Cybertalk - EP4 - IDA Pro, Malware Analysis & Python Libraries
Key Takeaways
The video discusses various tools and techniques for cybersecurity, including nmap, metasploit, IDA Pro, and Python libraries, as well as concepts such as network penetration testing, malware analysis, and reverse engineering.
Full Transcript
hello hackers and welcome to another cyber talk which is a weekly discussion between uh alexis also known as hacker exploit um and myself here in which we actually answer your cybersecurity questions so um you can leave your questions in the forum which is linked in the description of this video and we're actually going to try to do our best to answer it or answer all of them as soon as possible but be patient so uh without too much further ado uh and without wasting too much time we'll just uh jump right into today's uh today's questions um alexis uh i think you're yeah uh i believe your mic was muted for a second or so it's back on uh yeah hearing you loud and clear so let's jump into the first question which says good day uh i would like to know how to attack open ports like port 22 which is ssh port 23 telnet port 8080 80 more like open ports generally thank you so uh i'll take the lead here and give my intake on this one first and then i'm actually then i'll be looking forward to your answer alexis okay um so first uh i would actually understand that this is your answer you're asking this question um for ethical uh purposes i mean uh and that's how i'm actually to answer to your question you're asking how to attack open ports well hopefully and my answer is that you're doing it for ethical with permission with permission for penetration testing and not to actually do blackhead stuff so if you're doing penetration testing with permission for a company or for a client or for someone and you're actually doing network penetration testing um to actually know how to attack these open ports uh i would first go to i would just start with a simple nmap uh to kind of like uh i'm not muted right can you hear me alexis yep i can hear you okay so uh i would actually first look into what services run on those ports and that's actually a thing uh a that's just a simple and map away you could do a simple fingerprint with nmap a minus sv nmet minus sv would would give you a decent results which you could cross check with nicto and of course if you dig metasploit or metasploit uh you could also try using metasploit and other scanners to kind of like see whether or not all of these tools that you're using give the same results and probably the most important thing would be to actually try to uh fingerprint or try to get a manual uh recon of these services so ssh for example so poor 22 from what i know is like quite solid it's usually not vulnerable unless uh there's a very old version running on the server um telnet could be could be an open box so it could be a mixed bag and you could get a lot of surprises i've seen like scenarios where telnet was actually a very weak point in someone's server what else there's like 20 20 21 which is ftp um and in terms of ftp it depends on what kind what kind of uh surface you're actually running there there are quite a few ftp servers with a lot of vulnerabilities so you would be looking into that now as for uh web ports like 80 443 8080 uh i would actually not only look for these and actually try to fingerprint them but i would also look for other ports because there are a lot of web apps and web servers that run on less common port numbers so not only 80 443 and 8080 there are like dozens of other ports that run or host web servers and in this case i would actually run an nmap with the minus b minus so minus small cap b minus parameter or argument and of course probably a general uh suggestion in this case of uh how to attack like custom ports since we're talking about network penetration testing i would be looking for there are quite a few uh good books and courses uh on the topic and one that that comes right in at the top of my mind is like the cyber mentors is network penetration testing course which is all free on youtube and he actually it's like 25 plus hours of video himself actually doing network penetration testing so make sure to check that out yeah so i i guess this is my this is my input for this for this question hope it's helpful alex what do you think um yeah that that was very comprehensive i think um just reading the question uh it's more directed to just attacking ports in general so i think the first thing you need to get a grasp off is the various protocols that exist and uh and the different ways you would interact with them so you know um let's let's take an example of ssh so um you know ssh can be configured uh or is uh configured by default on port 22. uh however this really doesn't mean that it can it can be configured on another port so that's that's something you should also keep uh you should you should also keep an eye on um so i think that's very important so understand the default ports for various services and of course you have to keep your eye out for uh for you know these same services being run on on various other ports so just as as chris mentioned earlier uh ensure that you scan all the ports with nmap so yeah that is done by using the uh the hyphen p or the minus p minus uh parameter uh and also ensure that you're scanning udp ports uh because i think that's uh that's extremely important uh you know in regards to to you know completely scanning your car your your your host or your target um now when it comes down to a methodology regarding targeting ports as i said the first thing is to scan all ports and you know keep in mind that that services could be uh configured on different ports not just their default port um so let's just take an example if you're able to identify that you have ssh running on port 22 uh you can you can start performing the service version enumeration with nmap as well using the sv command as chris mentioned and uh again with the example of ssh there are there aren't any um you know inherent vulnerabilities with ssh commonly but you you will come across them with some older versions um the most uh the most popular target uh or uh vector for attacking ssh is usually through brute forces so yeah that's usually the only way you can go about it um so you can perform a search exploit for the version of uh of the ssh service that is running on the uh on on the host if there aren't any inherent vulnerabilities you can you can try uh you know using default credentials however that's something that you know is not really common but that's one way of going about it um in regards to web servers uh which was mentioned just briefly with port 8080 and 80 uh i think just identifying the uh the the web server technology that's being used uh whether that may be apache or nginx that's very important because again that can give you an idea of the inherent security vulnerabilities that you that this this service might be facing and you can use various tools to identify uh inherent vulnerabilities in the service like nicto um which is great for that and then you know brute force uh directory brute forcing is very very useful as well you can use tools like dev or dirtbuster for that and in regards to the web application itself i think that's out of scope of this question because you're now dealing with an entirely new web or a separate entity so that's what what i think uh you would actually be surprised how many uh servers these days and like are still running with default redemptions credentials like root root and uh ruth admin and root one two three four and stuff like that there still probably are a lot of them out there in the wild i know that uh back in the days like maybe 15 years ago there were these scanners for for roots for ssh and they would actually run these uh with a list of maybe 20 uh usernames and probably 20 passwords and you would get like dozens you would scan entire classes of ips and you would get like dozens of results and some of these servers were even up for um years yeah so you know it's funny you mentioned that because you the similar thing you can do today is use using showdown where you can actually find these servers out in the wild and many of them you know still use default credentials you know find various uh cctv cameras uh microsoft servers uh so it's very very prevalent in them so yeah it's uh it's it's one of these things that you find quite often one of the best the things of this uh this year's is uh uh black friday was that rodan had a really really good promotion they uh they they ran for like maybe it was it was their 10-year anniversary or something like that i don't know and they had like their entire thing for one dollar yeah i think it was a lifetime subscription uh for one dollar which is really awesome in fact uh i think that we also had it last year but but that was to to do with the sale particularly but i picked it up two times for four separate accounts because i think it's a fantastic resource to have it really is i haven't been using a showdown too much so far but i want to actually get more into it most especially in terms of bug bounties since i started more about bounties i know that i know that a lot of people use it as a very good resource so definitely looking maybe maybe we'll discuss about shodan more specifically in another video yeah let's actually yeah let's actually not get the diverge too much out of uh scope here as they say in back bounties yeah so let's go to the second one the second question from you guys which says hello guys congratulations for a very interesting video well thank you i would like to ask how i can start learning to use either and where to practice on and where to practice on which binaries for example to disassemble or decompile thanks so uh i don't have too much to say on this uh this is more like your area of expertise alexis but what i want to say is that a couple of months ago i believe or a little less than a year ago um i was looking a lot into uh trying to learn uh reverse engineering and the malware analysis myself and one of the best resources was crack knees dot one and we'll link to everything in the description so don't worry about memorizing this so this website crackme dot one uh is actually it contains all uh all of the reverse engineering exercises that were um on this uh website called crackme.de which was a very popular website and no longer exists uh for i don't know what reason and these are actually categorized into different difficulty levels from all the way from beginner to advanced and um they are on not only on c and c plus plus but they are they're also a reverse engineering challenges for dotnet for assembler for java visual basic and so on so yeah go look into crackme.1 and the thing is that they not only have the challenges but also have like uh the walkthroughs so i believe uh most most if not all of the challenges have also the walkthroughs there by the author or by some other people um and then uh what i will also recommend is this book called reverse engineering for beginners which uh can be found at beginners.re and this is a book by dennis yurichev yeah so this is a 1 000 page book that honestly it contains everything you need to get yourself uh started and practice reverse engineering all the way up to advanced levels so it's actually a free book you just go to that website and you download it and the the practical examples in the book uh are for only debug um and they're also for ida and i believe if if i'm not mistaken they're they're also for other debuggers from what i know and finally or not finally there is also the workshop that's available at begin dot re once again all the links in the description so this is a free workshop that's been put up by two people i guess uh um and uh that would be it's super practical which you some of you know that i'm that's my thing and like i said it's free and it's worth looking at and of course you have a ton of good free resources online you just have to know how to look for it first but since all of you are like uh hackers and you actually like this stuff you're uh you have curiosity in your nature so be sure how to know how to look for stuff online but don't look into too much stuff take one of these resources and actually start with that resource once you get familiarized with it once you feel like you're good with that move on to something else don't try to chase like 10 things at a time so yeah i guess uh that that's uh that's what i wanted to say with uh respect to this question what do you say alexis um yeah so this is a it's it's a very good question one that i think i i don't usually get regarding mellow analysis uh mostly because it's it's it's it's focused on on a particular tool which i think is great and it's one of the issues with with such a diverse market in terms of the the various disassemblers you have out there so you know you mentioned just a few you have either either pro you have um you have only the only debugger uh guidra and the i think the radar uh disassemblers also uh those are just a few of you know plethora of of debuggers and uh and disassemblers that you have out there so i think uh when it comes down to to ida i i personally learned either by you know uh trying out various uh various what do you call them uh various samples i was working with uh with real malware samples uh more specifically with with ransomware uh now you mentioned a very good site um i think it was uh crackme.1 and yeah i do remember the old domain being on uh crackmes.um i can't remember it yeah um so that's one great resource if you're looking for a structured uh practical approach now if you do want to to to get started with with real samples and of course you do need to you do need to exercise caution when using them uh this is uh i think the website is called das malwared uh dot eu uh uh the link due to this website will be in the description section so you can check it out for yourself this has like uh various uh samples uh you know ransomware key loggers etc etc so you have tons of samples that you can work with there now regarding ida pro i personally as i said learned either by by using the tool and looking through a few blogs but one book that really did help me a lot in regards to mastering ida i haven't mastered it yet but i'm working on it uh that book is uh it's called the uh the ida pro the ida pro book that's actually what it's called and it's by chris it's by chris eagle um so it really it really does cover the various uh the various aspects uh of ida pro and the various bits that you should be focusing on in regards to improving your skill so you know whether it be working on your uh your efficiency with keep with keyboard shortcuts and you know just getting to know the tool a lot more but in order to get good with ida and to to understand it united's core i think you need to you need to actually just approach it uh practically and this can only be done by by going through real samples i do have a few other blogs that that do have write-ups for these samples uh unfortunately i don't have them in front of me so i'll be posting them in the description as well so you can check them out if you're interested in in fact um so that's pretty much all that i have to say about that i mean ida pro is a very practical tool so i think that that's the only way to approach it of course uh and we actually need to be super specific when answering these questions because i i believe this sort of discussion especially when testing uh real uh real malware uh out there in the wild i guess we could do a an entire series on that topic alone on how to set up a virtual environment to make sure that uh you are able to efficiently test the malware so that uh the malware would know or wouldn't be from what i know there are malware which can actually sort of like sense they are in a virtualized environment and some of the their actions aren't triggered because they it's kind of a protective mode they wouldn't be triggered unless they would be on an operating system which is not sandboxed or virtualized i think this would be an entire discussion and we could get into it maybe some of you guys are interested we might get into this stuff i think alexis would probably if you like that or am i am i wrong here um yeah it's uh it's actually it's it's quite interesting what you just said and uh very very important um and i think it will actually turn into a very interesting discussion uh onwards if if we do want to go down that route um so yeah we do have what we call uh vm busting malware where they actually uh through various signatures uh they're able to detect whether they're in a virtual machine and they're able to if you do have unfortunately have a bridged connection to your to your host operating system they're actually able to to propagate themselves yeah and and then to infect your your host operating system so that's a rabbit hole that we we can go down i'm sure uh in quite in depth and uh will be very very very very interesting we'll keep it in mind yeah okay so question number three do i need to know assembly level language for malware analysis um okay you want to take this alexis um yeah so i think it's it's more of a rhetorical question and i know why why many people ask it is because assembly can it can be quite complex to to understand and to master but you really don't need to master assembly language um so to answer your question firstly yes it's extremely useful to know uh malwan assembly language uh for malware analysis and uh again typically because um uh from whatever point of view you look at it uh whether you're performing static analysis or dynamic analysis it will all uh sort of converge into you uh actually needing to reverse engineer the malware and in order in order for you to reverse engineer the malware uh you need to know how to read assembly code because the disassemblers will disassemble the binary or the executable and in some cases will give you either c or uh or or assembly code and more so i think it's very important to to know how to read the code than to write it because that's what you'll be dealing with so i would say focus on on understanding registers and and how they work what what the the different registers do once you know that you you love the gist of it now if you are struggling to to get a grip of assembly i would say uh one one of the best books uh that covers this and has been a great reference for me even till today is a book called the art of assembly language so this pretty much covers all the essentials that you need to know to write and of course to to actually read assembly code and to to sort of understand what's going on but i i would recommend going through the registers because the the most important aspect of it i think the the art of assembly language is by no starch if i'm not mistaken yeah it is okay so uh i don't have too much to add on this what i would actually like to say so do i need to know assembly language for malware analysis probably the short answer is not necessarily you don't need to know same as you don't need to know coding for penetration testing or bug bounty hunting but and the big but here is that you don't need to know but it is very useful if you do so if you have a lot of experience as a malware analyst or as a penetration tester or as a bug bounty hunter you know where to look into the code for potential weak spots so you actually know what to look for and how to look for this is if you have a lot of experience and also you would have some if you know assembly language for malware analysis for example uh or for reverse engineering or if you know some sort of coding for penetration testing or back bounty hunting you will have a lot of it you would have an advantage over other people who do not know that because uh in terms of like for example assembly for malware analysis uh you will know or you will be able to understand uh and debug how the instructions are being sent to the to the assembler so you will also know if you know assembly um you'll also know how malware is able to execute what is executing the instruction by instruction and you will be able to trace through the instructions and through memory so the short answer to the question is not necessarily you don't need to know assembly uh for malware analysis but it would be a very big plus if you do yeah the the there was a very good point uh in regards to uh to behavioral analysis where you you actually mentioned uh executing the code in a debugger or or disassembly and sort of watching it through every step um so just going back to the question you can you can definitely explore areas like dynamic and behavioral analysis where you're pretty much looking at what the malwa is doing in a sandbox environment so taking a look at for example if you're dealing with a windows executable or a portable executable your uh you you would take a look at what traffic is being sent through you know using a tool like wireshark so traffic analysis um you then have um you then you'll then be taking a look at the registry looking at what registries are being created and you know so on and so forth so uh definitely it's a very useful uh skill to know because it enhances your understanding of how the malware works that way so a very good point there um just to add another thing here um i don't know i mean there are a lot of people that ask this question do i need to know to code in order to be successful in cyber security whatever subfield you would be wanting to work on you do not know you you don't have to know but it's gonna help you a lot not only in cyber security but in other aspects of your uh computer science perspective or in in in it not only is going to help you in computer stuff but it also knowing how to code is going to help you how to think algorithmically which is really important in many aspects of life you might not see the parallels if you don't if you do not know how to code but you will see the parallels or the analogies when you know how to code and probably the easiest way so assembly might be a bit like scary for a lot of people uh but you you could start by learning the aspects of programming or by learning the structure of a language using python which is probably the easiest to start with one of the easiest to start with and once you know those uh like concepts of programming which applies to most if not all the programming languages it would be much easier to you to look into other languages i mean over here it might be a bit of a stretch because assembly is kind of a different thing in its own uh but it's still it's still not as hard as some people might think and like alexis said here is not that you you'll be having to write entire programs in assembly or an assembler but you would look for the ability to know how to read assembly not how to write assembly okay so um let's actually move to the next one uh because i think we've we've kind of spent quite a lot of time answering this one yeah so question number four says uh thanks for providing this platform to answer questions i enjoyed your last episode episode three um yeah so fellas uh if you are new here or if this is the first episode that you're watching make sure to watch the other three to get a bit of a more understanding of what we're doing here and we're gonna link to these episodes in the description of this video um so he says or she says i am enrolled in elearn security ptp version 5 and i struggle with note taking when i study do you have suggestions or advice for taking notes when studying for a certification or in general what is your approach for studying thanks okay so let me just go about it i don't have too much to say and then we'll just move back and forth okay so i'm just going to be super practical or super uh success here and tell you what i did when i studied for the oscp so when i studied a couple of months ago for the oscp certification i took notes using charity and won a note so i used both yeah as for cherry tree if you're not familiar with it or if you're not familiar with note taking this is uh this is a program that's usually used in linux and for the oscp specifically there is this very popular template that everybody is using online and i'm going to link to it in the description so if you use that template in cherry tree uh it's going to be a lot easier for you to start taking notes as you go through the labs and it's going to be like not only much more easier but much more convenient and much more comprehensive so you better understand the entire methodology of penetration testing which is a plus and what i did was to actually take that template and i actually modified it and adapted to my personal like methodology when i studied for the oscp i said that i also used onenote so i used onenote as a kind of a backup so uh this not only applies to the oscp or to some to some other certification but i would like to think that this applies to life in general because when it comes to important stuff passwords uh important notes sensitive information uh every it's like it's really important to have redundancy here so this is this is one area where you would uh long for redundancy meaning that it's always better to have a to have a backup plan and to have a backup of the backup plan such as having a plan b a plan c or a plan d in case something fails you can actually fail safe um so yeah aside of the oscp and certification stuff uh in real life and in my current job and as a penetration tester and also as a wannabe bug bounty hunter aspiring back bounty hunter i've learned and i cannot stress this enough that note taking is really really really important and it actually draws the line between a mediocre security researcher and a very good security researcher so it's really important make sure to take notes for everything that you do not only in certifications but also in your work in your current job in in your work as uh whatever kind of work you would have in cyber security yeah so that's kind of my take on it um yeah that's uh that's a great point to use you sort of ended uh you you ended on there with uh in regards to actually documenting uh whatever you're doing as a security researcher and just generally if you are a penetration tester or you know incident responder whatever the case um so i personally like um i like switching it or dividing it into two sort of sectors um so one of them deals with uh you know with digital uh data and content so you know if i'm if i'm doing a ctf or a box on actor box again as you mentioned uh you know cherry tree is pretty much the standard for everyone now but i also find i also find myself using mind maps quite a lot when breaking down concepts or when it's been storing information it's sort of in a in the form of a hierarchy so i think territory is great for storing uh you know useful tidbits and bits of information that uh you know that makes sense uh personally when when i'm studying either for a certification or let's just say for a test i typically take notes in a not in a notebook so i usually have a notebook where i take all my notes now this is just a personal thing that i found works for me i i personally like the physical experience right yeah i i like the physical experience and i just find that when i write something down i sort of remember it uh better so that's a personal thing um so in regards to you know studying i usually switch between you know my notebook and if i have important notes to take i'll i'll use onenote that's if i'm using windows otherwise i have a replacement i can't actually remember it's a it's a replacement for linux i'll post the link in the description it's it's a great replacement uh or an alternative to onenote for linux and you can sync it with all your devices so it's really great um so usually i usually use that when it comes down to actually taking meaningful notes i usually like or follow the feinman learning technique which is essentially it deals with actually writing down the concept that you're studying and uh you know sort of getting the overview of what you're dealing with uh breaking it down and then you know sort of explaining it and seeing where iron man the the fine man learning technique it it's uh it was a technique created by a physicist called richard so yeah uh for for anyone interested you can just perform a quick google search of that and uh they'll explain it for you so i find that that usually works great for me in regards to finding areas where i i have uh you know gaps with with my knowledge or understanding um and yeah uh i think in the in the last episode you mentioned a very interesting book that i read quite a while ago and i've been returning to ever since that is deep work by cal newport i believe and yeah the very very interesting and useful concepts uh and ideas uh you know explained and discussed in that book regarding you know focused time and having dedicated time to to actually learning or you know whether you may be doing research or whatever you're doing really that involves knowledge and learning a skill and so you know i would recommend having you know fixed scheduled time every week uh you know it's very important to schedule it before time so that you're aware of what you're going to be doing on that day so having a fixed set of time whether it may be a batch of hours or an entire day where you're going to have you know fully concentrated learning uh or a research process so i think that's that that's what i find useful and that's what works for me so i take physical notes um and i like uh breaking down concepts to the point where i can understand them uh quite well or you know well enough and of course having a set periods of time where i'm really just learning something or you know just working on a project without any interruptions well said uh so in terms of like actually deep work uh that at that book uh just starts becoming popular from what i from what i'm seeing uh online and it was written like at least four or five years ago so it's a really really good book a lot of popular people a lot of popular figures start to start picking it up and recommending it and it's probably because so it's it's becoming more popular because it's harder for us to actually uh be able to focus efficiently because we are at all times uh like hunted for attention by all sorts of stimuli from within our environment from within our surrounding environment and also from uh everywhere online where we actually spend our time so it's really important to actually focus on only one thing at a time and that's actually a plus for someone who can actually do it up until a couple of years ago there was this very there was this time management book um i it kind of i don't uh i don't remember exactly its name but it's also the author has also uh kind of patented a time management technique um but i'm gonna link to it in the description or if i remember it i'm just gonna say it while we're still here so um yeah uh that's that let's actually move to uh to the last question for today uh which says unless you have something to add no you won't settle pretty much explained it uh quite quite well there um okay so the last question says recommend or uh yeah kind of sort of like a question recommend me some useful python libraries to learn and how to work online using my little hacking experience and also how to improve how to improve my hacking experience it's kind of uh yeah it it it makes me laugh because it's not like a question but it's like one liner and i should actually try to make some something out of it so i'm not really sure if i can follow but the thing would be uh this guy or this girl or this person asks um for useful python libraries that would help in cyber security or something like that do you have uh what are you what do you think alexis um yeah so uh as as he mentioned in his uh his question uh it's a very vague question so i can only answer it from my perspective and you know from the libraries that i use so you know i'm a network penetration tester so i typically deal with networking libraries uh the only ones i can recommend are going to be of course the socket library the nmap library the scappy library for packet manipulation you know packet capturing manipulation etc uh now when it comes down to dealing with http requests uh i'm not really sure i i i typically just write scripts based on networking and interacting with networks so as i said for me i usually work with the python nmap library the socket library and the scappi library now you're someone that has a quite a google experience with python and uh you know using it you know whether it be online or for networks so i would love to hear what you have to say well yeah these are actually the main ones that you've mentioned so uh i'm not really sure if nmap is that useful as a python library for active scanning but uh it would be really useful if you're trying to automate some sort of stuff if you try to do some very very custom uh python script that would uh do a combination of different nmap scans and you would actually have to save your output to different files um that's where i would say it it would be really useful but yes python and map is a and i think there are more than one libraries that deal with the nmap in python secondly really important library in python when it comes to cyber security is the socket library to actually manipulate network data to build network communication components yeah in python uh then of course you would actually have a escapee which allows you to analyze and manipulate network packets then you have programs like recon ng which has been written in python which is a tool for open source intelligence um you also have one of the most important libraries in python is requests yeah which allows you to uh it's actually super important for manipulating web requests together with beautiful they make a great combination yeah uh by actually parsing html um in a very like user-friendly manner yeah well a combination of requests and beautiful soup uh in terms of reverse engineering uh there's uh there's mona if i think this is something that a lot of people have heard of which is kind of like a plug-in sort of like a plug-in which is used with immunity debugger and of course you have probably tons of other libraries one of them being own tools so and tools uh which does a lot of things uh it's kind of sort of like recon ng it's a kind of like a swift swiss army knife a combination of tools under the same umbrella so under the same library these are uh these are a few of the ones that i suggest uh i suggest to this person asking the question of course there are tons of other tools i mean there are probably really thousands of other tools in python depending on your purpose so of course if you know python or if you want to learn python you could learn python to actually write some of these tools to actually automate some steps of your penetration testing process of or of your bounty hunting so this would be like a very efficient way of combining the learning of a language with actually your a real job as a cyber security person yeah yeah uh i think you just mentioned beautiful soup i i actually remember using it once for um for requests uh but that was just on a side project so yeah that's also very very useful um yeah you you you covered that quite well um so i think that that again as i said is quite a vague question but um if they are looking for advice i think that they seem to be experienced with python because they're asking you know about libraries and they know that the power of python lies in in the libraries that you use so i think though those are some of the best ones available now of course they're not all but uh you you pretty much find them as you go you know if you're working on a project they'll pretty much come as you search for them so yeah yeah the the web the web search engine is your friend here i think uh probably these days one of the most powerful skills that you could have is to actually know how to search for things because the internet is an ocean of data and if you don't know how to search efficiently for things you're going to be lost but in terms of requests and beautiful soup i actually have like quite a few videos in which i go through a real world scenario from attack defense labs where i'm using a request in beautiful soup to actually brute force a wordpress login or something like that so yeah i guess this covers everything we had for today and of course i want to reiterate the fact that we are on spotify i'm not sure if i mentioned it uh so this is gonna be this these stocks are normally not only gonna be available on youtube on our channels but they're also gonna be they're also gonna be available on spotify so you can listen to it as a podcast and they're also going to be available on apple podcasts so probably by the time or if not by the time you're watching this video but uh for some future episodes you will also have the links uh to the specific resources that i mentioned to the podcast on spotify and on apple uh podcasts uh and of course make sure to check the other the other episodes of cyber talk and most importantly make sure to leave your questions in the forum so that we can answer your cybersecurity questions uh you have all our social media following in the description of these videos so what are you waiting for go actually uh look for our stuff um on social media i guess i guess that's all for today so uh thank you alexis for being here and thank you guys for watching yep thank you everyone for watching and if you're listening to this uh on the podcast thank you for listening uh listening to us or hearing us and we'll be seeing you in the next episode you
Original Description
Welcome to the fourth episode of Cybertalk! My co-host is Cristi Vlad and together where we will be covering all your questions related to Infosec and Cyber-security. If you want your question answered/featured in the next episode, you can post them in the Google form linked below.
In this episode, we discuss IDA Pro, assembly language for malware analysis and useful python libraries for penetration testing and cybersecurity.
Books:
The IDA Pro Book: https://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593272898
The Art of Assembly Language: https://www.amazon.com/Art-Assembly-Language-2nd/dp/1593272073
Malware Samples:
https://bit.ly/2PayC5y
Listen To CyberTalk:
iTunes:https://podcasts.apple.com/ke/podcast/cybertalk/id1490558117
Spotify: https://open.spotify.com/show/6j0RhRiofxkt39AskIpwP7
Google form (Post your questions here):
https://forms.gle/hK5o7ucQy7iNuz8p7
Cristi Vlad's channel:
https://www.youtube.com/user/cristivlad25
◼️Get Our Courses:
Python For Ethical Hacking: https://www.udemy.com/python-for-ethical-hacking-develop-pentesting-tools/?couponCode=PFEHJUN
Ethical Hacking Bootcamp: https://www.udemy.com/the-complete-ethical-hacking-bootcamp/?couponCode=TCEHB2019
◼️Our Platforms:
Blog: https://hsploit.com/
HackerSploit Forum: https://hackersploit.org/
HackerSploit Cybersecurity Services: https://hackersploit.io
HackerSploit Academy: https://www.hackersploit.academy
HackerSploit Discord: https://discord.gg/j3dH7tK
HackerSploit Podcast: https://soundcloud.com/hackersploit
iTunes: https://itunes.apple.com/us/podcast/the-hackersploit-podcast/id1439732519?mt=2
I hope you enjoy/enjoyed the video.
If you have any questions or suggestions feel free to post them in the comments section or on my social networks.
Social Networks - Connect With Us!
-------------------------------
Facebook: https://www.facebook.com/HackerSploit/
Twitter: https://twitter.com/HackerSploit
Instagram: https://www.instagram.com/hackersploit/
Patreon: http://
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from HackerSploit · HackerSploit · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
How To Install Kali Linux 2.0 On Virtual Box
HackerSploit
100 Subscriber Q&A! - How I Learned Ethical Hacking
HackerSploit
BlackArch Linux Review - Better Than Kali Linux?
HackerSploit
How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
HackerSploit
Wireshark Tutorial for Beginners - Installation
HackerSploit
Wireshark Tutorial for Beginners - Overview of the environment
HackerSploit
Wireshark Tutorial for Beginners - Capture options
HackerSploit
Wireshark Tutorial for Beginners - Filters
HackerSploit
Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
HackerSploit
Complete Ethical Hacking Course #2 - Installing Kali Linux
HackerSploit
Parrot OS 3.5 Review | The Best Kali Linux Alternative
HackerSploit
Nmap Tutorial For Beginners - 1 - What is Nmap?
HackerSploit
Katoolin | How To Install Pentesting Tools On Any Linux Distro
HackerSploit
Nmap Tutorial For Beginners - 2 - Advanced Scanning
HackerSploit
Nmap Tutorial For Beginners - 3 - Aggressive Scanning
HackerSploit
Zenmap Tutorial For Beginners
HackerSploit
How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
HackerSploit
How To Setup Proxychains In Kali Linux - #2 - Change Your IP
HackerSploit
How To Change Mac Address In Kali Linux | Macchanger
HackerSploit
How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
HackerSploit
Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
HackerSploit
VPN And DNS For Beginners | Kali Linux
HackerSploit
Tails OS Installation And Review - Access The Deep Web/Dark Net
HackerSploit
Steganography Tutorial - Hide Messages In Images
HackerSploit
The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
HackerSploit
Best Linux Distributions For Penetration Testing
HackerSploit
Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
HackerSploit
Gaining Access - Web Server Hacking - Metasploitable - #1
HackerSploit
Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
HackerSploit
How To Install Kali Linux On VMware - Complete Guide 2018
HackerSploit
Q&A #1 - Best Cyber-security Certifications?
HackerSploit
Terminator - Kali Linux - Multiple Terminals
HackerSploit
Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
HackerSploit
Q&A #2 - Mr Robot?
HackerSploit
Metasploit Community Web GUI - Installation And Overview
HackerSploit
Linux Expl0rer - Forensics Toolbox - Installation & Configuration
HackerSploit
QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
HackerSploit
Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
HackerSploit
Metasploit For Beginners - #2 - Understanding Metasploit Modules
HackerSploit
Kali Linux Quick Tips - #1 - Adding a non-root user
HackerSploit
Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
HackerSploit
Spectre Meltdown Vulnerability - How To Check Your System
HackerSploit
Metasploit For Beginners - #4 - Basic Exploitation
HackerSploit
ARP Spoofing With arpspoof - MITM
HackerSploit
WordPress Vulnerability Scanning With WPScan
HackerSploit
Generating A PHP Backdoor with weevely
HackerSploit
Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
HackerSploit
How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
HackerSploit
Stacer - System Optimizer And Monitoring Tool For Linux
HackerSploit
Kali Linux 2018.1 - Kernel Updates & Patches
HackerSploit
MITM With Ettercap - ARP Poisoning
HackerSploit
Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
HackerSploit
How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
HackerSploit
Channel Updates - How To Post Questions & Video Suggestions
HackerSploit
Web App Penetration Testing - #1 - Setting Up Burp Suite
HackerSploit
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
Cl0neMast3r - GitHub Repository Cloning Tool
HackerSploit
Kali Linux On Windows 10 Official - WSL - Installation & Configuration
HackerSploit
DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
HackerSploit
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit
More on: Security Basics
View skill →Related AI Lessons
⚡
⚡
⚡
⚡
eCPPTv3 Review
Medium · Cybersecurity
Next-Gen Endpoint Protection Software: Securing Remote Employees Against Modern Cyber Threats
Medium · Cybersecurity
Understanding NAT (Network Address Translation): How Multiple Devices Share a Single Public IP…
Medium · Cybersecurity
Why the EC-Council 312-41 Practice Test Is Essential for Certification Success
Dev.to AI
🎓
Tutor Explanation
DeepCamp AI