1
00:00:06,900 --> 00:00:08,930
- There are many different
vulnerabilities that

2
00:00:08,930 --> 00:00:12,220
can affect an endpoint
and then specifically

3
00:00:12,220 --> 00:00:14,900
vulnerabilities that
can then be weaponized

4
00:00:14,900 --> 00:00:17,100
and converted into malware

5
00:00:17,100 --> 00:00:21,899
or malicious software that
can absolutely be catastrophic

6
00:00:21,899 --> 00:00:24,960
to an organization and to an individual.

7
00:00:24,960 --> 00:00:29,420
One of the most prolific
pieces of malware and, you know

8
00:00:29,420 --> 00:00:34,123
very disruptive as well
is ransomware, right?

9
00:00:34,123 --> 00:00:36,230
And we're gonna go and touch base

10
00:00:36,230 --> 00:00:39,870
on the ransomware attacks a
little bit later in this lesson

11
00:00:39,870 --> 00:00:42,520
but whenever threat actors
gain access to a systems

12
00:00:42,520 --> 00:00:44,930
they usually want future access as well.

13
00:00:44,930 --> 00:00:46,690
And they want it to be easy.

14
00:00:46,690 --> 00:00:51,690
The attackers can then install
things called back doors

15
00:00:51,950 --> 00:00:55,080
and a backdoor is an
application or commands

16
00:00:55,080 --> 00:00:58,190
that the attacker can do
to allow them future access

17
00:00:59,140 --> 00:01:00,860
or to collect information

18
00:01:00,860 --> 00:01:04,090
and use that information
in further attacks.

19
00:01:04,090 --> 00:01:06,730
Many back doors are installed by users

20
00:01:06,730 --> 00:01:08,310
clicking on something without realizing

21
00:01:08,310 --> 00:01:10,530
that the link that they clicked

22
00:01:10,530 --> 00:01:13,810
or the file that they opened is a threat.

23
00:01:13,810 --> 00:01:14,770
Still to this date

24
00:01:15,650 --> 00:01:17,380
one of the biggest entry
points for an attacker

25
00:01:17,380 --> 00:01:21,380
to compromise a system
is by leveraging emails

26
00:01:21,380 --> 00:01:23,110
and social engineering attacks

27
00:01:23,110 --> 00:01:26,980
and phishing, spearphishing, welding

28
00:01:26,980 --> 00:01:29,070
and many other things
that you also learned

29
00:01:29,070 --> 00:01:31,550
throughout this course.

30
00:01:31,550 --> 00:01:32,990
And again, there's tons

31
00:01:32,990 --> 00:01:35,280
of different types of vulnerabilities.

32
00:01:35,280 --> 00:01:37,180
But one specifically that I want to talk

33
00:01:37,180 --> 00:01:41,320
about right now is buffer
overflows and code execution.

34
00:01:41,320 --> 00:01:44,040
Whenever threat actors
and attackers gain access

35
00:01:44,040 --> 00:01:47,610
to a system, they also may be
able to take several actions.

36
00:01:47,610 --> 00:01:49,790
The type of actions depend on the level

37
00:01:49,790 --> 00:01:53,260
of access that the threat
actor has or can achieve

38
00:01:53,260 --> 00:01:55,480
and is based on permissions granted

39
00:01:55,480 --> 00:01:58,820
to the account compromised
by the attacker.

40
00:01:58,820 --> 00:02:00,810
One of the most devastating
actions available

41
00:02:00,810 --> 00:02:04,200
to an attacker is the
ability to execute code

42
00:02:04,200 --> 00:02:05,560
within a device.

43
00:02:05,560 --> 00:02:07,900
Code execution could result

44
00:02:07,900 --> 00:02:12,560
in a very adverse impact to
the confidentiality, integrity

45
00:02:12,560 --> 00:02:15,030
and availability of the
system and the network.

46
00:02:15,030 --> 00:02:16,840
Now remote code execution

47
00:02:16,840 --> 00:02:20,500
or what the industry refers to as RCE,

48
00:02:20,500 --> 00:02:24,300
allows attackers to fully
compromise the confidentiality

49
00:02:24,300 --> 00:02:29,274
integrity and availability of
a system, and then remotely,

50
00:02:29,274 --> 00:02:31,180
so that means, you know,
many network hops away

51
00:02:31,180 --> 00:02:35,700
from the victim, manipulate
that compromised system.

52
00:02:35,700 --> 00:02:37,590
Right, now that type of manipulation

53
00:02:37,590 --> 00:02:40,530
in many cases is done using a command

54
00:02:40,530 --> 00:02:44,220
and control infrastructure,
a command and control server.

55
00:02:44,220 --> 00:02:46,200
Now that command and control server

56
00:02:46,200 --> 00:02:49,110
can be another compromised device.

57
00:02:49,110 --> 00:02:50,910
Like for example,

58
00:02:50,910 --> 00:02:54,300
some unattended WordPress installation

59
00:02:54,300 --> 00:02:56,830
that, you know, an
organization or individual

60
00:02:56,830 --> 00:02:59,400
actually left, you know,
vulnerable in the internet,

61
00:02:59,400 --> 00:03:03,810
or it can be even a legitimate
service like Dropbox,

62
00:03:03,810 --> 00:03:07,890
Photo Bucket, things like
Twitter has been used

63
00:03:07,890 --> 00:03:11,590
for command and control
and to send information

64
00:03:11,590 --> 00:03:15,060
to a compromised system on
what other things to do.

65
00:03:15,060 --> 00:03:17,800
And that other things
to do can be launching a

66
00:03:17,800 --> 00:03:19,710
denial service attack against, you know

67
00:03:19,710 --> 00:03:23,980
another victim it can be to
do even crypto mining in some

68
00:03:23,980 --> 00:03:26,210
in some cases, right, but it can be many

69
00:03:26,210 --> 00:03:29,100
many different things that the
attacker wants to leverage.

70
00:03:29,100 --> 00:03:32,520
That underlying system
that is compromised.

71
00:03:32,520 --> 00:03:34,900
Now, going back to buffer overflows

72
00:03:34,900 --> 00:03:38,684
a buffer is basically a
temporary data storage where

73
00:03:38,684 --> 00:03:41,530
you know, the length is
actually defined in the program,

74
00:03:41,530 --> 00:03:44,680
and it's typically- buffer
overflows are typically

75
00:03:44,680 --> 00:03:46,810
perform or, or found

76
00:03:46,810 --> 00:03:51,440
in applications written in C and C++

77
00:03:51,440 --> 00:03:55,590
and basically involves many
memory manipulation functions

78
00:03:55,590 --> 00:03:57,890
in those languages where
the program does not

79
00:03:57,890 --> 00:04:01,090
perform bound checking and then can easily

80
00:04:01,090 --> 00:04:04,230
override the allocated
bounds of such buffer.

81
00:04:04,230 --> 00:04:08,360
A perfect example of a
function that I'm highlighting

82
00:04:08,360 --> 00:04:10,630
in the screen is a
string copy function that

83
00:04:10,630 --> 00:04:14,060
can cause vulnerabilities
whenever you use it incorrectly.

84
00:04:14,060 --> 00:04:16,255
Now, in this example here,

85
00:04:16,255 --> 00:04:18,960
I'm showing a very small
chunk of data, you know,

86
00:04:18,960 --> 00:04:20,180
being sent to a buffer

87
00:04:20,180 --> 00:04:24,130
but whenever the attacker
sends more information

88
00:04:24,130 --> 00:04:27,940
or more data that can
be put into that buffer

89
00:04:27,940 --> 00:04:29,530
then that's where the buffer

90
00:04:29,530 --> 00:04:32,970
overflow actually potentially
occurs. Right? So,

91
00:04:32,970 --> 00:04:34,890
a couple of things that
actually can can happen.

92
00:04:34,890 --> 00:04:37,040
One is that the application will crash

93
00:04:37,040 --> 00:04:40,120
so you will get something
like a segmentation fault

94
00:04:40,120 --> 00:04:42,690
and you of course provide the ability

95
00:04:42,690 --> 00:04:45,940
for the attacker to perform
a denial service condition

96
00:04:45,940 --> 00:04:49,360
or more catastrophic
area is that the attacker

97
00:04:49,360 --> 00:04:52,065
can then write to adjacent memory

98
00:04:52,065 --> 00:04:55,410
and then perform code execution.

99
00:04:55,410 --> 00:04:58,300
Now there's a lot of
different ways that, you know

100
00:04:58,300 --> 00:05:02,190
these type of buffer
flows can be a leverage.

101
00:05:02,190 --> 00:05:04,020
Now, a simplistic example of how

102
00:05:04,020 --> 00:05:07,220
an attacker could then write
instructions to a system

103
00:05:07,220 --> 00:05:11,740
and potentially cause a local
or remote code execution is

104
00:05:11,740 --> 00:05:16,430
by using things called shell
codes, which is basically a set

105
00:05:16,430 --> 00:05:20,000
of instructions that will be
used to manipulate the system

106
00:05:20,000 --> 00:05:22,340
whether it's to launch another application

107
00:05:22,340 --> 00:05:24,610
whether it's to actually create, you know

108
00:05:24,610 --> 00:05:27,150
a stager to then download a piece

109
00:05:27,150 --> 00:05:29,760
of malware like ransomware.

110
00:05:29,760 --> 00:05:33,250
And I've been mentioning
ransomware for quite some time

111
00:05:33,250 --> 00:05:34,940
ransomware is a piece of malware that

112
00:05:34,940 --> 00:05:37,790
again is extremely popular
in the last few years

113
00:05:37,790 --> 00:05:40,570
because criminals have used
it to make a lot of money.

114
00:05:40,570 --> 00:05:42,710
Basically the piece of software

115
00:05:42,710 --> 00:05:44,440
this malicious software will encrypt

116
00:05:44,440 --> 00:05:46,940
either fouls or your whole hard drive.

117
00:05:46,940 --> 00:05:48,590
And then it will ask for a ransom.

118
00:05:48,590 --> 00:05:51,840
It will ask for basically
some monetary reward

119
00:05:51,840 --> 00:05:56,560
in order for you to get the
key to decrypt those files.

120
00:05:56,560 --> 00:05:59,710
Unfortunately, you know, whenever,
if you're even if you pay

121
00:05:59,710 --> 00:06:02,050
and typically it's in the
form of Bitcoin or some type

122
00:06:02,050 --> 00:06:04,900
of cryptocurrency, even
if you pay, in most cases

123
00:06:04,900 --> 00:06:08,670
you will not get the key
back from that hacker.

124
00:06:08,670 --> 00:06:10,210
Yes, there are some cases and where

125
00:06:10,210 --> 00:06:11,900
you will receive the key back

126
00:06:11,900 --> 00:06:14,750
but in typically that's not the case.

127
00:06:14,750 --> 00:06:17,930
Now, ransomware has also been used for

128
00:06:17,930 --> 00:06:21,490
performing other types of attacks

129
00:06:21,490 --> 00:06:23,010
or other types of motives, I will say.

130
00:06:23,010 --> 00:06:25,580
The same attack, you
know, the encrypting files

131
00:06:25,580 --> 00:06:30,240
but instead of making
money to cost disruption.

132
00:06:30,240 --> 00:06:33,650
So in other words, to
actually bring the application

133
00:06:33,650 --> 00:06:37,240
the system or the network
down to their needs, and, and

134
00:06:37,240 --> 00:06:40,253
of course, you know, perform a
den denial service condition.

135
00:06:41,299 --> 00:06:42,700
And, you know, allegedly, you
know, there have been a lot

136
00:06:42,700 --> 00:06:46,010
of different ransomware
attacks that have been launched

137
00:06:46,010 --> 00:06:47,710
by different nation states

138
00:06:47,710 --> 00:06:51,580
on where the main purpose
was not to make money

139
00:06:51,580 --> 00:06:54,670
but it was actually to perform
some type of disruption.

140
00:06:54,670 --> 00:06:57,790
Right now, there are a
lot of different types

141
00:06:57,790 --> 00:07:02,790
of avenues to basically
weaponize a vulnerability.

142
00:07:03,020 --> 00:07:04,510
And of course, you know

143
00:07:04,510 --> 00:07:07,130
there there's that
weaponization will depend

144
00:07:07,130 --> 00:07:09,670
on the underlying
operating system and so on.

145
00:07:09,670 --> 00:07:12,700
But in many cases, actually it is because

146
00:07:12,700 --> 00:07:15,540
of a similar vulnerability
like above for overflow

147
00:07:16,592 --> 00:07:18,380
or anything that will allow
you to do code execution.

148
00:07:18,380 --> 00:07:21,100
And again, there are many
different types of vulnerabilities

149
00:07:21,100 --> 00:07:23,870
and attacks that an attacker can leverage.

150
00:07:23,870 --> 00:07:27,850
One of the best resources
that you can use to learn

151
00:07:27,850 --> 00:07:29,940
about the different
types of vulnerabilities

152
00:07:29,940 --> 00:07:32,980
and their effect, and
also the mitigations,

153
00:07:32,980 --> 00:07:37,520
is the open web application
security project, or OWASP,

154
00:07:37,520 --> 00:07:39,900
a website, and specifically the link

155
00:07:39,900 --> 00:07:41,700
that I'm highlighting in the screen.

156
00:07:42,760 --> 00:07:45,270
Another way that you can learn
about the different types

157
00:07:45,270 --> 00:07:49,380
of vulnerabilities and their
effects, and the mitigations is

158
00:07:49,380 --> 00:07:53,060
by basically doing hands-on exercises.

159
00:07:53,060 --> 00:07:53,940
Now,

160
00:07:53,940 --> 00:07:57,860
for this exam you do not need to be

161
00:07:57,860 --> 00:08:00,230
an ethical hacker or a pen tester.

162
00:08:00,230 --> 00:08:03,280
So you do not need to
perform all these exercises,

163
00:08:03,280 --> 00:08:07,400
but through your learning
process, it will absolutely help

164
00:08:07,400 --> 00:08:10,130
especially in cybersecurity,
cybersecurity's like math

165
00:08:10,130 --> 00:08:12,370
the more you practice,
the better you will become

166
00:08:12,370 --> 00:08:14,240
but it will definitely help to get

167
00:08:14,240 --> 00:08:17,520
some type of hands-on experience in,

168
00:08:17,520 --> 00:08:19,730
in some of these attack scenarios.

169
00:08:19,730 --> 00:08:21,870
Now, what you're seeing in
this screen is something

170
00:08:21,870 --> 00:08:24,000
that I created called Websploit labs,

171
00:08:24,000 --> 00:08:26,460
and it's a learning
environment that I created

172
00:08:27,376 --> 00:08:30,440
for different courses,
some for ethical hacking

173
00:08:30,440 --> 00:08:32,200
and web penetration testing

174
00:08:32,200 --> 00:08:34,180
and several other ones that I perform and,

175
00:08:34,180 --> 00:08:36,650
and of course, for other
books that have written.

176
00:08:36,650 --> 00:08:38,930
Now this environment has

177
00:08:38,930 --> 00:08:41,920
about 8,000 to 9,000 different

178
00:08:41,920 --> 00:08:46,040
cyber security resources,
including sample code, you know

179
00:08:46,040 --> 00:08:49,740
of course, tutorials and
many different exercises.

180
00:08:49,740 --> 00:08:53,820
It has at least 850 exercises or so.

181
00:08:53,820 --> 00:08:57,310
What it is is you can
deploy either Kali Linux

182
00:08:57,310 --> 00:08:58,330
or Parrot Security

183
00:08:59,636 --> 00:09:03,170
which are the most common
ethical hacking Linux, you know

184
00:09:03,170 --> 00:09:05,050
and penetration testing distribution.

185
00:09:05,050 --> 00:09:08,500
And there are many others, but
these two are based on DBN.

186
00:09:08,500 --> 00:09:12,190
And once you download those in,

187
00:09:12,190 --> 00:09:15,090
in a VM, let's say right
in virtual box, VMware

188
00:09:15,983 --> 00:09:18,260
or ESXi or KVM or Proxmox

189
00:09:18,260 --> 00:09:20,900
then you run this script

190
00:09:20,900 --> 00:09:22,530
and basically what that will do is we'll

191
00:09:22,530 --> 00:09:24,840
install a whole bunch of
tools that do not come

192
00:09:24,840 --> 00:09:28,770
with those distributions as
well as different containers

193
00:09:28,770 --> 00:09:32,100
that are running intentional
vulnerable applications

194
00:09:32,100 --> 00:09:33,830
that you can actually practice your skills

195
00:09:33,830 --> 00:09:36,080
in a safe environment within one VM.

196
00:09:36,080 --> 00:09:39,670
So again, only within
this environment, you have

197
00:09:39,670 --> 00:09:44,170
over 450 different types of
exercises that you can complete

198
00:09:44,170 --> 00:09:47,940
including buffer overflows,
sequel injection, and a lot

199
00:09:47,940 --> 00:09:49,540
of the vulnerabilities
that we have been talking

200
00:09:49,540 --> 00:09:51,313
about in this course.