1
00:00:00,180 --> 00:00:06,990
All right, everyone, thank you so much for joining me for the next lecture, and the session will

2
00:00:06,990 --> 00:00:08,940
be talking about watching that action.

3
00:00:09,180 --> 00:00:10,860
Now, what is watching detection?

4
00:00:10,890 --> 00:00:12,750
This is very, very interesting.

5
00:00:13,020 --> 00:00:20,640
And this is very, very useful for penetration testing as well, because you know the application.

6
00:00:20,910 --> 00:00:30,800
But if you even know the version of, let's say, deep version, Diesel's version or maybe any database

7
00:00:30,990 --> 00:00:39,480
version, that's well, it gives you a very clear indication which volubility the software will be impacted.

8
00:00:39,490 --> 00:00:47,940
But what I mean I mean that they're the one abilities that has been reported by the vendors like, you

9
00:00:47,940 --> 00:00:56,640
know, Cisco, Juniper, Sequoia, my Oracle, Adobe, any any all the all these players.

10
00:00:56,790 --> 00:01:00,750
These are specific for a specific version of a software.

11
00:01:00,990 --> 00:01:08,430
Right after identifying those vulnerabilities, once it has been reported, they deliver, they share

12
00:01:08,430 --> 00:01:11,310
some hotfix and we get a new release.

13
00:01:11,310 --> 00:01:13,230
We update our system and we are good.

14
00:01:13,410 --> 00:01:22,260
You know, everything is good now, but there are some of the system which don't get updated very often.

15
00:01:22,690 --> 00:01:25,020
What are those enterprises?

16
00:01:25,860 --> 00:01:34,950
They they tend to not upgrade the system very often, although we have Patch Tuesday and on the on the

17
00:01:34,950 --> 00:01:35,760
other events.

18
00:01:35,760 --> 00:01:43,170
But still there, they can't really do that because of difficulty in getting down, dying from multiple

19
00:01:43,170 --> 00:01:44,090
stakeholders.

20
00:01:44,670 --> 00:01:52,590
So we, you know, be still while doing the penetration testing, official penetration testing we might

21
00:01:52,590 --> 00:01:55,080
find might find a system.

22
00:01:55,080 --> 00:02:00,090
But the, you know, Washington software, what is your number which might be impacted, which might

23
00:02:00,090 --> 00:02:04,860
be vulnerable for some of the, you know, attacks or something.

24
00:02:05,850 --> 00:02:11,970
But if we with the the scanning that we have done so far with the port scanning and everything, we

25
00:02:11,970 --> 00:02:14,360
just get to know what service are we running.

26
00:02:15,000 --> 00:02:16,200
But here's the good news.

27
00:02:16,200 --> 00:02:17,550
But it wasn't detection.

28
00:02:17,790 --> 00:02:22,270
We also get to know what is the software version is a good.

29
00:02:23,010 --> 00:02:24,510
Let me show you how it works.

30
00:02:25,770 --> 00:02:26,190
All right.

31
00:02:26,190 --> 00:02:31,200
So we just have to go to the and map and will execute the command.

32
00:02:31,620 --> 00:02:34,230
The format of the command is, again, smallest.

33
00:02:34,230 --> 00:02:36,480
That's simply to get it to scan.

34
00:02:36,960 --> 00:02:38,190
What is the type of scan?

35
00:02:38,190 --> 00:02:41,290
It's the version that has to be captured.

36
00:02:41,360 --> 00:02:45,810
And we know once it is done, you specify your target.

37
00:02:46,470 --> 00:02:48,300
So I specify my target.

38
00:02:48,540 --> 00:02:51,510
Standard zero one one forty one.

39
00:02:52,290 --> 00:02:53,130
That's pretty quick.

40
00:02:53,130 --> 00:02:59,280
Let's presenter and we are we are supposed to get the list of all the service.

41
00:02:59,460 --> 00:03:01,080
There's the corresponding version.

42
00:03:01,080 --> 00:03:01,500
Number.

43
00:03:03,000 --> 00:03:05,910
That's great for a while and.

44
00:03:10,120 --> 00:03:11,180
See what happens.

45
00:03:14,250 --> 00:03:14,850
Wonderful.

46
00:03:15,450 --> 00:03:24,300
Now, in the earlier scan in the airport scanning, we were only getting this service, the diversion

47
00:03:24,300 --> 00:03:31,470
detection scan, we also get to know the portion of each of those software to this domain.

48
00:03:31,500 --> 00:03:34,220
We also get to know it's a by nine point four point two.

49
00:03:34,830 --> 00:03:43,410
We also get to nine to Sambor three point four so we can look up for on the Exploit DB or any other

50
00:03:43,410 --> 00:03:51,810
KBE information database to understand if somebody has to understand in this specific version is being

51
00:03:51,810 --> 00:03:52,610
impacted.

52
00:03:53,340 --> 00:03:57,760
But any, you know, attack or something, is this vulnerable?

53
00:03:57,780 --> 00:03:59,730
Do we have any KBE attached to it?

54
00:04:00,120 --> 00:04:05,140
If we have any you know, let's say this is the prophy, OK?

55
00:04:05,550 --> 00:04:15,600
And we can log in to and we can possibly try to get to know if the PostgreSQL eight point 3.0 is having

56
00:04:15,600 --> 00:04:16,770
some more liberties.

57
00:04:16,820 --> 00:04:24,360
OK, if it is if it has, then we should get the one vulnerability information and that could be some

58
00:04:24,360 --> 00:04:25,980
exploit available as well.

59
00:04:25,980 --> 00:04:29,820
And this can be used for further penetration testing.

60
00:04:30,330 --> 00:04:32,610
Now, let's get a bit more ahead.

61
00:04:33,090 --> 00:04:41,220
What happened is usually while performing the scanning and while performing this version detection and

62
00:04:41,220 --> 00:04:47,160
map, you make use of some six more than 6000 patterns.

63
00:04:47,610 --> 00:04:54,440
That matches four of for more than 650 protocol like S&amp;P, FTB, WPP and many more.

64
00:04:55,020 --> 00:04:58,950
But there are some ports which know never include.

65
00:04:59,290 --> 00:05:03,720
So in that case, we might miss those certain parameters.

66
00:05:03,960 --> 00:05:05,490
So what are those photos?

67
00:05:05,910 --> 00:05:08,160
Some DCB borders with ninety one hundred.

68
00:05:08,640 --> 00:05:15,980
And it's because that creates some necessary and necessary trouble while accessing through the account.

69
00:05:16,050 --> 00:05:17,760
That takes a lot of time.

70
00:05:17,770 --> 00:05:23,460
But I mean when you don't get sufficient, sufficient information you can make use of it.

71
00:05:23,490 --> 00:05:30,810
So what you should do is you just explicitly to the end map to include all the board, don't exclude

72
00:05:30,810 --> 00:05:33,920
any board while performing the abortion detection.

73
00:05:34,320 --> 00:05:40,470
And once you do that, possibly in our case, it won't give us more different.

74
00:05:40,530 --> 00:05:47,460
But yes, 90 100 is the board, which is but by default, don't include.

75
00:05:47,670 --> 00:05:49,720
So, yeah, but we don't see any.

76
00:05:50,190 --> 00:05:51,180
So we are good with it.

77
00:05:51,300 --> 00:05:52,530
Now there's one more thing.

78
00:05:52,530 --> 00:06:00,270
If you, you know, if you run the unmap and you know you don't get the revision, no information very

79
00:06:00,270 --> 00:06:00,840
easily.

80
00:06:00,840 --> 00:06:03,640
There depends on the complexity of the software as well.

81
00:06:03,660 --> 00:06:08,260
These are some widely adopted open source software and pretty old software as well.

82
00:06:08,280 --> 00:06:10,170
So we are good to see that.

83
00:06:10,530 --> 00:06:12,860
But there are some complex software as well.

84
00:06:12,870 --> 00:06:20,780
I can name some of them, maybe Skype for business application, which and in those cases you it becomes

85
00:06:20,850 --> 00:06:23,910
difficult to identify the watch a number of those software.

86
00:06:24,060 --> 00:06:33,690
OK, so in that case you can make use of motion and density in what is expected.

87
00:06:33,750 --> 00:06:41,940
Basically, it's the level of intensity that your unmap keep sending the props and the higher the number,

88
00:06:42,120 --> 00:06:47,820
higher the intensity of the props by default or the seven if you don't mention it's going to make use

89
00:06:47,820 --> 00:06:48,360
of seven.

90
00:06:48,360 --> 00:06:53,500
But if you mentioned nine, so nine is the highest one zero, it's just starting.

91
00:06:54,060 --> 00:07:00,000
But if you mention nine as the starting green, that it's going to be sending some high intensity probe,

92
00:07:00,300 --> 00:07:02,610
trying to gather more and more information.

93
00:07:02,910 --> 00:07:06,300
And let's say if you specify abortion intensity.

94
00:07:07,740 --> 00:07:17,730
And city as maybe eight, so it will be more intense and as a as a as a downside, it's also take a

95
00:07:17,730 --> 00:07:22,580
whole lot of time and then the normal case by default is seven.

96
00:07:22,740 --> 00:07:27,350
But if we are making use of it, then it's definitely going to take a longer time.

97
00:07:27,360 --> 00:07:33,380
But it all depends on what our vulnerabilities or what our ports that are being open.

98
00:07:33,780 --> 00:07:42,120
OK, so even you can make it quick by making use of words like Blinder's allows to watch an intensity

99
00:07:42,480 --> 00:07:43,390
of two.

100
00:07:43,410 --> 00:07:46,910
So it's pretty light and it's going to be quick as well.

101
00:07:47,010 --> 00:07:49,780
So you should be getting information pretty quick.

102
00:07:50,310 --> 00:07:54,680
That could be a possibility that you might miss some of the information.

103
00:07:54,690 --> 00:07:59,160
But it all depends on what kind of involvement you have to we need.

104
00:07:59,160 --> 00:08:07,230
Do we need are we looking for some old application or complex application or is there a late application?

105
00:08:07,650 --> 00:08:08,380
All the stuff.

106
00:08:08,790 --> 00:08:10,180
So this is all about it.

107
00:08:10,230 --> 00:08:17,160
This is very, very important for when it comes to the penetration testing, this is where the moment

108
00:08:17,160 --> 00:08:22,350
you you know, you get the vulnerabilities, but the help of this, you get ability.

109
00:08:22,360 --> 00:08:29,020
You try to find out the information on sites like Exploit Beebee and Civilities as well.

110
00:08:29,280 --> 00:08:32,690
And then from there, you get to know if there's any exploit available.

111
00:08:32,700 --> 00:08:40,170
And then you can get those exploit and you don't go to your mother's point and then target the machine

112
00:08:40,680 --> 00:08:44,760
keeping by making use of those exploit and you get into it.

113
00:08:45,030 --> 00:08:47,250
And that's how the penetration testing works.

114
00:08:47,550 --> 00:08:53,670
And that's why the motion detection detection plays are very, very, very important role into it.

115
00:08:54,150 --> 00:08:54,560
All right.

116
00:08:54,810 --> 00:08:56,210
So I hope you'll like this video.

117
00:08:56,220 --> 00:08:57,300
We'll catch you in the next one.