1:43
2025-08-01 09:20:57
3:21:34
2025-08-01 09:23:06
3:24:40
2025-08-01 13:02:23
52:46
2025-08-02 09:03:25
4:52:32
2025-08-02 09:56:41
Visit the Kali Linux Intermediate course recordings page
WEBVTT
-->
yes and no what I see is you're on death the desktop I still see you on the
-->
desktop I am about to share my screen fantastic you are going to get there um
-->
have you done NCL before yeah you need a really good study buddy can you hear me
-->
I'm here can you hear me so far oh good you can hear me we're doing we're
-->
cooking with grease I want to share my screen okay I'm gonna do it on my my
-->
virtual box here one other happening one of the requirements need to restart my
-->
virtual box or something I'm clicking on the button I have it open but I don't
-->
see it close window hey you see it by virtual box yeah i do not see it it's running
-->
that it is i'm trying to okay i got it i found it okay let's close let's go
-->
oh it's not responding that's what's happening let me close this close the program start it up
-->
again and maybe it'll work it was probably open since yesterday okay virtual bodies in the task
-->
all right then what else do i want to task let's end this task save me some resources
-->
and I have all this open point okay Microsoft okay close that I'm gonna go
-->
back to my virtual box and see if I can open it make some stuff work Linux going
-->
to the Cali machine yeah dog or cat got two dogs myself you had a couple of kids
-->
running around there too yeah i have a handsome young man i saw him yesterday in the background
-->
thank you i have our five grand babies and um four of them are here right now
-->
okay i'm opening up my stuff okay um um i know you know this but i'm gonna do my um
-->
my updates yeah let that roll through um I seem to be good to go clear the screen okay I'm gonna
-->
come to my Firefox and I want to open up my Pico CTF login I am human logging in and I'm doing all
-->
that's inside my virtual box okay yeah all right let's see in your virtual box I get it so they
-->
have two wireshark things here let's click on this first one um any and every time use you know
-->
what a pcap is in the pcap ng yes or no i know it's a wireless file so no okay i can lock it up
-->
there we go that's what we're going to do it's just the research i am going to click on this
-->
and it's going to start the download it's coming up at shark one two pcap ng which i guess i've
-->
done this before and it's going to download in which folder in my Cali can
-->
you tell me the box that you're on I'm sorry what you're downloading something
-->
and you're asking me which folder it's in the terminal that you're on okay so
-->
what do I type to see what's here would you want to list the what's in the file
-->
ls ls enter enter okay do you see that it was it was it was a shark it was be specific
-->
shark1.png so when you download stuff it goes into the downloads folder you understand
-->
and we need to know that as pentester right so i'm gonna change directory to downloads
-->
do a list and look here's ncl spring um and then it's um alphabetical order i have three sharks
-->
right i only need one so i'm going to remove the other ones rm to remove sharp tab that over
-->
do that like that and that then i'm going to remove the second one come over here
-->
uh do that like that and do that then i'll do a list again and i have the one shark one p cap ng
-->
did you find out what p cap and p cap ng mean yet
-->
packet capture it's a file format for network traffic it's a packet capture
-->
and what's inside of it is headers payloads and sources right and then what does pcap ng mean
-->
g mm-hmm we want to always quickly know or if we don't know we want to always find out
-->
we're going to do two things here too as a matter of fact because uh
-->
i want to answer all of your questions thinking you can't benji come on so here we go google work
-->
you see it did you say yes it's generation yes next generation now you know
-->
and all i did was type this question into google and they gave me the answer
-->
So it's a replacement file for an old payload file for wireless, which was the Wireshark
-->
one that we were always looking at, which was something else.
-->
So PCAP is the new one that we will see forever going forward until they come up with a new
-->
one.
-->
This is what we're using.
-->
They're using PCAP-NG.
-->
You may find PCAPs or PCAP-NG, right?
-->
dot pcap ng's capture file format overcome limitations of the original lib pcat so that's
-->
the brief history of it and then of course we have wireshark alternatives right so look at all
-->
these different tools that you probably heard of that you can use tcp dump in the command line
-->
eat the rape header cap is even better cap all right 15 more these are all packet capture type
-->
like tools you can do it in the gooey you can do it in the command line there's also a t shark i
-->
don't know if it's written here but i saw it somewhere um these are two cloud shark these
-->
are tools that you can easily learn how to do on your own especially since you do well
-->
doing stuff on your own how do you do that okay we're gonna discuss that in a minute but
-->
i downloaded this i'm in my terminal do you know how to open this dot p cap ng in the terminal
-->
okay so i'm gonna type the word wireshark start one dot p cap ng you got it
-->
press enter it opens up that particular packet file now opens up in wireshark now i'm gonna go
-->
back over here to this can you find the flag right the flag represents some sort of investigation
-->
as a supervisor i will come to you and i will say hey can you tell me everything that you can
-->
about this particular PCAP and G5 and I need you to say, okay, and simply open it up and go into it.
-->
What do we see? Number, time, source, destination, you know, source IP, destination IP,
-->
the different protocols, the length, the info, and you have all this information up here
-->
and how do you learn it? How you learn it is you go to Wireshark.org, I think it is.
-->
Okay. Official certification from Wireshark is available. Did you know that there's a
-->
Wireshark certification course? No idea. Okay. This is good. And here it is right here.
-->
I actually clicked on to open it. Let's make this a little bit smaller. This is crazy looking.
-->
oh maybe that was supposed to be that big do you do this certification i i how do you say i do a
-->
little bit of everything i i think i have let me see let me look because i don't know i don't remember
-->
oh i know where to go the desktop i have these certifications uh things like 33 of them
-->
so are they going to get you a good job
-->
yes
-->
as a matter of fact those people offered me the job yesterday
-->
good
-->
the
-->
the power of certification
-->
coupled with experience
-->
if I do a search
-->
this is one of my top search
-->
in this area
-->
it does exceed
-->
this and I just
-->
happen to know that for a fact
-->
because I was a CISO myself.
-->
I mean, this is heavy compensation for anybody, almost anywhere.
-->
The thing is, though, I manage a company, and I teach.
-->
There's my little head right there when I had a beard.
-->
I teach people applied certification and work preparation.
-->
I teach all of this different stuff.
-->
i just do stuff um i am in this program working with this guy i'm actually his subcontractor
-->
um all of these people got jobs after working with me for three months
-->
and you can see my um my former life i worked in law enforcement so who's in your classroom
-->
studying is that military people who's in your classroom all of the above civilians
-->
law enforcement military intelligence i am so how does that work you go through a military or
-->
is it a boot camp or is it through your company it's through my company okay i understand yeah i
-->
this i i have i run i manage an internship so people can get actual work experience
-->
i have jobs for them to do do this work the crazy thing is though is the
-->
if they go through the we owe a program then they get paid while working for me otherwise they pay
-->
me to get this experience um but i um we do a little bit of everything that's going to help
-->
them gain employment um wire shark is a certification that let me see um let me see what it says wire
-->
shark average salary how about this wire shark certification average salary about 84 000 up to
-->
129. so let's do an example together can you find this flag in wire shark first of all we need to
-->
know what wire shark does what does wire shark do powerful open source network protocol analyzer
-->
allows you to capture and inspect network traffic okay this is important capture and inspect
-->
use to troubleshoot network issues analyze behavior network behavior detect security
-->
vulnerabilities we want to do all that stuff to detail microscopic view of network communication
-->
allowing users to see the data packets uh flowing between the devices and they have all these
-->
different examples there are free wireshark tutorials online awesome videos right um this
-->
guys been doing it forever there's a whole full course here it will help you i promise you when
-->
i learned wire shark it was called ethereal wire sharks previous name ethereal i learned ethereal
-->
or wire shark from nsa when i did technical surveillance countermeasures the hardest program
-->
i have done to date even tougher than my doctorate degree right what did it do physical inspections
-->
electronic sweeps other techniques to protect sensitive information and secure spaces from
-->
unauthorized surveillance right i'm looking for hidden cameras listening devices eavesdropping
-->
equipment i'm literally looking for terrorists um bad guys i was kind of like threat hunting
-->
okay in that i um wire shark was just one of many tools and big boxes i used to carry
-->
so let's do one we're in this terminal this is running i've opened up this pcat okay so i'm
-->
gonna do this I'm gonna do I'm gonna do a print screen at least I clicked on
-->
print screen print screen all right we got it and I'm gonna highlight all of
-->
this up to there that's all I need I want you to start doing this for the
-->
rest of your life yeah okay I'm gonna come over here to chat and say um teach
-->
me how to explain this all right I'm pasting and nothing's happening let's do
-->
that again well it takes a long it didn't paste okay let's do a print
-->
screen again print screen okay let's get it again come back over here there we
-->
go it did it finally right there is no way around this no one automatically knows all this stuff
-->
the hackers in the real world this is exactly how they taught themselves it's just that they did it
-->
with Google and maybe a book so it's looking at a wire sharp PCAP file okay high-level summary
-->
right we see a whole bunch of HTTP requests between two internal IP addresses it's giving
-->
you some examples here over tcp guaranteed handshake right detail breakdown we got the
-->
packet list pane which is the top section each row represents a network packet now if you know
-->
this stuff tell me so i don't do it talk to you about it i just want to make sure you understand
-->
right there keep going please okay so we got the number column right which is the number time
-->
the epoch time e-p-o-c-h time that's why you see this 0.0 0.053 0.0315 you can look that up
-->
the source time is micromanaging so we can find out exactly when uh uh an attack happened a packet
-->
came through the network a packet left the network right we have the source ip address
-->
it's highlighted 192.168.38.104 the destination ip 103. on tcp we have the length of the file 391
-->
we have information this information could be anything it says tcp pdu reassembled in two
-->
We have the push, acknowledgement, the sequence one, acknowledgement one, windows, the length
-->
is 337, the size of the packet.
-->
And then with all of these different icons, file, edit, view, gold caption, analyze, statistics,
-->
this will take you months to learn.
-->
You will not learn it today.
-->
but if you have an overview of what they are you will at least understand how to get the
-->
information this total chat gpt thing is a game changer before this i had to google everything
-->
and try to show people and tell them what i knew off of my memory so we got the number the packet
-->
number in order the time the ip addresses the protocol tcp or http so it's in the browser
-->
right size of the packet we have the tcp flags really good to learn that just google explain
-->
the tcp flags to me the um http methods post so that means someone posted something somewhere
-->
sequence and acknowledgement numbers information like this right
-->
htp code 200 means that it's okay means that you know it was successful you can see it
-->
we have the middle pane which is the packet details pane let's go back there
-->
over here and over here this is usually the middle pane let's go back
-->
close this shows the decoded layers for the selected packet now wireshark does not decode
-->
unless you uh if they have one well i'll put it like this it doesn't show
-->
https that particular protocol hypertext transfer protocol secure
-->
it will come up as what we call i call it gobbledygook you know it'll be uh encrypted
-->
information. Encrypted information cannot be
-->
captured. Well, it can be captured, but it can't
-->
be viewed. Does that make sense?
-->
Yes. Not even
-->
by you? No.
-->
Can you view it? No, no. Nobody can view it.
-->
No, I don't want to say that. It depends
-->
on the type of encryption.
-->
So, I was listening to a hacking
-->
video last night, and there was
-->
it was one of the common
-->
guys, I don't know, it doesn't matter, but he
-->
was talking about hacking VPNs
-->
and how the NSA has hacked VPNs
-->
for years and how it's just a bunch of garbage and it's like why are we so set up to fail
-->
so nsa because they are monitoring other countries they make and build a lot of this stuff they
-->
reverse engineer even before it goes out now that's a legend that's what i understand and i believe it
-->
i am also a graduate of nsa all they did was teach me bad guy stuff
-->
nsa created smb or eternal blue which is we can easily get into someone's network
-->
we have hooks the bad guys allegedly have hooks in our network they socially engineer us they get
-->
inside of our networks that's how we keep our country safe by monitoring even our friends of
-->
course they will not exactly admit to that but then again that's kind of what is like out there that's
-->
what we do and yes i would not doubt that you gotta you can't put that stuff online though
-->
so are you a big proponent of palantir um what's palantir i don't even know what that is
-->
it's the pal it's a silicon valley palo alto um company that the the government just gave
-->
a big contract too for surveillance purposes so so here's the thing the government is always going
-->
to surveil its neighbors its friends its enemies it has nothing to do with what whether we like it
-->
or not it's just a mandate pardon me it is it's what they do each government agency will say no
-->
we're not monitoring you they are monitoring us left and right they are going after hard and
-->
soft targets. They will use any system that they can.
-->
OK, so you have a decoded
-->
layers. Ethernet to layer to
-->
the MAC addresses layer three for the IPV
-->
for layer four. This is pretty much a breakdown of the
-->
OSI model at each layer. And this is data.
-->
So if you had to, if you I'm going to tell you
-->
story but if you were playing sock analyst and you're using wireshark you're trying to drill
-->
down to find out what happened and you may even want to corroborate it with another tool then
-->
packet three the packet bytes pane right raw packet data in hex and ascii format so you can
-->
clearly read the post um the the particular directories within the headers and content
-->
all right so like we have powershell remoting or win rm session this is good it's breaking this
-->
down for you it's telling you what it possibly is why port 5985 is default to win rm or over
-->
um http encrypted while 5986 is https so you won't be able to read that
-->
why is it important adversaries may abuse win room for lateral movement moving once they get inside
-->
their one organization's computer their lateral movement to another computer maybe even to the
-->
server um hackers always want to get to those servers they can take over the world
-->
Okay, monitoring posts to the WSMAN subscriptions can help detect the use of remote PowerShell
-->
or C2 frameworks, command and control frameworks like Empire, PowerShell Empire.
-->
Talking points, let's follow the TCP stream to reassemble this conversation.
-->
We want to know what was being said, right?
-->
This is what you would do in NCF.
-->
you're doing you can't get more real than this except for to do it for real this is a real live
-->
how do i what am i doing and this is a real live write-up right here so you're going to right
-->
click a packet follow tcp stream we can identify the service using the destination port and inspect
-->
the payload uh for science for the wind room rm usage look for unusual post requests especially
-->
with multi-part encrypted content types this may indicate obfuscated or tunneled data okay
-->
that was a lot right yeah probably over your head right so this is what we're going to do let's just
-->
do it okay no i was familiar with most most of that okay from ncl from the lab fantastic and there
-->
are a lot of tcp pdu reassembled this is all one conversation right and it only takes seconds to
-->
capture data can you tell it's all one conversation because it just is it captured one file and we
-->
have that file now that one conversation could also be two thousand four thousand it can be huge
-->
and then you'll have one file i understand yes right and we see 103 104 constantly they are just
-->
here you go here you go here you go here you go going through the whole tcp process the http
-->
looking on the url so what we're going to do now is i'm going to right click here
-->
and like it said it wants us to follow the TCP stream we want to follow the
-->
conversation this is the entire conversation 13 kilobytes it's showing
-->
an ASCII format although there's plenty other formats here if you want to look
-->
at that right you can break this down in the bytes but we want to examine the
-->
entire conversation there's no delta times we'll have to worry about that and there are a boatload
-->
of different streams what do we see we see what it is post w ws man subscriptions and we have this
-->
long hex number or i don't know what that is and http 1.1 connection keep alive right it's telling
-->
it wants to keep it alive multi-part encrypted protocol application http http cover row session
-->
is encrypted boundary encrypted boundary this is an example of encryption that's what it looks like
-->
we can't understand gobbledygook how do you decode it can't wire shark doesn't um if we
-->
don't have the tools to do it wireshark is open source nsa probably has the tools to do it and
-->
even still um we don't know how it's encoded we don't we that's that's what cryptographers
-->
cryptographic people they would have to do this it's it's a lot you can't do it don't even think
-->
about doing not this got it this this will make your head hurt you need a really not like you
-->
could put it in cyber chef and figure out what cypher it is it's impossible right yeah this one
-->
is you're not gonna do it okay so now it's a good question but now it wants me to follow the stream
-->
of all the conversations we're looking for anomalies we can see what we see in english
-->
But I'm going to go to the next stream.
-->
Stream one.
-->
I see what I see.
-->
It looks a lot the same.
-->
And it's a lot of data.
-->
But what are we looking for?
-->
Here's the hint.
-->
You're looking for Pico CTF curly bracket flag in curly bracket.
-->
That's what the question is asking you to do.
-->
You understand?
-->
Yes.
-->
Okay.
-->
So we're going to come back.
-->
we're not trying to make up stuff and make this harder go off of the literal
-->
words that they say so I'm scrolling down and I'm looking I may even want to
-->
search curly bracket curly bracket and just hit enter and it shows me two
-->
curly brackets right here well I don't see a flag inside that I can search for
-->
pico ctf uh nothing is showing up well because i'm not going to look through this
-->
with the naked eye like it's crazy you see what i'm saying
-->
all right who can look through all this and guess what we'll have to look through all this
-->
line by line when you are not looking for a flag when you don't know what you're looking for
-->
you understand yes which was a stressful thing to a former tscm operator
-->
why because i didn't know what i was looking for i wasn't looking for a flag i just know that
-->
somebody did something and i see a port that shouldn't be open and i'm like what are they
-->
doing let me see then i would capture the file and i had direct communication communication with nsa
-->
and I'd send a file to them encrypted, and then they would go through it themselves.
-->
I tried to find it locally, and they did a deeper, deeper inspection.
-->
So your job was only to capture the files and send them off for cryptography,
-->
for the cryptographers to decode.
-->
My job was to capture the file, try to decode it on site.
-->
But if it was going to take me a long time to do it,
-->
whether I found it or not, I sent it to NSA.
-->
interesting that's how we keep our country safe i was like uh i was a major input to what was
-->
going on for the president of the united states so i'm looking through here i don't see anything
-->
that's sticking out but i know i'm looking for a flag i did a search i didn't find anything
-->
so i'm going to go up another stream oh wow i don't see anything here let me go up another stream
-->
okay i have data i'm looking i'm looking this says collide that means nothing
-->
rhb i don't see anything you see anything standing out to you or you see a bunch of
-->
letters and some dots okay oh oh this could be something no it's not you have to get accustomed
-->
to it okay let's go to the next stream oh well that doesn't look like anything it's nothing to
-->
decode okay i got some english words here get this http here's the host what is 18.222.37.134
-->
oh that's outside the organization that is a clue somebody outside this organization sent this from
-->
this ip address let me keep that and they want the connection to stay alive right that's no bueno
-->
the maximum age says zero cash control upgrade insecure one request it was done from mozilla
-->
firefox i got the system apple web kit okay like gecko chrome safari okay except text or html
-->
applications it has all listed here images except encoding gzip deflate that's not good
-->
somebody is probably sending some sort of gun zip file a gzip file so they can inflate uh send
-->
large programs and a small little thing over the line it's in english okay 200 okay so that we
-->
that is definitely a connection we got the date that this took place this is not a normal time
-->
people are not at work right gmt time still have to look that up but still this doesn't it was done
-->
in the morning in the nighttime all right apache ubuntu right but this is window okay from this ip
-->
clues we got the date here that was last modified just three days prior there's an e-tag
-->
Okay, we'll document that, accept the ranges, 47, the bytes.
-->
Keep alive.
-->
Time out in five.
-->
Max is 100.
-->
Keep alive.
-->
This is no bueno information.
-->
This is stuff that makes me say, hey, what does this mean?
-->
What is this?
-->
You know what I see?
-->
I see this, and I see my two curly brackets that look like that Pico CTF.
-->
This could be the flag.
-->
Do you see that?
-->
I think one, two, three. Copy.
-->
Let me go to say here.
-->
Let's crack open.
-->
You said cyber chef.
-->
Yes. All right.
-->
Now, the question is,
-->
what does that look like to you?
-->
So we can go to our favorite search engines, right?
-->
what does this look like to you and let's see what it says oh rot 13 encoded do you know what
-->
rot 13 is oh yeah it's a type of cipher all right and then look at this the flag is yeah pick ctf
-->
peekaboo peekaboo i see you deadbeat how did you know how to pick rot 13 i didn't look at what
-->
outside that's what okay i think right but hold on let's look at this okay give it a try
-->
okay i don't want that one i want to i want to look up what is rot 13. simple letter cipher we
-->
saw that earlier okay here's this look at this let's go to this image okay rot 13 means rotation
-->
13th letter yes 13th letter in the alphabet so if i wanted to encode a message such as hello
-->
i'll just type hey we're spies hey donna um when i when i see you 30 days from now i'm gonna send
-->
you a message on a piece of paper don't say anything to me keep walking just make sure
-->
rod 13 i walk away 30 days later you get your rib and you're like this what wait a minute he told
-->
me rod 13 the letter u is really an h the letter r is really an e the letter y is really an l the
-->
The letter B is really an O.
-->
And vice versa.
-->
Cool.
-->
Okay?
-->
This is spy stuff.
-->
That's all cryptography and ciphering is.
-->
It's communicating in plain sight, but so other people don't understand it.
-->
It's like if you speak Spanish, hola.
-->
What?
-->
I'm not an hola.
-->
All I said was hello or hi.
-->
no need to get offensive about it you understand if i spoke french je m'appelle wesley phillips
-->
context clues you may be able to gather what i said what i said was my name is wesley phillips
-->
from here now i will type if i know what it is because i know how to research and use chat gpt
-->
rod 13 there you go pico ctf peekaboo i see you dead beef copy come back to pico
-->
paste that joker submit the flag hooray you solved the challenge again correctly
-->
awesome from there you're still not done you need to do more research
-->
rod 13 okay here's a rod 13.com i'm gonna take that same thing okay i did the reverse of it but
-->
let's get this roll x let's do this again one two three throw c delete okay paste there we go
-->
drop 13 rotation 13 look at how many rotations there really are you see that yeah right so if
-->
i'd have chosen selected the wrong rotation i would i would not have found the answer
-->
you are only as good as your knowledge and the tools you know how to use
-->
i'm not trying to hurt myself i may even do this and just search and when i see
-->
rod 13 come up some write-ups too right i go here cipher text is what this is plain text is what
-->
we're looking for rod 13 decode oh well here's rod 5 here's rod 18 here's rod 47 what kind of
-->
letter system is that bad bad guys will do anything they can to hide their bad work to hide data from
-->
us we also use encryption to hide data from bad guys or unauthorized people from accessing it
-->
when you want to send your social security number to an employer you want to encrypt the email
-->
right it's a protection guess what the government i actually know these people
-->
i know of a guy he works for a certain three-letter agency he built a tool that he can put inside of
-->
his backpack he can walk in any country in the world including this one but he won't do it in
-->
this one and he has wire shark on his um on that in that backpack download it for free you know
-->
wiretruck is free anybody can download it that means that when he walks a one block radius he
-->
could pick up capture files within a one mile radius and then he can come back home and they
-->
can analyze all those files and they can learn all kinds of secrets did he uh design his own device
-->
he did is that what makes him special he worked he's sanctioned and that's what he's like a
-->
cryptographer. And that's what he does. Now, I've done this with actual students. I've had them
-->
bring in their laptop or their computer, download Wireshark for free. Wireshark is a free download.
-->
Kali Linux has Wireshark for free. As you see, it's free. It's already there.
-->
Download now. You download on any operating system. There's a whole learn section.
-->
the user's guide certifications etc etc you need to read it you need to do it oh i will
-->
you've got to that's the only way you're going to two more weeks off so i will i will master that
-->
in two weeks master fantastic that's what i like to hear and then from there um i mean some of
-->
these um uh let's come back over let's do it like this wire shark tutorial right there are tons of
-->
them yeah the videos speak for themselves all this right here and then you just need to take
-->
really good notes and there's nothing like finding a wire shark tutorial with a video
-->
or even look at this right here uh give me five wireshark
-->
examples i can do on my cali linux machine
-->
while that's doing that i'm going to show you this wireshark pcap file let me see yeah files
-->
Let's do a free Wireshark PCAP files, right?
-->
Here's some sample captures right here.
-->
Public PCAP files for download.
-->
Index, Wireshark capture files.
-->
Why am I showing you that?
-->
Roles to look at.
-->
So you can do that on your machine.
-->
There's nothing fake you're doing here.
-->
You understand it?
-->
Look at this right here.
-->
See unencrypted HTTP requests.
-->
Great for understanding web traffic.
-->
Open Wireshark, select your main interface.
-->
In a terminal, run this.
-->
Wireshark, filter by Nginx or HTTP.
-->
Click and inspect.
-->
What to look for, the GET, the 200 OK.
-->
Inspect DNS query, et cetera, et cetera.
-->
You can solve all of your problems.
-->
You don't need anyone if you know how to do the research and what to research.
-->
Let this software and Google research do everything that you need it to do.
-->
You will learn.
-->
If you have a talk, what questions do you have right now?
-->
How do I configure my Raspberry Pi?
-->
Look, how do I configure my Raspberry Pi for Air Crack NG?
-->
Look at this right here.
-->
i'm doing this for my fellows right on my class
-->
because chat she's not going to teach you how to pen test or crack someone's uh wi-fi
-->
in the in the real world per se you know what i'm saying great project
-->
powerful portable tool right wi-fi auditing and ethical uh cyber security with eight
-->
talks have a fellow right step-by-step guide here you go there you go and there you go some more
-->
hey we done this before iw config iw right look at eight steps
-->
you you mentioned something the other day to me when we first met and i actually did it
-->
what I'm gonna show you I'll put it here so I just remember I have it here where
-->
is it here it's in my pen test section pen test okay see that right there I
-->
created a mobile hacking lab pen testing that yes my question is then I mean I
-->
understand creating these labs and doing it yourself but like for instance if i create a vm
-->
and try to simulate a recent hack like the linux cheroot hack i mean how like um
-->
like uh how does people how do people like you know that i'm a student versus somebody who is
-->
actually trying to do a hack like if somebody takes my laptop and i have all these vms with
-->
all this simulated stuff that i'm trying to do where is the i mean how come i'm not considered
-->
a criminal i mean i haven't done anything with it but i mean is my computer up for suspicion is
-->
what i'm trying to say when i'm trying to learn this stuff okay let's answer let me answer one
-->
question at a time. Give me the first question, because that was a lot of questions, and I don't
-->
know which one to answer first. When I build VMs and simulate hacks, do I have any legal
-->
ramifications with my computer as a student? No. You're good. I mean, yes and no. So here's
-->
the thing. You see my machine? This is my VM. I literally had about 75 different vulnerable
-->
machines in here but right now i have only like 12 give or take i have my wazoo i have all this
-->
stuff now no one gets to see this stuff except for the my students and my my my fellows with my
-->
company because i um i i do build this is a whole red team blue team lab right here
-->
where we do build attacks and then we build defenses to see what they look like
-->
this is stuff that I do um as a student in this dr. West is that you know the way
-->
our institution sets us up you know in a sense is that you know because I'm
-->
going to you for different information it's like I'm seeking out the last
-->
chapter of the Bible you know what I'm saying it's like I'm just trying to learn
-->
which they've already introduced me to and they're asking me to use in cyber lab but nobody wants the
-->
responsibility of teaching it and so nobody's giving us the information that we need to
-->
they're going to give you the bare minimum to get by um but um it's like for example i mean i mean
-->
martial arts instructor for example right i want to get if someone comes to me and say hey dr phillips
-->
i want to learn martial arts from you i've seen you in action i want to see what you can teach me
-->
and i'm like okay well let me learn about you why do you want to learn martial arts
-->
if they say something like i want to learn how to beat someone's behind i want to learn how to kick
-->
butt i want to learn how to beat up people well guess what i'm going to say i am not interested
-->
in teaching you good luck on your quest can you tell me why i said that because you want somebody
-->
to say i am here for self-defense i'm in fear for my life and then i want to learn how to protect
-->
myself so that's why we had that orange jumpsuit conversation we're talking about pen testing aka
-->
hacking right i'm showing you real bad guy techniques all you have to do use your vpn
-->
socially engineer or brute force your way into a network once you're on their network you can do
-->
anything you want to because Kali Linux is free to the world not just you not just me not just
-->
all the other students in classes the students in the classes don't know what to do the teachers
-->
in universities don't get me started i used to be a dean of a college the the teachers in these
-->
colleges will teach you what the curriculum says they don't add in the real life how you do it in
-->
real life i try my best to do that and as you see i know how to use virtual machines you do too
-->
i know how to do almost all of this stuff best part is i know how to figure it out
-->
i have friends i do research i know how to use the the gpts to my benefit i know what to say so i
-->
don't get in trouble and end up in that orange jumpsuit when you look at my linkedin profile
-->
it says the company that i work for you go to my website it tells you everything that i do
-->
so it's not like um i'm out there doing anything bad i understand correct so when they did a
-->
background on checking well she's a cyber security stupid and um yeah but she could be doing bad
-->
stuff you have training right here if they if someone came to me and said did you teach her
-->
how to do hacking yes 100 can't lie about it did you teach her how to hack into organizations
-->
yes i did so you taught her how to hack that organization that she hacked into
-->
no i did not check your questions right know who you're talking to i'm a former law enforcement
-->
officer former law enforcement agent right i'm like wait a minute i show all of my students how to do
-->
these things i also show all of my students this and we have that conversation from the beginning
-->
you don't do it to prove a point you have to have written permission and all that stuff
-->
we're talking about write a report otherwise you can't hack into someone's network you don't
-->
do it to prove a point and you don't want to end up in an orange jumpsuit so definitely not
-->
the presentation it it's it's all in what you do and what you say it uh it'll it'll work out in
-->
your in your benefit my my um profile is you know very public um and everybody kind of knows it um
-->
Um, that's me without a beard.
-->
So, um, this wire shark stuff, it's like, it's like, you know what it's like?
-->
It's like, um, being a really good chef working with chops.
-->
You have chefs that will say, um, that give me the instructions, cooks, I'll say that
-->
follow the instructions and they make a pretty good meal.
-->
I can do that too.
-->
You probably can too.
-->
Then you've got those chefs that say, here's some chocolate, here's some tomatoes, here's some squash, make a good meal.
-->
Huh?
-->
I can't do that.
-->
And then you've got some people who will make that meal and it's like, this is good.
-->
So with this whole cybersecurity stuff, with the penetration testing stuff that we're doing, right?
-->
we have to deal with what we have in order to accomplish our goal what is your goal
-->
is your goal if your goal is to do penetration testing okay we have done one looking forward
-->
to doing another right let me see cali linux intermediate right uh-oh right
-->
trying to get there on purpose the intermediate right we need to know all of these things
-->
and then and the technique that i showed you yesterday i was hoping you were really getting it
-->
and then what I want to do is get you to do it to me.
-->
Show me how to do these things.
-->
Show me what you came up with and then let's do it.
-->
Show me an example of this and then let's do it.
-->
Show me an example of this and then let's do it.
-->
You understand what I'm saying?
-->
You're creating, I gave you a process to follow.
-->
you may look at it as if well this is not showing me wait a minute yes it is as an employer and you
-->
did i i agree with you you gave it to me as an employer i don't want people to come work for me
-->
that's going to say hey boss show me what to do show me what to do show me what to do
-->
why did i hire you why did i hire you why did i hire you i gotta go to a meeting
-->
I want to be able to brag about who I hired because, man, he or she can do anything you ask them to.
-->
So, Donna, you told me yesterday you may have done scripting in Bash Shell.
-->
Here's what I'd like for you to do.
-->
Tell me what to do to do a script in Bash Shell.
-->
Keep it easy.
-->
Keep it simple.
-->
I will help you.
-->
Tell me what's the...
-->
I'm going to copy this content.
-->
Tell me where to go, what to do.
-->
i can read it but i have no idea okay you do have an idea okay let me tell you the very first thing
-->
you should do is always research it just tell me where that's my hint well so i'm on uh chat and i
-->
looked up bash scripting hold on hold on tell me don't tell me what you did tell me i want to help
-->
you i want you to tell me what to do even if you fail tell me go there go there do this
-->
go to google or go to chat which one which one go to chat and tell us good um what is bash scripting
-->
what is bash scripting okay it's going to tell me something right let's wait and see what it is
-->
writing a sequence of commands and a text file executed as a program
-->
okay born again shell which is this is this okay what's in what does bash script we look like oh
-->
shebang been bashed echo hello a shock cyber fellow today blah blah blah blah blah okay how to
-->
run a bad script okay so now what should i do now i would pull up the cali terminal cali terminal
-->
starts bashing so let's do a bash script then i'm getting in there hold on i'm going to the terminal
-->
let's do this ctrl c closing that clearing that right trying to get there right let's do a cd
-->
till day go back to the home clear okay we're going to create a bash script right
-->
what a basket looks like now what do i tell chat
-->
what does he want to ask chat how to run the bass script well here it is already there how to run it
-->
change your change your word how to enter it into the how to enter it okay so um
-->
give me step-by-step instructions to create this bash script how about that you there
-->
okay i was asking you how about that so i can hear you think yay or nay okay i'm gonna hit enter
-->
oh wow look create a basket for a network scan nice okay we'll update that throw this
-->
nano okay so we have step-by-step instructions you ready let's do it
-->
together copy here right click paste enter oh I'm in there what's happening
-->
I want a text editor a nano then I have the shebang bin bash which we have to
-->
right echo start working scan blah blah blah copy from here right click I'm pasting it okay
-->
let's come back what do you want me to do now notes shebang tell the system this is a bad script
-->
see how that works in map sn pings all hosts on the subnet ping scan only on saves the output in a
-->
normal file format to a file just like when we did the greater than sign and we gave it a name
-->
that's the uh the o n i think i mentioned that yesterday all right save and exit ctrl o press
-->
enter save okay let's come back here ctrl o press enter ctrl x to exit do a ls and where's my bash
-->
script it's in the ends network scan dot sh now what happened make the script executable so we have
-->
to do the change mod add the executable and that particular file so if we want to look at that
-->
we'll do this first ls tag al tag network look at it it's not executable now so i'm gonna follow
-->
that command i'm going to copy and paste it because i want to show you how easy this is
-->
copy come back you can also type it in and then i paste the selection enter i do up arrow twice
-->
three times hit enter now it's executable do you see the difference between executable
-->
and non-executable okay okay good and then i'm gonna come back here it says run the script now
-->
execute run that script by the way what was that ip 192 once he said okay that's usually standard
-->
that's probably going to work you can run it with the dot forward slash to run and do that let's do
-->
that copy come back and then i will paste and enter we just ran a bash script we just automated
-->
the script if i can if you can upload one of these to someone else's computer all you gotta
-->
do is get it there send it to them in an email and then bang it'll upload and start doing it
-->
and it did a scan report for all of this stuff right here let's hold on let me do um let me
-->
score my down ls because it's going to give me a file right it was um let me see i'll go back
-->
here i can see it faster scan complete results to be scanned scan results dot txt there it is
-->
right there so if i were to cat that all that stuff that we see up top would actually open
-->
that's how you do everything anything it's a test virtual box is a tool a sandbox where you test
-->
your theories chat gpt and other search engines like that ai stuff is so that you can research
-->
and learn how to do it now that's just one way i think another way is to type let me see bash
-->
bash um hold on let me up arrow twice there you go dot dot bash
-->
bash yep you type bash it'll also run the script you can do that for anything you can tell don't ask
-->
chat tell it what to do tell it what you want to do you see what i'm saying and next thing you know
-->
you are pen testing within 30 days within three months within six months with confidence right
-->
i am i am excited to go back and teach myself wire shark and do the tutorials i know where to
-->
find them all i know how to look for them on pico cts yeah and i know how to find wire shark
-->
shark.org and look up the certifications and go through their tutorials so i'm well on my way
-->
with wire chart the cali is going to take a while because of the commands easy easy but the copy and
-->
paste i get you now i get you why it's the copy and paste crisis constantly and it's because it's
-->
so easy to paste these commands i understand that yes and so but also to make sure your cali limit
-->
on your real Kali Linux you go to settings and you click on advance and make sure you have
-->
this change this able to bi-directional so you can copy and paste from the computer to your host
-->
to the um the to the Linux machine thank you that's why it doesn't work right there there you
-->
go that that this when you know when you first yes I'm sorry go ahead when you first frustration
-->
When you first install Kali or Parrot, you go to settings, you go to general, and you click on advanced.
-->
You change that immediately.
-->
You should not have to change anything else.
-->
Then you go to system.
-->
You make sure you have 49096 or better, otherwise it's not going to work.
-->
You don't really need the floppy.
-->
You can uncheck it if you want.
-->
Processor, I would do at least two, but it could be more.
-->
Acceleration, you don't have to worry about that.
-->
pin on your system display make sure it's the video memories that maxed out
-->
at 128 you can increase the monitor count if you want or leave it don't mess
-->
with that scale factor leave it at 100 otherwise gonna look really weird you
-->
don't have to worry about storage you don't have to worry about audio network
-->
you choose which network adapter to actually use you can use nat which is uh like the 10.0 series
-->
or bridge adapter which will give you an ip address from the router in your house there are
-->
a whole bunch of different resources here as a matter of fact let me give this to you this will be
-->
helpful to you now kivo okay you like this these are all of the settings the adapter settings
-->
that you can use and should be using inside of virtual box this is the complete guide virtual
-->
box network settings so that you can look at the pictures words pictures words pictures to
-->
to explain to you and show you why you want to use the appropriate adapter type
-->
you need to know that as a pen tester no i i know the i learned the adapters but you know that
-->
website right there is what we should all get before we start building vms nobody gave us
-->
that information so that alone was invaluable thank you you are so welcome i'm so frustrated
-->
this is actually really good to hear you tell me what your frustrations are so that we can get over
-->
that i want to let me tell you donna you can get over all this stuff today i just need to know what
-->
it is but the thing is though where's that thing i was uh i don't remember where i was
-->
i don't remember what man nico um the bm settings uh the that's what i was doing here we go what
-->
was it called where is it it was yeah and then from here how about this do you know how to create
-->
share folder uh no okay no we no i do not okay you you want to create a shared folder on your
-->
kali linux so that you can share a folder with your host computer that means that you can download
-->
information into onto your host computer then you can go inside your kali vm let me see where is this
-->
um cd slash media ls share folder kali linux share folder i got a few of them then i can
-->
change directory to them right i don't remember which one is the latest permission denied control
-->
a sudo that thing okay okay that must be the one that's not working but what this is is
-->
the media allows you that means i can go up hold on so a remove maybe that work that won't work
-->
let's go control a okay do it again
-->
oh i need the up arrow so a dir i think oh that's yay see i removed that first one
-->
and if I didn't know how to do it, what would I do?
-->
Look it up on Channette.
-->
There you go.
-->
You got the answer, right?
-->
You go to chat and you follow that process
-->
and you learn how to do it.
-->
You don't give up.
-->
You don't get stressed.
-->
You know what?
-->
Let the stress, the stress is what teaches us.
-->
It's what prepares us to do work in the real world.
-->
I don't know too many non-stressful people, right?
-->
Everybody has a certain ounce of stress that they produce.
-->
The end of the day is, you know what?
-->
I can deal with that.
-->
Let me tell you stress. Stress is being on an airplane, being told we're going to crash land in the ocean. You ever been through that before?
-->
I skydive once, but no. It's not a crash land. It's not a crash land.
-->
So I've been through that. That was stress. That was tears coming down my eyes type stress, right? That was, man, what could be worse than this?
-->
I'm just being told right now that I'm probably going to die in the next few minutes. That's stress.
-->
right? This stuff right here, man, I can still go to sleep at night and I know how to overcome it
-->
because I have a process to overcome all that, right? For example, I just clicked on it,
-->
but it didn't open. It's amazing. Try it again, Wes. Let's do it again. Retend, open.
-->
Unless it opened somewhere else. That's probably what it did. Let's do this. I'm trying to show
-->
you what I do to overcome every issue on the planet. It just doesn't matter. And all I got
-->
to do is get it open. By the way, your share folder is valuable because now you can share
-->
stuff in and out of your machines. All you got to do is look about the same. And then
-->
you take that and you put it and you put it in your notes and you're grand everything is easy
-->
you can do this on your parent security too follow all the steps i just told you
-->
you go learn everything you don't know what this is google it and say explain this to me like a
-->
10 year old explain this to me like a 10 year old let me do this right explain this to me like a
-->
a 10 year old uh explain this to me like a 10 year old and you read it it's so easy
-->
explain this to me you understand um these are google searches you do this with pico ctf
-->
they what's happening in your school is they see the big picture you don't probably because they
-->
didn't tell you they didn't show you if they have to show and tell you you understand what i'm saying
-->
if from your expert perspective many people are learning the network and many people are getting
-->
these comptia certifications that we discussed where do you see the shortfalls where do you
-->
what do you think students could focus on
-->
as far as the software side
-->
to become more proficient?
-->
I already know.
-->
Because everybody's learning networking.
-->
You're supposed to.
-->
Because guess what cybersecurity is?
-->
I understand.
-->
Cybersecurity is securing the network.
-->
Correct.
-->
But here's the thing.
-->
I'll tell you what happened a month ago.
-->
Now, I'm up here in Virginia.
-->
I'm right outside of Quantico Marine
-->
call bases literally right over there behind them trees um the military officials the top brass
-->
went and met with comptia you know what they told comptia they told comptia we are no longer
-->
interested in your certifications anymore you told me that but why and what's happening now so
-->
here's why should i proceed here's why because well first of all
-->
first of all that's probably going to take a couple of years but in the meantime this is the
-->
military's certification list what does it say cisco comptia comptia right basic intermediate
-->
advanced right now you still need to play the game and get comptia certified certification
-->
certification is just compliance it's just saying yes you guys in policy say i need to be certified
-->
i'm certified you understand that's one half of the problem i just need you to understand that
-->
do you understand that yes sir good now here's the other half we people hey they say we need to
-->
get certified so we can get the job true but you need to know how to do the job what do we people do
-->
They get certified and say, hey, I'm certified.
-->
And then they're not getting a job.
-->
Why?
-->
Because they didn't take the time to do what you did.
-->
You're learning how to do pen testing.
-->
Now, when you get certified, you can say, I'm certified in pen testing.
-->
And then you can do this, hopefully.
-->
And here are all the examples of my pen tests.
-->
You see the difference?
-->
If you don't get certified and not know how to do something, that's what I'm saying.
-->
right you're going to embarrass yourself the people will look at you and be like
-->
thanks but no thanks and you're going to be like well why i did what everyone said
-->
but you didn't take the time to learn how to do the work exactly that's why i'm here because i'm
-->
going to end up with comptias and not know how to pen touch just like everybody else
-->
which actually you will not because you have a document you see um donna i am not interested
-->
as an employer i am not interested in hearing you tell me that you have a pen test plus
-->
certification i am interested in okay you got a certification how many pen tests have you
-->
actually done i don't care if it's bone hubs or real life first of all you can't do it in real
-->
life. Someone's going to sign
-->
waivers. You don't want to tell
-->
an employee that you did some legal
-->
real pen test and you weren't
-->
authorized to do it. Do you
-->
understand?
-->
You want to say, hey, look at all these
-->
pen tests I've done. But here's
-->
the cool thing about my situation.
-->
These are the phone hubs I've done.
-->
But now let me tell you
-->
about the government pen tests I've done.
-->
You see what I'm saying?
-->
Let me tell you about all the people
-->
I've trained in pen testing.
-->
I got Yaya who works for, I forgot that bank name.
-->
He works for a bank.
-->
He's a pen tester.
-->
I have all these other people.
-->
I have Assad.
-->
He's a pen tester in the government.
-->
These are my ASAC fellows.
-->
These are people who I train.
-->
I train people and they get real jobs.
-->
It is a fantastic statement that I can say with confidence.
-->
Then I have all kinds of tools and techniques.
-->
And guess what?
-->
I still don't know it all.
-->
I still learn from other people.
-->
But all I need to know are the basics.
-->
I need to review the policies, see what the industry is calling for, play that game, earn
-->
one or more of these certifications, and then gain the hands-on experience.
-->
I just showed you how to do that.
-->
there is nothing you can't learn to do here go ahead i understand how did comptia respond to the
-->
dod what went down after it was announced oh they're pissed because guess what a comptia exam
-->
is a theory-based only exam
-->
what people do is they go find websites online the dumps and they try to memorize the question
-->
and they go in there and they take a stab
-->
and maybe they pass and maybe they don't.
-->
When they pass, ah, I'm certified.
-->
Let me put it on LinkedIn.
-->
And let me tell you, I got 33 certifications.
-->
So what?
-->
What makes my resume is the fact that I have done
-->
or know how to do these things.
-->
I can demonstrate at will.
-->
I can teach people how to do it.
-->
I'm trying my best to make sure you get what I
-->
I'm transferring all this stuff in this bald head to you
-->
so that you can say I can do this with confidence
-->
and I can do it in a few minutes
-->
what do I need to do?
-->
I need to take notes
-->
that's why we did the one note
-->
I'm hoping that you will continue what I show you
-->
because I have been in interviews like this
-->
and said they said so um it always comes up um can you show me examples of your work that you
-->
know technically i'll show them all these pin tests i'll show them national cyber league stuff
-->
right here's actual national cyber league stuff that you should be doing inside of the thing you
-->
see how i take screenshots of everything do you see how i have solutions for everything
-->
yes you have to do that on the job so practice now practice perfect
-->
right i teach people to practice perfect then they learn all these things ah now i know what
-->
a user agent header is okay i know why it's important right um hey do you know linux yes
-->
i pull up a linux terminal doing the interview and i'm like what would you like to see what would
-->
you'd like to see right they could even make up tell me something I've never done before hmm I've
-->
not done that before but hold on a second I come right over here I minimize this I come over here
-->
let's see no prob right let's go that and I'm here um oh rules of engagement I've done that
-->
for but anyway um explain this for pen testing for my notes approved guidelines and boundaries
-->
agreed upon by the client the pentesting team man i don't even know what to say definitely
-->
need to know the laws the laws are different state of virginia versus say the state of georgia or
-->
south carolina in your case the local state and federal pen test the federal pen testing laws are
-->
what they are hacking laws the local and state are different up here in virginia i think if you do
-->
a certain infraction you may get five years in jail you do that same thing in georgia you may get
-->
15. please find out i mean what is i mean we wouldn't do it without permission so we're not
-->
concerned i understand that but how do you know what your penalties are in your state for testing
-->
you do exactly this i know i'll look it up right now because that's interesting
-->
uh-huh so what are the pen testing let me see let me see nobody has ever even mentioned that
-->
that. South Carolina cyber crime. So I put in here in South Carolina versus Virginia,
-->
because I want to see the difference. South Carolina hacking laws, South Carolina computer
-->
crime, Matt. Here we go. Here are the key offenses. 10 years in prison, $50,000 fine. Three years of
-->
misdemeanor, $10,000 or $10,000. One year misdemeanor or $200 fine. Here's Virginia.
-->
felony. Ooh. Class six, felony. Ooh. Okay. We got a little comparison sheet. Third degree
-->
computer crime misdemeanor, computer trespass, 10 years, felony, if malicious and cold. Ooh.
-->
We have to ask questions. We now have a fascinating tool to be able to do that.
-->
we also even have google we still got books we got video um i can't believe that i try to open
-->
up a document and it didn't open this document where the brick rooms picture okay so i'm gonna
-->
go there because this is important i'm gonna show you something that i only show my fellows
-->
here we go i got it finally open i showed you this yesterday i think here's the goal
-->
confidence and proficiency. If you are not confident, why? If you are not proficient at
-->
what you do, why? It's because you are not identifying the task, the project, the problem,
-->
the opportunity. You don't know what you're trying to solve or achieve. So you're just
-->
walking out in the wilderness just ah right by the way this is um um going through the patent process
-->
i just want to let you know that because i like put in all the paperwork um to get this uh trademark
-->
and patent on my for my company but i'm showing you this because in my company we do first
-->
we learn second we teach you teach me how to do what you've done then i'm confident and you're
-->
confident notice yesterday you were teaching me the pen test that you did right it's okay even if
-->
it wasn't perfect you were still teaching me and i actually want you to teach me again you know why
-->
i need to make sure that you walk out of here saying i know what i'm doing
-->
these pieces of paper
-->
don't mean anything
-->
unless you can demonstrate.
-->
You understand?
-->
Huh?
-->
Japanese martial arts?
-->
Yeah, I may, well,
-->
actually, I just got promoted.
-->
But I was a fourth degree black belt.
-->
Now I'm a sixth degree black belt.
-->
I skipped the promotion.
-->
I am going to get that promotion
-->
in six days from now.
-->
Yay.
-->
um these are some of my real fellows they have they they dave is working andre andre was 14 years
-->
old when he worked with me five years later he's now a north carolina a.t student full ride
-->
cyber security interning with the nga and the cia that's when he was 15 he was teaching adults
-->
what I was teaching you.
-->
And then some.
-->
These are my interns that I had over the summer.
-->
Blaine and Maggie.
-->
And all I can say is
-->
they did such good work
-->
that if I actually had an opening,
-->
I would hire them.
-->
Right.
-->
Nad is a real estate agent
-->
who is tearing up Pentax.
-->
I don't care what your background is.
-->
Can you follow this process that I just showed you?
-->
You can follow the process.
-->
I mean, Zabion works for McDonald's.
-->
He's the kitchen manager.
-->
And he's killing cybersecurity.
-->
Do you understand what you need to do?
-->
Yes.
-->
You have no idea how exciting that is for me
-->
because there's not a lot of things that stress me out.
-->
If I'm pouring my heart into something for someone
-->
to hopefully change their lives
-->
and they don't get it,
-->
I feel some kind of way.
-->
I understand.
-->
I will sleep, but I'm like,
-->
I wonder if-
-->
Oh, I get it.
-->
I just didn't know how prepared I needed to come
-->
and bring all my notes.
-->
And I just didn't know.
-->
you don't know what you don't know until too late and so today it's been like a really wonderful day
-->
i've picked up a lot of things can we can you tell me what i don't know about payloads yes okay hold
-->
on i'm gonna give you something real quick it's free on youtube but this is the linux workshop
-->
that i did with a corporation called blacks insider it's very interactive um it's an interactive um
-->
uh thing that i think will benefit you um the uh the people who the the people that blacks
-->
inside want me to come back i just i'm just way too busy and i can't but it's a four-hour workshop
-->
hands-on you can do this take your time to do it i think you'll actually enjoy it
-->
that's why i said it okay you want me to show you what now will you tell me what i don't know about
-->
payloads and what i how i need to look at payloads okay differently or it's not not a
-->
huge lift i'll show i'll talk to you but i'm also going to show you some research right
-->
The very first thing we do is research.
-->
Payloads in Metasploit are a code that runs on a target system after successful exploits.
-->
So in Metasploit, that's going to establish a handshake between your TCP handshake between that particular system and yours.
-->
And once it's in, you can do whatever you want to.
-->
And then based on the different vulnerabilities on that machine, you get to select the payload to send to that machine if you have it.
-->
And which when we saw yesterday, when we did the, what was it again?
-->
Basic pen testing.
-->
When we did this yesterday, here are the different payloads, right?
-->
These are the payloads that exist within Metasploit.
-->
but some of these payloads were let me see i'm looking for it um i'm looking for the words
-->
excellent and others were not excellent because they've been remediated when you see something
-->
like excellent or very good or whatever and it's exactly what you were looking for because it was
-->
written on the nmap scan right well houston that is a clue and and all that is is okay
-->
you have to research it to find out if there's a way into any system you don't just know it oh i
-->
did this before it worked no we patch things we build them up we make them better later on in life
-->
you won't be able to use it anymore you see what i'm saying yeah got a lot of things like that
-->
exactly so three main types self-contained payloads perform one action and exit
-->
like upload this script or bash script and leave here's an example command unix generic
-->
runs a simple unix command best for quick one-time actions ping or open calc stagers
-->
small payloads that establish a connection and download a larger payload right so it's going to
-->
maybe get entry the systems may not capture anything major and it'll ignore it and then
-->
second stroke keystroke bang now we put another stage and now it's starting to get bad to get bad
-->
Use the bypass size restrictions.
-->
Menterpreter.
-->
We have pen tests for that.
-->
We can do that all day.
-->
Right?
-->
Second part.
-->
Do we need to try one of those using Menterpreter?
-->
We can.
-->
I mean, that's just it.
-->
I wanted you to finish basic pen testing two first, though, because everything is a buildup.
-->
yeah you know I don't want to get you to the point of oh my god it is but the
-->
here's a cool thing look at this right here let's see what can I get all right
-->
hold on and then it shows you how to set one up we did that and you have the
-->
screenshots you have no I don't know if you have an idea but because you have
-->
the screenshots of your work your words your work you should be able to
-->
understand that better because you did it the people in your school if they are not doing what
-->
we did they need to it's the only way to to learn this stuff do you understand yes um do you do y'all
-->
use oh do y'all do this in your school what do you do you work in a lab you said yeah we go on
-->
each class comes with the laboratory so once a week we have like 10 to 20 hours in a lab per
-->
class and so we are in this lab by ourselves and we have to figure it out and that's how it is in
-->
every single class so you don't you you can't ask anybody but chat it's all unless you're going to
-->
go on discourse and deal with your classmates and it takes forever to get an answer it's like
-->
forget it okay so i just go on chat so no we don't this is we don't do any of this but unlike the
-->
first year but the second year doesn't do it either so i get why they're doing it but they're
-->
not doing it right think about it like this um a brand new baby is born right mama and the baby
-->
are like this. Hopefully daddy is there too, right? The baby needs to be taken care of when
-->
it's born. You have to feed it, clothe it, keep the baby warm, keep the baby cool. You do burp it,
-->
make it use the bathroom, clean it up. You understand what I'm saying? The first year of
-->
your program needs to be like that or the first few months. They're not carrying you. They're
-->
pointing you in a direction and making you walk and run. Some people are gravitating to that.
-->
A lot of people are not. That's too many. After the big, and I say this because this is the
-->
analogy I tell my fellows, I'm going to carry you the first month or first few weeks. You're
-->
going to call me whenever you want to. I will take care of you. I just need to know. Also too,
-->
is this is the process we follow now um eventually i'm gonna hold your hand because you're walking
-->
now and you're looking all cute right i'm walking your hand now hold your hand now i need you to do
-->
this work like this that's what i need you to do and then eventually after some time
-->
i'm gonna let your hand go and you're on your own that process those steps and processes are not
-->
there because you're not strong enough yet. Now here's the thing, Donna, what they are doing is
-->
good, but they just shot you to the top of the, you like three years in from day one. That's what
-->
I'm hearing. They advanced you really quickly and people are frustrated and have questions and they
-->
don't know how to do it still. Now I'm showing you how to do it. I have shown you things
-->
And I just need you to say, you know what this ain't no issue. I know how to do it
-->
That's the first thing you say
-->
second thing you do
-->
You do is you Google it click on images click on videos and you start thinking
-->
Um, let me maybe I should if I want to learn wireshawk. I need to find some free tutorial find some free tutorials
-->
I need to type in chat GPT. How do you do this?
-->
give me examples step-by-step examples of how to do this you need to build a portfolio
-->
this is my um my personal cyber security portfolio here these are all the things
-->
that i've done and know how to do it's ridiculous i have them all over the place
-->
you just click on stuff here's wire shark i got all those notes right here's the ransomware build
-->
that i built i built this from scratch by the way and everybody was like here the hidden
-->
instructions right there why did you build a ransomware because i never did it and i wanted
-->
to learn how i wanted to see and understand how easy it was to actually build it where do you
-->
use your ransomware only in my virtual machine i'm not going to use it for real i call that a
-->
dumb question but you know what if you don't know anything about this thing then that's the answer
-->
do you have a cyber security portfolio of all the work you've ever done with your work in
-->
it and screenshots instead i i have it i have my work saved but i haven't built anything you started
-->
yesterday yes because on your one note you started that's what i'm trying to tell you
-->
you do because we started it yesterday all you got to do is right click on this thing go to properties
-->
and say and put in a title call it your cyber security portfolio just like i did
-->
and then you continue to build continue to make different tabs now this is advanced stuff adam
-->
silo these are actually apt that exist out there um advanced package um and not bad pets too um
-->
advanced persistent threats adam silo is an actual attacker and i have all these different
-->
things i've done what is crazy i got them um
-->
Um, I, the, the, so the irony of like my company is I help students, teachers, and, um, military intelligence gain hands-on experience so that they can feel comfortable when they get into the job day one, you know what to do.
-->
Um, they pay me and then they get hands-on experience to put on their resume.
-->
they actually work for my company it's crazy you can um link that for example here's aaron
-->
he started with me april 1st he works for my company he earned a security plus in like
-->
37 days he has all these things are things that i showed him how to do
-->
to include ncl top 10 which he was like this is so fascinating
-->
because we did it.
-->
I do it twice a year
-->
because he was like,
-->
I've never done this before.
-->
And I was like, I don't care.
-->
I need you to do this.
-->
I want to give you a process to follow.
-->
And he was crushing it.
-->
Do you see that top 10%?
-->
His very first NCL?
-->
Yeah.
-->
You can do that same thing.
-->
You just need a mentor.
-->
Look at his Google sites portfolio.
-->
Look familiar?
-->
Kind of looks a little bit like,
-->
look at all the certifications he's earned.
-->
he gets to show this to employers all these things he knows how to do where is your central
-->
repository of things that you know how to do well i'm going to be putting it together that's
-->
for sure there you go you said the right answer because the thing is that's what we all need to
-->
do i just promoted him to team lead now he's helping teach me teach a plus to some teenagers
-->
that i'm teaching for see i says yes you both work at a soft cyber makes my day he's not the
-->
only one i i have many of them on on the team let's see megan let me make megan works here too
-->
i've known megan like 17 years now 15 years jesus i know before she had the five kids she has
-->
I can go on and on. I don't want to bore you.
-->
Are you up for taking a break?
-->
Yes.
-->
Because I need to go to the restroom.
-->
Yes.
-->
Start to squirm.
-->
Yes. What time do you want to come?
-->
Yeah, tell me when you want to come back.
-->
I was about to say, I may take advantage of getting some food, so I can do like 30 minutes if you want.
-->
See you at 12.15.
-->
Okay.
-->
Or 12.16. Okay, bye-bye.
-->
I hear you now. Hello. Hello. I was going to give you this, too. I think that this would be helpful to you, probably more so than a resource I gave you yesterday and even relevant to the question that you just asked me about payloads.
-->
Okay. So, okay. We still have a boatload of, I mean, what do you want to do right now? We have a lot of different things relative to the intermediate pen test that we need to discuss, but I don't know what, I mean, I'm trying, I'm following the list. I just don't know what you want me to do.
-->
i wouldn't mind doing another pen test and um okay maybe looking yeah just uh i mean we don't
-->
have to go all day i wouldn't mind doing another pen test and then you know pretty much it because
-->
we can leave we can leave anytime we can leave anytime you want to you just tell me
-->
i just mean yeah i don't i'm kind of out of questions i mean there's just so much i don't
-->
know i don't even know what to ask so i don't know what to tell you i mean i just so much i
-->
don't know that you could basically tell me anything it's like what i want to hear about
-->
is the network and cali and all the software and i mean i can i can hit all those but i mean yeah
-->
i mean let me tell you this have to keep doing it over and over again like you said that's it
-->
and networks are secret um in other words it's like whatever goes in your house is secret and
-->
not everybody knows and no one should know how you establish and create your network to for the people
-->
inside of their community to work is one thing and that's all the secret the thing is though you have
-->
people coming uh let me show you this or this thing let me show and tell and um i'm gonna need
-->
you to share your screen as well but let me share mine first and then i'll show you this i want to
-->
hopefully you will you will get this because i have one image that tells it all and i already
-->
know you know what it is because you mentioned it yesterday okay so this is the defense and death fan
-->
right these are mission critical assets for every organization a company or even a personal
-->
organization right you can even drill it down to say a cell phone so within these mission critical
-->
assets exist social security numbers dates of birth um private health information
-->
um intellectual property you know like like kfc's secret recipe or uh uh secrets that the
-->
government may have and we don't ever want unauthorized people to get to that you understand
-->
yes now if somebody can hack into your home computer what will i get you don't have to
-->
answer i can already tell you i'm going to get your social security number your date of birth
-->
your credit card numbers. I'm going to emulate you. I'm going to cause you a bad day. I may find
-->
any and everything that I can use against you. I already know how to create a ransomware. I showed
-->
you I did it in an hour and 15 minutes. All I got to do is execute it and hold your stuff hostage.
-->
You decide whether you pay it or not. So this is something that's personal. If we work for the
-->
same organization and someone hacked into that organization, they got our stuff. We're both mad.
-->
so now what does that take this defense in depth is something that you've seen before
-->
but there's prevention or policy management before you can even you're going to work on
-->
my network before you can even touch my network you i'm going to have you um
-->
review the acceptable use policy of the things that you can and cannot do on my network
-->
For example, I need you to come here and work, not open up Apple Music on your computer and slow down my bandwidth so other people can't work proficiently.
-->
Not go to gambling sites or pornographic sites, you know, stuff like that that you should not be doing.
-->
You're there to work. There are other policies, cyber threat intelligence, security policies and compliance, risk management, security awareness in the training,
-->
penetration testing, vulnerability assessment. Because as a pen tester, you may be doing
-->
vulnerability management and assessments more so than actual pen testing. Those are different
-->
roles. You can do the job and you can say, hey, okay, these are things that you need to do to
-->
protect your organization. So that's the policy section. If it's not in writing, that means that
-->
anybody who gets in the network even bad guys can do anything they want and there's nothing to govern
-->
um them and hold them accountable on the right side is operations which is monitoring and response
-->
i asked the question yesterday do you have a sock in your house do you have a sim installed in your
-->
home most people don't so at hsock cyber that's what i show people how to do so that they can
-->
monitor everything that goes on inside the house just in case there is an external threat
-->
or an internal threat which could be even just clicking on the wrong site because they don't
-->
know any better not like they didn't want to do anything malicious with that there's also data
-->
security what are you doing to secure your data from being exfiltrated outside the organization
-->
are you using data loss prevention dlp do you have encryption you know they're going to steal
-->
the data but at least if they steal the data all they'll see is gobbledygook like we saw in wireshark
-->
you know just trying to bring everything we did what how do we classify that data
-->
hey that's credit card data that's personal data that's phi you know um their data wiping
-->
okay they stole a whole computer you know what i can remotely wipe it so they'll get nothing
-->
application security you can google search this or chat gpt but most of the apps on the app store
-->
are insecure and have bugs all throughout something like 85 88 something like that
-->
when i did it a couple of weeks ago these applications are on our phones they're on
-->
our computers how do you think nsa and china and russia are getting into our computers
-->
they don't have to come physically go ahead and do the um do the tom cruise and uh in that movie
-->
uh mission impossible right when he came out the ceiling nobody nobody wants to get caught
-->
But all you got to do is find the vulnerabilities in the applications, and we download them
-->
all day, which is why we need to do vulnerability assessments and scans and penetration testing
-->
routinely, usually at least a year for pen tests, but vulnerability scans take me every
-->
week.
-->
The frequency on the job is we did it every week.
-->
I presented it every week, man, we did this, we did this, we found nothing.
-->
these applications are vulnerable. You have people inside the organizations going on apps
-->
and putting their social security numbers in and they're on the government network. The government
-->
has tools that will be able to catch and stop that, such as this DLP, database monitoring and scanning,
-->
endpoint security, patch management, configuration compliance. We have all these different tools or
-->
everybody has a computer or maybe even a cell phone. What are we doing to monitor or to secure
-->
their cell phone for them? Because we don't trust them to do it. Even if we trust them to do it,
-->
we're going to do it anyway. Network security. Okay. That's what cybersecurity is, securing
-->
the network and all of its operations, internal and external. Whatever you're doing on my network
-->
And with my devices, I need to make sure that the appropriate people are being allowed in and out, the appropriate information is being allowed in or out, which is why we have firewalls, right?
-->
Firewall is like, hey, if you're on the list, you can come in.
-->
If you're not on the list, you can't come in, right?
-->
And we have different types of firewalls for different functions.
-->
To back up firewalls, we have intrusion detection and intrusion prevention systems, right?
-->
If an intruder is coming in and we have their signature, we need to be alerted in the operations section so that we can respond and we're going to look at the policy.
-->
Then we're going to contact the people with a tool and say, hey, firewall people, you need to block this IP address.
-->
You see how that works all in tandem?
-->
Perimeter security.
-->
Obviously, that's the equivalent of say, okay, Donna, you can come to my house and I'm going
-->
to actually give you a key. You can use the key to my house for the time you're here.
-->
You can come in and out at will. I don't care, 24-7. Whereas if someone else comes into my
-->
organization, they don't have a key and they're entering my space, I better be catching them.
-->
Operations need to catch them.
-->
Physical security needs to catch them.
-->
The firewall needs to catch them if they're doing something technically, right?
-->
From someone outside the organization trying to get in.
-->
Secure DMZs.
-->
Applications, because you can always get into an organization through an application.
-->
They submit.
-->
Do you see what I'm saying?
-->
Physical security honeypots.
-->
This is how all this works.
-->
And then guess what?
-->
Every organization is in the cloud today.
-->
right public cloud such as amazon because they have a dmz where they sell stuff and people go
-->
there and look at stuff and hopefully they're not manipulating anything but they're not getting into
-->
the organization deep but if they learn how to bypass it they find the right ip they can get
-->
through the public cloud into the organization private cloud same thing we have private clouds
-->
People should not be getting those IP addresses, but somehow, someway, they got into the Amazon
-->
public server, and they found a way into the organization.
-->
This is a snapshot, and it is a hell of a discussion that we can literally do all this
-->
stuff in our virtual machines, in our home networks.
-->
How can you protect an organization if you don't know how to protect yourself?
-->
So what you do is you build everything here inside your house.
-->
That's what I do at H-Stop.
-->
And then you take notes.
-->
And then from there, you will apply for jobs.
-->
You will research everything.
-->
You'll take all these notes.
-->
And then you will go forth and forth.
-->
Comments, questions?
-->
um well i'm probably not going to apply for a job i'm probably going to open a company as a
-->
consultant nice i like it but you know i uh it's really tricky to have a small digital footprint
-->
but the world requires you to be a rock star and hang yourself out on a shingle and publish all
-->
your nonsense not like yours is nonsense i'm not saying that most people publish nonsense they do
-->
and i don't publish anything and so i get chastised all the time but i don't want to
-->
and so i have to work around the whole linkedin and i already have a company it doesn't matter
-->
that i don't know content yet because i'm in this program for two more years and i'm
-->
going to figure it out because i have two years to do it and i have all the resources around me
-->
i have a mentor that was supposed to contact you i don't know if he did and it doesn't really
-->
matter but he will take me down the rabbit hole but he has like downloaded so much information
-->
upon me that i mean even though i look like a nitwit i do have a 4.0 so my brain works way
-->
differently like i am the person that just leave me alone give me my computer and i will show you
-->
how i get there but i have a i mean i don't have a choice because this is how we're set up in this
-->
program so i just um appreciate your dialogue and your different type of teaching because i can
-->
see how the shortfall that i have in the learning gap between the different types of teaching and so
-->
i'm gonna work on that and um i'm definitely getting a bigger monitor but next time my boot
-->
camp it'll be in the cyber lab so i don't have any of these problems so anyway i the information
-->
now you know what questions do i have just back to the same stuff it all goes like round and round
-->
the mulberry bush until it doesn't so i mean i'm good it's just that i have never done anything in
-->
my life like everybody else not because i don't want to it's because my life is as such that
-->
i keep getting shot out of the cannon in so many different ways
-->
that i'm gonna land and this time when i land it's gonna be differently okay so i am going back
-->
to the woodshed with cali lennox and next time i know how to prepare for a boot camp um it's just
-->
that. Yeah, it was just
-->
some bad timing.
-->
So, anyway,
-->
I would
-->
love to see another pen test or
-->
just run through the one that we did.
-->
I reviewed the notes.
-->
I understand that I have all
-->
the information I need
-->
at this point.
-->
Okay, so then
-->
it's not everything.
-->
It's...
-->
Well, pen test. To do a basic
-->
pen test. A basic pen test, yes.
-->
and um you can um okay so i'm gonna give you a choice you can either do it in front of me
-->
or you can tell me what to do and explain it and i can fill in the gaps and then um if you want
-->
that basic pen test too should be uploaded on your machine you can try that one too but i will tell
-->
you it's uh it's harder than the first one so you put it on chat no i copied it no no you um
-->
you downloaded basic pen test to onto your machine right here yeah yeah so
-->
okay so I'm gonna give you the choice basic pen test 2 or you can do basic
-->
pen test 1 and just do it and let me watch you or you can tell me what to do
-->
and then I can do it and I want to fill in the gaps wherever I can since you
-->
have your screen up already okay I'm gonna do that I'm in the desktop
-->
you ready yes i am okay i want to crack open my virtual box all right and i'm am i doing basic
-->
pen test one or two oh two one excuse me never mind basic pen test one okay here we go the
-->
confidence um i yeah i'm glad that you um i thank you for all of your comments i did have some
-->
comments to a few things, but feel free to always keep in touch with me. You got my cell phone
-->
number. You have access to Noble Prog. Do what you know is best to do. The bottom line is,
-->
I mean, I won't lie to you. Have you heard the University of Maryland Global Campus?
-->
No. No? Well, University of Maryland Global Campus has almost 200,000 students,
-->
And I just partnered with them, my company, to show them how to do cyber better and differently.
-->
Also, Prince William County, Virginia schools, I just partnered with them a month ago.
-->
I'm teaching kids how to do this stuff.
-->
I'm partnered with the Wish Center.
-->
I'm partnered with, I have like 15, 16 different partners.
-->
so you know my main professor in the cyber lab professor angela kern i do not okay she's in the
-->
cyber lab a lot i mean that's what i was she's a coach but anyway um kern yeah k-e-r-n she set up
-->
the cyber program in south carolina she's from penn state okay i don't see her but what's really
-->
cool is that I was the very same way as you. I was not a social person online per se. But
-->
in the end of the day, I was told that I would not get a really good job opportunity if I
-->
didn't have a LinkedIn profile. And in the end of the day, that was 2015. And I will
-->
tell you. Since 2015, the very first job I got was on LinkedIn and I made $40,000 extra that year
-->
in 2015 because I got on LinkedIn. And every job I've had since then was someone finding me on
-->
LinkedIn and offering me a job to include Noble Pro. I have not applied for a job of my own.
-->
It's crazy. I call that a blessing. Okay. Let's come back to here because I didn't see what I
-->
need to you tell me I just um I have my Kali Linux machine running I have my um and the terminal
-->
open I'm ready to go okay so in lowercase well first of all you're gonna do in lowercase if
-->
config enter
-->
okay
-->
and then you're going to go to ethos
-->
and find your IP address
-->
there it is
-->
okay
-->
so then we're going back to
-->
Cali
-->
and we're going to write
-->
IP
-->
and then the address enter
-->
space yes
-->
address enter
-->
so of course you don't have to do both but you can do one
-->
but ip address is the the one that's colorful i have config is the older one okay okay
-->
okay you got it and by the way i tried to show you at least two different commands
-->
just because um oh i'm gonna show you this just because we're there you see what i wrote
-->
i wrote what are the alternatives to ifconfig and look at what we're learning these are all things
-->
you can put in your notes and actually try okay okay i'm gonna i'm gonna do that from time to time
-->
but what's next so now you're gonna type in ip in lowercase space and the address you just found
-->
okay you take ip space address you want me to say what it is okay uh 10 yeah that's you got it
-->
but i'll say it next time okay so you're gonna write ip space and 10.1.0.3.15 and enter
-->
you're going to write ip space 10.0.3.15 just tell me so now before you just tell me the command
-->
before that is what we're doing in your notes so what are we trying to do once we identify the ip
-->
address of the attacker machine we move on to the next step yeah we're trying to find out the um
-->
our ip address so find my ip would be ip space a so we did that ip address right i we now have
-->
the ad the ip address of the cali linux machine the attack machine now what are we trying to do
-->
We're going to enter IP space A-V-V-R.
-->
Okay.
-->
No, we don't have to do that.
-->
Those are options because, look.
-->
Those three are the same thing.
-->
Okay.
-->
Because they're all the same, right?
-->
Ooh.
-->
Yeah.
-->
Okay.
-->
So now we're going to do NetDiscover.
-->
We're going to write in lowercase pseudo space NetDiscover, one word,
-->
lower k okay but what are we doing but what are we doing we're scanning the network we are looking
-->
for vulnerabilities we're finding the target ip okay so hold on finding the target ip there you
-->
go we're finding the ip address for the target machine not scanning for vulnerabilities
-->
okay now i'm going to right click this and split this terminal between left and right make this
-->
bigger control shift plus plus plus control shift plus plus plus plus plus are there any alternative
-->
commands you want me to type at the same time well do you want alternatives we can do an alternative
-->
show me an alternative that you have when you know an alternative is the pseudo command lowercase okay
-->
space arp dash scan space tack lowercase l enter right now why do we use that command
-->
because that is uh scanning the network um
-->
looking for that ip address of the target machine but do you remember what we talked
-->
about yesterday which one is more thorough and which one is faster the second one is more thorough
-->
which is the second one be specific the the second one we did with the arp dash scan
-->
is lowercase l is more has more information no it's faster faster you write it down because look
-->
it's done see how fast it did it as soon as i did it it just popped right up but when we did this
-->
look at this one the net discover is still running it's literally going through all of the different
-->
um domains much slower much more thorough okay you don't have to discover much thorough more
-->
correct now i want to show you this too i'm going to man net discover so you can see this is active
-->
or passive address resolution reconnaissance tool there are a bunch of different
-->
switches the device the range the file if you have it and i need you to know how to
-->
look up look it all up so we have filters times we have counts nodes right enable fast mode scan
-->
with the dash f function and i want you to be able to always look up the man for that and also
-->
the other one i taught you manual i don't think tldr is located installed in here let me see if i
-->
can install it install teal deer which means too long don't read remember i told you that
-->
and look at that i'm installing it and you need to know how to install things just in case you
-->
can't find something or if you need to know how something works see how that works now it wants me
-->
the you see the red tldr tag tag update i need to update this so that it can actually work
-->
we have to read yes the output and we see how that's written scan the ip range on the network
-->
on the interface network interface and it's showing you a bunch of different options
-->
You can also do, let's see, NetDiscover TACH, and that'll do the same thing.
-->
Okay, hold on.
-->
One more.
-->
TACH help.
-->
If I type out TACH help, it does the same thing as TACH.
-->
Okay, so TACH is a shortened version for TACH help.
-->
Okay, so I'm going to pull up this NetDiscover command we did,
-->
and i got it right there and this appears to be the attack machine's ip address because i can tell
-->
from the mac address which we can find inside of the virtual machine okay and this one is still
-->
running you see that right there it's slower it's more thorough this one is fast and it's usually
-->
very thorough it's just fast my students don't even use net discover anymore well look at this
-->
right here. What are the alternatives to net discover in Linux? Great question. ARP scan
-->
in map, ping scan or ARP scan, fping, high speed ping scanner, IP neighbor plus ping suite.
-->
mass scan right see how that works and all right i've used all of them that's how you learn all of
-->
them you just gotta try it mass scan is great for large organizations and there are more
-->
there are more okay okay we got that what's next so what's next is that uh
-->
we have identified the target yes now we verify connectivity okay with the ping
-->
in lower case we type ping space and the ip address is the target which was one zero point
-->
zero point three point one six enter got it doing it okay it's running it's pinging now what
-->
connectivity now so you just hit ctrl c or q depending on what works because if we don't
-->
it'll ping forever it'll ping forever okay what's an alternative to that an alternative
-->
is um doing an f ping which is just paying in lower case space and the ip address
-->
and it just shows that it's alive fantastic look at you look at this right here what alternatives
-->
are there to ping.
-->
We did the fping, multi-host and fast ping.
-->
That's what fping means.
-->
Fast ping.
-->
Right?
-->
HPing 3.
-->
Wow.
-->
Nping.
-->
I've only used ping ever, so that's interesting.
-->
What are alternatives?
-->
Ping 6.
-->
Trace path, trace route for diagnostics.
-->
for ARP, ARP ping.
-->
Here's a summary table.
-->
And then all we got to do
-->
is come back to the terminal
-->
and try it.
-->
Okay, I probably need to install that, right?
-->
Make sure I did it right.
-->
HPing 3, excuse me.
-->
Let's hit the up arrow.
-->
I still probably need to install it.
-->
Don't. It's there.
-->
open sock raw operation not permitted so let's try this and if you run into those problems
-->
you will copy that and put it in chat gpt and say hey this is what i ran into it looks like
-->
it's ping flooding what's happening oh wow that's great advice yeah um perfect i have to do a
-->
Control-C, right?
-->
Yeah.
-->
Control-C.
-->
Yes.
-->
Now we're going to scan the network.
-->
All right.
-->
We're going to scan the network.
-->
On the left side, should I stop this or what?
-->
I would stop it.
-->
I would hit Q.
-->
I did Control-C.
-->
Okay.
-->
Okay.
-->
We got it.
-->
What's next?
-->
Now we're going to use NMAP in lowercase N-M-A-P.
-->
Okay.
-->
the target IP, which is
-->
10.3
-->
I got it. I did it.
-->
TAC, capital A. There you go.
-->
Oh, you want the capital A? Yeah, let's do the
-->
advanced one. You can also feel free to tell
-->
me other things you want to try that you've never tried. There's a whole bunch on the cheat sheet, right?
-->
I know.
-->
This is what you do.
-->
You try them.
-->
And we also looked at, let me go to my chat.
-->
What was the question?
-->
Alternatives to ping, alternatives to net discover.
-->
So did we look up?
-->
I don't know if we did.
-->
So what are the alternatives to Nmap?
-->
All right.
-->
So now if you want to do speed or stealth or web app focus or automation,
-->
This is what we need to do. Here's mass scan, the fastest port scanner. Then you go right there.
-->
This is ZMAP. Here's unicorn scan, asynchronous and stealthy scanner, passive style port scanning
-->
for stealth you don't want to get caught right ruscan amass shodan clean auto recon
-->
you see how that works hold on let me go back up which one you want to try jordan
-->
hold on shodan shodan now shodan is specific that may be the one shodan search apache this is for
-->
For interconnected devices, fine-exposed devices showed us API.
-->
So now that's actually one that we can't use.
-->
But that's the one we can't because that's going to be like Internet of Things.
-->
See IoT?
-->
If we were looking for the Internet, like a smart refrigerator or something,
-->
then we'd use that.
-->
Can we go back to Cali and use a different NMAT scan?
-->
Like, can you show me like a more intensive scan to, well,
-->
Well, in our example, we have three open ports, and one was the back door.
-->
So this dash A is definitely more intensive than the first one because you see the data.
-->
So now this is what you would do, right?
-->
I'm just going to talk.
-->
My cheat sheet says that on the particular example that we're using, those three open ports,
-->
there's a command i can use to scan those ports even further would i want to do that the one that
-->
says excellent in the bookstore would i want to use a particular advanced uh port scan on that
-->
or you know it's open and it's a back door and i don't need to hold on hold on are we going off of
-->
the nmap scan or are you ahead of me yeah no no it's off this asset off of the nmap scan that
-->
we did we have three open ports the one that you're pointing to and the two other ones so
-->
is there is there a reason to use an advanced port scan on those three open ports so um
-->
well you're scanning and we know that they're open there's no reason to scan them further
-->
meaning i wanted to try to do like port specification scans you can so you can do a
-->
you can scan one particular port is that what you're talking about yes so now scan the port
-->
that's the back door that's open and see what else it says maybe so now how do you do that so what
-->
What I would do is, I would tack P to switch, to switch, oh, I don't know.
-->
Well, that's, forget that.
-->
So, like, tack P is telling that I'm going to scan a port, so that's the wrong, that's
-->
the wrong command.
-->
so what i want to do is put nmap like we had and the target ip address that you have and then i
-->
want to do tac p and the port 21 that is showing like that um i think i would take the capital a
-->
out and just back all that up uh so yeah let's start a space and then what does that tell me
-->
doesn't tell you anything more correct but it tells you the same yes and you just specified a
-->
particular port instead of all ports or the first 1 000 ports or the first 1 000 which is
-->
yeah so you can do whatever you want that's what that cheat sheet is you go off of the reasoning
-->
or the description and then you say let me try that there's really if you were to do this
-->
to get more information you'll probably do better if you did attack a and some other um thing for
-->
that particular one port and that's going to give you more information see all that and that's the
-->
same as doing attack a for the first 1000 ports you just focused it on one port really not
-->
necessary in other words you just do it for all the ports or a certain section so then my question
-->
to you is if you were scanning this network is there any other type of scan that you would include
-->
maybe it really is on my cheat sheet see that's just it it depends but look what i did
-->
what registers what like i already i literally what registers is keep it keep it simple
-->
right so you do that first hold on do that first see what it tells you that's it
-->
then from there yes maybe you can do that um i would not have done that
-->
would not have done that but look at what i did do you see what i wrote right because that's the
-->
question more intensive detail mf scan look at this you need to know what all these switches mean
-->
right so i'm going to copy it yeah can we try the o we're going to try all of it
-->
oh good i'm trying i'm trying all of it so remote os detection using tcpip stacking stack
-->
fingerprinting so you're looking for a handshake yeah this is gonna this is
-->
gonna be a serious pen test so that's just it you may not want to go too deep
-->
too fast because you don't want to get caught in map will catch you so if
-->
you're using a map how do you protect yourself a VPN is not gonna do it
-->
you're in a virtual machine a VPN a VPN will help tremendously what you do is
-->
you scan sections instead of scan the whole 65 000 points or the first 1000 you may want to
-->
scan the first 50 to 100 and you're going to scan accordingly because you don't want to get caught
-->
by the tools but based on this script you you look up what's the dash a in on the cheat sheet
-->
you look up with the dash t4 the tag p tag which is all 65 000 see the dash sv the dash sc the dash
-->
over pn you have to look that up the dash on there's a full scan block so if i come down here
-->
and i type ls there's the full scan report right there because of this particular switch
-->
don't make it hard look at the cheat sheet see what it says and then go oh let me try that and
-->
then that's what it's going to do you know how would i do this i would just take my time
-->
I'm going to get what I need.
-->
In reality, I'm probably going to test.
-->
Hold on.
-->
Let me scroll up.
-->
I'm probably going to test all of these ports.
-->
And that's what we did.
-->
Yesterday, we went to port 80.
-->
We didn't try to log in, but we did try FTP.
-->
At the end of the day, we found a backdoor through the FTP.
-->
i didn't need to do anything else further i got inside the machine i own the machine
-->
that was all i need to do is get root got it once i accomplish root there's nothing else for me to
-->
do okay okay all right um but look at here that was the nmap scan look at these others
-->
The showdown can be done for like.
-->
Internet of things.
-->
Internet of things.
-->
Yeah, to scan a network and find everything connected to it.
-->
Well, let's try another one so you can see what the output is.
-->
Which one do you want to try?
-->
You can ask.
-->
No, let's do unicorn scan because that's stealthier.
-->
Copy.
-->
All right.
-->
You probably have it loaded already.
-->
Uh, oh my virtual machine. Yes, but not here
-->
Well, it looks like it's here already look at that now. Let me change the IP
-->
right
-->
Oh, wow
-->
It says total host block
-->
Total package should take a little longer than one hour
-->
15 hours 30 minutes and 32 minutes and 11 seconds
-->
You want to scan?
-->
Takes a long time
-->
well it's not very stealthy if it takes you 15
-->
quarters no
-->
that means that it is stealthy
-->
because it's going to take a long time
-->
stealthy is not fast
-->
like 30 hours
-->
so that's just it I don't know
-->
but here's the thing
-->
stealthy means that you're peeking around
-->
every corner so you don't get caught
-->
that takes a long time
-->
that's why it takes so long
-->
right
-->
NMAP is like this
-->
it doesn't care but but that's how you know is you try it and you go i don't have
-->
um 15 hours so i'm gonna do ctrl c we stop that you want to try one more okay which one um six
-->
on rust scan okay rust scan scan for super fast and hand off to nmap okay oh would you want to
-->
use that in cahoots with nmap so you're super speedy see that depends the short answer that
-->
is probably no because you don't want to get caught right but if you're you're doing a white
-->
box pin test doesn't matter nobody got it so what i find super frustrating is that nobody tells you
-->
things that don't work together like when you're doing your vms you don't want to put
-->
bit defender when you're you know when you're virtualizing your system which means you will
-->
learn from a school of hard knocks and no one knows because they don't do this all the time
-->
nobody knows to tell you that's the thing so i know a lot of things but i don't know everything
-->
i also know things that some of my pen testers don't know they also know a few things that i
-->
don't know so we share information and then we actually do it and we try and look at that right
-->
there look at that rust scan installed wow it's a snap popped up the three open
-->
forks right off the bat boom right perfect right then what you would have
-->
to do is you have to look it up and see scan the top 1,000 forks for service
-->
old s detection this is the format right here rust scan tag tag top tag a
-->
for addresses and then you got to put the address in there so you look up here that's what we did
-->
right there um what i'm trying to show you is that stop thinking that everybody knows because
-->
they don't what they do i only have to use that map because there's so many other tools got it
-->
stuck on my tool exactly and you know learn how to you learn how to research better differently
-->
because in the end of the day, you would need to find the right tool.
-->
And now look at all this stuff that's popping up.
-->
And this still isn't everything.
-->
I have stuff on here.
-->
I can prove it to you, but take too long.
-->
Okay, now did that.
-->
Now what's next?
-->
so now so now we are going to uh blow through that open port port collins metasploit and we're
-->
going to search exploit in lower case one word and then enter and enter that backdoor port
-->
The capital space, capital P, R-O, yeah, you got it.
-->
Right.
-->
You can also look this up with Google.
-->
Copy.
-->
Come here.
-->
And then you get the whole detail for the CVE.
-->
You got the whole Rapid7 backdoor, 2010.
-->
See?
-->
Right?
-->
Look, here's an NSE script.
-->
We haven't done that yet.
-->
See that right there?
-->
Yes.
-->
Copy.
-->
Paste.
-->
I'm not sure if I need that.
-->
These dashes.
-->
This installation has been backdoored.
-->
Right?
-->
It's just cool how you can just look this stuff up and do it.
-->
Hackers don't have a manual.
-->
they just google search and go to the dark web and do it have you ever been to the dark web by the
-->
way no it's really can i go there yes you can legally just that when you go there don't buy
-->
any uh nuclear triggers don't buy any drugs don't buy assassins i have um neutralized um
-->
ubuntu and put the tor on it but and then i have a vpn but my uh mentor who's the navy tier one
-->
research guy says don't do it and i'm not taking you there so i'm like oh my god they make
-->
everything like so untouchable like i feel like i'm gonna be punished so that's what i need to get
-->
over it's not illegal to go there i'm a law enforcement officer who trains the military right
-->
um hold on the only thing is you can go there just don't do anything yeah and so the tech guys that
-->
i've talked to are all afraid of it they're like don't go there this is what happened to me and i'm
-->
like stop it i wouldn't make it i'm just waiting to get more proficient before i mess around
-->
so i just showed you how it came right up just this right there you do that you can do it right
-->
here inside your language browser always verify and um i literally showed my students how to do
-->
this on the military base and then i was showing them how you could buy assassins i was showing
-->
them how you could buy nuclear triggers and drugs and then and i was like now if you go here later
-->
on your own and you do something crazy don't do it law enforcement and the military and intelligence
-->
they track it they can see doesn't matter how many vp they'll just track the first vpn and
-->
last vpn they'll get you there are ways to to socially to backdoor anything that's all i'm
-->
saying but look here if i can look that up in chat gpt and it gives me this don't do it
-->
is a little bit od to me i know that's the thing i've already done it i just don't go there because
-->
you know i don't need any more trouble and you would not buy anything
-->
no of course not it's crazy see this accessing the dark web is not illegal in most countries
-->
but many of the hosts hosted on it are illegal you understand that as a cyber professor use it
-->
only for research education and monitoring threats so now i don't know i mean i i did not
-->
i just told you how to do it and i've done it myself and i have no problem going there now
-->
that's how easy it is okay let's come back okay don't do it sorry that's kind of funny
-->
there's so much mythology going around it's weird so whenever someone tells you mythology or truth
-->
search for it instantly that's it that's the lesson okay so we tried a few different in match
-->
scripts right this was one of the things too you had to do and um hold on i don't need this
-->
Anymore don't need that don't need this I gave you that and it was a
-->
NSE
-->
Yes, vulnerability analysis uses in map NSE, which we just did one
-->
Nick though Nick though is also something that you could do here. See Nick though
-->
Tag H 10.0.0 that three that one six. I don't know if that's right
-->
I think I have to put eight it is right and what that will do is it's gonna scan the IP address for vulnerabilities even further
-->
Look at this see what it says slash secret. This might be interesting right here
-->
So what you would do is you'd open up here
-->
Go to your Firefox
-->
Type in an IP which remember you supposed to do that earlier myself yourself
-->
we got that then we put the slash secret and it takes us to a blog page it says wordpress
-->
then we would have to consider what we would do for that you know maybe you would do a
-->
search for that a vulnerability scan for that nothing tested or you just got to make sure you
-->
read all this stuff because the bottom line is there could be something in here start from the
-->
top nick though what is nick though right let's see uh tldr nick though all right web server
-->
scanner which performs against web servers for multiple items see how this works and then what's
-->
cool is um show me how to use nikto with this ip 10.0.3.16 step-by-step guide
-->
oh there we go 10 000 there you go right there that's the http yeah oh they did it differently
-->
you can do both scan a port so this is how this works so let me see this is the copy i don't think
-->
it's going to be different because i like literally did it but let's do it anyway paste
-->
enter yep same information patchy ubuntu the mf scan kind of gave you all the information anyway
-->
you can search for all directors with the use taxi all secret might be interesting
-->
Right and then when you go to that URL, you need to go through everything here
-->
maybe there's a
-->
username or something
-->
maybe there's a
-->
This that you can right-click and go to
-->
View the page source
-->
Wow, there's a whole lot of information in it. I can't see
-->
Right
-->
There's information in here that you have to read through it all or put it through some sort of a
-->
Tool to read it for you. You can leave it once you learn as a wordpress scan. You may even want to do this
-->
Show me how to use word press scan or WP scan and Kali Linux
-->
against
-->
zero three god sixteen everything absolutely wpscan we got it here it is
-->
that's here's one you can try curl you can curl it or download the content to your local computer
-->
here's a basic run so i'm gonna try both of these really quickly because remember we are testing
-->
Everything
-->
Oh wow script
-->
Okay, let me hit the up arrow because what I did not do
-->
Let's try this
-->
Slash secret
-->
It's a different URL
-->
Okay, that's fine. I'm come back over here and get this WP scan
-->
copy
-->
Come back here
-->
right click and I want to paste secret because we know that one right there was a wordpress
-->
scan now it's going to open up WP scan and it's going to give you more data remember you can use
-->
us in map or a different type of scan every all through this whole thing anyway anytime you just
-->
want to understand something and what it does is invaluable that's amazing I actually chatted
-->
of that i couldn't figure out like it's cali but you use all this other stuff on cali and i'm like
-->
well why is that so i had to chat that but anyway well here's the goal i'll make it even easier for
-->
you you come here look at all the reconnaissance tools learn how to use them all learn how to use
-->
all of them here's a resource development tool learn how to use all of them so and you go in
-->
reconnaissance and you see these list of comprehensive tools it's really simple web scanning
-->
vulnerability scanning in map zen map right web scanning you just learn how to use them
-->
so let me see zen map oh it's it's there 10.0.3.16 error uploading the file okay
-->
Okay, here it is right there, 10.0.3.16, right?
-->
Now, there are other types of scans, and 10 scan, it's a whole lot of stuff right here.
-->
You just choose one, right?
-->
Here is the command, the TAC T4-A-B for verbose, but I can just scan it.
-->
it'll give you the same results as you will get when you're running it through Kali.
-->
But now, there's pretty pictures and stuff like that.
-->
They highlight.
-->
It kind of stands out a little bit better than Kali.
-->
And then you can add whatever.
-->
You can even look at the topology so you can see the drawing and how stuff works,
-->
the different posts, ports, and the hosts.
-->
the host details, the different scans that were done in map output, right? If I want to add stuff
-->
to it, I want to put the slash secret. Some people like using this because it's a GUI
-->
and it gives a little bit of color. It highlights a few things and it may give you more information.
-->
It may give you less. Whatever the case is, you're testing defenses where you're throwing every tool
-->
you know how to throw at it pen testing today is much easier because of chat gpt right look
-->
brute force login if permitted so you can actually log in to the w and you can actually
-->
hack your way all the way into it if you knew the admin if you knew the passwords on rocku.txt
-->
if it were permitted this is what makes pen testing really fun really cool and then you can
-->
scan, you can
-->
print this, all a bunch of different
-->
tools, create a profile,
-->
you can review it again.
-->
I'm just going to quit this for now.
-->
Unsaved
-->
thing, close anyway.
-->
And you can do that on any
-->
system. Okay.
-->
What's next?
-->
That's way better.
-->
Like the dots connected.
-->
Yay!
-->
What's next? Console.
-->
msf console mss console enter
-->
right by the way on this right side i'm going to right click this right
-->
and i'm going to close the sub terminal just so things can look a little bit bigger bigger
-->
now that's my msf console look at how many exploits there are yeah a lot a lot of auxiliaries
-->
post 432
-->
Will you explain that?
-->
Sure. Look at how many exploits there are.
-->
There are a lot of auxiliaries.
-->
What does that mean?
-->
Auxiliary exploits.
-->
Other things you can do. There's post-exploitation
-->
stuff right here, right? So here we go. Look. Let's do this too.
-->
Rinse cream.
-->
Let's get it.
-->
Because we always, even if I explain it perfectly, explain this to me.
-->
And that's just a portion of it.
-->
I'm presuming it's going to know it's a meta-sploit, and it does.
-->
It's the startup banner, right?
-->
Which gives you a different picture every time you open it up.
-->
It's telling you to break down, right?
-->
Mobile counts.
-->
Look at how many exploits.
-->
Ready to use the tax scripts.
-->
Okay?
-->
what that one then you have non-exploit modules scanners fuzzers and sniffers nice
-->
post exploitation modules after you gain access
-->
okay different payloads codes that run after the ex after that after the tar
-->
on the target after exploiting it 49 encoders knob generators used in buffer overflow attacks
-->
evasion attacks help you evade these different um the software the edr is the endpoint detection
-->
recovery response tools or the firewalls this is a newer feature in metasploit version 6 plus
-->
there's a documentation and because i do this for my fellows all the time it keeps telling me what
-->
to teach my fellow i've trained my chat gpt to be a my assistant because i get
-->
questions like this all the time and i show them that i already showed you how to solve that
-->
find the answer to that question and then uh so i tell them i'm i politely have them show me what
-->
to do or i make them do it while i'm watching and then i'm saying there's your answer well
-->
the reason why you have to do that is because in the workplace the boss is not there to help you
-->
right what do i do next so now we're gonna uh search that back door through the mfs console
-->
so we're gonna enter the uh pro ftpd and then in the series 1.3.3 small c and enter
-->
i must have typed something wrong what i do ah did you see what i did wrong no
-->
I'll hear you. Yes, I did. Okay
-->
Excellent
-->
Yes
-->
Excellent, which is terrible
-->
We're gonna use the ethernet
-->
We're gonna use the zero. Okay. Well look at this. Look at this. You can also do info zero
-->
use zero
-->
or use exploit
-->
that whole script there.
-->
So there are options. That's why we read, right?
-->
So we're going to use zero.
-->
Will I get a different output
-->
using the other one?
-->
It'll be the same output.
-->
Okay.
-->
Now we're going to type in options.
-->
Enter.
-->
Okay.
-->
Now we're going to reset.
-->
The R has to be required.
-->
Now we're going to set the R host.
-->
And you see these are not required, right?
-->
yeah yeah automatic that's important to know you can also do info or info tag
-->
D okay I'm sorry what am I typing we're gonna type set space capital our host
-->
R-H-O-S-T space the target IP 10.0.3.16.
-->
Enter.
-->
All right, it's set.
-->
Then we're going to type show payloads, two words, show space payloads.
-->
Because there's various payloads.
-->
In fact, there are nine of them.
-->
There's nine of them.
-->
Right?
-->
It says eight, but it starts with zero.
-->
Yeah.
-->
And we're going to choose, we're going to set payload fourth, or you're going to type SET space payload, small, small case as well, space, the number four.
-->
Now, when other people talk ports in the college environment, nobody talks about port zero.
-->
You're the first man in my life that said 65,536.
-->
Yes.
-->
So look at this.
-->
And I believe you, but why doesn't anybody else point that out?
-->
Because they don't know.
-->
Or they didn't investigate it and do deep research.
-->
So let me show you because I can show and tell you.
-->
Here's Wikipedia.
-->
These are the well-known ports.
-->
What port number does it start with?
-->
Computers start with zeros.
-->
Binary is zeros and ones.
-->
yeah we should always start with one well if i keep scrolling down it's a long way to go so let
-->
me get there what's the top number 65,535 there is no 65,535 exactly which makes 65,536 ports
-->
it's semantics but it's very literal do ports change is this set in stone
-->
I mean, will ports ever change or will more ports be added and ports taken away?
-->
Or is this the way the grid lies for life?
-->
Okay, let me answer the question.
-->
Can ports change?
-->
They can.
-->
Do they?
-->
Probably not.
-->
They add more than a little bit, but there are a lot of sections.
-->
They're well-known ports.
-->
Let me scroll down to the next section so you see what they're called.
-->
well-known ports are up to 1028 1023 excuse me then there's registered ports which is 1024
-->
on up within some of these ports there are unofficial ports so who knows what people can
-->
do hackers can hide within all that stuff some of them are blank see how that works
-->
hold on let me get down there people can use this stuff to do whatever most companies though
-->
will get assigned a port okay then you have the dynamic private or ephemeral ports you see the
-->
range contains dynamic or ever-changing or private ports that cannot be registered with
-->
ayana everything stems from ayana is a process so those ports can get swapped then those those
-->
private ports yes they can yes and bad guys hide well within them see you have a legend over here
-->
can billionaires own their own port i don't see why not because uh you got the money you can do
-->
anything you want and if you go to um i think it's ayana.com you can learn more about how ip addresses
-->
and protocol registries are assigned and this thing is a money thing you got the money do whatever you
-->
one of them figures yeah so and this is a long list but i'm hopeful that you um got something
-->
oh let me go in here you've heard all these right so in the u.s users aaron
-->
the um you know asia right go to africa afrnic ayana assigns the regions they're the regions that
-->
assign the ip addresses to those regions so when i used to go overseas and i went in say asia
-->
i needed to know the ip ranges that were there so i can spot the anomalies
-->
you know so everything you do should be research based not just hearsay based you must
-->
a thorough pen tester must do the research on everything right hold on a second look at this
-->
right here did you see my question this was one of the most powerful widely used exploitation there
-->
are several excellent alternatives did you know of these alternatives I know about cobalt strike
-->
and maybe that's it.
-->
So here we go.
-->
Beef.
-->
Right?
-->
Let me show you about beef real quick.
-->
How to hack web browsers with beef.
-->
This is my whole step-by-step
-->
how I hacked into a web browser with beef.
-->
And I showed the students how to do it.
-->
How long do you think it took me?
-->
10 minutes.
-->
didn't take long but when we went into beef they loved it because they were like i'll say just play
-->
around with it do some stuff but look at all these different things that exist out there
-->
kobold strike does cost money they're powerful empire power shell empire so hold on let me see
-->
i think that's have you ever tried nasa yeah i use it in my house
-->
so hold on so that's a good one now that now that's for vulnerability scans though so
-->
yes so all you got to do is say um show me how to use nessus to scan my home network
-->
the industry wants people to know how to do stuff so all you got to do is look for the how to do
-->
stuff step by step bang that's the essentials this install it right what we got seven steps and
-->
we're done it doesn't take long to do cyber the thing is you just have a million different tasks
-->
to do that's what overwhelms us where do i start you just need the right mentor everybody needs the
-->
right mentor when i learned this stuff in school i didn't have the right mentors they were really
-->
intelligent and i thought they were smart but they didn't show me how i'm showing you they said read
-->
this book and write a paper yeah because what's happening is all these people are coming out of
-->
fort gordon with all these hardware skills and so like if i want to learn anything i have to join
-->
hacker groups and i'm a little bit leery joining these hacker groups because they take my part
-->
and they disassemble them right in front of me and they're not always right when i like doubt
-->
myself you know because i have the least amount of information i feel i've been right like 80
-->
of the time against these guys so now i'm just referring to chat so i understand uh you know
-->
there's a lot of people pretending they know what's going on out there and um i just gotta
-->
blaze my own trail and not get stuck on tools that i've only been exposed to and if you need help with
-->
some stuff just let me know thank you but you're gonna get sucked away into some fabulous job and
-->
what is gonna happen to your students and your curriculum now so so you probably can't answer
-->
but just in general no i can't look when i was work when i was working as a sizzle i was doing
-->
the same thing i just didn't i had a day job i did a sock cyber in the evening on two days and
-->
thursday the team meeting two hours teach college on mondays and wednesdays play piano and organ
-->
for my church and teach the choir i'm saying martial arts instructor and i work out when i can
-->
and i'm a disabled veteran and i work in the government uh law enforcement and that's how i live
-->
seven jobs well not seven jobs but i have about i have a lot of means of income
-->
yes now that's great i just need one to pay my bills i don't live off of my training money
-->
that i make from my side business i'm not trying to work i'm not worried about money
-->
i want to get contracts so that i can change people's lives because i feel i can teach it
-->
better i wish there was a place to go where we can learn instead of the virtual like uh i mean
-->
it's always going to be virtual but i mean i wish there was an actual campus or somewhere we could
-->
actually just study cali lennox for five months straight and all the things that it can do
-->
and that's really not that it's funny you say that because that's what i do with my business
-->
they study it here but um yeah you you can't have if you have 10 000 different things in
-->
cyber security to study how do you know which one to study because cali linux hold on let me show you
-->
this let me show you this if you think cali linux is awesome you have not been around yet see this
-->
right here you already know about parrot black arch linux is advanced we still messing with the
-->
lightweight stuff you want some tools go to black arch linux and here's some other alternatives
-->
and download that 2800 hacking tools you see that right there yes put cali linux is like
-->
what the average person uses you want to take it to another level get yourself a black box
-->
linux black art clinic and now that the commands are going to be pac-man instead of apt
-->
where you're doing installs yeah that's the hard part but with chat you can do it
-->
and it's cleave focus less beginner friendly so as advanced but you will look at this a serious
-->
retina not not not the average joe okay so black watch black arch linux will smoke cow smoke
-->
parrot security you want to get some serious pen testing skill get that black arch and i'm talking
-->
you can put i used to have it in here i just don't use it that much but now that i'm talking
-->
about i just very well may just install it again and that is a simple download there you go right
-->
there huge learning curve there you go all right i'm doing that today along with all my other
-->
follow up so i can remember the section that we've had um we said payload four
-->
set payload four and then we're going to type in options enter then we're going to set the l host
-->
so that's a yeah and the ip address enter and we're going to run it running enter
-->
and then to check our work we're gonna do who am i you see what's happening it's sending the back
-->
door and it's accepted the first client connection except that the second client connection
-->
is echoing this particular hash is writing a socket a and b and then it's establishing that
-->
connection and is matching a is the input socket a command shell session one is open so that the cli
-->
is open and like you said who am i oh my god i root right cd to slash root bad guy and you decide
-->
what kind of malware you're going to inflict on the network if you're the bad guy but you're
-->
the pen testing guy. So now you're going to cover your investigation with a full throttle report
-->
and send it to your people who hired you. And that's your only job. You're done, right?
-->
So hold on. There's more. This is a great question. So sometimes pen testers will leave
-->
their mark. Let me show you this right here. Okay. You see this right here? Northbridge
-->
literacy project yes okay this is the capstone that i gave to my students in alabama and i had
-->
them create a red and blue team and i separated them and said you're going to attack and you're
-->
going to defend and you're going to create a video about it what happened was i'm just going to the
-->
bottom. Did you guys use Cousteau to identify the vector? Do who? Cousteau. No, but see this right
-->
here? Yeah. What's this say? Change directory to West was here. I had them create a directory to
-->
show that they were successful in attacking. That's all I had to do. No malware, no nothing,
-->
because this is for educational purposes.
-->
Absolutely.
-->
But I had them.
-->
If they were successful,
-->
that's what they were supposed to do.
-->
Look at all the payloads and stuff we did.
-->
Right?
-->
In summary,
-->
what level of student
-->
is getting to perform those types of challenges?
-->
I just met these people in January
-->
and by April,
-->
they were getting jobs
-->
and they were all beginners.
-->
Unbelievable.
-->
I'm telling you, it doesn't take long with me.
-->
I show people all kind of do all this stuff.
-->
Okay, I'm going to show you this.
-->
I think it's kind of cool.
-->
Projects, projects, projects.
-->
This is the video here.
-->
They actually created this red-blue team demo.
-->
This is the first fellowship I taught in Alabama.
-->
They created 11 virtuals and see the expectations.
-->
In this video. Let me see if I can play it. I don't know if it's still active. I actually wanted to show you something in here. Let's see. Okay. I'm not able to play it. That's frustrating.
-->
In this video, though, I had them because I'm it's all about proof of work.
-->
I have a thousand people have told me they know how to do something.
-->
And I'm like this. I don't believe you until you show me.
-->
Right. Keep that in mind, because people will be nice to you.
-->
Oh, OK. But they really don't know and they don't believe you.
-->
They don't know for sure. That's why we create proof of work.
-->
cybersecurity portfolio, screenshots. That's me. So that people can see that I'm really the guy
-->
doing this stuff. That makes you a believer. In that video, I had Amari and I can't think of her
-->
name, but I had them put their pictures in the corner while they were speaking and demonstrating.
-->
Then we posted it to the executives of the Alabama Cybersecurity Fellowship, the CEO here and the whole the university people.
-->
When they did that. They said. Oh, my God, they really did it.
-->
why were they also oh my god in shock because that school was having students do powerpoints
-->
those are the corniest powerpoints i've ever seen in my life they had no steps in it there
-->
was nothing in them to them they they were like less than i i would never present that to an
-->
employer this video they could actually present to an employer that's a picture this video they
-->
can actually present to an employer.
-->
There it is.
-->
They can present it
-->
to an employer.
-->
You see the picture?
-->
That's Stephanie.
-->
Stephanie was a librarian when I met her.
-->
She's now
-->
a cybersecurity specialist
-->
in the hospital
-->
in Alabama.
-->
Amari got offered a job in Alabama.
-->
He's a pen tester.
-->
Where did you learn
-->
pen testing, Amari, Dr. Phillips?
-->
How long have you been in my studio, Mark?
-->
Three months.
-->
I know her name, Michelle.
-->
I'm not Michelle.
-->
Bridget, she has a job working in a school.
-->
McHale, that's it.
-->
I know her name.
-->
All I'm saying is, this Landon, I love Landon.
-->
That's the day beyond.
-->
That's the other Landon.
-->
All I'm saying is, from the beginning,
-->
I have them creating projects that they can show employers.
-->
Now, I hate being on LinkedIn.
-->
I detest it.
-->
But it's the only way to get a job.
-->
I have a Facebook account only for my business because I don't do anything on it.
-->
I don't want people coming after me.
-->
When I started my company full-time, this is what I did.
-->
Who would have thought?
-->
In the past two months, I've gotten 16 contracts.
-->
I can't believe it.
-->
I'm in shock and awe.
-->
i'm working with um politicians i'm working with the mayor in the state i told the mayor what he
-->
could do to make the county safe and he's looking at me like this well i'm trying to meet with the
-->
mayor next week of our county and get him to help me clean up medical billing because cyber identity
-->
theft 30 comes from medical bill processing where they ask you to put your credit card number on
-->
the bill and mail it back for your image all because you needed to get imaged anyway so we'll
-->
see where the mayor stands on it but that's my project to clean up medical billing good on you
-->
go ahead and do it need help let me know maybe i can help who knows these are my interns that work
-->
with me for the summer the work they did was fantastic but anyway that's just the article i
-->
just showing you um we made it into the machine you know how to do it that excites me i would um
-->
maybe can i give you homework okay um try basic pen testing too when if you have a question ask
-->
chat gpt absolutely now in that one you're going to learn how to actually um you're going to be
-->
using i think john the ripper so that you can actually um brute force some passwords you're
-->
also going to do ssh this particular website i'm going to give it to you will teach you a lot about
-->
ssh and how to actually pin test into with the ssh command into a url or server
-->
i demonstrated it yesterday all it is we have 34 different levels 33 it is fantastic
-->
hands-on stuff that you can do right from your kali machine so when i type in ssh
-->
Oh, let me see, SSH.
-->
I've already done it many times.
-->
You just follow the steps.
-->
Bandit zero, you got to read, will get you in.
-->
Do a list, you're going to cat the readme.
-->
This is the password to the next level.
-->
You write it in your notes, you copy it.
-->
You're going to learn how to exit out of this.
-->
you hit the up arrow control a you're gonna change the zero to a one press enter you're
-->
gonna paste that password and yes now you're in who am i your bandit one this was bandit zero
-->
before you remember seeing that right and then what you do from there is you learn what's going
-->
on? You have a dash there. How do you open that? You have to screenshot all this or you search for
-->
it. How do you open the dash? And then from there, that's the password to level two.
-->
It gets more difficult. You have questions or issues because you're struggling with it.
-->
you have my phone number right um thank you and you can always call me ask me questions
-->
because i want to make sure that especially if you've been in my class or if i'm teaching you
-->
something i want to make sure that you have access to me for when you need to do something
-->
else there's another wire shark command but the cool thing about this and pico ctf
-->
you have years of um these are years i've been doing this thing i would put it like this i was
-->
doing pico ctf since like 2017 they didn't have this website back then don't know how i found it
-->
i just know it was a huge blessing and um and now we have 2025
-->
five. And there are tons of different challenges. Yes. So, oh, excuse me. I'll take that out.
-->
The one I can find. And these are all things that you can just click on,
-->
read the challenge and then work it with the hints and then work it. No one ever gives you
-->
all the information you need i got the true i got the hiccups all of a sudden bless you
-->
thank you you'll be fine i'm trying to hold my breath okay what questions do you have what do
-->
you want to do next yes i'm gonna hang out and do the uh basic pen testing too on the desktop
-->
just for the heck of it because it's gonna be available okay so go ahead you want me i'm gonna
-->
hang out right here and watch if you need. I'm here to five
-->
or however long you need me.
-->
You don't really need to hang out.
-->
I can just bash it out. I'm not
-->
scared unless you want
-->
to.
-->
I feel great.
-->
I just have a lot more work to do.
-->
I don't really have
-->
questions.
-->
I'm probably
-->
going to work out,
-->
but I'll be right here
-->
and I'll also be on the cell phone.
-->
I'm going to leave my computer up,
-->
but I'm going to walk to my basement and work out.
-->
Yeah.
-->
So if you have a question, you call me on the cell phone,
-->
I'll run right back up.
-->
Don't worry.
-->
Is that good?
-->
Have a great workout.
-->
Can you just remind me where I look for the basic pen testing too?
-->
Okay.
-->
Where would I find that?
-->
Go into your – click on the desktop.
-->
I'm looking at it right now and I just clicked on interactive so you should be
-->
able to use it I see you oh I gotta I gotta share all over again I see you in
-->
desktop so where do I find it let me stop sharing my screen or what you're
-->
on it you're on it I can see the instructions well just look on um click
-->
on your virtual box right there oh closed Pico CTF go back click that X
-->
right there okay there's basic pen test too now you you already got it
-->
You already downloaded it, so go to your terminal,
-->
that terminal right up there on the right, yep,
-->
and type in Change Directory to Downloads,
-->
capital D, CD space capital D-O-W.
-->
CD means Change Directory.
-->
Change Directory capital D.
-->
And then type the word Downloads.
-->
C-O-W.
-->
And hit the tab key, it'll autofill, enter.
-->
Type LS, and there is your basic pen test too.
-->
Now you need to unzip that,
-->
and we type those instructions in the chat GPT,
-->
how to unzip it.
-->
Yes.
-->
Go ahead and unzip it if you need help.
-->
I'm here.
-->
Yeah, can we just unzip it?
-->
Yeah, how do you go?
-->
I have so many, I can't even,
-->
I don't even know where my chat went.
-->
I've chatted so many things.
-->
I know, right?
-->
I do TACX and then copy the file.
-->
No.
-->
I do T-A-R TACXZF in the file name.
-->
How does that sound?
-->
Sounds good.
-->
I just want to see what you're going to do.
-->
Because here's the thing.
-->
There's so much to learn in failure.
-->
Yeah, I know.
-->
And I want to see if you're going to fail in in in the cry or fail and keep it moving
-->
I probably won't cry. I'll keep it moving
-->
Then I'm just gonna copy this file the top one with the Tar Z
-->
That GV
-->
Just go ahead and do it
-->
Do the bottom one basic pen test in two don't do the second one because it's just downloads twice. Oh
-->
look oh no no no no no no don't copy that type type bas tab and don't forget to put the dot the
-->
tar to put the parentheses one oh look at it look at look at the red put the period no no backspace
-->
backspace you don't want that one put the period hit the hit the tab key press enter no something
-->
is happening okay now do a list ls what happened it extracted that information and made it into
-->
an ova file see it said basic pen testing to ova okay now i want you to remove the other one so type
-->
rm space put the uh quotation mark or whatever though so it's a single quote not a double quote
-->
Press the tab key, put the 2, hit the tab key, hit the parentheses, hit the tab key, press enter, do a LS, cleaning it up.
-->
See that?
-->
Now, go to your VirtualBox.
-->
Go ahead and type VirtualBox in the Dragon.
-->
okay click on file uh import appliance okay go click on the yellow envelope on the right
-->
okay i need you to get to downloads go to downloads underneath basic pen test 2 double click it click
-->
on finish it is important importing the appliance is that eight percent seven oh wow look at that
-->
go ahead and start basic pen test too hold on click on um change network settings okay oh
-->
it's on change host only adapter um yeah change the bridge let's see what happens
-->
and then joe promiscuous mode change deny to allow bms now click okay
-->
put that orange x and close it yay don't do anything just minimize basic pen test too
-->
all right inside of your kali linux machine to download leave that there and just go to
-->
the kali right next to it your downloads um do it ls don't hit enter after ls okay um let's see
-->
here oh do a um ipa okay 10.0.3.15 interesting okay now you want to do your first command
-->
which is what what you want to find the ip address of the target yeah so i know this yes you do so
-->
you know you have two options so i am going to um do a pseudo net discover or a pseudo or scan
-->
depending on choose one how fast or how slow you want to go i'm gonna go slow okay that's
-->
going to take a minute but what you can do is right click split that terminal vertically
-->
or left and right and do the other command see what what differences you find
-->
you want last thing you want to do is do a bone hub wait forever and then you go it didn't work
-->
at all because you need to find out if you can find that joke now you see that type control e
-->
it'll auto complete the control press enter look at that see how fast that goes
-->
now one of them is basic pen test one and the other one is basic pen test two
-->
now the rest of it you have the instruction you can always stop basic pen test one too
-->
if you want to save resources got it okay what questions do you have i don't have any more
-->
questions i am available to you for the next two to three hours okay all right thank you very much
-->
I'm literally just going to be in my basement doing some weights.
-->
So you call me if you need me, okay?
-->
I hope you have a great workout.
-->
Thank you very much for everything.
-->
You're so welcome.
-->
I appreciate your instruction.
-->
You're welcome.
-->
And thank you for your service to our country.
-->
Well, thank you very much.
-->
And to cybersecurity.
-->
Thank you very much.
-->
I appreciate you.
-->
I think you're awesome.
-->
And I know you'll get it.
-->
All right, then.
-->
I'm just going to.
-->
Have a nice day all. Enjoy yourself. Have a good
-->
workout. Tear it up. You too. I am still here.
-->
Okay. I'm going to be here. Just going to mute and
-->
mute and no picture.
-->
I'm going to mute too. Alright. Thank you, Doctor. Bye-bye. Have a nice
-->
day. That's
-->
fantastic. The only thing is
-->
You don't report to anyone
-->
You don't do a presentation
-->
You don't write papers
-->
They don't do a whole
-->
They write papers
-->
But they don't do
-->
A whole lot of that other stuff
-->
Oh man, she dropped offline
-->
3.23
-->
So I'm going to end this call
-->
Send them a note and let them know she's done
-->
I don't see her do anything
-->
Oh yeah, she's not in the room
-->
Okay
-->
how do i stop this i think she gave up on that fantastic that's what i think i don't see her do
-->
anything