1 00:00:00,150 --> 00:00:05,820 Hey, Lou, everybody, welcome to my advanced ethical hacking, networking, penetration testing calls. 2 00:00:16,430 --> 00:00:23,870 As we have talked earlier and the previous videos, so we have showed you how you can make a connection 3 00:00:23,870 --> 00:00:31,010 or form your browser and with your purpose with so that we can get a HGP s connection. 4 00:00:31,450 --> 00:00:32,390 Well, what now? 5 00:00:32,570 --> 00:00:39,620 So we can use burb street but are going to choose a very well-known tool, which is Itoh Cup, so that 6 00:00:39,620 --> 00:00:42,140 we can make an IED attack. 7 00:00:42,410 --> 00:00:42,920 So what is it? 8 00:00:42,920 --> 00:00:43,610 My team attacked. 9 00:00:43,730 --> 00:00:47,270 It is the abbreviation of the main in Dimitar attack. 10 00:00:47,630 --> 00:00:49,730 So what is it? 11 00:00:49,960 --> 00:00:56,150 So if this computer is sacred, you secure, you get to know our whole. 12 00:00:56,240 --> 00:00:57,190 You will click. 13 00:00:57,620 --> 00:01:05,480 You got to know how you enter your credentials because your device might get secured by a very well 14 00:01:05,480 --> 00:01:10,550 set of firewall or or antivirus and stuff like that. 15 00:01:10,610 --> 00:01:18,200 But you you ignore the principle, the principles of security, then I'm telling you. 16 00:01:18,440 --> 00:01:25,460 So you will get into trouble, because the first thing first, the security is how your mind is set. 17 00:01:25,830 --> 00:01:32,090 Well, when you are on your computer, if you don't care, you were trying to click on everything without 18 00:01:32,090 --> 00:01:39,410 tweeting or you trying to enter your credentials without having a good look on the protocol. 19 00:01:39,710 --> 00:01:40,640 So I'm telling you. 20 00:01:40,670 --> 00:01:42,020 So you will get into trouble. 21 00:01:42,350 --> 00:01:50,090 So I will show you how I will make an attack to this computer, my Mac operating system, using my Khaleel 22 00:01:50,090 --> 00:01:50,900 Unix machine. 23 00:01:51,230 --> 00:01:59,480 And then even if this computer is secured, but if I will ignore that and pretending that I will enter 24 00:01:59,690 --> 00:02:05,440 my credentials to some Web, to some Web page. 25 00:02:05,630 --> 00:02:11,270 And then therefore I will get infected by this attack. 26 00:02:11,540 --> 00:02:11,880 OK. 27 00:02:12,110 --> 00:02:12,830 So let me show you. 28 00:02:12,890 --> 00:02:22,660 So as a first thing first, before entering the particular port as its name, say, men in the middle. 29 00:02:22,820 --> 00:02:34,100 That means I'm placing my Ledo Sohn as an attacker between this computer and between my attacker machine. 30 00:02:34,610 --> 00:02:39,620 Therefore, I'm sitting between you and between me. 31 00:02:39,860 --> 00:02:43,150 I mean between you as the victim and between the attacker. 32 00:02:43,460 --> 00:02:44,510 I put my zombie. 33 00:02:44,550 --> 00:02:47,330 Oh, I put my whaleboat or I put my camera. 34 00:02:47,660 --> 00:02:49,490 I put my everything in the middle. 35 00:02:50,030 --> 00:02:53,450 And in the middle of you and I, they'll fall. 36 00:02:54,020 --> 00:02:59,660 I can read what you are trying to put on your computer, what you are typing. 37 00:02:59,720 --> 00:03:01,340 If you go to Facebook, I will see. 38 00:03:01,380 --> 00:03:01,730 Aha. 39 00:03:02,190 --> 00:03:03,560 You went to Facebook. 40 00:03:03,640 --> 00:03:05,670 If any Facebook is interested. 41 00:03:06,070 --> 00:03:06,440 Is. 42 00:03:06,800 --> 00:03:11,680 But I will see that you go to Facebook when I will use my tools and Karlee machine. 43 00:03:11,750 --> 00:03:13,370 So we will show you how to use that. 44 00:03:14,420 --> 00:03:18,980 How to use those, those tools so that you can perform this kind of attack. 45 00:03:19,580 --> 00:03:19,820 OK. 46 00:03:20,240 --> 00:03:24,140 First thing first we are going to arrange or attack a machine. 47 00:03:24,680 --> 00:03:27,470 So we go in to sort of reach roadblocks machine. 48 00:03:28,590 --> 00:03:28,800 OK. 49 00:03:28,970 --> 00:03:31,370 So we go click here to start it. 50 00:03:33,370 --> 00:03:35,200 OK, so this is all previous work. 51 00:03:35,230 --> 00:03:36,230 So it was sent. 52 00:03:36,640 --> 00:03:38,560 So it can just minimize it. 53 00:03:38,560 --> 00:03:39,540 So it's it's program. 54 00:03:39,740 --> 00:03:39,970 OK. 55 00:03:40,420 --> 00:03:41,830 So let's minimize them. 56 00:03:42,100 --> 00:03:42,910 We don't need it. 57 00:03:43,060 --> 00:03:44,140 And this is. 58 00:03:44,620 --> 00:03:45,330 It does not. 59 00:03:45,550 --> 00:03:46,270 We don't need it. 60 00:03:46,860 --> 00:03:47,080 OK. 61 00:03:47,590 --> 00:03:48,850 So first thing for us. 62 00:03:49,060 --> 00:03:54,210 The tool we will use in Tiny Machine is named as etre. 63 00:03:54,230 --> 00:04:00,880 Cup after cup is a very well known tool to perform in demesne in the middle attack. 64 00:04:01,390 --> 00:04:04,300 So tough to start Lubutu application. 65 00:04:04,890 --> 00:04:06,460 Who can just open your terminal? 66 00:04:06,490 --> 00:04:08,470 Let me show you everything for us. 67 00:04:09,460 --> 00:04:20,230 So you you double click or click and choose terminal and you can type it later a cup and meet your cup 68 00:04:21,060 --> 00:04:22,890 in minus G. 69 00:04:23,230 --> 00:04:23,980 Just open it. 70 00:04:24,010 --> 00:04:30,380 But when I go into as many dominoes, because we will of course use two or three morto. 71 00:04:30,380 --> 00:04:38,140 I mean also let's just go here to application applications and staffing and spoofing. 72 00:04:39,170 --> 00:04:39,730 It is. 73 00:04:40,230 --> 00:04:40,930 And we chose it. 74 00:04:41,030 --> 00:04:41,330 Ithaca. 75 00:04:42,110 --> 00:04:42,590 Okay. 76 00:04:42,700 --> 00:04:48,160 So before we have to defeat you, click on unified sniffing. 77 00:04:49,150 --> 00:04:49,460 Okay. 78 00:04:49,630 --> 00:04:51,730 And then the ITO, we choose it. 79 00:04:51,820 --> 00:04:59,410 If your environment is as itoh and then how will you know your environment to know that you open a new 80 00:04:59,410 --> 00:05:00,040 terminal. 81 00:05:00,490 --> 00:05:02,980 And then your your type. 82 00:05:03,280 --> 00:05:07,520 If I don't or so and stuff it. 83 00:05:07,700 --> 00:05:07,970 Okay. 84 00:05:08,090 --> 00:05:08,440 Here. 85 00:05:08,590 --> 00:05:09,400 This is mine. 86 00:05:10,010 --> 00:05:12,640 They'll fall here as the attacker matching. 87 00:05:12,640 --> 00:05:13,690 You will choose this one. 88 00:05:14,230 --> 00:05:15,910 You can click to see mortician's. 89 00:05:15,970 --> 00:05:16,690 So what. 90 00:05:16,690 --> 00:05:20,620 We don't need them because we have this as being or interface. 91 00:05:21,130 --> 00:05:21,520 All right. 92 00:05:21,640 --> 00:05:22,720 So you can click. 93 00:05:22,780 --> 00:05:23,260 Okay. 94 00:05:23,980 --> 00:05:27,810 Now it is unified. 95 00:05:28,780 --> 00:05:32,650 What we can do and therefore so we don't need this terminal anymore. 96 00:05:33,010 --> 00:05:35,870 You can just leave it here and then we will perform here. 97 00:05:36,430 --> 00:05:36,720 Okay. 98 00:05:36,970 --> 00:05:39,400 So what I can show you. 99 00:05:39,760 --> 00:05:40,020 I will. 100 00:05:40,020 --> 00:05:40,270 Sure. 101 00:05:40,270 --> 00:05:44,620 You determine all of them of the Mac machine. 102 00:05:46,600 --> 00:05:46,890 Okay. 103 00:05:46,900 --> 00:05:47,770 Now let me show you. 104 00:05:48,190 --> 00:05:53,970 And tofor is that all warm or Mac machine is. 105 00:05:54,310 --> 00:05:56,710 So let's stay pig. 106 00:05:58,730 --> 00:06:00,250 So let's check it. 107 00:06:00,370 --> 00:06:01,590 Let's check it out. 108 00:06:01,900 --> 00:06:04,550 So it has this IP address. 109 00:06:04,630 --> 00:06:07,590 And then it is on interface E, N, Z. 110 00:06:08,420 --> 00:06:08,940 Okay. 111 00:06:09,250 --> 00:06:10,480 Now we have started. 112 00:06:11,300 --> 00:06:12,400 We are unified. 113 00:06:12,910 --> 00:06:18,220 So what we can do now, we can check how many devices are alone. 114 00:06:18,440 --> 00:06:21,450 Also I mean our in our network, not on it. 115 00:06:23,020 --> 00:06:25,390 And in the network that we are connected. 116 00:06:26,280 --> 00:06:27,150 Be killed for. 117 00:06:27,710 --> 00:06:29,500 We have to be aware of that. 118 00:06:29,920 --> 00:06:39,430 That all attack machine is on which attacker network which would so that it can get this IP address 119 00:06:39,820 --> 00:06:43,030 one nine two six one six eight. 120 00:06:43,070 --> 00:06:43,780 It has to be. 121 00:06:43,870 --> 00:06:45,110 Which hail. 122 00:06:45,280 --> 00:06:46,360 So we can check it out. 123 00:06:46,390 --> 00:06:50,030 Let's see with the moment on network. 124 00:06:50,080 --> 00:06:50,830 It should be. 125 00:06:52,010 --> 00:06:54,180 We unwaged add up the network. 126 00:06:54,340 --> 00:06:54,610 All right. 127 00:06:55,240 --> 00:06:57,550 So now let's go here. 128 00:06:58,150 --> 00:06:59,500 So what we can do now. 129 00:06:59,860 --> 00:07:00,430 So let's go. 130 00:07:00,430 --> 00:07:01,750 Here we go back. 131 00:07:01,820 --> 00:07:08,140 And now we're going to start to sniff or to look for the devices in our environment. 132 00:07:08,500 --> 00:07:13,490 So to do so, we're going to click here on host and then we scan for hosts. 133 00:07:15,450 --> 00:07:16,720 So K. 134 00:07:18,960 --> 00:07:19,190 OK. 135 00:07:19,360 --> 00:07:25,190 As it says that we had six hosts added to the host list, so we can go here now. 136 00:07:26,230 --> 00:07:28,110 Click here on the hostages. 137 00:07:28,510 --> 00:07:33,650 So we will put all men in the middle. 138 00:07:34,660 --> 00:07:38,470 We will put our little men between the gateway. 139 00:07:38,500 --> 00:07:42,340 I mean, we didn't do Walter in all of these devices. 140 00:07:44,050 --> 00:07:51,340 So we're going to add the Walter IP address as being the target one and all of them you as being the 141 00:07:51,340 --> 00:07:57,260 target, too, if you want to know which IP addresses, which devices they are. 142 00:07:57,280 --> 00:08:06,610 So we can type, as we always showed you and mom and mouth and my nose scan network. 143 00:08:07,090 --> 00:08:16,480 And then you put the IP address of the WOLTER one six eight one and one one Solash 24 and then you just 144 00:08:16,680 --> 00:08:16,940 whereas. 145 00:08:17,470 --> 00:08:25,080 So that we can see which which which device belong to which which IP address. 146 00:08:25,290 --> 00:08:25,470 OK. 147 00:08:25,840 --> 00:08:35,580 So we click here and we added here so K and we click here and new police chief so that we select Boler. 148 00:08:36,010 --> 00:08:40,360 And then we add them as being the target to profit. 149 00:08:40,750 --> 00:08:49,990 Now you can just press enter if you want, but he it's not required to do well for these parties, but 150 00:08:50,200 --> 00:08:51,700 just in order so that you can see. 151 00:08:51,900 --> 00:08:52,570 So what percent are. 152 00:08:58,390 --> 00:08:58,790 All right. 153 00:08:59,370 --> 00:09:01,350 You they are gays, you know, so. 154 00:09:01,570 --> 00:09:01,810 OK. 155 00:09:08,780 --> 00:09:12,020 So now it's time to start or attack. 156 00:09:12,210 --> 00:09:16,490 But before that, we have to find a way to monitor all the attack. 157 00:09:16,820 --> 00:09:20,180 So we will use for this DCP dump. 158 00:09:20,450 --> 00:09:21,540 If you want, you can use. 159 00:09:21,670 --> 00:09:22,270 What a shock. 160 00:09:22,340 --> 00:09:23,460 It's not a problem, but. 161 00:09:24,260 --> 00:09:27,410 But for this city to go, we will use DCP don't. 162 00:09:27,650 --> 00:09:34,700 So that we can monitor what the victim is is doing on his computer or on his device. 163 00:09:35,090 --> 00:09:35,480 All right. 164 00:09:35,720 --> 00:09:38,030 So to do so, the first thing for us. 165 00:09:38,420 --> 00:09:47,390 Let me briefly explain how it would be so we would click here on M80 m and then we will start the LPT 166 00:09:47,400 --> 00:09:48,800 poisoning attack. 167 00:09:49,080 --> 00:09:50,810 They'll fall after that. 168 00:09:50,840 --> 00:09:58,550 We will use the TCAP Dome so that we can monitor what the victim is doing on his Web browser or on his 169 00:09:58,550 --> 00:09:59,120 device. 170 00:09:59,560 --> 00:10:02,150 Okay, so we click here to start the attack. 171 00:10:02,750 --> 00:10:08,160 We click here IAP and then we choose sniff, we connection and then we click, OK. 172 00:10:08,320 --> 00:10:09,770 Case to started. 173 00:10:22,820 --> 00:10:27,870 Okay, now let's talk it or DCP dump so we minimize it if we want. 174 00:10:28,430 --> 00:10:36,260 Okay, but before we start this, if you don't, we have to make sure that all IPV fall is setting is 175 00:10:36,260 --> 00:10:40,220 set on to to do so or to check that or to check it. 176 00:10:40,280 --> 00:10:53,630 You have to type cut and walk and seats and net and then you tie IP, let's say IP and you can pay stub 177 00:10:53,980 --> 00:10:54,770 to see which option. 178 00:10:54,780 --> 00:10:56,060 OK, which is the fourth one. 179 00:10:56,390 --> 00:10:57,120 And then. 180 00:10:57,800 --> 00:10:58,170 Yeah. 181 00:10:58,220 --> 00:10:59,270 So what next. 182 00:10:59,330 --> 00:11:01,850 So again we're stuck again and again. 183 00:11:03,380 --> 00:11:04,520 One hundred twenty two. 184 00:11:04,640 --> 00:11:05,690 No we don't need it. 185 00:11:06,230 --> 00:11:07,760 So let's set IP. 186 00:11:10,030 --> 00:11:11,620 IP followed, then replaced Endor. 187 00:11:11,980 --> 00:11:14,980 And then after we can start or disappear, dump comment. 188 00:11:15,340 --> 00:11:17,390 So we did. 189 00:11:19,690 --> 00:11:22,990 Followed by sintered that against me. 190 00:11:24,100 --> 00:11:25,050 Lou. 191 00:11:28,860 --> 00:11:30,180 Oh, we don't call. 192 00:11:30,300 --> 00:11:32,550 Okay, so. 193 00:11:34,950 --> 00:11:35,410 Okay. 194 00:11:35,520 --> 00:11:39,240 Now it is said on Zuhal two city two on one. 195 00:11:39,300 --> 00:11:43,460 So you have to type a call one. 196 00:11:44,130 --> 00:11:55,620 And this now four C's nipped a, b, B for a leap forward. 197 00:11:56,950 --> 00:12:02,460 And so it was under issue B, the modern. 198 00:12:06,790 --> 00:12:11,110 And so, again, you take this. 199 00:12:11,250 --> 00:12:11,470 OK. 200 00:12:11,710 --> 00:12:17,620 Now it's set up on one now so we can try to type or simply dump. 201 00:12:17,940 --> 00:12:20,850 So to do so, we take DCP down. 202 00:12:22,630 --> 00:12:29,560 And it was minus I, which means interface or interface. 203 00:12:29,740 --> 00:12:35,950 When we checked, all I, I, I f confidence was on 80 h each zero. 204 00:12:36,310 --> 00:12:40,820 So we type minus i e pretty is simple. 205 00:12:41,680 --> 00:12:47,590 And then minus N and the code for the pod is 80. 206 00:12:48,040 --> 00:12:52,000 And then now we're going to type the IP address of the victim. 207 00:12:52,240 --> 00:12:56,530 So we can choose a new one of all devices. 208 00:12:56,800 --> 00:12:57,400 Which war. 209 00:12:57,670 --> 00:12:58,840 Which are here. 210 00:12:59,200 --> 00:13:06,610 But as we have seen in I've I've config here or on or Mac address the Mac, I just IP was on one one 211 00:13:06,610 --> 00:13:06,880 two. 212 00:13:06,940 --> 00:13:07,870 So we're going to choose it. 213 00:13:08,560 --> 00:13:08,760 Okay. 214 00:13:09,850 --> 00:13:10,450 Oh my. 215 00:13:10,930 --> 00:13:12,250 It is getting hit. 216 00:13:12,300 --> 00:13:12,650 So. 217 00:13:12,770 --> 00:13:14,560 Okay guys, just follow me. 218 00:13:15,790 --> 00:13:21,820 I would minimize it and just follow me step by step, step by step on what I'm going to do. 219 00:13:22,100 --> 00:13:22,440 Okay. 220 00:14:49,340 --> 00:14:51,170 It's just I mean. 221 00:14:55,940 --> 00:14:59,830 Again, this is so different. 222 00:15:01,900 --> 00:15:04,610 Oh, this is not secure. 223 00:15:05,530 --> 00:15:06,410 It means that. 224 00:15:07,200 --> 00:15:09,240 So you said, well. 225 00:15:10,300 --> 00:15:11,100 Medicines it. 226 00:15:19,530 --> 00:15:23,910 Something that you are going to push for quitting, Charles. 227 00:15:26,760 --> 00:15:28,860 So let's go on strike. 228 00:15:58,830 --> 00:15:59,810 It could come. 229 00:16:04,220 --> 00:16:07,190 Depicting gold to is. 230 00:16:55,060 --> 00:17:00,510 The reason it took up is not able to get defrays because chose. 231 00:17:00,620 --> 00:17:09,190 That's because it can kept choo choo the kitchen, which is not include. 232 00:17:09,910 --> 00:17:17,020 So you in person in some specific website as you have chosen that area. 233 00:17:17,290 --> 00:17:18,110 This Web site. 234 00:17:20,650 --> 00:17:22,120 Let's go back this one. 235 00:17:22,450 --> 00:17:25,110 So let's say we are going would do a thing. 236 00:17:27,840 --> 00:17:38,800 One, two, three, four, five and 10 percent focus and go back again and again and they'll focus. 237 00:17:39,010 --> 00:17:47,630 We will get it because it catches catch it as 16, you see and see how it works days. 238 00:17:48,720 --> 00:17:49,490 So, yeah. 239 00:17:54,150 --> 00:17:54,350 OK. 240 00:17:54,860 --> 00:17:57,400 So, no, again, it's. 241 00:18:07,470 --> 00:18:08,640 Let's see. 242 00:18:12,390 --> 00:18:12,740 Good. 243 00:18:13,990 --> 00:18:16,180 So there's some controversy. 244 00:18:27,450 --> 00:18:36,340 Eh, I'll be at Texel for some times, it might you might know only once or for to proceed to the attack, 245 00:18:36,370 --> 00:18:42,350 but it doesn't exist only once after, for example, we have used it for a cup of tea. 246 00:18:42,430 --> 00:18:44,850 She's very well-known on unclearly nukes. 247 00:18:45,070 --> 00:18:51,970 But you might use also Cain and Abel to make an AARP attack and or D. 248 00:18:52,710 --> 00:18:56,240 D any attack free sniff attack and netcode attack. 249 00:18:56,860 --> 00:19:01,810 And so, as we have seen earlier, how the attack is working. 250 00:19:01,870 --> 00:19:06,790 So you might ask yourself, so how can I detect these kind of attacks? 251 00:19:06,790 --> 00:19:10,360 Or if it use Windows operating system, you can use your common point. 252 00:19:10,390 --> 00:19:16,540 And then by typing A, B minus A, I mean minus all, and then you present it. 253 00:19:16,640 --> 00:19:26,350 Therefore you you will see that the IP, the Mac address of the attacker now is combined, which your 254 00:19:26,410 --> 00:19:27,280 IP address. 255 00:19:27,580 --> 00:19:31,060 Therefore, if you knew your Mac address before. 256 00:19:31,060 --> 00:19:40,150 So you can know that I'm getting affected by by a man in the middle attack because the IP address of 257 00:19:40,150 --> 00:19:40,570 the. 258 00:19:41,740 --> 00:19:48,120 Off your victim machine now, combined with the Mac address of the attacker machine. 259 00:19:49,450 --> 00:19:57,580 So what kind of software you can use to to mitigate, not yet mitigate to detect this attack? 260 00:19:57,910 --> 00:20:07,330 So if you have a small network environment, so you can use some comments manually on each of your device, 261 00:20:07,600 --> 00:20:17,110 but sometimes if your IP or devices, if the IP of died of your devices are static. 262 00:20:17,140 --> 00:20:19,210 So it's better to do it manually. 263 00:20:19,210 --> 00:20:29,650 But if you have a dynamic IP address generated from a D.H C.p server, so therefore it might involve 264 00:20:30,010 --> 00:20:32,080 a little more work to do. 265 00:20:33,370 --> 00:20:42,070 OK, so some counter measures, scenes, AOP spoofing, exploit the address resolution protocol, all 266 00:20:42,160 --> 00:20:47,740 IP v4 network networks are prone to attack of this kind. 267 00:20:48,040 --> 00:20:56,680 So the implementation of the IPV six was not really unable to serve this core problem because the new 268 00:20:56,680 --> 00:21:05,020 IP standard we knowns stender, we nonces a IP and instead a controller controls the address with Audition 269 00:21:05,110 --> 00:21:07,420 and the Alien via NDP. 270 00:21:07,600 --> 00:21:10,730 When I mean NDP, it's Nebo Discovery protocol. 271 00:21:11,590 --> 00:21:20,770 Okay, so the security gap could be close with the secure network discovery protocol, but you might 272 00:21:20,770 --> 00:21:30,630 use some kind of software like intrusion intrusion detection system such as Snod can be used to monitor 273 00:21:30,630 --> 00:21:39,010 or address resolution of it will be and AARP watch AARP Quad or X Arpey. 274 00:21:39,150 --> 00:21:46,810 This kind of software might be used so that you can control or monitor what was going on on your network. 275 00:21:46,870 --> 00:21:50,500 If you get attacked by some kind of a, I'll be poisoning. 276 00:21:50,950 --> 00:21:51,310 All right. 277 00:21:51,340 --> 00:22:01,510 So if you want to see someone for Machine about a LP watch or a LP groud X LP, please check to define 278 00:22:01,630 --> 00:22:01,870 that. 279 00:22:02,080 --> 00:22:03,400 We provide you. 280 00:22:03,670 --> 00:22:07,290 And do we souce the fighter so that you can read it by yourself? 281 00:22:09,410 --> 00:22:17,460 Some the intrusion detection systems, not also opioids using an integrated it, are pre spoof paresis 282 00:22:17,530 --> 00:22:23,640 or which enables it to monitor data traffic in the network and manually compile a comparison list. 283 00:22:23,940 --> 00:22:26,220 But this is comparatively expensive. 284 00:22:26,760 --> 00:22:34,340 And the X o piece software relies on both active and passive modules to protect the network from IP 285 00:22:34,390 --> 00:22:35,580 smooth spoofing. 286 00:22:35,820 --> 00:22:39,540 So we are not going to talk much about it, about it, guys. 287 00:22:39,570 --> 00:22:42,930 So we will provide you all this information and the resource file. 288 00:22:42,990 --> 00:22:44,910 So you might check it out by yourself. 289 00:22:50,220 --> 00:22:55,550 One thing you have to be aware, you have to understand is proofing process. 290 00:22:56,310 --> 00:23:01,560 It is going to be and in a ways to protect yourself from a poisoning. 291 00:23:01,950 --> 00:23:10,590 So before you can identify and prevent a full scale spoofing attack, you need to understand the process 292 00:23:10,830 --> 00:23:14,470 and what to look for in order to commit a future event. 293 00:23:15,030 --> 00:23:22,530 When an attacker when an attacker sends a first AOB message over a local network, they are then able 294 00:23:22,530 --> 00:23:28,530 to link to your Mac address with the IP address of a legitimate computer or server. 295 00:23:29,100 --> 00:23:35,880 And we already they are connecting to your IP address under money, shows pretences and can start receiving 296 00:23:35,880 --> 00:23:41,280 data that was intended for a seemingly legitimate IP address. 297 00:23:41,880 --> 00:23:49,830 The proposal is to identify when an IP address is falsified and what that a hacker or that attacker 298 00:23:49,890 --> 00:23:51,990 is doing on your network. 299 00:23:52,320 --> 00:24:00,810 You can look at abnormal activity on your server or in your devices and try to do to mine or what information 300 00:24:01,050 --> 00:24:02,010 they are grabbing. 301 00:24:02,370 --> 00:24:10,770 So this can also give you clues as to what type of threat they might get or what kind of data might 302 00:24:10,770 --> 00:24:13,190 be vulnerable to any sort of attack. 303 00:24:13,830 --> 00:24:22,200 And so when you identify a spoofing attack, once you figure out how it obree spoofing works and what 304 00:24:22,260 --> 00:24:30,360 to look for, it's also crucial, imperative impure Eve to identify what kind of attack is targeting 305 00:24:30,360 --> 00:24:35,850 your devices or to each LP spoofing event follows a similar attack process. 306 00:24:36,180 --> 00:24:40,620 They can vary in how they can access to devices. 307 00:24:41,070 --> 00:24:41,490 All right. 308 00:24:41,580 --> 00:24:48,900 So we've got to use that resource, at least the three main spoofing attack attacks to look out for. 309 00:24:49,190 --> 00:24:52,240 The first thing first was dinner or service attack. 310 00:24:52,530 --> 00:24:58,590 And the previous video we are we have showed you how the denial of service attack or DOS attack or the 311 00:24:58,590 --> 00:25:00,780 distribution dinner or service attack, August. 312 00:25:01,080 --> 00:25:03,780 And then the second one is decision hijacking. 313 00:25:04,140 --> 00:25:11,430 Since inception, hijacking attacks can use a OPIS spoofing to steal decision I.D. and opened the door 314 00:25:11,430 --> 00:25:12,570 to your private data. 315 00:25:12,840 --> 00:25:20,670 So that's why it's it's crucial for you as being an administrator or a developer programmer so that 316 00:25:20,670 --> 00:25:30,810 you set a one time sition, a one time position, one time position means that you get used to two times. 317 00:25:31,620 --> 00:25:39,930 So this is why using public Wi-Fi in an airport or zone somewhere that can create a vulnerable situation 318 00:25:39,930 --> 00:25:40,610 for your data. 319 00:25:43,240 --> 00:25:47,140 So the men and women in the media attacked women in the media attacks. 320 00:25:48,040 --> 00:25:52,050 How we have showed you in all cremations. 321 00:25:52,210 --> 00:25:57,190 We have used a spoofing to intercept the incoming traffic. 322 00:25:57,280 --> 00:26:02,390 I mean, the incoming traffic for a illegitimate user ID modified gate in. 323 00:26:02,570 --> 00:26:10,300 He failed to gain access to decision, mostly when the information or the data which was sending on 324 00:26:10,300 --> 00:26:12,060 a particular Web page. 325 00:26:12,330 --> 00:26:13,480 They are not encrypted. 326 00:26:13,540 --> 00:26:20,200 Therefore, if there exists a man in the middle so it can get your information as a plain text. 327 00:26:20,380 --> 00:26:22,660 This is very crucial to understand how it works. 328 00:26:22,990 --> 00:26:29,560 So once you know what kind of attack you've been hit with and what's going on on your systems, you 329 00:26:29,560 --> 00:26:30,300 can do to mine. 330 00:26:30,340 --> 00:26:37,450 Therefore, what course of action to take or how to barracks if God your devices and data. 331 00:26:38,090 --> 00:26:43,180 And so you might say to yourself that you are relying on some future private networks. 332 00:26:43,450 --> 00:26:48,460 This is a good aidoo, a good step you can follow as well. 333 00:26:48,910 --> 00:26:58,870 So you can use a static AOP and you can get a detection tool even even with a big knowledge, EOP knowledge 334 00:26:59,170 --> 00:27:00,370 and techniques in place. 335 00:27:00,460 --> 00:27:03,220 It's not always possible to detect a spoofing attack. 336 00:27:03,780 --> 00:27:11,050 Our crews are becoming increasingly still iffy at remaining undetected and used Newtek to new technologies 337 00:27:11,320 --> 00:27:14,330 and tools to stay ahead of the victims. 338 00:27:14,650 --> 00:27:16,290 As I have said to earlier. 339 00:27:16,510 --> 00:27:21,850 So when we are doing this kind of attack, if we use the windows so you can you can see that the Mac 340 00:27:21,850 --> 00:27:31,620 address of the attacker now we place your Mac address, we lose your Mac address and B B in your device. 341 00:27:31,690 --> 00:27:33,770 Get the messages of the attacker machine. 342 00:27:34,000 --> 00:27:38,990 So therefore, it's a good way you can detect a, huh d hacker. 343 00:27:39,190 --> 00:27:46,390 Is this Mac address or how we tried to trace him to find who it is but a clever hacker, what he can 344 00:27:46,390 --> 00:27:48,760 do before launching this kind of attack. 345 00:27:48,840 --> 00:27:51,580 He will change is Mac address. 346 00:27:51,820 --> 00:27:55,420 So while we're changing, we are changing his Mac address. 347 00:27:55,570 --> 00:28:02,150 Therefore, when you try to type in a common form, for example, AARP minus eight. 348 00:28:02,500 --> 00:28:06,640 And then you will get the Mac address used by by the attacker. 349 00:28:06,670 --> 00:28:11,800 But that Mac address isn't that he's always, you know, Mac address because he can change it. 350 00:28:12,100 --> 00:28:13,390 There are many tools out there. 351 00:28:13,390 --> 00:28:17,980 Encourage Nick so that you can add al-Attar in attacker major changes. 352 00:28:18,070 --> 00:28:19,600 IPA is Mac address. 353 00:28:20,000 --> 00:28:24,100 So one very well-known and very useful is Mac Chinja. 354 00:28:24,310 --> 00:28:32,920 So it can use much ginger either to to modify his Mac address as random or as you know, as specifically 355 00:28:32,920 --> 00:28:37,690 for this attack and then therefore when he closed his candy machine. 356 00:28:37,960 --> 00:28:41,140 So he will get is always, you know, Mac just back. 357 00:28:41,230 --> 00:28:45,160 But when attacking he can use a window Mac address. 358 00:28:46,020 --> 00:28:46,370 Okay. 359 00:28:46,640 --> 00:28:47,430 To avoid it. 360 00:28:47,470 --> 00:28:48,610 Trust relationship. 361 00:28:49,330 --> 00:28:55,390 Some systems rely on IP trust relationship that will automatically connect to older devices in order 362 00:28:55,390 --> 00:28:57,490 to transmit and share information. 363 00:28:57,790 --> 00:28:59,830 This is this is this is really one. 364 00:29:00,190 --> 00:29:07,030 However, you should completely avoid relying on IP chips with a change in your business when your devices 365 00:29:07,300 --> 00:29:12,550 use IP addresses only to verify an auto machined machine or user's identity. 366 00:29:12,970 --> 00:29:22,610 It's easy for a hacker to infiltrate or to to get into the Mader and spoof your ah. 367 00:29:22,780 --> 00:29:30,260 Your HP solution is to rely on private logins and password to identify user users. 368 00:29:30,430 --> 00:29:36,820 Whatever system you choose to validate your users, you need to establish to put action policies in 369 00:29:36,820 --> 00:29:37,930 your organization. 370 00:29:38,380 --> 00:29:45,100 This simple technique can create an added layer of protection and keep track of who is trying to access 371 00:29:45,100 --> 00:29:45,550 your system. 372 00:29:45,880 --> 00:29:46,450 All right, guys. 373 00:29:46,600 --> 00:29:53,800 So all this information we provide you and the file and the resource to make sure, please, you check 374 00:29:53,800 --> 00:29:56,920 them out so that you can understand exactly how it works. 375 00:29:57,850 --> 00:30:06,340 Some people might set up packets fill doing this is very good step as well to to put in place. 376 00:30:06,790 --> 00:30:14,950 And some people can check at looking at your malware monitoring settings, how they get alerted when 377 00:30:14,950 --> 00:30:25,570 some kind of strange traffic are moving along the networks and on spoofing attacks, identification 378 00:30:25,600 --> 00:30:28,870 and prevention are key to preventing spoofing attack. 379 00:30:28,970 --> 00:30:35,470 However, you can increase your chances of staying safe and protecting your data by running your own 380 00:30:35,470 --> 00:30:42,270 spoofing attack, work with your security or freeze or ayari team members to Warner is spoofing attack. 381 00:30:42,380 --> 00:30:49,280 To see if Dimitriades was using our oil enough to keep your system safe and your debt as well. 382 00:30:49,670 --> 00:30:56,510 So as you to take Noufal, Nobilities documents your tests and methods to keep track of what's working 383 00:30:56,540 --> 00:30:59,740 and what has failed when your own spoofing attacks. 384 00:31:00,020 --> 00:31:02,440 Once a quarter or even once a month. 385 00:31:02,840 --> 00:31:03,890 It depends on you. 386 00:31:04,880 --> 00:31:12,890 It depends on you to stay a step ahead of hackers and the evolving strategies as you become more comfortable 387 00:31:12,940 --> 00:31:14,510 and fluent in the process. 388 00:31:14,780 --> 00:31:24,380 When workshops we impose on what to look for in attacks and try to ask for some advices and core cooperation 389 00:31:24,380 --> 00:31:32,660 so that you work with some people and I.D. and so that you can empower your security system and your 390 00:31:32,660 --> 00:31:33,220 company. 391 00:31:33,860 --> 00:31:34,380 All right. 392 00:31:37,590 --> 00:31:43,290 OK, so in this video, what we have seen, we have seen how to scan in it. 393 00:31:43,860 --> 00:31:52,400 We have seen how to lease your network and how to use it, a cop to make a man in the middle attack. 394 00:31:52,830 --> 00:32:05,610 And then we have seen, too, how you can try to monitor your system and how you can try to prevent 395 00:32:05,610 --> 00:32:14,370 yourself from being attacked by this kind of a Arpey by rezoning attack or which which can be made by 396 00:32:14,400 --> 00:32:18,360 a dose attack or sition hijacking or Millander media attack. 397 00:32:18,600 --> 00:32:20,180 So, for example, here. 398 00:32:20,270 --> 00:32:21,060 So when in the middle. 399 00:32:21,110 --> 00:32:21,340 Attack. 400 00:32:22,260 --> 00:32:22,940 All right, guys. 401 00:32:23,280 --> 00:32:26,030 And this file is all we provided to you. 402 00:32:26,130 --> 00:32:28,280 So we'll convert it, of course, into a pillow fight. 403 00:32:28,280 --> 00:32:33,450 And and we will provide an end, despite if we have a Mac operating system missile so we can use this 404 00:32:34,180 --> 00:32:34,910 disk file. 405 00:32:35,460 --> 00:32:41,310 And if you don't have a Mac, so we will try to convert it into a PDA so that you can use it and try 406 00:32:41,310 --> 00:32:46,800 to read all the good information that we have put there so that you might so that we help you understand 407 00:32:46,860 --> 00:32:51,430 how spoofing attack work and how to win in the metro attack works, suffering that. 408 00:32:51,720 --> 00:32:55,860 So we really think that this video was very informative for you all. 409 00:32:56,160 --> 00:32:58,390 And then we are looking forward to seeing you in the next video. 410 00:32:58,620 --> 00:33:00,320 And in this video, we talk about, OK. 411 00:33:00,510 --> 00:33:03,870 We will go in to deeper. 412 00:33:03,970 --> 00:33:13,620 Of how you can attack some some Web sites or we will we will perform a hacking phase so that a basic 413 00:33:13,620 --> 00:33:21,640 hacking phase that we can know how you how you can try to hack some Web site or hack some pages into 414 00:33:21,650 --> 00:33:25,350 Web site and how you can get some information and stuff like that. 415 00:33:25,620 --> 00:33:28,680 Okay, guys, so we are looking forward to seeing you in the next video. 416 00:33:28,770 --> 00:33:29,240 Thank you. 417 00:33:37,810 --> 00:33:39,170 We can just stop it. 418 00:33:39,480 --> 00:33:41,510 Again, just minimize it.