WEBVTT

00:00.240 --> 00:06.960
In this video, we're taking a look at the website D hashed and it can be found at HTTPS calling forward

00:06.960 --> 00:10.290
slash forward slash D hash dot com.

00:11.100 --> 00:17.310
Now what D hashed is is its website is comprised of various data breaches and they allow you to actually

00:17.310 --> 00:18.600
search these data breaches.

00:20.220 --> 00:25.980
Now, it's a it's a freemium service and I call it a premium service because there's different tiers.

00:26.820 --> 00:33.930
You could create an account for free and you can browse and take a look at you, put in email addresses.

00:33.940 --> 00:39.600
You can put names, passwords, pretty much anything into the search engine.

00:40.020 --> 00:43.470
And you can take a look and see if there's some issue with the data breach.

00:44.310 --> 00:50.370
Now, if you're on a free service, it'll tell you that it's part of X, Y or Z data breach.

00:50.370 --> 00:51.660
If it is part of a data breach.

00:51.660 --> 00:54.180
But you won't be able to get much more information than that.

00:55.440 --> 01:00.660
In order to see that information, you're going to have to pay for to be able to see it.

01:00.660 --> 01:02.640
And we'll take a look at that in a minute.

01:04.740 --> 01:11.020
Now, if you click on the breach list, we could take a look at the various data breaches that is part

01:11.020 --> 01:18.930
of D Hashed is you can see here there is quite a bit of data breaches here and we can see how new the

01:18.930 --> 01:23.760
data breaches and how many people affected in the site.

01:23.760 --> 01:33.330
Up here we can see there's almost 6000 searchable databases, 1 million plus total pays, 30,000 plus

01:33.330 --> 01:36.150
websites, hacked daily, etc..

01:38.550 --> 01:40.770
In if we go down to upgrade.

01:40.770 --> 01:45.000
I'm currently logged in and I do have a paid account for right now.

01:46.110 --> 01:47.250
We can see that free.

01:50.250 --> 01:56.160
Let you monitor your accounts and limit searches, but the results are censored.

01:56.490 --> 02:02.430
Now, if you want to, if you're doing an ocean investigation and you find something and you don't want

02:02.430 --> 02:09.960
to really pay a lot into it, you could pay 399 currently you get some days access, full access, unlimited

02:09.960 --> 02:11.190
searches within that time.

02:11.190 --> 02:16.650
So there should be plenty of time if you if you actually come across someone or something.

02:17.460 --> 02:27.330
And if we keep going down here, looks like it's 1130 a month or 120 999 for 12 months, etc..

02:27.990 --> 02:32.130
So we're going to go ahead and we're going to go search a account.

02:32.580 --> 02:37.560
And this is one of my friends account and we talked to them and I got the go ahead to go ahead and use

02:37.560 --> 02:39.240
it because here he changed his password.

02:40.350 --> 02:46.410
Now, the important thing you want to do, if you're putting a name, address, a phone number or email

02:46.410 --> 02:48.330
address or what have you put it in quotes.

02:48.810 --> 02:53.070
So I have, quote, Mustang 169 at Hotmail AKAM, end quote.

02:54.060 --> 02:57.900
Now, the reason why you want to put quotes in is if you don't put quotes in.

02:58.560 --> 03:03.690
If I punches in, it may potentially it'll probably come up with a bunch of Hotmail addresses are completely

03:03.690 --> 03:04.440
unrelated.

03:05.070 --> 03:07.140
So putting the quote in there will isolated.

03:07.890 --> 03:12.460
So once you have the whatever criteria you have, go in click search.

03:16.380 --> 03:16.770
Okay.

03:16.800 --> 03:20.160
And as we see here, it's it was part of several data breaches.

03:20.160 --> 03:27.410
We have a breach compilation dump last FME dump last stuff.

03:27.500 --> 03:36.630
And if I click on here I could see that email address in the past was crusty one and we click through

03:36.630 --> 03:37.050
here.

03:37.260 --> 03:40.740
Sometimes capacitors will be in plain text, sometimes it'll be hashed.

03:42.270 --> 03:44.910
Okay, in here it's the same one, the plain text.

03:44.910 --> 03:49.680
And here we have a hash password and we have a username.

03:50.070 --> 03:55.620
Now this is really great information because since I have a username, I could, I could take that username,

03:55.620 --> 03:58.740
put it back in t hash, see what else it comes up with.

03:58.740 --> 04:04.080
So if we're doing the ocean investigations, someone and we have an email address say we don't know

04:04.080 --> 04:10.380
where else or they're a part of using D hashed using the email address.

04:10.380 --> 04:12.930
In this case I found out that.

04:12.930 --> 04:15.360
Okay, well, it looks like they have a Last.fm account.

04:15.620 --> 04:21.210
It looks like they were part of this other British compilation and it came up with the username.

04:21.210 --> 04:26.730
So again, take the username, you can put it back in D hash and find out where else that username was

04:26.940 --> 04:27.660
being used.

04:29.430 --> 04:38.430
Now the other thing you could do is you can copy this hash password and you can reverse a hash on it.

04:38.970 --> 04:40.620
Try to see what that password is.

04:41.430 --> 04:47.540
So we go here to this reverse online hash lookup and there's a lot of them out there.

04:47.550 --> 04:56.100
The one I'm using is reverse dash, hash dash lookup period online dash domain dash tools dot com.

04:57.270 --> 04:57.590
Okay.

04:58.630 --> 05:00.300
I'm just going to copy that in here.

05:01.230 --> 05:01.770
In in here.

05:02.400 --> 05:11.640
I'm using this one because you could actually change it from now b5 sha1, sha256 lrm into Elm, etc.

05:13.170 --> 05:17.790
and you're probably not going to know what the hash is, what type it is.

05:18.480 --> 05:19.220
That's okay.

05:19.230 --> 05:26.220
Like, for example, if I, if I do try to do this show when I do a reverse, it should give me an error

05:26.220 --> 05:26.790
message.

05:27.390 --> 05:27.690
Yeah.

05:27.720 --> 05:32.010
Error expect of 40 characters long alphabet string.

05:32.280 --> 05:36.350
So that's a good indication that it's not a SHA1 hash.

05:37.010 --> 05:39.270
Speaker two I'm going to reverse that hash.

05:40.500 --> 05:40.890
Okay.

05:41.010 --> 05:46.230
And it looks like as a result down here, it says crusty one, which was his password.

05:46.290 --> 05:53.340
And we can actually verify by going these other ones here, crusty one now which you could do with that

05:53.340 --> 05:54.150
information.

05:55.500 --> 05:59.760
You can take that password and you can again go back into the hashed.

06:02.570 --> 06:04.970
And search it again in Syria.

06:04.980 --> 06:06.380
Also, password was used.

06:07.010 --> 06:11.420
Now, this isn't a guarantee that you're going to come up with that exact person.

06:12.950 --> 06:17.000
You have a better chance if it's a unique password, like a really unique password, crusty one.

06:17.720 --> 06:25.640
Probably not so unique, especially since SpongeBob fans might be using it, crusty crab and whatnot.

06:26.120 --> 06:33.260
So in here we found people are using Krusty one as an email account, Yahoo account, Gmail accounts

06:33.260 --> 06:34.010
and whatnot.

06:36.740 --> 06:44.030
But again, if you do come up with a unique name, a unique password, going through an entry hash code

06:44.030 --> 06:45.030
and search, searching through.

06:45.050 --> 06:46.160
Maybe you'll get lucky.

06:47.120 --> 06:53.830
In our case, we also found a username again through the username back and she will say came up from

06:53.840 --> 06:59.270
you might uncover more passwords, more locations where that account might be from.

07:00.140 --> 07:05.930
So again, this is about using hashed to help your own investigation.

07:06.170 --> 07:08.780
Thank you for watching and I'll see you in the next video.