How to protect your private network from break-ins | Real experiment with a hacker

Подписаться 458 тыс.

Просмотров 281 тыс.

50% 1

👾 Follow this link to book a demo: sumsub.com/free-demo/
In this video, you’ll find out about how sniffing with twisted pairs works and what danger it poses to your data.
Sniffing is a kind of attack that involves listening in our data, transmitted through the network. Hackers can, with the help of special tools or software, eavesdrop on traffic and watch in real time what information is coming in and out of the computer.
Your passwords, documents, photos, any and everything could end up in the hands of another person.
For some reason, people often think that this requires some kind of expensive tools or equipment. But in this video you’ll see how hackers can eavesdrop on network traffic using simple crocodile clips. Most importantly, we’ll show you how to stay protected against these kind of attacks.
👾 More about us:
sumsub.com
/ sumsubcom
/ sumsubcom
/ admin
Timecodes:
00:00 The hacker is in search of a victim
02:01 Let’s start with the theory, what is RJ45
03:02 How information travels through the wires
04:13 How a hacker ‘sniffs’ information. Let’s start to assemble our tools!
05:20 How the attack works, as shown on our special testbed
06:20 Listening to outgoing traffic
09:20 Using a special script to search for sensitive information
11:40 Listening to the outgoing traffic and intercepting valuable data
13:47 The vulnerabilities of sniffing attacks and how to protect yourself against them
18:28 What measures do we take to protect data at Sumsub?
#sniffingattack #hardwaresniffingattack #howtohack #ethicalhacking #maninthemiddle #capturetraffic #rj45 #twistedpair #ethernetcable #cybersecurity #sumsub

Наука

Опубликовано:

1 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 284

@LP-fy8wr Год назад

This is pretty old stuff guys. I personally have not seen a Vampire Tap device since the early 90s. Also with the rise of SSL and TLS for mail transport this is not going to work at least for raw sniffing anyway. Cool video though.

@phillipgilligan8168 Год назад

Thats why you MITM with this and decrypt the SSL. Too easy. Either way, yes there are better attack vectors, but if you had time, and the correct place to do this, like an accessible basement, with a tap, and some specific hardware you would leave in place that I won't name, This could indeed be very effective.

@LP-fy8wr Год назад

@@phillipgilligan8168 how do you plan on decrypting the SSL traffic without the private key? Granted there are some tools where you can strip SSL out of a session but the end-users going to know.

@phillipgilligan8168 Год назад

@@LP-fy8wr your MitM proxy replaces the ssl cert so you actually own the private key in that configuration. Look for “Mitmproxy” also, never use these kinds of tools on systems you don’t own. (Sorry had to add a disclaimer there)

@user-pm8je4fo7e Год назад

Oh cmon. Pentestish hispsters and opensource nerds were all over Throwing Star TAP just several years ago.

@user-pm8je4fo7e Год назад

@@LP-fy8wr you would not believe how many users will click "whatever, just get me to the site". Not to mention that you actually can make it TLS again. All this cryptomumbojumbo is good, but cert managing infrastructure is really bad. It's so bad, I actually think it was made this way by design by some NSA or whatever. Getting your hands on "good" certificate is not as hard as one would've expect. And after that the only thing standing between you and plaintext would be cert pinning, which is like a dad who went for a pack of cigaretts twenty years ago. Downgrading TLS is still a thing too, as far as I can tell. So yeah, mitm is still possible in modern internets. Although I have no idea why this dude invoked mitm in context of passive sniffing.

@computerdoctor1708 Год назад

The point is to do this after the router. There is no point doing this before the router (in the company's LAN). Since you're already in the company, no need to cut cables. In a pentest scenario you want to get it and get out as stealthy as possible.

@paulstubbs7678 Год назад

Many years ago, a telco I worked for had a large office building in a city, they decided this building was no longer suitable so they moved over to a new one. One of our competitors ended up taking over the old office building. Then one of our techs had a startling realisation, that building was fed with fibre, and there would have been all the necessary associated equipment in there, as in fibre to the corporate network as opposed to the internet. So one of our techs paid a visit (high, just chasing a phone fault, can we have the basement keys) and yes it was all still there, powered up, gigabit feeds of all our internal corporate systems...... not for long...... That's what you get from a building full of sales execs etc. no technical knowledge at all.

@x0rZ15t Год назад

RJ-45 is not a cable, it's a type of connector for utp/stp cable like CAT5, CAT5E, CAT6 and so on.

@rationalbushcraft Год назад

Why hide the commands? This basic stuff can be easily found. Information wants to be free. This is just silly as there are legitimate reasons for sniffing packets. I do it all the time as part of my job. Come on no one is using FTP or telnet where passwords are sent in clear text any more.

@DexieTheSheep Год назад

exactlyyyyy

@solarsombrero227 Год назад

RU-vid will often ban videos that show exactly how this kind of stuff is done

@DexieTheSheep Год назад

@@solarsombrero227 they only ban videos involving dishonest behavior, but learning network sniffing can be used for good... Usually I just see channels like these mention that it's for educational purposes or whatever and mention it's illegal to do it without permission. Same reason why hacking is taught in general. The black-hats already have their resources for learning this stuff.

@Crysal Год назад

@@solarsombrero227 just put a "for educational purposes only"

@GlorifiedGremlin Год назад

Well, he's got liability. We don't, we can just share what he has to censor lol

@YeloPartyHat Год назад

Not a bad video but I must say, I do miss the amazing quality you used to produce with Bradley with those sets.

@Chatterintheskull Год назад

Thank you for the hard work you put into making this video.

@Sumsubcom Год назад

Glad you enjoyed it!😊

@Leo-sd3jt Год назад

Splicing into a cable is definitely detectable since the attenuation of the signal will increase.

@josephzajdler Год назад

where can I purchase a device that will detect signal attenuation that will send me a notification when it happens and alert me to which cable it is?

@oksowhat 10 месяцев назад

@@josephzajdler home routers have the hardware for it but not the software

@edsmith3052 Год назад

Great video, very informative without being too informative. I’m glad Seytonic gave you a shout out, definitely going to sub. Keep up the great work.

@Sumsubcom Год назад

Thanks a lot! Glad to hear that! 🥰

@maxxxb4uh4us80 Год назад

Perfeito , parabéns pela iniciativa !!!

@MyAmazingUsername Год назад

I remember a late 90s LAN party. A heavy kiddo sat in the corner, smirking. I walked over and sat down next to the pale, bespectacled boy. When his blubber had stopped jiggling after to our seated collision, he lifted his meaty arm and pointed at the screen. He was running something named Lunix. His screen was full of terminals. He adjusted his glasses and took a breath from his asthma inhaler, before finally speaking. "See that? I have ARP poisoned the network. All traffic is routed through my computer. See those website passwords scrolling on the screen? That's people on this network who are logging into websites." I was too impressed to report him to anyone.

@theflano23 Год назад

Loving the description, very immersive

@AQASAMOTEN Год назад

thanks for your tutorial i really enjoyed it

@igamse Год назад

This is an amazing video! I learned a lot, thank you!

@Sumsubcom Год назад

Glad you enjoyed it !

@KINGFROMHEART Год назад

Great explanation

@nou8310 Год назад

I regularly convince your id verification system that photoshopped IDs I make are real.

@Sumsubcom Год назад

Hey! Thanks for your comment 🙂 We constantly improve our products and take into consideration any feedback. In order to provide a detailed answer to you we'd like to take a closer look at your case. Please share it with us by dropping us an email at Pr@sumsub.com

@morsine Год назад

it's honestly easier to infect a client.. great content tho!!

@dannypaaji Год назад

This thing is awesome. I'm digging it!

@Sumsubcom Год назад

Hey! Glad that you like it ☺

@marcs.8040 Год назад

I love your videos, such a quality

@Sumsubcom Год назад

Thank you so much!

@sbcinema Год назад

Hackers rarely work locally, this is more for companies that are afraid of industrial espionage

@Nanokarp Год назад

i prefer these longer videos so very much more to the shorts.

@Sumsubcom Год назад

Hey! Thanks for your comment! We also love the long format and we're not going to stop producing it 😊

@hackerninjaking2617 Год назад

Thank you sir 🙏

@SharpRaccoonTeeth Год назад

it was kinda fun filling in the blanks when watching this, like a shout-out at a Pantomime

@mo-s- Год назад

I like how they censor the software as if you couldn't just google lol

@josephzajdler Год назад

Makes it more MYSTERIOUS, ooohh !!

@jameswalker199 Год назад

Its for arse covering. RU-vid has policies against making instructional hacking videos

@tisjester Год назад

@@jameswalker199 correct - it is a RU-vid restriction - nothing more.

@DemocracyManifest-vc5jn 10 месяцев назад

Good for them. God forbid some Karen gets their channel taken down.

@tristanboyle4450 11 месяцев назад

pretty nice.. thanks.. gotta love kodachi too :)

@LightVibrationPresenseKindness Год назад

great content!

@shootgunman1460 Год назад

i want this man to make audiobooks so i can fall asleep to his voice

@Tjensen999 Год назад

Hex editors are so much fun!

@myosotisalderson 11 месяцев назад

Thank you for your vide, but My question is: WHat kind of phone do you use for this operation ?Thanks

@prestheticmullet Год назад

without looking at the channel that uploaded, and only reading the video name in my subscription feed, I thought this was going to be an onion video about avoiding Joe Biden Sniffing Attacks

@marosak8056 Год назад

Thanks for this video its very imformative but how you connect crocodile to that green cable if you dont cut that plastic around cable

@nakedtrader3959 Год назад

Amazing content!

@Sumsubcom Год назад

Glad you enjoyed it😊

@whtiequillBj Год назад

small note. at the start of the video the comments on the bash shell are C comments not bash comments.

@dj-yv7oi Год назад

Useful informations, thanks for the video.

@Sumsubcom Год назад

Happy it was helpful!🎉

@diogoferreira8397 Год назад

As a pentester I believe that it would be interesting see the complete commands or some suggestion about proper documentation.

@jameswalker199 Год назад

As a pentester, you should know these commands as you use them every day

@alanh7285 Год назад

@@jameswalker199 As it pertains to this video, what commands would those be, that you think everyone should know?

@doopy Год назад

doing this in my college networking class.. great stuff

@ahmedmahomed Год назад

Hacking?

@doopy Год назад

@@ahmedmahomed working with RJ45 and Cat5E cabling, exploiting things and breaking them down can give you a greater understanding of how they work and how data is transferred through them.

@dj-yv7oi Год назад

@@ahmedmahomed *listening on the network*

@jameswalker199 Год назад

@Ahmed Mahomed Yes. There are hackers that get paid by companies to hack them, then produce an exhaustive writeup on all their security failings, that way the company can clean up the low hanging fruit and make their systems more secure. Its called penetration testing, or more generally, whitehat hacking.

@jameswalker199 Год назад

There's also blackhats, who are malicious hackers, greyhats, that sit somewhere in the middle, hacking just for fun but usually telling the victim if they find anything serious, and greenhats, who are only in it for the money, normally doing penetration testing and bug bounties, but they aren't afraid of selling malware if the bug bounty doesn't pay well.

@davinci3043 Год назад

Great video

@magicmanchloe Год назад

Great video! Makes it’s easy to understand for the average joe. My only gripe is nitpicking. But it’s bugging me how he keeps calling it an rj45 cable. It’s a copper twisted pair cable or more specifically, likely a cat5, cat5e or cat6 cable

@mjtonyfire Год назад

RJ45 refers to the connector, cat5,6 etc refers to the cable itself.

@Goatboyfellofftgecliff Год назад

Based on the fact that there is not a noticeable divider I would have to say it’s cat 5 or cat 5e

@TANKBM Год назад

My dear brother, if you continue in this way, the channel will grow. Yes, this is the type of videos that we want. Continue and we will support you

@CRITICALCHEATS Год назад

I really like your video tutorials

@phillipgilligan8168 Год назад

We really going to redact things like wireshark lol? Come on now. Either way, loved the way the video was edited and the cadence of the video. Despite people feeling one way or another, it was creative and cool. Thanks for the video.

@rohitdas4573 Год назад

A bad actor can just store the SSL encrypted network traffic and wait few years for the quantum computing to get cheaper. For example, they can track network of government officials, since there influence will not go away in few years, it makes sense.

@balazsstrahl6593 Год назад

Hi! What distro are you using?

@gr0wnup5 Год назад

Hope you upload uncensored video on Patreon or smthng 🌟

@alexluzinki206 Год назад

good job

@saitamatechno Год назад

I didn't understand how you can read the data without connecting the crocodile cable. You only clipped them but didn't connect them.

@Jirayu.Kaewprateep 11 месяцев назад

Good content, ethernet line connect can detect but I looking at how they do as method and other prevention.

@charleshines2142 9 месяцев назад

Of course when someone cuts pairs to turn 1000 MB in to 100 MB that may be enough to get some people to take a look at their network if it goes on too long. They might go to the room where they have the router looking for a bad cable. If they are smart enough they might even look at exposed cables if there are any. You can also run your cables in conduits to make things harder to mess with. That won't make it impossible at all but it might make them move on to an easier target unless they are after you specifically for some reason.

@dhruvnamdev3357 Год назад

Awesome

@zip-taw Год назад

Hey, can you tell me the laptop (the front at thinkpad) model ? I interested with the design.

@GlorifiedGremlin Год назад

10:00 tcpdump?

@safetime100 Год назад

Very helpful and informative, subscribed and liked, thank you please do more.

@Sumsubcom Год назад

Thanks mate! Check out our new video about drone hacking :)

@cle4tle Год назад

Specialist in cybersecurity sounds like another name for whitehat hackers to me

@shikhaverma4374 Год назад

I didn't understand a thing but it was a good video

@leminhhoang3374 10 месяцев назад

Can we physically eavesdrop on fiber optic cables using light sensors?

@Clientastisch Год назад

Sniffing on fiber cables was done 40 years ago. So no, Not Secure either. The only secure method is encryption

@ELIAS-og5vf Год назад

This is the best Vidéo

@ap0110 Год назад

which app did you use on an android phone

@fagcinsk Год назад

Best cable cut, optimal and simple hacker's set. TY! // also, thank you for good quality of information // handy script =)

@mohammedalimohammed2595 Год назад

Dd are u frm❤ 🇷🇺

@apristen 10 месяцев назад

2:42 - wow! I knew from this video which color in Ethernet cable wires for what! 😀

@usama57926 Год назад

This is no problem. Every modern service uses ssl. Even if you hijack the traffic in middle you won't be able to decipher it.

@xenostim Год назад

It's ok to call yourself a hacker if you're cybersecurity specialist and know how to pen test. People will misunderstand though that's for sure. EC-Counsel, who offers the Ethical Hacker certifications, offers the exact same cert by an alternative name. In case you worry about making a potential employer nervous by having the word "hacker" refer to you on your resume 🤣.

@bertansadiki6794 Год назад

great video, but why the comments so negative

@Sumsubcom Год назад

Hey! Thanks a lot! Really happy to hear that you liked it.😍 Recently, we've been going through some changes and some of our old fans are not happy about it. However, we really appreciate every feedback, it helps us to become better

@michaelherweg7421 11 месяцев назад

Tipping an ethernet cable is already ass enough, imagine now adding aligator clips to each wire and then connecting it to each wire of the tapped device without crossing any of them. Unrealistic

@DemocracyManifest-vc5jn 10 месяцев назад

What about those internet cables poking out of buildings?

@steveiliop56 11 месяцев назад

Waittttt, you used the green pair which is the tx wires, you should have used the orange pair on the sniffer cable....

@djspectrein 10 месяцев назад

12:26 "excessive spending on toilet paper" - Elliot

@davel4030 Год назад

Interesting but I don't like all the censorship, can't finish watching.

@saadhamid5609 Год назад

Do you have any courses I can buy?

@aquietone2895 Год назад

So you're willing to get the viewing audience most of the way there in terms of understanding but there's a little bit of homework at the end. That's job security right there.

@vzwopx Год назад

This had so many errors..

@keylanoslokj1806 Год назад

Analyze them

@MrMychan02 Год назад

If you have physical access a hacker wouldn't typically do something like this. This is probably how people hacked in the 90s-early 2000s. There are so many other modern ways to accomplish the same thing. There are so many legit videos about hacking on youtube I am not quite sure why you're hiding things.

@jameswalker199 Год назад

They are hiding things for arse covering. RU-vid policy says you can't make instructional hacking videos. Also, this is simple for a noob audience, since it gets people to think about what's around them and how it can actually be abused. Hacking isn't magic, it just looks like magic if you squint at it from a distance, so seeing real hacking close up, even if its old techniques, demystifies it. Modern things like USB Rubber Duckies are fun, but if you aren't used to thinking about how to use things in unconventional ways, it'll just look like a magic USB stick.

@Peterd0e 9 месяцев назад

Scenario for early 2000 situations, not for today. It's like guide , HOw to break into WiFi secured with WEP key.

@UNgineering Год назад

the top third of the screen looks like wireshark

@alejandrojuantorena2770 Год назад

Bro they just steal my stuff and replace it with garbage from the courts. They think I can't tell the difference but the materials the device that I purchased are completely different in texture and weight. I'm not going to a judge just to complain about espionage.

@TMinusRecords Год назад

You should seriously consider whether you have schizophrenia

@redred333 11 месяцев назад

the glitch noises were haxking my brain

@vimicito Год назад

I know which program was used at 9:36, network engineers actually use it all the time 🤭. Other than that, I'll keep quiet about it though. While this kind of attack seems highly impractical to me and probably no longer part of a hacker's contemporary toolbox, the video nonetheless goes into a lot of detail on a lot of the more advanced concepts one must grasp before mounting an attack. That makes it an information goldmine regardless!

@pi96798 Год назад

Agree

@1N0fficial Год назад

Wireshark

@geordish Год назад

It’s tcpdump. Same deal, but cli based.

@mijailusk3817 Год назад

I liked this video until he started to censor some words and commands, that's really dramatic and paranoid, how this video could prevent attacks that are deprecated? That's no sense...

@KaruiKagetsu Год назад

Nice phone you got there.... What is it? 🧐

@Bartek2OO219 Год назад

even if you got in to the building to see these cables good luck identifying witch one is your target

@w4bbitseezin 10 месяцев назад

cool analog nmap

@cyberdevil657 Год назад

A few things mate. Hackers are cybersecurity specialist as far as i know. Why do you fail to mention offensive security is a thing in your intro?

@Leo-sd3jt Год назад

"now optics are the most widely used" Uh, where do you live that fiber optic cables outnumber ethernet cables?

@AysanewMesganaw Год назад

Take so much

@wisteela Год назад

Excellent video

@r1px0x88 Год назад

omg this video make my life... THX SO MUCH 💖

@DARKARMY01001 Год назад

Awesome bro

@computerinformatics8622 Год назад

what are the names of the programs and software that were censored?

@nv1t Год назад

Would be a shame if somebody name dropped: wireshark, tcpdump and python-impacket.

@saipatel8645 Год назад

I have a doubt if we sniff the packet it is encrypted with hash than burtforce takes a lot of time to decrypt it... Cuz it could be md5 hash the most common. Also the attack fail if the ethernet is in monitoring.(The flow of e-) Right?

@gigajoules6636 Год назад

Actually i take back my previous comment this description is tragic

@Beige-09 11 месяцев назад

What is the script and what is it called?

@marius6260 Год назад

2:08 emag lmao

@VladimiruYmiru Год назад

Ja :))) Fiverr roman oare?

@charleshines7282 Год назад

The sniffing you mention can happen with WiFi also so please don't anyone think you are safe just because you use WiFi. WiFi is worse even because someone just has to get close!!