1
00:00:14,660 --> 00:00:21,910
In the last lecture, we saw how to get out across site, request, forgery, attack, in this lecture,

2
00:00:22,280 --> 00:00:24,430
we will start with brute force and attack.

3
00:00:25,070 --> 00:00:28,830
We are going to see password, brute force and practical in the next video.

4
00:00:29,240 --> 00:00:30,770
So what is a brute force attack?

5
00:00:31,550 --> 00:00:37,760
A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing

6
00:00:37,760 --> 00:00:42,790
possible combinations of a targeted password until the correct password is discover.

7
00:00:43,520 --> 00:00:47,080
The longer the password, the more combinations that will need to be tested.

8
00:00:48,020 --> 00:00:50,410
A brute force attack can be time consuming.

9
00:00:50,690 --> 00:00:54,960
If the password is weak, it could merely take seconds with hardly any effort.

10
00:00:55,740 --> 00:01:01,700
Weak passwords are like shooting fish in a barrel for attackers, which is why all organizations should

11
00:01:01,700 --> 00:01:05,420
aim for the strong possibility across all users and systems.

12
00:01:05,910 --> 00:01:12,140
Brute force attacks are usually used to obtain personal information such as passwords, buzz phrases,

13
00:01:12,350 --> 00:01:15,140
usernames and personal identification numbers.

14
00:01:16,460 --> 00:01:22,970
Goals of brute force attack include theft of personal information such as passwords, paraphrases and

15
00:01:22,970 --> 00:01:30,200
many more harassment credentials to sell to third parties posing as users who send phishing links or

16
00:01:30,260 --> 00:01:36,710
specific content defacement of websites and other information in the public domain that could damage

17
00:01:36,710 --> 00:01:42,600
the reputation of the organization, redirecting domains to sites holding malicious content.

18
00:01:43,670 --> 00:01:46,250
There can also be useful positive gains.

19
00:01:46,940 --> 00:01:52,940
Many I.T. specialists use this method to attack, to test network security and more specifically, the

20
00:01:52,940 --> 00:01:57,410
strength of the encryption user network, also known as white box listing.

21
00:01:58,460 --> 00:02:00,530
So what are the types of brute force attacks?

22
00:02:01,460 --> 00:02:08,220
Simple brute force attack uses a systematic approach to case that doesn't rely on outer logic hybrid,

23
00:02:08,250 --> 00:02:14,270
a brute force attack starts from external logic domain, which parts of the variation may be most likely

24
00:02:14,270 --> 00:02:20,840
to succeed and then continues with the simple approach to try many possible variations, dictionary

25
00:02:20,840 --> 00:02:26,180
attacks, guesses, usernames and passwords using a dictionary of possible strings or phrases.

26
00:02:27,730 --> 00:02:32,680
A rainbow table is a computer table for reversing cryptographic hash functions.

27
00:02:33,430 --> 00:02:38,320
It can be used to get a function of a certain level consisting of a limited set of characters.

28
00:02:39,100 --> 00:02:44,320
A reverse brute force attack uses a common password or collection of passwords against many possible

29
00:02:44,320 --> 00:02:44,980
user names.

30
00:02:45,730 --> 00:02:50,230
It targets a network of users for which the attackers have previously obtained the data.

31
00:02:51,880 --> 00:02:58,690
Credential stuffing, it uses previously known password and username peer's trying them against multiple

32
00:02:58,690 --> 00:03:05,110
websites, it exposes the fact that many users have the same username and password across different

33
00:03:05,110 --> 00:03:05,830
systems.

34
00:03:06,730 --> 00:03:11,860
Brute force attacks typically rely on weak passwords and careless network administration.

35
00:03:12,580 --> 00:03:18,100
Fortunately, these are both areas that can be improved easily in order to prevent the vulnerabilities

36
00:03:18,460 --> 00:03:22,430
that could bring your network or website resources to keep in the knees.

37
00:03:23,620 --> 00:03:30,370
For example, utilizing strong passwords, allowing a limited number of long ATMs, and enabling Two-Factor

38
00:03:30,370 --> 00:03:32,890
authentication can help to prevent brute force attacks.

39
00:03:33,760 --> 00:03:39,460
Ultimately, it is important to educate your organization on the importance of password strength and

40
00:03:39,460 --> 00:03:41,410
the general information security habits.

41
00:03:42,530 --> 00:03:48,860
Even with a strong password, Implats can fall victim to insider threats, your security is not strong

42
00:03:48,860 --> 00:03:49,740
part of your culture.

43
00:03:50,450 --> 00:03:58,310
So on your screen, you can see that how to prevent brute force attacks never use information that can

44
00:03:58,310 --> 00:04:07,460
be found online, like the names of family members, like the example Samual 1998 have as many as characters

45
00:04:07,460 --> 00:04:08,000
possible.

46
00:04:08,930 --> 00:04:15,200
Like you can see Samuel Adut Phillips landed like here is every each and every combination.

47
00:04:15,200 --> 00:04:21,680
Like there are letters, there are special characters as well as their numbers combined letters, numbers

48
00:04:21,680 --> 00:04:22,500
and symbols.

49
00:04:22,880 --> 00:04:26,140
The first is capital letters of Semmel, as is capital.

50
00:04:26,360 --> 00:04:27,230
The next small.

51
00:04:27,470 --> 00:04:29,820
Then again, B is capital.

52
00:04:29,820 --> 00:04:34,310
Then the special letter Aderet and the Ninety-eight and then exclamation mark.

53
00:04:34,520 --> 00:04:40,210
These types of passwords are difficult to brute force, be different for each user account.

54
00:04:40,550 --> 00:04:44,480
Like don't keep the same password for each and every account for Gmail.

55
00:04:44,480 --> 00:04:45,650
You can keep something different.

56
00:04:45,770 --> 00:04:49,770
For Instagram, you can keep something different for Facebook, give something different.

57
00:04:50,330 --> 00:04:58,610
Our common patterns, like if your name is Samuel and your birthdate is in 1998, so just don't put

58
00:04:58,610 --> 00:05:03,980
the password as Samuel Alderete 1990, our D mistakes else.

59
00:05:04,160 --> 00:05:06,410
The brute forcing password is very easy.

60
00:05:06,980 --> 00:05:12,620
In the next lecture we will see the practical approach on how to brute force the attacks using absolute.