Cybersecurity Full Course 2026 [FREE] | Complete Cybersecurity Training In 24 Hours | Simplilearn

[music] Hi there, welcome to Simply Learns YouTube channel. Today we bring you the cyber security full course, a complete program designed to take you from core security fundamentals to advanced cyber security concepts used in realworld enterprise environments. In today's digital world, cyber security is no longer optional. With the rapid growth of cloud computing, remote work and online transaction, organizations face constant threats such as data breaches, ransomware attacks, fishing and system vulnerabilities. Cyber security professionals play a critical role in protecting systems, networks and data from these threats and ensuring business continuity. In this course, we start with the basics understanding of cyber security concepts, threads and attack vectors and also gradually move into advanced topics such as network security, application security, cloud security and also incident response. You'll learn not just what security tools and techniques are used but why they are used and how attackers think which is essential for building effective defense strategies. By the end of this course, you'll be able to understand security risk, implement basic security controls, analyze threats, and prepare for entrylevel to intermediate cyber security roles. Having said that, let's take a look at the agenda for this course. We will be having total of 12 modules in this full course. Module one is introduction to cyber security. Module two is fundamentals of networking. Module three is operating system fundamentals. Module four is cyber threats and also attack techniques. Module five is network security. Module six is application security. Module seven is cryptography fundamentals. Followed up by module eight which is identity and access management. Module 9 is cloud and infrastructure security. Module 10 is security operation and incident response. Module 11 is governance risk and compliance. Module 12 is real world use cases and career guidance. Hope I made myself clear with this agenda. That said, if these are the type of videos you would like to watch, then hit that subscribe button with the bell icon to get notified whenever we host. Also, just so that you know, if you want to upskill yourself, master ethical hacking and cyber security skills, and land your dream job and grow your career, then you must explore SimplyLearn's cohort of various cyber security and ethical hacking programs. Simply learn offers a variety of masters certification and post-graduate programs in collaboration with some of the world's leading university in certification boards like triple IT Bangalore EC council and many more. Through our courses you will gain knowledge and work ready expertise in skills like vulnerability assessment enterprise security application security penetration testing and over a dozen others. And that's not all. You'll also get the opportunity to work on multiple projects led by industry expert working in top tier companies. After completing these courses, thousands of learners have transitioned into ethical hacking or cyber security roles as a fresher or moved on to highpaying job and profile. If you're passionate about making your career in this field, then make sure to check out the link in the pin comments and in the description box to find an ethical hacking and cyber security program that fits your experience and areas of interest. So let's get started with our cyber security full course with a small quiz. Which of the following best represents the CIA triad in cyber security? Is it confidentiality, integrity, availability or control, inspection, authorize or is it confidentiality, identity, access or is it control, integrity and authentication? Please let us know your answers in the comment section below. Now over to our training experts. With 4.9 billion people using the internet in 2022, [music] cyber security now has to protect users against dangers like viruses, malware, adware and other ransomware attacks. It involves [music] techniques that help secure various digital components like networks, data and [music] computer systems from unauthorized access. The financial impact of these security breaches is massive. Be it for in enterprise environments [music] or for personal computers. Deploying firewalls, using web protection suits, and stronger encryption are just a few ways [music] to bolster your network security. Even job roles in cyber security now range from ethical hacking to security analysts [music] in big firms, providing ample growth opportunities to anyone starting out in the cyber security domain. It's [music] the year 2015, and Richard has just finished playing games on his computer. After a long gaming session, Richard [music] tries to shut it down, but find some random text file on the desktop that says ransom note. The text file mentioned how a hacking group had encrypted [music] Richard's game files and private documents, and he had to pay a ransom of $500 worth of Bitcoin in [music] a specified Bitcoin address. Richard quickly checked his files only [music] to see them being encrypted and unreadable. This is the story of how the Tesla Crypt ransomware spread in 2015, which affected [music] thousands of gamers before releasing the master key used for encrypting the files. So, what is ransomware? [music] For Richard to be targeted by such an attack, he must have installed applications from untrusted [music] sources or clicked an unverified link. Both of them can function as gateways for a ransomware [music] breach. Ransomware is a type of malware that encrypts personal information [music] and documents while demanding a ransom amount to decrypt them. This ransom [music] payment is mainly done using cryptocurrency to ensure anonymity, but can also employ other routes. Once the files are encrypted or locked behind [music] a password, a text files available to the victim, explaining how to make the ransom [music] payment and unlock the files for it. Just like Richard found the ransom note text file on his desktop. Even after the money has been paid, there's no guarantee that the hackers will send [music] the decryption key or unlock the files. But in certain sensitive situations, victims make the payment [music] hoping for the best. Having never been introduced to ransomware attacks before, this gave Richard an [music] opportunity to learn more about this, and he began his research on the topic. The spread [music] of ransomware mostly starts with fishing attacks. To know more about fishing attacks, click the link in the button above. Users tend to click on unknown links received via emails and chat applications, promising rewards of [music] some nature. Once clicked, the ransomware files installed on the system that encrypts all the files or [music] blocks access to computer functions. They can also be spread via malware, transmitted via untrusted application installation, [music] or even a compromised wireless network. Another way to breach a system with ransomware is by using the remote desktop protocol or RDP [music] access. A computer can be accessed remotely using this protocol, allowing a hacker to [music] install malicious software on the system with the owner unaware of these developments. Coming to the different types of ransomware, first we have locker ransomware, which is a type of malware that blocks standard computer functions from [music] being accessed until the payment to the hackers is complete. It shows a lock screen that doesn't allow the victim to use the computer for even basic purposes. Another type is crypto ransomware which encrypts the local files [music] and documents in the computers. Once the files are encrypted, finding the decryption [music] key is impossible unless the ransomware variant is old and the keys are already available on the internet. Scarewware is fake software that claims to have detected a virus or other issue on your computer and directs you to pay to resolve the [music] problem. Some types of scareware lock the computer, while others simply flood the screen with pop-up alerts without actually damaging files. To prevent getting affected by ransomware, Richard could have followed a few steps to [music] further enhance his security. One must always have backups of their data. Cloud storage for backup [music] is easy, but a physical backup in a hard drive is always recommended. Keeping the system updated with the latest security [music] patches is always a good idea. Apart from system updates, one must always have reputed antivirus software installed. Many antivirus software like Kasperski and Bit Defender have anti-ransomware features that periodically check for encryption of private documents. When browsing the internet, a user must always check for the lock symbol on the address bar, which signifies the presence of https [music] protocol for additional security. If a system is infected with ransomware already, there is a website no more ransom.org. It has a collection of decryption tools for most well-known ransomware packages. It can also help decrypt [music] specific encrypted files if the list of anti-ransomware tools didn't help the victim. Malware is a malicious software that is programmed to cause damage to a computer system, network and hardware devices. Many malicious programs like Trojan, viruses, bombs and bots which cause damage to the system are known as malware. Most of the malware programs are designed to steal information from the targeted user or to steal money from the target by stealing sensitive data. Let's take a look at the introduction for two different types of malware virus and Trojan. Firstly, let's take a look what exactly is a virus program. A computer virus is a type of malicious program that on execution replicates itself. They get attached to different files and programs which are termed as host programs by inserting their code. If the attachment succeeds, the targeted program is termed as infected with a computer virus. Now, let's take a look at the Trojan horse. Trojan horse program is a program that disguises itself as a legitimate program, but harms a system on installation. They hide within the attachments and emails, then transfer from one system to another. They create back doors into a system to allow the cyber criminal to steal our information. Let's take a look how they function after getting installed into our system. Firstly, we have virus programs. The computer virus must contain two parts to infect the system. First is a search routine which locates new files and data that is to be infected by the virus program. And the second part is known as the copy routine which is necessary for the program to copy itself into the targeted file which is located by the search routine. Now let's take a look at the Trojan horse functioning. For Trojan horses entry way into our system is through emails that may look legitimate but may have unknown attachments. And when such files are downloaded into the device the Trojan program gets installed and infects the system. They also infect the system on the execution of infected application or the executable file and attacks the system. Now that we understand what virus androgensions are, let's understand different types of virus and trojans. Let's take a look at different types of viruses. The first one is known as the boot sector virus. This type of virus damages the booting section of the system by infecting the master board record which is also known as MBR. This damages the boot sector section by targeting the hard disk of the system. Then we have the macro virus. Macrovirus is a type of virus that gets embedded into the document related data and is executed when the file is open. They also are designed to replicate themselves and infect the system on a larger scale. And lastly, we have the direct action virus. This type of virus gets attached to executable files which on execution activates the virus program and infects the system. Once the infection of the file is completed, they exit the system which is also the reason it is known as a non-resident virus. Let's take a look at different types of Trojans. The first type of Trojan is the backd dooror Trojan. They are designed to create a backdoor in the system on execution of an infected program. They provide remote access of a system to the hacker. This way the cyber criminal can steal our system data and may use it for illegal activities. Next we have cricks trojan. They enter the system by clicking the random pop-ups which we come across on the internet. They attempt the user to give their personal details for different transactions or schemes. which may provide remote access of a system to the cyber criminal. And the last Trojan type is ransom tro. This type of trojan program after entering the system blocks the user from accessing its own system and also affects the system function. The cyber criminal demands a ransom from the targeted user for the removal of the Trojan program from the device. Now that we understand some details regarding viruses and Trojan, let's solve a question. The question is Jake was denied access to his system and he wasn't able to control the data and information in his system. Now the actual question is what could be the reason behind his system's problem? Option A macro virus, option B ransom Trojan, option C backdroion. Give your answers in the comment section. Now let's understand how to detect the activity of viruses and Trojan in a system. To detect virus or Trojan activity in a system, we can refer to the following points. For viruses, we have slowing down of the system and frequent application freeze shows that the infection of the virus is present in the Then we have the viruses can also steal sensitive data including passwords, account details which may lead to unexpected log out from the accounts or corruption of the sensitive data. And lastly we have frequent system crashes due to virus infection which damages the operating system. For Trojan we have frequent system crashes and system also faces slow reaction time. Then we have there are more random pop-ups from the system which may indicate Trojan activity. And lastly we have modification in the system application and change of the desktop appearance can be also due to the infection of a Trojan program. Next let's take a look at a famous cyber attack for virus and a Trojan horse. For virus, we have the myome virus which was identified in the year 2004 which affected over 50 million systems by creating a network of sending spam emails which was to gain back door access into our systems. Next for the Trojan horse we have the emote trojan program which is specifically designed for financial theft and for stealing bank related information. Next we have few points for how to prevent virus entry or trojan attack for a system. The most basic way of virus protection is to using antivirus and do regular virus scan. This will prevent virus entry in the system and also having more than one antivirus provides much better protection. Then avoid visiting uncertified websites can also prevent virus entry into our Then we have using regular driver updates and system updates to prevent virus entry. For Trojan, we have using certified softwares from legal sites to prevent any Trojan activity in our And also avoid clicking random pop-ups that we often see on the internet. And lastly, using antivirus and firewalls for protection against Trojan horses is a good habit. Now that we have reached the end of the video, let's take a look what we learned. For the first part, we saw the main objective of the virus is to harm the data and information in a system. Whereas for the Trojan, we have stealing of the data files and information. Effect of viruses is more drastic in comparison to the Trojan horses. Then we have viruses which are non- remote programs. Whereas Trojan horses are remote accessed and lastly viruses have the ability to replicate itself to harm multiple files whereas Trojan does not have the replication ability. So let's begin with what is SQL injection. As the name suggest SQL injection vulnerability allows an attacker to inject malicious input into a SQL statement. So SQL stands for structured query language which is a language used by an application to interact with a database. Now normally this attack is targeted towards a database to extract uh the data that is stored within. However the vulnerability does not lie in the database itself. The vulnerability will always lie in the application. It is the developer's prerogative of how to develop the application. How to configure it to prevent SQL injection queries from happening. A database is created to answer questions and if a question is asked it is supposed to answer it. Database needs to be configured for some amount of security but the vulnerability the flaw here for SQL injection will always lie in the application itself. It is how the application interacts with the database that needs to be modified that needs to be maintained by the developer rather than just configuring the database itself. So the attacker at this point in time when they send a query to the application will form a malformed query by injecting a particular command or an operator that is recognized by the SQL language. And if that operator is passed through the application to the database then the database basically gets cracked or does a data dump because of that unwanted character coming in. So this character needs to be filtered at the application level itself. Now let's look at a quick demo. So what we have done here is I have this virtual machine called OASP broken web applications virtual machine version 1.2. I'm going to power this on. Till this powers on, I'm going to show you where we can download this uh utility from. So you can just look for OASP broken web application project download. You'll find it on sourceforge.net. Click on the link. You can download the broken web application project from here. This is a 1.9 GB download and you can have a zip machine directly for VMware or Oracle virtual box. Now this is an application that has been developed by OASP which stands for open web application security project which is a not for-profit organization and uh periodically uh releases the most top 10 risks that an application uh will face for that particular year. So they have given a web application uh with inbuilt vulnerabilities for professionals like us to practice upon to develop our skills upon because doing this in the real world is illegal. I cannot go onto a website to demonstrate how a SQL injection attack works. Uh neither should you try your hands on it till you become very well rehearsed with it. So till uh to upgrade your skills to upskill yourself, please download this machine, host it in a VMware workstation or a Oracle virtual box and you can uh then try your skills on it. Right? So uh just going back to the browser here, if I open up uh a new tab, you'll see that this machine has booted up and has an IP address called 71.132. So if I just go onto that IP address and I type in 192 16871.132 [snorts] and you'll see the OASP broken web application project and there are a lot of training applications realistic intentionally vulnerable applications old versions of real applications and so on so forth. So there is a lot of applications inbuilt over here that you can try your skills upon. We are going to try to use the OAS m utility over here. Uh this gives you the uh OAS top 10 risks for 2010 2013. 2017 is the latest one so far. Uh but the difference between 2013 and 2017 is that some of these have changed but not all of them. Uh the order has changed a little bit but you can see that SQL injection is on the top A1 amongst the injection attacks right and you can see there are multiple types that have been given here. the SQL injection for extracting data or SQL injection for bypass authentication or insert your injection uh uh attacks, blind SQL injection and then there is a tool called SQL map which is available freely on your Linux machines Kali Linux or Parrot Linux whichever you want to use uh for your practice targets and so on so forth. So if I just take you here for bypass authentication and this is a regular login page that an application may have right you look at a username you look at password you type that in and you log in so let's say I don't know a password here I'm just going to type in a username test password is PS I try to log in and it shows me that the account does not exist so the authentication mechanism does work the I did try type in a username and password it wasn't recognized with account does not exist. Now let's try to type in a SQL query here. I'm going to just give it a single quote which is an operator that is recognized by the SQL language which when the database tries to execute uh will cause the database to uh dump some data or to bypass authentication in this case. And I'm going to give it a condition single quote or 1 = 1 space - space and I'm going to click on login. Now right now I'm not logged in at all and we tried our username and password and we weren't able to login. So now if I log in you will see that it gave me a status update saying the user has been authenticated and I'm logged in as admin got root. So that is what these SQL queries can achieve. I'm going to log out right now and uh we're going to look at the basics of SQL injection. So looking at that small demo looking now let's look at what types of SQL injections are available. So the first is inband SQL injection. The there are two subtypes within inband error based injection attack and a union based injection attack. The second type is blind SQL injection attack where there's a boolean based and a time based attack. And the third one is out ofbound SQL injection attack. Now what is inband SQL injection attack? Inband is where we either attempting the error based or the union based. What is error based? Uh we send a query to the database. We craft a query to the database and uh it generates an error me message and it dumps the error message right in front of us on the screen. that uh makes us realize that there is a flaw and there there is some information that is dumped on the screen which we can then further utilize to craft our further queries as we go ahead. Whereas union based is the it is where we combine multiple statements at the same time. So if you look at the URL earlier in the URL you would see a large structure in that URL. uh we can try to add more two or more statements within the URL itself to combine them and then confuse the database into executing both the statements together and giving a data dump at the same time. Right? So what would a error based uh SQL injection look like? If I go back to the same database uh which is here, right? And [snorts] if you remember the username, we gave it a single quote or 1= 1 space - space. We gave it the condition, right? So basically what it did was a single quote is an operator that goes to the database, selects the default uh table uh in the user tables in this database column and then compares it to the condition that is given. So the condition that we gave was 1 equals 1 which is always true. So what it did was it selected the default uh user table that was available in the database and instead of comparing it to a password it compared it to the condition. So if I give it 1 equals 2 where the condition is false and if I log in you will see that the account doesn't exist comes back again because the condition was false and instead of comparing the user account to the password it basically uh compared the user account to the condition. So if I give it a single quote or 1= 1 - space uh and login you can see that this is a correct condition and thus we are able to log in. Now before we even go uh to that extent if I just forget the condition over here and I just give it a single code the operator and I send this operator to the database and I click on login you will see that it generates an error which is right on top and it tells us the line the uh file where the error happened and you can see it happened in the MySQL handler.php PHP file, right? And then it gave us the message, you have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use. Now, why would a hacker want to do this in the first place? Because there are different types of databases. So, there is a MySQL, MSQL or Microsoft SQL, Oracle SQL, IBM DB2. All of these are variations of the SQL database. Uh they use the SQL language. However, every database has its own command, right? There they have their own syntax. They have their own uh specific commands that are utilized for the database. So, in this scenario, the hacker wants to identify what database is being currently utilized. So, they can craft those particular queries. So now with this injection with just me sending the code and the error getting generated I now come to know that we are using a MySQL server and the version of that server is 5.1.73 and uh the rest of the information about uh where the handlers are located and so on so forth. Right? This gives the information to the hacker of how they want to proceed next, what kind of queries they want to create, what kind of syntax they want to utilize. So error based attack is where you generate these kind of errors uh and you get this information. The union based is where you craft your queries within the URL or you can try to combine multiple statements within the input fields and try to generate a response from that. Then we come to boolean based SQL injection. uh sends a SQL query to the database which forces the application to return a different result depending on whether the query returns a true or a false result. So basically if the input is false the input both the inputs are false the output would be false uh there's one input that is false the other input that is true input B the output would be true and so on so forth right so depending on the result from the inputs the attacker will come to know which input is true with this he can then access the database of the website so you're trying to figure out by sending out multiple inputs uh and then analyzing the output to see what exactly uh which command exactly worked what was the resultant output of that command. Thus from this kind of an information the hacker can infer their next step forward. Then you have timebased SQL injections. Uh now there are times when a database administrator or an application administrator has done some security configuration and thus have disabled verbose error messages. Now what is a verbose error message? The error message that we saw right here is a verbose error message. That means that the message gives out details. The message gives out details about what the database is, the version and whatnot. So if they have sanitized these errors and you no longer can generate these errors and thus you cannot figure out what database is, then what do you do? Right? For example, if I just take you to simply learn and take you to a URL that is supposedly not accessible. You can see that it gives a generic error. Oops, like it looks like you have crash landed on Mars. It doesn't give you a verbose error that we saw here. So, this gives us a detail error of what went wrong where it gives us the database, the version of the database and uh where the query went wrong and etc etc etc. Whereas on this site where there's some there's a lot of security that goes in here. So, you can see that it doesn't generate a error. You just get a generic page in front of you. So in that case what does a hacker do? So the hacker then injects a time based uh query in the URL which allows us to verify whether the command is being executed or not. So uh we put in a time weight let's say 10 seconds of time wait. So if we the moment we inject the query if the query times for 10 seconds and then gets executed that means that the SQL injection is possible. However, if we inject the query and uh it just gets executed without the delay, that means that the time uh injection attack would not be uh possible on that particular site. Out of bound is not a very common attack. It depends on the features being enabled on the database management system that is being used by the web application. So, this can be a somewhat of a misconfiguration error uh by the database administrator where you have enabled functions and not sanitized them. So you have not done in access controls properly. You have not given account control. So queries should never be executed at an administrative level. They should always be uh executed at a user level with minimum privileges that are required for that query to be executed. Now if you're allowing these kind of functions to be uh to be enabled at the DBMS and there is an administrative account that can have access to them at that point in time an out-of-bound injection attack is possible. So let's look at how a website works, right? Uh how SQL works on a website. Now the website is constructed of HTML, hypertext markup language uh which would include JavaScripting for functionality, cascading stylesheets for the mapping of the website, right? And then ReactJS and whatnot uh for further functionality. Now when we send a query to the website, it is normally using the HTTP protocol or HTTPS protocol. when the query reaches the application, the application would then go ahead and generate the SQL query. Uh at the client side, you'll have uh all these scripting languages coming in uh on the front end uh that we can utilize to craft queries and then send them across. At the server side, you'll have uh databases like Oracle, MySQL, MSQL and so on so forth that will then execute those queries. Right? [snorts] So just to give you an example, if I use a tool called Postman, what we generally do uh when we craft a query is we send out a uh get request to the website and then we receive a response from the site uh with the HTML code and everything. So this is a tool that is utilized by software testers to test the responses that you're going to get from various websites. So on the left hand side you can see I've used it on quite a bit. Uh here we have a example for gmail.com. So let's continue with that. So this is a get request being sent to gmail. The moment I send it, it's going to create an HTTP request and send it across. The response that I get is this. This is the HTML code for gmail.com. Right? These are the cookies. Uh these are the headers uh that include information. So you can see this is a text HTML character set utilized is UTF8 and the configuration uh that has been done with the application right. So this is where uh everything comes in. This is the cookie that has been sent with that particular uh request that I had sent out. [snorts] Now if you analyze this query right so when we went onto this application and I typed in that single quote and we generated this error right uh you can see that the application converted this into a SQL query. So the query was select username from accounts where the username in quotes single quotes and we use the quote right the single quote right there. So uh that's where we use that operator and that's where the exception error occurred. So these are the kind of queries that are structured by the application and then taken on to the database for execution. When we type in uh it is a HTTP get request with the username and password within that query uh that is sent to the application. The application converts it into a SQL query sends it to the database and the database responds with the appropriate response. So how do we prevent SQL injection in the first place? Use prepared statements and parameterized queries. uh these statements make sure that the parameters passed into SQL statements are treated in a safe manner. So for example, we saw that the single quote was an operator. This shouldn't be allowed to be utilized in the first place. Right? So here what we are doing here is a secure way of running a SQL query in the JDBC using a parameterized statement. Define which user we want to find. So there's a string the email comes in connection to the database. We are going to figure out how the connection is going to be passed. how it is going to be created. Construct the SQL statement we want to run specifying the parameter. Right? So we define how is it going to be uh created, what is going to be created, what can be passed to the database and what should not be passed to the database. So that is one way of uh utilizing prepared statements and parameterized queries. Then we have object relational mapping. Most development uh teams prefer to use objection object relational mapping frameworks to make the translation of SQL results set into code objects more seamless. So this is an example of object relational mapping uh where we map certain objects and allow that to be executed and then escaping inputs. It is simple way to protect against most SQL injection attacks. Many languages have standard functions to achieve this right. So you need to be very careful while using escape characters in your codebase when a SQL statement is constructed. Not all injection attacks rely on abuse of code characters. So you need to know what characters are being utilized uh in the configuration that you have created in the structure that you have created in the code that you have created. Uh which characters are being recognized as operators. You need to sanitize those operators and you need to uh basically ensure that these operators cannot be accepted as user input. If they are, they're readed out by the application and they never reach the database. Other methods of preventing SQL injection are uh password hashing so that passwords cannot be bypassed, the passwords cannot be recovered, passwords cannot be cracked. uh third party authentication you use oath or uh some other service for a single sign on mechanism does uh you rely on a third party to maintain the security of authentication and uh what kind of parameters are passed for example uh using LinkedIn login or Facebook login right uh for the layman you normally go on to Facebook and you allow if you're using a game right if start playing a game, you're allowed to log into the game using your Facebook credentials or your Google credentials. Now, that is not just for ease of use, but the game user, the developer has outsourced the authentication mechanisms to third parties such as Facebook or Google because they understand that that authentication mechanism is as safe as can be. Facebook and Google are wealthy organizations uh hire a lot of security experts and the development for their authentication mechanisms is topnotch. Small organization cannot spend that kind of money on security itself. Right? So you use a third party authentication mechanism to ensure that these kind of attacks may not happen. Then web application firewalls. uh having a web application firewall and configuring it properly uh for SQL injection attacks is one of the sureot method of uh mitigating or minimizing the uh threat in the first place. So at this point in time you have realized that the application has some vulnerabilities for SQL injection and instead of recoding or restructuring the application uh you want to take the easier way out or the cheaper way out. So what you do is you uh you install a web application firewall and you configure the web application firewall to identify malicious queries and stop them uh at the firewall level itself so they never reach the application and thus the vulnerabilities on the application don't get executed. Buy better software and keep on updating the software. So it's not necessary that once you have a software you install it it's going to be safe for life. New vulnerabilities are discovered every day, every hour and it may so happen what is secure today may be completely insecure tomorrow or the day after. Right? So you need to keep on upgrading the software. If there are no upgrades available and the vulnerability still exist, you might want to migrate to a better software and thus uh ensure that you don't get hacked. Right? Always update and use patches. Organizations keep on sending out updates and patches as and when they are released. you need to install them to uh enhance your security postures and then continuously monitor SQL statements and databases. Use protocol monitors uh use different softwares, use the firewalls to keep on monitoring what kind of queries you are uh getting and based on those queries you want to ensure the inputs and the queries that are creating are not detrimental to the health of the software that you have. Jane is relaxing at [music] home when she receives an email from a bank that asks her to update her credit card PIN in [music] the next 24 hours as a security measure. Judging the severity of the message, Jane follows [music] the link provided in the email. On delivering her current credit card PIN and the supposedly updated one, the website [music] became unresponsive, which prompted her to try sometime later. However, after a couple of hours, she noticed a significant [music] purchase from a random website on that same credit card, which she never authorized. Frantically [music] contacting the bank, Jane realized the original email was a counterfeit or a fake message with a malicious link that entailed credit card fraud. This is a classic [music] example of a fishing attack. Fishing attacks are a type of social engineering where a fraudulent message is sent to a target on the premise of arriving from a trusted source. Its basic purpose is to trick the victim into revealing [music] sensitive information like passwords and payment information. It's based on the word fishing which works on the concept of baits. If a supposed victim catches [music] the bait, the attack can go ahead which in our case makes Jane the fish and the fishing [music] emails the bait. If Jane never opened the malicious link or was cautious about the email authenticity, an attack of this nature would have been relatively ineffective. But how does the hacker gain access to these credentials? A fishing [music] attack starts with a fraudulent message which can be transmitted via email or chat applications. Even using SMS conversations [music] to impersonate legitimate sources is known as smishing which is a specific category of fishing attacks. Irrespective of the manner of transmission, the message targets the victim in a way that coaxes them to open a malicious link and [music] provide critical information on the requisite website. More often than not, the websites are designed to look as authentic as possible. Once the victims submit information using the link, be [music] it a password or credit card details, the data is sent to the hacker who designed the email [music] and the fake website, giving him complete control over the account whose password was just provided. Often carried [music] out in campaigns where an identical fishing mail is sent to thousands of users. The rate of success [music] is relatively low, but never zero. Between 2013 and 2015, corporate giants like Facebook and Google were tricked off of $100 million due to an extensive fishing campaign where a known common associate [music] was impersonated by the hackers. Apart from credit access, some of these campaigns target the victim device and install malware when clicked on the malicious links [music] which can later function as a botnet or a target for ransomware attacks. There is no [music] single formula for there are multiple categories of fishing attacks. The issue with Jane where the hacker stole her bank [music] credentials falls under the umbrella of deceptive fishing. A general email is sent out to thousands of [music] users in this category hoping some of them fall prey to this scam. Spear fishing on the other hand is a bit [music] customized version. The targets are researched before being sent an email. For example, if you never [music] had a Netflix subscription, sending you an email that seems like the Netflix team sends it becomes pointless. This is a potential drawback of deceptive fishing techniques. On the other hand, a simple [music] screenshot of a Spotify playlist being shared on social media indicates a probable point of entry. The hacker can send counterfeit messages to the target user while implying the source of such messages being Spotify, tricking them into sharing private information. Since the hacker already knows the target [music] uses Spotify, the chances of victims taking the bait increase substantially. For more [music] important targets like CEOs and people with a fortune on their back, the research done is tenfold, which can be called [music] a case of whaling. The hackers prepare and wait for the right moment to launch their fishing attack, often to steal industry secrets for rival companies or sell them off at a higher price. Apart from just [music] emails, farming focuses on fake websites that resemble their original counterparts as much as possible. A prevalent method [music] is to use domain names like Facebook with a single O or YouTube with no E. These are mistakes that people make when typing the full URL in the browser, leading them straight [music] to a counterfeit web page, which can fool them into submitting private data. A few more complex [music] methods exist to drive people onto fake websites like ARP spoofing and DNS cash poisoning, but they are rarely carried out due to time and resource [music] constraints. Now that we know how fishing attacks work, let's look at ways to prevent ourselves from becoming victims. While the implications of a fishing attack [music] can be extreme, protecting yourself against these is relatively straightforward. Jane could have saved herself from credit card fraud [music] had she checked the link in the email for authenticity and that it redirected to a secure website that [music] runs on the HTTPS protocol. Even suspicious messages shouldn't be entertained. One must also refrain from entering private information on random websites or pop-up windows irrespective of how legitimate they seem. It is also recommended to use secure anti-ishing browser extensions like cloudfish to sniff out malicious emails from legitimate ones. The best way [music] to prevent fishing is browsing the internet with care and being on alert for malicious attempts at all times. Start by learning about cross-ite scripting from a layman's perspective. Cross-ite scripting, also known as XSS, is a type of code injection attack that occurs on the client side. The attacker intends to run harmful scripts in the victim's web browser by embedding malicious code in a genuine web page or online application. The real attack takes place when the victim hits the malicious code infected web page or online application. The web page or application serves as a vehicle for the malicious script to be sent to the user's browser. Forums, message boards, and online pages that enable comments are vulnerable vehicles that are frequently utilized for cross-cripting assaults. A web page or web application is vulnerable to XSS if the output it creates contains unsanitized user input. The victim's browser must then parse this user input. In VBScript, ActiveX, Flash, and even CSS, cross-ite scripting attacks are conceivable. They are nevertheless most ubiquitous in JavaScript owing to the fact that JavaScript is most important to most browser experiences nowadays. The main purpose of this attack is to steal the other user's identity. Be it via cookies, session tokens and other information. In most of the cases, this attack is being used to steal the other person's cookies. As we know, cookies help us to login automatically. Therefore, with the stolen cookies, we can login with other identities. And this is one of the reasons why this attack is considered as one of the riskiest attacks. It can be performed with different client side programming languages as well. Cross-side scripting is often compared with similar client side attacks as client side languages are mostly being used during this. However, an XSS attack is considered riskier because of its ability to damage even less vulnerable technologies. Most often this attack is performed with JavaScript and HTML. JavaScript is a programming language that runs on web pages inside your browser. The client side code adds functionality and interactivity to the web page and is used extensively on all major applications and CMS platforms. Unlike serverside languages such as PHP, JavaScript code runs inside your browser and cannot impact the website for other visitors. It is sandboxed to your own navigator and can only perform actions within your own browser window. While JavaScript is client side and does not run on the server, it can be used to interact with the server by performing background requests. Attackers can then use these background requests to add unwanted spam content to a web page without refreshing it. They can then gather analytics about the client's browser or perform actions asynchronously. The manner of attack can range in a variety of ways. It can be a single link which the user must click on to initiate a JavaScript piece of code. It can be used to show any piece of images that can be later used as a front end for malicious code being installed as malware. With the majority of internet users unaware of how metadata works or the ways in which web requests are called, the chances of victims clicking on a redirecting links is far too high. Cross-ite scripting can occur on the malicious script executed at the client site using a fake page or even a form that is displayed to the user. On websites with displayed advertisements, malicious emails can also be sent to the victim. These attacks occur when the malicious user finds the vulnerable parts of the website and sends it as appropriate malicious input. Now that we understand the basics of cross-ite scripting, let us learn more about how this kind of attack works. In the first place we have the website or the web browser which is used to show content to the victim or which is the user in our case. Whenever the user wants to grab some content from the website, the website asks the data from the server. The server provides this information to the website and the web browser which ultimately reaches the How the hacker comes into play here? It passes on certain arguments to the web browser which is can be then forwarded back to the server or to the user at hand. The entire cross-ite scripting attack vector means sending and injecting malicious code or script. This attack can be performed in different ways. Depending on the type of attack, the malicious script may be reflected on the victim's browser or stored in the database and executed every time when the user calls the appropriate function. The main reason for this attack is inappropriate users input validation where the malicious input can get into the output. A malicious user can enter a script which will be injected onto the website's code. Then the browser is not able to know if the executed code is malicious or not. Therefore, this malicious script is being executed on the victim's browser or any faked form if that is being displayed for the users. There are many ways to trigger an XSS attack. For example, the execution could be triggered automatically when the page loads or when a user hovers over specific elements of the page like hyperlinks. Potential consequences of cross-sight scripting attacks include capturing keystrokes of a user, redirecting a user to malicious websites, running web browser based exploits, obtaining cookie information of a user who is logged into a website and many more. In some cases, cross-ite scripting attack leads to complete compromise of the victim's account. Attackers can trick users into entering credentials on a fake form which can then provide all information to the attacker. With the basic working of a cross-ite scripting attack out of the way, let us go over the different ways hackers can leverage vulnerable web applications to gather information and eventually breach those systems. The prime purpose of performing XSS attack is to steal the other person's identity. As mentioned, it may be cookies, session tokens, etc. XSS may also be used to display faked pages or forms for the victim. However, this can be performed in several ways. We have a reflected attack. This attack occurs when a malicious script is not being saved on the web server but is reflected in the website results. Reflected XSS code is not being saved permanently. In this case, the malicious code is being reflected in any website result. The attack code can be included in the faked URL or in the HTTP parameters. It can affect the victim in different ways by displaying faked malicious page or by sending a malicious email. In a reflected cross-ite scripting example, the input of a search form is reflected on the page to show what the search key was. An attacker may craft a URL that contains malicious code and then spread the same URL via email or social media. A user who clicks on this link opens the valid web application which then runs the malicious code in the browser. This script is not stored in the web application and malicious code is shown only to one user. The user that opens the link executes the script and the attack is not necessarily visible on the server side or to the app owner itself. The next variant is a stored cross-ite scripting attacks. This occurs when a malicious script is being saved on the web server permanently. This can be considered a riskier attack since it has leverage for more damage. In this type of attack, the malicious code or script is being saved on the server. For example, in the database or the website, it is executed every time the users call the appropriate functionality. This way, stored XSS attack can affect many users. Also, as the script is being stored on the web server, it will affect the website for a longer time. In order to perform stored XSS attack, the malicious scripts should be sent through the vulnerable input form. For example, can be a comment field or review field. This way, the appropriate script will be saved in the database and evaluated on the page load or appropriate function calling. In a stored XSS example, the script might have been submitted via an input field to the web server which did not perform a sufficient validation and stores the script permanently in the database. The consequence of this might be that the script is now being delivered to all users visiting the web application and if for example able to gain access to the user session cookies. In this attack, the script is permanently stored in the web app. The users visiting the app after the information retrieve the script. The malicious code then exploits the flaws in the web application and the script and the attack is visible on the server side or to the app owner as well. The third variant is DOM based cross-ite scripting attacks. This type of attack occurs when the DOM environment is being changed but the client side code does not change. When the DOM environment is being modified in the victim's browser, the client side code executes differently. In order to get a better understanding of how XSS DOM attack is being performed, let us analyze the following example. If there is a website called textin.com, we know default is a parameter. Therefore, in order to perform XSS DOM attack, we should send a script as parameters. A DOM based XSS attack may be successfully executed even when the server does not embed any malicious code into the web page by using a flaw in the JavaScript executed in the browser. For example, if the client side JavaScript modifies the DOM tree of the web page, it can be based on an input field or the get parameter without validating the input. This allows the malicious code to be executed. The malicious code that exploits flaws in the browser on the user side and the script and the attack is not necessarily visible on the server side or to the app owner. By now it is clear that cross-ite scripting attacks are difficult to detect and even tougher to fight against. There are however plenty of ways one can safeguard against such attacks. Let's go through some of these preventive measures. Like mentioned earlier, excuses attacks are sometimes difficult to detect. However, this can be changed if you get some external help. A way to prevent excss attacks is using automated testing tools like crash test security suit or aunetic security suit. Still manual testing is highly timeconuming and costly and therefore not possible to be done for every iteration of your web application. Consequently, your code shouldn't be untested before any release. Using automated security, you can scan your web application for cross-ite scripting and other critical vulnerabilities before every release. This way, you can ensure that your web application live version is still secured whenever you alter or add a feature. Input fields are the most common point of entry for XSS attack script. Therefore, you should always screen and validate any information input into data fields. This is particularly important if the data will be included as HTML output. This can be used to protect against reflected excss attacks. Validation should occur on both the client side and server side as an added precaution. This helps validating the data before it's being sent to the servers and can also protect against persistent XSS scripts. This can be accomplished using JavaScript. XSS attacks only appear if any user input is being displayed on the web page. Therefore, try to avoid displaying any untrusted user input if possible. If you need to display user data, restrict the places where the user input might appear. Any input displayed inside a JavaScript tag or a URL shown on the site is much more likely to be exploited than the input that appears inside a division or a span element inside the HTML body. Protecting against excss vulnerabilities typically requires properly escaping user provided data that is placed on the page. Rather than trying to determine if the data is user provided and could be compromised, we should always play it safe and escape data whether it is user provided or not. Unfortunately, because there are many different rules for escaping, you still must choose the proper type of escaping before settling on a final code. Encoding should be applied directly before user controllable data is written to a page because the context you're writing into determines what kind of encoding you need to use. For example, values inside a JavaScript string require a different type of escaping to those in an HTML context. Sometimes you'll need to apply multiple layers of encoding in the correct order. For example, to safely embed user input inside an event handler, you need to deal with both JavaScript context and the HTML context. So you need to first uni code escape the input and then HTML encoded. Content security policy or CSP is a computer security standard introduced to prevent cross-ite scripting, clickjing, and other code injection attacks resulting from the execution of malicious content in the trusted webpage context. It is a candidate recommendations of the W3C working group on web application security. It's widely supported by modern web browsers and provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on their website. HTTP only is an additional flag included in a set cookie HTTP response header. Using the HTTP only flag when generating a cookie helps mitigate the risk of clientside script accessing the protected cookie that is if the browser supports it. If the HTTP only flag is included in the HTTP response header, the cookie cannot be accessed through a client side script. Again, this is if the browser supports this flag. As a result, even if a cross-side scripting flaw exists and a user accidentally accesses a link that exploits this flaw, the browser will not reveal the cookie to a third party. If a browser does not support HTTP only and a website attempts to set an HTTP cookie, the HTTP only flag will be ignored browser browser, thus creating a traditional script accessible cookie. As a result, the cookie becomes vulnerable to theft of modification by any malicious script. Next on our docket is a live demonstration where we solve a set of cross-ite scripting problems starting from the basic level to the topmost level six. We're going to start at level one. In this web application, it demonstrates a common cause of cross-lide scripting where user input is directly included in the page without proper escaping. If we interact with a vulnerable application window here and find a way to make it execute JavaScript of our choosing, we can take actions inside the vulnerable window or directly edit its URL bar. This task needs only basic knowledge. Let's see why the most primitive injections work here right away. Let's do a simple query and inspect the resulting HTML page. I'm going to use this phrase with a single quote as a special character. We can now inspect the HTML page. We can see here in this line the special character single quote appears in the result over here the provided query text is placed directly in a B tag as in a body element. We need to perform a reflected XSS into the web application because they are non-persistent XSS attacks and the payload should be included in the URL to perform successful exploitation. We can use any payload but we're going to use the simple one to perform an alert in this web application. It's simple and can be shown easily. Just going to write the script over here. And we're going to press search. As you can see, we have successfully launched our first cross-sight scripting attack. We can see an alert box pop up with the necessary message and a similar process can be used to steal browser cookies and passwords albeit with different commands. Now we have the option to move to level two in this web application. It shows that how easily XSS bugs can be introduced in complex chat applications. Chat app conversations are stored in a database and retrieved when a user wants to see the conversation. Therefore, if a malicious user injects some JavaScript code, all visitors will be infected. This kind of cross-ite scripting attack is more powerful and it is more riskier than reflected cross-ite scripting attacks and that's why is known as stored XSS. I posted my query with a special character of a single quote and this is what I get. Whatever I typed in simply appeared on the page right after I click on share status. Let's see the source. You can see here the text I posted seems directly put inside a block code tag. So even a simple script tag we used in level one should work here. But it will not. Let us examine the code to understand why. We're going to toggle the code of A here and check the index.html file. Important part is line 32. The generated HTML fragment which is the HTML variable in the code is added to the mail HTML using the inner HTML method. So when the browser parsing this HTML fragment, it will not execute any script tag defined within that HTML fragment. HTML parser will not execute a script tag when it parses HTMLs via this method. This is why the script tag like we used in level one is not going to work here. Our solution is to use events. Events will execute the defined JavaScript. We're going to use an image over here. And when we press on share status in the above injection we are loading an image that doesn't exist which causes to trigger an on error event. in on error event the it will execute our alert method. With that we are able to beat level two and we can now move up to the next level in our challenge. As you can see clicking on any tab causes the tab number to be displayed in the URL fragment. This hints that the value after the hashtag controls the behavior of the page that is it is an input variable to confirm. Let's analyze the code. As you can see in line 43 inside the event handling the value provided after the hash in the URL is directly passed onto the true tab method. No input validation is being performed. The value passed to the choose tab method is directly injected into the img tag in line 17. This is an unsafe assignment and it is the vulnerable part of the code. Now all we have to do now is to craft a payload that would adjust the img tag to execute our JavaScript. Remember the script tag from level one would not work here since the variable HTML is used to add the DOM dynamically. Hence the events are aces here. Once again I will choose to use the existing img tag and change the source to something that doesn't exist. Hence forcing it to fall in to execute an on error even which I will pass the URL. Once we visit that URL, we can see that our Java pop-up has opened up here with the same message of XSS level 3 has been completed. With this, we can now move on to level four, which is going to present a different kind of attack. In this web application, there is a timer on the page. That means whatever numbers we put in the box, a countdown starts. And then when it finishes, the application alerts that the countdown is finished. And we can see the time is a pop-up appearing over here. And this resets the timer again. Now it is obvious that the value entered in the text box is transferred to the server over the timer parameter in the URL. Let us examine the code to see how the timer parameter is being handled. We're going to visit timer.html over here and we're going to check over here in line 21. The start timer method is being called in the onload event. However, the timer parameter is being directly passed to the start timer method. We need to perform a pop-up alert in the web application which escapes the content of the function start timer without breaking the JavaScript code. The parameter value is directly added to the start timer method without any filtering. What we can try to do here is to inject an alert function to be executed inside the onload event along with the start timer method. We're going to remove this argument and put our script over here. Now when we press on create timer and we have a pop-up with the excss level four completed. We can now move on to level five. In this web application, the application XSS is different because this challenge description says cross-ite scripting isn't just about correctly escaping data. Sometimes attackers can do bad things even without injecting new elements into the DOM. It's kind of open redirect cuz the attack payload is executed as a result of modifying the DOM environment in the victim's browser. This environment is used by the original client side script so that the client side code runs in an unexpected manner. The vulnerability can be easily detected if the next link in the signup page is inspected. The href attribute value of next link is confirm which is exactly the value of the next URL query parameter. As you can see over here, this means using the next query parameter can be used to inject a JavaScript code to the href attribute of the next link. The following is the best way to do it. As soon as the user clicks on the link, the script will be triggered. We're going to press anything random. And now that we click next, we can see the XSS level 5 that we had provided in the URL as a parameter to the next variable. Since the value of next provided appears in a pop-up, we can consider the attacker success and move on to the final level six. In this web application, it shows some of the external JavaScript is retrieved. If you analyze the URL, you can see that the script is loaded already. The vulnerability lies within how the code handles the value after the hashtag. If you check on line 45, the value right after the hashtag is taken as the gadget name. And then in line 48 the value is directly passed on to the include gadget method. And in the include gadget method that we can see over here. You can see in line 18 a script tag is created and the URL gadget name parameter value is directly used as the source attribute of the script tag in line 28. This means we can completely control the source attribute of the script tag that is being created. That is with this vulnerability we can inject our own JavaScript file into the code. We can inject a URL of our own hosted JavaScript into the web application's URL after the hashtag and the URL should not be using HTTPS but anything like that to bypass the regular expression for security checking. going to remove the pre-tored URL and we're going to load our own JavaScript file. Finally, we have reached the end of our challenge. Completed six different varieties of crosscripting attacks and use different solutions for all of the six questions. With work from home being the norm in today's era, people spend considerable amount of time on the internet, often without specific measures to ensure a secure session. Apart from individuals, organizations worldwide that host data and conduct business over the internet are always at the risk of a DOS attack. These DDoS attacks are getting more extreme with hackers getting easy access to botnet farms and compromised devices. As can be seen in the graph, three of the six strongest DDoS attacks were launched in 2021 with the most extreme attack occurring just last year in 2020. Lately, cyber criminals have been actively seeking out new services and protocols for amplifying these DDoS attacks. Active involvement with hack machines and botnets allow further penetration into the consumer space, allowing much more elaborate attack campaigns. Apart from general users, multinational corporations have also had their fair share of problems. GitHub, a platform for software developers, was the target of a DOS attack in 2018. Widely suspected to be conducted by Chinese authorities. This attack went on for about 20 minutes after which the systems were brought into a stable condition. It was the strongest DOS attack to date at the time and made a lot of companies reconsider the security practices to combat such attacks. Even after years of experimentation, TDOS attacks are still at large and can affect anyone in the consumer and corporate space. Hey everyone, this is Babub from SimplyLearn and welcome to this video on what is a DOS attack. Let's learn more about what is a DOS attack. A distributed denial of service attack or DDoS is when an attacker or attackers attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything. Servers, devices, services, networks, applications, and even specific transactions within applications. In a DOS attack, it's one system that is sending the malicious data or requests. A DOS attack comes from multiple systems. Generally, these attacks work by drowning a system with requests for data. This could be sending a web server so many requests to serve a page that it crashes under the demand or it could be a database being hit with a high volume of queries. The result is available internet bandwidth, CPU and RAM capacity become overwhelmed. The impact could range from a minor annoyance from disrupted services to experiencing entire websites, applications or even entire businesses taking offline. More often than not, these attacks are launched using machines in a botnet. A botnet is a network of devices that can be triggered to send requests from a remote source, often known as the command and control center. The bots in the network attack a particular target, thereby hiding the original perpetrator of the DOS campaign. But how do these devices come under a botnet and what are the requests being made to the web servers? Let's learn more about these and how do attack work. A DOS attack is a two-phase process. In the first phase, a hacker creates a botnet of devices. Simply put, a vast network of computers are hacked via malware, ransomware, or just simple social engineering. These devices become a part of the botnet, which can be triggered any time to start bombarding a system or a server on the instruction of the hacker that created the botnet. The devices in this networks are called bots or zombies. In the second phase, a particular target is selected for the attack. When the hacker finds the right time to attack, all the zombies in the botnet network send these requests to the target, thereby taking up all the servers available bandwidth. These can be simple ping requests or complex attacks like SYN flooding and UDP flooding. The aim is to overwhelm them with more traffic than the server or the network can accommodate. The goal is to render the website or service inoperable. There is a lot of wiggle room when it comes to the type of DOS attack a hacker can go with. Depending on the target's vulnerability, we can choose one of the three broad categories of DOS attacks. Volume- based attacks use massive amounts of bogus traffic to overwhelm a resource. It can be a website or a server. They include ICMP, UDAP and spoofed packet flood attacks. The size of volume based attack is measured in bits per second. These attacks focus on clogging all the available bandwidth for the server thereby cutting the supply short. Several requests are sent to the server all of which warrant a reply thereby not allowing the target to cater to the general legitimate users. Next we have the protocol level attacks. These attacks are meant to consume essential resources of the target server. They exhaust the load balances and firewalls which are meant to protect the system against the DOS attacks. These protocol attacks include SY and floods and Smurf DDOS among others. And the size is measured in packets per second. For example, in an SSL handshake, server replies to the hello message sent by the hacker which will be the client in this case. But since the IP is spoofed and leads nowhere, the server gets stuck in an endless loop of sending the acknowledgement without any end in sight. Finally, we have the application level attacks. Application layer attacks are conducted by flooding applications with maliciously crafted requests. The size of application layer attacks is measured in requests per second. These are relatively sophisticated attacks that target the application and operating system level vulnerabilities. They prevent the specific applications from delivering necessary information to users and hog the network bandwidth up to the point of a system crash. Examples of such an attack are HTTP flooding and BGP hijacking. A single device can request data from a server using HTTP post or get without any issues. However, when the requisite botnet is instructed to bombard the server with thousands of requests, the database bandwidth gets jammed and it eventually becomes unresponsive and unusable. But what about the reasons for such an attack? There are multiple lines of thought as to why a hacker decides to launch a DOS attack on unsuspecting targets. Let's take a look at a few of them. The first option is to gain a competitive advantage. Many DOS attacks are conducted by hacking communities against rival groups. Some organizations hire such communities to stagger their rivals resources at a network level to gain an advantage in the playing field. Since being a victim of a DTOS attack indicates a lack of security, the reputation of such a company takes a significant hit, allowing the rivals to cover up some ground. Secondly, some hackers launch these DOS attacks to hold multinational corporations at ransom. The resources are jammed and the only way to clear the way is if the target company agrees to pay a designated amount of money to the hackers. Even a few minutes of inactivity is detrimental to a company's reputation in the global market and it can cause a spiral effect both in terms of market value and product security index. Most of the time a compromise is reached and the resources are freed after a while. DOS attacks have also found use in the political segment. Certain activists tend to use DOS attacks to voice their opinion. Spreading the word online is much faster than any local rally or forum. Primarily political. These attacks also focus on online communities, ethical dilemmas, or even protests against corporations. Let's take a look at a few ways that companies and individuals can protect themselves against DOS attacks. The company can employ load balances and firewalls to help protect the data from such attacks. Load balances reroute the traffic from one server to another in a DOS attack. This reduces the single point of failure and adds resiliency to the server data. A firewall blocks unwanted traffic into a system and manages the number of requests made at a definite rate. It checks for multiple attacks from a single IP and occasional slowdowns to detect a DOS attack in action. Early detection of a DOS attack goes a long way in recovering the data lost in such an event. Once you've detected the attack, you will have to find a way to respond. For example, you will have to work on dropping the malicious DOS traffic before it reaches your server so that it doesn't throttle and exhaust your bandwidth. Here's where you will filter the traffic so that only legitimate traffic reaches the server. By intelligent routing, you can break the remaining traffic into manageable chunks that can be handled by your cluster resources. The most important stage in DOS mitigation is where you will look for patterns of DOS attacks and use those to analyze and strengthen your mitigation techniques. For example, blocking an IP that's repeatedly found to be offending is a first step. Cloud providers like Amazon Web Services and Microsoft Azure who offer high levels of cyber security including firewalls and threat monitoring software can help protect your assets and network from DOS criminals. The cloud also has greater bandwidth than most private networks. So it is likely to fail if under the pressure of increased TDOS attacks. Additionally, reputable cloud providers offer network redundancy, duplicating copies of your data, systems, and equipment so that if your service becomes corrupted or unavailable due to a DDoS attack, you can switch to a secure access on backed up versions without missing a beat. One can also increase the amount of bandwidth available to a host server being targeted. Since DOS attacks fundamentally operate on the principle of overwhelming systems with heavy traffic, simply provisioning extra bandwidth to handle unexpected traffic spikes can provide a measure of protection. This solution can prove expensive as a lot of that bandwidth is going to go unused most of the time. A content delivery network or a CDN distributes your content and boosts performance by minimizing the distance between your resources and end users. It stores the cached version of your content in multiple locations and this eventually mitigates DDoS attacks by avoiding a single point of failure when the attacker is trying to focus on a single target. Popular CDNs include Accom My CDN, Cloudflare, AWS CloudFront, etc. Let's start with our demo regarding the effects of DDoS attacks on a system. For a demo, we have a single device that will attack a target, making it a DOS attack of sorts. Once a botnet is ready, multiple devices can do the same and eventually emulate a DOS attack. To do so, we will use the virtualization software called VMware with an instance of Parrot security operating system running. For a target machine, we will be running another VMware instance of a standard Linux distribution known as Linux light. In a target device, we can use wireshark to determine when the attack begins and see the effects of the attack accordingly. This is Linux light which is our target machine and this is par security which is used by the hacker when trying to launch a DOS attack. This is just one of the dros that can be used to launch the attack. We must first find the IP address of our target. So to find the IP address, we open the terminal. We use the command if config and here we can find the IP address. Now remember we're launching this attack in VMware. Now the both the instances of parrot security and Linux light are being run on my local network. So the address that you can see here is 192.168.72.129 which is a private address. This IP cannot be accessed from outside the network. Basically anyone who is not connected to my Wi-Fi. When launching attacks with public servers or public addresses, it will have a public IP address that does not belong to the 1921 168 subnet. Once we have the IP address, we can use a tool called Hping 3. HP 3 is an open-source packet generator and analyzer for the TCP IP protocol. To check what are the effects of an attack, we will be using Wireshark. Wireshark is a network traffic analyzer. We can see whatever traffic that is passing through the Linux light distro is being displayed over here with the IP address, the source IP and the destination IP as to where the request is being transferred to. Once we have the DOSS attack launched, you can see the results coming over here from the source IP which will be parrot security. Now to launch the hping 3 command, we need to give pseudo access to the console which is the root access. Now we have the root access for the console. The HP3 command will have a few arguments to go with it which are as you can see on the screen minus s and a flood a hyphen vyen p8 and the IP address of the target which is 192.16872.129. In this command, we have a few arguments that such as the minus s which specifies SYN packets. Like in an SSL handshake, we have the SYN request that the client sends to the server to initiate a connection. The hyphen flood aims to ignore the replies that the server will send back to the client in response to the SYN packets. Here the parrot security OS is the client and Linux slide being the server. minus V stands for verbosity as in where we will see some output when the requests are being sent. The hyphen P80 stands for port 80 which we can replace the port number if we want to attack a different port. And finally we have the IP address of our target. As of right now if we check wireshark it is relatively clear and there is no indication of a DOS attack incoming. Now once we launch the attack over here we can see the uh requests coming in from this IP which is 192.168 72.128 till now even the network is responsive and so is Linux light the requests keep on coming and we can see the HTTP flooding has started in flood port. After a few seconds of this attack continuing, the server will start shutting down. Now remember, Linux light is a distro that can focus on and that serves as a backend. Now remember Linux light is a distro and such Linux distros are served as backend to many servers across the world. For example, a few seconds have passed from the attack. Now the system has become completely irresponsive. This has happened due to the huge number of requests that came from pirate security. You can see whatever I press nothing is responded. Even the wireshark has stopped capturing new request because the CPU usage right now is completely 100%. And at this point of time, anyone who is trying to request some information from this Linux distro or where this Linux distro is being used as a backend for a server or a database cannot access anything else. The system has completely stopped responding and any request any legitimate request from legitimate users will be dropped. Once you stop the attack over here, it takes a bit of time to settle down. Now remember it's still out of control but eventually the traffic dies down and the system regains its strength. It is relatively easy to gauge right now the effect of a DOSS attack. Now remember this Linux light is just a VM instance. Actual website servers and web databases they have much more bandwidth and are very secure and it is tough to break into. That is why we cannot use a single machine to break into them. That is where a DOS attack comes into play. What we did right now is a DOSS attack as in a single system is being used to penetrate a target server using a single request. Now when a DOS attack multiple systems such as multiple pyroate security instances or multiple zombies or bots in a botnet network can attack a target server to completely shut down the machine and drop any legitimate request thereby rendering the service and the target completely unusable and As a final note, we would like to remind that this is for educational purposes only and we do not endorse any attacks on any domains. Only test this on servers and networks that you have permission to test on. Cyber security has become one of the most rigid industries in the last decade while simultaneously being the most challenged. With every aspect of corporate culture going online and embracing cloud computing, there is a plethora of critical data circulating through the internet all worth billions of dollars to the right person. Increasing benefits require more complex attacks and one of these attacks is a brute force attack. A brute force or known as brute force cracking is the cyber attack equivalent of trying every key on your key ring and eventually finding the right one. Brute force attacks are simple and reliable. There is no prior knowledge needed about the victim to start an attack. Most of the systems falling prey to brute force attacks are actually well secured. Attackers let a computer do the work. That is trying different combinations of usernames and passwords until they find a one that works. Due to this repeated trial and error format, the strength of password matters a great deal. Although with enough time and resources, brute force will break a system since they run multiple combinations until they find the right passcode. Hey everyone, this is Beub from Simply Learn and welcome to this video on what is a brute force attack. Let's begin with learning about brute force attacks in detail. A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing possible combinations of targeted password until the current password is discovered. It can be used to break into online accounts, encrypted documents, or even network peripheral devices. The longer the password, the more combinations that will need to be tested. A brute force attack can be time-conuming and difficult to perform if methods such as data offiscation are used and at times downright impossible. However, if the password is weak, it could merely take seconds with hardly any effort. Dictionary attacks are an alternative to brute force attacks where the attacker already has a list of usernames and passwords that need to be tested against the target. It doesn't need to create any other combinations on its own. Dictionary attacks are much more reliable than brute force in a real world context, but the usefulness depends entirely on the strength of passwords being used by the general population. There is a three-step process when it comes to brute forcing a system. Let's learn about each of them in detail. In step one, we have to settle on a tool that we are going to use for brute forcing. There are some popular names on the market like Hashcat, Hydra, and John the Ripper. While each of them has its own strength and weaknesses, each of them perform well with the right configuration. All of these tools come pre-installed with certain Linux distributions that cater to penetration testers and cyber security analysts like Kali Linux and Parrot Security. After deciding what tool to use, we can start generating combinations of alpha and numeric variables whose only limitation is the number of characters. For example, while using Hydra, a single six-digit password will create 900,000 passwords with only digits involved. Add alphabets and symbols to that sample space and that numbers grows exponentially. The popular tools allow customizing this process. Let's say the hacker is aware of the password being a specific 8digit word containing only letters and symbols. This will substantially increase the chances of being able to guess the right password since we remove the time taken to generate the longer ones. We omit the need for including digits in such combinations. These small tweaks go a long way in organizing an efficient brute force attack since running all the combinations with no filters will dramatically reduce the odds of finding the right credentials in time. In the final step, we run these combinations against the file or service that is being broken. We can try and break into a specific encrypted document, a social media account, or even devices at home that connect to the internet. Let's say there is a Wi-Fi router. The generated passwords are then fed into the connection one after the other. It is a long and arduous process, but the work is left to the computer rather than someone manually clicking and checking each of these passcodes. Any password that doesn't unlock the router is discarded and the brute force tool simply moves on to the next one. This keeps going on until we find the right combination which unlocks the router. Sometimes reaching the success stage takes days and weeks which makes it cumbersome for people with low computing power at their disposal. However, the ability to crack any system in the world purely due to bad password habits is very appealing and the general public tends to stick with simple and easy to use passwords. Now that we have a fair idea about how brute force…

Transcript truncated. Watch the full video for the complete content.