Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:12,360 --> 00:00:14,230 ‫And we'll go back to another episode on How to Hack. 2 00:00:14,850 --> 00:00:17,570 ‫So today we'll be discussing about this cyber attack chain. 3 00:00:18,120 --> 00:00:23,010 ‫The reason why we have to understand about a cyber attack is because there are a lot of questions about 4 00:00:23,370 --> 00:00:27,750 ‫what goes on in the penetration testing, how our security assessment being carried out. 5 00:00:28,050 --> 00:00:32,430 ‫And the best way to actually describe that is to look at cyber attack chain. 6 00:00:33,000 --> 00:00:38,910 ‫So in this case, cyber protection is, of course, developed by Lockheed Martin, and it is to help 7 00:00:38,910 --> 00:00:46,110 ‫us understand and visualize the step by step process of how hackers actually go after specific individuals, 8 00:00:46,410 --> 00:00:51,990 ‫a particular enterprise that they have been hired to go after, or if they are state funded hackers, 9 00:00:52,290 --> 00:00:58,350 ‫state sponsored hackers, and they have a particular agency in mind and they are supposed to go after 10 00:00:58,350 --> 00:00:58,620 ‫them. 11 00:00:59,130 --> 00:01:04,740 ‫So there are so many tutorials and so many different kind of hacking videos available. 12 00:01:04,900 --> 00:01:08,370 ‫But the whole idea is doing what you have or you're doing a penetration testing. 13 00:01:08,700 --> 00:01:15,390 ‫It's important to follow this step by step process and it will really help you be able to control and 14 00:01:15,390 --> 00:01:20,660 ‫manage how far you're going into cyber attack chain and how far are you going to penetrate the testing. 15 00:01:21,160 --> 00:01:26,090 ‫So on the left side, we actually have the different phases and of course, we have seven phases. 16 00:01:26,340 --> 00:01:32,580 ‫So here we go, reconnaissance, which is about finding out information on publicly available websites. 17 00:01:32,910 --> 00:01:35,100 ‫And of course, we are weaponization is number two. 18 00:01:35,110 --> 00:01:42,180 ‫So this is about how we can create the payload, whether it is a fully undetectable payload, a microwave 19 00:01:42,180 --> 00:01:42,540 ‫cell. 20 00:01:42,690 --> 00:01:45,810 ‫It's about how we can weaponize it and delivery. 21 00:01:45,840 --> 00:01:47,550 ‫Are we going to use a USB? 22 00:01:47,760 --> 00:01:49,800 ‫Are we going to send a phishing email? 23 00:01:49,920 --> 00:01:51,350 ‫Are we going to send Seabass? 24 00:01:51,450 --> 00:01:56,790 ‫So again, those are the delivery mechanisms that we'll be using in terms of putting the weaponization 25 00:01:56,790 --> 00:01:58,800 ‫or the weaponized payload into the system. 26 00:01:59,430 --> 00:02:01,280 ‫And of course, we have our exploitation. 27 00:02:01,290 --> 00:02:05,850 ‫So exploitation is a way for us to actually attack into the system. 28 00:02:05,850 --> 00:02:11,640 ‫So we will execute you will execute the particular exploit that we have created in number two, which 29 00:02:11,640 --> 00:02:14,760 ‫is to weaponize of payload and number five installation. 30 00:02:14,760 --> 00:02:20,640 ‫So we'll install the malware into the system, into the mobile device or any assets that we have on 31 00:02:20,640 --> 00:02:21,210 ‫hand on. 32 00:02:21,670 --> 00:02:24,600 ‫And this is when we go into number six, where we have command and control. 33 00:02:24,990 --> 00:02:30,240 ‫So whenever you're looking at the tutorials, you're looking at that display framework as the command 34 00:02:30,240 --> 00:02:33,840 ‫and control center to manage and control many of these devices. 35 00:02:34,110 --> 00:02:37,000 ‫And of course, the final thing is on actions and objectives. 36 00:02:37,170 --> 00:02:40,050 ‫So this is what are we trying to accomplish? 37 00:02:40,080 --> 00:02:41,340 ‫Have we achieve our goal? 38 00:02:41,550 --> 00:02:42,220 ‫What was the goal? 39 00:02:42,240 --> 00:02:44,100 ‫Was it for personal data? 40 00:02:44,100 --> 00:02:45,540 ‫Was it for credit card information? 41 00:02:45,570 --> 00:02:46,790 ‫Was it for financial data? 42 00:02:47,040 --> 00:02:49,200 ‫Was it for state secrets? 43 00:02:49,230 --> 00:02:53,160 ‫So, again, all these are the things that we're looking at in terms of the cyber attack chain. 44 00:02:54,780 --> 00:02:58,000 ‫So, of course, we discussed the cyber security Kuching. 45 00:02:58,050 --> 00:03:02,340 ‫So it's really important what you're talking about, the chain of cyber attack chain, because many 46 00:03:02,640 --> 00:03:07,020 ‫enterprises or users can be victimized by many of these cyber breaches. 47 00:03:07,020 --> 00:03:10,630 ‫And over here we can see the different companies that have been compromised. 48 00:03:10,650 --> 00:03:12,930 ‫And again, it all follows the same steps. 49 00:03:12,930 --> 00:03:17,730 ‫So if you read up about the hacks that have happened, you'll recognize that many of these hacks that 50 00:03:17,730 --> 00:03:19,980 ‫have happened follow this specific step. 51 00:03:19,990 --> 00:03:26,070 ‫So if you manage to get a detailed report on it, you'll be able to see how the hackers actually attack. 52 00:03:26,190 --> 00:03:31,050 ‫And it is very similar to what you see in a cyber attack chain, all the cybersecurity cuchi. 53 00:03:33,410 --> 00:03:38,150 ‫So the first step is about reconnaissance, a reconnaissance is about finding publicly available information, 54 00:03:38,420 --> 00:03:45,770 ‫using who is using domain name servers, information, lookout on your servers, and be able to find 55 00:03:45,770 --> 00:03:51,710 ‫out what data they have using Net Kroloff using all these different kind of publicly available information, 56 00:03:51,710 --> 00:03:57,170 ‫including also on Google searching to find out usernames, passwords, more tanks of all the domains 57 00:03:57,560 --> 00:04:03,590 ‫going into dark web, finding accounts, data or passwords of this particular enterprise and getting 58 00:04:03,590 --> 00:04:04,040 ‫those data. 59 00:04:04,910 --> 00:04:10,490 ‫So, again, the characteristics of this, it could range from minutes all the way to weeks and months 60 00:04:10,490 --> 00:04:12,020 ‫trying to find out all this data. 61 00:04:12,290 --> 00:04:14,960 ‫And because a lot of users have social media accounts. 62 00:04:14,990 --> 00:04:20,570 ‫Again, those are good places to also start all that to find out more details about enterprise, about 63 00:04:20,570 --> 00:04:22,320 ‫individuals working in the enterprise. 64 00:04:22,580 --> 00:04:24,610 ‫So this is what we call passive reconnaissance. 65 00:04:24,860 --> 00:04:30,080 ‫We are trying to file all publicly available information, not directly interacting with the enterprise. 66 00:04:30,080 --> 00:04:31,880 ‫So do not on debt. 67 00:04:33,570 --> 00:04:37,610 ‫And of course, this is where we have the active reconnaissance, so active reconnaissance means we 68 00:04:37,620 --> 00:04:38,610 ‫are probing the system. 69 00:04:38,610 --> 00:04:44,130 ‫So whenever you'll look at and map that we have been using in a number of the tutorials, we are trying 70 00:04:44,130 --> 00:04:47,840 ‫to get details about the services of the systems and servers. 71 00:04:47,840 --> 00:04:50,900 ‫They're available in site, that particular enterprise. 72 00:04:51,150 --> 00:04:56,940 ‫So we are actually trying to prop directly into the system, looking at fingerprinting, reconnaissance. 73 00:04:57,210 --> 00:05:01,210 ‫We are working and we are pinging the system to find out more details and data. 74 00:05:01,560 --> 00:05:04,580 ‫So this are information that we can find out immediately from. 75 00:05:04,950 --> 00:05:11,010 ‫So again, active reconnaissance and passive reconnaissance are very different in terms of trying to 76 00:05:11,010 --> 00:05:12,330 ‫find out all these details. 77 00:05:15,190 --> 00:05:19,300 ‫So, of course, this is where we go into the weaponization stage, so the weaponization stage would 78 00:05:19,300 --> 00:05:24,880 ‫actually allow us to see what kind of payload we can create sort of first and most use is actually using 79 00:05:24,880 --> 00:05:29,770 ‫Emmis of venom, or you could actually use a different kind of tubes to create a payload so you could 80 00:05:29,770 --> 00:05:36,130 ‫write your own script or your own malicious software if you know C programming and so on, or you want 81 00:05:36,130 --> 00:05:37,480 ‫to put it up on the shell. 82 00:05:37,480 --> 00:05:40,240 ‫You want to get a reverse shell on it, you want to get a seashell on it. 83 00:05:40,270 --> 00:05:43,420 ‫So again, all these are available as part of weaponization. 84 00:05:43,600 --> 00:05:49,320 ‫And in terms of weaponization, we are also thinking about how can we make it fully undetectable so 85 00:05:49,330 --> 00:05:54,640 ‫that we'll use encoding matter to use different kind of Métis to mask the capability from detection 86 00:05:54,640 --> 00:05:55,900 ‫by antivirus systems. 87 00:05:56,320 --> 00:05:59,600 ‫And of course, ultimately this would bring us into the delivery stage. 88 00:05:59,890 --> 00:06:04,750 ‫So in the delivery phase, this is the part where we're thinking about how are we going to deliver the 89 00:06:04,750 --> 00:06:06,400 ‫payload into the user's machine? 90 00:06:06,820 --> 00:06:11,380 ‫So, again, over here we go to social engineer has seen a number of tutorials. 91 00:06:11,620 --> 00:06:13,350 ‫So it's about website attacks. 92 00:06:13,360 --> 00:06:15,880 ‫We want to create website hoster, particular payload. 93 00:06:16,120 --> 00:06:22,390 ‫Do you want to create infectious media generator put into a USB drive executed moment of user plug it 94 00:06:22,390 --> 00:06:23,330 ‫into the computer. 95 00:06:23,740 --> 00:06:24,730 ‫Do you want to have a payload? 96 00:06:24,730 --> 00:06:29,710 ‫You want a mass mailer to all these options are here inside a social engineer toolkit and we'll be exploring 97 00:06:29,710 --> 00:06:30,790 ‫a lot more later on. 98 00:06:31,090 --> 00:06:32,860 ‫So this is about the transmission of the attack. 99 00:06:33,070 --> 00:06:37,260 ‫How do we get the payload, a weaponized payload into the user's computer? 100 00:06:37,270 --> 00:06:43,960 ‫So, again, another key point in terms of sending out a face in order to talk about is also what kind 101 00:06:43,960 --> 00:06:44,920 ‫of payload are you doing? 102 00:06:45,220 --> 00:06:47,960 ‫Because some of these delivery mechanisms can be very different. 103 00:06:48,250 --> 00:06:53,740 ‫So, one, you could be using a lot of phishing emails that could be blasted out to millions of users 104 00:06:54,130 --> 00:06:54,700 ‫or two. 105 00:06:54,700 --> 00:07:00,430 ‫It could be a very targeted, very specific format of the email that is sent to one person where we 106 00:07:00,580 --> 00:07:05,110 ‫just want that person to click onto it so that we can go after that particular entity. 107 00:07:07,220 --> 00:07:12,110 ‫And this is on the exploitation stage, so this is what happens once you're weaponized, you've delivered 108 00:07:12,380 --> 00:07:15,500 ‫the user clicks onto it and you get a revised shell immediately. 109 00:07:15,530 --> 00:07:17,270 ‫So this is the detonation of the attack. 110 00:07:17,660 --> 00:07:21,860 ‫So once the exploit happens, we are in we are into the system. 111 00:07:22,070 --> 00:07:25,470 ‫And this allow us to have control of their environment. 112 00:07:25,670 --> 00:07:30,290 ‫So, again, this is all about gaining access, bypassing security mechanisms. 113 00:07:30,290 --> 00:07:32,450 ‫So this is the detonation of the payload. 114 00:07:34,540 --> 00:07:37,960 ‫And of course, once you hit a destination, this is where we go into the installation. 115 00:07:37,990 --> 00:07:40,970 ‫So this is where we want persistance inside the system. 116 00:07:41,030 --> 00:07:46,600 ‫We want to have the ability to persist inside the mobile device, inside the server, inside a computer 117 00:07:46,600 --> 00:07:47,140 ‫device. 118 00:07:47,650 --> 00:07:50,950 ‫So, again, this is what we call a payload again on the screen. 119 00:07:51,250 --> 00:07:52,830 ‫So this is a Microsoft disable. 120 00:07:53,080 --> 00:07:59,710 ‫Once the user click on enable content immediately will get access and we'll install a pilot into the 121 00:07:59,710 --> 00:08:05,260 ‫system and we will actually create persistance so that we can be able to latch onto the computer system 122 00:08:05,260 --> 00:08:07,270 ‫no matter how much the update to it. 123 00:08:09,520 --> 00:08:13,510 ‫And of course, this is the command and control and command control, we have a number of options in 124 00:08:13,510 --> 00:08:17,530 ‫sight, the channel where we discuss about how we can actually control the system. 125 00:08:17,530 --> 00:08:22,900 ‫So the first one that is most use a lot of time is using a supply framework and as of flow, of course, 126 00:08:22,900 --> 00:08:24,340 ‫on empire power shell. 127 00:08:24,340 --> 00:08:28,300 ‫So Ampara directly to manage based on the power shell scripting. 128 00:08:28,300 --> 00:08:32,320 ‫So and not a great way for us to manage many, many of these computers and systems. 129 00:08:32,560 --> 00:08:34,170 ‫So this is what we call the bots. 130 00:08:34,540 --> 00:08:39,150 ‫So any of these computers that have been hacked into, we call them to barter, we controlling them. 131 00:08:39,400 --> 00:08:41,590 ‫And on the top you can see we got a bot herders. 132 00:08:41,590 --> 00:08:48,040 ‫So the bot herder actually allows you, which is you to control what the bots will do as a result of 133 00:08:48,040 --> 00:08:50,290 ‫them being hijacked into. 134 00:08:53,340 --> 00:08:55,870 ‫So, of course, the focus can be very different. 135 00:08:55,920 --> 00:09:00,770 ‫So if you're a state funded hacker, chances are you're going for sensitive data, confidential data, 136 00:09:00,930 --> 00:09:05,010 ‫top secret data, top secret data, meaning they have grave danger to a nation. 137 00:09:05,160 --> 00:09:07,740 ‫So you're going after those specific data. 138 00:09:08,190 --> 00:09:13,260 ‫And if you are a cyber criminal who was going after for financial gains, then you have a very different 139 00:09:13,260 --> 00:09:13,770 ‫set of data. 140 00:09:13,770 --> 00:09:18,030 ‫You could be looking for credit card information, username passwords, doohickeys set on a dark web. 141 00:09:18,240 --> 00:09:24,180 ‫So, again, the purpose, the action and the objective can be very different across many different 142 00:09:24,180 --> 00:09:26,970 ‫kind of threats, many different kinds of attacks. 143 00:09:29,460 --> 00:09:33,480 ‫So, of course, the question will be, if I'm a defender, I'm going on the blue team and I want to 144 00:09:33,480 --> 00:09:36,280 ‫protect against this cyber attack, what can we do? 145 00:09:36,690 --> 00:09:40,860 ‫So the whole idea goes back into the concept of defense, defense in depth. 146 00:09:40,860 --> 00:09:46,190 ‫So defense in depth means that we must always have a way of slowing down the attacker. 147 00:09:46,530 --> 00:09:51,380 ‫So if a state funded hacker or someone who is persistent in trying to get into enterprise, getting 148 00:09:51,390 --> 00:09:57,090 ‫a data, what we can do is to slow down the person as much as possible and keep changing to different 149 00:09:57,090 --> 00:10:00,630 ‫kind of security mechanisms or countermeasures that we have in place. 150 00:10:00,630 --> 00:10:04,920 ‫That will take a very long time for the hacker to go after you. 151 00:10:04,950 --> 00:10:10,580 ‫So if you're managing an enterprise, you may have thousands of computers and point servers and so on. 152 00:10:10,920 --> 00:10:16,080 ‫So what you do is you will actually make sure that you have antivirus systems, you have a security 153 00:10:16,080 --> 00:10:21,360 ‫monitoring platform, you have a web application, firewall database, firewall and many different of 154 00:10:21,360 --> 00:10:24,300 ‫these security mechanisms in place that will slow down your hacker. 155 00:10:24,600 --> 00:10:30,030 ‫So the hacker want to get in to you to USB and you realize that all of your end points have the USB 156 00:10:30,030 --> 00:10:33,930 ‫disable, then a hacker have to try something else in order to gain access into a system. 157 00:10:34,230 --> 00:10:38,700 ‫And this would take longer and longer for them to persist through in order to gain access into your 158 00:10:38,700 --> 00:10:39,580 ‫sensitive data. 159 00:10:40,020 --> 00:10:45,360 ‫So defense in depth is going to be a great way for you to actually stop many of these potential threats. 160 00:10:47,740 --> 00:10:52,720 ‫So, of course, there are some potential flaws with the whole idea of the cyber attack chain and of 161 00:10:52,720 --> 00:10:58,750 ‫course, thinking about a cyber Accutane is that the hacker has to go through every of this single phase. 162 00:10:59,140 --> 00:11:04,780 ‫But the reality is that that's not the case because the hacker could perhaps be able to get all your 163 00:11:04,780 --> 00:11:10,090 ‫usernames and passwords directly from publicly available information due to all the data breaches. 164 00:11:10,480 --> 00:11:15,430 ‫And from there on, they could immediately get access into many of your accounts and credentials. 165 00:11:15,610 --> 00:11:20,770 ‫So that could be a very quick way, because on point number two or seven steps must be successful for 166 00:11:20,770 --> 00:11:22,210 ‫a successful cyber attack to occur. 167 00:11:22,500 --> 00:11:26,770 ‫But that's not always the case, because once you got usernames, once you got passwords, you could 168 00:11:26,770 --> 00:11:33,640 ‫morph your attack into other ways or other objectives in order to gain other kind of sensitive data. 169 00:11:34,420 --> 00:11:39,970 ‫So, of course, on the finer point, the defender has seven opportunities to break the chain and minimize 170 00:11:39,970 --> 00:11:40,820 ‫data exfiltration. 171 00:11:40,840 --> 00:11:45,340 ‫So if you're playing blue team again, you recognize that you do have the advantage. 172 00:11:45,340 --> 00:11:51,910 ‫If we are trying to conceptualize playing defense in terms of trying to stop the hacker from gaining 173 00:11:51,910 --> 00:11:54,570 ‫full access or completing the full cyber attack chain. 174 00:11:55,420 --> 00:11:58,270 ‫So once again, I hope you learned something valuable in today's lecture. 175 00:11:58,300 --> 00:12:02,170 ‫So if you have any questions, feel free to comment below and I'll try my best to answer any of your 176 00:12:02,170 --> 00:12:02,770 ‫questions. 177 00:12:03,040 --> 00:12:06,850 ‫So we're going to, like, share subscribe the channel so that you can be kept abreast of the latest 178 00:12:06,850 --> 00:12:07,650 ‫cybersecurity Tiriel. 179 00:12:07,870 --> 00:12:09,340 ‫Thank you so much once again for watching. 20077