Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:12,360 --> 00:00:14,230
And we'll go back to another episode on How to Hack.
2
00:00:14,850 --> 00:00:17,570
So today we'll be discussing about this cyber attack chain.
3
00:00:18,120 --> 00:00:23,010
The reason why we have to understand about a cyber attack is because there are a lot of questions about
4
00:00:23,370 --> 00:00:27,750
what goes on in the penetration testing, how our security assessment being carried out.
5
00:00:28,050 --> 00:00:32,430
And the best way to actually describe that is to look at cyber attack chain.
6
00:00:33,000 --> 00:00:38,910
So in this case, cyber protection is, of course, developed by Lockheed Martin, and it is to help
7
00:00:38,910 --> 00:00:46,110
us understand and visualize the step by step process of how hackers actually go after specific individuals,
8
00:00:46,410 --> 00:00:51,990
a particular enterprise that they have been hired to go after, or if they are state funded hackers,
9
00:00:52,290 --> 00:00:58,350
state sponsored hackers, and they have a particular agency in mind and they are supposed to go after
10
00:00:58,350 --> 00:00:58,620
them.
11
00:00:59,130 --> 00:01:04,740
So there are so many tutorials and so many different kind of hacking videos available.
12
00:01:04,900 --> 00:01:08,370
But the whole idea is doing what you have or you're doing a penetration testing.
13
00:01:08,700 --> 00:01:15,390
It's important to follow this step by step process and it will really help you be able to control and
14
00:01:15,390 --> 00:01:20,660
manage how far you're going into cyber attack chain and how far are you going to penetrate the testing.
15
00:01:21,160 --> 00:01:26,090
So on the left side, we actually have the different phases and of course, we have seven phases.
16
00:01:26,340 --> 00:01:32,580
So here we go, reconnaissance, which is about finding out information on publicly available websites.
17
00:01:32,910 --> 00:01:35,100
And of course, we are weaponization is number two.
18
00:01:35,110 --> 00:01:42,180
So this is about how we can create the payload, whether it is a fully undetectable payload, a microwave
19
00:01:42,180 --> 00:01:42,540
cell.
20
00:01:42,690 --> 00:01:45,810
It's about how we can weaponize it and delivery.
21
00:01:45,840 --> 00:01:47,550
Are we going to use a USB?
22
00:01:47,760 --> 00:01:49,800
Are we going to send a phishing email?
23
00:01:49,920 --> 00:01:51,350
Are we going to send Seabass?
24
00:01:51,450 --> 00:01:56,790
So again, those are the delivery mechanisms that we'll be using in terms of putting the weaponization
25
00:01:56,790 --> 00:01:58,800
or the weaponized payload into the system.
26
00:01:59,430 --> 00:02:01,280
And of course, we have our exploitation.
27
00:02:01,290 --> 00:02:05,850
So exploitation is a way for us to actually attack into the system.
28
00:02:05,850 --> 00:02:11,640
So we will execute you will execute the particular exploit that we have created in number two, which
29
00:02:11,640 --> 00:02:14,760
is to weaponize of payload and number five installation.
30
00:02:14,760 --> 00:02:20,640
So we'll install the malware into the system, into the mobile device or any assets that we have on
31
00:02:20,640 --> 00:02:21,210
hand on.
32
00:02:21,670 --> 00:02:24,600
And this is when we go into number six, where we have command and control.
33
00:02:24,990 --> 00:02:30,240
So whenever you're looking at the tutorials, you're looking at that display framework as the command
34
00:02:30,240 --> 00:02:33,840
and control center to manage and control many of these devices.
35
00:02:34,110 --> 00:02:37,000
And of course, the final thing is on actions and objectives.
36
00:02:37,170 --> 00:02:40,050
So this is what are we trying to accomplish?
37
00:02:40,080 --> 00:02:41,340
Have we achieve our goal?
38
00:02:41,550 --> 00:02:42,220
What was the goal?
39
00:02:42,240 --> 00:02:44,100
Was it for personal data?
40
00:02:44,100 --> 00:02:45,540
Was it for credit card information?
41
00:02:45,570 --> 00:02:46,790
Was it for financial data?
42
00:02:47,040 --> 00:02:49,200
Was it for state secrets?
43
00:02:49,230 --> 00:02:53,160
So, again, all these are the things that we're looking at in terms of the cyber attack chain.
44
00:02:54,780 --> 00:02:58,000
So, of course, we discussed the cyber security Kuching.
45
00:02:58,050 --> 00:03:02,340
So it's really important what you're talking about, the chain of cyber attack chain, because many
46
00:03:02,640 --> 00:03:07,020
enterprises or users can be victimized by many of these cyber breaches.
47
00:03:07,020 --> 00:03:10,630
And over here we can see the different companies that have been compromised.
48
00:03:10,650 --> 00:03:12,930
And again, it all follows the same steps.
49
00:03:12,930 --> 00:03:17,730
So if you read up about the hacks that have happened, you'll recognize that many of these hacks that
50
00:03:17,730 --> 00:03:19,980
have happened follow this specific step.
51
00:03:19,990 --> 00:03:26,070
So if you manage to get a detailed report on it, you'll be able to see how the hackers actually attack.
52
00:03:26,190 --> 00:03:31,050
And it is very similar to what you see in a cyber attack chain, all the cybersecurity cuchi.
53
00:03:33,410 --> 00:03:38,150
So the first step is about reconnaissance, a reconnaissance is about finding publicly available information,
54
00:03:38,420 --> 00:03:45,770
using who is using domain name servers, information, lookout on your servers, and be able to find
55
00:03:45,770 --> 00:03:51,710
out what data they have using Net Kroloff using all these different kind of publicly available information,
56
00:03:51,710 --> 00:03:57,170
including also on Google searching to find out usernames, passwords, more tanks of all the domains
57
00:03:57,560 --> 00:04:03,590
going into dark web, finding accounts, data or passwords of this particular enterprise and getting
58
00:04:03,590 --> 00:04:04,040
those data.
59
00:04:04,910 --> 00:04:10,490
So, again, the characteristics of this, it could range from minutes all the way to weeks and months
60
00:04:10,490 --> 00:04:12,020
trying to find out all this data.
61
00:04:12,290 --> 00:04:14,960
And because a lot of users have social media accounts.
62
00:04:14,990 --> 00:04:20,570
Again, those are good places to also start all that to find out more details about enterprise, about
63
00:04:20,570 --> 00:04:22,320
individuals working in the enterprise.
64
00:04:22,580 --> 00:04:24,610
So this is what we call passive reconnaissance.
65
00:04:24,860 --> 00:04:30,080
We are trying to file all publicly available information, not directly interacting with the enterprise.
66
00:04:30,080 --> 00:04:31,880
So do not on debt.
67
00:04:33,570 --> 00:04:37,610
And of course, this is where we have the active reconnaissance, so active reconnaissance means we
68
00:04:37,620 --> 00:04:38,610
are probing the system.
69
00:04:38,610 --> 00:04:44,130
So whenever you'll look at and map that we have been using in a number of the tutorials, we are trying
70
00:04:44,130 --> 00:04:47,840
to get details about the services of the systems and servers.
71
00:04:47,840 --> 00:04:50,900
They're available in site, that particular enterprise.
72
00:04:51,150 --> 00:04:56,940
So we are actually trying to prop directly into the system, looking at fingerprinting, reconnaissance.
73
00:04:57,210 --> 00:05:01,210
We are working and we are pinging the system to find out more details and data.
74
00:05:01,560 --> 00:05:04,580
So this are information that we can find out immediately from.
75
00:05:04,950 --> 00:05:11,010
So again, active reconnaissance and passive reconnaissance are very different in terms of trying to
76
00:05:11,010 --> 00:05:12,330
find out all these details.
77
00:05:15,190 --> 00:05:19,300
So, of course, this is where we go into the weaponization stage, so the weaponization stage would
78
00:05:19,300 --> 00:05:24,880
actually allow us to see what kind of payload we can create sort of first and most use is actually using
79
00:05:24,880 --> 00:05:29,770
Emmis of venom, or you could actually use a different kind of tubes to create a payload so you could
80
00:05:29,770 --> 00:05:36,130
write your own script or your own malicious software if you know C programming and so on, or you want
81
00:05:36,130 --> 00:05:37,480
to put it up on the shell.
82
00:05:37,480 --> 00:05:40,240
You want to get a reverse shell on it, you want to get a seashell on it.
83
00:05:40,270 --> 00:05:43,420
So again, all these are available as part of weaponization.
84
00:05:43,600 --> 00:05:49,320
And in terms of weaponization, we are also thinking about how can we make it fully undetectable so
85
00:05:49,330 --> 00:05:54,640
that we'll use encoding matter to use different kind of Métis to mask the capability from detection
86
00:05:54,640 --> 00:05:55,900
by antivirus systems.
87
00:05:56,320 --> 00:05:59,600
And of course, ultimately this would bring us into the delivery stage.
88
00:05:59,890 --> 00:06:04,750
So in the delivery phase, this is the part where we're thinking about how are we going to deliver the
89
00:06:04,750 --> 00:06:06,400
payload into the user's machine?
90
00:06:06,820 --> 00:06:11,380
So, again, over here we go to social engineer has seen a number of tutorials.
91
00:06:11,620 --> 00:06:13,350
So it's about website attacks.
92
00:06:13,360 --> 00:06:15,880
We want to create website hoster, particular payload.
93
00:06:16,120 --> 00:06:22,390
Do you want to create infectious media generator put into a USB drive executed moment of user plug it
94
00:06:22,390 --> 00:06:23,330
into the computer.
95
00:06:23,740 --> 00:06:24,730
Do you want to have a payload?
96
00:06:24,730 --> 00:06:29,710
You want a mass mailer to all these options are here inside a social engineer toolkit and we'll be exploring
97
00:06:29,710 --> 00:06:30,790
a lot more later on.
98
00:06:31,090 --> 00:06:32,860
So this is about the transmission of the attack.
99
00:06:33,070 --> 00:06:37,260
How do we get the payload, a weaponized payload into the user's computer?
100
00:06:37,270 --> 00:06:43,960
So, again, another key point in terms of sending out a face in order to talk about is also what kind
101
00:06:43,960 --> 00:06:44,920
of payload are you doing?
102
00:06:45,220 --> 00:06:47,960
Because some of these delivery mechanisms can be very different.
103
00:06:48,250 --> 00:06:53,740
So, one, you could be using a lot of phishing emails that could be blasted out to millions of users
104
00:06:54,130 --> 00:06:54,700
or two.
105
00:06:54,700 --> 00:07:00,430
It could be a very targeted, very specific format of the email that is sent to one person where we
106
00:07:00,580 --> 00:07:05,110
just want that person to click onto it so that we can go after that particular entity.
107
00:07:07,220 --> 00:07:12,110
And this is on the exploitation stage, so this is what happens once you're weaponized, you've delivered
108
00:07:12,380 --> 00:07:15,500
the user clicks onto it and you get a revised shell immediately.
109
00:07:15,530 --> 00:07:17,270
So this is the detonation of the attack.
110
00:07:17,660 --> 00:07:21,860
So once the exploit happens, we are in we are into the system.
111
00:07:22,070 --> 00:07:25,470
And this allow us to have control of their environment.
112
00:07:25,670 --> 00:07:30,290
So, again, this is all about gaining access, bypassing security mechanisms.
113
00:07:30,290 --> 00:07:32,450
So this is the detonation of the payload.
114
00:07:34,540 --> 00:07:37,960
And of course, once you hit a destination, this is where we go into the installation.
115
00:07:37,990 --> 00:07:40,970
So this is where we want persistance inside the system.
116
00:07:41,030 --> 00:07:46,600
We want to have the ability to persist inside the mobile device, inside the server, inside a computer
117
00:07:46,600 --> 00:07:47,140
device.
118
00:07:47,650 --> 00:07:50,950
So, again, this is what we call a payload again on the screen.
119
00:07:51,250 --> 00:07:52,830
So this is a Microsoft disable.
120
00:07:53,080 --> 00:07:59,710
Once the user click on enable content immediately will get access and we'll install a pilot into the
121
00:07:59,710 --> 00:08:05,260
system and we will actually create persistance so that we can be able to latch onto the computer system
122
00:08:05,260 --> 00:08:07,270
no matter how much the update to it.
123
00:08:09,520 --> 00:08:13,510
And of course, this is the command and control and command control, we have a number of options in
124
00:08:13,510 --> 00:08:17,530
sight, the channel where we discuss about how we can actually control the system.
125
00:08:17,530 --> 00:08:22,900
So the first one that is most use a lot of time is using a supply framework and as of flow, of course,
126
00:08:22,900 --> 00:08:24,340
on empire power shell.
127
00:08:24,340 --> 00:08:28,300
So Ampara directly to manage based on the power shell scripting.
128
00:08:28,300 --> 00:08:32,320
So and not a great way for us to manage many, many of these computers and systems.
129
00:08:32,560 --> 00:08:34,170
So this is what we call the bots.
130
00:08:34,540 --> 00:08:39,150
So any of these computers that have been hacked into, we call them to barter, we controlling them.
131
00:08:39,400 --> 00:08:41,590
And on the top you can see we got a bot herders.
132
00:08:41,590 --> 00:08:48,040
So the bot herder actually allows you, which is you to control what the bots will do as a result of
133
00:08:48,040 --> 00:08:50,290
them being hijacked into.
134
00:08:53,340 --> 00:08:55,870
So, of course, the focus can be very different.
135
00:08:55,920 --> 00:09:00,770
So if you're a state funded hacker, chances are you're going for sensitive data, confidential data,
136
00:09:00,930 --> 00:09:05,010
top secret data, top secret data, meaning they have grave danger to a nation.
137
00:09:05,160 --> 00:09:07,740
So you're going after those specific data.
138
00:09:08,190 --> 00:09:13,260
And if you are a cyber criminal who was going after for financial gains, then you have a very different
139
00:09:13,260 --> 00:09:13,770
set of data.
140
00:09:13,770 --> 00:09:18,030
You could be looking for credit card information, username passwords, doohickeys set on a dark web.
141
00:09:18,240 --> 00:09:24,180
So, again, the purpose, the action and the objective can be very different across many different
142
00:09:24,180 --> 00:09:26,970
kind of threats, many different kinds of attacks.
143
00:09:29,460 --> 00:09:33,480
So, of course, the question will be, if I'm a defender, I'm going on the blue team and I want to
144
00:09:33,480 --> 00:09:36,280
protect against this cyber attack, what can we do?
145
00:09:36,690 --> 00:09:40,860
So the whole idea goes back into the concept of defense, defense in depth.
146
00:09:40,860 --> 00:09:46,190
So defense in depth means that we must always have a way of slowing down the attacker.
147
00:09:46,530 --> 00:09:51,380
So if a state funded hacker or someone who is persistent in trying to get into enterprise, getting
148
00:09:51,390 --> 00:09:57,090
a data, what we can do is to slow down the person as much as possible and keep changing to different
149
00:09:57,090 --> 00:10:00,630
kind of security mechanisms or countermeasures that we have in place.
150
00:10:00,630 --> 00:10:04,920
That will take a very long time for the hacker to go after you.
151
00:10:04,950 --> 00:10:10,580
So if you're managing an enterprise, you may have thousands of computers and point servers and so on.
152
00:10:10,920 --> 00:10:16,080
So what you do is you will actually make sure that you have antivirus systems, you have a security
153
00:10:16,080 --> 00:10:21,360
monitoring platform, you have a web application, firewall database, firewall and many different of
154
00:10:21,360 --> 00:10:24,300
these security mechanisms in place that will slow down your hacker.
155
00:10:24,600 --> 00:10:30,030
So the hacker want to get in to you to USB and you realize that all of your end points have the USB
156
00:10:30,030 --> 00:10:33,930
disable, then a hacker have to try something else in order to gain access into a system.
157
00:10:34,230 --> 00:10:38,700
And this would take longer and longer for them to persist through in order to gain access into your
158
00:10:38,700 --> 00:10:39,580
sensitive data.
159
00:10:40,020 --> 00:10:45,360
So defense in depth is going to be a great way for you to actually stop many of these potential threats.
160
00:10:47,740 --> 00:10:52,720
So, of course, there are some potential flaws with the whole idea of the cyber attack chain and of
161
00:10:52,720 --> 00:10:58,750
course, thinking about a cyber Accutane is that the hacker has to go through every of this single phase.
162
00:10:59,140 --> 00:11:04,780
But the reality is that that's not the case because the hacker could perhaps be able to get all your
163
00:11:04,780 --> 00:11:10,090
usernames and passwords directly from publicly available information due to all the data breaches.
164
00:11:10,480 --> 00:11:15,430
And from there on, they could immediately get access into many of your accounts and credentials.
165
00:11:15,610 --> 00:11:20,770
So that could be a very quick way, because on point number two or seven steps must be successful for
166
00:11:20,770 --> 00:11:22,210
a successful cyber attack to occur.
167
00:11:22,500 --> 00:11:26,770
But that's not always the case, because once you got usernames, once you got passwords, you could
168
00:11:26,770 --> 00:11:33,640
morph your attack into other ways or other objectives in order to gain other kind of sensitive data.
169
00:11:34,420 --> 00:11:39,970
So, of course, on the finer point, the defender has seven opportunities to break the chain and minimize
170
00:11:39,970 --> 00:11:40,820
data exfiltration.
171
00:11:40,840 --> 00:11:45,340
So if you're playing blue team again, you recognize that you do have the advantage.
172
00:11:45,340 --> 00:11:51,910
If we are trying to conceptualize playing defense in terms of trying to stop the hacker from gaining
173
00:11:51,910 --> 00:11:54,570
full access or completing the full cyber attack chain.
174
00:11:55,420 --> 00:11:58,270
So once again, I hope you learned something valuable in today's lecture.
175
00:11:58,300 --> 00:12:02,170
So if you have any questions, feel free to comment below and I'll try my best to answer any of your
176
00:12:02,170 --> 00:12:02,770
questions.
177
00:12:03,040 --> 00:12:06,850
So we're going to, like, share subscribe the channel so that you can be kept abreast of the latest
178
00:12:06,850 --> 00:12:07,650
cybersecurity Tiriel.
179
00:12:07,870 --> 00:12:09,340
Thank you so much once again for watching.
20253
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.