To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/Cyb3rMaddy/ . You’ll also get 20% off an annual premium subscription. This video was sponsored by Brilliant
Best way for me to learn is standing over someones shoulder watching them do and explain what they are doing. This is the first time I've seen wireshark in action and thank you so much for how you teach this. This is also the first time I've looked at wireshark and didn't feel like I was reading gibberish. Subscribed.
@nulldnb Respectfully... This isn't really using Wireshark. Prebuilt filters should be in place. Then once on the trail of something an individual should follow the session conversation. She dipped from DNS to HTTP without looking at any other traffic while allowing all src and dst traffic. Also conveniently doesn't mention how the majority of DNS and HTTP traffic is secured. A competent professional in the industry is going to force their browser/computer to use a static DNS of their choice, and force both DNS and HTTP to be encrypted. You would be able to see the IP's... but you are not going to see the query, you are not going to see responses, you are not going to see get requests. Laura has been doing this for decades. If you want real world knowledge and applications she delivers information. If you want distractions she is not it. No such thing as a free education. www.youtube.com/@LauraChappellLab/videos
Yes, It's highly recommended to encrypt your private members (preferably with a strong password), especially when having an affair. Also remember not to choose a weak algorithm for the encryption, as that will make your protection prone to breaking and/or tearing during intense activities.
It was funny to find a folder named 'affair.' You'll laugh even harder when you hear that here in Brazil, there was almost a coup d'état, and the police found a folder called 'coup draft' on a former minister's computer, so obvious 😂😂😂😂
6:39 That 172.16 address is the attacker correct? The get request is sourced from the attacker... they would be downloading their own compromised file. Which leads me to the point the victim has to initiate a get request for the file. This DNS spoof/poison will not work unless the served page entices the victim to initiate the get request. Unless I'm missing something this has the Reedit circle jerk stench. Yeah bruh I just busted my boss at this MASSIVE convention in real time bruh.
In that case the main in the middle it would only work if the connection is without https, am I right ? I am a software developer it might be skill issues from my side
7:07 Crazy question. Why are they noticing the IP address-operating system discrepencies AFTER the attack? Shouldn't internal IDS software filters have picked up that beforehand? This is why AI systems are going to integrated heavier into cybersecurity for preventative actions.
what about bypassing ssl on android devices ssl pinning is in place do we need to bypass sslpinning to be able to capture the download from play store in mitmproxy I have a script that can merge the payload with the original apk :( that's where I am at 😢
First time your video i watched you have unique style the way you teach or talk keep doing i have doubt; once we redirected to attacker fake website then its over, right ? all get and post req are automatically happen or we are the one making. let say in get request that zip contain malware and post request contain boss flight ticket. So goal of the attack is getting boss ticket right?.
Great analysis, thank you! A bit off-topic, but I wanted to ask: I have a SafePal wallet with USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). How should I go about transferring them to Binance?
@@AlmightyMek VPN would in fact work. To capture the packets the adversary has to be on the same networks. VPN is not the same network. To spoof/poison DNS in this fashion you have to be on the same network... VPN is not the same network.
As a non-native speaker I got stunlocked at 3:25 mins in. What's incorrect about the grammar? Is it supposed to be like "Recently, your boss..."? PLEASE HELP ME! :D
You make it sound like a simple race condition between any hacker and the dns , that it is trivial to win it. You pull a pcap file from some competition very neatly prepeared data, not showcasing any how difficult it is to set up a spoofing attack against anyone that does not sit in your lab. All to sell your ad... Boo.
thank you maddy, but we know what DNS Spoofing is, this is only because the middle school's IT program is so boring it shouldn't be a re-do of elementary school IT curriculum where you learn office for the 20th time
Müsste aber mach dir lieber keine Hoffnungen ^^ Wenn es dich antreibt zu lernen ok, die Chance ist aber gegen 0, dass sie dich aufgrund eines solchen Kommentares überhaupt wahrnimmt und wenn dann nur als Simp - Frauen im Internet sind sehr viel gewöhnt, darüber einen richtigen Kontakt aufzubauen vor allem im Ausland... eher unwahrscheinlich, sorry dir das zu sagen bro :( Wie sagte mein Vater so schön... auch andere Mütter haben schöne Töchter :) Die meisten sind zwar nicht intelligent, aber es gibt sie auch hier, bloß nicht die Hoffnung aufgeben und die Energie in etwas "reales" stecken! :)
I restraint myself from clicking the video, knowing the channel before hand and how distracted i could be by impeccable gorgeous physical beauty which make me disregard the cybersecurity knowledge and skill brought upon in the video. Which is unwise of me. Forgive me.
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/Cyb3rMaddy/ . You’ll also get 20% off an annual premium subscription.
This video was sponsored by Brilliant
*NO.*
Super interesting thankkk youuuu
Best way for me to learn is standing over someones shoulder watching them do and explain what they are doing. This is the first time I've seen wireshark in action and thank you so much for how you teach this.
This is also the first time I've looked at wireshark and didn't feel like I was reading gibberish. Subscribed.
So glad to hear!! This feedback means a lot. Thank you!!
Same here. Thanks 🗿
@nulldnb Respectfully... This isn't really using Wireshark. Prebuilt filters should be in place. Then once on the trail of something an individual should follow the session conversation. She dipped from DNS to HTTP without looking at any other traffic while allowing all src and dst traffic. Also conveniently doesn't mention how the majority of DNS and HTTP traffic is secured. A competent professional in the industry is going to force their browser/computer to use a static DNS of their choice, and force both DNS and HTTP to be encrypted. You would be able to see the IP's... but you are not going to see the query, you are not going to see responses, you are not going to see get requests.
Laura has been doing this for decades. If you want real world knowledge and applications she delivers information. If you want distractions she is not it. No such thing as a free education.
www.youtube.com/@LauraChappellLab/videos
@@RunsOnRustYes, she will most certainly not be a distraction
Great one Maddy! Love the Wireshark breakdown as it is interesting how they were able to get their DNS in before the Google DNS.
So... if I'm gonna have an affair, I'd better use protection?
You gonna get PWND
@@Zeroduckies😂
😂
use Latex not condom 😂😂
Yes, It's highly recommended to encrypt your private members (preferably with a strong password), especially when having an affair. Also remember not to choose a weak algorithm for the encryption, as that will make your protection prone to breaking and/or tearing during intense activities.
It was funny to find a folder named 'affair.' You'll laugh even harder when you hear that here in Brazil, there was almost a coup d'état, and the police found a folder called 'coup draft' on a former minister's computer, so obvious 😂😂😂😂
i can already hear all the smartys shouting "ThEn UsE DnS oVeR HTTPS!!11"
what a shame for Pete Galloway. He was such a kind soul, always around helping others. Hope he is doing ok.
Keep up the great work Maddy. Thanks for sharing your knowledge.
Man, pulling that kind of shit is *typical* Pete Gallaway.
Nice ❤ More incident analysis for other scenarios please
I didn't get one fact, how did attacker inject the DNS server? Is it possible to register the same domain with two different IP addresses?
Yeah. In fact, it's very common. It assures redundancy.
Wow she is getting sponsors now yayy!!
This was funny and educational! Great combo. I immediately changed my folder titles after seeing this, blatantly suss stuff.
Oh, great, my favorite cybersecurity blogger!
6:39 That 172.16 address is the attacker correct? The get request is sourced from the attacker... they would be downloading their own compromised file. Which leads me to the point the victim has to initiate a get request for the file. This DNS spoof/poison will not work unless the served page entices the victim to initiate the get request.
Unless I'm missing something this has the Reedit circle jerk stench. Yeah bruh I just busted my boss at this MASSIVE convention in real time bruh.
amazing channel, glad we've found it
well if some one click 15 warning popups away telling the site uses a wrong certificate
In that case the main in the middle it would only work if the connection is without https, am I right ? I am a software developer it might be skill issues from my side
These kinds of script I wrote 5 years ago. Idk why people cry FED FED FED Over this person with these script kitty skills.
So you skipped the scriptkid phase huh?
@mczen84 I've been researching in infosec before you were even born kid.
@@mczen84 bro is too good for us.
"Smile. You're on camera"
What camera? 👀
FBI
would like to see this from attacker pov and how they execute it
Good tuturial❤❤
I fall in love with this channel 💕💕
7:07
Crazy question.
Why are they noticing the IP address-operating system discrepencies AFTER the attack?
Shouldn't internal IDS software filters have picked up that beforehand?
This is why AI systems are going to integrated heavier into cybersecurity
for preventative actions.
Doesn't burpsuite do this too?
This shit is Comedy haha!Hellyeahh! MerryChrismas World (:
Solution: Pi-hole and Unbound.
what about bypassing ssl on android devices ssl pinning is in place do we need to bypass sslpinning to be able to capture the download from play store in mitmproxy I have a script that can merge the payload with the original apk :( that's where I am at 😢
I was wondering if you could please help me check my loader for any vulnerabilities
Thank you !
ASMR cyber sec content right here. Keep it up Mrs.
lol are you from New Jersey? sorta sounds like it around 3:46 or so
First time your video i watched you have unique style the way you teach or talk keep doing i have doubt; once we redirected to attacker fake website then its over, right ? all get and post req are automatically happen or we are the one making. let say in get request that zip contain malware and post request contain boss flight ticket. So goal of the attack is getting boss ticket right?.
Great analysis, thank you! A bit off-topic, but I wanted to ask: I have a SafePal wallet with USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). How should I go about transferring them to Binance?
Love to see a video of under the hood of alphafold
Also can you let me know where you downloaded this PCAP file from ? Is this like a lab activity or something?
url is visible in the video after 3:02
Thanks for the informative video's 😀😀
subscribed from Ethiopia!!!!
You're having an affair? Those packets will get you. Can't hide!!
Brilliant analysis 😊
Thanks for the informative video Fam, 🎉
can you make a video about how to start hacker journey or bounty bug really need a guide for it .
Ok, è una challenge, quindi una prova, ma non capisco una cosa, come hai fatto capire che l'altro è il reale IP?
Another tech youtuber??? Sign me up! Yes Ive learned dns is a scary tool when your not watching it
nice job explaining the trace..
Great food on that region, including Bells and spices.
so, using a VPN is also a good security measure here, right?
A public VPN provider, (assuming) doesn’t protect you from downloading malware.
You should usually not ignore certificate warnings for public websites
@@AlmightyMek VPN would in fact work. To capture the packets the adversary has to be on the same networks. VPN is not the same network. To spoof/poison DNS in this fashion you have to be on the same network... VPN is not the same network.
can you please teach us how to send malware just for educational purposes?
Awesome video!
Is that request http or https? 7:30
You got a haircut! Nice
3:52 Pete Galloway based
😮😮😮😮😮...amazing tutorial! New subscriiber to the YT channel, hope 2 see more content!
best explanition ever ❤
Simp
Did you guys realized, it's ALWAYS DNS?
As a non-native speaker I got stunlocked at 3:25 mins in. What's incorrect about the grammar? Is it supposed to be like "Recently, your boss..."? PLEASE HELP ME! :D
You're correct! It should say "recently" instead of "lately".
Great work.
iT seems your video has quitted at about 1:42, maybe it's my client
You are very intelligent 🙇🏻
Beaty as always 🎉
So he didn't even get to Ninja
I LOVE YOUR KIRBY
Where are the PsyOp comments?
Thank you.
Though I have some ideas
GEILE MAUS !
beautifull blue team 💙
So a malware tutorial
Парень тебе нужен, а не вот это вот всё 😂
Great video. Thanks girl. Cool to see more girls in the game. We men have f--ked enough shit up
❤ Какая Симпатичная девушка!!!👍👍👍💯🥰💐💐💐💐💐💐💐💐💐💐💐💐💐
OK 👍
Papi rompiste
the best
Don't use Mac. Got it thanks 👍
You make it sound like a simple race condition between any hacker and the dns , that it is trivial to win it. You pull a pcap file from some competition very neatly prepeared data, not showcasing any how difficult it is to set up a spoofing attack against anyone that does not sit in your lab. All to sell your ad... Boo.
Yeah sure bro, but this is more like a showcase/introduction for the less experienced, I think
@JanSoltan-wj1hs opinions are still allowed to have to some degree, unless we talking about jews. but i still think its an ad.
This is cool.
Dns ....diaxxas😢😢❤😆😆😆❤
you are a cat
wow, so much criminal, so much hacker
Cool!
Maddy you are so beautiful ❤❤❤❤❤❤
I thought hopeless simping was haram or some shi
Or a sin, whatever
She's so gorgeous🤫
😱🧑💻🦈🌎‼
This woman turned on the PC herself yet.
Maddy with some lipstick turns into a baddie
Lmao, Underrated comment
don't have an affair is the easier option lol
hack
She kinda talks like Mitch Hedberg.
I used to like OpSec. I still do. But, I used to too
lol
She used to talk like Mitch, she still does but she used to too.
thank you maddy, but we know what DNS Spoofing is, this is only because the middle school's IT program is so boring it shouldn't be a re-do of elementary school IT curriculum where you learn office for the 20th time
u single? :''D
Müsste aber mach dir lieber keine Hoffnungen ^^
Wenn es dich antreibt zu lernen ok, die Chance ist aber gegen 0, dass sie dich aufgrund eines solchen Kommentares überhaupt wahrnimmt und wenn dann nur als Simp - Frauen im Internet sind sehr viel gewöhnt, darüber einen richtigen Kontakt aufzubauen vor allem im Ausland... eher unwahrscheinlich, sorry dir das zu sagen bro :(
Wie sagte mein Vater so schön... auch andere Mütter haben schöne Töchter :)
Die meisten sind zwar nicht intelligent, aber es gibt sie auch hier, bloß nicht die Hoffnung aufgeben und die Energie in etwas "reales" stecken! :)
@@MrArkaneMage komplimente machen ist also etwas schlechtes, traurige welt in der du lebst. tut mir leid für dich D:
@@SomeOne-mw8zl dann hab ich deinen Kommentar wohl missverstanden, sieht für mich nicht nach einem Kompliment, sondern nach Anbiederei aus :D
Damn Germans smh
@@sadasow2670 thats wacist
I restraint myself from clicking the video, knowing the channel before hand and how distracted i could be by impeccable gorgeous physical beauty which make me disregard the cybersecurity knowledge and skill brought upon in the video. Which is unwise of me. Forgive me.
My wife left me
mm, hot network nerd. the apex of digital age.
Gorgeousness
@faza google chrome 😮😮❤