1
00:00:10,050 --> 00:00:12,840
Welcome in the US lecture we saw that.

2
00:00:13,020 --> 00:00:20,140
How did black hat hackers hide their preluded in order to get files to hack their devices.

3
00:00:21,310 --> 00:00:31,050
So in this lecture we are going to see how to hide in malware in normal PDL file as you know Delphi

4
00:00:31,140 --> 00:00:34,880
has become really common in everyday work.

5
00:00:35,010 --> 00:00:39,880
It's hard to imagine business proposals without the ups.

6
00:00:40,030 --> 00:00:49,200
The format is usually in almost all companies to share business deals company brokers and even invitation's

7
00:00:50,430 --> 00:00:51,310
previous years.

8
00:00:51,430 --> 00:00:56,430
We are not good for the users as several celebrities.

9
00:00:56,430 --> 00:01:05,220
We had a publisher that such as buffer overflow levity were sent here to worse than nine a lot of the

10
00:01:05,220 --> 00:01:12,970
attacks we had observed trying to abuse the book by using social engineering or by hosting malicious

11
00:01:13,320 --> 00:01:22,640
files on the Internet just the simple act of opening the paedophile would exploit libretti who ultimately

12
00:01:22,660 --> 00:01:30,440
downloaded malicious code from the internet and display it quite a while to trick you into Baloo that

13
00:01:30,800 --> 00:01:32,400
nothing wrong was happening.

14
00:01:34,020 --> 00:01:42,800
As against the injured the percentage of this bag using creating you are already a so let's see how

15
00:01:42,800 --> 00:01:44,280
to do this.

16
00:01:44,280 --> 00:01:54,830
Here we are using a metal plate framework to create a more malicious video file so when criminal and

17
00:01:54,960 --> 00:02:00,890
I and most of console stock let play.

18
00:02:01,060 --> 00:02:11,680
Next we are going to use all on those score of underscore and Belward underscore the Exley underscore

19
00:02:12,270 --> 00:02:19,450
no jealous group promote Ramadi will create our malicious parody of it is a modified version of the

20
00:02:20,110 --> 00:02:25,610
IT ALL media embittered easy social engineering.

21
00:02:25,620 --> 00:02:34,450
This question does not require a script to be enabled and does not required you to be added to the query

22
00:02:34,450 --> 00:02:40,950
of the axes embedded in the PDA in a nonstandard matter.

23
00:02:41,070 --> 00:02:56,670
Using hex and quitting so I use exploit slashed windows slash file format slash arroba underscore Boudia

24
00:02:57,090 --> 00:03:04,710
underscore and Bernard underscore XTi underscore no javascript.

25
00:03:04,740 --> 00:03:07,620
Now lets see the options of this tool.

26
00:03:07,960 --> 00:03:18,120
I show options as a Kensi to report names of our Lord and Pooya file.

27
00:03:18,310 --> 00:03:24,890
If you want to do a different name to your PDL file I said file name.

28
00:03:25,120 --> 00:03:28,820
Now enter the name which you want to do here.

29
00:03:28,860 --> 00:03:35,280
How you an invitation next do we need to start with that type of payload.

30
00:03:35,310 --> 00:03:37,200
We are going to use.

31
00:03:37,430 --> 00:03:48,910
So here we are using Windows slash we do Preter slash rewords underscore DCP now and the local would

32
00:03:49,100 --> 00:03:51,850
be done on the machine.

33
00:03:52,700 --> 00:04:02,960
Similarly to state local port number on which the connection is dual use and for machine I said and

34
00:04:03,000 --> 00:04:15,510
put it in Next I put on to create to you a malicious parody of file as a currency or a file is created

35
00:04:16,110 --> 00:04:19,000
and sirra in dark MSA for Pooler.

36
00:04:20,400 --> 00:04:28,760
Now to see our pillar file go to door for local folder.

37
00:04:28,870 --> 00:04:35,480
Here is our militias really are File next to a need to create a handler to listen.

38
00:04:35,500 --> 00:04:37,680
It was connection.

39
00:04:37,720 --> 00:04:43,320
So back to the terminal and type back.

40
00:04:43,540 --> 00:04:57,870
Now to that handler I use these live handler now to set your payload type set payload windows slash

41
00:04:58,120 --> 00:05:08,950
with the operator slash underscore DCP similarly to set a hoist and airport police and on with him.

42
00:05:09,320 --> 00:05:16,910
I said I'll host one and do not 168 43 dog to say one.

43
00:05:17,290 --> 00:05:28,600
Now that said Alvord I said and put it in a now I ran or explained to start a listener.

44
00:05:28,930 --> 00:05:32,550
Now we are ready to listen and incoming connection.

45
00:05:34,340 --> 00:05:39,250
Here you can see I sent my malicious Boudia file to the machine.

46
00:05:40,200 --> 00:05:42,220
Now let's try to open these

47
00:05:45,170 --> 00:05:47,980
against the easy exit.

48
00:05:47,990 --> 00:05:54,500
Did we take the and we got a deliberate decision in our.

49
00:05:56,300 --> 00:06:00,310
Now from here we can control over war machine.

50
00:06:01,650 --> 00:06:11,310
So that's how the hackers and where they are in normal political files who hack their machines tank.