WEBVTT 1 00:00:00.080 --> 00:00:03.520 Welcome curious minds to the deep dive. Today. We are 2 00:00:03.560 --> 00:00:06.480 plunging into a topic that well often triggers a very 3 00:00:06.480 --> 00:00:09.480 specific image, usually a negative one. Hacking. 4 00:00:09.560 --> 00:00:11.199 Yeah, the hooded figure in a dark. 5 00:00:11.080 --> 00:00:14.199 Room exactly, But we're going to try and flip that perception. 6 00:00:15.080 --> 00:00:17.920 Our guide for this deep dive is hacking with Cali 7 00:00:18.000 --> 00:00:20.800 Linux A Guide to Ethical Hacking. 8 00:00:20.559 --> 00:00:22.480 A really solid resource. 9 00:00:22.079 --> 00:00:25.000 And our mission is to pull out the most crucial insights. 10 00:00:25.519 --> 00:00:27.920 We want to show you that understanding hacking isn't just 11 00:00:28.000 --> 00:00:30.679 about seeing a destructive. 12 00:00:30.160 --> 00:00:33.280 Force, right, It's about understanding a methodology. 13 00:00:32.840 --> 00:00:35.960 A methodology you can actually use for protection. Think of 14 00:00:36.000 --> 00:00:41.359 this as your shortcut to being genuinely well informed on cybersecurity. 15 00:00:40.640 --> 00:00:42.679 Getting those aha moments, yeah. 16 00:00:42.520 --> 00:00:46.359 Those moments that reframe how you see digital threats, and 17 00:00:46.439 --> 00:00:49.520 hopefully we'll deliver enough unexpected facts to keep you hooked. 18 00:00:49.880 --> 00:00:52.679 Well. What's really fascinating here, I think, is the paradox. 19 00:00:53.200 --> 00:00:57.439 To truly defend against hacking, you almost have to understand 20 00:00:57.439 --> 00:00:59.399 how it works from the inside. 21 00:00:59.000 --> 00:01:01.520 Learn the enemy's time precisely. 22 00:01:02.119 --> 00:01:05.400 The core idea is that the techniques ethical hackers use 23 00:01:05.799 --> 00:01:08.640 are often identical to the ones malicious actors use. 24 00:01:08.760 --> 00:01:10.599 So it's about taking that knowledge and. 25 00:01:10.599 --> 00:01:13.879 Flipping it, leveraging it for good, turning the hacker's own 26 00:01:13.959 --> 00:01:16.079 playbook into your defense manual. 27 00:01:16.280 --> 00:01:19.519 That's a powerful way to put it. Makes you wonder, though, 28 00:01:19.760 --> 00:01:21.560 do you really need to think like a hacker to 29 00:01:21.599 --> 00:01:25.239 be secure or can you get by without that deep dive. 30 00:01:25.519 --> 00:01:29.079 That's a great question. I think understanding the mindset definitely 31 00:01:29.120 --> 00:01:30.439 helps build better defenses. 32 00:01:30.599 --> 00:01:33.439 We're going to break down some complex concepts, make them 33 00:01:33.439 --> 00:01:36.640 really digestible for you, actionable knowledge by the end. So 34 00:01:36.719 --> 00:01:40.519 let's start with that stereotype. You hear hacker, You think villain, 35 00:01:40.680 --> 00:01:41.799 simple as that for most. 36 00:01:41.599 --> 00:01:42.760 People, the default image. 37 00:01:42.840 --> 00:01:45.319 Yeah, well what if I told you the landscape is 38 00:01:45.760 --> 00:01:50.079 well way more nuanced. Different types, similar skills maybe, but 39 00:01:50.200 --> 00:01:52.079 totally different motivations driving them. 40 00:01:52.359 --> 00:01:55.040 That's absolutely right. It's not black and white, even though 41 00:01:55.079 --> 00:01:58.319 we talk about them using hat colors, black ass white 42 00:01:58.359 --> 00:02:01.879 hats exactly. So on end, you got the black cat hackers. 43 00:02:01.920 --> 00:02:04.079 These are the ones most people think of the bad actors. 44 00:02:04.239 --> 00:02:07.040 They find vulnerabilities and exploit them purely for you know, 45 00:02:07.239 --> 00:02:11.879 financial gain, maybe espionage, or just causing trouble. They don't 46 00:02:11.879 --> 00:02:12.439 care about the. 47 00:02:12.360 --> 00:02:16.159 Harm, So stealing credit cards, messing with big systems that. 48 00:02:16.159 --> 00:02:19.400 Kind of thing, yeah, or shutting down networks entirely. And 49 00:02:19.439 --> 00:02:22.840 these aren't just lone wolves. They can range from like 50 00:02:23.120 --> 00:02:27.960 teenagers messing around to really sophisticated organized crime groups or 51 00:02:27.960 --> 00:02:29.000 even nation states. 52 00:02:29.240 --> 00:02:31.439 Wow, okay, serious stuff. 53 00:02:31.680 --> 00:02:36.120 Their goal is always self serving profit disruption. Whatever the 54 00:02:36.159 --> 00:02:38.199 fallout for others doesn't matter. 55 00:02:38.280 --> 00:02:41.400 Then you mentioned another color, a sort of middle ground. 56 00:02:41.479 --> 00:02:43.560 Yeah, this is where it gets really interesting. The gray 57 00:02:43.599 --> 00:02:46.240 hat hackers. They kind of live in this murky area 58 00:02:46.319 --> 00:02:49.759 between black and white. How so, well, they do break rules. 59 00:02:49.800 --> 00:02:53.439 They might access systems with that permission, which is technically 60 00:02:53.520 --> 00:02:55.000 illegal and definitely unethical. 61 00:02:55.039 --> 00:02:56.479 Okay, so still breaking in But. 62 00:02:56.560 --> 00:02:58.599 And this is the key difference. They don't usually have 63 00:02:58.719 --> 00:03:03.400 malicious intent. Goal isn't typically personal gain or causing harm. 64 00:03:03.120 --> 00:03:03.879 So why do it. 65 00:03:04.120 --> 00:03:07.199 Often it's to expose a vulnerability. Maybe they tell the 66 00:03:07.199 --> 00:03:11.159 company directly. Sometimes they go public with it, basically trying 67 00:03:11.159 --> 00:03:12.000 to force. 68 00:03:11.879 --> 00:03:15.039 A fix, like, hey, fix your stuff, even if nobody 69 00:03:15.080 --> 00:03:16.120 asked them exactly. 70 00:03:16.199 --> 00:03:21.719 It's controversial obviously. Yeah, companies don't usually appreciate unsolicited penetration testing. 71 00:03:21.879 --> 00:03:24.039 I can imagine. And then the good guys. 72 00:03:24.240 --> 00:03:26.639 Then you have the white hat hackers. These are the 73 00:03:26.639 --> 00:03:30.560 ethical hackers, computer security professional. One's doing it legally, yes, 74 00:03:30.960 --> 00:03:35.520 with explicit permission. They are hired by organizations to test systems, 75 00:03:35.960 --> 00:03:38.560 find weaknesses, assess security, so. 76 00:03:38.479 --> 00:03:40.800 They're trying to find the holes before the black hats do. 77 00:03:41.039 --> 00:03:44.400 Precisely. These the exact same tools, the same methodologies as 78 00:03:44.439 --> 00:03:48.360 black hats, but their intention is purely protective. They want 79 00:03:48.400 --> 00:03:49.800 to help the company secure itself. 80 00:03:49.919 --> 00:03:53.240 So it really boils down to intent, doesn't it. What 81 00:03:53.280 --> 00:03:55.919 they do is similar, but the why is completely different. 82 00:03:56.000 --> 00:04:02.000 That's the core takeaway, black gray white. The techniques overlap massively, 83 00:04:02.280 --> 00:04:03.919 it's the motivation that defines them. 84 00:04:04.159 --> 00:04:07.560 Okay, that hat distinction really helps clarify things. It's not 85 00:04:07.599 --> 00:04:10.280 just one big scary monster. And you mentioned the process 86 00:04:10.319 --> 00:04:12.080 isn't just random chaos either. 87 00:04:12.039 --> 00:04:15.439 Not at all. It's actually very methodical. Whether it's ethical 88 00:04:15.520 --> 00:04:19.279 testing or a malicious attack, there's usually a logical flow, 89 00:04:19.399 --> 00:04:22.040 a blueprint, typically five phases. 90 00:04:22.160 --> 00:04:23.800 Five phases. Okay, what's phase one? 91 00:04:23.920 --> 00:04:28.839 Phase one is reconnaissance information gathering, and honestly, this might 92 00:04:28.879 --> 00:04:29.959 be the most important phase. 93 00:04:30.079 --> 00:04:31.600 Laying the groundwork exactly. 94 00:04:31.759 --> 00:04:34.199 You collect as much data as possible about the target 95 00:04:34.399 --> 00:04:36.720 before you even try to interact with their systems directly. 96 00:04:36.959 --> 00:04:37.720 How do they do that? 97 00:04:38.199 --> 00:04:41.240 Well, there are two main types. Passive reconnaissance is where 98 00:04:41.240 --> 00:04:44.439 you don't touch the target systems at all, no direct interaction, 99 00:04:44.600 --> 00:04:46.079 so no trace left behind. 100 00:04:46.439 --> 00:04:48.319 Like what just googling them? 101 00:04:48.480 --> 00:04:52.879 Yeah, Google searches, looking at their public website, checking job postings. 102 00:04:52.879 --> 00:04:56.120 It can tell you what tech they use, whois, lookups 103 00:04:56.120 --> 00:04:59.480 for domain info, public records. You're just observing. 104 00:04:59.639 --> 00:05:00.560 Okay, makes sense. 105 00:05:00.839 --> 00:05:04.439 And the other type, that's active reconnaissance. Now you were 106 00:05:04.439 --> 00:05:06.120 interacting directly with the target. 107 00:05:06.360 --> 00:05:09.160 Uh oh, riskier, definitely riskier. 108 00:05:09.279 --> 00:05:13.920 You could leave footprints. This might involve making phone calls, 109 00:05:13.959 --> 00:05:17.120 maybe trying to trick employees into giving up info, or 110 00:05:17.240 --> 00:05:20.120 using tools like ping to see if systems are online. 111 00:05:20.199 --> 00:05:22.600 Phone calls like pretending to be IT support. 112 00:05:22.800 --> 00:05:26.360 That's a classic example of social engineering. Yes, yeah, manipulating 113 00:05:26.360 --> 00:05:27.439 people to get information. 114 00:05:27.639 --> 00:05:30.600 And you mentioned dumpster diving earlier. Seriously. 115 00:05:30.759 --> 00:05:33.399 Oh yeah, sounds low tech, but you'd be surprised what 116 00:05:33.519 --> 00:05:37.920 people throw out, old bills, internal memos, contact lists. It 117 00:05:37.959 --> 00:05:39.600 can be a gold mine for reconnaissance. 118 00:05:39.800 --> 00:05:44.160 Wow. Okay, so that's phase one. Gather intel passively or actively? 119 00:05:44.519 --> 00:05:48.319 What's next phase? Two is scanning. Now you start probing 120 00:05:48.360 --> 00:05:52.040 the target more directly, using the intel from reconnaissance probing. 121 00:05:52.120 --> 00:05:57.000 How with specialized tools vulnerability scanners, network mappers, port scanners, 122 00:05:57.240 --> 00:05:59.240 you're trying to find specific. 123 00:05:58.680 --> 00:06:00.759 Weaknesses like open door and windows. 124 00:06:00.839 --> 00:06:03.600 Exactly what ports are open, what services are running on 125 00:06:03.639 --> 00:06:06.199 those ports, what operating systems are they using. You can 126 00:06:06.240 --> 00:06:08.439 often tell the OS by how it responds to certain 127 00:06:08.480 --> 00:06:09.199 network probes. 128 00:06:09.279 --> 00:06:10.720 So you're building a detailed map. 129 00:06:10.759 --> 00:06:15.199 Now, a very detailed map. Tools like wireshark can even 130 00:06:15.240 --> 00:06:18.680 sniff network traffic, trying to capture data packets to understand 131 00:06:18.680 --> 00:06:21.639 the network layout, maybe even grab passwords if the traffic 132 00:06:21.720 --> 00:06:22.360 isn't encrypted. 133 00:06:22.519 --> 00:06:26.279 Okay, reconnaissance, than scanning phase three must be. 134 00:06:27.800 --> 00:06:31.439 Getting in phase three gaining access. This is where the 135 00:06:31.480 --> 00:06:35.560 actual hacking often happens, exploiting the vulnerabilities found during scanning. 136 00:06:35.720 --> 00:06:38.279 How what kind of exploits. 137 00:06:37.920 --> 00:06:40.680 It could be anything from launching a denial of service 138 00:06:40.680 --> 00:06:43.680 attack to disrupt things and maybe reveal a hidden weakness, 139 00:06:44.079 --> 00:06:47.480 to something like session hijacking, where you steal someone's active 140 00:06:47.519 --> 00:06:48.000 log in. 141 00:06:47.920 --> 00:06:49.560 Session so you take over their connection. 142 00:06:50.160 --> 00:06:53.839 Essentially, yes, but honestly, a lot of the time gaining 143 00:06:53.879 --> 00:06:57.319 access isn't about some super complex technical trick. No, No, 144 00:06:57.439 --> 00:06:59.720 It often comes down to human error. Someone clicks a 145 00:06:59.720 --> 00:07:03.120 bad link in an email, uses a weak password, shares 146 00:07:03.160 --> 00:07:05.480 info they shouldn't. The human factor is. 147 00:07:05.480 --> 00:07:07.399 Huge, always the weakest link, very often. 148 00:07:07.399 --> 00:07:11.240 Okay, So Phase four you're in, Now what stay hidden? 149 00:07:11.439 --> 00:07:14.040 Maintaining access? That's the goal. You want to make sure 150 00:07:14.040 --> 00:07:16.079 you can get back in later undetected. 151 00:07:16.160 --> 00:07:17.040 How do they manage that? 152 00:07:17.360 --> 00:07:21.079 By installing things like backdoors, maybe trojans or root kits. 153 00:07:21.600 --> 00:07:24.480 These give them persistent access and while they're in they 154 00:07:24.480 --> 00:07:29.279 could be doing anything monitoring emails, watching user activity, sniffing 155 00:07:29.279 --> 00:07:33.519 more network traffic, installing keyloggers to capture passwords. The goal 156 00:07:33.600 --> 00:07:37.120 is to remain invisible. As the guide says, the quieter 157 00:07:37.240 --> 00:07:39.720 you are, the easier it is to stay put. 158 00:07:40.040 --> 00:07:42.759 Stealth is key. Okay. That leads to the final phase, 159 00:07:43.399 --> 00:07:44.360 covering their tracks. 160 00:07:44.480 --> 00:07:48.519 Phase five. Clearing the tracks absolutely critical for the attacker. 161 00:07:48.759 --> 00:07:50.959 You have to remove all evidence you were ever there. 162 00:07:51.160 --> 00:07:53.000 Why, just so they don't get caught. 163 00:07:53.319 --> 00:07:56.000 That's part of it avoiding attribution, but it's also to 164 00:07:56.079 --> 00:07:58.399 ensure they can keep using that access they established in 165 00:07:58.439 --> 00:08:02.519 phase four. It finds the logs showing the intrusion. They'll 166 00:08:02.560 --> 00:08:04.639 patch the hole and kick the hacker out. 167 00:08:04.759 --> 00:08:06.319 So they delete logs, alter. 168 00:08:06.279 --> 00:08:11.000 Records exactly, overwrite system logs, delete specific event entries, destroy 169 00:08:11.040 --> 00:08:13.800 any files they created, make it look like nothing ever happened. 170 00:08:14.040 --> 00:08:15.399 Anonymity in persistence. 171 00:08:15.560 --> 00:08:20.240 Wow, that five phase processes. Well, it's logical, almost clinical. 172 00:08:20.879 --> 00:08:24.600 Scary stuff it is, but understanding it is crucial, right. 173 00:08:24.480 --> 00:08:27.040 Because now we pivot, we move from the offense to 174 00:08:27.079 --> 00:08:32.360 the defense, building that digital armor you mentioned. Let's talk cybersecurity. 175 00:08:32.519 --> 00:08:37.440 Yes, cybersecurity is basically the state or the process of 176 00:08:37.559 --> 00:08:42.200 protecting and recovering systems, your programs, devices, networks, protecting them 177 00:08:42.240 --> 00:08:43.200 from cyber attacks. 178 00:08:43.559 --> 00:08:46.240 And why is this so critical? I mean beyond the 179 00:08:46.360 --> 00:08:48.600 obvious for big companies, it's. 180 00:08:48.480 --> 00:08:52.000 Critical for everyone. On a personal level, think identity theft, 181 00:08:52.360 --> 00:08:55.919 maybe extortion, attempts to using your data, losing irreplaceable things 182 00:08:55.960 --> 00:08:57.200 like photos or documents. 183 00:08:57.360 --> 00:08:59.000 Yeah, losing photos be awful. 184 00:08:59.279 --> 00:09:02.679 And on a lart it's about protecting critical infrastructure. Think 185 00:09:02.720 --> 00:09:06.519 about financial systems, hospitals, power grids. A successful attack there 186 00:09:06.759 --> 00:09:08.840 could be catastrophic for society. 187 00:09:09.039 --> 00:09:11.919 So how do we actually do cybersecurity effectively? Is it 188 00:09:12.039 --> 00:09:13.919 just about Buying the best software. 189 00:09:14.080 --> 00:09:18.159 Software is important, definitely, but a truly successful approach needs 190 00:09:18.279 --> 00:09:21.159 three core components working together. It's like a three legged stool. 191 00:09:21.240 --> 00:09:22.320 Okay, what are the legs? 192 00:09:22.480 --> 00:09:25.360 First leg, people were already touched on this. Users are 193 00:09:25.360 --> 00:09:29.919 offered the weakest link, So awareness, training, enforcing basic security hygiene. 194 00:09:30.159 --> 00:09:33.879 It's vital, like strong passwords, not clicking weird links. 195 00:09:33.600 --> 00:09:39.200 Exactly, backing up data, being skeptical of unexpected attachments. Simple stuff, 196 00:09:39.399 --> 00:09:41.120 but consistently doing it is hard. 197 00:09:41.240 --> 00:09:43.960 Got it? People? What's leg number two? 198 00:09:44.039 --> 00:09:48.120 Process? You need a framework, a plan for how your 199 00:09:48.200 --> 00:09:52.759 organization handles security, plan for what for everything? How do 200 00:09:52.799 --> 00:09:55.799 you identify threats? How do you protect your systems? How 201 00:09:55.799 --> 00:09:57.720 do you detect an attack if it happens, how do 202 00:09:57.759 --> 00:10:00.639 you respond and how do you recover afterwards? It needs 203 00:10:00.639 --> 00:10:01.960 to be documented and practiced. 204 00:10:02.200 --> 00:10:05.399 Makes sense. People process, and the third leg must be 205 00:10:05.440 --> 00:10:05.840 the tech. 206 00:10:05.960 --> 00:10:09.720 Third leg technology. These are the tools that help you 207 00:10:09.720 --> 00:10:14.000 protect things. Email security filters, good anti virus and anti malware, 208 00:10:14.399 --> 00:10:19.399 DNAs filtering to block bad websites, next generation firewalls, essential tools. 209 00:10:19.600 --> 00:10:23.200 So people process technology. All three need to be strong. 210 00:10:23.279 --> 00:10:25.639 They have to work together. You can have the best tech, 211 00:10:25.799 --> 00:10:28.000 but if people bypass it or there's no process for 212 00:10:28.080 --> 00:10:29.240 using it, it won't help much. 213 00:10:29.399 --> 00:10:31.480 So for you listening, the takeaway here is you don't 214 00:10:31.519 --> 00:10:34.639 need to be a cybersecurity guru to start defending yourself. 215 00:10:35.399 --> 00:10:38.440 Just understanding the kinds of threats out there, understanding the 216 00:10:38.519 --> 00:10:43.159 attacker's strategy. That's a huge first step proactive defense exactly. 217 00:10:43.519 --> 00:10:45.600 And when we talk about common threats, you'll hear terms 218 00:10:45.639 --> 00:10:52.639 like social engineering, which we mentioned, malware, ransomware that's huge now, phishing, APCs, 219 00:10:53.120 --> 00:10:56.960 or advanced persistent threats, which are more sophisticated targeted attacks. 220 00:10:57.279 --> 00:11:00.679 So many terms, yeah, but generally attacks ten target one 221 00:11:00.720 --> 00:11:06.200 of three things. Confidentiality, trying to steal your data your secrets, integrity, 222 00:11:06.240 --> 00:11:09.600 trying to change or destroy your data, maybe spread disinformation, 223 00:11:10.480 --> 00:11:13.639 or availability trying to block your access to your systems 224 00:11:13.720 --> 00:11:16.639 or data, like in a ransomware attack. Understanding those goals 225 00:11:16.679 --> 00:11:17.960 helps you focus your defenses. 226 00:11:18.039 --> 00:11:20.840 Okay, let's get specific. Then you mentioned malware fishing. Can 227 00:11:20.840 --> 00:11:22.320 we break down a few of the big ones, how 228 00:11:22.320 --> 00:11:24.080 they actually work, what you should look out for. 229 00:11:24.200 --> 00:11:26.440 Sure. Let's start with malware. It's really just a catch 230 00:11:26.440 --> 00:11:30.000 all term for any kind of malicious software software designed 231 00:11:30.039 --> 00:11:33.799 to damage stuff, steal data, or just generally cause problems. 232 00:11:33.840 --> 00:11:35.159 What motivates it money? 233 00:11:35.440 --> 00:11:38.559 Often money, yeah, but it could also be protest, espionage, 234 00:11:38.679 --> 00:11:40.559 even cyber warfare between nations. 235 00:11:40.600 --> 00:11:44.240 And there are different types right you mentioned viruses trojans. 236 00:11:43.799 --> 00:11:47.279 Lots of types. Viruses attach themselves to clean files and 237 00:11:47.320 --> 00:11:50.600 spread when those files are opened or shared. Trojans disguise 238 00:11:50.639 --> 00:11:54.399 themselves as legitimate software, tricking you into installing them. Then 239 00:11:54.399 --> 00:11:56.879 they often open a backdoor for other malware s meiky 240 00:11:57.360 --> 00:12:01.879 very spyware hides on your system, records, what you do, websites, 241 00:12:01.919 --> 00:12:05.480 you visit, passwords you type. Worms are nasty because they 242 00:12:05.480 --> 00:12:08.840 can self replicate and spread across entire networks without any 243 00:12:08.919 --> 00:12:09.440 human help. 244 00:12:09.519 --> 00:12:09.840 Yikes. 245 00:12:10.480 --> 00:12:13.320 Ransomware, as we said, locks your files or your whole 246 00:12:13.320 --> 00:12:17.759 computer and demands payment to unlock it. Adware isn't always malicious, 247 00:12:18.000 --> 00:12:20.279 but it can be super annoying with pop up ads 248 00:12:20.480 --> 00:12:24.559 and sometimes opens up security holes. And botnets are networks 249 00:12:24.559 --> 00:12:28.039 of already infected computers controlled remotely by a hacker, often 250 00:12:28.120 --> 00:12:30.080 used to launch other attacks like dias. 251 00:12:30.240 --> 00:12:31.840 There's a lot of bad software. How do you even 252 00:12:31.879 --> 00:12:33.639 detect it all? Some sound pretty. 253 00:12:33.399 --> 00:12:37.679 Hidden, some are obvious like ransomware locking your screen. Others 254 00:12:37.960 --> 00:12:41.559 like spyware or trojans are designed to hide worms and 255 00:12:41.639 --> 00:12:44.840 viruses might not show symptoms immediately. Your best bet is 256 00:12:44.919 --> 00:12:48.480 good up to date anti malware software that uses multiple 257 00:12:48.519 --> 00:12:52.960 detection methods, including behavioral analysis, not just looking for known signatures, 258 00:12:53.399 --> 00:12:55.240 and real time scanning is key. 259 00:12:55.320 --> 00:12:58.919 Okay, anti malware is a must. What about phishing? You 260 00:12:58.919 --> 00:13:00.320 said that social engineer. 261 00:13:00.279 --> 00:13:04.840 Phishing is all about deception, using fake emails, texts, sometimes 262 00:13:04.879 --> 00:13:07.480 even phone calls that look like they're from a legitimate 263 00:13:07.519 --> 00:13:10.919 source your bank, maybe a big tech company, the tax. 264 00:13:10.679 --> 00:13:11.840 Office trying to trick you. 265 00:13:12.039 --> 00:13:14.279 Try to trick you into giving up sensitive info log 266 00:13:14.320 --> 00:13:17.960 in details, credit card numbers, personal data. The exploit trust. 267 00:13:18.159 --> 00:13:20.360 What are the telltale signs the red flags? 268 00:13:20.440 --> 00:13:22.879 Lookout for offers that seem way too good to be true, 269 00:13:23.399 --> 00:13:26.600 a sudden sense of urgency. Act now, or your account 270 00:13:26.600 --> 00:13:29.399 will be closed UF. Watch out for hyperlinks that look okay, 271 00:13:29.480 --> 00:13:31.840 but if you hover your mouse over them, the actual 272 00:13:31.840 --> 00:13:34.519 web address they point to is different and dodgy. 273 00:13:34.799 --> 00:13:36.840 Ah. The hover trick good one. 274 00:13:36.960 --> 00:13:41.080 Always hover. Unexpected attachments are another big one, especially from 275 00:13:41.120 --> 00:13:44.360 senders you don't know well and just generally check the 276 00:13:44.399 --> 00:13:48.639 sender's email address carefully look for typos or weird domain names. 277 00:13:49.000 --> 00:13:51.679 If in doubt, don't click the link. Go directly to 278 00:13:51.720 --> 00:13:55.039 the official website yourself by typing the address in your browser. 279 00:13:55.759 --> 00:13:58.919 Better safe than sorry. Okay, what about this man in 280 00:13:58.919 --> 00:14:01.639 the middle thing? Sounds like someone eavesdropping. 281 00:14:01.919 --> 00:14:05.799 It's more than eavesdropping. A man in the middle MITM 282 00:14:05.840 --> 00:14:09.519 attack is where the attracker secretly positions themselves between two 283 00:14:09.639 --> 00:14:13.600 communicating parties. Imagine you're talking to your bank online. The 284 00:14:13.679 --> 00:14:17.480 MITM attacker intercepts your communication, talks to the bank pretending 285 00:14:17.480 --> 00:14:19.679 to be you, and talks to you pretending to be 286 00:14:19.720 --> 00:14:20.039 the bank. 287 00:14:20.120 --> 00:14:23.399 Whoa so they can see everything and change it. 288 00:14:23.480 --> 00:14:27.279 Potentially, Yes, they could relay messages just listening in, or 289 00:14:27.320 --> 00:14:29.600 they could alter the data and transit. Like you think 290 00:14:29.639 --> 00:14:32.559 you're sending payment instructions to one account, but the attacker 291 00:14:32.639 --> 00:14:35.000 changes the account number before it reaches the bank. 292 00:14:35.080 --> 00:14:36.879 That's terrified. How does that even happen? 293 00:14:37.320 --> 00:14:40.480 There are a few ways sniffing on insecure networks like 294 00:14:40.519 --> 00:14:44.799 public Wi Fi can capture data. Sidejacking involves stealing your 295 00:14:44.840 --> 00:14:47.720 session cookie after you've logged in, allowing the attacker to 296 00:14:47.759 --> 00:14:51.320 impersonate you, and a really common one is the evil 297 00:14:51.320 --> 00:14:51.960 twin attack. 298 00:14:52.440 --> 00:14:53.159 Evil twin. 299 00:14:53.320 --> 00:14:55.759 Yeah, the attacker sets up a fake Wi Fi hotspot 300 00:14:55.799 --> 00:14:59.240 that looks legitimate like free Airport Wi Fi. You connect 301 00:14:59.279 --> 00:15:01.879 to it thinking it's official, but all your traffic is 302 00:15:01.919 --> 00:15:03.720 actually going through the attacker's device. 303 00:15:04.039 --> 00:15:06.759 Oh man, So avoid dodgy public Wi Fi. 304 00:15:07.000 --> 00:15:09.600 Definitely, be very careful on open Wi Fi, use a 305 00:15:09.639 --> 00:15:12.639 VPN if you can, and look for HTTPS a little 306 00:15:12.639 --> 00:15:15.759 padlock in your browser, though even that isn't foolproof against 307 00:15:15.759 --> 00:15:20.480 all MITM techniques. Browser plugins that enforce HTTPS can help, Okay. 308 00:15:20.759 --> 00:15:23.960 Another term people hear a lot denial of service flooding 309 00:15:23.960 --> 00:15:25.159 a website so it crashes. 310 00:15:25.240 --> 00:15:28.559 Pretty much. A denial of service DOS attack aims to 311 00:15:28.600 --> 00:15:31.480 make a machine or a network resource unavailable to its 312 00:15:31.519 --> 00:15:34.919 intended users, usually by flooding the target with so much 313 00:15:35.000 --> 00:15:37.720 traffic or so many requests that it gets overwhelmed and 314 00:15:37.720 --> 00:15:39.799 can't respond to legitimate users. 315 00:15:39.480 --> 00:15:40.879 Like a digital traffic jam. 316 00:15:40.879 --> 00:15:43.879 Good analogy. Now there's a key difference between DOS and 317 00:15:43.960 --> 00:15:46.919 d DOS. A regular DOS attack usually comes from a 318 00:15:46.960 --> 00:15:51.159 single source, a single attacker machine, that makes it relatively 319 00:15:51.200 --> 00:15:54.679 speaking easier to block. You just block that one IP address. 320 00:15:54.799 --> 00:15:56.600 Okay, so what's d doas? 321 00:15:57.159 --> 00:16:00.919 Distributed denial of service DDAs is much bigger, harder to stop. 322 00:16:01.320 --> 00:16:05.559 The attack traffic comes from many sources simultaneously, often hundreds 323 00:16:05.600 --> 00:16:08.799 or thousands of compromised computers around the world, forming that 324 00:16:08.840 --> 00:16:10.000 botnet we talked about. 325 00:16:09.799 --> 00:16:12.159 Earlier, ah, the zombie computer army. 326 00:16:12.279 --> 00:16:15.559 Exactly. Because the attack is distributed, it's much harder to 327 00:16:15.559 --> 00:16:17.960 filter out the bad traffic from the good, and harder 328 00:16:18.000 --> 00:16:21.399 to block all the sources. And sometimes a DIDAS attack 329 00:16:21.480 --> 00:16:22.919 is actually just a distraction, a. 330 00:16:22.879 --> 00:16:23.879 Distraction for what. 331 00:16:24.240 --> 00:16:26.279 While the security team is scrambling to deal with the 332 00:16:26.320 --> 00:16:29.399 d'idas flood, the attackers might be trying something else in 333 00:16:29.440 --> 00:16:32.080 the background, maybe trying to breach the firewall or steal 334 00:16:32.159 --> 00:16:34.200 data while everyone's attention is elsewhere. 335 00:16:34.240 --> 00:16:38.559 Clever, nasty, but clever. Okay. One more zero day exploits. 336 00:16:38.639 --> 00:16:39.399 That sounds bad. 337 00:16:39.639 --> 00:16:43.600 It is bad. A zero day exploit targets of vulnerability 338 00:16:43.639 --> 00:16:48.000 in software that is known to the software vendor, but 339 00:16:48.039 --> 00:16:50.679 they haven't released a patch or fixed for it yet, So. 340 00:16:50.600 --> 00:16:52.799 The vendor knows it's broken but hasn't fixed it. 341 00:16:53.000 --> 00:16:56.279 Right, And because there's no official fix, attackers who discover 342 00:16:56.480 --> 00:16:59.840 or buy the exploit have a window of opportunity zero 343 00:17:00.080 --> 00:17:03.720 days of protection for users to exploit that flaw before 344 00:17:03.759 --> 00:17:05.000 a patch becomes available. 345 00:17:05.039 --> 00:17:05.920 What can they do with it? 346 00:17:06.319 --> 00:17:08.960 Put the flaw can allow them to steal data, take 347 00:17:09.000 --> 00:17:12.160 control of the system, install other malware. It can be 348 00:17:12.240 --> 00:17:12.880 very serious. 349 00:17:13.000 --> 00:17:14.960 How do you protect against something that doesn't have a 350 00:17:15.000 --> 00:17:15.640 fix yet? 351 00:17:15.920 --> 00:17:20.759 It's tough. Proactive defense helps. Having security software that uses 352 00:17:20.799 --> 00:17:25.000 heuristics or behavioral analysis might catch the exploits actions, even 353 00:17:25.039 --> 00:17:28.200 if this doesn't know the specific vulnerability signature. But the 354 00:17:28.240 --> 00:17:32.440 most important reactive measure is patching religiously and sall updates 355 00:17:32.440 --> 00:17:35.079 and patches for your operating system and applications as soon 356 00:17:35.119 --> 00:17:38.559 as they become available. Those patches often fixed newly discovered 357 00:17:38.680 --> 00:17:41.720 zero days and good security habits always help produce your 358 00:17:41.720 --> 00:17:42.359 overall risk. 359 00:17:42.640 --> 00:17:45.160 Okay, so understanding these threats is one thing, but we 360 00:17:45.240 --> 00:17:48.880 need to be proactive, right you said think like a hacker. 361 00:17:49.480 --> 00:17:52.039 Does that mean like scanning our own networks? 362 00:17:52.559 --> 00:17:55.160 Absolutely, you need to know what you look like from 363 00:17:55.160 --> 00:17:58.759 the outside and what's running on the inside. Regularly scanning 364 00:17:58.759 --> 00:18:02.039 your own servers and network segments is crucial, even if 365 00:18:02.079 --> 00:18:03.200 you think you know it's there. 366 00:18:03.359 --> 00:18:05.079 Why what are you looking for? 367 00:18:05.240 --> 00:18:10.440 You're looking for the same things a hacker would look for. Vulnerabilities, misconfigurations, 368 00:18:10.599 --> 00:18:14.559 maybe devices you forgot were even connected, undocumented service is running. 369 00:18:15.319 --> 00:18:19.039 Ask yourself, what are my most critical assets? Where are 370 00:18:19.039 --> 00:18:20.359 my potential weak spots? 371 00:18:20.519 --> 00:18:21.799 What kind of things should you check? 372 00:18:21.880 --> 00:18:28.119 Everything connected? Your routers, switches, firewalls, all the devices, workstations, laptops, 373 00:18:28.160 --> 00:18:33.079 tablet servers. Check the operating systems, the web servers, any applications, databases, 374 00:18:33.319 --> 00:18:36.720 email servers, print servers. Get a full inventory and check 375 00:18:36.720 --> 00:18:37.960 their status and configuration. 376 00:18:38.200 --> 00:18:39.359 That sounds like a lot of work. 377 00:18:39.839 --> 00:18:43.160 It can be, but it's essential for understanding your attack surface. 378 00:18:43.440 --> 00:18:44.839 You need to know what you're defending. 379 00:18:45.200 --> 00:18:47.480 And it's not just about what's on the network right, 380 00:18:47.519 --> 00:18:51.759 it's also about what information about you or your business 381 00:18:51.839 --> 00:18:54.119 is just out there publicly available. 382 00:18:54.240 --> 00:18:57.200 That's a really important point. Do an EGOSURF search for 383 00:18:57.279 --> 00:19:01.240 yourself or your company online. What pops up, contact details, 384 00:19:01.400 --> 00:19:05.640 press releases, maybe technical papers, patent filings. Hackers use this 385 00:19:05.720 --> 00:19:07.400 for reconnaissance, so find. 386 00:19:07.160 --> 00:19:09.480 Out what they can find out easily exactly. 387 00:19:09.920 --> 00:19:13.400 Use tools like whois to see what information is public 388 00:19:13.440 --> 00:19:16.720 in your domain registration, check forums or groups related to 389 00:19:16.720 --> 00:19:20.440 your industry. Sometimes internal info gets leaked or discussed there. 390 00:19:20.559 --> 00:19:23.440 If you find sensitive stuff publicly posted, try to get 391 00:19:23.440 --> 00:19:24.039 it taken down. 392 00:19:24.200 --> 00:19:28.079 Good tip, So inventory your internal stuff, check your external footprint. 393 00:19:28.559 --> 00:19:31.720 What else, map it out? Actually create a visual diagram 394 00:19:31.759 --> 00:19:35.279 of your network. Understand the layout how things connect helps 395 00:19:35.319 --> 00:19:37.880 you spot potential issues or choke points much more easily. 396 00:19:37.880 --> 00:19:38.759 See the whole picture. 397 00:19:39.039 --> 00:19:43.279 Yeah, then you can run specific scans ethically on yourself. 398 00:19:43.680 --> 00:19:46.920 Check those whois details again. Scan your internal network to 399 00:19:46.920 --> 00:19:49.799 see what hosts are responding and what ports are open internally. 400 00:19:50.279 --> 00:19:53.599 Use ping utilities to check reachability, and run external port 401 00:19:53.640 --> 00:19:56.880