How to protect your private network from break-ins

How to protect your private network from break-ins | Real experiment with a hacker

Рет қаралды 281,007

Күн бұрын

👾 Follow this link to book a demo: sumsub.com/free-demo/
In this video, you’ll find out about how sniffing with twisted pairs works and what danger it poses to your data.
Sniffing is a kind of attack that involves listening in our data, transmitted through the network. Hackers can, with the help of special tools or software, eavesdrop on traffic and watch in real time what information is coming in and out of the computer.
Your passwords, documents, photos, any and everything could end up in the hands of another person.
For some reason, people often think that this requires some kind of expensive tools or equipment. But in this video you’ll see how hackers can eavesdrop on network traffic using simple crocodile clips. Most importantly, we’ll show you how to stay protected against these kind of attacks.
👾 More about us:
sumsub.com
/ sumsubcom
/ sumsubcom
/ admin
Timecodes:
00:00 The hacker is in search of a victim
02:01 Let’s start with the theory, what is RJ45
03:02 How information travels through the wires
04:13 How a hacker ‘sniffs’ information. Let’s start to assemble our tools!
05:20 How the attack works, as shown on our special testbed
06:20 Listening to outgoing traffic
09:20 Using a special script to search for sensitive information
11:40 Listening to the outgoing traffic and intercepting valuable data
13:47 The vulnerabilities of sniffing attacks and how to protect yourself against them
18:28 What measures do we take to protect data at Sumsub?
#sniffingattack #hardwaresniffingattack #howtohack #ethicalhacking #maninthemiddle #capturetraffic #rj45 #twistedpair #ethernetcable #cybersecurity #sumsub

Пікірлер: 284

@LP-fy8wr Жыл бұрын

This is pretty old stuff guys. I personally have not seen a Vampire Tap device since the early 90s. Also with the rise of SSL and TLS for mail transport this is not going to work at least for raw sniffing anyway. Cool video though.

@phillipgilligan8168 Жыл бұрын

Thats why you MITM with this and decrypt the SSL. Too easy. Either way, yes there are better attack vectors, but if you had time, and the correct place to do this, like an accessible basement, with a tap, and some specific hardware you would leave in place that I won't name, This could indeed be very effective.

@LP-fy8wr Жыл бұрын

@@phillipgilligan8168 how do you plan on decrypting the SSL traffic without the private key? Granted there are some tools where you can strip SSL out of a session but the end-users going to know.

@phillipgilligan8168 Жыл бұрын

@@LP-fy8wr your MitM proxy replaces the ssl cert so you actually own the private key in that configuration. Look for “Mitmproxy” also, never use these kinds of tools on systems you don’t own. (Sorry had to add a disclaimer there)

@user-pm8je4fo7e Жыл бұрын

Oh cmon. Pentestish hispsters and opensource nerds were all over Throwing Star TAP just several years ago.

@user-pm8je4fo7e Жыл бұрын

@@LP-fy8wr you would not believe how many users will click "whatever, just get me to the site". Not to mention that you actually can make it TLS again. All this cryptomumbojumbo is good, but cert managing infrastructure is really bad. It's so bad, I actually think it was made this way by design by some NSA or whatever. Getting your hands on "good" certificate is not as hard as one would've expect. And after that the only thing standing between you and plaintext would be cert pinning, which is like a dad who went for a pack of cigaretts twenty years ago. Downgrading TLS is still a thing too, as far as I can tell. So yeah, mitm is still possible in modern internets. Although I have no idea why this dude invoked mitm in context of passive sniffing.

@computerdoctor1708 11 ай бұрын

The point is to do this after the router. There is no point doing this before the router (in the company's LAN). Since you're already in the company, no need to cut cables. In a pentest scenario you want to get it and get out as stealthy as possible.

@paulstubbs7678 Жыл бұрын

Many years ago, a telco I worked for had a large office building in a city, they decided this building was no longer suitable so they moved over to a new one. One of our competitors ended up taking over the old office building. Then one of our techs had a startling realisation, that building was fed with fibre, and there would have been all the necessary associated equipment in there, as in fibre to the corporate network as opposed to the internet. So one of our techs paid a visit (high, just chasing a phone fault, can we have the basement keys) and yes it was all still there, powered up, gigabit feeds of all our internal corporate systems...... not for long...... That's what you get from a building full of sales execs etc. no technical knowledge at all.

@x0rZ15t Жыл бұрын

RJ-45 is not a cable, it's a type of connector for utp/stp cable like CAT5, CAT5E, CAT6 and so on.

@Chatterintheskull Жыл бұрын

Thank you for the hard work you put into making this video.

@Sumsubcom Жыл бұрын

Glad you enjoyed it!😊

@maxxxb4uh4us80 Жыл бұрын

Perfeito , parabéns pela iniciativa !!!

@Leo-sd3jt Жыл бұрын

Splicing into a cable is definitely detectable since the attenuation of the signal will increase.

@josephzajdler Жыл бұрын

where can I purchase a device that will detect signal attenuation that will send me a notification when it happens and alert me to which cable it is?

@oksowhat 9 ай бұрын

@@josephzajdler home routers have the hardware for it but not the software

@rationalbushcraft Жыл бұрын

Why hide the commands? This basic stuff can be easily found. Information wants to be free. This is just silly as there are legitimate reasons for sniffing packets. I do it all the time as part of my job. Come on no one is using FTP or telnet where passwords are sent in clear text any more.

@DexieTheSheep Жыл бұрын

exactlyyyyy

@solarsombrero227 Жыл бұрын

KZbin will often ban videos that show exactly how this kind of stuff is done

@DexieTheSheep Жыл бұрын

@@solarsombrero227 they only ban videos involving dishonest behavior, but learning network sniffing can be used for good... Usually I just see channels like these mention that it's for educational purposes or whatever and mention it's illegal to do it without permission. Same reason why hacking is taught in general. The black-hats already have their resources for learning this stuff.

@Crysal Жыл бұрын

@@solarsombrero227 just put a "for educational purposes only"

@GlorifiedGremlin Жыл бұрын

Well, he's got liability. We don't, we can just share what he has to censor lol

@YeloPartyHat Жыл бұрын

Not a bad video but I must say, I do miss the amazing quality you used to produce with Bradley with those sets.

@edsmith3052 Жыл бұрын

Great video, very informative without being too informative. I’m glad Seytonic gave you a shout out, definitely going to sub. Keep up the great work.

@Sumsubcom Жыл бұрын

Thanks a lot! Glad to hear that! 🥰

@KINGFROMHEART Жыл бұрын

Great explanation

@AQASAMOTEN Жыл бұрын

thanks for your tutorial i really enjoyed it

@hackerninjaking2617 Жыл бұрын

Thank you sir 🙏

@igamse Жыл бұрын

This is an amazing video! I learned a lot, thank you!

@Sumsubcom Жыл бұрын

Glad you enjoyed it !

@dannypaaji Жыл бұрын

This thing is awesome. I'm digging it!

@Sumsubcom Жыл бұрын

Hey! Glad that you like it ☺

@marcs.8040 Жыл бұрын

I love your videos, such a quality

@Sumsubcom Жыл бұрын

Thank you so much!

@LightVibrationPresenseKindness Жыл бұрын

great content!

@dj-yv7oi Жыл бұрын

Useful informations, thanks for the video.

@Sumsubcom Жыл бұрын

Happy it was helpful!🎉

@magicmanchloe Жыл бұрын

Great video! Makes it’s easy to understand for the average joe. My only gripe is nitpicking. But it’s bugging me how he keeps calling it an rj45 cable. It’s a copper twisted pair cable or more specifically, likely a cat5, cat5e or cat6 cable

@mjtonyfire Жыл бұрын

RJ45 refers to the connector, cat5,6 etc refers to the cable itself.

@Goatboyfellofftgecliff Жыл бұрын

Based on the fact that there is not a noticeable divider I would have to say it’s cat 5 or cat 5e

@doopy Жыл бұрын

doing this in my college networking class.. great stuff

@ahmedmahomed Жыл бұрын

Hacking?

@doopy Жыл бұрын

@@ahmedmahomed working with RJ45 and Cat5E cabling, exploiting things and breaking them down can give you a greater understanding of how they work and how data is transferred through them.

@dj-yv7oi Жыл бұрын

@@ahmedmahomed *listening on the network*

@jameswalker199 Жыл бұрын

@Ahmed Mahomed Yes. There are hackers that get paid by companies to hack them, then produce an exhaustive writeup on all their security failings, that way the company can clean up the low hanging fruit and make their systems more secure. Its called penetration testing, or more generally, whitehat hacking.

@jameswalker199 Жыл бұрын

There's also blackhats, who are malicious hackers, greyhats, that sit somewhere in the middle, hacking just for fun but usually telling the victim if they find anything serious, and greenhats, who are only in it for the money, normally doing penetration testing and bug bounties, but they aren't afraid of selling malware if the bug bounty doesn't pay well.

@nakedtrader3959 Жыл бұрын

Amazing content!

@Sumsubcom Жыл бұрын

Glad you enjoyed it😊

@davinci3043 Жыл бұрын

Great video

@marosak8056 Жыл бұрын

Thanks for this video its very imformative but how you connect crocodile to that green cable if you dont cut that plastic around cable

@MyAmazingUsername Жыл бұрын

I remember a late 90s LAN party. A heavy kiddo sat in the corner, smirking. I walked over and sat down next to the pale, bespectacled boy. When his blubber had stopped jiggling after to our seated collision, he lifted his meaty arm and pointed at the screen. He was running something named Lunix. His screen was full of terminals. He adjusted his glasses and took a breath from his asthma inhaler, before finally speaking. "See that? I have ARP poisoned the network. All traffic is routed through my computer. See those website passwords scrolling on the screen? That's people on this network who are logging into websites." I was too impressed to report him to anyone.

@theflano23 Жыл бұрын

Loving the description, very immersive

@diogoferreira8397 Жыл бұрын

As a pentester I believe that it would be interesting see the complete commands or some suggestion about proper documentation.

@jameswalker199 Жыл бұрын

As a pentester, you should know these commands as you use them every day

@alanh7285 11 ай бұрын

@@jameswalker199 As it pertains to this video, what commands would those be, that you think everyone should know?

@EmmaLinwood 11 ай бұрын

Thank you for your vide, but My question is: WHat kind of phone do you use for this operation ?Thanks

@tristanboyle4450 11 ай бұрын

pretty nice.. thanks.. gotta love kodachi too :)

@charleshines2142 9 ай бұрын

Of course when someone cuts pairs to turn 1000 MB in to 100 MB that may be enough to get some people to take a look at their network if it goes on too long. They might go to the room where they have the router looking for a bad cable. If they are smart enough they might even look at exposed cables if there are any. You can also run your cables in conduits to make things harder to mess with. That won't make it impossible at all but it might make them move on to an easier target unless they are after you specifically for some reason.

@morsine Жыл бұрын

it's honestly easier to infect a client.. great content tho!!

@whtiequillBj Жыл бұрын

small note. at the start of the video the comments on the bash shell are C comments not bash comments.

@sbcinema Жыл бұрын

Hackers rarely work locally, this is more for companies that are afraid of industrial espionage

@Jirayu.Kaewprateep 11 ай бұрын

Good content, ethernet line connect can detect but I looking at how they do as method and other prevention.

@SharpRaccoonTeeth Жыл бұрын

it was kinda fun filling in the blanks when watching this, like a shout-out at a Pantomime

@leminhhoang3374 9 ай бұрын

Can we physically eavesdrop on fiber optic cables using light sensors?

@TANKBM Жыл бұрын

My dear brother, if you continue in this way, the channel will grow. Yes, this is the type of videos that we want. Continue and we will support you

@balazsstrahl6593 Жыл бұрын

Hi! What distro are you using?

@CRITICALCHEATS Жыл бұрын

I really like your video tutorials

@Tjensen999 11 ай бұрын

Hex editors are so much fun!

@gr0wnup5 Жыл бұрын

Hope you upload uncensored video on Patreon or smthng 🌟

@nou8310 Жыл бұрын

I regularly convince your id verification system that photoshopped IDs I make are real.

@Sumsubcom Жыл бұрын

Hey! Thanks for your comment 🙂 We constantly improve our products and take into consideration any feedback. In order to provide a detailed answer to you we'd like to take a closer look at your case. Please share it with us by dropping us an email at Pr@sumsub.com

@alexluzinki206 Жыл бұрын

good job

@dhruvnamdev3357 Жыл бұрын

Awesome

@fagcinsk Жыл бұрын

Best cable cut, optimal and simple hacker's set. TY! // also, thank you for good quality of information // handy script =)

@mohammedalimohammed2595 Жыл бұрын

Dd are u frm❤ 🇷🇺

@safetime100 Жыл бұрын

Very helpful and informative, subscribed and liked, thank you please do more.

@Sumsubcom Жыл бұрын

Thanks mate! Check out our new video about drone hacking :)

@Nanokarp Жыл бұрын

i prefer these longer videos so very much more to the shorts.

@Sumsubcom Жыл бұрын

Hey! Thanks for your comment! We also love the long format and we're not going to stop producing it 😊

@zip-taw Жыл бұрын

Hey, can you tell me the laptop (the front at thinkpad) model ? I interested with the design.

@mo-s- Жыл бұрын

I like how they censor the software as if you couldn't just google lol

@josephzajdler Жыл бұрын

Makes it more MYSTERIOUS, ooohh !!

@jameswalker199 Жыл бұрын

Its for arse covering. KZbin has policies against making instructional hacking videos

@tisjester Жыл бұрын

@@jameswalker199 correct - it is a KZbin restriction - nothing more.

@DemocracyManifest-vc5jn 9 ай бұрын

Good for them. God forbid some Karen gets their channel taken down.

@GlorifiedGremlin Жыл бұрын

10:00 tcpdump?

@rohitdas4573 Жыл бұрын

A bad actor can just store the SSL encrypted network traffic and wait few years for the quantum computing to get cheaper. For example, they can track network of government officials, since there influence will not go away in few years, it makes sense.

@DemocracyManifest-vc5jn 9 ай бұрын

What about those internet cables poking out of buildings?

@phillipgilligan8168 Жыл бұрын

We really going to redact things like wireshark lol? Come on now. Either way, loved the way the video was edited and the cadence of the video. Despite people feeling one way or another, it was creative and cool. Thanks for the video.

@ELIAS-og5vf Жыл бұрын

This is the best Vidéo

@ap0110 Жыл бұрын

which app did you use on an android phone

@Peterd0e 8 ай бұрын

Scenario for early 2000 situations, not for today. It's like guide , HOw to break into WiFi secured with WEP key.

@apristen 10 ай бұрын

2:42 - wow! I knew from this video which color in Ethernet cable wires for what! 😀

@prestheticmullet Жыл бұрын

without looking at the channel that uploaded, and only reading the video name in my subscription feed, I thought this was going to be an onion video about avoiding Joe Biden Sniffing Attacks

@usama57926 Жыл бұрын

This is no problem. Every modern service uses ssl. Even if you hijack the traffic in middle you won't be able to decipher it.

@Clientastisch Жыл бұрын

Sniffing on fiber cables was done 40 years ago. So no, Not Secure either. The only secure method is encryption

@shikhaverma4374 Жыл бұрын

I didn't understand a thing but it was a good video

@saadhamid5609 Жыл бұрын

Do you have any courses I can buy?

@cle4tle Жыл бұрын

Specialist in cybersecurity sounds like another name for whitehat hackers to me

@saitamatechno Жыл бұрын

I didn't understand how you can read the data without connecting the crocodile cable. You only clipped them but didn't connect them.

@shootgunman1460 Жыл бұрын

i want this man to make audiobooks so i can fall asleep to his voice

@vimicito Жыл бұрын

I know which program was used at 9:36, network engineers actually use it all the time 🤭. Other than that, I'll keep quiet about it though. While this kind of attack seems highly impractical to me and probably no longer part of a hacker's contemporary toolbox, the video nonetheless goes into a lot of detail on a lot of the more advanced concepts one must grasp before mounting an attack. That makes it an information goldmine regardless!

@pi96798 Жыл бұрын

Agree

@1N0fficial Жыл бұрын

Wireshark

@geordish Жыл бұрын

It’s tcpdump. Same deal, but cli based.

@bertansadiki6794 Жыл бұрын

great video, but why the comments so negative

@Sumsubcom Жыл бұрын

Hey! Thanks a lot! Really happy to hear that you liked it.😍 Recently, we've been going through some changes and some of our old fans are not happy about it. However, we really appreciate every feedback, it helps us to become better

@phr3ui559 10 ай бұрын

yea

@UNgineering Жыл бұрын

the top third of the screen looks like wireshark

@r1px0x88 Жыл бұрын

omg this video make my life... THX SO MUCH 💖

@xenostim Жыл бұрын

It's ok to call yourself a hacker if you're cybersecurity specialist and know how to pen test. People will misunderstand though that's for sure. EC-Counsel, who offers the Ethical Hacker certifications, offers the exact same cert by an alternative name. In case you worry about making a potential employer nervous by having the word "hacker" refer to you on your resume 🤣.

@steveiliop56 11 ай бұрын

Waittttt, you used the green pair which is the tx wires, you should have used the orange pair on the sniffer cable....

@w4bbitseezin 10 ай бұрын

cool analog nmap

@redred333 10 ай бұрын

the glitch noises were haxking my brain

@djspectrein 9 ай бұрын

12:26 "excessive spending on toilet paper" - Elliot

@michaelherweg7421 10 ай бұрын

Tipping an ethernet cable is already ass enough, imagine now adding aligator clips to each wire and then connecting it to each wire of the tapped device without crossing any of them. Unrealistic

@wisteela Жыл бұрын

Excellent video

@AysanewMesganaw 11 ай бұрын

Take so much

@vzwopx Жыл бұрын

This had so many errors..

@keylanoslokj1806 Жыл бұрын

Analyze them

@Bartek2OO219 Жыл бұрын

even if you got in to the building to see these cables good luck identifying witch one is your target

@saipatel8645 Жыл бұрын

I have a doubt if we sniff the packet it is encrypted with hash than burtforce takes a lot of time to decrypt it... Cuz it could be md5 hash the most common. Also the attack fail if the ethernet is in monitoring.(The flow of e-) Right?

@AnasIbrahim07 Жыл бұрын

I use cat 7 and never sleep hidden postifier

@DARKARMY01001 Жыл бұрын

Awesome bro

@KaruiKagetsu Жыл бұрын

Nice phone you got there.... What is it? 🧐

@MrMychan02 Жыл бұрын

If you have physical access a hacker wouldn't typically do something like this. This is probably how people hacked in the 90s-early 2000s. There are so many other modern ways to accomplish the same thing. There are so many legit videos about hacking on youtube I am not quite sure why you're hiding things.

@jameswalker199 Жыл бұрын

They are hiding things for arse covering. KZbin policy says you can't make instructional hacking videos. Also, this is simple for a noob audience, since it gets people to think about what's around them and how it can actually be abused. Hacking isn't magic, it just looks like magic if you squint at it from a distance, so seeing real hacking close up, even if its old techniques, demystifies it. Modern things like USB Rubber Duckies are fun, but if you aren't used to thinking about how to use things in unconventional ways, it'll just look like a magic USB stick.

@elliotjames3829 Жыл бұрын

Termux?

@acejericho8616 Жыл бұрын

Wow great info,tQ sir

@Beige-09 11 ай бұрын

What is the script and what is it called?

@charleshines7282 Жыл бұрын

The sniffing you mention can happen with WiFi also so please don't anyone think you are safe just because you use WiFi. WiFi is worse even because someone just has to get close!!

@aquietone2895 Жыл бұрын

So you're willing to get the viewing audience most of the way there in terms of understanding but there's a little bit of homework at the end. That's job security right there.

@alejandrojuantorena2770 Жыл бұрын

Bro they just steal my stuff and replace it with garbage from the courts. They think I can't tell the difference but the materials the device that I purchased are completely different in texture and weight. I'm not going to a judge just to complain about espionage.

@TMinusRecords Жыл бұрын

You should seriously consider whether you have schizophrenia