Everyone it's David Bombal back with the amazing OTW, OTW great to have you back on the show. Hey David it's always great to be back on the best IT and cyber security Channel on YouTube. Appreciate you saying that as always and really grateful that you come on the channel so often to share your you know knowledge and experience with all of us for those of you who don't know OTW he's the author of this book really popular book on Amazon Linux Basics for Hackers, also this book Getting Started Becoming a Master Hacker and Network Basics for Hackers and OTW it's 2025 now I'm hoping that this year we'll get a Python for hackers right well that's the plan yes we we have in the works a brand new book called Python Basics for Hackers we are expecting it to be out September of 2025 I'm writing it right now and we hope to do for Python what we did for Linux and that is that we want to take a really important subject in cyber security and make it simple and understandable for the beginner and I think we did that successfully with Linux Basics and we want to do the same thing for Python because Python is one of those tools that you really should master or at least have a fundamental understanding to be effective in cyber security. Really excited about this video we did one about a year ago where we looked at some of the top tools that hackers use and I'm hoping you can give us an updated version of that and also show us some cool and interesting stuff we haven't seen before. Yes so we're going to look at everything from the most simple to
the more advanced tools I got a list here that goes from the very beginner to the more advanced hacker and so why don't we get started. yeah I'm looking forward to this so I'll keep quiet you takes away I love the demos that you do so looking forward to this. Okay great well let's start with the most fundamental of all things that we need all tools that we need as a hacker and that is Linux yeah you know we we've got to know Linux if you're going to enter into this field as you can see on my screen here I've got Kali Linux but it it's not limited to Kali Linux it can be Parrot you know it could be Arch Linux it could it could even be Ubuntu but you need to know the basics of Linux you need to know the basics of Linux because almost all of your tools are designed for Linux almost all of your tools are designed for Linux no matter if that you're using Kali Ubuntu what have you and most of the tools that you're going to download off GitHub even the tools that are not built into Kali and Parrot are all designed for Linux so you need to understand how to manage in this environment there's another reason though too to know Linux and a couple of them probably less important is that sometimes the machine that you're attacking is going to be Linux and you need to know how to get around if you're inside of a Linux machine and you don't know how to get around you're not going to be very effective right and then probably I think more important at this point in time is we see the growth of the Internet of Things right so we see all of these devices and there's devices going into every home and every business and these Internet of Things are almost always using Linux they're almost always I probably could almost get away with saying always but you never want to say always because there's always there's always an exception to always right y but I it's pretty close to 100% are using Linux so if you're going to attack these systems the IoT and I I think this is really an underappreciated field IoT hacking we just finished a course on IoT hacking at Hackers Arise we have some more coming up in 2025 so almost all of the cameras use Linux yeah almost all the the uh Bluetooth and Zigbee connected devices Zigbee is a home automation oftentimes using home automation devices are all using Linux so you've got to know it not only from what you're running on your own system but you need to know it from the target system the target systems often are going to be Linux most of the web servers in the world are running Linux most of the IoT devices are running Linux now you know your neighbor your friend your roommate they may not be running Linux they might be running a Mac OS they might be running Windows but they're not well maybe they are your target I don't know maybe maybe maybe your roommate is your target um but in a professional environment right when you're trying to uh pentest hack um another system then you need to understand the inner workings of Linux and that's why I wrote Linux basics for ha so number one learn Linux all right also we have a new version of Linux Basics for Hackers coming out in May from no starch press and so though the one that I is out there right now it's a it's a great book I can say with all humility it's a great book it's still it's still the number one selling operating system book on Amazon and it's you know it's now like seven years old but we'll coming out with a brand new version it'll come out in May so look for that it'll uh bring everything up to date and it's going to have a chapter on using AI in cyber security as well so we're we're updating it with a new chapter there okay so Linux is number one on my list you you know everything else doesn't really matter everything else comes secondary to Linux right. Just for everyone who's watching Occupy The Web and I have done a bunch of videos about that book so have a look below I've linked it below if you want to you know see Occupy The Web go through the chapters in his book uh we haven't completed all of them but we've done quite a few to get you started so have a look at those sorry go OTW. So Linux is number one all right that's where you start from the next tool that I think is really important is Python now you don't need to master Python at the beginning but you need to learn the basics of Python you the basics of python it should be one of your goals as a cyber security pro if you're a networking Pro if you're a system admin you should know Python Python is the language of cyber security almost everything is written in Python not everything but nearly it's pretty be like 80 to 90% is written in Python and so this is you know your tools are written in Python so if you want to expand beyond the script kitty and using everybody else's tools you want to be able to write your own tools and you might want to just automate things you know you just want to like a even something as simple as doing automated scans you want to go ahead and be able to use Python for that to be able to automate your tasks I think uh there's number of good books out there on Python a couple of them from no two or three from no starch yeah I'm hoping that our book The Python basics for hackers is going to help the beginner to master the concepts first of all we're going to deal with programming concepts when that because a lot of books already assume that you understand programming so we're not going to assume that we're going to try to give you basic programming concepts and then apply those concepts to Python and then apply Python to hacking in cyber security. Nice. So that's number two number three on my list and this list is more
than just 10 I think we got about 17 or 18 on this list is VMware VMware Workstation for a long time I have been using VMware Workstation but also been using virtual box and I primarily use Virtual box because it's been free and wanted to use the same uh virtualization system as my students because a lot of students don't have the money to be able to buy BMR workstation but now as of this year VMware Workstation is free all right so for personal use it's free and it's superior to Virtual box it's superior to all of the other virtualization systems so I want to put that on the list this year because of it the because of the company now making it free and because it works so much better than the others and that's what I'm running here I'm running a VMware workstation the big difference I see with VMware workstation is that it connects to the outside world better than virtual box virtual box often has problems with USB external USB devices and networking and so um I like VMware better so I want to put that on your list it's great for the hacker to be able to create your own virtualized environments in other words you want to be able to test the things that you're learning on real world systems but you don't want to get you don't want to break the law right yeah and so you can create you know download say Windows 10 or Windows 11 or Ubuntu and create a virtual machine put whatever applications you want into it and then test trying to hack those and this is a a a good way to be able to hone your skills without having to actually even connect to the internet because it's all in your own localized Network and environment there's no issues with being able to you know sending out packets over the Internet that might appear to be malicious um so that's why it's it's a it's a great learning environment training environment it's also a really good environment for doing malware analysis we'll get into this little later here but there's a lot of malware that's already out there right and well I'll show you some of the places where you can pick it up and download it but if you do that if you download malware you want to put it into a safe environment you don't want to put it on on your on your laptop right exactly you might end up encrypting all of your data and having to pay a ransom to get it back right but if you have a virtual machine you can download it put it on that virtual machine and then you can sandbox me meaning you cut that machine off from the rest of the world it has no connection so anything that happens on that virtualized operating system is contained that's called sandboxing in malware analysis or reverse engineering malware which we just finished teaching a class on that so it's perfect for that environment one of the things that and and the malware developers know that right and so one of the things that you'll see in some really sophisticated malware is it won't let you download it to a virtual machine so but it's still an excellent place to be able to do safe and secure analysis the malware developers know this too and there's easy ways for them to put in to block it from being used in a virtual machine we recently were attacked by some Russian hackers and that's exactly what they did their malware when we tried to analyze it it wouldn't let us put it into a virtual machine because it's not that difficult to do but it's still important for the beginner to know how to use these tools to be able to analyze malware maybe you're not going to start with the most sophisticated malware but if you want to develop exploits now Weare exploits you need to understand what's already been done you know there's no reason to reinvent the wheel right so take a look at what's already been done you can do that safely in a virtualized environment. What I also like about VMware VMware Fusion works really well on a Mac so if someone's got a Mac VMware Fusion works well and like you said VMware Workstation Pro is free now so it's fantastic. Next tool and this is a really basic and fundamental tool that every cyber security and for that matter um Network administrators should know and that's NMAP right everybody should know NMAP so it's built into not only to Kali but most Linux distributions this is NMAP all right and just nmap -h and you can see you know it's a significant help screen and it has a significant main page as well but really NMAP is pretty simple because you can boil it down to basically nmap okay and then -s for scan right and then T or a TCP connection just different types of scans but the most basic one is a Tscan which does a three-way handshake to the website right and then the IP address that's all there is right that's all you need to know that's the most simple and what this will do is it'll give you the open ports on that system it's important to note that NMAP by default without without um telling what ports to scan for only scan for about a thousand ports and those are the thousand most common ports so we know that there's 65,536 ports right yeah and so if you're looking for a port that is not on that thousand list you're going to have to be specific right so let's take a look at I've got another system running over here I've DragonOS which is on my list as well is important tools to know right DragonOS is mostly for um radio frequency hacking I I'm not sure I need a better term for it because when you use the word radio people think of you know that thing that's in their car they listen to music but really radio includes all the electromagnetic spectrum that includes cell phones and Bluetooth and WiFi and satellite and all these things are radio signals and so it's one of those areas that I think is really important. We'll have to show we'll have to show the famous device right? Right we'll we'll look at that in just a moment.
This is the device that's really made radios like hacking quite famous I think. yeah and before we have to hack and and you know we're seeing we're seeing new devices coming out almost daily um in the SDR field so I tend to call it uh radio SDR uh hacking so let's just go ahead and scan that it's another system just Dragon OS on my VM of it and you see it comes back very quickly because there's there's no distance between them there's only one hop between them uh and you see it shows that Port 80 is open right so yeah if I'm an attacker this is the way that I go ahead and determine which ports are open now I I often times hear beginners talk about hacking ports you're not hacking a port a port is just a door into the system what you're hacking is what's behind the door and what's behind the door is HTTP in this case right it might be SMB it might be modbus it might be DNS but you're not hacking a port so it's maybe a a trivial point but I think it's important because sometimes if you go on Shodan for instance you'll look and you'll see that some companies maybe the more sophisticated companies put their services say HTTP and not the default Port right okay yeah so this is the default port for HTTP but I don't have to put it there I can often times you'll see companies put it on 8080 881 882 you can put any service on any port and the reason I bring this up is that there was a somebody one of the comments in one of our previous videos was why do we need to do a scan when we know that HTTP is on Port 80 and HTTPS is on Port 443 no you don't know that that is simply the default Port okay but that's not necessarily the smart people and I'm assuming everybody who's in listening to this video is one of those smart people will put your services on non-default ports it makes it harder for the attacker to attack you right because you know they all know for instance that SQL Server Microsoft's database server is on Port 1433 everybody knows that right so if I scan your system and I see Port 440 1433 open I know you've got a SQL server on that system and that means I'm going to try to attack that database but if I put it on a different port then the attacker goes I don't know what that is right and so this is one of the things that you that it's important to note is that any service can go on any port so you're not attacking a port you're attacking a service behind the port now one of the things that to get more information you might want to do with NMAP is to use the the -a what -a does okay if we go all the way up into the help screen you can see the -a you can see there's different types of scan techniques we're using just sT here which is for most people's purposes it works great it's it's not stealthy right but in all honesty you know a lot of people a lot of books and a lot of people advocate the use of sS it's often referred to as a SYN scan or stealthy scan but in all reality it's not hiding anything from anybody so don't be fooled by that all right so that's why I just use that I just use the sT scan now here it is an a enable OS detection okay version detection in traceroute and so let's go ahead and just use the -a and takes a little longer because it has to work harder it has more work to do here and you see what it comes back and and tells me more information and this is where this is this is an important type of scan because remember when we said that any service can be behind any port this now goes inside and says oh yeah this is Apache 2.4.52 on the Ubuntu right and it tells us more more information about it tells us the OS it tells us the title it just the it works that's the default page for Ubuntu and one other variation on this is simply the -p in this case Port 80 right and this this tells in that only look on Port 80 now this goes to some of those uh unique ports um like 554 which is RTSP which is the IP camera Port most IP cameras on Port 554 sometimes on 5554 sometimes they're 8554 we can talk about this you and I are going to do an IP camera uh video coming up in the real near future so look for that one and we're going to do some demonstrations there how to find them and how to hack them so look for that video coming up in the near future so if I were looking for say Port 554 for an IP camera right I would do it like that now this is not 554 is not on nmap's default 1000 port list so I would need to specify it to find it and if I go ahead and it comes back and says yeah it's closed notice this says rtsp is the default Port that's protocol that's used for cameras rtsp and if I wanted to say look for scada systems I you know the scada systems have you know like Port 502 this modbus so I can do that once again this is not on the default list okay so let's end that you know it's one of those tools that everybody needs to know every even if you're not into hacking if you're a network administrator and you have you know a thousand machines on your network that you need to manage this is a tool that's going to allow you to scan the entire network all right so I can go scan my entire network and see what's open I could use some CIDR notation like this right and it'll scan this case it'll scan 255 machines um and see which ones have Port 80 open on it or whatever the port that we're looking for then just one more thing was NMAP that's NMAP Basics right that's really important NMAP also has some capabilities a few people recognize and realize and that is what's called the nmap scripting engine all right so we can just do a locate command and then go uh nse they all end in nse so we can just do and you can see that NMAP has all these scripts that give it additional capabilities some sometimes it gives us capabilities that are similar to a vulnerability scanner sometimes like um like here stuck net detect right and you can have a number of other uh here's V SMTP vulnerabilities these are relatively old and some snnb Brute Force this one right here is um Eternal blue that uh exploit that was developed by NSA that was used by a number of criminal gangs is used in Peta not Peta W to cry what have you any case there's all these scripts here that you know you eventually you need to learn how to use and we have um a class on NMAP and we do a lot of these so that's uh that's NMAP that's one of those key tools the next tool that's an essential tool right is Burp Suite right Burp Suite Burp Suite is basically a proxy that allows you to be able to do web app hacking right it allows you to do a lot of things right and web app hackings is it's it's an essential tool there you really can't live without it well that's not true you really there are other tools that do similar things but you need this capability no matter what that's what you need you need the capability and it's a it's a really important tool it's a Java based tool so um it takes a little while to open up and here's our Burp Suite right and we're using the Community Edition because it's free I think Burp uh Pro Edition is now I $495 a year I think they raised the price of $495 One Ports Portswigger is the company who makes it they do a good job let's give them a little credit here but they uh they've put out a good tool for a long time and they deserve credit let's see what they charge for it but you don't need it as a starter you don't need um buy the professional they have an Enterprise Edition a professional Edition a Community Edition and let's see the Pro Edition costs so it's $449 for the Pro Edition you can do most things with the uh Community Edition that's built into Kali and some of the other attack frameworks and just go hit hit next notice that temporary project in memory you can't save the project okay so that's one of the things that you don't get with the Community Edition then we can go ahead and start it all right here's our burp and one of the things that burp primarily it's a proxy between your browser and the server so you can intercept all right the the requests okay between your system all right and the server and then you can analyze them and you can um alter them edit them to be able to attack the system looking for vulnerabilities you can see here that you know I have an intercept what this is is that allows me to intercept the requests to the server so let's open a browser I believe that burp by default uses Chrome right so you can use any browser you want right but the one that they've built into it is Chrome you can go ahead and use Mozilla or um Edge and simply turn on the proxy settings all right let's go to let's see where should we where should we go to what do you think David any ideas? Hackers Arise. Oh yes of course who would have thought
that we have both hackers rise.com hackers rise.net um they're two different sites they a little bit different we use two sites for resilience we've been attacked so many times that uh we decided to keep two sites to be able to one gets attacked the other one's still running so our students never get left in the cold all right so let's go over here we can see our all of our traffic and of course if we go ahead and turn on the intercept all right the intercepts off turn the intercept on let's see what happens then okay so what happens when you turn the intercept on it'll grab right here we go it grabs the get request right and you can see you for instance here is the user agent one of the things that is underappreciated is how important this user agent is this user agent is being used by hackers and defenders and intelligence agencies to be able to identify you it's part of what's called the the browser fingerprint so one of the things we've learned is that we can be able to fingerprint not only the browser but the operating system and the user through Telltale Fingerprints of when you come to a website when you come to a website you leave behind a trail right this kind of goes to what we were talking about earlier about being anonymous or for that matter any of the traffic that you put over the Internet is going you're leaving a trail of who you are so one of the things that we've been emphasizing at Hackers Arise is that VPNs don't keep you safe right not only are you know almost every day in the last month or so or two we've been seeing new vulnerabilities to the VPN new vulnerabilities new and and some of the vulnerabilities are so simple okay in all honesty Fortinet has been terrible so if you got a Fortinet VPN look out okay um they've been terrible and so this is part of your fingerprint but there's a number of other okay there's a number of other bits of information that the attacker or the intelligence agency or anybody who sees your traffic that you leave a fingerprint so when you go to Amazon right to go shopping Amazon can read this fingerprint and have a good idea of course Amazon uses cookies as well to be able to identify you but whatever the site you're at they can de anonymize you by these fingerprints okay so that's kind of a separate issue but we have here this is the Intruder and the repeater right and what we can do with these is that we can go ahead and try to say break the authentication one of the things we can use this is to go ahead and try a login and then try a password list against a login we can test our own website for vulnerabilities like SQL ejection uh cross-site scripting and of course we can also use it to test the the target system for those types of attacks so yeah this is a really really important tool and I think you've had a number of people on your show who've done excellent demonstrations of burp so I will refer anybody who wants more information about Burp Suite to go to those videos but this is on my list of essential tools right so that's let's close this down next what we want to do is we want to look at most of your viewers okay are familiar with Shodan right so Shodan's a great tool for being able to find the systems of particular type of characteristics vulnerabilities you Shodan's great for the that all right here's Shodan explore you know one of my favorite subject areas is industrial Control Systems this is one of the things that we specialize in at the hackers arise and you can see one of the things about that mix industrial Control Systems unique is that they use different protocols than other systems so you know they use things like modbus Siemens DNP3 right ether Ethernet IP Backnet Tridium and there's about 200 different protocols this one here is the most commonly used and this uses Port 502 um and so when you want you're looking for Modbus systems and uh it says please log in to use all right we're working with Shodan Shodan is a great tool for being able to find what you're looking for if you're looking for a particular vulnerability particular port that's open looking for the service behind it so we're talking about industrial control system systems right and so here's some of the more popular industrial Control Systems here's Modbus this is going to show us all of the mod bus or Port 502 not necessarily Modbus but Port 502 systems in the world you can see there's 3 quarters of a million of these systems so most of these are running modbus but not all of them are and this kind of goes to what we were talking about earlier is that modbus runs on Port 502 by default but it could be running on another Port as well and people might put other services on Port 502 and so let's go like for instance this is a Google in Mountain States and you see there's a lot of things running on this particular system and probably none of them are modbuz but they've got all of these ports open so this is an excellent tool this is the browser application if we want to to look for a particular country all right so we're looking for say Russia Port 52 we could do that and just define our terms here you see Port 502 in Russia and you can see these are all of the modbus Space Systems in Russia so most of your viewers are familiar with Shodan but maybe they aren't that familiar with another Shodan based tool which is a command line tool which as an attacker hacker sometimes can become much more useful because what you can do with it is that you can go ahead and use the commandline tool and look specifically for sites and then put them into a file that you can use later so let's go ahead and just do uh let's I've installed it by the way it's at um sudo apt okay search for shodan and you'll see that um ah there it is right there okay it's python3 pyshodan all right that's the tool we're looking for and so we can do sudo apt install and then let's do a copy and paste you can see it's a script for interacting with Shodan API there it is okay so now we've got it installed and we can go Shodan -h and there's the the commands right and what you're going to use very often okay is doing a search okay search the showan database okay or you can scan an IP net block using Shodan all right so uh first of all you have to initialize the Shodan command line but we also have to go ahead and put our API key in I think it's a nit is what it is so let's go Shodan init the API key all right successfully initialized go shodan in and then go search and then go Port 502 and you can see okay that's going ahead and pulling up okay all of the IP addresses in the world that use port 502 and so one of the beauties of this tool is to be able to go ahead and put I'm just going ahead and hitting enter okay I can put this all into a file right and let's go ahead and do a q to exit and I could do then go oh modbus call modbus systems.txt that and it'll go ahead and put it all into a file for me and then of course I can just go more and go modbus systems.txt and there it is all right so it's all into a file that I can then use and then I can use that file to into other tools right so many of your tools most of your tools will allow you to use a text file as an input so in this case you can go ahead and use this text file as an input in scanning attacking what have you so let's go ahead and hit q and exit out of there so that's Shodan from a command line I think it's much more useful uh as an attacker to be able to use the Shodan command line and they'd be able to put the results in into a file. Makes sense. yeah yeah so that's those are
two really really good tools for being able to do scanning there's another tool that I want to show you that is excellent for scanning and it's called Nuclei and it's one that is I think is one of the better tools that are out there uh right now for being able to do particularly web app scanning vulnerability scanning so let's go ahead and we can can I could go let's show you how to install it it's kind of it's a little more work to install than say some of the others so this tool right this is a good example of we seeing more and more tools being developed in the Go language and this is one of them right so to install this we need to go sudo apt right and then do an update right I'm not going to go through the update because it takes a while and then we want to go ahead install the Go language all right it's like this here but we're seeing you know Python is the programming scripting language of choice for most of what's going on in cyber security but we are seeing more and more tools going to the Go language we're going to have a class on the Go language uh coming up soon and I'm I'm probably gonna do a book on the Go language as well in the near future maybe 2026 Python book out first right so we go ahead and put the Go language in I've already got installed and then uh we're going to go ahead and do this is the command to be able to install it like that right there hopefully you can see that and then hit enter right now I I like this tool better for web app vulnerability scanning let's give a shout out to nessus and you've got an excellent uh video on installing and using Nexus on your channel nessus has been around for a long long time and nessus is an excellent tool for doing vulnerability scanning it can it's great in a pent test vulnerability assessment maybe not the best tool for uh assessment of vulnerabilities of websites in an attacker type of environment because it's really really noisy and it only if you do the free version it allows you to do 16 IP addresses so in a large installation or if you're trying and go out and like test a lot of websites to see what vulnerabilities they have it may not be the best choice but this one okay is free and it does a really good job and it's a lot less noisy than Nessus but I I love Nessus that's not I don't want to knock it in any way shape or form let's go ahead and just change the the path and then we want to go source y got it already in there and I'm getting some a parse air near the app go and close that open up another terminal and expand it and we're getting ready to use nuclei yeah this is an excellent tool so it's it's called Nuclei we should have it all installed now this is right now my my favorite tool for doing a website vulnerability scanning and we first of all we want to go and take a look and see what version make sure it's all installed properly looks like it's all installed properly and then all it takes is you can just go ahead and point it at a website and it'll come back with a list of the vulnerabilities let's see who can we point it at um let's point it at um here's a a site right here that put a past in it's a it's again a and let's go ahead and just head it run it and it'll go ahead and look for any potential vulnerabilities of course all vulnerability scanners are susceptible to false positives just like you know nuclei is but it tends to be uh a little quieter than some of the other tools and you could be really specific it has templates so you can see nuclei templates so you can create you can create and use templates that are specific to a particular type of vulnerability all right that's Nuclei. So for those of you who are using other tools uh I think it's time to move up to Nuclei then let's go ahead in of course we have to include metas right oh yeah and if if you're using if you're using Kali you can go into uh exploitation tools and you'll see that framework this tool's been around for quite a while now probably 20 years coming on now you can click there or you can just go in can msf console you can see I haven't used it on this system here this is my new system it's going ahead and creating the database many people don't know but I do have a book on Metasploit Metasploit basics for hackers it's only available on Hackers Arise so if you want to become better at Metasploit that's a book for you um the original book on Metasploit was written by Dave Kennedy some of you know him he's kind of a famous bomber in a hacker who now has his own company in the Cleveland Ohio area and so he's got a new version of his book coming out so I haven't seen it yet I think it's coming out in the next it might be out by the time this video is out the beauty of Metasploit is that you have these exploits all right that I've already built into Metasploit and you can use them pretty simply and point them at a particular IP address a particular domain and take control if they're vulnerable so let's let's talk about that I sometimes people who are new to hacking don't understand that exploits are very specific to a particular OS a particular application a particular service and it has to be a known exploit a known vulnerability and a known exploit that hasn't been patched because if it's been patched doesn't matter how good the exploit is right it won't work right so let's goad ahead and let's do a search and what we can do is you can you see here there's almost 2500 exploits some of these are old some of them are new these are the exploits these right here are payloads these are what you put on the system once you take you exploit it exploiting is the same as what people often refer to as hacking right so you act into it and then you leave behind a payload that allows you to control the system these here auxiliary modules what these are are everything that doesn't fit into the other categories it's the it's The Dumping Ground for everything that doesn't fit into these other categories here these are post exploitation these are modules that are after you exploit it like if you want to turn on the camera you want to put a key logger on these would be post exploitation modules these are encoders that will change the encoding of a payload these are nops these are no operations often used in doing a buffer overflow or creating your own exploit and they now have nine evasion modules right to help you evade antivirus so we just search and we can search by the platform all right so platform and go Windows like that so platform is kind of a synonym for operating system and then we might uh want to go ask it for type and that would be an exploit those are the hacks right and what it'll do now is it'll show us all of the exploits for Windows and there's quite a bit we thought lots and lots okay that'll work against okay a Windows system now you and I did a video recently about the Eternal blue that it was the exploit that was uh lost by the was used by NSA and was stolen from them and so we want to look specifically for that we can find it okay and you can see we have lots of references to it all right so for instance Eternal blue all right so somebody recently asked me it's like why would you use the Eternal blue against a Windows 7 system because nobody's running Windows 7 system well that's not true there are people using the Windows 7 system you go on Shodan and search you'll find them all right but this exploit has been updated you see all the way up to Windows 10 now there's no windows 11 version so those of you who want to use it you know it's they've got versions of it now okay for all the modern operating systems up to Windows 10 Enterprise right but it does require that the system be vulnerable right so yeah it needs to be an unpatched system so this is Metasploit I recommend people learn it don't become dependent upon it so if you really want to advance your career you want to be able to develop your own exploits but when you're starting out this is a good place to understand exploitation and and met exploit makes it relatively simple all right so let's uh close that down and let's go on to the next one right my favorite password hacking tool is hashcat right. It's really good. yeah let's go hashcat -h this is hashcat hashcat is fast and it's powerful but it also requires some knowledge of password hashing so oftentimes what we have what we capture we if we exploit a system we get a hush we don't get the power password because very few operating systems and applications store passwords and plain text that's normal language right they store them as hashers except if you're Fortinet Fortinet Fortinet VPNs were storing their passwords in plain text believe it or not crazy and so that's how they were being exploited they they stored they stored both username and password and lain textt on the device itself so that the attacker all they had to do was go through all of the directories and look for the passwords and eventually so it was basically a directory traversal attack against that device and then to make it worse the passwords were in plain text that's pretty for a firewall yeah for a firewall VPS right and so that's pretty lazy that's negligence that's that's cyber security negligence and people should be held accountable for that so hopefully they're not one of your sponsors but in any case know you can see that they have different hash cracking okay they they they use different hash algorithms to be able to crack the passwords right so one of the things that you would need to know to use this tool effectively is what hash algorithm was used right and they've got just about everything here right and there's a number you know there's a number of tools in Kali that can do uh a uh a hash identification so if you have a hash there's a tool called hash ID yeah it is Hash ID I just didn't put a hash in go hash id let me just put a dash and see if we can get a help screen there we go so what it'll do is that it'll go ahead and identify different types of hashes used to encrypt the data so if you've been able to capture say for instance in a a WiFi attack you know a WiFi attack against WPA2 the hash is passed between the client and the AP and you can capture it using a tool like air crack right and then you take that and you put it into hash ID to identify the type of hash and then you can then use hashcat to crack it now you know one of the things that you need to understand with a tool like hashcat is it can be very time consuming because it's going to go through a list and hash each of that list and see if there's a match right so it's not it's not like a a tool that you just go click and it you know un it Wi-Fi we got a lot of things to cover here who we talking. I just wanted to ask you about John the
Ripper is that another one but you prefer hashcat right I prefer hashcat hashcat is faster one of the John the Ripper is a really good tool and one of the beauties of John the Ripper is it does a it automatically detects the hash but it's not always correct right so it uses the characteristics that it sees in the hash to identify the hash and so sometimes for a beginner John the Ripper can be it's just called John okay in the here's John bu John H this is John the Ripper and I use John the Ripper in uh my book getting started to become a master hacker it's an excellent tool it's not as fast as hashcat the other thing that hashcat is capable of doing is using a GPU um and so that's one of the things that I like about it you can run a GPU is much faster generating hashes the CPU is right and that's one of the reasons like one of the things that we now know is that almost all the AI systems are being developed by using Nvidia GPUs why GPUs because the GPU is designed to do calculations very very very fast a CPU that's that's a secondary test for CPU CPU's primary task is to run your computer you know it has to do a lot lot of things to be able to run your computer where GPU is very simple it just does calculations and those calculations were originally designed for being able to generate images graphics it's a graphics processor so graphics are simply a set of polygons that's all they are there are millions of polygons and the GPU manipulates generates and manipulates those polygons which are just're basically mathematical calculations the same as creating an a hash is a hash is just a matter of running an algorithm mathematical algorithm so they're really good for both of those applications as well as we now know AI that's why Nvidia right now is the most valuable company in the world right because they're basically running all of the AI engines okay moving on so that's John this also a tool for that I think is the best and it's the original okay Wi-Fi cracking it's aircrack there's now a lot of tools that are out there oh I meant -h okay there's a lot of tools out there now and it's actually a help this is aircrack this is the original Wi-Fi cracking tool there's lots of other tools out there so we can go out and go over here and uh look at the wireless attacks right so Wi-Fi it's a good one Reaver works well with WPS pixie WPS the same WPS is that that that uh number that you put in to make it easier to set up your Wi-Fi AP Fern here's aircrack here and of course then we have some Bluetooth tools as well aircrack is the grand daddy of Wi-Fi cracking it's been around for at least 20 years it says 2006 okay so 18 does a really good job it does take a little more of a takes more of a a little bit of learning there we've got several good tutorials on Hackers Arise that you can learn how to use aircrack and we also have some tutorials on using things like uh Wifite and others Wifite a lot simpler to use let go to Wi fight here so if you're a beginner you might want to try using Wifite but Wifite underneath is using aircrack right and so aircrack takes a little more work one of the things that beginners often have difficulty with is finding the right exploit right so let's uh there's a tool that's built into Kali and it's called searchsploit and what searchsploit does is it goes ahead and looks into Exploit-DB I'll go to Exploit-DB to show those people who haven't seen it before Exploit-DB is by offensive security they're the same people who uh make Kali and they have several certifications and trainings okay so this is their website um I should say that we are building our own Exploit-DB at Hackers Arise or and it's on our website we're putting um new exploits into there all the time so look for that so this is their Exploit-DB and you can search you know by you know the author or the platform okay the type and so we can go oh let's go PHP since that's the first one that comes up on the screen and go PHP and it brings me up all of the PHP based exploits all right but search exploit does something very similar right we can go PHP here and it shows me all of the exploits okay that use PHP it's basically using the same database and you know there's a lot of PHP so these are two places that you can find exploits and if you want to find the right exploit from the job right this is one of the places both Exploit-DB and search exploit basically they're using the same content right then talking about exploits let's go to this is an excellent place to be able to find malware this is the MalwareBazaar right this is the database right of all of the malware that's being found or at least the ones that are being reported to this particular site right MalwareBazaar and there's a lot of malware that's out there and you can see here the one you and I were just talking about the REMCOS Rat right that's the most recent one let's see if we can just do an update out and see just refresh and yep there it is there's REMCOS Rat so this malware was developed and sold as legitimate legal software for ex not exploitation but for tech support help desk type of support so you would use this to it was sold to be able to use to help your users so you can take over your system and show them how to use it it's now being used as a exploit okay you can see how many of them are out there and so this is this is one of the most widely used exploits out there right now you see REMCOS Rat we just analyzed this in our recent uh reverse engineering class and it's a pretty sophisticated it's really a sophisticated a piece of malware um if if I were if I were had malicious intent I might go ahead and download this and you see here it is through the database entries and use it right and the truth of the matter is that is what's happening okay is you can go ahead and it's it's ait's all over the place people are using it all over the world for attacks right so REMCOS Rat here it is if you just want to find malware if you're for instance if you're job is cyber threat intelligence right this is a place to go and look right here's the malware that's out there this is my favorite site for doing this if you're an attacker you know here's some of the options that you have you don't have to necessarily write your own malware hey there's there somebody already wrote the malware and sometimes all you have to do is make small modifications of it to be able to get past AV and uh endpoint detection system so okay moving on we got a few more things we want to talk about so there's another tool that's built in the Kali called SQL map SQL map is the tool of choice for doing SQL injection right um you know SQL injections been around for a long time most websites are not going to be vulnerable to standard simple SQL injection attacks you and I did a video on the Move It attack and the move the move it attack was a sophisticated SQL injection attack so SQL injection still works but you just got to be a little more sophisticated about it right if you are a pentester you want to probably use this tool against your login screens uh any form that you have to make sure that it's not going to be susceptible to a simple SQL injection attack right so I like this tool a lot um and it's one that the the uh pentester hacker should be familiar with all right then let's get into some little bit more sophisticated stuff all right one of the things that most of your viewers know and all of the people who are members or even just visit the the Hackers Arise site know that I am a big advocate for radio frequency or SDR or hacking this is my favorite operating system for doing that let's go ahead and zoom in and we use this in uh a lot of our why our radio frequency classes such as satellite hacking we use it there we use it for wi-fi hacking for IoT hacking for uh Bluetooth hacking and it has a it has a lot of really interesting tools in it and we should probably include the idea that you you probably would want to if you really want to get onto the leading edge of hacking which I think radio frequency or SDR hacking is you're probably going to want to have a piece of hardware now I want to back up just a second and say that I get a lot of people who will write me and say feel want to become a hacker pentester but I can't afford to buy a Wi-Fi pineapple a flipper zero a hack RF what have you no you don't need those things right to get started and you probably want to maybe only select one of them right so don't don't go ahead and and be uh styed in pursuing this career because you can't afford all those devices right yes nice to have them it sometimes makes things easier but get started get yourself even an old laptop you know doesn't have to be the latest and greatest and you and I have done some videos on the best laptop and we'll do another one in the near future but what I want to encourage people to do is get that laptop even if it's an old laptop right and it's probably going to be superior to trying to hack from a phone I know that I know a lot of people try hacking from phones right because they can't afford the laptop but hacking from a phone is pretty hard to do right it just doesn't have enough horsepower even if you're using an old laptop it's superior to hacking with a phone so whatever that's worth okay so this tool has a lot of this operating system has a lot of really cool tools in it so what we have here is here we have lots and lots of tools that can be used for well for instance this one right here open BTS is for making your own self system right so you can make your own cell system now this particular tool is only good for um 2G and 3G but we now have new tools that are out that can actually make a 4G 5G cell system right so that's a possibility right you have tools for analyzing WiFi you have some Bluetooth right here this is a Bluetooth sniffer tool um it also has an interesting tool here called Mirage okay let's just open up Mirage and what Mirage is is is kind of like a Metasploit for IoT okay so here's LSL in the Mirage directory notice that all the tools and this are user Source Mirage right so it's a run Mirage it's uh just going to be like this the Mirage launcher and this tool kind of like Metasploit it doesn't actually develop any exploits what it has done their goal is to put all the IoT exploits into a single system and we just do lists you can see that it has Zigbee so it's all based on iot all right based upon WiFi Zigbee mosart um let me see if I can scroll up a little bit show you um IR infrared then we have uh ESB Enhanced Shock Burst we have Bluetooth and we have a lot of Bluetooth modules of BLE the Bluetooth Low Energy right and so this is this is maybe the best tool for being able to do IoT hacking right now the best single it's more of a a framework than a tool so it has a lot of tools built into it all right so that one I wanted to show you but there's many many many tools in here right and uh some of them are not listed there's an LTE sniffer right and there's there's an IMSI-catcher IMSI is that identifying number for a cell phone that you can go ahead and identify and there's here's a good Jammer this is probably the best radio frequency Jammer out there that note that jamming is illegal so just keep that in mind and um and so and also if anybody wants to do any kind of Bluetooth hacking you know there's some real good modules in here for doing Bluetooth hacking all right so next tool on my list all right is Ghidra Ghidra was developed by the NSA and it's open source and it's free and it's a really good disassembler of code right and so if you wanted to go ahead and understand how malware works or for that matter any piece of software works all right this is a really good tool now there are long been other tools out there like Ida Pro okay that does this as well and maybe does it a little bit better but it's more expensive we do have some free versions now I like this tool a lot right and so here's a here's that piece of malware that we just saw in the MalwareBazaar remember we looked at the MalwareBazaar I'll go back there and show you so here we at his REMCOS Rat right and so you can go ahead and just in this case I put it in there and we've been working with this a lot in analyzing it and it's a pretty sophisticated piece of software all right so Remco cxe has not been analyzed well it has but we didn't save it and let's go ahead and run it and what it'll this allows us to do is to take that piece of malware and decompile disassemble and decompile it and better understand what it's doing so it's still working right and you can see that this is what's going on over here it's giving us this particular function and giving us the assembler and over here we now have the decompiled uh entry into the particular piece of software that's where the the ghidra basically executes from that's its entry point and we can see all of the code we can click on any one of the functions right and over here it comes over and shows us okay I see it right there I clicked on it and it shows us what's happening this is C right this is assembler so what it does is it breaks down the code puts it into assembler and then rebuilds it okay into C to make it a little easier to understand so let's go to another tool that one that one takes a little more sophistication but the the value of it is that you can take any piece of software right and disassemble it and better understand what it's doing and you know if you really get a little more sophistic you can make changes to it and those changes can help to get past the uh antivirus the endpoint detection systems but the probably the most important part is the better understand how these particular software or malware Works in that case Remos is sold as software not malware but it's being used as malware all right then of course we have to go to our AI. Everything's AI. This is this is the era of AI right and I think that every cyber security pro Network Pro you know even the you know the database administer everybody in our industry needs to embrace AI Don't Fear the AI you know embrace it right because it's not going to it's not going to replace you if you use it it will replace you if you don't use it right those people who fight AI are the people who will get replaced you it's it it has a lot of features and capabilities that make you up you make you better at what you do right and so of course you want to be better at what you do that's the how you get promoted that's how you get you increases in pay that's where you're you're more efficient so your boss recognizes hey that that guy he gets things done really really fast you know I need to you know I need to promote that guy versus the guy who's writing the code from scratch and takes you know two weeks to write it and you go to Claude and you get it done in two minutes so in this case here I wrote to I I have I have a Claude account there's lots of accounts out there for writing code right now writing Python code I think Claude is best right so what I did is I asked Claude to write me an AES encryption script right in Python and Claude did it for me right I haven't run it to test it but that's what I would need to do next is to go ahead and say Hey you know um try running it because AI often times will make mistakes but it probably is going to make fewer mistakes than you do on your first run through right and saves you a lot of time and so your job is to debug it so you can't simply not understand python you need to understand python because you're going to need debugging skills but it's going to save you a lot of time it's faster to debug this script than it is for you to write it from the originals so this is Claude I think everybody no matter what industry you're in really no matter whatever industry you're in you need to embrace AI for writing code I think Claude right now which is fr
2025-01-09 20:07