Around 1:05:00 is hilarious where you say "he needs to take a break for his mental health". Anyone that has seen Mr. Robot.... His mental health is beyond FUBAR lmao
"He could use the hack to explode the Femtocell to make millions of dollars" , lol if you watched the show, you would know that he doesn't give a shit about money
When hacking into Gideon's account with his 2 factor authentication, a possible reason it seemed like he didn't get in before Gideon arrived may actually be because he was lying. At various points in the show, he lies to his own internal spectator (us, the viewers) for various reasons. It's possible he was lying to us then, to make us think he hadn't made it in. Or maybe the producer/editors just made a mistake, idk.
Please make a series out of this, more of it. I always wondered why nobody want´s to explain how often they somehow shot a little over the top, what is realistic to do.
The explode he referred to is the function in unix to break the code apart and send the letters, numbers, and characters to append to other files and remove the logs. It will make it near impossible to find the full code and order that way. It is a pretty good way of doing it actually, since even if you find it all, what order does it go in? You use it for updates in hpux and other programs to do multiple edits simultaneously.
I believe the writers of the most accurate hacking show ever know a lot more than these two "hackers" here. They surely know how to hack, but they're playing the "if I don't know it, not sure it's real" card.
@@disco.lemonade I'm inclined to agree. The issue with being an expert in the computer field is that there is so much to learn and knowledge becomes obsolete, to a degree, so fast. But having lived through lots of iterations, you see the same principles being applied from one decade to the next. So knowing your history is an important part of being a hacker IMHO. I've been interested in computer security and physical security since the late nineties, and while I don't claim to know about everything, I have tangential knowledge of many areas and I understand the concepts even when I don't understand the minutae. These chaps seem to understand the specifics of what they use on a daily basis, but when it comes to the theoretical, and actually coding, they don't seem to quite be with it. In my day someone sat at a desk running Metasploit without the knowledge to modify others code and ideas was called being a script kiddy, not a security researcher. The way I've taught my son to approach it is mostly as theoretical red team exercises, how in theory you might accomplish certain objectives, rather than giving detailed information on how to do X, Y and Z. He's always been interested in two things, computers and alarm systems - since he was a toddler, and recently he's been getting into SDR radio and the RF space with a Hack RF1. I'm all about flexibility and adaptability, he enjoys the details lol. He's 15 now and has taught himself six programming languages so far, he's tried all the operating systems that will run on the hardware we have, he hardware hacks all of his devices for extended usability and if he decides that computer security is the career for him, at least I know he can think outside the box and put together a cohesive plan, and he knows plenty of hacker history lol. Metasploit has it's uses, but I don't feel comfortable calling someone a hacker just because they use Linux and Metasploit. Convenience is nice, but bespoke is even better if you have the motivation. I learned a little C in the late eighties and I'm certainly no codeslinger, but I can mostly follow someone else's code. Before GitHub you had to check the source yourself before you compiled it to make sure it was free of mischief. The more little bits of jigsaw you have, the more you can figure out. Metasploit has kinda undone some of that by allowing anyone to execute quite sophisticated attacks, but without understanding the how and the why, unless it was covered in their ethical hacking course. I've just always been hungry for knowledge, I want to know what's behind the curtain! These chaps don't seem interested in anything outside of their remit. I especially like information that's outside of my remit ;D
@@Si74l0rdGood comment. You’re clearly intelligent and out of curiosity I’d like to have it quantified; have you or your son ever taken a proper IQ test?
@@dedsrsngl Nope, I have ADHD and I'm interested in what I'm interested in, but I'm not interested in much else, very much a double edged sword. My son went through a phase of learning how to beat IQ tests a couple of years ago, but only the online variety, and in honesty, accreditation aside, there aren't many genuine tests available to take for free these days, and probably none that give free results. He's better at them than I am on everything but the language modules though in my experience. I lack a mind's eye and visual memory (I have aphantasia) so the object orientation and vector questions are a chore, and I don't have the patience and attention to deal with some of the math or logic problems, or at least it's rare for me to have sufficient focus to want to complete them rather than go do something else. Whereas to him they were a new challenge, and he likes a challenge. I'm a bit more burned out and lazy myself these days. Freebie ones I've taken in the past put me anything from 130-160, but they were free, and probably designed as much for internet bragging rights as actual quantification. I don't have any faith in the actual testing mechanism used in those, particularly in the higher result ranges. I'm more into assessing and archiving knowledge, data analysis and the overall big picture. My son is far more detail oriented. I suspect at some point in the coming years he'll take an accredited test just to satiate his curiosity, and if he can expand his vocabulary and get better at picking up context from written text, then I'd expect him to get a score that would qualify him for Mensa entry, if he could concentrate in an adjudicated setting with the attendant pressure and discomforts. Edit: I passed the entrance exam for a grammar school at 11, most of which were questions taken from past Mensa papers, but it was simply a pass/fail mark, no breakdown on what the actual scores were. I guess that's the closest I've ever come to taking an adjudicated IQ test. A couple of people in my friend group failed, so we went to a different school as a unit. A decision I'm very happy with in hindsight. I still have those friends, but knowledge has become an abstract sort of thing these days, what you actually know matters less and less, so I'd take the loyalty of friends over a potentially better education every time.
I think it might be possible to explode a Femtocell(assuming it runs Linux) by building a custom Kernel a messing arround with the frequencies of the hardware, or by adding a submodule to the hardware that would literally be a bomb. But that would require some finese to pull it off. Anyways great stream guys.
Just increase the transmitting power and receiving power to 100%. I don't know if that will explode the device but it can definitely melt it or overheat it, which should be enough to destroy the flash memory or whatever stores the code.
I get what you're saying, but you can't look at this from the perspective of what an average hacker would do. You're saying these are the types of hacks that a nation state would employ, and neglecting to mention/realize that's kind of the point. Elliot as a character has dedicated his life to hacking as a means to combatting the system, and at this point in the series has gone full swing in his attempts to take it down. For all intents and purposes, the group he represents is a straight up digital militia thats declaring war on the financial and judiciary systems of the world. Think of it like Anonymous if Anonymous were worth 2 shits and actually had structure and skilled hackers.
Vuln code injection in the save game function. The save files are crypt'd by knowing the single win board arrangement you would use it to determine the secret. Then use the secret to crypt/sign a save game file that exploits the save game code injection. Probably an overflow
22:46 I assume you're referring to the Carbanak groups repeated penetration of the banking system. Although they did get rumbled, they were in 40+ banks systems, for months, and they have no idea how much money was moved. They're also as yet to be itentified, in my opinion. They claim to have caught a couple of them, but I'm not so sure. The name Carbanak group comes from remnants of software found on the banks servers, but that's really the only thing that's known. It's the biggest bank heist in history and a bare handful of people have ever heard of it. The average civilian would be dismayed to find out how banks work internally, but it certainly isn't a case of computers doing all the hard work, or loans being offset against savings. When a bank issues a loan, they create that money out of thin air, it's not backed by anything, and internally and between banks it's largely humans doing the money moving. What the Carbanak group did was lurk on the server for months peering over everyone's shoulder and making notes on the felicity of style of individuals, so they could convincingly spoof transfer messages without arousing suspicion. For example; Jane sends a message to John in the transfer section asking that X amount of cash is to be routed from this account to this destination. John's job is the implementation of those transfer orders, so if it looks like Jane sent the transfer request, there's no reason to suspect foul play. Felicity of style is your personal style, mannerisms and vocabulary. As an extreme example, if Jane swore like a sailor in her transfer requests ordinarily, then you'd need to know the turn of phrase she might use, or any specific jargon. When colleagues have been communicating for years there's often a bit of banter back and forth, all these things need to be taken into account to successfully spoof the identity of another user on the network. If you get it right, then no-one knows exactly what cash is missing as cash largely doesn't exist except as ledger entries, and if someone modifies those ledger entries, then you don't really know what goes where. A bank can hardly load a backup from several months ago, hoping that's far enough back to be before the time that the hackers took root. And the money moved in this manner is effectively untraceable, because of the delay in the bank being aware of the penetration, as well as not knowing the specifics of what was moved when and where. There have so far been 2 people caught, including the alleged mastermind, a Ukrainian named as Denis K. I'm not convinced though, I suspect he was a cut out. The number of banks hit, and the frequency, makes me suspect it was more than one group of bad actors, and that someone was retailing or renting access to software and systems, which is how ransomware is often used. You pay a cut to the developer in return for using their software, or you rent it, or you buy it if you have enough money . I suspect the actual mastermind is very successful and hidden behind a veneer of wealth. This isn't something you'd do as a first rodeo! 34:40 If you're going to alt tab, have something to alt tab to lol. Sat at a blank desktop or blank browser homepage is a massive red flag! 39:00 Typically a honeypot is not just attractive looking, but keeps your intruder penned in a secure area, from which he is unable to break out and into your secure network. It's a tarpit, intended to trap you and keep you busy for as long as possible. While on a modern broadband connection you can no longer render someone unable to hang up, as you could with an analogue modem if you injected the correct voltage into the line, there are still possibilities to backtrack the intruder, as long as they're not using a string of secured private proxies. There are certain identifiers in the logs, and if you can keep them from wiping the logs long enough, then you can start to enumerate them with a view to providing a portfolio for law enforcement. 45:54 Letter frequency analysis won't help much with a poly alphabetic cipher, that's effectively what Enigma and Lorenz were. Using a series of mechanical and electrical systems to create the randomness that made it so hard to crack. The pre-war Enigma could be done by hand, but although the mechanism behind Lorenz was cracked mathematically without anyone having seen the machine, it required the first ever computer, Colossus, to work the permutations. The versions of Enigma in use during the second world war had subtle variations and usually needed a crib to break, unless you were exceptional with the rods. But they too were mechanically sifted with a Bombe, a Polish invention, which comprised part of the multi-stage cracking process, which enabled the rods to be used to find real words, or names, in German. And prise open that particular message. Most of what was transmitted by German high command using Lorenz was broken, but depending on which version of Enigma was in use, there was significantly less success. Even after obtaining an actual machine from a sinking submarine, it couldn't be cracked easily or reliably. But any sort of cipher is child's play for a modern supercomputer, or even a vintage Cray II lol. Today's 128-2048 bit encryption is a different level of difficulty by some margin (although there's an issue with trapdoored primes with 1024bit DSA). 56:40 That is indeed an IRC client, if you were a little older you'd recognise the name of it in the last line of text. One of the most popular alternatives to Khaled-Bey's mIRC, this is an instance of BitchX. As a side note, having 119 opers, even for 23k users is excessive. You wouldn't need that many people with an O-line. On the p2pchat server we had all the javachat traffic from Morpheus and Limewire (if anyone remembers them lol) as well as our own users from the old Opennap and Musiccity servers, who migrated to IRC when those networks got closed down. In total we had something like 10k users at any given time, and that was with less than a dozen ircops. As long as you have a couple of opers around to relink servers and deal with the more persistent naughty elements, you're good. I'm guessing from the lack of hostmasks and number of users that it's meant to be connected to somewhere like Undernet, or Dalnet before it went downhill and lost all it's users. 58:05 Zero day used to mean exactly that, it was fresh and no-one was aware that there was a viable exploit. Although security researchers do responsibly report zero days when they find them, and give the company in question time to get it's house in order, it remains a zero day as long as the exploit is unknown, irrespective of how long it's been in use. And while white hats disclose zero days, there's an increasing trend in the commercial arena, especially in the area of "cyber munitions", to deploy them offensively in software sold to corporations and governments. RATS (remote access tools, otherwise known as Trojan horses) are a popular item with governments and security agencies. It's also worth noting that the single biggest haul of zero days in one program was found in Stuxnet, the joint Israeli and TAO (Tailored Access Operations) project that attacked the SCADA infrastructure in Iran's nuclear enrichment program, causing the centrifuges (sold to them by the French in contravention of sanctions, a common theme), to tear themselves apart at an accelerated rate, or ruin the enrichment process by messing with the speed and timing, as enrichment is dependent on specific ranges. 1:02:22 While finding zero days is non trivial, going through the latest white papers in the sphere you're interested in is an easy way to find an exploit you can code for, if there's nothing but a proof of concept online. Quite often the proof of concept isn't usable in it's current form, but it gives you something of a logical framework. Granted coding does take a while, but a small, specific, command line tool needn't take months to hack together. It doesn't matter if other people understand how to use it, so it doesn't need to be commented or organised, as long as it works, the very definition of a kluge lol. 1:04:07 With regards to the femtocell and "exploding" RAM, you'd need physical access, but you could wire a 9v battery, or splice from the transformer output, to the RAM slots and activate the circuit with a remote switch when you want the RAM to go bye bye. DDR3 runs at 1.5v, it wouldn't actually take a vast amount of voltage to blow the chips on the module, though probably not all of them, so it's still not perfect from a forensic countermeasure viewpoint. A small remote thermite package would probably be the best bet for total destruction. Over a network though it would be easy enough to wipe RAM using an app, but as long as the computer wasn't switched off, there might still be fragments of information of interest to forensics. Same with your swap file, flash memory cards and USB sticks. You need to randomly overwrite the data in each sector numerous times, especially relevant with Windows due to the way file deletion works. If you were skilled at coding in Assembly then there are some possibilities of interacting with the hardware more directly. I don't know how hard it would be to overvolt the RAM by a significant degree, but with BIOS updating possible from within Windows now, it means that there is a direct path from software to hardware. A BIOS update that you've modified might be enough to physically damage the RAM and/or motherboard.
1:10:56 With regards to someone else's 0days, there was a rather large leak of a TAO toolkit as a password protected archive. The group that found it released both the archive and the password, so the tools are available to anyone, on the off chance they haven't already been added to Metasploit. The TAO archive utilises numerous 0days, though I would assume that many of them have since been patched, there are always people that don't update at all (a minority) or keep current (the majority) or are stupid enough to turn off UAC on Windows or not run a firewall or AV. As Windows autoupdates whether or not you want it to, that has been mitigated to some degree on the OS side.
as someone who is very interested in cybersecurity and has just started studying it, this is very educational while at the same time being entertaining and incredibly easy to watch- i just paused for a second and noticed i'm already at minute 45, while it didn't even feel like half an hour to me. great job, great content, thank you for this! :)
While appreciating your time for the analysis, you underestimate the extreme spectrume of exploits and real world ill user habits. Especially about the IoT stuff.. Respect and best wishes guys.
the thing with public hospitals is that they cant update their systems unless they update across the board i.e. every public hospital in the state same thing for law enforcement - they are literally running xp (i believe) in state police stations...yikes and you can only imagine their firewall and who is actually monitoring the network (underpaid and over worked admins)
“Did he just type it from his mind? I didn’t see him using a computer the whole scene”. If you know the context of the show it’s clear that he’s in the hospital now, promises krista that he’ll be a good drug free boi, then proceeds to hack into the hospitals data records for subsequent drug tests. You even play the clip “I won’t do morphine again” signifying that he obviously can’t modify anything in his current state in the hospital room so she knows he did it in the first place. But he knows he can make sure she won’t be able to ascertain his continued use. You guys are smart as fuck and missed this it makes me lol
Want to mention I’m not saying his first hack into the hospital was post-this-episode, but merely he didn’t have the chance to do anything once he’s alrdy in the hospital and had to make the promise/convince her he was gonna be a good boi and then once he was out he can resume full control of his digital medical files
It's probably not something that the writers considered, but some people on opioids will hallucinate. I had experience of this myself in hospital, I was on my laptop moving a bunch of media around and doing basic housekeeping as I had no internet connection, I'd just got my parents to bring a bunch of bare 3.5" drives and a usb 2x HDD drive reader so I had something to do while I was in there for weeks. Anyhoo, about an hour after taking the tablets they gave me my eyes must have shut, but in my mind I carried on moving files for another hour or so before drifting off to sleep. When I woke up and saw all the files I thought I'd organised were still in their original mess I was seriously confused! On boxes of Oxycontin it states that for a percentage of the population it can cause hallucinations, and if he's hitting up a heavy dose of Morphine then it's just as likely that he's in a kinda fugue state. Probably not something the writers are aware of, but another possible explanation for that scene.
Gotta say, I've never seen anyone display such intense hatred for the Robert Sonneman-patented, Memphis-style banker's lamp, it's actually really funny. I have such a lamp myself (replaced the R7 halogen bulb with an LED equivalent), and I really like it as my personal desk lamp.
The reason for Elliot centering his whole personality around hacking and being super obtuse is that this is actually a seperate personality from Elliot's DID. This personality has the goal of hacking (due to actual Elliot's skillset) its way to take down the leaders of the world. He was built out of Elliot's anger against society, and desperately tries to correct the entire world. Real Elliot only gains control at the very end of the show.
Yeah, that's largely an age thing I suspect. But in my opinion all hackers should read through hacker history, from the dinosaur pen days to the nineties and up to today. You might not be able to use old code on modern machines, but the principles often remain the same. I'd expect them to recognise the name of the client at the bottom of the screen in that scene, even if they've never used it.
just a possible subjet id love to see you guys discuss in a future video is the recent Pegasus 0 click exploit found by the isreal gov that affects all phones including iphones
Unless it's stolen and distributed online, it's unlikely to be any threat to you. The Israelis charge hundreds of thousands of dollars per license, so it's for use only on high value subjects. In some parts of the world you're more at risk, Saudi Arabia and Egypt being two examples. An Italian cyber munitions company sent both software and hardware IMSI catchers (Stingers) to Egypt, in violation of sanctions. The software and devices were used to round up protestors. It's getting very 1984 out there in the world.
You guys are kind of funny, and this video was entertaining, but honestly you have no idea what you're talking about in a good portion of this. Some of that is from not having watched the show so you don't have the context (like not getting that Elliot was showing how he hacked the hospital in the past, 2012, but was talking about it in 2015 from his hospital bed, somehow you couldn't figure that out, or that the people screaming and partying at the CTF hack scene were part of the nightclub section and not in the contest). It really showed that you were somewhat clueless when you're talking about the femtocell hack scene, not knowing what a logic bomb is, not knowing what Elliot meant by "explode" (self corrupt) and then going on about it for several minutes like you really thought he was talking about physically blowing up the phones, yikes that was very cringy that you didn't get it. And the comment about Elliot's identity being based entirely around hacking and it might be affecting his mental health....LMFAO - if you watch the show you will know exactly why I'm laughing (don't want to spoiler anyone here). And to think other people who are more clueless than you will watch this and think you guys know what you're talking about is just sad.
it was a good attempt at a compromise between something entertaining and something accurate. Some very complicated concepts were delivered to a slightly mainstream audience.
the ctf scebe sounds like some sort of out of bound input attavk - pretty pld school but it stijj happens hospiial scene: It is common in business to assign the IT boss position to a receptionist with MS Office training ROT 13 was used in the Cuecat scanner At 1:00:22 he appears to be coding JavaScript A femtocell is a small fake cell tower emulatot basically a reprogrammed mobile hotspot device
"Mr. Robot lied to us! they showed us something happen on the screen but then it turned out later what actually happened was different!" Have I got news for you
I think it would've been a lot better if you had watched the show before going through this. As you only get little glimpses or few words about what he is doing, and it is easy to misinterpret what he is trying to achieve without the context of the story. And also, I know you Americans don't like subtitles but it makes a lot of sense here. :)
its astonishing how to wrote those bash scripts in kali... mr. Robot will be the main legend as him wins the underground hack tournament.. Ten minutes later: Hello Elliot ?! Its mitnick... Kevin... mitnick.. No more telephone signal at there..
Hey, I'm late to the party but unless it's been said - listen again. He says that should the FBI take an image of the femitocell the MEMORY will self-currupt or explode. As in, either the memory data will scramble (explode) or maybe he'll force a voltage surge (if that's possible) to burn out the chips. I don't think he means literally explode the device. Sorry, had to scratch that itch. Good content though. 😊
I really don't understand how anyone could hate the Robert Sonneman Memphis-style desk lamp. It's a nice lamp, and I actually have one myself (with the halogen bulb replaced with an LED equivalent).
i love you guys, big fan. but you two did a total disservice to this show. literally crying about minor details. obviously its hollywood they have to make it dramatic and timeframes wont be perfect. they have to fit a lifetime into a few hours. but this show, by far, is the most accurate and realistic hacking show/movie of all time. easy. and it was a great show even outside of the hacking. legendary. i think you all came at it with the mindset that it was going to be just another fake hacker show so you looked for reasons to diss it. i hope you two get a chance to actually watch it all the way through. you'll have a whole new respect for it.
Just watch like a few episodes before making some content. 21:50 this show has nothing to do with robots per se, neither there is any sort of mind machince interface ffs
***SPOILERS*** In this show Eliot has dissociative identity disorder. It's revealed over the course of the show that Eliot has multiple personalities born from traumatic events in his life and the personality you look at here is the one that stores all of his rage and contempt for the world. It's the personality that's decided it will get revenge on the "top 1% of the top 1%" that rule the world as he puts it and so him being a social outcast and completely obsessed with hacking kind of justifies his cockiness, if he's had overwhelming success with this activity.
I thought that was a possibility, but if that is what they intended then it's lazy writing. It's clear that the boss is using 2FA, and as such after the username and password are input you'd be asked for the secondary authentication. On this one they just messed up I think.
Did we miss your favorite scene? Checkout Part 2 for even more reactions! th-cam.com/video/gue5MofILxY/w-d-xo.html
You speak more than the actual hacker
Around 1:05:00 is hilarious where you say "he needs to take a break for his mental health". Anyone that has seen Mr. Robot.... His mental health is beyond FUBAR lmao
"Seems like this guy has revolved his whole personality and identity around his ability to hack." -Mr Robot Season 4 Episode 13
wtf spoiler warning!
@@paulodalidet7299 Not even close
Lmaooooo you're fucked up for that
@@xbigsoupthat was literally the point of this created personality. (Mastermind)
season 4 was a let down.
"He could use the hack to explode the Femtocell to make millions of dollars" , lol if you watched the show, you would know that he doesn't give a shit about money
it's like the first five goddamn minutes of episode 1, too
He said he's never really watched it
When hacking into Gideon's account with his 2 factor authentication, a possible reason it seemed like he didn't get in before Gideon arrived may actually be because he was lying. At various points in the show, he lies to his own internal spectator (us, the viewers) for various reasons. It's possible he was lying to us then, to make us think he hadn't made it in. Or maybe the producer/editors just made a mistake, idk.
Rami Malek was a producer in the show too lol
Gideon actually does try to turn Elliot into the FBI but a Dark Army mole intercepts him and he gets shot a few days after.
rip
yeah gideon is super aware of what elliot was doing for most of the season
Please make a series out of this, more of it. I always wondered why nobody want´s to explain how often they somehow shot a little over the top, what is realistic to do.
The explode he referred to is the function in unix to break the code apart and send the letters, numbers, and characters to append to other files and remove the logs. It will make it near impossible to find the full code and order that way. It is a pretty good way of doing it actually, since even if you find it all, what order does it go in? You use it for updates in hpux and other programs to do multiple edits simultaneously.
I believe the writers of the most accurate hacking show ever know a lot more than these two "hackers" here. They surely know how to hack, but they're playing the "if I don't know it, not sure it's real" card.
@@disco.lemonade I'm inclined to agree. The issue with being an expert in the computer field is that there is so much to learn and knowledge becomes obsolete, to a degree, so fast. But having lived through lots of iterations, you see the same principles being applied from one decade to the next. So knowing your history is an important part of being a hacker IMHO. I've been interested in computer security and physical security since the late nineties, and while I don't claim to know about everything, I have tangential knowledge of many areas and I understand the concepts even when I don't understand the minutae. These chaps seem to understand the specifics of what they use on a daily basis, but when it comes to the theoretical, and actually coding, they don't seem to quite be with it.
In my day someone sat at a desk running Metasploit without the knowledge to modify others code and ideas was called being a script kiddy, not a security researcher.
The way I've taught my son to approach it is mostly as theoretical red team exercises, how in theory you might accomplish certain objectives, rather than giving detailed information on how to do X, Y and Z.
He's always been interested in two things, computers and alarm systems - since he was a toddler, and recently he's been getting into SDR radio and the RF space with a Hack RF1. I'm all about flexibility and adaptability, he enjoys the details lol. He's 15 now and has taught himself six programming languages so far, he's tried all the operating systems that will run on the hardware we have, he hardware hacks all of his devices for extended usability and if he decides that computer security is the career for him, at least I know he can think outside the box and put together a cohesive plan, and he knows plenty of hacker history lol. Metasploit has it's uses, but I don't feel comfortable calling someone a hacker just because they use Linux and Metasploit. Convenience is nice, but bespoke is even better if you have the motivation. I learned a little C in the late eighties and I'm certainly no codeslinger, but I can mostly follow someone else's code. Before GitHub you had to check the source yourself before you compiled it to make sure it was free of mischief.
The more little bits of jigsaw you have, the more you can figure out. Metasploit has kinda undone some of that by allowing anyone to execute quite sophisticated attacks, but without understanding the how and the why, unless it was covered in their ethical hacking course. I've just always been hungry for knowledge, I want to know what's behind the curtain!
These chaps don't seem interested in anything outside of their remit. I especially like information that's outside of my remit ;D
@@Si74l0rdGood comment.
You’re clearly intelligent and out of curiosity I’d like to have it quantified; have you or your son ever taken a proper IQ test?
@@dedsrsngl Nope, I have ADHD and I'm interested in what I'm interested in, but I'm not interested in much else, very much a double edged sword.
My son went through a phase of learning how to beat IQ tests a couple of years ago, but only the online variety, and in honesty, accreditation aside, there aren't many genuine tests available to take for free these days, and probably none that give free results.
He's better at them than I am on everything but the language modules though in my experience. I lack a mind's eye and visual memory (I have aphantasia) so the object orientation and vector questions are a chore, and I don't have the patience and attention to deal with some of the math or logic problems, or at least it's rare for me to have sufficient focus to want to complete them rather than go do something else. Whereas to him they were a new challenge, and he likes a challenge. I'm a bit more burned out and lazy myself these days.
Freebie ones I've taken in the past put me anything from 130-160, but they were free, and probably designed as much for internet bragging rights as actual quantification. I don't have any faith in the actual testing mechanism used in those, particularly in the higher result ranges. I'm more into assessing and archiving knowledge, data analysis and the overall big picture. My son is far more detail oriented. I suspect at some point in the coming years he'll take an accredited test just to satiate his curiosity, and if he can expand his vocabulary and get better at picking up context from written text, then I'd expect him to get a score that would qualify him for Mensa entry, if he could concentrate in an adjudicated setting with the attendant pressure and discomforts.
Edit: I passed the entrance exam for a grammar school at 11, most of which were questions taken from past Mensa papers, but it was simply a pass/fail mark, no breakdown on what the actual scores were.
I guess that's the closest I've ever come to taking an adjudicated IQ test. A couple of people in my friend group failed, so we went to a different school as a unit. A decision I'm very happy with in hindsight. I still have those friends, but knowledge has become an abstract sort of thing these days, what you actually know matters less and less, so I'd take the loyalty of friends over a potentially better education every time.
I think it might be possible to explode a Femtocell(assuming it runs Linux) by building a custom Kernel a messing arround with the frequencies of the hardware, or by adding a submodule to the hardware that would literally be a bomb. But that would require some finese to pull it off. Anyways great stream guys.
Just increase the transmitting power and receiving power to 100%. I don't know if that will explode the device but it can definitely melt it or overheat it, which should be enough to destroy the flash memory or whatever stores the code.
I get what you're saying, but you can't look at this from the perspective of what an average hacker would do. You're saying these are the types of hacks that a nation state would employ, and neglecting to mention/realize that's kind of the point. Elliot as a character has dedicated his life to hacking as a means to combatting the system, and at this point in the series has gone full swing in his attempts to take it down. For all intents and purposes, the group he represents is a straight up digital militia thats declaring war on the financial and judiciary systems of the world. Think of it like Anonymous if Anonymous were worth 2 shits and actually had structure and skilled hackers.
The hospital record scene was a flashback. It wasn't present day hacking.
So much respect for Nick. Very genuine guy who knows his stuff! Great teacher man
This channel deserves way more credit, but I'm not telling anybody lol femtocell
I know this is pretty old but after paying attention to the programming language that Elliot was using to make the Android exploit was actually Ruby.
Ruby is the standard with Metasploit.
@@menfie I figured as much, people were saying python and I just wanted to say it
Vuln code injection in the save game function. The save files are crypt'd by knowing the single win board arrangement you would use it to determine the secret. Then use the secret to crypt/sign a save game file that exploits the save game code injection. Probably an overflow
Having completed many CTFs I would definitely rather open up Cyberchef and paste in than write up a Python script just for a Caesar or ROT13 cipher.
On the Social Engineering attack with the phone.
*Attack Failed Successful*
QUOTE: "What Elliot has in cyber security skills it seems he is lacking in social engineering skills." /QUOTE ... LoL
he's coding with ruby during the femtocell hack
"the only thing that could distract this man from his heated eye contact" Lmao I'm fuckin dead dude
Thanks for this fellas, I was waiting on this lol
22:46 I assume you're referring to the Carbanak groups repeated penetration of the banking system. Although they did get rumbled, they were in 40+ banks systems, for months, and they have no idea how much money was moved. They're also as yet to be itentified, in my opinion. They claim to have caught a couple of them, but I'm not so sure.
The name Carbanak group comes from remnants of software found on the banks servers, but that's really the only thing that's known. It's the biggest bank heist in history and a bare handful of people have ever heard of it.
The average civilian would be dismayed to find out how banks work internally, but it certainly isn't a case of computers doing all the hard work, or loans being offset against savings. When a bank issues a loan, they create that money out of thin air, it's not backed by anything, and internally and between banks it's largely humans doing the money moving.
What the Carbanak group did was lurk on the server for months peering over everyone's shoulder and making notes on the felicity of style of individuals, so they could convincingly spoof transfer messages without arousing suspicion. For example; Jane sends a message to John in the transfer section asking that X amount of cash is to be routed from this account to this destination. John's job is the implementation of those transfer orders, so if it looks like Jane sent the transfer request, there's no reason to suspect foul play. Felicity of style is your personal style, mannerisms and vocabulary. As an extreme example, if Jane swore like a sailor in her transfer requests ordinarily, then you'd need to know the turn of phrase she might use, or any specific jargon. When colleagues have been communicating for years there's often a bit of banter back and forth, all these things need to be taken into account to successfully spoof the identity of another user on the network.
If you get it right, then no-one knows exactly what cash is missing as cash largely doesn't exist except as ledger entries, and if someone modifies those ledger entries, then you don't really know what goes where. A bank can hardly load a backup from several months ago, hoping that's far enough back to be before the time that the hackers took root. And the money moved in this manner is effectively untraceable, because of the delay in the bank being aware of the penetration, as well as not knowing the specifics of what was moved when and where.
There have so far been 2 people caught, including the alleged mastermind, a Ukrainian named as Denis K. I'm not convinced though, I suspect he was a cut out. The number of banks hit, and the frequency, makes me suspect it was more than one group of bad actors, and that someone was retailing or renting access to software and systems, which is how ransomware is often used. You pay a cut to the developer in return for using their software, or you rent it, or you buy it if you have enough money . I suspect the actual mastermind is very successful and hidden behind a veneer of wealth. This isn't something you'd do as a first rodeo!
34:40 If you're going to alt tab, have something to alt tab to lol. Sat at a blank desktop or blank browser homepage is a massive red flag!
39:00 Typically a honeypot is not just attractive looking, but keeps your intruder penned in a secure area, from which he is unable to break out and into your secure network. It's a tarpit, intended to trap you and keep you busy for as long as possible.
While on a modern broadband connection you can no longer render someone unable to hang up, as you could with an analogue modem if you injected the correct voltage into the line, there are still possibilities to backtrack the intruder, as long as they're not using a string of secured private proxies. There are certain identifiers in the logs, and if you can keep them from wiping the logs long enough, then you can start to enumerate them with a view to providing a portfolio for law enforcement.
45:54 Letter frequency analysis won't help much with a poly alphabetic cipher, that's effectively what Enigma and Lorenz were. Using a series of mechanical and electrical systems to create the randomness that made it so hard to crack. The pre-war Enigma could be done by hand, but although the mechanism behind Lorenz was cracked mathematically without anyone having seen the machine, it required the first ever computer, Colossus, to work the permutations. The versions of Enigma in use during the second world war had subtle variations and usually needed a crib to break, unless you were exceptional with the rods. But they too were mechanically sifted with a Bombe, a Polish invention, which comprised part of the multi-stage cracking process, which enabled the rods to be used to find real words, or names, in German. And prise open that particular message. Most of what was transmitted by German high command using Lorenz was broken, but depending on which version of Enigma was in use, there was significantly less success. Even after obtaining an actual machine from a sinking submarine, it couldn't be cracked easily or reliably. But any sort of cipher is child's play for a modern supercomputer, or even a vintage Cray II lol. Today's 128-2048 bit encryption is a different level of difficulty by some margin (although there's an issue with trapdoored primes with 1024bit DSA).
56:40 That is indeed an IRC client, if you were a little older you'd recognise the name of it in the last line of text. One of the most popular alternatives to Khaled-Bey's mIRC, this is an instance of BitchX. As a side note, having 119 opers, even for 23k users is excessive. You wouldn't need that many people with an O-line. On the p2pchat server we had all the javachat traffic from Morpheus and Limewire (if anyone remembers them lol) as well as our own users from the old Opennap and Musiccity servers, who migrated to IRC when those networks got closed down. In total we had something like 10k users at any given time, and that was with less than a dozen ircops. As long as you have a couple of opers around to relink servers and deal with the more persistent naughty elements, you're good. I'm guessing from the lack of hostmasks and number of users that it's meant to be connected to somewhere like Undernet, or Dalnet before it went downhill and lost all it's users.
58:05 Zero day used to mean exactly that, it was fresh and no-one was aware that there was a viable exploit. Although security researchers do responsibly report zero days when they find them, and give the company in question time to get it's house in order, it remains a zero day as long as the exploit is unknown, irrespective of how long it's been in use. And while white hats disclose zero days, there's an increasing trend in the commercial arena, especially in the area of "cyber munitions", to deploy them offensively in software sold to corporations and governments. RATS (remote access tools, otherwise known as Trojan horses) are a popular item with governments and security agencies. It's also worth noting that the single biggest haul of zero days in one program was found in Stuxnet, the joint Israeli and TAO (Tailored Access Operations) project that attacked the SCADA infrastructure in Iran's nuclear enrichment program, causing the centrifuges (sold to them by the French in contravention of sanctions, a common theme), to tear themselves apart at an accelerated rate, or ruin the enrichment process by messing with the speed and timing, as enrichment is dependent on specific ranges.
1:02:22 While finding zero days is non trivial, going through the latest white papers in the sphere you're interested in is an easy way to find an exploit you can code for, if there's nothing but a proof of concept online. Quite often the proof of concept isn't usable in it's current form, but it gives you something of a logical framework. Granted coding does take a while, but a small, specific, command line tool needn't take months to hack together. It doesn't matter if other people understand how to use it, so it doesn't need to be commented or organised, as long as it works, the very definition of a kluge lol.
1:04:07 With regards to the femtocell and "exploding" RAM, you'd need physical access, but you could wire a 9v battery, or splice from the transformer output, to the RAM slots and activate the circuit with a remote switch when you want the RAM to go bye bye. DDR3 runs at 1.5v, it wouldn't actually take a vast amount of voltage to blow the chips on the module, though probably not all of them, so it's still not perfect from a forensic countermeasure viewpoint. A small remote thermite package would probably be the best bet for total destruction.
Over a network though it would be easy enough to wipe RAM using an app, but as long as the computer wasn't switched off, there might still be fragments of information of interest to forensics. Same with your swap file, flash memory cards and USB sticks. You need to randomly overwrite the data in each sector numerous times, especially relevant with Windows due to the way file deletion works. If you were skilled at coding in Assembly then there are some possibilities of interacting with the hardware more directly. I don't know how hard it would be to overvolt the RAM by a significant degree, but with BIOS updating possible from within Windows now, it means that there is a direct path from software to hardware. A BIOS update that you've modified might be enough to physically damage the RAM and/or motherboard.
1:10:56 With regards to someone else's 0days, there was a rather large leak of a TAO toolkit as a password protected archive. The group that found it released both the archive and the password, so the tools are available to anyone, on the off chance they haven't already been added to Metasploit. The TAO archive utilises numerous 0days, though I would assume that many of them have since been patched, there are always people that don't update at all (a minority) or keep current (the majority) or are stupid enough to turn off UAC on Windows or not run a firewall or AV. As Windows autoupdates whether or not you want it to, that has been mitigated to some degree on the OS side.
Good comme t, thanks for the times too!!
as someone who is very interested in cybersecurity and has just started studying it, this is very educational while at the same time being entertaining and incredibly easy to watch- i just paused for a second and noticed i'm already at minute 45, while it didn't even feel like half an hour to me. great job, great content, thank you for this! :)
Same.
25 minutes in and I didn't even feel the time passing.
Also are u at uni or are you going for certifications?
I love kody's facial expression when he hears something inaccurate or spotted a mistake.
While appreciating your time for the analysis, you underestimate the extreme spectrume of exploits and real world ill user habits. Especially about the IoT stuff.. Respect and best wishes guys.
Dude im hooked w this series
lol the phone drain thing would make you think twice about zero trust.. why on earth would a cybersecurity boss not catch that (:
1:00:40
the most unrealistic thing is being able to single handedly type regular expressions without googling it
it's actually very easy :P
It took me months to start understanding regexp but once you understand it you don't have to google anymore
Can we have a 'Hackers React to Hacking Scenes from the Movie "Hackers"' please?
Watch the whole series instead of just looking at the clips so you'll know the context.
So would you say it's better than 2 people 1 keyboard?
3:40 "you explain capture the flag, I'll do my best Elliot not paying attention impression"
the thing with public hospitals is that they cant update their systems unless they update across the board i.e. every public hospital in the state same thing for law enforcement - they are literally running xp (i believe) in state police stations...yikes and you can only imagine their firewall and who is actually monitoring the network (underpaid and over worked admins)
“Did he just type it from his mind? I didn’t see him using a computer the whole scene”. If you know the context of the show it’s clear that he’s in the hospital now, promises krista that he’ll be a good drug free boi, then proceeds to hack into the hospitals data records for subsequent drug tests. You even play the clip “I won’t do morphine again” signifying that he obviously can’t modify anything in his current state in the hospital room so she knows he did it in the first place. But he knows he can make sure she won’t be able to ascertain his continued use. You guys are smart as fuck and missed this it makes me lol
Want to mention I’m not saying his first hack into the hospital was post-this-episode, but merely he didn’t have the chance to do anything once he’s alrdy in the hospital and had to make the promise/convince her he was gonna be a good boi and then once he was out he can resume full control of his digital medical files
It's probably not something that the writers considered, but some people on opioids will hallucinate. I had experience of this myself in hospital, I was on my laptop moving a bunch of media around and doing basic housekeeping as I had no internet connection, I'd just got my parents to bring a bunch of bare 3.5" drives and a usb 2x HDD drive reader so I had something to do while I was in there for weeks. Anyhoo, about an hour after taking the tablets they gave me my eyes must have shut, but in my mind I carried on moving files for another hour or so before drifting off to sleep. When I woke up and saw all the files I thought I'd organised were still in their original mess I was seriously confused! On boxes of Oxycontin it states that for a percentage of the population it can cause hallucinations, and if he's hitting up a heavy dose of Morphine then it's just as likely that he's in a kinda fugue state. Probably not something the writers are aware of, but another possible explanation for that scene.
Gotta say, I've never seen anyone display such intense hatred for the Robert Sonneman-patented, Memphis-style banker's lamp, it's actually really funny. I have such a lamp myself (replaced the R7 halogen bulb with an LED equivalent), and I really like it as my personal desk lamp.
When your wondering if its python in the "0 day" part, he's actually entering Dictionary infos.
This was super entertaining and informational.
That's hilarious about the soylent, it's amazing but yes it is a meal replacement, not meant to be chugged lol
i know Symantec Endpoint when I see it.... wow what great attention to detail to the old software imagery. 19:14
@2:45 in season 2 the FBI supposedly stepped in and said "let's tone down the shots on the laptop screens of them writing exploits"
Just put on the subtitles when you can't here it
The reason for Elliot centering his whole personality around hacking and being super obtuse is that this is actually a seperate personality from Elliot's DID. This personality has the goal of hacking (due to actual Elliot's skillset) its way to take down the leaders of the world. He was built out of Elliot's anger against society, and desperately tries to correct the entire world. Real Elliot only gains control at the very end of the show.
If you can't hear it, why not add subtitles so you can read what they were saying
you'd think people calling themselves hackers were capable of finding the most basic solutions to everyday problems imaginable, lol
Hacker doesn't know what the BitchX IRC client is, major yikes :)
.
Yeah, that's largely an age thing I suspect. But in my opinion all hackers should read through hacker history, from the dinosaur pen days to the nineties and up to today. You might not be able to use old code on modern machines, but the principles often remain the same. I'd expect them to recognise the name of the client at the bottom of the screen in that scene, even if they've never used it.
just a possible subjet id love to see you guys discuss in a future video is the recent Pegasus 0 click exploit found by the isreal gov that affects all phones including iphones
Check out the recent videos from Rob Braxman on Pegasus it's pretty insightful
Unless it's stolen and distributed online, it's unlikely to be any threat to you. The Israelis charge hundreds of thousands of dollars per license, so it's for use only on high value subjects. In some parts of the world you're more at risk, Saudi Arabia and Egypt being two examples. An Italian cyber munitions company sent both software and hardware IMSI catchers (Stingers) to Egypt, in violation of sanctions. The software and devices were used to round up protestors.
It's getting very 1984 out there in the world.
Lmao, please do more of these. So much fun.
You guys are kind of funny, and this video was entertaining, but honestly you have no idea what you're talking about in a good portion of this. Some of that is from not having watched the show so you don't have the context (like not getting that Elliot was showing how he hacked the hospital in the past, 2012, but was talking about it in 2015 from his hospital bed, somehow you couldn't figure that out, or that the people screaming and partying at the CTF hack scene were part of the nightclub section and not in the contest). It really showed that you were somewhat clueless when you're talking about the femtocell hack scene, not knowing what a logic bomb is, not knowing what Elliot meant by "explode" (self corrupt) and then going on about it for several minutes like you really thought he was talking about physically blowing up the phones, yikes that was very cringy that you didn't get it. And the comment about Elliot's identity being based entirely around hacking and it might be affecting his mental health....LMFAO - if you watch the show you will know exactly why I'm laughing (don't want to spoiler anyone here). And to think other people who are more clueless than you will watch this and think you guys know what you're talking about is just sad.
MrRobot is more about the philosophy than the accuracy
it was a good attempt at a compromise between something entertaining and something accurate. Some very complicated concepts were delivered to a slightly mainstream audience.
@@v00n2000 plus you can't just put in all the information on how to hack people online. It would probably come back to bite the creators
@@goopguy548 yeah, anyone smart enough to understand the hackery implied in Mr. Robot would already be doing it themselves in real life.
the ctf scebe sounds like some sort of out of bound input attavk - pretty pld school but it stijj happens
hospiial scene: It is common in business to assign the IT boss position to a receptionist with MS Office training
ROT 13 was used in the Cuecat scanner
At 1:00:22 he appears to be coding JavaScript
A femtocell is a small fake cell tower emulatot basically a reprogrammed mobile hotspot device
Yeah found you! The guy who never blink.
wow great streammm
And occupy the web ran a series on how this show is semi applicable to the real world
well hackers werent screaming, it was from the party club lol, nice reaction tho
You don't hack the world...you hack the planet :)
"Mr. Robot lied to us! they showed us something happen on the screen but then it turned out later what actually happened was different!"
Have I got news for you
This was pretty funny but the guest its like "meh" doesnt add much to the video, still, it was a nice vid, love the way you explain things
I like his Crystal Castles tshirt tho
I think it would've been a lot better if you had watched the show before going through this. As you only get little glimpses or few words about what he is doing, and it is easy to misinterpret what he is trying to achieve without the context of the story.
And also, I know you Americans don't like subtitles but it makes a lot of sense here. :)
Wait? You don't know that ceasar cipher and shift cipher are the same thing?
Use subtitles guys if you couldn’t hear what he’s saying.
great stream guys!
Wow. This guy loves ciphers.
"You're not writing your own malware, you're using Metasploit or..."
This "expert" said as Elliot is literally writing a Metasploit script...
Elliot is goated
I would enjoy your thoughts on the, Mr Robot, pwnphone..🙏❤️
its astonishing how to wrote those bash scripts in kali... mr. Robot will be the main legend as him wins the underground hack tournament..
Ten minutes later:
Hello Elliot ?!
Its mitnick...
Kevin... mitnick..
No more telephone signal at there..
The second guy is soo bored with too much talking. 😂😂
LOL
37:00 - he could get log out cause of inactivity ??
Hey, I'm late to the party but unless it's been said - listen again. He says that should the FBI take an image of the femitocell the MEMORY will self-currupt or explode. As in, either the memory data will scramble (explode) or maybe he'll force a voltage surge (if that's possible) to burn out the chips.
I don't think he means literally explode the device.
Sorry, had to scratch that itch. Good content though. 😊
I hate not knowing that much English to listen to this gem, shit
we love you man continue, i created this account to suport you.
This video would be better if the scenes were with subtitles.
you guys need to watch the show
People filming this series were probably much more knowledgeble then these.
"i hate this lamp."
I really don't understand how anyone could hate the Robert Sonneman Memphis-style desk lamp. It's a nice lamp, and I actually have one myself (with the halogen bulb replaced with an LED equivalent).
Dude, its a god damn ruby script :V how can u guys not know that
Facts
Tbh nick seems a bit lost lol
Just use subtitles
20:57 the reason it's more black is that it is selected to be edited
too much yapping
literally my job
36:36 he wasnt even mr robot 😭😭
So ummm i need a doctors note for work 😆
I really like all FWD content but I don't really understand the language you speak, is it possible to add Indonesian subtitles?
doesn't know BitchX.... that makes me sad. BitchX w/ Cypress was my jam. irsii is an acceptable second place.
nice video
Anybody know nicks info 🥰
1:00:20 Ruby
Crystal Castles shirt! Big fan of their music!
wh min?
i love you guys, big fan. but you two did a total disservice to this show. literally crying about minor details. obviously its hollywood they have to make it dramatic and timeframes wont be perfect. they have to fit a lifetime into a few hours. but this show, by far, is the most accurate and realistic hacking show/movie of all time. easy. and it was a great show even outside of the hacking. legendary. i think you all came at it with the mindset that it was going to be just another fake hacker show so you looked for reasons to diss it. i hope you two get a chance to actually watch it all the way through. you'll have a whole new respect for it.
I watched it, thanks for the comment!
Just watch like a few episodes before making some content. 21:50 this show has nothing to do with robots per se, neither there is any sort of mind machince interface ffs
Bro blink
***SPOILERS***
In this show Eliot has dissociative identity disorder.
It's revealed over the course of the show that Eliot has multiple personalities born from traumatic events in his life and the personality you look at here is the one that stores all of his rage and contempt for the world.
It's the personality that's decided it will get revenge on the "top 1% of the top 1%" that rule the world as he puts it and so him being a social outcast and completely obsessed with hacking kind of justifies his cockiness, if he's had overwhelming success with this activity.
36:42 Maybe the password was the token he got off the phone?
I thought that was a possibility, but if that is what they intended then it's lazy writing. It's clear that the boss is using 2FA, and as such after the username and password are input you'd be asked for the secondary authentication. On this one they just messed up I think.
Funny
I love elliot than u, sorry
Even if he is a noob at hacking