1 00:00:00,060 --> 00:00:09,090 Okey dokey, this is speech and this is about city details and exploit DBI, so what exactly we are 2 00:00:09,090 --> 00:00:17,310 going to learn in decision, it's all about knowing how the world know what one lability just popped 3 00:00:17,310 --> 00:00:17,460 up. 4 00:00:17,880 --> 00:00:18,360 All right. 5 00:00:18,360 --> 00:00:19,380 So let's get started. 6 00:00:19,920 --> 00:00:32,040 So as of now, we we know what is a vulnerability and how how it really impact the system as well. 7 00:00:32,880 --> 00:00:35,160 Now we know about that. 8 00:00:35,430 --> 00:00:44,070 Usually it is published with a specific number or by the next and or the platform details that I show 9 00:00:44,070 --> 00:00:44,840 you as well. 10 00:00:46,050 --> 00:00:51,900 But let's get started with some fundamentals first about the publications. 11 00:00:52,350 --> 00:00:52,590 Right. 12 00:00:52,590 --> 00:01:00,990 To see me is the common vulnerabilities and exposure that DCB details tell about you. 13 00:01:01,170 --> 00:01:03,840 And it is visible on CBDs. 14 00:01:04,140 --> 00:01:07,230 The way it is defined is the specific. 15 00:01:07,440 --> 00:01:14,190 You're the first part of the KVI is identified, but the year it has been detected. 16 00:01:14,670 --> 00:01:21,720 So whatever, irrespective of the platform, irrespective of the software, hardware or any technology 17 00:01:21,720 --> 00:01:23,130 are always available. 18 00:01:23,820 --> 00:01:31,630 It will start with TV and the year it has detected it has been published and then a random number. 19 00:01:31,650 --> 00:01:34,960 This is based on the publication that is doing. 20 00:01:35,250 --> 00:01:41,090 This is usually given by the CBD itself. 21 00:01:41,640 --> 00:01:42,060 Right. 22 00:01:42,120 --> 00:01:51,960 And then these are some of the some of the some of the random comedians that I am showing. 23 00:01:51,960 --> 00:01:57,930 Just to give you an idea about how this index really looks like, OK, so this is all about it. 24 00:01:57,930 --> 00:02:01,020 And this is civilities. 25 00:02:01,020 --> 00:02:06,170 Dot com is not the only platform where you can find DCB information. 26 00:02:06,540 --> 00:02:15,330 There are some more websites like Exploit DBI, which you can find on the Exploit DV dot com and even 27 00:02:15,330 --> 00:02:17,280 on the explorative as well. 28 00:02:17,280 --> 00:02:20,100 You can make use of Google hacking. 29 00:02:20,100 --> 00:02:22,970 Dabis DHT DB. 30 00:02:23,310 --> 00:02:28,630 Where do you get more insight about this is present in the exploded self. 31 00:02:28,980 --> 00:02:29,960 Now why. 32 00:02:30,110 --> 00:02:31,460 What's the difference. 33 00:02:31,860 --> 00:02:34,800 What's different about exploit Beebee. 34 00:02:35,130 --> 00:02:37,520 It just that give you more clarity. 35 00:02:37,540 --> 00:02:41,850 The UI and other stuffs are pretty much more, more simpler. 36 00:02:42,000 --> 00:02:48,530 You get more, more options when you get the Google hacking best options as well. 37 00:02:48,960 --> 00:02:55,080 You get even information about any available exploit as well as civilians. 38 00:02:55,080 --> 00:03:01,880 You get the information about C.V, what devices are impacted and many more with exposed TV. 39 00:03:01,890 --> 00:03:05,920 You even get to know if that KVI has got any exploit available. 40 00:03:06,240 --> 00:03:12,710 Remember this, if there's exploit available, that means that vulnerability is very, very critical. 41 00:03:12,990 --> 00:03:21,770 That means anybody can attack or can possibly make the attack happen if that vulnerability exists. 42 00:03:22,320 --> 00:03:25,250 OK, so let me show you how this really works. 43 00:03:26,370 --> 00:03:37,920 What we can do is exactly let me go to the browser once and you can go to CVT details dot com. 44 00:03:40,400 --> 00:03:50,900 OK, and now here you see, you can filter everything with the help of with the help of EBIT, the product 45 00:03:50,900 --> 00:03:52,990 under the tax such as Cisco. 46 00:03:53,660 --> 00:03:55,910 So I get to see everything related. 47 00:03:55,920 --> 00:03:58,330 This is good, although this is making use of Cisco. 48 00:03:58,760 --> 00:03:59,570 But let me. 49 00:04:02,330 --> 00:04:06,720 Do selecting vendors, if I. 50 00:04:10,010 --> 00:04:24,200 Select the vendor specifically and you will see this is where you can select the vendor name, so Sunset's 51 00:04:24,310 --> 00:04:30,410 Cisco here and you get to see the number of products are three, six, seven, six. 52 00:04:30,710 --> 00:04:37,110 So it could be hardware, software, both and total number of active vulnerabilities or the vulnerability 53 00:04:37,130 --> 00:04:37,900 has been published. 54 00:04:37,910 --> 00:04:40,760 These are four one six seven. 55 00:04:40,940 --> 00:04:49,520 OK, if I select these, you get to see all the vulnerabilities of Cisco and these these are the score 56 00:04:49,520 --> 00:04:51,440 of the one published date. 57 00:04:52,010 --> 00:04:55,750 And this is the type of the one released by a bus. 58 00:04:56,240 --> 00:04:57,260 This is DCB. 59 00:04:57,260 --> 00:05:00,980 Information and authentication required complexity. 60 00:05:00,980 --> 00:05:01,440 None. 61 00:05:01,820 --> 00:05:04,790 Let me go through some of the complex ones. 62 00:05:04,800 --> 00:05:05,570 You see this? 63 00:05:06,080 --> 00:05:08,830 This is the code execution if you open it. 64 00:05:10,220 --> 00:05:20,180 So this is about a 100 in the Web UI of Cisco Firepower five Management System Center, which is an 65 00:05:20,180 --> 00:05:22,400 Next-Generation Firewall of Cisco. 66 00:05:23,030 --> 00:05:30,860 And this is basically to manage FTD, manage the firewalls, multiple firewalls. 67 00:05:30,860 --> 00:05:38,000 So FMC is basically a centralized, centralized dashboard to manage all the files in the Enterprise 68 00:05:38,000 --> 00:05:38,450 Network. 69 00:05:38,840 --> 00:05:45,340 Now, this has a challenge that has a vulnerability there where it can allow an authenticated remote 70 00:05:45,350 --> 00:05:53,480 attacker to inject arbitrary code, arbitrary commands that that are executed with the privileges of 71 00:05:53,480 --> 00:05:56,960 the route user of the underlying operating system. 72 00:05:57,150 --> 00:05:57,440 Right. 73 00:05:57,590 --> 00:06:00,980 That's why it comes under the remote code execution. 74 00:06:00,980 --> 00:06:06,830 And that's what that's the reason the impact is pretty high and that's why it is falling under nothing. 75 00:06:07,160 --> 00:06:07,510 All right. 76 00:06:08,240 --> 00:06:16,010 So even you can search for, let's say, Microsoft and where you would probably find more than that. 77 00:06:16,010 --> 00:06:18,980 Yeah, so so you see six eight one four. 78 00:06:18,980 --> 00:06:20,570 It's pretty similar to Cisco. 79 00:06:20,570 --> 00:06:30,320 And you could see again the when will you find the score more scored more than nine or eight. 80 00:06:30,320 --> 00:06:34,540 It is expected to be a remote code, execution node, buffer overflow and all those stuff. 81 00:06:34,560 --> 00:06:34,790 Right. 82 00:06:36,140 --> 00:06:37,220 You can go to home. 83 00:06:37,340 --> 00:06:42,350 Let me show you what exactly you can look for in a nutshell. 84 00:06:43,220 --> 00:06:51,470 You could see all the vulnerability of the platform, maybe Cisco, Cisco or maybe Microsoft, Adobe, 85 00:06:51,780 --> 00:06:53,330 F5, anything. 86 00:06:53,330 --> 00:06:53,630 Right. 87 00:06:54,020 --> 00:06:57,020 So you can see all the one on one go. 88 00:06:57,050 --> 00:06:58,940 These are all the active vulnerabilities. 89 00:06:59,360 --> 00:07:03,800 And this is where you can find the most critical vulnerabilities at this moment. 90 00:07:04,100 --> 00:07:06,290 And you could probably see dust yourself off. 91 00:07:06,290 --> 00:07:13,040 The exploit are available if it is really can be, you know, exploited, if you can really get into 92 00:07:13,040 --> 00:07:15,500 the system or not, you can probably drive it. 93 00:07:15,500 --> 00:07:16,750 That would need. 94 00:07:16,760 --> 00:07:17,540 Right permission. 95 00:07:17,690 --> 00:07:23,570 OK, so you can see from nine to ten there are sixteen thousand one eighty five vulnerabilities active, 96 00:07:23,990 --> 00:07:24,380 OK? 97 00:07:24,380 --> 00:07:28,100 And these are mostly execution called overflow. 98 00:07:28,550 --> 00:07:32,600 You will also find I remote cause a good execution as well. 99 00:07:32,600 --> 00:07:38,120 These are all the execution related vulnerabilities and these are related to multiple platform. 100 00:07:38,420 --> 00:07:39,080 You could see it. 101 00:07:39,080 --> 00:07:42,440 This is related wheeling and dealing devices. 102 00:07:43,470 --> 00:07:44,560 There would be some more. 103 00:07:44,570 --> 00:07:47,330 This is related to Linera. 104 00:07:47,330 --> 00:07:49,040 That is another platform. 105 00:07:50,660 --> 00:07:52,580 Yeah, because this is what about it. 106 00:07:52,940 --> 00:07:56,120 And if you go to exploit. 107 00:07:57,600 --> 00:07:59,350 Exploit the conflict. 108 00:08:00,390 --> 00:08:07,780 This is another platform where you get more information, but very specific to exploit. 109 00:08:08,460 --> 00:08:16,590 So this is where you get to see the vulnerabilities and majorly the exploit for individual vulnerability. 110 00:08:16,630 --> 00:08:23,620 So if you see on the top, this is where you find the exploited database, basically the database of 111 00:08:23,640 --> 00:08:28,110 entire let's say on the top, you could see a big IP. 112 00:08:29,230 --> 00:08:33,820 I control reste remote code execution exploit is available. 113 00:08:34,080 --> 00:08:41,010 Now, this is about the espalier balancer, which is pretty much popular and has got the largest market 114 00:08:41,460 --> 00:08:43,690 share as well, and the exploit is available. 115 00:08:44,010 --> 00:08:46,440 So if you have anything related to this. 116 00:08:46,860 --> 00:08:47,240 Yeah. 117 00:08:47,250 --> 00:08:54,540 Any vulnerabilities related to this, possibly that has to be the higher score because the exploit is 118 00:08:54,540 --> 00:08:55,100 available. 119 00:08:55,440 --> 00:09:04,020 And again, so you could see it as having a vulnerability as two zero two zero to one to two ninety 120 00:09:04,110 --> 00:09:04,590 six. 121 00:09:04,890 --> 00:09:08,880 So let's see if you want to get information about this KBE. 122 00:09:09,210 --> 00:09:16,670 You can even go to court here and let's say you can search for TV. 123 00:09:20,710 --> 00:09:23,080 Two zero two one two two nine eight six. 124 00:09:25,420 --> 00:09:29,160 There are two one two two nine six three. 125 00:09:29,630 --> 00:09:33,620 Let me search for it, and it is oh, did something wrong? 126 00:09:34,010 --> 00:09:39,500 I cite only one Laettner to the results. 127 00:09:39,530 --> 00:09:41,780 We are not encouraging auditory speech. 128 00:09:42,740 --> 00:09:46,370 Um, I think I think the right one. 129 00:09:46,400 --> 00:09:51,320 But let me again for my CV to zero. 130 00:09:54,230 --> 00:09:54,860 The one. 131 00:09:57,150 --> 00:09:59,220 Due to 986. 132 00:10:00,950 --> 00:10:12,240 Go to ninety six, you mostly find all of them over here, but again, let's go in here and see if we 133 00:10:12,240 --> 00:10:15,830 could find the same number structure. 134 00:10:19,930 --> 00:10:24,430 OK, two zero two one two two nine eight six. 135 00:10:27,580 --> 00:10:34,350 So, see, this is something which wasn't even present on CBDs, and this is how you can be returned 136 00:10:34,440 --> 00:10:39,100 to multiple other sites, and I told you this has had been met and this is being managed by Myntra, 137 00:10:39,520 --> 00:10:46,260 which is the body which manages all the vulnerabilities and databases across the network. 138 00:10:46,690 --> 00:10:54,670 So Nyst sorry, the military is responsible for managing all the database of all the CV numbers as well. 139 00:10:54,680 --> 00:11:03,280 And this you can see CV sponsored by the DHS as one who manages this is this program is all sponsored 140 00:11:03,280 --> 00:11:05,920 by them and they run the entire program itself. 141 00:11:06,400 --> 00:11:13,810 So if you see this vulnerability is something which is present over here and this has this is a game 142 00:11:13,810 --> 00:11:20,630 for big IP, the same records, and you get the information about the same vulnerabilities. 143 00:11:20,630 --> 00:11:24,510 And in fact, you can even find on the FBI the vendor site as well. 144 00:11:24,520 --> 00:11:32,680 So you can probably go to their platform and get to see even five as you get to see more information 145 00:11:32,680 --> 00:11:33,150 about it. 146 00:11:33,520 --> 00:11:35,790 What does this CB is all about? 147 00:11:35,800 --> 00:11:37,060 So I can draw a rest? 148 00:11:37,190 --> 00:11:44,650 I don't think I can remember this five as a load balancer and I control it more for the automation, 149 00:11:44,650 --> 00:11:51,780 for every activity rest API kind of a structure for automation activity itself. 150 00:11:51,790 --> 00:11:56,660 And there's a fix available as well, but there's an exploit available as well. 151 00:11:56,680 --> 00:11:59,790 So this is the reason it is so critical. 152 00:11:59,800 --> 00:12:06,550 And you see the Skouris available this and this is the entire gold which is being available. 153 00:12:06,550 --> 00:12:14,050 And if you have the right involvement, as I said, it's entirely a Python script so anybody can make 154 00:12:14,050 --> 00:12:18,480 use of this code to possibly exploit this vulnerability. 155 00:12:19,000 --> 00:12:22,300 OK, so remember, this might be impacted. 156 00:12:22,310 --> 00:12:29,590 This might this vulnerability might be impacting certain a certain code words in itself when it comes 157 00:12:29,590 --> 00:12:34,270 to the demotes, which is DFI or operating Bushin operating systems. 158 00:12:35,290 --> 00:12:42,850 So you could see it is only certain version of a fire is only impacted. 159 00:12:42,850 --> 00:12:49,780 The version is only Bachtiar, which is sixteen point zero point six and before these dishes are only 160 00:12:49,780 --> 00:12:50,400 impacted. 161 00:12:50,680 --> 00:12:58,180 So if we get to test any load balancer we could meet, we need to first verify if our target system 162 00:12:58,480 --> 00:13:03,010 is is is is having version any one of this. 163 00:13:03,140 --> 00:13:13,450 OK, so then we can possibly possibly start testing it with this Python script to try to try to compromise 164 00:13:13,450 --> 00:13:17,980 the system with this specific exploit code. 165 00:13:18,130 --> 00:13:18,450 All right. 166 00:13:18,460 --> 00:13:26,200 So this is how we can get to know about the one libretti from Civilities and then get the exploit as 167 00:13:26,200 --> 00:13:34,810 well from the explorer, DP, some of these CVS's as you just see if you have you have just so that 168 00:13:35,110 --> 00:13:38,860 some of the CSV information wasn't really available on the CVT did as. 169 00:13:39,460 --> 00:13:45,020 And of course this would be redirected to DCB, MindTree dot org as well. 170 00:13:45,670 --> 00:13:54,550 So these are on the case that where the KVI is very specific and this might be related to the mid-range 171 00:13:54,550 --> 00:13:56,590 site, its official site. 172 00:13:56,710 --> 00:13:57,040 Right. 173 00:13:57,370 --> 00:14:04,630 So I hope you got the idea about how to find the exploit and its corresponding covid information and 174 00:14:04,630 --> 00:14:06,430 going a bit more in play. 175 00:14:06,590 --> 00:14:06,920 Right. 176 00:14:07,330 --> 00:14:11,140 So we'll catch you in the next session where we'll explore some more information. 177 00:14:11,260 --> 00:14:11,770 Thank you.