Let me know if you want to see more videos testing security on different operating systems!
@verandering
Ай бұрын
that would be cool!
@matthiasbendewald1803
Ай бұрын
I learned something, so yes it would be cool to see more!
@benjaminjones9098
Ай бұрын
Can u test free dark net randomware/info stealers
@tomprice5496
Ай бұрын
I say give vanilla Debian and/or RedHat the same test. That would be cool.
@tomprice5496
Ай бұрын
He's not wearing sunglasses and a black trenchcoat. I'm not convinced this guy is a real hacker.
@CybersecPat
Ай бұрын
I am certainly not a hacker of any sort haha :D My skills are “script kiddie” level lol. I’m more of a blue team security person, just dipping my toes into what the attackers might do for the benefit of my understanding.
@tomprice5496
Ай бұрын
@@CybersecPat Great video! As a linux nerd, I would love to see you compare Ubuntu or something like that too
@CybersecPat
Ай бұрын
I’m planning on doing a Windows version of this video, and a Linux one after that! Hopefully you’ll find them worth a click :) Thanks for the kind words, getting feedback like this makes my day.
@user-ot9fy8ym4g
Ай бұрын
@@tomprice5496 same! i use arch btw
@SilentShadow-ss5xp
Ай бұрын
Real hackers always have to have htop running in the background
@CybersecPat
Ай бұрын
lol I know it is kind of cringe. I think I'll put like a logo on it or something
@TheFPSPower
Ай бұрын
What is weird on Windows is that it's absolutely possible to encrypt browser passwords just like the mac, but Chromium has never bothered to fix this massive security flaw and neither has Microsoft. It actually asks for authentication when you try to see a password in plain text but it's not actually secured in memory otherwise it couldn't auto-fill passwords without authentication like the Mac.
@CybersecPat
Ай бұрын
Yeah, not sure where the blame lies there. I think it is poor security on purpose. I can’t imagine anything other than that being a deliberate decision Microsoft (works in edge too) and Google make.
@Zobrombee
Ай бұрын
Good video thanks. It would be cool to show us how windows behaves comparitively in a video instead of just telling. The font size in the code editor and terminal is kind of tiny, bumping that up a few sizes would make it a lot more clear in the final video.
@CybersecPat
Ай бұрын
Thanks for the feedback! I’ll make one covering the same attacks on Windows too. Didn’t realize the fonts were too small, sorry about that. It should be better in my future videos now that I know thanks to you!
@Gabriel-cs8wo
Ай бұрын
I just found out this channel and I've watched all of your videos! You are doing an excellent job, great content, great showcases, great explanations! It will be one of my most watched KZitem channels for sure.
@CybersecPat
Ай бұрын
Wow that is so kind! Thank you for stopping by, that makes my day to know I’ve made something you enjoyed.
@shadowpenguin3482
Ай бұрын
Re #2, I feel like there is no issue with macOS here. There is nothing it could possibly do to prevent this kind of attack. There is also no unexpected privilege escalation here, if you run untrusted code on your machine, don’t be surprised that it executes untrusted code~. Whatever is typed it on the remote server might as well be in the original file
@CybersecPat
Ай бұрын
Ideally it would be able to block the outbound netcat command by default, but I bet there is some practical reason why it is allowed. You’re 100% right these attacks rely on RCEs or social engineering to happen. People run untrusted code on their computers very often though, especially uneducated users.
@istvanbarta
Ай бұрын
It's very similar like Linux (Unix-like vs Unix :) ), and it's a huge different to ask the password vs click OK if you want to run as administrator like Windows do, but if the user get used to it, because have admin privilege anyway, it's not real different between any OS in relation of security. The key is still the (power-/end-)user awareness and the good user-right management (not just in companies, but at home too eg if kids also using the same PC).
@FlorinArjocu
Ай бұрын
I wonder though why MacOS does not allow access to the Desktop folder, as it is a simple user folder, not some system folder. Nothing bad (except maybe stealing something kept there) can happen.
@imca_b_5517
Ай бұрын
you are Harry potter of Cyber security XD
@CybersecPat
Ай бұрын
lmaooo yeah I knew I'd get that with these glasses :D Thanks for checking out the vid!
@withmygoodeyeclosed
Ай бұрын
love htop running on that dedicated monitor lmao
@CybersecPat
Ай бұрын
lol going to have it show neofetch and cow say next time
@user-ot9fy8ym4g
Ай бұрын
i belive the chrome password can be extracted via the directory and some cracking... considering your using the `security` command. your basically asking for it instead of stealing it.
@CybersecPat
Ай бұрын
Interesting! I'll have to try that - thanks for the info!
@user-ot9fy8ym4g
Ай бұрын
although i use arch btw. i really like the macOS permission control system
@FlorinArjocu
Ай бұрын
I wonder though why MacOS does not allow access to the Desktop folder, as it is a simple user folder, not some system folder and nothing bad (except maybe stealing something kept there) can happen.
@user-ot9fy8ym4g
Ай бұрын
@@FlorinArjocu avg Mac user store all their screenshot on desktop lol. A system folder isn’t valueable unless it’s sth like the shadow file or sth. Otherwise lot of them aren’t valuable at all
@TheCurtisnixon
Ай бұрын
if you have root access, ie, #2, the other 2 hacks become childs play....
@CybersecPat
Ай бұрын
This is true, but I executed all 3 of those scripts without root access!
@TheCurtisnixon
Ай бұрын
@@CybersecPat the second gives you root. Or can with slight modification....
@kibugenzaking3473
Ай бұрын
do one video with debian 12 linux, Bookworm. and you did great work 👏
@CybersecPat
Ай бұрын
Good idea! I'm doing a Windows version of this video next in this series, and plan on doing a Linux version after that. Hope that you find those future videos worth a click!
@matthews4159
Ай бұрын
I like how you say Windows wouldn't do this when you don't actually try it and you can configure Windows properly so that the user is not root and presumably at that point it would ask
@CybersecPat
Ай бұрын
That is true! controlled folder access on Windows would prevent the ransomware one. I’m actually planning a video where I do the same tests on a Windows machine, there seems to be some interest in showcasing that. Sadly, all of the attack methods I’ve listed here work on a non admin windows account from my testing - but don’t take my word for it, I’ll prove it in the next one! :D
@ackdor
Ай бұрын
does linux ask for authentication for the #1 attack? also, how does it fare against all 3 attacks?
@CybersecPat
Ай бұрын
I haven’t tested Linux yet, but the next video in this series will be testing these attacks against Windows, and after that Linux. Hopefully once I make those videos we’ll have an answer!
@FlorinArjocu
Ай бұрын
The first one failed on Linux, it did not ask for password, it just banned access to that password list. The others would have failed, too, but just as on MacOS, if you run the code, it is ment to run.
@flashbond
Ай бұрын
Shute the guy is ceerius. He's got two camera angles
@CybersecPat
Ай бұрын
lol indeed! I’m trying to upgrade the quality of my videos. I call the second camera the “nostril cam” lmao
@flashbond
Ай бұрын
@@CybersecPat I was just kidding :) No hard feelings :)) Keep up the good work 👍
@CybersecPat
Ай бұрын
@@flashbond no worries brother! I didn't take it the wrong way :D Appreciate you
@ThomasGanterPrien
Ай бұрын
Presentation is nice and professional, but the audio is a disaster. That runs it for me.
@CybersecPat
Ай бұрын
Thanks for the feedback - I’ll focus more on the audio in my future videos. Didn’t realize it was a problem, appreciate you letting me know so that I can address it.
@ron6607
Ай бұрын
@@CybersecPat To me the audio sounds fine. I can understand every word clearly.
@some.person
Ай бұрын
Slight room tone and very faint hum is a “disaster”? Wow. With those standards most of KZitem must be unwatchable for you
@ThomasGanterPrien
Ай бұрын
@@some.person Yes. I pay for KZitem as well as sponsor Channels I follow at Patreon or Nebula. I value production quality. The video and screen captures were very decent, the story flow was good, but the audio ruined it for me. To me it sounded like the interior of a tin can, and this is sad. I feel a proper mike is an investment well spent, immediately upping the watchability of this channel.
Пікірлер: 53