 00:05:22.759 And that's where MSS addresses are added, the hard coded 113 00:05:22.920 --> 00:05:27.360 physical addresses of the network cards. Switches operate here. 114 00:05:27.319 --> 00:05:30.399 Right, switches at layer two. Finally it hits layer one, 115 00:05:30.480 --> 00:05:33.160 the physical layer. This is the delivery truck on the highway. 116 00:05:33.199 --> 00:05:36.560 The frame is translated into literal bits and bites. 117 00:05:36.160 --> 00:05:38.879 Just raw electrical pulses on a copper wire or light 118 00:05:38.920 --> 00:05:40.120 in a fiber optic cable. 119 00:05:40.319 --> 00:05:44.000 It's wild to think about, but I have always wondered 120 00:05:44.439 --> 00:05:48.360 why does an ethical hacker actually care so deeply about 121 00:05:48.399 --> 00:05:52.199 tracing these specific layers? Well, because, I mean, if everything 122 00:05:52.199 --> 00:05:54.720 on the modern web is protected by HTTTPS and to 123 00:05:54.800 --> 00:05:57.040 end encryption anyway, who cares about the layers? 124 00:05:57.079 --> 00:06:00.800 Ah? Because end to end encryption usually only protects the 125 00:06:00.839 --> 00:06:02.160 payload up at layer seven. 126 00:06:02.199 --> 00:06:03.680 Wait, really only layer seven? 127 00:06:03.759 --> 00:06:06.680 Yeah, the intermediate layers remain highly visible, and this brings 128 00:06:06.759 --> 00:06:09.360 up a huge distinction from the text between end to 129 00:06:09.480 --> 00:06:11.120 end encryption and link encryption. 130 00:06:11.279 --> 00:06:12.360 Okay, break that down for me. 131 00:06:12.439 --> 00:06:15.519 So in link encryption, the actual message is decrypted and 132 00:06:15.600 --> 00:06:19.319 re encrypted at every single intermediate host or router along 133 00:06:19.360 --> 00:06:19.720 the path. 134 00:06:19.800 --> 00:06:21.480 That sounds incredibly slow. 135 00:06:21.839 --> 00:06:25.079 It is. It's highly resource intensive and super rare for 136 00:06:25.120 --> 00:06:28.680 normal web traffic. With standard end to end encryption, the 137 00:06:28.759 --> 00:06:32.199 router is simply passing encrypted Layer seven payload along by 138 00:06:32.199 --> 00:06:34.560 reading the unencrypted Layer three IP headers. 139 00:06:34.639 --> 00:06:37.160 Oh wow. Okay, So if you are listening to this 140 00:06:37.319 --> 00:06:39.839 deep dive on a public Wi Fi network right now, 141 00:06:40.279 --> 00:06:43.879 your router is acting as that Layer three bouncer exactly, 142 00:06:44.000 --> 00:06:47.000 So an attacker intercepting the packets on that Wi Fi network. 143 00:06:47.160 --> 00:06:49.319 They don't even need to break your encryption to see 144 00:06:49.360 --> 00:06:49.800 what you're. 145 00:06:49.680 --> 00:06:53.439 Doing, right, because they just utilize traffic analysis. By monitoring 146 00:06:53.519 --> 00:06:56.920 layer three, an attacker observes the packet, sizes the frequency 147 00:06:56.920 --> 00:07:00.240 of transision and the destination IP addresses. 148 00:07:00.079 --> 00:07:03.040 So they might not know the exact words you are sending. 149 00:07:02.839 --> 00:07:05.199 But the rhythm and the shade of your data reveals 150 00:07:05.240 --> 00:07:07.360 a lot. It tells them if you are streaming a 151 00:07:07.399 --> 00:07:10.720 high dev video, or sending a small text file, or 152 00:07:10.839 --> 00:07:13.959 establishing a command and control connection to some offshore server 153 00:07:14.120 --> 00:07:15.240 that is so creepy. 154 00:07:15.360 --> 00:07:18.879 The metadata surrounding the communication is basically just as valuable 155 00:07:18.879 --> 00:07:20.240 as the communication. 156 00:07:19.720 --> 00:07:21.079 Itself, often more valuable. 157 00:07:21.160 --> 00:07:23.600 Yeah, here's where it gets really interesting. So we understand 158 00:07:23.600 --> 00:07:26.720 the layers now, But how does a hacker actually begin 159 00:07:26.759 --> 00:07:27.399 in operation. 160 00:07:27.839 --> 00:07:29.680 It's probably not what you'd expect, right. 161 00:07:29.720 --> 00:07:33.040 You'd assume it starts with furiously typing green code to 162 00:07:33.160 --> 00:07:37.680 launch and exploit, But the source highlights this ninety percent rule. 163 00:07:37.800 --> 00:07:41.360 Yeah. Ethical hackers categorize attacks is either active or passive. 164 00:07:41.519 --> 00:07:44.879 An Active attacks attempt to actually alter system resources, right, 165 00:07:44.959 --> 00:07:46.639 like injecting a script. 166 00:07:46.360 --> 00:07:50.040 Yes, whereas passive attacks they just quietly learn or make 167 00:07:50.120 --> 00:07:52.959 use of information without affecting the system at all. 168 00:07:52.800 --> 00:07:56.920 And passive footprinting or reconnaissance that covers almost ninety percent 169 00:07:57.040 --> 00:07:58.560 of all hacking activity. 170 00:07:58.759 --> 00:08:03.480 It's huge directly mirrors advanced military strategy, you know, gathering 171 00:08:03.560 --> 00:08:05.399 enemy intel before a battle. 172 00:08:05.160 --> 00:08:06.759 Like casing a joint before a heist. 173 00:08:06.959 --> 00:08:10.439 Exactly because committing to an active attack without exhausting your 174 00:08:10.480 --> 00:08:14.920 intelligence gathering it's just a guaranteed failure. Active probing sets 175 00:08:14.920 --> 00:08:16.040 off alarms. 176 00:08:15.680 --> 00:08:21.279 Right, firewalls, log unrecognized IPS, Intrusion detection systems flag the behavior. 177 00:08:21.600 --> 00:08:25.120 But if an ethical hacker relies on passive footprinting, they 178 00:08:25.160 --> 00:08:28.759 can map the target's entire architecture early on. They can 179 00:08:28.759 --> 00:08:31.879 eliminate tools that just flat out won't work all without 180 00:08:31.879 --> 00:08:34.279 sending a single suspicious packet to the target. 181 00:08:34.440 --> 00:08:37.080 So the text details how this is primarily done through 182 00:08:37.200 --> 00:08:38.120 Google hacking. 183 00:08:37.960 --> 00:08:38.720 Or Google dorking. 184 00:08:38.799 --> 00:08:43.120 Yeah, it's fascinating how search engines inadvertently index a terrifying 185 00:08:43.159 --> 00:08:46.600 amount of sensitive info. The hacker isn't using a complex 186 00:08:46.679 --> 00:08:49.320 tool or using Google like a scalpel. 187 00:08:49.000 --> 00:08:50.639 Right, using specific search operators. 188 00:08:50.759 --> 00:08:53.879 Yeah, So say you are mapping a government target, you 189 00:08:53.960 --> 00:08:57.080 restrict the search using psyche colon dot gov, and. 190 00:08:57.000 --> 00:09:00.840 You filter out false positives with a minus sign like 191 00:09:01.080 --> 00:09:02.720 tiger speed minus car right. 192 00:09:03.200 --> 00:09:05.320 Or if you want a specific file type that should 193 00:09:05.399 --> 00:09:09.799 never be public, you search inuralcolonadmin dot php or file 194 00:09:09.840 --> 00:09:10.720 type colon inc. 195 00:09:11.159 --> 00:09:13.720 And the mechanism behind why this works is what's really 196 00:09:13.759 --> 00:09:17.039 crucial here. Tell me the ethical hacker isn't actively probing 197 00:09:17.080 --> 00:09:20.639 that government server. Google's web crawlers did the active probing 198 00:09:20.960 --> 00:09:21.519 months ago. 199 00:09:21.639 --> 00:09:23.600 Oh so Google already did the. 200 00:09:23.559 --> 00:09:29.120 Dirty work exactly. Sometimes an admin misconfigures permissions, or a 201 00:09:29.279 --> 00:09:33.320 robots dot txt file fails to tell the crawler to 202 00:09:33.360 --> 00:09:36.639 ignore a directory, Google blindly indexes it. 203 00:09:37.240 --> 00:09:41.879 Wow, So by querrying Google's database with those specific operators, 204 00:09:42.240 --> 00:09:46.440 the hacker extract highly classified structural intel while. 205 00:09:46.360 --> 00:09:50.679 Leaving absolutely zero forensic trace on the target's actual network. 206 00:09:50.759 --> 00:09:53.919 That is wild. Okay, So footprinting gives you a highly 207 00:09:53.960 --> 00:09:56.600 detailed map of the enemy walls, but you can't test 208 00:09:56.639 --> 00:09:58.639 your digital explosives on the real wall. Right. 209 00:09:58.679 --> 00:10:01.720 That's illegal and highly dam You could crash the real. 210 00:10:01.559 --> 00:10:04.840 System exactly, So you have to build an exact, isolated 211 00:10:04.879 --> 00:10:08.080 replica of their infrastructure on your own machine, which brings 212 00:10:08.159 --> 00:10:09.559 us to virtualization, right. 213 00:10:09.639 --> 00:10:11.919 Using hypervisors like virtual box or VMware. 214 00:10:12.000 --> 00:10:14.080 It makes me think of like a flight simulator for hackers. 215 00:10:14.120 --> 00:10:16.919 You can crash the digital plane a thousand times, unplug 216 00:10:16.919 --> 00:10:17.919 it and no one gets hurt. 217 00:10:18.080 --> 00:10:20.039 Or a CDC biocontainment lab. 218 00:10:20.240 --> 00:10:21.600 Oh yeah, that's a great analogy. 219 00:10:21.679 --> 00:10:24.600 When researcher study a highly infectious physical virus, they use 220 00:10:24.600 --> 00:10:28.399 a negative pressure sealed biolab. A hypervisor does the exact 221 00:10:28.440 --> 00:10:29.799 same thing digitally. 222 00:10:29.519 --> 00:10:33.720 So you can poke, prod detonate malware inside the virtual machine, 223 00:10:34.240 --> 00:10:36.960 and the hypervisor ensures the digital air never flows back 224 00:10:37.000 --> 00:10:38.480 into your actual hard drive. 225 00:10:38.480 --> 00:10:42.840 Precisely and inside that secure lab. Ethical hackers deploy highly 226 00:10:42.879 --> 00:10:45.159 specialized Linux distributions. 227 00:10:44.639 --> 00:10:47.360 Because regular operating systems just abstract a way too much 228 00:10:47.399 --> 00:10:48.679 of the networking right right. 229 00:10:48.720 --> 00:10:51.519 A consumer OS is for ease of use. Hackers need 230 00:10:51.559 --> 00:10:55.399 an OS designed specifically for penetration and anonymity. 231 00:10:55.600 --> 00:10:57.840 So the text towards a few of these. You have 232 00:10:58.200 --> 00:11:00.759 Kali Linux, which is basically the industry standard. It has 233 00:11:00.840 --> 00:11:04.039 over six hundred specific security tools preloaded. 234 00:11:04.120 --> 00:11:07.000 Then there's black Arch, which is just massive. It's a 235 00:11:07.039 --> 00:11:10.000 seven gigabyte file containing over nineteen hundred tools. 236 00:11:10.080 --> 00:11:14.080 Nineteen hundred that's insane. And then there's QUEEBSOS, which uses 237 00:11:14.120 --> 00:11:18.200 sandboxes to quarantine apps. Oh and the text mentions metasploitable too. 238 00:11:18.320 --> 00:11:21.159 Ah, yes, metasploitable two is interesting. 239 00:11:21.240 --> 00:11:23.559 Yeah, it's not a tool set. It's actually a Linux 240 00:11:23.639 --> 00:11:26.679 machine intentionally built full of gaping security holes. 241 00:11:26.759 --> 00:11:28.960 Right. You run it inside your hypervisor just so you 242 00:11:29.000 --> 00:11:30.840 have a live, vulnerable patient to practice on. 243 00:11:31.159 --> 00:11:34.399 It's basically a crash test dummy. But what really caught 244 00:11:34.399 --> 00:11:37.440 my eye was how the text compares the anonymity of 245 00:11:37.480 --> 00:11:41.080 an OS like TAILS versus in pretty OS. 246 00:11:41.279 --> 00:11:43.519 Right, two very different approaches to staying hidden. 247 00:11:43.759 --> 00:11:47.240 How does TAILS actually achieve zero trace like? 248 00:11:47.600 --> 00:11:51.799 Practically Well, TAILS is designed to run entirely within the 249 00:11:51.799 --> 00:11:56.399 computer's RAM random access memory. Okay, it actively refuses to 250 00:11:56.480 --> 00:11:59.399 mount the host computer's hard drive, and because RAM is 251 00:11:59.519 --> 00:12:03.120 volatile memory, the absolute second you pull the tail's USB 252 00:12:03.279 --> 00:12:06.039 drive out or just cut the power exactly, the memory 253 00:12:06.080 --> 00:12:08.879 is wiped clean. By the laws of physics. It physically 254 00:12:08.919 --> 00:12:11.240 cannot write an enduring record of what you did. 255 00:12:11.360 --> 00:12:11.639 Wow. 256 00:12:11.840 --> 00:12:15.120 Furthermore, Tails forces every single packet of your network traffic 257 00:12:15.399 --> 00:12:17.919 through the tour network uses what's called onion. 258 00:12:17.639 --> 00:12:21.200 Routing right, onion routing, meaning the data is encapsulated in 259 00:12:21.279 --> 00:12:24.120 multiple layers of encryption like an onion, and it bounces 260 00:12:24.159 --> 00:12:27.480 through several global nose before hitting the regular internet exactly. 261 00:12:27.600 --> 00:12:30.080 But the text contrasts this with in pretty os. 262 00:12:30.159 --> 00:12:32.679 Yeah, and pretia uses the IP network and something called 263 00:12:32.759 --> 00:12:36.360 garlic routing. So what is the mechanical difference there? 264 00:12:36.639 --> 00:12:40.480 It directly addresses the traffic analysis vulnerability we discussed earlier 265 00:12:40.519 --> 00:12:41.639 with the OSI model. 266 00:12:41.759 --> 00:12:44.759 Oh right, the Layer three rhythm and shape stuff exactly. 267 00:12:45.120 --> 00:12:49.440 Onion routing encrypts a single message in layers. A really 268 00:12:49.440 --> 00:12:54.159 sophisticated adversary watching the network could still potentially correlate the 269 00:12:54.200 --> 00:12:57.240 timing and size of the packet's entering and exiting. 270 00:12:56.879 --> 00:13:00.200 Tour because it's still just one message moving through, right. 271 00:13:01.000 --> 00:13:05.159 But garlic routing bundles multiple distinct messages from entirely different 272 00:13:05.159 --> 00:13:08.480 applications together into one single encrypted block. 273 00:13:08.639 --> 00:13:11.600 Oh like flows in a bulb of garlic exactly. So 274 00:13:11.639 --> 00:13:14.320 if I'm watching Layer three, I just see one massive, 275 00:13:14.519 --> 00:13:17.200 uniform block of data moving I have no idea if 276 00:13:17.240 --> 00:13:20.360 it's one large file or fifty small messages from fifty 277 00:13:20.360 --> 00:13:21.039 different users. 278 00:13:21.039 --> 00:13:25.600 Precisely, it makes traffic analysis exponentially more difficult it's highly 279 00:13:25.639 --> 00:13:27.000 evasive of surveillance radar. 280 00:13:27.159 --> 00:13:28.679 But there's a catch, right, Yeah. 281 00:13:28.799 --> 00:13:30.759 The trade off is that the IWOP network is a 282 00:13:30.799 --> 00:13:34.799 closed loop. You generally cannot access regular websites. You're restricted 283 00:13:34.840 --> 00:13:36.600 to ebsites which end in dot. 284 00:13:36.480 --> 00:13:38.320 I two p Okay. So we have our intel from 285 00:13:38.320 --> 00:13:42.360 passive footprinting, and we have our secure biolab running Collie Linux. 286 00:13:42.600 --> 00:13:44.480 This is where the training wheels finally come off. 287 00:13:44.559 --> 00:13:47.759 Yeah, the source makes it very clear. The mouse goes away, 288 00:13:48.559 --> 00:13:51.720 you strip away the graphical user interface, the GUI, and 289 00:13:51.759 --> 00:13:53.480 you rely on the rock command. 290 00:13:53.240 --> 00:13:56.840 Line, because a graphical interface is inherently a vulnerability in 291 00:13:56.879 --> 00:14:01.000 ethical hacking. Really how so Well, it represents a layer 292 00:14:01.039 --> 00:14:04.679 of abstraction. It hides what the machine is actually executing. 293 00:14:04.759 --> 00:14:08.600 And more importantly, a GUI limits you entirely to the 294 00:14:08.679 --> 00:14:12.879 specific actions the original software developer anticipated you'd want to take. 295 00:14:13.039 --> 00:14:16.639 If the button doesn't exist, you are just stuck. I mean, 296 00:14:16.679 --> 00:14:19.759 it's the difference between using a tourist phrase book to 297 00:14:19.919 --> 00:14:23.000 order food versus actually speaking the language fluently. 298 00:14:23.200 --> 00:14:25.360 That's a perfect analogy. The command line. 299 00:14:25.200 --> 00:14:28.360 Gives you fluency, so the text covers the essentials like 300 00:14:29.240 --> 00:14:34.159 PWD for print working directory or l'sus A to expose 301 00:14:34.240 --> 00:14:35.440 hidden files, right. 302 00:14:35.279 --> 00:14:37.639 And potted plus x to make a script executable. 303 00:14:37.759 --> 00:14:40.799 But the real power comes from stringing commands together, doesn't it. 304 00:14:40.840 --> 00:14:40.960 Oh? 305 00:14:40.960 --> 00:14:44.200 Absolutely, Like say we used our Google dorking from earlier 306 00:14:44.320 --> 00:14:48.080 to find an exposed, multi gigabyte server log file. We 307 00:14:48.120 --> 00:14:50.799 wouldn't just open that in a standard text editor, right, 308 00:14:51.039 --> 00:14:52.639 It would crash the program. 309 00:14:52.759 --> 00:14:56.360 Yeah, it would freeze your computer. Instead, you'd utilize the 310 00:14:56.399 --> 00:14:59.480 grip command to search the raw text for specific patterns, 311 00:15:00.080 --> 00:15:01.879 IP addresses or password fields. 312 00:15:01.879 --> 00:15:02.519 Oh. Nice. 313 00:15:02.600 --> 00:15:04.879 And you combine that with the pipe operator, that vertical 314 00:15:04.919 --> 00:15:06.200 bar character on your keyboard. 315 00:15:06.200 --> 00:15:06.960 What does the pipe do? 316 00:15:07.399 --> 00:15:10.320 It takes the output of one command and instantly feeds 317 00:15:10.399 --> 00:15:12.639 it as the input to the next command. So you 318 00:15:12.720 --> 00:15:16.840 filter gigabytes of noise down to a single exposed credential 319 00:15:17.039 --> 00:15:19.879 in milliseconds, entirely in memory. 320 00:15:20.000 --> 00:15:23.399 That is so incredibly powerful, And that fluency really culminates 321 00:15:23.399 --> 00:15:27.559 in combining Collie Linux with the Python programming language, specifically 322 00:15:27.639 --> 00:15:28.840 to manipulate sockets. 323 00:15:28.919 --> 00:15:30.200 Yes, sockets are crucial. 324 00:15:30.360 --> 00:15:33.720 The text describes sockets as the virtual bi directional end 325 00:15:33.799 --> 00:15:37.279 points of a communication channel you know, between two processes, right, 326 00:15:37.440 --> 00:15:39.600 I know whenever my computer talks to a server, it 327 00:15:39.679 --> 00:15:42.519 creates a socket. But the text teaches you how to 328 00:15:42.519 --> 00:15:45.480 write your own local web server in Python from scratch. 329 00:15:45.759 --> 00:15:46.240 It does. 330 00:15:46.480 --> 00:15:50.200 But wait, with over six hundred pre built tools and Collie, 331 00:15:50.759 --> 00:15:53.720 why would an ethical hacker spend the time coding their 332 00:15:53.759 --> 00:15:54.320 own server. 333 00:15:54.679 --> 00:15:57.200 Well, if we connect this to the bigger picture, it 334 00:15:57.240 --> 00:15:59.519 all comes back to evading signature detection. 335 00:15:59.799 --> 00:16:00.679 Oh oh, okay. 336 00:16:00.799 --> 00:16:03.440 If you use a pre built Collie tool, the target's 337 00:16:03.440 --> 00:16:08.639 firewall or intrusion detection system will likely recognize the predictable shape, timing, 338 00:16:08.919 --> 00:16:12.159 and headers of that specific tool's traffic because it has. 339 00:16:12.080 --> 00:16:14.120 A known signature, like a known fingerprint. 340 00:16:14.240 --> 00:16:18.279 Exactly. But by writing a custom Python script using raw sockets, 341 00:16:18.679 --> 00:16:22.360 you define the exact granular parameters of the communication. 342 00:16:22.440 --> 00:16:24.960 You completely bypass the signature because you just invented a 343 00:16:25.000 --> 00:16:27.480 totally new one exactly. So the text breaks down the 344 00:16:27.480 --> 00:16:33.480 two primary parameters you control, connection oriented versus connection less sockets? 345 00:16:33.639 --> 00:16:35.039 Right, TCP verus UDP. 346 00:16:35.279 --> 00:16:39.159 Yeah, so connection oriented uses TCP or soft stream. It's 347 00:16:39.240 --> 00:16:42.879 highly reliable. It establishes a dedicated path, keeps it open 348 00:16:42.919 --> 00:16:46.480 for a continuous back and forth verification, and ensures every 349 00:16:46.480 --> 00:16:47.679 packet arrives. 350 00:16:47.320 --> 00:16:50.559 In order right, and then connection less uses UDP or 351 00:16:50.759 --> 00:16:51.919 socket e DRAM, and that. 352 00:16:51.840 --> 00:16:54.159 One just fires packets at the target without waiting for 353 00:16:54.200 --> 00:16:55.799 a receipt to verify they arrived. 354 00:16:55.919 --> 00:16:58.639 Exactly. It's much faster, but it's less reliable. 355 00:16:58.679 --> 00:17:00.000 So why does this matter so much? 356 00:17:00.320 --> 00:17:03.919 Because by mastering these parameters in Python, an ethical hacker 357 00:17:04.039 --> 00:17:08.240 exerts ultimate control over the environment. You're no longer just 358 00:17:08.319 --> 00:17:12.240 sending data through the application layer. You were directly manipulating 359 00:17:12.359 --> 00:17:16.240 the very fabric of the OSI layers we discussed earlier. Wow, 360 00:17:16.400 --> 00:17:19.079 you control the exact mathematical shape of the packet at 361 00:17:19.119 --> 00:17:21.559 layer three. In layer four, and that allows you to 362 00:17:21.599 --> 00:17:24.880 slip past automated the filters completely undetected. 363 00:17:25.000 --> 00:17:29.559 You are literally handcrafting the delivery mechanism on the network layer. 364 00:17:29.960 --> 00:17:31.880 That is just a profound level. 365 00:17:31.640 --> 00:17:32.720 Of access, it really is. 366 00:17:33.160 --> 00:17:35.720 So to quickly recap the journey we've taken today based 367 00:17:35.720 --> 00:17:39.079 on this deep dies into the source material. We started 368 00:17:39.079 --> 00:17:42.359 by establishing the fundamental mission of protecting the CIA triad, 369 00:17:42.720 --> 00:17:45.759 and we saw the critical vulnerability of trust. Then we 370 00:17:45.839 --> 00:17:48.640 climbed down the seven layer architecture of the OSI model 371 00:17:48.680 --> 00:17:52.400 to understand how encapsulation and traffic analysis actually. 372 00:17:52.000 --> 00:17:53.839 Work, which led us to the ninety percent role. 373 00:17:53.839 --> 00:17:56.680 Yeah, discovering that modern hacking is largely the passive art 374 00:17:56.680 --> 00:18:00.640 of Google reconnaissance. Then we stepped into the secure, negative 375 00:18:00.640 --> 00:18:03.160 pressure bio labs of virtualization. 376 00:18:03.000 --> 00:18:06.519 Exploring how operating systems like tails and in pretty os 377 00:18:06.799 --> 00:18:09.440 mechanically ensure anonymity. 378 00:18:08.920 --> 00:18:12.200 And finally we stripped away the interface entirely. We saw 379 00:18:12.240 --> 00:18:16.440 how hackers manipulate raw Python sockets to bypass signature detection 380 00:18:16.920 --> 00:18:20.079 and maintain absolute control over the network layers. 381 00:18:20.359 --> 00:18:23.880 You know. Engaging with this material it really strips away 382 00:18:23.920 --> 00:18:25.880 the perceived magic of the Internet. 383 00:18:26.039 --> 00:18:27.000 It totally does. 384 00:18:27.160 --> 00:18:31.079 It replaces this illusion of a seamless digital world with 385 00:18:31.200 --> 00:18:33.640 a stark mechanical reality. 386 00:18:33.720 --> 00:18:36.480 And it's a mechanical reality that you, the listener, are 387 00:18:36.519 --> 00:18:40.039 participating in right this very second. Absolutely, I really want 388 00:18:40.039 --> 00:18:43.960 you to remember, every single time you open a web browser, 389 00:18:44.359 --> 00:18:47.839 those seven OSI layers are firing. Your data is being 390 00:18:47.920 --> 00:18:51.960 chomped into segments, stuffed into packets, stamped with MSc addresses, 391 00:18:52.000 --> 00:18:55.400 into frames, and fired across the world as raw electrical bits. 392 00:18:55.519 --> 00:18:58.400 And somewhere out there, an automated script might be quietly 393 00:18:58.440 --> 00:19:00.000 doing passive reconnaissance on your canner. 394 00:19:00.359 --> 00:19:01.960 It's a lot to take in because. 395 00:19:01.680 --> 00:19:05.599 The infrastructure supporting our daily lives is vast, remarkably fragile 396 00:19:05.799 --> 00:19:09.000 and constantly under observation by unseen actors. 397 00:19:08.880 --> 00:19:11.799 Which leads to a final pretty shilling thought to leave 398 00:19:11.839 --> 00:19:15.480 you with. The text mentions those nineteen ninety four warnings 399 00:19:15.519 --> 00:19:18.599 about the shift toward automated attacks right, and it notes 400 00:19:18.599 --> 00:19:22.559 how heavily interlinked and vulnerable are modern physical power grids 401 00:19:22.559 --> 00:19:24.680