 So, labs 2.3 and 2.4 are really about the same. What they're doing is they're basically saying, if I download a file, in this case, say for example, I'm downloading WinSCP, I want to make sure that the file I've downloaded has not been tampered with. And if I go through that song and dance, I go through and I'm going to download this file. I'm going to just pick the installation package for now. That's fine. You notice, as it's downloading, I've got this checksum section. And the idea behind this, the big fancy word for this is what I'm looking at is a hash. Each one of these are different algorithms that basically run through the binary of my file, the ones and zeros of my file. And what they do is they take it and they spit out some hexadecimal value using their algorithm. In the file, we're getting FD01, et cetera. So, the reason why this is important is now I can take this hash that they have hosted on their official site. And I can take my file and I can produce that same hash. Now, how I do that, in my case, is I happen to have another file just happened to be downloaded called SigCheck. And as you can see, it hovers. It is a file version and signature viewer. So how can I use this? Well, I'm going to just use some magic here, some keyboard shortcuts. I'm going to hold the shift key and right click on the white space. That pulls up a nice little menu. And as you can see, I get an option called open command window here. That all of a sudden is going to give me this command prompt that I can work from. So, if I just type in SigCheck by itself, SigCheck EXE, and I hit enter, I'm going to all of a sudden get sort of the usage kind of descriptor of this file, the SigCheck. It's telling me, hey, this is how you use it. You type SigCheck EXE, you put in all these different tags, if you will, and then you give me the file. I don't actually have to put those in. The square brackets in sort of our programming world, in our command prompt world, the square brackets indicate it's an optional thing. So, if I come in here and I type in SigCheck, I'm going to type in just Sig, and luckily I'm going to use my keyboard and I'm going to hit tab. Notice that autocomplete came in. That's really nice. That's a fun option. I'm going to do it again. I'm going to type win. You notice it automatically fills that stuff in for me. And so, if I hit enter, what I get is I see sort of the digital signature of this file that I've downloaded. And it's built by Martin Precryl. I'm butchering that. So, like I said, now it's time for us to check to make sure it's not been tampered with. I can take that same file and just same magic I'm doing here. I'm just hitting the up arrow. That's going to fill it in. Well, in this case, I'm going to hit the down arrow. You just up and down if you want to cycle through all your previous commands. Before I say the file name, if I follow the structure that they give me up here, the SigCheck, you see all the different commands file. So, I'm going to put right in between, right before win scp-h-h. So, all of a sudden, what I'm saying is I want not only SigCheck, not only give me the signature, but if we then kind of compare and contrast all these different options, show file hashes. Like I said, that's what the MD5 is. When I hit enter, not only do I see the signature, but I also see those same hashes. It runs through and it's not that it's pulling those from somewhere. It's actually calculating out those hashes. MD5 is a very common algorithm. We know what it does. So, the big thing is, all of a sudden, what happens if it tampered? It's been tampered with. In my sake, I have a program on my computer called HexEdit. HexEdit allows me to view sort of the binary, the hexadecimal of any particular file. And I'm going to come in and I'm going to take a look when scp. You can see I start to see all of the different kind of parts to it. Now, the big thing I'm going to do is I'm not going to do anything malicious, but this is the kind of, I want to start to stick it in your brain. I can inject stuff. I can change things inside this code. I can do it and it's not going to break the program. In my case, again, just going to do something simple. I'm going to do a quick little look for Martin's name. There's Martin's name. You can see because that's Texas somewhere in there, that M-A-R-T-I-N has to be a char. It's a hexadecimal value. So, it's right there. It's on this massive line near the bottom. All I'm going to do is I'm going to just be... I wouldn't even call it my be malicious. I'm just going to be a jerk for a second. His name is Martin. Go back in time. He was probably made fun of as a kid because his name sounded like... Oh, do I want to turn this off? Yes, I do. Do I want to turn this off? Yes, I do. He was probably made fun of and his name was Fartin. Ugh, Fartin. All I've done is I've said let's change that F. I'm going to save this. I'm going to save that. Now, if I take a look over inside of my file, I want to prove that I can tamper this. I'm going to come in, just run this as an admin. The second, carry the two. It's because it's still open. Close. Run it as an admin. Windows protected your file. Luckily, I happen to have Windows Defender. Hey, you know, hey, this is... But I'm going to run it anyway. I made a change to this file and it's okay with that. It's going to go through the entire install process. This is all of a sudden where SIG check can come into play. I can use that same command. And what's going to happen is if I check the hash, notice that it took a second. And that hash is not the same all of a sudden. That FDO1, I made one change. I changed an M from an F. I'm getting 7A, 8, 5, all of this nonsense. So all of a sudden what we're doing is we're making sure that what we download is valid.