title
Cyber Security Full course - 11 Hours | Cyber Security Training For Beginners | Edureka

description
๐Ÿ”ฅ๐„๐๐ฎ๐ซ๐ž๐ค๐š ๐‚๐ฒ๐›๐ž๐ซ ๐’๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐“๐ซ๐š๐ข๐ง๐ข๐ง๐  (๐”๐ฌ๐ž ๐‚๐จ๐๐ž: ๐˜๐Ž๐”๐“๐”๐๐„๐Ÿ๐ŸŽ) : https://www.edureka.co/cybersecurity-certification-training This Edureka video on "Cyber Security Full Course" will help you understand and learn the fundamentals of Cyber Security. This Cyber Security Tutorial is ideal for both beginners as well as professionals who want to master the Cyber Security concepts. Below are the topics covered in this Cyber Security Training For Beginners: 00:00:00 Introduction 00:05:35 Requirement of Cyber Security 00:23:44 History of Cybersecurity 00:34:57 Types of hackers 00:42:57 Skills Necessary 00:51:45 What is Penetration testing? 01:01:22 What is Footprinting? 01:13:40 Handson 01:33:23 History of the internet 01:42:11 OSI and TCP/IP Model 01:50:59 What is Wireshark? 01:58:59 What is DHCP? 02:08:36 Cryptography 02:11:00 History of Cryptography 02:19:00 Digital Encryption Standard 02:54:13 Bitlocker 03:07:50 What is IDS 03:15:50 What is pishing 03:20:38 Password Attacks 03:23:50 Packet Flooding 03:27:02 What is a Drive-by-download 03:33:26 BluVector 03:46:15 Cybersecurity Frameworks 04:03:51 Cybersecurity is an evergreen industry 04:19:52 Why Become an cyber security engineer 04:23:52 Who is a cybersecurity engineer ? 04:26:17 Roles and responsibilities of cyber security 04:59:05 How to choose the right cybersecurity certification? 05:05:29 Keylogger 05:07:53 SQL Vulnerability assessment 05:35:54 Top Cyber attacks in history 05:40:42 Cybersecurity challenges 05:46:18 Types of hacking 06:08:43 What is kali Linux? 06:14:19 Hands-on in Kali Linux 06:39:56 What is a proxy chain? 06:55:08 What is a Mac Address? 07:26:21 Cryptography 08:23:59 What is cross-site scripting? 08:26:23 types of cross-site scripting 08:36:00 How to use cross-site scripting 08:52:48 How to prevent cross-site scripting? 09:13:37 What is SQL Injection? 09:32:49 What is steganography? 10:00:50 Steganography tools 10:13:39 Ethical hacking and roles in ethical hacking 10:18:27 Ethical hacking tools 10:21:39 Cybersecurity interview questions ๐Ÿ”ด Subscribe to our channel to get video updates. Hit the subscribe button above: https://goo.gl/6ohpTV ๐Ÿ“Feel free to share your comments below.๐Ÿ“ ๐Ÿ”ด ๐„๐๐ฎ๐ซ๐ž๐ค๐š ๐Ž๐ง๐ฅ๐ข๐ง๐ž ๐“๐ซ๐š๐ข๐ง๐ข๐ง๐  ๐š๐ง๐ ๐‚๐ž๐ซ๐ญ๐ข๐Ÿ๐ข๐œ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐Ÿ”ฅEdureka CEH v12 Certification: https://bit.ly/3M2A1X9 ๐Ÿ”ฅEdureka CISSP Certification: https://bit.ly/3nDq8Wc ๐Ÿ”ฅEdureka CompTIA Security+ Certification: https://bit.ly/3nxeVRl ๐Ÿ”ด ๐„๐๐ฎ๐ซ๐ž๐ค๐š ๐‘๐จ๐ฅ๐ž-๐๐š๐ฌ๐ž๐ ๐‚๐จ๐ฎ๐ซ๐ฌ๐ž๐ฌ ๐Ÿ”ต Cyber Security Masters Program: http://bit.ly/3U25rNR ๐ŸŒ• Cloud Architect Masters Program: http://bit.ly/3OvueZy ๐Ÿ”ต DevOps Engineer Masters Program: http://bit.ly/3Oud9PC ๐ŸŒ• Big Data Architect Masters Program: http://bit.ly/3tTWT0V ๐Ÿ”ต Machine Learning Engineer Masters Program: http://bit.ly/3AEq4c4 ๐ŸŒ• Business Intelligence Masters Program: http://bit.ly/3UZPqJz ๐Ÿ”ต Python Developer Masters Program: http://bit.ly/3EV6kDv ๐ŸŒ• Full Stack Developer Masters Program : http://bit.ly/3tWCE2S ๐Ÿ”ต Automation Testing Engineer Masters Program : http://bit.ly/3AGXg2J ๐ŸŒ• Python Developer Masters Program : https://bit.ly/3EV6kDv ๐Ÿ”ต Azure Cloud Engineer Masters Program: http://bit.ly/3AEBHzH ๐Ÿ”ด ๐„๐๐ฎ๐ซ๐ž๐ค๐š ๐”๐ง๐ข๐ฏ๐ž๐ซ๐ฌ๐ข๐ญ๐ฒ ๐๐ซ๐จ๐ ๐ซ๐š๐ฆ๐ฌ ๐Ÿ”ต Advanced Certificate Program in Cybersecurity with E&ICT Academy, IIT Guwahati: https://bit.ly/3rDFjkr ๐ŸŒ• Professional Certificate Program in DevOps with Purdue University: https://bit.ly/3Ov52lT ๐Ÿ”ต Advanced Certificate Program in Data Science with E&ICT Academy, IIT Guwahati: http://bit.ly/3V7ffrh ๐Ÿ“Œ๐“๐ž๐ฅ๐ž๐ ๐ซ๐š๐ฆ: https://t.me/edurekaupdates ๐Ÿ“Œ๐“๐ฐ๐ข๐ญ๐ญ๐ž๐ซ: https://twitter.com/edurekain ๐Ÿ“Œ๐‹๐ข๐ง๐ค๐ž๐๐ˆ๐ง: https://www.linkedin.com/company/edureka ๐Ÿ“Œ๐ˆ๐ง๐ฌ๐ญ๐š๐ ๐ซ๐š๐ฆ: https://www.instagram.com/edureka_learning/ ๐Ÿ“Œ๐…๐š๐œ๐ž๐›๐จ๐จ๐ค: https://www.facebook.com/edurekaIN/ ๐Ÿ“Œ๐’๐ฅ๐ข๐๐ž๐’๐ก๐š๐ซ๐ž: https://www.slideshare.net/EdurekaIN ๐Ÿ“Œ๐‚๐š๐ฌ๐ญ๐›๐จ๐ฑ: https://castbox.fm/networks/505?country=IN ๐Ÿ“Œ๐Œ๐ž๐ž๐ญ๐ฎ๐ฉ: https://www.meetup.com/edureka/ ๐Ÿ“Œ๐‚๐จ๐ฆ๐ฆ๐ฎ๐ง๐ข๐ญ๐ฒ: https://www.edureka.co/community/ ------------- About Edureka Cyber Security Training Edurekaโ€™s Cybersecurity Certification Course will help you in learning about the basic concepts of Cybersecurity along with the methodologies that must be practiced ensuring information security of an organization. Starting from the Ground level Security Essentials, this course will lead you through Cryptography. Why Learn Cyber Security? Cybersecurity is the gathering of advances that procedures and practices expected to ensure systems, PCs, projects and information from assault, harm or unapproved get to. In a processing setting, security incorporates both cybersecurity and physical security. For more information, please write back to us at sales@edureka.co or call us at IND: 9606058406 / US: 18338555775 (toll-free).

detail
{'title': 'Cyber Security Full course - 11 Hours | Cyber Security Training For Beginners | Edureka', 'heatmap': [{'end': 4383.515, 'start': 3973.627, 'weight': 0.785}], 'summary': 'Covers a comprehensive 11-hour cybersecurity training for beginners by edureka, including cybersecurity fundamentals, skills, evolution and reasons for hacking, cybersecurity attacks, prevention, frameworks, tools, implementation, careers, essential skills, certifications, it security certifications, ethical hacking, kali linux essentials, wi-fi security, cryptography, network security vulnerabilities, web security threats, ddos attacks, sql injection, steganography, and data protection, with practical demonstrations and quantifiable data points such as job vacancies in india and the us.', 'chapters': [{'end': 67.063, 'segs': [{'end': 85.734, 'src': 'embed', 'start': 51.556, 'weight': 0, 'content': [{'end': 54.397, 'text': 'You can also hit the bell icon to receive regular updates from here.', 'start': 51.556, 'duration': 2.841}, {'end': 59.459, 'text': 'We also have hundreds of training programs and certification courses on our website.', 'start': 55.057, 'duration': 4.402}, {'end': 63.801, 'text': 'So if you are interested in them, do check out the description given below.', 'start': 60.16, 'duration': 3.641}, {'end': 67.063, 'text': "Now let's start this video by seeing what this video will cover.", 'start': 64.382, 'duration': 2.681}, {'end': 74.807, 'text': 'Since the title itself is Cybersecurity Full Course, I think that it is justified that we start with what is Cybersecurity.', 'start': 67.683, 'duration': 7.124}, {'end': 78.389, 'text': 'After that, we can move on to cybersecurity fundamentals.', 'start': 75.607, 'duration': 2.782}, {'end': 85.734, 'text': 'This section will cover all the fundamental concepts that you will need to understand in order to start learning cybersecurity.', 'start': 79.21, 'duration': 6.524}], 'summary': 'Video covers cybersecurity fundamentals and certification courses on website.', 'duration': 34.178, 'max_score': 51.556, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo51556.jpg'}], 'start': 7.182, 'title': 'Cybersecurity basics', 'summary': "Introduces the importance of cybersecurity in protecting data from digital attacks, theft, and damage, emphasizing its criticality for individuals, businesses, and organizations, and promoting edureka's cybersecurity full course.", 'chapters': [{'end': 67.063, 'start': 7.182, 'title': 'Cybersecurity basics', 'summary': "Introduces the importance of cybersecurity in protecting data from digital attacks, theft, and damage, emphasizing its criticality for individuals, businesses, and organizations, and promoting edureka's cybersecurity full course.", 'duration': 59.881, 'highlights': ['Cybersecurity is critical for individuals, businesses, and organizations to protect against cyber threats such as viruses, worms, and ransomware, safeguarding computers, servers, and networks from digital attacks, theft, and damage.', "Introduction to Edureka's cybersecurity full course, promoting the like button, subscribing to their channel, and exploring training programs and certification courses on their website."]}], 'duration': 59.881, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo7182.jpg', 'highlights': ['Cybersecurity is critical for protecting against cyber threats and digital attacks.', "Introduction to Edureka's cybersecurity full course, promoting their training programs."]}, {'end': 1445.76, 'segs': [{'end': 825.566, 'src': 'embed', 'start': 797.061, 'weight': 14, 'content': [{'end': 801.143, 'text': 'availability is best ensured by rigorous maintaining of all hardware,', 'start': 797.061, 'duration': 4.082}, {'end': 809.006, 'text': 'performing hardware repairs immediately when needed and maintaining a correctly functional operating system environment that is free of software conflicts.', 'start': 801.143, 'duration': 7.863}, {'end': 812.328, 'text': "it's also important to keep current with all necessary system upgrades.", 'start': 809.006, 'duration': 3.322}, {'end': 818.156, 'text': 'Providing adequate communication bandwidth and preventing the occurrences of bottlenecks are equally important.', 'start': 812.887, 'duration': 5.269}, {'end': 825.566, 'text': 'Redundancy, failover, and even high availability clusters can mitigate serious consequences when hardware issues do occur.', 'start': 818.78, 'duration': 6.786}], 'summary': 'Maintain hardware, os, and bandwidth to ensure high availability and prevent bottlenecks. use redundancy and failover for mitigating hardware issues.', 'duration': 28.505, 'max_score': 797.061, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo797061.jpg'}, {'end': 957.912, 'src': 'embed', 'start': 932.928, 'weight': 6, 'content': [{'end': 940.451, 'text': 'change logins or remove their names from the company credit cards, this leaves your business open to both unintentional and intentional threats.', 'start': 932.928, 'duration': 7.523}, {'end': 947.855, 'text': 'However, most vulnerabilities are exploited by automated attackers and not a human typing on the other side of the network.', 'start': 941.032, 'duration': 6.823}, {'end': 957.912, 'text': 'Next. testing for vulnerabilities is critical to ensuring the continued security of your systems by identifying weak points and developing a strategy to respond quickly.', 'start': 949.13, 'duration': 8.782}], 'summary': 'Secure logins, test for vulnerabilities to prevent threats and attacks.', 'duration': 24.984, 'max_score': 932.928, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo932928.jpg'}, {'end': 1079.467, 'src': 'embed', 'start': 1050.173, 'weight': 12, 'content': [{'end': 1051.393, 'text': 'Here are some ways to do so.', 'start': 1050.173, 'duration': 1.22}, {'end': 1057.735, 'text': 'Ensure that your team members are staying informed of current trends in cybersecurity so they can quickly identify new threats.', 'start': 1052.033, 'duration': 5.702}, {'end': 1064.719, 'text': 'They should subscribe to blogs like Wired and podcasts like the Techgenics Extreme IT that covers these issues,', 'start': 1058.376, 'duration': 6.343}, {'end': 1070.662, 'text': 'as well as joint professional associations, so they can benefit from breaking news feeds, conferences and webinars.', 'start': 1064.719, 'duration': 5.943}, {'end': 1077.726, 'text': 'You should also perform regular threat assessment to determine the best approaches to protecting a system against a specific threat,', 'start': 1071.223, 'duration': 6.503}, {'end': 1079.467, 'text': 'along with assessing different types of threats.', 'start': 1077.726, 'duration': 1.741}], 'summary': 'Team members stay informed of cybersecurity trends through blogs, podcasts, and professional associations. regular threat assessments are also important.', 'duration': 29.294, 'max_score': 1050.173, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo1050173.jpg'}, {'end': 1113.104, 'src': 'embed', 'start': 1087.984, 'weight': 1, 'content': [{'end': 1093.108, 'text': 'So risk refers to the potential for loss or damage when a threat exploits a vulnerability.', 'start': 1087.984, 'duration': 5.124}, {'end': 1100.794, 'text': 'Examples of risks include financial losses as a result of business disruption, loss of privacy, reputational damage,', 'start': 1093.609, 'duration': 7.185}, {'end': 1103.457, 'text': 'legal implications and can even include loss of life.', 'start': 1100.794, 'duration': 2.663}, {'end': 1108.401, 'text': 'Risk can also be defined as follows, which is basically threat multiplied by the vulnerability.', 'start': 1103.797, 'duration': 4.604}, {'end': 1113.104, 'text': 'You can reduce the potential for risk by creating and implementing a risk management plan.', 'start': 1108.681, 'duration': 4.423}], 'summary': 'Risk is the potential for loss resulting from threats exploiting vulnerabilities, which can include financial, reputational, and legal implications. risk can be mitigated with a risk management plan.', 'duration': 25.12, 'max_score': 1087.984, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo1087984.jpg'}, {'end': 1233.086, 'src': 'embed', 'start': 1210.363, 'weight': 0, 'content': [{'end': 1220.238, 'text': "The ARP software integrates all the security and IT software needed to keep a large company like Bob's secured into a single dashboard and acts as a hub for the people,", 'start': 1210.363, 'duration': 9.875}, {'end': 1224.441, 'text': 'processes and technology needed to respond to and contain cyber attacks.', 'start': 1220.238, 'duration': 4.203}, {'end': 1227.803, 'text': "Let's see how this platform works in the case of a security breach.", 'start': 1224.901, 'duration': 2.902}, {'end': 1233.086, 'text': 'While Bob is out on a business trip, irregular activity occurs on his account,', 'start': 1228.363, 'duration': 4.723}], 'summary': "Arp software integrates security and it software for large companies like bob's, acting as a hub to respond to cyber attacks.", 'duration': 22.723, 'max_score': 1210.363, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo1210363.jpg'}], 'start': 67.683, 'title': 'Cybersecurity fundamentals and skills', 'summary': 'Covers cybersecurity fundamentals, history, threats, tools, certifications, career path, top 10 reasons to learn cybersecurity, and core concepts like ethical hacking with kali linux. it also explains the importance of cybersecurity in protecting sensitive data, common cyber attacks, and steps to mitigate cyber attacks through identifying vulnerabilities, evaluating threats, and managing risks.', 'chapters': [{'end': 193.994, 'start': 67.683, 'title': 'Cybersecurity fundamentals and skills', 'summary': 'Covers cybersecurity fundamentals, history, threats, tools, the top 10 reasons to learn cybersecurity, career path, certifications, coding for cybersecurity, top cybersecurity attacks, ethical hacking, core concepts like ethical hacking with kali linux, cryptography, penetration testing, and methods of cyber attacks.', 'duration': 126.311, 'highlights': ['The chapter covers cybersecurity fundamentals, history, threats, tools, and the top 10 reasons to learn cybersecurity.', 'Certifications are necessary for getting shortlisted in the cybersecurity industry.', 'The video also covers coding for cybersecurity to maximize knowledge in this domain.', 'The chapter includes top cybersecurity attacks that have gained reputation in recent years.', 'The section on ethical hacking includes learning about ethical hacking with Kali Linux, cryptography, and penetration testing.', 'The video demonstrates the use of Nmap, a network scanner used to discover hosts and services on a computer network.', 'The chapter explores various methods of cyber attacks like cross-site scripting, DDoS attack, and SQL injection.', 'Steganography, a technique used to hide data in a non-secretive manner to avoid detection, is also covered in the chapter.']}, {'end': 1143.467, 'start': 193.994, 'title': 'Understanding cybersecurity and cyber threats', 'summary': 'Explains what cybersecurity is, its importance in protecting sensitive data, common cyber attacks, examples of major cyber breaches, and the key aspects of cybersecurity including confidentiality, integrity, and availability. it also covers the steps to mitigate cyber attacks through identifying vulnerabilities, evaluating threats, and managing risks.', 'duration': 949.473, 'highlights': ['Importance of Cybersecurity Cybersecurity is crucial in protecting sensitive and confidential data from security vulnerabilities, and as the digital world advances, there is a growing need for highly skilled cybersecurity professionals to combat evolving cyber threats.', 'Common Types of Cyber Attacks The chapter describes eight common cyber attacks including malware, phishing, password attacks, DDoS, man in the middle attacks, drive-by downloads, mal-advertising, and rogue software, each posing significant threats to individuals and organizations.', 'Examples of Major Cyber Breaches The chapter provides examples of major cyber breaches involving big companies like eBay, AOL, Evernote, and Adobe, highlighting that cyber attacks target both individuals and large organizations, compromising the privacy and confidentiality of data.', 'Key Aspects of Cybersecurity The chapter explains the key aspects of cybersecurity, including confidentiality, integrity, and availability, and their significance in maintaining data security and preventing cyber attacks, emphasizing the importance of network security and incident response plans.', 'Steps to Mitigate Cyber Attacks The chapter outlines the steps to mitigate cyber attacks through identifying vulnerabilities, evaluating threats, and managing risks, emphasizing the importance of testing for vulnerabilities, staying informed of current threats, and developing a risk management plan.']}, {'end': 1445.76, 'start': 1143.987, 'title': 'Cybersecurity: protecting organizations', 'summary': 'Discusses how cybersecurity defends organizations against cybercrime, highlighting the impact of organized cybercrime, the role of an incident response platform in mitigating security breaches, and the efficiency of cognitive security tools in minimizing attacks and safeguarding data.', 'duration': 301.773, 'highlights': ['The incident response platform automates the entire cybersecurity process, orchestrates a chain of events to prevent security disasters, identifies and patches vulnerabilities, and notifies affected parties and ensures compliance, reducing the time for resolution from months to hours. The incident response platform streamlines the cybersecurity process, reduces resolution time from months to hours, and ensures compliance, showcasing its efficiency and effectiveness.', 'Large organized cybercrime rings function like startups, employ highly trained developers, and constantly innovate new online attacks, posing a significant threat to individual security and large international companies, banks, and governments. Organized cybercrime poses a significant threat to individual security and large organizations by employing highly trained developers and constantly innovating new attacks.', 'Cognitive security tools read and learn from trusted sources, uncover new insights, patterns, and anticipate attacks, providing immediate recommendations for security professionals, thereby keeping data safe and organizations out of the headlines. Cognitive security tools anticipate attacks, provide immediate recommendations for security professionals, and keep data safe, demonstrating their effectiveness in safeguarding organizations.']}], 'duration': 1378.077, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo67683.jpg', 'highlights': ['Certifications are necessary for getting shortlisted in the cybersecurity industry.', 'The chapter covers cybersecurity fundamentals, history, threats, tools, and the top 10 reasons to learn cybersecurity.', 'The video also covers coding for cybersecurity to maximize knowledge in this domain.', 'The chapter includes top cybersecurity attacks that have gained reputation in recent years.', 'The section on ethical hacking includes learning about ethical hacking with Kali Linux, cryptography, and penetration testing.', 'The chapter explores various methods of cyber attacks like cross-site scripting, DDoS attack, and SQL injection.', 'Steganography, a technique used to hide data in a non-secretive manner to avoid detection, is also covered in the chapter.', 'Importance of Cybersecurity Cybersecurity is crucial in protecting sensitive and confidential data from security vulnerabilities, and as the digital world advances, there is a growing need for highly skilled cybersecurity professionals to combat evolving cyber threats.', 'Common Types of Cyber Attacks The chapter describes eight common cyber attacks including malware, phishing, password attacks, DDoS, man in the middle attacks, drive-by downloads, mal-advertising, and rogue software, each posing significant threats to individuals and organizations.', 'Examples of Major Cyber Breaches The chapter provides examples of major cyber breaches involving big companies like eBay, AOL, Evernote, and Adobe, highlighting that cyber attacks target both individuals and large organizations, compromising the privacy and confidentiality of data.', 'Key Aspects of Cybersecurity The chapter explains the key aspects of cybersecurity, including confidentiality, integrity, and availability, and their significance in maintaining data security and preventing cyber attacks, emphasizing the importance of network security and incident response plans.', 'Steps to Mitigate Cyber Attacks The chapter outlines the steps to mitigate cyber attacks through identifying vulnerabilities, evaluating threats, and managing risks, emphasizing the importance of testing for vulnerabilities, staying informed of current threats, and developing a risk management plan.', 'The incident response platform automates the entire cybersecurity process, orchestrates a chain of events to prevent security disasters, identifies and patches vulnerabilities, and notifies affected parties and ensures compliance, reducing the time for resolution from months to hours.', 'Large organized cybercrime rings function like startups, employ highly trained developers, and constantly innovate new online attacks, posing a significant threat to individual security and large international companies, banks, and governments.', 'Cognitive security tools read and learn from trusted sources, uncover new insights, patterns, and anticipate attacks, providing immediate recommendations for security professionals, thereby keeping data safe and organizations out of the headlines.']}, {'end': 2644.575, 'segs': [{'end': 1569.728, 'src': 'embed', 'start': 1544.57, 'weight': 6, 'content': [{'end': 1550.134, 'text': "We've seen them in hacker movies called war games, also the movie Hackers.", 'start': 1544.57, 'duration': 5.564}, {'end': 1558.34, 'text': 'Of course you also see it in the Matrix movies, where you can see, if you look really closely, that they are using a tool called Nmap,', 'start': 1550.655, 'duration': 7.685}, {'end': 1563.544, 'text': 'which we will get into the use of in great detail later on as we go on.', 'start': 1558.34, 'duration': 5.204}, {'end': 1569.728, 'text': 'Now also the movie Sneakers and the movie Swordfish, And on television, in addition to other places,', 'start': 1563.924, 'duration': 5.804}], 'summary': 'Movies like war games, hackers, matrix, sneakers, and swordfish feature hacking tools like nmap.', 'duration': 25.158, 'max_score': 1544.57, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo1544570.jpg'}, {'end': 1608.46, 'src': 'embed', 'start': 1587.05, 'weight': 1, 'content': [{'end': 1596.815, 'text': "It's also about exploring and the joy of learning new things and understanding them very clearly and being able to manipulate those things in ways that maybe other people haven't before.", 'start': 1587.05, 'duration': 9.765}, {'end': 1602.117, 'text': "It's also about digging into problems, to find out solutions in creative and interesting ways,", 'start': 1597.135, 'duration': 4.982}, {'end': 1605.579, 'text': "and sometimes finding problems where there weren't problems previously.", 'start': 1602.117, 'duration': 3.462}, {'end': 1608.46, 'text': "and that's a little bit about what is hacking.", 'start': 1606.279, 'duration': 2.181}], 'summary': 'Hacking involves exploring, learning, and problem-solving in new and creative ways.', 'duration': 21.41, 'max_score': 1587.05, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo1587050.jpg'}, {'end': 1794.194, 'src': 'embed', 'start': 1768.714, 'weight': 0, 'content': [{'end': 1775.359, 'text': "and here's an example of data theft compromised and a few within one and a half million cards for global payments.", 'start': 1768.714, 'duration': 6.645}, {'end': 1784.366, 'text': 'so there are some attackers who got into this company global payment and they were able to pull out about a million and a half credit card numbers during the intrusion there.', 'start': 1775.359, 'duration': 9.007}, {'end': 1794.194, 'text': 'so what you may want to do is you may want to learn how to hack in order to find these holes in your systems or applications or employer systems,', 'start': 1784.366, 'duration': 9.828}], 'summary': "Global payments suffered data theft with 1.5 million compromised cards. it's important to learn to hack to identify system vulnerabilities.", 'duration': 25.48, 'max_score': 1768.714, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo1768714.jpg'}, {'end': 1830.57, 'src': 'embed', 'start': 1805.985, 'weight': 5, 'content': [{'end': 1814.033, 'text': 'So just to protect your job, to protect your company and to protect your own desire of business, you may just want to learn to hack,', 'start': 1805.985, 'duration': 8.048}, {'end': 1815.315, 'text': "and that's a very good reason.", 'start': 1814.033, 'duration': 1.282}, {'end': 1821.641, 'text': 'Now you may also want to find all the problems that exist in your system before putting them out and deploying them,', 'start': 1815.695, 'duration': 5.946}, {'end': 1826.987, 'text': 'so that you can keep these attackers from getting in and stealing critical or sensitive information.', 'start': 1821.641, 'duration': 5.346}, {'end': 1830.57, 'text': 'Sometimes you may want to hack to get there before the bad guys.', 'start': 1827.467, 'duration': 3.103}], 'summary': 'Learning to hack can protect job, company, and prevent data theft.', 'duration': 24.585, 'max_score': 1805.985, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo1805985.jpg'}, {'end': 2262.047, 'src': 'embed', 'start': 2237.691, 'weight': 7, 'content': [{'end': 2243.515, 'text': 'But in this case, Lull Security and Anonymous, specifically Lull Security, were engaged in the form of hacktivism.', 'start': 2237.691, 'duration': 5.824}, {'end': 2249.119, 'text': 'And what they were doing was not only damaging to the corporation that certainly was detrimental to those people.', 'start': 2243.795, 'duration': 5.324}, {'end': 2252.462, 'text': 'So different types of hackers and different types of hacking.', 'start': 2249.559, 'duration': 2.903}, {'end': 2254.683, 'text': "We've got ethical or white hat hacking.", 'start': 2252.882, 'duration': 1.801}, {'end': 2256.705, 'text': "We've got black hat, gray hat.", 'start': 2254.903, 'duration': 1.802}, {'end': 2258.386, 'text': 'And then we finally got hacktivism.', 'start': 2256.745, 'duration': 1.641}, {'end': 2262.047, 'text': "It's really the goal and the means that vary from one to the other.", 'start': 2258.866, 'duration': 3.181}], 'summary': 'Lull security engaged in hacktivism, damaging to corporation and detrimental to people, different types of hackers and hacking exist.', 'duration': 24.356, 'max_score': 2237.691, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo2237691.jpg'}, {'end': 2305.081, 'src': 'embed', 'start': 2274.872, 'weight': 2, 'content': [{'end': 2280.434, 'text': 'So initially just for basic computing, you need a basic understanding of operating systems and how to work them.', 'start': 2274.872, 'duration': 5.562}, {'end': 2286.539, 'text': "There are going to be several fundamental types of tasks that I won't be going into any detail at all or,", 'start': 2280.874, 'duration': 5.665}, {'end': 2293.164, 'text': "and you'll need to know how to run programs and do things like open up a command prompt without me walking you through and how to do that.", 'start': 2286.539, 'duration': 6.625}, {'end': 2297.878, 'text': 'So I am going to assume that you have some basic understanding of how to do these sorts of tasks.', 'start': 2293.797, 'duration': 4.081}, {'end': 2305.081, 'text': "Also, you need an understanding of the basic system software and you'll need a basic understanding of how to use command line utilities.", 'start': 2298.359, 'duration': 6.722}], 'summary': 'Basic computing requires understanding of operating systems and command line utilities.', 'duration': 30.209, 'max_score': 2274.872, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo2274872.jpg'}], 'start': 1445.76, 'title': 'Evolution and reasons for hacking', 'summary': 'Explores the evolution of hacking and its impact on popular culture, featuring key figures like robert t. morris and kevin mitnick. it also delves into reasons for hacking, encompassing fun, political statements, and challenges at mit, and discusses various types of hackers and ethical hacking skills.', 'chapters': [{'end': 1746.994, 'start': 1445.76, 'title': 'Evolution of hacking and hacker culture', 'summary': 'Explores the evolution of hacking from its early days at mit to the changing connotations and its impact on popular culture, featuring key figures such as robert t. morris and kevin mitnick, and delves into the reasons people hack, encompassing fun, political statements, and challenges at mit.', 'duration': 301.234, 'highlights': ['The Morris worm, unleashed by Robert T. Morris, caused significant damage and downtime on systems across the country and the world, ultimately leading to the creation of the computer emergency response team at Carnegie Mellon. The Morris worm, created by Robert T. Morris, resulted in widespread system downtime and prompted the establishment of the computer emergency response team at Carnegie Mellon.', 'Kevin Mitnick, a well-known hacker, was responsible for various acts of computer crime over a couple of decades, and his actions contributed to the transformation of the popular perception of hacking into something more sinister. Kevin Mitnick, a prominent hacker, played a significant role in altering the public perception of hacking by engaging in numerous computer-related criminal activities.', "MIT's history of hacking spans both computer-related and non-computer-related instances, including pranks such as the April Fool's Day hack of the MIT homepage, showcasing the tradition of hacking for fun. MIT has a rich history of hacking, encompassing both computer-related and non-computer-related pranks, such as the April Fool's Day hack of the MIT homepage, reflecting the tradition of hacking for amusement.", "Students at MIT hacked the Windows systems installed in a building's entryway to run Linux instead, as a demonstration of their viewpoint on Linux and Microsoft to Bill Gates during his visit, highlighting hacking as a means to convey a political statement. MIT students hacked the Windows systems to run Linux during Bill Gates' visit, serving as a method to express their stance on Linux and Microsoft, exemplifying hacking for political messaging.", "MIT students transformed the facade of a building into a Tetris game board, showcasing hacking as a challenge pursued for the pride of completion and as a way to demonstrate skills and abilities. MIT students converted a building's facade into a Tetris game board, exemplifying hacking as a difficult challenge pursued for the satisfaction of accomplishment and to exhibit their capabilities."]}, {'end': 2274.532, 'start': 1747.695, 'title': 'Reasons for hacking and types of hackers', 'summary': 'Explores the various reasons for hacking, including preventing theft and finding vulnerabilities, with examples of data theft and ethical hacking, and discusses the different types of hackers, such as ethical, black hat, gray hat, and hacktivists.', 'duration': 526.837, 'highlights': ['Preventing theft and finding vulnerabilities Learning to hack to find and fix system vulnerabilities to prevent data theft, such as the example of a company losing a million and a half credit card numbers during an intrusion.', 'Exploring ethical hacking Description of ethical hackers who aim to identify and fix vulnerabilities without malicious intent, and the certification available from the EC Council as a Certified Ethical Hacker.', 'Discussing black hat, gray hat, and hacktivists Explanation of black hat hackers like Kevin Mitnick, gray hat hackers who balance between good and bad hacking, and hacktivists like lulz security engaging in hacktivism to protest and expose weak security postures.']}, {'end': 2644.575, 'start': 2274.872, 'title': 'Ethical hacking skills & attack types', 'summary': 'Covers the essential skills required for ethical hacking, including basic computing, networking concepts, problem-solving skills, and security awareness. it also discusses various types of attacks, such as defacing, commonly used by hackers for hacktivism or making a point.', 'duration': 369.703, 'highlights': ['The chapter covers the essential skills required for ethical hacking, including basic computing, networking concepts, problem-solving skills, and security awareness. It emphasizes the need for understanding operating systems, basic system software, command line utilities, simple networking concepts, problem-solving, and security awareness, which are crucial for ethical hacking.', 'It discusses various types of attacks, such as defacing, commonly used by hackers for hacktivism or making a point. It explains the concept of defacing as a form of digital graffiti primarily targeting websites, commonly used by individuals or organizations for making a statement or causing disruption.']}], 'duration': 1198.815, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo1445760.jpg', 'highlights': ['The Morris worm, unleashed by Robert T. Morris, caused significant damage and downtime on systems across the country and the world, ultimately leading to the creation of the computer emergency response team at Carnegie Mellon.', 'Kevin Mitnick, a well-known hacker, was responsible for various acts of computer crime over a couple of decades, and his actions contributed to the transformation of the popular perception of hacking into something more sinister.', 'MIT students transformed the facade of a building into a Tetris game board, showcasing hacking as a challenge pursued for the pride of completion and as a way to demonstrate skills and abilities.', "MIT students hacked the Windows systems to run Linux during Bill Gates' visit, serving as a method to express their stance on Linux and Microsoft, exemplifying hacking for political messaging.", "MIT's history of hacking spans both computer-related and non-computer-related instances, including pranks such as the April Fool's Day hack of the MIT homepage, reflecting the tradition of hacking for amusement.", 'Learning to hack to find and fix system vulnerabilities to prevent data theft, such as the example of a company losing a million and a half credit card numbers during an intrusion.', 'Exploring ethical hacking Description of ethical hackers who aim to identify and fix vulnerabilities without malicious intent, and the certification available from the EC Council as a Certified Ethical Hacker.', 'Discussing black hat, gray hat, and hacktivists Explanation of black hat hackers like Kevin Mitnick, gray hat hackers who balance between good and bad hacking, and hacktivists like lulz security engaging in hacktivism to protest and expose weak security postures.', 'The chapter covers the essential skills required for ethical hacking, including basic computing, networking concepts, problem-solving skills, and security awareness. It emphasizes the need for understanding operating systems, basic system software, command line utilities, simple networking concepts, problem-solving, and security awareness, which are crucial for ethical hacking.', 'It discusses various types of attacks, such as defacing, commonly used by hackers for hacktivism or making a point. It explains the concept of defacing as a form of digital graffiti primarily targeting websites, commonly used by individuals or organizations for making a statement or causing disruption.']}, {'end': 3675.895, 'segs': [{'end': 2672.619, 'src': 'embed', 'start': 2644.835, 'weight': 5, 'content': [{'end': 2648.518, 'text': 'We also have a pretty common one, or certainly has been common over the years,', 'start': 2644.835, 'duration': 3.683}, {'end': 2654.402, 'text': "and it's a pretty good path towards quality exploits and high-profile vulnerabilities, and that's buffer overflow.", 'start': 2648.518, 'duration': 5.884}, {'end': 2659.827, 'text': 'Now a buffer overflow is a result of the way programs are stored in memory.', 'start': 2654.722, 'duration': 5.105}, {'end': 2668.015, 'text': "When programs are running they make use of a chunk of memory called a stack and it's just like a stack of plates when you put a bunch of plates down.", 'start': 2660.188, 'duration': 7.827}, {'end': 2670.778, 'text': "When you pull a plate off you're gonna pull the top plate.", 'start': 2668.436, 'duration': 2.342}, {'end': 2672.619, 'text': "You're not gonna pull the oldest plate.", 'start': 2671.218, 'duration': 1.401}], 'summary': 'Buffer overflow: common path to quality exploits and high-profile vulnerabilities due to memory storage in programs.', 'duration': 27.784, 'max_score': 2644.835, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo2644835.jpg'}, {'end': 2718.935, 'src': 'embed', 'start': 2676.721, 'weight': 0, 'content': [{'end': 2681.564, 'text': "We're accessing memory, and this has to do with the way functions are called in memory.", 'start': 2676.721, 'duration': 4.843}, {'end': 2689.509, 'text': "When you call a function, a chunk of memory gets thrown on top of the stack, and that's the chunk of memory that gets accessed.", 'start': 2681.784, 'duration': 7.725}, {'end': 2694.072, 'text': "And you've got a piece of data in memory within that stack, and that's called a buffer.", 'start': 2689.529, 'duration': 4.543}, {'end': 2699.595, 'text': 'And when too much data is sent and tried to put into the buffer, it can overflow.', 'start': 2694.612, 'duration': 4.983}, {'end': 2706.802, 'text': 'Now the bounds of the configured area for that particular buffer, it can overflow the bounds of the configured area for that particular buffer.', 'start': 2700.115, 'duration': 6.687}, {'end': 2714.67, 'text': 'Now the way stacks are put together, we end up with a part of the stack where the return address from the function is stored.', 'start': 2707.143, 'duration': 7.527}, {'end': 2718.935, 'text': 'So when you overflow the buffer, you have the ability to potentially override that return.', 'start': 2714.75, 'duration': 4.185}], 'summary': 'Functions call memory, buffer overflow can override return address.', 'duration': 42.214, 'max_score': 2676.721, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo2676721.jpg'}, {'end': 2863.326, 'src': 'embed', 'start': 2828.947, 'weight': 4, 'content': [{'end': 2832.229, 'text': 'Now moving on to our next type of attack is a denial of service.', 'start': 2828.947, 'duration': 3.282}, {'end': 2836.972, 'text': "A denial of service, this is a pretty common one and you'll hear about this a lot.", 'start': 2832.689, 'duration': 4.283}, {'end': 2843.156, 'text': "This is not to be confused though with the one that I'll be talking about after this and that is a distributed denial of service.", 'start': 2837.332, 'duration': 5.824}, {'end': 2846.819, 'text': 'So this one that you see is a denial of service attack.', 'start': 2843.677, 'duration': 3.142}, {'end': 2854.622, 'text': 'And a denial of service is any attack or action that prevents a service from being available to its legitimate or authorized users.', 'start': 2847.379, 'duration': 7.243}, {'end': 2863.326, 'text': 'So you hear about a ping flood or a SYN flood that is basically a SYN packet being sent to your machine constantly or a smurf attack.', 'start': 2854.702, 'duration': 8.624}], 'summary': 'Denial of service attack prevents service availability to legitimate users.', 'duration': 34.379, 'max_score': 2828.947, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo2828947.jpg'}, {'end': 2970.814, 'src': 'embed', 'start': 2947.286, 'weight': 1, 'content': [{'end': 2957.31, 'text': 'so the idea behind a distributed denial of service attack is to overwhelm resources on a particular server in order to cause that server not to be able to respond.', 'start': 2947.286, 'duration': 10.024}, {'end': 2964.092, 'text': 'Now the first known DDoS attack used the tool called stockhold rot, which is German for barbed wire.', 'start': 2957.81, 'duration': 6.282}, {'end': 2970.814, 'text': 'Now stockhold rot came out of some work that a guy by the name of Mixter was doing in 1999.', 'start': 2964.492, 'duration': 6.322}], 'summary': 'Ddos attack overwhelms server with stockhold rot, first used in 1999.', 'duration': 23.528, 'max_score': 2947.286, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo2947286.jpg'}, {'end': 3036.72, 'src': 'embed', 'start': 2992.165, 'weight': 2, 'content': [{'end': 3000.492, 'text': "now i know many people don't really consider wikipedia a really good source of any sort of knowledge, but it's a good place to start off.", 'start': 2992.165, 'duration': 8.327}, {'end': 3008.75, 'text': 'So if you want to read about all these types of attacks, like ICMP floods and what exactly is a SYN flood, you can always do that from Wikipedia.', 'start': 3001.047, 'duration': 7.703}, {'end': 3010.05, 'text': "It's not that bad place.", 'start': 3008.93, 'duration': 1.12}, {'end': 3014.192, 'text': "Of course, you shouldn't use Wikipedia as your final Rosetta Stone.", 'start': 3010.611, 'duration': 3.581}, {'end': 3014.912, 'text': 'Moving on.', 'start': 3014.512, 'duration': 0.4}, {'end': 3023.195, 'text': 'So this program called Old Rod, which was it was used to attack servers like eBay and Yahoo back in February of 2000.', 'start': 3015.392, 'duration': 7.803}, {'end': 3028.817, 'text': 'So that attack in February of 2000 was really the first known distributed denial of service attack,', 'start': 3023.195, 'duration': 5.622}, {'end': 3031.998, 'text': "which is not to say that there weren't denial of service attacks previously.", 'start': 3028.817, 'duration': 3.181}, {'end': 3036.72, 'text': 'So to that, there were certainly plenty of them, but they were not distributed.', 'start': 3032.458, 'duration': 4.262}], 'summary': 'Wikipedia is a good starting point for learning about types of cyber attacks. old rod was used in the first known distributed denial of service attack in february 2000.', 'duration': 44.555, 'max_score': 2992.165, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo2992165.jpg'}, {'end': 3083.165, 'src': 'embed', 'start': 3052.566, 'weight': 8, 'content': [{'end': 3058.169, 'text': "when you become an ethical hacker, or if you're trying to become an ethical hacker, you should always know about these types of attacks.", 'start': 3052.566, 'duration': 5.603}, {'end': 3066.314, 'text': "OK, so in this lesson we're going to be talking about penetration testing and some of the details around how it works and logistics,", 'start': 3058.91, 'duration': 7.404}, {'end': 3067.735, 'text': 'and specifically things like scope.', 'start': 3066.314, 'duration': 1.421}, {'end': 3075.519, 'text': "So what exactly is penetration testing? So well, not surprisingly, it's testing to see if you can penetrate something.", 'start': 3068.075, 'duration': 7.444}, {'end': 3083.165, 'text': "which means you're going to check to see whether you can break into a particular thing, whether it's a server or in applications,", 'start': 3075.919, 'duration': 7.246}], 'summary': 'Ethical hackers should know about penetration testing and its scope.', 'duration': 30.599, 'max_score': 3052.566, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo3052566.jpg'}, {'end': 3475.944, 'src': 'embed', 'start': 3450.698, 'weight': 6, 'content': [{'end': 3456.484, 'text': "that's one of the reasons why penetration testing, while really sexy and show, is nice and all.", 'start': 3450.698, 'duration': 5.786}, {'end': 3462.99, 'text': "but if an organization walks out of it believing that in a week you didn't manage to get to know, get the keys of the kingdom,", 'start': 3456.484, 'duration': 6.506}, {'end': 3465.052, 'text': 'then they might must be secure.', 'start': 3462.99, 'duration': 2.062}, {'end': 3471.439, 'text': "that's really misguided view, because A dedicated, skill and motivated attacker isn't gonna just take a week or some portion of that week.", 'start': 3465.052, 'duration': 6.387}, {'end': 3475.944, 'text': "They're after something, they're gonna dedicate themselves to it and really go after it.", 'start': 3471.74, 'duration': 4.204}], 'summary': "Penetration testing can't guarantee full security in a week.", 'duration': 25.246, 'max_score': 3450.698, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo3450698.jpg'}], 'start': 2644.835, 'title': 'Cybersecurity attacks and penetration testing', 'summary': 'Covers buffer overflow, format string attacks, and denial of service attacks, emphasizing risks, distinctions, and ethical considerations in penetration testing.', 'chapters': [{'end': 2828.646, 'start': 2644.835, 'title': 'Buffer overflow and format string attacks', 'summary': 'Discusses the dangers of buffer overflow and format string attacks, explaining how they can lead to exploits, control the flow of program execution, and potentially inject code into system memory, as well as the risks associated with leaving off format strings in the c programming language.', 'duration': 183.811, 'highlights': ['Buffer overflow can lead to exploits that allow control of program execution and the potential injection of code into system memory.', 'The chapter also explains the risks associated with leaving off format strings in the C programming language, which can lead to unauthorized access to data on the stack of the running program.', 'Buffer overflow occurs when too much data is sent and tried to put into the buffer, leading to the potential overflow of the configured area for that particular buffer.', 'Format strings in the C programming language determine how data is going to be input or output, and if a programmer leaves off the format string, it can lead to unauthorized access to data on the stack of the running program.']}, {'end': 3226.999, 'start': 2828.947, 'title': 'Denial of service attacks', 'summary': 'Discusses denial of service attacks, including types of attacks, the distinction between denial of service and distributed denial of service, the goals of penetration testing, and the importance of generating a detailed report for clients.', 'duration': 398.052, 'highlights': ["A distributed denial of service is a coordinated attack using several hosts in multiple locations, with the goal of overwhelming a server's resources to cause it to be unable to respond. Distributed denial of service attack involves using multiple hosts to overwhelm a server, aiming to render it unresponsive.", "Penetration testing aims to assess an organization's security weaknesses, understand their risk positions, and ultimately access systems to find vulnerabilities. The goal of penetration testing is to assess security weaknesses, understand risk positions, and identify vulnerabilities in systems.", 'The importance of generating a detailed report for clients after conducting penetration testing, including providing remediation activities to fix vulnerabilities. After conducting penetration testing, it is crucial to provide clients with a detailed report, including remediation activities to fix vulnerabilities.', 'Denial of service attacks can be caused by various actions such as ping flood, SYN flood, smurf attack, or sending a malformed packet into a program, preventing legitimate users from accessing a service. Denial of service attacks can be caused by actions like ping flood, SYN flood, smurf attack, or sending malformed packets, preventing legitimate users from accessing a service.']}, {'end': 3675.895, 'start': 3227.479, 'title': 'Scope of penetration testing', 'summary': 'Discusses the scope of penetration testing, including the importance of clearly defining the scope, obtaining proper permissions, and differentiating between security assessments and penetration tests, highlighting the need for ethical and legal considerations.', 'duration': 448.416, 'highlights': ['Obtaining clear scope and permissions is crucial for penetration testing to avoid legal consequences. It is important to clearly define the scope of penetration testing and obtain permissions in writing to avoid legal repercussions for unauthorized activities.', "Differentiating security assessments from penetration tests and emphasizing the collaborative approach in security assessments. Security assessments focus on assessing the risk exposure of an organization and involve a collaborative approach, providing more comprehensive details about fixes and tailored outputs based on the organization's risk appetite.", 'Highlighting the misconception that a lack of major penetrations in a week does not guarantee security. The misconception that a lack of major penetrations during a week-long test implies security is misguided, as dedicated attackers may take longer to breach, and organizations must not overlook real vulnerabilities.', "Discussion on the importance of footprinting for gathering detailed information about the target's scope. Footprinting involves gathering detailed information about the entire scope of the target, including domain names, network blocks, system architectures, and access control lists, both internally and externally."]}], 'duration': 1031.06, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo2644835.jpg', 'highlights': ['Buffer overflow can lead to exploits allowing control of program execution and potential code injection into system memory.', 'Distributed denial of service attack involves using multiple hosts to overwhelm a server, aiming to render it unresponsive.', 'Penetration testing aims to assess security weaknesses, understand risk positions, and identify vulnerabilities in systems.', 'Denial of service attacks can be caused by actions like ping flood, SYN flood, smurf attack, or sending malformed packets.', 'Obtaining clear scope and permissions is crucial for penetration testing to avoid legal repercussions.', 'Differentiating security assessments from penetration tests and emphasizing the collaborative approach in security assessments.', 'The importance of generating a detailed report for clients after conducting penetration testing, including providing remediation activities to fix vulnerabilities.', "Discussion on the importance of footprinting for gathering detailed information about the target's scope.", 'Buffer overflow occurs when too much data is sent and tried to put into the buffer, leading to potential overflow of the configured area for that particular buffer.', 'Format strings in the C programming language determine how data is going to be input or output, and if a programmer leaves off the format string, it can lead to unauthorized access to data on the stack of the running program.']}, {'end': 4582.121, 'segs': [{'end': 3826.331, 'src': 'embed', 'start': 3801.491, 'weight': 2, 'content': [{'end': 3806.816, 'text': 'Okay, now that we know what footprinting is and how it falls into the whole reconnaissance process.', 'start': 3801.491, 'duration': 5.325}, {'end': 3814.203, 'text': "so let's go over a couple of websites to do a little bit of historical digging about companies and the types of infrastructure that they may be using.", 'start': 3806.816, 'duration': 7.387}, {'end': 3820.889, 'text': 'And this information, of course, is useful so that we can narrow down our focus in terms of what we want to target against them for attacks.', 'start': 3814.583, 'duration': 6.306}, {'end': 3826.331, 'text': "Now over time, we've improved our awareness about what sorts of information we may want to divulge.", 'start': 3821.409, 'duration': 4.922}], 'summary': 'Footprinting involves historical digging on websites for attack targeting.', 'duration': 24.84, 'max_score': 3801.491, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo3801491.jpg'}, {'end': 3981.393, 'src': 'embed', 'start': 3948.312, 'weight': 5, 'content': [{'end': 3951.554, 'text': "I don't know why that was a thing back in 2014.", 'start': 3948.312, 'duration': 3.242}, {'end': 3956.519, 'text': 'Now we can browse more advanced screenshots, or rather the screenshots that were taken later on,', 'start': 3951.554, 'duration': 4.965}, {'end': 3961.885, 'text': 'and see how this company has evolved with this infrastructure and the way it actually lays out its content.', 'start': 3956.519, 'duration': 5.366}, {'end': 3969.373, 'text': "Okay, so it still hasn't evolved, but I can go a couple of years ahead and see what this has actually evolved into.", 'start': 3962.385, 'duration': 6.988}, {'end': 3973.627, 'text': 'So if I were to go to December 2016,.', 'start': 3969.553, 'duration': 4.074}, {'end': 3981.393, 'text': "So this is what it looked like in 2016, and we can see that they've added this weird box out here about pricing courses.", 'start': 3973.627, 'duration': 7.766}], 'summary': 'In 2016, the company added a new box about pricing courses.', 'duration': 33.081, 'max_score': 3948.312, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo3948312.jpg'}, {'end': 4383.515, 'src': 'heatmap', 'start': 3973.627, 'weight': 0.785, 'content': [{'end': 3981.393, 'text': "So this is what it looked like in 2016, and we can see that they've added this weird box out here about pricing courses.", 'start': 3973.627, 'duration': 7.766}, {'end': 3982.934, 'text': 'they have added a search bar.', 'start': 3981.393, 'duration': 1.541}, {'end': 3988.058, 'text': "That kinda looks weird, but it's mostly because my internet is slow and it's not loading all the elements.", 'start': 3983.234, 'duration': 4.824}, {'end': 3991.561, 'text': "They've also changed how they've actually laid out the courses.", 'start': 3988.438, 'duration': 3.123}, {'end': 3994.183, 'text': 'We can also see a change in the prices, I guess.', 'start': 3991.801, 'duration': 2.382}, {'end': 3999.527, 'text': 'So yeah, this tells us about how it evolves as a complete website.', 'start': 3994.803, 'duration': 4.724}, {'end': 4003.227, 'text': 'Now, this other website that I want to talk about is called Netcraft.', 'start': 4000.166, 'duration': 3.061}, {'end': 4008.01, 'text': 'Now, Netcraft does internet research, including the types of web servers that companies run.', 'start': 4003.428, 'duration': 4.582}, {'end': 4009.851, 'text': 'And they have a web server service.', 'start': 4008.43, 'duration': 1.421}, {'end': 4018.455, 'text': "You can see here as we scroll, the Apache Rails service has 64.3% of the internet market, of course, and that's followed by Microsoft with 13%.", 'start': 4010.011, 'duration': 8.444}, {'end': 4024.658, 'text': 'Interesting information, maybe useful information, but even more useful than that is looking at what different companies run for their websites.', 'start': 4018.455, 'duration': 6.203}, {'end': 4025.838, 'text': 'And you can see here.', 'start': 4024.918, 'duration': 0.92}, {'end': 4029.1, 'text': "Okay, so let's try and search for edureka.co out here.", 'start': 4026.078, 'duration': 3.022}, {'end': 4034.464, 'text': "So let's just Put in the website URL and that NetGraph generated the site report.", 'start': 4029.2, 'duration': 5.264}, {'end': 4038.347, 'text': 'So as you can see that some of the stuff is not available.', 'start': 4035.064, 'duration': 3.283}, {'end': 4042.25, 'text': 'We know that the NetBlock owner is by Amazon Technologies.', 'start': 4038.367, 'duration': 3.883}, {'end': 4044.351, 'text': 'Name server is this thing right here.', 'start': 4042.39, 'duration': 1.961}, {'end': 4048.294, 'text': 'The DNS admin is AWS DNS host master.', 'start': 4044.371, 'duration': 3.923}, {'end': 4050.676, 'text': 'We also have the IP address.', 'start': 4048.555, 'duration': 2.121}, {'end': 4053.699, 'text': 'We can go for a wire, look up the IP on virus total.', 'start': 4050.736, 'duration': 2.963}, {'end': 4054.72, 'text': 'You can do that.', 'start': 4054.099, 'duration': 0.621}, {'end': 4056.421, 'text': 'There is no IPv6 presence.', 'start': 4054.86, 'duration': 1.561}, {'end': 4058.983, 'text': "So that's some information that we can see.", 'start': 4056.461, 'duration': 2.522}, {'end': 4063.166, 'text': 'So we can obviously opt out to not target IPv6 ranges.', 'start': 4059.043, 'duration': 4.123}, {'end': 4065.408, 'text': "Then there's also reverse DNS.", 'start': 4063.186, 'duration': 2.222}, {'end': 4068.23, 'text': 'Then we also have a bunch of hosting history.', 'start': 4065.908, 'duration': 2.322}, {'end': 4070.052, 'text': 'So this is a history of it.', 'start': 4068.29, 'duration': 1.762}, {'end': 4075.236, 'text': "And we know that it's hosted on a Linux system with an Apache web server.", 'start': 4070.512, 'duration': 4.724}, {'end': 4078.438, 'text': 'And it was last seen and this was when it was last updated.', 'start': 4075.616, 'duration': 2.822}, {'end': 4080.66, 'text': 'So this is some very useful information.', 'start': 4078.738, 'duration': 1.922}, {'end': 4082.962, 'text': 'You can also get information on stuff like Netflix.', 'start': 4080.76, 'duration': 2.202}, {'end': 4087.063, 'text': 'So if you just type, okay, I just spelled that wrong.', 'start': 4083.442, 'duration': 3.621}, {'end': 4089.804, 'text': 'So let me just change it from the URL out here.', 'start': 4087.383, 'duration': 2.421}, {'end': 4095.926, 'text': "So if you go and type for netflix.com and you'll see that it'll show you all sorts of information.", 'start': 4090.164, 'duration': 5.762}, {'end': 4101.608, 'text': "So as you see that it's on an AWS server, it's an Amazon Data Services Ireland.", 'start': 4095.966, 'duration': 5.642}, {'end': 4105.55, 'text': 'And this is all the hosting history that it goes along with.', 'start': 4102.469, 'duration': 3.081}, {'end': 4111.171, 'text': 'It has some center policy frameworks, domain-based message authentication and reporting confirmations.', 'start': 4105.85, 'duration': 5.321}, {'end': 4116.674, 'text': "and there's all sorts of information that you can get about websites and their web servers from Netcraft.", 'start': 4112.392, 'duration': 4.282}, {'end': 4122.595, 'text': 'So the Wayback Machine, along with Netcraft, make up for some interesting tools that are available on the internet,', 'start': 4116.993, 'duration': 5.602}, {'end': 4125.596, 'text': 'from which you can do a little bit of your reconnaissance process.', 'start': 4122.595, 'duration': 3.001}, {'end': 4129.978, 'text': 'Okay, now that we have gone over Netcraft and the Wayback Machine,', 'start': 4126.077, 'duration': 3.901}, {'end': 4135.319, 'text': "now it's time to actually get to know how to use the little information that this site actually provides.", 'start': 4129.978, 'duration': 5.341}, {'end': 4140.542, 'text': "So what the next topic that we're gonna go over is using DNS to get more information.", 'start': 4135.56, 'duration': 4.982}, {'end': 4149.585, 'text': "Now we're going to be going over a tool, and this is called Whois, and it is a utility that is used to query the various regional internet registries,", 'start': 4141.022, 'duration': 8.563}, {'end': 4156.627, 'text': 'to store information about domain names and IP addresses, and let me just show it to you about all the internet registries that are there.', 'start': 4149.585, 'duration': 7.042}, {'end': 4164.149, 'text': 'So I have ARIN.NET open out here and these are the internet registries that provides the ISPs and looks over the internet control as a whole.', 'start': 4156.926, 'duration': 7.223}, {'end': 4171.295, 'text': 'So out here we have AFRINIC, we have APNIC, we have ARIN, we have LACNIC and we have RIPE NCC.', 'start': 4164.429, 'duration': 6.866}, {'end': 4177.801, 'text': 'So these are all the regions and all the different types of stuff that they support all the different countries.', 'start': 4171.736, 'duration': 6.065}, {'end': 4184.767, 'text': 'You can look at the map that it is supporting out here by just hovering over the providers.', 'start': 4178.18, 'duration': 6.587}, {'end': 4189.471, 'text': 'So, as you can see all these brown region out here is Africa, AFRINIC.', 'start': 4185.068, 'duration': 4.403}, {'end': 4197.198, 'text': 'Then we have APNIC, which is this black or grayish thing, which is India and Australia, and quite a lot of Asia.', 'start': 4190.051, 'duration': 7.147}, {'end': 4202.383, 'text': 'Then we have ARIN, which is a lot of North America and the United States, mostly.', 'start': 4197.579, 'duration': 4.804}, {'end': 4206.406, 'text': "Then there's LACNIC, which is mostly the Latino side, which is the South American part.", 'start': 4202.723, 'duration': 3.683}, {'end': 4209.149, 'text': 'Then we have the rest of Europe, which is RIPE NCC.', 'start': 4206.767, 'duration': 2.382}, {'end': 4212.812, 'text': 'And this is the part that RIPE NCC is providing internet to.', 'start': 4209.309, 'duration': 3.503}, {'end': 4215.413, 'text': 'Okay, so that was all about the internet registries.', 'start': 4213.292, 'duration': 2.121}, {'end': 4219.575, 'text': "Now let's get back to the topic and that is using DNS to get more information.", 'start': 4215.433, 'duration': 4.142}, {'end': 4222.937, 'text': "Now for this, we're going to be using a Linux based system.", 'start': 4219.836, 'duration': 3.101}, {'end': 4228.22, 'text': 'So I have Ubuntu running on my virtual machine out here and let me just log into it.', 'start': 4223.297, 'duration': 4.923}, {'end': 4235.624, 'text': 'So firstly, we are going to be using this query called whois that looks up these internet registries that I just showed you.', 'start': 4228.8, 'duration': 6.824}, {'end': 4237.345, 'text': 'Let me just quickly remove this.', 'start': 4235.984, 'duration': 1.361}, {'end': 4243.16, 'text': 'Okay. So, for acquiring information from the regional internet registries that I just talked about,', 'start': 4237.965, 'duration': 5.195}, {'end': 4247.085, 'text': 'you can use Whois to get information about who owns a particular IP address.', 'start': 4243.16, 'duration': 3.925}, {'end': 4259.518, 'text': "So for example, I could do Whois and let's see, I could do Whois Google or rather Netflix.com and we can get all sorts of information about Netflix.", 'start': 4247.385, 'duration': 12.133}, {'end': 4263.862, 'text': 'So we can see that we have the visit mark monitor.', 'start': 4260.319, 'duration': 3.543}, {'end': 4271.088, 'text': "Then let's see, let's go up and look for all sorts of information that has been given to us by this whois query.", 'start': 4264.162, 'duration': 6.926}, {'end': 4274.33, 'text': 'So as you guys can see, I just went a little bit too much.', 'start': 4271.608, 'duration': 2.722}, {'end': 4276.071, 'text': 'Okay, so registry domain ID.', 'start': 4274.51, 'duration': 1.561}, {'end': 4278.153, 'text': 'We have the domain ID where it is registered.', 'start': 4276.111, 'duration': 2.042}, {'end': 4280.755, 'text': 'The registered URL is mark monitor.', 'start': 4278.513, 'duration': 2.242}, {'end': 4282.837, 'text': 'Okay, so this is for marking actually.', 'start': 4281.135, 'duration': 1.702}, {'end': 4285.899, 'text': 'Now the creation date is 1997.', 'start': 4283.097, 'duration': 2.802}, {'end': 4291.12, 'text': "So if you haven't realized, Netflix been around for a long time and it's been updated on 2015.", 'start': 4285.899, 'duration': 5.221}, {'end': 4294.461, 'text': 'And the registry expiry date, as we see, is 2019.', 'start': 4291.12, 'duration': 3.341}, {'end': 4296.801, 'text': "So it's gonna actually go off this year.", 'start': 4294.461, 'duration': 2.34}, {'end': 4299.921, 'text': 'Then this is all useful information.', 'start': 4297.321, 'duration': 2.6}, {'end': 4306.643, 'text': 'So we can see all sorts of domain status, the name server, the URL, the DNSSEC that it says unsigned.', 'start': 4299.981, 'duration': 6.662}, {'end': 4311.103, 'text': 'This is very useful information that is being provided by a very simple query.', 'start': 4307.063, 'duration': 4.04}, {'end': 4315.985, 'text': "Now, if you want to know who owns a particular IP address, So, let's see.", 'start': 4311.463, 'duration': 4.522}, {'end': 4321.79, 'text': "Did we get back the IP address out there? We should have got back the IP address, but it's kind of lost on me.", 'start': 4316.325, 'duration': 5.465}, {'end': 4327.875, 'text': 'So, to get back the IP address also for a domain name service that you know, so you could use this command called dig.', 'start': 4321.91, 'duration': 5.965}, {'end': 4329.497, 'text': 'So, you dig netflix.com.', 'start': 4327.895, 'duration': 1.602}, {'end': 4340.736, 'text': 'now, as you guys can see, that it has returned a bunch of multiple ip addresses, that these are all the ip addresses that netflix is.', 'start': 4331.209, 'duration': 9.527}, {'end': 4348.743, 'text': 'so i could do something like if i was trying to check out who owns a certain ip address and, for example, i have got one of these ip addresses.', 'start': 4340.736, 'duration': 8.007}, {'end': 4352.405, 'text': "but let's just assume i don't know that it actually belongs to netflix.", 'start': 4348.743, 'duration': 3.662}, {'end': 4360.25, 'text': "so i can go who is 54.77.108.2 and it'll give me some information.", 'start': 4352.405, 'duration': 7.845}, {'end': 4369.712, 'text': 'So as you guys can see it is giving us a bunch of information as to who this is and how it is happening.', 'start': 4360.45, 'duration': 9.262}, {'end': 4377.254, 'text': "So we see that it is from Aaron.net and so we can very smartly assume that it's from the North American part.", 'start': 4370.152, 'duration': 7.102}, {'end': 4383.515, 'text': "Now we can also see that it's in Seattle so our guess was completely right.", 'start': 4377.774, 'duration': 5.741}], 'summary': 'Website evolvement and web server details from netcraft and dns using whois and dig', 'duration': 409.888, 'max_score': 3973.627, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo3973627.jpg'}, {'end': 4024.658, 'src': 'embed', 'start': 3991.801, 'weight': 4, 'content': [{'end': 3994.183, 'text': 'We can also see a change in the prices, I guess.', 'start': 3991.801, 'duration': 2.382}, {'end': 3999.527, 'text': 'So yeah, this tells us about how it evolves as a complete website.', 'start': 3994.803, 'duration': 4.724}, {'end': 4003.227, 'text': 'Now, this other website that I want to talk about is called Netcraft.', 'start': 4000.166, 'duration': 3.061}, {'end': 4008.01, 'text': 'Now, Netcraft does internet research, including the types of web servers that companies run.', 'start': 4003.428, 'duration': 4.582}, {'end': 4009.851, 'text': 'And they have a web server service.', 'start': 4008.43, 'duration': 1.421}, {'end': 4018.455, 'text': "You can see here as we scroll, the Apache Rails service has 64.3% of the internet market, of course, and that's followed by Microsoft with 13%.", 'start': 4010.011, 'duration': 8.444}, {'end': 4024.658, 'text': 'Interesting information, maybe useful information, but even more useful than that is looking at what different companies run for their websites.', 'start': 4018.455, 'duration': 6.203}], 'summary': "Netcraft's internet research shows apache rails with 64.3% market share, followed by microsoft at 13%.", 'duration': 32.857, 'max_score': 3991.801, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo3991801.jpg'}, {'end': 4202.383, 'src': 'embed', 'start': 4178.18, 'weight': 0, 'content': [{'end': 4184.767, 'text': 'You can look at the map that it is supporting out here by just hovering over the providers.', 'start': 4178.18, 'duration': 6.587}, {'end': 4189.471, 'text': 'So, as you can see all these brown region out here is Africa, AFRINIC.', 'start': 4185.068, 'duration': 4.403}, {'end': 4197.198, 'text': 'Then we have APNIC, which is this black or grayish thing, which is India and Australia, and quite a lot of Asia.', 'start': 4190.051, 'duration': 7.147}, {'end': 4202.383, 'text': 'Then we have ARIN, which is a lot of North America and the United States, mostly.', 'start': 4197.579, 'duration': 4.804}], 'summary': 'The map shows afrinic in africa, apnic in india, australia, and asia, and arin in north america and the united states.', 'duration': 24.203, 'max_score': 4178.18, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo4178180.jpg'}, {'end': 4299.921, 'src': 'embed', 'start': 4271.608, 'weight': 1, 'content': [{'end': 4274.33, 'text': 'So as you guys can see, I just went a little bit too much.', 'start': 4271.608, 'duration': 2.722}, {'end': 4276.071, 'text': 'Okay, so registry domain ID.', 'start': 4274.51, 'duration': 1.561}, {'end': 4278.153, 'text': 'We have the domain ID where it is registered.', 'start': 4276.111, 'duration': 2.042}, {'end': 4280.755, 'text': 'The registered URL is mark monitor.', 'start': 4278.513, 'duration': 2.242}, {'end': 4282.837, 'text': 'Okay, so this is for marking actually.', 'start': 4281.135, 'duration': 1.702}, {'end': 4285.899, 'text': 'Now the creation date is 1997.', 'start': 4283.097, 'duration': 2.802}, {'end': 4291.12, 'text': "So if you haven't realized, Netflix been around for a long time and it's been updated on 2015.", 'start': 4285.899, 'duration': 5.221}, {'end': 4294.461, 'text': 'And the registry expiry date, as we see, is 2019.', 'start': 4291.12, 'duration': 3.341}, {'end': 4296.801, 'text': "So it's gonna actually go off this year.", 'start': 4294.461, 'duration': 2.34}, {'end': 4299.921, 'text': 'Then this is all useful information.', 'start': 4297.321, 'duration': 2.6}], 'summary': 'Netflix domain registered in 1997, updated in 2015, expiring in 2019.', 'duration': 28.313, 'max_score': 4271.608, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo4271608.jpg'}], 'start': 3676.596, 'title': 'Footprinting and web research', 'summary': 'Emphasizes the importance of an exhaustive footprinting process, including extracting various data points like email addresses, server domain names, and ip addresses. it also explores tools like the wayback machine, netcraft, and whois, providing insights into website evolution and web research, and revealing market shares of internet services.', 'chapters': [{'end': 3710.204, 'start': 3676.596, 'title': 'Footprinting process', 'summary': 'Discusses the importance of being exhaustive in the footprinting process, including extracting email addresses, server domain name services, ip addresses, and contact numbers, to provide launching points for additional attacks or tests.', 'duration': 33.608, 'highlights': ['Being exhaustive in the footprinting process involves extracting email addresses, server domain name services, IP addresses, and contact numbers to provide launching points for additional attacks or tests.', 'The information gathered in the footprinting process can provide launching points for additional attacks or tests.']}, {'end': 3991.561, 'start': 3710.244, 'title': 'Wayback machine and website evolution', 'summary': 'Introduces the wayback machine, also known as archive.org, illustrating its ability to display historical snapshots of websites, such as google and edureka.co, as a means of understanding website evolution and performing historical digging for reconnaissance purposes.', 'duration': 281.317, 'highlights': ['The Wayback Machine provides historical snapshots of websites, such as Google and edureka.co, dating back to 1998 and 2013, respectively. It showcases the ability of the Wayback Machine to offer historical snapshots of websites, including Google dating back to 1998 and edureka.co dating back to 2013, providing insights into website evolution.', 'Historical digging about companies and infrastructure through the Wayback Machine aids in narrowing down targets for potential attacks. The use of historical digging about companies and infrastructure through the Wayback Machine helps in narrowing down potential targets for attacks, enhancing the reconnaissance process.', 'The chapter discusses the evolution of website content and infrastructure over time using edureka.co as an example, showcasing changes from 2014 to 2016. It presents a discussion on the evolution of website content and infrastructure over time using edureka.co as an example, highlighting changes from 2014 to 2016, including the addition of new features and layout modifications.']}, {'end': 4582.121, 'start': 3991.801, 'title': 'Using netcraft and whois for web research', 'summary': 'Covers the usage of netcraft and whois for web research, showcasing that apache rails service holds 64.3% of the internet market, followed by microsoft with 13%, and demonstrating how to use whois to acquire information about domain names and ip addresses.', 'duration': 590.32, 'highlights': ['The Apache Rails service holds 64.3% of the internet market, followed by Microsoft with 13%, indicating the dominance of Apache in web servers.', 'Netcraft and the Wayback Machine are interesting tools available on the internet for reconnaissance process, offering a wealth of information about websites and their web servers.', 'Using Whois to acquire information about domain names and IP addresses, providing details such as the creation date, registry expiry date, domain status, name server, URL, and DNSSEC, showcasing its usefulness in obtaining comprehensive information.', 'Demonstrating how to use Whois to acquire information about domain names and IP addresses, showcasing practical examples of querying for information about Netflix and IP addresses, illustrating the utility of Whois in providing detailed insights.', 'Detailing the purpose of domain name service (DNS) as a name given to an IP address for easy remembrance, emphasizing its role in mapping names to IP addresses and host name resolution.']}], 'duration': 905.525, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo3676596.jpg', 'highlights': ['The Apache Rails service holds 64.3% of the internet market, indicating dominance in web servers.', 'Using Whois to acquire information about domain names and IP addresses, providing comprehensive details.', 'The Wayback Machine provides historical snapshots of websites, offering insights into website evolution.', 'Historical digging about companies and infrastructure through the Wayback Machine aids in narrowing down potential attack targets.', 'Being exhaustive in the footprinting process involves extracting email addresses, server domain name services, IP addresses, and contact numbers.', 'The information gathered in the footprinting process can provide launching points for additional attacks or tests.', 'Netcraft and the Wayback Machine are interesting tools for reconnaissance, offering a wealth of information about websites and their web servers.', 'Detailing the purpose of domain name service (DNS) as a name given to an IP address for easy remembrance.']}, {'end': 5476.366, 'segs': [{'end': 4644.99, 'src': 'embed', 'start': 4621.744, 'weight': 4, 'content': [{'end': 4628.726, 'text': "Now, in this part of the video, we're gonna be going over the utility called whois, which is used for getting information from the DNS.", 'start': 4621.744, 'duration': 6.982}, {'end': 4631.046, 'text': 'Now, let me just show you a website out here.', 'start': 4629.066, 'duration': 1.98}, {'end': 4633.387, 'text': 'So this is the regional internet registries.', 'start': 4631.346, 'duration': 2.041}, {'end': 4639.809, 'text': 'So the internet registries are used to store information about domain names and IP addresses, and there are five regional internet registries.', 'start': 4633.627, 'duration': 6.182}, {'end': 4644.99, 'text': 'First is ARIN, which is responsible for North America, so that would be the US and Canada.', 'start': 4640.249, 'duration': 4.741}], 'summary': "The utility 'whois' retrieves dns info; 5 regional internet registries store domain and ip data.", 'duration': 23.246, 'max_score': 4621.744, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo4621744.jpg'}, {'end': 4865.066, 'src': 'embed', 'start': 4836.418, 'weight': 0, 'content': [{'end': 4841.503, 'text': "Okay, so now let's talk about how we are gonna be going over and finding network ranges.", 'start': 4836.418, 'duration': 5.085}, {'end': 4846.692, 'text': "So suppose you've got an engagement and you only know the domain name and you don't know much beyond that,", 'start': 4842.088, 'duration': 4.604}, {'end': 4849.614, 'text': "and you're expected to figure out where everything is and what everything is.", 'start': 4846.692, 'duration': 2.922}, {'end': 4851.395, 'text': 'So how do you go about doing that??', 'start': 4849.774, 'duration': 1.621}, {'end': 4856.459, 'text': 'Well, you use some of the tools that we either have been talking about or will soon be talking about in more detail.', 'start': 4851.575, 'duration': 4.884}, {'end': 4865.066, 'text': "And the first thing I'm gonna do is I'm gonna use the domain name edureka.co and I'm gonna look up edureka.co and see if I get an IP address back.", 'start': 4856.619, 'duration': 8.447}], 'summary': 'The speaker discusses finding network ranges using tools and a domain name like edureka.co to find an ip address.', 'duration': 28.648, 'max_score': 4836.418, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo4836418.jpg'}, {'end': 4920.932, 'src': 'embed', 'start': 4893.168, 'weight': 2, 'content': [{'end': 4898.249, 'text': "So what I'm gonna do is a who is and I'm gonna look up with Aaron who owns that IP address.", 'start': 4893.168, 'duration': 5.081}, {'end': 4907.435, 'text': 'So you can basically go who is 34.210.230.35.', 'start': 4898.289, 'duration': 9.146}, {'end': 4911.5, 'text': 'So as you guys can see, that gives us a bunch of information and who is.', 'start': 4907.435, 'duration': 4.065}, {'end': 4920.932, 'text': "Now, this doesn't seem to have a very big network range, but unlike something like Netflix, so suppose we were to do something like hostnetflix.com.", 'start': 4911.941, 'duration': 8.991}], 'summary': 'Investigating ownership of ip address 34.210.230.35 through whois lookup and discussing network range.', 'duration': 27.764, 'max_score': 4893.168, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo4893168.jpg'}, {'end': 5204.673, 'src': 'embed', 'start': 5172.538, 'weight': 1, 'content': [{'end': 5176.699, 'text': "And it'll search for every type of file there that is ppt.", 'start': 5172.538, 'duration': 4.161}, {'end': 5180.06, 'text': "Okay, let's try some other site, .ppt.", 'start': 5177.119, 'duration': 2.941}, {'end': 5181.62, 'text': 'So config.', 'start': 5180.94, 'duration': 0.68}, {'end': 5187.545, 'text': 'okay. so this brings up all the types of files that have some configs in them.', 'start': 5182.523, 'duration': 5.022}, {'end': 5193.068, 'text': 'so this is on gaming configuration, as we see this in digital configuration of liverpool.', 'start': 5187.545, 'duration': 5.523}, {'end': 5204.673, 'text': 'now you could also use something like this thing in url and you could use something like root and this will give you all the things that root in their url.', 'start': 5193.068, 'duration': 11.605}], 'summary': 'Search for ppt files, gaming configs, and root in urls.', 'duration': 32.135, 'max_score': 5172.538, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo5172538.jpg'}], 'start': 4583.021, 'title': 'Using whois and google for dns information', 'summary': 'Covers using the whois utility to obtain dns information, exploring regional internet registries, querying ownership and contact details, finding network ranges for specific domains, using google hacking techniques, and identifying potential vulnerabilities.', 'chapters': [{'end': 4790.183, 'start': 4583.021, 'title': 'Using whois for dns information', 'summary': 'Covers using the whois utility to obtain information from the dns, exploring the regional internet registries and demonstrating how to query for ownership and contact details of domain names and ip addresses.', 'duration': 207.162, 'highlights': ['The WHOIS utility is used for obtaining information from the DNS, including details about domain names and IP addresses. ', 'There are five regional internet registries responsible for different geographic areas, including ARIN for North America, LACNIC for Latin America, RIPE for Europe, Middle East, and Central Asia, AFRINIC for Africa, and APNIC for Asia Pacific Rim. ', 'Demonstrates how to use WHOIS to find information about the ownership of a particular IP address or domain, including contact details such as email addresses and technical contacts. ']}, {'end': 5476.366, 'start': 4790.223, 'title': 'Using whois and google for reconnaissance', 'summary': 'Discusses using whois to find network ranges for specific domains and demonstrates using google hacking techniques to narrow down searches and identify potential vulnerabilities, with examples of specific google search queries and their results.', 'duration': 686.143, 'highlights': ['Using whois to find network ranges for specific domains Demonstrates the process of using whois to find network ranges for specific domains, including examples of looking up domain names and IP addresses.', 'Introduction to Google hacking techniques for reconnaissance Explains the concept of Google hacking for reconnaissance and highlights the use of specific search queries, such as using quotations and file type filters, to narrow down search results.', 'Demonstrating Google hacking queries and results Provides examples of specific Google hacking queries and their results, such as searching for error pages and using the Google Hacking Database to identify potential vulnerabilities.']}], 'duration': 893.345, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo4583021.jpg', 'highlights': ['Using WHOIS to find network ranges for specific domains', 'Demonstrating Google hacking queries and results', 'Demonstrates how to use WHOIS to find information about ownership', 'Introduction to Google hacking techniques for reconnaissance', 'Five regional internet registries responsible for different geographic areas']}, {'end': 6937.029, 'segs': [{'end': 5505.374, 'src': 'embed', 'start': 5476.587, 'weight': 1, 'content': [{'end': 5478.43, 'text': "So that's it for Google hacking.", 'start': 5476.587, 'duration': 1.843}, {'end': 5479.112, 'text': "Now let's move on.", 'start': 5478.49, 'duration': 0.622}, {'end': 5485.234, 'text': "Okay so now it's time for some networking fundamentals and what better place to begin with TCP IP.", 'start': 5479.807, 'duration': 5.427}, {'end': 5491.521, 'text': "Now we're gonna be talking about the history of TCP IP and the network that eventually morphed into the thing that we now call the internet.", 'start': 5485.794, 'duration': 5.727}, {'end': 5499.351, 'text': 'So this thing began in 1969, and it spun out of this government organization called ARPA, which Advanced Research Projects Agency,', 'start': 5491.962, 'duration': 7.389}, {'end': 5505.374, 'text': 'And they had an idea to create a computer network that was resilient to a certain type of military attacks.', 'start': 5499.691, 'duration': 5.683}], 'summary': 'Introducing networking fundamentals, covering tcp ip and its history, originating from arpa in 1969 to create a resilient computer network.', 'duration': 28.787, 'max_score': 5476.587, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo5476587.jpg'}, {'end': 6387.643, 'src': 'embed', 'start': 6359.001, 'weight': 2, 'content': [{'end': 6362.485, 'text': "So you shouldn't use this protocol that is UDP if you want some sort of safety net.", 'start': 6359.001, 'duration': 3.484}, {'end': 6366.989, 'text': 'And if you needed that type of CFD net you would have to write it into your own application.', 'start': 6363.025, 'duration': 3.964}, {'end': 6371.372, 'text': "So basically UDP is a fast protocol and that's one the reason why it's good.", 'start': 6367.029, 'duration': 4.343}, {'end': 6375.335, 'text': "It's also one the reason why it's unreliable, because in order to get that speed,", 'start': 6371.793, 'duration': 3.542}, {'end': 6379.379, 'text': "you don't have all of the error checking and validation that messages are getting there.", 'start': 6375.335, 'duration': 4.044}, {'end': 6384.482, 'text': "So because it's fast, it's good for things like games and for real-time voice and video.", 'start': 6379.859, 'duration': 4.623}, {'end': 6387.643, 'text': 'Anything where speed is important and you would use UDP.', 'start': 6384.682, 'duration': 2.961}], 'summary': 'Udp is fast but unreliable due to lack of error checking. suitable for games, real-time voice, video.', 'duration': 28.642, 'max_score': 6359.001, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo6359001.jpg'}, {'end': 6426.069, 'src': 'embed', 'start': 6395.942, 'weight': 0, 'content': [{'end': 6398.605, 'text': 'So out here you see that there are some frames.', 'start': 6395.942, 'duration': 2.663}, {'end': 6400.927, 'text': 'that says 167 bytes on file.', 'start': 6398.605, 'duration': 2.322}, {'end': 6404.85, 'text': "167 bytes have been captured, but we're not really interested in the frame part.", 'start': 6400.927, 'duration': 3.923}, {'end': 6407.012, 'text': "We're interested in the user datagram protocol part.", 'start': 6404.87, 'duration': 2.142}, {'end': 6413.298, 'text': 'So out here you can see that the source port is 1853 and the destination port is 52081.', 'start': 6407.413, 'duration': 5.885}, {'end': 6416.321, 'text': 'Now it has a length and it has a checksum and stuff.', 'start': 6413.298, 'duration': 3.023}, {'end': 6420.864, 'text': "So as you guys see out here, we don't really see a bunch of information.", 'start': 6416.881, 'duration': 3.983}, {'end': 6426.069, 'text': "What you only see is a source port and the destination port the length and there's also a checksum.", 'start': 6420.904, 'duration': 5.165}], 'summary': 'Transcript describes packets with 167 bytes captured, focusing on udp with source port 1853 and destination port 52081.', 'duration': 30.127, 'max_score': 6395.942, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo6395942.jpg'}], 'start': 5476.587, 'title': 'History and analysis of tcp/ip', 'summary': 'Delves into the history of tcp/ip, from its origins in 1969 with arpanet to the development of ipv4 and transition to ipv6. it also discusses the osi model, the differences between osi and tcp/ip, and the use of wireshark for packet analysis, emphasizing key advancements and functionalities.', 'chapters': [{'end': 5642.241, 'start': 5476.587, 'title': 'History of tcp/ip and the birth of the internet', 'summary': 'Discusses the origins of tcp/ip, tracing back to 1969 with the creation of arpanet, which later evolved into the internet, encompassing various protocols and networks.', 'duration': 165.654, 'highlights': ['ARPANET, the precursor to the internet, began in 1969, stemming from a government organization called ARPA with the intent to create a resilient computer network. ARPANET originated in 1969 as a response to military attack concerns, initiated by ARPA with the goal of forming a robust network.', "The development of TCP/IP involved various protocols, including the ARPANET's host-to-host protocol and an initial control protocol, resembling the functions of UDP and TCP. The evolution of TCP/IP included the ARPANET's host-to-host protocol and an initial control protocol, which had similarities to the functions of UDP and TCP.", 'The first router, known as the Interface Message Processor, was repurposed from a ruggedized Honeywell computer by BBN, marking a significant milestone in networking history. BBN repurposed a Honeywell computer to create the Interface Message Processor, serving as the first router and playing a crucial role in networking development.']}, {'end': 5953.681, 'start': 5642.241, 'title': 'History of tcp/ip and osi model', 'summary': "Covers the history of tcp/ip from its inception in 1973 by vint cerf and robert kahn, the development of ipv4, the transition to ipv6, and the differences between ipv4 and ipv6, including the advantages of ipv6's 128-bit address. it also discusses the osi model and its relationship with tcp/ip, emphasizing the predominant use of the tcp/ip model despite the original intent for the osi model to be the standard.", 'duration': 311.44, 'highlights': ['Vint Cerf and Robert Kahn developed TCP/IP in 1973, leading to the proposal of new protocols published by the IEEE in 1974. Significant milestone in the development of TCP/IP.', 'The transition from TCP to TCP and IP in 1974, leading to the development of IPv4 by 1979-1980. Key evolution of TCP/IP and the introduction of IPv4.', "The shift to IPv6 due to the limitations of IPv4's 32-bit addresses and the attempt to address inherent security flaws in IPv4. Discussion of the need for IPv6 and its improvements over IPv4.", "Comparison of IPv4's 32-bit address to IPv6's 128-bit address and the advantages of IPv6's ability to accommodate a larger number of unique devices. Quantifiable data on the difference in address space between IPv4 and IPv6.", 'The OSI model was developed in the late 1970s but was overshadowed by the TCP/IP model, which became the predominant protocol. Explanation of the relationship between the OSI model and TCP/IP, highlighting the dominance of TCP/IP.']}, {'end': 6649.939, 'start': 5953.681, 'title': 'Osi and tcp/ip models: layers and protocols', 'summary': 'Explains the osi and tcp/ip models, highlighting the seven layers of the osi model, the differences between the osi and tcp/ip models, and the functionality and characteristics of the udp protocol, including its addressing modes and the use of wireshark for packet analysis.', 'duration': 696.258, 'highlights': ['The OSI model consists of seven layers: physical, data link, network, transport, session, presentation, and application, each responsible for specific functions. The OSI model consists of seven layers: physical, data link, network, transport, session, presentation, and application. Each layer is responsible for specific functions, with the application layer including HTTP, FTP, SMTP, and similar application protocols.', 'The TCP/IP model has four layers - network access, internet, transport, and application - which provide the same functionality as the OSI model but with different demarcation points. The TCP/IP model has four layers - network access, internet, transport, and application - providing the same functionality as the OSI model but with different demarcation points. Notably, the network access layer encompasses the physical and data link layers from the OSI model.', 'UDP, a protocol in the TCP/IP suite, is a connectionless and fast protocol suitable for real-time applications such as games, voice, and video due to its speed, but it lacks reliability. UDP, a protocol in the TCP/IP suite, is a connectionless and fast protocol suitable for real-time applications such as games, voice, and video due to its speed, but it lacks reliability. It is characterized by the use of ports for differentiation and is often used for applications where speed is crucial.', 'Addressing modes include unicast, where there is one source and one destination, broadcast for sending packets to all systems on the network, and multicast for selective broadcasting, commonly used for screen sharing. Addressing modes include unicast, where there is one source and one destination, broadcast for sending packets to all systems on the network, and multicast for selective broadcasting, commonly used for screen sharing. Broadcast messages are prevalent in mobile network advertisements.', 'Wireshark is a tool used for packet analysis, providing insights into packet headers and contents, including source and destination ports, length, and checksum. Wireshark is a tool used for packet analysis, providing insights into packet headers and contents, including source and destination ports, length, and checksum. It is particularly useful for examining packet details, such as UDP packets and their characteristics.']}, {'end': 6937.029, 'start': 6650.459, 'title': 'Understanding wireshark for network analysis', 'summary': 'Explains wireshark, a packet capture utility used for network analysis, demonstrating its features and capabilities, including filtering and dissecting packets, capturing google page data, and following tcp streams.', 'duration': 286.57, 'highlights': ['Wireshark is a packet capture utility used for grabbing data going out or coming into a specific network, ensuring accurate and unchangeable network data.', 'Wireshark features include displaying packet details such as number, time, source, destination, protocol, length, and info, as well as providing detailed information about the selected packet, including frame details, interface IDs, encapsulation type, and more.', 'Wireshark can filter packets based on protocols like HTTP, allowing analysis of specific network traffic, such as viewing requests related to web browsing and following TCP streams.', 'Wireshark dissects packets into different layers, illustrating the OSI and TCP/IP model layers and providing detailed information about packet content, including hex dumps and ASCII representations, enhancing network analysis capabilities.']}], 'duration': 1460.442, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo5476587.jpg', 'highlights': ["Comparison of IPv4's 32-bit address to IPv6's 128-bit address and the advantages of IPv6's ability to accommodate a larger number of unique devices. Quantifiable data on the difference in address space between IPv4 and IPv6.", 'The OSI model consists of seven layers: physical, data link, network, transport, session, presentation, and application, each responsible for specific functions. The OSI model consists of seven layers: physical, data link, network, transport, session, presentation, and application. Each layer is responsible for specific functions, with the application layer including HTTP, FTP, SMTP, and similar application protocols.', 'Wireshark is a tool used for packet analysis, providing insights into packet headers and contents, including source and destination ports, length, and checksum. Wireshark is a tool used for packet analysis, providing insights into packet headers and contents, including source and destination ports, length, and checksum. It is particularly useful for examining packet details, such as UDP packets and their characteristics.', 'The TCP/IP model has four layers - network access, internet, transport, and application - which provide the same functionality as the OSI model but with different demarcation points. The TCP/IP model has four layers - network access, internet, transport, and application - providing the same functionality as the OSI model but with different demarcation points. Notably, the network access layer encompasses the physical and data link layers from the OSI model.']}, {'end': 10231.568, 'segs': [{'end': 7946.871, 'src': 'embed', 'start': 7918.153, 'weight': 4, 'content': [{'end': 7926.397, 'text': 'They developed the cipher and the machine that was capable of encrypting and decrypting messages so that they could messages to and from different battlefields and war fronts,', 'start': 7918.153, 'duration': 8.244}, {'end': 7927.998, 'text': 'which is similar to the Caesar cipher.', 'start': 7926.397, 'duration': 1.601}, {'end': 7932.78, 'text': 'Caesar used it to communicate with his battlefield generals and the same thing with the Germans.', 'start': 7928.418, 'duration': 4.362}, {'end': 7937.223, 'text': "You've got to get messages from headquarter down to where the people are actually fighting,", 'start': 7933.18, 'duration': 4.043}, {'end': 7939.805, 'text': "and you don't want it to get intercepted in between by the enemy.", 'start': 7937.223, 'duration': 2.582}, {'end': 7946.871, 'text': 'So therefore you use encryption and lots of energy was spent by the allies in particular the British trying to decrypt the messages.', 'start': 7940.105, 'duration': 6.766}], 'summary': 'Cipher machine used in war for secure communication, similar to caesar cipher.', 'duration': 28.718, 'max_score': 7918.153, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo7918153.jpg'}, {'end': 8501.078, 'src': 'embed', 'start': 8459.583, 'weight': 6, 'content': [{'end': 8463.788, 'text': 'and after some modifications IBM proposed it as the digital encryption standard.', 'start': 8459.583, 'duration': 4.205}, {'end': 8469.934, 'text': "It was selected to be the digital encryption standard and ever since then it's been known as DES or DES.", 'start': 8464.188, 'duration': 5.746}, {'end': 8474.919, 'text': 'One thing that caused a little bit of controversy was during the process of selection.', 'start': 8470.675, 'duration': 4.244}, {'end': 8480.505, 'text': "the NSA requested some changes, and it hasn't been particularly clear what changes were requested by the NSA.", 'start': 8474.919, 'duration': 5.586}, {'end': 8488.47, 'text': 'there has been some sort of speculation that wondered if the NSA was requesting a backdoor into this digital encryption standard,', 'start': 8480.865, 'duration': 7.605}, {'end': 8491.512, 'text': 'which would allow them to look at encrypted messages in the clear.', 'start': 8488.47, 'duration': 3.042}, {'end': 8496.356, 'text': 'So basically it would always give the NSA the ability to decrypt this encrypted messages.', 'start': 8491.613, 'duration': 4.743}, {'end': 8501.078, 'text': 'It remained the encryption standard for the next couple of decades or so.', 'start': 8496.856, 'duration': 4.222}], 'summary': 'Ibm proposed the digital encryption standard, des, with nsa-requested modifications, causing controversy.', 'duration': 41.495, 'max_score': 8459.583, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo8459583.jpg'}, {'end': 8756.551, 'src': 'embed', 'start': 8729.58, 'weight': 5, 'content': [{'end': 8734.022, 'text': 'So I use the same key whether I am encrypting the data or decrypting data.', 'start': 8729.58, 'duration': 4.442}, {'end': 8740.544, 'text': 'One of the things about symmetric key cryptography is that they use a shorter key length than for asymmetric cryptography,', 'start': 8734.042, 'duration': 6.502}, {'end': 8741.985, 'text': "which I'll get into a couple of minutes.", 'start': 8740.544, 'duration': 1.441}, {'end': 8747.847, 'text': "It's also faster than asymmetric and you can use algorithms like DES or AES,", 'start': 8742.545, 'duration': 5.302}, {'end': 8752.909, 'text': 'as those are both symmetric key cryptography algorithms and you can use a utility like AES script.', 'start': 8747.847, 'duration': 5.062}, {'end': 8756.551, 'text': 'Let me just demonstrate how symmetric key cryptography works.', 'start': 8753.783, 'duration': 2.768}], 'summary': 'Symmetric key cryptography uses same key for encryption and decryption, shorter key length, and faster speed.', 'duration': 26.971, 'max_score': 8729.58, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo8729580.jpg'}, {'end': 9908.328, 'src': 'embed', 'start': 9875.602, 'weight': 2, 'content': [{'end': 9879.505, 'text': 'So edureka.crt, and it will produce very similar hash.', 'start': 9875.602, 'duration': 3.903}, {'end': 9881.327, 'text': "Let's see if sha1 looks like this.", 'start': 9879.605, 'duration': 1.722}, {'end': 9882.968, 'text': 'So sha1 edureka.crt.', 'start': 9881.427, 'duration': 1.541}, {'end': 9888.054, 'text': 'Okay, sha1 is the sha from the sha-utils package.', 'start': 9884.469, 'duration': 3.585}, {'end': 9894.903, 'text': "Okay, so I've proved my point that with MD5, which is a cryptographic hashing algorithm, we are getting the same hash back.", 'start': 9888.575, 'duration': 6.328}, {'end': 9899.829, 'text': 'So if you are able to produce the same hash, that means you have broken the algorithm in itself.', 'start': 9894.963, 'duration': 4.866}, {'end': 9908.328, 'text': 'So, if you run md5 on Linux, you can get a version of md5 and md5 summation program on Windows and Mac OS, where with the utility md5,', 'start': 9900.402, 'duration': 7.926}], 'summary': 'Demonstration of producing identical hash with md5 algorithm.', 'duration': 32.726, 'max_score': 9875.602, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo9875602.jpg'}, {'end': 9963.574, 'src': 'embed', 'start': 9934.285, 'weight': 3, 'content': [{'end': 9938.666, 'text': "So what I do is store the hash and some sort of password database since it's a one-way function.", 'start': 9934.285, 'duration': 4.381}, {'end': 9940.827, 'text': "You can't get the password back directly from the hash.", 'start': 9938.686, 'duration': 2.141}, {'end': 9943.908, 'text': 'Now what you can do with most password cracking programs.', 'start': 9941.287, 'duration': 2.621}, {'end': 9951.19, 'text': 'do some variation of this and you just generate hashes against a list of words and really get a hash value that matches the one in the password.', 'start': 9943.908, 'duration': 7.282}, {'end': 9954.131, 'text': 'Once you get the hash that matches the one in the password.', 'start': 9951.49, 'duration': 2.641}, {'end': 9958.492, 'text': 'know what password is there and here and we come back to the idea of collisions.', 'start': 9954.511, 'duration': 3.981}, {'end': 9963.574, 'text': "if I can take two different strings of characters and get the same values back and it's easy to crack the password,", 'start': 9958.492, 'duration': 5.082}], 'summary': 'Storing hashed passwords in a database prevents direct retrieval, making it difficult to crack passwords through hash generation and collisions.', 'duration': 29.289, 'max_score': 9934.285, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo9934285.jpg'}, {'end': 10115.79, 'src': 'embed', 'start': 10081.639, 'weight': 0, 'content': [{'end': 10084.24, 'text': 'because we want to be able to encrypt the type of traffic.', 'start': 10081.639, 'duration': 2.601}, {'end': 10086.361, 'text': 'So let me show you what kind of traffic looks like.', 'start': 10084.28, 'duration': 2.081}, {'end': 10088.242, 'text': 'So first of all, let me open Wireshark.', 'start': 10086.681, 'duration': 1.561}, {'end': 10089.442, 'text': 'and out here.', 'start': 10088.782, 'duration': 0.66}, {'end': 10092.623, 'text': 'I already have a TLS scan ready for you guys.', 'start': 10089.442, 'duration': 3.181}, {'end': 10093.363, 'text': 'that you can see.', 'start': 10092.623, 'duration': 0.74}, {'end': 10095.424, 'text': 'we have all sorts of TLS data.', 'start': 10093.363, 'duration': 2.061}, {'end': 10103.005, 'text': "so you can see that here's my source and it's 1.32 and destination is 7612.49.46.", 'start': 10095.424, 'duration': 7.581}, {'end': 10108.887, 'text': 'doing a client key exchange and the change cipher, spec and encrypted handshake message and then we start getting application data.', 'start': 10103.006, 'duration': 5.881}, {'end': 10115.79, 'text': "So there are some other steps involved here and you're not seeing all of it with this particular wireshark capture, because again, you know,", 'start': 10109.227, 'duration': 6.563}], 'summary': 'Encrypted traffic analysis using wireshark: tls data, source 1.32, destination 7612.49.46, client key exchange, change cipher, encrypted handshake message, and application data.', 'duration': 34.151, 'max_score': 10081.639, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo10081639.jpg'}], 'start': 6937.958, 'title': 'Network security fundamentals', 'summary': 'Covers wireshark for packet analysis, dhcp protocol, address resolution protocol vulnerabilities, cryptography evolution, symmetric and asymmetric key encryption, digital certificates, and cryptographic hashing.', 'chapters': [{'end': 7024.564, 'start': 6937.958, 'title': 'Wireshark for packet analysis', 'summary': 'Introduces the use of wireshark for packet analysis, demonstrating its ability to gather information from mac addresses, identify machine types, and its utility in packet sniffing and analysis for tasks like ids evasion.', 'duration': 86.606, 'highlights': ['Wireshark can gather information from MAC addresses to identify vendor IDs and machine types, such as Intel core and Sophos 4C, and the type of packets being sent, like IPv4.', 'Packet analysis with Wireshark is useful for tasks like IDS evasion, enabling the crafting and analysis of packets to avoid detection by intrusion detection systems.', 'The chapter briefly touches on the potential to craft packets in a way that they do not get detected by the IDS system, providing an introduction to a forthcoming discussion on packet crafting.']}, {'end': 8021.517, 'start': 7024.884, 'title': 'Dhcp protocol and address resolution', 'summary': 'Explains the dhcp protocol, its role in dynamically assigning ip addresses, its advantages in centralizing network client configuration, and the vulnerabilities of the address resolution protocol (arp). it also covers the basics of cryptography and its historical significance in securing communication.', 'duration': 996.633, 'highlights': ['DHCP automates and centrally manages network configurations, assigning IP addresses dynamically, reducing manual intervention, and supporting small to large networks. DHCP automates and centrally manages network configurations, assigning IP addresses dynamically, reducing manual intervention, and supporting small to large networks.', 'Advantages of DHCP include easier IP address management, centralized network client configuration, support for boot TP clients, local and remote clients, network booting, and support for large networks. Advantages of DHCP include easier IP address management, centralized network client configuration, support for boot TP clients, local and remote clients, network booting, and support for large networks.', 'Address Resolution Protocol (ARP) vulnerabilities allow for potential man-in-the-middle attacks due to the lack of validation and authentication, posing security risks in LAN communication. Address Resolution Protocol (ARP) vulnerabilities allow for potential man-in-the-middle attacks due to the lack of validation and authentication, posing security risks in LAN communication.', "Cryptography plays a crucial role in securing communication by encrypting messages with a key and decryption algorithm, with historical significance dating back to Julius Caesar's Caesar Cipher and evolving into digital encryption standards. Cryptography plays a crucial role in securing communication by encrypting messages with a key and decryption algorithm, with historical significance dating back to Julius Caesar's Caesar Cipher and evolving into digital encryption standards."]}, {'end': 8906.532, 'start': 8021.997, 'title': 'Cryptography evolution', 'summary': 'Discusses the evolution of cryptographic algorithms, focusing on the digital encryption standard (des), triple des, and the advanced encryption standard (aes), highlighting the vulnerabilities of des, the stopgap nature of triple des, and the key features of aes, including support for multiple key lengths.', 'duration': 884.535, 'highlights': ['AES was selected by NIST in 2001 as a replacement for DES after evaluating thousands of algorithms, offering support for key lengths up to 256 bits. AES selected in 2001 as a replacement for DES, supporting key lengths up to 256 bits.', 'Triple DES was introduced as a stopgap measure between DES and AES, applying DES three times with three different keys to yield an effective key size of 168 bits. Triple DES as a stopgap measure, applying DES three times with three different keys for an effective key size of 168 bits.', 'DES, using 56-bit keys, was effectively broken in 1998, leading to the need for a more secure standard. DES, using 56-bit keys, was broken in 1998, necessitating the search for a more secure standard.']}, {'end': 9333.183, 'start': 8907.256, 'title': 'Symmetric and asymmetric key encryption', 'summary': 'Discusses the use of symmetric and asymmetric key encryption, highlighting the differences between stream and block ciphers, the advantages of asymmetric key encryption in ensuring sender authenticity, and the process of generating and using public and private keys for encryption and decryption.', 'duration': 425.927, 'highlights': ['Asymmetric key encryption ensures sender authenticity, as the public key is used to verify the signature created using the private key. Asymmetric key encryption ensures sender authenticity by using the public key to verify the signature created using the private key.', 'Differences between stream and block ciphers: block ciphers process a fixed block of bits at a time, while stream ciphers encrypt a bit at a time, allowing for variable input lengths without requiring padding. Block ciphers process a fixed block of bits at a time, while stream ciphers encrypt a bit at a time, allowing for variable input lengths without requiring padding.', 'The process of generating public and private keys involves using OpenSSL with RSA algorithm, DES3 encryption, and a passphrase for key protection. The process of generating public and private keys involves using OpenSSL with RSA algorithm, DES3 encryption, and a passphrase for key protection.']}, {'end': 10231.568, 'start': 9333.223, 'title': 'Digital certificates and cryptographic hashing', 'summary': 'Covers the basics of digital certificates and their role in providing identification, authentication, confidentiality, and non-repudiation, along with an explanation of cryptographic hashing and its applications in file integrity and password storage.', 'duration': 898.345, 'highlights': ['Digital certificates provide identification, authentication, confidentiality, and non-repudiation, ensuring secure data exchange over the internet. Digital certificates ensure the identification, authentication, confidentiality, and non-repudiation of data exchanged over the internet, thereby enhancing security.', 'Hashing is a one-way function used for file integrity and password storage, generating fixed-length values and helping verify data integrity. Hashing, a one-way function, is crucial for file integrity and password storage, ensuring data integrity and protection against unauthorized access or modifications.', 'SSL and TLS enable encryption between web servers and clients, with TLS addressing vulnerabilities present in earlier versions of SSL. SSL and TLS facilitate encryption between web servers and clients, with TLS addressing vulnerabilities found in earlier versions of SSL, ensuring secure data transmission.']}], 'duration': 3293.61, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo6937958.jpg', 'highlights': ['Wireshark gathers MAC address information to identify vendor IDs and machine types, like Intel core and Sophos 4C.', 'Packet analysis with Wireshark is useful for tasks like IDS evasion and crafting packets to avoid detection.', 'DHCP automates and centrally manages network configurations, assigning IP addresses dynamically, reducing manual intervention, and supporting small to large networks.', 'Address Resolution Protocol (ARP) vulnerabilities pose security risks in LAN communication due to lack of validation and authentication.', 'Cryptography plays a crucial role in securing communication by encrypting messages with a key and decryption algorithm.', 'AES was selected by NIST in 2001 as a replacement for DES, offering support for key lengths up to 256 bits.', 'Triple DES was introduced as a stopgap measure between DES and AES, applying DES three times with three different keys for an effective key size of 168 bits.', 'Asymmetric key encryption ensures sender authenticity by using the public key to verify the signature created using the private key.', 'Block ciphers process a fixed block of bits at a time, while stream ciphers encrypt a bit at a time, allowing for variable input lengths without requiring padding.', 'Digital certificates provide identification, authentication, confidentiality, and non-repudiation, ensuring secure data exchange over the internet.', 'Hashing is a one-way function crucial for file integrity and password storage, ensuring data integrity and protection against unauthorized access or modifications.', 'SSL and TLS facilitate encryption between web servers and clients, with TLS addressing vulnerabilities found in earlier versions of SSL.']}, {'end': 11293.373, 'segs': [{'end': 10405.4, 'src': 'embed', 'start': 10366.136, 'weight': 0, 'content': [{'end': 10371.157, 'text': 'now, these days, we are going to look at a couple of ways here of doing disk encryption.', 'start': 10366.136, 'duration': 5.021}, {'end': 10375.299, 'text': "I'm going to tell you about one of them first, and it's not the one I can show.", 'start': 10371.157, 'duration': 4.142}, {'end': 10377.059, 'text': "I can't really show the other one either.", 'start': 10375.299, 'duration': 1.76}, {'end': 10380.24, 'text': 'so with Microsoft, their Windows system have this program called BitLocker.', 'start': 10377.059, 'duration': 3.181}, {'end': 10383.823, 'text': 'A BitLocker requires either Windows Ultimate or Windows Enterprise.', 'start': 10380.72, 'duration': 3.103}, {'end': 10386.064, 'text': "I don't happen to have either version.", 'start': 10384.163, 'duration': 1.901}, {'end': 10391.449, 'text': "So I can't really show it to you, but I can tell you that BitLocker has ability to do entire disk encryption,", 'start': 10386.104, 'duration': 5.345}, {'end': 10398.134, 'text': 'and they use a yes for the encryption cipher, and the thing about BitLocker is that they use a feature that comes with most modern systems,', 'start': 10391.449, 'duration': 6.685}, {'end': 10399.075, 'text': 'particularly laptops.', 'start': 10398.134, 'duration': 0.941}, {'end': 10400.816, 'text': 'chip in them.', 'start': 10399.896, 'duration': 0.92}, {'end': 10403.939, 'text': "that's called the trusted platform module, or TPM.", 'start': 10400.816, 'duration': 3.123}, {'end': 10405.4, 'text': 'the TPM chip is part.', 'start': 10403.939, 'duration': 1.461}], 'summary': 'Bitlocker offers disk encryption using aes cipher and requires windows ultimate or enterprise, along with tpm chip in modern systems.', 'duration': 39.264, 'max_score': 10366.136, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo10366136.jpg'}, {'end': 10696.962, 'src': 'embed', 'start': 10669.585, 'weight': 7, 'content': [{'end': 10674.807, 'text': "So first of all, let's go ahead and open up our Unix system that is running on our virtual machine.", 'start': 10669.585, 'duration': 5.222}, {'end': 10676.928, 'text': 'Now, let me clear out the screen out here.', 'start': 10675.207, 'duration': 1.721}, {'end': 10681.95, 'text': "So I already have nmap installed, but if you don't, you can go apt-get install nmap.", 'start': 10677.308, 'duration': 4.642}, {'end': 10684.692, 'text': 'and that should install nmap for you.', 'start': 10682.49, 'duration': 2.202}, {'end': 10689.916, 'text': "If you're not a root user, you might want to check and use the sudo command along with this thing.", 'start': 10684.992, 'duration': 4.924}, {'end': 10693.839, 'text': "So I'm not really gonna run this command right now because I already have nmap installed.", 'start': 10690.196, 'duration': 3.643}, {'end': 10696.962, 'text': "What I'm gonna do is show you the different ways we can use nmap.", 'start': 10694.08, 'duration': 2.882}], 'summary': 'Demonstrating nmap usage in unix system on virtual machine', 'duration': 27.377, 'max_score': 10669.585, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo10669585.jpg'}, {'end': 10758.918, 'src': 'embed', 'start': 10731.036, 'weight': 6, 'content': [{'end': 10737.082, 'text': "So suppose you wanna do an nmap scan on let's say edureka.co.", 'start': 10731.036, 'duration': 6.046}, {'end': 10742.326, 'text': 'So this will start up an nmap scan on the IP address that edureka.co sits on.', 'start': 10737.582, 'duration': 4.744}, {'end': 10748.672, 'text': 'So as you guys can see, this is running an nmap scan and it can take a little bit of time.', 'start': 10742.887, 'duration': 5.785}, {'end': 10753.116, 'text': "Now, since it's taking a lot of time, I'm gonna show you some other ways by just quitting out of it.", 'start': 10749.092, 'duration': 4.024}, {'end': 10758.918, 'text': "Okay, so now that I've stopped it because it was taking too much time, you can specify IP address.", 'start': 10753.676, 'duration': 5.242}], 'summary': "Nmap scan on edureka.co's ip address; can take time; alternative methods available.", 'duration': 27.882, 'max_score': 10731.036, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo10731036.jpg'}, {'end': 11066.326, 'src': 'embed', 'start': 11035.573, 'weight': 1, 'content': [{'end': 11039.415, 'text': "let's go on ifconfig first and let's see our IP address.", 'start': 11035.573, 'duration': 3.842}, {'end': 11044.522, 'text': 'So our IP is 192.168.56.101.', 'start': 11041.201, 'duration': 3.321}, {'end': 11047.683, 'text': "So let's try and do some scans on ourselves.", 'start': 11044.522, 'duration': 3.161}, {'end': 11049.524, 'text': 'That was all about HODES discovery.', 'start': 11048.223, 'duration': 1.301}, {'end': 11052.105, 'text': 'Now you can also do some port specifications.', 'start': 11049.584, 'duration': 2.521}, {'end': 11054.845, 'text': 'So you can do port specifications like this.', 'start': 11052.365, 'duration': 2.48}, {'end': 11057.026, 'text': 'So our IP is 192.168.56.101.', 'start': 11055.126, 'duration': 1.9}, {'end': 11066.326, 'text': 'And suppose you want to scan for port number 21.', 'start': 11057.026, 'duration': 9.3}], 'summary': 'Using ifconfig, ip address 192.168.56.101 was found. port 21 scanned.', 'duration': 30.753, 'max_score': 11035.573, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo11035573.jpg'}, {'end': 11275.266, 'src': 'embed', 'start': 11243.837, 'weight': 3, 'content': [{'end': 11247.618, 'text': "So before we get into IDS evasion, let's talk about what exactly is an IDS.", 'start': 11243.837, 'duration': 3.781}, {'end': 11250.159, 'text': 'Now. an intrusion detection system, or IDS,', 'start': 11248.078, 'duration': 2.081}, {'end': 11256.201, 'text': 'is a system that monitors network traffic for suspicious activity and issues alerts when such activities discovered.', 'start': 11250.159, 'duration': 6.042}, {'end': 11260.022, 'text': 'While anomaly detection and reporting is primary function,', 'start': 11256.781, 'duration': 3.241}, {'end': 11265.723, 'text': 'some intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected,', 'start': 11260.022, 'duration': 5.701}, {'end': 11268.584, 'text': 'including blocking traffic sent from suspicious IP addresses.', 'start': 11265.723, 'duration': 2.861}, {'end': 11275.266, 'text': 'Although intrusion detection systems monitor network for potentially malicious activity, they are also prone to false alarms or false positives.', 'start': 11269.104, 'duration': 6.162}], 'summary': 'Ids monitors network for suspicious activity, issues alerts, and can block traffic from suspicious ips.', 'duration': 31.429, 'max_score': 11243.837, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo11243837.jpg'}], 'start': 10231.768, 'title': 'Network security technologies', 'summary': 'Covers cryptographic algorithms in tls and ssl, advancements in disk encryption, disk encryption methods like bitlocker and filevault, network scanning with tools like nmap, and nmap scanning techniques including host discovery, port specifications, and intrusion detection systems.', 'chapters': [{'end': 10366.136, 'start': 10231.768, 'title': 'Cryptography and security protocols', 'summary': 'Explains the use of cryptographic algorithms in tls and ssl, emphasizing the importance of avoiding weak ciphers and the risks associated with self-signed certificates. it also discusses the advancements in disk encryption, highlighting its increased accessibility and performance in modern operating systems.', 'duration': 134.368, 'highlights': ['The importance of avoiding weak ciphers in TLS and SSL, with a recommendation to remove 40-bit ciphers using RC4 from supported ciphers for improved security.', 'The risks associated with self-signed certificates, as browsers may warn users about untrusted certificate authorities, potentially leading to compromised client security.', 'The advancements in disk encryption, enabled by faster processors, allowing for on-the-fly encryption and decryption without performance impact in modern operating systems.']}, {'end': 10827.461, 'start': 10366.136, 'title': 'Disk encryption and network scanning', 'summary': 'Discusses disk encryption methods such as bitlocker, filevault, and gde crypt, emphasizing their features, supported platforms, and encryption ciphers, as well as the importance of disk encryption for securing sensitive data. it then delves into network scanning, covering its purpose, methods, and tools like nmap, highlighting its significance in security assessment and attacks by hackers.', 'duration': 461.325, 'highlights': ['Disk encryption methods such as BitLocker, FileVault, and GDE Crypt are discussed, emphasizing their features, supported platforms, and encryption ciphers. The chapter provides information on BitLocker, FileVault, and GDE Crypt, highlighting their features, supported platforms, and encryption ciphers (e.g., BitLocker uses AES), specifying the Windows versions required for BitLocker.', 'The importance of disk encryption for securing sensitive data, especially when working with clients, is emphasized. Emphasizes the importance of disk encryption for securing sensitive data, particularly when working with clients, stressing the need for measures like BitLocker and FileVault to protect sensitive information.', 'Network scanning, including its purpose, methods, and tools like nmap, is covered in detail, highlighting its significance in security assessment and attacks by hackers. Provides a detailed overview of network scanning, encompassing its purpose, methods (e.g., network port scanning and vulnerability scanning), and tools such as nmap, emphasizing its role in security assessment and malicious activities by hackers.']}, {'end': 11293.373, 'start': 10827.941, 'title': 'Nmap and ids evasion', 'summary': 'Covers nmap scanning techniques including sin, tcp connection, udp, acknowledgement, windows, and main mount port scans, as well as host discovery and port specifications. additionally, it discusses service version detection, increasing version intensity, aggressive scans, and os detection, before concluding with an introduction to intrusion detection systems and their capabilities.', 'duration': 465.432, 'highlights': ['The chapter covers various Nmap scanning techniques including SIN, TCP connection, UDP, acknowledgement, Windows, and main mount port scans, as well as host discovery and port specifications. It describes how to perform different types of Nmap scans, such as SIN, TCP connection, UDP, acknowledgement, Windows, and main mount port scans, along with host discovery and port specifications.', 'Service version detection, increasing version intensity, aggressive scans, and OS detection are discussed in the chapter. The chapter explains the process of service version detection, increasing version intensity, aggressive scans, and OS detection using Nmap.', 'An introduction to intrusion detection systems (IDS) and their capabilities is provided, including their function, potential actions, and issues such as false alarms or false positives. It introduces intrusion detection systems (IDS) as monitoring systems for network traffic, capable of taking actions when malicious activity is detected, while also highlighting their susceptibility to false alarms or false positives.']}], 'duration': 1061.605, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo10231768.jpg', 'highlights': ['The importance of avoiding weak ciphers in TLS and SSL, with a recommendation to remove 40-bit ciphers using RC4 from supported ciphers for improved security.', 'Disk encryption methods such as BitLocker, FileVault, and GDE Crypt are discussed, emphasizing their features, supported platforms, and encryption ciphers.', 'Network scanning, including its purpose, methods, and tools like nmap, is covered in detail, highlighting its significance in security assessment and attacks by hackers.', 'The advancements in disk encryption, enabled by faster processors, allowing for on-the-fly encryption and decryption without performance impact in modern operating systems.', 'The risks associated with self-signed certificates, as browsers may warn users about untrusted certificate authorities, potentially leading to compromised client security.', 'The chapter covers various Nmap scanning techniques including SIN, TCP connection, UDP, acknowledgement, Windows, and main mount port scans, as well as host discovery and port specifications.', 'The importance of disk encryption for securing sensitive data, especially when working with clients, is emphasized.', 'Service version detection, increasing version intensity, aggressive scans, and OS detection are discussed in the chapter.', 'An introduction to intrusion detection systems (IDS) and their capabilities is provided, including their function, potential actions, and issues such as false alarms or false positives.']}, {'end': 13293.847, 'segs': [{'end': 11371.761, 'src': 'embed', 'start': 11345.849, 'weight': 8, 'content': [{'end': 11350.652, 'text': 'HIDS may also be able to identify malicious traffic that originates from the host itself,', 'start': 11345.849, 'duration': 4.803}, {'end': 11354.854, 'text': 'as when the host has been infected with malware and is attempting spread to other systems.', 'start': 11350.652, 'duration': 4.202}, {'end': 11363.378, 'text': 'signature-based intrusion detection system monitors all packets traversing the network and compares them against a database of signatures or attributes of known malicious threats,', 'start': 11354.854, 'duration': 8.524}, {'end': 11364.699, 'text': 'much like antivirus softwares.', 'start': 11363.378, 'duration': 1.321}, {'end': 11368.321, 'text': "So now let's talk about into IDS evasion.", 'start': 11365.159, 'duration': 3.162}, {'end': 11371.761, 'text': "Okay, So now let's talk about IDS evasion now.", 'start': 11369.039, 'duration': 2.722}], 'summary': 'Hids can detect internal malicious traffic. ids uses signature-based monitoring similar to antivirus. discussion on ids evasion.', 'duration': 25.912, 'max_score': 11345.849, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo11345849.jpg'}, {'end': 12378.232, 'src': 'embed', 'start': 12354.895, 'weight': 10, 'content': [{'end': 12363.058, 'text': 'Then they would have to access all of the information being transferred between both parties by actually spoofing something called address resolution protocol.', 'start': 12354.895, 'duration': 8.163}, {'end': 12367.98, 'text': 'That is the protocol that is used when you are actually connecting to your gateway from your computer.', 'start': 12363.458, 'duration': 4.522}, {'end': 12372.447, 'text': 'So how can you exactly prevent MITM attacks from happening against you?', 'start': 12368.644, 'duration': 3.803}, {'end': 12378.232, 'text': 'So, firstly, you have to use an encrypted WAP, that is, an encrypted wireless access point.', 'start': 12372.928, 'duration': 5.304}], 'summary': 'To prevent mitm attacks, use encrypted wap to secure information transfer.', 'duration': 23.337, 'max_score': 12354.895, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo12354895.jpg'}, {'end': 12572.57, 'src': 'embed', 'start': 12512.573, 'weight': 0, 'content': [{'end': 12519.975, 'text': 'use a safe search protocol that warns you when to navigate to a malicious site, and use comprehensive security software on all your devices,', 'start': 12512.573, 'duration': 7.402}, {'end': 12522.656, 'text': 'like McAfee, all access and keeping it up to date.', 'start': 12519.975, 'duration': 2.681}, {'end': 12529.058, 'text': 'Okay, so that was it about drive by downloads next up is my advertising or malvertising.', 'start': 12523.676, 'duration': 5.382}, {'end': 12537.914, 'text': 'So malvertising is the name we in the security industry give to criminally controlled advertisements which intentionally infect people and businesses.', 'start': 12529.787, 'duration': 8.127}, {'end': 12546.721, 'text': 'These can be any ad on any site, often ones which you use as a part of your everyday internet usage, and it is a growing problem,', 'start': 12538.494, 'duration': 8.227}, {'end': 12552.146, 'text': 'as is evident by a recent US Senate report and the establishment of bodies like trust and ads.', 'start': 12546.721, 'duration': 5.425}, {'end': 12556.918, 'text': 'Now, whilst the technology being used in the background is very advanced,', 'start': 12553.035, 'duration': 3.883}, {'end': 12562.282, 'text': 'the way it presents to the person being infected is simple to all intents and purposes.', 'start': 12556.918, 'duration': 5.364}, {'end': 12568.847, 'text': 'The advertisement looks the same as any other but has been placed by criminal like you can see the mint ad out here.', 'start': 12562.362, 'duration': 6.485}, {'end': 12570.288, 'text': "It's really out of place.", 'start': 12569.187, 'duration': 1.101}, {'end': 12572.57, 'text': "So you could say it's been made by a criminal.", 'start': 12570.448, 'duration': 2.122}], 'summary': 'Use safe search protocol, comprehensive security software like mcafee, and be wary of malvertising to prevent malicious site navigation and infections.', 'duration': 59.997, 'max_score': 12512.573, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo12512573.jpg'}, {'end': 12698.583, 'src': 'embed', 'start': 12669.909, 'weight': 14, 'content': [{'end': 12675.994, 'text': 'Some of these methods include ads offering free or trial versions of security programs, often pricey upgrades,', 'start': 12669.909, 'duration': 6.085}, {'end': 12678.437, 'text': 'or encouraging the purchase of Deluxe versions.', 'start': 12675.994, 'duration': 2.443}, {'end': 12685.303, 'text': 'Then also pop-ups warning that your computer is infected with a virus which encourages you to clean it by clicking on the program.', 'start': 12679.177, 'duration': 6.126}, {'end': 12690.376, 'text': 'and then manipulated SEO rankings that put infected website as the top hits.', 'start': 12686.093, 'duration': 4.283}, {'end': 12691.898, 'text': 'when you search, these links,', 'start': 12690.376, 'duration': 1.522}, {'end': 12698.583, 'text': 'then redirected to a landing page that claims your machine is infected and encourages you a free trial of the rogue security program.', 'start': 12691.898, 'duration': 6.685}], 'summary': 'Rogue security programs use deceptive methods like ads, pop-ups, and manipulated seo to encourage purchase and installation.', 'duration': 28.674, 'max_score': 12669.909, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo12669909.jpg'}, {'end': 12843.591, 'src': 'embed', 'start': 12812.68, 'weight': 6, 'content': [{'end': 12817.264, 'text': 'Blue Vector is installed as either a hardware-based network appliance or as a virtual machine.', 'start': 12812.68, 'duration': 4.584}, {'end': 12824.269, 'text': 'It can operate in line with network traffic, stopping and remediating threats in real time as they attempt to enter a protected space,', 'start': 12817.604, 'duration': 6.665}, {'end': 12829.193, 'text': 'or as a retrospective tool that can scan the work performed by other programs and analysts,', 'start': 12824.269, 'duration': 4.924}, {'end': 12832.155, 'text': 'catching threats that they might have missed and recommending fixes.', 'start': 12829.193, 'duration': 2.962}, {'end': 12837.302, 'text': 'It is designed to work with all ipv6 traffic as well as older ipv4 streams,', 'start': 12832.575, 'duration': 4.727}, {'end': 12843.591, 'text': 'so it can operate in environments that are rich in Internet of Things and supervisory control and data acquisition devices,', 'start': 12837.302, 'duration': 6.289}], 'summary': 'Blue vector can operate in line with network traffic, catching threats in real time and scanning for missed threats in both ipv6 and older ipv4 streams.', 'duration': 30.911, 'max_score': 12812.68, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo12812680.jpg'}, {'end': 13147.528, 'src': 'embed', 'start': 13122.006, 'weight': 15, 'content': [{'end': 13127.589, 'text': 'the next tool in our list deals with application security, which is basically the convergence of endpoint security,', 'start': 13122.006, 'duration': 5.583}, {'end': 13129.771, 'text': 'network security and content security.', 'start': 13127.589, 'duration': 2.182}, {'end': 13134.254, 'text': 'as you guys can see, the name of the tool is contrast security, which is actually a suit of tools.', 'start': 13129.771, 'duration': 4.483}, {'end': 13140.644, 'text': 'Now, as such, cyber security programs tend to look at the problem of defense from a lot of different angles,', 'start': 13134.981, 'duration': 5.663}, {'end': 13145.647, 'text': 'with expectations that enterprises will employ several different type of security at the same time.', 'start': 13140.644, 'duration': 5.003}, {'end': 13147.528, 'text': 'This has led to a different problem.', 'start': 13146.007, 'duration': 1.521}], 'summary': 'Contrast security is a suite of tools for application security, encompassing endpoint, network, and content security, aiming to address the challenge of employing multiple types of security simultaneously.', 'duration': 25.522, 'max_score': 13122.006, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo13122006.jpg'}], 'start': 11293.373, 'title': 'Cyber security threats and prevention', 'summary': 'Covers intrusion detection systems, cyber threats like phishing and drive-by downloads, and advanced cybersecurity tools, emphasizing prevention techniques and statistics on malvertising incidents and rogue security software impact.', 'chapters': [{'end': 11525.369, 'start': 11293.373, 'title': 'Intrusion detection systems', 'summary': 'Discusses different types of intrusion detection systems, such as nids and hids, and techniques to evade detection from an ids, including manipulating packets and generating bogus data, with a demonstration of ongoing cyber attacks.', 'duration': 231.996, 'highlights': ['Different types of intrusion detection systems There are different types of intrusion detection systems, including NIDS and HIDS, each serving different monitoring purposes within a network.', "Techniques to evade detection from an IDS The chapter explores techniques to evade detection from an IDS, such as manipulating packets using tools like 'packet' and generating bogus data to hide legitimate scans, with a demonstration of ongoing cyber attacks.", 'Ongoing cyber attacks demonstration A demonstration of ongoing cyber attacks is provided, showcasing the prevalent security threats faced by organizations and the real-time visibility of compromised locations available on threat cloud.']}, {'end': 11720.22, 'start': 11525.369, 'title': 'Understanding cyber threats', 'summary': 'Discusses the visualization of cyber attacks and educates about malware, phishing, and how to prevent them, emphasizing the importance of updated security measures and caution in handling emails.', 'duration': 194.851, 'highlights': ['Malware is an all-encompassing term for a variety of cyber attacks, including Trojans, viruses, and worms, and the best way to prevent it is to avoid clicking on links or downloading attachments from unknown sources. Malware encompasses Trojans, viruses, and worms, and prevention involves avoiding unknown links and attachments.', "Phishing attacks, sent via email, ask users to click on a link and enter their personal data, and it's important to discern legitimate requests from false ones. Phishing attacks involve sophisticated email requests for personal data, requiring users to differentiate between legitimate and false requests.", 'The visualization of cyber attacks provides insight into the scale of cyber attacks happening globally, with examples of attacks from specific countries such as the Netherlands and the USA. The visualization of cyber attacks offers a global perspective, with specific examples from the Netherlands and the USA.', 'The chapter emphasizes the importance of updated security measures, including deploying a robust and updated firewall and ensuring the operating system and software are frequently updated to address vulnerabilities. The importance of updated security measures is stressed, including deploying a robust firewall and ensuring frequent software updates to address vulnerabilities.']}, {'end': 11926.03, 'start': 11720.22, 'title': 'Understanding phishing scams', 'summary': 'Explores how phishing works, detailing the five steps involved in a phishing scam, the properties of phishing emails, and a demonstration of creating a phishing website to harvest credentials, emphasizing the importance of awareness and reporting suspicious emails.', 'duration': 205.81, 'highlights': ['Five Steps of Phishing Scam Phishing scams involve five steps: planning, setup, execution, recording information, and identity theft/fraud, with as many as a fourth of the victims never fully recovering.', 'Properties of Phishing Emails Phishing emails have specific properties including generic addressing, emails not being from reputable sources, and redirect links leading to unauthorized websites.', 'Creating a Phishing Website The demonstration of creating a phishing website for harvesting Facebook credentials involves using the source code of the Facebook login page, creating a back-end code in PHP to log passwords, and sending an email to simulate a compromised account.']}, {'end': 12440.005, 'start': 11926.351, 'title': 'Cybersecurity threats and prevention', 'summary': 'Covers phishing attacks, password attacks including brute-force, dictionary, and keylogger attacks, ddos attacks, man-in-the-middle attacks, and drive-by downloads, emphasizing the methods, consequences, and prevention measures.', 'duration': 513.654, 'highlights': ['Phishing attack demonstration A demonstration of a phishing attack is shown, where the backend code captures and logs the entered email and password, highlighting the potential risks of compromised credentials.', 'Password attacks methods and consequences The chapter explains various password attacks including brute-force, dictionary, and keylogger attacks, emphasizing their malicious use, such as stealing passwords for accessing sensitive information, and the need for strong security measures like multi-factor authentication.', 'DDoS attack explanation and prevention The concept of DDoS attacks is presented, focusing on disrupting network services through high traffic volume, and prevention measures are highlighted, including regular system security updates and data flow monitoring.', 'Man-in-the-middle attack overview and prevention An overview of man-in-the-middle attacks is provided, emphasizing the impersonation of endpoints to obtain sensitive data, and prevention measures are outlined, such as using encrypted wireless access points and investing in a virtual private network.', 'Drive-by downloads and their risks The chapter warns about the risks of drive-by downloads, highlighting that visiting compromised web pages can lead to the installation of dangerous code without any user interaction, emphasizing the evolving nature of cybersecurity threats.']}, {'end': 12776.512, 'start': 12440.005, 'title': 'Drive-by downloads and cyber security threats', 'summary': 'Discusses drive-by downloads, malvertising, and rogue security software, highlighting the threats, prevention measures, and relevant statistics, such as the increase in malvertising incidents and the impact of rogue security software since 2008.', 'duration': 336.507, 'highlights': ['A drive by download refers to the unintentional download of a virus or malicious software onto your computer or mobile device. Explains the concept of drive-by downloads and the risk of unintentional virus or malicious software downloads.', 'Malvertising is the name given to criminally controlled advertisements that intentionally infect people and businesses, with recent incidents increasing as evidenced by a US Senate report. Highlights the concept of malvertising, its impact, and the increase in incidents as indicated by a US Senate report.', 'Rogue security software is a form of malicious software and internet fraud that misleads users into believing that there is a virus on their computer and manipulates them into paying money for a fake malware removal tool. Explains the concept of rogue security software, its fraudulent nature, and the manipulation of users into paying for fake malware removal tools.', 'New attack techniques, like malware deployed without files, are straining resources and testing defenses in two critical ways. Discusses the strain on resources and defenses caused by new attack techniques, such as malware deployed without files.']}, {'end': 13293.847, 'start': 12777.305, 'title': 'Advanced cyber security tools overview', 'summary': 'Presents an overview of advanced cyber security tools, including blue vector defense, bricata, cloud defender by alertlogic, cofense triage, contrast security, and digital guardian, emphasizing their capabilities and unique features to provide effective protection against cyber threats in various network environments.', 'duration': 516.542, 'highlights': ['Contrast Security embeds agents inside each app and provides comprehensive application security from development to deployment, scoring a rare 100% on the OWASP security benchmark. Contrast Security offers comprehensive application security and protection, scoring a rare 100% on the OWASP security benchmark, ensuring minimal false positives and embedding agents within each app for thorough monitoring and protection.', "Digital Guardian's threat-aware data protection platform comes preloaded with thousands of best practices rules tailored to specific networks, ensuring immediate and effective protection of endpoints. Digital Guardian's platform comes preloaded with tailored best practices rules, providing immediate and effective protection for endpoints, ensuring better security policies.", 'Blue Vector Defense combines deep machine learning capabilities with real-time threat detection and remediation, making it smarter over time to counter malware and human-backed intrusions at machine speed. Blue Vector Defense combines deep machine learning capabilities with real-time threat detection and remediation, continuously improving to counter malware and human-backed intrusions at machine speed.', "Bricata offers advanced IPS/IDS protection with multiple detection engines and threat feed, enabling threat hunts based on events or anomalies and providing visibility into potential threats' movements across the network. Bricata provides advanced IPS/IDS protection with multiple detection engines, facilitating threat hunts based on events or anomalies, and offering visibility into potential threats' movements within the network.", 'Cloud Defender by AlertLogic is designed for cloud environments, offering varying levels of support from user-friendly tools for local IT staff to a full-service model with monitoring, advising, and logging of events. Cloud Defender by AlertLogic is tailored for cloud environments, providing varying levels of support, from user-friendly tools for local IT staff to a full-service model with monitoring, advising, and logging of events.']}], 'duration': 2000.474, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo11293373.jpg', 'highlights': ['Contrast Security offers comprehensive application security, scoring 100% on OWASP benchmark.', 'Bricata provides advanced IPS/IDS protection with multiple detection engines and threat feed.', 'Blue Vector Defense combines deep machine learning with real-time threat detection and remediation.', "Digital Guardian's platform comes preloaded with tailored best practices rules for immediate protection.", 'Cloud Defender by AlertLogic is tailored for cloud environments, offering varying levels of support.', 'Phishing scams involve five steps, with a fourth of victims never fully recovering.', 'Malvertising incidents are increasing, as evidenced by a US Senate report.', 'Rogue security software misleads users into paying for fake malware removal tools.', 'Drive-by downloads pose risks of unintentional virus or malicious software downloads.', 'DDoS attacks disrupt network services through high traffic volume, requiring regular security updates.', 'Man-in-the-middle attacks impersonate endpoints to obtain sensitive data, emphasizing prevention measures.', 'New attack techniques, like malware deployed without files, strain resources and test defenses.', 'Intrusion detection systems include NIDS and HIDS, serving different monitoring purposes within a network.', 'Techniques to evade detection from an IDS involve manipulating packets and generating bogus data.', 'Malware encompasses Trojans, viruses, and worms, prevention involves avoiding unknown links and attachments.', 'Phishing attacks involve sophisticated email requests for personal data, requiring users to differentiate between legitimate and false requests.', 'The visualization of cyber attacks offers a global perspective, with specific examples from the Netherlands and the USA.', 'The importance of updated security measures is stressed, including deploying a robust firewall and ensuring frequent software updates.']}, {'end': 14310.286, 'segs': [{'end': 14004.394, 'src': 'embed', 'start': 13977.992, 'weight': 5, 'content': [{'end': 13982.196, 'text': 'The tiers range from partial, which is tier one, to adaptive, which is tier four,', 'start': 13977.992, 'duration': 4.204}, {'end': 13989.684, 'text': 'and describe an increasing degree of rigor and how well integrated cybersecurity risk decisions are into broader risk decisions,', 'start': 13982.196, 'duration': 7.488}, {'end': 13994.93, 'text': 'and the degree to which an organization shares and receives cybersecurity information from external parties.', 'start': 13989.684, 'duration': 5.246}, {'end': 13997.971, 'text': 'Tires do not necessarily represent maturity levels.', 'start': 13995.53, 'duration': 2.441}, {'end': 14004.394, 'text': 'Organizations should determine the desired tire, ensuring that the selected level meets organizational goals,', 'start': 13998.411, 'duration': 5.983}], 'summary': 'Tiers range from partial to adaptive, integrating cybersecurity decisions and information sharing.', 'duration': 26.402, 'max_score': 13977.992, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo13977992.jpg'}, {'end': 14124.049, 'src': 'embed', 'start': 14097.181, 'weight': 6, 'content': [{'end': 14101.683, 'text': 'the activities in the identify functions are foundational for effective use of the framework.', 'start': 14097.181, 'duration': 4.502}, {'end': 14103.984, 'text': 'Understanding the business context.', 'start': 14102.183, 'duration': 1.801}, {'end': 14115.327, 'text': 'the resources that support critical functions and related cyber security risks enable an organization to focus and prioritize its efforts consistent with this risk management strategy.', 'start': 14103.984, 'duration': 11.343}, {'end': 14124.049, 'text': 'examples of outcome categories within this function include asset management, business environment governance, risk management and risk assessment.', 'start': 14115.327, 'duration': 8.722}], 'summary': 'Identify functions are foundational for effective use of the framework, covering asset management, business environment governance, risk management, and risk assessment.', 'duration': 26.868, 'max_score': 14097.181, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo14097181.jpg'}, {'end': 14174.369, 'src': 'embed', 'start': 14139.579, 'weight': 4, 'content': [{'end': 14140.579, 'text': 'Example of outcome.', 'start': 14139.579, 'duration': 1}, {'end': 14147.94, 'text': 'categories within this function include identify, management and access, control, awareness and training, data security,', 'start': 14140.579, 'duration': 7.361}, {'end': 14152.681, 'text': 'information protection processes and procedures, maintenance and protective technology.', 'start': 14147.94, 'duration': 4.741}, {'end': 14155.062, 'text': 'The next kind of function is the detect function.', 'start': 14153.142, 'duration': 1.92}, {'end': 14161.918, 'text': 'So this is used to develop and implement appropriate activities to identify the occurrence of a cyber security event.', 'start': 14155.692, 'duration': 6.226}, {'end': 14166.121, 'text': 'The detect function enables timely discovery of cyber security events.', 'start': 14162.358, 'duration': 3.763}, {'end': 14174.369, 'text': 'Example of outcome categories within this function includes anomalies and events, security, continuous monitoring and detection processes.', 'start': 14166.622, 'duration': 7.747}], 'summary': 'Functions include identify, management, access, control, awareness, training, data security, information protection, maintenance, and protective technology. detect function enables timely discovery of cyber security events.', 'duration': 34.79, 'max_score': 14139.579, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo14139579.jpg'}, {'end': 14318.651, 'src': 'embed', 'start': 14289.501, 'weight': 0, 'content': [{'end': 14297.249, 'text': 'These requirements and objectives can be compared against the current operating state of the organization to gain an understanding of the gaps between the two.', 'start': 14289.501, 'duration': 7.748}, {'end': 14305.883, 'text': 'Now the following steps illustrate how an organization could use a framework to create a new cybersecurity program or improve on an existing program.', 'start': 14298.078, 'duration': 7.805}, {'end': 14310.286, 'text': 'These steps should be repeated as necessary to continually improve cybersecurity.', 'start': 14306.163, 'duration': 4.123}, {'end': 14318.651, 'text': 'So the first step is to prioritize and scope the organization identifies its business mission objectives and high-level organizational priorities.', 'start': 14310.646, 'duration': 8.005}], 'summary': 'Compare requirements to current state, then prioritize and scope business objectives for cybersecurity program.', 'duration': 29.15, 'max_score': 14289.501, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo14289501.jpg'}], 'start': 13294.605, 'title': 'Cybersecurity frameworks and tools', 'summary': 'Discusses the significance of cyber security tools such as intellect, mantix 4, and segbi, and explores different types of cybersecurity frameworks including pci dss, iso 27001 and 27002, cis, and nist, with an emphasis on the nist cybersecurity framework and its components.', 'chapters': [{'end': 13732.397, 'start': 13294.605, 'title': 'Cyber security tools and frameworks', 'summary': 'Discusses the importance of cyber security tools such as intellect, mantix 4, and segbi in addressing compliance and security issues, as well as the significance of the cybersecurity framework in managing and reducing cyber security risks for critical infrastructure.', 'duration': 437.792, 'highlights': ['The importance of cyber security tools such as Intellect, Mantix 4, and Segbi in addressing compliance and security issues. The transcript emphasizes the significance of cyber security tools such as Intellect, Mantix 4, and Segbi in addressing compliance and security issues within organizations, highlighting the potential risks of being in compliance without adequate security and the role of threat hunting in cyber security defenses.', 'The significance of the Cybersecurity Framework in managing and reducing cyber security risks for critical infrastructure. The chapter emphasizes the importance of the Cybersecurity Framework in managing and reducing cyber security risks for critical infrastructure, outlining its role in prioritizing investments, maximizing impact, and shifting from compliance to action, as well as its benefits in communication, awareness, and implementation stages.']}, {'end': 13955.993, 'start': 13732.437, 'title': 'Types of cybersecurity frameworks', 'summary': 'Explores the different types of cybersecurity frameworks, including pci dss, iso 27001 and 27002, cis, and nist, with a focus on nist as the most popular framework, emphasizing its objectives and components.', 'duration': 223.556, 'highlights': ['NIST framework is the most popular framework. NIST framework is the most widely recognized cybersecurity framework, developed to address national and economic challenges, and is intended to be adaptable, flexible, scalable, and voluntary for private sectors.', 'PCI DSS is designed to protect credit cards, debit cards, and cash card transactions. PCI DSS is a set of security controls aimed at safeguarding payment account security, specifically to protect credit cards, debit cards, and cash card transactions.', 'ISO 27001 and 27002 provide best practices recommendations for information security management. ISO 27001 and 27002 offer best practices and recommendations for information security management and program elements, contributing to better cybersecurity risk management.', 'CIS framework provides specific and effective approaches to stop prevalent and dangerous cyber attacks. CIS framework offers a prescribed arrangement of activities for cyber protection, prioritizing fewer actions with high outcomes to combat prevalent and dangerous cyber attacks.']}, {'end': 14310.286, 'start': 13955.993, 'title': 'Nist cybersecurity framework', 'summary': 'Introduces the nist cybersecurity framework, which includes the concept of tiers to measure cybersecurity risk management practices, the core functions of identify, protect, detect, respond, and recover, and the use of profiles to customize the framework for organizations.', 'duration': 354.293, 'highlights': ['The NIST Cybersecurity Framework includes tiers ranging from partial (tier one) to adaptive (tier four) to describe the degree of rigor and integration of cybersecurity risk management practices, helping organizations prioritize cybersecurity opportunities. The tiers in the NIST Framework provide a structured approach for organizations to evaluate and prioritize cybersecurity practices, ranging from partial to adaptive, to improve cybersecurity posture.', 'The core functions of the framework, namely identify, protect, detect, respond, and recover, serve as the backbone for organizing cybersecurity risk management practices, applicable not only to cybersecurity but also to overall risk management. The core functions of the NIST Framework, such as identify, protect, detect, respond, and recover, provide a holistic approach for organizations to manage cybersecurity risks and ensure the delivery of critical services.', 'Profiles in the framework allow organizations to align their requirements, objectives, risk appetite, and resources with the desired outcomes of the framework core, enabling the customization of the framework to optimize cybersecurity practices. Profiles in the NIST Framework enable organizations to customize their cybersecurity practices by aligning their requirements and resources with the desired outcomes, facilitating the identification of opportunities to improve the cybersecurity posture.']}], 'duration': 1015.681, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo13294605.jpg', 'highlights': ['NIST framework is the most popular framework, adaptable, flexible, scalable, and voluntary for private sectors.', 'The importance of cyber security tools such as Intellect, Mantix 4, and Segbi in addressing compliance and security issues.', 'The significance of the Cybersecurity Framework in managing and reducing cyber security risks for critical infrastructure.', 'PCI DSS is designed to protect credit cards, debit cards, and cash card transactions.', 'ISO 27001 and 27002 provide best practices recommendations for information security management.', 'CIS framework provides specific and effective approaches to stop prevalent and dangerous cyber attacks.', 'The NIST Cybersecurity Framework includes tiers ranging from partial (tier one) to adaptive (tier four) to describe the degree of rigor and integration of cybersecurity risk management practices.', 'The core functions of the framework, namely identify, protect, detect, respond, and recover, serve as the backbone for organizing cybersecurity risk management practices.', 'Profiles in the framework allow organizations to align their requirements, objectives, risk appetite, and resources with the desired outcomes of the framework core.']}, {'end': 15220.193, 'segs': [{'end': 14488.447, 'src': 'embed', 'start': 14450.331, 'weight': 0, 'content': [{'end': 14454.291, 'text': 'The organization compares the current profile and the target profile to determine gaps.', 'start': 14450.331, 'duration': 3.96}, {'end': 14459.412, 'text': 'Next, it creates a prioritized action plan to address gaps reflecting mission drivers,', 'start': 14454.811, 'duration': 4.601}, {'end': 14463.573, 'text': 'costs and benefits and risks to achieve outcomes in the target profile.', 'start': 14459.412, 'duration': 4.161}, {'end': 14469.254, 'text': 'The organization then determines resources including funding and workforce necessary to address the gaps.', 'start': 14463.893, 'duration': 5.361}, {'end': 14476.546, 'text': 'Using profiles in this manner encourages the organization to make informed decisions about cybersecurity activities,', 'start': 14470.035, 'duration': 6.511}, {'end': 14481.593, 'text': 'support risk management and enables the organization to perform cost-effective targeted improvement.', 'start': 14476.546, 'duration': 5.047}, {'end': 14484.424, 'text': 'The last step is to implement action plan.', 'start': 14482.102, 'duration': 2.322}, {'end': 14488.447, 'text': 'the organization determines which actions to take to address the gaps, if any,', 'start': 14484.424, 'duration': 4.023}], 'summary': 'Organization uses profiles to prioritize and address cybersecurity gaps, enabling cost-effective improvements.', 'duration': 38.116, 'max_score': 14450.331, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo14450331.jpg'}], 'start': 14310.646, 'title': 'Cybersecurity implementation and career benefits', 'summary': 'Covers prioritizing and scoping cybersecurity implementations, outlines six implementation steps, and emphasizes the benefits of pursuing a career in cybersecurity, including high demand for cyber skills, global travel potential, and significant growth in cybersecurity salaries.', 'chapters': [{'end': 14350.261, 'start': 14310.646, 'title': 'Cybersecurity implementation framework', 'summary': 'Outlines the steps for prioritizing and scoping cybersecurity implementations, including identifying business mission objectives, high-level organizational priorities, and risk tolerance, and adapting the framework to support different business lines or processes.', 'duration': 39.615, 'highlights': ['The organization prioritizes and scopes its business mission objectives and high-level organizational priorities to make strategic decisions regarding cybersecurity implementations and determine the scope of systems and assets. (Relevance Score: 5)', 'The framework can be adapted to support different business lines or processes within an organization, reflecting varying business needs and associated risk tolerance. (Relevance Score: 4)', 'Risk tolerances may be reflected in a target implementation tier. (Relevance Score: 3)', 'Determining the scope of the cybersecurity program for the business line or process is essential. (Relevance Score: 2)']}, {'end': 14931.323, 'start': 14350.261, 'title': 'Cybersecurity framework implementation steps', 'summary': 'Outlines the six steps of implementing a cybersecurity framework, emphasizing the importance of creating current and target profiles, conducting risk assessments, and identifying emerging risks. it also highlights the significance of a security-aware culture, the impact of iot and cloud security, and the minimal requirements for pursuing a career in cybersecurity.', 'duration': 581.062, 'highlights': ['The Evergreen Industry of Cybersecurity Cybersecurity market projected to reach 403 billion USD by 2027 with a CAGR of 13.4%, emphasizing the perpetual demand for cybersecurity professionals.', 'The Significance of AI in Cybersecurity Artificial Intelligence plays a prominent role in cybersecurity, aiding in identifying vulnerable systems and predicting cyber attacks, highlighting the increasing challenges faced by human cybersecurity experts.', 'Building a Security-Aware Culture Creating a culture of awareness around cybersecurity issues is crucial for organizations, emphasizing the need for all employees to take basic precautions and consider cybersecurity as a fundamental part of their job description.', 'IoT and Cloud Security Challenges IoT devices and cloud security pose significant challenges due to their susceptibility to cyber threats and the continuous need for monitoring and updates, highlighting the importance of cybersecurity in day-to-day lives.', 'Minimal Requirements for a Career in Cybersecurity Cybersecurity career has super basic requirements, such as confidence and a professional background in IT, with relaxed eligibility criteria to bridge the gap between demand and availability of cybersecurity experts.']}, {'end': 15220.193, 'start': 14931.323, 'title': 'Benefits of cybersecurity career', 'summary': 'Highlights the numerous benefits of pursuing a career in cybersecurity, including the high demand for cyber skills, the potential for global travel, and the opportunity to work with prestigious companies and secretive agencies, along with the significant growth potential in cybersecurity salaries.', 'duration': 288.87, 'highlights': ['Cybersecurity salaries have a greater growth potential than 90% of other industries. Salaries in cybersecurity have a greater growth potential than 90% of other industries, making it an attractive career option with substantial earning potential.', 'The high demand for cyber skills is growing fast in every type of company and government department. The demand for cyber skills is rapidly increasing across various sectors and government departments, indicating ample career opportunities in cybersecurity.', 'Cybersecurity professionals have the potential to work with prestigious Fortune 500 companies and top secret government and intelligence agencies. Cybersecurity professionals have the potential to work with prestigious companies like Dell Accenture, and also with top secret government and intelligence agencies, offering diverse and intriguing career paths.', 'The rise of cyber attacks is outpacing the supply of cyber defenders, resulting in plenty of opportunities for cybersecurity professionals to travel overseas to serve their skills which are in high demand. The increasing rate of cyber attacks creates a high demand for cybersecurity professionals, providing ample opportunities for them to travel overseas and utilize their skills, indicating a global career potential in cybersecurity.']}], 'duration': 909.547, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo14310646.jpg', 'highlights': ['Cybersecurity market projected to reach 403 billion USD by 2027 with a CAGR of 13.4%, emphasizing the perpetual demand for cybersecurity professionals.', 'Cybersecurity salaries have a greater growth potential than 90% of other industries, making it an attractive career option with substantial earning potential.', 'The high demand for cyber skills is rapidly increasing across various sectors and government departments, indicating ample career opportunities in cybersecurity.', 'The rise of cyber attacks is outpacing the supply of cyber defenders, resulting in plenty of opportunities for cybersecurity professionals to travel overseas and utilize their skills, indicating a global career potential in cybersecurity.', 'Creating a culture of awareness around cybersecurity issues is crucial for organizations, emphasizing the need for all employees to take basic precautions and consider cybersecurity as a fundamental part of their job description.', 'Artificial Intelligence plays a prominent role in cybersecurity, aiding in identifying vulnerable systems and predicting cyber attacks, highlighting the increasing challenges faced by human cybersecurity experts.', 'IoT devices and cloud security pose significant challenges due to their susceptibility to cyber threats and the continuous need for monitoring and updates, highlighting the importance of cybersecurity in day-to-day lives.', 'The framework can be adapted to support different business lines or processes within an organization, reflecting varying business needs and associated risk tolerance.', 'The organization prioritizes and scopes its business mission objectives and high-level organizational priorities to make strategic decisions regarding cybersecurity implementations and determine the scope of systems and assets.']}, {'end': 16690.071, 'segs': [{'end': 15827.131, 'src': 'embed', 'start': 15798.56, 'weight': 1, 'content': [{'end': 15806.483, 'text': 'such as designing and implementing secure networking solution monitoring, troubleshooting, etc.', 'start': 15798.56, 'duration': 7.923}, {'end': 15809.784, 'text': 'how cyber security engineer helps the organization?', 'start': 15806.483, 'duration': 3.301}, {'end': 15820.787, 'text': "a cyber security engineer helps the organization by assessing the organization's security requirement and setting up the best practices and standards in response,", 'start': 15809.784, 'duration': 11.003}, {'end': 15827.131, 'text': 'Developing and deploying all security measures required to secure an organization.', 'start': 15821.767, 'duration': 5.364}], 'summary': 'Cyber security engineer ensures secure networking, monitoring, and troubleshooting for organizations.', 'duration': 28.571, 'max_score': 15798.56, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo15798560.jpg'}, {'end': 15983.974, 'src': 'embed', 'start': 15955.922, 'weight': 6, 'content': [{'end': 15960.083, 'text': 'Moving ahead with roles and responsibilities of a cybersecurity engineer.', 'start': 15955.922, 'duration': 4.161}, {'end': 15970.186, 'text': 'A cybersecurity engineer is responsible for tasks such as planning and implementing security measures of systems and networks,', 'start': 15960.103, 'duration': 10.083}, {'end': 15976.768, 'text': "troubleshooting security and network problems, ensuring the protection of organizations' data and infrastructure,", 'start': 15970.186, 'duration': 6.582}, {'end': 15983.974, 'text': 'being a part of daily administrative tasks with relevant departments in the organization,', 'start': 15977.868, 'duration': 6.106}], 'summary': "Cybersecurity engineers plan and implement security measures, troubleshoot problems, and protect organizations' data and infrastructure.", 'duration': 28.052, 'max_score': 15955.922, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo15955922.jpg'}, {'end': 16323.441, 'src': 'embed', 'start': 16284.46, 'weight': 0, 'content': [{'end': 16291.646, 'text': 'A variety of agencies issue both personal and facility security clearances, but most are issued by the Department of Defense.', 'start': 16284.46, 'duration': 7.186}, {'end': 16297.836, 'text': 'Each type of clearance has its own procedures and paperwork, and the process, which takes three months to a year,', 'start': 16292.293, 'duration': 5.543}, {'end': 16303.678, 'text': 'does not begin until an employer decides to hire you, at which point you receive a conditional offer of employment.', 'start': 16297.836, 'duration': 5.842}, {'end': 16308.561, 'text': 'The first step is to submit clearance documentation, followed by a background investigation.', 'start': 16304.299, 'duration': 4.262}, {'end': 16313.643, 'text': "Now let's discuss the various career paths that are actually available in cybersecurity.", 'start': 16309.421, 'duration': 4.222}, {'end': 16318.235, 'text': 'New cyber threats appear constantly and creating new and innovative career opportunities.', 'start': 16314.19, 'duration': 4.045}, {'end': 16323.441, 'text': 'And because any individual or organization is a potential target for cyber attacks.', 'start': 16318.676, 'duration': 4.765}], 'summary': 'Department of defense issues most security clearances, taking 3 months to a year. cybersecurity offers various career paths due to constant cyber threats.', 'duration': 38.981, 'max_score': 16284.46, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo16284460.jpg'}, {'end': 16423.453, 'src': 'embed', 'start': 16395.286, 'weight': 3, 'content': [{'end': 16398.308, 'text': 'such as information technology or database administration.', 'start': 16395.286, 'duration': 3.022}, {'end': 16402.11, 'text': 'Next up on our list of career paths is forensic computer analyst.', 'start': 16398.908, 'duration': 3.202}, {'end': 16406.22, 'text': 'The forensic computer analyst is the detective of the cybersecurity world.', 'start': 16402.677, 'duration': 3.543}, {'end': 16412.724, 'text': 'Forensic computer analysts review computers based information for evidence following a security breach or other incident.', 'start': 16406.779, 'duration': 5.945}, {'end': 16423.453, 'text': 'Tasks include handling hard drives and other storage devices and employing specialized software programs in order to identify vulnerabilities and recover data from damaged or destroyed devices.', 'start': 16413.285, 'duration': 10.168}], 'summary': 'Forensic computer analysts review computer-based information for evidence following security breaches or incidents.', 'duration': 28.167, 'max_score': 16395.286, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo16395286.jpg'}, {'end': 16460.161, 'src': 'embed', 'start': 16435.06, 'weight': 2, 'content': [{'end': 16441.142, 'text': 'They must also keep detailed and accurate logs and records of their findings, which are often used in litigation purposes.', 'start': 16435.06, 'duration': 6.082}, {'end': 16443.543, 'text': 'Now on the point of education requirements.', 'start': 16441.782, 'duration': 1.761}, {'end': 16451.975, 'text': "Employment as a forensic computer analyst normally requires holding a bachelor's degree in computer security, forensic computing or related subjects.", 'start': 16443.911, 'duration': 8.064}, {'end': 16456.999, 'text': 'Previous experience may also be necessary depending on the company that you are looking to be employed in.', 'start': 16452.356, 'duration': 4.643}, {'end': 16460.161, 'text': 'Next up, we have information security analyst.', 'start': 16457.598, 'duration': 2.563}], 'summary': "Forensic computer analysts need bachelor's degree and experience.", 'duration': 25.101, 'max_score': 16435.06, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo16435060.jpg'}], 'start': 15221.054, 'title': 'Cybersecurity careers', 'summary': 'Covers lucrative earning potential, age-inclusivity, top skills, and the increasing demand for cybersecurity engineers. it also discusses career paths, educational requirements, and high salaries in the cybersecurity domain. india has 14,000+ job vacancies, and the us has over 15,000 jobs available.', 'chapters': [{'end': 15389.915, 'start': 15221.054, 'title': 'Cybersecurity career opportunities', 'summary': 'Highlights the lucrative earning potential for senior security professionals, the age-inclusivity of the field, and the top five skills required, including intrusion detection system, coding, and the example of javascript as a valuable cyber security programming language.', 'duration': 168.861, 'highlights': ['The earning potential for senior security professionals in cybersecurity can surpass the average median by a vast amount, and it depends on merits.', 'Cybersecurity is age-inclusive, with many individuals opting for this field after the age of 50, making it a viable option post-retirement, especially for those with an IT background.', 'Intrusion detection system is a crucial skill for cybersecurity professionals, involving monitoring networks or systems for malicious activities or policy violations, and its job roles can range from a single computer to a large network system.', 'Knowing how to code is essential for cybersecurity professionals, as it helps defend against hacking techniques, and JavaScript is highlighted as one of the best programming languages for cybersecurity.', 'JavaScript is emphasized as one of the most popular and widespread programming languages for web development, and it is also considered one of the best cyber security programming languages to learn.']}, {'end': 16133.669, 'start': 15390.675, 'title': 'Cybersecurity trends and opportunities', 'summary': 'Discusses the increasing demand for cybersecurity engineers, driven by recent trends such as ransomware attacks, remote working cybersecurity risks, and the evolution of internet of things, with india having 14,000+ job vacancies and the us having over 15,000 jobs available. it also covers the role and skills required for cybersecurity engineers, as well as the roadmap to becoming one.', 'duration': 742.994, 'highlights': ['Demand for Cybersecurity Engineers The demand for cybersecurity engineers is driven by recent trends, including increasing ransomware attacks, remote working cybersecurity risks, and the evolution of Internet of Things, with over 14,000 job vacancies in India and over 15,000 job vacancies in the US.', 'Skills Required for Cybersecurity Engineer A cybersecurity engineer should be familiar with programming languages, operating systems, networking fundamentals, protocols, security aspects, web development, and CI/CD tools, as well as have hands-on experience with tools like Jenkins, GitLab, Travis, etc.', 'Roadmap to Becoming a Cybersecurity Engineer The roadmap to becoming a cybersecurity engineer involves gaining basic knowledge of programming languages, operating systems, networking fundamentals, protocols, security aspects, web development, and hands-on experience with tools like Jenkins, GitLab, Travis, etc.']}, {'end': 16485.167, 'start': 16134.409, 'title': 'Cybersecurity career paths', 'summary': "Discusses various career paths in cybersecurity, emphasizing the steps to start a career, including earning a bachelor's degree, completing advanced training, and passing a security clearance test. it also outlines key roles such as chief information security officer, forensic computer analyst, and information security analyst, detailing their responsibilities and educational requirements.", 'duration': 350.758, 'highlights': ["Forensic computer analysts review computers based information for evidence following a security breach or other incident, and employment as a forensic computer analyst normally requires holding a bachelor's degree in computer security, forensic computing or related subjects. Explains the responsibilities and educational requirements of forensic computer analysts.", "An information security analyst is responsible for the protection of an organization's computer system and networks, and employment as an information security analyst typically requires a bachelor's degree in a related field. Details the responsibilities and educational requirements of information security analysts.", 'CISOs are directly responsible for planning, coordinating, and directing all computer network and data security needs of the employers, and the position requires an individual with strong background in IT security architecture and strategy, as well as solid communication and personal management skills. Describes the role and necessary qualifications for Chief Information Security Officers (CISOs).']}, {'end': 16690.071, 'start': 16485.167, 'title': 'Cybersecurity career paths and salaries', 'summary': 'Discusses three cybersecurity career paths: information security analyst, penetration tester, and security architect, emphasizing the educational requirements, responsibilities, and the high salaries in the cybersecurity domain.', 'duration': 204.904, 'highlights': ['The high demand for skilled cybersecurity professionals has resulted in high wages and excellent benefits, with a CISO earning around $143,000 a year and IT security consultants earning around $80,000 a year. The explosion in demand for skilled cybersecurity professionals, combined with talent scarcity, has resulted in high wages and benefits, with a CISO earning around $143,000 a year and IT security consultants earning around $80,000 a year.', "The educational requirements for Information Security Analysts, Penetration Testers, and Security Architects, such as bachelor's degrees in computer science or information security, are discussed, with a growing trend towards specialized undergraduate degree programs in the information security field. The educational requirements for Information Security Analysts, Penetration Testers, and Security Architects, including the growing trend towards specialized undergraduate degree programs in the information security field, are discussed.", 'The responsibilities of Penetration Testers, including proactive authorized testing techniques, system vulnerability identification, and the need for creativity in methods, are highlighted. The responsibilities of Penetration Testers, including proactive authorized testing techniques, system vulnerability identification, and the need for creativity in methods, are highlighted.']}], 'duration': 1469.017, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo15221054.jpg', 'highlights': ['CISOs earn around $143,000 a year, and IT security consultants earn around $80,000 a year.', 'India has over 14,000 job vacancies, and the US has over 15,000 job vacancies in cybersecurity.', 'Intrusion detection system is a crucial skill for cybersecurity professionals, involving monitoring networks or systems for malicious activities or policy violations.', 'Knowing how to code, especially JavaScript, is essential for cybersecurity professionals to defend against hacking techniques.', 'Cybersecurity is age-inclusive, with many individuals opting for this field after the age of 50, making it a viable option post-retirement, especially for those with an IT background.', 'The demand for cybersecurity engineers is driven by recent trends, including increasing ransomware attacks, remote working cybersecurity risks, and the evolution of Internet of Things.', "Forensic computer analysts review computers based information for evidence following a security breach or other incident, and employment as a forensic computer analyst normally requires holding a bachelor's degree in computer security, forensic computing or related subjects.", 'Covers lucrative earning potential, age-inclusivity, top skills, and the increasing demand for cybersecurity engineers.', "The educational requirements for Information Security Analysts, Penetration Testers, and Security Architects, such as bachelor's degrees in computer science or information security, are discussed."]}, {'end': 17650.852, 'segs': [{'end': 17201.652, 'src': 'embed', 'start': 17162.437, 'weight': 0, 'content': [{'end': 17167.559, 'text': "which is why I'm going to discuss some of the best and popular certifications throughout the variety of industry.", 'start': 17162.437, 'duration': 5.122}, {'end': 17174.022, 'text': 'Accrediting organizations often divide their programs into three categories, entry level, intermediate, and expert level.', 'start': 17167.999, 'duration': 6.023}, {'end': 17181.985, 'text': 'Entry level certifications are meant to ground you in the basics, foundation principles, best practices, important tools, and latest technologies.', 'start': 17174.522, 'duration': 7.463}, {'end': 17189.244, 'text': 'Intermediate and expert level certification presume that you have extensive job experience and a detailed grasp of the subject matter.', 'start': 17182.699, 'duration': 6.545}, {'end': 17195.868, 'text': 'When it comes to getting the best cybersecurity certifications, the variety of options baffle the purchasers while selecting.', 'start': 17189.664, 'duration': 6.204}, {'end': 17201.652, 'text': 'Hence, to make a perfect decision, it is better to focus on the knowledge and experience that it comes with.', 'start': 17196.268, 'duration': 5.384}], 'summary': 'Discussing best certifications: entry, intermediate, expert levels. consider knowledge and experience for cybersecurity certs.', 'duration': 39.215, 'max_score': 17162.437, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo17162437.jpg'}, {'end': 17518.194, 'src': 'embed', 'start': 17488.125, 'weight': 4, 'content': [{'end': 17490.567, 'text': 'along with the best practices for mitigating those issues.', 'start': 17488.125, 'duration': 2.442}, {'end': 17494.249, 'text': 'Some topics have been updated while others have been realigned.', 'start': 17491.167, 'duration': 3.082}, {'end': 17506.396, 'text': "The result is an exam that most accurately reflects the hands-on technical IT skills and practical security knowledge required by practitioners to support an organization's mission and operations.", 'start': 17494.809, 'duration': 11.587}, {'end': 17508.878, 'text': 'Following are the domains of the certifications.', 'start': 17506.917, 'duration': 1.961}, {'end': 17518.194, 'text': 'access control, security, operation and administration, risk identification, monitoring and analysis, incident response and recovery, cryptography,', 'start': 17509.511, 'duration': 8.683}], 'summary': 'Updated exam reflects practical skills and knowledge in it security domains.', 'duration': 30.069, 'max_score': 17488.125, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo17488125.jpg'}, {'end': 17556.597, 'src': 'embed', 'start': 17526.057, 'weight': 7, 'content': [{'end': 17534.08, 'text': 'The Certified Ethical Hacker is an intermediate level certification focused on the prevention of most common attacks and securing systems and networks.', 'start': 17526.057, 'duration': 8.023}, {'end': 17542.989, 'text': 'CEH is designed to ensure a strong understanding of hacking practices, including footprinting, reconnaissance, scanning networks, SQL injections,', 'start': 17534.665, 'duration': 8.324}, {'end': 17547.212, 'text': 'worms and viruses, DOS attacks, social engineering and honeypots.', 'start': 17542.989, 'duration': 4.223}, {'end': 17556.597, 'text': 'CEH certification requires successfully completion of a four-hour 125-question multiple-choice cybersecurity examination with a minimum of 70% score.', 'start': 17547.912, 'duration': 8.685}], 'summary': 'Ceh certification focuses on preventing common attacks, covering hacking practices, and requires a 70% score in a 125-question exam.', 'duration': 30.54, 'max_score': 17526.057, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo17526057.jpg'}], 'start': 16690.071, 'title': 'Essential cybersecurity skills and certifications', 'summary': 'Covers essential skills including communication, teamwork, and problem-solving, along with a 37% job growth for information security analysts. it also discusses popular cybersecurity certifications, average salaries, and domains covered by entry-level, intermediate, and advanced certifications.', 'chapters': [{'end': 16797.755, 'start': 16690.071, 'title': 'Key skills for cybersecurity professionals', 'summary': 'Discusses the essential skills required for cybersecurity professionals, emphasizing the need for communication, teamwork, integrity, problem-solving, programming, and understanding of security principles and risk analysis.', 'duration': 107.684, 'highlights': ['Cybersecurity professionals must have strong written and verbal communication skills, as a job in the field requires them to communicate clearly and concisely with clients and executives. (Relevant to communication skills)', 'The ability to work in a team environment is crucial for cybersecurity professionals, as without a clear understanding of responsibilities and team integration, no job is possible. (Relevant to teamwork)', "Working in the cybersecurity field requires sensitivity to an organization's security vulnerability issues and the ability to tackle those issues in a way that engenders trust. (Relevant to integrity and discretion)", 'Solid organizational and problem-solving skills are essential for cybersecurity professionals due to the sheer mass and complexity of data involved in the business. (Relevant to problem-solving and organizational skills)', 'A cybersecurity professional must have programming skills, as a variety of scripts and programming tools are often required to design effective cybersecurity programs. (Relevant to programming skills)', 'Understanding security principles such as the CIA triad, confidentiality, authentication, privacy, and access controls is crucial for cybersecurity professionals. (Relevant to understanding security principles)', "Cybersecurity professionals must be excellent at risk analysis to assess a client's security needs in light of its organizational goals, requiring knowledge of risk analysis principles. (Relevant to risk analysis)", 'A good understanding of network protocols is essential for cybersecurity professionals, as it is constantly relevant to their work. (Relevant to network protocols)']}, {'end': 17054.461, 'start': 16797.755, 'title': 'Cybersecurity skills, tools, and career prospects', 'summary': 'Outlines the essential skills required for a cybersecurity professional, key technologies used in cybersecurity, and the future prospects of cybersecurity careers, including a 37% job growth for information security analysts from 2012 to 2022.', 'duration': 256.706, 'highlights': ['Access management and cloud-based security are among the most pressing areas of cybersecurity technology today. Access management and cloud-based security are crucial areas of focus in cybersecurity technology, providing additional protection for security gaps and a variety of tools for network protection.', 'Cybersecurity job growth is projected to be 37% from 2012 to 2022 for information security analysts, outpacing all computer occupations. The job growth for information security analysts from 2012 to 2022 is projected to be 37%, surpassing the growth rates for all computer occupations and occupations as a whole.', 'Computer and information system engineers have an annual salary of $120,000 and a 15% growth rate, making it a lucrative career option. Computer and information system engineers have an annual salary of $120,000 along with a 15% growth rate, making it an attractive and lucrative career option.']}, {'end': 17650.852, 'start': 17054.461, 'title': 'Cybersecurity certifications and career paths', 'summary': 'Discusses the importance of cybersecurity certifications in different job roles, the average salaries in the it security community, and the requirements and domains covered by popular entry-level, intermediate, and advanced certifications such as comptia security plus, gsec, sscp, ceh, and cisa.', 'duration': 596.391, 'highlights': ['Average Salaries in IT Security Community Computer network architect makes around $91,000 a year, a computer programmer makes around $75,000 a year, while a computer network support specialist makes around $60,000 a year.', 'Importance of Cybersecurity Certifications Cybersecurity certifications are becoming a norm in many job descriptions today, and organizations seek quantifiable ways of measuring prospective employee expertise. DOD directives state that certain positions in the security department require one or more certifications to prove the necessary knowledge and competency.', 'Entry-Level Certifications Popular entry-level certifications include CompTIA Security Plus, GSEC, and SSCP, each with specific requirements and domains covered.', 'Domains Covered by CompTIA Security Plus CompTIA Security Plus covers domains like network security, access control, identity management, cryptographic concepts, application data, host security, compliance and operational, and threats and vulnerabilities.']}], 'duration': 960.781, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo16690071.jpg', 'highlights': ['Cybersecurity job growth projected at 37% for information security analysts', 'Importance of cybersecurity certifications in job descriptions and DOD directives', 'Computer and information system engineers have an annual salary of $120,000 and a 15% growth rate', 'Average salaries: computer network architect $91,000, computer programmer $75,000, computer network support specialist $60,000', 'CompTIA Security Plus covers domains like network security, access control, identity management, cryptographic concepts, and more', 'Cybersecurity professionals must have strong communication, teamwork, problem-solving, and organizational skills', 'Access management and cloud-based security are crucial areas of focus in cybersecurity technology', 'Understanding security principles such as the CIA triad, confidentiality, authentication, privacy, and access controls is crucial for cybersecurity professionals', 'A cybersecurity professional must have programming skills for designing effective cybersecurity programs', 'Good understanding of network protocols is essential for cybersecurity professionals', "Cybersecurity professionals must be excellent at risk analysis to assess a client's security needs"]}, {'end': 19695.193, 'segs': [{'end': 17697.148, 'src': 'embed', 'start': 17674.06, 'weight': 6, 'content': [{'end': 17681.062, 'text': 'The CISM validates a vast range of cybersecurity skills and recognizes managers who promote these international security practices.', 'start': 17674.06, 'duration': 7.002}, {'end': 17686.904, 'text': 'If you are interested in IT security management, the CISM provides a multitude of opportunities.', 'start': 17681.503, 'duration': 5.401}, {'end': 17689.245, 'text': 'While anyone can take the exam.', 'start': 17687.445, 'duration': 1.8}, {'end': 17697.148, 'text': "maintaining the certifications require 20 hours of continuing education every year and compliance with ICACA's Code of Professional Ethics.", 'start': 17689.245, 'duration': 7.903}], 'summary': 'Cism certifies cybersecurity skills, requires 20 hours of annual education, open to all', 'duration': 23.088, 'max_score': 17674.06, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo17674060.jpg'}, {'end': 17940.485, 'src': 'embed', 'start': 17903.921, 'weight': 5, 'content': [{'end': 17909.484, 'text': 'Are you looking to get into the technical aspect of security, such as penetration testing or incident response,', 'start': 17903.921, 'duration': 5.563}, {'end': 17913.606, 'text': 'or are you interested in advancing your career into the management side of security?', 'start': 17909.484, 'duration': 4.122}, {'end': 17921.691, 'text': 'Choosing the right entry-level certification can be a bit tricky because, on one hand, there are certifications related to things that interest you,', 'start': 17913.966, 'duration': 7.725}, {'end': 17923.031, 'text': 'but you have zero experience with.', 'start': 17921.691, 'duration': 1.34}, {'end': 17927.314, 'text': 'In this case, how does one obtain the experience? One simple word, volunteer.', 'start': 17923.372, 'duration': 3.942}, {'end': 17931.677, 'text': 'Volunteer your service in exchange for mentoring from an experienced professional.', 'start': 17927.794, 'duration': 3.883}, {'end': 17936.461, 'text': 'Another option is to seek out online communities and associations of professionals.', 'start': 17932.038, 'duration': 4.423}, {'end': 17940.485, 'text': 'Join these organizations and participate with them to gain experience needed.', 'start': 17936.922, 'duration': 3.563}], 'summary': 'Consider volunteering or joining professional communities to gain experience in technical security or security management.', 'duration': 36.564, 'max_score': 17903.921, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo17903921.jpg'}, {'end': 18122.875, 'src': 'embed', 'start': 18093.369, 'weight': 0, 'content': [{'end': 18098.631, 'text': 'apart from that, Python enables cybersecurity managers who lead the team to implement projects quickly.', 'start': 18093.369, 'duration': 5.262}, {'end': 18104.777, 'text': 'as python has extensive set of libraries, which means that cyber security tools are already available.', 'start': 18099.271, 'duration': 5.506}, {'end': 18111.684, 'text': 'and finally, we all know, python can be used for accomplishing multiple tasks, such as host discovery, accessing servers,', 'start': 18104.777, 'duration': 6.907}, {'end': 18113.386, 'text': 'port scanning and network scanning.', 'start': 18111.684, 'duration': 1.702}, {'end': 18116.248, 'text': 'this helps cyber security professionals to keep up with the task.', 'start': 18113.386, 'duration': 2.862}, {'end': 18117.41, 'text': 'Moving ahead.', 'start': 18116.869, 'duration': 0.541}, {'end': 18122.875, 'text': 'We have JavaScript JavaScript is one of the most popular and widespread programming language.', 'start': 18117.47, 'duration': 5.405}], 'summary': 'Python accelerates cybersecurity projects with extensive libraries and multifunctional capabilities, while javascript is a popular programming language.', 'duration': 29.506, 'max_score': 18093.369, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo18093369.jpg'}, {'end': 18239.95, 'src': 'embed', 'start': 18217.219, 'weight': 2, 'content': [{'end': 18225.461, 'text': "If you're not careful about how you built it, this learning PHP programming language can help you identify and solve vulnerabilities in the PHP code.", 'start': 18217.219, 'duration': 8.242}, {'end': 18226.641, 'text': 'Moving ahead.', 'start': 18226.041, 'duration': 0.6}, {'end': 18231.004, 'text': 'We have SQL SQL is a domain specific language used in programming.', 'start': 18226.681, 'duration': 4.323}, {'end': 18239.95, 'text': 'It manages the data stored in database with organizations getting more data-driven SQL is most sort out programming language for managing databases.', 'start': 18231.404, 'duration': 8.546}], 'summary': 'Learning php programming language helps identify and solve vulnerabilities. sql is a sought-after language for managing databases.', 'duration': 22.731, 'max_score': 18217.219, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo18217219.jpg'}, {'end': 19626.571, 'src': 'embed', 'start': 19589.8, 'weight': 9, 'content': [{'end': 19592.762, 'text': 'So now we have to convert our message back to whatever it was.', 'start': 19589.8, 'duration': 2.962}, {'end': 19601.829, 'text': "So we'll just give it as message or before that we have to create our dictionary, right? So we'll give it as decryptor, D-E-C-R-I-P-T-E-R.", 'start': 19593.263, 'duration': 8.566}, {'end': 19606.252, 'text': 'So decryptor is nothing but dictionary, which is nothing,', 'start': 19602.389, 'duration': 3.863}, {'end': 19611.696, 'text': 'but obviously the values will be here first because we are receiving the values and then the keys.', 'start': 19606.252, 'duration': 5.444}, {'end': 19613.598, 'text': "So it's going to be decrypt key.", 'start': 19612.497, 'duration': 1.101}, {'end': 19616.68, 'text': 'Fine I hope you all understand till here.', 'start': 19614.378, 'duration': 2.302}, {'end': 19626.571, 'text': 'and now, finally, what we are going to do is convert our message back to what it was, so message then then i have join.', 'start': 19617.364, 'duration': 9.207}], 'summary': 'Creating a decryptor dictionary to convert message back.', 'duration': 36.771, 'max_score': 19589.8, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo19589800.jpg'}, {'end': 19671.003, 'src': 'embed', 'start': 19638.459, 'weight': 8, 'content': [{'end': 19645.544, 'text': 'and where we get this words from, for loop, for words, in whatever the message we have received, right.', 'start': 19638.459, 'duration': 7.085}, {'end': 19646.365, 'text': "so it's going to be here.", 'start': 19645.544, 'duration': 0.821}, {'end': 19650.164, 'text': 'we understand this.', 'start': 19648.943, 'duration': 1.221}, {'end': 19662.335, 'text': "and now, once we have our decrypted message, what we'll do is we'll just print our message, fine, and now, before that.", 'start': 19650.164, 'duration': 12.171}, {'end': 19671.003, 'text': "so if this fellow doesn't give the correct key input, so we'll just say here, else print.", 'start': 19662.335, 'duration': 8.668}], 'summary': 'Decrypted message printed if correct key input, else print.', 'duration': 32.544, 'max_score': 19638.459, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo19638459.jpg'}], 'start': 17651.488, 'title': 'It security certifications & cybersecurity projects', 'summary': 'Provides an overview of it security certifications like cisa, cism, crisc, and cissp, along with guidance for choosing the right certification. it also discusses the significance of python, javascript, php, and sql in cybersecurity and offers hands-on project ideas. additionally, it covers various cyber security project ideas, caesar cipher encryption, and implementing secure communication.', 'chapters': [{'end': 18093.369, 'start': 17651.488, 'title': 'It security certifications overview', 'summary': 'Provides an overview of various it security certifications including cisa, cism, crisc, and cissp, outlining their domains, requirements, and relevance to cybersecurity professionals, while also offering guidance on choosing the right certification based on experience, career goals, and available positions.', 'duration': 441.881, 'highlights': ['CISSP Certification Overview CISSP, a gold standard in InfoSec certifications, entails a six-hour 250-question exam and requires a minimum of five years of security professional experience, with a recertification requirement of 120 hours of continuing education every three years and a yearly fee of $85, making it an intensive yet highly valued certification.', "CISM Certification Overview CISM, geared towards seasoned IT managers and security professionals, demands 20 hours of continuing education annually and adherence to ICACA's Code of Professional Ethics, validating a wide range of cybersecurity skills and emphasizing the domains of information security governance, risk management, and incident management and response.", 'CRISC Certification Overview CRISC focuses on understanding IT risk in the organizational context, requiring a minimum of three years of relevant experience, and covering risk identification, assessment, response, monitoring, and reporting, making it essential for C-suite executives and compliance, risk, and privacy officers.', 'Choosing the Right Certification Aspiring cybersecurity professionals are guided to consider their experience, career goals, and available positions to select the appropriate entry-level, intermediate, or expert certification, emphasizing the importance of gaining practical experience through volunteering and engaging in online communities and associations.', 'Relevance of C and C++ in Cybersecurity The significance of learning C and C++ for cybersecurity is highlighted due to their low-level access to hardware, making them essential for reverse engineering, vulnerability discovery, and understanding open source code, with many cybersecurity programs, including nmap, being developed using C++.', "Python in Cybersecurity Python's versatility, high-level scripting, and suitability for general-purpose tasks make it ideal for cybersecurity professionals, enabling diverse functions such as data management, big data analysis, penetration testing, and scanning."]}, {'end': 18393.641, 'start': 18093.369, 'title': 'Top cybersecurity programming languages & projects', 'summary': 'Discusses the importance of python, javascript, php, and sql in cybersecurity, emphasizing their roles in implementing projects quickly, securing websites, and managing databases. it also provides hands-on project ideas, such as developing a key logger and breaking a caesar cipher, to gain practical experience in cybersecurity concepts.', 'duration': 300.272, 'highlights': ["Python enables cybersecurity managers to implement projects quickly with its extensive set of libraries, aiding in tasks such as host discovery, accessing servers, port scanning, and network scanning. Python's extensive libraries enable quick project implementation and support tasks like host and network scanning.", 'JavaScript is one of the top-rated programming languages for web development and is essential for building front-end, back-end, mobile, desktop, and game development applications. JavaScript is crucial for web development, including front-end, back-end, mobile, desktop, and game applications.', 'PHP powers 80% of the top 10 million websites, making it the dominant server-side language, and its knowledge is essential for defending against intruders and mitigating vulnerabilities in PHP code. PHP is dominant in server-side web development and is crucial for defending against intruders and identifying PHP vulnerabilities.', 'SQL is the most sought-after programming language for managing databases, allowing access to records with single commands, and its knowledge is crucial for making databases more secure and defending against SQL injection attacks. SQL is essential for managing databases and defending against SQL injection attacks for database security.', 'The chapter underlines that there is no one best programming language for cybersecurity and emphasizes the importance of creating a perfect cybersecurity strategy regardless of the programming language used. The chapter stresses the importance of creating a successful cybersecurity strategy regardless of the programming language used.', 'The chapter suggests hands-on projects such as developing a key logger to understand cybersecurity concepts and principles practically. Developing a key logger is recommended as a hands-on project for practical understanding of cybersecurity concepts.', 'The chapter recommends breaking a Caesar cipher as a project to gain practical experience in cybersecurity concepts. Breaking a Caesar cipher is suggested as a project for gaining practical experience in cybersecurity concepts.']}, {'end': 18793.534, 'start': 18394.341, 'title': 'Cyber security project ideas', 'summary': 'Covers project ideas in cyber security, including building a web app to break caesar ciphers, exploring packet sniffing, and implementing sql vulnerability assessment, with a brief overview of cryptography and examples of encryption algorithms.', 'duration': 399.193, 'highlights': ['The chapter covers project ideas in cyber security, including building a web app to break Caesar ciphers It mentions building a small web app to break Caesar ciphers and how it can be a great project for beginners.', 'Exploring packet sniffing, and implementing SQL vulnerability assessment It discusses the importance of packet sniffing and SQL vulnerability assessment in the field of cyber security and their relevance for projects.', 'Brief overview of cryptography and examples of encryption algorithms It provides a brief overview of cryptography, including the process of converting plain text into encoded text and examples of encryption algorithms using a reverse algorithm and a dictionary.']}, {'end': 19105.621, 'start': 18794.639, 'title': 'Caesar cipher encryption', 'summary': 'Explains the implementation of a caesar cipher encryption algorithm using python, including the creation of a dictionary for encryption and decryption, and demonstrates its functionality with an example message and card details.', 'duration': 310.982, 'highlights': ["The process of creating a dictionary for encryption and decryption is detailed, including the use of 'zip' for key-value pairing and the reversal of key-value pairs for decryption. The method of creating a dictionary for encryption and decryption using 'zip' and reversing key-value pairs for decryption is explained, providing a clear understanding of the implementation process.", 'Demonstration of the encryption process using an example message is provided, including the handling of uppercase letters and the use of list comprehension. A demonstration of the encryption process is given, showcasing the handling of uppercase letters and the use of list comprehension to form the encrypted message.', 'The functionality of the decryption process is exemplified using card details as an example, emphasizing the importance of encryption in securing sensitive information. The functionality of the decryption process is exemplified using card details as an example, highlighting the significance of encryption in safeguarding sensitive information.']}, {'end': 19695.193, 'start': 19106.042, 'title': 'Implementing secure communication', 'summary': 'Demonstrates how to implement secure communication using encryption algorithms and socket programming, with a focus on creating a server, encrypting messages, and implementing two layers of security for sender and receiver.', 'duration': 589.151, 'highlights': ['Demonstrating creation of a server and implementation of three parties for secure communication The chapter outlines the creation of a server and the implementation of three parties - authentic sender, authentic receiver, and a third-party intruder - for secure communication.', 'Explanation of encrypting messages and implementing encryption keys for secure communication The transcript explains the process of encrypting messages and implementing encryption keys to enhance the security of communication.', 'Detailing the implementation of two layers of security for sender and receiver using encryption keys The chapter details the implementation of two layers of security for sender and receiver, requiring the input of correct encryption key size before proceeding to the next step.']}], 'duration': 2043.705, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo17651488.jpg', 'highlights': ['CISSP Certification Overview: A gold standard in InfoSec certifications, entails a six-hour 250-question exam and requires a minimum of five years of security professional experience, with a recertification requirement of 120 hours of continuing education every three years and a yearly fee of $85.', "CISM Certification Overview: Geared towards seasoned IT managers and security professionals, demands 20 hours of continuing education annually and adherence to ICACA's Code of Professional Ethics, validating a wide range of cybersecurity skills and emphasizing the domains of information security governance, risk management, and incident management and response.", 'CRISC Certification Overview: Focuses on understanding IT risk in the organizational context, requiring a minimum of three years of relevant experience, and covering risk identification, assessment, response, monitoring, and reporting, essential for C-suite executives and compliance, risk, and privacy officers.', "Python's versatility, high-level scripting, and suitability for general-purpose tasks make it ideal for cybersecurity professionals, enabling diverse functions such as data management, big data analysis, penetration testing, and scanning.", 'Choosing the Right Certification: Aspiring cybersecurity professionals are guided to consider their experience, career goals, and available positions to select the appropriate entry-level, intermediate, or expert certification, emphasizing the importance of gaining practical experience through volunteering and engaging in online communities and associations.', 'PHP powers 80% of the top 10 million websites, making it the dominant server-side language, and its knowledge is essential for defending against intruders and mitigating vulnerabilities in PHP code.', 'SQL is the most sought-after programming language for managing databases, allowing access to records with single commands, and its knowledge is crucial for making databases more secure and defending against SQL injection attacks.', 'The chapter suggests hands-on projects such as developing a key logger to understand cybersecurity concepts and principles practically.', 'The chapter recommends breaking a Caesar cipher as a project to gain practical experience in cybersecurity concepts.', 'The chapter outlines the creation of a server and the implementation of three parties - authentic sender, authentic receiver, and a third-party intruder - for secure communication.']}, {'end': 20636.89, 'segs': [{'end': 19720.903, 'src': 'embed', 'start': 19695.253, 'weight': 2, 'content': [{'end': 19701.616, 'text': 'Okay So before this, we have to encrypt this into form of bytes, which will be encrypted in the form of bytes.', 'start': 19695.253, 'duration': 6.363}, {'end': 19705.838, 'text': "Right And then we have message, which algorithm I'm using here.", 'start': 19701.656, 'duration': 4.182}, {'end': 19706.538, 'text': "So it's going to be UT.", 'start': 19705.898, 'duration': 0.64}, {'end': 19711.44, 'text': 'f, hyphen 8 perfect.', 'start': 19708.539, 'duration': 2.901}, {'end': 19714.001, 'text': 'so let me quickly jump here.', 'start': 19711.44, 'duration': 2.561}, {'end': 19720.903, 'text': 'okay, and let me pass this value here as well, because this host name should be same right.', 'start': 19714.001, 'duration': 6.902}], 'summary': 'Encrypting data into bytes for encryption using algorithm ut.', 'duration': 25.65, 'max_score': 19695.253, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo19695253.jpg'}, {'end': 20223.116, 'src': 'embed', 'start': 20198.517, 'weight': 0, 'content': [{'end': 20205.544, 'text': 'including banking data of 40 million customers and personal data which included names, postal address, telephone numbers and emails.', 'start': 20198.517, 'duration': 7.027}, {'end': 20213.789, 'text': 'and it was not the Target, would discover that I, the American Secret Service, who detected abnormal banking movement and formed the brand,', 'start': 20206.164, 'duration': 7.625}, {'end': 20215.711, 'text': 'according to several US security services.', 'start': 20213.789, 'duration': 1.922}, {'end': 20217.972, 'text': 'The hacker group was located in Eastern Europe.', 'start': 20215.871, 'duration': 2.101}, {'end': 20223.116, 'text': 'It had installed malware in the cash registers to read information from credit card terminals.', 'start': 20218.613, 'duration': 4.503}], 'summary': 'Hacker group in eastern europe accessed 40m banking customer data, prompting american secret service intervention.', 'duration': 24.599, 'max_score': 20198.517, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo20198517.jpg'}, {'end': 20339.376, 'src': 'embed', 'start': 20299.625, 'weight': 1, 'content': [{'end': 20307.072, 'text': 'Detected in 2017 it contained personal data, which had names yet of birth social security numbers and driver license numbers.', 'start': 20299.625, 'duration': 7.447}, {'end': 20314.399, 'text': 'It contains information of about 143 million Americans Canadians and British customers as well as 200,000 credit card numbers.', 'start': 20307.692, 'duration': 6.707}, {'end': 20318.723, 'text': 'So, moving ahead, we have a cyber attack which occurred in South Korea.', 'start': 20314.999, 'duration': 3.724}, {'end': 20325.269, 'text': 'South Korea learned in January 2014 that data from about 100 million credit cards have been stolen over the course of several years.', 'start': 20318.723, 'duration': 6.546}, {'end': 20332.052, 'text': 'In addition to that, 20 million bank accounts have been hijacked for fear of having their bank accounts emptied.', 'start': 20325.889, 'duration': 6.163}, {'end': 20336.294, 'text': 'more than 200 million South Koreans had their credit card blocked or replaced.', 'start': 20332.052, 'duration': 4.242}, {'end': 20339.376, 'text': 'behind the theft was an employee of South Korean credit bureau.', 'start': 20336.294, 'duration': 3.082}], 'summary': 'Data breach in 2017 exposed personal info of 143m people, 200k credit card numbers. south korea experienced cyber attack in 2014 affecting 100m credit cards and 20m bank accounts.', 'duration': 39.751, 'max_score': 20299.625, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo20299625.jpg'}], 'start': 19695.253, 'title': 'Cyber security and threats', 'summary': "Covers encryption processes and message transfer vulnerabilities, top cyber attacks including adobe, target, sony, equifax, and south korea incidents with quantifiable data, and the marriott data breach compromising 500 million guests' information. it also addresses prevalent cyber security challenges in india and anticipates future demand for cyber security professionals and integration of ai and automation.", 'chapters': [{'end': 20099.842, 'start': 19695.253, 'title': 'Encryption and message transfer', 'summary': 'Demonstrates the process of encrypting and transferring messages between a server, client, and hacker, highlighting the importance of encryption keys and the vulnerability of public wi-fi networks.', 'duration': 404.589, 'highlights': ['Encryption keys are essential for securing messages, as demonstrated by the process of encrypting and transferring messages between a server and client, ensuring authorized access and preventing unauthorized access.', 'The vulnerability of public Wi-Fi networks is highlighted as a potential security risk, as hackers can easily access port numbers, bypassing security systems and obtaining sensitive information, emphasizing the importance of secure communication channels.', 'The demonstration of encryption implementation and message transfer processes provides practical insights into the importance of secure communication protocols and the potential vulnerabilities associated with unauthorized access.', 'The process of encrypting and transferring messages between a server, client, and hacker showcases the potential risks of unauthorized access and the significance of robust encryption mechanisms in maintaining data security and integrity.']}, {'end': 20358.665, 'start': 20100.122, 'title': 'Top cyber attacks in history', 'summary': 'Discusses some of the top cyber attacks in history, including the adobe, target, sony, equifax, and south korea incidents, with quantifiable data on the number of affected accounts, stolen data, and settlement amounts.', 'duration': 258.543, 'highlights': ['Adobe suffered a massive attack in October 2013, where personal information of about 22.9 million accounts, including login IDs, passwords, and credit card numbers, were stolen, affecting about 150 million accounts. The Adobe attack in 2013 compromised personal information of about 22.9 million accounts, including login IDs, passwords, and credit card numbers, affecting about 150 million accounts.', 'Target was a victim of a large-scale cyber attack in December 2013, with data from about 110 million customers being hijacked, including banking data of 40 million customers and personal data of names, postal addresses, telephone numbers, and emails. Target experienced a large-scale cyber attack in December 2013, with data from about 110 million customers being hijacked, including banking data of 40 million customers and personal data, leading to a settlement of over 18 million dollars for state investigation.', "Sony's PlayStation Network was attacked in April 2011, leading to the leakage of personal data of 77 million users and compromising banking information of tens and thousands of players. Sony's PlayStation Network was attacked in April 2011, resulting in the leakage of personal data of 77 million users and compromising banking information of tens and thousands of players.", 'Equifax suffered a cyber security attack in 2017, affecting personal data of about 143 million Americans, Canadians, and British customers, as well as 200,000 credit card numbers. Equifax suffered a cyber security attack in 2017, affecting personal data of about 143 million Americans, Canadians, and British customers, as well as 200,000 credit card numbers.', 'Data from about 100 million credit cards was stolen in South Korea in January 2014, and more than 200 million South Koreans had their credit cards blocked or replaced due to the cyber attack. In January 2014, South Korea experienced a cyber attack where data from about 100 million credit cards was stolen, leading to more than 200 million South Koreans having their credit cards blocked or replaced.']}, {'end': 20636.89, 'start': 20359.165, 'title': 'Marriott data breach and future cyber security', 'summary': "Discusses the marriott data breach compromising 500 million guests' information, along with the prevalent cyber security challenges in india, such as ransomware, iot, cloud, and phishing attacks, and anticipates the future demand for cyber security professionals and the integration of ai and automation in cyber security measures.", 'duration': 277.725, 'highlights': ['The Marriott data breach compromised information of about 500 million guests, including banking details and dates of birth, with the hacking taking place since 2014 and being detected in September 2018. The breach at Marriott exposed data of approximately 500 million guests, encompassing sensitive information like banking details and dates of birth, with the unauthorized access and copying of data occurring since 2014 and being discovered in September 2018.', "Ransomware attacks have affected around 82% of India's organizations in the last six months, posing a significant cyber security challenge, particularly for businesses. Ransomware attacks have impacted about 82% of organizations in India over the last six months, creating a major challenge for businesses and individuals due to the prevention of data access until a ransom is paid.", 'The increasing adoption of IoT devices, expected to reach 106 billion by 2021, brings about the challenge of safeguarding sensitive user data from IoT attacks, making it a crucial cyber security challenge. The rapid adoption of IoT devices, projected to reach 106 billion by 2021, presents a critical cyber security challenge in safeguarding sensitive user data from potential IoT attacks, emphasizing the need for enhanced security measures.', 'Hacking cloud platforms for stealing user data and the prevalence of phishing attacks, particularly in India, remain significant challenges in the cyber security domain. Hacking cloud platforms to pilfer user data and the prevalent phishing attacks, especially in India, continue to pose major challenges within the cyber security landscape, underscoring the importance of robust security measures.', 'The increasing rate of cyber crime underscores the high demand for cyber security professionals, with the future expecting integration of AI and automation to enhance security measures. The escalating frequency of cyber crimes highlights the critical demand for cyber security professionals, with the future anticipating the integration of AI and automation to fortify security measures and combat evolving threats.']}], 'duration': 941.637, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo19695253.jpg', 'highlights': ["Ransomware attacks have affected around 82% of India's organizations in the last six months, posing a significant cyber security challenge, particularly for businesses.", 'The Marriott data breach compromised information of about 500 million guests, including banking details and dates of birth, with the hacking taking place since 2014 and being detected in September 2018.', 'The increasing rate of cyber crime underscores the high demand for cyber security professionals, with the future expecting integration of AI and automation to enhance security measures.', 'Data from about 100 million credit cards was stolen in South Korea in January 2014, and more than 200 million South Koreans had their credit cards blocked or replaced due to the cyber attack.', 'Adobe suffered a massive attack in October 2013, where personal information of about 22.9 million accounts, including login IDs, passwords, and credit card numbers, were stolen, affecting about 150 million accounts.']}, {'end': 22075.394, 'segs': [{'end': 20701.587, 'src': 'embed', 'start': 20679.744, 'weight': 3, 'content': [{'end': 20688.835, 'text': 'They hack into a system with prior permission to find out vulnerabilities so that they can be fixed before a person with malicious intents finds them and does his job with it.', 'start': 20679.744, 'duration': 9.091}, {'end': 20691.818, 'text': 'After that, we have black hat hackers now.', 'start': 20689.435, 'duration': 2.383}, {'end': 20699.805, 'text': 'black hat hackers, also known as crackers, are those who hack in order to gain unauthorized access to a system and harm its operations,', 'start': 20691.818, 'duration': 7.987}, {'end': 20701.587, 'text': 'or steal sensitive information.', 'start': 20699.805, 'duration': 1.782}], 'summary': 'Ethical hackers find and fix vulnerabilities to prevent malicious attacks. black hat hackers gain unauthorized access to harm or steal.', 'duration': 21.843, 'max_score': 20679.744, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo20679744.jpg'}, {'end': 20752.335, 'src': 'embed', 'start': 20723.581, 'weight': 5, 'content': [{'end': 20728.842, 'text': "they exploit a security weakness in the computer system or network without the owner's permission or knowledge.", 'start': 20723.581, 'duration': 5.261}, {'end': 20735.644, 'text': 'their intent is to bring the weakness to the attention of the owners and getting appreciation in form of a little bounty from the owners.', 'start': 20728.842, 'duration': 6.802}, {'end': 20738.444, 'text': 'last but not least, there are suicide hackers.', 'start': 20735.644, 'duration': 2.8}, {'end': 20740.465, 'text': 'last but not least, we have suicide hackers.', 'start': 20738.444, 'duration': 2.021}, {'end': 20746.213, 'text': 'Now. a suicide hacker is a person who works with the intent to bring down major corporations and infrastructure.', 'start': 20741.152, 'duration': 5.061}, {'end': 20752.335, 'text': 'These kinds of hackers are not scared of the consequences of their actions as they mostly work with vengeance in their mind.', 'start': 20746.453, 'duration': 5.882}], 'summary': 'Some hackers exploit security weaknesses for bounty, while others, known as suicide hackers, work to bring down major corporations and infrastructure with vengeance in mind.', 'duration': 28.754, 'max_score': 20723.581, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo20723581.jpg'}, {'end': 20965.378, 'src': 'embed', 'start': 20936.187, 'weight': 4, 'content': [{'end': 20939.351, 'text': 'So this phase where you understand your target is reconnaissance.', 'start': 20936.187, 'duration': 3.164}, {'end': 20945.566, 'text': 'So reconnaissance is basically the phase where the ethical hacker collects information about the target,', 'start': 20940.143, 'duration': 5.423}, {'end': 20949.469, 'text': "so that it's easy for him to understand how to actually hack the target.", 'start': 20945.566, 'duration': 3.903}, {'end': 20955.652, 'text': 'So some of the basic information you would want to collect are the first one would be the IP address of the target.', 'start': 20949.849, 'duration': 5.803}, {'end': 20959.034, 'text': 'Suppose you are trying to hack a particular system in a network.', 'start': 20955.672, 'duration': 3.362}, {'end': 20965.378, 'text': 'Then you would want to know the IP address of the target because you know, the IP address uniquely identifies the system in the network.', 'start': 20959.374, 'duration': 6.004}], 'summary': 'Reconnaissance involves collecting target information including ip address for hacking.', 'duration': 29.191, 'max_score': 20936.187, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo20936187.jpg'}, {'end': 21002.066, 'src': 'embed', 'start': 20974.688, 'weight': 0, 'content': [{'end': 20978.572, 'text': "You don't know which computer or which system has got the lowest security.", 'start': 20974.688, 'duration': 3.884}, {'end': 20984.82, 'text': 'So to check that you would need the IP address range of the whole organization or the network.', 'start': 20978.652, 'duration': 6.168}, {'end': 20990.219, 'text': 'The next thing you would want to know is the network you would want to know the architecture of the network.', 'start': 20985.316, 'duration': 4.903}, {'end': 20993.821, 'text': 'And finally you would want to know about the DNS record.', 'start': 20990.579, 'duration': 3.242}, {'end': 21002.066, 'text': 'So these are very basic things very basic information to collect about your target and depending on what your target is this information might vary.', 'start': 20993.901, 'duration': 8.165}], 'summary': 'To assess security, obtain ip range, network architecture, and dns record.', 'duration': 27.378, 'max_score': 20974.688, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo20974688.jpg'}, {'end': 21151.092, 'src': 'embed', 'start': 21118.458, 'weight': 7, 'content': [{'end': 21120.659, 'text': 'the IP address drains and such information.', 'start': 21118.458, 'duration': 2.201}, {'end': 21124.134, 'text': 'The next tool you can use is who is lookup?', 'start': 21121.232, 'duration': 2.902}, {'end': 21132.74, 'text': "who is lookup is a browser-based query and response tool, and it's mainly used to get the registration and delegation details of your target.", 'start': 21124.134, 'duration': 8.606}, {'end': 21136.182, 'text': 'So suppose your target application requires a login.', 'start': 21133.22, 'duration': 2.962}, {'end': 21143.007, 'text': 'So maybe the username is the email ID and using who is lookup you can find out who the website is registered to,', 'start': 21136.302, 'duration': 6.705}, {'end': 21146.049, 'text': 'the contact information and many other information.', 'start': 21143.007, 'duration': 3.042}, {'end': 21151.092, 'text': "So these information will play a vital role when you're actually trying to hack the application.", 'start': 21146.389, 'duration': 4.703}], 'summary': 'Whois lookup tool provides registration details for hacking applications.', 'duration': 32.634, 'max_score': 21118.458, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo21118458.jpg'}, {'end': 21801.875, 'src': 'embed', 'start': 21779.398, 'weight': 2, 'content': [{'end': 21787.684, 'text': "so that the Target doesn't know that someone has hacked the Target first of all, and if at all he knows that his system was hacked,", 'start': 21779.398, 'duration': 8.286}, {'end': 21791.908, 'text': "then he shouldn't be able to trace back who this hacker was.", 'start': 21787.684, 'duration': 4.224}, {'end': 21799.392, 'text': 'So covering tracks is a phase where the hacker hides his identity and also the way the expert has happened.', 'start': 21792.685, 'duration': 6.707}, {'end': 21801.875, 'text': "So he wouldn't want the target to know how he was hacked.", 'start': 21799.512, 'duration': 2.363}], 'summary': 'Hacker aims to conceal identity and method, preventing target detection.', 'duration': 22.477, 'max_score': 21779.398, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo21779398.jpg'}, {'end': 22075.394, 'src': 'embed', 'start': 22034.54, 'weight': 6, 'content': [{'end': 22043.889, 'text': 'A student of a university launched a DOS attack with 70 plus computers on 50 plus networks, which affected a lot of commercial websites such as eBay,', 'start': 22034.54, 'duration': 9.349}, {'end': 22050.095, 'text': 'Amazon, Etc, due to which these commercial sites face a lot of business loss.', 'start': 22043.889, 'duration': 6.206}, {'end': 22051.016, 'text': 'and the final hack.', 'start': 22050.095, 'duration': 0.921}, {'end': 22053.478, 'text': "I'm going to talk about in this session is the novel hack.", 'start': 22051.056, 'duration': 2.422}, {'end': 22062.1, 'text': 'So a hacker hacked into different Banks around the world and then stole money from this Banks and instead of using it for his own self.', 'start': 22054.329, 'duration': 7.771}, {'end': 22066.045, 'text': 'He donated this money to the countries living below the poverty line.', 'start': 22062.56, 'duration': 3.485}, {'end': 22070.31, 'text': "So his intention was noble, and that's why I have named this the noble hack.", 'start': 22066.465, 'duration': 3.845}, {'end': 22075.394, 'text': 'Though his intention was Noble, what his did was illegal,', 'start': 22070.871, 'duration': 4.523}], 'summary': "Student launched a dos attack on 50+ networks, affecting commercial websites. hacker stole money from banks and donated to countries in poverty, known as the 'noble hack.'", 'duration': 40.854, 'max_score': 22034.54, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo22034540.jpg'}], 'start': 20637.25, 'title': 'Ethical hacking and its phases', 'summary': 'Explores ethical hacking, including roles of hackers (white hat, black hat, gray hat, and suicide hackers), types of hacking, importance of reconnaissance, tools like search engines, nslookup, and whois lookup, and phases of ethical hacking with notable hacks like fbi, nasa, and commercial sites.', 'chapters': [{'end': 20875.296, 'start': 20637.25, 'title': 'Understanding ethical hacking and hackers', 'summary': 'Explores the concept of ethical hacking, highlighting the roles of white hat, black hat, gray hat, and suicide hackers, as well as the different types of hacking such as computer hacking, password hacking, email hacking, network hacking, and website hacking.', 'duration': 238.046, 'highlights': ['Roles of Different Types of Hackers The chapter discusses the roles of ethical hackers (white hat), malicious hackers (black hat), hybrid hackers (gray hat), and hacktivists (suicide hackers) in the context of computer security.', 'Types of Hacking It covers various types of hacking such as computer hacking, password hacking, email hacking, network hacking, and website hacking, each involving unauthorized access and potential harm to computer systems or networks.', 'Ethical Hacking Process The chapter explains the phases of ethical hacking, starting with reconnaissance, and provides analogies to aid beginners in understanding the concepts.']}, {'end': 21143.007, 'start': 20875.356, 'title': 'Ethical hacking and reconnaissance', 'summary': 'Delves into the importance of reconnaissance in ethical hacking, emphasizing the need to collect basic information about the target, such as ip address, network architecture, and dns records, before using popular tools like search engines, nslookup, and whois lookup.', 'duration': 267.651, 'highlights': ['The importance of reconnaissance in ethical hacking, emphasizing the need to collect basic information about the target, such as IP address, network architecture, and DNS records. Emphasizes the need for ethical hackers to gather fundamental information about the target, including IP address, network architecture, and DNS records, before proceeding with the reconnaissance phase.', 'The use of popular tools like search engines, nslookup, and whois lookup for reconnaissance and gathering essential information about the target. Explains the use of popular tools such as search engines, nslookup, and whois lookup to gather crucial information about the target, including domain names, IP address maps, and registration details.']}, {'end': 21735.511, 'start': 21143.007, 'title': 'Ethical hacking: tools and techniques', 'summary': 'Explains the importance of reconnaissance, scanning, exploitation, and maintaining access in ethical hacking, including popular tools such as openvas, nikto, wireshark, nessus, beef, metasploit, sqlmap, powersploit, and weevely.', 'duration': 592.504, 'highlights': ['The chapter explains the importance of reconnaissance, scanning, exploitation, and maintaining access in ethical hacking. It outlines the key phases in ethical hacking and sets the stage for the subsequent detailed explanations of each phase.', 'Popular scanning tools include OpenVAS, Nikto, Wireshark, and Nessus, each serving specific purposes in identifying vulnerabilities and weak points in the target system or network. These tools are highlighted for their effectiveness in identifying active ports, services, and vulnerable applications or operating systems, crucial for ethical hacking.', "The exploitation phase involves using tools like Beef, Metasploit, and SQLMap to take advantage of weaknesses and loopholes found on the target system or network. These tools are crucial for launching appropriate attacks and gaining access to the target, serving as the 'force' or 'army' for the hacker in the hacking process.", 'The chapter highlights maintaining access as a phase where the hacker installs backdoors, creates new users, escalates privileges, installs root kits, or uses Trojans to access the target system later, without starting the attack from scratch. This phase emphasizes the importance of establishing continued access to the target system for future use, showcasing efficient methods and popular tools such as PowerSploit and Weevely.']}, {'end': 22075.394, 'start': 21735.551, 'title': 'Phases of ethical hacking and notable hacks', 'summary': 'Covers the six phases of ethical hacking, including covering tracks and reporting, and highlights the impact of notable hacks such as the fbi, nasa, commercial sites, and novel hacks, showcasing the power and potential risks of hacking.', 'duration': 339.843, 'highlights': ['The FBI database was hacked in 2016, exposing the identities of undercover agents and putting lives in danger.', "A hacker breached NASA's network and downloaded the source code for running the International Space Station, leading to a three-week shutdown of NASA's network.", 'A student launched a DOS attack on commercial websites like eBay and Amazon, causing significant business losses.', 'A hacker stole money from banks worldwide and donated it to countries below the poverty line, demonstrating the potential impact of hacking for noble causes.']}], 'duration': 1438.144, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo20637250.jpg', 'highlights': ['The importance of reconnaissance in ethical hacking, emphasizing the need to collect basic information about the target, such as IP address, network architecture, and DNS records.', 'The chapter discusses the roles of ethical hackers (white hat), malicious hackers (black hat), hybrid hackers (gray hat), and hacktivists (suicide hackers) in the context of computer security.', 'The chapter explains the importance of reconnaissance, scanning, exploitation, and maintaining access in ethical hacking. It outlines the key phases in ethical hacking and sets the stage for the subsequent detailed explanations of each phase.', 'The use of popular tools like search engines, nslookup, and whois lookup for reconnaissance and gathering essential information about the target. Explains the use of popular tools such as search engines, nslookup, and whois lookup to gather crucial information about the target, including domain names, IP address maps, and registration details.', "The exploitation phase involves using tools like Beef, Metasploit, and SQLMap to take advantage of weaknesses and loopholes found on the target system or network. These tools are crucial for launching appropriate attacks and gaining access to the target, serving as the 'force' or 'army' for the hacker in the hacking process.", 'Popular scanning tools include OpenVAS, Nikto, Wireshark, and Nessus, each serving specific purposes in identifying vulnerabilities and weak points in the target system or network. These tools are highlighted for their effectiveness in identifying active ports, services, and vulnerable applications or operating systems, crucial for ethical hacking.', "A hacker breached NASA's network and downloaded the source code for running the International Space Station, leading to a three-week shutdown of NASA's network.", 'The FBI database was hacked in 2016, exposing the identities of undercover agents and putting lives in danger.', 'A hacker stole money from banks worldwide and donated it to countries below the poverty line, demonstrating the potential impact of hacking for noble causes.', 'A student launched a DOS attack on commercial websites like eBay and Amazon, causing significant business losses.']}, {'end': 23694.051, 'segs': [{'end': 22340.225, 'src': 'embed', 'start': 22315.975, 'weight': 0, 'content': [{'end': 22322.54, 'text': "So firstly, we'll go through some command line essentials because Kali Linux tools are mostly in CLI format.", 'start': 22315.975, 'duration': 6.565}, {'end': 22326.123, 'text': 'So we have to be well versed with the command line essentials.', 'start': 22323.08, 'duration': 3.043}, {'end': 22328.324, 'text': "So that's the first thing that we're gonna tackle.", 'start': 22326.463, 'duration': 1.861}, {'end': 22333.448, 'text': "Then we're also gonna tackle how we can stay anonymous using proxy chains in Kali Linux.", 'start': 22328.344, 'duration': 5.104}, {'end': 22340.225, 'text': "We'll be talking about Mac changes and we'll be also going into the whole realm of wireless penetration testing.", 'start': 22334.204, 'duration': 6.021}], 'summary': 'Kali linux tools are mostly in cli format. focus on command line essentials and staying anonymous using proxy chains. also cover mac changes and wireless penetration testing.', 'duration': 24.25, 'max_score': 22315.975, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo22315975.jpg'}, {'end': 22381.781, 'src': 'embed', 'start': 22352.588, 'weight': 6, 'content': [{'end': 22358.469, 'text': "So without wasting much time, let's dive into the first topic for today and that is command line essentials.", 'start': 22352.588, 'duration': 5.881}, {'end': 22367.154, 'text': 'Now, the way that this video is going to follow is that most of the times we are going to take a hands-on approach to learning how to use things in Kali Linux,', 'start': 22358.989, 'duration': 8.165}, {'end': 22372.817, 'text': "because I'm a firm believer of actually practical work before learning any sort of thing.", 'start': 22367.154, 'duration': 5.663}, {'end': 22381.781, 'text': 'So we will be using a lot of practical work and I completely encourage you that you go ahead and download and install Kali Linux.', 'start': 22373.217, 'duration': 8.564}], 'summary': 'Video focuses on command line essentials in kali linux, emphasizing practical work and hands-on learning.', 'duration': 29.193, 'max_score': 22352.588, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo22352588.jpg'}, {'end': 22454.202, 'src': 'embed', 'start': 22425.997, 'weight': 9, 'content': [{'end': 22432.204, 'text': 'Okay, another disclaimer that I would like to add before we actually continue with our Kali Linux course,', 'start': 22425.997, 'duration': 6.207}, {'end': 22434.908, 'text': 'and that is this is not the entirety of Kali Linux.', 'start': 22432.204, 'duration': 2.704}, {'end': 22438.911, 'text': 'Kali Linux is a huge thing and this is just not it.', 'start': 22435.288, 'duration': 3.623}, {'end': 22445.035, 'text': 'So these are basically what I find interesting and what you may also find interesting,', 'start': 22439.211, 'duration': 5.824}, {'end': 22454.202, 'text': "and these can cause a bunch of damage if you're doing it without permission, and damage comes with repercussions which include you being arrested,", 'start': 22445.035, 'duration': 9.167}], 'summary': 'This kali linux course covers only a part of the extensive toolset, emphasizing potential damage and legal consequences.', 'duration': 28.205, 'max_score': 22425.997, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo22425997.jpg'}, {'end': 23035.397, 'src': 'embed', 'start': 23007.035, 'weight': 7, 'content': [{'end': 23012.019, 'text': "So most of the commands that we're going to using will have a hyphen V with them.", 'start': 23007.035, 'duration': 4.984}, {'end': 23015.382, 'text': "So let's see how this actually affects the output.", 'start': 23012.539, 'duration': 2.843}, {'end': 23023.468, 'text': "So what we're going to do is we want to copy so sleepy and verbose and we want to copy the file name.txt.", 'start': 23015.462, 'duration': 8.006}, {'end': 23026.31, 'text': 'and we want to copy it to the folder called var.', 'start': 23023.468, 'duration': 2.842}, {'end': 23035.397, 'text': "So now you'll see that it will give us what is being moved rather, that is name.txt and where it is being moved to.", 'start': 23027.674, 'duration': 7.723}], 'summary': 'Using hyphen v with commands to copy file.txt to var folder for verbose output.', 'duration': 28.362, 'max_score': 23007.035, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo23007035.jpg'}], 'start': 22075.394, 'title': 'Kali linux and ethical hacking essentials', 'summary': 'Discusses the significance of kali linux as an advanced penetration testing tool with over 600 tools, emphasizing ethical hacking, and introduces command line essentials, file manipulation, and essential commands in kali linux for practical hands-on learning.', 'chapters': [{'end': 22466.287, 'start': 22075.394, 'title': 'Kali linux: power of ethical hacking', 'summary': 'Discusses the importance of ethical hacking, focusing on kali linux, an advanced penetration testing tool with over 600 tools, free and open source, wide-ranging wireless device support, customizable kernel, and practical hands-on learning.', 'duration': 390.893, 'highlights': ['Kali Linux offers over 600 penetration testing tools, avoiding clutter and duplication, providing specific tools for various security tasks. Kali Linux contains over 600 tools tailored for penetration testing, avoiding clutter and duplication, ensuring efficient and specific tools for various security tasks.', 'Kali Linux is free of charge, adhering to the open source development model, allowing anyone to access and modify the source code. Kali Linux is free of charge, follows the open source model, and provides accessible source code for modification and customization.', 'Kali Linux has extensive wireless device support, compatible with numerous hardware, and enables customization down to the kernel level. Kali Linux supports a wide range of wireless devices, ensuring compatibility with various hardware and allowing customization down to the kernel level.', 'The chapter emphasizes practical hands-on learning with Kali Linux, encouraging the audience to download and install it for interactive experience. The chapter encourages hands-on learning with Kali Linux, prompting the audience to download and install it for an interactive experience.']}, {'end': 23088.057, 'start': 22466.827, 'title': 'Command line essentials for ethical hackers', 'summary': 'Introduces the importance of command line essentials in linux for ethical hackers, emphasizing the power of the terminal, the key commands to be learned, and the benefits of using command line text editors, highlighting the significance of cd, ls, cp, and mv commands.', 'duration': 621.23, 'highlights': ['The Linux terminal is a powerful tool for ethical hackers, allowing them to navigate the operating system, create and modify files, and perform filtering and grabbing for networking and analysis. The Linux terminal offers the capability to navigate the operating system, create and modify files, and perform filtering and grabbing for networking and analysis, making it a powerful tool for ethical hackers.', 'Ethical hackers predominantly work with Linux distributions like Kali Linux and Parrot OS, utilizing the terminal for networking, analysis, and scanning. Ethical hackers predominantly work with Linux distributions like Kali Linux and Parrot OS, utilizing the terminal for networking, analysis, and scanning.', 'The chapter emphasizes the significance of learning command line essentials for ethical hackers, as it is fundamental to efficiently utilize the available tools and resources. The chapter emphasizes the significance of learning command line essentials for ethical hackers, as it is fundamental to efficiently utilize the available tools and resources.', 'The key commands to be taught include cd (change directory), ls (list files), cp (copy), mv (move), and using command line text editors such as Nano for time-saving benefits. The key commands to be taught include cd (change directory), ls (list files), cp (copy), mv (move), and using command line text editors such as Nano for time-saving benefits.']}, {'end': 23331.518, 'start': 23088.437, 'title': 'Linux file manipulation and command line tools', 'summary': "Covers using the 'mv' command for moving files, demonstrating options like verbose, forcing, and autocompletion, as well as showcasing the 'less' command for viewing file contents in a separate window and the 'grep' command for filtering information from files.", 'duration': 243.081, 'highlights': ["The 'mv' command allows for moving files and offers options like verbose, forcing actions, and autocompletion. Demonstrates the usage of the 'mv' command for moving files, showcasing options like verbose, forcing actions, and autocompletion.", "The 'less' command presents a neat way to view file contents in a separate window, reducing clutter in the main command line interface. Explains the functionality of the 'less' command, providing a neat method to view file contents in a separate window, reducing clutter in the main command line interface.", "The 'grep' command is used for filtering information from a file and can be pipelined with other commands for advanced functionality. Describes the usage of the 'grep' command for filtering information from a file and suggests its use in conjunction with other commands for advanced functionality."]}, {'end': 23694.051, 'start': 23331.518, 'title': 'Kali linux tutorial highlights', 'summary': "Covers essential commands in kali linux, including 'ls', 'cd', 'cat', 'echo', 'touch', 'mkdir', 'chown', and 'chmod' with practical examples and explanations.", 'duration': 362.533, 'highlights': ["The tutorial covers essential commands in Kali Linux such as 'ls', 'cd', 'cat', 'echo', 'touch', 'mkdir', 'chown', and 'chmod'.", "The 'grep' command is highlighted for filtering specific data, demonstrated with the example of extracting 'no login' occurrences from a file.", "The 'echo' command is explained for printing text and creating files, with examples of echoing text into a file and creating multiple files using 'touch'.", "The process of creating directories with the 'mkdir' command is demonstrated, emphasizing the ability to move into the created directories with 'cd'.", "The usage of 'chown' and 'chmod' commands for changing ownership and permissions of files is covered, with practical demonstrations and explanations."]}], 'duration': 1618.657, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo22075394.jpg', 'highlights': ['Kali Linux offers over 600 penetration testing tools, avoiding clutter and duplication, providing specific tools for various security tasks.', 'The Linux terminal is a powerful tool for ethical hackers, allowing them to navigate the operating system, create and modify files, and perform filtering and grabbing for networking and analysis.', 'The chapter emphasizes practical hands-on learning with Kali Linux, encouraging the audience to download and install it for interactive experience.', 'Ethical hackers predominantly work with Linux distributions like Kali Linux and Parrot OS, utilizing the terminal for networking, analysis, and scanning.', 'The chapter emphasizes the significance of learning command line essentials for ethical hackers, as it is fundamental to efficiently utilize the available tools and resources.', 'Kali Linux is free of charge, adhering to the open source development model, allowing anyone to access and modify the source code.', 'Kali Linux has extensive wireless device support, compatible with numerous hardware, and enables customization down to the kernel level.', "The 'mv' command allows for moving files and offers options like verbose, forcing actions, and autocompletion.", "The 'less' command presents a neat way to view file contents in a separate window, reducing clutter in the main command line interface.", "The 'grep' command is used for filtering information from a file and can be pipelined with other commands for advanced functionality.", "The tutorial covers essential commands in Kali Linux such as 'ls', 'cd', 'cat', 'echo', 'touch', 'mkdir', 'chown', and 'chmod'."]}, {'end': 24886.919, 'segs': [{'end': 23833.139, 'src': 'embed', 'start': 23803.897, 'weight': 6, 'content': [{'end': 23809.14, 'text': "It's not like Windows, where it's basically just disappeared in front of your eyes, but it's still there in the memory, cluttering it all up.", 'start': 23803.897, 'duration': 5.243}, {'end': 23811.322, 'text': "That's why Linux always chomps Windows.", 'start': 23809.48, 'duration': 1.842}, {'end': 23812.222, 'text': "That's one of the reasons.", 'start': 23811.342, 'duration': 0.88}, {'end': 23813.844, 'text': "I'll make a video on that later on.", 'start': 23812.442, 'duration': 1.402}, {'end': 23815.825, 'text': "But for now, let's focus on rm.", 'start': 23814.184, 'duration': 1.641}, {'end': 23818.607, 'text': 'Now, we can remove file 1.', 'start': 23816.065, 'duration': 2.542}, {'end': 23819.428, 'text': "So let's see.", 'start': 23818.607, 'duration': 0.821}, {'end': 23822.07, 'text': 'So file 1 is going to be removed.', 'start': 23819.868, 'duration': 2.202}, {'end': 23826.213, 'text': "So if we ls now, you see file 1 doesn't exist.", 'start': 23822.55, 'duration': 3.663}, {'end': 23828.395, 'text': 'But let me show you rm.', 'start': 23826.333, 'duration': 2.062}, {'end': 23833.139, 'text': "And if I do movie, it'll say cannot remove movie as a directory.", 'start': 23828.935, 'duration': 4.204}], 'summary': 'Linux outperforms windows in memory management, demonstrated by file removal in the transcript.', 'duration': 29.242, 'max_score': 23803.897, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo23803897.jpg'}, {'end': 24653.006, 'src': 'embed', 'start': 24607.481, 'weight': 3, 'content': [{'end': 24610.061, 'text': 'And now you have to press control X and you exit out.', 'start': 24607.481, 'duration': 2.58}, {'end': 24613.042, 'text': "So let's press control L and clear out our screen.", 'start': 24610.321, 'duration': 2.721}, {'end': 24618.364, 'text': "Now we just edited our proxy chain's configuration in a very neat environment.", 'start': 24614.162, 'duration': 4.202}, {'end': 24630.211, 'text': 'So to go ahead and type in our service door status, so we wanna check status of our Tor service, so service Tor status.', 'start': 24618.845, 'duration': 11.366}, {'end': 24632.052, 'text': 'So Tor service could not be found.', 'start': 24630.231, 'duration': 1.821}, {'end': 24637.575, 'text': 'So do we have the Tor service installed? Okay, so Tor service is not installed.', 'start': 24632.652, 'duration': 4.923}, {'end': 24639.916, 'text': "Just give me a little moment, I'll quickly install it.", 'start': 24637.595, 'duration': 2.321}, {'end': 24649.583, 'text': 'Okay, so now that we have set up our proxy chains configuration file and we have put in a SOC 5 proxy chain giving it the Tor service.', 'start': 24641.095, 'duration': 8.488}, {'end': 24653.006, 'text': 'Now what we need to do first is start up our Tor service.', 'start': 24650.123, 'duration': 2.883}], 'summary': 'Installed tor service and configured proxy chains for soc 5.', 'duration': 45.525, 'max_score': 24607.481, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo24607481.jpg'}, {'end': 24753.349, 'src': 'embed', 'start': 24718.921, 'weight': 0, 'content': [{'end': 24723.705, 'text': 'Okay, so depending on your system, this might take a little bit of time to actually open up.', 'start': 24718.921, 'duration': 4.784}, {'end': 24730.312, 'text': "Okay, so let's go ahead and see what's actually happening on the terminal while this thing is loading up.", 'start': 24724.286, 'duration': 6.026}, {'end': 24736.716, 'text': "Okay, as you can see, it's going through a bunch of proxies out here and some are denying it and some are saying it's okay.", 'start': 24731.172, 'duration': 5.544}, {'end': 24743.901, 'text': "So as you guys can see, most of the time you might get denied and it'll be a less number of okays and that is exactly what we're looking for.", 'start': 24737.036, 'duration': 6.865}, {'end': 24750.406, 'text': 'Because primarily we have gone a great extent for the anonymity and what you want to do is stay like that.', 'start': 24744.261, 'duration': 6.145}, {'end': 24753.349, 'text': 'So this is basically how you use proxy chains.', 'start': 24750.886, 'duration': 2.463}], 'summary': "Using proxy chains can enhance anonymity, with few 'okays' amid numerous denials.", 'duration': 34.428, 'max_score': 24718.921, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo24718921.jpg'}], 'start': 23694.451, 'title': 'Proxy chains for anonymity', 'summary': "Covers using 'rm' command, socks5 proxies, dynamic chains, preventing dns leaks, setting up socks5 proxy chains with tor, and enhancing online browsing with proxy chains.", 'chapters': [{'end': 23871.006, 'start': 23694.451, 'title': 'Linux commands: chmod and rm', 'summary': 'Covers the usage of chmod to change file permissions, making a file executable using chmod +x, and the use of rm command to remove files and directories in linux, emphasizing the caution needed due to the irreversibility of deletion.', 'duration': 176.555, 'highlights': ['The importance of chmod in changing file permissions is emphasized, showcasing the use of chmod +x to make a file executable, as demonstrated by turning test.sh into an executable file.', 'The irreversible nature of file deletion in Linux is highlighted, cautioning users about the difficulty in retrieving deleted files and directories, emphasizing the need for careful usage of the rm command.', "The recursive removal of a directory using 'rm -r' is demonstrated, showcasing the permanent deletion of the 'movie' directory and emphasizing the importance of exercising caution when using the rm command to avoid irreversible data loss."]}, {'end': 24376.072, 'start': 23871.186, 'title': 'Proxy chains: anonymizing traffic & configuration', 'summary': "Covers the usage of 'rm' command for removing files, utilizing 'man' to seek command help, and delves into the concept of proxy chains for anonymizing network traffic, emphasizing the use of socks5 proxies and enabling dynamic chains for flexible routing.", 'duration': 504.886, 'highlights': ["Usage of 'rm' Command The 'rm' command is demonstrated to remove files, specifically 'address.txt' from the 'var' folder, showcasing the practical application of the command in the command line interface.", "Utilizing 'man' Command for Help The 'man' command is highlighted as a useful tool for obtaining comprehensive information about specific commands, exemplifying its application with the 'rm' command to understand its usage and options.", 'Introduction to Proxy Chains Proxy chains are introduced as a means to anonymize network traffic by routing packets through intermediary systems, emphasizing the use of SOCKS5 proxies for comprehensive traffic anonymization and the limitations of free proxies for intensive computing tasks.', 'Enabling Dynamic Chains for Flexible Routing The importance of enabling dynamic chains in proxy chain configuration is highlighted, emphasizing the flexibility it offers in routing traffic by not adhering to a specific order, especially when used in combination with Tor for comprehensive traffic anonymization.']}, {'end': 24886.919, 'start': 24376.542, 'title': 'Configuring proxy chains for anonymity', 'summary': 'Explains the importance of configuring proxy chains for anonymity, emphasizing the need to prevent dns leaks and highlighting the process of setting up socks5 proxy chains with tor for enhanced anonymity and the usage of proxy chains for online browsing.', 'duration': 510.377, 'highlights': ['Configuring DNS proxy to prevent leaks Emphasizes the significance of preventing DNS leaks to maintain anonymity, explaining the potential compromise of personal IP address and physical location if DNS leaks occur.', 'Setting up SOCKS5 proxy chains with Tor for enhanced anonymity Provides detailed instructions on setting up SOCKS5 proxy chains with Tor, emphasizing the importance of using SOCKS5 for enhanced safety and highlighting the process of adding a SOCKS5 proxy address to the configuration file.', 'Usage of proxy chains for online browsing Explains the usage of proxy chains for online browsing, demonstrating the process of using proxy chains with a specific browser and highlighting the transmission of packets through a series of IP addresses for enhanced anonymity.']}], 'duration': 1192.468, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo23694451.jpg', 'highlights': ['Configuring DNS proxy to prevent leaks Emphasizes the significance of preventing DNS leaks to maintain anonymity, explaining the potential compromise of personal IP address and physical location if DNS leaks occur.', 'Setting up SOCKS5 proxy chains with Tor for enhanced anonymity Provides detailed instructions on setting up SOCKS5 proxy chains with Tor, emphasizing the importance of using SOCKS5 for enhanced safety and highlighting the process of adding a SOCKS5 proxy address to the configuration file.', 'Usage of proxy chains for online browsing Explains the usage of proxy chains for online browsing, demonstrating the process of using proxy chains with a specific browser and highlighting the transmission of packets through a series of IP addresses for enhanced anonymity.', "The recursive removal of a directory using 'rm -r' is demonstrated, showcasing the permanent deletion of the 'movie' directory and emphasizing the importance of exercising caution when using the rm command to avoid irreversible data loss.", 'The importance of chmod in changing file permissions is emphasized, showcasing the use of chmod +x to make a file executable, as demonstrated by turning test.sh into an executable file.', 'The irreversible nature of file deletion in Linux is highlighted, cautioning users about the difficulty in retrieving deleted files and directories, emphasizing the need for careful usage of the rm command.', "Usage of 'rm' Command The 'rm' command is demonstrated to remove files, specifically 'address.txt' from the 'var' folder, showcasing the practical application of the command in the command line interface.", "Utilizing 'man' Command for Help The 'man' command is highlighted as a useful tool for obtaining comprehensive information about specific commands, exemplifying its application with the 'rm' command to understand its usage and options.", 'Introduction to Proxy Chains Proxy chains are introduced as a means to anonymize network traffic by routing packets through intermediary systems, emphasizing the use of SOCKS5 proxies for comprehensive traffic anonymization and the limitations of free proxies for intensive computing tasks.', 'Enabling Dynamic Chains for Flexible Routing The importance of enabling dynamic chains in proxy chain configuration is highlighted, emphasizing the flexibility it offers in routing traffic by not adhering to a specific order, especially when used in combination with Tor for comprehensive traffic anonymization.']}, {'end': 27467.41, 'segs': [{'end': 25092.218, 'src': 'embed', 'start': 25045.436, 'weight': 9, 'content': [{'end': 25053.221, 'text': "So first of all, how do you come to know your Mac address? So let's see you go ifconfig and this will give us our Mac address.", 'start': 25045.436, 'duration': 7.785}, {'end': 25057.984, 'text': 'Now this address that you see out here is the Mac address of this machine.', 'start': 25053.461, 'duration': 4.523}, {'end': 25062.367, 'text': 'So you can also check out the Mac address by going Mac changer.', 'start': 25058.424, 'duration': 3.943}, {'end': 25065.669, 'text': "Then let's type in the help options and this will show us.", 'start': 25062.847, 'duration': 2.822}, {'end': 25067.369, 'text': 'how to get the MAC address.', 'start': 25066.329, 'duration': 1.04}, {'end': 25076.292, 'text': "So if you see there's a show flag so we can go MAC changer and you can put the S and then you put the interface.", 'start': 25067.409, 'duration': 8.883}, {'end': 25078.553, 'text': "Now the interface is where it's working.", 'start': 25076.353, 'duration': 2.2}, {'end': 25081.414, 'text': 'So at zero is where we are actually getting.', 'start': 25078.593, 'duration': 2.821}, {'end': 25082.835, 'text': "We don't want the loopback one.", 'start': 25081.734, 'duration': 1.101}, {'end': 25086.636, 'text': 'So at zero and this will give us the MAC address.', 'start': 25083.255, 'duration': 3.381}, {'end': 25090.557, 'text': 'So our current MAC address is 080027.', 'start': 25086.736, 'duration': 3.821}, {'end': 25092.218, 'text': "Let's see if that was the same one shown.", 'start': 25090.557, 'duration': 1.661}], 'summary': 'To find the mac address, use ifconfig or mac changer, showing current mac address as 080027.', 'duration': 46.782, 'max_score': 25045.436, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo25045436.jpg'}, {'end': 26139.504, 'src': 'embed', 'start': 26112.503, 'weight': 4, 'content': [{'end': 26115.786, 'text': 'So I forgot to mention this for this process to actually work properly.', 'start': 26112.503, 'duration': 3.283}, {'end': 26118.368, 'text': 'Somebody needs to be connected to that access point,', 'start': 26116.286, 'duration': 2.082}, {'end': 26125.053, 'text': 'because what we are going to try and do is disconnect that certain device and let them reconnect and capture that log file.', 'start': 26118.368, 'duration': 6.685}, {'end': 26128.575, 'text': 'Okay, so it seems like nobody is actually connecting to it.', 'start': 26125.653, 'duration': 2.922}, {'end': 26129.476, 'text': 'So at this time,', 'start': 26128.636, 'duration': 0.84}, {'end': 26139.504, 'text': "all I'm going to do is go back to our aerodrome scan that we had run on our network interface and look for some other MAC address or other access point to actually penetrate into.", 'start': 26129.476, 'duration': 10.028}], 'summary': 'To troubleshoot connectivity issue, need to capture log file by disconnecting and reconnecting a specific device, but no device is currently connected to the access point. will attempt to find another access point or mac address to penetrate.', 'duration': 27.001, 'max_score': 26112.503, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo26112503.jpg'}, {'end': 26672.077, 'src': 'embed', 'start': 26607.245, 'weight': 0, 'content': [{'end': 26612.586, 'text': "So what I'm going to do is I'm actually going to end this because this will take a very, very, very long time,", 'start': 26607.245, 'duration': 5.341}, {'end': 26618.787, 'text': "and what we're going to do is we're going to actually try and shorten the command of the amount of guessing that we're trying to do.", 'start': 26612.586, 'duration': 6.201}, {'end': 26620.128, 'text': 'So let me just try and do that.', 'start': 26618.927, 'duration': 1.201}, {'end': 26626.529, 'text': 'So as you guys can see out here, I have reduced the number of alphabets that might be actually tested.', 'start': 26620.608, 'duration': 5.921}, {'end': 26631.31, 'text': 'But even in this case, this will take a humongous amount of time and let me just show that to you.', 'start': 26626.909, 'duration': 4.401}, {'end': 26637.989, 'text': "So as you guys can see the test is running running running and running and there's not really much you can do.", 'start': 26632.228, 'duration': 5.761}, {'end': 26643.71, 'text': 'You can just let this run go out for a cup of coffee and then come back and you might still see that running.', 'start': 26638.069, 'duration': 5.641}, {'end': 26648.551, 'text': 'It really depends on what the password is and how much time it takes to crack it,', 'start': 26643.97, 'duration': 4.581}, {'end': 26652.672, 'text': 'and how much processing power you have directly affects how much time this will take.', 'start': 26648.551, 'duration': 4.121}, {'end': 26657.613, 'text': 'So let me just show you guys that this is taking a bunch of time.', 'start': 26653.252, 'duration': 4.361}, {'end': 26672.077, 'text': 'Okay, so now that I have fast forwarded a lot into the scan you can see that I have tried almost two one two seven six zero eight keys.', 'start': 26663.231, 'duration': 8.846}], 'summary': 'Testing process tried 2127608 keys, taking a long time.', 'duration': 64.832, 'max_score': 26607.245, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo26607245.jpg'}, {'end': 26800.629, 'src': 'embed', 'start': 26756.708, 'weight': 1, 'content': [{'end': 26766.553, 'text': "I hope you practice these procedures and methodologies that I've taught you only for your own educational purposes and not use it to harm anybody or do anything harmful with it,", 'start': 26756.708, 'duration': 9.845}, {'end': 26770.735, 'text': 'because let me just tell you very seriously that you can be prosecuted by the law.', 'start': 26766.553, 'duration': 4.182}, {'end': 26781.82, 'text': "Now I'm going to take the help of an example or a scenario to actually explain what is cryptography.", 'start': 26776.958, 'duration': 4.862}, {'end': 26782.681, 'text': 'All right.', 'start': 26782.441, 'duration': 0.24}, {'end': 26786.042, 'text': "So let's say we have a person and let's call him Andy.", 'start': 26783.357, 'duration': 2.685}, {'end': 26790.289, 'text': 'Now suppose Andy sends a message to his friend Sam who is on the other side of the world.', 'start': 26786.543, 'duration': 3.746}, {'end': 26796.145, 'text': 'Now obviously he wants this message to be private and nobody else should have access to the message.', 'start': 26791.121, 'duration': 5.024}, {'end': 26800.629, 'text': 'Now he uses a public forum for example the internet for sending this message.', 'start': 26796.706, 'duration': 3.923}], 'summary': "Learn cryptography for educational purposes only. don't use it for harm. example: andy sends private message to sam over the internet.", 'duration': 43.921, 'max_score': 26756.708, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo26756708.jpg'}], 'start': 24887.339, 'title': 'Wi-fi security and cryptography', 'summary': 'Introduces mac changer tool and mac address spoofing, covers linux file deletion and wi-fi cracking, demonstrates wi-fi deauthentication, handshake capture, and password cracking, discusses wi-fi password cracking and cryptography, and explains the basics and classification of cryptography, involving various tools and emphasizing ethical use.', 'chapters': [{'end': 25314.062, 'start': 24887.339, 'title': 'Mac changer and spoofing mac address', 'summary': 'Introduces mac changer tool, explaining the concept of mac address, its usage in network technologies, and the ability to change and spoof mac addresses, including a real-life example of malicious activity in college campus and the process of automating mac address change on boot up using crontab in linux.', 'duration': 426.723, 'highlights': ['Mac Changer tool allows users to change and spoof MAC addresses, providing the ability to hide and impersonate MAC addresses for various reasons. The Mac Changer tool allows users to change and spoof MAC addresses, providing the ability to hide and impersonate MAC addresses for various reasons, such as staying anonymous on a network or avoiding suspicion while performing activities.', 'Explanation of MAC address structure and its usage in network technologies, including IEEE 802 network technologies like Ethernet, Wi-Fi, and Bluetooth. The transcript provides an explanation of the MAC address structure and its usage in network technologies, including IEEE 802 network technologies like Ethernet, Wi-Fi, and Bluetooth.', "Real-life example of malicious activity involving MAC address spoofing in college campus, leading to the banning of the professor's MAC address and causing disruption. The transcript shares a real-life example of malicious activity involving MAC address spoofing in a college campus, where students spoofed the professor's MAC address to perform malicious activities, resulting in the banning of the professor's MAC address and causing disruption in the college network.", "Demonstration of how to view and change MAC addresses using commands such as 'ifconfig' and 'Mac changer', along with the process of obtaining a list of MAC addresses and their vendor IDs. The transcript demonstrates how to view and change MAC addresses using commands such as 'ifconfig' and 'Mac changer', along with the process of obtaining a list of MAC addresses and their vendor IDs, providing practical guidance for manipulating MAC addresses.", "Explanation of automating MAC address change on boot up using the 'crontab' tool in Linux for scheduling tasks, providing a solution for forgetting to change the MAC address manually. The transcript explains the process of automating MAC address change on boot up using the 'crontab' tool in Linux for scheduling tasks, offering a solution for forgetting to change the MAC address manually and ensuring anonymity."]}, {'end': 26024.939, 'start': 25314.062, 'title': 'Linux file deletion and mac address spoofing', 'summary': 'Covers the caution in deleting files in linux, setting up a cron job to change mac address, and the process of wi-fi cracking using aircrackng and crunch tool, emphasizing the need for ethical use and understanding of the password before cracking.', 'duration': 710.877, 'highlights': ['The caution in deleting files in Linux Emphasizes the difficulty in retrieving deleted files in Linux, warning about potential fragmentation and data loss.', 'Setting up a cron job to change MAC address Guides the process of setting up a cron job to change the MAC address upon computer reboot, providing specific commands and demonstrating the change in MAC address.', 'Process of Wi-Fi cracking using aircrackng and crunch tool Explains the process of Wi-Fi cracking, including setting up the network interface card into monitor mode, scanning for access points, and ethical considerations for password cracking.']}, {'end': 26643.71, 'start': 26025.58, 'title': 'Wi-fi deauthentication and password cracking', 'summary': 'Details the process of performing a deauthentication attack on a specific bssid to disconnect devices from an access point, capturing the handshake during reconnection, and then demonstrates the password cracking procedure using a captured file, highlighting the use of various tools like airodump-ng, airmon-ng, crunch, and aircrack-ng, and discussing the limitations of running a password cracking process on a virtual network.', 'duration': 618.13, 'highlights': ["Performing a deauthentication attack on a specific BSSID to disconnect devices from an access point and capturing the handshake during reconnection The process involves running a deauthentication broadcast message on a specific station's MAC address to disconnect devices from an access point, capturing the handshake that occurs between devices and the access point while reconnecting themselves, and storing the captured data in various formats for cracking.", "Demonstrating the password cracking procedure using a captured file and various tools like aircrack-ng, crunch, and airodump-ng The demonstration involves using crunch to generate a list of words, piping the generated words into aircrack-ng's cracking procedure using a captured file, and discussing the use of various tools such as aircrack-ng, crunch, and airodump-ng to perform the password cracking procedure.", 'Discussing the limitations of running a password cracking process on a virtual network The transcript discusses the limitations of running a password cracking process on a virtual network, highlighting the constraints on processor cores and memory allocation, and suggests that using Kali Linux as a dual boot or primary operating system is more suitable for this task.']}, {'end': 26930.674, 'start': 26643.97, 'title': 'Wi-fi password cracking and cryptography', 'summary': 'Discusses wi-fi password cracking using kali linux, demonstrating how the time taken to crack a password is influenced by processing power and provides an overview of cryptography, emphasizing its role in securing communication and data from adversaries.', 'duration': 286.704, 'highlights': ['The Wi-Fi password cracking demonstration shows that over 2 million keys were tried without success, but the password was immediately guessed after testing only 456 keys when the guessing was limited to numbers, highlighting the impact of guessing scope on cracking time. Over 2 million keys tried without success, immediately guessed after testing only 456 keys when guessing limited to numbers.', 'The demonstration also reveals that the password was guessed almost immediately after going through 15,000 keys when the guessing was limited to letters, showcasing the efficiency of the cracking method and the impact of character type on cracking time. Password guessed almost immediately after going through 15,000 keys when guessing was limited to letters.', 'The overview of cryptography explains the process of converting a message into a numeric form, applying an encryption key, and using an encryption algorithm to produce a ciphertext, highlighting the key elements of secure communication. Overview of converting a message into a numeric form, applying an encryption key, and using an encryption algorithm to produce a ciphertext.']}, {'end': 27467.41, 'start': 26931.475, 'title': 'Cryptography overview and classification', 'summary': 'Explains the basics of cryptography, including symmetric and asymmetric key cryptography, and details the classification of cryptography into symmetric key cryptography, transposition cipher, substitution cipher, stream cipher, and block cipher. it also highlights the usage and working of public key cryptography and digital certificates.', 'duration': 535.935, 'highlights': ['Asymmetric Cryptography and Public Key Encryption The chapter delves into asymmetric cryptography, explaining the use of public and private keys for authentication and encryption, emphasizing the computational efforts required for finding the private key from its paired public key, and highlighting the security aspect of keeping the private key private.', 'Classification of Cryptography The classification of cryptography is discussed, detailing symmetric key cryptography, transposition cipher, substitution cipher, stream cipher, and block cipher, providing a broad explanation of each type.', 'Usage and Importance of Digital Certificates The video demonstrates the usage of digital certificates on YouTube, showcasing the details available in the digital certificates, including the signature algorithm, signature hash algorithm, and issuer information, as well as explaining the role of public key encryption.']}], 'duration': 2580.071, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo24887339.jpg', 'highlights': ["Demonstration of how to view and change MAC addresses using commands such as 'ifconfig' and 'Mac changer', along with the process of obtaining a list of MAC addresses and their vendor IDs.", 'Explanation of MAC address structure and its usage in network technologies, including IEEE 802 network technologies like Ethernet, Wi-Fi, and Bluetooth.', "Demonstration of how to automate MAC address change on boot up using the 'crontab' tool in Linux for scheduling tasks, providing a solution for forgetting to change the MAC address manually.", "Real-life example of malicious activity involving MAC address spoofing in college campus, leading to the banning of the professor's MAC address and causing disruption.", 'The caution in deleting files in Linux, emphasizing the difficulty in retrieving deleted files and warning about potential fragmentation and data loss.', 'Process of Wi-Fi cracking using aircrackng and crunch tool, including setting up the network interface card into monitor mode, scanning for access points, and ethical considerations for password cracking.', 'Performing a deauthentication attack on a specific BSSID to disconnect devices from an access point and capturing the handshake during reconnection.', 'Demonstrating the password cracking procedure using a captured file and various tools like aircrack-ng, crunch, and airodump-ng.', 'The Wi-Fi password cracking demonstration shows the impact of guessing scope on cracking time, with over 2 million keys tried without success, but the password was immediately guessed after testing only 456 keys when the guessing was limited to numbers.', 'The overview of cryptography explains the process of converting a message into a numeric form, applying an encryption key, and using an encryption algorithm to produce a ciphertext, highlighting the key elements of secure communication.', 'Asymmetric Cryptography and Public Key Encryption, explaining the use of public and private keys for authentication and encryption, emphasizing the computational efforts required for finding the private key from its paired public key, and highlighting the security aspect of keeping the private key private.', 'Classification of Cryptography, detailing symmetric key cryptography, transposition cipher, substitution cipher, stream cipher, and block cipher, providing a broad explanation of each type.', 'Usage and Importance of Digital Certificates, demonstrating the usage of digital certificates on YouTube, showcasing the details available in the digital certificates, including the signature algorithm, signature hash algorithm, and issuer information, as well as explaining the role of public key encryption.']}, {'end': 28777.271, 'segs': [{'end': 27736.311, 'src': 'embed', 'start': 27709.908, 'weight': 10, 'content': [{'end': 27717.615, 'text': "So as you guys can see we've encoded it as one and out here now after we've given the message is numerical form.", 'start': 27709.908, 'duration': 7.707}, {'end': 27719.857, 'text': 'We click on encryption and we get it.', 'start': 27717.655, 'duration': 2.202}, {'end': 27724.107, 'text': 'Now to actually decrypt the message, we are gonna need D and N.', 'start': 27720.626, 'duration': 3.481}, {'end': 27727.388, 'text': 'Now D for us was five, and N was 35.', 'start': 27724.107, 'duration': 3.281}, {'end': 27736.311, 'text': "So five and 35, and then we're gonna take encrypted message from above, and we're gonna decrypt this message.", 'start': 27727.388, 'duration': 8.923}], 'summary': 'Using d=5 and n=35, we decrypted the message.', 'duration': 26.403, 'max_score': 27709.908, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo27709908.jpg'}, {'end': 27892.252, 'src': 'embed', 'start': 27865.425, 'weight': 0, 'content': [{'end': 27871.927, 'text': 'So what we have to do is exploit all the research that is available to us and we have to find the best way to approach them.', 'start': 27865.425, 'duration': 6.502}, {'end': 27874.967, 'text': 'So suppose for example, you have a secure shell login.', 'start': 27872.167, 'duration': 2.8}, {'end': 27879.209, 'text': 'So the best way to actually approach a secure shell login, until my knowledge,', 'start': 27875.388, 'duration': 3.821}, {'end': 27884.99, 'text': 'is that you have to get a backdoor access to this from the port numbers that you can scan via nmap or zenmap.', 'start': 27879.209, 'duration': 5.781}, {'end': 27892.252, 'text': "Okay, so, without wasting much time at looking at PowerPoint presentations, let's actually get started as to how we can use Metasploit.", 'start': 27885.41, 'duration': 6.842}], 'summary': 'Exploit available research, find best approach. use nmap or zenmap to scan for backdoor access to secure shell login. utilize metasploit.', 'duration': 26.827, 'max_score': 27865.425, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo27865425.jpg'}, {'end': 27970.636, 'src': 'embed', 'start': 27944.187, 'weight': 3, 'content': [{'end': 27950.089, 'text': 'So when actually pen testing, we need a server or a website to actually pen test things on.', 'start': 27944.187, 'duration': 5.902}, {'end': 27953.09, 'text': 'so normally this is a very illegal thing to do without permission.', 'start': 27950.089, 'duration': 3.001}, {'end': 27960.332, 'text': "So metasploitable has actually created a server with a lot of vulnerabilities on it and it's called metasploitable to.", 'start': 27953.61, 'duration': 6.722}, {'end': 27963.633, 'text': 'so metasploitable to is easily downloadable from this link.', 'start': 27960.332, 'duration': 3.301}, {'end': 27965.514, 'text': "and it's a virtual box file.", 'start': 27964.293, 'duration': 1.221}, {'end': 27970.636, 'text': 'So you guys must have a virtual machine software on your system to actually set this thing up.', 'start': 27965.554, 'duration': 5.082}], 'summary': 'Pen test using metasploitable to, a server with vulnerabilities, easily downloadable as a virtual box file.', 'duration': 26.449, 'max_score': 27944.187, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo27944187.jpg'}, {'end': 28233.465, 'src': 'embed', 'start': 28202.048, 'weight': 2, 'content': [{'end': 28205.33, 'text': 'So help will tell us everything that we can do with this framework.', 'start': 28202.048, 'duration': 3.282}, {'end': 28209.933, 'text': 'So as you guys can see, there are a bunch of commands and the descriptions to go along with it.', 'start': 28205.81, 'duration': 4.123}, {'end': 28213.676, 'text': "Y'all can give it a quick read and find the things that are interesting to you.", 'start': 28210.454, 'duration': 3.222}, {'end': 28217.752, 'text': 'So as you guys can see, banner is display an awesome Metasploit banner.', 'start': 28214.329, 'duration': 3.423}, {'end': 28219.133, 'text': 'You all can change the banner.', 'start': 28217.772, 'duration': 1.361}, {'end': 28224.417, 'text': "As you guys can see, there are a lot of juicy commands, like there's a banner command, which I just had used.", 'start': 28219.714, 'duration': 4.703}, {'end': 28228.221, 'text': "So if you go and type banner, it'll give you a nice cool banner about Metasploit.", 'start': 28224.578, 'duration': 3.643}, {'end': 28233.465, 'text': 'And there are other commands which work very similar to Linux, like cd, which changes the current directory.', 'start': 28228.561, 'duration': 4.904}], 'summary': "The framework offers various commands, including 'banner' for displaying metasploit banner and 'cd' for changing directories.", 'duration': 31.417, 'max_score': 28202.048, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo28202048.jpg'}, {'end': 28451.746, 'src': 'embed', 'start': 28421.27, 'weight': 1, 'content': [{'end': 28431.627, 'text': "Now suppose you choose your exploit and let's see, let's choose, which one do we wanna use today? We're gonna just use this MySQL hash dump.", 'start': 28421.27, 'duration': 10.357}, {'end': 28434.67, 'text': 'So to actually use this, we have to copy the name.', 'start': 28432.067, 'duration': 2.603}, {'end': 28440.015, 'text': "So double click on it and it'll just select it and then you go Control Shift C in your terminal.", 'start': 28435.09, 'duration': 4.925}, {'end': 28451.746, 'text': 'So that copies it and so if you want some more information about it, you can always go info and then just paste in the name of the exploit.', 'start': 28440.816, 'duration': 10.93}], 'summary': 'Choosing mysql hash dump exploit, copying and using in the terminal.', 'duration': 30.476, 'max_score': 28421.27, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo28421270.jpg'}, {'end': 28564.697, 'src': 'embed', 'start': 28536.286, 'weight': 4, 'content': [{'end': 28543.509, 'text': 'but you need to provide the rhosts, which is the targeting host machine, and the port, and the threads is already set.', 'start': 28536.286, 'duration': 7.223}, {'end': 28546.77, 'text': 'now, suppose you want to set the rhosts.', 'start': 28543.509, 'duration': 3.261}, {'end': 28552.792, 'text': 'so you can just go set our hosts and you can set it to whatever ip address you want like.', 'start': 28546.77, 'duration': 6.022}, {'end': 28562.676, 'text': 'suppose you want to address 192.168.2.56, something like that, so that will set the rhosts.', 'start': 28552.792, 'duration': 9.884}, {'end': 28564.697, 'text': 'you can also set the number of threads.', 'start': 28562.676, 'duration': 2.021}], 'summary': 'To target a host machine, set the rhosts and specify the ip address, e.g., 192.168.2.56.', 'duration': 28.411, 'max_score': 28536.286, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo28536286.jpg'}, {'end': 28645.127, 'src': 'embed', 'start': 28614.506, 'weight': 7, 'content': [{'end': 28618.187, 'text': 'and this will start actually running exploit on the system that you want to.', 'start': 28614.506, 'duration': 3.681}, {'end': 28624.668, 'text': "Now I've put in a very arbitrary IP address and that does not have MySQL port running.", 'start': 28618.667, 'duration': 6.001}, {'end': 28625.988, 'text': 'So our exploit failed.', 'start': 28624.708, 'duration': 1.28}, {'end': 28634.41, 'text': 'Now, once you have tested out your exploit and you want to go back to the main MSF Unix shell, just go ahead and type back.', 'start': 28626.548, 'duration': 7.862}, {'end': 28635.61, 'text': "It's as simple as that.", 'start': 28634.77, 'duration': 0.84}, {'end': 28638.43, 'text': 'So that brings us back to the MSF command line.', 'start': 28636.27, 'duration': 2.16}, {'end': 28640.771, 'text': "So let's go ahead and clear our screen now.", 'start': 28638.89, 'duration': 1.881}, {'end': 28645.127, 'text': "Okay So it's time we do something interesting.", 'start': 28642.251, 'duration': 2.876}], 'summary': 'Running exploit failed on ip without mysql port; return to msf unix shell.', 'duration': 30.621, 'max_score': 28614.506, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo28614506.jpg'}], 'start': 27468.051, 'title': 'Rsa encryption, vulnerability, metasploit, and mysql exploits', 'summary': 'Discusses rsa encryption and decryption, key pair generation, and vulnerability assessment. it also covers using metasploit for penetration testing and mysql exploits, providing comprehensive insights into these topics.', 'chapters': [{'end': 27685.314, 'start': 27468.051, 'title': 'Rsa encryption and decryption', 'summary': 'Discusses rsa encryption and decryption, the generation of key pairs, and the process of encrypting and decrypting messages using public and private keys, with a focus on the use of large prime numbers and the unique parameters involved in the rsa algorithm.', 'duration': 217.263, 'highlights': ['RSA is a commonly used algorithm that is employed throughout the internet and was invented by Ron Rivest, Adi Shamir, and Len Adleman, and it involves the generation of a key pair and encryption/decryption algorithms. RSA is a widely used algorithm invented by Ron Rivest, Adi Shamir, and Len Adleman, involving the generation of key pairs and encryption/decryption algorithms.', 'The process of generating the key pair involves calculating large prime numbers P and Q, determining Phi, and calculating E, where the pair of numbers N and E form the RSA public key system, which is distributed throughout the network. The key pair generation process involves calculating large prime numbers P and Q, determining Phi, and calculating E, where the pair of numbers N and E form the RSA public key system distributed throughout the network.', 'The difficulty in factorizing a large prime number ensures the strength of RSA, and the private key D is calculated from P, Q, and E, with D being the inverse of E modulo Phi. The strength of RSA is ensured by the difficulty in factorizing large prime numbers, and the private key D is calculated from P, Q, and E, with D being the inverse of E modulo Phi.']}, {'end': 28100.435, 'start': 27685.314, 'title': 'Rsa encryption and vulnerability assessment', 'summary': "Explains rsa encryption using 11 and 35 as co-prime numbers, the process of encryption and decryption, and vulnerability assessment's role in identifying and prioritizing vulnerabilities, along with an introduction to metasploit for penetration testing.", 'duration': 415.121, 'highlights': ['RSA encryption process is explained using 11 and 35 as co-prime numbers for e and n, and the decryption process using 5 and 35 for D and N, with the numerical encoding and decoding of messages. The chapter elaborates on the RSA encryption process using 11 and 35 as co-prime numbers for e and n, and the decryption process using 5 and 35 for D and N. It also covers the numerical encoding and decoding of messages.', 'Vulnerability assessment is described as the process of defining, identifying, classifying, and prioritizing vulnerabilities in computer systems and networks, with an emphasis on understanding and reacting to threats appropriately. The chapter provides an overview of vulnerability assessment, defining it as the process of identifying and prioritizing vulnerabilities in computer systems and networks, along with the necessary knowledge and awareness to understand and react to threats appropriately.', 'The chapter introduces Metasploit as a widely used open source framework for penetration testing, explaining its availability on Linux and Windows, its download process, and the purpose of Metasploitable as a vulnerable target machine for practice. The chapter introduces Metasploit as a widely used open source framework for penetration testing, highlighting its availability on Linux and Windows, the download process, and the purpose of Metasploitable as a vulnerable target machine for practice.']}, {'end': 28395.942, 'start': 28100.876, 'title': 'Using metasploit framework', 'summary': 'Covers setting up metasploit, starting postgresql server, navigating msf console, understanding important terms like vulnerability, exploit, and payload, and exploring available exploits using show command.', 'duration': 295.066, 'highlights': ['Metasploit can be started using the command line interface or the GUI interface called Armitage, and PostgreSQL server is started to make it run faster.', 'The MSF console provides a range of commands and features such as displaying banners, changing the banner, and navigating similar to Linux commands.', 'Important terms like vulnerability, exploit, and payload are explained, and the show exploits command displays a list of available exploits with their descriptions, disclosure dates, and ranks.']}, {'end': 28777.271, 'start': 28396.302, 'title': 'Using mysql exploits in penetration testing', 'summary': 'Covers using metasploit to search for and utilize mysql exploits, including extracting password hashes and setting up metasploitable 2 for practice, with a focus on security and ethical testing.', 'duration': 380.969, 'highlights': ['The chapter demonstrates using Metasploit to search for MySQL exploits, making it easier for pen testers to find relevant modules.', 'Using the MySQL hash dump exploit allows for extracting usernames and encrypted password hashes from a MySQL server for further analysis and tracking.', 'Setting up Metasploitable 2 on Oracle VirtualBox with a host-only network manager and DHCP server enables safe and isolated practice of penetration testing.']}], 'duration': 1309.22, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo27468051.jpg', 'highlights': ['RSA is a widely used algorithm involving key pair generation and encryption/decryption.', 'The strength of RSA is ensured by the difficulty in factorizing large prime numbers.', 'The chapter elaborates on the RSA encryption process and the decryption process using numerical encoding and decoding of messages.', 'The chapter provides an overview of vulnerability assessment, defining it as the process of identifying and prioritizing vulnerabilities in computer systems and networks.', 'The chapter introduces Metasploit as a widely used open source framework for penetration testing, highlighting its availability on Linux and Windows, and the purpose of Metasploitable as a vulnerable target machine for practice.', 'Important terms like vulnerability, exploit, and payload are explained, and the show exploits command displays a list of available exploits with their descriptions, disclosure dates, and ranks.', 'The chapter demonstrates using Metasploit to search for MySQL exploits, making it easier for pen testers to find relevant modules.', 'Using the MySQL hash dump exploit allows for extracting usernames and encrypted password hashes from a MySQL server for further analysis and tracking.', 'Setting up Metasploitable 2 on Oracle VirtualBox with a host-only network manager and DHCP server enables safe and isolated practice of penetration testing.', 'Metasploit can be started using the command line interface or the GUI interface called Armitage, and PostgreSQL server is started to make it run faster.', 'The MSF console provides a range of commands and features such as displaying banners, changing the banner, and navigating similar to Linux commands.']}, {'end': 30952.331, 'segs': [{'end': 29094.219, 'src': 'embed', 'start': 29069.242, 'weight': 4, 'content': [{'end': 29076.488, 'text': "So now what we're gonna do is we're gonna gain some backdoor access into this system and we're gonna create a bunch of folders in the home directory.", 'start': 29069.242, 'duration': 7.246}, {'end': 29078.169, 'text': "So let's get on doing that.", 'start': 29076.988, 'duration': 1.181}, {'end': 29087.476, 'text': 'So to do that, we head back to our Metasploit terminal and we go show options as we had already entered our exploit.', 'start': 29078.789, 'duration': 8.687}, {'end': 29089.057, 'text': 'So go show options.', 'start': 29087.836, 'duration': 1.221}, {'end': 29094.219, 'text': 'So as we see, the options that we have to provide is the R host and the port number.', 'start': 29090.157, 'duration': 4.062}], 'summary': 'Gaining backdoor access to the system and creating folders in the home directory using metasploit.', 'duration': 24.977, 'max_score': 29069.242, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo29069242.jpg'}, {'end': 29261.572, 'src': 'embed', 'start': 29240.011, 'weight': 0, 'content': [{'end': 29248.537, 'text': 'So as you guys just saw, we gained a backdoor access into a remote system through a vulnerability that was available to us on the FTP port.', 'start': 29240.011, 'duration': 8.526}, {'end': 29259.091, 'text': 'So we first did that by scanning the entire domain name server of Metasploitable via Nmap and gaining some intelligence as to what ports are running and what ports are actually open.', 'start': 29249.227, 'duration': 9.864}, {'end': 29261.572, 'text': 'Then we found out that the FTP port was open.', 'start': 29259.471, 'duration': 2.101}], 'summary': 'Gained backdoor access through ftp port vulnerability on remote system.', 'duration': 21.561, 'max_score': 29240.011, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo29240011.jpg'}, {'end': 29729.673, 'src': 'embed', 'start': 29702.718, 'weight': 2, 'content': [{'end': 29713.051, 'text': 'And now you can just pass it to nmap with the IL flag and you can say that nmap is going to actually scan all the IP addresses that are in this file.', 'start': 29702.718, 'duration': 10.333}, {'end': 29714.633, 'text': 'So let that just run.', 'start': 29713.492, 'duration': 1.141}, {'end': 29721.342, 'text': "So this will take a little bit of time because it's five IP addresses and it's not really running on the fast mode.", 'start': 29715.214, 'duration': 6.128}, {'end': 29725.869, 'text': '83% of our work is done.', 'start': 29724.147, 'duration': 1.722}, {'end': 29729.673, 'text': 'Okay, so as we see our scan has been completed.', 'start': 29725.889, 'duration': 3.784}], 'summary': 'Nmap scanned 5 ip addresses, taking some time, and completed 83% of the work.', 'duration': 26.955, 'max_score': 29702.718, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo29702718.jpg'}, {'end': 30685.498, 'src': 'embed', 'start': 30659.884, 'weight': 3, 'content': [{'end': 30665.249, 'text': 'Let me just increase the security level and see what changes has to be done in this attack.', 'start': 30659.884, 'duration': 5.365}, {'end': 30670.455, 'text': "So I'll just increase the level to medium I click the reflected cross-site scripting attack again.", 'start': 30665.569, 'duration': 4.886}, {'end': 30672.316, 'text': 'Now, let me give the same input.', 'start': 30670.736, 'duration': 1.58}, {'end': 30682.998, 'text': "Let me give script alert and some string, and I'll just close the script tag and hit the submit button so you can see that previously,", 'start': 30672.356, 'duration': 10.642}, {'end': 30685.498, 'text': 'when the security was low, you saw a pop-up.', 'start': 30682.998, 'duration': 2.5}], 'summary': 'Increasing security level to medium prevents pop-up in cross-site scripting attack.', 'duration': 25.614, 'max_score': 30659.884, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo30659884.jpg'}], 'start': 28777.631, 'title': 'Network security vulnerabilities', 'summary': 'Covers exploiting vulnerabilities on the metasploitable server, website scanning using nmap, understanding network scans, and cross-site scripting attacks, with quantifiable data on scan times and percentage completion, detailed information on the number of hops taken, and the impact of attacks at different security levels.', 'chapters': [{'end': 29351.987, 'start': 28777.631, 'title': 'Exploiting metasploitable server with metasploit', 'summary': 'Discusses exploiting vulnerabilities on the metasploitable server, including using nmap to identify open ports and using metasploit to gain backdoor access through an ftp vulnerability, resulting in remote system access and file manipulation.', 'duration': 574.356, 'highlights': ['Nmap is used to identify open ports on the Metasploitable server, revealing FTP, SSH, Telnet, SMTP, and HTTP ports, leading to successful exploitation of vulnerabilities.', 'Using Metasploit, the FTP vulnerability (vsftpd 2.3.4) is exploited to gain backdoor access to the Metasploitable server, allowing manipulation of files and folders in the remote system.', 'The installation and configuration of Metasploitable are briefly mentioned before the focus shifts to exploiting vulnerabilities using nmap and Metasploit.', 'The process of gaining root access through the backdoor is detailed, demonstrating the successful exploitation of the FTP vulnerability on the Metasploitable server.']}, {'end': 29898.326, 'start': 29352.067, 'title': 'Nmap for website scanning', 'summary': 'Demonstrates how to use nmap to scan a website, including scanning a domain name service, using flags and options, scanning multiple hosts, understanding states, using the f flag to speed up scanning, giving nmap a target list, and scanning specific ports with quantifiable data such as scan times and percentage completion.', 'duration': 546.259, 'highlights': ['The chapter demonstrates how to use Nmap to scan a website, including scanning a domain name service, using flags and options, scanning multiple hosts, understanding states, using the F flag to speed up scanning, giving Nmap a target list, and scanning specific ports.', 'The scan of www.edureka.co took 13.71 seconds, revealing ports 22, 25, 80, 111, and 443, as well as the public IP of the DNS server.', 'Using the F flag, the scan of 30 IP addresses took 29.91 seconds, considerably speeding up the scanning process.', 'An aggressive scan of edureka.co took 459 seconds, providing additional information such as trace routes.']}, {'end': 30231.388, 'start': 29898.326, 'title': 'Understanding network scans', 'summary': 'Discusses the process of network scans using nmap, including the use of traceroute to analyze the route taken by packets, identifying service versions and operating systems, and saving scan results in a file, with detailed information on the number of hops taken, the time taken for scans, and the methods for saving scan results and using verbose mode for detailed scan information.', 'duration': 333.062, 'highlights': ['The traceroute process revealed that the packet took 22 hops, passing through various routers and reaching the target server, providing insights into the network path and latency.', "Nmap's service version scan identified specific service versions running on different ports, such as postfix SMTPD and Apache STTPD, facilitating potential vulnerability assessment and security analysis.", "The detailed explanation of saving scan results in a file using Nmap, such as 'results.txt', for further analysis and storage, demonstrating practical use for security analysts working on wide area networks."]}, {'end': 30639.647, 'start': 30231.388, 'title': 'Cross-site scripting attack', 'summary': 'Explains cross-site scripting as a web application hacking technique, detailing its execution, impact on sensitive information, and types of attacks, with a focus on reflected cross-site scripting, demonstrating its exploitation to access sensitive information and session id.', 'duration': 408.259, 'highlights': ['Cross-site scripting is a web application hacking technique, used to steal sensitive information like cookies, session tokens, and other credentials, and can also be used to modify the contents of the website. Cross-site scripting is used to steal sensitive information like cookies, session tokens, and other credentials, and can be used to modify website contents.', 'Reflected cross-site scripting attack is demonstrated, showing how injecting a malicious script through a vulnerable web application allows the attacker to access sensitive information like session IDs, potentially leading to unauthorized access to user accounts. Demonstrates the exploitation of reflected cross-site scripting to access sensitive information like session IDs, potentially leading to unauthorized access to user accounts.']}, {'end': 30952.331, 'start': 30640.007, 'title': 'Cross-site scripting attacks', 'summary': 'Discusses how a cross-site scripting attack can compromise web application security, demonstrating its impact at low, medium, and high security levels and exploring methods to bypass security measures using nested script tags and alternative html/php tags.', 'duration': 312.324, 'highlights': ['By demonstrating the impact of cross-site scripting at low, medium, and high security levels, it is shown how web application security can be compromised, allowing unauthorized access to user accounts and potentially sensitive information.', 'Explaining the concept of using nested script tags to bypass security measures, it is demonstrated how the web application eliminates the main script tag but fails to prevent the execution of a nested script tag, ultimately allowing the malicious code to be executed.', 'The use of alternative HTML/PHP tags, such as the image tag with an on mouse over function, is explored as a method to bypass security measures and execute malicious code, demonstrating the potential risk of stored cross-site scripting attacks.', 'The code used to sanitize input on the web application is revealed, indicating the use of regular expressions to replace script tags with blank spaces or empty characters, effectively preventing the use of script tags to execute malicious code.', 'The chapter concludes by emphasizing the potential risks of reflected and stored cross-site scripting attacks, highlighting the need for robust security measures to mitigate the vulnerabilities exploited in these scenarios.']}], 'duration': 2174.7, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo28777631.jpg', 'highlights': ['Nmap identifies open ports on Metasploitable server, leading to successful exploitation.', 'FTP vulnerability (vsftpd 2.3.4) exploited to gain backdoor access to Metasploitable server.', 'Nmap scan of www.edureka.co took 13.71 seconds, revealing specific open ports.', 'Traceroute process revealed packet took 22 hops, providing insights into network path and latency.', 'Demonstrates impact of cross-site scripting at low, medium, and high security levels.']}, {'end': 32260.512, 'segs': [{'end': 31068.789, 'src': 'embed', 'start': 31041.056, 'weight': 2, 'content': [{'end': 31046.759, 'text': 'because this is stored in the database and it is being fest every time I access this web page.', 'start': 31041.056, 'duration': 5.703}, {'end': 31050.28, 'text': "Now what I'm going to do is try to inject some malicious code here.", 'start': 31047.279, 'duration': 3.001}, {'end': 31058.184, 'text': "So I'll give the name as test 2 and then I'll try the first input the direct approach.", 'start': 31050.801, 'duration': 7.383}, {'end': 31064.267, 'text': "And I'll hit the sign guestbook button so you can see that there's a pop-up that appears.", 'start': 31059.825, 'duration': 4.442}, {'end': 31068.789, 'text': 'So this means that this web application is vulnerable to cross-site scripting attack.', 'start': 31064.347, 'duration': 4.442}], 'summary': 'Web application is vulnerable to cross-site scripting attack.', 'duration': 27.733, 'max_score': 31041.056, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo31041056.jpg'}, {'end': 31109.897, 'src': 'embed', 'start': 31086.059, 'weight': 3, 'content': [{'end': 31092.664, 'text': "For example, like I told you about Facebook, when you post something, there's a comment, or when you post something on your timeline,", 'start': 31086.059, 'duration': 6.605}, {'end': 31103.932, 'text': 'you post a status on your timeline and any other user or any other profile accesses that page to view your photos or to look at your status or the comments on any of the posts.', 'start': 31092.664, 'duration': 11.268}, {'end': 31109.897, 'text': 'They basically as a web server to fetch that data and that data is basically stored in a database.', 'start': 31104.333, 'duration': 5.564}], 'summary': 'Facebook data is fetched from a web server, stored in a database.', 'duration': 23.838, 'max_score': 31086.059, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo31086059.jpg'}, {'end': 31150.25, 'src': 'embed', 'start': 31124.866, 'weight': 0, 'content': [{'end': 31129.568, 'text': 'And before trying the next injection, I just clear this guest book, or else every time I refresh,', 'start': 31124.866, 'duration': 4.702}, {'end': 31133.05, 'text': "the malicious code will be executed and I'll see the outputs.", 'start': 31129.568, 'duration': 3.482}, {'end': 31133.871, 'text': "I'll see the pop-ups.", 'start': 31133.11, 'duration': 0.761}, {'end': 31135.872, 'text': 'So let me just clear the guest book.', 'start': 31134.031, 'duration': 1.841}, {'end': 31137.064, 'text': 'All right.', 'start': 31136.744, 'duration': 0.32}, {'end': 31141.686, 'text': "So what I'm going to do is going to type the same input that I gave earlier.", 'start': 31137.404, 'duration': 4.282}, {'end': 31149.069, 'text': "So there'll be test one and the malicious script hit the guestbook button and see that it's not working.", 'start': 31142.146, 'duration': 6.923}, {'end': 31150.25, 'text': "I don't see a pop-up here.", 'start': 31149.21, 'duration': 1.04}], 'summary': 'Clear guest book to prevent execution of malicious code and pop-ups.', 'duration': 25.384, 'max_score': 31124.866, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo31124866.jpg'}, {'end': 31514.345, 'src': 'embed', 'start': 31481.547, 'weight': 5, 'content': [{'end': 31483.148, 'text': "I'll use my malicious script here.", 'start': 31481.547, 'duration': 1.601}, {'end': 31485.95, 'text': 'So the script will be script alert.', 'start': 31483.488, 'duration': 2.462}, {'end': 31489.233, 'text': 'Hello, I will close the script tag.', 'start': 31486.831, 'duration': 2.402}, {'end': 31494.277, 'text': 'So when I executed it, you can see that the pop-up appeared.', 'start': 31490.554, 'duration': 3.723}, {'end': 31502.303, 'text': 'that means in Dom based crosshair scripting, you mainly manipulate the URL that is being used or the URL that is being generated.', 'start': 31494.277, 'duration': 8.026}, {'end': 31504.34, 'text': 'So this is the low level.', 'start': 31502.839, 'duration': 1.501}, {'end': 31507.161, 'text': 'Let me increase the security and change it to high.', 'start': 31504.36, 'duration': 2.801}, {'end': 31514.345, 'text': 'Let me give the same input again script alert.', 'start': 31510.383, 'duration': 3.962}], 'summary': 'Malicious script executed, triggering pop-up. dom based xss manipulation demonstrated.', 'duration': 32.798, 'max_score': 31481.547, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo31481547.jpg'}], 'start': 30952.991, 'title': 'Web security threats', 'summary': 'Discusses stored cross-site scripting, its impact on web applications, and the demonstration of exploiting a vulnerable web page through code injection and bypassing security measures. it also covers two types of cross-site scripting attacks, manipulating the url to inject malicious scripts, and preventive measures including escaping, data validation, sanitization, encoding, response headers, and content security policies. additionally, it explains the fundamentals of dos and ddos attacks, including their types, impact, and execution such as the ping of death attack and reflected attacks using botnets.', 'chapters': [{'end': 31380.486, 'start': 30952.991, 'title': 'Stored cross-site scripting attack', 'summary': 'Explains the concept of stored cross-site scripting, its impact on web applications, and the demonstration of exploiting a vulnerable web page through code injection and bypassing security measures.', 'duration': 427.495, 'highlights': ['The stored cross-site scripting attack involves storing and executing a malicious script on the web server or the database, allowing the script to be executed every time a user accesses the data, demonstrating the impact on web applications like Facebook. Stored cross-site scripting involves the repeated execution of a malicious script on the web server or database, impacting web applications like Facebook.', 'The demonstration shows the successful execution of a malicious script through code injection, exploiting a vulnerable web page and bypassing security measures by manipulating input restrictions and nested script tags. The demonstration illustrates successful code injection, exploitation of a vulnerable web page, and bypassing security measures through input manipulation and nested script tags.', "The web application's security measures are evaluated and bypassed by changing the input's maximum length, utilizing nested script tags, and identifying the use of regular expressions to eliminate script tags, ultimately resorting to using alternative code elements like image tags. The evaluation and bypassing of the web application's security measures involve altering input length, using nested script tags, and identifying the use of regular expressions to eliminate script tags."]}, {'end': 31723.97, 'start': 31381.226, 'title': 'Cross-site scripting attacks', 'summary': 'Discusses two types of cross-site scripting attacks: stored cross-site scripting and dom cross-site scripting, with a focus on manipulating the url to inject malicious scripts and bypassing security levels.', 'duration': 342.744, 'highlights': ['Dom-based cross-site scripting involves manipulating the URL to inject malicious scripts, as demonstrated by injecting a script to create a pop-up, showcasing how the attack occurs on the client side.', 'The web application under medium security is designed to close script tags and set the default language to English, demonstrating how security measures can prevent script injections.', 'The process of manipulating the URL to inject malicious code, as well as bypassing security measures, is detailed, providing insights into the mechanisms of bypassing security levels.']}, {'end': 32007.794, 'start': 31727.512, 'title': 'Web security and cross-site scripting', 'summary': 'Explains how to exploit web design features for cross-site scripting attacks, the types of cross-site scripting attacks, and the preventive measures including escaping, data validation, sanitization, encoding, response headers, and content security policies.', 'duration': 280.282, 'highlights': ['The chapter explains how to exploit web design features for cross-site scripting attacks. It demonstrates using anchor tags to inject malicious scripts using the pound symbol and internal anchor feature of blogs.', "The types of cross-site scripting attacks are reflected, stored, and Dom, and the choice depends on how the web page is designed. It highlights the importance of understanding the web page's vulnerability and design before selecting the type of cross-site scripting attack to execute.", 'Preventive measures for cross-site scripting attacks include escaping, data validation, sanitization, encoding, response headers, and content security policies. It outlines various preventive measures such as escaping special characters, considering all input as a threat, data validation for email IDs, sanitizing input data, encoding output, and using the right response headers and content security policies.']}, {'end': 32260.512, 'start': 32008.054, 'title': 'Understanding ddos attacks', 'summary': 'Explains the fundamentals of dos and ddos attacks, including their types and methodologies, with a focus on their impact and execution, such as the ping of death attack and reflected attacks using botnets.', 'duration': 252.458, 'highlights': ["Ping of Death Attack The ping of death attack exploits the TCP IP protocol's maximum packet size of 65,535 bytes, causing computers to freeze or crash entirely, leading to service unavailability.", "Reflected Attacks with Botnets Attackers use botnets to send connection requests to innocent computers, which appear to come from the victim due to source part spoofing, overloading the victim's computer and causing a crash.", 'Mail Bomb Attack on Email Servers Mail bomb attacks send oversized emails filled with random garbage values to target email servers, causing a sudden spike in load, crashing the servers, and rendering them useless until fixed.', 'Teardrop Attack with Packet Fragmentation The teardrop attack abuses the fragmentation offset field in an IP header, causing overlapping of fragmented packets, leading to service unavailability and rendering the system useless.', 'Distributed Denial-of-Service (DDoS) Attacks DDoS attacks make a service unavailable by bringing down the performance of the machine, often executed from multiple devices to make it difficult to stop the attack and point out the main culprit.']}], 'duration': 1307.521, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo30952991.jpg', 'highlights': ['The stored cross-site scripting attack involves storing and executing a malicious script on the web server or the database, impacting web applications like Facebook.', 'The demonstration illustrates successful code injection, exploitation of a vulnerable web page, and bypassing security measures through input manipulation and nested script tags.', "The web application's security measures are evaluated and bypassed by changing the input's maximum length, utilizing nested script tags, and identifying the use of regular expressions to eliminate script tags.", 'The types of cross-site scripting attacks are reflected, stored, and Dom, and the choice depends on how the web page is designed.', 'Preventive measures for cross-site scripting attacks include escaping, data validation, sanitization, encoding, response headers, and content security policies.', "The ping of death attack exploits the TCP IP protocol's maximum packet size of 65,535 bytes, causing computers to freeze or crash entirely, leading to service unavailability.", "Reflected Attacks with Botnets overload the victim's computer and cause a crash by sending connection requests from innocent computers, appearing to come from the victim due to source part spoofing.", 'Mail bomb attacks send oversized emails filled with random garbage values to target email servers, causing a sudden spike in load, crashing the servers, and rendering them useless until fixed.', 'Distributed Denial-of-Service (DDoS) Attacks make a service unavailable by bringing down the performance of the machine, often executed from multiple devices to make it difficult to stop the attack and point out the main culprit.', 'The chapter explains how to exploit web design features for cross-site scripting attacks, demonstrating using anchor tags to inject malicious scripts using the pound symbol and internal anchor feature of blogs.']}, {'end': 33169.415, 'segs': [{'end': 32616.473, 'src': 'embed', 'start': 32588.243, 'weight': 1, 'content': [{'end': 32594.766, 'text': 'Now this deauthentication is done with a tool called air replay, which is a part of the air crack NG suit of tools.', 'start': 32588.243, 'duration': 6.523}, {'end': 32599.007, 'text': 'Now, let us just see how we can use air replay by opening up the help command.', 'start': 32595.166, 'duration': 3.841}, {'end': 32602.468, 'text': 'So we go dash dash help and this opens up the help command for us.', 'start': 32599.467, 'duration': 3.001}, {'end': 32609.731, 'text': 'Now as you guys can see it shows us that we can send a deauthentication message by typing in the hyphen 0 and then we need to type in the count.', 'start': 32602.548, 'duration': 7.183}, {'end': 32616.473, 'text': 'So what we are going to do is type in hyphen 0 which will send a deauthentication message and now we can type 1 or 0.', 'start': 32610.251, 'duration': 6.222}], 'summary': 'Using air replay tool for deauthentication, can send message with count parameter.', 'duration': 28.23, 'max_score': 32588.243, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo32588243.jpg'}, {'end': 32882.85, 'src': 'embed', 'start': 32855.763, 'weight': 0, 'content': [{'end': 32859.124, 'text': 'So this means we always have to put down our interface first.', 'start': 32855.763, 'duration': 3.361}, {'end': 32860.544, 'text': 'So let me just do that quickly.', 'start': 32859.184, 'duration': 1.36}, {'end': 32866.366, 'text': 'I have config wl01 down and now what we want to do is give ourselves a new MAC address and boom roasted.', 'start': 32860.564, 'duration': 5.802}, {'end': 32869.447, 'text': 'We already have a new MAC address as you guys can see from the new MAC part.', 'start': 32866.466, 'duration': 2.981}, {'end': 32874.828, 'text': 'Now, if we put back our in network interface card and then try and show our MAC address again,', 'start': 32869.767, 'duration': 5.061}, {'end': 32882.85, 'text': 'we see that our current MAC and our permanent MAC are two completely different MAC addresses, and our current MAC and the new MAC are identical.', 'start': 32874.828, 'duration': 8.022}], 'summary': 'Changed interface mac address to new one successfully.', 'duration': 27.087, 'max_score': 32855.763, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo32855763.jpg'}, {'end': 32934.337, 'src': 'embed', 'start': 32908.368, 'weight': 4, 'content': [{'end': 32912.709, 'text': 'Now we want to also get to know what our MAC address is every time.', 'start': 32908.368, 'duration': 4.341}, {'end': 32919.332, 'text': 'So let me just pipe my function through the whole thing and let me just try and grab the new MAC address.', 'start': 32912.809, 'duration': 6.523}, {'end': 32922.833, 'text': 'So MAC changer are WL1 and grep MAC.', 'start': 32919.411, 'duration': 3.422}, {'end': 32926.194, 'text': 'And then we want to put our info card in the monitor mode.', 'start': 32923.053, 'duration': 3.141}, {'end': 32930.016, 'text': 'and then we also want to put up our network interface card.', 'start': 32926.674, 'duration': 3.342}, {'end': 32932.396, 'text': 'Now what we want to do out here is optimize it.', 'start': 32930.256, 'duration': 2.14}, {'end': 32934.337, 'text': "So we can't be attacking constantly.", 'start': 32932.436, 'duration': 1.901}], 'summary': 'Optimizing the process to change mac address and put network interface card in monitor mode to avoid constant attacks.', 'duration': 25.969, 'max_score': 32908.368, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo32908368.jpg'}, {'end': 33074.561, 'src': 'embed', 'start': 33048.906, 'weight': 5, 'content': [{'end': 33055.83, 'text': "Also, my company's Wi-Fi is kind of secure, so every time it senses that a deauthentication message is being sent like that,", 'start': 33048.906, 'duration': 6.924}, {'end': 33058.032, 'text': 'it kind of changes the channel that it is working on.', 'start': 33055.83, 'duration': 2.202}, {'end': 33065.856, 'text': "These guys are really smart smarter than me most of the time and this time I'm just going to try and force them to work on Channel 6.", 'start': 33058.732, 'duration': 7.124}, {'end': 33067.677, 'text': 'So let me just go ahead and run my script once.', 'start': 33065.856, 'duration': 1.821}, {'end': 33071.178, 'text': 'Okay, so let me just check that they are still working on Channel 6.', 'start': 33068.337, 'duration': 2.841}, {'end': 33074.561, 'text': "Yep They're still working on Channel 6.", 'start': 33071.178, 'duration': 3.383}], 'summary': "Company's wi-fi changes channel to secure against deauthentication messages; successfully forces attackers to work on channel 6.", 'duration': 25.655, 'max_score': 33048.906, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo33048906.jpg'}, {'end': 33115.72, 'src': 'embed', 'start': 33089.688, 'weight': 3, 'content': [{'end': 33094.771, 'text': 'Okay, so now that that is done and we have Mac IDs and everything set up properly.', 'start': 33089.688, 'duration': 5.083}, {'end': 33096.133, 'text': 'Let me just show you how to run the script.', 'start': 33094.811, 'duration': 1.322}, {'end': 33100.356, 'text': 'So you go dot and backward slash and then you said dos, dos, sh.', 'start': 33096.673, 'duration': 3.683}, {'end': 33103.438, 'text': 'Now you see that our thing is working on channel eight.', 'start': 33100.735, 'duration': 2.703}, {'end': 33108.102, 'text': 'So this will definitely not work and say that BSS ID is not there.', 'start': 33103.498, 'duration': 4.604}, {'end': 33115.72, 'text': 'So what we need to do, as I had showed to you guys earlier, we can go iwconfig wl1 and change the channel to channel six.', 'start': 33108.792, 'duration': 6.928}], 'summary': 'Demonstrating script execution with mac ids. switching channel to six for iwconfig wl1.', 'duration': 26.032, 'max_score': 33089.688, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo33089688.jpg'}], 'start': 32260.512, 'title': 'Ddos attacks and network disruption', 'summary': 'Covers theoretical explanation, practical demonstration, and automation of ddos attacks, including deauthentication attacks, applicable in public locations, potentially causing network disruption.', 'chapters': [{'end': 32299.311, 'start': 32260.512, 'title': 'Ddos attack: theoretical explanation and practical demonstration', 'summary': 'Explains the theoretical aspect of the teardrop attack and ddos, followed by a practical demonstration of performing a ddos attack on a wireless network, applicable in various public locations like starbucks, libraries, or college institutions.', 'duration': 38.799, 'highlights': ['The chapter explains the theoretical aspect of teardrop attacks and denial of service conditions on servers.', 'The video provides a practical demonstration of performing a DDoS attack on a wireless network in public locations like Starbucks, libraries, or college institutions.']}, {'end': 32705.79, 'start': 32300.029, 'title': 'Setting up network card and dos attack', 'summary': 'Demonstrates setting up a wireless network card in monitor mode, installing aircrackng and macchanger, and performing a deauthentication (dos) attack on a specific router, continuously deauthenticating connected devices to render the router unusable.', 'duration': 405.761, 'highlights': ["Setting up Network Card in Monitor Mode The chapter starts by explaining the process of setting up a wireless network card in monitor mode, including checking the wireless card's name using ifconfig, installing aircrackng and macchanger, and configuring the network interface card into monitor mode with ifconfig and iwconfig commands.", 'Checking for Sub-processes and Killing Interference The demonstration involves checking for sub-processes that may interfere with the scanning process using airmonng check, killing the interfering processes, and ensuring the readiness for the scan by verifying the absence of interfering sub-processes.', 'Performing a Dump Scan on Access Points The chapter covers performing a dump scan on the network interface card to discover available access points, displaying information such as BSS IDs, power of the signal, beacons, data, channels, and MAC IDs (BSS IDs) tied to ESS IDs, facilitating the selection of a router for a DOS attack.', 'Executing a Deauthentication (DOS) Attack The chapter details the process of executing a deauthentication (DOS) attack on a specific router, utilizing the air replay tool to send deauthentication messages continuously to deauthenticate all devices connected to the router, rendering it unusable.']}, {'end': 33169.415, 'start': 32706.551, 'title': 'Automating ddos attack and mac address spoofing', 'summary': "Demonstrates how to automate a ddos attack from a single machine, optimize the code to appear as if it's running from multiple machines, and continuously change the mac address to evade detection, using a script file to send deauthentication messages, change mac address, and run the attack, potentially causing network disruption.", 'duration': 462.864, 'highlights': ["The chapter demonstrates how to automate a DDoS attack from a single machine and optimize the code to appear as if it's running from multiple machines. Automating a DDoS attack, optimizing code to appear multi-source.", 'The script file automates the process of sending deauthentication messages and changing the MAC address, potentially causing network disruption. Script automates deauthentication messages, changes MAC address, potential network disruption.', 'Continuous change of MAC address is shown to confuse and potentially disrupt network operations, as the MAC address changes with each deauthentication message sent. Continuous MAC address change, potential network disruption.']}], 'duration': 908.903, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo32260512.jpg', 'highlights': ['Executing a Deauthentication (DOS) Attack on a specific router using air replay tool', 'Performing a Dump Scan on Access Points to discover available access points', 'Setting up Network Card in Monitor Mode and configuring it with ifconfig and iwconfig commands', 'Theoretical explanation of teardrop attacks and denial of service conditions on servers', "Automating a DDoS attack from a single machine and optimizing the code to appear as if it's running from multiple machines", 'Continuous change of MAC address to confuse and potentially disrupt network operations']}, {'end': 34268.968, 'segs': [{'end': 33321.686, 'src': 'embed', 'start': 33299.956, 'weight': 4, 'content': [{'end': 33308.92, 'text': 'You can consider the example of your Gmail account your email ID your Facebook account your Twitter Instagram and even your internet banking services.', 'start': 33299.956, 'duration': 8.964}, {'end': 33317.084, 'text': 'So the first thing you have to do in order to use the features or the functions of this app web application is to log in into the web application.', 'start': 33309.04, 'duration': 8.044}, {'end': 33321.686, 'text': 'So what you usually do is you enter the username then you enter the password.', 'start': 33317.663, 'duration': 4.023}], 'summary': 'To use the app, log in with username and password for various accounts.', 'duration': 21.73, 'max_score': 33299.956, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo33299956.jpg'}, {'end': 33371.297, 'src': 'embed', 'start': 33342.959, 'weight': 0, 'content': [{'end': 33347.42, 'text': 'So, when you hit the login button, after entering the username and the password,', 'start': 33342.959, 'duration': 4.461}, {'end': 33352.542, 'text': 'that input information is sent to the database and it is cross-checked with a table.', 'start': 33347.42, 'duration': 5.122}, {'end': 33362.33, 'text': "So if there is any user with that username and the password to that username is right, then there's a successful match and there's a successful login.", 'start': 33352.623, 'duration': 9.707}, {'end': 33371.297, 'text': 'and if there is no user with that particular username, or if there is a user with that particular username but the password to that username is wrong,', 'start': 33362.33, 'duration': 8.967}], 'summary': 'Login process checks input with database for successful match.', 'duration': 28.338, 'max_score': 33342.959, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo33342959.jpg'}], 'start': 33169.756, 'title': 'Sql injection', 'summary': 'Covers the concept, impact, and working mechanism of sql injection with examples, including how it manipulates sql queries to execute malicious statements, ultimately compromising database servers. it also explains the or logic gate manipulation in a web application to achieve a successful login and presents methods to prevent sql injection attacks.', 'chapters': [{'end': 33321.686, 'start': 33169.756, 'title': 'Understanding sql injection', 'summary': 'Covers the concept of sql injection, including its definition, working mechanism, and potential impact, with an example and an explanation of how it can be used to execute malicious sql statements, ultimately leading to the compromise of database servers.', 'duration': 151.93, 'highlights': ['SQL injection is a code injection technique used to execute malicious SQL statements on a database, enabling the takeover of database servers. (Relevance: 5)', 'SQL injection involves manipulating a database query to make it perform unintended actions by injecting malicious strings, potentially compromising the security of web applications. (Relevance: 4)', 'An example of SQL injection is illustrated through the scenario of a web application using a database, where the query is manipulated to execute malicious actions on the database. (Relevance: 3)', 'Web applications that use databases are susceptible to SQL injection, ultimately posing a security threat by allowing unauthorized access and manipulation of data. (Relevance: 2)', 'SQL injection can be used to exploit web applications that require user login, such as email, social media, and banking services, potentially leading to unauthorized access to sensitive information. (Relevance: 1)']}, {'end': 33678.284, 'start': 33322.353, 'title': 'Sql injection attack', 'summary': 'Explains how a sql injection attack manipulates a sql query in a web application to always return true, leading to a successful login, by using the or logic gate and a specific malicious input, regardless of the username or password.', 'duration': 355.931, 'highlights': ['SQL injection attack manipulates a SQL query to always return true Explains how a SQL injection attack manipulates a SQL query in a web application to always return true, leading to a successful login.', 'Use of OR logic gate in SQL injection attack Describes the use of an OR logic gate to manipulate the SQL query and ensure it always returns true, regardless of the input.', "Specific malicious input for SQL injection attack Details the specific input 'inverted comma space or 1 equal to 1 hyphen hyphen space' used to manipulate the SQL query and always return true.", 'Explanation of OR logic gate behavior Explains the behavior of the OR logic gate, where if one input is true, the output is always true, and how it is exploited in the SQL injection attack.']}, {'end': 34268.968, 'start': 33678.804, 'title': 'Understanding sql injection attack', 'summary': 'Explains how sql injection works, demonstrates using sql injection to attack a web application using get and post methods, and then presents a method to prevent sql injection attacks.', 'duration': 590.164, 'highlights': ['The chapter demonstrates using SQL injection to attack a web application using GET and POST methods, showing successful login attempts using a malicious string and highlighting the visibility of data in the URL for the GET method, and the prevention of data visibility in the URL for the POST method.', 'The chapter explains the use of double hyphens to comment out the rest of the SQL query, allowing the injection of a malicious string to bypass the login process, resulting in a successful SQL injection attack.', 'The chapter presents a method to prevent SQL injection attacks by using the prepare and bind parameter functions to bind the user input as a string, effectively considering the entire malicious string as a string and preventing it from being interpreted as logic in the code.']}], 'duration': 1099.212, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo33169756.jpg', 'highlights': ['SQL injection is a code injection technique used to execute malicious SQL statements on a database, enabling the takeover of database servers. (Relevance: 5)', 'SQL injection involves manipulating a database query to make it perform unintended actions by injecting malicious strings, potentially compromising the security of web applications. (Relevance: 4)', 'An example of SQL injection is illustrated through the scenario of a web application using a database, where the query is manipulated to execute malicious actions on the database. (Relevance: 3)', 'Web applications that use databases are susceptible to SQL injection, ultimately posing a security threat by allowing unauthorized access and manipulation of data. (Relevance: 2)', 'SQL injection can be used to exploit web applications that require user login, potentially leading to unauthorized access to sensitive information. (Relevance: 1)', 'SQL injection attack manipulates a SQL query to always return true, leading to a successful login. (Relevance: 1)', 'Describes the use of an OR logic gate to manipulate the SQL query and ensure it always returns true, regardless of the input. (Relevance: 1)', "Details the specific input 'inverted comma space or 1 equal to 1 hyphen hyphen space' used to manipulate the SQL query and always return true. (Relevance: 1)", 'Explains the behavior of the OR logic gate, where if one input is true, the output is always true, and how it is exploited in the SQL injection attack. (Relevance: 1)', 'The chapter demonstrates using SQL injection to attack a web application using GET and POST methods, showing successful login attempts using a malicious string and highlighting the visibility of data in the URL for the GET method, and the prevention of data visibility in the URL for the POST method. (Relevance: 1)', 'The chapter explains the use of double hyphens to comment out the rest of the SQL query, allowing the injection of a malicious string to bypass the login process, resulting in a successful SQL injection attack. (Relevance: 1)', 'The chapter presents a method to prevent SQL injection attacks by using the prepare and bind parameter functions to bind the user input as a string, effectively considering the entire malicious string as a string and preventing it from being interpreted as logic in the code. (Relevance: 1)']}, {'end': 35621.064, 'segs': [{'end': 34651.968, 'src': 'embed', 'start': 34623.829, 'weight': 3, 'content': [{'end': 34626.29, 'text': 'There are a lot of ways to hide your information inside an image.', 'start': 34623.829, 'duration': 2.461}, {'end': 34634.562, 'text': "Common approach includes LSB steganography, which we'll be discussing in detail later, and then there is masking and filtering,", 'start': 34627.02, 'duration': 7.542}, {'end': 34639.004, 'text': 'some sort of encryption techniques and many others moving on audio steganography.', 'start': 34634.562, 'duration': 4.442}, {'end': 34642.465, 'text': 'It sounds according to its name in audio steganography,', 'start': 34639.444, 'duration': 3.021}, {'end': 34648.467, 'text': 'secret message is embedded into an audio signal which alters the binary sequence of corresponding audio file.', 'start': 34642.465, 'duration': 6.002}, {'end': 34651.968, 'text': 'Then there is video steganography and video steganography.', 'start': 34648.887, 'duration': 3.081}], 'summary': 'Various methods of hiding information include lsb steganography, masking, and filtering, as well as audio and video steganography.', 'duration': 28.139, 'max_score': 34623.829, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo34623829.jpg'}, {'end': 34727.514, 'src': 'embed', 'start': 34701.445, 'weight': 0, 'content': [{'end': 34709.27, 'text': 'email that contains the files embedded within hidden information using steganography can be very difficult to detect, as well as read.', 'start': 34701.445, 'duration': 7.825}, {'end': 34713.113, 'text': 'Now that we have learned of different types of steganography,', 'start': 34709.831, 'duration': 3.282}, {'end': 34718.216, 'text': "let's take a look at few features that a steganography technique must and should possess.", 'start': 34713.113, 'duration': 5.103}, {'end': 34723.082, 'text': "I'm sure you can see an image of an adorable and cute kitten on the screen right?", 'start': 34719.091, 'duration': 3.991}, {'end': 34727.514, 'text': "Well, that's our cover image or the file where we store our secret data.", 'start': 34723.443, 'duration': 4.071}], 'summary': 'Detecting steganography in emails can be challenging; it requires specific features and uses cover images to hide data.', 'duration': 26.069, 'max_score': 34701.445, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo34701445.jpg'}, {'end': 34936.304, 'src': 'embed', 'start': 34908.085, 'weight': 2, 'content': [{'end': 34910.988, 'text': 'So this is where our steganographic encoding process ends.', 'start': 34908.085, 'duration': 2.903}, {'end': 34920.274, 'text': 'Now, if, on the other end, receiver wants to extract the secret message, all he has to do is feed the stigo object into steganographic decoder,', 'start': 34911.528, 'duration': 8.746}, {'end': 34927.138, 'text': 'which also takes key as one of its input, and then, as a result, he gets secret message which was intended for him.', 'start': 34920.274, 'duration': 6.864}, {'end': 34930.18, 'text': "So, like I said, it's a very simple process, right?", 'start': 34927.658, 'duration': 2.522}, {'end': 34936.304, 'text': 'So, if I summarize, you have your cover file, which could be image, audio or anything, and then you have your secret message.', 'start': 34930.54, 'duration': 5.764}], 'summary': 'Steganographic process: cover file + secret message = simple extraction.', 'duration': 28.219, 'max_score': 34908.085, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo34908085.jpg'}, {'end': 35171.302, 'src': 'embed', 'start': 35144.02, 'weight': 5, 'content': [{'end': 35149.644, 'text': 'So, by mixing the 8-bit binary red, green and blue values, pixel can be any color,', 'start': 35144.02, 'duration': 5.624}, {'end': 35153.267, 'text': 'and the color is usually determined by number of bits used to represent it.', 'start': 35149.644, 'duration': 3.623}, {'end': 35157.831, 'text': 'Well in this case, we are using 8 bits so we can display for about 250 colors.', 'start': 35153.668, 'duration': 4.163}, {'end': 35164.877, 'text': 'Moving on when we are working with binary values, we have more significant bits and less significant bits.', 'start': 35158.992, 'duration': 5.885}, {'end': 35171.302, 'text': 'The leftmost bit is the most significant bit on the other hand rightmost bit is the less significant bit.', 'start': 35165.377, 'duration': 5.925}], 'summary': '8-bit binary values can display around 250 colors; more and less significant bits explained.', 'duration': 27.282, 'max_score': 35144.02, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo35144020.jpg'}, {'end': 35552.675, 'src': 'embed', 'start': 35507.295, 'weight': 1, 'content': [{'end': 35511.698, 'text': "please do post your email IDs in the comment section below and we'll get back to you with the code.", 'start': 35507.295, 'duration': 4.403}, {'end': 35513.279, 'text': "Now, let's get started with the demo.", 'start': 35512.078, 'duration': 1.201}, {'end': 35516.201, 'text': "So guys, I'll be using my Ubuntu system here.", 'start': 35513.92, 'duration': 2.281}, {'end': 35518.942, 'text': 'So as you can see, I have a code.', 'start': 35516.921, 'duration': 2.021}, {'end': 35520.083, 'text': 'Let me show it to you guys.', 'start': 35518.982, 'duration': 1.101}, {'end': 35523.324, 'text': 'I have code here and have certain images of different formats.', 'start': 35520.483, 'duration': 2.841}, {'end': 35526.465, 'text': 'I have one of JPG and one of PNG as well.', 'start': 35523.404, 'duration': 3.061}, {'end': 35529.006, 'text': 'Okay, let me delete this file, move to trash.', 'start': 35526.485, 'duration': 2.521}, {'end': 35533.448, 'text': 'So going back to terminal, let me show you guys the code first.', 'start': 35529.626, 'duration': 3.822}, {'end': 35536.749, 'text': 'The file name was hideify.', 'start': 35533.848, 'duration': 2.901}, {'end': 35540.411, 'text': "Okay, I think I've misspelled it wrong anyway.", 'start': 35537.91, 'duration': 2.501}, {'end': 35542.031, 'text': 'Let me just check it anyway.', 'start': 35541.011, 'duration': 1.02}, {'end': 35542.792, 'text': "It's HIDs.", 'start': 35542.592, 'duration': 0.2}, {'end': 35546.79, 'text': 'Sleemistic hide.py.', 'start': 35544.688, 'duration': 2.102}, {'end': 35548.311, 'text': 'Here we go guys.', 'start': 35547.511, 'duration': 0.8}, {'end': 35552.675, 'text': "I already have code because I've already extracted it from git and I'm using it here.", 'start': 35548.331, 'duration': 4.344}], 'summary': 'Demo of file manipulation on ubuntu system with code and images.', 'duration': 45.38, 'max_score': 35507.295, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo35507295.jpg'}, {'end': 35624.225, 'src': 'embed', 'start': 35596.679, 'weight': 4, 'content': [{'end': 35599.235, 'text': 'okay, So, as you can see, I have pip install.', 'start': 35596.679, 'duration': 2.556}, {'end': 35601.896, 'text': "And suppose if you don't have, please do install it.", 'start': 35599.795, 'duration': 2.101}, {'end': 35603.136, 'text': 'The command is simple.', 'start': 35602.276, 'duration': 0.86}, {'end': 35608.799, 'text': 'All you have to do is the sudo apt install python3pip.', 'start': 35603.176, 'duration': 5.623}, {'end': 35609.559, 'text': "That's it.", 'start': 35609.199, 'duration': 0.36}, {'end': 35611.52, 'text': "Just click enter and it'll install.", 'start': 35610.019, 'duration': 1.501}, {'end': 35614.081, 'text': "I'm not doing it again because I already have it installed like you guys saw.", 'start': 35611.54, 'duration': 2.541}, {'end': 35620.484, 'text': "And once you've done that, do install pillow, sudo pip install p-i-l-l-o-w.", 'start': 35614.681, 'duration': 5.803}, {'end': 35621.064, 'text': "That's all.", 'start': 35620.704, 'duration': 0.36}, {'end': 35622.125, 'text': "And then it'll work.", 'start': 35621.444, 'duration': 0.681}, {'end': 35624.225, 'text': "That's just the way of installing pillow library.", 'start': 35622.345, 'duration': 1.88}], 'summary': 'Install pip and pillow library using sudo apt install python3pip and sudo pip install pillow.', 'duration': 27.546, 'max_score': 35596.679, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo35596679.jpg'}], 'start': 34269.489, 'title': 'Preventing sql injection and steganography', 'summary': 'Discusses methods to prevent sql injection, including bind parameter and form validations, and emphasizes the impact on web applications. it also explains steganography techniques, its importance in secret communication, and the risks associated with criminal activities.', 'chapters': [{'end': 34313.376, 'start': 34269.489, 'title': 'Preventing sql injection', 'summary': 'Discusses the various methods to prevent sql injection, including the use of bind parameter and form validations to limit password characters, with emphasis on cross-checking input with database records and the potential impact on web applications.', 'duration': 43.887, 'highlights': ['Cross-checking input with database records is a way to prevent SQL injection, ensuring that even if a malicious string is used, it will not match with the username and password in the database table, leading to unsuccessful login attempts.', 'Using form validations and limiting the characters that can be used as a password are other effective methods to prevent SQL injection, with the approach depending on the spread of the web application.', 'Emphasizing the importance of cross-checking input with database records and the potential impact on web applications when discussing methods to prevent SQL injection.']}, {'end': 34812.013, 'start': 34313.376, 'title': 'Steganography: hiding secrets in plain sight', 'summary': 'Explains the concept and evolution of steganography, its techniques including text, image, audio, video, networks, and email steganography, and the essential features of transparency, robustness, and tamper resistance. it emphasizes the importance and prevalence of steganography in secret communication and its potential risks associated with criminal and terrorist activities.', 'duration': 498.637, 'highlights': ['Steganography conceals the very fact that a message is being communicated, making it an important and prevalent technique in secret communication, with potential misuse by criminal and terrorist organizations. Steganography conceals the very fact that a message is being communicated, making it an important and prevalent technique in secret communication, with potential misuse by criminal and terrorist organizations.', 'The chapter discusses various types of steganography, including text, image, audio, video, networks, and email steganography, each with its unique method of hiding data within different types of media. The chapter discusses various types of steganography, including text, image, audio, video, networks, and email steganography, each with its unique method of hiding data within different types of media.', 'It emphasizes the essential features of transparency, robustness, and tamper resistance that a steganography technique must possess to ensure the successful hiding and protection of the secret message. It emphasizes the essential features of transparency, robustness, and tamper resistance that a steganography technique must possess to ensure the successful hiding and protection of the secret message.', 'The evolution of steganography from ancient practices to modern multimedia-based techniques is explored, highlighting its prevalence and adaptability over time. The evolution of steganography from ancient practices to modern multimedia-based techniques is explored, highlighting its prevalence and adaptability over time.']}, {'end': 35034.804, 'start': 34812.797, 'title': 'Basic steganographic model', 'summary': 'Explains the basic steganographic model, including the process of embedding and extracting secret messages, the use of stego key for added security, and the optional addition of encryption for further security.', 'duration': 222.007, 'highlights': ['The process of embedding secret messages into a cover object involves using a steganographic encoder which takes the cover file, secret message, and key as inputs and generates a stego object. The process of embedding secret messages into a cover object involves using a steganographic encoder which takes the cover file, secret message, and key as inputs and generates a stego object.', 'The stego object, which appears identical to the cover object, is then transmitted to the receiver through a secure communication channel, with or without encryption. The stego object, which appears identical to the cover object, is then transmitted to the receiver through a secure communication channel, with or without encryption.', 'Adding encryption involves encrypting the secret message before feeding it into the steganographic encoder, resulting in a ciphertext. The ciphertext, stego key, and cover file are then used in the embedding process. Adding encryption involves encrypting the secret message before feeding it into the steganographic encoder, resulting in a ciphertext. The ciphertext, stego key, and cover file are then used in the embedding process.']}, {'end': 35621.064, 'start': 35035.364, 'title': 'Lsb steganography demo', 'summary': 'Introduces lsb steganography, a popular technique for hiding secret data inside an image, using the least significant bits to embed the data, which alters the original image slightly and allows for the extraction of the hidden data. it also explains the steps involved in encoding and retrieving the secret text from the stego image.', 'duration': 585.7, 'highlights': ['LSB steganography is a popular technique for hiding secret data inside an image, using the least significant bits to embed the data, which alters the original image slightly and allows for the extraction of the hidden data. LSB steganography is a popular technique for hiding secret data inside an image by replacing the least significant bits of the image with bits of a secret message. This process alters the original image very slightly, allowing for the extraction of the hidden data.', 'The steps involved in encoding and retrieving the secret text from the stego image are explained, including converting the secret text into binary form and replacing the LSB of the cover image with the bits of the secret message. The steps involved in encoding and retrieving the secret text from the stego image are explained, including converting the secret text into its binary form and replacing the LSB of the cover image with the bits of the secret message. The encoding process adds a delimiter to determine the end of the text, while retrieving the message involves extracting the zeros and ones from the stego image and converting them into a string format.', 'The chapter introduces the concept of LSB steganography and provides a small demo on how to use the concept to hide secret text in an image, including the steps involved in the program. The chapter introduces the concept of LSB steganography and provides a small demo on how to use the concept to hide secret text in an image. It explains the steps involved in the program, including encoding the text into the image by storing the secret message bits into the LSB of the image pixels, adding a delimiter to determine the end of the text, and retrieving the embedded message by extracting the zeros and ones from the stego image.']}], 'duration': 1351.575, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo34269489.jpg', 'highlights': ['Using form validations and limiting characters for password prevents SQL injection.', 'Cross-checking input with database records prevents SQL injection.', 'Steganography conceals the fact of communication, important in secret communication.', 'Various types of steganography include text, image, audio, video, and email steganography.', 'Steganography must possess transparency, robustness, and tamper resistance.', 'LSB steganography is a popular technique for hiding secret data inside an image.', 'The process of embedding secret messages involves using a steganographic encoder.', 'Adding encryption involves encrypting the secret message before feeding it into the steganographic encoder.']}, {'end': 37397.148, 'segs': [{'end': 36032.417, 'src': 'embed', 'start': 36001.733, 'weight': 0, 'content': [{'end': 36008.034, 'text': 'So well, you can take this as a base code and create your own code, which performs many things or advanced steganography as well.', 'start': 36001.733, 'duration': 6.301}, {'end': 36010.561, 'text': 'So, basically, to summarize, in this program,', 'start': 36008.519, 'duration': 2.042}, {'end': 36019.527, 'text': 'what we did was we converted our secret message into its binary form and we took the bits in the binary code and replaced the least significant bits,', 'start': 36010.561, 'duration': 8.966}, {'end': 36024.111, 'text': 'or the blue color bits of RGB color model, by these bits of secret message.', 'start': 36019.527, 'duration': 4.584}, {'end': 36024.991, 'text': 'So, basically,', 'start': 36024.471, 'duration': 0.52}, {'end': 36032.417, 'text': "we're replacing the least significant bits so that our cover image that's cover object as well as a stego object both are same and look identical.", 'start': 36024.991, 'duration': 7.426}], 'summary': 'Base code enables advanced steganography by replacing least significant bits in rgb model.', 'duration': 30.684, 'max_score': 36001.733, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo36001733.jpg'}, {'end': 36079.719, 'src': 'embed', 'start': 36055.671, 'weight': 1, 'content': [{'end': 36062.356, 'text': "basically. so we are going to take a look at few such tools and i'm going to show you how to use them, maybe at least two or three.", 'start': 36055.671, 'duration': 6.685}, {'end': 36062.976, 'text': 'so there we go.', 'start': 36062.356, 'duration': 0.62}, {'end': 36064.617, 'text': 'the first tool is to go shoot.', 'start': 36062.976, 'duration': 1.641}, {'end': 36068.039, 'text': 'basically here you can hide any kind of text inside an image.', 'start': 36064.617, 'duration': 3.422}, {'end': 36069.4, 'text': 'then you have to go hide.', 'start': 36068.039, 'duration': 1.361}, {'end': 36073.003, 'text': 'it hides a secret file in an image or audio file.', 'start': 36069.4, 'duration': 3.603}, {'end': 36074.664, 'text': 'then you have style steganography.', 'start': 36073.003, 'duration': 1.661}, {'end': 36079.719, 'text': "It's a free software where you can hide your files inside BMP images or WAV files.", 'start': 36075.174, 'duration': 4.545}], 'summary': "Demonstrating tools for hiding text and files inside images and audio files, including 'goshoost' and 'gohide', and 'style steganography'.", 'duration': 24.048, 'max_score': 36055.671, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo36055671.jpg'}, {'end': 36520.635, 'src': 'embed', 'start': 36496.621, 'weight': 2, 'content': [{'end': 36503.244, 'text': "Well, it's a free software that can be used to hide secret files in BMP that's bitmap images or WAV files.", 'start': 36496.621, 'duration': 6.623}, {'end': 36505.025, 'text': 'Use of this tool is very easy.', 'start': 36503.704, 'duration': 1.321}, {'end': 36511.268, 'text': 'You can just open the software, load any BMP image or WAV file to its interface, and then add a file which you want to hide.', 'start': 36505.065, 'duration': 6.203}, {'end': 36512.929, 'text': 'And this also supports encryption.', 'start': 36511.548, 'duration': 1.381}, {'end': 36514.09, 'text': 'multiple formats.', 'start': 36513.249, 'duration': 0.841}, {'end': 36516.852, 'text': 'Well, instead of telling all this to you, let me just show it to you.', 'start': 36514.45, 'duration': 2.402}, {'end': 36519.194, 'text': 'So as you can see, I have it already installed.', 'start': 36517.272, 'duration': 1.922}, {'end': 36520.635, 'text': "It's just one step installation.", 'start': 36519.214, 'duration': 1.421}], 'summary': 'Free software hides files in bmp or wav, with easy use and one-step installation.', 'duration': 24.014, 'max_score': 36496.621, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo36496621.jpg'}, {'end': 36832.44, 'src': 'embed', 'start': 36805.822, 'weight': 3, 'content': [{'end': 36811.986, 'text': 'You see, ethical hacker perform operations such as scanning open and close port using nmap tool,', 'start': 36805.822, 'duration': 6.164}, {'end': 36815.829, 'text': 'and then ethical hacker is engaged in social engineering methodologies,', 'start': 36811.986, 'duration': 3.843}, {'end': 36824.354, 'text': 'examining patches released to perform various vigorous vulnerability analysis on them, and an ethical hacker will see if he or she can evade an IPS,', 'start': 36815.829, 'duration': 8.525}, {'end': 36827.657, 'text': 'which is nothing but intrusion prevention system honeypots and firewall.', 'start': 36824.354, 'duration': 3.303}, {'end': 36832.44, 'text': 'Ethical hackers can also employ their strategies into sniffing networks,', 'start': 36828.317, 'duration': 4.123}], 'summary': 'Ethical hackers perform scanning, social engineering, vulnerability analysis, evasion, and network sniffing for security testing.', 'duration': 26.618, 'max_score': 36805.822, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo36805822.jpg'}, {'end': 37069.819, 'src': 'embed', 'start': 37045.963, 'weight': 4, 'content': [{'end': 37052.165, 'text': 'according to pay scale, certified ethical hacker in short, CHE owns around $88,000 per annum.', 'start': 37045.963, 'duration': 6.202}, {'end': 37059.248, 'text': 'apart from CHE, few other noteworthy certifications are SANS certification, certified vulnerability assessor,', 'start': 37052.165, 'duration': 7.083}, {'end': 37063.516, 'text': 'certified professional ethical hacker and then certified penetration testing engineer.', 'start': 37059.248, 'duration': 4.268}, {'end': 37065.756, 'text': 'All right now so moving ahead.', 'start': 37064.415, 'duration': 1.341}, {'end': 37069.819, 'text': 'Let me know speak about few of the skills that ethical hackers should have.', 'start': 37065.796, 'duration': 4.023}], 'summary': 'Certified ethical hackers earn around $88,000 per annum. other notable certifications include sans, certified vulnerability assessor, certified professional ethical hacker, and certified penetration testing engineer.', 'duration': 23.856, 'max_score': 37045.963, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo37045963.jpg'}], 'start': 35621.444, 'title': 'Steganography and ethical hacking', 'summary': 'Covers the use of pillow library for steganography, exploring a steganography program and tools, overview of steganography tools, and outlines the roles and importance of ethical hacking in protecting organizations from cyber attacks.', 'chapters': [{'end': 35822.19, 'start': 35621.444, 'title': 'Steganography with pillow library', 'summary': "Covers the use of the pillow library for image manipulation, including encoding and decoding secret messages, hiding and retrieving data, with an emphasis on the functions 'hide' and 'retrieve'. the code also includes a main function for embedding data into an image.", 'duration': 200.746, 'highlights': ["The main functions include encode, decode, hide, and retrieve, with a focus on the 'hide' and 'retrieve' functions. The program consists of four main functions: encode, decode, hide, and retrieve, emphasizing the 'hide' and 'retrieve' functions for manipulating and extracting secret messages from images.", "The 'hide' function takes a file name and message as input, checks the image format, converts the message to binary format, adds a delimiter, and replaces the bits to encode the secret message into the image. The 'hide' function processes the image file and message, converting the message to binary, adding a delimiter, and replacing bits to embed the message into the image.", "The 'retrieve' function extracts data from an image, checks the format, and retrieves the data until it finds the delimiter, indicating the end of the text. The 'retrieve' function extracts data from an image, ensuring proper format, and retrieves the data until the delimiter is found, indicating the end of the text."]}, {'end': 36339.299, 'start': 35822.69, 'title': 'Steganography program and tools', 'summary': "Explores a steganography program using python to embed and extract secret messages within images, where it converts the secret message into binary and replaces the least significant bits of the image to hide the data. additionally, it introduces the 'steghide' tool, an open-source steganography software that hides secret files in images or audio files without noticeable changes, providing a command line interface for embedding and extracting data with options to compress and encrypt files.", 'duration': 516.609, 'highlights': ['The steganography program uses Python to embed and extract secret messages within images. It converts the secret message into binary and replaces the least significant bits of the image to hide the data.', "The 'steghide' tool is an open-source steganography software that hides secret files in images or audio files without noticeable changes. It provides a command line interface for embedding and extracting data with options to compress and encrypt files.", "The 'steghide' tool provides a command line interface for embedding and extracting data with options to compress and encrypt files. It offers various options for embedding and extracting data, such as using cover objects, compressing and encrypting files, and providing information about the embedded data."]}, {'end': 36784.026, 'start': 36339.859, 'title': 'Steganography tools overview', 'summary': 'Covers the usage of steganography tools including stegosuite, xios technography, and suit pixel, showcasing their functionalities and how they can be used to hide and extract secret data from images and files.', 'duration': 444.167, 'highlights': ['Stegosuite usage and functionality Stegosuite is a free steganography tool written in Java, allowing users to easily hide confidential information in image files, and it provides a simple embedding process. It also supports password protection for the embedded data.', 'Xios Technography tool demonstration Xios Technography is a free software for hiding secret files in BMP or WAV files, offering easy usage and supporting encryption in multiple formats. It demonstrates the process of adding and extracting files, showcasing its flexibility in hiding various types of files.', 'Suit Pixel functionality and approach Suit Pixel uses a different approach by using an image file as a key to protect hidden text inside an image, demonstrating its unique method of using one image as a key or passphrase to hide and unhide text inside an image.']}, {'end': 37397.148, 'start': 36790.011, 'title': 'Roles and importance of ethical hacking', 'summary': 'Outlines the diverse roles of ethical hackers, emphasizing the importance of ethical hacking in protecting organizations from cyber attacks, and provides insights on the skills, certifications, and tools essential for aspiring ethical hackers.', 'duration': 607.137, 'highlights': ['Ethical hackers perform various roles such as scanning open and close ports, engaging in social engineering methodologies, and examining patches for vulnerability analysis. Ethical hackers perform a wide range of activities including port scanning, social engineering, and vulnerability analysis.', 'Ethical hacking is crucial due to the increased importance of data privacy and the prevalence of internet-facing business endpoints, with recent hacking incidents leading to substantial financial losses. The importance of ethical hacking is highlighted by the increased significance of data privacy and the impact of recent hacking incidents on businesses.', 'Aspiring ethical hackers need skills in operating systems, networking, and programming, with the ability to predict and prevent security breaches. Skills required for ethical hacking include proficiency in operating systems, networking, and programming, along with the ability to predict and prevent security breaches.', 'Certifications such as Certified Ethical Hacker (CHE) and other industry-recognized credentials are beneficial for aspiring ethical hackers, with CHE certified professionals earning an average of $88,000 per annum. Certifications like Certified Ethical Hacker (CHE) are valuable for ethical hackers, with CHE certified professionals earning an average of $88,000 per annum.', 'Noteworthy ethical hacking tools include Nmap for reconnaissance, Netsparker for web application security testing, Burp Suite for web penetration testing, and Metasploit for pen testing and vulnerability development. Key ethical hacking tools like Nmap, Netsparker, Burp Suite, and Metasploit are essential for reconnaissance, web application testing, and vulnerability development.']}], 'duration': 1775.704, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo35621444.jpg', 'highlights': ['The steganography program uses Python to embed and extract secret messages within images.', "The 'steghide' tool is an open-source steganography software that hides secret files in images or audio files without noticeable changes.", "The 'hide' function takes a file name and message as input, checks the image format, converts the message to binary format, adds a delimiter, and replaces the bits to encode the secret message into the image.", 'Ethical hackers perform various roles such as scanning open and close ports, engaging in social engineering methodologies, and examining patches for vulnerability analysis.', 'Certifications such as Certified Ethical Hacker (CHE) and other industry-recognized credentials are beneficial for aspiring ethical hackers, with CHE certified professionals earning an average of $88,000 per annum.']}, {'end': 39553.302, 'segs': [{'end': 37509.19, 'src': 'embed', 'start': 37471.52, 'weight': 3, 'content': [{'end': 37479.422, 'text': 'performance-wise, symmetric encryption is fast but is more vulnerable, while asymmetric encryption is slightly slower due to high computation.', 'start': 37471.52, 'duration': 7.902}, {'end': 37486.987, 'text': 'Some examples of symmetric are DES and 3DES, while asymmetric, the most popular is RSA and Duffy-Hellman.', 'start': 37480.063, 'duration': 6.924}, {'end': 37489.128, 'text': 'Okay, so time for the next question.', 'start': 37487.607, 'duration': 1.521}, {'end': 37496.451, 'text': 'So what is the CIA triad? Now in this question, the candidates should explain what is CIA triad and what it is used for.', 'start': 37489.808, 'duration': 6.643}, {'end': 37497.752, 'text': "So here's the answer.", 'start': 37496.932, 'duration': 0.82}, {'end': 37505.489, 'text': 'the CIA triad for information security provides a baseline standard for evaluating and implementing information security,', 'start': 37498.388, 'duration': 7.101}, {'end': 37509.19, 'text': 'irrespective of the system and or organization in question,', 'start': 37505.489, 'duration': 3.701}], 'summary': 'Symmetric encryption is faster but more vulnerable, while asymmetric encryption is slightly slower. examples include des, 3des, rsa, and duffy-hellman. the cia triad provides a baseline standard for evaluating and implementing information security.', 'duration': 37.67, 'max_score': 37471.52, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo37471520.jpg'}, {'end': 37797.283, 'src': 'embed', 'start': 37770.228, 'weight': 4, 'content': [{'end': 37774.39, 'text': 'Moving on to the next question is can you explain SSL encryption now?', 'start': 37770.228, 'duration': 4.162}, {'end': 37780.194, 'text': 'SSL stands for secure socket layer and it is a protocol which enables safe conversation between two or more parties.', 'start': 37774.39, 'duration': 5.804}, {'end': 37786.637, 'text': 'It is designed to identify and verify that the person you are talking to on the other end is exactly who they pretend to be.', 'start': 37780.614, 'duration': 6.023}, {'end': 37794.441, 'text': 'We also have HTTPS, which stands for hypertext transfer protocol, secure, which is actually HTTP, combined with SSL,', 'start': 37786.997, 'duration': 7.444}, {'end': 37797.283, 'text': 'which provides you with a safer browsing experience with encryption.', 'start': 37794.441, 'duration': 2.842}], 'summary': 'Ssl encryption ensures safe communication between parties, verifying identities and providing secure browsing experience with encryption.', 'duration': 27.055, 'max_score': 37770.228, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo37770228.jpg'}, {'end': 37895.676, 'src': 'embed', 'start': 37867.632, 'weight': 7, 'content': [{'end': 37871.775, 'text': 'Okay, so the following steps can be ensured to actually prevent identity theft', 'start': 37867.632, 'duration': 4.143}, {'end': 37874.837, 'text': 'First of all ensure a strong and unique password.', 'start': 37872.335, 'duration': 2.502}, {'end': 37880.511, 'text': 'Secondly, avoid sharing confidential information online, especially on social media.', 'start': 37875.609, 'duration': 4.902}, {'end': 37883.452, 'text': 'third, shop from known and trusted websites only.', 'start': 37880.511, 'duration': 2.941}, {'end': 37886.153, 'text': 'fourth, use the latest version of the browsers.', 'start': 37883.452, 'duration': 2.701}, {'end': 37889.614, 'text': 'fifth, installed advanced malware, spywares and tools.', 'start': 37886.153, 'duration': 3.461}, {'end': 37895.676, 'text': 'next, use specialized security solutions against financial data and always update your system and software.', 'start': 37889.614, 'duration': 6.062}], 'summary': 'Prevent identity theft by using strong passwords, avoiding sharing confidential info online, shopping from trusted websites, using latest browser versions, installing security tools, and updating systems regularly.', 'duration': 28.044, 'max_score': 37867.632, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo37867632.jpg'}, {'end': 38080.737, 'src': 'embed', 'start': 38057.182, 'weight': 6, 'content': [{'end': 38065.687, 'text': 'Okay, so DDOS stands for distributed denial of service when a network is flooded with large number of requests which is not recognized to handle,', 'start': 38057.182, 'duration': 8.505}, {'end': 38069.109, 'text': 'making the server unavailable to the legitimate request senders.', 'start': 38065.687, 'duration': 3.422}, {'end': 38073.692, 'text': 'DDOS can be mitigated by analyzing and filtering the traffic in the scrubbing centers,', 'start': 38069.109, 'duration': 4.583}, {'end': 38080.737, 'text': 'and the scrubbing centers are centralized data cleaning stations where in the traffic to a website is analyzed and malicious traffic is removed.', 'start': 38073.692, 'duration': 7.045}], 'summary': 'Ddos floods network with requests, scrubbing centers mitigate by analyzing and filtering traffic.', 'duration': 23.555, 'max_score': 38057.182, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo38057182.jpg'}, {'end': 38125.585, 'src': 'embed', 'start': 38093.57, 'weight': 1, 'content': [{'end': 38095.872, 'text': 'It works like a directory for everything on the internet.', 'start': 38093.57, 'duration': 2.302}, {'end': 38102.598, 'text': 'Thus DNS monitoring is very important since you can easily visit a website without actually having to memorize their IP addresses.', 'start': 38096.292, 'duration': 6.306}, {'end': 38108.24, 'text': 'DNS has an important role in how end users in your enterprise connect to the internet.', 'start': 38103.278, 'duration': 4.962}, {'end': 38116.522, 'text': 'inspecting DNS traffic between clients, devices and your local recursive resolver could be revealing a wealth of information for forensic analysis.', 'start': 38108.24, 'duration': 8.282}, {'end': 38121.164, 'text': 'DNS queries can reveal both botnets and malwares connecting to the CNC server.', 'start': 38116.522, 'duration': 4.642}, {'end': 38125.585, 'text': 'So this is why DNS monitoring is very essential moving on.', 'start': 38121.744, 'duration': 3.841}], 'summary': 'Dns monitoring is crucial for cybersecurity, as it can reveal botnets and malwares connecting to cnc servers, providing valuable forensic information.', 'duration': 32.015, 'max_score': 38093.57, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo38093570.jpg'}, {'end': 38593.416, 'src': 'embed', 'start': 38565.282, 'weight': 2, 'content': [{'end': 38571.205, 'text': 'Now XSS refers to client-side code injection attacks wherein an attacker can execute malicious scripts,', 'start': 38565.282, 'duration': 5.923}, {'end': 38575.967, 'text': 'also commonly referred to as malicious payload into a legitimate website or web application.', 'start': 38571.205, 'duration': 4.762}, {'end': 38586.432, 'text': 'XSS is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.', 'start': 38575.967, 'duration': 10.465}, {'end': 38593.416, 'text': 'By leveraging XSS, an attacker would exploit a vulnerability within a website or web application that the victim would visit,', 'start': 38587.012, 'duration': 6.404}], 'summary': 'Xss is a prevalent web vulnerability, allowing attackers to execute malicious scripts by exploiting unvalidated user input.', 'duration': 28.134, 'max_score': 38565.282, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo38565282.jpg'}, {'end': 38767.794, 'src': 'embed', 'start': 38741.291, 'weight': 8, 'content': [{'end': 38744.794, 'text': 'Moving on to the next question, which is what is ARP and how does it work?', 'start': 38741.291, 'duration': 3.503}, {'end': 38748.688, 'text': 'Okay, so address resolution protocol, or ARP,', 'start': 38745.507, 'duration': 3.181}, {'end': 38755.15, 'text': 'is a protocol for mapping an internet protocol address to a physical machine address that is recognized on the local Network.', 'start': 38748.688, 'duration': 6.462}, {'end': 38762.152, 'text': 'on the topic of how it works, when an incoming packet destined for a host machine on a particular local area Network arrives at a Gateway,', 'start': 38755.15, 'duration': 7.002}, {'end': 38767.794, 'text': 'the Gateway asks the ARP program to find a physical host or Mac address that matches the IP address.', 'start': 38762.152, 'duration': 5.642}], 'summary': 'Arp is a protocol for mapping ip addresses to physical machine addresses on a local network.', 'duration': 26.503, 'max_score': 38741.291, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo38741291.jpg'}, {'end': 38899.903, 'src': 'embed', 'start': 38861.084, 'weight': 0, 'content': [{'end': 38868.889, 'text': 'Now, the applications of artificial intelligence technologies pattern on human thought process to detect threats and protected physical and digital system.', 'start': 38861.084, 'duration': 7.805}, {'end': 38876.113, 'text': 'Self-learning security systems use data mining, pattern recognition and natural language processing to simulate the human brain,', 'start': 38869.509, 'duration': 6.604}, {'end': 38877.794, 'text': 'albeit in a high-powered computer model.', 'start': 38876.113, 'duration': 1.681}, {'end': 38880.516, 'text': 'This is exactly what cognitive cybersecurity is.', 'start': 38878.234, 'duration': 2.282}, {'end': 38883.377, 'text': 'So what is port blocking within LAN??', 'start': 38881.816, 'duration': 1.561}, {'end': 38889.541, 'text': 'Well, restricting the users from accessing a set of services within the local area network is called port blocking.', 'start': 38884.098, 'duration': 5.443}, {'end': 38895.218, 'text': 'stopping the source to not to access the destination node via ports as applications work on the port.', 'start': 38890.154, 'duration': 5.064}, {'end': 38899.903, 'text': 'so ports are blocked to restrict the access, filing up the security holes in the network infrastructure.', 'start': 38895.218, 'duration': 4.685}], 'summary': 'Ai tech mimics human brain in cybersecurity. port blocking restricts lan access.', 'duration': 38.819, 'max_score': 38861.084, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo38861084.jpg'}], 'start': 37397.148, 'title': 'Network security and data protection', 'summary': 'Covers topics such as network-attached storage setup, encryption methods, ssl, tls, tcp session negotiation, bios reset, xss attack, and port blocking, emphasizing the importance of cybersecurity frameworks, dns monitoring, and prevention techniques for cyber threats and attacks.', 'chapters': [{'end': 37769.225, 'start': 37397.148, 'title': 'Network storage and information security', 'summary': 'Explores the setup of a network-attached storage device for streaming and backups, along with discussions on encryption, cia triad, risk assessment, ips vs ids systems, cybersecurity frameworks, and firewall setup.', 'duration': 372.077, 'highlights': ['Encryption and its Importance Encryption is vital for securing data, preventing unauthorized access, and safeguarding personal and classified information.', 'Symmetric vs Asymmetric Encryption Symmetric encryption is faster but more vulnerable, whereas asymmetric encryption is slower due to high computation, with examples such as DES, 3DES, RSA, and Duffy-Hellman.', 'CIA Triad for Information Security The CIA triad ensures confidentiality, integrity, and availability of data, setting a standard for information security implementation across systems and organizations.', 'Risk, Vulnerability, and Threat in a Network Threat refers to potential harm to a system, vulnerability is a weakness exploited by attackers, and risk encompasses potential loss or damage when a threat exploits a vulnerability.', 'Reporting Risk Risk assessment can be quantitative or qualitative, providing a numerical or impact-based approach suitable for both technical and business audiences.', 'IPS vs IDS Systems Intrusion Detection Systems (IDS) detect intrusions for evaluation, while Intrusion Prevention Systems (IPS) take actions to prevent further intrusion, with differences in network positioning.', 'Cybersecurity Frameworks Cybersecurity frameworks offer guidance for organizations to manage and reduce cybersecurity risks, fostering risk and cybersecurity management collaboration among internal and external partners.', 'Weak Information Security Policy Information security policy is considered weak if it does not meet effective criteria, including distribution, review, comprehension, compliance, and uniform availability and understanding among employees.', 'Setting Up a Firewall Configuring a firewall involves modifying default credentials, disabling remote administration, port forwarding, DHCP server management, logging enablement, and policy enforcement.']}, {'end': 38144.478, 'start': 37770.228, 'title': 'Understanding ssl, tls, and network security', 'summary': 'Discusses ssl encryption, tls security, salted hashes, identity theft prevention, man-in-the-middle attack prevention, and differences between encoding, hashing, and encryption, emphasizing the importance of dns monitoring and outlining ways to secure a server, along with mitigating ddos attacks and explaining the three-way handshake in tcp.', 'duration': 374.25, 'highlights': ['SSL encryption and HTTPS provide secure conversation and browsing experience, with SSL being more secure than TLS. SSL and HTTPS enable safe conversation and browsing with encryption, while SSL is more secure than TLS.', 'TLS offers better security features and additional protection to the data, often used together with SSL for enhanced protection. TLS provides better security features and additional data protection, often used alongside SSL for enhanced security.', 'Salted hashes defend against dictionary attacks and known hash attacks by adding random salt value to the password hash. Salted hashes protect against dictionary and known hash attacks by adding random salt value to the password hash.', 'Steps to prevent identity theft include ensuring strong and unique passwords, avoiding sharing confidential information online, shopping from trusted websites, using the latest browser versions and security tools, and protecting social security numbers. Preventing identity theft involves steps like using strong passwords, avoiding sharing confidential information, shopping from trusted websites, using updated security tools, and protecting social security numbers.', 'Preventing man-in-the-middle attacks involves using encryption, avoiding open Wi-Fi networks, and using plugins like HTTPS and TLS. Preventing man-in-the-middle attacks includes using encryption, avoiding open Wi-Fi, and using plugins like HTTPS and TLS.', 'Encoding transforms data for proper consumption, encryption keeps data secret, and hashing ensures data integrity. Encoding transforms data for consumption, encryption keeps data secret, and hashing ensures data integrity.', 'Securing a server involves using SSL for data encryption, setting secure passwords, creating new users, removing remote access from default accounts, and configuring firewall rules. Securing a server includes using SSL, setting secure passwords, creating new users, removing remote access, and configuring firewall rules.', 'DDOS attacks flood networks with requests, mitigated by analyzing and filtering traffic in scrubbing centers. DDOS attacks flood networks with requests, mitigated by analyzing and filtering traffic in scrubbing centers.', 'DNS monitoring is crucial for website accessibility, internet connection, and forensic analysis of botnets and malwares. DNS monitoring is crucial for website accessibility, internet connection, and forensic analysis of botnets and malwares.', 'The TCP three-way handshake sets up a stable connection over IP networks using SYN, SYNAC, and ACK. The TCP three-way handshake sets up a stable connection over IP networks using SYN, SYNAC, and ACK.']}, {'end': 38510.835, 'start': 38144.478, 'title': 'Tcp, hackers, and cyber threats overview', 'summary': 'Covers tcp session negotiation, types of hackers, patch management, application security, penetration testing, traceroute, cyber attacks, and osi layers, including the roles and responsibilities of each layer.', 'duration': 366.357, 'highlights': ['white hat hackers usually have extensive knowledge about breaking into computer networks and bypassing security protocols. White hat hackers are skilled in breaking into computer networks and bypassing security protocols.', 'patch management should be done as soon as it is released for Windows, once the patch is released. It should be applied to all machines not later than one month same goes for network devices. Timely patch management, within one month of release, is essential for both Windows machines and network devices.', 'malware is an all-encompassing term for a variety of cyber threats including Trojans, viruses and worms. Malware encompasses various cyber threats such as Trojans, viruses, and worms.', 'A man-in-the-middle attack is an attack where somebody is impersonating the endpoints in an online information exchange. A man-in-the-middle attack involves impersonating the endpoints in an online information exchange.', 'The chapter covers TCP session negotiation, types of hackers, patch management, application security, penetration testing, traceroute, cyber attacks, and OSI layers, including the roles and responsibilities of each layer. The chapter provides an overview of TCP session negotiation, types of hackers, patch management, application security, penetration testing, traceroute, cyber attacks, and OSI layers.']}, {'end': 38880.516, 'start': 38511.428, 'title': 'Network layer, bios reset, xss and data protection', 'summary': 'Covers topics such as network layer operations, bios reset methods, xss attack, data protection in transit versus at rest, differences between cyber security and network security, prevention of data leakage, arp protocol, 2fa implementation, prevention of brute force login attacks, and cognitive cybersecurity.', 'duration': 369.088, 'highlights': ["XSS Attack Explanation XSS involves injecting malicious scripts into a legitimate website, exploiting unvalidated user input, and using the vulnerable website to deliver a malicious script to the victim's browser.", 'Data Protection in Transit versus at Rest Data in transit is actively moving data protected while traveling from network to network, while data at rest is data stored on a device or network, with different vulnerability profiles and security measures.', 'Cognitive Cybersecurity Definition Cognitive cybersecurity applies artificial intelligence to detect threats and protect both physical and digital systems, using self-learning systems that simulate the human brain with data mining, pattern recognition, and natural language processing.', "BIOS Reset Methods Resetting a password-protected BIOS configuration can be done by removing the CMOS battery, using a jumper or physical switch on the motherboard, or reprogramming the memory itself, with the default password 'password' as a simple option.", 'ARP Protocol Functionality Address Resolution Protocol (ARP) maps an IP address to a physical machine address on the local network and utilizes ARP cache to find the address, or broadcasts a request packet to all machines if no entry is found.']}, {'end': 39553.302, 'start': 38881.816, 'title': 'Port blocking and network security', 'summary': 'Discusses port blocking within lan networks, the difference between vpn and vlan, protocols under the tcp/ip internet layer, and scenarios related to cybersecurity, phishing, and network security.', 'duration': 671.486, 'highlights': ['The chapter discusses port blocking within LAN networks, restricting users from accessing a set of services within the local area network. Port blocking restricts access to services within a LAN network, enhancing network security.', "It explains the difference between VPN and VLAN, where VPN is related to remote access to a company's network, while VLAN logically segregates networks without physically segregating them. VPN ensures data security during transit, while VLAN slices logical networks for management and security purposes.", 'The chapter lists protocols under the TCP/IP internet layer, including Ethernet, PPP, IP, TCP, UDP, and various application layer protocols like NFS, DNS, FTP, and SNMP. The protocols under TCP/IP layers include Ethernet, PPP, IP, TCP, UDP, NFS, DNS, FTP, and SNMP, among others.', 'The scenarios cover phishing attempts, email security, password requirements, and security measures against unauthorized access and malicious programs. The scenarios address phishing attempts, email security, password requirements, and security measures against unauthorized access and malicious programs.']}], 'duration': 2156.154, 'thumbnail': 'https://coursnap.oss-ap-southeast-1.aliyuncs.com/video-capture/lpa8uy4DyMo/pics/lpa8uy4DyMo37397148.jpg', 'highlights': ['Cognitive cybersecurity applies AI to detect threats and protect systems.', 'DNS monitoring is crucial for website accessibility and forensic analysis.', 'XSS involves injecting malicious scripts into a legitimate website.', 'Symmetric encryption is faster but more vulnerable than asymmetric encryption.', 'SSL and HTTPS enable safe conversation and browsing with encryption.', 'The CIA triad ensures confidentiality, integrity, and availability of data.', 'DDOS attacks flood networks with requests, mitigated by analyzing traffic.', 'Preventing identity theft involves using strong passwords and protecting data.', 'ARP maps IP address to physical machine address on the local network.', 'Port blocking restricts access to services within a LAN network.']}], 'highlights': ['Covers a comprehensive 11-hour cybersecurity training for beginners by edureka, including cybersecurity fundamentals, skills, evolution, and reasons for hacking, cybersecurity attacks, prevention, frameworks, tools, implementation, careers, essential skills, certifications, it security certifications, ethical hacking, kali linux essentials, wi-fi security, cryptography, network security vulnerabilities, web security threats, ddos attacks, sql injection, steganography, and data protection, with practical demonstrations and quantifiable data points such as job vacancies in india and the us.', 'Cybersecurity market projected to reach 403 billion USD by 2027 with a CAGR of 13.4%, emphasizing the perpetual demand for cybersecurity professionals.', 'Cybersecurity salaries have a greater growth potential than 90% of other industries, making it an attractive career option with substantial earning potential.', 'India has over 14,000 job vacancies, and the US has over 15,000 job vacancies in cybersecurity.', 'SQL injection is a code injection technique used to execute malicious SQL statements on a database, enabling the takeover of database servers.', 'Ethical hackers perform various roles such as scanning open and close ports, engaging in social engineering methodologies, and examining patches for vulnerability analysis.', 'Cognitive cybersecurity applies AI to detect threats and protect systems.', 'Preventing identity theft involves using strong passwords and protecting data.', 'SSL and HTTPS enable safe conversation and browsing with encryption.', 'The CIA triad ensures confidentiality, integrity, and availability of data.']}