How to protect your private network from break-ins | Real experiment with a hacker
Ғылым және технология
👾 Follow this link to book a demo: sumsub.com/free-demo/
In this video, you’ll find out about how sniffing with twisted pairs works and what danger it poses to your data.
Sniffing is a kind of attack that involves listening in our data, transmitted through the network. Hackers can, with the help of special tools or software, eavesdrop on traffic and watch in real time what information is coming in and out of the computer.
Your passwords, documents, photos, any and everything could end up in the hands of another person.
For some reason, people often think that this requires some kind of expensive tools or equipment. But in this video you’ll see how hackers can eavesdrop on network traffic using simple crocodile clips. Most importantly, we’ll show you how to stay protected against these kind of attacks.
👾 More about us:
sumsub.com
/ sumsubcom
/ sumsubcom
/ admin
Timecodes:
00:00 The hacker is in search of a victim
02:01 Let’s start with the theory, what is RJ45
03:02 How information travels through the wires
04:13 How a hacker ‘sniffs’ information. Let’s start to assemble our tools!
05:20 How the attack works, as shown on our special testbed
06:20 Listening to outgoing traffic
09:20 Using a special script to search for sensitive information
11:40 Listening to the outgoing traffic and intercepting valuable data
13:47 The vulnerabilities of sniffing attacks and how to protect yourself against them
18:28 What measures do we take to protect data at Sumsub?
#sniffingattack #hardwaresniffingattack #howtohack #ethicalhacking #maninthemiddle #capturetraffic #rj45 #twistedpair #ethernetcable #cybersecurity #sumsub
Пікірлер: 284
This is pretty old stuff guys. I personally have not seen a Vampire Tap device since the early 90s. Also with the rise of SSL and TLS for mail transport this is not going to work at least for raw sniffing anyway. Cool video though.
@phillipgilligan8168
Жыл бұрын
Thats why you MITM with this and decrypt the SSL. Too easy. Either way, yes there are better attack vectors, but if you had time, and the correct place to do this, like an accessible basement, with a tap, and some specific hardware you would leave in place that I won't name, This could indeed be very effective.
@LP-fy8wr
Жыл бұрын
@@phillipgilligan8168 how do you plan on decrypting the SSL traffic without the private key? Granted there are some tools where you can strip SSL out of a session but the end-users going to know.
@phillipgilligan8168
Жыл бұрын
@@LP-fy8wr your MitM proxy replaces the ssl cert so you actually own the private key in that configuration. Look for “Mitmproxy” also, never use these kinds of tools on systems you don’t own. (Sorry had to add a disclaimer there)
@user-pm8je4fo7e
Жыл бұрын
Oh cmon. Pentestish hispsters and opensource nerds were all over Throwing Star TAP just several years ago.
@user-pm8je4fo7e
Жыл бұрын
@@LP-fy8wr you would not believe how many users will click "whatever, just get me to the site". Not to mention that you actually can make it TLS again. All this cryptomumbojumbo is good, but cert managing infrastructure is really bad. It's so bad, I actually think it was made this way by design by some NSA or whatever. Getting your hands on "good" certificate is not as hard as one would've expect. And after that the only thing standing between you and plaintext would be cert pinning, which is like a dad who went for a pack of cigaretts twenty years ago. Downgrading TLS is still a thing too, as far as I can tell. So yeah, mitm is still possible in modern internets. Although I have no idea why this dude invoked mitm in context of passive sniffing.
Not a bad video but I must say, I do miss the amazing quality you used to produce with Bradley with those sets.
RJ-45 is not a cable, it's a type of connector for utp/stp cable like CAT5, CAT5E, CAT6 and so on.
Great video, very informative without being too informative. I’m glad Seytonic gave you a shout out, definitely going to sub. Keep up the great work.
@Sumsubcom
Жыл бұрын
Thanks a lot! Glad to hear that! 🥰
The point is to do this after the router. There is no point doing this before the router (in the company's LAN). Since you're already in the company, no need to cut cables. In a pentest scenario you want to get it and get out as stealthy as possible.
Many years ago, a telco I worked for had a large office building in a city, they decided this building was no longer suitable so they moved over to a new one. One of our competitors ended up taking over the old office building. Then one of our techs had a startling realisation, that building was fed with fibre, and there would have been all the necessary associated equipment in there, as in fibre to the corporate network as opposed to the internet. So one of our techs paid a visit (high, just chasing a phone fault, can we have the basement keys) and yes it was all still there, powered up, gigabit feeds of all our internal corporate systems...... not for long...... That's what you get from a building full of sales execs etc. no technical knowledge at all.
Thank you for the hard work you put into making this video.
@Sumsubcom
Жыл бұрын
Glad you enjoyed it!😊
Perfeito , parabéns pela iniciativa !!!
thanks for your tutorial i really enjoyed it
Splicing into a cable is definitely detectable since the attenuation of the signal will increase.
@josephzajdler
Жыл бұрын
where can I purchase a device that will detect signal attenuation that will send me a notification when it happens and alert me to which cable it is?
@oksowhat
9 ай бұрын
@@josephzajdler home routers have the hardware for it but not the software
Great explanation
Why hide the commands? This basic stuff can be easily found. Information wants to be free. This is just silly as there are legitimate reasons for sniffing packets. I do it all the time as part of my job. Come on no one is using FTP or telnet where passwords are sent in clear text any more.
@DexieTheSheep
Жыл бұрын
exactlyyyyy
@solarsombrero227
Жыл бұрын
KZread will often ban videos that show exactly how this kind of stuff is done
@DexieTheSheep
Жыл бұрын
@@solarsombrero227 they only ban videos involving dishonest behavior, but learning network sniffing can be used for good... Usually I just see channels like these mention that it's for educational purposes or whatever and mention it's illegal to do it without permission. Same reason why hacking is taught in general. The black-hats already have their resources for learning this stuff.
@Crysal
Жыл бұрын
@@solarsombrero227 just put a "for educational purposes only"
@GlorifiedGremlin
Жыл бұрын
Well, he's got liability. We don't, we can just share what he has to censor lol
I remember a late 90s LAN party. A heavy kiddo sat in the corner, smirking. I walked over and sat down next to the pale, bespectacled boy. When his blubber had stopped jiggling after to our seated collision, he lifted his meaty arm and pointed at the screen. He was running something named Lunix. His screen was full of terminals. He adjusted his glasses and took a breath from his asthma inhaler, before finally speaking. "See that? I have ARP poisoned the network. All traffic is routed through my computer. See those website passwords scrolling on the screen? That's people on this network who are logging into websites." I was too impressed to report him to anyone.
@theflano23
Жыл бұрын
Loving the description, very immersive
This is an amazing video! I learned a lot, thank you!
@Sumsubcom
Жыл бұрын
Glad you enjoyed it !
My dear brother, if you continue in this way, the channel will grow. Yes, this is the type of videos that we want. Continue and we will support you
Hackers rarely work locally, this is more for companies that are afraid of industrial espionage
it's honestly easier to infect a client.. great content tho!!
Thank you sir 🙏
This thing is awesome. I'm digging it!
@Sumsubcom
Жыл бұрын
Hey! Glad that you like it ☺
I regularly convince your id verification system that photoshopped IDs I make are real.
@Sumsubcom
Жыл бұрын
Hey! Thanks for your comment 🙂 We constantly improve our products and take into consideration any feedback. In order to provide a detailed answer to you we'd like to take a closer look at your case. Please share it with us by dropping us an email at Pr@sumsub.com
i prefer these longer videos so very much more to the shorts.
@Sumsubcom
Жыл бұрын
Hey! Thanks for your comment! We also love the long format and we're not going to stop producing it 😊
I love your videos, such a quality
@Sumsubcom
Жыл бұрын
Thank you so much!
it was kinda fun filling in the blanks when watching this, like a shout-out at a Pantomime
i want this man to make audiobooks so i can fall asleep to his voice
great content!
We really going to redact things like wireshark lol? Come on now. Either way, loved the way the video was edited and the cadence of the video. Despite people feeling one way or another, it was creative and cool. Thanks for the video.
Thanks for this video its very imformative but how you connect crocodile to that green cable if you dont cut that plastic around cable
without looking at the channel that uploaded, and only reading the video name in my subscription feed, I thought this was going to be an onion video about avoiding Joe Biden Sniffing Attacks
Useful informations, thanks for the video.
@Sumsubcom
Жыл бұрын
Happy it was helpful!🎉
Hi! What distro are you using?
Thank you for your vide, but My question is: WHat kind of phone do you use for this operation ?Thanks
Great video! Makes it’s easy to understand for the average joe. My only gripe is nitpicking. But it’s bugging me how he keeps calling it an rj45 cable. It’s a copper twisted pair cable or more specifically, likely a cat5, cat5e or cat6 cable
@mjtonyfire
Жыл бұрын
RJ45 refers to the connector, cat5,6 etc refers to the cable itself.
@Goatboyfellofftgecliff
Жыл бұрын
Based on the fact that there is not a noticeable divider I would have to say it’s cat 5 or cat 5e
As a pentester I believe that it would be interesting see the complete commands or some suggestion about proper documentation.
@jameswalker199
Жыл бұрын
As a pentester, you should know these commands as you use them every day
@alanh7285
11 ай бұрын
@@jameswalker199 As it pertains to this video, what commands would those be, that you think everyone should know?
Hex editors are so much fun!
Amazing content!
@Sumsubcom
Жыл бұрын
Glad you enjoyed it😊
Of course when someone cuts pairs to turn 1000 MB in to 100 MB that may be enough to get some people to take a look at their network if it goes on too long. They might go to the room where they have the router looking for a bad cable. If they are smart enough they might even look at exposed cables if there are any. You can also run your cables in conduits to make things harder to mess with. That won't make it impossible at all but it might make them move on to an easier target unless they are after you specifically for some reason.
Great video
doing this in my college networking class.. great stuff
@ahmedmahomed
Жыл бұрын
Hacking?
@doopy
Жыл бұрын
@@ahmedmahomed working with RJ45 and Cat5E cabling, exploiting things and breaking them down can give you a greater understanding of how they work and how data is transferred through them.
@dj-yv7oi
Жыл бұрын
@@ahmedmahomed *listening on the network*
@jameswalker199
Жыл бұрын
@Ahmed Mahomed Yes. There are hackers that get paid by companies to hack them, then produce an exhaustive writeup on all their security failings, that way the company can clean up the low hanging fruit and make their systems more secure. Its called penetration testing, or more generally, whitehat hacking.
@jameswalker199
Жыл бұрын
There's also blackhats, who are malicious hackers, greyhats, that sit somewhere in the middle, hacking just for fun but usually telling the victim if they find anything serious, and greenhats, who are only in it for the money, normally doing penetration testing and bug bounties, but they aren't afraid of selling malware if the bug bounty doesn't pay well.
Good content, ethernet line connect can detect but I looking at how they do as method and other prevention.
pretty nice.. thanks.. gotta love kodachi too :)
Hope you upload uncensored video on Patreon or smthng 🌟
I really like your video tutorials
Very helpful and informative, subscribed and liked, thank you please do more.
@Sumsubcom
Жыл бұрын
Thanks mate! Check out our new video about drone hacking :)
Hey, can you tell me the laptop (the front at thinkpad) model ? I interested with the design.
small note. at the start of the video the comments on the bash shell are C comments not bash comments.
I like how they censor the software as if you couldn't just google lol
@josephzajdler
Жыл бұрын
Makes it more MYSTERIOUS, ooohh !!
@jameswalker199
Жыл бұрын
Its for arse covering. KZread has policies against making instructional hacking videos
@tisjester
Жыл бұрын
@@jameswalker199 correct - it is a KZread restriction - nothing more.
@DemocracyManifest-vc5jn
9 ай бұрын
Good for them. God forbid some Karen gets their channel taken down.
Can we physically eavesdrop on fiber optic cables using light sensors?
Best cable cut, optimal and simple hacker's set. TY! // also, thank you for good quality of information // handy script =)
@mohammedalimohammed2595
Жыл бұрын
Dd are u frm❤ 🇷🇺
A bad actor can just store the SSL encrypted network traffic and wait few years for the quantum computing to get cheaper. For example, they can track network of government officials, since there influence will not go away in few years, it makes sense.
Scenario for early 2000 situations, not for today. It's like guide , HOw to break into WiFi secured with WEP key.
good job
What about those internet cables poking out of buildings?
10:00 tcpdump?
Sniffing on fiber cables was done 40 years ago. So no, Not Secure either. The only secure method is encryption
I didn't understand a thing but it was a good video
2:42 - wow! I knew from this video which color in Ethernet cable wires for what! 😀
Specialist in cybersecurity sounds like another name for whitehat hackers to me
Awesome
12:26 "excessive spending on toilet paper" - Elliot
which app did you use on an android phone
This is no problem. Every modern service uses ssl. Even if you hijack the traffic in middle you won't be able to decipher it.
This is the best Vidéo
Tipping an ethernet cable is already ass enough, imagine now adding aligator clips to each wire and then connecting it to each wire of the tapped device without crossing any of them. Unrealistic
Do you have any courses I can buy?
It's ok to call yourself a hacker if you're cybersecurity specialist and know how to pen test. People will misunderstand though that's for sure. EC-Counsel, who offers the Ethical Hacker certifications, offers the exact same cert by an alternative name. In case you worry about making a potential employer nervous by having the word "hacker" refer to you on your resume 🤣.
the top third of the screen looks like wireshark
I didn't understand how you can read the data without connecting the crocodile cable. You only clipped them but didn't connect them.
the glitch noises were haxking my brain
even if you got in to the building to see these cables good luck identifying witch one is your target
So you're willing to get the viewing audience most of the way there in terms of understanding but there's a little bit of homework at the end. That's job security right there.
Excellent video
I know which program was used at 9:36, network engineers actually use it all the time 🤭. Other than that, I'll keep quiet about it though. While this kind of attack seems highly impractical to me and probably no longer part of a hacker's contemporary toolbox, the video nonetheless goes into a lot of detail on a lot of the more advanced concepts one must grasp before mounting an attack. That makes it an information goldmine regardless!
@pi96798
Жыл бұрын
Agree
@1N0fficial
Жыл бұрын
Wireshark
@geordish
Жыл бұрын
It’s tcpdump. Same deal, but cli based.
A few things mate. Hackers are cybersecurity specialist as far as i know. Why do you fail to mention offensive security is a thing in your intro?
Waittttt, you used the green pair which is the tx wires, you should have used the orange pair on the sniffer cable....
A guy talking in"Londonish",Credibility level = 0%
omg this video make my life... THX SO MUCH 💖
great video, but why the comments so negative
@Sumsubcom
Жыл бұрын
Hey! Thanks a lot! Really happy to hear that you liked it.😍 Recently, we've been going through some changes and some of our old fans are not happy about it. However, we really appreciate every feedback, it helps us to become better
Interesting but I don't like all the censorship, can't finish watching.
cool analog nmap
Anti-newbie video ON 😂
Me after learning this: all right, next stop Valve HQ. We're getting Half life 3 this time boys
If you have physical access a hacker wouldn't typically do something like this. This is probably how people hacked in the 90s-early 2000s. There are so many other modern ways to accomplish the same thing. There are so many legit videos about hacking on youtube I am not quite sure why you're hiding things.
@jameswalker199
Жыл бұрын
They are hiding things for arse covering. KZread policy says you can't make instructional hacking videos. Also, this is simple for a noob audience, since it gets people to think about what's around them and how it can actually be abused. Hacking isn't magic, it just looks like magic if you squint at it from a distance, so seeing real hacking close up, even if its old techniques, demystifies it. Modern things like USB Rubber Duckies are fun, but if you aren't used to thinking about how to use things in unconventional ways, it'll just look like a magic USB stick.
Nice phone you got there.... What is it? 🧐
Awesome bro
Wow great info,tQ sir
I have a doubt if we sniff the packet it is encrypted with hash than burtforce takes a lot of time to decrypt it... Cuz it could be md5 hash the most common. Also the attack fail if the ethernet is in monitoring.(The flow of e-) Right?
"now optics are the most widely used" Uh, where do you live that fiber optic cables outnumber ethernet cables?
I use cat 7 and never sleep hidden postifier
yea
Bro they just steal my stuff and replace it with garbage from the courts. They think I can't tell the difference but the materials the device that I purchased are completely different in texture and weight. I'm not going to a judge just to complain about espionage.
@TMinusRecords
Жыл бұрын
You should seriously consider whether you have schizophrenia
Take so much
The sniffing you mention can happen with WiFi also so please don't anyone think you are safe just because you use WiFi. WiFi is worse even because someone just has to get close!!
yanno, after the bradley and emily split i was really concerned about the future of this channel, but i wil say this pleasantly surprised me.
@ahmedmahomed
Жыл бұрын
Split?
@Sumsubcom
Жыл бұрын
Hi Tom! Thank you very much for your support! It means a lot to us, especially now that we are trying to find our new way in the online jungle☺
i felt like solid snake as im being breached on this classified information. The background music was on point. haha snaaaaaakee
This had so many errors..
@keylanoslokj1806
Жыл бұрын
Analyze them
I liked this video until he started to censor some words and commands, that's really dramatic and paranoid, how this video could prevent attacks that are deprecated? That's no sense...
maybe clarify how long and time consuming a dictionary attack can take.
wireshark and hash cat
our school has an exposed unconnected ethernet cable on the exterior
@Buciasda33
Жыл бұрын
Zap it with the Piezoelectric from a disassembled lighter or with a stun gun or whatever you can use :)
Vamp Taps, huh? Guess they are still around.