They do if they appreciate high contrast with low backlight, and less eye strain. It's not the Default, but I set my Command Line to display Green on Black, for authenticity, aesthetics, and aforementioned benefits for both human eyes and display devices
I work as an IT technician and this is hands-down one of the most interesting videos you've posted in a very long time. Absolutely invaluable for a quick look into how things are changing in our digital landscape on a daily basis.
yeah definitely most informative from even just a consumer standpoint as well. As someone who lost a GPU to a cracked Win10 a few months prior I've recently been learning about a lot of this stuff.
Back in the day, I discovered 45k-50K instances of the Nimda worm on the college campus network. I notified the professor of my findings. Shortly after, the Network Admin was let go for downloading "stuff".
Malware analyst and digital forensics analyst here, super pleasantly surprised to see LTT do a video on my job and VX underground. They're one of the cooler parts of the info sec community. Very good surface level explanations on lots of different concepts here too!
Hard disagree. LTT is not part of the infosec community. Linus repeatedly has scare-mongered about the tools we use often and engages in clickbait said tools. This is just another video of him chasing a trend. This man has no business covering security considering he can't even get his own security in order in-house.
In your professional opinion, what's the best security measures for beefing a linux operating system. Any tricks? And what might be the best software tools to use for linux? Cheers. Edit: Also, is there anything I can do to prevent Spectre v2 and Inception exploits?
same here. except i do IR instead of DF plus I write my own malware too after hours, it's really fun to fight windows defender, crowd strike, sentinel1 etc as a lone wolf. to answer the comments here: @luminatrixfanfiction what ports are open on your linux box? close everything you don't need, update often, dont copy paste sudo commands from the internet, set up fail2ban, tune it and/or disable password login and only allow key logins, install & tune firewalld, same with selinux, you can try using vulnerability scanners, internet is your friend regarding linux hardening @johndank2209 you want the long or short answer? i'll give you a shorter one: Ransomware and/or ransomware as a service, data leaks, ease of extortion for millions thanks to people not thinking. hacking a computer is easy if it's not protected by EDR software costing tens of thousands of usd. and even then i find a way to bypass it 1-2 times a month on average (that i don't disclose because it's too fun lol)
"If we get infected, I dont own the company" is such an on point statement about company security and why its so hard to keep the weakest link from nearly always being the human element.. people dont care much if its not their stuff
The reason human's are the weakest point is because they are human. Its not about 'caring', humans can't be programmed. They're squishy water blobs they behave unpredictably even when they actively desire a particular outcome and have been trained on it. Humans are prone to things like errors and stress where as cybersecurity tools less so. Human could have a raging hard on for the company, that isn't going to make them a stalwart defense against a skilled social engineer attack.
I think the more realistic POV is that the average company person, secretary or whichever can cause the infection, doesn't get paid enough to give a shit about the company.
Enterprise-grade antivirus is genuinely pretty cool. At a bank I worked at a new sysadmin downloaded some defanged test malware and we got to watch first as our Windows Server instances migrated the new files on the file server to its redundant partner, then to a remote site and then the redundant partner on the remote site, etc. and the AV identified and raised alarms to it every step of the way. So we knew #1 fileserver replication was working well, and #2 the AV successfully identified it and mitigated it every step of the way
The guy you mentioned, Marcus Hutchins, who defeated the wannacry virus has a TH-cam channel and makes very informative videos on Cybersecurity and I.T Security in general. If you are doing any more videos like this, you should have him on. He is really interesting.
This would legitimately be one of the most interesting collaborations of all time. Marcus is super knowledgeable on this kind of stuff and the guy is quite literally a gold mine of information
I work for a company I can't disclose, and work in environments that use ThreatLocker. I can swear that ThreatLocker is very good at what it does. Including stopping Microsoft from running it's own software because how it handles some parts of it's programming can look fishy.
5:40 The UAC (admin popup) bypass hasn't been "patched" because there is nothing to patch. It is trivial to bypass UAC on a default Windows install. This is an interesting thing to research, but here's the TL;DR. A long time ago people got annoyed by having UAC popup for everything. So, Microsoft made it so UAC only pops for some actions, not all, by default. Unless you manually restore UAC to it's full control, most people would consider it useless.
@@Raivo_K It is useful to prevent unwanted admin actions. I am on 10 and i think the only times it comes up is when i am running unsigned code. I kind of run a lot of it since no one has time to sign all their code on git hub. Other than a few servers that mostly came from the pip and git commands i have not seen it in a while. Installed everything and now as i am not installing anything anymore nothing seems to trigger UAC but some github projects when it is set to default on windows 10.
Now that I think about it, I was doing that too at some point. I was working on some automated scripts and I figured out how to disable UAC, spawn my shell and enable UAC again after. I was using registry edits too... It did need to be run by an admin user tho, so on corporate pcs that would likely do nothing. Their apporach seems to delegte the shell execution, so it might actually be privilege escalation.
The frustrating thing is you still can't whitelist specific programs. It would be trivial to give it full control if you just had to click it the first time you opened a program. And default Windows still pops up every time I want to play a Steam game.
I would suggest setting up a small scale model of a networking enviroment of a typical office and show from begining to end how this works. I would love to have such a video to show as a demo to our employees. We are a hospital hat was hit by randsomware a few years ago, and being able to show people how these things work and why certain security measures are crucial would be a godsend. Might even make a small series or a few PSA's to spread the word.
Long term cybersecurity staffer here, maybe I’m dead inside after all these years but this wasn’t shocking to me… it’s a great educational video for those outside of the industry though. Great work guys!
What most movies/shows portray is people with terminals frantically writing lines of code to hack into something. So a lot people don't realize that these days it's mostly done by clicking on options in a GUI that someone has coded together for other people to use and you just have to figure out how to get it on someone else's computer.
@@resresres1 so you definitely dont work in cyber, yes everything is done trough a terminal and maybe burpsuite for pentesting but everything else is 100% terminal. these gui malwares are just made after the malware wasnt a threat anymore to get used by script kiddies, so idk where you get your info from but you should ask for a refund on your knowledge.
@@iissss9847 Probably not. The wires are insanely thin, they can't push a signal strong enough to do anything. They're just sensors. Pretty simple sensors too, they just pickup the electricity from the brain. I'm not really into them being able to read, see, hear, and decode all my thoughts buuuuuuuuuuuuuuuuuut still. Nothing would happen with how the device actually works. It's pretty interesting.
I got into ITSec in ~2016 and even went on to study it in college. Currently work as a SOC Analyst (Security Operations Centre). VXUG, Smelly and staff do great things for the ITSec community. Love that you made a video on something like this. I can honestly say it's just the very tip of a iceberg that keeps getting deeper.
Threatlocker is actually pretty great. You can create policies for groups of machines, and then you can use their built in app policies to allow things like "all office suite programs" to whitelist them, or adobe reader, for example. The policy will allow future version to run automatically when a new version comes out, and you can even prevent older versions from running (such as if a vulnerability is found in an older version). You can also sandbox a program in a vm to see if it's malicious, and allow or block it based on that result. It's actually a very sick suite of tools.
As an old time computer builder/administrator, its very nice to see that you are letting us what the hell we are getting hit with. Who wants to venture into the dark realm just to learn about what your getting hit with? Not me! The strongest defense is knowing your opponents offense so you can counter react! Great job guy's, as i was nervous for ya just watching this clip.
the truly scary part about this is not that the threat actor can take control of the infected system but that they can plant files on it I mean if possession is nine-tenths the law how exactly could you convince someone that the files on your computer are not yours
I mean... How are they going to know they're there at all? Like, we can't type this on youtube, but we know what type of thing you're thinking about. Nobody is busted for that type of thing because someone calls the authorities with a random claim that you possess it. There's a whole lot more that goes into it than that.
@@rawhide_kobayashi On the 2nd re-read, I realise you meant something different as in a random accusation, not a random person finding it. That being said, I'm sure the police would find a way to get to someone's device if that kind of an accusation was made. Just look at all the fake rape accusations made, and men getting arrested because of it. No proof needed. You think police follow the law of needing proof? Lol
@@PartyhatRS I actually got a perfect score in the reading comprehension portion of my ACT, tyvm. It is in fact YOU that has the poor reading comprehension, child. You've offered nothing but an unsubstantiated claim which is completely irrelevant to the topic at hand.
Honestly, that moment of silence followed by: "Anyway... good luck" is both hilarious, but very successfully portrays how genuinely concerning a lot of this stuff is. In some ways, it gives me the same kind of feeling that I get when I think about the reducing efficacy of antibiotics. Obviously not quite the same, but both give me the same kind of feeling.
Its also worth mentioning that modern malware has sanbox escapes built in. These can run checks to see if the binary is being ran in a AV sandbox and then not fire. For example windoes defenders sandbox's hostname is "HAL9TH" so adding a check to see if the systems host name is this then exiting without firing can help
I helped a company that leased systems for medical use develop tools to lock down their equipment remotely in the event of an attack. I was an intern there working on hardware, repairing circuit boards and testing cables/peripherals, they had me take a couple of the most popular systems including a dell latitude business tower and a Lenovo thinkcenter mini and had me desolder all of the networking hardware from the board. It was a stupid fun project. 10 years as an automotive mechanic and now I'm getting my BS of computer science in cyber security and computer forensics because of that project!
One time I discovered a C99-style backdoor on a server I was maintaining. Instead of deleting it, I just password protected it. It was honestly so useful because it had a ton of features and they were all very easy to access. The serious answer to your question though is that this is software made for customers with lots of alternative options, so the better the UI is, the easier the sales pitch is.
Microsoft has been sued so many times for making software that competes with 3rd party software so they just leave everything half baked. Apple can bundle anything in mac-os without complaints or lawsuits.
because at one point companies stopped caring about customers, and the design teams got disconnected from actual users and programmers so now it's more important to look "modern", than to actually be useful, because being useful is "ugly" to the designers due to all the "clutter" and partially also accessibility, I suppose, but that's always been a tertiary concern (like, text size, and spacing between buttons, and stuff)
You should do this again, but the other way around: Install as many AVs and other security software you have access to or can get access to as possible, run them simultaneously / in parallel and see how badly they fight each other and how bad the system slows down by actually "friendly" programs and "optimizers". If the system still works after that, use this archive and see how much of it is actually caught in the process vs. how it performed now.
My understanding was those virus files are not executables and the ones zipped up are password protected. That system probably joke itself and not run properly with that many AV and or malware scanners running.
Linus, i L.O.V.E this video. I will be sharing this to all my Ops teams and e suite wannabes in my turf. We actually use threatlocker and it was amazing seeing them sponsoring you. They really are great folk. Pricey but great.
Security through obscurity is just one layer of defense in depth. I had a client that hired a consultant to write a public utility SCADA system report. The utility then then stuck it on their public web site because "freedom of information". The document had a clear layout of their SCADA network with all IP addresses. This is an example of no obscurity.
As far as I know, FOIA doesn't create disclosure requirements for technical data deemed critical to infrastructure/operational security. In fact, there is clear language in FOIA (both Fed and at least some states), as well as court cases relating to this issue, that creates exemptions for such disclosures. Idk the exact organizational setting for your situation, but it might be worth looking into yourself if it's keeping you up at night 😅
@@sean361 My State has laws to keep some information from public view for public safety. This can be appealed to a judge for review but this type of document is easy to defend.
Why TF a SCADA of important is accessible on the internet is just beyond me. Ideally they should be isolated from the internet but I guess we have to connect up everything so the vendor can RAT in.
True, but it's really one you MUST NOT under any circumstance rely on it in any way. Especially when it comes to how networks are laid out, it's just more of a small annoyance at this point than anything else. Think of it like throwing a big paper towel over a tank for protection. It doesn't do a whole lot, but it's also not completely useless.
Security by obscurity should only ever be the first layer of defense. In itself, it is not real security, but it can help slow down attackers or help weed out weak automated attacks.
Cool to see a more cyber focused video - VX underground are probably one of the most sacred resources we have in the industry - the team there are incredible with what they do
I'm not too happy at the small section on wordpress. As a web dev, many people that don't know about this stuff could easily see this as "wordpress is insecure", but it's worth heavily pushing that the security of any piece of software with plugins should be treated like anything else. Don't install dodgy shit and make sure you trust the thing you are installing. Just because it's made for something, doesn't mean that company or project made it.
This especially goes for custom sites, where NPM packages and JS libraries can change owners and suddenly become malicious. Same goes for CDN sources for JS libraries.
It would be really cool to use a RAT in your next episode of secret shopper to report on if technicians are accessing your personal files. It's a known issue and a company's internal policy for safeguarding customers privacy is ABSOLUTELY a thing to consider when sending a PC off for repairs.
12:43 My manager started this whole fucking thing with the team about opening tickets for any software we downloaded and wanted to install, documenting checksums and validation, etc, what algorithms were acceptable and which would be rejected. An absolutely inane campaign lasting weeks. I kept asking to meet with him about it until he finally agreed and I asked him, "Imagine yourself as a theoretical threat agent that had managed to infiltrate our vendor's website data, packaged and prepared a malware payload. Now, are you going to just change the file? Or are you going to modify the website to update the checksum as well so it 'matches' your modified package?" A day later, we received an email letting us know that manager approval was no longer a pre-requisite for software-install tickets and we could complete the installs without waiting for a manager, as long as documentation was in the ticket.
@@purewaterruler Checksums are only useful when the content you're downloading is hosted on a third-party website. People frequently do that because hosting your own downloads is CRAZY expensive, especially for small and/or open-source projects.
There are vastly less chances of geting something fishy from the vendor site via agent infiltration... What you'd more likely get is something that looks like the vendor site.
Its almost like... tools like app locker are a thing... And that there are reasonable ways of going about managing what users can and cannot install. You should just publish packages users can install and disallow anything else. Users shouldn't be allowed to install random crap, and service desk analysts who hardly know their butt from a hole in the ground shouldn't be deciding what is 'safe' either. Just... freaking manage it properly.
We had something like Borat at college 25 years ago, it was built into a whack-a-mole game, you could do weird stuff like open the CD drive, put up dialogue boxes that said 'yes' or 'yes'
I wrote something similar to screw with my uncle. Man worked in I.T. for 15 years and bragged about being immune to viruses, I had a dialog box that said Cupholder? Yes or Yes and opened his unused cd drive. It is terrifying how easy it is to make a similar attack.
You know its a serious ltt video when the background music completely stops, leaving this uncanny, uneasy feeling. "Am I really watching LTT. Where's the tunes???"
15:17 Regarding the XZ backdoor, it was far, far more scary than that. They were actually backdooring ssh, which for those unaware is a common remote control software that you often use to interface with Linux servers. Ssh doesn't even use XZ directly, it's patched in by some versions of Linux, so the people who works on ssh would have no ability to detect it by just testing their own stuff. If it had gone undetected it could have backdoored a significant number of Linux servers, and no one would know.
~2006 we would pose as WAY TOO YOUNG TO HAVE ANYTHING TO DO WITH A CHAT ROOM and offer photos of our not-real selves. We were in high school, and we’d provide jpegs that were actually exe’s. Once they opened it, it was open season on these gnarly creeps. They were always the same type of creep (we could see what they looked like) and it almost always ended in their computer being broken. I still don’t know how we did it.
This was an amazing educational video. I bet you this helped some college level classes for the future. I appreciate the balance of entertainment and learning videos LTT does. It’s what makes this channel so enduring
What's really scary is that for every one zero-day that gets reported and patched, there are probably at least 100 zero-days that get sold off to nefarious individuals that go unnoticed and unpatched!
I work in CyberSecurity and I want to add that keeping software and OS up-to-date is extremely important. Also, having a good sense of skepticism is essential, don't run executables you don't trust fully, don't always think messages coming from someone you know are legitimate.
Do you know if it make any difference if you work on a standard account without any administrative privileges? It seems like the save thing to do, but how do all these companies end op with encryption locked systems. The first thing any IT admin does is take away privileges.
@jeroenk3570 It makes a huge difference. It's a lot harder to give admin privilege to malware when you, a user without admin privilege, try to execute it, despite UAC bypass, if you're using a non admin user, you'll get an admin login prompt. Some malware can still mess in your user files, but the extent of the damage is more limited.
Reminds me of SUB7 back in the day, but honestly, I feel like the UI on S7 was actually better, it obviously didn't have the same number of features, but then again, it didn't need them back then. Super cool video.
I wish they shouted out their website and asked viewers to donate. its a great resource and great to donate to researchers who are in the front lines of stopping these advanced threats.
@@acters124 well they did the next best thing, by showing the website (with url), and saying that it's available for free, but they paid just as a donation and it's understandable they don't want to directly give malware to people, don't want some kid RAT-ing the entire school or whatever
I'm confused and sad, because compared to other remote access software, like team viewer, this thing are lightweight, easy and fast to setup and super functional. Literally thinking about switching to this thing for my remote access.
Really appreciate more infosec content on LTT lately. While zany PC builds are interesting, this is the kind of subject matter that can be more readily applied, especially among IT folks who don't have much time to game. I hope you guys stick to the trend.
As a basic pentester that always wants to learn more about how exploits work and looking to learn about how malware is created, I learned so much in this video looking forward to see more videos related to cybersecurity
super fun video, I do malware reversing for work; its cool to see a big channel like LTT giving people exposure to these topics in an easy to approach way. Great work! Hope to see more infosec type content in the future.
I've been hesitant to touch stuff like this because I don't want to give the false impression that I'm a security researcher. I have a ton of respect for what folks like yourself do.
We use threatlocker at work, and man, it really is the best product out there. Even better than the product is the support and people behind it. Once you get this thing down its a beast.
me: "so how many of these 650,000 files on this hard drive can threatlocker protect me from" threatlocker says "we only support up to 70,000 of those" me: "what about the rest?"
@hamishahern2055 uhhhh do you understand how threatlocker works??? If you did, then you'd know anything not baselined/policy matched is hitting a default deny. Danny is one of the great leaders in cybersecurity with an innovative and proactive approach
12:55 This isn't a specific PHP problem, but will happen in any language where the developers are new / lazy / don't know what they're doing. It only seems more common in PHP because PHP is / used to be the biggest language most people started with. As always, when coding anything security related in your language of choice, make sure to research what the current recommended methods are because they change frequently.
You're absolutely correct. I'd go so far as to say that it probably wouldn't have been anywhere near the issue that it is were it not for WP themes. Design firms would get hired to make a theme, they would design something that looks really great, then they'd cut corners on functionality by having anything that couldn't be accomplished with ACF simply coded in house by a designer that knew just enough about hooks to be dangerous.
I mean... at that point you might want to invest into the software most schools use to monitor the computers the students use. These types of software are basically a toned down Borat Rat. That being said, It's a lot of power you're going to be handling, and you better be able to not let it go to your head.
4 หลายเดือนก่อน
I mean you already have free to use programs like teamviewer quick support module.
If you guys can't manage to not act maliciously on family or spy on them for whatever reason other than when diagnosing a problem (with their permission), then you don't really deserve family.
This is probably one of the most interesting videos i've seen on this channel. Am currently studying software in university and had my eyes glued to the screen the entire time!
The website of the company i work for got hacked using the exact backdoor linus talked about. the server was running an older version because our web-host was lazy but we all running the latest version now with better security.
19:30 I love how devient olam, who's a commercial physical security expert youtuber, helped that guy when he got arrested. It's interesting seeing history being so modern.
Tanner lost me when he started going on about PHP and encryption. Thats not a PHP thing thats a crappy programmer thing. PHP supports the exact same encryption methods as all major languages. Also eval is disabled out of the box on PHP. You'd have to knowingly modify the configuration to make use of it.
The quickest way to get ratted is to try to rat someone else. If you see this, don't try to download ratting software because you think you're hackerman now. You're just going to get hacked instead.
I don't understand why that isn't the status quo. You would think any hacking or virus stuff on the internet would be instantly hacked. And they be watching so as soon as you steal something they steal it from you, or just steal all your info and blackmail you for trying to do shady stuff.
- PHP is not a JIT language. PHP 8 has JIT as an option now but this is still not the default run method for it. - 5-passes salted hashes can be "cracked" with a GPU? Citation needed. - You don't need php eval() function to execute stuff on the OS, PHP has literally filesystem functions and classes or stuff like shell_exec() - "Breaking out of the PHP container" what does that mean? Please stop spreading erroneous information around, this makes the life of people actually having an expertise in these fields difficult.
I'm gonna guess that by "PHP container" they had in mind the security features built in to the engine which can do things like prevent traversal beyond the assigned root directory and disable functions that can change the environmental variables or access any kind of OS resources like the ones you mentioned. If properly configured, these features provide a layer of isolation around PHP's code-space that pretty successfully undermine any pathways for escalation and might save your ass in the event that a hacker has found an exploit that allows for arbitrary code execution like the example in the vid. So maybe if someone doesn't actually know what a container is, or how said aspects of PHP work and only look at the end result, I guess this could be called a container. It's certainly not a technical use of the word though. In light of making all that explicit, it should be even more clear just how confused that eval() comment was. The security issues related to eval() have nothing to do with OS-level access. Improperly sanitized use of eval() is a pathway to arbitrary code execution and that's all it is. It will included any functionalities not disabled or otherwise made inert by your PHP configuration. I mostly can't watch LTT videos on security-related topics anymore, it's just too frustrating. It was honestly eye-opening to me to the first time I saw a video of theirs and learned just how much you can know about "tech" without knowing about security. I guess I was in way more of a bubble than I ever realized, I honestly thought most people who were into "tech" were into privacy and security as well, at least a little. Also any hashing algorithm is fundamentally "crackable" just as a given from the fundamental nature of hashing itself. The question is in what time frame? It may not be a default option in hash cat, but the source code is readily available for you to write such an algorithm in if you're savvy enough. Writing the kernel-level code necessary for this however is far beyond the capabilities of most script kiddies and not at ALL on the same level as WPA cracking like Linus suggested. Repeated functions usually actually scale a bit better than 1:1 [compare md5() vs md5(md5()) performance for example]. So as long as it's a weak enough password, it might be crackable.
@@zeendaniels5809 since windows 1.0 so around 34 years. The thing is most computers come with windows already activated so you the consumer do not need to buy the key though you kind of already paid for it in the price of the computer.
@@zeendaniels5809 Quite a few years now. Usually needed if you don't have a registered version of windows. If you have no OS you can still get the disc witrh a key, but there are ways to get unregistered windows, install it and then you buy a alphanumeric key to activate.
@@zeendaniels5809 since windows 1 which was in 1985 so 39 years. The thing is most computers come with windows already activated so you the consumer do not need to buy the key though you kind of already paid for it in the price of the computer.
I work for a car dealership and its interesting that this came out after the whole CDK hack taking down over 15,000 dealerships in North America. It's crippled us back down to the point of doing everything by hand and has a lot of people worried that dealerships can no longer safeguard information, not to mention there's only two major companies that provide that kind of customer database and control, Reynolds & Reynolds and CDK Global.
There was a RAT called Sub7 back in the late 90s that had an amazingly functional (and frighteningly powerful) UI. Better than most of the legitimate remote administration tools we have currently. Kind of scary how something with that functionality is still around.
Possible video idea: try to brute force breaking through a ransomware using a crap ton of GPUs, or see what other tools exist out there for potentially defeating said ransomware
Cool. Definitely want to see more things with this. Maybe just make an entertainment focused video where two teams race try to hack each other. Like a scrapyard wars challenge.
I bet yall could make a locking case that covers the power and data ports on that drive, greatly reducing the chance someone picks it up and tries to use it for something… maybe a FP vid?
Every major corporations IT/ISSP etc.... needs to watch this video. Very informative, that's scary as shit that for only $500, a random person could purchase that. Great video 🤘😎🤙
Not going to make much difference, but saying "wordpress has pretty bad encryption" was confusing until you mentioned passwords and realised you meant "hashing"
you should do a sponsor for external hard drives, yes thats how u never have to stress with anything like this (unless you run a business where you need to keep everything important on the computer)
The borat rat console's capabilities remind me of the sub7 client trojan combo. Used to have a lot of fun messing with school friends back in the day. Never did anything I wouldn't want done to me in return and made them aware of what was happening. Always removed the trojan when done.
500$ for something like that is a real steal when you think about it in a corporate context. The value form of preventive training and pen testing of systems is priceless for most companies.
Sandbox the entire new building you guys have, and let this thing loose on the network there and try to fight it in real time. Without just unplugging or turning things off. CSI style.
So the hacker doesn’t actually see a black terminal with fast moving green text 😔
That's only meant to be within the matrix, but there is a lot of customization of terminals on linux, so is easy to mimic.
No. In this case the hacker developed a GUI in visual basic to track the victims IP.
They do if they appreciate high contrast with low backlight, and less eye strain. It's not the Default, but I set my Command Line to display Green on Black, for authenticity, aesthetics, and aforementioned benefits for both human eyes and display devices
That’s advanced hacking.
He's not a true hacker, so he hasn't unlocked that yet.
I work as an IT technician and this is hands-down one of the most interesting videos you've posted in a very long time. Absolutely invaluable for a quick look into how things are changing in our digital landscape on a daily basis.
Cybersecurity needs to be looked at a Lot more especially since our lives have so much tech in them now
My question as an IT tech is why this borat rat looks way more useful for actual user troubleshooting work than any of the software we’ve used.
yeah definitely most informative from even just a consumer standpoint as well. As someone who lost a GPU to a cracked Win10 a few months prior I've recently been learning about a lot of this stuff.
@@fbgmduck "lost a GPU to a cracked Win10" there is so much wrong with this anecdote that i believe you should stop using computers altogether.
Yeah msot other vids are just d1cking around
Back in the day, I discovered 45k-50K instances of the Nimda worm on the college campus network. I notified the professor of my findings. Shortly after, the Network Admin was let go for downloading "stuff".
Never understood why people download that stuff when you can stream
@@username8644me neither but maybe that was before streaming
Wtf did he download 💀
what does that mean?
@@username8644 this is a very sus comment if it's what I think stuff is
Malware analyst and digital forensics analyst here, super pleasantly surprised to see LTT do a video on my job and VX underground. They're one of the cooler parts of the info sec community.
Very good surface level explanations on lots of different concepts here too!
Hard disagree. LTT is not part of the infosec community. Linus repeatedly has scare-mongered about the tools we use often and engages in clickbait said tools. This is just another video of him chasing a trend. This man has no business covering security considering he can't even get his own security in order in-house.
In your professional opinion, what's the best security measures for beefing a linux operating system. Any tricks? And what might be the best software tools to use for linux? Cheers. Edit: Also, is there anything I can do to prevent Spectre v2 and Inception exploits?
why is there all this cybersecurity stuff all of a sudden? everyone is talking about it now.
@@johndank2209 Because people are tired of being fk over with and having their personal data being stolen and sold to the highest bidder.
same here. except i do IR instead of DF plus I write my own malware too after hours, it's really fun to fight windows defender, crowd strike, sentinel1 etc as a lone wolf.
to answer the comments here:
@luminatrixfanfiction what ports are open on your linux box? close everything you don't need, update often, dont copy paste sudo commands from the internet, set up fail2ban, tune it and/or disable password login and only allow key logins, install & tune firewalld, same with selinux, you can try using vulnerability scanners, internet is your friend regarding linux hardening
@johndank2209 you want the long or short answer? i'll give you a shorter one:
Ransomware and/or ransomware as a service, data leaks, ease of extortion for millions thanks to people not thinking.
hacking a computer is easy if it's not protected by EDR software costing tens of thousands of usd. and even then i find a way to bypass it 1-2 times a month on average (that i don't disclose because it's too fun lol)
You guys need to do more videos like this. Interesting, educational, informative, and fun. Great idea!
I didn't know you guys were tapping into the horror tech genre...
Real
وه
legit shitting myself watching this video
"If we get infected, I dont own the company" is such an on point statement about company security and why its so hard to keep the weakest link from nearly always being the human element.. people dont care much if its not their stuff
this is true. We will never get paid enough to truly care.
The reason human's are the weakest point is because they are human. Its not about 'caring', humans can't be programmed. They're squishy water blobs they behave unpredictably even when they actively desire a particular outcome and have been trained on it. Humans are prone to things like errors and stress where as cybersecurity tools less so. Human could have a raging hard on for the company, that isn't going to make them a stalwart defense against a skilled social engineer attack.
I think the more realistic POV is that the average company person, secretary or whichever can cause the infection, doesn't get paid enough to give a shit about the company.
if Denis Nedry had been paid a better wage, Jurassic Park would have worked, at least for a little while until the frog DNA kicked in.
@@LuxuryNoCap Oh, you certainly can be paid enough to care, most people just aren't
Me when I lend my computer to my friend for 2 seconds :
Real
REAL ASF
real
NO NOT REAL it’s ur little cousin wanting free robux
But I just wanted to upgrade your RAM
Viruses are getting scarier and scarier nowdays..
Really good video to teach people to be more careful on the internet!
The cyber security 'experts' are all idiots, and couldn't even protect their Nana at a bingo club, even if their life depended on it.
This is the first time I watched the whole sponsor segment because it was actually pretty interesting to see how these products work!
Enterprise-grade antivirus is genuinely pretty cool. At a bank I worked at a new sysadmin downloaded some defanged test malware and we got to watch first as our Windows Server instances migrated the new files on the file server to its redundant partner, then to a remote site and then the redundant partner on the remote site, etc. and the AV identified and raised alarms to it every step of the way. So we knew #1 fileserver replication was working well, and #2 the AV successfully identified it and mitigated it every step of the way
The guy you mentioned, Marcus Hutchins, who defeated the wannacry virus has a TH-cam channel and makes very informative videos on Cybersecurity and I.T Security in general. If you are doing any more videos like this, you should have him on. He is really interesting.
Wait, no videos about how to do credit card fraud?🤣
This would legitimately be one of the most interesting collaborations of all time. Marcus is super knowledgeable on this kind of stuff and the guy is quite literally a gold mine of information
👀 hi
@MalwareTechBlog bruh....
The man, the myth, the savor of the internet and all IT desks. He was summoned.
I work for a company I can't disclose, and work in environments that use ThreatLocker.
I can swear that ThreatLocker is very good at what it does. Including stopping Microsoft from running it's own software because how it handles some parts of it's programming can look fishy.
God bless the IT-Furry community
@@Nelo390😂😂
Cool story, bro.
That's probably one of the strongest sales pitch for threat locker, "it stops Microsoft programs"
@@ShadowByNine Actually the best one yet tbh XD
5:40 The UAC (admin popup) bypass hasn't been "patched" because there is nothing to patch. It is trivial to bypass UAC on a default Windows install. This is an interesting thing to research, but here's the TL;DR. A long time ago people got annoyed by having UAC popup for everything. So, Microsoft made it so UAC only pops for some actions, not all, by default. Unless you manually restore UAC to it's full control, most people would consider it useless.
God i hated UAC when it came out with Vista. I loved Vista but hated UAC. Even tho Win 7 and later versions toned it down i never re-enabled it.
@@Raivo_K It is useful to prevent unwanted admin actions. I am on 10 and i think the only times it comes up is when i am running unsigned code. I kind of run a lot of it since no one has time to sign all their code on git hub. Other than a few servers that mostly came from the pip and git commands i have not seen it in a while. Installed everything and now as i am not installing anything anymore nothing seems to trigger UAC but some github projects when it is set to default on windows 10.
I use an standard user by default, then use an admin user whenever UAC comes in.
No point on bypassing UAC if the user is not admin xd
Now that I think about it, I was doing that too at some point. I was working on some automated scripts and I figured out how to disable UAC, spawn my shell and enable UAC again after. I was using registry edits too... It did need to be run by an admin user tho, so on corporate pcs that would likely do nothing. Their apporach seems to delegte the shell execution, so it might actually be privilege escalation.
The frustrating thing is you still can't whitelist specific programs. It would be trivial to give it full control if you just had to click it the first time you opened a program. And default Windows still pops up every time I want to play a Steam game.
I would suggest setting up a small scale model of a networking enviroment of a typical office and show from begining to end how this works. I would love to have such a video to show as a demo to our employees. We are a hospital hat was hit by randsomware a few years ago, and being able to show people how these things work and why certain security measures are crucial would be a godsend. Might even make a small series or a few PSA's to spread the word.
"this hard drive contains 25M pieces of malware"
My family computer back when limewire was a thing: "those are rookie numbers"
Long term cybersecurity staffer here, maybe I’m dead inside after all these years but this wasn’t shocking to me… it’s a great educational video for those outside of the industry though. Great work guys!
What most movies/shows portray is people with terminals frantically writing lines of code to hack into something. So a lot people don't realize that these days it's mostly done by clicking on options in a GUI that someone has coded together for other people to use and you just have to figure out how to get it on someone else's computer.
@@resresres1 so you definitely dont work in cyber, yes everything is done trough a terminal and maybe burpsuite for pentesting but everything else is 100% terminal. these gui malwares are just made after the malware wasnt a threat anymore to get used by script kiddies, so idk where you get your info from but you should ask for a refund on your knowledge.
yea all you cybersecurity staff are all doing a shit job, that's what this video tells me.
Me just chilling with my neuralink. Linus with 25 million computer viruses:
The brain will explode.
you got Binden'd!
@@iissss9847 Probably not. The wires are insanely thin, they can't push a signal strong enough to do anything. They're just sensors. Pretty simple sensors too, they just pickup the electricity from the brain.
I'm not really into them being able to read, see, hear, and decode all my thoughts buuuuuuuuuuuuuuuuuut still. Nothing would happen with how the device actually works.
It's pretty interesting.
@@SamuTheFrog🤓
@@wowyoupunk333My boy is making fun of someone for being informed. Couldn't be me.
I got into ITSec in ~2016 and even went on to study it in college. Currently work as a SOC Analyst (Security Operations Centre). VXUG, Smelly and staff do great things for the ITSec community. Love that you made a video on something like this. I can honestly say it's just the very tip of a iceberg that keeps getting deeper.
ok but what is the password
@@txthys *monkey bonk gif*
@@txthysTHE PASSWORD IS INFECTED !!!!!
@@txthys lmfao (in case you're not /s-ing, it's infected)
@@txthys 12345 obviously, noone would guess it! Good for luggage
Threatlocker is actually pretty great. You can create policies for groups of machines, and then you can use their built in app policies to allow things like "all office suite programs" to whitelist them, or adobe reader, for example. The policy will allow future version to run automatically when a new version comes out, and you can even prevent older versions from running (such as if a vulnerability is found in an older version). You can also sandbox a program in a vm to see if it's malicious, and allow or block it based on that result. It's actually a very sick suite of tools.
As an old time computer builder/administrator, its very nice to see that you are letting us what the hell we are getting hit with. Who wants to venture into the dark realm just to learn about what your getting hit with? Not me! The strongest defense is knowing your opponents offense so you can counter react! Great job guy's, as i was nervous for ya just watching this clip.
the truly scary part about this is not that the threat actor can take control of the infected system but that they can plant files on it I mean if possession is nine-tenths the law how exactly could you convince someone that the files on your computer are not yours
I mean... How are they going to know they're there at all? Like, we can't type this on youtube, but we know what type of thing you're thinking about. Nobody is busted for that type of thing because someone calls the authorities with a random claim that you possess it. There's a whole lot more that goes into it than that.
@@rawhide_kobayashi On the 2nd re-read, I realise you meant something different as in a random accusation, not a random person finding it. That being said, I'm sure the police would find a way to get to someone's device if that kind of an accusation was made. Just look at all the fake rape accusations made, and men getting arrested because of it. No proof needed. You think police follow the law of needing proof? Lol
@@PartyhatRS I have no idea what you're talking about.
@@rawhide_kobayashi Then you're pretty bad at comprehension.
@@PartyhatRS I actually got a perfect score in the reading comprehension portion of my ACT, tyvm. It is in fact YOU that has the poor reading comprehension, child. You've offered nothing but an unsubstantiated claim which is completely irrelevant to the topic at hand.
Honestly, that moment of silence followed by: "Anyway... good luck" is both hilarious, but very successfully portrays how genuinely concerning a lot of this stuff is.
In some ways, it gives me the same kind of feeling that I get when I think about the reducing efficacy of antibiotics. Obviously not quite the same, but both give me the same kind of feeling.
The pitch meeting went something like this: “So, you know how we got one virus, what if we just get them all now?”
It's always worked for James Bond.
Make all their computers immune, genius
If you hack your own system it's a tax write off
Its also worth mentioning that modern malware has sanbox escapes built in. These can run checks to see if the binary is being ran in a AV sandbox and then not fire. For example windoes defenders sandbox's hostname is "HAL9TH" so adding a check to see if the systems host name is this then exiting without firing can help
I feel like this is one of those videos that is so educational for people, particularly "non-techies" that it needs sharing far and wide.
I helped a company that leased systems for medical use develop tools to lock down their equipment remotely in the event of an attack. I was an intern there working on hardware, repairing circuit boards and testing cables/peripherals, they had me take a couple of the most popular systems including a dell latitude business tower and a Lenovo thinkcenter mini and had me desolder all of the networking hardware from the board. It was a stupid fun project. 10 years as an automotive mechanic and now I'm getting my BS of computer science in cyber security and computer forensics because of that project!
why does small malware offer more useful options than real apps on windows?
One time I discovered a C99-style backdoor on a server I was maintaining. Instead of deleting it, I just password protected it. It was honestly so useful because it had a ton of features and they were all very easy to access.
The serious answer to your question though is that this is software made for customers with lots of alternative options, so the better the UI is, the easier the sales pitch is.
That was my very first thought on seeing all the options. It all would be so useful for fixing remote user PCs.
because it is built by the user
Microsoft has been sued so many times for making software that competes with 3rd party software so they just leave everything half baked. Apple can bundle anything in mac-os without complaints or lawsuits.
because at one point companies stopped caring about customers, and the design teams got disconnected from actual users and programmers
so now it's more important to look "modern", than to actually be useful, because being useful is "ugly" to the designers due to all the "clutter"
and partially also accessibility, I suppose, but that's always been a tertiary concern (like, text size, and spacing between buttons, and stuff)
You should do this again, but the other way around: Install as many AVs and other security software you have access to or can get access to as possible, run them simultaneously / in parallel and see how badly they fight each other and how bad the system slows down by actually "friendly" programs and "optimizers".
If the system still works after that, use this archive and see how much of it is actually caught in the process vs. how it performed now.
My understanding was those virus files are not executables and the ones zipped up are password protected. That system probably joke itself and not run properly with that many AV and or malware scanners running.
I seem to recall this video already existing, but it may not have been a LTT video.
@@johngaltline9933 @Linealo @pcsecuritychannel does this types of tests
It's both fascinating and terrifying how simple these tools are and how easily a system can be compromised.
Linus, i L.O.V.E this video. I will be sharing this to all my Ops teams and e suite wannabes in my turf.
We actually use threatlocker and it was amazing seeing them sponsoring you. They really are great folk. Pricey but great.
Security through obscurity is just one layer of defense in depth. I had a client that hired a consultant to write a public utility SCADA system report. The utility then then stuck it on their public web site because "freedom of information". The document had a clear layout of their SCADA network with all IP addresses. This is an example of no obscurity.
As another guy who works in SCADA at a renewables company. You have no idea how hard I’m laughing right now
As far as I know, FOIA doesn't create disclosure requirements for technical data deemed critical to infrastructure/operational security. In fact, there is clear language in FOIA (both Fed and at least some states), as well as court cases relating to this issue, that creates exemptions for such disclosures.
Idk the exact organizational setting for your situation, but it might be worth looking into yourself if it's keeping you up at night 😅
@@sean361 My State has laws to keep some information from public view for public safety. This can be appealed to a judge for review but this type of document is easy to defend.
Why TF a SCADA of important is accessible on the internet is just beyond me. Ideally they should be isolated from the internet but I guess we have to connect up everything so the vendor can RAT in.
True, but it's really one you MUST NOT under any circumstance rely on it in any way.
Especially when it comes to how networks are laid out, it's just more of a small annoyance at this point than anything else.
Think of it like throwing a big paper towel over a tank for protection. It doesn't do a whole lot, but it's also not completely useless.
Security by obscurity should only ever be the first layer of defense. In itself, it is not real security, but it can help slow down attackers or help weed out weak automated attacks.
Cool to see a more cyber focused video - VX underground are probably one of the most sacred resources we have in the industry - the team there are incredible with what they do
I'm not too happy at the small section on wordpress. As a web dev, many people that don't know about this stuff could easily see this as "wordpress is insecure", but it's worth heavily pushing that the security of any piece of software with plugins should be treated like anything else. Don't install dodgy shit and make sure you trust the thing you are installing.
Just because it's made for something, doesn't mean that company or project made it.
This especially goes for custom sites, where NPM packages and JS libraries can change owners and suddenly become malicious. Same goes for CDN sources for JS libraries.
It would be really cool to use a RAT in your next episode of secret shopper to report on if technicians are accessing your personal files. It's a known issue and a company's internal policy for safeguarding customers privacy is ABSOLUTELY a thing to consider when sending a PC off for repairs.
Yeah lol just look at what happened to Hunter Biden when he got his computer repaired
12:43 My manager started this whole fucking thing with the team about opening tickets for any software we downloaded and wanted to install, documenting checksums and validation, etc, what algorithms were acceptable and which would be rejected. An absolutely inane campaign lasting weeks.
I kept asking to meet with him about it until he finally agreed and I asked him, "Imagine yourself as a theoretical threat agent that had managed to infiltrate our vendor's website data, packaged and prepared a malware payload. Now, are you going to just change the file? Or are you going to modify the website to update the checksum as well so it 'matches' your modified package?"
A day later, we received an email letting us know that manager approval was no longer a pre-requisite for software-install tickets and we could complete the installs without waiting for a manager, as long as documentation was in the ticket.
Wait that is so based
@@purewaterruler Checksums are only useful when the content you're downloading is hosted on a third-party website.
People frequently do that because hosting your own downloads is CRAZY expensive, especially for small and/or open-source projects.
There are vastly less chances of geting something fishy from the vendor site via agent infiltration... What you'd more likely get is something that looks like the vendor site.
Its almost like... tools like app locker are a thing... And that there are reasonable ways of going about managing what users can and cannot install. You should just publish packages users can install and disallow anything else. Users shouldn't be allowed to install random crap, and service desk analysts who hardly know their butt from a hole in the ground shouldn't be deciding what is 'safe' either. Just... freaking manage it properly.
We had something like Borat at college 25 years ago, it was built into a whack-a-mole game, you could do weird stuff like open the CD drive, put up dialogue boxes that said 'yes' or 'yes'
I wrote something similar to screw with my uncle. Man worked in I.T. for 15 years and bragged about being immune to viruses, I had a dialog box that said Cupholder? Yes or Yes and opened his unused cd drive. It is terrifying how easy it is to make a similar attack.
@@Sonyboj It was in the UK, I'm sure it was 'Net(something)', I've lost a lot of brain cells since then! Good fun though!
You know its a serious ltt video when the background music completely stops, leaving this uncanny, uneasy feeling. "Am I really watching LTT. Where's the tunes???"
The music is scarier than the virus presented.
15:17 Regarding the XZ backdoor, it was far, far more scary than that. They were actually backdooring ssh, which for those unaware is a common remote control software that you often use to interface with Linux servers. Ssh doesn't even use XZ directly, it's patched in by some versions of Linux, so the people who works on ssh would have no ability to detect it by just testing their own stuff. If it had gone undetected it could have backdoored a significant number of Linux servers, and no one would know.
~2006 we would pose as WAY TOO YOUNG TO HAVE ANYTHING TO DO WITH A CHAT ROOM and offer photos of our not-real selves. We were in high school, and we’d provide jpegs that were actually exe’s. Once they opened it, it was open season on these gnarly creeps. They were always the same type of creep (we could see what they looked like) and it almost always ended in their computer being broken. I still don’t know how we did it.
This was an amazing educational video. I bet you this helped some college level classes for the future. I appreciate the balance of entertainment and learning videos LTT does. It’s what makes this channel so enduring
What's really scary is that for every one zero-day that gets reported and patched, there are probably at least 100 zero-days that get sold off to nefarious individuals that go unnoticed and unpatched!
Yep, because if a zero-day is not used it's not noticed.
I work in CyberSecurity and I want to add that keeping software and OS up-to-date is extremely important. Also, having a good sense of skepticism is essential, don't run executables you don't trust fully, don't always think messages coming from someone you know are legitimate.
Do you know if it make any difference if you work on a standard account without any administrative privileges? It seems like the save thing to do, but how do all these companies end op with encryption locked systems. The first thing any IT admin does is take away privileges.
@jeroenk3570 It makes a huge difference. It's a lot harder to give admin privilege to malware when you, a user without admin privilege, try to execute it, despite UAC bypass, if you're using a non admin user, you'll get an admin login prompt.
Some malware can still mess in your user files, but the extent of the damage is more limited.
@@EclecticNero Thanks, I thought so, but I just wanted to make sure.
So ThreatLocker does for Windows what Flatseal does for Flatpaks and let you micromanage permissions on an app by app basis. That's pretty cool.
Reminds me of SUB7 back in the day, but honestly, I feel like the UI on S7 was actually better, it obviously didn't have the same number of features, but then again, it didn't need them back then.
Super cool video.
both Sub7 and ProRat were better for their time.
VX underground on LTT?
I wish they shouted out their website and asked viewers to donate. its a great resource and great to donate to researchers who are in the front lines of stopping these advanced threats.
@@acters124 well they did the next best thing, by showing the website (with url), and saying that it's available for free, but they paid just as a donation
and it's understandable they don't want to directly give malware to people, don't want some kid RAT-ing the entire school or whatever
I'm confused and sad, because compared to other remote access software, like team viewer, this thing are lightweight, easy and fast to setup and super functional.
Literally thinking about switching to this thing for my remote access.
nd with the source code of it you can remove All stuff what is scary so you can trust it more than in his current state xD
VNC is a free and open source protocol, so you could start there :)
13:35 Linus' face to not alone LOLOL.
Awesome video. Shout out to VX and going beyond WiFi hacking and showing a nice surface layer of sandboxing and inspecting real samples of malware.
Really appreciate more infosec content on LTT lately. While zany PC builds are interesting, this is the kind of subject matter that can be more readily applied, especially among IT folks who don't have much time to game. I hope you guys stick to the trend.
As a basic pentester that always wants to learn more about how exploits work and looking to learn about how malware is created, I learned so much in this video looking forward to see more videos related to cybersecurity
super fun video, I do malware reversing for work; its cool to see a big channel like LTT giving people exposure to these topics in an easy to approach way. Great work! Hope to see more infosec type content in the future.
I've been hesitant to touch stuff like this because I don't want to give the false impression that I'm a security researcher. I have a ton of respect for what folks like yourself do.
grandma's pc 1 second after using internet unsupervised
Copy of copy of copy of shortcut to copy.exe
@@ohioplayer-bl9em Nana is that you?
Lindaaaaaaaaaaaaaa
I guess grandma is on call with indian Microsoft technicians called Philip White
my mom got a trojan on her Mac after only 1 year of use. I got rid of her Mac and she got an iPad
A good reason to just in general have user accounts with very few privileges. Scary stuff, good job shining a light on it.
We use threatlocker at work, and man, it really is the best product out there. Even better than the product is the support and people behind it. Once you get this thing down its a beast.
me: "so how many of these 650,000 files on this hard drive can threatlocker protect me from" threatlocker says "we only support up to 70,000 of those" me: "what about the rest?"
@hamishahern2055 uhhhh do you understand how threatlocker works??? If you did, then you'd know anything not baselined/policy matched is hitting a default deny. Danny is one of the great leaders in cybersecurity with an innovative and proactive approach
12:55 This isn't a specific PHP problem, but will happen in any language where the developers are new / lazy / don't know what they're doing. It only seems more common in PHP because PHP is / used to be the biggest language most people started with. As always, when coding anything security related in your language of choice, make sure to research what the current recommended methods are because they change frequently.
It's the common problem of a tech product becoming too popular and low/cheap barrier to entry. Just like how the Wii was home to tons of shovelware.
You're absolutely correct. I'd go so far as to say that it probably wouldn't have been anywhere near the issue that it is were it not for WP themes. Design firms would get hired to make a theme, they would design something that looks really great, then they'd cut corners on functionality by having anything that couldn't be accomplished with ACF simply coded in house by a designer that knew just enough about hooks to be dangerous.
A simple program like Borat Rat would be incredible for family tech support.
I mean... at that point you might want to invest into the software most schools use to monitor the computers the students use. These types of software are basically a toned down Borat Rat. That being said, It's a lot of power you're going to be handling, and you better be able to not let it go to your head.
I mean you already have free to use programs like teamviewer quick support module.
@@martinmethod427 borat RAT is actually just a skidded from another OPEN SOURCE rat called "DC Rat"
especially if they give you a hard time
If you guys can't manage to not act maliciously on family or spy on them for whatever reason other than when diagnosing a problem (with their permission), then you don't really deserve family.
i think "Those that fail to learn from history are doomed to repeat it" is the right way to look at this
Cyber bully: I'm going to hack your system.
Linus: Let me know if you need help.
6:11 the mix of fear and excitement is palpable. Love it
You should paint the drive red and keep it in a safe 😂😂
Especially before Linus about firing somebody
That doesn't work, at all... Didn't you see Resident Evil? Yep.
Won’t painting it red just make it go faster though
This is probably one of the most interesting videos i've seen on this channel. Am currently studying software in university and had my eyes glued to the screen the entire time!
The website of the company i work for got hacked using the exact backdoor linus talked about. the server was running an older version because our web-host was lazy but we all running the latest version now with better security.
Hope that host is fired.
@PartyhatRS I wish. We are still with them, but now I manage the website instead of them.
good Video, great Topic. Shocking how easy this stuff is, when you got the right, or wrong, tools.
19:30 I love how devient olam, who's a commercial physical security expert youtuber, helped that guy when he got arrested. It's interesting seeing history being so modern.
One of the best sponsors + video combo for real
I was randomly suggested here while listening to the song “Dupe - Mbappe”, good content 😅
Tanner lost me when he started going on about PHP and encryption. Thats not a PHP thing thats a crappy programmer thing. PHP supports the exact same encryption methods as all major languages.
Also eval is disabled out of the box on PHP. You'd have to knowingly modify the configuration to make use of it.
It’s a classic PHP bash without them knowing what they are talking about. Makes me question all their other points.
I wasn't aware so I looked it up. Seems like it's using bcrypt and salting by default, with Argon2 as an alternative. Seems very reasonable.
well atleast now i know the whole base64 to eval can be done in python too
What if I told you crappy programmer was the average programmer and something like php lends itself to the average more than others?
@@deleted-blank stop calling me out like this!!!!!
The quickest way to get ratted is to try to rat someone else. If you see this, don't try to download ratting software because you think you're hackerman now. You're just going to get hacked instead.
I don't understand why that isn't the status quo. You would think any hacking or virus stuff on the internet would be instantly hacked. And they be watching so as soon as you steal something they steal it from you, or just steal all your info and blackmail you for trying to do shady stuff.
The scariest part of cybersecurity are the users, some never learn and still click every link or open any files they see.
TEMPLE OS! TEMPLE DRIVER TERRY'S 1ST TEMPLE
RIP Terry A. Davis.
- PHP is not a JIT language. PHP 8 has JIT as an option now but this is still not the default run method for it.
- 5-passes salted hashes can be "cracked" with a GPU? Citation needed.
- You don't need php eval() function to execute stuff on the OS, PHP has literally filesystem functions and classes or stuff like shell_exec()
- "Breaking out of the PHP container" what does that mean?
Please stop spreading erroneous information around, this makes the life of people actually having an expertise in these fields difficult.
I’d volunteer as a software engineer ECC member
I'm gonna guess that by "PHP container" they had in mind the security features built in to the engine which can do things like prevent traversal beyond the assigned root directory and disable functions that can change the environmental variables or access any kind of OS resources like the ones you mentioned. If properly configured, these features provide a layer of isolation around PHP's code-space that pretty successfully undermine any pathways for escalation and might save your ass in the event that a hacker has found an exploit that allows for arbitrary code execution like the example in the vid. So maybe if someone doesn't actually know what a container is, or how said aspects of PHP work and only look at the end result, I guess this could be called a container. It's certainly not a technical use of the word though. In light of making all that explicit, it should be even more clear just how confused that eval() comment was. The security issues related to eval() have nothing to do with OS-level access. Improperly sanitized use of eval() is a pathway to arbitrary code execution and that's all it is. It will included any functionalities not disabled or otherwise made inert by your PHP configuration.
I mostly can't watch LTT videos on security-related topics anymore, it's just too frustrating. It was honestly eye-opening to me to the first time I saw a video of theirs and learned just how much you can know about "tech" without knowing about security. I guess I was in way more of a bubble than I ever realized, I honestly thought most people who were into "tech" were into privacy and security as well, at least a little.
Also any hashing algorithm is fundamentally "crackable" just as a given from the fundamental nature of hashing itself. The question is in what time frame? It may not be a default option in hash cat, but the source code is readily available for you to write such an algorithm in if you're savvy enough. Writing the kernel-level code necessary for this however is far beyond the capabilities of most script kiddies and not at ALL on the same level as WPA cracking like Linus suggested. Repeated functions usually actually scale a bit better than 1:1 [compare md5() vs md5(md5()) performance for example]. So as long as it's a weak enough password, it might be crackable.
"I Bought 25 Million Computer Viruses." Yes, I bought a windows 11 key too. Don't feel bad. 😂
Windows needs a bought key now? I didn't know... For how long has been that way?
@@zeendaniels5809 since windows 1.0 so around 34 years. The thing is most computers come with windows already activated so you the consumer do not need to buy the key though you kind of already paid for it in the price of the computer.
@@zeendaniels5809 Quite a few years now. Usually needed if you don't have a registered version of windows. If you have no OS you can still get the disc witrh a key, but there are ways to get unregistered windows, install it and then you buy a alphanumeric key to activate.
@@zeendaniels5809 since windows 1 which was in 1985 so 39 years. The thing is most computers come with windows already activated so you the consumer do not need to buy the key though you kind of already paid for it in the price of the computer.
@@zeendaniels5809 that's how they make their money
I work for a car dealership and its interesting that this came out after the whole CDK hack taking down over 15,000 dealerships in North America. It's crippled us back down to the point of doing everything by hand and has a lot of people worried that dealerships can no longer safeguard information, not to mention there's only two major companies that provide that kind of customer database and control, Reynolds & Reynolds and CDK Global.
its amazing how nice the backends of those tools are.
There was a RAT called Sub7 back in the late 90s that had an amazingly functional (and frighteningly powerful) UI. Better than most of the legitimate remote administration tools we have currently.
Kind of scary how something with that functionality is still around.
So cool seeing programs I use professionally in an LTT video.
Wow very cool mysterious hacker man guy. I know fear and respect your likeness for the way you have inserted your technical prowess so no chalantly
Possible video idea: try to brute force breaking through a ransomware using a crap ton of GPUs, or see what other tools exist out there for potentially defeating said ransomware
Just ask chatgpt for the password
Cool. Definitely want to see more things with this.
Maybe just make an entertainment focused video where two teams race try to hack each other.
Like a scrapyard wars challenge.
Best bit about this whole vid is Linus' facial expressions. Watching hist faith in the world dissolve to a new low with each demonstration.
8:21 Did Linus accidentally quote Sasha? "Dirty wizard or homeless santa" was such a great line Sasha used... in Brüno lol
"accidentally"
i guess thats a HDD Linus is alowed to drop
Whoever was in charge of the glitching and the intro needs a raise! XD
Linus: We got hacked with one of our hardrive, we need more security! Also Linus: 25 million viruses BABY!
Keep ruffling those feathers.
People need to know these things.
Awesome video!
I bet yall could make a locking case that covers the power and data ports on that drive, greatly reducing the chance someone picks it up and tries to use it for something… maybe a FP vid?
Or, just lock it in a safe?
This reminds me of "The Net" With Sandra Bullock
Love these videos with focus on security.
Every major corporations IT/ISSP etc.... needs to watch this video. Very informative, that's scary as shit that for only $500, a random person could purchase that. Great video 🤘😎🤙
Colton sold you his PC?
Not going to make much difference, but saying "wordpress has pretty bad encryption" was confusing until you mentioned passwords and realised you meant "hashing"
Haha I fumbled a stupid amount of words and terms while on set. I really need to stop showing up to shoots sleep deprived.
@@tannermccoolman4647
@@tannermccoolman4647 The PHP/Wordpress section should be redone honestly, what Linus says there is approaching technobabble.
The cute setup is an eternal part of this channel now
I love it
you should do a sponsor for external hard drives, yes thats how u never have to stress with anything like this (unless you run a business where you need to keep everything important on the computer)
The borat rat console's capabilities remind me of the sub7 client trojan combo. Used to have a lot of fun messing with school friends back in the day. Never did anything I wouldn't want done to me in return and made them aware of what was happening. Always removed the trojan when done.
13:04 how did not one editor catch that? Passwords in systems like WP are not encrypted they are hashed that is a huge difference.
0:23 Hey my code is perfectly safe ....
More LTT, yes please
I like how you put the warning labels on top of the plastic you peel off to make it look good.
That's not gonna bite you in the ass.
500$ for something like that is a real steal when you think about it in a corporate context. The value form of preventive training and pen testing of systems is priceless for most companies.
Linus is right, with so many people wanting to stay on Win 10 past eol and not pay MS for updates then things could potentially get a whole lot worse
until few years ago (like 3 or so) HSE which is irish healthcare system was still using windows xp, and guess what? they got ransomware :P
Sandbox the entire new building you guys have, and let this thing loose on the network there and try to fight it in real time. Without just unplugging or turning things off. CSI style.