WEBVTT 1 00:00:00.080 --> 00:00:04.919 What if you could break into computer systems, completely shatter 2 00:00:04.960 --> 00:00:08.560 their defenses and bypass their security, but not as a 3 00:00:08.599 --> 00:00:11.400 criminal facing twenty years in prison. Right doing it legally, 4 00:00:11.560 --> 00:00:15.279 exactly doing it is a highly paid, perfectly legal security expert. 5 00:00:16.039 --> 00:00:18.519 Today we are opening some jeeps and it has manual 6 00:00:18.800 --> 00:00:22.320 beginning ethical hacking with Python. And the mission for this 7 00:00:22.399 --> 00:00:27.280 deep dive is to really uncover the foundational mindset of 8 00:00:27.320 --> 00:00:28.199 an ethical hacker. 9 00:00:28.280 --> 00:00:29.760 Yeah, and we're going to look at how to build 10 00:00:29.839 --> 00:00:32.799 a safe sandbox for practicing these skills, which is super 11 00:00:32.840 --> 00:00:36.119 important and why mastering the Linux command line in Python 12 00:00:36.159 --> 00:00:39.679 three is honestly the ultimate key to digital defense. 13 00:00:39.840 --> 00:00:42.640 And for you listening, if you are eager to learn 14 00:00:42.679 --> 00:00:45.159 but want to cut through all the intimidating jargon, we've 15 00:00:45.159 --> 00:00:47.320 got you covered. We're taking a structured journey today. 16 00:00:47.759 --> 00:00:50.560 We're going from the basics of network architecture all the 17 00:00:50.600 --> 00:00:55.600 way into the granular logic of object oriented programming, so 18 00:00:55.640 --> 00:00:57.600 you'll get a really clear picture of the mechanisms that 19 00:00:57.640 --> 00:01:00.640 make these exploits and the defenses against them work. 20 00:01:01.200 --> 00:01:04.400 It's fascinating stuff. But let's start with the absolute most 21 00:01:04.439 --> 00:01:08.439 critical boundary here, right, Rule number one, You never ever 22 00:01:08.599 --> 00:01:11.719 penetrate or tamper with a system without explicit permission. 23 00:01:11.920 --> 00:01:15.000 Never, that is the line between an ethical hacker and 24 00:01:15.040 --> 00:01:15.959 a cyber criminal. 25 00:01:16.079 --> 00:01:19.560 Right, and Sinha uses this lock tester analogy that I 26 00:01:19.840 --> 00:01:23.920 just love. He says, penetration testing or pend testing is 27 00:01:24.000 --> 00:01:27.879 like a car manufacturer hiring a master locksmith. Right, they 28 00:01:27.959 --> 00:01:30.840 hire this expert to break into a new prototype car 29 00:01:31.159 --> 00:01:31.439 just to. 30 00:01:31.400 --> 00:01:33.799 Find its flaws before it actually goes to market. 31 00:01:33.959 --> 00:01:37.120 Exactly, you are invited to break in, whereas a malicious 32 00:01:37.159 --> 00:01:40.120 hacker or a cracker just breaks into a parked car 33 00:01:40.159 --> 00:01:41.319 on the street to spel it. 34 00:01:41.560 --> 00:01:44.760 Yeah, it's the exact same skill set, but entirely different intent. 35 00:01:44.959 --> 00:01:47.719 But to understand how to protect that car or you know, 36 00:01:47.719 --> 00:01:50.120 a corporate network in our case, you have to understand 37 00:01:50.159 --> 00:01:51.959 exactly what the attacker is targeting. Right. 38 00:01:51.959 --> 00:01:53.480 You need to think like them exactly. 39 00:01:54.079 --> 00:01:57.840 And every cyber attack fundamentally aims to compromise one or 40 00:01:57.879 --> 00:02:04.159 more of four key security components. That's confidentiality, authenticity, integrity, 41 00:02:04.319 --> 00:02:05.239 and availability. 42 00:02:05.599 --> 00:02:08.000 Okay, so instead of looking at these four things in 43 00:02:08.039 --> 00:02:14.159 a vacuum, imagine you are tracking a single coordinated cyber 44 00:02:14.159 --> 00:02:15.919 attack like a digital heist. 45 00:02:16.080 --> 00:02:18.199 Oh I like that let's walk through it. 46 00:02:18.280 --> 00:02:22.000 So it starts with confidentiality, right. The attacker intercepts data 47 00:02:22.039 --> 00:02:25.879 traveling as clear text across a trusted network. They just 48 00:02:25.919 --> 00:02:29.159 sit there quietly using a packet sniffer, and they steal 49 00:02:29.199 --> 00:02:32.479 an administrator's password as it literally just moves past them. 50 00:02:32.639 --> 00:02:35.560 Yeah. So now they have a credential, but they still 51 00:02:35.560 --> 00:02:38.719 need to actually bypass the local security filters to use it, 52 00:02:38.800 --> 00:02:41.080 which is where authenticity comes into play. 53 00:02:41.120 --> 00:02:42.080 Okay, how does that work. 54 00:02:42.319 --> 00:02:45.639 Well, every legitimate hardware device on a network has a 55 00:02:45.879 --> 00:02:49.120 media access control address and as address, So the attacker 56 00:02:49.159 --> 00:02:52.719 spoofs that address, basically altering their own hardware signature. 57 00:02:52.879 --> 00:02:55.800 Ah, so they're effectively wearing a stolen uniform to walk 58 00:02:55.879 --> 00:02:58.479 right past the digital guards. They take on the identity 59 00:02:58.520 --> 00:02:59.520 of a trusted station on. 60 00:02:59.520 --> 00:03:02.400 The network exactly. So okay, now they're inside the network 61 00:03:02.840 --> 00:03:06.360 and say they want to manipulate a financial transaction. That 62 00:03:06.560 --> 00:03:09.000 is a direct strike against integrity. 63 00:03:08.599 --> 00:03:10.439 Right, because they're changing the data itself. 64 00:03:10.800 --> 00:03:13.960 Yeah, they perform what's called a bitflip. They intercept a 65 00:03:14.000 --> 00:03:18.280 digital instruction that says, say, transfer ten thousand dollars, alter 66 00:03:18.439 --> 00:03:20.479 a few bits of the data, and suddenly it's a 67 00:03:20.520 --> 00:03:22.280 ten million dollar transfer. 68 00:03:22.360 --> 00:03:24.240 But wait, I have to push back here for a second. 69 00:03:24.680 --> 00:03:29.120 If bitflipping just changes like a single zero tool one 70 00:03:29.240 --> 00:03:33.439 in the underlying code, why doesn't the bank system automatically 71 00:03:33.439 --> 00:03:36.240 detect that the file was tampered with? I mean surely 72 00:03:36.280 --> 00:03:36.840 they check that. 73 00:03:37.120 --> 00:03:39.840 Well, that is the exact vulnerability and ethical hacker is 74 00:03:39.879 --> 00:03:42.840 testing for in a secure system. Yeah, the data is 75 00:03:42.879 --> 00:03:45.680 tied to a cryptographic hash, which is basically a complex 76 00:03:45.759 --> 00:03:47.199 mathematical summary of the file. 77 00:03:47.319 --> 00:03:50.879 Right, so if you change even one bit, the hash changes. 78 00:03:50.599 --> 00:03:54.039 Completely, The resulting hash changes entirely, and the system rejects 79 00:03:54.080 --> 00:03:57.639 the file. But in a poorly designed system, the application 80 00:03:57.719 --> 00:04:00.000 might only check if the data format looks correct. 81 00:04:00.120 --> 00:04:02.680 Oh wow, so it doesn't check if the cryptographic signature 82 00:04:02.680 --> 00:04:04.000 actually matches exactly. 83 00:04:04.080 --> 00:04:07.120 If that integrity check is weak or missing, the altered 84 00:04:07.120 --> 00:04:09.000 message just processes as legitimate. 85 00:04:09.360 --> 00:04:12.520 That is terrifying. Okay. So finally, to cover their tracks 86 00:04:12.520 --> 00:04:15.800 on the way out, the attacker targets availability. They launch 87 00:04:15.879 --> 00:04:18.279 a denial of service or DOS attack. 88 00:04:18.480 --> 00:04:19.959 Yeah, the classic dot Right. 89 00:04:20.000 --> 00:04:23.399 They flood the system's bandwidth with garbage requests until the 90 00:04:23.480 --> 00:04:27.360 servers just crash. It's like millions of people forming a 91 00:04:27.360 --> 00:04:29.920 massive human chain in front of your house or the bank, 92 00:04:30.399 --> 00:04:34.800 so no legitimate customers or security personnel can even get 93 00:04:34.839 --> 00:04:35.560 through the front. 94 00:04:35.360 --> 00:04:38.680 Door, creating total chaos while the attacker slips away in 95 00:04:38.720 --> 00:04:42.079 the confusion. But here is the thing for anyone learning this. 96 00:04:42.759 --> 00:04:47.000 You can't exactly practice spoofing m mass addresses and launching 97 00:04:47.000 --> 00:04:48.680 DOS attacks on your own home Wi Fi. 98 00:04:48.839 --> 00:04:51.279 Yeah, please don't do that. You will break your internet. 99 00:04:50.959 --> 00:04:53.759 Right, You'll cause serious problems. You need a sandbox, like 100 00:04:53.800 --> 00:04:57.720 a completely isolated environment where you can safely deploy these techniques. 101 00:04:57.759 --> 00:05:00.000 And this is where Oracle Virtual Box comes in. Right. 102 00:05:00.160 --> 00:05:03.199 It's software that lets you run virtual machines or vms 103 00:05:03.680 --> 00:05:05.560 right inside your main operating system. 104 00:05:05.680 --> 00:05:08.360 Yeah, it's literally a computer running inside your computer. 105 00:05:08.680 --> 00:05:11.959 So if an exploit goes wrong or you accidentally unleashed 106 00:05:11.959 --> 00:05:15.920 malware while you're practicing the outer computer, your main OS 107 00:05:16.800 --> 00:05:19.839 is perfectly fine. It remains totally untouched. 108 00:05:19.319 --> 00:05:22.399 Completely untouched. And the specific virtual machine you want to 109 00:05:22.439 --> 00:05:25.040 install inside that sandbox is Kali Linux. 110 00:05:25.199 --> 00:05:25.879 Kali Linux. 111 00:05:26.000 --> 00:05:30.319 Yeah, it's a Linux distribution engineered specifically for security professionals. 112 00:05:30.639 --> 00:05:35.959 It comes preloaded with hundreds of necessary hacking and diagnostic tools. Right, 113 00:05:35.959 --> 00:05:36.600 out of the box. 114 00:05:36.800 --> 00:05:40.720 I'll admit, though, if you are already super comfortable coding 115 00:05:40.720 --> 00:05:43.959 and testing on a Windows machine, pivoting to an entirely 116 00:05:44.000 --> 00:05:47.279 new operating system like Linux feels like a massive detour. 117 00:05:48.040 --> 00:05:49.360 Why go through all that trouble? 118 00:05:49.720 --> 00:05:52.079 Well, A big part of it is that remaining anonymous 119 00:05:52.160 --> 00:05:56.040 during appentist is paramount, and staying truly anonymous on Windows 120 00:05:56.079 --> 00:05:57.079 is practically. 121 00:05:56.639 --> 00:05:58.079 Impossible because of all the tracking. 122 00:05:58.240 --> 00:06:01.399 Yeah, due to how it fundamentally handles telemetry and user data. 123 00:06:01.399 --> 00:06:04.600 It's always phoning home. But honestly, more importantly, it comes 124 00:06:04.600 --> 00:06:06.800 down to how data travels across the Internet. 125 00:06:06.879 --> 00:06:08.120 Okay, lay that out for me. 126 00:06:08.279 --> 00:06:10.360 So if you look at the OSI seven layer model 127 00:06:10.399 --> 00:06:13.879 of networking, hackers need an operating system that gives them 128 00:06:13.920 --> 00:06:18.079 the raw, low level power to intercept data at very 129 00:06:18.120 --> 00:06:19.560 specific hardware layers. 130 00:06:19.680 --> 00:06:21.759 We are talking about the difference between layer three and 131 00:06:21.800 --> 00:06:22.480 layer two. 132 00:06:22.399 --> 00:06:25.399 Right precisely, Think about how the Internet is built. Routers 133 00:06:25.439 --> 00:06:28.439 operate at layer three, which is the network layer. They 134 00:06:28.480 --> 00:06:32.079 read IP addresses to route packets of data across the globe. 135 00:06:32.199 --> 00:06:34.879 Right the IP address gets into the right building. 136 00:06:34.639 --> 00:06:38.480 Essentially exactly, but switches operate lower at layer two. The 137 00:06:38.560 --> 00:06:41.480 data link layer. They don't care about IP addresses at all. 138 00:06:41.519 --> 00:06:43.759 They read those MP addresses we talked about earlier. 139 00:06:43.839 --> 00:06:46.519 Oh, to filter and forward frames of data within a 140 00:06:46.680 --> 00:06:50.120 local physical network, like moving from room to room inside 141 00:06:50.120 --> 00:06:50.480 the building. 142 00:06:50.680 --> 00:06:52.480 You got it. So, if you are on a standard 143 00:06:52.480 --> 00:06:55.439 Windows machine, you are mostly interacting way up at the 144 00:06:55.439 --> 00:06:58.600 application layer layer seven. You can't easily reach down to 145 00:06:58.639 --> 00:07:01.199 the hardware level to manipulate a layer two frame. 146 00:07:01.319 --> 00:07:03.800 Oh, I see, because when you send an email on Windows, 147 00:07:04.279 --> 00:07:07.959 the OS just wraps your data in protocol after protocol 148 00:07:08.240 --> 00:07:09.560 until it hits the network card. 149 00:07:09.800 --> 00:07:12.000 Yeah, it abstracts all the hardware stuff away from you. 150 00:07:12.439 --> 00:07:15.000 But KLi Linux allows you to strip away those higher 151 00:07:15.079 --> 00:07:19.040 level protocols. You can directly craft and inject custom frames 152 00:07:19.319 --> 00:07:20.240 right at layer two. 153 00:07:20.519 --> 00:07:21.879 And why does that matter so much? 154 00:07:22.160 --> 00:07:25.839 Because if you can manipulate layer two, you can completely 155 00:07:25.839 --> 00:07:29.519 bypass the IP security protocols happening up at layer three. 156 00:07:29.639 --> 00:07:31.959 You are just slipping entirely under the radar. 157 00:07:32.160 --> 00:07:35.000 Wow. And Windows simply does not grant you that level 158 00:07:35.240 --> 00:07:38.639 of granular hardware control out of the box, not at all. 159 00:07:38.720 --> 00:07:41.959 So okay, you've built the sandbox. You are inside Cali 160 00:07:42.040 --> 00:07:45.839 Linux ready to manipulate the network. But to actually harness 161 00:07:45.920 --> 00:07:50.160 that granular control, you have to navigate the way real hackers. 162 00:07:49.800 --> 00:07:51.399 Do, which is completely without a mouse. 163 00:07:51.600 --> 00:07:54.079 Right you open the Linux command line. The terminal is 164 00:07:54.120 --> 00:07:56.120 the true control center of the machine. 165 00:07:56.319 --> 00:07:59.759 Now, it's easy to look at basic commands like PWD 166 00:08:00.040 --> 00:08:03.120 to put your working directory, or l's to list files, 167 00:08:03.199 --> 00:08:05.839 or CD to change directories and think of them as 168 00:08:05.879 --> 00:08:08.560 just this clunky, outdated way to navigate a hard drive. 169 00:08:08.800 --> 00:08:11.040 Yeah, a lot of beginners think that, but that misses 170 00:08:11.040 --> 00:08:13.600 the underlying Unix philosophy entirely, which is. 171 00:08:13.560 --> 00:08:15.879 That every tool should do exactly one thing and do 172 00:08:15.920 --> 00:08:16.480 it perfectly. 173 00:08:16.639 --> 00:08:21.279 Yes, think about a visual file explorer on Windows or Mac. 174 00:08:21.720 --> 00:08:25.079 It's a massive, complex program trying to do one hundred 175 00:08:25.079 --> 00:08:28.600 things at once. But the Linux terminal provides these tiny, 176 00:08:28.759 --> 00:08:29.759 razor sharp. 177 00:08:29.600 --> 00:08:32.360 Tools like cat, which just reads text file. 178 00:08:32.279 --> 00:08:36.120 Exactly, or grep which searches for text patterns. But the 179 00:08:36.159 --> 00:08:39.240 real magic happens when you chain them together using piping. 180 00:08:39.519 --> 00:08:42.559 Ah, the pipe command. I love this. It literally takes 181 00:08:42.639 --> 00:08:46.440 the standard output of one program and feeds it directly 182 00:08:46.639 --> 00:08:48.559 is the standard input to the next program. 183 00:08:48.639 --> 00:08:51.360 Right, So imagine you run a network scan and it 184 00:08:51.440 --> 00:08:54.759 outputs fifty thousand lines of active system sources and IP 185 00:08:54.879 --> 00:08:57.879 addresses just a wall of text, yeah, completely unreadable. But 186 00:08:57.919 --> 00:09:00.639 if you pipe that massive output directly into grap and 187 00:09:00.679 --> 00:09:03.799 tell it to search for the word SDRC, you instantly 188 00:09:03.799 --> 00:09:04.759 filter all that noise. 189 00:09:05.000 --> 00:09:08.879 You are constructing a custom, highly specific diagnostic weapon on 190 00:09:08.919 --> 00:09:11.519 the fly, just by combining simple tools. 191 00:09:11.600 --> 00:09:13.240 Exactly, it's incredibly efficient. 192 00:09:13.320 --> 00:09:16.759 I get the power of piping for data, definitely, But 193 00:09:16.919 --> 00:09:18.519 I mean, if I just want to move a file 194 00:09:18.600 --> 00:09:21.759 from one fold or to another, typing cryptic commands like 195 00:09:21.919 --> 00:09:25.200 MV still feels way slower than just dragging and dropping 196 00:09:25.200 --> 00:09:26.000 a folder icon. 197 00:09:26.120 --> 00:09:28.759 Sure it might be slower for one single file, but 198 00:09:29.000 --> 00:09:31.320 what if you need to move ten thousand log files, 199 00:09:31.679 --> 00:09:34.879 append today's date to their file names, and compress them 200 00:09:35.279 --> 00:09:37.840 all while you are secretly connected to a remote server 201 00:09:37.919 --> 00:09:38.840 in another country. 202 00:09:39.039 --> 00:09:42.519 Oh yeah, you won't exactly have a graphical desktop to click. 203 00:09:42.320 --> 00:09:44.960 On, exactly, you will only have a blinking cursor. The 204 00:09:45.039 --> 00:09:47.879 terminal gives you the ability to automate that massive task 205 00:09:48.120 --> 00:09:49.840 with a single line of text. 206 00:09:49.960 --> 00:09:55.080 So it's about speed, precision, and automation. But I mean 207 00:09:56.120 --> 00:09:59.159 that ultimate control comes with the terrifying lack of guardrails right, 208 00:09:59.440 --> 00:10:01.799 like the infat arm dash or of command. 209 00:10:01.639 --> 00:10:05.720 Yeah remove recursively with force. If you execute that command 210 00:10:05.799 --> 00:10:08.639 in the root directory, it deletes every single folder and 211 00:10:08.679 --> 00:10:09.840 file on the machine. 212 00:10:09.519 --> 00:10:11.799 Permanently, just gone. There is no recycle bed. 213 00:10:11.639 --> 00:10:14.200 None, There is no are you sure prompt? The system 214 00:10:14.240 --> 00:10:16.840 will literally just delete itself while you sit there and watch. 215 00:10:16.799 --> 00:10:20.320 Which perfectly illustrates why user management and permissions are so 216 00:10:20.440 --> 00:10:24.080 critical in Linux. You use the adducer command to create 217 00:10:24.120 --> 00:10:27.200 a standard profile, so you aren't operating as Root. 218 00:10:27.480 --> 00:10:30.759 The super user, right because Route can accidentally nuke the 219 00:10:30.759 --> 00:10:32.679 whole system with a typo exactly. 220 00:10:33.159 --> 00:10:35.919 And you also control exactly what files can even run 221 00:10:35.960 --> 00:10:39.399 by changing permissions. Instead of making every file wide open, 222 00:10:39.679 --> 00:10:42.360 you use a command like Schmann plus x to turn 223 00:10:42.399 --> 00:10:45.320 a harmless text file into an executable script. 224 00:10:45.559 --> 00:10:47.440 And if you try to run a script without that 225 00:10:47.559 --> 00:10:51.159 execute permission, Linux flat out denies you. So you are 226 00:10:51.240 --> 00:10:54.639 actively managing the blast radius of your actions by explicitly 227 00:10:54.720 --> 00:10:57.879 granting a file the permission to execute logic, which. 228 00:10:57.679 --> 00:11:01.159 Brings us to actually writing that logic. Navigating the terminal 229 00:11:01.200 --> 00:11:03.360 is how you move around, but to build your own 230 00:11:03.399 --> 00:11:08.000 custom experts automate your defenses or manipulate network sockets. You 231 00:11:08.159 --> 00:11:09.759 need a programming language, and. 232 00:11:09.720 --> 00:11:12.600 Python three is the ethical hackers multi toool of choice. 233 00:11:12.799 --> 00:11:16.960 Plus it comes conveniently pre installed on virtually all Linux distributions. 234 00:11:17.200 --> 00:11:20.039 So why Python specifically out of all the languages out there. 235 00:11:20.120 --> 00:11:23.360 Well, Python is uniquely suited for security work because of 236 00:11:23.399 --> 00:11:28.600 its readable syntax, and it's incredibly powerful networking libraries. But 237 00:11:29.000 --> 00:11:32.320 it doesn't force some very strict rules to achieve that readability. 238 00:11:32.440 --> 00:11:35.759 Oh, you mean the indentation, the absolute reliance on white space. 239 00:11:36.000 --> 00:11:37.960 Yes, the most famous Python quirk. 240 00:11:38.159 --> 00:11:41.320 Because in languages like C plus plus or Java, you 241 00:11:41.480 --> 00:11:45.360 use curly brackets to group blocks of code together, right, 242 00:11:45.480 --> 00:11:48.440 Like you could theoretically write a whole program on one 243 00:11:48.440 --> 00:11:50.799 incredibly messy line of text if you really wanted to. 244 00:11:50.879 --> 00:11:53.279 It would look terrible, but yes, the compiler would read it. 245 00:11:53.320 --> 00:11:55.879 Python forces you to use empty space instead, right. 246 00:11:56.039 --> 00:11:59.440 Python's indentation is kind of like formatting a formal outline, 247 00:11:59.679 --> 00:12:02.679 or even like Russian nesting dolls. The outer loop is 248 00:12:02.720 --> 00:12:06.360 the largest doll, and everything indented beneath it lives entirely 249 00:12:06.440 --> 00:12:09.159 inside that specific doll's execution scope. 250 00:12:09.279 --> 00:12:10.559 That's a great way to picture it. 251 00:12:10.759 --> 00:12:13.639 If you endmi line of code improperly, you're basically trying 252 00:12:13.639 --> 00:12:16.440 to shove a bigger doll to a smaller one, and 253 00:12:16.480 --> 00:12:18.919 the logic of the entire system just shatters. 254 00:12:19.120 --> 00:12:23.879 The script breaks it does, and that strict structural requirement 255 00:12:24.039 --> 00:12:27.360 forces your code to be highly readable, which is crucial. Honestly, 256 00:12:27.679 --> 00:12:30.399 when you are rapidly reviewing thousands of lines of an. 257 00:12:30.279 --> 00:12:32.279 Exploit in the field, makes total sense. 258 00:12:32.399 --> 00:12:36.120 But beneath that really clean visual structure lies the absolute, 259 00:12:36.279 --> 00:12:40.440 non negotiable golden rule of Python. Everything is an object. 260 00:12:40.879 --> 00:12:45.639 Everything everything variables, functions, network sockets, the code itself, and 261 00:12:45.799 --> 00:12:50.200 every single object has three defining traits, an ID, a type, 262 00:12:50.399 --> 00:12:51.120 and a value. 263 00:12:51.240 --> 00:12:53.679 Okay, so the ID is the unique fingerprint in the 264 00:12:53.720 --> 00:12:57.120 system memory, the type is its class, which dictates what 265 00:12:57.120 --> 00:13:01.039 it can do, and the value is the actual data exactly. 266 00:13:01.200 --> 00:13:04.679 And this is where understanding the underlying mechanism becomes crucial 267 00:13:04.720 --> 00:13:08.960 for a hacker. Consider the difference between mutable and immutable objects. 268 00:13:09.320 --> 00:13:10.879 Break that down for me, Well. 269 00:13:10.679 --> 00:13:13.559 A dictionary in Python, which stores data in key value 270 00:13:13.600 --> 00:13:16.559 pairs is mutable. You can change its contents its value, 271 00:13:16.600 --> 00:13:19.519 but its ID in the system memory remains exactly The same. 272 00:13:19.799 --> 00:13:22.240 It's the same container, just with different stuff inside. But 273 00:13:22.320 --> 00:13:25.679 immutable objects like integers or strings of text or tuples 274 00:13:26.039 --> 00:13:28.320 cannot be altered once they are created. 275 00:13:28.000 --> 00:13:30.120 Right right, So say you have a variable set to 276 00:13:30.120 --> 00:13:32.320 the number one, and your script adds one to it 277 00:13:32.360 --> 00:13:35.480 to make it too. Python doesn't just quietly change the 278 00:13:35.600 --> 00:13:38.960 value of the original object in memory, doesn't. No, It 279 00:13:39.000 --> 00:13:41.559 actually destroys the old object and creates a brand new 280 00:13:41.559 --> 00:13:44.320 object with a brand new ID to hold the number two. 281 00:13:44.639 --> 00:13:47.360 That is wild to think about. Even a simple number 282 00:13:47.440 --> 00:13:50.480 like one or a string like password. Is this complex, 283 00:13:50.639 --> 00:13:53.679 first class citizen under the hood, with its own built 284 00:13:53.720 --> 00:13:55.759 in methods and memory life cycle. 285 00:13:55.919 --> 00:13:59.279 It really is. So if knowing what objects are is 286 00:13:59.279 --> 00:14:02.919 like understanding vocabulary of the system, you need grammar to 287 00:14:03.000 --> 00:14:06.519 actually build a sentence. You need loging, loops, and pattern 288 00:14:06.600 --> 00:14:09.480 matching to make your Python scripts perform actual work. 289 00:14:09.799 --> 00:14:13.120 Right, So, we use conditionals like if, elf and else 290 00:14:13.399 --> 00:14:16.440 to execute code based on truer false evaluations like if 291 00:14:16.440 --> 00:14:19.759 this network port is open, deploy the payload, Else log 292 00:14:19.799 --> 00:14:20.960 the IP address. 293 00:14:20.559 --> 00:14:24.080 And move on exactly, and loops automate the repetition A 294 00:14:24.120 --> 00:14:26.679 while loop keeps running in action as long as a 295 00:14:26.720 --> 00:14:28.120 condition remains true, and. 296 00:14:28.120 --> 00:14:32.039 A four loop iterates sequentially, Right, like reading a dictionary 297 00:14:32.039 --> 00:14:35.200 of passwords line by line to test against the login screen. 298 00:14:35.399 --> 00:14:39.320 Yeah exactly. But as you write these network tools, things 299 00:14:39.360 --> 00:14:44.000 will inevitably break. Connections, drop files, go missing, target servers 300 00:14:44.080 --> 00:14:45.000 reject packets. 301 00:14:45.039 --> 00:14:47.559 It's the real world. Things get messy always. 302 00:14:47.960 --> 00:14:50.240 So this requires you to wrap your logic and try 303 00:14:50.240 --> 00:14:53.440 and accept blocks to catch errors. If your script tries 304 00:14:53.480 --> 00:14:56.919 to divide by zero, for example, Python naturally throws a 305 00:14:57.000 --> 00:14:59.200 zero division error and halts completely. 306 00:14:59.320 --> 00:15:01.320 Okay, so how does the triblock fix that. 307 00:15:01.679 --> 00:15:04.320 A triblock tests the code and if it fails, the 308 00:15:04.399 --> 00:15:08.039 accept block intercepts the error gracefully instead of crashing the program. 309 00:15:08.080 --> 00:15:10.360 I actually have to challenge this though, If you are 310 00:15:10.399 --> 00:15:13.200 just writing a quick script for yourself, why put so 311 00:15:13.320 --> 00:15:16.240 much effort into gracefully catching errors. I mean, if a 312 00:15:16.279 --> 00:15:19.240 network socket times out or the logic is flawed, why 313 00:15:19.320 --> 00:15:21.879 not just let the script crash, read the red error 314 00:15:21.879 --> 00:15:24.440 message in the terminal, fix the code, and run it again. 315 00:15:24.639 --> 00:15:28.720 Ah, Because in a live penetration test, a hard crash 316 00:15:28.799 --> 00:15:31.080 is the equivalent of dropping a flash bang and a 317 00:15:31.120 --> 00:15:34.919 quiet library. Oh wow, Okay, Yeah, if your custom exploit 318 00:15:34.960 --> 00:15:38.320 fails violently against a target server, it doesn't just stop 319 00:15:38.360 --> 00:15:41.720 working on your end, It triggers automated alerts on their end. 320 00:15:41.799 --> 00:15:46.399 So it generates massive anomalous entries in the server's error logs. 321 00:15:46.480 --> 00:15:51.080 Exactly, it notifies the system administrator that someone is blindly 322 00:15:51.120 --> 00:15:54.879 probing their defenses, and they will immediately lock down the network. 323 00:15:55.440 --> 00:15:58.720 Catching errors gracefully keeps your script running silently. 324 00:15:58.960 --> 00:16:01.519 It's the difference between a loud smash and grab and 325 00:16:01.559 --> 00:16:03.519 a professional picking a lock in the dark. 326 00:16:03.600 --> 00:16:05.840 That's exactly it. Stealth is everything. 327 00:16:06.159 --> 00:16:09.320 Stealth. You want the script to silently log the failure 328 00:16:09.440 --> 00:16:12.000 locally on your machine and quietly move on to the 329 00:16:12.039 --> 00:16:15.200 next port without ever tipping off the target. Yes, but 330 00:16:15.360 --> 00:16:18.159 when you are silently pulling down all that data, you 331 00:16:18.200 --> 00:16:20.840 need a way to actually make sense of it. If 332 00:16:20.879 --> 00:16:23.840 catching errors keeps our scripts quiet, how do we actually 333 00:16:23.879 --> 00:16:25.960 find what we're looking for in all the noise we 334 00:16:26.039 --> 00:16:28.799 just quietly downloaded. That's the next challenge, because we need 335 00:16:28.840 --> 00:16:32.720 a way to filter gigabytes of data instantly, which requires 336 00:16:32.759 --> 00:16:35.080 regular expressions or the remodule. 337 00:16:35.240 --> 00:16:39.679 Rejex is incredibly powerful. It is basically a mini language 338 00:16:39.679 --> 00:16:43.639 embedded within Python. Designed purely for structural pattern matching. 339 00:16:43.960 --> 00:16:46.159 A lot of people think of find to replace like 340 00:16:46.279 --> 00:16:51.279 hitting creatrol plus F in a word document, But rejects 341 00:16:51.440 --> 00:16:54.480 is infinitely more powerful because you aren't just looking for 342 00:16:54.519 --> 00:16:57.519 a specific word, you know, you're looking for an abstract 343 00:16:57.600 --> 00:16:59.080 structural pattern exactly. 344 00:16:59.120 --> 00:17:02.600 Imagine you have used Holly Linux to intercept gigabytes of 345 00:17:02.679 --> 00:17:05.960 raw network traffic. You don't know the specific credit card 346 00:17:06.039 --> 00:17:08.119 numbers or social security numbers hidden in. 347 00:17:08.039 --> 00:17:10.200 That data, right because you haven't seen them yet, But 348 00:17:10.279 --> 00:17:10.559 you know. 349 00:17:10.519 --> 00:17:13.279 What a credit card number looks like structurally, four digits, 350 00:17:13.319 --> 00:17:14.839 a dash, four digits, and so on. 351 00:17:15.160 --> 00:17:18.319 So you write a reject pattern using specific syntax to 352 00:17:18.400 --> 00:17:22.359 denote digits and characters that instantly hunts down that exact structure. 353 00:17:22.480 --> 00:17:25.880 Yeah, it filters out gigabytes of useless noise to hand 354 00:17:25.880 --> 00:17:29.960 you the exact sensitive data buried inside. It turns days 355 00:17:30.000 --> 00:17:32.440 of manual searching into milliseconds of computation. 356 00:17:32.880 --> 00:17:34.960 Okay, so we're building these incredible tools. Now we have 357 00:17:35.000 --> 00:17:38.680 stealthy error handling, We have rejects filtering massive data sets. 358 00:17:39.279 --> 00:17:42.960 But as our Python scripts evolve from simple network scanners 359 00:17:43.000 --> 00:17:47.799 into massive, multi layered security applications, reading them top to 360 00:17:47.799 --> 00:17:49.079 bottom becomes impossible. 361 00:17:49.200 --> 00:17:51.400 The complexity just gets completely out of hand. 362 00:17:51.519 --> 00:17:54.519 Right, we need architecture, and that leads us to the 363 00:17:54.559 --> 00:17:59.480 final crucial concept here, object oriented programming or OOP. 364 00:18:00.200 --> 00:18:03.039 So, as we established earlier, everything built into Python is 365 00:18:03.079 --> 00:18:06.680 already an object, but OOP allows you to design your 366 00:18:06.680 --> 00:18:09.359 own complex objects to model the real. 367 00:18:09.119 --> 00:18:10.720 World, right, to create custom tools. 368 00:18:10.839 --> 00:18:14.200 Exactly. It starts with a class which acts as a blueprint, 369 00:18:14.359 --> 00:18:18.720 and then an object is a concrete, usable instance generated from. 370 00:18:18.519 --> 00:18:21.000 That blueprint, and the moment you generate that object, a 371 00:18:21.000 --> 00:18:24.960 special method called in it runs automatically. Right. It initializes 372 00:18:24.960 --> 00:18:27.480 the object the moment it's born, setting up its default 373 00:18:27.480 --> 00:18:28.880 attributes and internal states. 374 00:18:28.920 --> 00:18:30.240 Yep, that's the baseline. 375 00:18:30.319 --> 00:18:33.200 But the real magic of this architecture and hacking comes 376 00:18:33.200 --> 00:18:37.480 from polymorphism, which essentially means a single command or message 377 00:18:37.720 --> 00:18:41.759 can trigger completely different behaviors depending on which object receives it. 378 00:18:41.920 --> 00:18:45.000 Let's look at a practical example from the book. Imagine 379 00:18:45.039 --> 00:18:47.519 you have a blueprint for a robot class and a 380 00:18:47.519 --> 00:18:51.200 blueprint for a human class. Both classes contain a method 381 00:18:51.240 --> 00:18:53.039 called walk like a robot. 382 00:18:53.319 --> 00:18:55.640 Right, if you send the walk like a robot command 383 00:18:55.680 --> 00:18:58.920 to an instance of the robot class. The robot simply walks. 384 00:18:59.319 --> 00:19:02.279 That is just its natural state of locomotion, right, But 385 00:19:02.319 --> 00:19:05.119 if you send that exact same command to an instance 386 00:19:05.160 --> 00:19:09.319 of the human class, the human behaves completely differently. They 387 00:19:09.359 --> 00:19:13.039 perform a stiff mechanical imitation of a robot exactly. 388 00:19:13.079 --> 00:19:15.759 It's the exact same trigger, the exact same command, but 389 00:19:16.039 --> 00:19:20.279 the resulting behavior is completely unique to the object's specific class. 390 00:19:20.720 --> 00:19:23.960 The command means something fundamentally different to each object. 391 00:19:24.160 --> 00:19:27.319 Now, why does an ethical hacker care about polymorphism? Though? 392 00:19:27.640 --> 00:19:31.119 Because it achieves loose coupling, it allows you to build 393 00:19:31.279 --> 00:19:35.079 highly modular attack and defense tools. Let's say you build 394 00:19:35.119 --> 00:19:39.599 a massive automated network scanning application that targets five different 395 00:19:39.640 --> 00:19:42.759 types of operating systems. Okay, if one of those targets 396 00:19:42.759 --> 00:19:46.039 suddenly updates its firewall architecture, you don't have to tear 397 00:19:46.079 --> 00:19:48.279 apart and rewrite your entire framework. 398 00:19:48.400 --> 00:19:49.920 Oh, because it's modular, right. 399 00:19:50.039 --> 00:19:52.799 You simply go in and update the specific class in 400 00:19:52.839 --> 00:19:56.119 your code that handles that one operating system. The rest 401 00:19:56.119 --> 00:19:59.599