I paused the video just to say one thing, it’s incredible how RU-vid videos now have so much more superior than specialists on tv, the quality of the video, the design, idk, it’s just crazy to think
you're so right... it always irks me though whenever I find that awesome channel that makes me have that "shit where were you all these years" moment, I kinda feel I am also missing out on some other channel out there that I desperately need but haven't crossed paths with yet.
What do you mean have so much more superior? You're using an adjective as if it's a noun. It's troubling you have so many likes when I have no idea what you even mean.
As a Cybersecurity professional, I must say, this complex topic is way much simply explained. The analogy of bricks is really good. Good job and kudos to the creators.
Ok so you are in the know with pc/internet. Im not so I have a Question? Is vpn safe to use and what do it do? And is a tor browser more safe than Google to use?
@@f.t2482 DP are safe to use. They are legal in the United States of America to use if you are going to use a VPN you should not use it from your home Internet connection. Do you want to use it from a outside public Wi-Fi connection and you also do not want to use a VPN using your home PC or any device from your home this information is for educational purposes only I’m not telling you to do anything illegal but if you do decide to use a VPN, don’t use any of those devices that
When you randomly bash your keyboard in infinite parallel universes for an infinite amount of time, you'd probably get a fully working exploit chain for the latest ios version some day in Eternity
@@Ahmn2250 He's likely saying it's UNLIKELY, but the issue with iOS is that since their code base is proprietary and not open source, there are fewer EYES on that could audit it for exploits. Plus, you have entire nation states and private companies like (formerly) NSO Group spending tens of millions of dollars to develop spyware like Pegasus, etc. By definition, a 0-DAY exploit is unknown, so you wouldn't even know if someone could hack into your phone. But, if you're not an important enough target, and your adversary isn't fully technically equipped/capable, you're most likely fine. If your adversary is the NSA, you're very likely screwed because as the Snowden leaks showed, they had the entire world tapped, including the German Chancellor's phone... and things are much worse now.
As an IT professional, this video does an excellent job of breaking down a very complex subject into terms the average person can easily understand. The brick wall analogy is excellent and one I’ll borrow for future conversations.
My man, DDoS is an attack, not the way to get "to the other side of the wall". It's a denial of service, not something that will get you information. Fix your video.
Tho technically the ddos can be used to slip by (as a separate entity or method… not DDOS , so still I guess incorrect) security measures that are overloaded trying to prevent full shut down of the page’s service / servers
So if you're a dev at a large software or hardware company, you deliberately sneak in a bug that allows for a very specific 0 day vuln, sell it off to a broker, and the day it's detected by your employer, you come up with a fix and gain a pay rise.
i shall agree. as the exeptional movement of this channel is over the top. of course i can say that there are som damages.. but no one else has none.. and he still has least. as i can say in the kitchen language. one of the beast
One thing to note about all these walls is that when you buy a 0-day, you don't just pay for knowing about one faulty brick in one wall, you're paying for knowing about such a brick in every single wall of similar design.
@@gothixxx12 I can see why his comment would make sense, but I also do not have any knowledge about this. Can you explain further why a certain breach cannot be repeated in similar code structure? Maybe they're too precise or specific for each codes?
@@Друг-ч3з It is indeed incorrect, because a zero day of this proportion rarely will be just one line of code that can be reproduced by every engineer. A zero day can be an API that receives data, and then sends it to a function who will turn a string (text) to a JSON (which can contain functions) and then send it to the server, who will execute a malicious code put inside this JSON by a hacker. It involves multiple layers of the system, and all of those layers must fail in preventing that functions are being passed as strings in order to the zero day exist. Sorry for my english, it might not be so clear to understand, its not my language, but I hope it helps understand why his point is incorrect for most cases
The type of vulnerability that involves multiple layers of a system is the hardest to find, for the hackers and for the engineers. That is why they are so precious. The example that I provided is know as XSS, and it is easy for an experienced engineer to prevent, that is because it only takes a line or a block of code to make the vulnerability, that is the case where the guy commented. But, because this type of vulnerability being so common, it is easy to patch, because a lot of people know about it. A big zero-day exploit is something that is not common at all, and only a few, if not only one person found it, and 90% of the time is something in particular with the way the system works
I think there's one thing you missed that I think is extremely important: everyday security researchers. There's a lot of hackers out there that are fully public and post about the vulnerabilities they find (after they're patched, usually). However, becoming such a person still requires you to navigate these markets. They could report it directly to the company, but companies such as Apple have been criticized in the past for low payouts, or not paying at all. This could lead security researchers to go to the grey market instead, hoping for a more guaranteed payday. I think that's a pretty interesting dynamic of the market.
Apple should pay up because I'm tired of them gaslighting with the, macs can't be hacked . The lies! I'm an activist and have been hacked for years. Nothing is safe
Zero day exploits have always mesmerized me, knowing there is someone out there with a critical piece of info that could have so many implications, practically all being negative, is equal parts scary and fascinating to me.
Ah I wouldn't exactly glamorize it... It's just having something that you spent time and energy on and could use but every time you do it obviously it and you gets public exposure. Which ends up as something that more often you do (out of prestige) and don't (out of legal ramifications) want anyone to know about. Otherwise it wouldn't be a zero day which redundantly keeps it a viable zero day. So in the end you are left with a decision of (holding it) power or (public release) notoriety.
I once cracked the password to most of an ISPs accounts and I felt excited and powerful knowing what I Could possibly do with it. Spend days and then often over the weeks thinking of different scenarios Then I sent emails from those account's to their other accounts and felt like the world's most powerful hacker That's all
Zero-day exploits have always fascinated me. The idea that someone possesses a critical piece of information with potentially far-reaching, mostly negative implications is both scary and intriguing.
That's the thing with the cyber-criminal world; You have to do everything right all the time to protect yourself. But them, they have to do it right. One. Singular. Time. And you are now compromised.
Social engineering, hacking data brokers and bribing corrupt employees are some other ways people get in. *The human will always be the weakest link, like when they setup their servers and their root password is admin*
These hackers need to have some natural ability... no run of the mill hacker can do this. We all hear of hackers, and know it implies getting into your computers and other systems... but explaining it so the average person can understand it is a talent, the analogies need to be hand picked.... great job. The rabbit hole stop by step.
Credit to Kaspersky for operation triangulation, they did some amazing work exposing the attack chain. And the cherry on top, they released everything on Christmas for the jailbreak community.
🤣🤣🤣🤣🤣 DDoS going by this video is a HACK. Clearly you are why companies sell VPN and claim it keeps you free from big bad hackers. But nailed it right. OLOLOLOLOL
This video provided a much clearer and comprehensive understanding of zero-day exploits. It really confirmed some things I thought and also offered new insights. Thanks for doing this.
Saying "0-days are not always evil because they help both sides" is like saying "the NSA spying on every citizen is not always evil cause you might catch criminals". Yeah sure, you may stop some war-criming states or find national security stuff, but privacy and security of citizens should always be help in higher regard. It's why governments aren't allowed to tap into anything you do without proper suspicion. Give the government an inch under "nation security reasons" and they will take a mile, every single time.
You realize they can easily use the patriot act to gain access to anyone connected through a cellular network or ISP or even a VPN service. So essentially they don't need any specific software tools for anyone inside the US. Not when they have direct legal access to the connection through the providers. Besides if you're a government or institution apple will provide custom firmware with your engineering teams input for an additional price. Which many of these people do opt in on for obvious additional security. Joe Biden isn't walking around with exactly the same iPhone you have. So even if you had exploits embedded the security engineering team has already verified the compiled result and it's going to be hashchecked and not match.
One of the most informative, important, and thought out videos I have ever seen about the digital world. And I must say, your video editing skills and graphics are most superb and on point.
I just thought about all of this and realised that right now, there are not only people working on building these weapons but also people developing AI right now, that will be a mass production machinery to create 0-days... Just insane...
It's been around since before gpt publicly dropped. Most of these dark worm AI ect. still have a lot of issues with coding nuance like the base derivative models do. Not to mention there are others not so transparent to public eyes who's sole purpose is to sniff/snoop/collect the data into aggregate from these sources once they are identified. So then that data can be used to reverse engineer identity patterns of how the algorithms attempt exploits and patch vulnerabilities.
Government: "Gee if only I had the power of a hacker. I want it. I MUST have it! I WANT POWER!!!!!!" Suddenly they can justify the preservation of zero-day exploits for their own use, despite the glaring risk to the citizens they swore to protect.
Actually more companies are sueing hackers, even if they found a flaw just randomly in a ticket system. Lawmakeres should establish laws to punish companies and stop this!
Barely?? 😾 Are you kidding me, what else should one be doing on dark web if not for money power respect and control.. Said barely like you got top info lol
Corporations often don't want to pay because they already pay a team of people. And not everyone creating xeno or "zero days" is doing so maliciously oftentimes it's a need for debugging tools or customization that births it.
I grew up in an age before computers the Internet and smartphones. I would not trade those times for anything in the world. We rely way too much on the internet and computers. Computers popping up everywhere, even in our cars, I do not like it. I hate hackers.
all of that technology saves you time on mundane shit so you can spend more time with your loved ones, doing fun things, they keep you healthy, more secure, safer. it's a net positive in the end. i remember the world before it all too, and i wouldn't go back.
I remember your shady rat video. This video and that one are just amazing... No matter how deep your knowledge is of this area it's still a great watch!
I just want to preface, hacking doesnt entirely mean to exploit vulnerabilities to harm people. Lots of people use hacks for legitimate reasons. I have transfered my ps2 library to my ps3, whose model shouldnt be able to read ps2 discs. I compiled the games into programs that the ps3 can understand, like the sony's store equivalent of the game. Hacking, especially 0 day exploits, can give you TONS of control for your device of choice. It gives you freedom, but it can also be used for evil.
Incredible work making this video. Your ability to take complex techniques/events on this topic and simplify them something easy for everyone to understand is truly remarkable. Combined with the seamless editing creates a perfect pair for educational infosec content. Keep up the great work and I encourage you to continue creating more content like this!
work, from their detailed security assessments to their transparent communication with clients. Their ethical approach ensures that all solutions are implemented with the highest standards of integrity. This combination of professionalism and ethics has set them apart as a leader in the field.
That was thoroughly fascinating and superbly done. I’ll take that 4 hour deep dive tour now please. Heck, make it 40 hours or something, like an awesome series.
This was overall a really great vid, but I did laugh at the part "Week old bugs are as good as patched". As a researcher, some companies do not give a sh*t about patching vulnerabilities for years on end.
The key difference between the wall analogy and software, is you have to physically travel to a place with a wall, which takes time and effort. In the digital space, every wall in existence is right at your fingertips.
This is a very well made overview of what happens behind the facade, where there is no black and white and where much depends on perspective. The filming, the editing, everything is on point here. Although the origin of the 0day market is - to my at best anecdotal knowledge - not really anything to do with hacking governments or espionage. If my very limited understanding is anything to go by, the original "Warez" scene that cropped up in the early 80s and persisted well into the 1990s was where 0day software was first being shared. This could be anything from pirated cracked games to any other kind of software that people did not necessarily want to pay money for but still wanted to have it and use it. This also eventually gave rise to things like the art- and the demoscene. This is not to take away from the otherwise great insights offered here.
Both scenes are independent from each other. 0-day is just different meaning to both and while the term is the same, the origins are not. Stop perpetuating this misleading info.
somebody has been talking about fight club!!! EPIC joke and placement in the video! caught me off guard... almost lost a lil drink on my keyboard!!! then you showed the guy from usa x-intelligence agency hahaha
Hey, *Digitsaltruthseekers* squad! I just wanted to drop by and shower you with some virtual love and appreciation! You guys are like the fairy godmothers of truth, waving your digital wands and making all the lies disappear. Thank you for being my rock when everything else seemed to crumble. You're the real MVPs......!!!!!..
As a former fed, I can attest to the vast knowledge base of personnel who do amazing things, every day without any want or need of acknowledgement. The world owes those folks a nod and a silent thank you.
It's useless if you're cautious. They rely on you being socially active. Just have your sim on a separate flip phone and avoid things like whatsapp, snapchat, imessage etc. Basically don't give them anyway to contact you.
@@JohnDough-ve9uv yeah ofc, 1 of out 1000000 people does that, that percentage raises if we are talking about people that are doing something that needs discretion. but still, considering the vast majority of us is very socially active, Pegasus is still a very strong tool in out current society.
I think it's named "Operation Triangulation" not because of the total of attacks per se but it's because after the bigger main attack that initially breaks in it then sends out three smaller attacks that can be triangulated back to the initial main attack