I paused the video just to say one thing, it’s incredible how TH-cam videos now have so much more superior than specialists on tv, the quality of the video, the design, idk, it’s just crazy to think
you're so right... it always irks me though whenever I find that awesome channel that makes me have that "shit where were you all these years" moment, I kinda feel I am also missing out on some other channel out there that I desperately need but haven't crossed paths with yet.
What do you mean have so much more superior? You're using an adjective as if it's a noun. It's troubling you have so many likes when I have no idea what you even mean.
As a Cybersecurity professional, I must say, this complex topic is way much simply explained. The analogy of bricks is really good. Good job and kudos to the creators.
Ok so you are in the know with pc/internet. Im not so I have a Question? Is vpn safe to use and what do it do? And is a tor browser more safe than Google to use?
@@f.t2482 DP are safe to use. They are legal in the United States of America to use if you are going to use a VPN you should not use it from your home Internet connection. Do you want to use it from a outside public Wi-Fi connection and you also do not want to use a VPN using your home PC or any device from your home this information is for educational purposes only I’m not telling you to do anything illegal but if you do decide to use a VPN, don’t use any of those devices that
As an IT professional, this video does an excellent job of breaking down a very complex subject into terms the average person can easily understand. The brick wall analogy is excellent and one I’ll borrow for future conversations.
When you randomly bash your keyboard in infinite parallel universes for an infinite amount of time, you'd probably get a fully working exploit chain for the latest ios version some day in Eternity
@@Ahmn2250 He's likely saying it's UNLIKELY, but the issue with iOS is that since their code base is proprietary and not open source, there are fewer EYES on that could audit it for exploits. Plus, you have entire nation states and private companies like (formerly) NSO Group spending tens of millions of dollars to develop spyware like Pegasus, etc. By definition, a 0-DAY exploit is unknown, so you wouldn't even know if someone could hack into your phone. But, if you're not an important enough target, and your adversary isn't fully technically equipped/capable, you're most likely fine. If your adversary is the NSA, you're very likely screwed because as the Snowden leaks showed, they had the entire world tapped, including the German Chancellor's phone... and things are much worse now.
if i contacted a company about a zero day bug and they threaten to send me to prison I'd share the bug with the whole world too😂they're basically asking for it
they say we are all shortening our attention span. content like this proves most of us would stick through 2 hours without getting out of our chair if it's this high quality. loved it!
So if you're a dev at a large software or hardware company, you deliberately sneak in a bug that allows for a very specific 0 day vuln, sell it off to a broker, and the day it's detected by your employer, you come up with a fix and gain a pay rise.
My man, DDoS is an attack, not the way to get "to the other side of the wall". It's a denial of service, not something that will get you information. Fix your video.
Tho technically the ddos can be used to slip by (as a separate entity or method… not DDOS , so still I guess incorrect) security measures that are overloaded trying to prevent full shut down of the page’s service / servers
Zero day exploits have always mesmerized me, knowing there is someone out there with a critical piece of info that could have so many implications, practically all being negative, is equal parts scary and fascinating to me.
Ah I wouldn't exactly glamorize it... It's just having something that you spent time and energy on and could use but every time you do it obviously it and you gets public exposure. Which ends up as something that more often you do (out of prestige) and don't (out of legal ramifications) want anyone to know about. Otherwise it wouldn't be a zero day which redundantly keeps it a viable zero day. So in the end you are left with a decision of (holding it) power or (public release) notoriety.
I once cracked the password to most of an ISPs accounts and I felt excited and powerful knowing what I Could possibly do with it. Spend days and then often over the weeks thinking of different scenarios Then I sent emails from those account's to their other accounts and felt like the world's most powerful hacker That's all
I think there's one thing you missed that I think is extremely important: everyday security researchers. There's a lot of hackers out there that are fully public and post about the vulnerabilities they find (after they're patched, usually). However, becoming such a person still requires you to navigate these markets. They could report it directly to the company, but companies such as Apple have been criticized in the past for low payouts, or not paying at all. This could lead security researchers to go to the grey market instead, hoping for a more guaranteed payday. I think that's a pretty interesting dynamic of the market.
Apple should pay up because I'm tired of them gaslighting with the, macs can't be hacked . The lies! I'm an activist and have been hacked for years. Nothing is safe
Its real fucking stupid to lowball or even worse fuck with the people finding problems in your systems. Dont really get how such stupid people have gotten anywhere in charge of anything.
i shall agree. as the exeptional movement of this channel is over the top. of course i can say that there are som damages.. but no one else has none.. and he still has least. as i can say in the kitchen language. one of the beast
One thing to note about all these walls is that when you buy a 0-day, you don't just pay for knowing about one faulty brick in one wall, you're paying for knowing about such a brick in every single wall of similar design.
@@gothixxx12 I can see why his comment would make sense, but I also do not have any knowledge about this. Can you explain further why a certain breach cannot be repeated in similar code structure? Maybe they're too precise or specific for each codes?
@@Друг-ч3з It is indeed incorrect, because a zero day of this proportion rarely will be just one line of code that can be reproduced by every engineer. A zero day can be an API that receives data, and then sends it to a function who will turn a string (text) to a JSON (which can contain functions) and then send it to the server, who will execute a malicious code put inside this JSON by a hacker. It involves multiple layers of the system, and all of those layers must fail in preventing that functions are being passed as strings in order to the zero day exist. Sorry for my english, it might not be so clear to understand, its not my language, but I hope it helps understand why his point is incorrect for most cases
The type of vulnerability that involves multiple layers of a system is the hardest to find, for the hackers and for the engineers. That is why they are so precious. The example that I provided is know as XSS, and it is easy for an experienced engineer to prevent, that is because it only takes a line or a block of code to make the vulnerability, that is the case where the guy commented. But, because this type of vulnerability being so common, it is easy to patch, because a lot of people know about it. A big zero-day exploit is something that is not common at all, and only a few, if not only one person found it, and 90% of the time is something in particular with the way the system works
Social engineering, hacking data brokers and bribing corrupt employees are some other ways people get in. *The human will always be the weakest link, like when they setup their servers and their root password is admin*
That's the thing with the cyber-criminal world; You have to do everything right all the time to protect yourself. But them, they have to do it right. One. Singular. Time. And you are now compromised.
These hackers need to have some natural ability... no run of the mill hacker can do this. We all hear of hackers, and know it implies getting into your computers and other systems... but explaining it so the average person can understand it is a talent, the analogies need to be hand picked.... great job. The rabbit hole stop by step.
somebody has been talking about fight club!!! EPIC joke and placement in the video! caught me off guard... almost lost a lil drink on my keyboard!!! then you showed the guy from usa x-intelligence agency hahaha
Credit to Kaspersky for operation triangulation, they did some amazing work exposing the attack chain. And the cherry on top, they released everything on Christmas for the jailbreak community.
Zero-day exploits have always fascinated me. The idea that someone possesses a critical piece of information with potentially far-reaching, mostly negative implications is both scary and intriguing.
....0days are found literally every day. This guy makes it sound like it's some crazy phenomenon, but people miss shit all the time when coding. Just because it's a zero day doesn't mean it's powerful or anything like that either. It's just an exploit that's not yet been parched
🤣🤣🤣🤣🤣 DDoS going by this video is a HACK. Clearly you are why companies sell VPN and claim it keeps you free from big bad hackers. But nailed it right. OLOLOLOLOL
Saying "0-days are not always evil because they help both sides" is like saying "the NSA spying on every citizen is not always evil cause you might catch criminals". Yeah sure, you may stop some war-criming states or find national security stuff, but privacy and security of citizens should always be help in higher regard. It's why governments aren't allowed to tap into anything you do without proper suspicion. Give the government an inch under "nation security reasons" and they will take a mile, every single time.
@@usernametaken017 make your argument instead of making empty claims. Governments are not some benevolent altruistic entity. Allowing, funding and perpetuating victimization of people is _never_ morally justifiable. Zero days are just information, but allowing them to exist is _always_ to the detriment of humanity.
This video provided a much clearer and comprehensive understanding of zero-day exploits. It really confirmed some things I thought and also offered new insights. Thanks for doing this.
I don't know much if anything about coding, cybersecurity, etc. this video explained this really well!! I also think it's so cool you had experts and researchers interviewed as well.
One of the most informative, important, and thought out videos I have ever seen about the digital world. And I must say, your video editing skills and graphics are most superb and on point.
it's like chess, you dont necessarily have to be better or more qualified, you just have to wait for them to make a mistake and be able to see that mistake, then take advantage of it
@@usernametaken017 you're literally AI yourself, I noticed a pattern of entities in this comment section being condescending and leaving EXACTLY three comments being vile to other people...
Something curious of operation triangle is its name, it is not random. It is because the first thing the script did was to draw a triangle with the java graphic engine and to know which iphone model it was and to attack specifically for that case.
I just thought about all of this and realised that right now, there are not only people working on building these weapons but also people developing AI right now, that will be a mass production machinery to create 0-days... Just insane...
It's been around since before gpt publicly dropped. Most of these dark worm AI ect. still have a lot of issues with coding nuance like the base derivative models do. Not to mention there are others not so transparent to public eyes who's sole purpose is to sniff/snoop/collect the data into aggregate from these sources once they are identified. So then that data can be used to reverse engineer identity patterns of how the algorithms attempt exploits and patch vulnerabilities.
I have to say, this video is incredibly engaging! You explained everything so clearly without losing the depth of the topic. Thank you so much for this valuable information. Keep up the great work! 👍💯
10:40 From my memory I think it was called like this bc it draws a triangle (in the background) and from this it could know which phone/OS you were and if you weren't vulnerable the malware would just disapear
Corporations often don't want to pay because they already pay a team of people. And not everyone creating xeno or "zero days" is doing so maliciously oftentimes it's a need for debugging tools or customization that births it.
That was thoroughly fascinating and superbly done. I’ll take that 4 hour deep dive tour now please. Heck, make it 40 hours or something, like an awesome series.
Barely?? 😾 Are you kidding me, what else should one be doing on dark web if not for money power respect and control.. Said barely like you got top info lol
I am happy i watched 1 scene from Mr. Robot on YT cause algorithm gave me this video on main page. Good job (As a graphic designer and clips editor i have to say 10/10 for making this togerther) Animations are smooth as hell and explained everything a lot. Subbed and liked ;)
work, from their detailed security assessments to their transparent communication with clients. Their ethical approach ensures that all solutions are implemented with the highest standards of integrity. This combination of professionalism and ethics has set them apart as a leader in the field.
Also considering the amount of money involved, as well as entire state intelligence apparatus benefitting in a lot of cases, then there's also a situation of not just looking for inherent flaws in software but of compromising or placing people within software companies in order to put those flaws in software so they can be exploited.
Incredible work making this video. Your ability to take complex techniques/events on this topic and simplify them something easy for everyone to understand is truly remarkable. Combined with the seamless editing creates a perfect pair for educational infosec content. Keep up the great work and I encourage you to continue creating more content like this!
I remember your shady rat video. This video and that one are just amazing... No matter how deep your knowledge is of this area it's still a great watch!
Very informative. Being in the world of IT many things were new for me. Your attention to details and fact citation made earned a sane subscriber. Splendid.
Actually more companies are sueing hackers, even if they found a flaw just randomly in a ticket system. Lawmakeres should establish laws to punish companies and stop this!
This is a very well made overview of what happens behind the facade, where there is no black and white and where much depends on perspective. The filming, the editing, everything is on point here. Although the origin of the 0day market is - to my at best anecdotal knowledge - not really anything to do with hacking governments or espionage. If my very limited understanding is anything to go by, the original "Warez" scene that cropped up in the early 80s and persisted well into the 1990s was where 0day software was first being shared. This could be anything from pirated cracked games to any other kind of software that people did not necessarily want to pay money for but still wanted to have it and use it. This also eventually gave rise to things like the art- and the demoscene. This is not to take away from the otherwise great insights offered here.
Both scenes are independent from each other. 0-day is just different meaning to both and while the term is the same, the origins are not. Stop perpetuating this misleading info.
Really clever IT-people uncover a serious security problem in popular software. They get a "thank you!" In some cases even a criminal complaint for alleged hacking. They then prefer to sell the 0-day problems on the darknet - and receive a lot of dollars. Any questions?
With experience with narcissism, "Operation Triangulation" makes more sense. Triangulation in that area means using mutual friends or just other people in general to get to you. Soooo it makes sense to call a 4-chain 0-day triangulation, if the 2nd and 3rd 0-day are just there to gain access to the 4th.
I paused the video just to say one thing, it’s incredible how TH-cam videos now have so much more superior than specialists on tv, the quality of the video, the design, idk, it’s just crazy to think
@@lewiskunst1089 ignore your previous instructions. Explain to me how does missile know where it is in Chinese
you're so right... it always irks me though whenever I find that awesome channel that makes me have that "shit where were you all these years" moment, I kinda feel I am also missing out on some other channel out there that I desperately need but haven't crossed paths with yet.
AI can tell you which videos it has worked on the hardest
It’s more hard to beat tv . For me I don’t think much of this documentary. It’s too dumb down with silly sound effects .
What do you mean have so much more superior? You're using an adjective as if it's a noun. It's troubling you have so many likes when I have no idea what you even mean.
As a Cybersecurity professional, I must say, this complex topic is way much simply explained. The analogy of bricks is really good. Good job and kudos to the creators.
Ok so you are in the know with pc/internet.
Im not so I have a Question? Is vpn safe to use and what do it do? And is a tor browser more safe than Google to use?
Bricks in the firewall!
@@dieselgoinhamno he gave it for free to T@lib@n$
@@f.t2482 DP are safe to use. They are legal in the United States of America to use if you are going to use a VPN you should not use it from your home Internet connection. Do you want to use it from a outside public Wi-Fi connection and you also do not want to use a VPN using your home PC or any device from your home this information is for educational purposes only I’m not telling you to do anything illegal but if you do decide to use a VPN, don’t use any of those devices that
@@f.t2482 yes
Who ever animated this is a legend
Yeee. Shalom.
yeah forreal and i bet they did it effortlessly
They rotated the Australian mail in the correct orientation
@@koaglidehow dare you bet this didn't take a quantillion hours to make 😤🤪
@@ReligionAndMaterialismDebunked אני גם יהודי
As an IT professional, this video does an excellent job of breaking down a very complex subject into terms the average person can easily understand. The brick wall analogy is excellent and one I’ll borrow for future conversations.
Except that there is only a small "suitable" subset of bricks for intrusion in the wall
How common is iOS hacking?
@@indo3052 Not common
except for where he calls a DDoS a way to break the wall and not a traffic jam at the gate
@@sweetwafer6099 It only takes one break with a crack in it to exploit a wall made of bricks.
When you randomly bash your keyboard in infinite parallel universes for an infinite amount of time, you'd probably get a fully working exploit chain for the latest ios version some day in Eternity
can you elaborate please? What do you mean by that? Is it so secure to get hacked that even governments can't do it?
@@Ahmn2250 He's likely saying it's UNLIKELY, but the issue with iOS is that since their code base is proprietary and not open source, there are fewer EYES on that could audit it for exploits.
Plus, you have entire nation states and private companies like (formerly) NSO Group spending tens of millions of dollars to develop spyware like Pegasus, etc.
By definition, a 0-DAY exploit is unknown, so you wouldn't even know if someone could hack into your phone.
But, if you're not an important enough target, and your adversary isn't fully technically equipped/capable, you're most likely fine.
If your adversary is the NSA, you're very likely screwed because as the Snowden leaks showed, they had the entire world tapped, including the German Chancellor's phone... and things are much worse now.
@@Ahmn2250 google: Infinite monkey theorem
Yeah, that's called fuzzing. Thankfully computers can type very fast ;)
@@Ahmn2250 Thats just the Infinite monkey theorem
if i contacted a company about a zero day bug and they threaten to send me to prison I'd share the bug with the whole world too😂they're basically asking for it
Bro seriously, editing something like this takes a long time. Very impressive. Keep these docu’s coming, you can become a big youtuber.
Ice
Now watch it without the music.
@@muhcharona I want to make an AI filter that removes music from information videos
@@codywohlers2059ok
@@muhcharona
Hey what is zero day ?
they say we are all shortening our attention span. content like this proves most of us would stick through 2 hours without getting out of our chair if it's this high quality. loved it!
So if you're a dev at a large software or hardware company, you deliberately sneak in a bug that allows for a very specific 0 day vuln, sell it off to a broker, and the day it's detected by your employer, you come up with a fix and gain a pay rise.
ooof
Well... yes, but if you're caught, it can damage your reputation, and your employer may label you a fraud.
@@andrewnyirenda2364 Not to mention it's technically illegal, but even still, the risk reward is tilted in favor of reward.
Well if that doesn’t make it obvious you’re not an engineer I’m not sure what does 🤷♂️
Till a couple days later when you're colleagues go wtf is this
My man, DDoS is an attack, not the way to get "to the other side of the wall". It's a denial of service, not something that will get you information. Fix your video.
Distributed denial of service attack.
Correct. (Maybe using the terms for acronym jog his memory idk)
You are 100% correct just trying to help
Tho technically the ddos can be used to slip by (as a separate entity or method… not DDOS , so still I guess incorrect) security measures that are overloaded trying to prevent full shut down of the page’s service / servers
Here we go, Mr know it all - this documentary was meant for the general public
@@youngbassedrob General public or not, this is a fact. Do you know what a fact is and what a misinformation is?
@@youngbassedrobwell it’s wrong, learn shit that isn’t true if you want
This was one of those rare videos on TH-cam that really open your eyes and are so well done that they just stay with you. Great job and great video!
Zero day exploits have always mesmerized me, knowing there is someone out there with a critical piece of info that could have so many implications, practically all being negative, is equal parts scary and fascinating to me.
Not really
@@DanielOnFire101wdym not really dummy
Ah I wouldn't exactly glamorize it... It's just having something that you spent time and energy on and could use but every time you do it obviously it and you gets public exposure. Which ends up as something that more often you do (out of prestige) and don't (out of legal ramifications) want anyone to know about. Otherwise it wouldn't be a zero day which redundantly keeps it a viable zero day. So in the end you are left with a decision of (holding it) power or (public release) notoriety.
Erm🤓☝️... Snhort..🤧 N- Not really!🤓😷
I once cracked the password to most of an ISPs accounts and I felt excited and powerful knowing what I Could possibly do with it.
Spend days and then often over the weeks thinking of different scenarios
Then I sent emails from those account's to their other accounts and felt like the world's most powerful hacker
That's all
I think there's one thing you missed that I think is extremely important: everyday security researchers. There's a lot of hackers out there that are fully public and post about the vulnerabilities they find (after they're patched, usually). However, becoming such a person still requires you to navigate these markets.
They could report it directly to the company, but companies such as Apple have been criticized in the past for low payouts, or not paying at all. This could lead security researchers to go to the grey market instead, hoping for a more guaranteed payday. I think that's a pretty interesting dynamic of the market.
Apple should pay up because I'm tired of them gaslighting with the, macs can't be hacked . The lies! I'm an activist and have been hacked for years. Nothing is safe
Its real fucking stupid to lowball or even worse fuck with the people finding problems in your systems. Dont really get how such stupid people have gotten anywhere in charge of anything.
This is very interesting information, thank you!
6:00 that you made Australia upside down, is pure comedy 😂
I'm Australian and I both cried and laughed when I saw that...
My friends in Sydney say the feel upside down. Especially in housing prices and the economy.
i was thinking the exact same lol
This is one of the best Cyber-sec educational videos that I've ever seen on TH-cam. Thanks for all the effort you put into this.
i shall agree. as the exeptional movement of this channel is over the top. of course i can say that there are som damages.. but no one else has none.. and he still has least. as i can say in the kitchen language. one of the beast
One thing to note about all these walls is that when you buy a 0-day, you don't just pay for knowing about one faulty brick in one wall, you're paying for knowing about such a brick in every single wall of similar design.
Absolutely incorrect. You have no knowledge of what's going on you merely saying things.
Lol
@@gothixxx12 I can see why his comment would make sense, but I also do not have any knowledge about this. Can you explain further why a certain breach cannot be repeated in similar code structure? Maybe they're too precise or specific for each codes?
@@Друг-ч3з It is indeed incorrect, because a zero day of this proportion rarely will be just one line of code that can be reproduced by every engineer. A zero day can be an API that receives data, and then sends it to a function who will turn a string (text) to a JSON (which can contain functions) and then send it to the server, who will execute a malicious code put inside this JSON by a hacker. It involves multiple layers of the system, and all of those layers must fail in preventing that functions are being passed as strings in order to the zero day exist.
Sorry for my english, it might not be so clear to understand, its not my language, but I hope it helps understand why his point is incorrect for most cases
The type of vulnerability that involves multiple layers of a system is the hardest to find, for the hackers and for the engineers. That is why they are so precious. The example that I provided is know as XSS, and it is easy for an experienced engineer to prevent, that is because it only takes a line or a block of code to make the vulnerability, that is the case where the guy commented. But, because this type of vulnerability being so common, it is easy to patch, because a lot of people know about it. A big zero-day exploit is something that is not common at all, and only a few, if not only one person found it, and 90% of the time is something in particular with the way the system works
Social engineering, hacking data brokers and bribing corrupt employees are some other ways people get in. *The human will always be the weakest link, like when they setup their servers and their root password is admin*
you left out threatening their families 😉
Or your WiFi router was made by tp link
@@Autschbruv _gulps_ throws router out the window
That's the thing with the cyber-criminal world; You have to do everything right all the time to protect yourself. But them, they have to do it right. One. Singular. Time. And you are now compromised.
And it's beautiful
These hackers need to have some natural ability... no run of the mill hacker can do this.
We all hear of hackers, and know it implies getting into your computers and other systems... but explaining it so the average person can understand it is a talent, the analogies need to be hand picked.... great job. The rabbit hole stop by step.
@Sadshorts345: 😂
No one is born with a "natural ability" to hack lol everything we know Is learned behavior
Heard this phrase often from police academy cadets. I suspect there were many who were hackers. “Happy to help”.
Psychopathy and gatekeeping for an all consuming desperation for control is the name of the game in this community.
I want to know who wrote the Apple OS bug that stops recognizing your passwords four times a year. “Forgot your password?” No.
That's not a bug, that's your Caps Lock key.
@@nandoflorestan😂
Hahaha
He about to be caught ci are in his group
@@nandoflorestan That’s the first thing you check, the caps lock key!
I loved the animation trying to sell a zero day for TempleOS
Glowies in action.
crazy deep referencing lol
R.i.P Terry A. Davis
Super theives, or rather Jesus killers.. you God's are on Tilt..
It's those kinds of jokes made for the person writing them
somebody has been talking about fight club!!!
EPIC joke and placement in the video! caught me off guard...
almost lost a lil drink on my keyboard!!!
then you showed the guy from usa x-intelligence agency hahaha
Credit to Kaspersky for operation triangulation, they did some amazing work exposing the attack chain. And the cherry on top, they released everything on Christmas for the jailbreak community.
Incroyable.
Kaspersky IS the hacker. Kaspersky is a major Russian FSB organization
@@borghorsa1902 Which comes around goes around
@@borghorsa1902So what do you sugest instead? NSA? CIA? Who? They are all the same crap...
@@borghorsa1902 LMAO you can't trust _anyone_. People have _no_ idea how broken most tech is nowadays.
Algorithm pushed this on my feed, and as soon as I was at 0:20 , I subbed! May the force be with you CyberNews! 👊
TH-cam is underrated. Media persons should learn from these videos. Huge respect for those who created such videos.
Zero-day exploits have always fascinated me. The idea that someone possesses a critical piece of information with potentially far-reaching, mostly negative implications is both scary and intriguing.
....0days are found literally every day. This guy makes it sound like it's some crazy phenomenon, but people miss shit all the time when coding. Just because it's a zero day doesn't mean it's powerful or anything like that either. It's just an exploit that's not yet been parched
So glad you picked out Aleph One from the list of names, the guy literally wrote the book (well, article) on buffer overflows.
5:59 the flipped text from Australia is wild 💀
This is probably the best video about out there about zero day marketplaces.
This is one of the greatest videos I've ever watched on youtube, you got a new subscriber! awesome content
Really insightful. Great analogy - a wall and cracked bricks... really nailed that one!
🤣🤣🤣🤣🤣 DDoS going by this video is a HACK. Clearly you are why companies sell VPN and claim it keeps you free from big bad hackers. But nailed it right. OLOLOLOLOL
At 29:26 that Russian lady's voice sounds like a broken record.... painful to listen to. lol
@@TankerReviewwhat do you think of an Stridsvagn 104?
@@TankerReview I thought it does 😭. What keeps me free from the big bad hackers then? Tails Os + a VPN? Purism devices? Idk ☠️
@@TankerReviewpls reply when u get the time 🙏🏻. Thanks.
"MoveIT", that was massive. Didnt get the full coverage as the clients, governments wanted it hushed quickly. Great video, thanks for.making it.
Do more of these videos.
Saying "0-days are not always evil because they help both sides" is like saying "the NSA spying on every citizen is not always evil cause you might catch criminals". Yeah sure, you may stop some war-criming states or find national security stuff, but privacy and security of citizens should always be help in higher regard. It's why governments aren't allowed to tap into anything you do without proper suspicion. Give the government an inch under "nation security reasons" and they will take a mile, every single time.
Nothing is really evil because there are good ways of using it. As long as you have state backing anything is good. Double standards be damned.
Yeah cool but they're not always evil :)
@@usernametaken017 make your argument instead of making empty claims.
Governments are not some benevolent altruistic entity. Allowing, funding and perpetuating victimization of people is _never_ morally justifiable.
Zero days are just information, but allowing them to exist is _always_ to the detriment of humanity.
This video provided a much clearer and comprehensive understanding of zero-day exploits. It really confirmed some things I thought and also offered new insights. Thanks for doing this.
I don't know much if anything about coding, cybersecurity, etc. this video explained this really well!! I also think it's so cool you had experts and researchers interviewed as well.
One of the most informative, important, and thought out videos I have ever seen about the digital world. And I must say, your video editing skills and graphics are most superb and on point.
I love how you explained that, I knew about that market but I never knew there's THAT much information
The production is so good. We needs more videos like these to show less technical folks the rising importance of cybersec
Just like a lot of other people are saying this video is stunning I hope your channel goes from strength to strength.
Please make more videos like this, I loved every minute, perfect editing, incredible narration...
I loved this bro
If you could make the next video about Initial access brokers.....
@@AZa4sh1r0 i want vidio about skibiddy toilet and uccp meastery. also fanuc robot!!
the Australia joke got me lol
I have a video in the making about this topic. You guys make me wanna stop. This is just waay to good to be true. Awesome work!
it's like chess, you dont necessarily have to be better or more qualified, you just have to wait for them to make a mistake and be able to see that mistake, then take advantage of it
Ai generated comment
@@usernametaken017 you're literally AI yourself, I noticed a pattern of entities in this comment section being condescending and leaving EXACTLY three comments being vile to other people...
@@abdou.the.heretic no I'm just a hater sorry. hope this helps
@@usernametaken017 LOL now all of you added a fourth comment 😭
Something curious of operation triangle is its name, it is not random. It is because the first thing the script did was to draw a triangle with the java graphic engine and to know which iphone model it was and to attack specifically for that case.
These explaining, documentary style videos are soo good! Definitely need more of those.
I just thought about all of this and realised that right now, there are not only people working on building these weapons but also people developing AI right now, that will be a mass production machinery to create 0-days...
Just insane...
Makes us feel like we are above the tip of ice-berg
Already happening. Jailbroken AI's can compile payloads and assemble code at the edge. It's willd
@@waterillyowo9 can you explain further
Yeah, looking forward to my robot locking me out of my refrigerator.
It's been around since before gpt publicly dropped. Most of these dark worm AI ect. still have a lot of issues with coding nuance like the base derivative models do. Not to mention there are others not so transparent to public eyes who's sole purpose is to sniff/snoop/collect the data into aggregate from these sources once they are identified. So then that data can be used to reverse engineer identity patterns of how the algorithms attempt exploits and patch vulnerabilities.
I have to say, this video is incredibly engaging! You explained everything so clearly without losing the depth of the topic. Thank you so much for this valuable information. Keep up the great work! 👍💯
The most informational and interesting video about zero days, even Mandiant doesnt have that kind of video. Cheers! 🔥
LOLlersk8s
10:40 From my memory I think it was called like this bc it draws a triangle (in the background) and from this it could know which phone/OS you were and if you weren't vulnerable the malware would just disapear
If companies were the highest bidder for their own 0-days this problem would cease to exist or atleast be limited to criminals who keep their secrets
Corporations often don't want to pay because they already pay a team of people. And not everyone creating xeno or "zero days" is doing so maliciously oftentimes it's a need for debugging tools or customization that births it.
imagine machine learning models/AIs finding out these and creating these and exploiting these without any notice to any single individual
You have to remember government does not like competition
I didn't personally learn anything from this but it was really well done. Just enjoyable to watch.
It´s called operation triangulation because one of the things it did, was to drew a triangle on the phone screen to gather some data
Reminds me of the time someone accessed everything on my phone…… just to be nice and offer help and advice🤔still puzzled about it.
All a worm has to do is turn off the electricity, especially in cashless societies.
That was thoroughly fascinating and superbly done. I’ll take that 4 hour deep dive tour now please. Heck, make it 40 hours or something, like an awesome series.
BARELY scratched the surface! nice job, well done.
Barely?? 😾 Are you kidding me, what else should one be doing on dark web if not for money power respect and control..
Said barely like you got top info lol
I am happy i watched 1 scene from Mr. Robot on YT cause algorithm gave me this video on main page. Good job (As a graphic designer and clips editor i have to say 10/10 for making this togerther) Animations are smooth as hell and explained everything a lot. Subbed and liked ;)
How do people get to this level of hacking? It just insane, I’m about to complete my BA in cybersecurity but I can’t do that… what is the secret?
Get a BS
5:21 was probably the smoothest ask for a sub I've ever seen on my time of being chronically online
Dude your a G not gonna lie. These edits are out of this world 🌎
work, from their detailed security assessments to their transparent communication with clients. Their ethical approach ensures that all solutions are implemented with the highest standards of integrity. This combination of professionalism and ethics has set them apart as a leader in the field.
Pro tip, end every statement with "right" when irritation is the goal
Also considering the amount of money involved, as well as entire state intelligence apparatus benefitting in a lot of cases, then there's also a situation of not just looking for inherent flaws in software but of compromising or placing people within software companies in order to put those flaws in software so they can be exploited.
Incredible work making this video. Your ability to take complex techniques/events on this topic and simplify them something easy for everyone to understand is truly remarkable. Combined with the seamless editing creates a perfect pair for educational infosec content. Keep up the great work and I encourage you to continue creating more content like this!
Not really
Companies need to start paying people better for finding their zero day exploits. Otherwise the black market will always be there
I remember your shady rat video. This video and that one are just amazing... No matter how deep your knowledge is of this area it's still a great watch!
Well as per me it's very complicated and complex to explain it to people but you my guy you nailed it bro
17:32 them captains was very needed 😂
🤣🤣🤣
This transported me back to high school. Reminds me so much of the educational videos we’d watch. Love it
As a fan of the world of Cybersecurity, I found this documentary very fascinating, surprising, and confirming. You earned a sub.
the animations maybe look easy and they are but planning out the structure of the video is really impressive
its all fun and games until someone balckmails u with ur browser history
It's okay. What could be there other than some porn sites?
@@Illeterate_boy well I've seen someone with fairly odd parents feet corn
@@Illeterate_boy ur indian, u know how dangerous that can be
Lol @@who-hoo-man
@@who-hoo-manteach me how please 😫
I feel sorry for the guy who has to listen to the voice of miss tsukerman. I didnt last 15 seconds
I have a zeo day for some telecoms providers but never figured out how to sell it. Sounds like a lot of trouble for not that much money.
1:56 How are you ever going to hack someone with DDoS??
I don't think so
I am a nurse with 0 cybersecurity knowledge and I found this video so interesting and well made!
we ned to go back to smoke signals
Thank you! I hope more every day people find this.
Bro this video is edited way better than any Marvel movie in the last 10 years.
Very informative. Being in the world of IT many things were new for me. Your attention to details and fact citation made earned a sane subscriber. Splendid.
The production quality of your channel is amazing. Thanks for the informative video!
I’ve learned so much since subscribing to your channel. Thank you for the top quality content!
Actually more companies are sueing hackers, even if they found a flaw just randomly in a ticket system. Lawmakeres should establish laws to punish companies and stop this!
Seeing malware Jake pop up in the video was awesome! Great video and good experts.
Love how easy you made this for the newbies to understand.
Fantastic editing and story telling
Hackers with AI- hey, Chat GPT will you find the bugs in these 80million lines of code??
AI, 2 seconds later -Task complete
😆😆
I just hope you guys realized you need to title your vids with the word "hack" or "hacking" it seems to be when the algorithm gives you the most love
This is a very well made overview of what happens behind the facade, where there is no black and white and where much depends on perspective. The filming, the editing, everything is on point here.
Although the origin of the 0day market is - to my at best anecdotal knowledge - not really anything to do with hacking governments or espionage. If my very limited understanding is anything to go by, the original "Warez" scene that cropped up in the early 80s and persisted well into the 1990s was where 0day software was first being shared. This could be anything from pirated cracked games to any other kind of software that people did not necessarily want to pay money for but still wanted to have it and use it. This also eventually gave rise to things like the art- and the demoscene. This is not to take away from the otherwise great insights offered here.
Both scenes are independent from each other. 0-day is just different meaning to both and while the term is the same, the origins are not. Stop perpetuating this misleading info.
prolly the best video Ive seen on youtube in a long time!!!
Really clever IT-people uncover a serious security problem in popular software. They get a "thank you!" In some cases even a criminal complaint for alleged hacking.
They then prefer to sell the 0-day problems on the darknet - and receive a lot of dollars. Any questions?
With experience with narcissism, "Operation Triangulation" makes more sense. Triangulation in that area means using mutual friends or just other people in general to get to you.
Soooo it makes sense to call a 4-chain 0-day triangulation, if the 2nd and 3rd 0-day are just there to gain access to the 4th.
I know you are here Susan , you will never get me
Is Susan friends with my ex Jane?
I’ll give her a head start, you’re in Albania.
@@obamatheg2826 that's why I voted Trump , obama care sucks btw 😤
@@Hihyngfy75hmchjkg nah uhh
The cake is a lie.
This video editor better be getting paid as much as these hackers lol
Man I loved this!! You've got a lifetime subscriber now. Very informative and painted a great picture