1 00:00:00,060 --> 00:00:01,080 Welcome back, folks. 2 00:00:01,140 --> 00:00:06,390 This is visiting each and this session is about learning types of one piece. 3 00:00:07,020 --> 00:00:14,250 This is going to be a bit interesting because there are a couple of interesting vulnerabilities we are 4 00:00:14,250 --> 00:00:15,210 going to talk about. 5 00:00:15,780 --> 00:00:16,640 Let's get started. 6 00:00:17,820 --> 00:00:27,090 Types of vulnerabilities first, as was floor of go-slow bucks issues problem. 7 00:00:27,100 --> 00:00:33,320 These are all powerful vulnerabilities just into the which is heavily used in cybersecurity, ethical 8 00:00:33,330 --> 00:00:35,310 hacking, penetration testing. 9 00:00:35,310 --> 00:00:37,990 Of course, the first is always floor. 10 00:00:38,980 --> 00:00:46,800 Your Microsoft, Microsoft, one of the one of the largest one of the organizations who submitted the 11 00:00:46,800 --> 00:00:52,920 largest S.V. vulnerabilities, because this this is a very complex operating system. 12 00:00:53,250 --> 00:01:01,440 So you get to see a lot of vulnerabilities related to Windows, Windows servers exchange on prime exchange 13 00:01:02,220 --> 00:01:05,060 office to many, many, many staff related to do this. 14 00:01:05,070 --> 00:01:05,310 Right. 15 00:01:06,240 --> 00:01:15,030 So you will find many ways floor with it, although of sorry, the exchanges is not really the OS, 16 00:01:15,030 --> 00:01:17,730 windows is the operating system. 17 00:01:17,730 --> 00:01:20,610 So Windows four mixed up Windows Phone. 18 00:01:20,870 --> 00:01:27,840 So these are the operating system where you will find the flaw with the system. 19 00:01:28,350 --> 00:01:32,870 Of course, if there is a flaw with the operating system, this is considered to be severe. 20 00:01:33,210 --> 00:01:39,180 But again, it depends on kind of vulnerabilities, because if it is the remote code execution, this 21 00:01:39,180 --> 00:01:45,660 is considered to be very critical because that means anybody can remotely execute any code on this system, 22 00:01:45,660 --> 00:01:47,770 that it can be controlled remotely. 23 00:01:48,360 --> 00:01:48,660 Right. 24 00:01:49,920 --> 00:01:58,950 And that's why as the time, you know, you might have seen seen the wave of the and the the improvement 25 00:01:58,950 --> 00:02:07,620 happened from Windows XP to Windows seven, Windows 10, the security has been taken as a serious concern. 26 00:02:07,620 --> 00:02:13,790 And that's why you will find a huge difference the way the windows has been secured. 27 00:02:14,520 --> 00:02:22,050 Now, before you install any software on the system, Windows Defender has got if you if you make use 28 00:02:22,050 --> 00:02:29,940 of the license copy of it, that would be a multiple checks that happen as a kind of realtime screening 29 00:02:29,940 --> 00:02:34,350 checks, you know, realtime antivirus engines. 30 00:02:34,350 --> 00:02:40,560 That really works even even some part of it is going to say, but it still works in that case. 31 00:02:41,420 --> 00:02:46,470 So that's something which is part of the flaw. 32 00:02:47,940 --> 00:02:50,040 And second is the software. 33 00:02:50,040 --> 00:02:53,010 But this is what we have discussed in the earlier session. 34 00:02:53,340 --> 00:03:00,210 Software bug is something where there's understand this software developed by humans. 35 00:03:00,210 --> 00:03:00,510 Right. 36 00:03:00,660 --> 00:03:06,540 Software, some nothing but codes and codes are written by humans and human makes mistakes. 37 00:03:07,050 --> 00:03:14,060 That means there could be possibility of software having bug every time. 38 00:03:14,070 --> 00:03:14,390 Right. 39 00:03:14,880 --> 00:03:20,700 And that's why we see vulnerabilities on the software most of the time. 40 00:03:20,910 --> 00:03:27,570 Even if you have a very solid, very concrete operating system, you run software on top of it. 41 00:03:27,570 --> 00:03:27,890 Right. 42 00:03:28,200 --> 00:03:36,270 And that's why even if you have a strong software operating system, you you still end up having weaknesses 43 00:03:36,270 --> 00:03:38,150 on your entire system. 44 00:03:38,160 --> 00:03:38,540 Right. 45 00:03:39,420 --> 00:03:40,950 And that's what I'm talking about. 46 00:03:42,900 --> 00:03:45,240 We always be having a challenge with that. 47 00:03:45,540 --> 00:03:55,920 The more you are going technical, the more digital transmission are happening, the more athletes to 48 00:03:56,640 --> 00:04:05,110 open up more security risks to everyone, to the organization for sure than to a password. 49 00:04:05,220 --> 00:04:11,400 Of course, if we have a poor password mechanism on the system, this could lead to huge vulnerability 50 00:04:11,400 --> 00:04:14,430 as to how this could be a vulnerability. 51 00:04:14,430 --> 00:04:21,270 Because if you have the organization or you personally have a poor password practices, it could happen 52 00:04:21,270 --> 00:04:27,120 that, you know, you nowadays you have hundreds of password to manage for Google, for Yahoo! 53 00:04:27,120 --> 00:04:33,540 Your mail, your you know, your VPN to your next stop, the mobile phone, multiple application, Facebook, 54 00:04:33,540 --> 00:04:35,610 Instagram, LinkedIn, understand? 55 00:04:36,000 --> 00:04:37,520 How could you remember all of them? 56 00:04:38,160 --> 00:04:43,200 So you end up having a password just to just to make sure you remember it. 57 00:04:43,200 --> 00:04:43,500 Right. 58 00:04:44,070 --> 00:04:49,260 And that's why as a friend, you there's a trend saying password. 59 00:04:49,260 --> 00:04:49,890 One, two, three. 60 00:04:50,070 --> 00:04:55,500 One, two, three, four, five has been widely used, maybe more than millions of times by most of 61 00:04:55,500 --> 00:04:56,100 the customers. 62 00:04:56,100 --> 00:04:59,520 That's why it becomes easy for the hackers who compromised those user. 63 00:05:00,120 --> 00:05:04,950 And that's easy to do without even knowing about the technology, but again, you don't have to be a 64 00:05:04,950 --> 00:05:09,900 hacker for sure to hack somebody just by getting their right password. 65 00:05:10,260 --> 00:05:12,330 And that's all part of the social engineering. 66 00:05:12,330 --> 00:05:14,390 And that's what the world is all about. 67 00:05:14,410 --> 00:05:16,830 Right then the user input. 68 00:05:16,860 --> 00:05:24,870 Of course, this is all about user input as a part of how what kind of information has been shared to 69 00:05:24,870 --> 00:05:31,500 the Web application or the system, the way information has been exchanged to the machine as the machine 70 00:05:31,500 --> 00:05:33,110 is sanitizing this information. 71 00:05:33,120 --> 00:05:39,240 If not, then the information can possibly exploit the machine itself. 72 00:05:39,330 --> 00:05:41,550 Right, because you are trusting the user. 73 00:05:41,580 --> 00:05:47,880 So, in fact, whatever the user is sending, you are taking it as it is without applying any kind of 74 00:05:47,940 --> 00:05:57,750 fantasias check that might lead to a vulnerability that might lead to a system failure if that has any 75 00:05:57,960 --> 00:05:58,940 malicious intent. 76 00:05:59,130 --> 00:06:02,090 And that's called user input vulnerability to. 77 00:06:02,090 --> 00:06:05,700 Well, it could be user input output vulnerability as well. 78 00:06:05,710 --> 00:06:08,790 In some cases people. 79 00:06:09,060 --> 00:06:09,570 Why? 80 00:06:09,690 --> 00:06:18,510 Because people are consistent in humans, basically are considered to be the weakest gene in the entire 81 00:06:18,510 --> 00:06:28,070 security system because you can fix the technology problem, you can fix every software problem every 82 00:06:28,080 --> 00:06:36,630 day, and you can have multiple people to work on vulnerabilities, technology, challenges, bugs, 83 00:06:36,630 --> 00:06:37,710 flaw and everything. 84 00:06:37,710 --> 00:06:37,940 Right. 85 00:06:38,460 --> 00:06:42,520 But you can assure about humans, right? 86 00:06:42,540 --> 00:06:47,780 Because a state of human mind changes on every moment of time. 87 00:06:47,790 --> 00:06:56,630 Imagine a situation when when somebody is really in a panic situation and he has to rush to his hometown 88 00:06:56,640 --> 00:06:57,620 for some reason. 89 00:06:57,900 --> 00:07:04,230 And in that period of time, if somebody tried to send a phishing email asking for some credentials 90 00:07:04,230 --> 00:07:11,790 or asking for some sensitive information, he might be he might be knowing all the best practices. 91 00:07:11,790 --> 00:07:14,880 He might be a better, more security awareness and all those stuff. 92 00:07:15,180 --> 00:07:23,700 But he may end up sharing those information because because of lack of state of mind, because he might 93 00:07:23,700 --> 00:07:29,580 be having second thought, he might be concentrating, focusing on something else at that moment. 94 00:07:29,730 --> 00:07:36,660 And he might have missed all of those, you know, all the stuff that has been trained throughout the 95 00:07:36,660 --> 00:07:41,610 on board training, security, best practices and all those employee awareness training programs. 96 00:07:41,910 --> 00:07:47,400 And that's how most of the time the cyber criminals basically went. 97 00:07:47,630 --> 00:07:47,980 Right. 98 00:07:48,270 --> 00:07:51,060 And that's what that's what happened most of the time. 99 00:07:51,480 --> 00:07:59,310 Most of the advanced threats are advanced, persistent threat or advanced. 100 00:07:59,310 --> 00:08:06,750 Had that happen, it's all because the humans are get compromised to phishing emails through social 101 00:08:06,750 --> 00:08:09,570 engineering, to social media and all this stuff. 102 00:08:09,570 --> 00:08:09,840 Right. 103 00:08:10,170 --> 00:08:16,790 So these are some of the widely widely are, in fact, pretty popular vulnerabilities. 104 00:08:16,800 --> 00:08:17,150 Right. 105 00:08:17,160 --> 00:08:20,460 OK, so I hope you got the sense we've got you in the next session then. 106 00:08:20,580 --> 00:08:21,060 Thank you.