WEBVTT

1
00:00:00.000 --> 00:00:04.240
<v Speaker 1>All right, strap in everyone, we're going deep into cybersecurity today.

2
00:00:04.400 --> 00:00:07.440
<v Speaker 1>Oh yeah, our guide Security Warrior.

3
00:00:07.719 --> 00:00:09.000
<v Speaker 2>This one's a doozy.

4
00:00:09.080 --> 00:00:11.720
<v Speaker 1>This isn't some cybersecurity for dummies thing. No, No, this

5
00:00:11.839 --> 00:00:17.160
<v Speaker 1>is like straight up combat training packer playbook, attack and defense,

6
00:00:17.320 --> 00:00:20.000
<v Speaker 1>the whole nine yards. But we know you don't want

7
00:00:20.000 --> 00:00:23.199
<v Speaker 1>to be drowning in technical jargon, right right, So consider

8
00:00:23.239 --> 00:00:28.440
<v Speaker 1>this your crash course Cybersecurity Warfare Accelerated Security Warrior.

9
00:00:28.519 --> 00:00:30.160
<v Speaker 2>It gets right into the thick of it. You know,

10
00:00:30.719 --> 00:00:35.840
<v Speaker 2>network stocking, oh yeah, reverse engineering Windows, Linux, doesn't matter,

11
00:00:36.000 --> 00:00:41.759
<v Speaker 2>overflow attacks, TCPIP, the Internet's language, basically social engineering of course,

12
00:00:41.759 --> 00:00:44.759
<v Speaker 2>that's always a fun one. And then how to vanish

13
00:00:44.799 --> 00:00:48.079
<v Speaker 2>without a trace like a ghost exactly.

14
00:00:48.159 --> 00:00:50.200
<v Speaker 1>Now. What I like about this book is it's laid

15
00:00:50.200 --> 00:00:52.759
<v Speaker 1>out really practically, almost like a step by step guide.

16
00:00:52.960 --> 00:00:57.159
<v Speaker 1>And then it's got this appendix full of softest commands.

17
00:00:56.759 --> 00:00:58.679
<v Speaker 2>And breakpoints, perfect for the hands on types.

18
00:00:58.799 --> 00:01:01.000
<v Speaker 1>Yeah, if you want to, you know, try the stuff

19
00:01:01.039 --> 00:01:03.479
<v Speaker 1>out safely, of course, in a safe environment.

20
00:01:03.560 --> 00:01:05.359
<v Speaker 2>Yeah, don't go hacking your neighbor.

21
00:01:05.200 --> 00:01:08.359
<v Speaker 1>Not yet. But here's the thing. The authors they actually

22
00:01:08.439 --> 00:01:11.280
<v Speaker 1>want you to reach out ask questions. Yeah, they give

23
00:01:11.319 --> 00:01:15.239
<v Speaker 1>their website, contact info, everything right in the book.

24
00:01:15.280 --> 00:01:17.200
<v Speaker 2>It's great. It's not just about the knowledge, ye, they

25
00:01:17.239 --> 00:01:18.640
<v Speaker 2>want to build a community.

26
00:01:18.280 --> 00:01:22.280
<v Speaker 1>Right, security minded folks. Okay, let's talk about something that

27
00:01:22.319 --> 00:01:23.280
<v Speaker 1>always creeps me out.

28
00:01:23.680 --> 00:01:24.040
<v Speaker 2>What's that?

29
00:01:24.200 --> 00:01:25.359
<v Speaker 1>Social engineering?

30
00:01:25.599 --> 00:01:26.280
<v Speaker 2>Ah?

31
00:01:26.400 --> 00:01:30.640
<v Speaker 1>Chapter seven. They really go deep here, deep, and it's

32
00:01:30.640 --> 00:01:33.560
<v Speaker 1>not just about the techniques. It's the psychology behind me.

33
00:01:33.599 --> 00:01:34.760
<v Speaker 2>Oh that's the scary part.

34
00:01:34.879 --> 00:01:35.519
<v Speaker 1>It really is.

35
00:01:35.640 --> 00:01:39.000
<v Speaker 2>They basically give you a hacker's mind reading manual.

36
00:01:38.840 --> 00:01:40.879
<v Speaker 1>Like how to manipulate people.

37
00:01:40.680 --> 00:01:45.840
<v Speaker 2>Exactly, and they have this ten step plan. It's frighteningly strategic.

38
00:01:46.599 --> 00:01:51.560
<v Speaker 2>They don't just pick targets randomly. It's calculated profiling based

39
00:01:51.599 --> 00:01:57.040
<v Speaker 2>on personality, what someone does in an organization. They're looking

40
00:01:57.040 --> 00:01:58.040
<v Speaker 2>for the weakest link.

41
00:01:58.319 --> 00:02:00.920
<v Speaker 1>So they're not just tech savvy, they're like psychologists.

42
00:02:00.959 --> 00:02:01.599
<v Speaker 2>Oh absolutely.

43
00:02:01.640 --> 00:02:05.599
<v Speaker 1>And then they have these things they call weapons of persuasion, right.

44
00:02:05.480 --> 00:02:09.680
<v Speaker 2>Like reciprocity, commitment, social proof.

45
00:02:10.280 --> 00:02:12.840
<v Speaker 1>This stuff. It's not just for hacking, though, is it. No,

46
00:02:13.120 --> 00:02:15.400
<v Speaker 1>This is how we make decisions every day all the time.

47
00:02:15.479 --> 00:02:18.080
<v Speaker 1>Makes you think twice about who you trust, Yeah, it

48
00:02:18.120 --> 00:02:20.199
<v Speaker 1>really does. Okay, let's get a bit more technical, right,

49
00:02:20.680 --> 00:02:25.520
<v Speaker 1>The Internet itself, the language of it TCPIP Chapter six.

50
00:02:25.919 --> 00:02:30.080
<v Speaker 1>This is essential stuff whether you're attacking or defending both sides.

51
00:02:30.199 --> 00:02:33.800
<v Speaker 1>So if social engineering is about manipulating people, right, this

52
00:02:33.879 --> 00:02:36.159
<v Speaker 1>is about manipulating the pathways of the Internet.

53
00:02:36.319 --> 00:02:41.319
<v Speaker 2>Yes, exactly. Imagine a TCPIP packet like a digital envelope

54
00:02:41.639 --> 00:02:46.439
<v Speaker 2>carrying information. Okay, Now, a hacker they don't just intercept

55
00:02:46.439 --> 00:02:48.840
<v Speaker 2>that envelope. They slip in a hidden.

56
00:02:48.520 --> 00:02:50.560
<v Speaker 1>Message and it looks totally normal.

57
00:02:50.319 --> 00:02:53.560
<v Speaker 2>Totally innocent. That's the power of understanding TCPIP.

58
00:02:53.800 --> 00:02:56.919
<v Speaker 1>So a hacker needs to be fluent in TCPIP to

59
00:02:56.919 --> 00:02:57.280
<v Speaker 1>pull this.

60
00:02:57.319 --> 00:03:01.919
<v Speaker 2>Off without a doubt. But Security Warrior introduces you to

61
00:03:01.960 --> 00:03:06.360
<v Speaker 2>a tool called ethereal. It makes this whole complex world visible.

62
00:03:06.680 --> 00:03:10.960
<v Speaker 2>You can actually see the network traffic, the packets, decipher

63
00:03:11.000 --> 00:03:11.520
<v Speaker 2>what's going on.

64
00:03:11.800 --> 00:03:15.599
<v Speaker 1>That's wild, all right, let's switch gears a bit reconnaissance.

65
00:03:16.439 --> 00:03:17.159
<v Speaker 2>Ah.

66
00:03:17.280 --> 00:03:20.639
<v Speaker 1>Yes, it's not always about high tech stuff. Sometimes it's

67
00:03:20.639 --> 00:03:21.800
<v Speaker 1>surprisingly low tech.

68
00:03:21.960 --> 00:03:22.479
<v Speaker 2>Oh yeah.

69
00:03:22.520 --> 00:03:27.400
<v Speaker 1>The book covers everything from online searches to dumpster diving.

70
00:03:27.560 --> 00:03:28.479
<v Speaker 2>Oh it's a classic.

71
00:03:28.680 --> 00:03:30.400
<v Speaker 1>That's a little unsettling, it is.

72
00:03:30.520 --> 00:03:33.919
<v Speaker 2>But valuable information isn't always locked away digitally, right, Sometimes

73
00:03:33.919 --> 00:03:36.919
<v Speaker 2>it's discarded carelessly in the real world. The password on

74
00:03:36.960 --> 00:03:39.680
<v Speaker 2>a sticky note. Oh no network diagram in the trash

75
00:03:39.840 --> 00:03:40.479
<v Speaker 2>you never know.

76
00:03:40.520 --> 00:03:43.719
<v Speaker 1>Makes you think twice about what you throw away. Okay,

77
00:03:43.800 --> 00:03:47.120
<v Speaker 1>let's talk about getting our hands dirdy reverse engineering all right,

78
00:03:47.159 --> 00:03:50.039
<v Speaker 1>Now we're talking reverse engineering is like taking something apart

79
00:03:50.120 --> 00:03:51.759
<v Speaker 1>to see how it works exactly.

80
00:03:51.919 --> 00:03:56.199
<v Speaker 2>In this case, it's software disassembling programs, understanding their.

81
00:03:56.039 --> 00:03:59.319
<v Speaker 1>Guts, finding vulnerabilities.

82
00:03:58.360 --> 00:04:00.080
<v Speaker 2>Maybe even changing how they be.

83
00:04:00.520 --> 00:04:04.000
<v Speaker 1>And Security Warrior really broadens our view here. How So

84
00:04:04.280 --> 00:04:07.840
<v Speaker 1>it's not just Windows. Chapter three goes deep into Linux

85
00:04:07.919 --> 00:04:08.879
<v Speaker 1>reverse engineering.

86
00:04:09.120 --> 00:04:14.360
<v Speaker 2>Linux often seen as this impenetrable fortress, right, but it

87
00:04:14.360 --> 00:04:15.759
<v Speaker 2>has its weaknesses too, of.

88
00:04:15.759 --> 00:04:22.360
<v Speaker 1>Course, and the tools they use for this are fascinating debuggers, disassemblers.

89
00:04:21.959 --> 00:04:24.519
<v Speaker 2>Custom built tools. Even it's a whole other world.

90
00:04:24.680 --> 00:04:26.720
<v Speaker 1>So to give you a taste, the book walks you

91
00:04:26.759 --> 00:04:29.279
<v Speaker 1>through this exercise. Well, I like this one, patching a

92
00:04:29.279 --> 00:04:31.600
<v Speaker 1>program to get rid of that annoying message box that

93
00:04:31.639 --> 00:04:35.199
<v Speaker 1>pops up. We all hate those, right, seems simple, but

94
00:04:35.279 --> 00:04:39.120
<v Speaker 1>it shows you how reverse engineering can tweak software behavior

95
00:04:39.480 --> 00:04:43.199
<v Speaker 1>in very specific ways exactly. Now, imagine applying that to

96
00:04:43.240 --> 00:04:45.240
<v Speaker 1>something more sinister.

97
00:04:45.560 --> 00:04:48.279
<v Speaker 2>That's where things get interesting, and that's where we'll pick

98
00:04:48.319 --> 00:04:51.639
<v Speaker 2>up next time. Welcome back we left off talking about

99
00:04:51.680 --> 00:04:55.319
<v Speaker 2>reverse engineering. How hackers basically dissect software.

100
00:04:55.040 --> 00:04:56.600
<v Speaker 1>Right, figuring out how it works.

101
00:04:56.720 --> 00:04:59.120
<v Speaker 2>But then there's the next step, which is covering their

102
00:04:59.160 --> 00:05:01.480
<v Speaker 2>tracks like magic.

103
00:05:01.240 --> 00:05:03.959
<v Speaker 1>Almost Chapter ten, The Art of Evasion.

104
00:05:04.360 --> 00:05:07.000
<v Speaker 2>Okay, so how do they do it leave no trace?

105
00:05:07.439 --> 00:05:10.199
<v Speaker 1>Well, it's part technical skill, uh huh, part knowing how

106
00:05:10.240 --> 00:05:11.120
<v Speaker 1>investigators think.

107
00:05:11.319 --> 00:05:14.439
<v Speaker 2>Interesting, So they might use something called log file cleansing.

108
00:05:14.839 --> 00:05:17.360
<v Speaker 2>Think of it like erasing your footprints in the digital

109
00:05:17.360 --> 00:05:21.279
<v Speaker 2>world exactly. They manipulate delete logs, make it look like

110
00:05:21.279 --> 00:05:22.000
<v Speaker 2>they were never there.

111
00:05:22.079 --> 00:05:23.360
<v Speaker 1>But wouldn't someone notice that?

112
00:05:23.879 --> 00:05:24.879
<v Speaker 2>Not if it's done right.

113
00:05:25.000 --> 00:05:25.480
<v Speaker 1>I see.

114
00:05:25.720 --> 00:05:29.480
<v Speaker 2>That's where anti ferentics comes in, techniques specifically designed to

115
00:05:29.519 --> 00:05:30.680
<v Speaker 2>throw investigators off.

116
00:05:30.800 --> 00:05:31.279
<v Speaker 1>Wow.

117
00:05:31.680 --> 00:05:34.439
<v Speaker 2>And then you've got root kits route kits software that

118
00:05:34.560 --> 00:05:36.600
<v Speaker 2>hides deep in your operating system.

119
00:05:36.360 --> 00:05:38.800
<v Speaker 1>So it's like invisible.

120
00:05:38.319 --> 00:05:42.839
<v Speaker 2>Almost it becomes part of the system itself. Then there

121
00:05:42.879 --> 00:05:44.519
<v Speaker 2>are no listener back doors.

122
00:05:45.199 --> 00:05:46.839
<v Speaker 1>No listener what's that?

123
00:05:47.000 --> 00:05:49.360
<v Speaker 2>See? A regular backdoor it's like an open door anyone

124
00:05:49.399 --> 00:05:52.199
<v Speaker 2>can walk through. But a no listener back door it's

125
00:05:52.199 --> 00:05:55.160
<v Speaker 2>like a secret knock, only the attacker knows how to

126
00:05:55.199 --> 00:05:55.639
<v Speaker 2>trigger it.

127
00:05:55.759 --> 00:05:59.240
<v Speaker 1>Oh that's sneaky. So they're hiding waiting for the right signal.

128
00:05:59.399 --> 00:06:01.240
<v Speaker 2>Exactly. It's pretty underving, it is.

129
00:06:01.519 --> 00:06:04.240
<v Speaker 1>But Security Warrior doesn't just focus on the attackers right now.

130
00:06:04.279 --> 00:06:06.879
<v Speaker 2>Oh no, it gives it's the defender's perspective too, like

131
00:06:06.959 --> 00:06:10.360
<v Speaker 2>a warrior's guide Exactly. Chapter is eleven through fourteen all

132
00:06:10.399 --> 00:06:11.279
<v Speaker 2>about building.

133
00:06:10.959 --> 00:06:13.000
<v Speaker 1>Your defenses, specifically on.

134
00:06:12.959 --> 00:06:14.319
<v Speaker 2>Unix and Windows systems.

135
00:06:14.399 --> 00:06:16.920
<v Speaker 1>Okay, you know what I think Windows security. I think

136
00:06:17.240 --> 00:06:18.079
<v Speaker 1>remote desktop.

137
00:06:18.279 --> 00:06:20.720
<v Speaker 2>Ah, yes, convenient, But the.

138
00:06:20.639 --> 00:06:25.480
<v Speaker 1>Book points out convenience can mean less security often. Yeah,

139
00:06:25.560 --> 00:06:27.920
<v Speaker 1>they say a weak password is all it takes.

140
00:06:27.639 --> 00:06:29.279
<v Speaker 2>Like leaving your front door unlocked.

141
00:06:29.399 --> 00:06:32.800
<v Speaker 1>Not a good idea. So strong passwords are key. But

142
00:06:32.920 --> 00:06:36.519
<v Speaker 1>what about the actual connection settings? The book mentions dot

143
00:06:36.639 --> 00:06:37.639
<v Speaker 1>RDP files.

144
00:06:38.199 --> 00:06:42.199
<v Speaker 2>Uh, those they can be dangerous. Oh so they contain

145
00:06:42.319 --> 00:06:45.240
<v Speaker 2>all the info needed to connect to a remote computer, right,

146
00:06:45.439 --> 00:06:48.959
<v Speaker 2>IP address, user account, even the domain name.

147
00:06:49.240 --> 00:06:52.399
<v Speaker 1>So even without the password, that's still valuable intel for

148
00:06:52.480 --> 00:06:53.079
<v Speaker 1>an attacker.

149
00:06:53.319 --> 00:06:55.879
<v Speaker 2>Exactly, It's like having a map to the treasure, even.

150
00:06:55.720 --> 00:06:58.360
<v Speaker 1>If you can't open the chest yet. Now, the book

151
00:06:58.360 --> 00:07:02.720
<v Speaker 1>also talks about Kerberos author entication. Ah, Carbreros, I've always

152
00:07:02.720 --> 00:07:03.759
<v Speaker 1>found it a bit confusing.

153
00:07:03.879 --> 00:07:07.319
<v Speaker 2>It's a system for verifying identities on a network. Think

154
00:07:07.319 --> 00:07:09.839
<v Speaker 2>of it like a really secure passport system. Okay, you

155
00:07:09.879 --> 00:07:13.519
<v Speaker 2>present your credentials user name, password, Huh, Carbrero's checks them

156
00:07:13.560 --> 00:07:15.560
<v Speaker 2>against the database to confirm it's really you.

157
00:07:15.800 --> 00:07:19.160
<v Speaker 1>Makes sense, But the book says even Carbero's has weaknesses.

158
00:07:19.279 --> 00:07:22.959
<v Speaker 2>Of course, it all comes back to those initial credential password.

159
00:07:23.040 --> 00:07:26.319
<v Speaker 2>If the password's weak, Carberos is useless.

160
00:07:26.439 --> 00:07:29.079
<v Speaker 1>So strong passwords. Again. It's a theme here.

161
00:07:29.040 --> 00:07:32.040
<v Speaker 2>Crucial one. Okay, let's look at something a little different.

162
00:07:32.560 --> 00:07:38.680
<v Speaker 2>Windows file encryption built in right UFS. You'd think it's secure.

163
00:07:39.480 --> 00:07:42.000
<v Speaker 2>Security Warrior reveals a big flaw.

164
00:07:42.279 --> 00:07:43.000
<v Speaker 1>Hit me with it.

165
00:07:43.600 --> 00:07:48.680
<v Speaker 2>Those encryption keys, Yeah, tied to your password, meaning password compromised.

166
00:07:49.279 --> 00:07:52.800
<v Speaker 2>Encryption's useless. Oh that's bad, like having a safe with

167
00:07:52.839 --> 00:07:54.360
<v Speaker 2>a combination tape to it.

168
00:07:54.439 --> 00:07:55.879
<v Speaker 1>So what's the solution.

169
00:07:55.920 --> 00:07:57.240
<v Speaker 2>Third party encryption tools?

170
00:07:57.319 --> 00:07:57.519
<v Speaker 1>Ah?

171
00:07:57.560 --> 00:08:00.279
<v Speaker 2>Okay, to keep the keys separate from your pass word.

172
00:08:00.360 --> 00:08:02.040
<v Speaker 2>Extra layer of protection, got it.

173
00:08:02.120 --> 00:08:04.920
<v Speaker 1>So even if your password's stolen, your data is still safe.

174
00:08:05.240 --> 00:08:09.720
<v Speaker 2>Exactly. Now, let's move beyond individual systems to web services,

175
00:08:10.079 --> 00:08:14.439
<v Speaker 2>specifically SOP and XML. Okay, those are building blocks of

176
00:08:14.519 --> 00:08:18.480
<v Speaker 2>many web applications, right, but they have security challenges. Think

177
00:08:18.519 --> 00:08:22.839
<v Speaker 2>of XML as a language for data SAP is the

178
00:08:22.920 --> 00:08:25.199
<v Speaker 2>envelope carrying that data across the Internet.

179
00:08:25.319 --> 00:08:26.000
<v Speaker 1>So what's the risk.

180
00:08:26.920 --> 00:08:31.199
<v Speaker 2>SOOP messages are often sent in plain text, meaning anyone

181
00:08:31.279 --> 00:08:32.360
<v Speaker 2>snooping can read them.

182
00:08:32.559 --> 00:08:36.639
<v Speaker 1>So usernames, passwords all exposed.

183
00:08:36.240 --> 00:08:39.039
<v Speaker 2>Potentially Yes, like sending a postcard with your credit card

184
00:08:39.120 --> 00:08:39.639
<v Speaker 2>number on it.

185
00:08:39.919 --> 00:08:42.000
<v Speaker 1>Not a good idea. What can we do about it?

186
00:08:42.200 --> 00:08:46.639
<v Speaker 2>Encryption? Of course, digital signatures. Security Warrior really stresses this

187
00:08:46.879 --> 00:08:48.000
<v Speaker 2>secure those messages.

188
00:08:48.320 --> 00:08:51.320
<v Speaker 1>So even though SOP and XML are everywhere, we got

189
00:08:51.360 --> 00:08:55.519
<v Speaker 1>to be careful absolutely. Now what about databases, ah, the

190
00:08:55.519 --> 00:08:58.039
<v Speaker 1>heart of many applications.

191
00:08:57.360 --> 00:09:00.360
<v Speaker 2>Store and all that juicy information and vulnerable. Oh yes,

192
00:09:00.480 --> 00:09:03.159
<v Speaker 2>one big attack sequel injection.

193
00:09:03.679 --> 00:09:06.120
<v Speaker 1>I've heard that term but never fully understood it.

194
00:09:06.200 --> 00:09:10.000
<v Speaker 2>Imagine a web form like a log in page. Attackers

195
00:09:10.000 --> 00:09:13.039
<v Speaker 2>can manipulate the input fields to inject malicious.

196
00:09:12.600 --> 00:09:14.799
<v Speaker 1>Code, and if they're successful.

197
00:09:14.320 --> 00:09:16.559
<v Speaker 2>They bypassed security access the whole database.

198
00:09:16.679 --> 00:09:17.159
<v Speaker 1>Yikes.

199
00:09:17.360 --> 00:09:21.240
<v Speaker 2>It's surprisingly common, especially the application isn't coded well.

200
00:09:21.320 --> 00:09:23.399
<v Speaker 1>Security Warrior actually has an example of this.

201
00:09:23.639 --> 00:09:26.799
<v Speaker 2>Oh yeah, they show how an attacker can extract passwords

202
00:09:27.200 --> 00:09:28.200
<v Speaker 2>using SQL injection.

203
00:09:28.519 --> 00:09:31.480
<v Speaker 1>Scary stuff. Seems like there's always a way in if

204
00:09:31.480 --> 00:09:32.720
<v Speaker 1>someone's determined enough.

205
00:09:32.799 --> 00:09:35.960
<v Speaker 2>That's why Understanding these vulnerabilities is so important so we

206
00:09:36.039 --> 00:09:39.639
<v Speaker 2>can build better defenses. Security Warrior talks about a few

207
00:09:39.840 --> 00:09:45.679
<v Speaker 2>key techniques like what input validation, scrutinizing all data that

208
00:09:45.799 --> 00:09:49.000
<v Speaker 2>users enter, make sure no malicious code slips through.

209
00:09:49.159 --> 00:09:50.120
<v Speaker 1>Okay, that makes sense.

210
00:09:50.240 --> 00:09:55.279
<v Speaker 2>Another one, parameterize queries separate data from commands, so it's.

211
00:09:55.159 --> 00:09:58.039
<v Speaker 1>Harder for attackers to inject their code precisely.

212
00:09:58.559 --> 00:10:01.519
<v Speaker 2>Now, let's unplug for a bit wireless networks.

213
00:10:01.559 --> 00:10:06.159
<v Speaker 1>Ah. Yes, convenient but risky. When I think wireless security,

214
00:10:06.200 --> 00:10:08.519
<v Speaker 1>I think WEP encryption.

215
00:10:08.600 --> 00:10:11.480
<v Speaker 2>Full of holes. The book shows just how easily can

216
00:10:11.519 --> 00:10:14.679
<v Speaker 2>be cracked, right, right, But it goes further talking about

217
00:10:14.679 --> 00:10:16.960
<v Speaker 2>all sorts of wireless attack and defense, like what I

218
00:10:16.960 --> 00:10:20.039
<v Speaker 2>never heard of? War driving? War driving, driving around, scanning

219
00:10:20.039 --> 00:10:21.039
<v Speaker 2>for wireless.

220
00:10:20.600 --> 00:10:22.519
<v Speaker 1>Networks, looking for unsecured ones.

221
00:10:22.320 --> 00:10:26.240
<v Speaker 2>Exactly, and sometimes the treasure they find is your data.

222
00:10:27.120 --> 00:10:33.399
<v Speaker 2>They also talk about wireless smiffing, intercepting network traffic, eavesdropping basically.

223
00:10:32.919 --> 00:10:35.399
<v Speaker 1>So they could see everything I'm doing potentially.

224
00:10:35.480 --> 00:10:41.360
<v Speaker 2>Yes, user names, passwords, emails all up for grabs. That's disturbing,

225
00:10:41.519 --> 00:10:43.799
<v Speaker 2>which is why encryption is so important.

226
00:10:43.480 --> 00:10:46.120
<v Speaker 1>Right WPA two strong passwords?

227
00:10:46.480 --> 00:10:49.960
<v Speaker 2>Absolutely. The book even talks about wireless intrusion detection.

228
00:10:50.080 --> 00:10:52.399
<v Speaker 1>Systems intrusion detection, what's that?

229
00:10:53.159 --> 00:10:56.360
<v Speaker 2>Tools that monitor your network for anything suspicious, like a

230
00:10:56.399 --> 00:10:57.639
<v Speaker 2>security guard for your WiFi.

231
00:10:57.799 --> 00:11:00.279
<v Speaker 1>Okay, that makes sense. But our world is getting even

232
00:11:00.320 --> 00:11:01.159
<v Speaker 1>more mobile.

233
00:11:00.919 --> 00:11:05.080
<v Speaker 2>Right, Oh, yes, phones, tablets, watches. Security Warrior covers those two.

234
00:11:05.240 --> 00:11:06.960
<v Speaker 1>What kind of threats are we talking about there?

235
00:11:07.039 --> 00:11:10.200
<v Speaker 2>Well, mobile malware is a big one. Viruses, worms, all

236
00:11:10.240 --> 00:11:12.759
<v Speaker 2>that nasty stuff, but tailored for your phone.

237
00:11:12.840 --> 00:11:14.399
<v Speaker 1>And we keep so much on our phones these.

238
00:11:14.320 --> 00:11:17.559
<v Speaker 2>Days, contact photos, bank info. It's a gold mine for attackers.

239
00:11:17.840 --> 00:11:18.600
<v Speaker 1>So what can we do?

240
00:11:18.759 --> 00:11:22.080
<v Speaker 2>Anti malware is crucial? Keep your OS updated, be careful

241
00:11:22.120 --> 00:11:23.559
<v Speaker 2>what websites and apps you use.

242
00:11:23.679 --> 00:11:25.720
<v Speaker 1>It's constant vigilance always.

243
00:11:25.919 --> 00:11:27.679
<v Speaker 2>Security is a journey, not a destination.

244
00:11:28.039 --> 00:11:30.080
<v Speaker 1>That's a good way to put it. Now, before we

245
00:11:30.120 --> 00:11:32.200
<v Speaker 1>wrap up, I got to ask about digital forensics.

246
00:11:32.480 --> 00:11:36.639
<v Speaker 2>Ah, the detective work of the digital world. Security Warrior

247
00:11:36.639 --> 00:11:37.679
<v Speaker 2>has a whole chapter.

248
00:11:37.480 --> 00:11:39.840
<v Speaker 1>On this, Extracting evidence from.

249
00:11:39.559 --> 00:11:43.440
<v Speaker 2>Hard drives, memory cards, Even the empty space on a

250
00:11:43.519 --> 00:11:44.480
<v Speaker 2>drive can hold clues.

251
00:11:44.559 --> 00:11:46.720
<v Speaker 1>You know, even if you delete something, it's not really gone.

252
00:11:46.879 --> 00:11:51.080
<v Speaker 2>Not always. These techniques like file carving, piecing together fragments

253
00:11:51.080 --> 00:11:51.559
<v Speaker 2>of data.

254
00:11:51.720 --> 00:11:53.000
<v Speaker 1>Wow, that sounds complicated.

255
00:11:53.120 --> 00:11:58.519
<v Speaker 2>It is specialized software like win hex in case powerful stuff.

256
00:11:58.600 --> 00:12:02.559
<v Speaker 2>But of course there's the counter anti forensics.

257
00:12:02.000 --> 00:12:04.120
<v Speaker 1>Hackers trying to outsmart the investigators.

258
00:12:04.200 --> 00:12:07.399
<v Speaker 2>Exactly, a constant game of cat and mouse. They talk

259
00:12:07.399 --> 00:12:11.440
<v Speaker 2>about data wiping, overwriting deleted files to make them unrecoverable.

260
00:12:11.679 --> 00:12:15.080
<v Speaker 1>Wow, it's like a whole secret war going on this book.

261
00:12:15.120 --> 00:12:17.759
<v Speaker 1>It covers so much ground, basic stuff, and then these

262
00:12:17.759 --> 00:12:19.519
<v Speaker 1>super advanced techniques.

263
00:12:19.080 --> 00:12:20.360
<v Speaker 2>For both attack and defense.

264
00:12:20.600 --> 00:12:22.440
<v Speaker 1>Exactly. It's amazing, and.

265
00:12:22.399 --> 00:12:24.879
<v Speaker 2>We're not done yet. There's a whole other world to explore.

266
00:12:25.000 --> 00:12:25.480
<v Speaker 1>Oo.

267
00:12:25.679 --> 00:12:28.200
<v Speaker 2>Log Analysis intrusion detection that's for next time.

268
00:12:28.240 --> 00:12:30.519
<v Speaker 1>All right, final part of our Security Warrior deep dive.

269
00:12:30.559 --> 00:12:32.559
<v Speaker 1>We've covered a lot of ground, a lot.

270
00:12:32.360 --> 00:12:36.559
<v Speaker 2>From social engineering to digital forensics. They have tatt and

271
00:12:36.600 --> 00:12:37.080
<v Speaker 2>mouse game.

272
00:12:37.320 --> 00:12:43.360
<v Speaker 1>Now we're getting proactive, right, anticipating attacks. Log Analysis Intrusion Detection.

273
00:12:43.639 --> 00:12:46.919
<v Speaker 2>Chapter eighteen all about audit trails.

274
00:12:46.840 --> 00:12:50.080
<v Speaker 1>Using logs to see what's happening. It's like a security camera, right, Yeah.

275
00:12:49.879 --> 00:12:52.759
<v Speaker 2>But imagine a camera recording terabytes of footage every day.

276
00:12:52.879 --> 00:12:53.960
<v Speaker 1>That's a lot of data.

277
00:12:54.120 --> 00:12:54.799
<v Speaker 2>Overwhelming.

278
00:12:54.879 --> 00:12:57.440
<v Speaker 1>It's not just collecting logs, it's making sense of them.

279
00:12:57.679 --> 00:12:58.200
<v Speaker 2>Exactly.

280
00:12:58.440 --> 00:13:03.360
<v Speaker 1>Security Warrior talks about automated tools to help sish through.

281
00:13:03.200 --> 00:13:06.879
<v Speaker 2>It all, find those patterns, those anomalies that might mean trouble.

282
00:13:07.000 --> 00:13:09.200
<v Speaker 1>And it's not just reacting to incidents.

283
00:13:09.480 --> 00:13:12.320
<v Speaker 2>No, you can use this to find weaknesses before an attack.

284
00:13:12.519 --> 00:13:16.399
<v Speaker 1>The book has this example. Attackers used an FTP exploit

285
00:13:16.559 --> 00:13:19.679
<v Speaker 1>right to get into a system, right, but by looking

286
00:13:19.720 --> 00:13:22.600
<v Speaker 1>at the FDP logs, investigators trace them.

287
00:13:22.840 --> 00:13:25.639
<v Speaker 2>Even those basic logs can be gold mines. It's knowing

288
00:13:25.679 --> 00:13:26.399
<v Speaker 2>what to look for.

289
00:13:26.559 --> 00:13:29.639
<v Speaker 1>Okay, So logs are one part. What about intrusion detection

290
00:13:29.799 --> 00:13:31.399
<v Speaker 1>systems IDSS.

291
00:13:31.559 --> 00:13:35.399
<v Speaker 2>Ah? Yes, these actively monitor everything.

292
00:13:35.080 --> 00:13:38.159
<v Speaker 1>Network, traffic system activity, the whole shebang.

293
00:13:37.799 --> 00:13:40.120
<v Speaker 2>Like a guard dog, always watching. Now they come in

294
00:13:40.120 --> 00:13:45.279
<v Speaker 2>different types, right right, network based, looking at traffic, post based,

295
00:13:45.559 --> 00:13:46.840
<v Speaker 2>checking individual computers.

296
00:13:46.919 --> 00:13:48.639
<v Speaker 1>The book says picking the right one.

297
00:13:48.519 --> 00:13:53.720
<v Speaker 2>Is crucial, absolutely, sensitivity and specificity. One of those sensitivity

298
00:13:53.840 --> 00:13:56.600
<v Speaker 2>is how good it is at spotting real threats, got it.

299
00:13:57.039 --> 00:13:59.600
<v Speaker 2>Specificity is how often it raises false alarms.

300
00:14:00.080 --> 00:14:00.320
<v Speaker 1>Ah.

301
00:14:00.840 --> 00:14:03.960
<v Speaker 2>You don't want a system that barks at every squirrel eh, too.

302
00:14:03.879 --> 00:14:06.799
<v Speaker 1>Much noise, right, you'll miss the real danger exactly.

303
00:14:07.120 --> 00:14:09.159
<v Speaker 2>But you also don't want one that's too laid back,

304
00:14:09.399 --> 00:14:10.399
<v Speaker 2>sleeps through a break in.

305
00:14:10.559 --> 00:14:12.399
<v Speaker 1>So it's finding that balance.

306
00:14:12.080 --> 00:14:13.600
<v Speaker 2>The right IDs for your needs.

307
00:14:14.039 --> 00:14:19.559
<v Speaker 1>The book also mentions Baesian analysis, combining data from different places.

308
00:14:19.159 --> 00:14:23.399
<v Speaker 2>Like multiple witnesses to a crime. Yeah, more evidence, clearer picture.

309
00:14:23.600 --> 00:14:26.240
<v Speaker 1>No, something I always thought was cool. Honey pots.

310
00:14:26.440 --> 00:14:30.639
<v Speaker 2>Ah. Yes, decoy systems intentionally vulnerable.

311
00:14:30.200 --> 00:14:32.639
<v Speaker 1>To lure attackers in, distract.

312
00:14:32.159 --> 00:14:34.799
<v Speaker 2>Them, gather intel on how they operate.

313
00:14:34.519 --> 00:14:35.600
<v Speaker 1>Turn the tables on them.

314
00:14:35.600 --> 00:14:38.399
<v Speaker 2>That's smart, and Security Warrior actually gives a guide to

315
00:14:38.440 --> 00:14:40.000
<v Speaker 2>setting one up nice.

316
00:14:40.080 --> 00:14:43.559
<v Speaker 1>So it's not just defending, it's learning from the attacks exactly.

317
00:14:43.919 --> 00:14:46.960
<v Speaker 2>And then the book wraps up with incident response, what

318
00:14:47.120 --> 00:14:48.320
<v Speaker 2>to do when a breach.

319
00:14:48.080 --> 00:14:51.639
<v Speaker 1>Happens, like a fire escape plan but for cyber attacks.

320
00:14:51.399 --> 00:14:56.879
<v Speaker 2>Being prepared, reporting procedures, gathering evidence, containment.

321
00:14:57.080 --> 00:14:59.399
<v Speaker 1>They even talk about the legal side of things.

322
00:14:59.240 --> 00:15:02.480
<v Speaker 2>Right, it's not just technical anymore, legal and ethical stuff too.

323
00:15:02.759 --> 00:15:06.440
<v Speaker 1>Man, this deep dive into Security Warrior has been intense.

324
00:15:06.559 --> 00:15:07.799
<v Speaker 2>Intense is a good word for it.

325
00:15:07.919 --> 00:15:11.159
<v Speaker 1>Social engineering, log analysis, intrusion detection.

326
00:15:11.440 --> 00:15:14.799
<v Speaker 2>We've covered it all, the whole spectrum of cybersecurity, what

327
00:15:14.840 --> 00:15:17.200
<v Speaker 2>we're vulnerable to, and how to fight back.

328
00:15:17.559 --> 00:15:20.200
<v Speaker 1>One big thing I learned security it's not a one

329
00:15:20.320 --> 00:15:20.840
<v Speaker 1>time thing.

330
00:15:21.159 --> 00:15:25.360
<v Speaker 2>It's a process, constantly learning, adapting, staying sharp, and I

331
00:15:25.360 --> 00:15:25.679
<v Speaker 2>think the.

332
00:15:25.639 --> 00:15:28.600
<v Speaker 1>Most important takeaway, even in this high tech world, it's

333
00:15:28.639 --> 00:15:29.919
<v Speaker 1>still about people.

334
00:15:29.759 --> 00:15:32.960
<v Speaker 2>The human element. We need to be aware, be active

335
00:15:33.000 --> 00:15:34.960
<v Speaker 2>in protecting our digital lives.

336
00:15:35.159 --> 00:15:37.600
<v Speaker 1>That's a good note to end on. This wraps up

337
00:15:37.600 --> 00:15:40.320
<v Speaker 1>our security Warrior deep dive. We hope you found it

338
00:15:40.320 --> 00:15:44.000
<v Speaker 1>insightful and that you'll keep exploring this world of cybersecurity.

339
00:15:44.159 --> 00:15:45.159
<v Speaker 1>Stay safe out there.