![Daniel Boctor](/img/default-banner.jpg)
- Видео 31
- Просмотров 2 077 315
Daniel Boctor
США
Добавлен 17 июн 2023
I tell computers what to do
I'm just here to share my experiences throughout my ongoing journey of computer science and software engineering studies. I have a passion for learning, and I hope you do too.
I'm going into my 4th year of University, and am currently interning as a software engineer at Cisco Meraki.
I'm just here to share my experiences throughout my ongoing journey of computer science and software engineering studies. I have a passion for learning, and I hope you do too.
I'm going into my 4th year of University, and am currently interning as a software engineer at Cisco Meraki.
What Kaspersky really discovered...
Head to brilliant.org/DanielBoctor/ to start your free 30-day trial, and get 20% off an annual premium subscription.
In this video, we take a deep dive into EternalBlue, the infamous exploit behind many of the most impactful cyber-attacks, such as WannaCry, NotPetya, TrickBot, and more. This is the most sophisticated exploit I have covered on this channel, due to the sheer rigor and length of the exploit chain. I wanted to build up to a comprehensive understanding of the exploit, starting with the buffer overflow / out-of-bounds write, as well as the arbitrary memory allocation, before outlining how the attack is executed. Whether you're a pen tester, security researcher, or cyber security...
In this video, we take a deep dive into EternalBlue, the infamous exploit behind many of the most impactful cyber-attacks, such as WannaCry, NotPetya, TrickBot, and more. This is the most sophisticated exploit I have covered on this channel, due to the sheer rigor and length of the exploit chain. I wanted to build up to a comprehensive understanding of the exploit, starting with the buffer overflow / out-of-bounds write, as well as the arbitrary memory allocation, before outlining how the attack is executed. Whether you're a pen tester, security researcher, or cyber security...
Просмотров: 208 487
Видео
When you Accidentally Compromise every CPU on Earth
Просмотров 736 тыс.3 месяца назад
Try CodeCrafters today with 40% off! 👉 app.codecrafters.io/join?via=daniel-boctor In this video, we take a deep dive into Spectre and Meltdown, two of the most dangerous and widespread transient execution CPU vulnerabilities, discovered by researchers at Google Project Zero. These vulnerabilities allow a rogue process to read from unauthorized memory on nearly every device in the world. What ma...
How Microsoft Accidentally Backdoored 270 MILLION Users
Просмотров 244 тыс.4 месяца назад
Try SquareX for free today! 👉 sqrx.io/dbv2_yt In this video, we take a deep dive into the Microsoft Teams RCE (remote code execution) exploit chain, discovered by bug hunter Masato Kinugawa. This exploit chain consists of cross-site scripting (XSS), prototype pollution, and a sandbox escape within the desktop application framework Electron. Whether you're a pen tester, security researcher, or c...
MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??
Просмотров 202 тыс.5 месяцев назад
Try SquareX for free today! 👉 sqrx.io/db_yt In this video, we take a deep dive into the GitLab / ExifTool metadata parsing vulnerability, which enables attackers to gain access to GitLab servers via an RCE (remote code execution). Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in escape sequences, code evaluation, and character parsing is c...
Dev Loses $440 Million in 28 minutes, Chaos Ensues
Просмотров 200 тыс.6 месяцев назад
In this video, we take a deep dive into the disaster that occurred at Knight Capital Group, an American global financial services firm engaging in market making, electronic execution, and institutional sales and trading, on August 1st 2012. Whether you're a pen tester, security researcher, software engineer, or cyber security expert, having a solid foundation of test automation, DevOps, and aut...
The Hacker who could turn on ANYONE'S Zoom Camera [Zero-Day]
Просмотров 77 тыс.7 месяцев назад
In this video, we take a deep dive into a high severity Zoom SQL injection vulnerability, which allowed attackers to enable a victims webcam and microphone without their permission. This vulnerability was exploited by taking advantage of dependencies between back-end systems and the SQLite database engine. Whether you're a pen tester, security researcher, or cyber security expert, having a soli...
MAJOR EXPLOIT: This GIF can Backdoor any Android Phone (sort of)
Просмотров 168 тыс.7 месяцев назад
In this video, we take a deep dive into the inner mechanics of a double free vulnerability within Android OS, allowing attackers to gain complete access to any Android mobile phone with an RCE (remote code execution). This vulnerability was exploited by creating a custom GIF file and sending it to a user in WhatsApp. Whether you're a pen tester, security researcher, or cyber security expert, ha...
How Google Analytics was used to Breach Virtually any Website
Просмотров 184 тыс.8 месяцев назад
In this video, we take a deep dive into the inner mechanics of Cross Site Request Forgery (CSRF), CSRF Tokens, and how Surgey Bobrov was able to bypass them with a joint Google Analytics & Django web framework exploit / vulnerability. CSRF is the lesser known of the big three web attacks, consisting of SQL injection, and cross site scripting (XSS). 0:00 - Overview 0:48 - Cookies 3:17- Cross Sit...
Is Your Python Code Unsafe? GIL’s Hidden Secret
Просмотров 5 тыс.8 месяцев назад
In this video, we take a deep dive into the inner mechanics of Python's Global Interpreter Lock (GIL), which is a must for all threading and multiprocessing devs, and expose a subtle nuance, which could potentially make your code unsafe. Join us as we explore the impact of GIL on threading and multiprocessing, and discover how it affects the performance and scalability of your Python programs. ...
Can Python Approach the Speeds of C?
Просмотров 6 тыс.8 месяцев назад
In this video, we explore a HUGE gamechanger for Python speed and optimization - Just In Time compilation (JIT) with Numba. WE HAVE A DISCORD NOW! discord.gg/WYqqp7DXbm Source code - github.com/daniel-boctor/Daniel-Boctor-RUclips/blob/main/Numba/numba.ipynb 0:00 - Intro 0:52 - Compilation vs interpretation 2:05 - Numba (JIT) 2:36 - Decarators 3:58 - NumPy
coding in C until I commit an atrocity
Просмотров 6 тыс.8 месяцев назад
In this video I try my very best to complete my C programming homework without committing several catastrophes, however this C code may be haunted. WE HAVE A DISCORD NOW! discord.gg/WYqqp7DXbm Source code - github.com/daniel-boctor/Daniel-Boctor-RUclips/blob/main/PSETS/PSET1.c 0:00 - God tier coding 0:45 - Haunted code
THESE Are the Tracking Pixels You Need to Worry About
Просмотров 5 тыс.9 месяцев назад
In this video, I showcase a revolutionary feat of engineering: the first untraceable tracking pixel. With some understand of HTTP, software engineering, and computer networking, we can apply the mechanics of traditional tracking pixels to legitimate email resources, to become fully undetectable to those who ghost us. Whether you're a beginner or a seasoned programmer, you can harness this abili...
The Best Data Structure You’ve Never Heard of | Python Deques
Просмотров 1,6 тыс.9 месяцев назад
The Best Data Structure You’ve Never Heard of | Python Deques
Why are List Comprehensions Faster than Loops? [Python Disassembly]
Просмотров 3,1 тыс.9 месяцев назад
Why are List Comprehensions Faster than Loops? [Python Disassembly]
Quant Finance with Python and Pandas | 50 Concepts you NEED to Know in 9 Minutes | [Getting Started]
Просмотров 1,9 тыс.10 месяцев назад
Quant Finance with Python and Pandas | 50 Concepts you NEED to Know in 9 Minutes | [Getting Started]
[Silicon Valley] Day in the Life of a Cyber Security Intern @ Cisco Meraki
Просмотров 2,9 тыс.10 месяцев назад
[Silicon Valley] Day in the Life of a Cyber Security Intern @ Cisco Meraki
You're NOT Managing Your Memory Properly | Python Generators (Yield)
Просмотров 13 тыс.11 месяцев назад
You're NOT Managing Your Memory Properly | Python Generators (Yield)
THIS Is More Important Than Time Complexity??
Просмотров 29 тыс.11 месяцев назад
THIS Is More Important Than Time Complexity??
[No Dependencies] Namecheap - How to Setup a FREE DDNS Script (self contained)
Просмотров 2,2 тыс.Год назад
[No Dependencies] Namecheap - How to Setup a FREE DDNS Script (self contained)
How to Drop Trailing 0s for Front-end Display in Django Modelform DecimalFields (Dollar Display)
Просмотров 484Год назад
How to Drop Trailing 0s for Front-end Display in Django Modelform DecimalFields (Dollar Display)
We can’t have security software for these types of malware because that’s how “they” are going to steal any digital currency after they tank the entire banking system. Under the guise of debt and world governments unable to pay back loans. That’s why they keep making trillions of debt, and pocketing it. Similar to the exchange collapses. Everything will be stolen/ wiped out. Brokerage accounts, 401ks, IRAs. You name it.
Ah, so that’s why I can’t initialize samba on my network…
Great breakdown man. Thank you.
why am i not surprised
слава богу что у меня пиратка и вся виндовская требуха у меня просто не работает
*uncomments the code *casually loses $440 Mil.
Wait until the black hats use AI to find these vulnerabilities in a fraction of a percent of the time it used to take them.
I haven't finished watching the video yet, but didn't Microsoft release a update patching this security flaw a WHILE back before this ransomware started infecting?
I see no "accidentally" here. There is only one reason to withhold such information, namely to weaponize it. There is no foreign bad actor, the NSA messed with fire then cried wolf when it bit their asses. That's what you get for believing you're smarter than anyone on the planet.
It's crazy how since the 80's, the US govt and Russia have traded places.
Almost 100% not NK. Most likely CIA doing it. CIA is behind most of the evil in the world.
Noticing about actual hackers is "Antisemitic". It will shut you down.
They should have just set their servers/AWS off wut
Russia is responsible for blue balls also
Almost expected: 'This is where today's video sponsor comes in - The NSA is an industry leading...'
This just makes me happy I dropped out of computer science.
OGs know it's title has been changed three times
Here's the important question: How does NSA (an American organisation) plan to pay for damages for users of other countries?
My at home server got hit by wannacry, thankfully I had an external backup wiped the drives and just in case reset the cmos as well. I run the server within network now so my 2011 server can't be targeted directly.
My solution was to destroy the disk and drop in a backup.
Bunch of Blockheads
0:09 Some interesting shape comes with the lights and oscillating fan.
Great video! nice visuals! soothing voice. I don't even wanna know why and how they "discovered" that backdoor. and even more disturbing why they keept it secret until the zeroDay was already on auction.
Thai explanation (about at the 6 Minute Mark) Sounds Like a speedrun strategy…
fat chance the US government paid a single cent for the damages they caused...
the US: indicting a bunch of foreign officials also the US: the ones who caused and allowed the vulnerability
"Accidentally" lol
Thanks for explanation!
It was no accident.
The secret government organization known as The Equation Group has developed The EternalExploits, a set of powerful secret techniques. The four EternalExploits are known as EternalBlue, EternalChampion, EternalRomance and EternalSynergy. These names sound like they were taken straight from an anime. Wtf lmao.
The spread reminds me of not vaccinating. There's a known danger out there (the bug / disease) there's a fix for it (the update / vaccination) people choose not to implement the fix, and the danger spread. If 95% of computers would have the fix, the danger might have been contained because it couldn't spread fast enough, but it wasn't.
Why did you change the title?
Every computer on earth: 😨😏
I worked in a SOC on night shift at the time of this, I grabbed one of the screenshots and set it as the slideshow screensaver on every machine in the room. The next morning my relief was late so i left, she finally showed up about a half hour later and i got a panicked phone call from her on my drive home. I had to pull over and catch my breath because i was laughing so hard.
You say at 0:58 that WannaCry spread to EVERY computer..... this is not true. At 1:39 you state that 230,000 computers are infected after one day. Considering that there were somewhere between 500,000,000 and 1,000,000,000 computers worldwide, this amounts to about 0.03% of the total computers worldwide. 0.03% is HARDLY "all the devices on that network" that you claim were affected at 0:58 - so why the lies, the blatant exaggeration? Smells like rank clickbait to me.
I wish you were a doctor
you have a great knack for making complex topics fun! ♂️
lol who cares. just keep hospitals out of this
Does a great job illustrating in-depth a notorious and technical attack on Windows in a way that people can follow. Chose to represent the exploited machines using iMacs and Macbook Pros.
The title is clickbait.
if this interests you, i'd recommend reading This Is How They Tell me The World Ends by Nicole Perlroth
14:12 So you're classic buffer overflow exploit.
11:47 This is why Hungarian Notation is good. If that was used they could have used it to indicate the data type. Unfortunately the language they used didn't inforce the data type of the variable which was the main problem. If the compile warned that the data type didn't match (2 byte vs 4 byte) we wouldn't have this problem. I hope C/C++ compilers are smart enough to catch buffer overflows and type mismatches now.
@0:30 Yea, so what? Clean the Drive, reinstall the OS, restore from Backup.
NSA kept information about the bug to themselves instead of disclosing it to Microsoft causing all that damage and lost information. Despicable.
I was working at a factory. They had to erase ALL their machines, because the greedy bastards were running XP. All machines stopped, all production stopped for 18 hours. People were walking around, sweeping floors and stuff, because they had nothing to do.
OMG I really need to backup more often.
Your explanation of the bugs and how they work was top notch
It's just the big corpos and lizard people not expecting hackers to find these backdoors for posterior world domination use. They were wrong. All plans were foiled by the least expected coders around the spectrum. You'd think these guys would be wiser to not leave a stack overflow bug hanging... The most common way to hack OR inject non-intended code for any system. The only reason I know about this is because videogame consoles xD The fact the NSA shut their mouth about it tho...
Accidentally. Sure…