the Network Engineer tools I use: WAN Killer: bit.ly/WANkiller IP Address Scanner: bit.ly/ipscansw Network Device Scanner: bit.ly/netdevicescanner Wifi Heat Map: bit.ly/wifiheatmapsw Wifi Analyzer: bit.ly/wifianalyzersw SolarWinds NPM: bit.ly/netperfmon GET NORDVPN: nordvpn.org/networkchuck USE COUPON CODE: networkchuck USE THE CODE SO YOU CAN GET 75% off 3-year plan + 1 month free. 🔥Become a 10x Engineer🔥 Join NetworkChuck: bit.ly/2XPaF7u Need help? Join the community: bit.ly/nc-discord
I've spent so much time in coffeeshops working on uni work, and honestly only a year ago I started to understand how easy is to see what people are doing on their laptops... just stand behind them.
If you ever see someone with that much gear showing up in a starbucks just call the cops on their asses and have them explain everything while trying to not get shot or beaten up. But seriously, I am amazed to see how little everyone cares, there are videos of people bringing most of their office (including desktop PCs)..
The hack wasn't anything really noteworthy, what was noteworthy though is that they didn't disclose it to their customers and to the public for an entire year. The hack itself was done from the inside if I recall(from one of their server partners?), and nothing important such as user information or sensitive data was exposed.
I love the fact that your getting your daughters exposed to hobby electronics and even more so, Linux. I wish my parents had, imagine how much I would know today with almost 20 more years of experience. So props to you on that. Evil twin AP's are pretty nasty, you could even send deauth packets to attempt to force them to reconnect to the rogue AP.
The first attack doesn’t make any sense in the real world. TSL/SSL protects from DNS swapping, since it both encrypts the connection as well as guarantees the identity of the website you’re connecting to. Any browser checks that, you can actually see Safari doing the control in the video at 7:08. You don’t own anything, and a VPN is necessary only in the context of a HTTP transaction (which is more and more infrequent) instead of HTTPs
Gianluca Segato puoi comunque vedere quali siti l’host visita. Se ci fai caso in tutti gli attacchi viene identificato il sito come “non sicuro” per via dello swap
@@albertocrescini2076 fair point! credo tu possa vedere solamente l'host che il DNS ha risolto, e non il full path (mi sa, dovrei controllare), ma poco cambia: sicuramente puoi essere spiato quantomeno a livello di metadata (cosa visiti e per quanto). Però è impossibile fare full ownership come nel video, che francamente è misleading al limite del disonesto
@@GianlucaSegato & Alberto Yeah you can only see the domain as the dns request isn't encrypted. You can clearly see in the video that the user is clicking through the obvious warnings in their browser and this isn't even mentioned which is quite shit.
@@StoneColdMalone Not my personal favourite but i think it gets the job done. But its definitely over advertised. if I were you I would look for an alternative.
Just came across this channel and I absolutely love it. Extremely informative and entertaining. Also phenomenal job describing things very precisely with your diagrams. Thank you so much man. Absolutely subscribed and enjoyed your video.
While I respect what you're doing, this video is super misleading for the sake of a commercial. In the video, your wife had to agree to use the website despite the fact the SSL certificate was invalid. Something you have to dig down into the error page to do, something the tech illiterate would never be able to do, and something the literate would never do in public. Additionally, you said you could get her passwords using additional tools, as if this is an effortless thing. Even aside from the error page, if the website the user is using, uses an SSL certificate, this is not trivial. That's not to say you won't get some people, but it's not even close to as easy as you are presenting in this video for the sake of a sales pitch. The real "hack" of this video is the unethical life hack of making people scared to use public WiFi in order to funnel money to your affiliate link.
I agree with everything said here. The overall message of this video is false. I'd expect someone like chuck to not shove something so useless down our throats for money...
@@H12-q7x I mean, I am a software engineer with 15 years in the field. I put myself through college with white hat and black hat tactics back in the day. I am the expert to learn from. I happened on this video because I'm a raspberry pi enthusiast, and seen a deceptive sales pitch.
@@honkhonk165 I am aware of that. You've pointed out many flaws of the video which demonstrates your knowledge on the topic. I was about to comment about SSL encryption myself before I read your comment. I am sorry instead of _"you"_ I should have written _"the audience"_ , I edited my comment to make that clear. I believe these kind of crimes are performed in teams, this is why I wrote _join the mafia_ . I wasn't serious, though :P I still don't think there is a valid concern about being unethical. Yes, this content is overly simplified, incomplete and incorrect, but this is done intentionally for the sake of entertainment / commercial. These flaws *_are the reason why_* this video is so entertaining.
Exactly. You must be incredibly stupid to be hacked - use unecnrypted websites, use the same password for all your accounts, accept all BIG RED ERRORS in your browser.
My body got stiffer thinking is he going to ask people if he can hack them? But the way my body let loose and it was too adorable to process when he says it's his wife! This is why I keep watching these videos, so engaging and exciting. Keep up the work!
Well Chuck to answer your question, they can actually use a simple firewall to avoid these kind of attacks, on the other side of the coin as end users we can and should use host level security solutions along with good security awareness (I'd say this last one is critical). There's a ton of open source/free security solutions you can implement @ your local device whether it is a laptop or mobile device you can use HIDS solutions like Snort, a good proxy solution like K9 software from Bluecoat, and a good firewall and anti-malware a quick Google for "free or open source security solutions" will get you going...ever heard about Sidejacking with ferret and hamster by Blackhat? That was a cool attack back in the days very much similar to what you did. P.S. Just got my brand new Network Chuck coffee mug!! It rocks!!! Just like you, man. Thanks!!!
Well, the solutions you have mentioned would not help in this scenario. Basically he is rerouting your DNS traffic, this is an outbound connection and having a firewall at a host level will allow outbound to 443/80 regardless to the IP address received by the DNS. You need tools with threat intel capabilities that can stop you at a phishing site, it could use HSTS (HTTP Strict transport) or general information of the web page to headers to a lot of factors to alert you. Besides K9 is outdated, SNORT is an IDS/ IPS .. not sure why Chuck has liked the comment, probably just cause of the coffee mug but the details within are inaccurate. A proxy would not help either cause this is a local address, which will likely bypass proxy config. Anti-malware/ Endpoint security/ EDR/ which intercepts web traffic and provides a layer of security is the only useful information here.
The whole thing is very theoretical - you are going to get about 90% encrypted traffic nowadays or Cert Warnings in your Browser, Mail etc, everyone working from there will most likely use a VPN anyway. It's a nice demo for people without a clue but you are far away from "hacking" people in any meaningfull way.
@@Klenric It seems like you're looking for some attention, take my like as relief. Besides we're talking about a single user taking a little care, you wanted to look pretty smart with your comment, but dude.. take it easy, it's just people trying to share knowledge
@@deividjesus10 What a lame response, first of all why do I need attention from a tech channel that too using tech terminology? This is typical RUclips comment, use "attention" when replying to someone if you don't have any logical response. While it's important to share information but misinformation or outdated information when it comes to a dynamic industry like IT is even more dangerous.
@@NetworkChuck Hi, greetings from Mexico, I would love to see a video about setting your own vpn with rb pi or so, I mean not to like have free vpn but to fully understand how this works. Have a good one and keep doing videos like this.
Exactly, these attacks are prevented if the site is https, but the cert doesn't match or isn't authoritative. I don't think a VPN is needed if you visit only https sites and don't accept bad certs in the process, unless you also don't like your DNS being leaked (I personally wouldn't care). These are the basic attacks that the transport encryption and trusted cert authority system was designed to prevent. And most major sites are whole site https these days.
I liked this video just based on the fact that you taught your kids linux. Your kids are going to grow up to think for themselves as opposed to the Desktop GUI thinking for them.
As a CCIE I had a big smile on my face when you performed what we know as simple and easy attacks but most users imagine as the domain (excuse the pun) of super internet hackers ..... Grrr. I don't know about you but when I try and explain the dangers I am branded as a "conspiracy theorist that wears a foil hat and watches for UFO's every night" . I find it hard to make anyone listen or implement any proper security. The only answers I get are that they have a super wow antivirus and firewall (usually Norton or Mcafee LOL) and that nothing can happen. Working in the security field you get used to this but its sad that users have to get pwned and have major issues or privacy loss before they actually listen. People are lazy and just want to click and go. They don't care how it works or what is happening to the traffic once it leaves the device. I have been running a cert based IPSEC vpn on my home network for years so I don't worry about this to much but I strongly believe that there should be more awareness and that schools should teach students actual computer science " Yes people running netstat from the windows command shell does not make you a security expert ". I wish they would just cover even the basics so when asked about packets they do not think of the morning post delivery. Thank you for highlighting just how easily this can be done and bringing awareness and knowledge to viewers. I swish more people would do this. Keep up the great work my friend and hopefully I may bump into you online some day. Keep up the good work my friend. Stu.
@dd active Recently ? Hello from 2015-2016 my dude. Check up on your knowledge, it might be a little ... obsolete. Just like the presented video, also thank you for agreeing with me that even in 2015 you couldn't get away with just what this guy does in the video. Also, there is this CAA thing which lists which CAs can issue a cert for a certain domain. If you are so sure it's so easy to "hack" someone, please go in a starbucks, do what the guys says and come back with paypal info, have a good day and good luck to you!
@@incredible_max just talked to the support desk about this. He assured me that blocking the DNS requests from the app would not effect the preference of the VPN service. I have my doubts as well, but I now see what the original commenter ment.
1st of all, you have really cute daughters and you taught them linux at such an early age, god damn! you're gonna be dad of the year. Anyway, love the content brother, more power to you
Great video. I'm learning ethical hacking now from a Udemy course. It's crazy interesting. I'm retired so I have a lot of time to spend on it, and I am. LOL. Your girls are adorable and as one beard guy to another, nice beard. haha
@@1990spiderman I am doing the "Learn Ethical Hacking From Scratch" course on udemy, really insightfull, example orientated and cheap! for around 15 dollar you cant get anything more compact in my opinion
The only reason i know about the Meraki AP's is because the company that my father works at (he's the Network admin) got a few of them (I think for free) from some cisco event that were trying to show them off when they first came out (I believe). They look really nice and are pretty cool.
the problem is you're still having to trust the VPN company with all your data/passwords (unless you set up your *own* VPN at home) as you're creating your OWN "man in the middle"
@TheRageMaker lol i can imagine this working in the year 2012 only ... This thang is dead and doesn't work on the most of the site anymore .. do a quick search and you will find out
I'm so sick of hearing people hawk VPNs as a solution for protecting you on public wifi. All reputable sites use SSL. All major browsers do everything they can to keep users off of websites that have bad SSL certificates. You do not need a VPN when using public wifi. Chuck either doesn't know what he's talking about or is overstating the value of a VPN to make a buck.
Amazon video, Chuck. You come off as a genuine person which eases the discomfort of learning about this double-edged sword. I'm about to give you an unsolicited suggestion but I mean it with good intentions I promise. I believe you should get one of those routers that people can install specific security + ad-blocking ad ons on and offer to install it for them as a one-time thing.
> spreads awareness of internet security > sponsoring a vpn that has apparently more marketing budget than security budget. hmm.. love the vid otherwise tho.
You need to elaborate on that. Last time I checked, NordVPN was right up there in terms of security features for the end users, and their cybersec, killswitch, double VPN etc. options are very effective. The only issue sometimes is with the connection speed, especially when using some of theses or all of them together. But again, no major flaws in their security, don't know what you're referring to really..
When you connect to a VPN, you have to Trust those VPN providers aren't doing anything nefarious too. It would be better if every company just used SSL.
@@musicalmercy5204 A vpn server is just a computer on a network somewhere that is acting as a server which allows computers to connect to it. If you purchase NordVPN you get a username and login info and connect to their servers in whichever country you choose they operate in. If you do it at home you just run a vpn server on one of your own computers and connect to it from a Starbucks etc. Then websites see you as connected from your home not the starbucks. Or a Nordvpn server in Russia instead of the starbucks 4blocks away. It can mask your location and also secures it from the public wifi you're on for example. You can just watch a few vids of vpn setup to get a better idea.
With so many people now working remotely/WFH this is more crucial knowledge than ever to protect yourself and stores operating public hotspots need to be clued up on even just the very basics. Every store offering public WiFi should have a note/sticker next to the WiFi information saying USE A VPN!! But then that would be a sad day for would-be hackers ;) Love the content!
I used to use a 5Watt chinese Wifi amplifier for deauth attacks with Linset to making the evil twin. I think you should have mentioned that nowadays basically all traffic is protected by TLS with downgrade attacks not being supported with current protocol versions in most cases. So basically peoples passwords and user data is safe without an VPN, what a VPN does is hide the metadata, the DNS requests.
BUT, if i had some beefy hardware doing some SSL/TLS decryption, it would be a different story. I think the scariest attack is an evil twin with DNS spoofing. I can make a website that looks just like target that will fool any average user into logging in.
I had the same thoughts, just depends on how loose your definitions are. Mine was more of a fraternal evil twin attack because I didn’t want to be flagged as a rogue AP.
@@NetworkChuck You could easily put the SSID. As long as you emit stronger and deauth every other clients, it should work! But sure, you should have the permission from Starbucks then, not to violate laws. That's more a phishing AP haha!
What does rooting a phone have to do with anything? And what does Kali Linux have anything to do with changing your Mac address? You can change your mac address on any flavor of Linux.
@@nickstrauser1228 yeah I know every Linux or Unix based System you can change the MAC. You can even do it on a Windows system but on Android you have you have to root it first atleast that's the easy way to do it.
kek, the MAC address didn't change.. it's called Spoofing for a reason. X] Just because it didn't change doesn't mean it can't be spoofed else where or ignored it from the hw itself.
i love your content mister😅 im inspired bcoz when my daughter grows up i'll keep watching her 😂😂 and protect her , im running GNU linux on android i keep practicing 😄 someday i can afford to buy a desktop for more powerfull features to use ..bcoz in android there's alot of limits
Me: *Hacks sisters phone, sends sms message to sisters phone making it look like her phone sent the message* We are the borg your phone has been assimilated Resistance is futile. My Sister: What the hell is this? ( I would love to actually do something like this to my sister some time just to mess with her)
So why were there no Problems with HTTPS? Did you use a self-signed certificate? And the DNS attacks would stop working when browsers implement DNS-over-HTTPS, right?
Good point. I just love the versatility and price of a raspberry pi. In theory, I could configure one and leave it in a coffee show to access remotely.
@@NetworkChuck yeah i agree with dat and with a good powerbank or anythin usb it can stay longer den laptop. `can do many things with kali, mitmf, BEef etc etc :D
Think LeBron James got smth mixed up. No its not if its "open". With WPA2 its another story, but if its Open, u can get hacked the same way cuz your Phone does nothing else than being a Router for others and forward the packets to another connection. If u want so, the Phone is the man in the middle, but in a good way. If u use USB tethering, its safe.
The LTE is pretty secure - it's possible to attack it, but it isn't common. The WiFi connection between the phone and your computer is another matter. Pick an SSID that doesn't stand out (do not taunt happy fun hacker) and a good, complex password (don't use a dictionary word, but make it a nonsense sentence or a complex mix of upper, lower, numbers, and symbols) and you should be ok. Don't do your banking in public where people can look over your shoulder anyway.
I got to attend the RSA conference in 2013 courtesy of my high school buddies who helped start up the pen testing company Pwnie Express. my friend developed the pwnpad which was basically debian shoehorned into android on a nexus tablet in order to run Kali Linux. it also had an external wifi antenna with more power and things like packet injection. some tech blogs were showcasing a demo, in which (in a conference hall with over 3000 people, many of them security professionals) he set up a spoofed router with a generic name likely to be in people's remembered networks (at the time attwifi worked great). this was being video recorded by a few people. within seconds, dozens if not hundreds of connections flooded in, and all the saved automatic login data for Google, facebook etc that it's automatically sent out started streaming down the console in plain text. "you guys might want to blur that part out," lol. it was quite impressive and surprisingly effective in a room full of supposed experts. ofc this was before mobile VPNs were much easier, but I always turn off wifi when I leave the house and run my VPN even over my LTE network. it has an internet kill switch if it loses connection so I am protected instantly even if I join a wifi network somewhere. just found your channel, looking forward to learning more. I really want a pwnpad or a pwnphone (the latter was featured on the show Mr Robot in the second season). distant family (step sister in law) showed me how to use netbus and sub7 back in middle school too, had a lot of fun with friends using exe trojans (with permission ofc, they had to give be their IP address, this was back in the day of aol instant messenger and dial-up). I'm no proficient hacker at all, I was at best a script kiddie in middle school lol, but between that and my friends I definitely got the bug. I've got a live boot usb stick for Kali on hand just on principle, for my laptop. I should know how to use it better though. cheers :)
the Network Engineer tools I use:
WAN Killer: bit.ly/WANkiller
IP Address Scanner: bit.ly/ipscansw
Network Device Scanner: bit.ly/netdevicescanner
Wifi Heat Map: bit.ly/wifiheatmapsw
Wifi Analyzer: bit.ly/wifianalyzersw
SolarWinds NPM: bit.ly/netperfmon
GET NORDVPN: nordvpn.org/networkchuck
USE COUPON CODE: networkchuck
USE THE CODE SO YOU CAN GET 75% off 3-year plan + 1 month free.
🔥Become a 10x Engineer🔥
Join NetworkChuck: bit.ly/2XPaF7u
Need help? Join the community: bit.ly/nc-discord
hey check are you at Cisco impact in Los Vegas this week?
@@bm7752 Naw, chillin' with my new baby. Heard it's going to be fun though!
we need the hostapd.conf data & i have no idea where the hell you found udhcpd tool??
Man, I'm happy for you Chuck! Hopefully you'll come through next year! Cheers
Hey don’t use nord It got hacked into 2 times
I've spent so much time in coffeeshops working on uni work, and honestly only a year ago I started to understand how easy is to see what people are doing on their laptops... just stand behind them.
too true.
That is called shoulder surfing.
@@francinha Hahahaha I was just gonna comment that when I saw their comment because I've been studying for my Security+
Damn this method sucks, i got arested
he protecc
he atacc
but most importantly
he teach his daughter how to hacc
How to hacc
hacc
@@goodmorning77777 yesh
@@WattoW yes my frend
Guy oozes soy beans
If you ever see someone with a Raspberry Pi at Starbucks turn off your Wi-Fi
You won’t see mine.
You can put kali linux on anything, not just pis
@Dvdcd Well then if you ever see someone with an Anonymous mask turn off your Wi-Fi
Rasberry Pi is unnecessary for this. You can setup fake network with your laptop or cellphone.
If you ever see someone with that much gear showing up in a starbucks just call the cops on their asses and have them explain everything while trying to not get shot or beaten up. But seriously, I am amazed to see how little everyone cares, there are videos of people bringing most of their office (including desktop PCs)..
"I will get you, and my daughters will too." is probably the scariest thing you could hear from a hacker.
The funniest thing is that NordVPN has been hacked
And they didnt tell their customers...
I'm more concerned with the lack of responsible disclosure to their customers after the breach was discovered.
The hack wasn't anything really noteworthy, what was noteworthy though is that they didn't disclose it to their customers and to the public for an entire year.
The hack itself was done from the inside if I recall(from one of their server partners?), and nothing important such as user information or sensitive data was exposed.
@@Swede_4_More_Years ... oof
@@ExarchGaming do you know that so many nordvpn accounts are there to buy for cheap. All are hacked. Their security is the worst
"i basically own her life now" hacking sounds like marriage at this point
Herald Yes, any fun is always ruined by marriage.
Cintia I can definitely vouch for that
@@AngelCintiaRockgirl My wife and I have been married for about 11 years now but we still act like we got married a few months ago.
it was funny XD
Even my toilet runs a VPN, trust no one
Smart. Protection where you’re most vulnerable.
@@NetworkChuck protect yer sh1t :)
Go even further don't sh1t at all :] Don't give hackers a chance.
That's not all that runs on your toilet.
@@rehoboth_farm lolll
"Hacking"...........The New Family Activity!
Hacking is fuck with code just tryng 1 million times of click
Nothing wrong with that
1:14 - the attacker is hiddenly right behind the target and and very well disguised ;)
That was the smoothest sponsor segment I have ever seen
So essentially you were hacking wife-i
niceeeeeeeeeeeeeeeeeeeeeeeeeeeee
Let me show you the door, handsome person...
FBI wants to know your location
Every comment from here down is gold 😂
No "essentially" he is showing you a commercial about NORDvpn!!!!!!
I love the fact that your getting your daughters exposed to hobby electronics and even more so, Linux. I wish my parents had, imagine how much I would know today with almost 20 more years of experience. So props to you on that.
Evil twin AP's are pretty nasty, you could even send deauth packets to attempt to force them to reconnect to the rogue AP.
That's what he did...
@@unregisteredaccount6555 exactly, lol😂😂
That’s the point 😃
I may have replied before I watched it all. 😂
@@Star88701 Yeah😅
That is a bold statement:"The MAC Address will never change!". ;D
I should have said the “burned in address” will never change. But ya know, gotta keep it simple.
@@blisphul8084 Android 10 also supports random macs too, by default
$ ifconfig eth0 down
$ macchanger -r eth0
$ ifconfig eth0 up
Nick Strauser
What sort of Linux distribution still uses eth0, eth1 etc? For years I’ve only seen random names like enp0s1 or ens33
@@baileyharrison1030 Linux Kali does
a VPN by its nature is a man in the middle. :P
plot twist.
**hacker__virious* on IG is the best 💯✔️✔️🎗...
“I want you to be scared of public wifi”
*laughs in cellular data*
😂😂
**hacker__virious* on IG is the best 💯✔️✔️🎗...
The first attack doesn’t make any sense in the real world. TSL/SSL protects from DNS swapping, since it both encrypts the connection as well as guarantees the identity of the website you’re connecting to. Any browser checks that, you can actually see Safari doing the control in the video at 7:08. You don’t own anything, and a VPN is necessary only in the context of a HTTP transaction (which is more and more infrequent) instead of HTTPs
Gianluca Segato puoi comunque vedere quali siti l’host visita. Se ci fai caso in tutti gli attacchi viene identificato il sito come “non sicuro” per via dello swap
@@albertocrescini2076 fair point! credo tu possa vedere solamente l'host che il DNS ha risolto, e non il full path (mi sa, dovrei controllare), ma poco cambia: sicuramente puoi essere spiato quantomeno a livello di metadata (cosa visiti e per quanto).
Però è impossibile fare full ownership come nel video, che francamente è misleading al limite del disonesto
@@GianlucaSegato & Alberto Yeah you can only see the domain as the dns request isn't encrypted. You can clearly see in the video that the user is clicking through the obvious warnings in their browser and this isn't even mentioned which is quite shit.
And if you are using DNS over HTTPS, DNS requests can't be intercepted.
@@LtdJorge Heh Yeah I just learnt about that a few hours ago thanks to the UK government complaining about it being in Firefox.
One minute in: "I wonder what VPN this is going to be an advert for?"
Two minutes in: "Oh, it's nordVPN."
Of course it’s nord
@@cyberpunisher8652 Sounds like Nord advertises a lot, but are there any good?
@@StoneColdMalone Not my personal favourite but i think it gets the job done. But its definitely over advertised. if I were you I would look for an alternative.
@@cyberpunisher8652 Express VPN dont save logs - other than nord :)
@@cyberpunisher8652 what's your favorite then?
Nice one bro
Thanks!
Thanks!
@Elizabeth da lezbo bro what’s ur problem?
airmon-ng
airodump-ng
aireplay-ng
aircrack-ng
So many WiFi hacking tools!!
@@daghanabi airmon-ng start wlan0
Just came across this channel and I absolutely love it. Extremely informative and entertaining. Also phenomenal job describing things very precisely with your diagrams. Thank you so much man. Absolutely subscribed and enjoyed your video.
Great video highlighting network security awareness! No one is safe relying on public Wifi. Take care of your own security.
Thank you! And so true.
watched 30 seconds and i got the feeling that this could be sponsored content...
DaPurple J stfu nerd
you should get a computer, then come @ me thanks.
DaPurple J I’m getting a kali Linux laptop soon dumb nerd
@@scooptopus8150 yo chill
While I respect what you're doing, this video is super misleading for the sake of a commercial.
In the video, your wife had to agree to use the website despite the fact the SSL certificate was invalid. Something you have to dig down into the error page to do, something the tech illiterate would never be able to do, and something the literate would never do in public.
Additionally, you said you could get her passwords using additional tools, as if this is an effortless thing.
Even aside from the error page, if the website the user is using, uses an SSL certificate, this is not trivial.
That's not to say you won't get some people, but it's not even close to as easy as you are presenting in this video for the sake of a sales pitch.
The real "hack" of this video is the unethical life hack of making people scared to use public WiFi in order to funnel money to your affiliate link.
I agree with everything said here. The overall message of this video is false. I'd expect someone like chuck to not shove something so useless down our throats for money...
@@H12-q7x I mean, I am a software engineer with 15 years in the field. I put myself through college with white hat and black hat tactics back in the day. I am the expert to learn from. I happened on this video because I'm a raspberry pi enthusiast, and seen a deceptive sales pitch.
@@honkhonk165 I am aware of that. You've pointed out many flaws of the video which demonstrates your knowledge on the topic. I was about to comment about SSL encryption myself before I read your comment.
I am sorry instead of _"you"_ I should have written _"the audience"_ , I edited my comment to make that clear. I believe these kind of crimes are performed in teams, this is why I wrote _join the mafia_ . I wasn't serious, though :P
I still don't think there is a valid concern about being unethical. Yes, this content is overly simplified, incomplete and incorrect, but this is done intentionally for the sake of entertainment / commercial. These flaws *_are the reason why_* this video is so entertaining.
Exactly. You must be incredibly stupid to be hacked - use unecnrypted websites, use the same password for all your accounts, accept all BIG RED ERRORS in your browser.
@@honkhonk165 Can you be my mentor? Srsly
I use my Pi as a VPN to help keep you out! That, and I rarely get on public networks...
This is probably the best way to advertise a vpn, Like THE BEST WAY
My body got stiffer thinking is he going to ask people if he can hack them? But the way my body let loose and it was too adorable to process when he says it's his wife! This is why I keep watching these videos, so engaging and exciting. Keep up the work!
Well Chuck to answer your question, they can actually use a simple firewall to avoid these kind of attacks, on the other side of the coin as end users we can and should use host level security solutions along with good security awareness (I'd say this last one is critical). There's a ton of open source/free security solutions you can implement @ your local device whether it is a laptop or mobile device you can use HIDS solutions like Snort, a good proxy solution like K9 software from Bluecoat, and a good firewall and anti-malware a quick Google for "free or open source security solutions" will get you going...ever heard about Sidejacking with ferret and hamster by Blackhat? That was a cool attack back in the days very much similar to what you did.
P.S. Just got my brand new Network Chuck coffee mug!! It rocks!!! Just like you, man. Thanks!!!
Excellent response!
And thanks for reppin’ the mug!
Well, the solutions you have mentioned would not help in this scenario. Basically he is rerouting your DNS traffic, this is an outbound connection and having a firewall at a host level will allow outbound to 443/80 regardless to the IP address received by the DNS. You need tools with threat intel capabilities that can stop you at a phishing site, it could use HSTS (HTTP Strict transport) or general information of the web page to headers to a lot of factors to alert you. Besides K9 is outdated, SNORT is an IDS/ IPS .. not sure why Chuck has liked the comment, probably just cause of the coffee mug but the details within are inaccurate. A proxy would not help either cause this is a local address, which will likely bypass proxy config. Anti-malware/ Endpoint security/ EDR/ which intercepts web traffic and provides a layer of security is the only useful information here.
The whole thing is very theoretical - you are going to get about 90% encrypted traffic nowadays or Cert Warnings in your Browser, Mail etc, everyone working from there will most likely use a VPN anyway. It's a nice demo for people without a clue but you are far away from "hacking" people in any meaningfull way.
@@Klenric It seems like you're looking for some attention, take my like as relief. Besides we're talking about a single user taking a little care, you wanted to look pretty smart with your comment, but dude.. take it easy, it's just people trying to share knowledge
@@deividjesus10 What a lame response, first of all why do I need attention from a tech channel that too using tech terminology? This is typical RUclips comment, use "attention" when replying to someone if you don't have any logical response. While it's important to share information but misinformation or outdated information when it comes to a dynamic industry like IT is even more dangerous.
This is the first video I've seen from you. I watched 1min52s and I already decided to subscribe. Amazing job, Keep up!
It wold be great if you did a video showing how to set up you own VPN. You can set one up for free through AWS...
AWS gives you only 15GB transfer per month. If you use beyond that, you will have pay for its (AWS) hourly rate. That's what happened to me.
@@The2468101214161 that happened to me too. Got extremely costly for me.
I mention AWS just because I know that Chuck is into Amazon Web Services. Either way, I just think it'd be cool to see how to set up your own VPN.
I’ve been using my own VPN for a long time running off a Cisco router. My biggest problem is speed.
But you’re right, would be a fun video :)
@@NetworkChuck Hi, greetings from Mexico, I would love to see a video about setting your own vpn with rb pi or so, I mean not to like have free vpn but to fully understand how this works. Have a good one and keep doing videos like this.
He made a whole cafe connect to him using only 5% power
This is why I use my local cellular hotspot with VPN tethered.
And this is why kids you do not press "Accept the Risk and Continue" when your browser say the HTTPS is NOT SAFE
Exactly, these attacks are prevented if the site is https, but the cert doesn't match or isn't authoritative. I don't think a VPN is needed if you visit only https sites and don't accept bad certs in the process, unless you also don't like your DNS being leaked (I personally wouldn't care). These are the basic attacks that the transport encryption and trusted cert authority system was designed to prevent. And most major sites are whole site https these days.
I liked this video just based on the fact that you taught your kids linux. Your kids are going to grow up to think for themselves as opposed to the Desktop GUI thinking for them.
Hello my fellow Texan 👋👋. Passed my CCENT this past Friday👍👍 It was tougher than expected.🥵🥵 But worth it😎🍻
Congrats!
Congratulations Jonathan, Keep up the hard work and success will never be out of reach.
Hopefully you expected it to be super easy, barely an inconvenience. I take it this Friday lol
congrats stranger. :)
Congrats!
The good thing to know is you could shut down your neighbors wifi without even knowing their password 😂🔑
Ima buy myself a Raspberry Pi now, your goal of getting people interested in hacking and security is a success!
As a CCIE I had a big smile on my face when you performed what we know as simple and easy attacks but most users imagine as the domain (excuse the pun) of super internet hackers ..... Grrr.
I don't know about you but when I try and explain the dangers I am branded as a "conspiracy theorist that wears a foil hat and watches for UFO's every night" . I find it hard to make anyone listen or implement any proper security. The only answers I get are that they have a super wow antivirus and firewall (usually Norton or Mcafee LOL) and that nothing can happen.
Working in the security field you get used to this but its sad that users have to get pwned and have major issues or privacy loss before they actually listen. People are lazy and just want to click and go. They don't care how it works or what is happening to the traffic once it leaves the device.
I have been running a cert based IPSEC vpn on my home network for years so I don't worry about this to much but I strongly believe that there should be more awareness and that schools should teach students actual computer science " Yes people running netstat from the windows command shell does not make you a security expert ". I wish they would just cover even the basics so when asked about packets they do not think of the morning post delivery.
Thank you for highlighting just how easily this can be done and bringing awareness and knowledge to viewers. I swish more people would do this. Keep up the great work my friend and hopefully I may bump into you online some day.
Keep up the good work my friend.
Stu.
Maybe because the attack doesn't work in the real world ?
@dd active Because tls and certificates exist, which make mitm useless.
@dd active Recently ? Hello from 2015-2016 my dude. Check up on your knowledge, it might be a little ... obsolete. Just like the presented video, also thank you for agreeing with me that even in 2015 you couldn't get away with just what this guy does in the video. Also, there is this CAA thing which lists which CAs can issue a cert for a certain domain. If you are so sure it's so easy to "hack" someone, please go in a starbucks, do what the guys says and come back with paypal info, have a good day and good luck to you!
morale of the story
Block dns servers for Nord VPN when your doing mim attacks
Doesn't work that way
Nord vpn encapsulates dns requests too.
@@coreyl3191 I believe he means that when you can't get the nordvpn ip resolved before opening the Tunnel, you can't open the tunnel
@@coreyl3191the vpn app itself need to get the ip of the vpn server.
@@incredible_max just talked to the support desk about this. He assured me that blocking the DNS requests from the app would not effect the preference of the VPN service. I have my doubts as well, but I now see what the original commenter ment.
This might have been the longest ad I have ever seen :D
If you really want protection, always consider that TOR is way better than a vpn in most cases, and its free.
1st of all, you have really cute daughters and you taught them linux at such an early age, god damn! you're gonna be dad of the year. Anyway, love the content brother, more power to you
Great video. I'm learning ethical hacking now from a Udemy course. It's crazy interesting. I'm retired so I have a lot of time to spend on it, and I am. LOL. Your girls are adorable and as one beard guy to another, nice beard. haha
How is the course?
@@1990spiderman I am doing the "Learn Ethical Hacking From Scratch" course on udemy, really insightfull, example orientated and cheap! for around 15 dollar you cant get anything more compact in my opinion
@@crtvofficialchannel8833 could you please share the course url 😇🤗
@@crtvofficialchannel8833 thanks bro 🙂
Guess they didn't teach you about https, huh ?
Good thing Starbucks runs on Cisco Meraki AP's and automatically stops and alerts of all those attacks!
How do they do that? Do you get a message on your screen?
The only reason i know about the Meraki AP's is because the company that my father works at (he's the Network admin) got a few of them (I think for free) from some cisco event that were trying to show them off when they first came out (I believe). They look really nice and are pretty cool.
MERAKI, admin at my site watch that air marshall is tight
Alex Pavlock - Meraki gear has proven to be near-bulletproof and golden, for sure.
the problem is you're still having to trust the VPN company with all your data/passwords (unless you set up your *own* VPN at home) as you're creating your OWN "man in the middle"
**hacker__virious* on IG is the best 💯✔️✔️🎗...
@dd active or just get a cheap or free linux virtual server somewhere and run a socks-proxy
I wanted to learn Linux and when I found your channel I learnt it and I’m now a pro
I know it’s an old vid but I don’t see the more in depth blog/video mentioned linked anywhere. Thanks for this and please do more!
This was one long but really great advertisement. I learned alot
Ssl laughing at the background
I was scrolling through the comments just to find someone talk of SSL...
@@rohanmalik895 i know .. the video is pretty dump we are in 2K19 and he didn't mention ssl ... sites that use http aren't important.
*TLS
@@mralderson5627 whatever
@TheRageMaker lol i can imagine this working in the year 2012 only ...
This thang is dead and doesn't work on the most of the site anymore .. do a quick search and you will find out
I'm so sick of hearing people hawk VPNs as a solution for protecting you on public wifi. All reputable sites use SSL. All major browsers do everything they can to keep users off of websites that have bad SSL certificates. You do not need a VPN when using public wifi. Chuck either doesn't know what he's talking about or is overstating the value of a VPN to make a buck.
Austin Simas Definitely the latter
He needs to make money...
Nice! I'm going to rickroll my family's LAN! You are going to make me SO prepared for the next April 1st!
I love how this is a video about hacking but is also educational and wholesome haha x) you're an awesome father chuck ! 👍
DNSCRYPT also protects you - no need to have a VPN in order to bypass these DNS attack
explainlikeim5?
Do you have the walk through done yet? I am very interested in reading/watching it. Thank you for the awesome videos!
Wow dude you have a very beautiful wife . WHAT A LUCKY MAN
Wanna hack her? ;)
@Finlay Indeed
Very smooth way to lure people to use a vpn with scare tactic. Upfront, you will toss 22 min down the drain to an advert
Thank you for all your help and lovely support
Drink coffie in a coffieshop?
I never known that they do that...
I'm dutch ;)
Smoke weed every day
lmaooo
Stfu nerd
HAHAHA lekker wiet gerookt ja?
This is exactly the reason I don't use free WiFi. I also setup a hotspot on my phone for my family to connect to if needed.
Another fantastic way to protect yourself. As our speeds increase we won’t need WiFi.
Amazon video, Chuck. You come off as a genuine person which eases the discomfort of learning about this double-edged sword. I'm about to give you an unsolicited suggestion but I mean it with good intentions I promise. I believe you should get one of those routers that people can install specific security + ad-blocking ad ons on and offer to install it for them as a one-time thing.
Channel sponsors are a better YT timestamp then the YT time stamp.
Watching this Video at 4am! So amazing and very well put together. Awesome Sauce!!!
Damn
We all started somewhere...
brings me back to when i was a script kiddie
I am in the *script/programming/whatever kiddie* phase now :D
That coffee shop is down the street from my house 😯
Great coffee. Insecure network ;)
Go help them!
> spreads awareness of internet security
> sponsoring a vpn that has apparently more marketing budget than security budget.
hmm..
love the vid otherwise tho.
I just caught on *cough* sponsored *cough* but good info nonetheless
You need to elaborate on that. Last time I checked, NordVPN was right up there in terms of security features for the end users, and their cybersec, killswitch, double VPN etc. options are very effective. The only issue sometimes is with the connection speed, especially when using some of theses or all of them together. But again, no major flaws in their security, don't know what you're referring to really..
This the longest and most entertaining NordVPN ad yet
You are by far the coolest person alive.
hacking with permission
it is like knocking the jail door before entering
Haha its weird to hear the word coffeeshop because in the netherlands a coffeeshop is a shop where you can buy legal drugs like weed
Why not call it a street pharmacy?
When you connect to a VPN, you have to Trust those VPN providers aren't doing anything nefarious too. It would be better if every company just used SSL.
True.
Or create your own vpn server at home. I have 3 at 2 locations depending on what I need access to
What is the difference? (I'm trying to keep up with tech and would like to be educated pls)
@@musicalmercy5204 A vpn server is just a computer on a network somewhere that is acting as a server which allows computers to connect to it. If you purchase NordVPN you get a username and login info and connect to their servers in whichever country you choose they operate in. If you do it at home you just run a vpn server on one of your own computers and connect to it from a Starbucks etc. Then websites see you as connected from your home not the starbucks. Or a Nordvpn server in Russia instead of the starbucks 4blocks away. It can mask your location and also secures it from the public wifi you're on for example. You can just watch a few vids of vpn setup to get a better idea.
Woah, this looks cool. Imma buy one
* sees $100 price *
Aw hell nah
Q: Why is the girl wearing that mask?
A: Because she wanted to be anonymous.
I like how this is for “learning” purposes
he teach us to use vpn in public network stupid..
Amazing channel! Family based, and education/ hacking... truly a unique take!
With so many people now working remotely/WFH this is more crucial knowledge than ever to protect yourself and stores operating public hotspots need to be clued up on even just the very basics. Every store offering public WiFi should have a note/sticker next to the WiFi information saying USE A VPN!! But then that would be a sad day for would-be hackers ;) Love the content!
My wife and I got engaged at Conversations! I'd love to meet you there! Haha
I used to use a 5Watt chinese Wifi amplifier for deauth attacks with Linset to making the evil twin. I think you should have mentioned that nowadays basically all traffic is protected by TLS with downgrade attacks not being supported with current protocol versions in most cases. So basically peoples passwords and user data is safe without an VPN, what a VPN does is hide the metadata, the DNS requests.
I'd clarify SSL is obsolete. You may have wanted to say TLS...
BUT, if i had some beefy hardware doing some SSL/TLS decryption, it would be a different story.
I think the scariest attack is an evil twin with DNS spoofing. I can make a website that looks just like target that will fool any average user into logging in.
NetworkChuck if you have the means to crack tls traffic then nord vpn doesnt really have any benefits. But maybe #NSA can give some insight
Well, thanks for covering Linux :) Linux is a platform that completelly replaced Windows to me.
jokes on you there is no starbucks where i live
weshuiz13 do you live in the ocean
@@goodmorning77777 probably in a village somewhere in the Congo
I remember when my friend across the states was able to turn off my wifi! shit was impressive
i wish chuck was my dad,that would’ve been so much more fun.
If you are not using the same SSID and deauthing the original Network then this is not an evil twin attack
Am I right ????
I had the same thoughts, just depends on how loose your definitions are. Mine was more of a fraternal evil twin attack because I didn’t want to be flagged as a rogue AP.
@@NetworkChuck You could easily put the SSID. As long as you emit stronger and deauth every other clients, it should work!
But sure, you should have the permission from Starbucks then, not to violate laws.
That's more a phishing AP haha!
00:31 coffee really is dangerous, over 500 people die annually from caffeine overdose.
Chuck: your MAC address will never change
Me: roots phone changes MAC than use Kali Linux to change my PCs MAC
😎😎Yup it will never change
*For most people
;)
What does rooting a phone have to do with anything? And what does Kali Linux have anything to do with changing your Mac address? You can change your mac address on any flavor of Linux.
@@nickstrauser1228 yeah I know every Linux or Unix based System you can change the MAC. You can even do it on a Windows system but on Android you have you have to root it first atleast that's the easy way to do it.
@@nickstrauser1228 on Android I think you need a rooted phone to change MAC. But i'm not 100% sure
kek, the MAC address didn't change.. it's called Spoofing for a reason. X] Just because it didn't change doesn't mean it can't be spoofed else where or ignored it from the hw itself.
I have ever done all those attacks but I really enjoyed the video, I actually laughed in the evil twin part! Good Job!
i love your content mister😅 im inspired bcoz when my daughter grows up i'll keep watching her 😂😂 and protect her , im running GNU linux on android i keep practicing 😄 someday i can afford to buy a desktop for more powerfull features to use ..bcoz in android there's alot of limits
How could nerds like us get such a pretty wife :P no offense great vid keep it up !!
money
"I want you to hack your friends, your family"
~NetworkChuck
Me: *Hacks sisters phone, sends sms message to sisters phone making it look like her phone sent the message* We are the borg your phone has been assimilated Resistance is futile.
My Sister: What the hell is this?
( I would love to actually do something like this to my sister some time just to mess with her)
BRO your music is SO LOUD compared to your voice in the volume mix...
Do you know anything about the Evil twin's attack? "Wooow, I asked you the question before watching the video and the first thing you come up" 😁👌🏻
i've never seen someone being so honest
So why were there no Problems with HTTPS? Did you use a self-signed certificate?
And the DNS attacks would stop working when browsers implement DNS-over-HTTPS, right?
ok big guy
The trick is to just block VPN on the attacker network.
duh
@@purpshell what does that do - noob
Damn I should have waited to get Nord lol
Thankful for browsers being able to detect spoofing. VPN is good too obviously.
Good vid! Can u make an updated version? like a bit more in depth how to do it (for educational purposes only ofc)
Good luck doing that with one antenna only
"come play with us daddy" cmon bruh im here trying to sleep lol
danny* lol
by da way why need raspberry pi if you can install kali linux on laptop :p it will do more good
Good point. I just love the versatility and price of a raspberry pi. In theory, I could configure one and leave it in a coffee show to access remotely.
I bought a cheap laptop for $35 and I'm currently learning Linux with it
@@NetworkChuck yeah i agree with dat and with a good powerbank or anythin usb it can stay longer den laptop. `can do many things with kali, mitmf, BEef etc etc :D
You can hide a pi much easier than a laptops but for everything you don’t need to hid it for a laptop is better
In general, is tethering to a cell phone's LTE connection over WiFi secure? Or does it suffer from the same possible hacks?
Think LeBron James got smth mixed up. No its not if its "open". With WPA2 its another story, but if its Open, u can get hacked the same way cuz your Phone does nothing else than being a Router for others and forward the packets to another connection. If u want so, the Phone is the man in the middle, but in a good way. If u use USB tethering, its safe.
The LTE is pretty secure - it's possible to attack it, but it isn't common.
The WiFi connection between the phone and your computer is another matter. Pick an SSID that doesn't stand out (do not taunt happy fun hacker) and a good, complex password (don't use a dictionary word, but make it a nonsense sentence or a complex mix of upper, lower, numbers, and symbols) and you should be ok. Don't do your banking in public where people can look over your shoulder anyway.
@@michaelmichael8406 this is what I was getting at--tethering to your phone over WiFi. Thanks for the info.
Me: uses a vpn
Also me: Somehow still gets haxed
Again me: disconnects from WiFi
The universe: THE FINAL SOLUTION HAS BEEN FOUND
I got to attend the RSA conference in 2013 courtesy of my high school buddies who helped start up the pen testing company Pwnie Express. my friend developed the pwnpad which was basically debian shoehorned into android on a nexus tablet in order to run Kali Linux. it also had an external wifi antenna with more power and things like packet injection. some tech blogs were showcasing a demo, in which (in a conference hall with over 3000 people, many of them security professionals) he set up a spoofed router with a generic name likely to be in people's remembered networks (at the time attwifi worked great). this was being video recorded by a few people. within seconds, dozens if not hundreds of connections flooded in, and all the saved automatic login data for Google, facebook etc that it's automatically sent out started streaming down the console in plain text. "you guys might want to blur that part out," lol. it was quite impressive and surprisingly effective in a room full of supposed experts. ofc this was before mobile VPNs were much easier, but I always turn off wifi when I leave the house and run my VPN even over my LTE network. it has an internet kill switch if it loses connection so I am protected instantly even if I join a wifi network somewhere. just found your channel, looking forward to learning more. I really want a pwnpad or a pwnphone (the latter was featured on the show Mr Robot in the second season). distant family (step sister in law) showed me how to use netbus and sub7 back in middle school too, had a lot of fun with friends using
exe trojans (with permission ofc, they had to give be their IP address, this was back in the day of aol instant messenger and dial-up). I'm no proficient hacker at all, I was at best a script kiddie in middle school lol, but between that and my friends I definitely got the bug. I've got a live boot usb stick for Kali on hand just on principle, for my laptop. I should know how to use it better though.
cheers :)