1 1 00:00:01,470 --> 00:00:03,930 What we see so far is some scary stuff. 2 2 00:00:03,930 --> 00:00:05,350 We can create a backdoor 3 3 00:00:05,350 --> 00:00:07,621 that is not detectable by any antivirus. 4 4 00:00:07,621 --> 00:00:09,813 And then we can deliver it in ways 5 5 00:00:09,813 --> 00:00:13,280 that the target person will not even need to interact 6 6 00:00:13,280 --> 00:00:15,900 or they'll be fooled into running the file 7 7 00:00:15,900 --> 00:00:17,900 because they're already downloading a file 8 8 00:00:17,900 --> 00:00:19,803 and expecting an executable. 9 9 00:00:21,720 --> 00:00:23,390 So on today's video, we're going to have a look 10 10 00:00:23,390 --> 00:00:27,110 on how you can prevent that from happening to you. 11 11 00:00:27,110 --> 00:00:28,810 The first thing, make sure you're not 12 12 00:00:28,810 --> 00:00:30,380 being man in the middle. 13 13 00:00:30,380 --> 00:00:32,904 So, this is huge because if you're being man in the middle, 14 14 00:00:32,904 --> 00:00:34,880 chances are you're gonna get hacked, 15 15 00:00:34,880 --> 00:00:36,800 cause we seen in the network section, 16 16 00:00:36,800 --> 00:00:38,940 how easy it is to hack someone, 17 17 00:00:38,940 --> 00:00:40,460 if you're the man in the middle. 18 18 00:00:40,460 --> 00:00:44,900 So, use a tool like xarp or use static ARP tables, 19 19 00:00:44,900 --> 00:00:49,283 don't use networks that you don't know or don't trust. 20 20 00:00:50,330 --> 00:00:52,740 This way you can kinda increase 21 21 00:00:52,740 --> 00:00:54,520 your confidence into your network 22 22 00:00:54,520 --> 00:00:57,710 and into the fact that you're not being man in the middle. 23 23 00:00:57,710 --> 00:01:00,970 Another security precaution is always make sure you 24 24 00:01:00,970 --> 00:01:04,040 use an https, so even on download pages. 25 25 00:01:04,040 --> 00:01:06,240 On the download link itself, 26 26 00:01:06,240 --> 00:01:09,710 make sure it's https link, it's not a http. 27 27 00:01:09,710 --> 00:01:13,010 If it's a https then we won't be able to hijack it 28 28 00:01:13,010 --> 00:01:14,900 and backdoor it on the fly. 29 29 00:01:14,900 --> 00:01:17,720 The updates is the same, if the updates are coming from 30 30 00:01:17,720 --> 00:01:21,623 a https website, then we won't be able to hijack them 31 31 00:01:21,623 --> 00:01:23,913 and make fake updates. 32 32 00:01:26,550 --> 00:01:28,560 Another tool that could be pretty useful 33 33 00:01:28,560 --> 00:01:30,900 is the tool called winMD5. 34 34 00:01:30,900 --> 00:01:33,970 Now, every file that is created has a signature. 35 35 00:01:33,970 --> 00:01:36,310 So you can generate a signature for every 36 36 00:01:36,310 --> 00:01:37,600 for any file. 37 37 00:01:37,600 --> 00:01:39,840 And usually when you download the program, 38 38 00:01:39,840 --> 00:01:42,700 the website that allow you to download that program 39 39 00:01:42,700 --> 00:01:44,680 will also give you a signature, 40 40 00:01:44,680 --> 00:01:46,860 or a checksum of that file. 41 41 00:01:46,860 --> 00:01:49,800 So, if the file gets modified, such as the way we did 42 42 00:01:49,800 --> 00:01:53,720 in back door proxy, so if it gets modified on the way 43 43 00:01:53,720 --> 00:01:56,780 the MD5 checksum 44 44 00:01:56,780 --> 00:01:57,940 will change as well 45 45 00:01:57,940 --> 00:02:00,420 because its calculated from the file 46 46 00:02:00,420 --> 00:02:02,090 and it's a one way function. 47 47 00:02:02,090 --> 00:02:04,313 So, it can't actually be decrypted. 48 48 00:02:05,660 --> 00:02:08,260 So, if anybody modifies the file 49 49 00:02:08,260 --> 00:02:11,760 as it's being downloaded or as it's being delivered to you 50 50 00:02:11,760 --> 00:02:15,990 the MD5 checksum will change, and this way you'll be, 51 51 00:02:15,990 --> 00:02:18,700 you'll know that someone tampered with this file 52 52 00:02:18,700 --> 00:02:20,360 and this file is not the original. 53 53 00:02:20,360 --> 00:02:23,490 Original file that you're supposed to receive. 54 54 00:02:23,490 --> 00:02:25,870 This works into many cases into many scenarios 55 55 00:02:25,870 --> 00:02:27,990 and it's a very important concept 56 56 00:02:27,990 --> 00:02:29,740 that you need to know. 57 57 00:02:29,740 --> 00:02:31,240 So, using the tool is very simple, 58 58 00:02:31,240 --> 00:02:32,660 now there is tools for Linux, 59 59 00:02:32,660 --> 00:02:34,340 and for Windows to do that 60 60 00:02:34,340 --> 00:02:36,940 you can digitally just download the tool and run it. 61 61 00:02:57,700 --> 00:03:01,500 And once you download the tool, you can go on the browse, 62 62 00:03:01,500 --> 00:03:03,160 it doesn't need to be installed, 63 63 00:03:03,160 --> 00:03:05,410 and when you go on the browse, it'll allow you to 64 64 00:03:05,410 --> 00:03:08,920 select a file, and once you do that, 65 65 00:03:08,920 --> 00:03:11,471 then it'll give you the signature of that file. 66 66 00:03:11,471 --> 00:03:14,090 So I'm actually gonna select the download file 67 67 00:03:14,090 --> 00:03:15,363 for the tool itself. 68 68 00:03:19,320 --> 00:03:21,890 And, if we compare the signature 69 69 00:03:21,890 --> 00:03:24,530 with the signature that they're giving us here, 70 70 00:03:24,530 --> 00:03:26,560 you'll see that it's identical. 71 71 00:03:26,560 --> 00:03:29,310 Which means the tool has not been modified 72 72 00:03:29,310 --> 00:03:32,490 as it was downloaded from the website. 73 73 00:03:32,490 --> 00:03:35,450 If you do the same, with any file that you download, 74 74 00:03:35,450 --> 00:03:37,860 then you'll know that the file has not been modified 75 75 00:03:37,860 --> 00:03:40,100 and therefore it hasn't been backdoored. 76 76 00:03:40,100 --> 00:03:41,850 So if there's a file in the backdoor, 77 77 00:03:41,850 --> 00:03:43,965 then the backdoor existed on the website 78 78 00:03:43,965 --> 00:03:45,880 where you downloaded it from. 79 79 00:03:45,880 --> 00:03:50,003 So the website itself was serving you a backdoor.