1 00:00:07,020 --> 00:00:09,290 - [Instructor] Command and control is the face 2 00:00:09,290 --> 00:00:12,500 when the attacker accesses the bridge system. 3 00:00:12,500 --> 00:00:16,568 Sometimes this is accomplished by listening to a beacon 4 00:00:16,568 --> 00:00:19,950 coming from the target, informing the adversary 5 00:00:19,950 --> 00:00:22,290 that a command and control channel, or, you know 6 00:00:22,290 --> 00:00:25,020 CNC or C2, you know, depending on who you ask, 7 00:00:25,020 --> 00:00:26,180 you know the different have 8 00:00:26,180 --> 00:00:29,030 different combinations of names for this. 9 00:00:29,030 --> 00:00:31,550 But the command and control channel it, you know, 10 00:00:31,550 --> 00:00:34,590 may be actually available to access by that attacker, right? 11 00:00:34,590 --> 00:00:39,170 So sometimes the adversary must manually attempt to connect 12 00:00:39,170 --> 00:00:42,270 to the target system using a specific port. 13 00:00:42,270 --> 00:00:44,430 And that actually specific port can be actually 14 00:00:44,430 --> 00:00:46,990 be used to test if the installation 15 00:00:46,990 --> 00:00:50,070 of the malicious software was actually successful 16 00:00:50,070 --> 00:00:53,040 on the victim's, you know, system. 17 00:00:53,040 --> 00:00:54,030 Now, the end result 18 00:00:54,030 --> 00:00:57,990 of this phase is providing adversary with, you know 19 00:00:57,990 --> 00:01:02,000 a complete access inside the target environment, 20 00:01:02,000 --> 00:01:05,080 and to be able to just like the word says 21 00:01:05,080 --> 00:01:08,570 take command and control of that environment 22 00:01:08,570 --> 00:01:10,610 or the compromised systems, right? 23 00:01:10,610 --> 00:01:12,193 So it is important to point out 24 00:01:12,193 --> 00:01:15,000 that there are different levels of user 25 00:01:15,000 --> 00:01:19,571 and network rights that actually can be, or not be available 26 00:01:19,571 --> 00:01:23,876 to an adversary at this stage of the attack, right? 27 00:01:23,876 --> 00:01:27,330 Now, this is why identity management 28 00:01:27,330 --> 00:01:29,830 and access control systems 29 00:01:29,830 --> 00:01:33,370 and methodologies are extremely important for ensuring 30 00:01:33,370 --> 00:01:37,240 that only the necessary services are provisioned to host 31 00:01:37,240 --> 00:01:38,663 and systems in the network.