In this episode, our security researchers watch and react to clips from TV and Movie hacking. Join in on the fun and learn what is real and what is fake.
Battle Royale is an excellent film, the score really makes it an emotional rollercoaster. 10:50 While DDoS tools are easy to find and simple to use, without a pre-existing botnet you'd have a hard time saturating a government downstream with a low level upstream such as that you might connect a laptop to on the run. If you already had a botnet in place awaiting your commands though, then 10/10. The Whitehouse has had it's public website offlined many times by DDoS attacks, sometimes for days at a time. Usually in response to unpopular news or something that's come out. 14:30 There was a genuine cookie monster virus written at the end of the sixties, but it didn't operate like that. It's not self replicating, so it's not a real virus anyway The writer is just giving a nod to history. Hackers is a great visual ride, but it has zero technical chops lol. 23:55 With regards to TOR, there's a white paper about the theoretical deanonymisation of users. Essentially the point of TOR is to make sure that no one node knows both your point of origin and your destination address. However, if you hosted an exit node, you do get to see the last hop to the destination, and if you had a significant portion of the other nodes under your control you can then run statistical analysis using insane amounts of computing power to backtrack an individual's jumps through TOR. A private company has had success with assisting law enforcement in this regard. So use more jumps or don't use it at all lol. More jumps still won't help if your exit node is controlled though, they can see all the packets passing through, so any identifiers like username and password are sniffable in theory. Corporate or govt resources are required though for sure. 44:10 I would note that while the Linux commands are real, if you're logged in as root, you wouldn't need to use "sudo" you already have the appropriate privileges.
I Jurassic Park's defense, I feel that having a single quick command to initiate a facility lockdown in a place that contains extremely dangerous predatory creatures is probably a good idea.
With the TOR nodes, Elliot could be bluffing how he found out, or he could have hacked enough exit nodes that he has some kind of exit node botnet or something.
Ok like fair enough but if Mr. Robot is a 6 on realism then Hackers should be a damn zero lol I sense bias.. Also, shocked you didn't include the other holy grail of hacking scenes, the infamous Swordfish scene where Hugh Jackman looks more like he's doing online bidding or gambling than hacking, just from his reactions
That's sort of what the NSA has done, if you control enough nodes you can run analysis of the pathways etc. There's a cyber security company that had a hand in implementing the theoretical aspects of the attack on TOR. I'd guess that enabling more than the standard 3 hops would mitigate this to a degree. If they don't control one of those 3 jumps, then they have no access to your departure address or destination address. Though more layers wouldn't help if your exit node was controlled, as that's the only one that knows your real destination. The difficulty is calculating the previous nodes used, to trace you back to your point of origin. In which case more layers to the onion might assist. It required a huge amount of computer power to pull off though, so I doubt it's actually been implemented permanently. The fact that they demonstrated the content of their white paper has made me a little wary of TOR though, I must confess.
A Caltech hacker lol. It's subjective really. I'm a disabled dude with too much time on my hands and boundless curiosity, and I could give a lecture for hours on the history of hacking, the exploits of old, the hidden knowledge held by employees of companies over the decades, how enumeration of a target has changed over the years. I could talk about physical security past and present, as well as cyber security both past and present, and all the famous exploits that got people in hot water. Over the last 30 years I've used most operating systems and learned their foibles, worked tech support fixing hardware, trained people on software and hardware, and had my own company as a security consultant and technician. Some of my favourite time for the last few years is spent doing the school run with my son, and I think up red team exercises, or simulated theoretical heists, and we work through the possibilities together, how each component works (in theory) and how you could exploit that system. He was a precocious child, and I built him his own PC for his 4th birthday in the hope he'd stop messing around with the other computers in the house. He's just turned 16, can code in 5 or 6 languages and his current fascination is with software defined radio, and the data he can extract from the chaos with his Hack RF One. He'll probably go to university, I never did. It would have been a waste of money my parents didn't have. I have ADHD and more than likely a degree of ASD. As does my son, so it'll be interesting to see if he continues to work hard academically, or if he'll drift like I did around his age, with insufficient mental stimulation at school. Also it'll depend if he can function independently of us, as he's non verbal with most people. I've laid the framework over the years and now he does his own research and experimentation, but he's always careful about asking about legality. He's definitely a white hat, where mine is decidedly grey, like my beard is these days. I'm a little more flexible and idealistic than he is. I like to see justice prevail, even if some stretching of the rules is needed. For me it was always just curiosity, I enjoy exploiting systems. I hate today's multiplayer games, I much prefer to enumerate and exploit a computer character. I guess it's just a by product of old eighties games where timing and precision were mostly what determined whether you could win or not, and exploiting the way the code ran was the only edge you had. I just like knowing how things work, and the more things you understand because you've done that deep dive makes it more natural to digest more information about more things. I have the time to chase down all those tangents and get into the nooks and crannies of history, or find those whispers of exploits past and present. I like these guys and their videos, but they don't seem to have very much in depth knowledge of the exploits. They need to do a few years of reading hacker history to understand the whys and hows of some of these things, and with the more modern stuff they don't seem current. Like exploiting SS7 to get a 2FA password remotely with the user having no clue. That should be common knowledge for anyone calling themselves a security researcher or a hacker. Same deal with BIOS and CMOS rootkits. Both have been extensively written up. You have to stay current on anything tangential to your trade, especially if you're self describing as a hacker lol. Real hackers built the internet, real hackers bring in bug bounties. Taking an ethical hacking course and working at a company stripping meta data from photos, or sitting and running Metasploit at a desk doesn't make you a hacker. A hacker breaks things and fixes them, they make improvements and implement new ideas, even bad ones like ransomware are still creations rather than canned tools. I draw a line between hackers and security researchers, though there is some overlap, generally speaking people aren't both. Researchers tend to work on a defined goal using the tools at their disposal, whereas a hacker tends to make the tools to fit the job. It's not the coding per se as much as the mindset. The researcher is a scientist, usually the work follows a standard progression. Hackers are more blue sky thinkers, thinking about the theoretical and then implementing that concept. I'm sure there are people that snag bug bounties just using the standard toolkit in Metasploit, but that's all been done by other people before you usually. You need to know how all the components work, individually and in combination, then you can plan your penetration properly. Piss poor enumeration doesn't bring home the bacon very often. You can't just rock up with your canned tools and be a hero every time, it's the mindset that counts. No disrespect to people working in the cyber security industry, but using Linux and Metasploit doesn't make you a hacker. It's misrepresentation as most people given a 45 minute crash course in using Linux, and another 15 on Metasploit, would be halfway there. And the ethical hacking courses I found very interesting, but they don't always focus on the why of things, a lot of it is rote learning, and ultimately not that helpful, plus everything computer related is out of date a couple years down the line. So your knowledge quickly becomes historic, rather than directly practical. So I think in some ways self taught is best, but if you have a good teacher and boundless curiosity then it doesn't really matter where you learn. At this point my son learns more from his own research than I teach him, though I'm still able to elaborate on some of the things he's new to. Whether he goes to university or not I don't think it'll change the fact he's a hacker. I suspect that like me he'd get bored working as a researcher, unless I was very into the subject, or it changed frequently. I lose focus when I get bored, and then my brain functions poorly at retaining new information. But if I'm into it I can spend 72 hours straight on a project and be fully enthused every minute of it. That's just the nature of ADHD, and it's why I didn't apply to university myself. These days I can learn just as much over the internet, although paywalls have been going up steadily for a few years now. Some of the deepweb databases that could be accessed for free are all subscription based now. The late nineties and early 2000s was the golden age of information when everyone just chucked everything online and you could get information about nearly anything. Now it's easier in some ways with social media, and more difficult in other ways with modern OSs and protocols. Sorry, long ramble. Edit: I have to admit they do a much better job with this one than the two Mr Robot videos.
Наука
Battle Royale is an excellent film, the score really makes it an emotional rollercoaster.
10:50 While DDoS tools are easy to find and simple to use, without a pre-existing botnet you'd have a hard time saturating a government downstream with a low level upstream such as that you might connect a laptop to on the run. If you already had a botnet in place awaiting your commands though, then 10/10. The Whitehouse has had it's public website offlined many times by DDoS attacks, sometimes for days at a time. Usually in response to unpopular news or something that's come out.
14:30 There was a genuine cookie monster virus written at the end of the sixties, but it didn't operate like that. It's not self replicating, so it's not a real virus anyway
The writer is just giving a nod to history. Hackers is a great visual ride, but it has zero technical chops lol.
23:55 With regards to TOR, there's a white paper about the theoretical deanonymisation of users. Essentially the point of TOR is to make sure that no one node knows both your point of origin and your destination address. However, if you hosted an exit node, you do get to see the last hop to the destination, and if you had a significant portion of the other nodes under your control you can then run statistical analysis using insane amounts of computing power to backtrack an individual's jumps through TOR. A private company has had success with assisting law enforcement in this regard. So use more jumps or don't use it at all lol. More jumps still won't help if your exit node is controlled though, they can see all the packets passing through, so any identifiers like username and password are sniffable in theory. Corporate or govt resources are required though for sure.
44:10 I would note that while the Linux commands are real, if you're logged in as root, you wouldn't need to use "sudo" you already have the appropriate privileges.
Would love it if you guys react to watchdogs
Would be an epic episode!
Yes, definitely Watchdogs, any of them!
"it's a UNIX system" - that's a gui from an old Silicon Graphics box
I Jurassic Park's defense, I feel that having a single quick command to initiate a facility lockdown in a place that contains extremely dangerous predatory creatures is probably a good idea.
With the TOR nodes, Elliot could be bluffing how he found out, or he could have hacked enough exit nodes that he has some kind of exit node botnet or something.
Can I just point out a child knows a Unix system, meanwhile on Facebook people are asking how to install Kali.
They're probably installing it on a vm with less than 20gb of hard drive space
Hopefully you guys can react to some scenes from the movie take down. It's the movie done about Kevin Mitnick.
Ok like fair enough but if Mr. Robot is a 6 on realism then Hackers should be a damn zero lol I sense bias.. Also, shocked you didn't include the other holy grail of hacking scenes, the infamous Swordfish scene where Hugh Jackman looks more like he's doing online bidding or gambling than hacking, just from his reactions
nulls byte laugh is hilarious xD
Call him kodyyy
31:51
Man in the photo is Robert Oppenheimer of A-bomb fame.
If you're doing something, you're already doing it theoretically. You can't do anything against a theory.
What about Izzy Morales from Start Up?
I wonder if you were able to create a botnet that overcame all the tor nodes if you could analyze that amount of traffic.
That's sort of what the NSA has done, if you control enough nodes you can run analysis of the pathways etc. There's a cyber security company that had a hand in implementing the theoretical aspects of the attack on TOR.
I'd guess that enabling more than the standard 3 hops would mitigate this to a degree. If they don't control one of those 3 jumps, then they have no access to your departure address or destination address. Though more layers wouldn't help if your exit node was controlled, as that's the only one that knows your real destination. The difficulty is calculating the previous nodes used, to trace you back to your point of origin. In which case more layers to the onion might assist. It required a huge amount of computer power to pull off though, so I doubt it's actually been implemented permanently. The fact that they demonstrated the content of their white paper has made me a little wary of TOR though, I must confess.
Hackers react to Alexs new jacket.
Who is the better hacker, a self taught or an MIT hacker?????
its kind of subjective tbh
@@staceixan yes.
A Caltech hacker lol.
It's subjective really. I'm a disabled dude with too much time on my hands and boundless curiosity, and I could give a lecture for hours on the history of hacking, the exploits of old, the hidden knowledge held by employees of companies over the decades, how enumeration of a target has changed over the years. I could talk about physical security past and present, as well as cyber security both past and present, and all the famous exploits that got people in hot water.
Over the last 30 years I've used most operating systems and learned their foibles, worked tech support fixing hardware, trained people on software and hardware, and had my own company as a security consultant and technician. Some of my favourite time for the last few years is spent doing the school run with my son, and I think up red team exercises, or simulated theoretical heists, and we work through the possibilities together, how each component works (in theory) and how you could exploit that system. He was a precocious child, and I built him his own PC for his 4th birthday in the hope he'd stop messing around with the other computers in the house. He's just turned 16, can code in 5 or 6 languages and his current fascination is with software defined radio, and the data he can extract from the chaos with his Hack RF One. He'll probably go to university, I never did. It would have been a waste of money my parents didn't have. I have ADHD and more than likely a degree of ASD. As does my son, so it'll be interesting to see if he continues to work hard academically, or if he'll drift like I did around his age, with insufficient mental stimulation at school. Also it'll depend if he can function independently of us, as he's non verbal with most people. I've laid the framework over the years and now he does his own research and experimentation, but he's always careful about asking about legality. He's definitely a white hat, where mine is decidedly grey, like my beard is these days. I'm a little more flexible and idealistic than he is. I like to see justice prevail, even if some stretching of the rules is needed.
For me it was always just curiosity, I enjoy exploiting systems. I hate today's multiplayer games, I much prefer to enumerate and exploit a computer character. I guess it's just a by product of old eighties games where timing and precision were mostly what determined whether you could win or not, and exploiting the way the code ran was the only edge you had. I just like knowing how things work, and the more things you understand because you've done that deep dive makes it more natural to digest more information about more things. I have the time to chase down all those tangents and get into the nooks and crannies of history, or find those whispers of exploits past and present. I like these guys and their videos, but they don't seem to have very much in depth knowledge of the exploits. They need to do a few years of reading hacker history to understand the whys and hows of some of these things, and with the more modern stuff they don't seem current. Like exploiting SS7 to get a 2FA password remotely with the user having no clue. That should be common knowledge for anyone calling themselves a security researcher or a hacker. Same deal with BIOS and CMOS rootkits. Both have been extensively written up. You have to stay current on anything tangential to your trade, especially if you're self describing as a hacker lol.
Real hackers built the internet, real hackers bring in bug bounties. Taking an ethical hacking course and working at a company stripping meta data from photos, or sitting and running Metasploit at a desk doesn't make you a hacker. A hacker breaks things and fixes them, they make improvements and implement new ideas, even bad ones like ransomware are still creations rather than canned tools. I draw a line between hackers and security researchers, though there is some overlap, generally speaking people aren't both. Researchers tend to work on a defined goal using the tools at their disposal, whereas a hacker tends to make the tools to fit the job. It's not the coding per se as much as the mindset. The researcher is a scientist, usually the work follows a standard progression. Hackers are more blue sky thinkers, thinking about the theoretical and then implementing that concept. I'm sure there are people that snag bug bounties just using the standard toolkit in Metasploit, but that's all been done by other people before you usually. You need to know how all the components work, individually and in combination, then you can plan your penetration properly. Piss poor enumeration doesn't bring home the bacon very often. You can't just rock up with your canned tools and be a hero every time, it's the mindset that counts. No disrespect to people working in the cyber security industry, but using Linux and Metasploit doesn't make you a hacker. It's misrepresentation as most people given a 45 minute crash course in using Linux, and another 15 on Metasploit, would be halfway there. And the ethical hacking courses I found very interesting, but they don't always focus on the why of things, a lot of it is rote learning, and ultimately not that helpful, plus everything computer related is out of date a couple years down the line. So your knowledge quickly becomes historic, rather than directly practical. So I think in some ways self taught is best, but if you have a good teacher and boundless curiosity then it doesn't really matter where you learn. At this point my son learns more from his own research than I teach him, though I'm still able to elaborate on some of the things he's new to. Whether he goes to university or not I don't think it'll change the fact he's a hacker. I suspect that like me he'd get bored working as a researcher, unless I was very into the subject, or it changed frequently. I lose focus when I get bored, and then my brain functions poorly at retaining new information. But if I'm into it I can spend 72 hours straight on a project and be fully enthused every minute of it. That's just the nature of ADHD, and it's why I didn't apply to university myself. These days I can learn just as much over the internet, although paywalls have been going up steadily for a few years now. Some of the deepweb databases that could be accessed for free are all subscription based now. The late nineties and early 2000s was the golden age of information when everyone just chucked everything online and you could get information about nearly anything. Now it's easier in some ways with social media, and more difficult in other ways with modern OSs and protocols.
Sorry, long ramble.
Edit: I have to admit they do a much better job with this one than the two Mr Robot videos.
Please react on micky virus (bollywood)
is this an email?
no, this is the hellhole called "r/UnixPorn"
Reactions to unfriended and unfriended dark web?
who are you ?