3 Malware Analysis Dissecting Malicious Software

Estimated read time: 1:20

    Summary

    In this extensive discussion on malware analysis, the focus was on understanding various types of malware and how they infect systems. The session covered tools and methodologies for malware analysis, including Nmap, Wireshark, and Zara. The complexities of malware such as viruses, worms, and spyware were explained, alongside the steps to detect and analyze them using static and dynamic analysis techniques. Moreover, the session delved into practical demonstrations using tools and scripting, highlighting security measures and the role of machine learning in identifying malicious software.

      Highlights

      • Understanding the different types of malware and their impact. 🦠
      • Using Wireshark for network traffic analysis to find potential security threats. 🌐
      • Demonstrating how static and dynamic analyses are conducted to study malware. 💻
      • Exploring the role of machine learning in enhancing malware detection. 🧠
      • Practical demonstrations of malware detection with real-world examples. 🎓

      Key Takeaways

      • Malware can steal sensitive information and grant unauthorized access. 🚨
      • Static analysis examines malware without executing it, while dynamic analysis involves executing malware in a controlled environment. 🕵️‍♂️
      • Tools like Zara and Wireshark are crucial for analyzing and understanding malware behavior. 🔍
      • Machine learning offers innovative ways to detect malware with higher accuracy by utilizing large datasets. 🤖
      • Always ensure websites are secure and avoid downloading suspicious software to prevent malware infections. 🌐

      Overview

      Malware analysis is a critical skill in the cybersecurity world, essential for protecting systems from unauthorized access and data breaches. This session provided an in-depth exploration of various types of malware, including viruses, worms, and spyware, highlighting their common tactics and effects on computer systems.

        Attendees learned about various analytical tools such as Wireshark and Zara, each serving unique purposes in identifying and mitigating malicious threats. Static analysis allows for examining malware in its inactive form, while dynamic analysis involves executing the malware in a secure environment to observe its behavior.

          The session also embraced machine learning as a powerful ally in malware detection, demonstrating how algorithms can sift through vast amounts of data to identify patterns indicative of malicious activity. This forward-thinking approach offers a glimpse into the future of cybersecurity, where AI and machine learning could become linchpins in defending against sophisticated cyber threats.

            Chapters

            • 00:00 - 10:00: Introduction to Malware Analysis The chapter 'Introduction to Malware Analysis' introduces the topic by discussing different types of malware and how they are categorized. It also highlights tools available for malware analysis, such as Nmap, Wireshark, and a tool referred to as Zara. The chapter promises to provide definitions and examples to enhance understanding on these topics.
            • 10:00 - 20:00: Types of Malware The chapter titled 'Types of Malware' seems to begin with an example scenario involving malware. It describes a situation where a user clicks on software and suddenly experiences unauthorized access. This could imply that the software is malicious and serves as an entry point for malware into the system. The discussion might pivot towards different characteristics or types of malware that lead to such breaches and include suggestions on writing codes to prevent unauthorized access, although the transcript provided here is incomplete due to an interruption.
            • 20:00 - 30:00: Static and Dynamic Malware Analysis This chapter delves into the methods of static and dynamic malware analysis. It begins by discussing the importance of understanding control flow and scripting in the context of malware. The chapter highlights how a programmer with in-depth knowledge can leverage scripts to analyze the behavior of executable files, often used in hacking attempts. Through this analysis, one can discern the potential risks and behaviors of these programs before they are executed in a live environment. Static analysis involves examining the code without executing it, while dynamic analysis focuses on observing the program in action to understand its real-time behavior. Both methods are crucial for cybersecurity professionals seeking to protect systems from malicious attacks.
            • 30:00 - 40:00: Tools for Malware Analysis The chapter discusses various tools used for malware analysis. It starts by explaining how malware, such as executable files (e.g., file.exe), can be executed without authorization if someone clicks on them. This can allow unauthorized access performed by the code within the malware. This example is used to highlight the concept of malware, which often involves software installed without the user's clear understanding of its potential malicious intent.
            • 40:00 - 50:00: Network and Security Considerations This chapter focuses on Network and Security Considerations. It highlights concerns about downloading resources that may contain malware, emphasizing the importance of using official and secure sources for downloads. A key characteristic of security measures discussed is the handling and storage of sensitive information, such as banking and transactional details. The chapter notes that people often store important documents and personal information within their systems, which necessitates stringent security protocols to protect against potential breaches and unauthorized access.
            • 50:00 - 60:00: Machine Learning for Malware Detection This chapter explores the application of machine learning in the domain of malware detection. It discusses how attackers frequently target sensitive information, such as banking credentials, by gaining unauthorized access to systems. The motivations behind this access are rooted in the desire to exploit sensitive information. The chapter likely elaborates on methodologies and machine learning-based techniques that can be used to identify, prevent, and mitigate such unauthorized access attempts, though the provided transcript is quite limited in its scope.

            3 Malware Analysis Dissecting Malicious Software Transcription

            • 00:00 - 00:30 [Music] in today outline we'll be understanding like types of Mal and how it actually separate it and there after what kind of a tool that are available for analysis and we'll be understanding nmap fire shark and Zara tool I just already have already have created a definition through which we'll be understanding like taking example the back
            • 00:30 - 01:00 back like take an example like I just have click it on a one of the software and just getting an access just ging an exess without if you have an proper of writing aod and whatever the code that we are going sorry for internet interruption I
            • 01:00 - 01:30 just have changed my internet hope right now it will be properly visible and will not be having any disconnection now like when uh when the actually the programmer the who is having a very great understanding of control flow with the help of script let us suppose if someone is just going to click it on like the executable file the executable
            • 01:30 - 02:00 file.exe even dobat if someone is just going to click it on that whatever the code is written there accordingly can get an access without any authorization that means like all these come under the category of me these are you can say the malware we have it means like when we just install any of the software we don't have have idea like is it
            • 02:00 - 02:30 containing any malware is it will be the official resource from where I'm just going to download a download a thing like the key characteristic if we are getting like like the banking information sometime we just store the banking detail the transactional detail in our system even though many of the person are all having like the habit for storing like all the document information in a in a system
            • 02:30 - 03:00 which mean [Music] that which mean that like the the actually the attacker actually targeting to that sensitive information like they just got an exess of your system why they just getting this excess of their system the reason behind will be like just to get the let us suppose the banking credential when someone is just
            • 03:00 - 03:30 going to enter the credential someone is just going to open any of the file that contain the sensitive information which mean by default the malare the will by default it will be wake up and will even though many of the time we have seen this thing like creation of multiple virus recycler like disruption of device performance like even if I can show you as well in this
            • 03:30 - 04:00 let us suppose if I'm just click it on this task manager in this process even we have runtime runtime broker as well let us suppose if your system is not giving you a much like if any of the disruption is occurred we just we what exactly we can do is we just can end this runtime brok what exactly it will happen you can see right now
            • 04:00 - 04:30 at that time my system was taking 54 right now it is just using 34 56 why it is going to be happen because runtime broker the Microsoft has launched it why the reason behind is like the window update just for a window update as you can see right now my CPU already been utilized right now it is just reaching up to the 53 54 again reducing to the 33 36 that kind of of a software why this
            • 04:30 - 05:00 Microsoft introduced this software so that the user will be having a facility to update a device user will be having a facility to update a window like in window 10 window 11 we cannot directly stop the updation we just need to do it by going to the services after that we'll be having a facility of stop that means this is actually the runtime broker I'm just talking about that is actually the official one not uh
            • 05:00 - 05:30 you can say having any malicious software just think about this thing like uh if the malare which is infected and if it enter in your system that means by default it will reduce the times it will reduce the device performance as well as can grant unauthorized access as well like remote login that we already have an idea any
            • 05:30 - 06:00 desk AA Ultra viewer team viewer what exactly it they they do does is actually they do is which mean they just get an access of our system with other person remotely can can access our system but this is under the authorization which mean we are the person who are actually going to share a key ID we are the person actually are going to share the passwords there after
            • 06:00 - 06:30 a person get an exess on that and more likely let me think about this thing we were just talking about only the single system but in organization we'll be having a multiple will be having a multiple system that will be connected by using a by using a IP let us suppose my system IP is 19 192.168 1. one which mean having a Class A Class
            • 06:30 - 07:00 B Class C with the help of this we can connect a multiple system on a single Network like if any malicious virus if any of the you can say infected file entered in a single system can harm to the all other system as well what exactly it will be happened is which mean that we have seen
            • 07:00 - 07:30 many time in a in a movie what exactly happened is someone is just going to attach a USB and there after by System got system got got into a starvation or just getting into the stage of Deadlock what exactly that files contain that files contain a code like take an example let us suppose if we are talking talking about a for Loop
            • 07:30 - 08:00 let us suppose if we are just going to use a command I'm just going to take an example so that we'll be able to understand us see MD command is used to create a folder take an example MDA CDA let us suppose if I'm just going to create this MD CD multiple time
            • 08:00 - 08:30 and if I'm going to save this file save as AE dobat let us suppose if I'm just going to save it my desktop [Music] screen as you can see right now if I'm just going to click it on this by default what exactly it will create is it will create a multiple f fer how
            • 08:30 - 09:00 actually it is going to create is how actually it is going to create is the reason behind is because I just have typed the one command I just typed the one command MD MD stand for make directory CD stand for change directory it means first create a one folder a create a second folder B in in this creating a subfolder c at last creating a subfolder d when we just
            • 09:00 - 09:30 going to click it on this file as you can see right now creating a folder a creating a folder B creating a folder C creating a folder D same thing was actually happened in a recycler as well when we just actually recycler actually what exactly it was doing it was just creating a multiple folder folder inside folder folder inside folder like I just have
            • 09:30 - 10:00 write only just for a three to four folder creation think about this take an example someone is just going to write a normal command like someone is just having a knowledge of just command if that person is going to save it in this dot be B format and by mistaken if someone is going to click it which mean whatever the action is written in this like in this I just have mentioned this section like create a folder and folder I have not written
            • 10:00 - 10:30 anything that is also a right now it is not a malicious because I just have written a simple command if I'm just going to write it for granting an excess of any person which mean that come under the category of a this malware now let we try to understand what kind of the malware we have and the first one is the virus like
            • 10:30 - 11:00 viruses Vital Information resources under Casas which mean that is actually attached to the file that can be separate when executed as you have seen right now that was the virus actually I just in which what exactly I just have done right now I just have created a five to seven folder only take an example if I just going to repeat it up to 2,000 call 20,000 call no one will be able to even delete that that folder
            • 11:00 - 11:30 because will not be having a root and if it is form of a treat radical formation we cannot delete that kind of a virus which mean it will be spreaded when it is executed so printed mean we'll be creating a multiple folder in this the next category we have is form self-replicating self-replicating and spread with how to use an action like in
            • 11:30 - 12:00 this what exactly we have seen right now I just need to click double click it on this there after it was executed but V actually when they it executes we do not need to click anywhere by default it will create an application of this next one is the TR like very important to understand is backd door access let we first understand back door therea we'll be
            • 12:00 - 12:30 understanding the resware like see the back door back doors are actually the valous code that installed in a local machine and it allow the attacker to accesses take an example if someone is just install in let us suppose if I have just open any of the my website let we take an example of this let us suppose
            • 12:30 - 13:00 let me take an example of this take an example
            • 13:00 - 13:30 as you can see right now this is a open source Zara rules open source Zara rule that contains even organization wise organization actually will be understanding the Zara tool as well just for your better understanding like Zara is a tool that is available that is available for like take an example first of all what exactly it contain it is it
            • 13:30 - 14:00 is we have a two type of hashing technique md5 and and sha algorithm hexa sha algorithm we have let we take an example like when it have like this come under the static analysis static malare analysis like manually analyze it prop in a proper way which mean what exactly the the we can
            • 14:00 - 14:30 do is we just need to check it out manually let us suppose take an example of back door. exe I just have a virus back door. exe what exactally I will do is I will be downloading a one md5 it is right now available in a two version like we have a window 32 and window 64 which mean if I I already have installed the windows 64 which SC I will be downloading Windows 64 md5
            • 14:30 - 15:00 version that will retrieve me a hash key after retrieving a hash key then we just need to retrieve a string which means string contain like it is a kind of a rule book and if I'm just going to show you like take an example of any of the Airbnb thear file
            • 15:00 - 15:30 even as you can see right now the many organization lot each and every organization even the Microsoft each and every this is the open source everyone can download it like this file if I'm just going to open this as you can see right now containing a meta description string and
            • 15:30 - 16:00 condition which mean each virus will be having a hash code string and condition if it match with this rule there accordingly we all say this thing okay this virus is of this category like this virus is of this malicious software like this is a WM this is a virus how actually take an example meta which mean meta mean the actually the hashing code after
            • 16:00 - 16:30 retrieving the hash code thereafter we'll be having a string list string list mean this list like it can be of it actually this is a very small list right now having a lot of list right now in this depository if you want to see suppose if I'm going to open any other like the Zara is a tool which is very important to understand and not
            • 16:30 - 17:00 only as you can see right now the key Locker because key logger actually a key logger is a malicious software and if it is a m malicious software let us suppose if someone is going to download it want to see whether it is malicious or not which mean how actually that person can check it out first of all will be retrieving a hash key how we can retrieve a hash key with the
            • 17:00 - 17:30 help of md5 algorithm with the help of md5 algorithm we can retrieve a hash key after retrieving a hash key we have a string function as well we with have if this string function take an example match which mean this will be of this type like this is just a kind of a rule book let we take an example of take an example 1 2 3 4 5 if two rule match if two string match
            • 17:30 - 18:00 according to specific condition which mean will be categorize this type of Mal like the virus malare we have the warm troan hope you all are able to understand right now what exact the Zara is what exact the rule book is like in this is you can see right now the back door back door hope you all are
            • 18:00 - 18:30 unable to understand which mean like the attacker actually connect to your computer and without your authorization will be able to execute any of the command like not only for a just for a single day that AER can connect with your system anytime because already the malicious code that is already been installed in your system like same like
            • 18:30 - 19:00 this this is not a malicious one but just for your reference only like we already have deleted runtime Explorer as you can see right now it is not being shown right now but take an example if I'm going to reun the system if I'm going to restart my system by default it again come to my system and therea need to do s process again way
            • 19:00 - 19:30 back door mean without we even don't have an idea my system has been hacked or not my system is no is some someone is going to take access and can even like most of the cases like when we are going to do the transactional process at that time that will react otherwise will not much react it on which mean only the
            • 19:30 - 20:00 suspicious information suspicious like now next one is like this that is back door is actually known as tsion and like getting a back door exess rmware rmware is like rmware is actually it will just encrypt all the files like will we already I already have told you the md5
            • 20:00 - 20:30 I'm just going to show you what exactly the md5 algorithm does
            • 20:30 - 21:00 as you can take an example A B C if I'm just going to write one which mean that md5 is this is the hashing that come under the analysis of static static Mal analysis which mean as you can see right
            • 21:00 - 21:30 now this string is right now md5 hashes even no one can easily understand this similar way when we just download any of the virus definition in the static analysis first of task will be the hashing and the second task will be the sting sing pattern pattern is really necessity to match and the last task will will be the condition that already
            • 21:30 - 22:00 shown in this like and this already shown to you and see I will be sharing this link to you on uh in this chat box anyone can open it can see it as you can see right now take an example the we were talking about the hosting provider companies like the go
            • 22:00 - 22:30 Dy just going to open a good D so that we'll be having an understanding
            • 22:30 - 23:00 as you can see right now whatever the virus still now has occurred they just have created a rule book like take an example for command shell as you can see right now the Microsoft Window command shell this is the description of this which mean these are the string and this is the condition if it get matched there accordingly like we always say this
            • 23:00 - 23:30 thing the Casper sky and the installation like this this is the Casper Sky sandbox this is the Casper Sky sandbox we'll be talking about this Casper Sky sandbox as well how actually how like like antivirus antivirus is itself a virus which mean that antivirus actually knows the comp complete hash key
            • 23:30 - 24:00 actually having a complete strting information having a complete understanding of how need to apply a conditional call that means take an example if someone want to create a new antivirus which mean that this will be the Zara rule will be the Zara rule need to understand all like let we take an exam let we understand the situation when just rum RW was introduced used by Anonymous no one will be having much
            • 24:00 - 24:30 knowledge about what exact the behavior of rware is everyone just know this thing like encryption of file but right now the nir is right now providing a facility to to block even our smw as well like the next one is spyware like same like a spy camera same like a monitoring that means whatever the user activity collecting a data what exactly the like kind of a loger
            • 24:30 - 25:00 whatever we exactly do by default it will monitor the whole activities and the collecting the whole data the next one is the adware ADW somehow like when we just open a different website take let us suppose I just want to buy a shoes if I want to buy a shoes which mean having an interest of buying I will be definitely exploring it on a search
            • 25:00 - 25:30 expl exploring on an internet when we explore it on internet will be giving unwanted ads will be giving redirect redirection like take an example you are just going to open a sho shoe official site by default it will redirected to a like Can it can be let us suppose any of like the content that is you that is age
            • 25:30 - 26:00 restricted even that kind of a malicious site by default it will be opened it in a browser that all are actually a kind of adware and one more category that is actually right now most of the time like right now we have a different kind of internet browsing software like like like Google Chrome we have a Microsoft Edge many time what exactly we think
            • 26:00 - 26:30 like this we just have installed a new browser but actually that was not a browser that also contain that kind of Suspicion in suspicious information that by default it will be redirected to a malicious sites which mean that the icon will look like a normal browser when even even when we open a control panel what exactly we see is like the Google Chrome
            • 26:30 - 27:00 installed Microsoft Edge installed another browser installed but that is not an actual browser that will be the resource for opening unwanted ads that will be the resource for redirecting the user to a malicious sites next one will be the root kit the rootkit is actually the like if the the hacker want to get a
            • 27:00 - 27:30 complete the privilege exess that means the Deep system exess that that kind of the type will be the root kit the key Locker like recording the whole key stocks stroke stealing the password and whatever the sensitive information that can be retrieved with the help of key loer last one is the botet like right now have you seen like csb
            • 27:30 - 28:00 bot like just by giving a single prompt we will be able to visualize the whole data even we have a rapid minor that also contain a AI tool that also AI is already integrated with the rapid minor what exact the use of Rapid minor is to visualize the thing but even the person who is not having a much of knowledge now like the infect like the botnet are actually these are
            • 28:00 - 28:30 the infected devices even the they can attack to a large that used for a large scale sub cyber attacks the bot Nets now downloader downloaders are a kind of a adware that can be installed in your system and after installing of this which mean that like the might be you have seen the this thing like take an example when I'm just
            • 28:30 - 29:00 like get into pc.com many of us are actually using this for just downloading a software even many of like the other other website like brother soft and and many of other applic sites that are providing us a software that are providing us installers but when we just installed a single single single software by default it
            • 29:00 - 29:30 will be going to store a multiple other software as well that all come under the category of downloader downloader actually that this is a program that will be download and install additional malicious code which mean that we don't have an even idea like what exactly we have installed and what exactly it contain there accordingly that is the process that
            • 29:30 - 30:00 come under the which mean that that contain the malicious code and that will be that can get an excess of our system now what kind of attack it can be like how actually like the first category we have is the pishing maale but like the fake sending a fake email with the malicious link for getting an access of the system for getting the information
            • 30:00 - 30:30 like next one is the infected website might we you have heard a word like this website secury side check what exactly this rule of this website
            • 30:30 - 31:00 take an example if I I'm the person have cre develop one application one website which mean that just a second I'm just going to show [Music] you take in example if I'm going to write google.com
            • 31:00 - 31:30 here what exactly the Security Site Checker this will site will be checking it like is it a domain is a blacklisted or and having a malware or not how actually it is going to do is it is going to do it with their
            • 31:30 - 32:00 mechanism having a dynamic analysis in this and as you can see right now the Security Site which mean that we have a different open source sites even though we have another applications as well that are used for like that are used for like analysis purp purpose
            • 32:00 - 32:30 like take an example of this site why this total [Music] these are which mean that we do not even
            • 32:30 - 33:00 need to install it but the condition like this not not much of the person already actually having an idea the blacklisted and white listed domain actually that is most crucial one take an example if my domain got blacklisted what exactly happened is which mean that no one will be which mean it the Google will not index my will not be going to index it what exactly the Google will
            • 33:00 - 33:30 Google search engine or other search engine will be considering okay this contain a virus having a malicious code in this and will not giving indexing will not be listed at in a search engine so that we just have an understanding mean like the application like the the website that we are let us suppose if someone is going to send you a domain link that might contain a malicious code you
            • 33:30 - 34:00 can use this s secur s check doc.net just to confirm it whether this website contain a malicious code or not like let us suppose I just have a one link if I'm just going to click open this link this is a HTTP right now
            • 34:00 - 34:30 as you can see right now just check it out like like all we have an understanding of this like when we just say this thing like we just the website website mean the front view will be created with the help of HTML like when we talk about HTML when we talk about HTML that mean that
            • 34:30 - 35:00 which mean that like we'll be having a two method that we need to understand is two method form method will be two form method will be two method will be it will be get or post and thereafter we even we need to understand this thing like this all under under under inter web page
            • 35:00 - 35:30 communication that means still this domain is you not this still this domain or you can say this website does not contain any malicious code which mean no malware found even this is not a blacklist similar way similar way take an example if you have downloaded any software if you want to download any software want to check
            • 35:30 - 36:00 it out the executable file want to check it out whether this file contain a malicious code or not this website is most useful virus total.com even I'm just share sharing this link with you and this chat box so that everyone can use it like the virus total actually this is a like this is the dynamic analysis not
            • 36:00 - 36:30 a static one like virus total actually how actually this virus total work will be having a Sandbox for performing the whole task we'll be understanding the whole thing thereafter even though we have a one more multiple sites we have for like take an example of any run
            • 36:30 - 37:00 this is these are the dynamic analysis these are the free tool that are all available that we can use it for checking it out whether the my file whether my downloaded file contain a virus or not let us suppose if I'm just going to select any of the file uh Tak an example if I'm just going to select this Ultra viewer
            • 37:00 - 37:30 as you can see right now it is providing me the whole detail because this is the ultra Ultra viewer now Ultra viewer mean demote desk remote desk mean as you can see right now the one of St see which mean that this is a Ultra viewer and having a one malicious right now I'm just going to when we are just going to end Analyze This see Ultra is a remote
            • 37:30 - 38:00 desk which mean that we'll be having a few of the executable code right now what exact the community score is minus 12 as you can see right now see [Music] these These are the you can see I already said this thing like the Zara file what exactly it will contain that contain hash string and conditions which mean that
            • 38:00 - 38:30 according to the condition this these are undetected in this but one process that is detected that which has graveir and winds 32 system healer that is right now on like having a very very less but still we can see this is a malicious one detail if we are checking out detail already shown you the hashing key everything right now going to be happen at online like going to be happen it
            • 38:30 - 39:00 Dynamic which mean that the analysis we have of two type one is static right now it is going to be happen dynamic dynamic mean the first of all it will be going to retrieve a hash key pattern as you can see the complete hash key pattern it is going to retrieve right right now the md5 Sha one sha 25 5 to 256 after retrieving all see as you
            • 39:00 - 39:30 can see whatever the name that are specified like Ultra view setup 6.5 and like the English words and different words and that are available right now on internet even the signature information file words and everything it is right now showing here with this what exact the benefit of this like if you have an like if you we have actually we have a three way ACC like
            • 39:30 - 40:00 first one is static the static analysis need a lot of patients statting analysis need a proper understanding like this is the dynamic analysis let us suppose if you just have downloaded any software what how actually the working of this if we want to understand let us let I'm just going to explain you the working so that we'll be able to understand in a more better way
            • 40:00 - 40:30 like actually how actually the dynamic analysis actually work which mean that the dyamic analysis how actually work let us suppose we have Internet we have have
            • 40:30 - 41:00 [Music] internet let us suppose we have an internet and many of the request that will be going to be going to be come into my system take an example like
            • 41:00 - 41:30 sending and receiving sending a request and receiving which mean that on the da on the daily use we actually use multiple we send a multiple request on the internet and thereafter we just retrieve a multiple data from the internet but this data might contain a malicious
            • 41:30 - 42:00 software might contain a malicious data what exactly the sand sandbox actually does is the sandbox is nothing it will be a kind of like kind of the filteration it will be a kind of a filteration in this in between of wall which mean that whatever it's malicious we'll save it in this whatever is not malicious whatever is not
            • 42:00 - 42:30 malicious it means whatever is necessary information you will be able to get so that which mean that it will not harm your system it like will be accessing all the things from the internet but we'll be having a one sandbox here right now this will behave like as a Sandbox like here we have this is a Sandbox right now and this is the user right now users
            • 42:30 - 43:00 information and this is the ISP internet service provider organization that provide us data like if you want to download sandboxy and want to use it even we have a one website s actually the name is sandbox but the website name is send boxy here we can use S the see as you can see this this is the open source
            • 43:00 - 43:30 this is isolation software the isolation software mean just shown you there in my example the isolation software mean like whatever the malicious information malicious data it will be the infected data it will be having that data by default will be isolated and will be stored it in a sandbox and the in the meaningful information will be provided to the user
            • 43:30 - 44:00 now let we understand this what exactly I have shown to you right now we have two type of analysis static analysis and dynamic analysis which means static analysis involve examining of malware without running it and dynamic analysis involve running the Mal malware right now which mean like what exactly we have performed right now see this is the dynamic
            • 44:00 - 44:30 analysis that means whatever the executable file completely done it after running it out therea the match the whole pattern and how actually it match the pattern by just getting the basic properties First Property will be the hash key after retrieving the hash key then even we have another inform other information as well like the
            • 44:30 - 45:00 relational information how actually it is going to be connected like function three function for and how it is going to be like the connected IP as well like here is the connected first I here is the IP that is actually contain a defected information even we can see the behavior as well see as you can see the behavior
            • 45:00 - 45:30 and the community as well like the detail and there after we have even a one is any do run this is also a dynamic one and there moreover we have a we have j o e this is also application this is also automated
            • 45:30 - 46:00 malware analysis like which mean automatically that means not need to be much worried about like here we have let us suppose if I'm going to upload the same sample I'm just going to create an account which is which mean having a just a basic information after filling the basic information we can login it after loging it this we'll be having a one tool analyze with this it provide actually it
            • 46:00 - 46:30 provide us a like from the URL we can do from the file if we if let us suppose if you have downloaded any installation. exe file that means with that even you we can do is one more one more site we have is like the name of the site is the
            • 46:30 - 47:00 [Music] this one as well this is also a Sandbox anal sandbox analysis this is also a Sandbox analysis that we can even use this one which mean that like this is much better according to my thinking like we'll be providing you the whole information even we can use this that all will be your choice like like the you sandbox we can use the
            • 47:00 - 47:30 Tria gave we can use even the any. run that all dependent on us which one will be more suitable there accordingly we can use it like these are just like take an example if you just have download a software like still like want to check it out whether it contain a malicious software or not that means what this website will be providing you the complete
            • 47:30 - 48:00 information now next let's move next to the like the statistic statistic analysis technique which mean that the statistic analysis technique mean which mean that the hashing actually first of all retrieve the
            • 48:00 - 48:30 hashing without running it for this what if we want to retrieve this hashing what exactly we will be doing we'll be will just need to download the hashing algorithmic software need first of all should have to download one executable file obviously after this just need to download the executable it can be the md5 it can be the Sha algorithm the hashing technique after getting this hashing then just
            • 48:30 - 49:00 need to check it out the strings with the help of strings call which mean everything we will be reviewing the structure signature the string step by step first one will be the hashing we are going to retrieve it with without running it without because if we are going to run it that means by let us suppose if it contain granting an exess of my system that means if I'm
            • 49:00 - 49:30 just going to double click on it by default it will be V so that the statistic analysis need need proper attention like it is not uh you can say just a sec one second call which mean need to install three to four software after installing a four to three to four software therea we'll be able to retrieve the hashing the strting signatures and the conditional call
            • 49:30 - 50:00 after that after that we'll be man manually checking it out from the the rule like rule book if it match which mean that that will be the will be the file that contain a virus now the next one the dynamic technique the sand boxes that running the malware in a isolated environment isolated environment mean like actually I just have shown you this this is the isolated one right now even if we have one more
            • 50:00 - 50:30 sandboxy this is a open open source sandboxy if you we want if you want to download then can download this send boxy this code is right now available it on a GitHub what exactly this code will do this code will be having two executable file one will be send boxy 32
            • 50:30 - 51:00 send boxy 464 when we are just going to open it and thereafter we'll be having an option to select a file same like this uh sorry same like this for selecting a file after selecting a files if it come under the category of a malicious malare that means it will not allow you to open and if does not come under the category of malicious which mean that it you it
            • 51:00 - 51:30 will allow you to open take an example if you are just going to input this Ultra view. exe file or a backd door. exe that means you will not able to see it you will not able to execute it if let us suppose if I'm going to just run uh just going to enter this file like not having any more information aa. EXT will be directly allow us to open it
            • 51:30 - 52:00 will be directly showing show us a Content actually will be which mean that it is like the the the sers the who actually developed this right now this sandbox sandboxy plus is available if you want to use if you want to have an experience of sandboxy that is available it on GitHub repository
            • 52:00 - 52:30 now the which mean that what exact the technique it use it actually track the me malware execution registry file analysis as well as Network traffic analysis like Network traffic analysis I'm just going to show you so that will be more able to understand it like the tool actually for static analysis we have like the Ida Pro like dble and Deer of
            • 52:30 - 53:00 for reverse enging and this like we have the wire shock we have the process monitor that all are the dynamic analysis tools hope you all are able to understand till now like the static analysis we have like analyzing the malware but without running it and the dynamic analysis mean like running a malware in isolated environment that is known as sandbox sandbox mean actually the sandboxy this is a tool
            • 53:00 - 53:30 actually sandboxy this is the tool send boxy plus this is a open source tool that is available for 32 and 64 64bit Windows like here actually we have run this right now as you can see providing me the complete detail let let we go more into the depth of this thereafter we'll be
            • 53:30 - 54:00 understanding the how actually the machine learning giving us some benefit through this like I'm just
            • 54:00 - 54:30 for e
            • 54:30 - 55:00 now let we try to understand this the
            • 55:00 - 55:30 Kali Linux like the dynamic tool the network analysis and thereafter we'll be directly moving to the like the machine learning part that will contain that will be the this part and because I actually I have down loaded the few of the virus defination and uploaded it my in this my
            • 55:30 - 56:00 co COA notebook I hope all will have a proper understanding like the coolab is Google coab like the data science take an example if we want to run a code of the data science with the help of python technology that we can run it online in the school app notebook as you can see I already have downloaded this the malware the complete malware definition the all malware definition as well as few files
            • 56:00 - 56:30 that does not contain a virus and therea one more file that I just have downloaded that is back. just with just kindly run the Google coolab and thereafter we'll be trying to understand the dynamic time Dynamic like we have this we have to like we'll try to understand
            • 56:30 - 57:00 this VRE shark monitor for analyzing the traffic Network we'll be showing you this process as well and thereafter we'll be trying to understand this complete code so that all will be having an understanding kindly run your khux as well as the goola so that will be continuing the session
            • 57:00 - 57:30 e
            • 57:30 - 58:00 e e
            • 58:00 - 58:30 okay I hope expecting this thing like
            • 58:30 - 59:00 all you have in run this Linux environment now first of all like the setting that first of all I'm just going to show you there after we'll be explaining you what what exact the setting you need to perform it for getting an internet
            • 59:00 - 59:30 access take an example like now if I'm going to open this Google.com I'm able to get an internet connection in my virtual machine as well how actually we can do is if you are using uh like here we have an option
            • 59:30 - 60:00 setting in this network here we have a two option like Bridge Network and net bridge adapter will be for those user who are actually using a using a PC who are actually using a physical device for getting internet access if you're using uh in pre-build buil pre-built pre-built device let us which mean that like the laptop which
            • 60:00 - 60:30 mean that you just need to click it on this option n after clicking it on this option when you are going to restart this K Linux will be able to access this internet and we have the in map in map is actually the force scanning and hosting that is actually covered covered by other team member as well just going
            • 60:30 - 61:00 to inform just going to give you a small detail like this is for operating system detection Port scanning and vulnerability identification and the vasha that is will be just understanding it how actually we can monitor and analyze the network flow which mean that this will be for like we have a HTTP https and mostly use it this will be
            • 61:00 - 61:30 used it for analyzing the traffic just for getting a security investigation and incident response the similarity and the difference is this like the difference is V Shak actually the packet label based n n is Network mapper actually that means the discovery and scanning based it is this is the major difference between n map and and the wi Shack and the similarity in this is actually like
            • 61:30 - 62:00 the network let suppos and both are at the network Prof both are for Network professional and that we try to understand is like this thing all you have proper understanding right now and the very important one is to understand this Zara tool before understanding this Zara tool I'm just going to see this is the site take an
            • 62:00 - 62:30 example actually it can be on it it will be done it on any of the HTML HTTP site I just have found this site I just have found this site on Internet by writing this HTTP Website login here we have n number of site I'm just going to take this bbsa you can take any of the site like any any of the site that will work it on all website
            • 62:30 - 63:00 that will work it on all HTTP HTTP and S actually s is when we just run this uh when we just open this http [Music]
            • 63:00 - 63:30 then we just run this is in this we'll be waiting for a response
            • 63:30 - 64:00 it for
            • 64:00 - 64:30 [Music]
            • 64:30 - 65:00 for
            • 65:00 - 65:30 let we find another login website not contain a login so that we'll be able to access it like log to your account any other site for
            • 65:30 - 66:00 yes this site we just have got right now
            • 66:00 - 66:30 as you can see right now here we have a username and password when the user I just have found it from the internet can it will work it on anywhere let us suppose this website
            • 66:30 - 67:00 I have why why it is always recommended to you all like always check it out with it should be skewed or not skewed right now what exactly it is showing in my browser not skewed what will be happened if you we are going to enter the detail here how actually the attack attacker got this information how actually a Decker retrieve the information I'm just going
            • 67:00 - 67:30 to show you like first of all let we just open the fire sh this is a packet T after opening of this fire Shack we'll be capturing to e ethernet zero after this we'll be clicking it on this start capturing and thereafter let us suppose if I'm just going as a normal user if I'm going to just open a
            • 67:30 - 68:00 browser and going to access a website which is HTTP [Music] right as you can see right now every packet is going to be captured right now what exactly I am browsing it let us suppose if I'm just going to enter Aman
            • 68:00 - 68:30 Kumar and password and there after just clicking it on login button I'm not going to save it not showing anything right now if let us I'm just going to stop this right now now we have to understood the protocol like what exact the protocol it was running right now the HTTP which is
            • 68:30 - 69:00 not seced and in HTTP the request will be either get or post which mean that when we just filter It Out by applying HTTP here actually we can see this like the this is the login. ESP ESP form here we can see here we have the login.asp form what exact the method right now it is going to be called it by using a
            • 69:00 - 69:30 get when you scroll it down and when you see it here we have whatever the information even we can see this information by going to login here we have a follow option HTTP string when we just click it pass I have not shown any password to you but yes AER will be able to retrieve a password with the help of fire which
            • 69:30 - 70:00 mean that whenever we are going to use any of the website that is a responsibility it should be https if it is not if it is HTTP and not only for a like this is not only for a single machine let us suppose if in organization whatever the network is going to be running right now on that with the just with the help
            • 70:00 - 70:30 of w the attacker just can retrieve your information just attacker just can retrieve your username and password like like that does not that we cannot say this thing HTTP is fully secured why the reason behind is but yes obviously it will be skewed the reason behind it will be when when we just applying a filtering on the https right now we just actually we just
            • 70:30 - 71:00 have analyzed to http this will work it on each and every like does not matter like this on this website only well whatever the website you even we can test it out the moral of this is just to understand this like not only many time what exactly we just ignore it like with the help of ignorance ignorance the attacker
            • 71:00 - 71:30 will get an access on that and how actually the attacker is getting an access on that just by using a simple Packet Tracer as you can see right now here as well actually the password will be here will be available in this packets as well scroll a little as you can see here he a password right now see Aman Kumar 61 60 60 6 B
            • 71:30 - 72:00 7572 and the password a b c d e F1 2 3 4 but here in this packet racing it is not much visible when you want to see it should have an understanding of whether it is a what exactly which mean the option will be the follow HTTP stream in this just need to find it just type
            • 72:00 - 72:30 PS with the third call will be able to retri like a b CDE e f 1 2 3 4 I hope all are able to understood right now the what ex the use of this fire sh and yes ma'am uh so actually can you please repeat few of the steps actually I have opened my wi Shar I just want to you know try to do this particular
            • 72:30 - 73:00 practical in my laptop so I have already opened my wire shark but I don't know which steps you followed earlier surely ma'am I'm just going to repeat it again so that we'll be having an understanding okay the first of all like this is not only for this website like first of all just need to open a google.com Google google.co.in and this it can be any website like the
            • 73:00 - 73:30 login here we have a list of website I just have randomly selected this site just going to share you a link as well so that will be able to run it I just have shared a link which mean that the first step the what will be the first step I'm just going to quit this and going to quit this as well will be going to start it from the initial state so that all will be able to understand it the first step
            • 73:30 - 74:00 is first of all we just need to open our v shark after opening a wire shot Shock by default it will be showing you the right now the e eth z just need to click it here after clicking it here by default this will be it starting a capture C it will capture your packet by default just
            • 74:00 - 74:30 go to the browser make sure your Internet is right now will be connected for more confirmation we can type like in this we in this emulator we can type a command like let us suppose a pin google.com if we are retrieving all the pack packet packets which mean internet is right now accessible just whatever the URL that we have copied from the my window 11 I'm
            • 74:30 - 75:00 just going to paste it here this will take a time that all depended it on internet speed take an example I'm just just going to enter a name username is obviously visible but my password will not be visible I'm just
            • 75:00 - 75:30 going to enter 1 2 3 4 5 6 sorry 1 2 3 4 5 6 a m a n and going to click it on login nothing I'm just not going to save anything going back on this and need to stop this after stopping of this very important TW need to understand TCP Erp HTTP https what is the request right now it
            • 75:30 - 76:00 was of HTTP the request is just need to have a basic understanding we'll be able to retrieve a password and Method we have two get and post with in this filter I'm just going to type HTTP here we can see right now what exact the page name login. VP login do sorry login. ASP active server
            • 76:00 - 76:30 Pages here this is the page when you just scroll down here and this will'll be able to see it in this uh just a second just need to check out the post actually we have a two method get method and post let me check it out in this post method scroll down as here you can see Aman Kumar 1 2 3 4 5
            • 76:30 - 77:00 6 am but it is not much readable right now these packets are not much readable right now for more understanding of this what exactly we have a follow option here we have a HTTP stream in this p a s when we just type this you can easily see the password what exactly I just haven't think like this like this is just for your learning
            • 77:00 - 77:30 purpose actually think like take an example if someone want going to shop any one want to buy anything from any shopping website and going to enter the enter the credential going to enter the transactional detail and that detail from the network it can be easily retrieved with this
            • 77:30 - 78:00 Vasa I hope all will be able to understand understand right now and will be able to execute it right now I'm just going to stop this let we go to the machine learning process and we'll be understanding this whole for this machine learning process actually this is the Mal malware detection first first of all I just have downloaded this is a data set actually
            • 78:00 - 78:30 like containing a viruses containing a Mal definition see right now my screen is right now visible to everyone as you can see right now the first one was what exactly we were saying the hash code what exactly this file contain the hash code of all the viruses like I just already shown you this this data the first folder contain no virus the second
            • 78:30 - 79:00 folder contain the malare definition like this hash key index and we say this thing like this is of ROM wear this is of w this is of troan horse back door rootkit downloader encrypter as you can see right now these are the hashing code we have two type of analysis one is static and second one is
            • 79:00 - 79:30 dynamic analysis like this [Music] one this one we have static analysis that means the malare examine the malare without running it the dynamic analysis like involving the running involvement of running the malware but in a Sandbox as you can right now have containing a
            • 79:30 - 80:00 values like it is of 30% infected this file this file got 85% infected not come under this category of this which mean 90 28 having few the decimal value in this we you can see this hash code definition already shown to you like we have a different website we have resources that you can use it like the resources that already shown to you on
            • 80:00 - 80:30 like what Ben what is the benefit of that resources like don't need to install any software like the virus total that I just have shown to you this virus total the benefit of this is the virus to see but right now we are going to move to a next stage that that means not the static stage not the dynamic stage we be
            • 80:30 - 81:00 having a complete hash key definition we be having a values right now and there accordingly let we try to understand this what exact the machine learning and how actually machine learning work it for this detecting the malicious virus because like statists if we are going to communicate we we are going to say this thing like
            • 81:00 - 81:30 the statistically statically it is very hard for detecting the virus statis like right now the first one is first task is for inputting the required Library which mean that the very first task when we just open this very first task is we need a library like our e regular expression library numpy library SK SK learn like we always
            • 81:30 - 82:00 say this after pre-processing the model need to be developed model like I'm just talking about the decision Tre model logistic regation model like the sbm model that all are the part of this SK learn library after this right now it is right now in a r state right now thereafter we just need to like these are just a
            • 82:00 - 82:30 hashing values only that hashing value are not needed right now we just need to retrieve a string from that first of all like this can be done with this with the help of getting the string feature what exactly we are string feature or nothing just think like that having a pattern and this with the conditional call if it matched what what exactly it is returning me string feature and hash feature of
            • 82:30 - 83:00 each after this like after retrieving this feature hash feature this is just a function not this is a function definition right now not called it anywhere see the first step was to import Library what was the second step like to printing function like printing function mean just a function definition with that function definition just that will be helpful for retrieving a sting
            • 83:00 - 83:30 feature from the binary file which mean this is just a strting feature that will be using it in other code thereafter this is the K this is the K mean which mean this is again a function very important one is here we need to understand this thing like in the next one like
            • 83:30 - 84:00 I already have even shared this code that will be available at on a canvas first of all extracting the string feature because after extracting the string feature we just need to decide it okay these are the string feature we have and thereafter what exactly will be the path of like not containing virus like ratio it should be match like 70 30 80 20 similar way from where we just want to
            • 84:00 - 84:30 retrieve this string feature I'm just providing the providing the path like for providing path mean these data providing path mean like I'm just going to call this function in this phase in this phase as you can see right now these are shown in here like here we have this is for not containing any malware this is the path of this is actually my Google Drive that is already
            • 84:30 - 85:00 mounted and I just have downloaded this whole definition like these are the malicious malware the all Malicia definition I just have download and this is just a normal files having the key HH entries just not these are not a harm full files after this first of
            • 85:00 - 85:30 all when we just run it after running of this uh second just a second I just need to mount a drive again
            • 85:30 - 86:00 [Music] which mean this is a malicious Mel detection model and model will be saved it in here we have as now my drive already been mounted right
            • 86:00 - 86:30 now the if I'm just going to run it right now will be able to run it proper way because all the list directory like the that this directory we will be able to retrieve right now like like the malware directory the not Mare and the model which mean that when we are just going to run
            • 86:30 - 87:00 it everything after this will be stored it in a model like this files saved ke GL stream that data if I'm going to show you just a second I'm just going to show you these are the models as you can see the file actually do pickle is a extension of this which mean that if we want to use this we can use
            • 87:00 - 87:30 it with my application we can use it with my any of other application for detecting for detecting it is see is what exactly I just have retrieved the feature after retrieving the whole feature the I just have used it first of all decision tree as you can see right now what exact the accuracy it is right now providing me
            • 87:30 - 88:00 93% of accuracy 93 percentage mean like the back door virus that I'm just going to recalling it like the one input that I'm just going to put it in the dump file job live that showing this thing this is 93% showing this is a virus let us suppose s if we are going to apply another classifier like the
            • 88:00 - 88:30 here we have we can see it in a more visualization like as you can see data visualization we have this matplot Li with the help of mat plot Li with the help of matplot live we can visualize it as you can see right now the complete valuation Matrix the decision uh sorry for Interruption because of Internet issue like right now hope you
            • 88:30 - 89:00 all are able to see my screen right now the accuracy that using a decision tree classifier that is claiming about 93% which mean that the comparison of multiple model is will be needed as usual similar way which mean that I just have a the same the same sting feature I just have tained to this this like the malare or
            • 89:00 - 89:30 not malare like two category after training this machine and with the help of this training sbm classifier lastly the result that we are getting is 97% accurate which mean that this svm model is more fitted as compared to a decision classifier and thereafter I just have a app one more model to check it out using a logistic regression classifier because
            • 89:30 - 90:00 that all come under the classification category which mean whatever the model I need to apply was that was the classifier even I have mentioned in this mentioned all the steps in this document file as well we'll be providing this document file to you as well the accuracy from this 95 but actually when we are just going to check it out the logistic regression as
            • 90:00 - 90:30 compared to sbm model this accuracy is much higher 97.5 let me show I'm just going to show you the complete comparison by comparing all the three by comparing all the three so that we'll be able to understand it and as with the three comparison right now we can easily conclude it out yes the svm is more better as compared
            • 90:30 - 91:00 to all three the reason behind is like the reason like which mean when we like take an example if we just applying only the classifier like let us supp decision classifier we cannot retrieve the more accuracy that means what exact the benefit of this machine learning right now in this data science field the benefit of this is like we
            • 91:00 - 91:30 have like with the help of this which mean we not not need to be much worried about which mean that by default this model will be able to determine okay this Mal this is a malware or not if it will be not which mean that according to the accuracy we'll be getting to know and if we are going to see this the model performance matrices with this matrices what exactly we are understanding this
            • 91:30 - 92:00 thing like the chart that I have shown to you right now this contain accuracy procision recall and all this in this heat map and as you can see the color bar on the right provide the visual scale for the performance scope and ranging it from 0.86 to the 0.98 which mean light light light lightest shade to the darkest
            • 92:00 - 92:30 shade and therea as we can see this thing darker shade mean the more accuracy and the lighter shade mean less accuracy even this is for precision recall and different color color formations are actually formed in this and let we see the comparison of this sbm and the decision and all what exactly we are return
            • 92:30 - 93:00 obtaining from this as we can see right now actually this is a true false true false positive which mean that the SPM matrices we can see right now the 2011 instance of class zero were correctly predicted as zero which mean if which mean not having any virus and 73 instances of class one were correctly predicted as one which mean that which
            • 93:00 - 93:30 mean that either it is infected or having a malicious data a malicious code in the code in the folder that we already have provided in already provided it similar way in this prediction model as we can see it in a decision tree confusion Matrix and decision uh logistic Recreation confusion Matrix and the if we talk about the
            • 93:30 - 94:00 training and validation accuracy uh see right now this is the training and validation accuracy what exactly it is the actually the blue dot that we are seeing this thing the training accuracy this showing that the performance of data it is is going to be learning it from the Blue Line actually represent the validation accuracy and Dot line the dot are
            • 94:00 - 94:30 actually showing the training accuracy and this plot suggest us the model is like the converging and which mean that let us suppose if we want to more if want to add more Improvement yes with because with the help of just having a very less Epoch right now but it will be more time consuming like it mean that it can be reasonable height right reasonable height but it can be
            • 94:30 - 95:00 more improved like we have another resources for improvement like hyper hyper parameter during Gathering a more data because I just have inputed a very less data right now but if we are going more trained that means more accurate more validated and let we see this staining and validation loss with this training and validation
            • 95:00 - 95:30 loss what exactly we are getting this from the visualization like this signify the number of complete passes through the training set and the learning process that means the training loss is in a DOT and training validation loss is in a line line sequence it is show and both training and validation loss that generally decrease over the EO which mean and when just run the EO that means
            • 95:30 - 96:00 higher to lower lower to lower and lastly very low it means as we can see right now trading loss is getting Less on each EO what exact the mean of this which mean that model is itself a learning learning and improving it as well which me at at most cases what exactly we just see it in this like what
            • 96:00 - 96:30 exactly I just told you in this like similar way having EPO as you can see right now the EPO are very very less and if we increase the Appo we definitely getting a more accuracy I'm just going to conclude it so we'll be having a time for the question and answer what exactly we have learned in this 2hour session today I just have started it from the
            • 96:30 - 97:00 very basic steps the basic main what exact the malware is what how actually this malicious software malicious code get enter into my system after understanding of this what exact the key characteristic like stealing a sensitive information like just to get unauthorized access without without the users information without the user information like
            • 97:00 - 97:30 example as the single malare infect can compr compromise an entire system like we have understood the different type of malare back door downloader warm categories even though I just have shown you this FS file as well that contain the hash files hashing as well as the category the types after that we just understood it
            • 97:30 - 98:00 like how actually the Mal of like attaching a One USB drives by default when it just going to be plug in and thereafter system is not much respondant and social engineering as well social engineering mean like manipula the user like so like fix software downloading the infected websites like by default like the ad
            • 98:00 - 98:30 different ads showing in front of you adware like on the browser there after we have understood we do have a two type of analysis static and dynamic static mean like examining the malware without running it but Dynamic wi will be having a Sandbox the isolation actually isolation just for run we run it and therea we'll check the behavior I have shown you few of the
            • 98:30 - 99:00 sites that are very useful for you if we want to check this dynamically whether it is malicious or not
            • 99:00 - 99:30 whether it is M malicious or not and we have understood this the Zara actually the hashing what exact the rule of string what exact the rule of signatures and how actually I have shown you here as well this in this virus total by up uploading a one file there after we got to know okay we got to know the
            • 99:30 - 100:00 detail now still now we are able to understood as okay this is md5 Hash key and what kind of a categories it will be that all depended it on see this the complete detail having in this I have shown you few other sites as well with that website you will be able to get an information at least will be able to secure yourself at least and therea we got an security security side
            • 100:00 - 100:30 check what exact the benefit of this cury side check here next we have understood like we what will be what will be happened if we are going to add the detail in this HTTP that means shown you then this K Linux the with the help of V with the help of VHA and how we can retrieve it just going to show you not
            • 100:30 - 101:00 the complete one just going to show you what exact the benefit of protocol like at that time we have used HTTP here I just have apply a filter after filtering HTTP there on right click on this we will be having a follow option in that HTP HTTP streamware that will be containing your user and username and password thereafter we'll have seen like we right now we have a machine learning
            • 101:00 - 101:30 environment machine learning environment mean machines are learning and improving nowadays which mean that if let us suppose I just want to develop a model for that model we should have first very important one we should have a data data mean should have like 70 30 or 8020 ratio which mean not virus or a virus so that machine will be able to understand
            • 101:30 - 102:00 it machine will be able to retrieve the hash key we have seen the whole code we have understood what exact the function we need to call even this code I have provided to to you this code will take around 1 hour or even more than time of this just to run this code the reason I just have run it for a very less AO if we are going to increase this AO with
            • 102:00 - 102:30 this loss function we are were able to understood it as I have shown to you uh here like on each and every eoch the training loss function is going to reduced that all the things we have understood in this session today he