Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:06,960 --> 00:00:10,559 hello everyone 2 00:00:07,919 --> 00:00:11,519 this is ayam nigi and i am a part of 3 00:00:10,559 --> 00:00:13,440 infosec train 4 00:00:11,519 --> 00:00:16,000 i am one of the trainers uh in 5 00:00:13,440 --> 00:00:17,199 infrastream talking about my experience 6 00:00:16,000 --> 00:00:19,039 uh i have like five 7 00:00:17,199 --> 00:00:20,560 plus years of experience earlier talking 8 00:00:19,039 --> 00:00:21,680 about the days i was into web 9 00:00:20,560 --> 00:00:23,840 development 10 00:00:21,680 --> 00:00:25,840 later down the line i switched to your 11 00:00:23,840 --> 00:00:26,080 cyber security field because i like have 12 00:00:25,840 --> 00:00:28,960 a 13 00:00:26,080 --> 00:00:29,599 keen interest over this field right so i 14 00:00:28,960 --> 00:00:31,279 rather than 15 00:00:29,599 --> 00:00:33,200 going with them and continuing with the 16 00:00:31,279 --> 00:00:34,480 web development i try to grow myself 17 00:00:33,200 --> 00:00:36,399 into cyber security 18 00:00:34,480 --> 00:00:38,000 because i like have a future plans 19 00:00:36,399 --> 00:00:40,559 regarding your dev setups 20 00:00:38,000 --> 00:00:42,559 which is inclusion of your development 21 00:00:40,559 --> 00:00:44,879 part your security part and your 22 00:00:42,559 --> 00:00:46,559 operation part as well right so already 23 00:00:44,879 --> 00:00:47,200 i have a like a bit of an experience 24 00:00:46,559 --> 00:00:49,680 regarding 25 00:00:47,200 --> 00:00:51,520 your development field so i'm more into 26 00:00:49,680 --> 00:00:53,760 now uh cyber security so 27 00:00:51,520 --> 00:00:54,640 covering this field of area and rather 28 00:00:53,760 --> 00:00:55,840 than like 29 00:00:54,640 --> 00:00:58,160 later then i will be going for the 30 00:00:55,840 --> 00:00:59,199 operations as well right so you can say 31 00:00:58,160 --> 00:01:01,840 i like a future 32 00:00:59,199 --> 00:01:02,399 or goal of mine it can be like devsecops 33 00:01:01,840 --> 00:01:03,760 right 34 00:01:02,399 --> 00:01:05,760 moreover we are dealing with other 35 00:01:03,760 --> 00:01:07,439 regarding cyber security right now 36 00:01:05,760 --> 00:01:09,040 right so these are the domains of my 37 00:01:07,439 --> 00:01:11,119 experience like the security testing 38 00:01:09,040 --> 00:01:14,240 cloud security and devops 39 00:01:11,119 --> 00:01:16,000 right so uh talking about the 40 00:01:14,240 --> 00:01:17,600 training and experiences i have 41 00:01:16,000 --> 00:01:18,960 delivered plenty of the batches with 42 00:01:17,600 --> 00:01:21,520 inclusive training 43 00:01:18,960 --> 00:01:23,759 right and talking about the course for 44 00:01:21,520 --> 00:01:27,360 now right the security plus 45 00:01:23,759 --> 00:01:28,159 so security please are it's a defensive 46 00:01:27,360 --> 00:01:30,240 course 47 00:01:28,159 --> 00:01:31,680 right as you guys know uh you guys know 48 00:01:30,240 --> 00:01:35,520 about the teamings right 49 00:01:31,680 --> 00:01:38,320 the red team and the blue team correct 50 00:01:35,520 --> 00:01:40,400 so talking about the teams red teams are 51 00:01:38,320 --> 00:01:43,680 totally guys for your 52 00:01:40,400 --> 00:01:44,799 attacking phase right so regarding the 53 00:01:43,680 --> 00:01:47,200 security plus right 54 00:01:44,799 --> 00:01:48,159 uh and this whole course so basically 55 00:01:47,200 --> 00:01:50,320 guys uh 56 00:01:48,159 --> 00:01:51,200 as i was mentioning we have two teams 57 00:01:50,320 --> 00:01:54,560 right the red 58 00:01:51,200 --> 00:01:55,040 team and the blue team right so that 59 00:01:54,560 --> 00:01:57,119 team 60 00:01:55,040 --> 00:01:58,719 morally focus on your offensive side 61 00:01:57,119 --> 00:01:59,600 right you can see in an attacking site 62 00:01:58,719 --> 00:02:01,520 where they 63 00:01:59,600 --> 00:02:03,119 they exploits the thing they they enter 64 00:02:01,520 --> 00:02:04,159 into the system 65 00:02:03,119 --> 00:02:06,240 right they found all those 66 00:02:04,159 --> 00:02:07,119 vulnerabilities in your network and try 67 00:02:06,240 --> 00:02:08,879 to 68 00:02:07,119 --> 00:02:11,520 exploit them and get an access control 69 00:02:08,879 --> 00:02:14,000 over the system right 70 00:02:11,520 --> 00:02:15,280 and uh it's targeting 601 basically 71 00:02:14,000 --> 00:02:17,760 right but moreover 72 00:02:15,280 --> 00:02:18,319 we'll be covering the topics right since 73 00:02:17,760 --> 00:02:20,800 you know 74 00:02:18,319 --> 00:02:22,640 six hours or three hours of a day it's 75 00:02:20,800 --> 00:02:25,520 not sufficient to cover the whole 76 00:02:22,640 --> 00:02:26,480 topics of the 60 601 right or the whole 77 00:02:25,520 --> 00:02:28,400 security 78 00:02:26,480 --> 00:02:29,760 uh course so we will be covering the 79 00:02:28,400 --> 00:02:32,000 broad areas 80 00:02:29,760 --> 00:02:34,000 right and so we'll be covering broad 81 00:02:32,000 --> 00:02:37,200 areas we'll be covering bits of 82 00:02:34,000 --> 00:02:37,920 of all of them right so yeah and more 83 00:02:37,200 --> 00:02:39,440 specifically 84 00:02:37,920 --> 00:02:41,040 if you're asking about a five zero one 85 00:02:39,440 --> 00:02:41,760 and six zero one will be targeting the 86 00:02:41,040 --> 00:02:43,519 cardinal 87 00:02:41,760 --> 00:02:45,760 security plus six zero one which is the 88 00:02:43,519 --> 00:02:48,080 latest version going on you know 89 00:02:45,760 --> 00:02:49,519 comp shia right the vendor which is 90 00:02:48,080 --> 00:02:50,000 providing security places your comms 91 00:02:49,519 --> 00:02:53,440 here 92 00:02:50,000 --> 00:02:56,800 so your latest version is when your 601 93 00:02:53,440 --> 00:02:57,519 okay so as i was saying security plus 94 00:02:56,800 --> 00:02:59,360 it's your 95 00:02:57,519 --> 00:03:01,040 blue teaming uh blue team course right 96 00:02:59,360 --> 00:03:02,159 which is totally a defensive one it's 97 00:03:01,040 --> 00:03:04,800 not basically 98 00:03:02,159 --> 00:03:06,319 based off your attacking one right here 99 00:03:04,800 --> 00:03:06,800 you loan regarding the defensive side of 100 00:03:06,319 --> 00:03:09,280 the 101 00:03:06,800 --> 00:03:10,720 whole cyber security right so the low 102 00:03:09,280 --> 00:03:11,200 the skills you will be learning in your 103 00:03:10,720 --> 00:03:13,040 cyber 104 00:03:11,200 --> 00:03:14,480 or security place would be like 105 00:03:13,040 --> 00:03:16,440 regarding the terminologies 106 00:03:14,480 --> 00:03:17,599 regarding your attacks threats 107 00:03:16,440 --> 00:03:19,879 vulnerabilities 108 00:03:17,599 --> 00:03:22,319 right architecture and design the 109 00:03:19,879 --> 00:03:24,959 implementation of the policies 110 00:03:22,319 --> 00:03:26,480 right all those about the compliances 111 00:03:24,959 --> 00:03:28,239 your incident deploy 112 00:03:26,480 --> 00:03:30,080 response and operational response if 113 00:03:28,239 --> 00:03:32,799 there is any sort of an attack happen 114 00:03:30,080 --> 00:03:34,400 or your mitigation techniques right so 115 00:03:32,799 --> 00:03:35,680 these are the skills which you learn in 116 00:03:34,400 --> 00:03:38,000 this whole security 117 00:03:35,680 --> 00:03:39,760 plus course right which is provided up 118 00:03:38,000 --> 00:03:42,400 by a conscience 119 00:03:39,760 --> 00:03:44,959 correct so but today we'll be covering 120 00:03:42,400 --> 00:03:47,599 the broader areas so for today's session 121 00:03:44,959 --> 00:03:49,840 right we'll be discussing regarding your 122 00:03:47,599 --> 00:03:52,000 threat actors and threat intelligence 123 00:03:49,840 --> 00:03:53,280 and your malwares and your social 124 00:03:52,000 --> 00:03:54,879 engineering attacks 125 00:03:53,280 --> 00:03:56,319 all right so these are our today's 126 00:03:54,879 --> 00:03:59,360 agenda and that are 127 00:03:56,319 --> 00:04:01,760 topics which we'll be covering 128 00:03:59,360 --> 00:04:02,799 so basically if you talk about uh the 129 00:04:01,760 --> 00:04:05,200 agenda of the 130 00:04:02,799 --> 00:04:06,720 security plus right so like there are 131 00:04:05,200 --> 00:04:08,080 plenty of job roles you will be getting 132 00:04:06,720 --> 00:04:09,760 in it right like your security 133 00:04:08,080 --> 00:04:11,200 administrator right your system 134 00:04:09,760 --> 00:04:13,519 administrator 135 00:04:11,200 --> 00:04:15,439 like your help desk manager your endless 136 00:04:13,519 --> 00:04:16,320 your network engineer your security 137 00:04:15,439 --> 00:04:19,519 engineer 138 00:04:16,320 --> 00:04:20,160 right you can even go for the profiles 139 00:04:19,519 --> 00:04:22,800 of your 140 00:04:20,160 --> 00:04:24,560 devops software developer your i.t 141 00:04:22,800 --> 00:04:25,440 auditors right and your id project 142 00:04:24,560 --> 00:04:27,040 manager as well 143 00:04:25,440 --> 00:04:29,280 so basically uh what you can say 144 00:04:27,040 --> 00:04:30,720 security players are it's a 145 00:04:29,280 --> 00:04:32,720 base level which will be covering each 146 00:04:30,720 --> 00:04:35,120 and every ground of your 147 00:04:32,720 --> 00:04:37,040 other high level techniques right so you 148 00:04:35,120 --> 00:04:39,199 will be setting up your ground level 149 00:04:37,040 --> 00:04:40,080 with this security plus course right so 150 00:04:39,199 --> 00:04:43,280 you will be 151 00:04:40,080 --> 00:04:44,800 getting a much more insight in this 152 00:04:43,280 --> 00:04:47,680 cyber security 153 00:04:44,800 --> 00:04:48,160 specifically talking about the blue team 154 00:04:47,680 --> 00:04:50,400 side 155 00:04:48,160 --> 00:04:51,360 right you will get to know about the red 156 00:04:50,400 --> 00:04:53,919 team as well 157 00:04:51,360 --> 00:04:55,520 right uh like not as an attacking phase 158 00:04:53,919 --> 00:04:57,120 like how to attack and how to code and 159 00:04:55,520 --> 00:04:59,360 how to write scripts 160 00:04:57,120 --> 00:05:01,199 but you will get a few bits of an idea 161 00:04:59,360 --> 00:05:04,400 regarding these things 162 00:05:01,199 --> 00:05:07,360 okay like what sort of a scripts 163 00:05:04,400 --> 00:05:09,680 look like how you launch an attack right 164 00:05:07,360 --> 00:05:11,199 what are the uh like steps to do that 165 00:05:09,680 --> 00:05:13,199 right how do you do the information 166 00:05:11,199 --> 00:05:15,759 gathering because it can be like useful 167 00:05:13,199 --> 00:05:16,320 from the security purpose as well right 168 00:05:15,759 --> 00:05:19,039 and like 169 00:05:16,320 --> 00:05:20,639 how do you attack and particular port 170 00:05:19,039 --> 00:05:21,440 how do you scan them and all these 171 00:05:20,639 --> 00:05:23,840 scenarios 172 00:05:21,440 --> 00:05:25,680 you can cover with the security plus 173 00:05:23,840 --> 00:05:28,400 side as well so you will get a 174 00:05:25,680 --> 00:05:29,039 like you can say an overlook of an 175 00:05:28,400 --> 00:05:32,160 attacking 176 00:05:29,039 --> 00:05:34,240 uh area just to know how things 177 00:05:32,160 --> 00:05:35,600 look around from that side right but 178 00:05:34,240 --> 00:05:38,639 moreover it focus on your 179 00:05:35,600 --> 00:05:43,120 defensive side all right so 180 00:05:38,639 --> 00:05:45,280 uh talking about the examination as well 181 00:05:43,120 --> 00:05:46,639 right talking about the examination you 182 00:05:45,280 --> 00:05:48,400 will be having if you go for the 183 00:05:46,639 --> 00:05:50,080 examination of security please like 184 00:05:48,400 --> 00:05:52,560 accomplish the vendor as i 185 00:05:50,080 --> 00:05:54,000 already mentioned over there so if you 186 00:05:52,560 --> 00:05:55,840 talk about the number of questions in 187 00:05:54,000 --> 00:05:58,880 your examination guys that will be 188 00:05:55,840 --> 00:06:00,319 90 questions over there okay in an 189 00:05:58,880 --> 00:06:02,880 examination it will be of 190 00:06:00,319 --> 00:06:03,759 90 questions it will be if you talk 191 00:06:02,880 --> 00:06:05,440 about the 192 00:06:03,759 --> 00:06:07,680 pattern of the type of questions over 193 00:06:05,440 --> 00:06:10,080 there it will be a multiple choice 194 00:06:07,680 --> 00:06:10,720 examination over there or uh security 195 00:06:10,080 --> 00:06:13,840 plus 196 00:06:10,720 --> 00:06:16,800 and the length of this test would be of 197 00:06:13,840 --> 00:06:18,240 90 minutes guys okay the length of the 198 00:06:16,800 --> 00:06:20,479 test would be 90 minutes 199 00:06:18,240 --> 00:06:22,080 there will be 90 questions over there 200 00:06:20,479 --> 00:06:24,400 and that two will be of 201 00:06:22,080 --> 00:06:25,600 multiple choice so if you talk about the 202 00:06:24,400 --> 00:06:27,840 passing score 203 00:06:25,600 --> 00:06:30,319 uh it would be like if the question will 204 00:06:27,840 --> 00:06:33,039 be like a thousand you can say of 205 00:06:30,319 --> 00:06:34,400 750 right and these sort of things so 206 00:06:33,039 --> 00:06:37,120 750 of a margin 207 00:06:34,400 --> 00:06:37,759 it will be of on a scale of 100 to 900 208 00:06:37,120 --> 00:06:41,120 it will 209 00:06:37,759 --> 00:06:44,160 750 without passing scenarios over there 210 00:06:41,120 --> 00:06:45,840 okay so that was a bit regarding your 211 00:06:44,160 --> 00:06:48,080 whole certificate scenario if you want 212 00:06:45,840 --> 00:06:51,919 to offer the certification 213 00:06:48,080 --> 00:06:54,000 you have to opt for this right 214 00:06:51,919 --> 00:06:55,120 so if you can see uh com she is the 215 00:06:54,000 --> 00:06:57,120 vendor of this and 216 00:06:55,120 --> 00:06:58,720 the code which is latency being for like 217 00:06:57,120 --> 00:07:01,759 followed by x601 218 00:06:58,720 --> 00:07:03,680 right sy-0601 which is of a security 219 00:07:01,759 --> 00:07:05,360 601 so these are the skills which we'll 220 00:07:03,680 --> 00:07:07,280 be covering over here 221 00:07:05,360 --> 00:07:09,039 in this whole courses these are the jobs 222 00:07:07,280 --> 00:07:10,000 and opportunities out there regarding 223 00:07:09,039 --> 00:07:11,360 this course 224 00:07:10,000 --> 00:07:12,960 and you can always found the exam 225 00:07:11,360 --> 00:07:14,800 details over here right the maximum 226 00:07:12,960 --> 00:07:16,880 number of questions are 90 227 00:07:14,800 --> 00:07:18,479 your 750 will be passing score length 228 00:07:16,880 --> 00:07:19,599 the test is 90 and you will be the 229 00:07:18,479 --> 00:07:22,639 multiple choice 230 00:07:19,599 --> 00:07:23,039 questions over there all right so these 231 00:07:22,639 --> 00:07:25,759 are the 232 00:07:23,039 --> 00:07:26,560 bits regarding your certification part 233 00:07:25,759 --> 00:07:28,479 all right 234 00:07:26,560 --> 00:07:30,400 it can be like very efficient to have 235 00:07:28,479 --> 00:07:32,880 this certification or 236 00:07:30,400 --> 00:07:34,080 moreover if you have the knowledge for 237 00:07:32,880 --> 00:07:36,080 this particular 238 00:07:34,080 --> 00:07:37,440 field right as per your job purpose and 239 00:07:36,080 --> 00:07:38,880 like if you're entering into cyber 240 00:07:37,440 --> 00:07:40,479 security field it can be really very 241 00:07:38,880 --> 00:07:43,039 helpful and insightful 242 00:07:40,479 --> 00:07:44,240 to stand out from rest of the public in 243 00:07:43,039 --> 00:07:47,360 this particular 244 00:07:44,240 --> 00:07:48,560 domain all right so proceeding further 245 00:07:47,360 --> 00:07:50,479 with the course lies 246 00:07:48,560 --> 00:07:51,840 right just to mention regarding about 247 00:07:50,479 --> 00:07:54,479 infosect train 248 00:07:51,840 --> 00:07:56,800 we are established in 2016 we are one of 249 00:07:54,479 --> 00:07:58,639 the finest security and technology 250 00:07:56,800 --> 00:08:00,800 training and consulting company 251 00:07:58,639 --> 00:08:02,759 right we provide a wide range of 252 00:08:00,800 --> 00:08:05,280 professional training programs 253 00:08:02,759 --> 00:08:05,759 certifications and consulting services 254 00:08:05,280 --> 00:08:08,879 in the 255 00:08:05,759 --> 00:08:10,879 itn cyber security domain and we have 256 00:08:08,879 --> 00:08:12,879 high quality technical services 257 00:08:10,879 --> 00:08:14,639 certifications or customized training 258 00:08:12,879 --> 00:08:16,479 programs created with 259 00:08:14,639 --> 00:08:18,479 professionals of over 15 years of 260 00:08:16,479 --> 00:08:20,000 combined experience in the domain in 261 00:08:18,479 --> 00:08:22,319 their respective domains 262 00:08:20,000 --> 00:08:23,120 all right and if you talk about our 263 00:08:22,319 --> 00:08:25,440 endorsements 264 00:08:23,120 --> 00:08:27,360 we have like four plus years of services 265 00:08:25,440 --> 00:08:28,400 right and we have a 70-plus school of 266 00:08:27,360 --> 00:08:30,400 trainers 267 00:08:28,400 --> 00:08:31,759 we are already offering 150 plus of 268 00:08:30,400 --> 00:08:33,440 courses right 269 00:08:31,759 --> 00:08:35,120 and we have 100 plus corporate 270 00:08:33,440 --> 00:08:37,279 deliveries we have 271 00:08:35,120 --> 00:08:39,599 valuable partners which has a number of 272 00:08:37,279 --> 00:08:42,880 10 plus and we have 15 000 because of 273 00:08:39,599 --> 00:08:44,159 profession train all right and these are 274 00:08:42,880 --> 00:08:45,760 our trusted clients 275 00:08:44,159 --> 00:08:49,360 you can have a look on them right 276 00:08:45,760 --> 00:08:51,839 samsung microsoft vmware deloitte hcl 277 00:08:49,360 --> 00:08:53,279 and many more and if we talk about why 278 00:08:51,839 --> 00:08:54,880 infosec train 279 00:08:53,279 --> 00:08:56,640 because we have already have certified 280 00:08:54,880 --> 00:08:59,360 and experienced instructors 281 00:08:56,640 --> 00:09:00,240 right and we have these flexible modes 282 00:08:59,360 --> 00:09:02,399 of training 283 00:09:00,240 --> 00:09:04,240 according to our requirements according 284 00:09:02,399 --> 00:09:05,839 to you participants like 285 00:09:04,240 --> 00:09:07,279 whenever you guys are comfortable 286 00:09:05,839 --> 00:09:08,640 regarding the trainings and all those 287 00:09:07,279 --> 00:09:11,680 scenarios and periods 288 00:09:08,640 --> 00:09:13,200 uh any time of the day so we provide 289 00:09:11,680 --> 00:09:16,480 these of flexibilities 290 00:09:13,200 --> 00:09:17,839 for you participants right and like 291 00:09:16,480 --> 00:09:19,839 you can always have the access to the 292 00:09:17,839 --> 00:09:22,000 recorded sessions right we 293 00:09:19,839 --> 00:09:23,760 go through this go to meeting platform 294 00:09:22,000 --> 00:09:25,760 only and whatever the training you will 295 00:09:23,760 --> 00:09:27,680 be having for each and every day 296 00:09:25,760 --> 00:09:29,440 all those session and all those recorded 297 00:09:27,680 --> 00:09:31,200 uh these session will be get recorded 298 00:09:29,440 --> 00:09:32,640 and these recording will be passed on to 299 00:09:31,200 --> 00:09:36,160 you guys via email 300 00:09:32,640 --> 00:09:36,959 and everything right so moreover we also 301 00:09:36,160 --> 00:09:38,959 provide this 302 00:09:36,959 --> 00:09:40,399 uh tailor-made training right for any 303 00:09:38,959 --> 00:09:43,200 particular course 304 00:09:40,399 --> 00:09:45,440 and according to customers or like 305 00:09:43,200 --> 00:09:47,760 participants like you if you have any 306 00:09:45,440 --> 00:09:48,959 you can say any specific requirement 307 00:09:47,760 --> 00:09:51,040 regarding any particular 308 00:09:48,959 --> 00:09:52,480 certification or any particular course 309 00:09:51,040 --> 00:09:54,480 we can always go through all your 310 00:09:52,480 --> 00:09:55,920 requirements and we provide you like 311 00:09:54,480 --> 00:09:56,959 tailor-made training right we can 312 00:09:55,920 --> 00:09:58,800 customize it 313 00:09:56,959 --> 00:10:00,160 according to your needs and we can 314 00:09:58,800 --> 00:10:04,079 provide you that 315 00:10:00,160 --> 00:10:04,640 right all right so basically guys first 316 00:10:04,079 --> 00:10:06,800 of all 317 00:10:04,640 --> 00:10:08,160 talking regarding this cyber security 318 00:10:06,800 --> 00:10:10,000 right 319 00:10:08,160 --> 00:10:12,160 okay so guys what do you understand by 320 00:10:10,000 --> 00:10:15,040 the term security 321 00:10:12,160 --> 00:10:16,160 all right so there's security like you 322 00:10:15,040 --> 00:10:18,399 can say uh 323 00:10:16,160 --> 00:10:20,800 gets you uh in short you can say a 324 00:10:18,399 --> 00:10:21,200 freedom from all those potential harms 325 00:10:20,800 --> 00:10:22,800 right 326 00:10:21,200 --> 00:10:24,480 as you mentioned it gives you the 327 00:10:22,800 --> 00:10:26,560 protection you see it gives you the 328 00:10:24,480 --> 00:10:29,519 safety it gives you securing your and 329 00:10:26,560 --> 00:10:30,800 your environment right so it protects 330 00:10:29,519 --> 00:10:32,800 you from all those 331 00:10:30,800 --> 00:10:34,240 external attacks you can see or any 332 00:10:32,800 --> 00:10:34,800 internal direction attacks we'll talk 333 00:10:34,240 --> 00:10:38,240 about that 334 00:10:34,800 --> 00:10:40,560 later on as well right so these will be 335 00:10:38,240 --> 00:10:43,519 providing what uh your security is 336 00:10:40,560 --> 00:10:44,720 a protection of your own network or 337 00:10:43,519 --> 00:10:46,720 organization 338 00:10:44,720 --> 00:10:47,920 regarding in general terminology as well 339 00:10:46,720 --> 00:10:50,160 it's a protection from 340 00:10:47,920 --> 00:10:52,320 each and everything right which can harm 341 00:10:50,160 --> 00:10:55,279 us which can affect us in a 342 00:10:52,320 --> 00:10:56,399 uh more negative way correct so security 343 00:10:55,279 --> 00:10:59,120 is to provide you with a 344 00:10:56,399 --> 00:11:00,000 protection from them isn't it so guys 345 00:10:59,120 --> 00:11:02,640 when we talk about 346 00:11:00,000 --> 00:11:04,720 uh security right so information 347 00:11:02,640 --> 00:11:07,600 security or you can refer it as your 348 00:11:04,720 --> 00:11:08,480 infosec as well right it refers to the 349 00:11:07,600 --> 00:11:11,920 protection of 350 00:11:08,480 --> 00:11:14,000 data resources from any unauthorized 351 00:11:11,920 --> 00:11:15,440 access right isn't it like from any sort 352 00:11:14,000 --> 00:11:18,959 of an attack 353 00:11:15,440 --> 00:11:20,640 theft or a damage right so these data 354 00:11:18,959 --> 00:11:22,320 are talking about this data right uh 355 00:11:20,640 --> 00:11:24,240 which your organization holds so this 356 00:11:22,320 --> 00:11:25,680 data may be vulnerable right because of 357 00:11:24,240 --> 00:11:27,279 the way it is stored 358 00:11:25,680 --> 00:11:29,279 the way it is transferred over the 359 00:11:27,279 --> 00:11:32,160 network or the way it is processed 360 00:11:29,279 --> 00:11:33,600 correct so the system the systems of 361 00:11:32,160 --> 00:11:37,279 yours they use to store 362 00:11:33,600 --> 00:11:40,240 or transmit and process these data must 363 00:11:37,279 --> 00:11:41,519 demonstrate the properties of security 364 00:11:40,240 --> 00:11:45,040 guys 365 00:11:41,519 --> 00:11:47,120 okay and you can also say this cia right 366 00:11:45,040 --> 00:11:48,399 these like since your secure information 367 00:11:47,120 --> 00:11:51,040 has three properties 368 00:11:48,399 --> 00:11:53,360 which are referred to as your cia trade 369 00:11:51,040 --> 00:11:57,519 cia stands for confidentiality 370 00:11:53,360 --> 00:12:00,399 integrity right and the availability 371 00:11:57,519 --> 00:12:01,760 okay so basically you can also mention 372 00:12:00,399 --> 00:12:04,959 them as a three pillars 373 00:12:01,760 --> 00:12:06,639 of your security all right so 374 00:12:04,959 --> 00:12:07,600 confidentiality basically right that's 375 00:12:06,639 --> 00:12:09,040 what you understand by the term 376 00:12:07,600 --> 00:12:12,079 confidentiality 377 00:12:09,040 --> 00:12:14,240 so confidentiality means that certain 378 00:12:12,079 --> 00:12:16,560 information should only be known to 379 00:12:14,240 --> 00:12:19,440 certain people isn't it 380 00:12:16,560 --> 00:12:20,720 exactly no one can access right yeah 381 00:12:19,440 --> 00:12:23,040 data to be accessed by 382 00:12:20,720 --> 00:12:25,040 authorized people correct so you can 383 00:12:23,040 --> 00:12:26,399 maintain guys this confidentiality by 384 00:12:25,040 --> 00:12:27,760 encryption isn't it 385 00:12:26,399 --> 00:12:28,880 like you can use encryption for 386 00:12:27,760 --> 00:12:29,920 maintaining the confidence 387 00:12:28,880 --> 00:12:34,079 confidentiality 388 00:12:29,920 --> 00:12:36,160 right then talking about the integrity 389 00:12:34,079 --> 00:12:38,160 it means in short that the data is 390 00:12:36,160 --> 00:12:41,279 stored and transferred 391 00:12:38,160 --> 00:12:43,600 as intended right correct 392 00:12:41,279 --> 00:12:44,639 as it was like sent from one user to 393 00:12:43,600 --> 00:12:47,680 another user it was 394 00:12:44,639 --> 00:12:50,880 going as intended nothing sort of a 395 00:12:47,680 --> 00:12:53,440 alteration or modification 396 00:12:50,880 --> 00:12:55,440 is there correct and you can maintain 397 00:12:53,440 --> 00:12:58,160 this integrity by 398 00:12:55,440 --> 00:12:59,200 hashing isn't it right you can put up 399 00:12:58,160 --> 00:13:02,399 integrity by using 400 00:12:59,200 --> 00:13:03,279 hashing then guys we have availability 401 00:13:02,399 --> 00:13:05,760 as well 402 00:13:03,279 --> 00:13:06,720 availability means that information is 403 00:13:05,760 --> 00:13:10,000 accessible to 404 00:13:06,720 --> 00:13:11,360 those authorized to view or modified 405 00:13:10,000 --> 00:13:13,519 right or you can say like 406 00:13:11,360 --> 00:13:14,399 it is available like if we talk in terms 407 00:13:13,519 --> 00:13:16,959 of here like 408 00:13:14,399 --> 00:13:17,920 uh your this ecommerce website or anyone 409 00:13:16,959 --> 00:13:21,120 so like it is 410 00:13:17,920 --> 00:13:22,720 uh available for the users right 411 00:13:21,120 --> 00:13:24,160 to their authorized users or their 412 00:13:22,720 --> 00:13:26,800 genuine users isn't it 413 00:13:24,160 --> 00:13:28,399 so we can maintain these availability by 414 00:13:26,800 --> 00:13:31,680 using the load balances 415 00:13:28,399 --> 00:13:34,480 isn't it or the backup plans right so 416 00:13:31,680 --> 00:13:35,600 uh as we are talking about uh the cia 417 00:13:34,480 --> 00:13:37,519 tried right 418 00:13:35,600 --> 00:13:39,279 so guys what happens some security 419 00:13:37,519 --> 00:13:41,839 models and resources 420 00:13:39,279 --> 00:13:42,720 identify other properties that secure 421 00:13:41,839 --> 00:13:44,639 systems 422 00:13:42,720 --> 00:13:45,760 or like should exhibit right they should 423 00:13:44,639 --> 00:13:47,440 opt for them there as well 424 00:13:45,760 --> 00:13:50,079 because these are not enough to maintain 425 00:13:47,440 --> 00:13:52,120 the security so the most important of 426 00:13:50,079 --> 00:13:54,480 these is you have 427 00:13:52,120 --> 00:13:55,760 non-reputation have you heard about 428 00:13:54,480 --> 00:14:02,000 non-reputation guys what do you 429 00:13:55,760 --> 00:14:05,279 understand by non-reputation 430 00:14:02,000 --> 00:14:08,079 non-reputation means that the subject 431 00:14:05,279 --> 00:14:08,399 right he cannot deny doing something 432 00:14:08,079 --> 00:14:11,760 right 433 00:14:08,399 --> 00:14:13,199 such as creating or like modifying or 434 00:14:11,760 --> 00:14:15,120 sending a resource 435 00:14:13,199 --> 00:14:16,320 right for example if we talk about a 436 00:14:15,120 --> 00:14:18,560 legal document 437 00:14:16,320 --> 00:14:20,560 uh such as a will or like it must 438 00:14:18,560 --> 00:14:21,120 usually be witnessed when it is signed 439 00:14:20,560 --> 00:14:22,959 right 440 00:14:21,120 --> 00:14:25,360 so if there is a dispute about whether 441 00:14:22,959 --> 00:14:28,000 the document was correctly 442 00:14:25,360 --> 00:14:28,880 executed the witness can provide 443 00:14:28,000 --> 00:14:31,760 evidence that 444 00:14:28,880 --> 00:14:33,519 it was right so moreover you can if you 445 00:14:31,760 --> 00:14:35,279 talk about a simply example regarding 446 00:14:33,519 --> 00:14:37,920 this noun repetition you can always talk 447 00:14:35,279 --> 00:14:39,360 about a system camera isn't it 448 00:14:37,920 --> 00:14:41,120 right it's a very common example for 449 00:14:39,360 --> 00:14:43,199 that and a very strong one 450 00:14:41,120 --> 00:14:45,199 so something you do is caught in your 451 00:14:43,199 --> 00:14:47,040 sweet smoothie cam or cctv camera and 452 00:14:45,199 --> 00:14:47,839 you cannot deny about it isn't it you 453 00:14:47,040 --> 00:14:49,839 maintain 454 00:14:47,839 --> 00:14:51,600 non reputation by digital signatures as 455 00:14:49,839 --> 00:14:54,560 well guys uh 456 00:14:51,600 --> 00:14:56,839 there is also authentication as well 457 00:14:54,560 --> 00:14:59,839 right what do you understand about 458 00:14:56,839 --> 00:14:59,839 authentication 459 00:15:00,160 --> 00:15:03,680 okay so guys uh actually what happens 460 00:15:02,959 --> 00:15:05,760 when we 461 00:15:03,680 --> 00:15:07,040 talk about security alright so when we 462 00:15:05,760 --> 00:15:09,120 talk about security 463 00:15:07,040 --> 00:15:11,199 your information security and cyber 464 00:15:09,120 --> 00:15:14,480 security task can be classified in 465 00:15:11,199 --> 00:15:16,240 like five functions right uh 466 00:15:14,480 --> 00:15:18,560 it can be classified in five function 467 00:15:16,240 --> 00:15:22,320 like they what they do they follow the 468 00:15:18,560 --> 00:15:22,320 framework which is developed by our 469 00:15:23,920 --> 00:15:31,120 nest right next stands for national 470 00:15:27,600 --> 00:15:33,199 institute of standards and technology 471 00:15:31,120 --> 00:15:34,240 right so nest it is a set of best 472 00:15:33,199 --> 00:15:36,160 practices 473 00:15:34,240 --> 00:15:37,839 the standards and recommendations that 474 00:15:36,160 --> 00:15:40,320 help an organization 475 00:15:37,839 --> 00:15:42,079 to improve its cyber security measures 476 00:15:40,320 --> 00:15:45,040 right so it is focusing 477 00:15:42,079 --> 00:15:46,639 exclusively on iit security so the next 478 00:15:45,040 --> 00:15:47,279 cyber security framework seeks to 479 00:15:46,639 --> 00:15:49,120 address 480 00:15:47,279 --> 00:15:50,720 the lack of standards right when it 481 00:15:49,120 --> 00:15:52,880 comes to security 482 00:15:50,720 --> 00:15:54,399 so there are currently like major 483 00:15:52,880 --> 00:15:56,320 differences in the way 484 00:15:54,399 --> 00:15:57,680 companies are using technologies 485 00:15:56,320 --> 00:16:00,000 actually right 486 00:15:57,680 --> 00:16:01,839 and the languages and the rules to fight 487 00:16:00,000 --> 00:16:02,880 hackers you can say or the malicious 488 00:16:01,839 --> 00:16:04,560 actors 489 00:16:02,880 --> 00:16:06,000 right and those i can call them as a 490 00:16:04,560 --> 00:16:09,519 data pirates and the 491 00:16:06,000 --> 00:16:12,720 ransomware as well so cyber attacks 492 00:16:09,519 --> 00:16:14,240 right are becoming more widespread and 493 00:16:12,720 --> 00:16:15,920 complex isn't it 494 00:16:14,240 --> 00:16:18,079 becoming very very complex and they are 495 00:16:15,920 --> 00:16:20,720 getting advanced with the time right 496 00:16:18,079 --> 00:16:22,480 so fighting these attacks are becoming 497 00:16:20,720 --> 00:16:25,040 much more difficult 498 00:16:22,480 --> 00:16:26,639 right time is going on or the hackers or 499 00:16:25,040 --> 00:16:27,600 the malicious actors are also upgrading 500 00:16:26,639 --> 00:16:29,360 themselves 501 00:16:27,600 --> 00:16:30,880 they are making their strategies more 502 00:16:29,360 --> 00:16:33,199 and more complex right 503 00:16:30,880 --> 00:16:34,079 so fighting them going against them as a 504 00:16:33,199 --> 00:16:36,160 security person 505 00:16:34,079 --> 00:16:37,920 is also becoming difficult this is 506 00:16:36,160 --> 00:16:41,040 compounded by the lack of 507 00:16:37,920 --> 00:16:42,639 unified strategy among organization so 508 00:16:41,040 --> 00:16:46,079 that's why your nest 509 00:16:42,639 --> 00:16:49,199 it provides a uniform set of rules 510 00:16:46,079 --> 00:16:51,519 guidelines and standards which makes it 511 00:16:49,199 --> 00:16:52,320 easier to share information between two 512 00:16:51,519 --> 00:16:54,959 companies 513 00:16:52,320 --> 00:16:55,360 and easier to get everybody on the same 514 00:16:54,959 --> 00:16:58,560 page 515 00:16:55,360 --> 00:17:00,639 on the same note right so 516 00:16:58,560 --> 00:17:01,600 as i mentioned uh it is classified into 517 00:17:00,639 --> 00:17:06,319 five functions 518 00:17:01,600 --> 00:17:06,319 right so they are your first is 519 00:17:06,559 --> 00:17:12,640 is identify all right 520 00:17:11,360 --> 00:17:16,079 so what do you understand the term 521 00:17:12,640 --> 00:17:18,799 identify guys so what you do you develop 522 00:17:16,079 --> 00:17:19,520 security policies and capabilities over 523 00:17:18,799 --> 00:17:22,000 here guys 524 00:17:19,520 --> 00:17:23,199 you evaluate the risk threads and 525 00:17:22,000 --> 00:17:26,160 vulnerabilities 526 00:17:23,199 --> 00:17:28,400 and recommend your security controls to 527 00:17:26,160 --> 00:17:30,720 mitigate them or to resolve them 528 00:17:28,400 --> 00:17:32,080 right that's your identity part over 529 00:17:30,720 --> 00:17:34,080 here right the function 530 00:17:32,080 --> 00:17:36,480 of your identity then is there your 531 00:17:34,080 --> 00:17:36,480 protect 532 00:17:36,720 --> 00:17:40,000 right so protect what it does it 533 00:17:39,200 --> 00:17:43,120 determine 534 00:17:40,000 --> 00:17:46,160 how your current cyber security policies 535 00:17:43,120 --> 00:17:47,440 protect your organization right and 536 00:17:46,160 --> 00:17:50,720 where they 537 00:17:47,440 --> 00:17:51,200 fell or fall short right where they are 538 00:17:50,720 --> 00:17:54,240 like 539 00:17:51,200 --> 00:17:54,559 having those uh loopholes or the you can 540 00:17:54,240 --> 00:17:56,320 say 541 00:17:54,559 --> 00:17:58,160 the shortage right so this function 542 00:17:56,320 --> 00:18:00,320 supports the ability to 543 00:17:58,160 --> 00:18:02,320 limit and contain any impact resulting 544 00:18:00,320 --> 00:18:05,440 from your cyber security right 545 00:18:02,320 --> 00:18:06,640 so you can categorize uh like which fall 546 00:18:05,440 --> 00:18:09,440 under protection like 547 00:18:06,640 --> 00:18:10,640 like in your access control data 548 00:18:09,440 --> 00:18:12,799 security 549 00:18:10,640 --> 00:18:14,080 information protection and procedure in 550 00:18:12,799 --> 00:18:17,120 your maintenance so 551 00:18:14,080 --> 00:18:18,640 you can like categorize them into 552 00:18:17,120 --> 00:18:21,120 these shortings right in your 553 00:18:18,640 --> 00:18:23,600 organization so that falls under your 554 00:18:21,120 --> 00:18:25,840 protect then you have your detect as 555 00:18:23,600 --> 00:18:25,840 well 556 00:18:26,880 --> 00:18:31,280 all right so what do you understand by 557 00:18:29,120 --> 00:18:32,960 detecting what might be in this function 558 00:18:31,280 --> 00:18:34,880 so what you will be doing you will be 559 00:18:32,960 --> 00:18:37,280 performing ongoing 560 00:18:34,880 --> 00:18:38,080 you can say proactive monitoring to 561 00:18:37,280 --> 00:18:42,000 ensure that 562 00:18:38,080 --> 00:18:45,200 controls are effective and capable of 563 00:18:42,000 --> 00:18:48,720 protecting against new types of threats 564 00:18:45,200 --> 00:18:51,760 absolutely money right then we have guys 565 00:18:48,720 --> 00:18:51,760 respond as well 566 00:18:53,760 --> 00:19:00,240 all right so what you doing respond uh 567 00:18:56,960 --> 00:19:04,080 in this category you identify you 568 00:19:00,240 --> 00:19:07,760 analyze you contain and eradicate 569 00:19:04,080 --> 00:19:11,200 threads to systems and data 570 00:19:07,760 --> 00:19:12,880 security all right you identify you 571 00:19:11,200 --> 00:19:14,000 analyze the contain and eradicate 572 00:19:12,880 --> 00:19:17,760 threats to systems 573 00:19:14,000 --> 00:19:22,240 and data security all right 574 00:19:17,760 --> 00:19:22,240 perfect then you have recover 575 00:19:23,600 --> 00:19:26,960 what do you understand about the term 576 00:19:24,640 --> 00:19:28,320 recover guys yeah you recover from the 577 00:19:26,960 --> 00:19:30,080 incident you have plans 578 00:19:28,320 --> 00:19:31,360 right you moreover you implement cyber 579 00:19:30,080 --> 00:19:34,000 security resilience 580 00:19:31,360 --> 00:19:36,320 to restore your systems and data if 581 00:19:34,000 --> 00:19:38,320 other controls are unable to 582 00:19:36,320 --> 00:19:40,480 prevent your attacks perfect you can 583 00:19:38,320 --> 00:19:44,080 call them a backup strategy as well 584 00:19:40,480 --> 00:19:44,799 all right perfect so when we talk about 585 00:19:44,080 --> 00:19:46,480 security 586 00:19:44,799 --> 00:19:48,080 control category side so your 587 00:19:46,480 --> 00:19:49,760 implementation implementation of cyber 588 00:19:48,080 --> 00:19:52,480 security function is often 589 00:19:49,760 --> 00:19:54,400 the responsibility of the iit department 590 00:19:52,480 --> 00:19:57,360 isn't it so we have like few 591 00:19:54,400 --> 00:19:59,120 security controls so security control is 592 00:19:57,360 --> 00:20:01,520 to provide the system 593 00:19:59,120 --> 00:20:03,039 or the data asset the property is like 594 00:20:01,520 --> 00:20:04,880 your confidentiality 595 00:20:03,039 --> 00:20:06,400 integrity availability and your 596 00:20:04,880 --> 00:20:08,559 non-reputation isn't it 597 00:20:06,400 --> 00:20:09,760 that's the main agent of our to provide 598 00:20:08,559 --> 00:20:11,360 all these 599 00:20:09,760 --> 00:20:13,840 properties to the system of the data 600 00:20:11,360 --> 00:20:15,919 asset correct so control these controls 601 00:20:13,840 --> 00:20:16,320 guys they uh can be divided into three 602 00:20:15,919 --> 00:20:19,200 pro 603 00:20:16,320 --> 00:20:21,039 categories right so these are like 604 00:20:19,200 --> 00:20:23,600 representing how the 605 00:20:21,039 --> 00:20:25,120 control is implemented right so if you 606 00:20:23,600 --> 00:20:27,919 talk about technical 607 00:20:25,120 --> 00:20:30,240 right in the technical it is the control 608 00:20:27,919 --> 00:20:32,159 the control is implemented as a 609 00:20:30,240 --> 00:20:34,000 system like you can say hardware or 610 00:20:32,159 --> 00:20:36,640 software like for example 611 00:20:34,000 --> 00:20:37,679 in your or like firewalls antivirus 612 00:20:36,640 --> 00:20:39,679 software eyes 613 00:20:37,679 --> 00:20:41,440 and your operating system access control 614 00:20:39,679 --> 00:20:45,280 modules and are your 615 00:20:41,440 --> 00:20:47,919 technical controls okay yeah exactly 616 00:20:45,280 --> 00:20:49,039 so technical controls may be or like may 617 00:20:47,919 --> 00:20:51,679 also be described as 618 00:20:49,039 --> 00:20:53,039 logical controls over right then we have 619 00:20:51,679 --> 00:20:55,679 operational 620 00:20:53,039 --> 00:20:57,120 so the control is implemented primarily 621 00:20:55,679 --> 00:20:59,200 by people rather than 622 00:20:57,120 --> 00:21:00,720 systems over here for example you can 623 00:20:59,200 --> 00:21:02,720 say the security guard 624 00:21:00,720 --> 00:21:04,559 right and the training programs are 625 00:21:02,720 --> 00:21:07,360 operation controls rather than 626 00:21:04,559 --> 00:21:08,480 technical controls correct then you have 627 00:21:07,360 --> 00:21:10,960 managerial 628 00:21:08,480 --> 00:21:12,720 so the control gives you oversight of 629 00:21:10,960 --> 00:21:14,559 the information system right 630 00:21:12,720 --> 00:21:16,640 example could be like including risk 631 00:21:14,559 --> 00:21:18,880 identity identification 632 00:21:16,640 --> 00:21:21,039 or a tool that is allowing the 633 00:21:18,880 --> 00:21:25,520 evaluation and selection of other 634 00:21:21,039 --> 00:21:28,000 security controls absolutely perfect 635 00:21:25,520 --> 00:21:30,159 so security controls guys can also be 636 00:21:28,000 --> 00:21:32,640 classified like in types of 637 00:21:30,159 --> 00:21:34,240 types according to the goal or function 638 00:21:32,640 --> 00:21:38,880 they perform actually 639 00:21:34,240 --> 00:21:38,880 okay so it can be your preventive 640 00:21:39,200 --> 00:21:45,120 it can be a preventive exactly right 641 00:21:44,320 --> 00:21:47,679 what do you understand about the 642 00:21:45,120 --> 00:21:49,360 preventive so this control acts to 643 00:21:47,679 --> 00:21:52,400 eliminate or reduce the 644 00:21:49,360 --> 00:21:55,919 likelihood that an attack can succeed 645 00:21:52,400 --> 00:21:57,919 isn't it so a preventive 646 00:21:55,919 --> 00:21:59,280 or you can say the preventative control 647 00:21:57,919 --> 00:22:01,760 operates before an 648 00:21:59,280 --> 00:22:03,679 attack can take place right you can like 649 00:22:01,760 --> 00:22:05,679 like your access control list right 650 00:22:03,679 --> 00:22:07,600 configured on your firewalls isn't it 651 00:22:05,679 --> 00:22:09,840 and i like your file systems objects of 652 00:22:07,600 --> 00:22:11,919 your preventative type controls 653 00:22:09,840 --> 00:22:13,280 right and there is a detective or sorry 654 00:22:11,919 --> 00:22:16,480 detective as you mentioned what do you 655 00:22:13,280 --> 00:22:16,480 understand about the term detective 656 00:22:18,480 --> 00:22:24,880 so this control may not prevent access 657 00:22:21,600 --> 00:22:28,240 okay but it will identify and record 658 00:22:24,880 --> 00:22:31,520 any attempted or successful intrusion 659 00:22:28,240 --> 00:22:34,720 right so a detective control operates 660 00:22:31,520 --> 00:22:37,200 during the progress of an attack okay 661 00:22:34,720 --> 00:22:38,799 so pretty much good example for that 662 00:22:37,200 --> 00:22:41,520 would be on logs isn't it 663 00:22:38,799 --> 00:22:42,240 logs provide one of the best example for 664 00:22:41,520 --> 00:22:45,360 your 665 00:22:42,240 --> 00:22:49,280 detective type controls right 666 00:22:45,360 --> 00:22:49,280 then guys we have one more which is your 667 00:22:49,760 --> 00:22:53,440 corrective so what do you understand 668 00:22:51,840 --> 00:22:56,559 with the term corrective 669 00:22:53,440 --> 00:22:58,080 so this control acts to eliminate or 670 00:22:56,559 --> 00:23:00,480 reduce the impact 671 00:22:58,080 --> 00:23:02,640 of an inclusion event so a corrective 672 00:23:00,480 --> 00:23:05,280 control is used 673 00:23:02,640 --> 00:23:05,840 after an attack right a good example is 674 00:23:05,280 --> 00:23:07,600 a 675 00:23:05,840 --> 00:23:10,240 backup system isn't it that can restore 676 00:23:07,600 --> 00:23:12,640 data that was damaged during an 677 00:23:10,240 --> 00:23:13,600 intrusion right and there are like few 678 00:23:12,640 --> 00:23:15,280 other types 679 00:23:13,600 --> 00:23:16,720 also guys like that can be used to 680 00:23:15,280 --> 00:23:18,799 define other cases over here 681 00:23:16,720 --> 00:23:20,159 regarding the security control one is 682 00:23:18,799 --> 00:23:24,159 your pretty much 683 00:23:20,159 --> 00:23:24,159 physically right the physical one 684 00:23:26,880 --> 00:23:31,120 in physical what you can put over here 685 00:23:29,600 --> 00:23:34,640 like controls regarding your 686 00:23:31,120 --> 00:23:35,520 like physical inclusion but ccd camera 687 00:23:34,640 --> 00:23:38,559 perfect 688 00:23:35,520 --> 00:23:39,679 anything else guys barrier doors all 689 00:23:38,559 --> 00:23:42,799 right 690 00:23:39,679 --> 00:23:45,919 fences perfect locks 691 00:23:42,799 --> 00:23:48,720 great security guard awesome 692 00:23:45,919 --> 00:23:50,720 perfect swipe card all right okay so 693 00:23:48,720 --> 00:23:52,000 controls as you already have mentioned a 694 00:23:50,720 --> 00:23:52,559 lot of examples right there are the 695 00:23:52,000 --> 00:23:55,120 pretty 696 00:23:52,559 --> 00:23:57,440 good ones so a control such as your 697 00:23:55,120 --> 00:24:00,559 alarms your gateways 698 00:23:57,440 --> 00:24:01,760 locks lighting right your security 699 00:24:00,559 --> 00:24:04,720 cameras 700 00:24:01,760 --> 00:24:05,760 and your guards right that deter and 701 00:24:04,720 --> 00:24:09,279 detect 702 00:24:05,760 --> 00:24:11,600 accesses to premises right and hardware 703 00:24:09,279 --> 00:24:12,640 so that's a physical security control 704 00:24:11,600 --> 00:24:14,240 then you have 705 00:24:12,640 --> 00:24:16,400 i believe one of you have mentioned the 706 00:24:14,240 --> 00:24:21,360 deterrent before 707 00:24:16,400 --> 00:24:21,360 right so what is in your data right guys 708 00:24:23,200 --> 00:24:28,080 perfect so in detroit to discourage 709 00:24:26,720 --> 00:24:31,600 people from doing things 710 00:24:28,080 --> 00:24:33,200 all right okay like cctv camera 711 00:24:31,600 --> 00:24:34,720 system camera as we mentioned so it 712 00:24:33,200 --> 00:24:36,960 would be like in your physical one right 713 00:24:34,720 --> 00:24:38,960 like the control like you can say may 714 00:24:36,960 --> 00:24:39,919 not physically or logically prevent the 715 00:24:38,960 --> 00:24:42,960 access but 716 00:24:39,919 --> 00:24:43,919 it controls psychologically isn't it it 717 00:24:42,960 --> 00:24:46,240 discourages 718 00:24:43,919 --> 00:24:47,039 an attacker from attempting any 719 00:24:46,240 --> 00:24:49,039 intrusion 720 00:24:47,039 --> 00:24:50,880 right as you mentioned perfect the sign 721 00:24:49,039 --> 00:24:53,360 boos it includes sign boards and 722 00:24:50,880 --> 00:24:55,279 warnings of legal penalties correct 723 00:24:53,360 --> 00:24:57,360 uh if you're like trust uh trust uh 724 00:24:55,279 --> 00:24:58,960 trespassing any or trying to 725 00:24:57,360 --> 00:25:01,120 make an intrusion into an organization 726 00:24:58,960 --> 00:25:03,200 or in the premises they're like science 727 00:25:01,120 --> 00:25:05,039 uh or like science uh like taking a very 728 00:25:03,200 --> 00:25:07,440 basic example is as you mentioned 729 00:25:05,039 --> 00:25:08,480 be aware of dogs right so it 730 00:25:07,440 --> 00:25:11,440 psychologically 731 00:25:08,480 --> 00:25:12,000 uh discourages that particular threat 732 00:25:11,440 --> 00:25:14,720 actor 733 00:25:12,000 --> 00:25:15,919 protector as in the hacker or any any 734 00:25:14,720 --> 00:25:17,279 malicious person 735 00:25:15,919 --> 00:25:19,440 going on over there right who is trying 736 00:25:17,279 --> 00:25:21,520 to do any sort of a 737 00:25:19,440 --> 00:25:22,960 activity which can harm us right so we 738 00:25:21,520 --> 00:25:25,760 put out these 739 00:25:22,960 --> 00:25:26,080 signs which can like play around with 740 00:25:25,760 --> 00:25:28,240 them 741 00:25:26,080 --> 00:25:29,919 mentally right so these are not 742 00:25:28,240 --> 00:25:31,520 physically or logically they are like 743 00:25:29,919 --> 00:25:33,440 more of your 744 00:25:31,520 --> 00:25:35,840 psychological right so it 745 00:25:33,440 --> 00:25:36,640 psychologically discourages an attacker 746 00:25:35,840 --> 00:25:40,159 from 747 00:25:36,640 --> 00:25:44,720 attempting an intrusion correct 748 00:25:40,159 --> 00:25:44,720 then we have compensating 749 00:25:45,679 --> 00:25:48,880 so what do you understand by the term 750 00:25:46,880 --> 00:25:51,840 compensating eyes so 751 00:25:48,880 --> 00:25:52,240 the control this control right it serve 752 00:25:51,840 --> 00:25:55,679 as a 753 00:25:52,240 --> 00:25:57,039 substitute for a like main control or 754 00:25:55,679 --> 00:26:00,159 the principal control right 755 00:25:57,039 --> 00:26:02,000 and efforts like the same or better even 756 00:26:00,159 --> 00:26:04,559 the better level of protection 757 00:26:02,000 --> 00:26:05,840 but it uses a different methodology or 758 00:26:04,559 --> 00:26:08,320 technology you can see 759 00:26:05,840 --> 00:26:10,240 isn't it so a single employee has the 760 00:26:08,320 --> 00:26:12,240 duties of accepting cash payments 761 00:26:10,240 --> 00:26:14,000 let's say right for example a single 762 00:26:12,240 --> 00:26:15,120 employee has the duties of accepting 763 00:26:14,000 --> 00:26:17,200 cash payments 764 00:26:15,120 --> 00:26:19,600 recording the deposit and like 765 00:26:17,200 --> 00:26:20,320 reconciling the monthly financial report 766 00:26:19,600 --> 00:26:21,840 or like 767 00:26:20,320 --> 00:26:24,880 making the settlement of all those 768 00:26:21,840 --> 00:26:27,360 reports so to prevent 769 00:26:24,880 --> 00:26:28,320 arrows and or like all those sort of 770 00:26:27,360 --> 00:26:31,360 frauds 771 00:26:28,320 --> 00:26:34,720 additional oversight is required right 772 00:26:31,360 --> 00:26:37,919 this means we need a compensating 773 00:26:34,720 --> 00:26:38,640 control such as the leader we can put up 774 00:26:37,919 --> 00:26:41,520 over there 775 00:26:38,640 --> 00:26:42,799 right up like who can perform a review 776 00:26:41,520 --> 00:26:44,400 of those settlements or 777 00:26:42,799 --> 00:26:46,000 another unit who is performing the 778 00:26:44,400 --> 00:26:46,880 settlement instead of like of that 779 00:26:46,000 --> 00:26:48,799 single employer 780 00:26:46,880 --> 00:26:50,240 correct so we can put up an alternate or 781 00:26:48,799 --> 00:26:53,039 you can say the substitute which 782 00:26:50,240 --> 00:26:53,919 might be giving the same or the better 783 00:26:53,039 --> 00:26:56,640 level of a 784 00:26:53,919 --> 00:26:57,760 protections right and might be using 785 00:26:56,640 --> 00:26:59,760 different methodology or 786 00:26:57,760 --> 00:27:01,120 methodology or technology or those 787 00:26:59,760 --> 00:27:02,400 technique but 788 00:27:01,120 --> 00:27:04,240 it will be just like a compensating 789 00:27:02,400 --> 00:27:05,120 which can give you the better control 790 00:27:04,240 --> 00:27:06,880 out there 791 00:27:05,120 --> 00:27:08,320 right so since we are talking about 792 00:27:06,880 --> 00:27:10,480 these things guys 793 00:27:08,320 --> 00:27:11,360 right so security control and uh 794 00:27:10,480 --> 00:27:13,360 everything 795 00:27:11,360 --> 00:27:14,480 so they are always we are dealing with 796 00:27:13,360 --> 00:27:17,760 vulnerabilities 797 00:27:14,480 --> 00:27:17,760 threat and risk isn't it 798 00:27:17,919 --> 00:27:21,200 so we are always dealing with the 799 00:27:19,520 --> 00:27:24,720 vulnerability threat 800 00:27:21,200 --> 00:27:26,480 and risk correct so talking about them 801 00:27:24,720 --> 00:27:29,120 one by one guys what do you understand 802 00:27:26,480 --> 00:27:32,399 by the term vulnerability 803 00:27:29,120 --> 00:27:35,039 perfect like a flaw isn't it if you talk 804 00:27:32,399 --> 00:27:38,240 about the vulnerability it can be a 805 00:27:35,039 --> 00:27:41,200 flaw am i right right all right 806 00:27:38,240 --> 00:27:42,960 so any flaw or any sort of a weaknesses 807 00:27:41,200 --> 00:27:44,399 we know or we call them as a 808 00:27:42,960 --> 00:27:46,320 vulnerability right any sort of a 809 00:27:44,399 --> 00:27:48,960 weakness or flow in your network 810 00:27:46,320 --> 00:27:50,480 right uh that could be like triggered 811 00:27:48,960 --> 00:27:53,600 accidentally or which can be 812 00:27:50,480 --> 00:27:55,919 exploited right by or any 813 00:27:53,600 --> 00:27:56,880 attacker like it can be intentionally to 814 00:27:55,919 --> 00:27:58,880 cause a 815 00:27:56,880 --> 00:28:00,159 security breach right that's your 816 00:27:58,880 --> 00:28:03,679 vulnerability for you 817 00:28:00,159 --> 00:28:05,760 isn't it correct so those are 818 00:28:03,679 --> 00:28:07,360 vulnerabilities what do you understand 819 00:28:05,760 --> 00:28:10,640 by the term guys uh 820 00:28:07,360 --> 00:28:13,919 next one is risk 821 00:28:10,640 --> 00:28:14,960 so basically in general way we can put 822 00:28:13,919 --> 00:28:17,919 out your risk 823 00:28:14,960 --> 00:28:18,240 as like the possibility of occurring of 824 00:28:17,919 --> 00:28:21,120 an 825 00:28:18,240 --> 00:28:21,840 incident it may happen or it may not 826 00:28:21,120 --> 00:28:23,760 isn't it 827 00:28:21,840 --> 00:28:25,679 but let's say if i'm holding a glass of 828 00:28:23,760 --> 00:28:29,279 water over my laptop guys 829 00:28:25,679 --> 00:28:30,960 right it may spill it may not isn't it 830 00:28:29,279 --> 00:28:32,720 correct so going with the terminology 831 00:28:30,960 --> 00:28:34,640 like if like proper definition it's like 832 00:28:32,720 --> 00:28:36,320 the likelihood and impact 833 00:28:34,640 --> 00:28:38,159 or you can say the consequence of a 834 00:28:36,320 --> 00:28:41,440 threat actor 835 00:28:38,159 --> 00:28:43,120 exploiting a vulnerability right 836 00:28:41,440 --> 00:28:45,200 so to assess risk you identify a 837 00:28:43,120 --> 00:28:47,039 vulnerability and then evaluate the 838 00:28:45,200 --> 00:28:48,399 likelihood of it right of it being 839 00:28:47,039 --> 00:28:50,799 exploited by a threat 840 00:28:48,399 --> 00:28:51,840 and the impact that is successful 841 00:28:50,799 --> 00:28:54,159 exploit 842 00:28:51,840 --> 00:28:55,760 you could have over there isn't it so 843 00:28:54,159 --> 00:28:58,000 moreover when we talk about 844 00:28:55,760 --> 00:28:59,279 a risk guys this this can be positive or 845 00:28:58,000 --> 00:29:02,000 negative isn't it 846 00:28:59,279 --> 00:29:04,320 if i take an example bug bounties by 847 00:29:02,000 --> 00:29:07,200 companies role how can it be like a 848 00:29:04,320 --> 00:29:08,399 risk like how can be outcome of positive 849 00:29:07,200 --> 00:29:10,720 or negative 850 00:29:08,399 --> 00:29:12,480 okay we'll discuss later on but moreover 851 00:29:10,720 --> 00:29:12,960 just let me take you the example which i 852 00:29:12,480 --> 00:29:15,039 have 853 00:29:12,960 --> 00:29:16,159 it can be like you put up something in 854 00:29:15,039 --> 00:29:17,840 the share market right 855 00:29:16,159 --> 00:29:19,520 if the share goes up you you are doing 856 00:29:17,840 --> 00:29:20,159 in the rest basis right the share goes 857 00:29:19,520 --> 00:29:22,240 up 858 00:29:20,159 --> 00:29:24,399 correct all right you have a positive 859 00:29:22,240 --> 00:29:26,159 outcome if it goes down you have a 860 00:29:24,399 --> 00:29:28,320 negative outcome of that isn't it so 861 00:29:26,159 --> 00:29:31,919 that's a risk we are playing over there 862 00:29:28,320 --> 00:29:33,600 right perfect so then we have 863 00:29:31,919 --> 00:29:36,320 which brings us to our next one which is 864 00:29:33,600 --> 00:29:37,520 your thread 865 00:29:36,320 --> 00:29:40,880 so what do you understand with the term 866 00:29:37,520 --> 00:29:44,480 thread guys so threat is something 867 00:29:40,880 --> 00:29:45,120 that can harm your asset in a manner 868 00:29:44,480 --> 00:29:48,880 right 869 00:29:45,120 --> 00:29:52,399 so these threat is the potential 870 00:29:48,880 --> 00:29:55,039 for someone or something to exploit a 871 00:29:52,399 --> 00:29:55,840 vulnerability isn't it a threat maybe 872 00:29:55,039 --> 00:29:58,480 you're 873 00:29:55,840 --> 00:29:59,600 intentional or unintentional right the 874 00:29:58,480 --> 00:30:02,720 person 875 00:29:59,600 --> 00:30:03,679 or the thing that poses the threat it is 876 00:30:02,720 --> 00:30:06,640 called your 877 00:30:03,679 --> 00:30:07,200 threat actor or you can say a threat 878 00:30:06,640 --> 00:30:10,240 agent 879 00:30:07,200 --> 00:30:13,360 right okay the person 880 00:30:10,240 --> 00:30:16,240 or thing that poses the threat 881 00:30:13,360 --> 00:30:16,240 is called as your 882 00:30:17,440 --> 00:30:23,840 threat actor 883 00:30:20,559 --> 00:30:25,520 or your threat agent people call it with 884 00:30:23,840 --> 00:30:26,320 various name like a malicious actor you 885 00:30:25,520 --> 00:30:30,000 can say 886 00:30:26,320 --> 00:30:33,039 right and all those things correct 887 00:30:30,000 --> 00:30:33,840 so i and the path right a path or the 888 00:30:33,039 --> 00:30:37,279 tool 889 00:30:33,840 --> 00:30:40,880 used by your malicious threat actor 890 00:30:37,279 --> 00:30:40,880 can be referred as your 891 00:30:42,960 --> 00:30:45,360 attack 892 00:30:46,159 --> 00:30:52,640 vector right that's a thread for you 893 00:30:50,480 --> 00:30:54,399 so since we are talking about threat and 894 00:30:52,640 --> 00:30:57,600 threat actors right 895 00:30:54,399 --> 00:30:59,519 which brings us to our next thing our 896 00:30:57,600 --> 00:31:02,640 next slide which is your 897 00:30:59,519 --> 00:31:04,159 threat actors right isn't it 898 00:31:02,640 --> 00:31:06,240 so if you talk about trajectories you 899 00:31:04,159 --> 00:31:09,519 can say uh you can see pretty much of a 900 00:31:06,240 --> 00:31:11,120 good list out here right so your nation 901 00:31:09,519 --> 00:31:13,679 states cyber criminals 902 00:31:11,120 --> 00:31:14,480 activists terrorist groups thrill 903 00:31:13,679 --> 00:31:16,960 seekers 904 00:31:14,480 --> 00:31:19,120 incited threats isn't it so national 905 00:31:16,960 --> 00:31:19,600 states are like a jeopard political one 906 00:31:19,120 --> 00:31:21,039 the 907 00:31:19,600 --> 00:31:23,039 government provided one right you can 908 00:31:21,039 --> 00:31:26,000 say them as a state 909 00:31:23,039 --> 00:31:27,120 based also isn't it like state sponsored 910 00:31:26,000 --> 00:31:28,880 you can say that 911 00:31:27,120 --> 00:31:30,480 right cyber criminal uh criminals they 912 00:31:28,880 --> 00:31:32,960 have a motivation of a profit 913 00:31:30,480 --> 00:31:33,760 right they go for the profit scenarios 914 00:31:32,960 --> 00:31:36,399 and they 915 00:31:33,760 --> 00:31:37,360 do this cyber attacks over there right 916 00:31:36,399 --> 00:31:39,360 then we have this 917 00:31:37,360 --> 00:31:41,440 hacktivist what do you understand by the 918 00:31:39,360 --> 00:31:44,840 hacktivist guys 919 00:31:41,440 --> 00:31:46,080 as it says motivation is ideological 920 00:31:44,840 --> 00:31:48,080 right 921 00:31:46,080 --> 00:31:49,200 so we can say them like they are like 922 00:31:48,080 --> 00:31:52,320 anonymous 923 00:31:49,200 --> 00:31:54,000 like other common you can say set up by 924 00:31:52,320 --> 00:31:56,720 example for that the activist 925 00:31:54,000 --> 00:31:58,159 right it's a group of attackers or these 926 00:31:56,720 --> 00:32:00,399 activists you can say 927 00:31:58,159 --> 00:32:02,240 so they they hack you can say they have 928 00:32:00,399 --> 00:32:04,480 for an agenda right you can divide this 929 00:32:02,240 --> 00:32:06,000 or terminology into two words like hack 930 00:32:04,480 --> 00:32:09,200 plus activist 931 00:32:06,000 --> 00:32:10,240 correct so they hack for an agenda it 932 00:32:09,200 --> 00:32:12,399 can be like 933 00:32:10,240 --> 00:32:14,080 any any for any purpose right it can be 934 00:32:12,399 --> 00:32:17,840 ideological in terms of like 935 00:32:14,080 --> 00:32:19,519 uh to support the humans out there like 936 00:32:17,840 --> 00:32:20,880 turning like against the government and 937 00:32:19,519 --> 00:32:22,799 all those things so they have this 938 00:32:20,880 --> 00:32:24,480 agenda political gender you can say 939 00:32:22,799 --> 00:32:25,840 and they perform those attacks regarding 940 00:32:24,480 --> 00:32:27,840 that only so if you take an 941 00:32:25,840 --> 00:32:29,200 example of an anonymous group you guys 942 00:32:27,840 --> 00:32:32,320 might have remember this 943 00:32:29,200 --> 00:32:33,679 paris attack was there right so they 944 00:32:32,320 --> 00:32:36,559 help in finding a few 945 00:32:33,679 --> 00:32:37,600 much of details regarding the other isis 946 00:32:36,559 --> 00:32:40,240 party you can say right 947 00:32:37,600 --> 00:32:42,000 and this also happened a big one this 948 00:32:40,240 --> 00:32:44,640 black lives matter 949 00:32:42,000 --> 00:32:45,440 right so anonymous group were also there 950 00:32:44,640 --> 00:32:47,760 as a part of it 951 00:32:45,440 --> 00:32:49,760 right there what they did they got into 952 00:32:47,760 --> 00:32:52,000 the whole organization system that they 953 00:32:49,760 --> 00:32:54,000 uh leaked out few much useful 954 00:32:52,000 --> 00:32:55,039 information which they were hiding from 955 00:32:54,000 --> 00:32:58,000 the people 956 00:32:55,039 --> 00:32:59,519 right and they they like leaked all 957 00:32:58,000 --> 00:33:01,840 those footages which can be like 958 00:32:59,519 --> 00:33:02,960 seen by people out there and they can 959 00:33:01,840 --> 00:33:03,760 like see what the government are 960 00:33:02,960 --> 00:33:05,200 planning against 961 00:33:03,760 --> 00:33:06,320 right and all this sort of weight so 962 00:33:05,200 --> 00:33:07,519 anonymous you can take a very good 963 00:33:06,320 --> 00:33:10,799 example over there 964 00:33:07,519 --> 00:33:13,200 right so terrorist groups you can say uh 965 00:33:10,799 --> 00:33:14,320 always there are cyber uh this threat 966 00:33:13,200 --> 00:33:16,799 which is doing what 967 00:33:14,320 --> 00:33:18,880 it is like having a motivation of uh 968 00:33:16,799 --> 00:33:21,760 violence over there isn't it 969 00:33:18,880 --> 00:33:23,360 so they always deal with the loss of 970 00:33:21,760 --> 00:33:25,840 human life or say 971 00:33:23,360 --> 00:33:27,200 right so if i take an example for that 972 00:33:25,840 --> 00:33:29,760 if you guys have known about the 973 00:33:27,200 --> 00:33:30,640 stuxx net right so a malware was 974 00:33:29,760 --> 00:33:33,200 implemented 975 00:33:30,640 --> 00:33:34,720 almost compromised a nuclear power plant 976 00:33:33,200 --> 00:33:38,000 in iran 977 00:33:34,720 --> 00:33:40,799 so you can put up in the category of 978 00:33:38,000 --> 00:33:42,880 cipher terrorists right so insider 979 00:33:40,799 --> 00:33:45,039 threats any these things real secrets 980 00:33:42,880 --> 00:33:46,640 these sequels they always do for the 981 00:33:45,039 --> 00:33:48,559 exactly shaman attack perfect 982 00:33:46,640 --> 00:33:50,559 so thrill seekers they are always going 983 00:33:48,559 --> 00:33:53,679 for the satisfaction inside the threads 984 00:33:50,559 --> 00:33:56,799 we'll be talking about it later on so 985 00:33:53,679 --> 00:33:59,200 continuing this thing right we have some 986 00:33:56,799 --> 00:34:00,320 other types of it as well so we can look 987 00:33:59,200 --> 00:34:02,880 over here 988 00:34:00,320 --> 00:34:04,240 hackers script kitties and hack device 989 00:34:02,880 --> 00:34:05,039 activities we have already discussed 990 00:34:04,240 --> 00:34:08,159 right 991 00:34:05,039 --> 00:34:10,320 so if you talk about these hackers right 992 00:34:08,159 --> 00:34:12,079 so we have these three type of hackers 993 00:34:10,320 --> 00:34:13,599 right and if you talk about a hacker you 994 00:34:12,079 --> 00:34:14,879 know hacker is someone who has a sound 995 00:34:13,599 --> 00:34:16,079 knowledge of computer and system 996 00:34:14,879 --> 00:34:18,000 administration 997 00:34:16,079 --> 00:34:19,839 right so he has a good knowledge 998 00:34:18,000 --> 00:34:21,119 regarding the hardwares as well as the 999 00:34:19,839 --> 00:34:24,159 networking part 1000 00:34:21,119 --> 00:34:25,280 right and like he's sufficient 1001 00:34:24,159 --> 00:34:27,440 having sufficient amount of knowledge 1002 00:34:25,280 --> 00:34:30,879 regarding all those tools so requires to 1003 00:34:27,440 --> 00:34:33,919 do those attacks right perfect bro d3 1004 00:34:30,879 --> 00:34:36,879 categories in hackers blackhead 1005 00:34:33,919 --> 00:34:37,839 greyhead and whitehead so what do you 1006 00:34:36,879 --> 00:34:40,560 understand by the term 1007 00:34:37,839 --> 00:34:42,000 blackhead hackers guys so we can 1008 00:34:40,560 --> 00:34:45,280 collectively say 1009 00:34:42,000 --> 00:34:48,560 a guy is having malicious intent and 1010 00:34:45,280 --> 00:34:50,960 those who hack for personal benefits 1011 00:34:48,560 --> 00:34:53,760 right guys having malicious intent and 1012 00:34:50,960 --> 00:34:56,000 those who hack for the person's benefits 1013 00:34:53,760 --> 00:34:57,920 we can like put them into the category 1014 00:34:56,000 --> 00:35:00,320 of black hat hacker 1015 00:34:57,920 --> 00:35:01,760 isn't it so guys these black hat gray 1016 00:35:00,320 --> 00:35:02,000 hat white head i as we have mentioned 1017 00:35:01,760 --> 00:35:03,760 right 1018 00:35:02,000 --> 00:35:05,200 they have a pretty much good sound 1019 00:35:03,760 --> 00:35:07,119 knowledge regarding the 1020 00:35:05,200 --> 00:35:08,400 whole computer and system right and the 1021 00:35:07,119 --> 00:35:11,119 whole network 1022 00:35:08,400 --> 00:35:13,040 so this gray hat as well what do you 1023 00:35:11,119 --> 00:35:15,119 understand by the gray hat guys 1024 00:35:13,040 --> 00:35:16,720 so you can see the moment they see an 1025 00:35:15,119 --> 00:35:18,000 opportunity right they shift towards it 1026 00:35:16,720 --> 00:35:19,760 you can see in that way 1027 00:35:18,000 --> 00:35:21,119 uh basically let's take an example 1028 00:35:19,760 --> 00:35:22,640 regarding greyhead hacker let's say 1029 00:35:21,119 --> 00:35:24,640 there is a hacker 1030 00:35:22,640 --> 00:35:26,320 was just going through a let's say an 1031 00:35:24,640 --> 00:35:28,400 organization their server 1032 00:35:26,320 --> 00:35:30,160 right and and he was able to find a 1033 00:35:28,400 --> 00:35:30,480 vulnerability or you can see a bug in 1034 00:35:30,160 --> 00:35:33,599 that 1035 00:35:30,480 --> 00:35:35,599 okay so what he did he went to that uh 1036 00:35:33,599 --> 00:35:38,640 organization or to the person 1037 00:35:35,599 --> 00:35:40,160 who is like taking uh who's in charge of 1038 00:35:38,640 --> 00:35:42,240 all these reporting and everything 1039 00:35:40,160 --> 00:35:44,240 he went there he mentioned over there 1040 00:35:42,240 --> 00:35:46,400 okay i was able to find out a bug in 1041 00:35:44,240 --> 00:35:48,800 your server or in your network 1042 00:35:46,400 --> 00:35:49,520 now uh i will tell you about the bug if 1043 00:35:48,800 --> 00:35:51,520 you 1044 00:35:49,520 --> 00:35:53,359 pay me for that right you can let's say 1045 00:35:51,520 --> 00:35:54,480 uh like not a bug boundary program but 1046 00:35:53,359 --> 00:35:56,240 he needs some 1047 00:35:54,480 --> 00:35:57,760 some amount regarding that telling about 1048 00:35:56,240 --> 00:35:59,359 those bugs and all those things so 1049 00:35:57,760 --> 00:36:02,480 basically he has a very 1050 00:35:59,359 --> 00:36:04,000 good intention not to exploit it not not 1051 00:36:02,480 --> 00:36:05,520 to take up the control of all those 1052 00:36:04,000 --> 00:36:07,839 organization and try to 1053 00:36:05,520 --> 00:36:08,640 make any a negative effect out of it 1054 00:36:07,839 --> 00:36:10,160 right 1055 00:36:08,640 --> 00:36:11,599 so person what he's doing uh like he 1056 00:36:10,160 --> 00:36:13,280 went to the organization of the person 1057 00:36:11,599 --> 00:36:14,720 who is in charge of it he reported over 1058 00:36:13,280 --> 00:36:16,960 there okay i found a bug in here 1059 00:36:14,720 --> 00:36:19,119 on the server in your network so i want 1060 00:36:16,960 --> 00:36:20,960 to like a repair like a price money for 1061 00:36:19,119 --> 00:36:23,040 that right a small amount 1062 00:36:20,960 --> 00:36:24,640 but but the person over there he he 1063 00:36:23,040 --> 00:36:26,480 denied for it he said okay 1064 00:36:24,640 --> 00:36:27,680 we won't be paying for you or we won't 1065 00:36:26,480 --> 00:36:29,920 be paying you for that 1066 00:36:27,680 --> 00:36:30,720 particular thing so now what he did he 1067 00:36:29,920 --> 00:36:33,280 went to the 1068 00:36:30,720 --> 00:36:35,760 yeah dark net right the dark night here 1069 00:36:33,280 --> 00:36:37,599 dark web and he 1070 00:36:35,760 --> 00:36:39,040 released all those information all those 1071 00:36:37,599 --> 00:36:40,320 bugs over there and you know 1072 00:36:39,040 --> 00:36:42,240 everything over the dark knight has a 1073 00:36:40,320 --> 00:36:43,200 price right for a for each and 1074 00:36:42,240 --> 00:36:46,480 everything 1075 00:36:43,200 --> 00:36:48,240 it has a price correct so he sell out 1076 00:36:46,480 --> 00:36:49,599 things over there so it can be like an 1077 00:36:48,240 --> 00:36:51,680 opportunity over there like he found 1078 00:36:49,599 --> 00:36:53,680 about him he can sell over there he was 1079 00:36:51,680 --> 00:36:55,200 getting a like good amount from there so 1080 00:36:53,680 --> 00:36:57,599 he gave all those 1081 00:36:55,200 --> 00:36:59,040 details over the dark way that's what's 1082 00:36:57,599 --> 00:37:01,520 your gray hair hacker 1083 00:36:59,040 --> 00:37:02,960 then what's up white hat hacker guys the 1084 00:37:01,520 --> 00:37:05,280 one who performs 1085 00:37:02,960 --> 00:37:06,160 uh all these activity with permission of 1086 00:37:05,280 --> 00:37:09,680 pen tester 1087 00:37:06,160 --> 00:37:12,800 perfect sample right so what they do 1088 00:37:09,680 --> 00:37:14,640 they go by the rules or the books 1089 00:37:12,800 --> 00:37:16,000 isn't it right so as we are talking 1090 00:37:14,640 --> 00:37:17,040 about the fantastic right so you might 1091 00:37:16,000 --> 00:37:18,560 have seen this 1092 00:37:17,040 --> 00:37:20,320 fantast programs or over there all those 1093 00:37:18,560 --> 00:37:21,520 certifications if anyone is interested 1094 00:37:20,320 --> 00:37:24,240 since we brought it up 1095 00:37:21,520 --> 00:37:25,119 it's a pretty much good feel to go out 1096 00:37:24,240 --> 00:37:27,359 if you're more 1097 00:37:25,119 --> 00:37:28,320 inclined towards this attacking 1098 00:37:27,359 --> 00:37:31,599 situation or 1099 00:37:28,320 --> 00:37:33,359 all these sides right so what they do 1100 00:37:31,599 --> 00:37:35,599 like if you talk about the fantasy and 1101 00:37:33,359 --> 00:37:37,200 everything so first of all they they 1102 00:37:35,599 --> 00:37:37,839 found all those vulnerabilities all 1103 00:37:37,200 --> 00:37:39,359 those 1104 00:37:37,839 --> 00:37:41,359 loopholes which are they are signed for 1105 00:37:39,359 --> 00:37:43,599 they go by the book right so organize 1106 00:37:41,359 --> 00:37:45,599 the organization they hire a pen test 1107 00:37:43,599 --> 00:37:46,640 fantastic so you can say right they hire 1108 00:37:45,599 --> 00:37:48,560 a fantastic 1109 00:37:46,640 --> 00:37:50,880 they set up some rules you can say or 1110 00:37:48,560 --> 00:37:52,640 like a scoping thing right uh 1111 00:37:50,880 --> 00:37:54,160 planning and scoping is in the very 1112 00:37:52,640 --> 00:37:57,520 initial stage 1113 00:37:54,160 --> 00:37:59,200 for this your pen testing right the very 1114 00:37:57,520 --> 00:38:01,520 first phase planning and scoping 1115 00:37:59,200 --> 00:38:03,119 so you go with the organization you come 1116 00:38:01,520 --> 00:38:04,079 up in a deal you plan and scope all 1117 00:38:03,119 --> 00:38:06,880 those scenarios 1118 00:38:04,079 --> 00:38:08,320 right when you can do the pen testing 1119 00:38:06,880 --> 00:38:09,359 which sort of a server is allowed to do 1120 00:38:08,320 --> 00:38:11,920 pen testing 1121 00:38:09,359 --> 00:38:12,480 at what time i can do the pen testing 1122 00:38:11,920 --> 00:38:14,960 right and 1123 00:38:12,480 --> 00:38:16,960 like what all techniques i can use like 1124 00:38:14,960 --> 00:38:20,480 it will will it be the black box 1125 00:38:16,960 --> 00:38:22,240 white box gray box right and like huh 1126 00:38:20,480 --> 00:38:24,320 can i perform social engineering attacks 1127 00:38:22,240 --> 00:38:26,000 or not right what are the key cards of 1128 00:38:24,320 --> 00:38:28,720 your organization so that i can like 1129 00:38:26,000 --> 00:38:29,680 like i cannot do fantastic at that time 1130 00:38:28,720 --> 00:38:32,400 or even 1131 00:38:29,680 --> 00:38:32,960 what day like i should do the pen test 1132 00:38:32,400 --> 00:38:34,560 right 1133 00:38:32,960 --> 00:38:36,800 which should it be monday at use or if 1134 00:38:34,560 --> 00:38:38,720 any any sort of specific days mentioned 1135 00:38:36,800 --> 00:38:39,440 for up and tester to do the pen testing 1136 00:38:38,720 --> 00:38:41,760 on the day 1137 00:38:39,440 --> 00:38:43,040 so planning and scoping is like defined 1138 00:38:41,760 --> 00:38:44,720 in such a way right 1139 00:38:43,040 --> 00:38:46,560 all those things are mentioned and all 1140 00:38:44,720 --> 00:38:47,920 your scopes and all those permissions 1141 00:38:46,560 --> 00:38:50,160 are mentioned over there 1142 00:38:47,920 --> 00:38:51,359 and then the new you perform you and 1143 00:38:50,160 --> 00:38:53,520 test right then you do 1144 00:38:51,359 --> 00:38:54,720 rest of the stuff that you're scanning 1145 00:38:53,520 --> 00:38:56,960 like enumeration 1146 00:38:54,720 --> 00:38:58,320 and taking advantage of uneven 1147 00:38:56,960 --> 00:38:59,119 vulnerabilities or exploits which are 1148 00:38:58,320 --> 00:39:01,520 found out 1149 00:38:59,119 --> 00:39:02,320 right so these are the jobs of a pen 1150 00:39:01,520 --> 00:39:05,040 tester right 1151 00:39:02,320 --> 00:39:06,960 but he goes by the rules right he 1152 00:39:05,040 --> 00:39:07,920 organization is up has appointed a pen 1153 00:39:06,960 --> 00:39:10,400 tester 1154 00:39:07,920 --> 00:39:10,960 he make a planning and scoping as i 1155 00:39:10,400 --> 00:39:13,359 mentioned 1156 00:39:10,960 --> 00:39:14,000 right so in that planning and scoping 1157 00:39:13,359 --> 00:39:15,920 everything 1158 00:39:14,000 --> 00:39:18,000 is clearly mentioned like all your 1159 00:39:15,920 --> 00:39:21,359 limits all your boundaries 1160 00:39:18,000 --> 00:39:24,079 are mentioned over there and you cannot 1161 00:39:21,359 --> 00:39:25,760 go around or go beyond those limitations 1162 00:39:24,079 --> 00:39:26,480 which are set up by the organization for 1163 00:39:25,760 --> 00:39:30,000 you 1164 00:39:26,480 --> 00:39:32,160 right so that's your white hat hacker 1165 00:39:30,000 --> 00:39:33,200 pen tester which go by the books and 1166 00:39:32,160 --> 00:39:36,000 they too are the 1167 00:39:33,200 --> 00:39:37,520 authorized one isn't it i hope that's 1168 00:39:36,000 --> 00:39:40,480 clear 1169 00:39:37,520 --> 00:39:42,640 so uh talking about these guys uh there 1170 00:39:40,480 --> 00:39:47,040 are few more as you have mentioned 1171 00:39:42,640 --> 00:39:47,040 just the script kitties 1172 00:39:48,160 --> 00:39:52,640 what do you understand about the term 1173 00:39:49,280 --> 00:39:52,640 guys script kiddies 1174 00:39:55,599 --> 00:40:00,000 so moreover we can classy them or 1175 00:39:57,440 --> 00:40:02,000 classify them up into a person who have 1176 00:40:00,000 --> 00:40:03,200 no knowledge but are like you can say a 1177 00:40:02,000 --> 00:40:05,040 curious mind 1178 00:40:03,200 --> 00:40:06,960 right under skilled one perfect but 1179 00:40:05,040 --> 00:40:08,000 those who are like a curious minds and 1180 00:40:06,960 --> 00:40:09,359 don't do have 1181 00:40:08,000 --> 00:40:10,960 much of a knowledge regarding these 1182 00:40:09,359 --> 00:40:11,599 things right like they don't or they 1183 00:40:10,960 --> 00:40:13,760 don't have 1184 00:40:11,599 --> 00:40:15,599 like specific knowledge regarding the 1185 00:40:13,760 --> 00:40:16,400 tools what tools and what sort of a 1186 00:40:15,599 --> 00:40:18,720 scripts 1187 00:40:16,400 --> 00:40:20,319 but to write and how to use the tools 1188 00:40:18,720 --> 00:40:21,119 they do just what they go through the 1189 00:40:20,319 --> 00:40:24,240 youtube 1190 00:40:21,119 --> 00:40:26,720 and they will just randomly like they 1191 00:40:24,240 --> 00:40:27,599 pick that script and try to run it that 1192 00:40:26,720 --> 00:40:29,760 doesn't know what 1193 00:40:27,599 --> 00:40:31,520 might be the outcome of it like they 1194 00:40:29,760 --> 00:40:33,200 know like what it be doing by watching 1195 00:40:31,520 --> 00:40:36,079 youtube but they don't know like 1196 00:40:33,200 --> 00:40:37,280 what each script what each particular 1197 00:40:36,079 --> 00:40:40,319 code 1198 00:40:37,280 --> 00:40:41,760 does over there right so he doesn't uh 1199 00:40:40,319 --> 00:40:43,760 give a thought regarding these scripts 1200 00:40:41,760 --> 00:40:45,680 but uh but he just use them you 1201 00:40:43,760 --> 00:40:47,119 utilize them so like you can say 1202 00:40:45,680 --> 00:40:48,800 scripted these are those who don't 1203 00:40:47,119 --> 00:40:50,640 have a much of a knowledge but they are 1204 00:40:48,800 --> 00:40:52,319 the curious mind right 1205 00:40:50,640 --> 00:40:54,560 like you can put up all those categories 1206 00:40:52,319 --> 00:40:56,720 those who want to like hack their 1207 00:40:54,560 --> 00:40:58,160 like girlfriend's instagram or all those 1208 00:40:56,720 --> 00:40:59,520 things how to do that they just go to 1209 00:40:58,160 --> 00:41:01,599 the youtube and try to 1210 00:40:59,520 --> 00:41:02,880 exploit it in that way right so you can 1211 00:41:01,599 --> 00:41:05,839 put it into 1212 00:41:02,880 --> 00:41:06,880 that particular section for your kitties 1213 00:41:05,839 --> 00:41:09,599 right 1214 00:41:06,880 --> 00:41:10,400 perfect then guys there is the one more 1215 00:41:09,599 --> 00:41:15,040 which goes 1216 00:41:10,400 --> 00:41:15,040 by the name suicide hackles 1217 00:41:17,440 --> 00:41:21,839 like how can you define a suicide hacker 1218 00:41:19,599 --> 00:41:21,839 guys 1219 00:41:23,520 --> 00:41:27,280 the one who knows what is the outcome of 1220 00:41:26,800 --> 00:41:29,520 it right 1221 00:41:27,280 --> 00:41:30,640 they know that there will be the bad 1222 00:41:29,520 --> 00:41:34,319 consequences 1223 00:41:30,640 --> 00:41:37,200 isn't it but still they make that call 1224 00:41:34,319 --> 00:41:38,400 isn't it they know let's say if someone 1225 00:41:37,200 --> 00:41:39,440 is hacking a facebook or something like 1226 00:41:38,400 --> 00:41:41,440 that they know okay 1227 00:41:39,440 --> 00:41:42,560 they'll be like a lifetime imprisonment 1228 00:41:41,440 --> 00:41:43,680 or something like that if you're trying 1229 00:41:42,560 --> 00:41:45,440 to steal a lot of 1230 00:41:43,680 --> 00:41:47,200 money from a bank account or something 1231 00:41:45,440 --> 00:41:48,160 like that they know the outcome right 1232 00:41:47,200 --> 00:41:50,560 they know everything 1233 00:41:48,160 --> 00:41:51,280 but still they are going for that thing 1234 00:41:50,560 --> 00:41:55,200 right they are 1235 00:41:51,280 --> 00:41:58,079 making that call so that's your suicide 1236 00:41:55,200 --> 00:41:58,640 hacker all right i hope that's clear to 1237 00:41:58,079 --> 00:42:01,119 everyone 1238 00:41:58,640 --> 00:42:02,640 so these are the bits regarding our fed 1239 00:42:01,119 --> 00:42:06,160 actors 1240 00:42:02,640 --> 00:42:09,440 right a few more which brings us to 1241 00:42:06,160 --> 00:42:11,440 attributes of threat actors 1242 00:42:09,440 --> 00:42:12,720 so we are talking about the attributes 1243 00:42:11,440 --> 00:42:16,000 of threat actors 1244 00:42:12,720 --> 00:42:18,240 they are internal external intent and 1245 00:42:16,000 --> 00:42:19,760 motivation so guys first of all what do 1246 00:42:18,240 --> 00:42:22,560 you understand by this term 1247 00:42:19,760 --> 00:42:23,760 internal threat actor so or you can say 1248 00:42:22,560 --> 00:42:26,720 an internal or 1249 00:42:23,760 --> 00:42:27,040 insider threat actor is one that has 1250 00:42:26,720 --> 00:42:29,359 been 1251 00:42:27,040 --> 00:42:30,160 granted permissions on the system isn't 1252 00:42:29,359 --> 00:42:31,920 it 1253 00:42:30,160 --> 00:42:33,839 so as you mentioned the example of it 1254 00:42:31,920 --> 00:42:37,599 it's a employee of the company 1255 00:42:33,839 --> 00:42:38,720 right perfect so uh we can like uh have 1256 00:42:37,599 --> 00:42:40,640 this malicious 1257 00:42:38,720 --> 00:42:43,359 insider threat as well right here like 1258 00:42:40,640 --> 00:42:44,000 your employees your contractors your 1259 00:42:43,359 --> 00:42:46,079 partners 1260 00:42:44,000 --> 00:42:47,520 you can classify them as well into your 1261 00:42:46,079 --> 00:42:51,680 internal threat 1262 00:42:47,520 --> 00:42:54,240 actors exactly yeah perfect exactly guys 1263 00:42:51,680 --> 00:42:55,280 then uh like we can also put above like 1264 00:42:54,240 --> 00:42:56,560 your internal 1265 00:42:55,280 --> 00:42:58,800 these threads can be like your 1266 00:42:56,560 --> 00:43:00,319 unintentional as well isn't it guys 1267 00:42:58,800 --> 00:43:01,440 intentional like you can put employees 1268 00:43:00,319 --> 00:43:03,359 and everything over there but 1269 00:43:01,440 --> 00:43:05,520 intentionals are also over there right 1270 00:43:03,359 --> 00:43:07,839 your unintentional 1271 00:43:05,520 --> 00:43:09,839 insider threat right so like weak 1272 00:43:07,839 --> 00:43:12,000 policies you can put it over there 1273 00:43:09,839 --> 00:43:14,079 like weak policies and procedures like 1274 00:43:12,000 --> 00:43:16,079 or even the lack of training 1275 00:43:14,079 --> 00:43:18,079 or to the employees or the security 1276 00:43:16,079 --> 00:43:20,160 awareness to them isn't it 1277 00:43:18,079 --> 00:43:22,400 like uh if i take a very good example of 1278 00:43:20,160 --> 00:43:25,119 that like if you are trying to 1279 00:43:22,400 --> 00:43:26,960 trying a phishing attack doesn't it so 1280 00:43:25,119 --> 00:43:27,520 obviously organization what they do they 1281 00:43:26,960 --> 00:43:29,440 they 1282 00:43:27,520 --> 00:43:30,800 give the training to their employees 1283 00:43:29,440 --> 00:43:32,079 regarding the fishing and everything to 1284 00:43:30,800 --> 00:43:35,040 make their awareness 1285 00:43:32,079 --> 00:43:36,000 right so if they're not providing a 1286 00:43:35,040 --> 00:43:38,240 sufficient 1287 00:43:36,000 --> 00:43:39,920 training or like not training their 1288 00:43:38,240 --> 00:43:41,359 employees regarding and making them 1289 00:43:39,920 --> 00:43:42,400 aware regarding all these sort of an 1290 00:43:41,359 --> 00:43:44,880 attacks 1291 00:43:42,400 --> 00:43:46,000 an attacker like can take an advantage 1292 00:43:44,880 --> 00:43:48,560 of that 1293 00:43:46,000 --> 00:43:51,440 am i right so these were like regarding 1294 00:43:48,560 --> 00:43:54,560 internal ones right then there is your 1295 00:43:51,440 --> 00:43:54,960 so external threat can be someone not 1296 00:43:54,560 --> 00:43:57,920 from 1297 00:43:54,960 --> 00:43:59,040 inside the organization but from the 1298 00:43:57,920 --> 00:44:01,839 outside right 1299 00:43:59,040 --> 00:44:02,880 that can enter to the security system of 1300 00:44:01,839 --> 00:44:05,680 the company 1301 00:44:02,880 --> 00:44:07,200 using malwares or any social engineering 1302 00:44:05,680 --> 00:44:10,480 attack right 1303 00:44:07,200 --> 00:44:13,680 exactly perfect so an external thread 1304 00:44:10,480 --> 00:44:14,560 actor has no account or he's not having 1305 00:44:13,680 --> 00:44:17,680 any authorized 1306 00:44:14,560 --> 00:44:19,520 access to the target system right that's 1307 00:44:17,680 --> 00:44:21,440 why he uses techniques 1308 00:44:19,520 --> 00:44:22,720 like malwares or social engineering 1309 00:44:21,440 --> 00:44:26,160 attacks to enter the 1310 00:44:22,720 --> 00:44:27,280 security system an external actor if you 1311 00:44:26,160 --> 00:44:29,920 talk about it right 1312 00:44:27,280 --> 00:44:30,400 he may get hands-on like security system 1313 00:44:29,920 --> 00:44:33,359 by 1314 00:44:30,400 --> 00:44:34,079 like doing an attack on like remotely or 1315 00:44:33,359 --> 00:44:36,319 either on the 1316 00:44:34,079 --> 00:44:37,440 premises right of like breaking up into 1317 00:44:36,319 --> 00:44:39,040 the headquarters by 1318 00:44:37,440 --> 00:44:40,720 bypassing all those fences and all those 1319 00:44:39,040 --> 00:44:42,960 things right so he cannot 1320 00:44:40,720 --> 00:44:44,000 attack either remotely or click on 1321 00:44:42,960 --> 00:44:46,240 premises 1322 00:44:44,000 --> 00:44:47,520 so it's make it very clear right so it 1323 00:44:46,240 --> 00:44:50,480 is a threat actor 1324 00:44:47,520 --> 00:44:51,119 that is defined as external not the 1325 00:44:50,480 --> 00:44:54,720 attacking 1326 00:44:51,119 --> 00:44:57,440 method he is using doesn't it that's a 1327 00:44:54,720 --> 00:44:58,160 actual thread actor for you right then 1328 00:44:57,440 --> 00:45:00,000 guys they have 1329 00:44:58,160 --> 00:45:02,240 intent and motivation what do you 1330 00:45:00,000 --> 00:45:06,400 understand by the intent guys 1331 00:45:02,240 --> 00:45:09,040 so intent means what the hacker is 1332 00:45:06,400 --> 00:45:09,680 hoping to get from the attack right 1333 00:45:09,040 --> 00:45:12,160 doesn't it 1334 00:45:09,680 --> 00:45:13,520 intent means what the attacker is hoping 1335 00:45:12,160 --> 00:45:15,200 to get from the 1336 00:45:13,520 --> 00:45:17,040 attack doesn't it and what's the 1337 00:45:15,200 --> 00:45:19,040 motivation guys 1338 00:45:17,040 --> 00:45:20,720 these are the attackers reason to 1339 00:45:19,040 --> 00:45:24,000 perform the attack isn't it 1340 00:45:20,720 --> 00:45:27,920 a malicious threat actor like 1341 00:45:24,000 --> 00:45:31,200 he can be motivated by greed 1342 00:45:27,920 --> 00:45:32,000 curiosity or some sort of grievances you 1343 00:45:31,200 --> 00:45:34,560 can say right 1344 00:45:32,000 --> 00:45:35,680 for instance exactly to gain money you 1345 00:45:34,560 --> 00:45:38,400 can say right 1346 00:45:35,680 --> 00:45:39,280 exactly right so like if you talk about 1347 00:45:38,400 --> 00:45:42,400 intention like 1348 00:45:39,280 --> 00:45:44,160 it would be like regarding to disrupt a 1349 00:45:42,400 --> 00:45:47,359 system or to steal some sort of 1350 00:45:44,160 --> 00:45:48,480 information out of it correct so 1351 00:45:47,359 --> 00:45:51,200 since we are talking about the threat 1352 00:45:48,480 --> 00:45:54,079 actors right we always have this 1353 00:45:51,200 --> 00:45:55,760 threat intelligence as an outcome of it 1354 00:45:54,079 --> 00:45:57,680 isn't it 1355 00:45:55,760 --> 00:45:59,200 so threat intelligence basically of 1356 00:45:57,680 --> 00:46:02,480 cyber threat intelligence is 1357 00:45:59,200 --> 00:46:05,680 information an organization 1358 00:46:02,480 --> 00:46:08,800 uses to understand the threats that have 1359 00:46:05,680 --> 00:46:11,760 like bill or are currently targeting the 1360 00:46:08,800 --> 00:46:13,440 organization right so this information 1361 00:46:11,760 --> 00:46:17,119 is used to prepare 1362 00:46:13,440 --> 00:46:19,359 prevent and identify cyber threats 1363 00:46:17,119 --> 00:46:20,800 right to like counter them or i'll 1364 00:46:19,359 --> 00:46:23,839 control all those adverse effects 1365 00:46:20,800 --> 00:46:25,440 isn't it so so these these are used to 1366 00:46:23,839 --> 00:46:28,480 prepare prevent and identify 1367 00:46:25,440 --> 00:46:31,839 cyber threats looking to take advantage 1368 00:46:28,480 --> 00:46:34,000 of valuable resources out there right 1369 00:46:31,839 --> 00:46:35,520 so over here as it is defined as we all 1370 00:46:34,000 --> 00:46:36,560 know the world of technology is growing 1371 00:46:35,520 --> 00:46:38,400 day by day 1372 00:46:36,560 --> 00:46:39,920 and so as the cyber attacks right so 1373 00:46:38,400 --> 00:46:42,960 threat intelligence 1374 00:46:39,920 --> 00:46:43,520 is the knowledge by which we can prevent 1375 00:46:42,960 --> 00:46:46,720 or 1376 00:46:43,520 --> 00:46:49,359 mitigate those attacks right 1377 00:46:46,720 --> 00:46:51,200 so guys if i say like if you are talking 1378 00:46:49,359 --> 00:46:52,960 about the intelligence right what's an 1379 00:46:51,200 --> 00:46:56,560 intelligence just define it so if i 1380 00:46:52,960 --> 00:47:00,480 write if i'm writing let's say 1381 00:46:56,560 --> 00:47:00,480 twenty three slash zero 1382 00:47:01,200 --> 00:47:08,079 zero five slash twenty twenty one 1383 00:47:04,319 --> 00:47:11,200 right twenty five slash zero five slash 1384 00:47:08,079 --> 00:47:15,520 twenty twenty one 20 1385 00:47:11,200 --> 00:47:20,000 8 0 5 20 21 1386 00:47:15,520 --> 00:47:22,160 let's say 2 0 6 slash 2021 1387 00:47:20,000 --> 00:47:24,000 and so on right first of all if i 1388 00:47:22,160 --> 00:47:27,200 mention these things 1389 00:47:24,000 --> 00:47:29,920 what are they for you they are just 1390 00:47:27,200 --> 00:47:30,720 dates isn't it right they're just dates 1391 00:47:29,920 --> 00:47:33,680 over here 1392 00:47:30,720 --> 00:47:35,520 not information yet not information yet 1393 00:47:33,680 --> 00:47:37,599 for now these are just a 1394 00:47:35,520 --> 00:47:39,839 data for us am i right they are just a 1395 00:47:37,599 --> 00:47:41,760 data yeah i am mentioning dates 1396 00:47:39,839 --> 00:47:43,760 which which are like a data for us for 1397 00:47:41,760 --> 00:47:47,440 now right but 1398 00:47:43,760 --> 00:47:47,440 if i write something like this 1399 00:47:47,599 --> 00:47:50,079 list of 1400 00:47:51,200 --> 00:47:55,119 holidays at the heading you can say or 1401 00:47:54,240 --> 00:47:58,160 the 1402 00:47:55,119 --> 00:48:01,040 title of it then you can say 1403 00:47:58,160 --> 00:48:03,520 exactly it's like an information right 1404 00:48:01,040 --> 00:48:06,160 correct it's a information exactly 1405 00:48:03,520 --> 00:48:07,680 perfect right so these are your 1406 00:48:06,160 --> 00:48:09,200 information isn't it 1407 00:48:07,680 --> 00:48:11,440 like it is giving now some sort of 1408 00:48:09,200 --> 00:48:14,319 information to us okay these days 1409 00:48:11,440 --> 00:48:14,880 are like your list of holidays for us 1410 00:48:14,319 --> 00:48:16,559 right 1411 00:48:14,880 --> 00:48:17,920 so these these are your list of holidays 1412 00:48:16,559 --> 00:48:18,720 it can be like a list of holidays over 1413 00:48:17,920 --> 00:48:22,400 here 1414 00:48:18,720 --> 00:48:26,240 but okay if i specify this 1415 00:48:22,400 --> 00:48:27,839 right and like if i specify this date 1416 00:48:26,240 --> 00:48:30,400 and like i'm planning to go to 1417 00:48:27,839 --> 00:48:31,599 somewhere out there not now since the 1418 00:48:30,400 --> 00:48:33,839 covert is over there 1419 00:48:31,599 --> 00:48:35,359 right but later on if there is a date 1420 00:48:33,839 --> 00:48:36,640 right and i'm planning to 1421 00:48:35,359 --> 00:48:38,319 like since the list of qualities are 1422 00:48:36,640 --> 00:48:40,000 mentioned i'm planning to go at a 1423 00:48:38,319 --> 00:48:42,160 particular location or any place 1424 00:48:40,000 --> 00:48:44,880 right on these mentioned dates right 1425 00:48:42,160 --> 00:48:44,880 that can be a 1426 00:48:44,960 --> 00:48:50,559 intelligence reason being 1427 00:48:48,079 --> 00:48:52,160 we are doing what we are making the 1428 00:48:50,559 --> 00:48:53,760 decisions out here we are making the 1429 00:48:52,160 --> 00:48:55,760 decisions out here 1430 00:48:53,760 --> 00:48:57,680 so when it's decision making it's your 1431 00:48:55,760 --> 00:48:58,880 intelligence isn't it 1432 00:48:57,680 --> 00:49:00,880 like when you're planning out to do 1433 00:48:58,880 --> 00:49:04,319 something out of those deeds right 1434 00:49:00,880 --> 00:49:06,000 so these are your intelligence correct 1435 00:49:04,319 --> 00:49:07,359 all right so which brings us closer 1436 00:49:06,000 --> 00:49:08,000 threat intelligence which i've already 1437 00:49:07,359 --> 00:49:09,599 told right 1438 00:49:08,000 --> 00:49:11,760 so that intelligence or cyber threat 1439 00:49:09,599 --> 00:49:13,599 intelligence is information 1440 00:49:11,760 --> 00:49:15,119 an organization used to understand the 1441 00:49:13,599 --> 00:49:17,680 threats that have 1442 00:49:15,119 --> 00:49:19,920 will or are currently targeting the 1443 00:49:17,680 --> 00:49:22,400 organization right which can be helpful 1444 00:49:19,920 --> 00:49:23,680 for us to prepare and like prevent the 1445 00:49:22,400 --> 00:49:25,119 organization from all those cyber 1446 00:49:23,680 --> 00:49:26,160 threats right which can be taking an 1447 00:49:25,119 --> 00:49:28,240 advantage of 1448 00:49:26,160 --> 00:49:30,000 our valuable resources out there isn't 1449 00:49:28,240 --> 00:49:32,400 it so when we talk about 1450 00:49:30,000 --> 00:49:33,839 these things there are always some 1451 00:49:32,400 --> 00:49:37,200 resources for the threats 1452 00:49:33,839 --> 00:49:40,000 search right so we have threat research 1453 00:49:37,200 --> 00:49:41,680 sources as well so threat research is a 1454 00:49:40,000 --> 00:49:43,520 counter intelligence right 1455 00:49:41,680 --> 00:49:45,520 it's a counter intelligence gathering 1456 00:49:43,520 --> 00:49:47,119 effort in which like your security 1457 00:49:45,520 --> 00:49:50,160 companies and researchers 1458 00:49:47,119 --> 00:49:53,359 the attempt to discover the 1459 00:49:50,160 --> 00:49:57,359 tactics techniques 1460 00:49:53,359 --> 00:50:02,000 and procedures right 1461 00:49:57,359 --> 00:50:05,760 tend to discover tactics 1462 00:50:02,000 --> 00:50:05,760 right techniques 1463 00:50:08,559 --> 00:50:16,800 and the procedures 1464 00:50:13,599 --> 00:50:18,160 right so we'll talk about it right 1465 00:50:16,800 --> 00:50:20,000 like they are they fall in the category 1466 00:50:18,160 --> 00:50:22,160 of your threat intelligence providers 1467 00:50:20,000 --> 00:50:23,040 okay moreover when we talk about your 1468 00:50:22,160 --> 00:50:24,960 threat research 1469 00:50:23,040 --> 00:50:26,319 sources right we can go get from the 1470 00:50:24,960 --> 00:50:27,280 firewalls regarding your logs and all 1471 00:50:26,319 --> 00:50:28,880 those bits 1472 00:50:27,280 --> 00:50:30,400 and like we have these honey nets as 1473 00:50:28,880 --> 00:50:32,480 well right 1474 00:50:30,400 --> 00:50:33,920 so moreover like in short what you are 1475 00:50:32,480 --> 00:50:37,520 trying to do is like you 1476 00:50:33,920 --> 00:50:38,559 provide them few areas right to attack 1477 00:50:37,520 --> 00:50:41,040 right you can say 1478 00:50:38,559 --> 00:50:41,680 uh you have a dummy server you pull it 1479 00:50:41,040 --> 00:50:44,960 up 1480 00:50:41,680 --> 00:50:45,520 over there right and you are luring or 1481 00:50:44,960 --> 00:50:48,559 like you 1482 00:50:45,520 --> 00:50:49,599 you are like giving those server the 1483 00:50:48,559 --> 00:50:52,000 dummy ones right 1484 00:50:49,599 --> 00:50:52,720 to the attackers okay you have your main 1485 00:50:52,000 --> 00:50:55,280 server 1486 00:50:52,720 --> 00:50:57,119 right which like can be a similar of 1487 00:50:55,280 --> 00:50:59,359 functionality you can say right 1488 00:50:57,119 --> 00:51:01,680 and all those network architecture out 1489 00:50:59,359 --> 00:51:02,000 there but moreover main is on another 1490 00:51:01,680 --> 00:51:03,760 one 1491 00:51:02,000 --> 00:51:05,680 and you you put out those or that dummy 1492 00:51:03,760 --> 00:51:07,680 one out there right for an attacker 1493 00:51:05,680 --> 00:51:09,359 so attacker will do what he will try to 1494 00:51:07,680 --> 00:51:10,640 exploit it right he will try to 1495 00:51:09,359 --> 00:51:13,040 figure out the vulnerabilities and he 1496 00:51:10,640 --> 00:51:15,359 will try to take an advantage of that 1497 00:51:13,040 --> 00:51:16,880 but you are the smart people are around 1498 00:51:15,359 --> 00:51:17,520 here right the security one so what he 1499 00:51:16,880 --> 00:51:19,839 did 1500 00:51:17,520 --> 00:51:20,640 so what all techniques what all 1501 00:51:19,839 --> 00:51:23,280 procedures 1502 00:51:20,640 --> 00:51:24,720 you can say right what all are tactics 1503 00:51:23,280 --> 00:51:26,880 techniques and procedures he's 1504 00:51:24,720 --> 00:51:28,079 trying to put it over there right into 1505 00:51:26,880 --> 00:51:30,319 your dummy one 1506 00:51:28,079 --> 00:51:31,119 doesn't it so whatever his all the 1507 00:51:30,319 --> 00:51:33,200 strategies 1508 00:51:31,119 --> 00:51:34,640 tactics techniques and procedures trying 1509 00:51:33,200 --> 00:51:37,599 to put up over that dummy one 1510 00:51:34,640 --> 00:51:38,800 you are observing them right you are 1511 00:51:37,599 --> 00:51:40,559 thinking you can say you can you are 1512 00:51:38,800 --> 00:51:43,359 taking the note out of them 1513 00:51:40,559 --> 00:51:45,119 so now what happened like after okay 1514 00:51:43,359 --> 00:51:46,559 that dummy one will be like you gave 1515 00:51:45,119 --> 00:51:49,359 some sort of a 1516 00:51:46,559 --> 00:51:51,280 privileges you can say like you gave uh 1517 00:51:49,359 --> 00:51:53,280 basically this honey one is like 1518 00:51:51,280 --> 00:51:55,359 or divided into three categories low 1519 00:51:53,280 --> 00:51:57,520 level or medium level and 1520 00:51:55,359 --> 00:51:59,520 high level right so that defines like 1521 00:51:57,520 --> 00:52:01,200 how much of a portion of a server or 1522 00:51:59,520 --> 00:52:01,839 network you are allowing an attacker to 1523 00:52:01,200 --> 00:52:03,599 exploit 1524 00:52:01,839 --> 00:52:05,680 right so these are defined on those 1525 00:52:03,599 --> 00:52:07,920 bases so whatsoever you have put it in 1526 00:52:05,680 --> 00:52:09,920 your dummy network or in a dummy server 1527 00:52:07,920 --> 00:52:11,440 right so attacker will try to exploit it 1528 00:52:09,920 --> 00:52:13,040 and from those exploits 1529 00:52:11,440 --> 00:52:14,960 you will take the information out of 1530 00:52:13,040 --> 00:52:15,760 them right so what all ports he might 1531 00:52:14,960 --> 00:52:17,599 have uh 1532 00:52:15,760 --> 00:52:19,440 like exploit or like what all 1533 00:52:17,599 --> 00:52:21,119 vulnerabilities he attacked over there 1534 00:52:19,440 --> 00:52:23,119 right and all the logs and all those 1535 00:52:21,119 --> 00:52:24,559 ips and everything you will try to 1536 00:52:23,119 --> 00:52:26,400 observe over there and through that you 1537 00:52:24,559 --> 00:52:28,960 will be patching up into your 1538 00:52:26,400 --> 00:52:30,559 real or you can see the main server 1539 00:52:28,960 --> 00:52:32,319 right so this is like a 1540 00:52:30,559 --> 00:52:34,640 threat resource regarding your honey 1541 00:52:32,319 --> 00:52:37,119 nets or honeypots right 1542 00:52:34,640 --> 00:52:38,559 then we have dark web and dark knight i 1543 00:52:37,119 --> 00:52:39,520 guess it's pretty clear to each and 1544 00:52:38,559 --> 00:52:41,040 every one right 1545 00:52:39,520 --> 00:52:43,119 so if you talk about a dark net it's 1546 00:52:41,040 --> 00:52:44,000 like a network infrastructure which is 1547 00:52:43,119 --> 00:52:45,760 established to 1548 00:52:44,000 --> 00:52:48,880 overlay your internet right and can be 1549 00:52:45,760 --> 00:52:50,559 used by using some softwares like your 1550 00:52:48,880 --> 00:52:53,280 tor you might have heard about it isn't 1551 00:52:50,559 --> 00:52:56,400 it or your i2p or freenet 1552 00:52:53,280 --> 00:52:56,800 right so this darknet is most often used 1553 00:52:56,400 --> 00:52:59,680 for 1554 00:52:56,800 --> 00:53:00,640 illegal activities right like your black 1555 00:52:59,680 --> 00:53:02,480 markets 1556 00:53:00,640 --> 00:53:04,880 your illegal file sharing over there and 1557 00:53:02,480 --> 00:53:06,559 exchanging of illegal goods or services 1558 00:53:04,880 --> 00:53:09,280 presented like regarding a stolen 1559 00:53:06,559 --> 00:53:11,040 financial or any sort of private data 1560 00:53:09,280 --> 00:53:12,559 so it basically prevent a third party 1561 00:53:11,040 --> 00:53:14,480 from knowing about the existence of the 1562 00:53:12,559 --> 00:53:16,240 network right or analyzing any activity 1563 00:53:14,480 --> 00:53:18,319 taking place over the network 1564 00:53:16,240 --> 00:53:20,000 so you can take an advantage over there 1565 00:53:18,319 --> 00:53:21,280 right so you can like it basically 1566 00:53:20,000 --> 00:53:22,079 provides you multiple layers of 1567 00:53:21,280 --> 00:53:24,960 encryption 1568 00:53:22,079 --> 00:53:26,319 right uh which is put up between the 1569 00:53:24,960 --> 00:53:27,760 nodes to achieve this 1570 00:53:26,319 --> 00:53:29,920 anonymity that's why you've become 1571 00:53:27,760 --> 00:53:32,880 anonymous with that so use this 1572 00:53:29,920 --> 00:53:34,640 uh you use this dark web right which is 1573 00:53:32,880 --> 00:53:36,240 not visible to search engines right it 1574 00:53:34,640 --> 00:53:39,280 can only be accessed over the dark 1575 00:53:36,240 --> 00:53:41,119 not only this dark web so like 1576 00:53:39,280 --> 00:53:42,559 you can use them into investigating this 1577 00:53:41,119 --> 00:53:44,960 dark web 1578 00:53:42,559 --> 00:53:47,119 websites and message boards like which 1579 00:53:44,960 --> 00:53:49,440 are which can be a valuable source 1580 00:53:47,119 --> 00:53:51,280 of counter intelligence over there right 1581 00:53:49,440 --> 00:53:53,680 so this the anonymity of dark web 1582 00:53:51,280 --> 00:53:55,760 services has made it easy for 1583 00:53:53,680 --> 00:53:56,800 investigator to infiltrate the forums 1584 00:53:55,760 --> 00:53:58,880 and web stores 1585 00:53:56,800 --> 00:54:00,240 that have been set up to exchange any 1586 00:53:58,880 --> 00:54:01,760 sort of a stolen data and 1587 00:54:00,240 --> 00:54:03,440 hacking tools so you can just put up 1588 00:54:01,760 --> 00:54:05,119 like use of this 1589 00:54:03,440 --> 00:54:06,559 dark web for the account intelligence 1590 00:54:05,119 --> 00:54:07,839 you can see all those data and all those 1591 00:54:06,559 --> 00:54:09,680 information out there 1592 00:54:07,839 --> 00:54:11,119 and you can put it as like a counter 1593 00:54:09,680 --> 00:54:12,240 intelligence now you can just patch up 1594 00:54:11,119 --> 00:54:14,720 things over there 1595 00:54:12,240 --> 00:54:15,520 regarding all those threat researchers 1596 00:54:14,720 --> 00:54:17,119 right 1597 00:54:15,520 --> 00:54:19,200 so these were regarding your threat 1598 00:54:17,119 --> 00:54:22,079 resource sources 1599 00:54:19,200 --> 00:54:23,520 right then we have your guys your threat 1600 00:54:22,079 --> 00:54:27,440 intelligence provider 1601 00:54:23,520 --> 00:54:30,000 right so we have this behavioral 1602 00:54:27,440 --> 00:54:31,680 we have reputation we have threat data 1603 00:54:30,000 --> 00:54:33,280 right so basically our primary research 1604 00:54:31,680 --> 00:54:36,079 which we did like you had your 1605 00:54:33,280 --> 00:54:36,960 ips and logs and all this dark web and 1606 00:54:36,079 --> 00:54:40,000 your 1607 00:54:36,960 --> 00:54:41,680 honeypot or your honey nets right so all 1608 00:54:40,000 --> 00:54:43,119 these primary research 1609 00:54:41,680 --> 00:54:45,599 you can say dark web on the second 1610 00:54:43,119 --> 00:54:48,880 resource okay so basically all these 1611 00:54:45,599 --> 00:54:51,280 researches by threat research uh sources 1612 00:54:48,880 --> 00:54:53,520 they are categorized in broad forms 1613 00:54:51,280 --> 00:54:55,680 right first is your behavioral threat 1614 00:54:53,520 --> 00:54:57,680 research right so what does your 1615 00:54:55,680 --> 00:54:59,920 behavioral threat research does 1616 00:54:57,680 --> 00:55:01,760 as i mentioned those ttp right so it 1617 00:54:59,920 --> 00:55:04,160 describes the examples of 1618 00:55:01,760 --> 00:55:07,440 attacks and the ttps which are gathered 1619 00:55:04,160 --> 00:55:12,799 out there ttp as in your 1620 00:55:07,440 --> 00:55:12,799 tactics techniques 1621 00:55:13,760 --> 00:55:20,160 and the procedures isn't it 1622 00:55:18,880 --> 00:55:22,720 so what do you understand about the term 1623 00:55:20,160 --> 00:55:24,160 tactics guys so basically as your ttp 1624 00:55:22,720 --> 00:55:26,960 that refers to the pattern 1625 00:55:24,160 --> 00:55:28,000 of activities and methods associated 1626 00:55:26,960 --> 00:55:29,599 with specific 1627 00:55:28,000 --> 00:55:31,440 like you can say threat actor or group 1628 00:55:29,599 --> 00:55:33,119 of threat or group of actors right we 1629 00:55:31,440 --> 00:55:35,119 analyze from their patterns 1630 00:55:33,119 --> 00:55:36,799 and we try to strategize the liking to 1631 00:55:35,119 --> 00:55:38,799 say put up as a 1632 00:55:36,799 --> 00:55:40,000 threat intelligence over there right so 1633 00:55:38,799 --> 00:55:41,839 you analyze all those uh 1634 00:55:40,000 --> 00:55:43,760 tactics tactics as in like it is a 1635 00:55:41,839 --> 00:55:46,799 guideline that describes the way 1636 00:55:43,760 --> 00:55:48,880 an attacker performs the attack from 1637 00:55:46,799 --> 00:55:51,599 beginning to the end isn't it 1638 00:55:48,880 --> 00:55:53,839 so it consists various tactics of 1639 00:55:51,599 --> 00:55:55,839 information gathering to perform 1640 00:55:53,839 --> 00:55:57,040 initial exploitation perform cleveland 1641 00:55:55,839 --> 00:56:00,000 escalation 1642 00:55:57,040 --> 00:56:01,040 perform the lateral movement right and 1643 00:56:00,000 --> 00:56:03,359 etcetera 1644 00:56:01,040 --> 00:56:04,480 that's your tactics then it comes your 1645 00:56:03,359 --> 00:56:07,200 techniques 1646 00:56:04,480 --> 00:56:08,559 techniques it is a like technical method 1647 00:56:07,200 --> 00:56:12,079 used by an attacker 1648 00:56:08,559 --> 00:56:13,599 to achieve like an intermediate resource 1649 00:56:12,079 --> 00:56:17,359 right 1650 00:56:13,599 --> 00:56:18,640 exactly so uh use an attacker to achieve 1651 00:56:17,359 --> 00:56:21,359 intermediate results during the 1652 00:56:18,640 --> 00:56:22,480 attack so it includes like your initial 1653 00:56:21,359 --> 00:56:24,960 exploitation 1654 00:56:22,480 --> 00:56:26,960 setting up right and maintaining command 1655 00:56:24,960 --> 00:56:29,040 and control channels out there 1656 00:56:26,960 --> 00:56:30,240 right so all those techniques are being 1657 00:56:29,040 --> 00:56:32,720 mentioned at this 1658 00:56:30,240 --> 00:56:34,400 phase then you have this procedure 1659 00:56:32,720 --> 00:56:35,200 proceduralizing like organization 1660 00:56:34,400 --> 00:56:37,119 approach 1661 00:56:35,200 --> 00:56:39,040 like they followed by the threat actors 1662 00:56:37,119 --> 00:56:41,760 to launch an attack right so they 1663 00:56:39,040 --> 00:56:42,799 set up a whole procedure which has to be 1664 00:56:41,760 --> 00:56:44,640 take place 1665 00:56:42,799 --> 00:56:46,400 to attack an organization isn't it so 1666 00:56:44,640 --> 00:56:48,640 like procedure of information gathering 1667 00:56:46,400 --> 00:56:50,480 you can say step type steps instructions 1668 00:56:48,640 --> 00:56:52,319 right so like what like an attacker 1669 00:56:50,480 --> 00:56:53,520 collects information about the target 1670 00:56:52,319 --> 00:56:55,520 organization 1671 00:56:53,520 --> 00:56:57,599 right he identified key targets over 1672 00:56:55,520 --> 00:57:00,000 there the employees and they 1673 00:56:57,599 --> 00:57:01,440 collect their contact details and on the 1674 00:57:00,000 --> 00:57:03,359 rest of the things right 1675 00:57:01,440 --> 00:57:04,960 so all those step-by-step processes are 1676 00:57:03,359 --> 00:57:08,319 being done in your 1677 00:57:04,960 --> 00:57:10,079 procedure that was your behavioral part 1678 00:57:08,319 --> 00:57:12,000 okay behavioral threat research then 1679 00:57:10,079 --> 00:57:13,760 your then is your reputational 1680 00:57:12,000 --> 00:57:16,400 reputational threat intelligence it's 1681 00:57:13,760 --> 00:57:18,000 like list of ip addresses and domains 1682 00:57:16,400 --> 00:57:19,280 which are associated with malicious 1683 00:57:18,000 --> 00:57:19,839 behavior which might have gone through 1684 00:57:19,280 --> 00:57:22,000 your 1685 00:57:19,839 --> 00:57:23,200 honeypot you can say right and like 1686 00:57:22,000 --> 00:57:25,839 identifying all those 1687 00:57:23,200 --> 00:57:27,440 signatures of file based malware and 1688 00:57:25,839 --> 00:57:28,000 those things right so that falls under 1689 00:57:27,440 --> 00:57:30,240 the 1690 00:57:28,000 --> 00:57:31,200 reputation category then you have thread 1691 00:57:30,240 --> 00:57:33,359 data as well 1692 00:57:31,200 --> 00:57:34,480 thread data like the data that can 1693 00:57:33,359 --> 00:57:37,599 relate 1694 00:57:34,480 --> 00:57:40,480 like events observed by looking 1695 00:57:37,599 --> 00:57:41,520 like your customer logs okay that's your 1696 00:57:40,480 --> 00:57:43,280 thread data 1697 00:57:41,520 --> 00:57:46,000 then we have also these platforms and 1698 00:57:43,280 --> 00:57:48,000 feed guys like closed property 1699 00:57:46,000 --> 00:57:50,000 so your threat research and like your 1700 00:57:48,000 --> 00:57:52,799 these cti data it's 1701 00:57:50,000 --> 00:57:54,160 it's made available as a like paid 1702 00:57:52,799 --> 00:57:56,720 subscription basis right 1703 00:57:54,160 --> 00:57:58,079 you have seen this fire i and this ibm 1704 00:57:56,720 --> 00:57:59,599 x4 so like you 1705 00:57:58,079 --> 00:58:01,119 put up a price for that and they'll be 1706 00:57:59,599 --> 00:58:03,760 doing these strategies for you 1707 00:58:01,119 --> 00:58:05,280 right then obviously this academic as 1708 00:58:03,760 --> 00:58:06,880 well academy journals you can see their 1709 00:58:05,280 --> 00:58:09,040 papers and all those things 1710 00:58:06,880 --> 00:58:10,480 right other like platforms from there 1711 00:58:09,040 --> 00:58:11,520 you can use get these threat 1712 00:58:10,480 --> 00:58:13,040 intelligence right 1713 00:58:11,520 --> 00:58:14,240 these are the providers for all those 1714 00:58:13,040 --> 00:58:15,920 threat intelligence you can go for the 1715 00:58:14,240 --> 00:58:17,119 academic journals all these papers and 1716 00:58:15,920 --> 00:58:18,319 all those things they might have put an 1717 00:58:17,119 --> 00:58:21,359 article about it 1718 00:58:18,319 --> 00:58:23,599 social media pretty obvious right like 1719 00:58:21,359 --> 00:58:25,200 they they companies and like uh 1720 00:58:23,599 --> 00:58:25,920 individual researchers and practitioners 1721 00:58:25,200 --> 00:58:28,559 what they do 1722 00:58:25,920 --> 00:58:29,839 they write informative blogs or like on 1723 00:58:28,559 --> 00:58:32,160 the social media feeds 1724 00:58:29,839 --> 00:58:33,520 isn't it so you can always get those 1725 00:58:32,160 --> 00:58:35,200 sort of 1726 00:58:33,520 --> 00:58:36,480 intelligence from that particular area 1727 00:58:35,200 --> 00:58:37,280 from social media it's a pretty big 1728 00:58:36,480 --> 00:58:39,359 thing right 1729 00:58:37,280 --> 00:58:41,119 so you might have like even as of now 1730 00:58:39,359 --> 00:58:43,599 you guys might go through various 1731 00:58:41,119 --> 00:58:44,240 blogs and all those articles which might 1732 00:58:43,599 --> 00:58:46,559 help you 1733 00:58:44,240 --> 00:58:48,400 uh like gain all those threat 1734 00:58:46,559 --> 00:58:51,359 intelligence it is it 1735 00:58:48,400 --> 00:58:51,680 yeah perfect around the year ioc system 1736 00:58:51,359 --> 00:58:53,920 so 1737 00:58:51,680 --> 00:58:55,520 uh then there is conferences right so 1738 00:58:53,920 --> 00:58:56,079 like security conferences are always 1739 00:58:55,520 --> 00:58:57,599 being 1740 00:58:56,079 --> 00:58:59,119 hosted right and it's sponsored by 1741 00:58:57,599 --> 00:59:01,200 various institutes 1742 00:58:59,119 --> 00:59:02,640 isn't it and they they provide an 1743 00:59:01,200 --> 00:59:04,160 opportunity for presenting 1744 00:59:02,640 --> 00:59:06,319 presentation on the latest threats and 1745 00:59:04,160 --> 00:59:07,680 technologies right 1746 00:59:06,319 --> 00:59:10,079 these are your conferences from which 1747 00:59:07,680 --> 00:59:11,200 your like area from where you can go and 1748 00:59:10,079 --> 00:59:12,880 get all those 1749 00:59:11,200 --> 00:59:14,640 threat intelligence right then there is 1750 00:59:12,880 --> 00:59:17,760 a last one which is percent 1751 00:59:14,640 --> 00:59:18,400 open source intelligence right so some 1752 00:59:17,760 --> 00:59:20,880 companies 1753 00:59:18,400 --> 00:59:22,480 operate like intelligence services on an 1754 00:59:20,880 --> 00:59:25,040 open source basis as well 1755 00:59:22,480 --> 00:59:26,559 right so we'll show you that as well and 1756 00:59:25,040 --> 00:59:29,359 we'll also try a few tasks 1757 00:59:26,559 --> 00:59:30,319 on the basis of ocean as well okay guys 1758 00:59:29,359 --> 00:59:32,400 since you are asking about the 1759 00:59:30,319 --> 00:59:34,240 reputation guys reputations are elected 1760 00:59:32,400 --> 00:59:35,920 intelligence like regarding ip addresses 1761 00:59:34,240 --> 00:59:38,000 and all those domains 1762 00:59:35,920 --> 00:59:39,599 associated with your malicious behavior 1763 00:59:38,000 --> 00:59:42,000 okay and like even 1764 00:59:39,599 --> 00:59:42,960 regarding the signatures of your 1765 00:59:42,000 --> 00:59:44,480 malwares 1766 00:59:42,960 --> 00:59:46,000 so they falls under the reputation 1767 00:59:44,480 --> 00:59:48,559 threat intelligence 1768 00:59:46,000 --> 00:59:50,160 all right okay as always you mentioned 1769 00:59:48,559 --> 00:59:51,440 uh like as i mentioned uh 1770 00:59:50,160 --> 00:59:54,079 some companies they operate through 1771 00:59:51,440 --> 00:59:56,799 intelligence services on an open source 1772 00:59:54,079 --> 00:59:57,280 basis as well right so if i take you to 1773 00:59:56,799 --> 00:59:59,760 an 1774 00:59:57,280 --> 01:00:00,880 website ocean framework i guess everyone 1775 00:59:59,760 --> 01:00:03,599 knows knows about it 1776 01:00:00,880 --> 01:00:15,839 right for those who don't let me just 1777 01:00:03,599 --> 01:00:17,760 show you 1778 01:00:15,839 --> 01:00:19,359 okay if you go with the social framework 1779 01:00:17,760 --> 01:00:21,920 over here 1780 01:00:19,359 --> 01:00:23,680 right you can uh like search on the 1781 01:00:21,920 --> 01:00:24,319 respect of various things over here 1782 01:00:23,680 --> 01:00:25,920 right 1783 01:00:24,319 --> 01:00:28,640 this framework provide you lots of 1784 01:00:25,920 --> 01:00:30,319 options right lots of uh 1785 01:00:28,640 --> 01:00:32,079 crazy options you can go regarding these 1786 01:00:30,319 --> 01:00:34,319 things you can search out regarding any 1787 01:00:32,079 --> 01:00:35,200 any particular thing right so if i like 1788 01:00:34,319 --> 01:00:37,040 if you even 1789 01:00:35,200 --> 01:00:38,480 giving details about a person over here 1790 01:00:37,040 --> 01:00:39,839 right so if i click let's say if i'm 1791 01:00:38,480 --> 01:00:43,280 going with the email address 1792 01:00:39,839 --> 01:00:45,200 and respect email addre list of options 1793 01:00:43,280 --> 01:00:47,119 like email search common email formats 1794 01:00:45,200 --> 01:00:49,760 email verification bridge data 1795 01:00:47,119 --> 01:00:51,599 mail blacklist all those things so even 1796 01:00:49,760 --> 01:00:53,920 if i click on email search 1797 01:00:51,599 --> 01:00:54,880 right it will be giving throughout more 1798 01:00:53,920 --> 01:00:58,160 tools over here 1799 01:00:54,880 --> 01:01:01,280 right that's the one to email to address 1800 01:00:58,160 --> 01:01:04,319 pip pl right regarding people's right 1801 01:01:01,280 --> 01:01:05,839 the harvester in foga male db 1802 01:01:04,319 --> 01:01:07,280 and very small right so if i even go 1803 01:01:05,839 --> 01:01:07,920 with the hunter it'll be just hoping 1804 01:01:07,280 --> 01:01:09,920 that 1805 01:01:07,920 --> 01:01:11,760 letting a particular platform for you so 1806 01:01:09,920 --> 01:01:12,640 in respect to domain names you can just 1807 01:01:11,760 --> 01:01:15,760 find out the 1808 01:01:12,640 --> 01:01:17,440 email address over here right so that's 1809 01:01:15,760 --> 01:01:20,160 how your osint framework 1810 01:01:17,440 --> 01:01:21,599 can be utilized to gather more and more 1811 01:01:20,160 --> 01:01:23,359 intel in this regarding the thread 1812 01:01:21,599 --> 01:01:25,280 right so you can get that information 1813 01:01:23,359 --> 01:01:28,240 over here right 1814 01:01:25,280 --> 01:01:29,040 perfect so just giving a task over here 1815 01:01:28,240 --> 01:01:32,400 guys 1816 01:01:29,040 --> 01:01:35,440 a small task for now so task is 1817 01:01:32,400 --> 01:01:36,400 gather the email ids okay gather email 1818 01:01:35,440 --> 01:01:39,839 ids 1819 01:01:36,400 --> 01:01:39,839 and respect to domain 1820 01:01:41,680 --> 01:01:44,400 intersect 1821 01:01:45,040 --> 01:01:52,000 pain dot com 1822 01:01:48,319 --> 01:01:54,079 okay all right let's do one thing let's 1823 01:01:52,000 --> 01:01:55,839 put it on a hole uh let me show you one 1824 01:01:54,079 --> 01:01:57,039 more thing since we brought up hosting 1825 01:01:55,839 --> 01:01:59,680 and all those 1826 01:01:57,039 --> 01:02:01,119 techniques so even like ocean framework 1827 01:01:59,680 --> 01:02:02,720 we have been using over here 1828 01:02:01,119 --> 01:02:04,160 even guys your google is more than 1829 01:02:02,720 --> 01:02:06,160 enough to 1830 01:02:04,160 --> 01:02:08,079 like pretty much good utility to give 1831 01:02:06,160 --> 01:02:09,359 you a lot of information out there 1832 01:02:08,079 --> 01:02:10,880 right so basically what you do with the 1833 01:02:09,359 --> 01:02:12,400 ocean you narrow down all your search 1834 01:02:10,880 --> 01:02:15,359 over here right 1835 01:02:12,400 --> 01:02:17,119 so with the help of google you can do 1836 01:02:15,359 --> 01:02:20,720 that as well 1837 01:02:17,119 --> 01:02:23,200 correct so uh you can search in various 1838 01:02:20,720 --> 01:02:23,760 respects or in various aspects over here 1839 01:02:23,200 --> 01:02:26,960 all right 1840 01:02:23,760 --> 01:02:27,839 like uh for say if you want to find any 1841 01:02:26,960 --> 01:02:30,079 uh 1842 01:02:27,839 --> 01:02:31,520 pdf formats only like if you want to 1843 01:02:30,079 --> 01:02:34,799 search the let's say if 1844 01:02:31,520 --> 01:02:36,319 i'm let's say 1845 01:02:34,799 --> 01:02:38,079 all right okay let's say i click on 1846 01:02:36,319 --> 01:02:40,720 security plus right 1847 01:02:38,079 --> 01:02:42,079 the things you can see guys uh it's the 1848 01:02:40,720 --> 01:02:44,480 black thing which is mentioned over here 1849 01:02:42,079 --> 01:02:47,520 it's a url isn't it 1850 01:02:44,480 --> 01:02:48,880 correct these are the you are the black 1851 01:02:47,520 --> 01:02:52,000 one at the top one 1852 01:02:48,880 --> 01:02:53,520 right and if you see the blue one which 1853 01:02:52,000 --> 01:02:54,400 is being highlighted these are known as 1854 01:02:53,520 --> 01:02:58,000 your 1855 01:02:54,400 --> 01:02:59,760 titles right these are your titles 1856 01:02:58,000 --> 01:03:01,839 and if you can see over here the below 1857 01:02:59,760 --> 01:03:03,599 format which is it establishes the core 1858 01:03:01,839 --> 01:03:05,039 knowledge required by the file any cyber 1859 01:03:03,599 --> 01:03:08,480 security role and provides a site 1860 01:03:05,039 --> 01:03:11,200 springboard and also these are your text 1861 01:03:08,480 --> 01:03:12,640 isn't it so you can search in respect to 1862 01:03:11,200 --> 01:03:13,920 that and you can just narrow down your 1863 01:03:12,640 --> 01:03:16,640 results over here right 1864 01:03:13,920 --> 01:03:18,960 you can see 38 uh like lacks of results 1865 01:03:16,640 --> 01:03:22,640 are over here like you can do what 1866 01:03:18,960 --> 01:03:26,799 you can refine your search in respect to 1867 01:03:22,640 --> 01:03:26,799 url right if i hit this 1868 01:03:26,960 --> 01:03:31,839 oh this one is required 1869 01:03:31,920 --> 01:03:39,520 perfect so what it will be doing 1870 01:03:35,920 --> 01:03:39,520 the megan spelling stick over here 1871 01:03:39,599 --> 01:03:45,599 okay don't worry so basically it will be 1872 01:03:42,960 --> 01:03:46,559 uh searching out all those things 1873 01:03:45,599 --> 01:03:49,119 respect to your 1874 01:03:46,559 --> 01:03:49,599 url base right so if you can notice like 1875 01:03:49,119 --> 01:03:52,720 if i 1876 01:03:49,599 --> 01:03:54,559 iron in url security so it will be just 1877 01:03:52,720 --> 01:03:56,960 searching for this particular word in 1878 01:03:54,559 --> 01:03:58,240 your url part right 1879 01:03:56,960 --> 01:04:00,720 so you can see it narrowed down the 1880 01:03:58,240 --> 01:04:02,400 results from 38 lakh to like 1881 01:04:00,720 --> 01:04:04,000 seven eight seven lakh eighty five 1882 01:04:02,400 --> 01:04:06,319 thousand right so we just 1883 01:04:04,000 --> 01:04:07,119 cut it down the whole uh search scenario 1884 01:04:06,319 --> 01:04:09,119 over here 1885 01:04:07,119 --> 01:04:10,799 if you can like uh closely the url is 1886 01:04:09,119 --> 01:04:12,240 having security so each and every like 1887 01:04:10,799 --> 01:04:13,039 in your first page at least uh you will 1888 01:04:12,240 --> 01:04:15,119 be having all those 1889 01:04:13,039 --> 01:04:16,799 url which will be having each security 1890 01:04:15,119 --> 01:04:18,400 as a word in there 1891 01:04:16,799 --> 01:04:20,720 right so you can always play around with 1892 01:04:18,400 --> 01:04:22,400 it you can even mention the in title 1893 01:04:20,720 --> 01:04:24,480 so now in title what will be happening 1894 01:04:22,400 --> 01:04:27,760 it will be searching respect to a title 1895 01:04:24,480 --> 01:04:30,079 having security word in it right 1896 01:04:27,760 --> 01:04:30,880 so you can see security security will be 1897 01:04:30,079 --> 01:04:33,280 or the word 1898 01:04:30,880 --> 01:04:34,960 present in your title out there so it 1899 01:04:33,280 --> 01:04:35,680 will be reflecting all those results for 1900 01:04:34,960 --> 01:04:39,920 you 1901 01:04:35,680 --> 01:04:41,039 in which security is mentioned over the 1902 01:04:39,920 --> 01:04:43,039 title part 1903 01:04:41,039 --> 01:04:44,400 right so you can see it narrowed down 1904 01:04:43,039 --> 01:04:45,039 your results so similarly you can do 1905 01:04:44,400 --> 01:04:47,440 with the text 1906 01:04:45,039 --> 01:04:47,440 as well 1907 01:04:50,319 --> 01:04:54,640 so you will find this security part in 1908 01:04:53,520 --> 01:04:57,920 the 1909 01:04:54,640 --> 01:04:57,920 text one okay 1910 01:04:58,160 --> 01:05:01,920 so you can see you you are getting a lot 1911 01:05:00,160 --> 01:05:05,039 of results out here 1912 01:05:01,920 --> 01:05:06,559 but initially we were having 38 lakhs 1913 01:05:05,039 --> 01:05:08,720 format right 1914 01:05:06,559 --> 01:05:10,720 like our research or the results out 1915 01:05:08,720 --> 01:05:12,160 here 38 lakh but what we did we narrowed 1916 01:05:10,720 --> 01:05:15,520 down each and everything over here 1917 01:05:12,160 --> 01:05:16,160 so we we reduced our this labor work you 1918 01:05:15,520 --> 01:05:18,319 can say 1919 01:05:16,160 --> 01:05:19,760 right and we are like doing what we are 1920 01:05:18,319 --> 01:05:22,960 uh doing it very in a 1921 01:05:19,760 --> 01:05:24,559 smart way around right this whole google 1922 01:05:22,960 --> 01:05:25,520 thing this is also known as a google 1923 01:05:24,559 --> 01:05:28,319 docs you can say 1924 01:05:25,520 --> 01:05:30,000 do rks right google docs so there is 1925 01:05:28,319 --> 01:05:31,520 whole data feed or the database 1926 01:05:30,000 --> 01:05:32,960 regarding people what they do they 1927 01:05:31,520 --> 01:05:33,599 mention all their techniques and all 1928 01:05:32,960 --> 01:05:36,079 these 1929 01:05:33,599 --> 01:05:38,079 fancy way you can say or the smart way 1930 01:05:36,079 --> 01:05:39,920 around to play around your google and 1931 01:05:38,079 --> 01:05:41,839 get you the desired results out here 1932 01:05:39,920 --> 01:05:42,880 right so that's a whole different 1933 01:05:41,839 --> 01:05:45,039 database of the 1934 01:05:42,880 --> 01:05:46,720 google doc so you can also put it around 1935 01:05:45,039 --> 01:05:49,440 like if you want to file uh 1936 01:05:46,720 --> 01:05:50,559 only the pdf files over here so file 1937 01:05:49,440 --> 01:05:52,640 type is the option 1938 01:05:50,559 --> 01:05:53,680 right you can just mention it and giving 1939 01:05:52,640 --> 01:05:56,720 out the results 1940 01:05:53,680 --> 01:05:58,960 regarding your pdfs only 1941 01:05:56,720 --> 01:05:58,960 okay 1942 01:06:00,240 --> 01:06:05,839 oh boy 1943 01:06:06,720 --> 01:06:10,400 all right so you can see pdf pdf pdf is 1944 01:06:08,880 --> 01:06:10,880 mentioned over here so if i click on any 1945 01:06:10,400 --> 01:06:12,960 one 1946 01:06:10,880 --> 01:06:13,920 it will be prompting up an option to 1947 01:06:12,960 --> 01:06:15,440 download these 1948 01:06:13,920 --> 01:06:17,280 all those files so you'll be just 1949 01:06:15,440 --> 01:06:18,240 getting the results as an outcome over 1950 01:06:17,280 --> 01:06:21,440 here which are the 1951 01:06:18,240 --> 01:06:24,000 pdf ones right you can see 1952 01:06:21,440 --> 01:06:25,520 it's a pdf for you isn't it so this is 1953 01:06:24,000 --> 01:06:26,400 like the way you play around with all 1954 01:06:25,520 --> 01:06:29,680 those techniques 1955 01:06:26,400 --> 01:06:32,160 in your google right so you do what you 1956 01:06:29,680 --> 01:06:33,599 search for a particular thing in these 1957 01:06:32,160 --> 01:06:35,280 ways rather than just typing whole 1958 01:06:33,599 --> 01:06:37,359 portion or whole thing over here 1959 01:06:35,280 --> 01:06:39,039 you just make it more smartly you play 1960 01:06:37,359 --> 01:06:41,920 around with it and try to 1961 01:06:39,039 --> 01:06:42,640 gather information over here all right 1962 01:06:41,920 --> 01:06:46,319 okay 1963 01:06:42,640 --> 01:06:48,720 so uh i hope this is clear to everyone 1964 01:06:46,319 --> 01:06:49,839 okay so that brings us to back to the 1965 01:06:48,720 --> 01:06:52,000 challenge guys 1966 01:06:49,839 --> 01:06:53,440 all right so if you can look over here 1967 01:06:52,000 --> 01:06:57,680 how i use it 1968 01:06:53,440 --> 01:06:59,359 so i want you to find email ids 1969 01:06:57,680 --> 01:07:01,599 about like of infosect train with 1970 01:06:59,359 --> 01:07:04,640 respect to this domain name 1971 01:07:01,599 --> 01:07:07,280 okay perfect so 1972 01:07:04,640 --> 01:07:08,160 just to mention i what i prefer to go 1973 01:07:07,280 --> 01:07:11,680 with 1974 01:07:08,160 --> 01:07:12,880 is something okay i have to pause the 1975 01:07:11,680 --> 01:07:14,240 screen for a minute because i have to 1976 01:07:12,880 --> 01:07:17,280 enter my credentials 1977 01:07:14,240 --> 01:07:18,559 right so just give me okay so as you can 1978 01:07:17,280 --> 01:07:20,720 see over here uh 1979 01:07:18,559 --> 01:07:22,160 this is one of those utility or tool you 1980 01:07:20,720 --> 01:07:25,119 can say right 1981 01:07:22,160 --> 01:07:26,240 snug dot io you can go with it okay all 1982 01:07:25,119 --> 01:07:28,640 it need is 1983 01:07:26,240 --> 01:07:29,760 your this registration okay so you can 1984 01:07:28,640 --> 01:07:31,520 just log in over here 1985 01:07:29,760 --> 01:07:33,359 so if i can if i can show you this if 1986 01:07:31,520 --> 01:07:35,280 you are able to see find emails you can 1987 01:07:33,359 --> 01:07:38,000 go with the domain search 1988 01:07:35,280 --> 01:07:42,640 right and if i type the domain name over 1989 01:07:38,000 --> 01:07:45,280 here let's say infosec train for now 1990 01:07:42,640 --> 01:07:46,720 it's already already giving you this a 1991 01:07:45,280 --> 01:07:48,720 drop down option and you can see the 1992 01:07:46,720 --> 01:07:50,400 prospects are 29. 1993 01:07:48,720 --> 01:07:54,000 so if you click on this you can see all 1994 01:07:50,400 --> 01:07:55,599 domain emails if i click over here guys 1995 01:07:54,000 --> 01:07:57,440 can you see how we are getting a pretty 1996 01:07:55,599 --> 01:07:59,680 big list out here regarding the emails 1997 01:07:57,440 --> 01:08:02,400 and i can just assure you these are the 1998 01:07:59,680 --> 01:08:02,400 valid ones 1999 01:08:03,520 --> 01:08:09,359 right so there are various ways uh you 2000 01:08:07,760 --> 01:08:11,760 might have gone to the google 2001 01:08:09,359 --> 01:08:12,799 like or searching for the social media 2002 01:08:11,760 --> 01:08:15,039 platforms 2003 01:08:12,799 --> 01:08:16,400 right even this uh webinar one you got 2004 01:08:15,039 --> 01:08:18,319 my email id 2005 01:08:16,400 --> 01:08:20,400 right of the mails and all those bits 2006 01:08:18,319 --> 01:08:21,920 from all those promotions out there so 2007 01:08:20,400 --> 01:08:23,359 that's a pretty good way right that's 2008 01:08:21,920 --> 01:08:23,679 the technical you are doing over here 2009 01:08:23,359 --> 01:08:25,759 this 2010 01:08:23,679 --> 01:08:26,799 you are strategizing your things over 2011 01:08:25,759 --> 01:08:27,920 here right 2012 01:08:26,799 --> 01:08:29,520 you are gathering as much as the 2013 01:08:27,920 --> 01:08:29,920 information you can like you are then 2014 01:08:29,520 --> 01:08:31,359 you are 2015 01:08:29,920 --> 01:08:33,279 doing what you are narrowing it down you 2016 01:08:31,359 --> 01:08:33,920 are playing now uh smart around here 2017 01:08:33,279 --> 01:08:36,159 right 2018 01:08:33,920 --> 01:08:37,040 so typically uh if you talk about these 2019 01:08:36,159 --> 01:08:39,679 tools they are locked 2020 01:08:37,040 --> 01:08:41,839 out out there like as you mentioned the 2021 01:08:39,679 --> 01:08:43,600 hunter dot io it's one of them 2022 01:08:41,839 --> 01:08:45,040 right so you can use this ocean 2023 01:08:43,600 --> 01:08:47,120 framework as well 2024 01:08:45,040 --> 01:08:48,719 right you may be for the subscription 2025 01:08:47,120 --> 01:08:50,719 base but it's generally free 2026 01:08:48,719 --> 01:08:52,159 so it may not always give you the 2027 01:08:50,719 --> 01:08:53,920 results okay that depends on 2028 01:08:52,159 --> 01:08:56,640 organizational organization but 2029 01:08:53,920 --> 01:08:58,640 uh it's like i would say a good 2030 01:08:56,640 --> 01:09:01,679 promising website not all time but 2031 01:08:58,640 --> 01:09:04,080 it gives you all those things okay 2032 01:09:01,679 --> 01:09:05,120 so this task we got a pretty good hit 2033 01:09:04,080 --> 01:09:08,319 over here isn't it 2034 01:09:05,120 --> 01:09:09,839 we got like 28 emails out there and 2035 01:09:08,319 --> 01:09:12,080 these are the valid ones i can 2036 01:09:09,839 --> 01:09:13,600 assure you okay i guess this was a 2037 01:09:12,080 --> 01:09:15,359 pretty much interesting task 2038 01:09:13,600 --> 01:09:16,640 okay so for now i guess this thing is 2039 01:09:15,359 --> 01:09:19,679 clear right 2040 01:09:16,640 --> 01:09:21,600 so after this we'll be moving on to the 2041 01:09:19,679 --> 01:09:24,880 next one which is your 2042 01:09:21,600 --> 01:09:26,560 malwares so uh guys what do you 2043 01:09:24,880 --> 01:09:29,920 understand by the term malware 2044 01:09:26,560 --> 01:09:32,159 so basically guys uh malware take this 2045 01:09:29,920 --> 01:09:32,159 term 2046 01:09:32,839 --> 01:09:36,880 mal and the 2047 01:09:34,880 --> 01:09:37,920 where right you can just divide into two 2048 01:09:36,880 --> 01:09:41,440 portions 2049 01:09:37,920 --> 01:09:41,440 right so mal is in 2050 01:09:42,319 --> 01:09:45,679 malicious right 2051 01:09:46,400 --> 01:09:51,120 the malicious whereas in 2052 01:09:53,759 --> 01:09:58,560 software isn't it so any software which 2053 01:09:56,719 --> 01:10:02,800 is there with an intent to harm 2054 01:09:58,560 --> 01:10:04,719 is known as your malware right guys 2055 01:10:02,800 --> 01:10:06,719 so malware is a like you can say a 2056 01:10:04,719 --> 01:10:07,760 catch-all term for any type of malicious 2057 01:10:06,719 --> 01:10:11,520 software 2058 01:10:07,760 --> 01:10:14,560 which is designed to harm or exploit any 2059 01:10:11,520 --> 01:10:17,679 programmable device your service 2060 01:10:14,560 --> 01:10:19,440 or network right so these cyber 2061 01:10:17,679 --> 01:10:19,920 criminals you can say they typically use 2062 01:10:19,440 --> 01:10:23,040 it to 2063 01:10:19,920 --> 01:10:26,080 extract data that can like help them 2064 01:10:23,040 --> 01:10:29,120 to that they can leverage over victims 2065 01:10:26,080 --> 01:10:32,239 for financial gain right and any other 2066 01:10:29,120 --> 01:10:34,400 personal benefit out of it right so 2067 01:10:32,239 --> 01:10:36,159 it can like damage the financial data 2068 01:10:34,400 --> 01:10:38,239 your healthcare records 2069 01:10:36,159 --> 01:10:39,440 your personal emails and passwords they 2070 01:10:38,239 --> 01:10:41,679 can get all those pi 2071 01:10:39,440 --> 01:10:43,520 out of it right so they compromise all 2072 01:10:41,679 --> 01:10:45,679 your information right you can say 2073 01:10:43,520 --> 01:10:47,199 in short right all those they take all 2074 01:10:45,679 --> 01:10:49,600 those leverages and 2075 01:10:47,199 --> 01:10:51,360 gain any in terms of financially like 2076 01:10:49,600 --> 01:10:54,400 they will be asking for the monies 2077 01:10:51,360 --> 01:10:55,199 and many more isn't it so typically uh 2078 01:10:54,400 --> 01:10:56,800 like there are 2079 01:10:55,199 --> 01:10:58,560 plenty more like malwares out there 2080 01:10:56,800 --> 01:11:01,920 various type of malwares 2081 01:10:58,560 --> 01:11:04,560 so few bits of them are like your 2082 01:11:01,920 --> 01:11:06,560 virus isn't it so if we talk about them 2083 01:11:04,560 --> 01:11:09,600 the types of malwares are like a virus 2084 01:11:06,560 --> 01:11:13,120 worms trojan right here root kits 2085 01:11:09,600 --> 01:11:13,520 and your keylogger right so if we talk 2086 01:11:13,120 --> 01:11:16,640 about 2087 01:11:13,520 --> 01:11:17,440 virus right what is a virus guys so 2088 01:11:16,640 --> 01:11:20,719 basically guys 2089 01:11:17,440 --> 01:11:23,199 your virus stands for 2090 01:11:20,719 --> 01:11:23,199 vital 2091 01:11:25,600 --> 01:11:28,400 information 2092 01:11:28,960 --> 01:11:34,800 right vital information resources 2093 01:11:38,840 --> 01:11:44,719 under 2094 01:11:41,679 --> 01:11:47,760 c's right 2095 01:11:44,719 --> 01:11:49,920 exactly bjn i mean perfect great so 2096 01:11:47,760 --> 01:11:51,360 it is a type of malware right so it 2097 01:11:49,920 --> 01:11:52,239 stands for vital information resource 2098 01:11:51,360 --> 01:11:54,440 underseas 2099 01:11:52,239 --> 01:11:56,239 so i guess this full form is 2100 01:11:54,440 --> 01:11:58,320 self-explanatory as well right 2101 01:11:56,239 --> 01:12:01,760 so what it does it seizes all the 2102 01:11:58,320 --> 01:12:04,400 information resources that are in your 2103 01:12:01,760 --> 01:12:04,800 system right so it works in multiple 2104 01:12:04,400 --> 01:12:06,800 ways 2105 01:12:04,800 --> 01:12:08,159 like whenever you feel like your system 2106 01:12:06,800 --> 01:12:09,840 is low 2107 01:12:08,159 --> 01:12:12,000 like do you see your system might be 2108 01:12:09,840 --> 01:12:14,400 infected by virus 2109 01:12:12,000 --> 01:12:15,920 isn't it so your information are seized 2110 01:12:14,400 --> 01:12:17,280 basically which makes it slow isn't it 2111 01:12:15,920 --> 01:12:21,920 so effect about 2112 01:12:17,280 --> 01:12:21,920 virus sees 2113 01:12:23,280 --> 01:12:26,640 okay so a fact about virus the very 2114 01:12:25,520 --> 01:12:29,199 first virus 2115 01:12:26,640 --> 01:12:31,199 was with the name brain it was created 2116 01:12:29,199 --> 01:12:34,000 by these two pakistani brothers 2117 01:12:31,199 --> 01:12:35,600 okay so like remember virus like 2118 01:12:34,000 --> 01:12:38,159 moreover it will be like a comparison 2119 01:12:35,600 --> 01:12:39,840 between virus and voms okay so virus can 2120 01:12:38,159 --> 01:12:42,320 replicate themselves 2121 01:12:39,840 --> 01:12:43,280 but they can only replicate themselves 2122 01:12:42,320 --> 01:12:46,800 within a 2123 01:12:43,280 --> 01:12:48,320 system right that means virus won't be 2124 01:12:46,800 --> 01:12:51,280 able to travel in a 2125 01:12:48,320 --> 01:12:52,000 network so let's say if all of us are 2126 01:12:51,280 --> 01:12:54,560 sitting 2127 01:12:52,000 --> 01:12:55,600 on a same room guys and even we are like 2128 01:12:54,560 --> 01:12:58,880 connected to the same 2129 01:12:55,600 --> 01:13:01,120 wi-fi person and if one of our system is 2130 01:12:58,880 --> 01:13:03,679 infected with a virus 2131 01:13:01,120 --> 01:13:04,880 that won't mean that all of us will get 2132 01:13:03,679 --> 01:13:08,159 infected with that 2133 01:13:04,880 --> 01:13:10,159 virus okay that won't 2134 01:13:08,159 --> 01:13:12,000 mean that all of us will get infected 2135 01:13:10,159 --> 01:13:13,120 with that virus that means it will 2136 01:13:12,000 --> 01:13:14,960 replicate 2137 01:13:13,120 --> 01:13:16,239 like it will replicate within a system 2138 01:13:14,960 --> 01:13:19,679 but not in the 2139 01:13:16,239 --> 01:13:22,560 network all right that's your perfect 2140 01:13:19,679 --> 01:13:23,920 so then we have your warm which brings 2141 01:13:22,560 --> 01:13:25,280 us to the warmth what do you understand 2142 01:13:23,920 --> 01:13:27,600 by warms guys 2143 01:13:25,280 --> 01:13:29,120 so these are like you can differentiate 2144 01:13:27,600 --> 01:13:29,920 with this basis only with the virus and 2145 01:13:29,120 --> 01:13:32,800 warm right 2146 01:13:29,920 --> 01:13:35,040 so like thing is like with virus like it 2147 01:13:32,800 --> 01:13:36,719 can replicate itself but in a 2148 01:13:35,040 --> 01:13:38,640 particular system right but when we talk 2149 01:13:36,719 --> 01:13:41,760 about warm it can replicate 2150 01:13:38,640 --> 01:13:43,920 itself in the network that means 2151 01:13:41,760 --> 01:13:45,440 like taking the same example right if we 2152 01:13:43,920 --> 01:13:47,840 are considering we all are sitting on a 2153 01:13:45,440 --> 01:13:49,920 same network right attached to uh 2154 01:13:47,840 --> 01:13:52,400 connected to the same wi-fi so if one 2155 01:13:49,920 --> 01:13:54,000 system is infected with a warm 2156 01:13:52,400 --> 01:13:56,080 taking the same consideration of the 2157 01:13:54,000 --> 01:13:57,520 example right it means everyone like 2158 01:13:56,080 --> 01:13:59,840 or like those who are currently in the 2159 01:13:57,520 --> 01:14:00,640 same network like the odds are very high 2160 01:13:59,840 --> 01:14:04,239 over here 2161 01:14:00,640 --> 01:14:07,040 that others can get infected through a 2162 01:14:04,239 --> 01:14:08,640 bomb so that's a basic difference 2163 01:14:07,040 --> 01:14:10,719 between your worms and 2164 01:14:08,640 --> 01:14:12,400 while it's right it propagates copies of 2165 01:14:10,719 --> 01:14:14,000 itself through one network from one 2166 01:14:12,400 --> 01:14:17,280 computer to 2167 01:14:14,000 --> 01:14:19,920 another right then we have guys uh your 2168 01:14:17,280 --> 01:14:20,719 trojan right so you know trojan what are 2169 01:14:19,920 --> 01:14:22,400 trojan 2170 01:14:20,719 --> 01:14:24,000 so these are general looking files which 2171 01:14:22,400 --> 01:14:26,239 tend to give you a backdoor 2172 01:14:24,000 --> 01:14:27,920 access right so it's a type of malicious 2173 01:14:26,239 --> 01:14:28,640 code or software that looks legitimately 2174 01:14:27,920 --> 01:14:32,400 made but 2175 01:14:28,640 --> 01:14:34,880 can take control of your system right 2176 01:14:32,400 --> 01:14:36,080 with uh putting up a trojan horse or not 2177 01:14:34,880 --> 01:14:39,280 trojan malware 2178 01:14:36,080 --> 01:14:41,120 attackers can control like whole 2179 01:14:39,280 --> 01:14:42,640 system of yours right that gives your 2180 01:14:41,120 --> 01:14:44,560 back door on your computer 2181 01:14:42,640 --> 01:14:46,080 and it lets an attacker access your 2182 01:14:44,560 --> 01:14:48,719 computer and 2183 01:14:46,080 --> 01:14:50,560 control it right then you have guys 2184 01:14:48,719 --> 01:14:51,679 another one which is your 2185 01:14:50,560 --> 01:14:53,920 key logger what do you understand about 2186 01:14:51,679 --> 01:14:55,600 the term keylogger like keylogger tools 2187 01:14:53,920 --> 01:14:57,840 can either be hardware or software meant 2188 01:14:55,600 --> 01:14:59,760 to automate the process of keystroke 2189 01:14:57,840 --> 01:15:01,280 login absolutely so whatever keystrokes 2190 01:14:59,760 --> 01:15:03,679 you are making in your system 2191 01:15:01,280 --> 01:15:04,560 it locks those keystrokes and sent to 2192 01:15:03,679 --> 01:15:07,440 the 2193 01:15:04,560 --> 01:15:08,640 remote location isn't it so like it can 2194 01:15:07,440 --> 01:15:10,719 be helpful like 2195 01:15:08,640 --> 01:15:12,560 like it can be like a spyware tool which 2196 01:15:10,719 --> 01:15:15,920 are used by your cyber criminals 2197 01:15:12,560 --> 01:15:17,120 so they can steal your pii pii is in 2198 01:15:15,920 --> 01:15:19,440 your 2199 01:15:17,120 --> 01:15:21,120 personally identifiable or viable 2200 01:15:19,440 --> 01:15:23,760 information right like your 2201 01:15:21,120 --> 01:15:25,199 email ids mobile numbers like if you're 2202 01:15:23,760 --> 01:15:27,280 like based out of u.s 2203 01:15:25,199 --> 01:15:29,360 social security number you talk about 2204 01:15:27,280 --> 01:15:32,560 india it's like your aadhaar card and 2205 01:15:29,360 --> 01:15:35,440 all those bits right so those are your 2206 01:15:32,560 --> 01:15:36,000 pia personally identifiable information 2207 01:15:35,440 --> 01:15:38,239 right 2208 01:15:36,000 --> 01:15:40,159 these tools record the data sent by 2209 01:15:38,239 --> 01:15:42,560 every key stroke 2210 01:15:40,159 --> 01:15:44,080 like into a text file to be retrieved at 2211 01:15:42,560 --> 01:15:47,280 the late time 2212 01:15:44,080 --> 01:15:47,920 that's your keylogger right then you 2213 01:15:47,280 --> 01:15:50,000 have 2214 01:15:47,920 --> 01:15:51,360 talking about the trojans right like 2215 01:15:50,000 --> 01:15:53,760 they similarly work like a 2216 01:15:51,360 --> 01:15:55,600 root kit regarding root kit you know 2217 01:15:53,760 --> 01:15:56,400 like these root kits are like put up in 2218 01:15:55,600 --> 01:15:58,159 your 2219 01:15:56,400 --> 01:15:59,600 hard drives or in your mbr you can say 2220 01:15:58,159 --> 01:16:02,719 right when they give you the backdrop 2221 01:15:59,600 --> 01:16:04,400 access over there right so 2222 01:16:02,719 --> 01:16:06,000 rootkits are not generally looking files 2223 01:16:04,400 --> 01:16:07,440 but you can put it on the 2224 01:16:06,000 --> 01:16:09,600 hardware on your operating system the 2225 01:16:07,440 --> 01:16:10,239 mbr must boot record right in your hard 2226 01:16:09,600 --> 01:16:13,840 disk 2227 01:16:10,239 --> 01:16:16,239 which holds all those boot loader 2228 01:16:13,840 --> 01:16:17,199 your this partition table you know the 2229 01:16:16,239 --> 01:16:18,719 partition tables 2230 01:16:17,199 --> 01:16:20,320 right when you you might have seen this 2231 01:16:18,719 --> 01:16:22,880 thing whenever you try to 2232 01:16:20,320 --> 01:16:23,920 uh set up a new window in your machine 2233 01:16:22,880 --> 01:16:26,000 in your system right 2234 01:16:23,920 --> 01:16:27,199 it always asks like uh regarding the 2235 01:16:26,000 --> 01:16:29,120 partitions of those 2236 01:16:27,199 --> 01:16:30,880 spaces right the c drive d drive and 2237 01:16:29,120 --> 01:16:32,320 everything isn't it you might have seen 2238 01:16:30,880 --> 01:16:34,159 that thing 2239 01:16:32,320 --> 01:16:36,400 right so basically attract that 2240 01:16:34,159 --> 01:16:38,960 particular portion for you 2241 01:16:36,400 --> 01:16:40,400 okay so you can do what like someone is 2242 01:16:38,960 --> 01:16:41,600 oh okay you 2243 01:16:40,400 --> 01:16:43,520 like you know you would give the 2244 01:16:41,600 --> 01:16:45,600 bootable pen drive and all those bits to 2245 01:16:43,520 --> 01:16:46,880 uh install the windows and every bit so 2246 01:16:45,600 --> 01:16:48,640 you what if like 2247 01:16:46,880 --> 01:16:50,320 i'm an attacker and like i'm putting up 2248 01:16:48,640 --> 01:16:52,960 all those things and all those 2249 01:16:50,320 --> 01:16:53,600 bootable files right and so if anyone's 2250 01:16:52,960 --> 01:16:55,600 trying to 2251 01:16:53,600 --> 01:16:57,520 put up a windows through that one dive 2252 01:16:55,600 --> 01:17:00,239 or the usb drive which i've given 2253 01:16:57,520 --> 01:17:00,719 yeah perfect jonathan so it can just 2254 01:17:00,239 --> 01:17:03,120 this 2255 01:17:00,719 --> 01:17:04,480 rotate will be given to uh through that 2256 01:17:03,120 --> 01:17:06,640 as well and it can just 2257 01:17:04,480 --> 01:17:07,520 give me the control so very good example 2258 01:17:06,640 --> 01:17:09,920 regarding this would be 2259 01:17:07,520 --> 01:17:11,280 like lenovo if you remember lenovo they 2260 01:17:09,920 --> 01:17:14,000 had to withdraw your 2261 01:17:11,280 --> 01:17:14,480 around like you can say 65 000 computer 2262 01:17:14,000 --> 01:17:16,719 or so 2263 01:17:14,480 --> 01:17:18,239 from the market have you read anything 2264 01:17:16,719 --> 01:17:20,400 regarding this thing 2265 01:17:18,239 --> 01:17:21,760 uh lenin will be drawing okay so back 2266 01:17:20,400 --> 01:17:24,159 somewhere a couple of years 2267 01:17:21,760 --> 01:17:25,679 they had to withdraw those let's say 65 2268 01:17:24,159 --> 01:17:27,280 000 computers from the market and the 2269 01:17:25,679 --> 01:17:29,280 whole reason they had to withdraw those 2270 01:17:27,280 --> 01:17:31,360 systems from the market was 2271 01:17:29,280 --> 01:17:33,600 uh because they found that root kits in 2272 01:17:31,360 --> 01:17:35,520 the lenovo based system 2273 01:17:33,600 --> 01:17:37,199 right and then what happened lenovo had 2274 01:17:35,520 --> 01:17:38,480 to pull up like pull them up from the 2275 01:17:37,199 --> 01:17:40,640 market 2276 01:17:38,480 --> 01:17:41,679 okay so like if you talk about the 2277 01:17:40,640 --> 01:17:44,480 lenovo guys 2278 01:17:41,679 --> 01:17:45,679 they did this uh on a good intention 2279 01:17:44,480 --> 01:17:48,080 actually right 2280 01:17:45,679 --> 01:17:49,440 because you know they put up a back door 2281 01:17:48,080 --> 01:17:50,800 in their firmware and the reason they 2282 01:17:49,440 --> 01:17:52,080 put up a back door is like you know 2283 01:17:50,800 --> 01:17:53,920 there are a lot of people who call 2284 01:17:52,080 --> 01:17:55,760 customer care and who are 2285 01:17:53,920 --> 01:17:57,360 arguing about things like this system is 2286 01:17:55,760 --> 01:17:59,679 not working properly 2287 01:17:57,360 --> 01:18:00,960 right and these pop the and these people 2288 01:17:59,679 --> 01:18:02,640 are not the techy people 2289 01:18:00,960 --> 01:18:05,280 to be specially mentioned about that 2290 01:18:02,640 --> 01:18:06,960 right so we can say any example 2291 01:18:05,280 --> 01:18:08,560 or like any other person from any other 2292 01:18:06,960 --> 01:18:11,520 department who's not a techy one 2293 01:18:08,560 --> 01:18:12,719 right so taking any department which is 2294 01:18:11,520 --> 01:18:15,920 not of a techie 2295 01:18:12,719 --> 01:18:16,960 one right any like you say sales or or 2296 01:18:15,920 --> 01:18:19,360 say any 2297 01:18:16,960 --> 01:18:20,880 customization all those ones right so 2298 01:18:19,360 --> 01:18:22,480 what they do they 2299 01:18:20,880 --> 01:18:24,080 like they are rushing to the system 2300 01:18:22,480 --> 01:18:26,159 admin saying okay my keyboard is not 2301 01:18:24,080 --> 01:18:27,679 working it is typing differently and all 2302 01:18:26,159 --> 01:18:29,120 the system admin tells you that your 2303 01:18:27,679 --> 01:18:32,320 keyword has been changed from 2304 01:18:29,120 --> 01:18:34,239 the us to uk one isn't it so 2305 01:18:32,320 --> 01:18:36,640 that sort of like people i'm talking 2306 01:18:34,239 --> 01:18:39,120 about who don't know anything about this 2307 01:18:36,640 --> 01:18:40,719 technology right so these people what 2308 01:18:39,120 --> 01:18:42,400 they do they have complaints but they 2309 01:18:40,719 --> 01:18:43,120 don't know what exactly it is happening 2310 01:18:42,400 --> 01:18:44,960 in the back end 2311 01:18:43,120 --> 01:18:47,040 so what can be done in these sort of 2312 01:18:44,960 --> 01:18:47,920 cases is like lenovo they added a 2313 01:18:47,040 --> 01:18:50,480 rootkit 2314 01:18:47,920 --> 01:18:52,080 and whenever anyone use to complain 2315 01:18:50,480 --> 01:18:54,400 regarding anything in lenovo 2316 01:18:52,080 --> 01:18:55,280 what they do they used to take remote 2317 01:18:54,400 --> 01:18:56,960 access 2318 01:18:55,280 --> 01:18:59,360 of their system and they used to solve 2319 01:18:56,960 --> 01:19:01,440 their problem right people were happy 2320 01:18:59,360 --> 01:19:02,480 but think of it when attackers they came 2321 01:19:01,440 --> 01:19:04,320 to know about it but 2322 01:19:02,480 --> 01:19:05,840 this particular route get right would 2323 01:19:04,320 --> 01:19:08,560 they leave it 2324 01:19:05,840 --> 01:19:09,920 would they leave this advantage after 2325 01:19:08,560 --> 01:19:10,239 knowing okay root kit is installed in 2326 01:19:09,920 --> 01:19:12,560 this 2327 01:19:10,239 --> 01:19:13,760 uh system then like you can take the 2328 01:19:12,560 --> 01:19:16,640 back door excel out of that 2329 01:19:13,760 --> 01:19:18,159 so they started exploited it and then 2330 01:19:16,640 --> 01:19:20,320 lenovo just had to 2331 01:19:18,159 --> 01:19:22,719 take back all those laptops on the 2332 01:19:20,320 --> 01:19:23,920 market right so this was regarding your 2333 01:19:22,719 --> 01:19:26,159 route yet 2334 01:19:23,920 --> 01:19:27,360 okay there are many more as you guys are 2335 01:19:26,159 --> 01:19:29,840 constantly 2336 01:19:27,360 --> 01:19:30,880 mentioning them right one is a 2337 01:19:29,840 --> 01:19:37,840 ransomware 2338 01:19:30,880 --> 01:19:37,840 isn't it so guys what's a ransomware 2339 01:19:38,719 --> 01:19:43,280 so uh it asks for money what it does it 2340 01:19:41,040 --> 01:19:45,120 tends to encrypt your file and in return 2341 01:19:43,280 --> 01:19:47,920 they ask for money right 2342 01:19:45,120 --> 01:19:49,440 you give money and they decrypt the file 2343 01:19:47,920 --> 01:19:53,120 for you 2344 01:19:49,440 --> 01:19:56,640 isn't it okay then there is your guys uh 2345 01:19:53,120 --> 01:19:58,640 spyware as well what does the spyware do 2346 01:19:56,640 --> 01:20:01,040 like just a one liner would be enough 2347 01:19:58,640 --> 01:20:01,040 over here 2348 01:20:01,920 --> 01:20:05,440 so spyware whenever you hear the word 2349 01:20:03,520 --> 01:20:08,560 spyware always remember basically guys 2350 01:20:05,440 --> 01:20:10,880 your browser yeah browser having 2351 01:20:08,560 --> 01:20:11,840 habits yes naveen mentioned browsing 2352 01:20:10,880 --> 01:20:13,600 history 2353 01:20:11,840 --> 01:20:15,360 right so what they do they are browser 2354 01:20:13,600 --> 01:20:16,080 specific it can never affect your system 2355 01:20:15,360 --> 01:20:18,560 in a way 2356 01:20:16,080 --> 01:20:21,280 that it can take data through files okay 2357 01:20:18,560 --> 01:20:23,440 so it specifically attacks your browser 2358 01:20:21,280 --> 01:20:25,120 and steal your browser's history browser 2359 01:20:23,440 --> 01:20:29,600 caching and that's what your 2360 01:20:25,120 --> 01:20:32,800 spyware do yeah perfect 2361 01:20:29,600 --> 01:20:36,159 correct okay then there is what more 2362 01:20:32,800 --> 01:20:36,159 have you guys heard about adware 2363 01:20:38,880 --> 01:20:43,520 what's an adware so now always remember 2364 01:20:42,000 --> 01:20:44,639 when we are using the term edward guys 2365 01:20:43,520 --> 01:20:46,880 it merely create 2366 01:20:44,639 --> 01:20:48,400 hoaxes right although you can see the 2367 01:20:46,880 --> 01:20:50,000 false fitnesses 2368 01:20:48,400 --> 01:20:51,920 so you can see an ad we are saying a lot 2369 01:20:50,000 --> 01:20:53,520 of fancy things for you but it may end 2370 01:20:51,920 --> 01:20:55,440 up doing nothing for you right 2371 01:20:53,520 --> 01:20:56,639 so like whenever you visit torrent or a 2372 01:20:55,440 --> 01:20:59,360 website where you see 2373 01:20:56,639 --> 01:21:00,320 flashy pop-ups or all the time those 2374 01:20:59,360 --> 01:21:03,440 flashy pop-ups 2375 01:21:00,320 --> 01:21:05,120 are dangerous okay so what they do we 2376 01:21:03,440 --> 01:21:07,679 like so what we do we simply tend to 2377 01:21:05,120 --> 01:21:09,120 ignore like all those flashy pop-up of 2378 01:21:07,679 --> 01:21:10,400 times right because we know that they 2379 01:21:09,120 --> 01:21:12,080 are simply ads 2380 01:21:10,400 --> 01:21:15,920 even though that pop-up is saying that 2381 01:21:12,080 --> 01:21:19,280 your system is infected by any xyz virus 2382 01:21:15,920 --> 01:21:20,719 also right but something or anything 2383 01:21:19,280 --> 01:21:22,159 else but you know it's nothing more than 2384 01:21:20,719 --> 01:21:25,040 a flashy ad 2385 01:21:22,159 --> 01:21:26,719 okay so it create hoaxes right and like 2386 01:21:25,040 --> 01:21:28,639 it flashes or simply throw advertisement 2387 01:21:26,719 --> 01:21:30,400 in your in front of you 2388 01:21:28,639 --> 01:21:31,840 okay so you have seen those who have 2389 01:21:30,400 --> 01:21:33,280 used torrent and all those bits you 2390 01:21:31,840 --> 01:21:34,960 might have seen all those flash pop-ups 2391 01:21:33,280 --> 01:21:37,280 and all those gaming websites 2392 01:21:34,960 --> 01:21:38,800 and various more right so you get these 2393 01:21:37,280 --> 01:21:40,320 fleshy poppers over there so it will 2394 01:21:38,800 --> 01:21:41,679 just click on that it will be redirected 2395 01:21:40,320 --> 01:21:43,440 to another page 2396 01:21:41,679 --> 01:21:45,280 and that depends if uh attackers has put 2397 01:21:43,440 --> 01:21:47,840 on something inside it or not 2398 01:21:45,280 --> 01:21:48,560 right so this was regarding your adware 2399 01:21:47,840 --> 01:21:50,480 so 2400 01:21:48,560 --> 01:21:52,639 taking you back to the ransomware uh 2401 01:21:50,480 --> 01:21:54,960 have you guys heard the recent news 2402 01:21:52,639 --> 01:21:57,840 regarding the ransomware group with the 2403 01:21:54,960 --> 01:21:57,840 name 2404 01:21:58,880 --> 01:22:04,400 our evil so uh there is one more recent 2405 01:22:02,560 --> 01:22:07,520 one guys regarding your this 2406 01:22:04,400 --> 01:22:09,600 apple one so what they do uh hackers 2407 01:22:07,520 --> 01:22:11,760 they were able to get their hands on 2408 01:22:09,600 --> 01:22:15,360 these blueprints of the apple 2409 01:22:11,760 --> 01:22:19,199 products so yeah so there was this 2410 01:22:15,360 --> 01:22:19,520 quanta right the supplier or you can see 2411 01:22:19,199 --> 01:22:21,600 the 2412 01:22:19,520 --> 01:22:22,719 company right so what they do they were 2413 01:22:21,600 --> 01:22:24,239 able to get this 2414 01:22:22,719 --> 01:22:27,440 hands-on on the blueprint of the apple 2415 01:22:24,239 --> 01:22:30,560 and they were demanding for 50 million 2416 01:22:27,440 --> 01:22:31,360 dollar right for not leaking all those 2417 01:22:30,560 --> 01:22:35,120 blueprints 2418 01:22:31,360 --> 01:22:36,560 out okay so they were asking about this 2419 01:22:35,120 --> 01:22:38,560 you can say the ransom of 50 million 2420 01:22:36,560 --> 01:22:40,239 dollars for not clicking on all those 2421 01:22:38,560 --> 01:22:42,719 blueprints of the apple that's pretty 2422 01:22:40,239 --> 01:22:45,360 much latest one it's been like i guess 2423 01:22:42,719 --> 01:22:46,800 last month only also so yeah you can go 2424 01:22:45,360 --> 01:22:48,480 for that 2425 01:22:46,800 --> 01:22:51,840 all right so that was your bit regarding 2426 01:22:48,480 --> 01:22:53,280 your guys uh malwares 2427 01:22:51,840 --> 01:22:55,600 i hope everything is clear till this 2428 01:22:53,280 --> 01:22:57,840 point perfect 2429 01:22:55,600 --> 01:22:58,960 which brings to our next thing right 2430 01:22:57,840 --> 01:23:01,440 which is your 2431 01:22:58,960 --> 01:23:02,480 social engineering right so what do you 2432 01:23:01,440 --> 01:23:04,080 guys understand about the social 2433 01:23:02,480 --> 01:23:06,320 engineering 2434 01:23:04,080 --> 01:23:08,080 perfect so what you do you do malicious 2435 01:23:06,320 --> 01:23:10,880 activities out here right 2436 01:23:08,080 --> 01:23:11,280 by human interaction process isn't it 2437 01:23:10,880 --> 01:23:13,360 right 2438 01:23:11,280 --> 01:23:15,040 you manipulate them right you play 2439 01:23:13,360 --> 01:23:17,199 around with their trust 2440 01:23:15,040 --> 01:23:18,320 right you you gain their trust you 2441 01:23:17,199 --> 01:23:20,719 become so 2442 01:23:18,320 --> 01:23:21,440 likable that they trust you and like 2443 01:23:20,719 --> 01:23:23,920 whatever 2444 01:23:21,440 --> 01:23:24,960 you ask for they will like give you out 2445 01:23:23,920 --> 01:23:26,480 all those details 2446 01:23:24,960 --> 01:23:28,480 isn't it and you can take advantage of 2447 01:23:26,480 --> 01:23:29,679 that so basically you are manipulating 2448 01:23:28,480 --> 01:23:31,040 people around here you are playing 2449 01:23:29,679 --> 01:23:33,440 around with your trust 2450 01:23:31,040 --> 01:23:35,280 and all those things to gather the 2451 01:23:33,440 --> 01:23:37,760 information which can be very 2452 01:23:35,280 --> 01:23:39,840 crucial and very important for you isn't 2453 01:23:37,760 --> 01:23:42,880 it that's a social engineering attack 2454 01:23:39,840 --> 01:23:44,320 right so talking about this again uh 2455 01:23:42,880 --> 01:23:45,600 taking an example and all those things 2456 01:23:44,320 --> 01:23:46,719 as i mentioned before if you talk about 2457 01:23:45,600 --> 01:23:49,199 a pen tester 2458 01:23:46,719 --> 01:23:50,400 right so let's say these are this black 2459 01:23:49,199 --> 01:23:52,480 box testing right 2460 01:23:50,400 --> 01:23:54,400 so you know black box testing wasn't it 2461 01:23:52,480 --> 01:23:56,239 what's the black box testing guys 2462 01:23:54,400 --> 01:23:58,320 so the proper definition regarding this 2463 01:23:56,239 --> 01:24:00,000 would be like the one who is having 2464 01:23:58,320 --> 01:24:01,679 like zero information you can see 2465 01:24:00,000 --> 01:24:04,960 regarding the target 2466 01:24:01,679 --> 01:24:07,600 right so let's say if i say you 2467 01:24:04,960 --> 01:24:08,719 just pen test infosec train would be 2468 01:24:07,600 --> 01:24:10,880 able to do that 2469 01:24:08,719 --> 01:24:12,880 like you have to go a various way around 2470 01:24:10,880 --> 01:24:14,480 right but you have no idea regarding 2471 01:24:12,880 --> 01:24:16,800 your target over here 2472 01:24:14,480 --> 01:24:17,600 isn't it so that's your black box 2473 01:24:16,800 --> 01:24:19,280 testing 2474 01:24:17,600 --> 01:24:21,280 then there's gray box testing as well 2475 01:24:19,280 --> 01:24:22,400 when you have some information regarding 2476 01:24:21,280 --> 01:24:24,719 your target right 2477 01:24:22,400 --> 01:24:26,159 so let's say uh i gave you okay this 2478 01:24:24,719 --> 01:24:28,719 infosection is written in 2479 01:24:26,159 --> 01:24:29,520 like php apache server and all those bit 2480 01:24:28,719 --> 01:24:31,440 so you got a 2481 01:24:29,520 --> 01:24:32,639 few bits of information right so you can 2482 01:24:31,440 --> 01:24:34,560 just 2483 01:24:32,639 --> 01:24:36,000 strategize all those techniques and all 2484 01:24:34,560 --> 01:24:37,760 your procedures according to 2485 01:24:36,000 --> 01:24:39,520 those information right then we have 2486 01:24:37,760 --> 01:24:41,120 this white box testing as well 2487 01:24:39,520 --> 01:24:42,400 so what's in a white box testing when we 2488 01:24:41,120 --> 01:24:44,400 have full knowledge of the target let's 2489 01:24:42,400 --> 01:24:46,960 say i share whole source code with you 2490 01:24:44,400 --> 01:24:48,480 right now you can take like although 2491 01:24:46,960 --> 01:24:49,760 like it will be pretty much of a quick 2492 01:24:48,480 --> 01:24:51,280 technique right since you've got all the 2493 01:24:49,760 --> 01:24:51,679 information so it will be very easy to 2494 01:24:51,280 --> 01:24:54,639 you 2495 01:24:51,679 --> 01:24:56,400 uh for you to do the pen testing right 2496 01:24:54,639 --> 01:24:59,120 for the white box testing 2497 01:24:56,400 --> 01:25:00,800 so these all things are like mentioned 2498 01:24:59,120 --> 01:25:02,239 if we talk about okay 2499 01:25:00,800 --> 01:25:04,000 like planning and scoping of the pen 2500 01:25:02,239 --> 01:25:06,159 test right so you have 2501 01:25:04,000 --> 01:25:07,840 seen i have as i discussed right so in 2502 01:25:06,159 --> 01:25:10,400 planning and scoping if 2503 01:25:07,840 --> 01:25:12,480 they are around to go uh like basically 2504 01:25:10,400 --> 01:25:14,239 for a black box testing it will be very 2505 01:25:12,480 --> 01:25:16,000 helpful because he don't have any sort 2506 01:25:14,239 --> 01:25:16,880 of information rather than gray box in 2507 01:25:16,000 --> 01:25:18,080 the white box 2508 01:25:16,880 --> 01:25:19,600 they have a few bit of information 2509 01:25:18,080 --> 01:25:20,560 regarding their target but black box 2510 01:25:19,600 --> 01:25:22,000 testing 2511 01:25:20,560 --> 01:25:23,440 they have no information regarding 2512 01:25:22,000 --> 01:25:25,040 target right so they have to go around 2513 01:25:23,440 --> 01:25:27,199 with social engineering as well 2514 01:25:25,040 --> 01:25:28,480 which can lead some sort of a detail to 2515 01:25:27,199 --> 01:25:31,440 them as well over there 2516 01:25:28,480 --> 01:25:32,880 isn't it so then two is discussed over 2517 01:25:31,440 --> 01:25:34,800 the planning scoping for the pen testing 2518 01:25:32,880 --> 01:25:36,560 part that's another sort of a story 2519 01:25:34,800 --> 01:25:38,159 but yeah i guess you got the idea 2520 01:25:36,560 --> 01:25:41,040 regarding social engineering right 2521 01:25:38,159 --> 01:25:42,560 so these are the ways to manipulate and 2522 01:25:41,040 --> 01:25:44,560 play around with human 2523 01:25:42,560 --> 01:25:46,800 you can say mindsets getting theirs and 2524 01:25:44,560 --> 01:25:49,120 all those bits and then you try to 2525 01:25:46,800 --> 01:25:50,880 take advantage of that by getting 2526 01:25:49,120 --> 01:25:52,080 crucial information you can say right of 2527 01:25:50,880 --> 01:25:53,840 any information which 2528 01:25:52,080 --> 01:25:55,520 which might be very useful and which 2529 01:25:53,840 --> 01:25:58,560 might be very helpful for you 2530 01:25:55,520 --> 01:26:01,280 for the further base of 2531 01:25:58,560 --> 01:26:02,000 when testing or attacking whichever you 2532 01:26:01,280 --> 01:26:04,400 go for 2533 01:26:02,000 --> 01:26:05,199 right so that's your uh social 2534 01:26:04,400 --> 01:26:07,280 engineering 2535 01:26:05,199 --> 01:26:08,960 attack for you right so when you talk 2536 01:26:07,280 --> 01:26:11,199 about social engineering attacks guys uh 2537 01:26:08,960 --> 01:26:12,639 there are plenty of more over there 2538 01:26:11,199 --> 01:26:15,120 okay so types of social engineering 2539 01:26:12,639 --> 01:26:18,400 attacks are your fishing smishing 2540 01:26:15,120 --> 01:26:21,199 fishing waterfall spear fishing 2541 01:26:18,400 --> 01:26:22,320 uh whaling right shoulder surfing 2542 01:26:21,199 --> 01:26:25,120 dumpster diving 2543 01:26:22,320 --> 01:26:25,679 piggy backing tailgating deep stopping 2544 01:26:25,120 --> 01:26:28,400 right 2545 01:26:25,679 --> 01:26:29,360 let's discuss for these bits for now 2546 01:26:28,400 --> 01:26:32,320 right 2547 01:26:29,360 --> 01:26:33,520 okay so going with the very first one 2548 01:26:32,320 --> 01:26:34,800 which is your 2549 01:26:33,520 --> 01:26:37,360 fishing so guys what do you understand 2550 01:26:34,800 --> 01:26:39,440 by the term phishing so you fool around 2551 01:26:37,360 --> 01:26:41,360 people you send fake links but 2552 01:26:39,440 --> 01:26:42,480 moreover you send the emails which might 2553 01:26:41,360 --> 01:26:44,960 be like you know 2554 01:26:42,480 --> 01:26:46,400 very general one like you genuine one 2555 01:26:44,960 --> 01:26:47,520 you can say like if you read the email 2556 01:26:46,400 --> 01:26:50,480 and all those bits 2557 01:26:47,520 --> 01:26:52,159 you will see okay this is more of a 2558 01:26:50,480 --> 01:26:53,520 genuine one and i can like 2559 01:26:52,159 --> 01:26:55,920 trust this one let's say i am an 2560 01:26:53,520 --> 01:26:57,040 attacker also uh i have sent you this 2561 01:26:55,920 --> 01:26:59,679 phishing email 2562 01:26:57,040 --> 01:27:00,400 right what i have done i have just taken 2563 01:26:59,679 --> 01:27:02,880 let's say i 2564 01:27:00,400 --> 01:27:04,880 i can send this phishing email in 2565 01:27:02,880 --> 01:27:07,280 respect like i can be as an hr 2566 01:27:04,880 --> 01:27:08,960 at that infosection.com i will be send 2567 01:27:07,280 --> 01:27:10,960 up with this email id and i can 2568 01:27:08,960 --> 01:27:12,159 send this email to any person out there 2569 01:27:10,960 --> 01:27:14,480 who's from infrastructure 2570 01:27:12,159 --> 01:27:16,000 right i will just draft an email which 2571 01:27:14,480 --> 01:27:16,560 will be a very genuine looking email 2572 01:27:16,000 --> 01:27:18,400 right 2573 01:27:16,560 --> 01:27:20,719 email id i am spoofing over there you 2574 01:27:18,400 --> 01:27:22,480 can say right i'm using a fake email id 2575 01:27:20,719 --> 01:27:24,480 i can put reply as a char at the 2576 01:27:22,480 --> 01:27:26,639 screen.com and i can just 2577 01:27:24,480 --> 01:27:27,679 mail with that right so if i'm targeting 2578 01:27:26,639 --> 01:27:30,719 any person 2579 01:27:27,679 --> 01:27:32,320 or any employee from the infosec train 2580 01:27:30,719 --> 01:27:34,000 right and he'll be considering okay this 2581 01:27:32,320 --> 01:27:36,159 is from the hr team only 2582 01:27:34,000 --> 01:27:37,040 and it's with genuine one right so i can 2583 01:27:36,159 --> 01:27:38,639 trust this 2584 01:27:37,040 --> 01:27:40,639 and i will be just passing their link 2585 01:27:38,639 --> 01:27:42,960 over there which can be very harmful 2586 01:27:40,639 --> 01:27:44,239 right and which can be very like if the 2587 01:27:42,960 --> 01:27:46,639 user click on that link 2588 01:27:44,239 --> 01:27:47,760 i can take advantage of that right as an 2589 01:27:46,639 --> 01:27:50,880 attacker 2590 01:27:47,760 --> 01:27:54,400 so just to show you that bit just 2591 01:27:50,880 --> 01:27:56,159 give me a minute has anyone heard 2592 01:27:54,400 --> 01:27:58,080 regarding this old fish 2593 01:27:56,159 --> 01:27:59,679 there are many more frameworks out there 2594 01:27:58,080 --> 01:28:00,880 but office is one of them provided by 2595 01:27:59,679 --> 01:28:04,000 your 2596 01:28:00,880 --> 01:28:06,080 ec council as well if you can see our 2597 01:28:04,000 --> 01:28:09,280 dashboard over here 2598 01:28:06,080 --> 01:28:10,560 right so this is like to uh you can do 2599 01:28:09,280 --> 01:28:12,080 various things over here wishing is 2600 01:28:10,560 --> 01:28:15,199 missing i can like even do 2601 01:28:12,080 --> 01:28:16,880 a calling like uh i can impersonate one 2602 01:28:15,199 --> 01:28:18,239 of you guys i can use your numbers you 2603 01:28:16,880 --> 01:28:19,760 might have seen in the movies and ever 2604 01:28:18,239 --> 01:28:21,600 well you can see their private number is 2605 01:28:19,760 --> 01:28:23,679 mentioned over there even i can use 2606 01:28:21,600 --> 01:28:25,760 anyone's number and i can try to 2607 01:28:23,679 --> 01:28:27,600 call them with the same number but the 2608 01:28:25,760 --> 01:28:30,800 person on the other side will be me 2609 01:28:27,600 --> 01:28:32,480 right so i can use any i like uh say 2610 01:28:30,800 --> 01:28:34,000 naveen over here right so i can use 2611 01:28:32,480 --> 01:28:37,199 naming number to call 2612 01:28:34,000 --> 01:28:38,960 uh mando and i can call him like uh and 2613 01:28:37,199 --> 01:28:40,560 he'll be thinking okay it's naveen but 2614 01:28:38,960 --> 01:28:43,040 it will be me over here right so i can 2615 01:28:40,560 --> 01:28:44,880 just spoof that number as well 2616 01:28:43,040 --> 01:28:46,080 so many more over there smashing credit 2617 01:28:44,880 --> 01:28:48,480 harvesting attachment 2618 01:28:46,080 --> 01:28:50,159 right so just i will go with the entire 2619 01:28:48,480 --> 01:28:57,600 click 2620 01:28:50,159 --> 01:29:00,480 okay it will take time oh okay 2621 01:28:57,600 --> 01:29:02,960 perfect so i can do what i can just put 2622 01:29:00,480 --> 01:29:06,480 up a campaign name over here let's say 2623 01:29:02,960 --> 01:29:08,480 testing right 2624 01:29:06,480 --> 01:29:10,000 uh i'll be just you can create your own 2625 01:29:08,480 --> 01:29:11,199 template either way like but i will go 2626 01:29:10,000 --> 01:29:12,800 with accessing template 2627 01:29:11,199 --> 01:29:14,239 and i will be selecting the existing 2628 01:29:12,800 --> 01:29:15,920 template like your 2629 01:29:14,239 --> 01:29:18,320 that's the corona wireless coverage 19 2630 01:29:15,920 --> 01:29:21,520 right so over here 2631 01:29:18,320 --> 01:29:25,199 ah yeah regarding this one 2632 01:29:21,520 --> 01:29:27,920 select country it can be let's say 2633 01:29:25,199 --> 01:29:27,920 step in india 2634 01:29:28,960 --> 01:29:35,199 right select template let's say 2635 01:29:32,159 --> 01:29:38,320 work from home kobe 191 let's say i'm 2636 01:29:35,199 --> 01:29:40,320 so you can see it uh drafted a whole 2637 01:29:38,320 --> 01:29:42,800 uh email for you right can you see this 2638 01:29:40,320 --> 01:29:45,199 one on the right side 2639 01:29:42,800 --> 01:29:48,320 it's more of like a genuine one isn't it 2640 01:29:45,199 --> 01:29:48,320 this whole email out here 2641 01:29:48,880 --> 01:29:54,320 right perfect so what i can do uh 2642 01:29:52,159 --> 01:29:55,920 i can select this template right it says 2643 01:29:54,320 --> 01:29:59,760 one type it's selected 2644 01:29:55,920 --> 01:30:02,480 sender email uh let's pull it up like hr 2645 01:29:59,760 --> 01:30:04,639 another infosec train dot com since we 2646 01:30:02,480 --> 01:30:06,719 are posting up this work from home 2647 01:30:04,639 --> 01:30:08,880 uh this template right so it should be 2648 01:30:06,719 --> 01:30:09,960 very genuine looking so let's say send 2649 01:30:08,880 --> 01:30:11,840 an email would be your hr 2650 01:30:09,960 --> 01:30:13,920 infosectrine.com right 2651 01:30:11,840 --> 01:30:15,760 so send the name uh let's put your hr 2652 01:30:13,920 --> 01:30:18,239 resource team which will make it more 2653 01:30:15,760 --> 01:30:19,360 effective subject is work from home 2654 01:30:18,239 --> 01:30:21,440 policy 2655 01:30:19,360 --> 01:30:22,800 perfect time zone expired you can show 2656 01:30:21,440 --> 01:30:24,320 it later on as well 2657 01:30:22,800 --> 01:30:26,320 right what you will do you will import 2658 01:30:24,320 --> 01:30:27,840 users over here you will just 2659 01:30:26,320 --> 01:30:29,199 select them so there are various files 2660 01:30:27,840 --> 01:30:30,719 to go with the various options but i 2661 01:30:29,199 --> 01:30:33,040 will just go with a quick add 2662 01:30:30,719 --> 01:30:34,000 i'll just name add everything over here 2663 01:30:33,040 --> 01:30:37,870 let's say 2664 01:30:34,000 --> 01:30:41,080 let's put up my own gmail one 2665 01:30:37,870 --> 01:30:41,080 [Music] 2666 01:30:41,600 --> 01:30:45,600 all right enter the designation it says 2667 01:30:43,920 --> 01:30:49,360 security 2668 01:30:45,600 --> 01:30:52,960 department security right company 2669 01:30:49,360 --> 01:30:55,120 uh infosec train 2670 01:30:52,960 --> 01:30:57,280 branch that's it security again and 2671 01:30:55,120 --> 01:31:00,560 country let's say india over here 2672 01:30:57,280 --> 01:31:02,880 right so i'll just quickly add it up and 2673 01:31:00,560 --> 01:31:06,400 let's create one more one more i will 2674 01:31:02,880 --> 01:31:06,400 just go with the 10 minute email id 2675 01:31:09,120 --> 01:31:12,239 so it will just it's just a temporary 2676 01:31:10,719 --> 01:31:13,440 email id guys right so you can just 2677 01:31:12,239 --> 01:31:15,840 always use this one 2678 01:31:13,440 --> 01:31:17,040 whenever you're going to any websites 2679 01:31:15,840 --> 01:31:18,000 which in which you don't want to 2680 01:31:17,040 --> 01:31:20,560 register with your own 2681 01:31:18,000 --> 01:31:22,719 uh email id or the genuine one you can 2682 01:31:20,560 --> 01:31:24,800 always use this 10 minute email id to 2683 01:31:22,719 --> 01:31:26,480 give your temporary access right it can 2684 01:31:24,800 --> 01:31:30,159 work like the genuine one 2685 01:31:26,480 --> 01:31:33,280 let's put it up over here sorry name 2686 01:31:30,159 --> 01:31:33,840 test email id portable here designation 2687 01:31:33,280 --> 01:31:37,520 let's say 2688 01:31:33,840 --> 01:31:41,760 testo department testing 2689 01:31:37,520 --> 01:31:46,239 company let's say train 2690 01:31:41,760 --> 01:31:50,239 branch desktop country india 2691 01:31:46,239 --> 01:31:54,239 right i can just add up it as well 2692 01:31:50,239 --> 01:31:55,520 now quickly import them right so batch 2693 01:31:54,239 --> 01:31:56,800 count you have to just 2694 01:31:55,520 --> 01:31:58,800 click the batch count should be like 2695 01:31:56,800 --> 01:32:00,239 less than the number of users batch 2696 01:31:58,800 --> 01:32:01,120 interval you have to mention over here 2697 01:32:00,239 --> 01:32:03,840 like one 2698 01:32:01,120 --> 01:32:05,679 like send the messaging to breakage one 2699 01:32:03,840 --> 01:32:08,960 training type uh 2700 01:32:05,679 --> 01:32:12,080 okay it's not giving an option perfect 2701 01:32:08,960 --> 01:32:13,520 okay basically if you can see it's it 2702 01:32:12,080 --> 01:32:15,040 will be showing you the landing page 2703 01:32:13,520 --> 01:32:15,920 right whenever the person is clicked on 2704 01:32:15,040 --> 01:32:17,120 this one 2705 01:32:15,920 --> 01:32:20,560 link you'll be landing on this 2706 01:32:17,120 --> 01:32:23,840 particular page which is your 2707 01:32:20,560 --> 01:32:23,840 something like this okay 2708 01:32:24,239 --> 01:32:28,719 so uh problem is uh like uh mainly i 2709 01:32:27,360 --> 01:32:30,400 know i won't be writing this page 2710 01:32:28,719 --> 01:32:32,239 landing page because i have to do what 2711 01:32:30,400 --> 01:32:34,000 like the precautions so i put them like 2712 01:32:32,239 --> 01:32:35,760 white listing and all those bits 2713 01:32:34,000 --> 01:32:37,280 but no ways uh you will get an idea 2714 01:32:35,760 --> 01:32:37,920 regarding this simple scenario how this 2715 01:32:37,280 --> 01:32:40,719 email 2716 01:32:37,920 --> 01:32:41,760 is being sent to you so what will happen 2717 01:32:40,719 --> 01:32:44,000 uh 2718 01:32:41,760 --> 01:32:44,960 perfect this is the high name name will 2719 01:32:44,000 --> 01:32:47,040 be like uh 2720 01:32:44,960 --> 01:32:48,960 regarding this uh users which we have 2721 01:32:47,040 --> 01:32:49,920 added right at the bottom it will be 2722 01:32:48,960 --> 01:32:52,560 showing this link 2723 01:32:49,920 --> 01:32:54,000 and a chart team over here right okay 2724 01:32:52,560 --> 01:32:57,120 let's let's let's 2725 01:32:54,000 --> 01:33:00,080 do one thing let's create it up 2726 01:32:57,120 --> 01:33:00,080 right done 2727 01:33:00,320 --> 01:33:04,960 show this will take a bit of time 2728 01:33:05,760 --> 01:33:09,840 meanwhile let me just open my email id 2729 01:33:10,159 --> 01:33:14,480 okay as you can see it says campaign has 2730 01:33:12,800 --> 01:33:16,960 been successfully initiated so 2731 01:33:14,480 --> 01:33:18,480 let's take it you can see campaign has 2732 01:33:16,960 --> 01:33:18,960 been listed out over here campaigning 2733 01:33:18,480 --> 01:33:22,239 with the 2734 01:33:18,960 --> 01:33:24,000 name testing send two emails right 2735 01:33:22,239 --> 01:33:25,360 complex hundreds of ymd that's the 2736 01:33:24,000 --> 01:33:29,360 creator so let's 2737 01:33:25,360 --> 01:33:31,280 let's check it out okay can you guys see 2738 01:33:29,360 --> 01:33:32,560 over here i got an email from human 2739 01:33:31,280 --> 01:33:37,840 resource team 2740 01:33:32,560 --> 01:33:37,840 if i click on this 2741 01:33:39,679 --> 01:33:42,880 listen can you see guys i say my current 2742 01:33:41,760 --> 01:33:44,320 concert for that means you know this is 2743 01:33:42,880 --> 01:33:45,520 really an ongoing dynamic situation on 2744 01:33:44,320 --> 01:33:47,280 behalf of organization 2745 01:33:45,520 --> 01:33:48,719 i'm really worried about reaching to the 2746 01:33:47,280 --> 01:33:49,600 workplace that is then crowded in all 2747 01:33:48,719 --> 01:33:53,520 those bits 2748 01:33:49,600 --> 01:33:54,800 right and it says regards hr team though 2749 01:33:53,520 --> 01:33:56,639 it's mentioning note the phishing 2750 01:33:54,800 --> 01:33:58,960 simulator emails for the lab purposes 2751 01:33:56,639 --> 01:34:00,560 right so if you can see we we generated 2752 01:33:58,960 --> 01:34:04,000 a genuine email right and i'm 2753 01:34:00,560 --> 01:34:05,840 sending them to myself can you see 2754 01:34:04,000 --> 01:34:08,800 uh guys can you tell me what's the email 2755 01:34:05,840 --> 01:34:08,800 id mentioned over here 2756 01:34:10,960 --> 01:34:14,400 what is the email id from which email id 2757 01:34:12,560 --> 01:34:17,120 i have sent this mail 2758 01:34:14,400 --> 01:34:18,880 hr isn't it so i have used the rainbow 2759 01:34:17,120 --> 01:34:20,560 id over here to 2760 01:34:18,880 --> 01:34:22,719 send any one of the person one for 2761 01:34:20,560 --> 01:34:25,199 organization so he'll be just obviously 2762 01:34:22,719 --> 01:34:26,480 if they are not uh well trained well 2763 01:34:25,199 --> 01:34:27,679 aware regarding this thing they will 2764 01:34:26,480 --> 01:34:28,960 just 2765 01:34:27,679 --> 01:34:31,199 read this mail and they will be thinking 2766 01:34:28,960 --> 01:34:32,480 it's the genuine one though it's for 2767 01:34:31,199 --> 01:34:34,080 this is something mentioned which is for 2768 01:34:32,480 --> 01:34:36,320 the lab purpose that's why otherwise you 2769 01:34:34,080 --> 01:34:37,920 won't even get this notification as well 2770 01:34:36,320 --> 01:34:39,679 so if as soon as the person is clicking 2771 01:34:37,920 --> 01:34:40,400 on this link he'll be landing on another 2772 01:34:39,679 --> 01:34:42,639 page 2773 01:34:40,400 --> 01:34:44,000 so it's won't be opening on this one 2774 01:34:42,639 --> 01:34:46,480 right now 2775 01:34:44,000 --> 01:34:49,199 oh credit work perfect can you see the 2776 01:34:46,480 --> 01:34:51,280 landing page opened over here 2777 01:34:49,199 --> 01:34:53,360 so guys uh it says oh you have been 2778 01:34:51,280 --> 01:34:54,560 faced right so i can take with that link 2779 01:34:53,360 --> 01:34:58,320 i can take the uh 2780 01:34:54,560 --> 01:34:59,760 uh this user anywhere i want to right 2781 01:34:58,320 --> 01:35:01,520 so this is the one how you can play 2782 01:34:59,760 --> 01:35:02,560 around with this thing or else like you 2783 01:35:01,520 --> 01:35:04,320 what you can do 2784 01:35:02,560 --> 01:35:06,320 uh there are various ways to do social 2785 01:35:04,320 --> 01:35:09,280 engineering attacks right you create 2786 01:35:06,320 --> 01:35:10,159 a copy you url or whole page of let's 2787 01:35:09,280 --> 01:35:13,360 say facebook 2788 01:35:10,159 --> 01:35:15,440 login page you can just create a dummy 2789 01:35:13,360 --> 01:35:16,639 of that obviously url won't be like the 2790 01:35:15,440 --> 01:35:18,719 real ones 2791 01:35:16,639 --> 01:35:20,400 but you can put that url over the 2792 01:35:18,719 --> 01:35:23,040 phishing email and you can 2793 01:35:20,400 --> 01:35:24,800 do what let's say uh i copied the 2794 01:35:23,040 --> 01:35:26,159 infosec train whole page or the whole 2795 01:35:24,800 --> 01:35:28,960 design for the login 2796 01:35:26,159 --> 01:35:29,920 portion or the login portal right so i 2797 01:35:28,960 --> 01:35:32,560 copied it 2798 01:35:29,920 --> 01:35:33,600 and i copied my url which i have created 2799 01:35:32,560 --> 01:35:35,199 for that 2800 01:35:33,600 --> 01:35:37,280 taking the username and password from 2801 01:35:35,199 --> 01:35:37,760 the users right so what i will do i will 2802 01:35:37,280 --> 01:35:40,239 create 2803 01:35:37,760 --> 01:35:40,800 full copy of that and i will pass that 2804 01:35:40,239 --> 01:35:42,639 link 2805 01:35:40,800 --> 01:35:44,719 in my phishing email to that particular 2806 01:35:42,639 --> 01:35:46,159 user user will be thinking okay it's the 2807 01:35:44,719 --> 01:35:47,440 general one from the organization he 2808 01:35:46,159 --> 01:35:50,000 will click on that link 2809 01:35:47,440 --> 01:35:52,000 he will go to a login portal he will be 2810 01:35:50,000 --> 01:35:54,239 entering his username and password 2811 01:35:52,000 --> 01:35:55,760 and as soon as we click on it i will 2812 01:35:54,239 --> 01:35:59,040 just redirect him to the 2813 01:35:55,760 --> 01:36:02,320 original page and moreover i can get 2814 01:35:59,040 --> 01:36:03,760 those credentials of that person with me 2815 01:36:02,320 --> 01:36:05,600 the username and the password 2816 01:36:03,760 --> 01:36:07,119 this is to just how fool around the 2817 01:36:05,600 --> 01:36:08,480 people with these things 2818 01:36:07,119 --> 01:36:10,719 the social engineering techniques and 2819 01:36:08,480 --> 01:36:11,520 the phishing one all right i hope you 2820 01:36:10,719 --> 01:36:14,560 got the point 2821 01:36:11,520 --> 01:36:15,280 over here guys so let's get back to the 2822 01:36:14,560 --> 01:36:18,719 thing 2823 01:36:15,280 --> 01:36:20,800 is fishing right we were talking about a 2824 01:36:18,719 --> 01:36:22,480 phishing 2825 01:36:20,800 --> 01:36:25,280 so phishing is a cyber crime in which a 2826 01:36:22,480 --> 01:36:27,280 target or targets are contacted by email 2827 01:36:25,280 --> 01:36:28,880 telephone or text message by someone 2828 01:36:27,280 --> 01:36:29,440 posing as a legitimate institution to 2829 01:36:28,880 --> 01:36:30,800 load 2830 01:36:29,440 --> 01:36:32,800 your individuals into providing 2831 01:36:30,800 --> 01:36:34,159 sensitive data such as personally 2832 01:36:32,800 --> 01:36:35,840 identifiable information 2833 01:36:34,159 --> 01:36:37,280 banking and credit card details and 2834 01:36:35,840 --> 01:36:38,639 password right 2835 01:36:37,280 --> 01:36:40,880 then guys there is machine what do you 2836 01:36:38,639 --> 01:36:42,480 understand by the terms missing 2837 01:36:40,880 --> 01:36:44,400 so basically you got an idea right 2838 01:36:42,480 --> 01:36:45,760 regarding these things so what you do in 2839 01:36:44,400 --> 01:36:48,159 this one is like you would be 2840 01:36:45,760 --> 01:36:50,239 doing phishing in respect to sms space 2841 01:36:48,159 --> 01:36:51,760 right let's say the lottery one or you 2842 01:36:50,239 --> 01:36:53,679 want this particular price 2843 01:36:51,760 --> 01:36:55,520 yeah you want this car or something like 2844 01:36:53,679 --> 01:36:56,800 that so just faking around and you'll be 2845 01:36:55,520 --> 01:36:57,760 passing all those malicious things over 2846 01:36:56,800 --> 01:37:00,960 there in this 2847 01:36:57,760 --> 01:37:03,360 messages and trying to get the person 2848 01:37:00,960 --> 01:37:04,560 and view that person into that link 2849 01:37:03,360 --> 01:37:07,760 right 2850 01:37:04,560 --> 01:37:08,480 perfect okay then we have guys your 2851 01:37:07,760 --> 01:37:10,800 another one 2852 01:37:08,480 --> 01:37:11,520 which is wishing what do you understand 2853 01:37:10,800 --> 01:37:14,719 by the term 2854 01:37:11,520 --> 01:37:17,040 wishing so as you mentioned voice 2855 01:37:14,719 --> 01:37:18,560 over fishing right isn't it wishing a 2856 01:37:17,040 --> 01:37:20,080 combination of voice and phishing is a 2857 01:37:18,560 --> 01:37:22,560 telephone version of phishing this 2858 01:37:20,080 --> 01:37:25,040 technique uses a spoof caller id 2859 01:37:22,560 --> 01:37:26,320 that can make attacks look like they 2860 01:37:25,040 --> 01:37:30,000 originate from a 2861 01:37:26,320 --> 01:37:31,760 known number right so 2862 01:37:30,000 --> 01:37:33,280 over here like you know you might have 2863 01:37:31,760 --> 01:37:35,760 got got a call 2864 01:37:33,280 --> 01:37:36,880 right i guess everyone or so you get a 2865 01:37:35,760 --> 01:37:40,080 call over your phone 2866 01:37:36,880 --> 01:37:42,159 they might be saying okay uh so you have 2867 01:37:40,080 --> 01:37:44,239 like they might be like important some 2868 01:37:42,159 --> 01:37:46,159 of some of a person from a bank isn't it 2869 01:37:44,239 --> 01:37:47,520 and like they will like a fraud call as 2870 01:37:46,159 --> 01:37:49,440 you mentioned okay 2871 01:37:47,520 --> 01:37:51,360 so they were saying okay sir we are 2872 01:37:49,440 --> 01:37:52,159 contacting from this particular bank 2873 01:37:51,360 --> 01:37:55,679 it's what's a 2874 01:37:52,159 --> 01:37:56,400 yes bank or any sbi bank and uh we need 2875 01:37:55,679 --> 01:37:58,719 you to 2876 01:37:56,400 --> 01:37:59,520 give your otp and all those bits right 2877 01:37:58,719 --> 01:38:02,159 to to 2878 01:37:59,520 --> 01:38:02,639 maintain uh the count over there right 2879 01:38:02,159 --> 01:38:05,440 so 2880 01:38:02,639 --> 01:38:06,000 for say of example of mine they told me 2881 01:38:05,440 --> 01:38:07,280 okay so 2882 01:38:06,000 --> 01:38:09,600 i was traveling the metro and they gave 2883 01:38:07,280 --> 01:38:12,159 me a call so your 2884 01:38:09,600 --> 01:38:12,960 card has not been registered so your 2885 01:38:12,159 --> 01:38:15,040 account 2886 01:38:12,960 --> 01:38:16,719 due to that your account will be like 2887 01:38:15,040 --> 01:38:18,000 you can say diminish or like remove from 2888 01:38:16,719 --> 01:38:20,480 there 2889 01:38:18,000 --> 01:38:21,119 correct and for that uh you just need to 2890 01:38:20,480 --> 01:38:23,199 uh 2891 01:38:21,119 --> 01:38:24,239 give few bit of details to us right so 2892 01:38:23,199 --> 01:38:27,520 they asked and asked 2893 01:38:24,239 --> 01:38:28,880 and like account number atm number right 2894 01:38:27,520 --> 01:38:30,239 those weights they already have those 2895 01:38:28,880 --> 01:38:30,639 things right but moreover they ask for 2896 01:38:30,239 --> 01:38:33,920 those 2897 01:38:30,639 --> 01:38:36,320 this otp the main part right 2898 01:38:33,920 --> 01:38:38,000 that's your multi-factor authentication 2899 01:38:36,320 --> 01:38:40,000 so they ask for the otp 2900 01:38:38,000 --> 01:38:41,280 and you know obviously i haven't given 2901 01:38:40,000 --> 01:38:42,639 the otp 2902 01:38:41,280 --> 01:38:44,719 but main agenda is as soon as you 2903 01:38:42,639 --> 01:38:46,239 provide the otp there will be like 2904 01:38:44,719 --> 01:38:48,080 a transaction of hefty amount from your 2905 01:38:46,239 --> 01:38:49,280 account isn't it so these things are 2906 01:38:48,080 --> 01:38:50,639 done by the wishing 2907 01:38:49,280 --> 01:38:52,400 and the one who was asking the guardian 2908 01:38:50,639 --> 01:38:53,920 is uh how to figure out the email 2909 01:38:52,400 --> 01:38:55,600 from the valid user so just you have to 2910 01:38:53,920 --> 01:38:58,080 check the spf dkm your 2911 01:38:55,600 --> 01:38:59,199 demark your message id so that's another 2912 01:38:58,080 --> 01:39:00,800 story but these are 2913 01:38:59,199 --> 01:39:02,719 these are used to check the 2914 01:39:00,800 --> 01:39:04,400 authentication right the authentication 2915 01:39:02,719 --> 01:39:06,320 code is mentioned the return path is 2916 01:39:04,400 --> 01:39:08,239 over there the sender ip is there 2917 01:39:06,320 --> 01:39:09,679 so you can go with these things and 2918 01:39:08,239 --> 01:39:10,719 these are helping you to validate that 2919 01:39:09,679 --> 01:39:13,679 email id 2920 01:39:10,719 --> 01:39:14,480 so since fishing it's a pretty much like 2921 01:39:13,679 --> 01:39:17,199 you know 2922 01:39:14,480 --> 01:39:17,679 common but it's pretty much of a very 2923 01:39:17,199 --> 01:39:19,679 good 2924 01:39:17,679 --> 01:39:20,880 attack which can take an advantage right 2925 01:39:19,679 --> 01:39:22,880 so as a 2926 01:39:20,880 --> 01:39:24,159 security uh guys you should train the 2927 01:39:22,880 --> 01:39:24,960 employees you should have this training 2928 01:39:24,159 --> 01:39:26,719 around there and 2929 01:39:24,960 --> 01:39:28,639 make them aware regarding these things 2930 01:39:26,719 --> 01:39:31,040 right all right 2931 01:39:28,639 --> 01:39:32,080 so uh then we have this spear fishing 2932 01:39:31,040 --> 01:39:33,679 what do you guys understand with the 2933 01:39:32,080 --> 01:39:34,960 spear phishing 2934 01:39:33,679 --> 01:39:36,560 okay spear phishing is a social 2935 01:39:34,960 --> 01:39:38,239 engineering attack in which a 2936 01:39:36,560 --> 01:39:39,119 perpetrator disguises a trusted 2937 01:39:38,239 --> 01:39:40,800 individual 2938 01:39:39,119 --> 01:39:42,400 takes the target into clicking on the 2939 01:39:40,800 --> 01:39:44,080 link of spoof email 2940 01:39:42,400 --> 01:39:46,400 text message and stand matches so you 2941 01:39:44,080 --> 01:39:50,000 basically target specific 2942 01:39:46,400 --> 01:39:51,760 people over here right so 2943 01:39:50,000 --> 01:39:53,360 it can be any individual over here you 2944 01:39:51,760 --> 01:39:53,760 target an individual over here then we 2945 01:39:53,360 --> 01:39:57,040 have this 2946 01:39:53,760 --> 01:39:58,880 wailing wailing you know guys whaling is 2947 01:39:57,040 --> 01:40:00,560 like a cyber attack targeting a high 2948 01:39:58,880 --> 01:40:02,480 profile executive 2949 01:40:00,560 --> 01:40:04,480 exactly a top management or top high 2950 01:40:02,480 --> 01:40:07,199 class people we are targeting over here 2951 01:40:04,480 --> 01:40:08,000 right it use this happy email messages 2952 01:40:07,199 --> 01:40:09,520 targeting high level 2953 01:40:08,000 --> 01:40:12,000 decision makers within our organization 2954 01:40:09,520 --> 01:40:14,480 such as your eco cfos 2955 01:40:12,000 --> 01:40:15,360 right your cto and all those things 2956 01:40:14,480 --> 01:40:18,000 right 2957 01:40:15,360 --> 01:40:19,440 so when you're targeting high profile 2958 01:40:18,000 --> 01:40:22,159 people that's your 2959 01:40:19,440 --> 01:40:24,400 building then you have this shoulder 2960 01:40:22,159 --> 01:40:26,159 surfing guys what's the shoulder surfing 2961 01:40:24,400 --> 01:40:27,840 shoulder surfing refers to the act of 2962 01:40:26,159 --> 01:40:28,320 obtaining personal private information 2963 01:40:27,840 --> 01:40:30,239 through 2964 01:40:28,320 --> 01:40:31,840 direct observation right so you're 2965 01:40:30,239 --> 01:40:34,239 looking from person's 2966 01:40:31,840 --> 01:40:36,239 shoulder to get sort of information a 2967 01:40:34,239 --> 01:40:39,679 very common example would be like your 2968 01:40:36,239 --> 01:40:41,520 atm one right isn't it 2969 01:40:39,679 --> 01:40:43,520 so you know atm line you might have seen 2970 01:40:41,520 --> 01:40:45,520 these things uh but you do 2971 01:40:43,520 --> 01:40:47,600 like your shoulder surfing right you are 2972 01:40:45,520 --> 01:40:49,280 just speaking in front of the person 2973 01:40:47,600 --> 01:40:50,639 what sort of a password he is or like 2974 01:40:49,280 --> 01:40:52,239 what of course he's 2975 01:40:50,639 --> 01:40:54,239 entering while doing the transaction 2976 01:40:52,239 --> 01:40:55,679 right or moreover 2977 01:40:54,239 --> 01:40:57,760 like many people might have done in 2978 01:40:55,679 --> 01:41:01,119 their college days or this school days 2979 01:40:57,760 --> 01:41:03,280 back those days right so let's say last 2980 01:41:01,119 --> 01:41:04,800 11th hour of the exam oh sorry like last 2981 01:41:03,280 --> 01:41:06,400 hour the exam right 2982 01:41:04,800 --> 01:41:08,320 and you don't know like you you know 2983 01:41:06,400 --> 01:41:10,239 like you're gonna get get failed right 2984 01:41:08,320 --> 01:41:11,600 so what do you do you try to do shoulder 2985 01:41:10,239 --> 01:41:13,280 surfing over there isn't it 2986 01:41:11,600 --> 01:41:14,639 and you look over there you look in the 2987 01:41:13,280 --> 01:41:16,639 front seat like the person who is 2988 01:41:14,639 --> 01:41:18,159 sitting in front of you he will try to 2989 01:41:16,639 --> 01:41:19,760 like speak over there and he will try to 2990 01:41:18,159 --> 01:41:20,159 see whatever the answer he's writing is 2991 01:41:19,760 --> 01:41:22,400 that it 2992 01:41:20,159 --> 01:41:24,239 anyone done that because i have done 2993 01:41:22,400 --> 01:41:26,000 that in my college days 2994 01:41:24,239 --> 01:41:27,760 right so that's a pretty good example 2995 01:41:26,000 --> 01:41:29,679 regarding a shoulder surfing 2996 01:41:27,760 --> 01:41:31,440 right so we won't call it cheating now 2997 01:41:29,679 --> 01:41:32,880 we caught your shoulder surfing 2998 01:41:31,440 --> 01:41:35,280 then we have dumpster diving guys 2999 01:41:32,880 --> 01:41:37,280 dumpster diving those beans yeah 3000 01:41:35,280 --> 01:41:38,639 from the garbage from where you can get 3001 01:41:37,280 --> 01:41:40,400 uh like 3002 01:41:38,639 --> 01:41:42,400 print outs all those useful information 3003 01:41:40,400 --> 01:41:43,679 all those files and lock documents which 3004 01:41:42,400 --> 01:41:45,520 can be pretty much useful 3005 01:41:43,679 --> 01:41:47,040 for you so that's why organization also 3006 01:41:45,520 --> 01:41:49,040 they put up this policy or if 3007 01:41:47,040 --> 01:41:50,719 you say the practice to shred all those 3008 01:41:49,040 --> 01:41:51,920 documents those are which of no use 3009 01:41:50,719 --> 01:41:52,639 because if you dump them over the 3010 01:41:51,920 --> 01:41:54,320 dustbin 3011 01:41:52,639 --> 01:41:56,000 anyone would be like if there's an 3012 01:41:54,320 --> 01:41:58,400 attack or any person who 3013 01:41:56,000 --> 01:41:59,520 like anyone if they get there they get 3014 01:41:58,400 --> 01:42:00,400 their hands on these particular 3015 01:41:59,520 --> 01:42:03,119 documents 3016 01:42:00,400 --> 01:42:04,719 the files uh that could be pretty much 3017 01:42:03,119 --> 01:42:06,000 like an advantage for them right they 3018 01:42:04,719 --> 01:42:09,360 can 3019 01:42:06,000 --> 01:42:10,320 get a good hefty and good important 3020 01:42:09,360 --> 01:42:12,880 stuff out of it 3021 01:42:10,320 --> 01:42:14,560 right so what they do they ask you to 3022 01:42:12,880 --> 01:42:15,440 shred all those things because generally 3023 01:42:14,560 --> 01:42:16,960 we also practice 3024 01:42:15,440 --> 01:42:19,040 the same thing right in our house we 3025 01:42:16,960 --> 01:42:22,080 order something from the amazon 3026 01:42:19,040 --> 01:42:25,520 we receive it and what we do we 3027 01:42:22,080 --> 01:42:26,840 we just take the gift out of it write 3028 01:42:25,520 --> 01:42:28,960 the item out of it and we just throw 3029 01:42:26,840 --> 01:42:29,520 that package over the document but we 3030 01:42:28,960 --> 01:42:32,159 don't 3031 01:42:29,520 --> 01:42:33,440 if you notice the delivery thing is or 3032 01:42:32,159 --> 01:42:35,360 there'll be address or the billing 3033 01:42:33,440 --> 01:42:36,800 address and those statements are printed 3034 01:42:35,360 --> 01:42:38,320 over a paper over there on a slip and 3035 01:42:36,800 --> 01:42:41,520 which is attached to your 3036 01:42:38,320 --> 01:42:43,360 wrapper right so you don't just 3037 01:42:41,520 --> 01:42:44,480 shred it off and you just simply throw 3038 01:42:43,360 --> 01:42:46,239 it in the description so it can be very 3039 01:42:44,480 --> 01:42:48,639 advantageous for other people 3040 01:42:46,239 --> 01:42:49,920 right so that's your terms to type in so 3041 01:42:48,639 --> 01:42:51,280 always just shred your files and 3042 01:42:49,920 --> 01:42:53,280 everything which is of no use 3043 01:42:51,280 --> 01:42:55,119 before dumping it to the first pen then 3044 01:42:53,280 --> 01:42:57,520 we have piggybacking 3045 01:42:55,119 --> 01:42:58,560 right and we have tailgating basic uh 3046 01:42:57,520 --> 01:43:00,400 and tailgating 3047 01:42:58,560 --> 01:43:02,400 so tailgating guys you know you can see 3048 01:43:00,400 --> 01:43:03,040 uh basic difference main difference over 3049 01:43:02,400 --> 01:43:05,920 here is 3050 01:43:03,040 --> 01:43:06,960 authorization and non-authorized one so 3051 01:43:05,920 --> 01:43:10,239 tailgating is like 3052 01:43:06,960 --> 01:43:10,719 following somewhere or someone without 3053 01:43:10,239 --> 01:43:13,119 their 3054 01:43:10,719 --> 01:43:14,080 knowledge right yeah entry without 3055 01:43:13,119 --> 01:43:15,440 access 3056 01:43:14,080 --> 01:43:17,840 behind someone so let's say in your 3057 01:43:15,440 --> 01:43:19,360 office you you swipe your card and like 3058 01:43:17,840 --> 01:43:19,840 or you give you punch over there and you 3059 01:43:19,360 --> 01:43:22,080 get 3060 01:43:19,840 --> 01:43:24,480 an entrance to the organization right so 3061 01:43:22,080 --> 01:43:26,000 let's see if person is over there right 3062 01:43:24,480 --> 01:43:27,520 or any attacker what he will do he will 3063 01:43:26,000 --> 01:43:28,320 just follow you till the time that gate 3064 01:43:27,520 --> 01:43:30,400 is open 3065 01:43:28,320 --> 01:43:32,000 and you might have seen this in metro as 3066 01:43:30,400 --> 01:43:34,800 well people what they do 3067 01:43:32,000 --> 01:43:36,000 uh like someone is entering their token 3068 01:43:34,800 --> 01:43:37,600 and then they will just 3069 01:43:36,000 --> 01:43:39,119 go behind them with them right and they 3070 01:43:37,600 --> 01:43:42,480 will just pass that 3071 01:43:39,119 --> 01:43:44,560 security area isn't it so that's your 3072 01:43:42,480 --> 01:43:46,639 tail getting piggybacking is like when 3073 01:43:44,560 --> 01:43:47,920 like someone is opening that door 3074 01:43:46,639 --> 01:43:49,920 for you they know you and they are 3075 01:43:47,920 --> 01:43:51,920 opening the door for you right 3076 01:43:49,920 --> 01:43:53,199 so basically you are using the authority 3077 01:43:51,920 --> 01:43:55,840 as well over here 3078 01:43:53,199 --> 01:43:56,800 so that's also tailgating and 3079 01:43:55,840 --> 01:43:58,800 piggybacking 3080 01:43:56,800 --> 01:44:00,159 right then ev's dropping it's pretty 3081 01:43:58,800 --> 01:44:01,280 much common you have stopping let's say 3082 01:44:00,159 --> 01:44:03,440 two people are working in a 3083 01:44:01,280 --> 01:44:05,040 working space right and they are having 3084 01:44:03,440 --> 01:44:06,480 sort of a conversation or discussion 3085 01:44:05,040 --> 01:44:07,920 regarding their new deal 3086 01:44:06,480 --> 01:44:09,920 a new project that is going to get 3087 01:44:07,920 --> 01:44:12,159 deployed so what i will do i'll be just 3088 01:44:09,920 --> 01:44:14,320 i'm i'm i'm there hearing their 3089 01:44:12,159 --> 01:44:16,159 whole conversation and i'm trying to get 3090 01:44:14,320 --> 01:44:16,560 the ideas of information which can be 3091 01:44:16,159 --> 01:44:19,679 very 3092 01:44:16,560 --> 01:44:20,639 useful to me doesn't it that's you keep 3093 01:44:19,679 --> 01:44:22,719 stopping over here 3094 01:44:20,639 --> 01:44:23,920 you can say man in the middle perfect 3095 01:44:22,719 --> 01:44:26,480 great that's it guys 3096 01:44:23,920 --> 01:44:28,000 that's it for the whole today's agenda 3097 01:44:26,480 --> 01:44:30,000 like your malware threat 3098 01:44:28,000 --> 01:44:32,000 and threat intelligence and everything 3099 01:44:30,000 --> 01:44:32,639 right so that's it for the days i guess 3100 01:44:32,000 --> 01:44:34,480 you got 3101 01:44:32,639 --> 01:44:36,320 the whole concept were clear to you 3102 01:44:34,480 --> 01:44:39,600 regarding each and every terminology 3103 01:44:36,320 --> 01:44:45,040 we have discussed till this point okay 3104 01:44:39,600 --> 01:44:45,040 thank you guys that's it for the day 205052