WEBVTT

00:00.570 --> 00:04.130
Hello everyone and welcome back to about 20 of my learned ethical hacking course.

00:04.170 --> 00:09.680
In this part I'm going to show you things to look out for when downloading applications.

00:09.780 --> 00:16.320
So this is on some more of the cybersecurity side of due diligence and watching out for certain things.

00:16.770 --> 00:26.690
So like I said cybersecurity and ethical hacking is a lot of your own like I said due diligence.

00:26.690 --> 00:34.490
So basically it's up to you and how you handle situations and what you do to look out for things and

00:34.490 --> 00:36.020
how you can prevent them.

00:36.020 --> 00:40.150
So it's up to you really can't just ignore things.

00:40.370 --> 00:48.380
You've got to be wary yourself so it can be a little bit confusing to the person who doesn't really

00:48.380 --> 00:50.470
know much about computers.

00:50.750 --> 00:54.720
But hopefully this video should clear a few things up if you're not really familiar.

00:55.370 --> 01:04.620
So I'm on the sandbox Windows 10 machine so this is not my separate laptop like in the hacking demo.

01:04.620 --> 01:07.310
This is just a virtual machine running Windows 10.

01:07.410 --> 01:12.800
And if you remember from this course recreate the car image exit of JPEG.

01:13.170 --> 01:18.360
So if you followed the video and created your own one then you should have your own payload.

01:18.490 --> 01:26.250
But it looks like a image apart from the icon because the icon didn't resize properly but it still looks

01:26.250 --> 01:29.280
like an image because you get a preview like this is a real image.

01:29.280 --> 01:30.210
And this is a fake one.

01:30.630 --> 01:38.290
So you see the dot J dot jpg extension so it sort of mimics a real image.

01:38.430 --> 01:43.830
But the thing you can do to look out for this is if you go to properties and I'll open properties on

01:43.830 --> 01:44.220
both

01:46.810 --> 01:52.850
so she can see straightaway it says type of file application.

01:52.860 --> 01:54.200
But on the real image.

01:54.210 --> 01:57.040
So this is the real image which is this one here.

01:57.040 --> 02:06.750
It says JPEG so GP G so you know straightaway that this is an actual image file but if you look at this

02:06.750 --> 02:12.090
one it has type of file application that you see even though it's got dodgy peg at the end it still

02:12.090 --> 02:14.230
says application.

02:14.230 --> 02:22.180
So you can go to details and see the description on the type of file it is.

02:22.620 --> 02:30.350
And if you go to details on the image scroll down and you can see it's got dimensions and pixels so

02:30.540 --> 02:36.170
as you can see there's much more detail with the image that goes into detail but like the pixels the

02:36.170 --> 02:37.240
height.

02:37.550 --> 02:40.580
But on the application it doesn't.

02:40.580 --> 02:50.680
So these are few things to look out for and the sizes and all the thing so as you can see here the size

02:50.680 --> 02:55.990
is only one hundred and fifty K.B. on this one it's 956 K.B..

02:56.590 --> 03:02.350
So for an image depending on obviously the size and the quality note if you go to like four K images

03:02.380 --> 03:09.330
then yes that will be higher but the average is around a hundred K.B. for an image.

03:09.370 --> 03:16.690
So this is a lot larger which isn't unusual and the other thing you can check out for we go to your

03:16.690 --> 03:24.070
Windows 10 machine and type Resource Monitor be open Resource Monitor then we can actually monitor connections

03:24.070 --> 03:29.200
coming in and out of this computer searching table on the browser here.

03:29.230 --> 03:36.730
So let's go to Facebook and if we go to Facebook and we go back to this resource resource manager or

03:36.730 --> 03:43.420
monitor we go to network then you can see all the alcohol connections.

03:43.420 --> 03:50.350
So if you can see here Microsoft Edge CPR you see now this remote addresses

03:52.910 --> 03:57.510
so if you run the payload if we run this payload

04:01.260 --> 04:04.830
official it now it's not going away it can suck on and listen for connection because we haven't got

04:04.830 --> 04:06.880
our Kelly machine open now.

04:06.910 --> 04:11.340
The image is still going to open and we close out now.

04:11.830 --> 04:18.760
We go back to our resource monitor and see this image exit jetpack.

04:19.340 --> 04:24.820
But if you noticed here it says remote address and it's got a port now it's running port 80 because

04:24.820 --> 04:26.140
that's what we tell the payload to do.

04:26.140 --> 04:31.690
But if you noticed here it's got temp barked order actually.

04:31.710 --> 04:35.640
And it's also got a call image that J pack this is the payload.

04:35.650 --> 04:43.230
I know you can see the remote address is an IP address yes the remote port is 80 so that's not really

04:43.230 --> 04:43.830
suspicious.

04:43.830 --> 04:50.670
However the remote address is the most suspicious part because it's sending a connection out to 1 9

04:50.670 --> 04:53.030
2 0 1 6 they don't want to don't want to wait.

04:53.090 --> 04:55.480
Now that's the IP address on my column machine.

04:55.620 --> 04:58.380
And just to prove this in a way if we go to Facebook.

04:58.410 --> 05:07.100
So let me just refresh the refresh the browser and we look for Microsoft Edge so we've got a few remote

05:07.370 --> 05:15.430
addresses from Microsoft Edge which is the browser that I'm running here and it's using pull 443.

05:15.560 --> 05:19.850
So if you wanted to make your payload useful or three That's actually fine to make it less suspicious

05:19.880 --> 05:21.670
80s found in 88 years or so.

05:21.730 --> 05:29.210
OK well it's the remote address server open CMT because we're on Facebook I'm going to ping Facebook

05:29.210 --> 05:34.120
to get the IP address of the servers ping Facebook dot com.

05:34.600 --> 05:35.890
So it's going to just ping it.

05:35.930 --> 05:37.810
Press controls see to stop the.

05:37.900 --> 05:41.650
And as you can see here there's an IP address of the server that we were pinging.

05:41.690 --> 05:45.220
So this is the IP address of Facebook.

05:45.520 --> 05:50.410
Now this may be different for you depending on where you live the area and the closest serve to you.

05:50.410 --> 05:55.310
But for me it's thirty one dot 13 dot 94 36.

05:55.510 --> 06:00.060
And if you notice here the IP address is corresponds to this.

06:00.200 --> 06:06.020
So that proves that we are actually connected to Facebook and it's genuine the local adjust.

06:06.020 --> 06:07.870
Just your IP address.

06:07.940 --> 06:13.440
Well like I said the the one with the image you can just find it.

06:13.440 --> 06:17.310
I think it's closed itself but we rare.

06:17.320 --> 06:19.380
I might reopen and show you but you've seen it.

06:19.730 --> 06:26.510
If it shows you it's gone off because we weren't actually listening for connection so it just dies after

06:26.510 --> 06:28.390
a few seconds.

06:28.400 --> 06:32.900
Well you've just got to look after the rules address and if it's not the same address as a Web site

06:32.900 --> 06:38.610
server and if you don't type if you type this in and go get the IP address of the Web site you're on.

06:38.630 --> 06:43.550
So this could change if you're on Facebook if you're on YouTube it'll change if you're on Google.

06:43.640 --> 06:48.010
But it's got to correspond so you can just do a little test by typing and then the URL.

06:48.290 --> 06:54.410
Then you've got the IP address to make sure it corresponds to the remote address down here on what ever

06:54.440 --> 06:57.110
application you are using.

06:57.110 --> 07:05.210
So this will change for Chrome if using Chrome I think it would just say Chrome or XY but you get the

07:05.210 --> 07:06.680
idea.

07:06.710 --> 07:10.910
So that was a for this short video if it did help please leave a like comment if it stuck with anything.

07:10.910 --> 07:15.440
I'll be happy to help subscribe for future content and I will see you in the next video.