All language subtitles for 016 Check Phone For Indicators Of Compromise.en--- [ FreeCourseWeb.com ] ---
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scots Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sundanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
Odia (Oriya)
Kinyarwanda
Turkmen
Tatar
Uyghur
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:13,200 --> 00:00:18,630
Hey, guys, welcome back to another episode on how to defend and to do with looking at how can we check
2
00:00:18,630 --> 00:00:21,390
if a mobile device has already been hacked.
3
00:00:21,600 --> 00:00:24,270
OK, so this is going to be a little more technical.
4
00:00:24,450 --> 00:00:31,350
OK, so we need some form of command line interface, define up the processes as well as the network
5
00:00:31,350 --> 00:00:38,130
elbaum connections that we're having from our mobile device all the way out onto the Internet or into
6
00:00:38,130 --> 00:00:41,130
some hacking server that is in control of all mobile devices.
7
00:00:41,940 --> 00:00:46,380
So the first thing we want to do is, of course, want to highlight over here, I have an Android device
8
00:00:46,380 --> 00:00:48,270
running on the left side of the screen, as you can see.
9
00:00:48,930 --> 00:00:54,390
And it can be the same for a physical Android device that you can do the same to.
10
00:00:54,420 --> 00:00:59,960
OK, so you can go ahead and plug in your Android device into a computer system which already has Android
11
00:00:59,990 --> 00:01:01,270
debark running.
12
00:01:01,530 --> 00:01:06,330
So if you're not sure what is Android debark, which we have a video tutorial on that, so do check
13
00:01:06,330 --> 00:01:07,260
it out on a channel.
14
00:01:08,010 --> 00:01:11,820
So what are we going to do now is to actually go ahead and open up command problem?
15
00:01:11,880 --> 00:01:12,980
OK, is it going to open it up?
16
00:01:13,230 --> 00:01:16,080
And of course, I'm going to zoom in a little more so it's easier for you to see.
17
00:01:17,040 --> 00:01:22,020
OK, so I'm going to put this as for in twenty eight, OK, so what we'll do now is to actually kick
18
00:01:22,020 --> 00:01:22,750
start EDB.
19
00:01:23,100 --> 00:01:29,100
So we will need a connection into the Android device or discus shell and we can issue some interesting
20
00:01:29,100 --> 00:01:31,710
commands to find out what's going on on the device.
21
00:01:31,770 --> 00:01:36,360
OK, on a background, on a background, I actually have a colonics machine running, so we'll look
22
00:01:36,360 --> 00:01:38,630
at what's normal and what is abnormal.
23
00:01:38,970 --> 00:01:42,150
What are some of the indicators that your phone has already been compromised?
24
00:01:42,570 --> 00:01:49,080
So first of all, you can go in, enter Adibi devices and it will show us a list of Android devices
25
00:01:49,080 --> 00:01:50,940
that are connected to your computer system.
26
00:01:51,200 --> 00:01:54,100
OK, so you could do the same for any form of operating system.
27
00:01:54,120 --> 00:02:00,600
So go ahead, enter AB Shell and this would bring us into the device itself.
28
00:02:00,630 --> 00:02:03,830
So now we are currently controlling the device on the left side.
29
00:02:03,840 --> 00:02:04,410
You can see.
30
00:02:05,070 --> 00:02:08,970
So of course, one of those things that we can do is to issue some commands and one of those commands
31
00:02:09,300 --> 00:02:10,430
is, of course, Nestande.
32
00:02:10,530 --> 00:02:16,680
So instead help us find out what are some of the elbow connection or establish connections that we have
33
00:02:17,040 --> 00:02:20,510
and a really important areas over here to really important areas over here.
34
00:02:20,820 --> 00:02:22,620
So we have here what is normal.
35
00:02:22,680 --> 00:02:26,680
OK, so we have an established connection, active Internet connections.
36
00:02:26,740 --> 00:02:28,560
OK, so over here, this is what we're seeing.
37
00:02:29,190 --> 00:02:29,570
All right.
38
00:02:29,940 --> 00:02:32,400
And what I'm going to do next is over here.
39
00:02:33,480 --> 00:02:38,540
I really have a malicious application installed into the device in the back door.
40
00:02:38,550 --> 00:02:40,220
I'm going to start up display.
41
00:02:40,290 --> 00:02:41,830
OK, so I'm going to go into terminal.
42
00:02:42,030 --> 00:02:43,320
OK, so this is colonics.
43
00:02:43,920 --> 00:02:48,240
I'm going down to MSF console to start up exploit and I'm going to open up.
44
00:02:48,450 --> 00:02:54,640
OK, a reverse shell from the device all the way into decolonize system.
45
00:02:54,660 --> 00:02:55,770
OK, so go ahead, enter.
46
00:03:00,250 --> 00:03:01,390
So I'm going to set to table now.
47
00:03:06,160 --> 00:03:11,460
OK, so I will, of course, enter DDR to find the IP address of two colleagues machine and set the
48
00:03:11,470 --> 00:03:12,040
alehouse.
49
00:03:14,050 --> 00:03:18,520
So, of course in this case, the IP address of our colleagues machine is one or two one six eight zero
50
00:03:18,820 --> 00:03:19,630
one zero six.
51
00:03:19,630 --> 00:03:25,630
Go ahead and hit enter and that enter show options to see all the listed options and go ahead and enter
52
00:03:25,630 --> 00:03:26,010
exploit.
53
00:03:26,100 --> 00:03:31,390
So basically what I'm doing here is to start up a hacking server that would then give us control of
54
00:03:31,390 --> 00:03:32,290
the Android device.
55
00:03:32,830 --> 00:03:39,940
So of course, once the Android device and the user has those applications running and the users clicked
56
00:03:39,940 --> 00:03:45,970
onto the malicious application, is sometimes what the hackers would do is they will use a legitimate
57
00:03:45,970 --> 00:03:49,120
application and beat this malicious software on top of it.
58
00:03:49,330 --> 00:03:53,320
And this would give them a instantaneous access into the mobile device.
59
00:03:53,320 --> 00:03:56,950
Giving them access to the geolocation dismisses everything.
60
00:03:57,340 --> 00:04:04,270
OK, so over here, what we're seeing is that we have a L port of four four four for this running.
61
00:04:04,270 --> 00:04:09,430
So it could be any other port numbers that hackers could be using to gain control of your device.
62
00:04:09,490 --> 00:04:09,850
All right.
63
00:04:10,190 --> 00:04:15,250
And if I go into command from now and if I enter, I enter up arrow.
64
00:04:15,280 --> 00:04:19,060
So I Antonet start once more, then we just increase the font size.
65
00:04:19,060 --> 00:04:20,950
So it's a little easier for you to see.
66
00:04:21,250 --> 00:04:22,100
Two thirty six.
67
00:04:22,150 --> 00:04:22,510
OK.
68
00:04:24,540 --> 00:04:29,490
So what I would do next is, again, the same issuing the same come in Internet stat.
69
00:04:30,390 --> 00:04:34,390
All right, and what we will see here, OK, if I scroll back up to the top again.
70
00:04:34,710 --> 00:04:34,980
All right.
71
00:04:35,010 --> 00:04:37,680
So unlike the earlier results that we got in.
72
00:04:37,920 --> 00:04:38,220
All right.
73
00:04:38,220 --> 00:04:41,480
So going back to the top, we can see a foreign address.
74
00:04:41,490 --> 00:04:41,740
All right.
75
00:04:41,770 --> 00:04:44,040
Of four four four four.
76
00:04:44,610 --> 00:04:46,770
OK, so we see that there is a connection.
77
00:04:47,050 --> 00:04:47,340
All right.
78
00:04:47,340 --> 00:04:49,910
Coming in from the device.
79
00:04:49,980 --> 00:04:51,340
OK, this is it.
80
00:04:51,360 --> 00:04:53,310
Elbow connection to a foreign address.
81
00:04:53,700 --> 00:04:56,010
And this is definitely something amiss.
82
00:04:56,160 --> 00:05:01,980
OK, so the other things we can look at for not just a network connection, which could be showing all
83
00:05:01,980 --> 00:05:03,690
the suspicious elbow connections.
84
00:05:03,900 --> 00:05:07,760
OK, so why would a mobile device have such a connection outwards?
85
00:05:08,130 --> 00:05:10,200
OK, so there's something to take note off.
86
00:05:10,200 --> 00:05:10,460
All right.
87
00:05:10,470 --> 00:05:14,730
As part of the investigation, whether a device has already been compromised.
88
00:05:15,240 --> 00:05:21,000
The second thing that we could take a look at is in terms of looking at the list of users, looking
89
00:05:21,000 --> 00:05:27,450
at the processes that are actually being run in the system so you can enter a top GOP enter on deck.
90
00:05:27,840 --> 00:05:34,810
And this will show us all the different processes to actually running inside the Android device in our
91
00:05:34,830 --> 00:05:35,250
case.
92
00:05:35,440 --> 00:05:38,320
OK, we have Shell running.
93
00:05:38,670 --> 00:05:39,060
All right.
94
00:05:39,270 --> 00:05:41,600
And we have all these number of uses over here.
95
00:05:41,640 --> 00:05:42,390
So we have root.
96
00:05:42,630 --> 00:05:44,570
We have a system, we have zero.
97
00:05:45,170 --> 00:05:49,370
We have all these different uses who are actually inside the environment right now.
98
00:05:49,410 --> 00:05:51,630
And of course, we have no idea what you're doing.
99
00:05:51,630 --> 00:05:51,840
Right.
100
00:05:51,850 --> 00:05:53,410
So we're trying to investigate what's going on.
101
00:05:53,940 --> 00:05:59,590
So, of course, I can go and enter a game talk and we can see all the different information.
102
00:05:59,620 --> 00:06:02,810
I mean, as well as the users, the processes are running and so on, so forth.
103
00:06:03,270 --> 00:06:10,380
So, of course, on the on our case over here, OK, what we're seeing is that there are certain processes
104
00:06:10,380 --> 00:06:14,090
that shouldn't be there, just the processes that are suspicious.
105
00:06:14,100 --> 00:06:17,580
And of course, in our case, if I go back to colonics, know if I had to shell.
106
00:06:18,300 --> 00:06:23,290
All right, this means that the hacker is having a command line interface into the device.
107
00:06:23,340 --> 00:06:23,690
All right.
108
00:06:23,700 --> 00:06:29,820
And for example, if a hacker who am I to get the username over here so we can see the username as you
109
00:06:29,820 --> 00:06:32,690
zero on a score, a one, two, three, four.
110
00:06:32,770 --> 00:06:37,980
OK, so in our case, when we go back to command from looking at a top, we can see over here, OK,
111
00:06:37,980 --> 00:06:43,530
we have a user, you zero, a one, three, four, and they have a shell.
112
00:06:43,830 --> 00:06:49,410
So if you think about it now, if you think about it from a mobile device perspective, why would a
113
00:06:49,410 --> 00:06:51,460
mobile device have a shell running?
114
00:06:51,900 --> 00:06:54,630
Why would a mobile device have a terminal running at all?
115
00:06:54,960 --> 00:07:01,140
OK, so this is another big indicator that your device could have already been compromised in a hacker
116
00:07:01,380 --> 00:07:03,690
is interfacing at a shell level.
117
00:07:04,090 --> 00:07:07,690
OK, so that can be another form of indicator of attack.
118
00:07:07,740 --> 00:07:09,390
OK, next.
119
00:07:10,020 --> 00:07:16,740
And the final sharing is, of course, in terms of looking at piece stands for processes they're running.
120
00:07:17,040 --> 00:07:23,940
So you can enter this will list all the processes inside the systems again and a capital A and we can
121
00:07:23,940 --> 00:07:27,660
see all of those different processes.
122
00:07:27,660 --> 00:07:28,770
They're running into the system.
123
00:07:28,770 --> 00:07:33,020
And of course, we're looking at it again for certain processes that shouldn't be there.
124
00:07:33,300 --> 00:07:39,390
So, for example, over here, OK, we have the common ones like com dot android and we have here Kamden
125
00:07:39,690 --> 00:07:40,300
deployed on state.
126
00:07:40,410 --> 00:07:46,740
Let's split, of course, is a hacking framework that we use and we have done a lot of lectures and
127
00:07:46,740 --> 00:07:47,480
tutorials on it.
128
00:07:47,610 --> 00:07:54,310
So that is going to be one suspicious indicator of suspicious indicators are going to be shell or a
129
00:07:54,330 --> 00:08:00,720
shell is also another suspicious indicator if it is being run as a process inside your mobile device.
130
00:08:00,760 --> 00:08:06,450
OK, so this is some of the processes and indicators of attacks that we can look at or indicate compromise
131
00:08:06,840 --> 00:08:07,680
that we can look at.
132
00:08:07,860 --> 00:08:14,010
OK, so there are many, many other ways for us to further filtering future down into what exactly is
133
00:08:14,010 --> 00:08:19,470
going on in the process, looking for what is considered normal and what is considered abnormal in those
134
00:08:19,470 --> 00:08:20,820
situations, in those cases.
135
00:08:21,240 --> 00:08:21,540
All right.
136
00:08:21,540 --> 00:08:25,770
And this is how we were able to detect when there was a cyber attack inside our system.
137
00:08:25,800 --> 00:08:29,370
OK, so with that, I hope you've learned something valuable in today's tutorial.
138
00:08:29,610 --> 00:08:33,690
And if you like what you just watch, remember, like sharing, subscribe to the channel so that you
139
00:08:33,690 --> 00:08:36,270
can be kept abreast of the latest cyber security.
140
00:08:36,660 --> 00:08:38,130
Thank you so much once again for watching.
14239
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.