Anti-Forensics Techniques Part 2

00:01

Hey, everyone, welcome back to the course. So the last video we talked about the goal of anti forensics as well. Some information again, at a very high level about windows file deletion in, uh, and also the recycle bin path. So again, you want to just memorize those for the examination.

00:16

In this video, we're gonna talk about password cracking,

00:20

so we have several different forms of password cracking. So brute forest dictionary, rule based hybrid and rainbow are the ones we're going to talk about in this video

00:29

brute force. So as the name kind of implies, we're gonna try every possible combination, right? So we're brute forcing it. So kind of like if we were kicking our door in or if the rock pictured here was kicking our door in,

00:40

it's gonna take a lot longer if you've taken my ethical hacking course. We kind of talked about that in There is one of the attack types, and that's why I recommend you actually take either the certified of the clacks examination before taking this course or you understand the material that's covered in that. So again, here on cyber, we have a free ethical hacking course

00:59

I do recommend that you take it before this particular course.

01:03

Um, just because we talk about things like this the Pakistan password cracking in that course

01:08

next up dictionary tax. So I'm here, Essentially. Just think of it like a dictionary. Right? So the dictionary file is gonna be loaded. Um, you know, in the password cracking application. So, you know, using a tool that Callie Lennox, for example, on an ah Toula excuse me, operating system like Callie Lennox and then a tool inside of that

01:26

called John the Ripper. So that's Ah, dictionary attack

01:30

with John the Ripper.

01:30

Now, this doesn't work against past phrases, you know? So if you're using, like, a combination of different things to create a pass phrase, it's not an effective attack against that

01:41

rule based. So here the attacker has some information about the requirements. So, you know, for example, they know that the password is gonna be, you know, a maximum of seven characters in length, for example, you know, or it's gotta have, like, two numbers in it or something like that. So basically, what they're gonna do at that point is then put a rule inside of a cracking application

02:00

and use that rule too,

02:01

reduced the time it takes to crack the password. So think of the long allies of, like, a brute force, for example. You know, using a tool that can enable in there we can, you know, adjust the length of the characters in the password. So, for example, we could say, you know Okay, you know the password. We know it's seven characters in length and we can see that reduces our,

02:21

um, you know,

02:23

length to crack the password by significant amount. So again, you know, back in the ethical hacking course, if you've taken it already, we use that tool. And we took it down, you know, from, like, 15 or 14 you know, character length down to, like, six or seven. We noticed that we went from, like, 2000 years down the, you know, like, you know, three or four weeks so,

02:42

you know, are just a matter of months. So

02:44

again, that's just used a rule basis. Just used to reduce the amount, the amount of time it takes to crack a password

02:51

and then hybrid. You know, this is kind of that combination between dictionary brute force So it's going to use all sorts of combinations, you know? So, for example, like password, one password. 1234 etcetera, etcetera. So, again, you know, it's using the most common types of things that people use

03:07

Rainbow tax. So this one Ah, you know, is a pre computed thing Here we're, ah, pre compute pre computer table. Excuse me? Where is essentially a bunch of different password hash is So let's just say I'm an attacker and I go and I calculate out, you know, password. 1234 Password. 12345

03:24

You know, capital, lower case, etcetera, etcetera. So

03:27

we can use these rainbow tables. Thio, you know, potentially cracked the password Fast word.

03:32

So some tools that we can use it create or generate thes Artie Jen and win Artie. Generous, uncommon ones. But the easy solution against this assaulting your passwords, right? So, you know, if I'm creating a password hash of you know, Pastor, over 1234 The new salt your password. I'm not going to be able to crack that right.

03:50

Unless I've already figured out how to, you know, some different common

03:53

assaulting, you know, calculations, but that's really not realistic, you know? I mean, honestly, we're not gonna know every possible assault that could be out there. Um, now, there are some ways around different things, but, um, you know, salting You're not gonna know the different ways to bypass that. A ce faras like generating hashes.

04:14

So another thing we're gonna talk about is just bios. Password reset. You may see this

04:18

tested on the exam as far as, like, hot Waterson ways that we can

04:23

bypassed bios here. So, uh, several different ones manufacturers might have a back door for us. We could also potentially reset the scene. Most password. Ah, Dave. Girls. Ah, technique available in MCA West. And then also, we can reset the sea moss.

04:38

Um uh, Rory, remove the sea. Most battery again. That's kind of stuff.

04:43

Ah, in in relation to the motherboard, the hardware itself. So nothing as faras in depth that would ever be tested on the exams a sw far as I'm concerned. Um, at least I don't think you would have to know it, but just understand that, Like, to reset. See, Moss, you're gonna potentially wanna have to do that at the motherboard itself.

05:03

Resending the administrator password. So just some different tools listed there that you'll want to know for the exam that you can use to reset the admin password and Windows.

05:14

PDF Password recovery Again. Just some tools listed here that you'll just want to know for your examination.

05:19

Steganography, Steganography instead. Analysis. You don't need to know this in depth. Just understand that steganography is hiding a message. So, for example, I'm an attacker. I hide a message inside of a photo so you don't see it, right? The photo looks the same, but there's a message inside of there.

05:35

And the Stig analysis suggests the flip side of that, right? We're just discovering the information. Now, this photo here, we actually can see some faces in there. So this would not be a good example of steganography. But it's why I just want you to understand that an attacker can hide stuff inside of something else. You know, whether it's a photo, which is the most common one or something, like an MP three file as well.

05:57

Okay, so encrypting file system. So this'd basically just file level. Ah, file system level encryption. So, you know, for example. Three user account password needs to be strong. Otherwise, you can bypass is pretty easily like, for example, of your passwords. Password. 1234

06:15

different anti ferns economies was again. We kind of talked about anti forensics and the goals with it Keep tools update. It kind of goes without saying different key, logger. So, for example, we could put a key logger on the Attackers machine and, you know, potentially get information that way.

06:30

Now, we can also prevent data from becoming overwritten. So, you know, using things like encryption or, you know, just making a more difficulty override all the data.

06:40

So just a quick post assessment question, true or false? A steganography, A process of hiding information in a file.

06:50

All right, so that one is true.

06:53

So again, stuck in our free is the process of hiding information in a file.

06:58

So this video, we just kind of talked about the goal. Excuse me? Different password cracking mechanisms that we can use. We also talked about condescend, generalized high level information about how you can bask, bypass excuse me, the bios password,

07:13

and then also some tools. And we can use for things like, you know, bypassing the admin password on windows.

07:17

I mean, also bypassing the password in pdf files.